slashvibe-mcp 0.3.22 → 0.3.24

package/analytics.js

@@ -0,0 +1,107 @@
+/**
+ * Analytics — Retention event tracking from MCP server
+ *
+ * Logs events to the /api/analytics/event endpoint for measuring
+ * user engagement and retention funnel performance.
+ *
+ * Usage:
+ *   const analytics = require('./analytics');
+ *   analytics.track('empty_inbox_action', { action: 'discover', source: 'inbox' });
+ */
+
+const config = require('./config');
+
+const API_URL = process.env.VIBE_API_URL || 'https://www.slashvibe.dev';
+
+/**
+ * Track an analytics event (fire and forget)
+ * @param {string} eventType - Event type (from valid types in api/lib/events.js)
+ * @param {object} data - Additional event data
+ */
+async function track(eventType, data = {}) {
+  const handle = config.getHandle();
+  if (!handle) return; // Skip if not initialized
+
+  try {
+    // Fire and forget - don't await or block
+    fetch(`${API_URL}/api/analytics/events`, {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({
+        type: eventType,
+        handle,
+        data: {
+          ...data,
+          client: 'mcp-server',
+          timestamp: Date.now()
+        }
+      })
+    }).catch(() => {}); // Silently ignore errors
+  } catch (e) {
+    // Analytics should never block or fail user flows
+  }
+}
+
+/**
+ * Track empty inbox interaction
+ * @param {string} action - Which action was taken (or 'none' if user closed)
+ * @param {object} context - Context about the state (hadOnboardingTask, hadRecentShips, etc.)
+ */
+function trackEmptyInbox(action, context = {}) {
+  // Track that user reached empty inbox state
+  track('empty_inbox_reached', {
+    hadRecentThreads: context.recentThreads?.length > 0,
+    hadOnboardingTask: !!context.onboardingTask,
+    hadRecentShips: context.recentShips?.length > 0
+  });
+
+  // If an action was taken, track it
+  if (action && action !== 'none') {
+    track('empty_inbox_action', {
+      action,
+      ...context
+    });
+  }
+}
+
+/**
+ * Track lurk mode state change
+ * @param {boolean} enabled - Whether lurk mode was enabled or disabled
+ */
+function trackLurkMode(enabled) {
+  track(enabled ? 'lurk_mode_enabled' : 'lurk_mode_disabled', {});
+}
+
+/**
+ * Track onboarding task completion
+ * @param {string} taskId - The task that was completed
+ */
+function trackOnboardingTask(taskId) {
+  track('onboarding_task_completed', { taskId });
+}
+
+/**
+ * Track discovery initiation
+ * @param {string} source - Where discovery was initiated from (inbox, start, etc.)
+ */
+function trackDiscovery(source) {
+  track('discovery_initiated', { source });
+}
+
+/**
+ * Track session lifecycle
+ * @param {string} event - 'started' or 'ended'
+ * @param {object} sessionData - Session metrics (duration, actions, etc.)
+ */
+function trackSession(event, sessionData = {}) {
+  track(event === 'started' ? 'session_started' : 'session_ended', sessionData);
+}
+
+module.exports = {
+  track,
+  trackEmptyInbox,
+  trackLurkMode,
+  trackOnboardingTask,
+  trackDiscovery,
+  trackSession
+};

package/auto-update.js

@@ -0,0 +1,125 @@
+/**
+ * Auto-update mechanism for /vibe MCP server
+ * Checks for updates and prompts user to update
+ */
+
+import { exec } from 'child_process';
+import { promisify } from 'util';
+import fs from 'fs/promises';
+import path from 'path';
+import { fileURLToPath } from 'url';
+
+const execAsync = promisify(exec);
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
+
+export async function checkForUpdates() {
+  try {
+    // Read local version
+    const versionPath = path.join(__dirname, 'version.json');
+    const localVersion = JSON.parse(await fs.readFile(versionPath, 'utf-8'));
+
+    // Check remote version
+    const response = await fetch('https://www.slashvibe.dev/api/version', {
+      headers: { 'User-Agent': 'vibe-mcp-client' }
+    });
+
+    if (!response.ok) {
+      return null; // Silent fail - don't block startup
+    }
+
+    const remoteVersion = await response.json();
+
+    // Compare versions
+    if (compareVersions(remoteVersion.version, localVersion.version) > 0) {
+      return {
+        current: localVersion.version,
+        latest: remoteVersion.version,
+        changelog: remoteVersion.changelog,
+        features: remoteVersion.features,
+        breaking: remoteVersion.breaking
+      };
+    }
+
+    return null; // Up to date
+  } catch (error) {
+    // Silent fail - don't block startup
+    return null;
+  }
+}
+
+export async function performUpdate() {
+  try {
+    const repoPath = path.join(__dirname, '..');
+
+    // Check if we're in a git repo
+    try {
+      await execAsync('git rev-parse --git-dir', { cwd: repoPath });
+    } catch {
+      throw new Error('Not a git repository. Manual update required.');
+    }
+
+    // Stash any local changes
+    await execAsync('git stash', { cwd: repoPath });
+
+    // Pull latest
+    const { stdout, stderr } = await execAsync('git pull origin main', { cwd: repoPath });
+
+    // Pop stash if we had changes
+    try {
+      await execAsync('git stash pop', { cwd: repoPath });
+    } catch {
+      // No stash to pop, that's fine
+    }
+
+    return {
+      success: true,
+      output: stdout,
+      message: 'Update successful! Restart /vibe to apply changes.'
+    };
+  } catch (error) {
+    return {
+      success: false,
+      error: error.message
+    };
+  }
+}
+
+export function compareVersions(v1, v2) {
+  const parts1 = v1.split('.').map(Number);
+  const parts2 = v2.split('.').map(Number);
+
+  for (let i = 0; i < 3; i++) {
+    if (parts1[i] > parts2[i]) return 1;
+    if (parts1[i] < parts2[i]) return -1;
+  }
+
+  return 0;
+}
+
+export function formatUpdateNotification(update) {
+  if (!update) return null;
+
+  let message = `\n${'='.repeat(60)}\n`;
+  message += `📦 /vibe UPDATE AVAILABLE\n`;
+  message += `${'='.repeat(60)}\n\n`;
+  message += `Current: v${update.current}\n`;
+  message += `Latest:  v${update.latest}${update.breaking ? ' ⚠️  BREAKING' : ''}\n\n`;
+  message += `${update.changelog}\n\n`;
+
+  if (update.features && update.features.length > 0) {
+    message += `New features:\n`;
+    update.features.forEach(f => {
+      message += `  • ${f}\n`;
+    });
+    message += `\n`;
+  }
+
+  message += `Update now:\n`;
+  message += `  vibe update\n`;
+  message += `\n`;
+  message += `Or manually:\n`;
+  message += `  cd ~/.vibe/vibe-repo && git pull origin main\n`;
+  message += `${'='.repeat(60)}\n`;
+
+  return message;
+}

package/bridges/agent-gateway.js

@@ -0,0 +1,351 @@
+/**
+ * Agent Gateway Bridge — Event push + local state for external agents
+ *
+ * The /vibe platform API (slashvibe.dev) already provides:
+ * - Messaging: POST/GET /api/messages
+ * - Presence: POST/GET /api/presence
+ * - Board: POST/GET /api/board (ships, ideas, requests)
+ * - Discovery: GET /api/discover
+ * - Agents: GET /api/agents
+ * - Auth: JWT via /api/auth/*
+ *
+ * This bridge fills the GAPS for external agent gateways (Clawdbot, @seth):
+ *
+ * 1. EVENT PUSH — Platform is pull-based. This pushes events to agents.
+ * 2. LOCAL STATE — Memory, reservations, and session data are local-only.
+ * 3. AIRC IDENTITY — Verifies agent identity via Ed25519 signatures.
+ * 4. AGENT REGISTRY — Tracks which agents are connected + their capabilities.
+ *
+ * External agents should use the platform API directly for:
+ *   DMs, presence, board, discovery, profiles
+ * And use THIS bridge for:
+ *   Event subscriptions, local memory queries, AIRC verification
+ */
+
+const crypto = require('../crypto');
+const config = require('../config');
+const memory = require('../memory');
+const debug = require('../debug');
+
+// ============ AGENT REGISTRY ============
+
+/**
+ * Known agent gateways
+ * @type {Map<string, {handle: string, publicKey: string, endpoint: string, capabilities: string[], registeredAt: number}>}
+ */
+const agentRegistry = new Map();
+
+/**
+ * Event subscriptions — agents subscribe to event types and get HTTP pushes
+ * @type {Map<string, {endpoint: string, events: string[], handle: string}>}
+ */
+const eventSubscriptions = new Map();
+
+/**
+ * Register an external agent gateway with AIRC identity
+ *
+ * @param {object} params
+ * @param {string} params.handle Agent handle (e.g. "seth-agent")
+ * @param {string} params.publicKey Base64 Ed25519 public key (AIRC)
+ * @param {string} [params.endpoint] HTTP callback URL for event pushes
+ * @param {string[]} [params.capabilities] What this agent can do
+ * @param {string} [params.signature] AIRC signature proving key ownership
+ * @returns {{success: boolean, agentId?: string, error?: string}}
+ */
+function registerAgent({ handle, publicKey, endpoint, capabilities = [], signature }) {
+  if (!handle || !publicKey) {
+    return { success: false, error: 'handle and publicKey required' };
+  }
+
+  // Verify AIRC signature if provided (proves private key ownership)
+  if (signature) {
+    const valid = crypto.verify(
+      { handle, publicKey, endpoint, capabilities },
+      publicKey
+    );
+    if (!valid) {
+      return { success: false, error: 'Invalid AIRC signature' };
+    }
+  }
+
+  const agentId = `agent_${handle}_${Date.now().toString(36)}`;
+
+  agentRegistry.set(handle, {
+    agentId,
+    handle,
+    publicKey,
+    endpoint: endpoint || null,
+    capabilities,
+    registeredAt: Date.now()
+  });
+
+  debug(`[agent-gateway] Registered @${handle} (${agentId})`);
+  return { success: true, agentId, handle };
+}
+
+/**
+ * Verify an AIRC-signed message from a registered agent
+ *
+ * @param {object} message Signed message with `from` and `signature` fields
+ * @returns {{valid: boolean, handle?: string, verified?: string, error?: string}}
+ */
+function verifyAgentMessage(message) {
+  if (!message || !message.from) {
+    return { valid: false, error: 'Missing from field' };
+  }
+
+  const agent = agentRegistry.get(message.from);
+
+  // AIRC-verified: registered agent with valid signature
+  if (agent && message.signature) {
+    const valid = crypto.verify(message, agent.publicKey);
+    if (!valid) {
+      return { valid: false, error: 'AIRC signature verification failed' };
+    }
+    return { valid: true, handle: message.from, verified: 'airc' };
+  }
+
+  // Registered but unsigned — allow with lower trust
+  if (agent && !message.signature) {
+    debug(`[agent-gateway] Unsigned request from registered agent @${message.from}`);
+    return { valid: true, handle: message.from, verified: 'registered' };
+  }
+
+  return { valid: false, error: `Unknown agent: ${message.from}. Register first via POST /agent/register` };
+}
+
+// ============ EVENT PUSH ============
+
+/**
+ * Subscribe an agent to /vibe events (push model)
+ *
+ * Event types:
+ * - dm: New direct messages for the subscribed handle
+ * - mention: @mentions in feed/board
+ * - ship: New ships from connections
+ * - presence: People coming online/offline
+ * - handoff: Task handoff requests
+ *
+ * @param {string} handle Agent handle
+ * @param {string} endpoint HTTP callback URL to receive events
+ * @param {string[]} events Event types to subscribe to
+ * @returns {{success: boolean, subscribed: string[]}}
+ */
+function subscribe(handle, endpoint, events = ['dm', 'mention', 'ship', 'presence']) {
+  if (!endpoint) {
+    return { success: false, error: 'endpoint required' };
+  }
+
+  eventSubscriptions.set(handle, { endpoint, events, handle });
+  debug(`[agent-gateway] @${handle} subscribed to [${events.join(', ')}] → ${endpoint}`);
+  return { success: true, subscribed: events };
+}
+
+/**
+ * Unsubscribe an agent from events
+ * @param {string} handle Agent handle
+ */
+function unsubscribe(handle) {
+  eventSubscriptions.delete(handle);
+  debug(`[agent-gateway] @${handle} unsubscribed`);
+  return { success: true };
+}
+
+/**
+ * Push an event to all subscribed agents
+ * AIRC-signed if we have a keypair (proves event came from /vibe)
+ *
+ * Called by notify.js and tool handlers when events occur.
+ *
+ * @param {string} eventType Event type (dm, mention, ship, presence, handoff)
+ * @param {object} eventData Event payload
+ */
+async function pushEvent(eventType, eventData) {
+  const keypair = config.getKeypair();
+  const myHandle = config.getHandle();
+
+  for (const [handle, sub] of eventSubscriptions) {
+    if (!sub.events.includes(eventType)) continue;
+    if (!sub.endpoint) continue;
+
+    const event = {
+      v: '0.1',
+      type: 'vibe_event',
+      event: eventType,
+      data: eventData,
+      from: myHandle || 'vibe-mcp',
+      timestamp: Math.floor(Date.now() / 1000)
+    };
+
+    // AIRC sign so receiver can verify this came from /vibe
+    if (keypair) {
+      event.signature = crypto.sign(event, keypair.privateKey);
+      event.publicKey = keypair.publicKey;
+    }
+
+    try {
+      const response = await fetch(sub.endpoint, {
+        method: 'POST',
+        headers: {
+          'Content-Type': 'application/json',
+          'X-Vibe-Event': eventType,
+          'X-Vibe-Source': 'vibe-mcp'
+        },
+        body: JSON.stringify(event)
+      });
+
+      if (!response.ok) {
+        debug(`[agent-gateway] Push to @${handle} failed: HTTP ${response.status}`);
+      }
+    } catch (e) {
+      debug(`[agent-gateway] Push to @${handle} failed: ${e.message}`);
+    }
+  }
+}
+
+// ============ LOCAL STATE QUERIES ============
+// These expose data that lives only in the MCP process, not on the platform API
+
+/**
+ * Query local memory (thread-scoped JSONL files)
+ * Platform API doesn't have memory — it's local-first by design
+ */
+function queryMemory(handle, limit = 10, search = null) {
+  const memories = memory.recall(handle, limit);
+
+  if (search && memories.length > 0) {
+    return memories.filter(m =>
+      m.observation.toLowerCase().includes(search.toLowerCase())
+    );
+  }
+
+  return memories;
+}
+
+/**
+ * Store a memory observation (local-first)
+ */
+function storeMemory(handle, observation) {
+  memory.remember(handle, observation);
+  return { success: true, handle, observation };
+}
+
+/**
+ * List all memory threads
+ */
+function listMemoryThreads() {
+  return memory.listThreads();
+}
+
+// ============ HTTP HANDLER ============
+
+/**
+ * HTTP handler for the agent gateway
+ *
+ * Routes:
+ *   POST /agent/register     — Register agent with AIRC public key
+ *   POST /agent/subscribe    — Subscribe to event pushes
+ *   POST /agent/unsubscribe  — Unsubscribe from events
+ *   POST /agent/memory       — Query/store local memory
+ *   GET  /agent/status       — Gateway health + registered agents
+ *
+ * For everything else, agents hit the platform API directly:
+ *   POST https://slashvibe.dev/api/messages  — Send DMs
+ *   GET  https://slashvibe.dev/api/presence   — Who's online
+ *   POST https://slashvibe.dev/api/board      — Ship/idea/request
+ *   GET  https://slashvibe.dev/api/discover   — Find people
+ *   GET  https://slashvibe.dev/api/agents     — Agent directory
+ */
+async function handleRequest(req) {
+  const { path, method, body } = req;
+
+  // Health / status
+  if (path === '/agent/status' && method === 'GET') {
+    const agents = [];
+    for (const [, agent] of agentRegistry) {
+      agents.push({
+        handle: agent.handle,
+        capabilities: agent.capabilities,
+        registeredAt: agent.registeredAt,
+        hasEndpoint: !!agent.endpoint
+      });
+    }
+
+    return {
+      status: 'ok',
+      agents,
+      subscriptions: eventSubscriptions.size,
+      version: '0.1.0',
+      platform_api: config.getApiUrl(),
+      note: 'For DMs, presence, board, discovery — use the platform API directly'
+    };
+  }
+
+  if (method !== 'POST') {
+    return { error: 'Method not allowed', status: 405 };
+  }
+
+  const data = typeof body === 'string' ? JSON.parse(body) : body;
+
+  switch (path) {
+    case '/agent/register':
+      return registerAgent(data);
+
+    case '/agent/subscribe': {
+      const v = verifyAgentMessage(data);
+      if (!v.valid) return { success: false, error: v.error, status: 401 };
+      return subscribe(v.handle, data.endpoint, data.events);
+    }
+
+    case '/agent/unsubscribe': {
+      const v = verifyAgentMessage(data);
+      if (!v.valid) return { success: false, error: v.error, status: 401 };
+      return unsubscribe(v.handle);
+    }
+
+    case '/agent/memory': {
+      const v = verifyAgentMessage(data);
+      if (!v.valid) return { success: false, error: v.error, status: 401 };
+
+      if (data.action === 'recall') {
+        const memories = queryMemory(data.handle, data.limit, data.search);
+        return { success: true, memories };
+      }
+      if (data.action === 'remember') {
+        return storeMemory(data.handle, data.observation);
+      }
+      if (data.action === 'threads') {
+        return { success: true, threads: listMemoryThreads() };
+      }
+      return { success: false, error: 'action must be: recall, remember, or threads' };
+    }
+
+    default:
+      return { error: 'Not found', status: 404 };
+  }
+}
+
+// ============ EXPORTS ============
+
+module.exports = {
+  // Registration
+  registerAgent,
+  verifyAgentMessage,
+
+  // Event push (the main value-add over platform API)
+  subscribe,
+  unsubscribe,
+  pushEvent,
+
+  // Local state (not on platform)
+  queryMemory,
+  storeMemory,
+  listMemoryThreads,
+
+  // HTTP handler
+  handleRequest,
+
+  // Registry access
+  getAgentRegistry: () => agentRegistry,
+  getSubscriptions: () => eventSubscriptions
+};