npm - sp-rag - Versions diffs - 0.6.9 → 0.6.11 - Mend

sp-rag 0.6.9 → 0.6.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dist/cli.js CHANGED Viewed

@@ -151,7 +151,7 @@ async function loadRuntimeDefaults(parsed) {
             (explicitClient ? defaultSkillClientForMcpClient(explicitClient) : undefined) ??
             config?.skillClient ??
             derivedSkillClient,
-        skillTargetDir: optionString(parsed, 'target-dir') ?? config?.skillTargetDir,
+        skillTargetDir: optionString(parsed, 'target-dir'),
     };
 }
 function resolveSelectedClient(parsed, defaults, explicitClient) {
@@ -177,8 +177,21 @@ function deriveDefaultsForClient(parsed, defaults, client) {
         skillClient: nextSkillClient,
     };
 }
+function validateMcpToken(token) {
+    const normalized = token?.trim();
+    if (!normalized) {
+        return undefined;
+    }
+    if (normalized.startsWith('pat_')) {
+        throw new Error('Token dạng pat_ không dùng được cho MCP. Đây có vẻ là token_id, không phải generated_token bí mật. Hãy dùng token bắt đầu bằng grc_pat_.');
+    }
+    return normalized;
+}
+function validateStoredToken(defaults) {
+    validateMcpToken(defaults.mcpToken);
+}
 function resolveAuthForMcp(parsed, defaults) {
-    const authToken = optionString(parsed, 'mcp-token') ?? defaults.mcpToken;
+    const authToken = validateMcpToken(optionString(parsed, 'mcp-token') ?? defaults.mcpToken);
     const authEnvVar = optionString(parsed, 'auth-env-var') ?? defaults.authEnvVar;
     if (!authToken?.trim() && !authEnvVar?.trim()) {
         throw new Error('Chưa có token MCP trong config. Hãy chạy sp-rag install --client <client> --mcp-token <token> hoặc sp-rag token add --token <token>.');
@@ -223,7 +236,6 @@ function buildCliConfig(defaults) {
         authEnvVar: defaults.authEnvVar,
         mcpToken: defaults.mcpToken,
         skillClient: defaults.skillClient,
-        skillTargetDir: defaults.skillTargetDir,
         docsUrl: defaults.docsUrl,
     };
 }
@@ -373,8 +385,8 @@ async function runSkillInstall(parsed, defaults, explicitClient) {
     const result = await installSkill({
         client,
         cwd: optionString(parsed, 'cwd'),
-        scope: supportedScope(optionString(parsed, 'scope')) ?? defaults.defaultScope,
-        targetDir: optionString(parsed, 'target-dir') ?? defaults.skillTargetDir,
+        scope: supportedScope(optionString(parsed, 'scope')),
+        targetDir: optionString(parsed, 'target-dir'),
         serverAlias: optionString(parsed, 'server-alias') ?? defaults.serverAlias,
         mcpUrl: optionString(parsed, 'mcp-url') ?? defaults.mcpUrl,
         docsUrl: optionString(parsed, 'docs-url') ?? defaults.docsUrl,
@@ -411,6 +423,7 @@ async function emitDoctorReport(parsed, defaults, explicitClient, checks) {
 }
 async function runClientSetup(parsed, defaults, client) {
     const nextDefaults = deriveDefaultsForClient(parsed, defaults, client);
+    validateStoredToken(nextDefaults);
     const configPath = await saveResolvedConfig(nextDefaults);
     process.stdout.write(`Đã lưu config CLI tại ${configPath}\n`);
     if (!optionFlag(parsed, 'skip-mcp')) {
@@ -427,6 +440,7 @@ async function runInit(parsed) {
     const defaults = await loadRuntimeDefaults(parsed);
     const client = resolveSelectedClient(parsed, defaults);
     const nextDefaults = deriveDefaultsForClient(parsed, defaults, client);
+    validateStoredToken(nextDefaults);
     const configPath = await saveResolvedConfig(nextDefaults);
     process.stdout.write(`Đã lưu config CLI tại ${configPath}\n`);
     if (!optionFlag(parsed, 'skip-mcp') && client) {
@@ -457,7 +471,7 @@ async function runAdd(parsed) {
 }
 async function runTokenAdd(parsed) {
     const defaults = await loadRuntimeDefaults(parsed);
-    const token = optionString(parsed, 'token') ?? optionString(parsed, 'mcp-token') ?? defaults.mcpToken;
+    const token = validateMcpToken(optionString(parsed, 'token') ?? optionString(parsed, 'mcp-token') ?? defaults.mcpToken);
     if (!token?.trim()) {
         throw new Error('Thiếu token. Dùng --token <token>.');
     }
@@ -471,7 +485,7 @@ async function runTokenAdd(parsed) {
 }
 async function runTokenVerify(parsed) {
     const defaults = await loadRuntimeDefaults(parsed);
-    const token = optionString(parsed, 'token') ?? optionString(parsed, 'mcp-token') ?? defaults.mcpToken;
+    const token = validateMcpToken(optionString(parsed, 'token') ?? optionString(parsed, 'mcp-token') ?? defaults.mcpToken);
     if (!token?.trim()) {
         throw new Error('Thiếu token. Dùng --token <token>.');
     }
@@ -523,9 +537,9 @@ async function runExplain(parsed) {
             if (skillClient) {
                 const skillTarget = resolveSkillInstallTarget({
                     client: skillClient,
-                    scope,
+                    scope: supportedScope(optionString(parsed, 'scope')),
                     cwd: optionString(parsed, 'cwd'),
-                    targetDir: optionString(parsed, 'target-dir') ?? defaults.skillTargetDir,
+                    targetDir: optionString(parsed, 'target-dir'),
                     serverAlias: defaults.serverAlias,
                     mcpUrl: defaults.mcpUrl,
                     docsUrl: defaults.docsUrl,

package/dist/lib/doctor.js CHANGED Viewed

@@ -7,6 +7,18 @@ function normalizeEndpoint(value) {
     const trimmed = value.trim();
     return trimmed ? trimmed.replace(/\/+$/, '') : undefined;
 }
+function parseStringHeaders(value) {
+    if (!value || typeof value !== 'object') {
+        return undefined;
+    }
+    const headers = {};
+    for (const [key, headerValue] of Object.entries(value)) {
+        if (typeof headerValue === 'string') {
+            headers[key] = headerValue;
+        }
+    }
+    return Object.keys(headers).length > 0 ? headers : undefined;
+}
 function parseJsonEntries(raw, client) {
     const parsed = JSON.parse(raw);
     let sectionKey = 'mcpServers';
@@ -28,29 +40,16 @@ function parseJsonEntries(raw, client) {
             return [];
         }
         const entry = value;
-        const headers = parseStringHeaders(entry.headers);
         return [
             {
                 alias,
                 endpoint: normalizeEndpoint(entry[endpointKey]),
-                headers,
+                headers: parseStringHeaders(entry.headers),
                 oauth: entry.oauth,
             },
         ];
     });
 }
-function parseStringHeaders(value) {
-    if (!value || typeof value !== 'object') {
-        return undefined;
-    }
-    const headers = {};
-    for (const [key, headerValue] of Object.entries(value)) {
-        if (typeof headerValue === 'string') {
-            headers[key] = headerValue;
-        }
-    }
-    return Object.keys(headers).length > 0 ? headers : undefined;
-}
 function parseTomlEntries(raw) {
     const entries = new Map();
     let currentAlias;
@@ -141,14 +140,41 @@ function analyzeAuthorization(headerValue) {
         }
         const envVar = match[1];
         const envValue = process.env[envVar]?.trim();
+        if (!envValue) {
+            return {
+                authorizationState: 'env-missing',
+                authorizationSource: 'env',
+                authorizationEnvVar: envVar,
+                likelyOAuthLogin: true,
+            };
+        }
+        if (envValue.startsWith('pat_')) {
+            return {
+                authorizationState: 'invalid',
+                authorizationSource: 'env',
+                authorizationEnvVar: envVar,
+                authorizationInvalidReason: 'pat_token',
+                likelyOAuthLogin: true,
+            };
+        }
         return {
-            authorizationState: envValue ? 'env-present' : 'env-missing',
+            authorizationState: 'env-present',
             authorizationSource: 'env',
             authorizationEnvVar: envVar,
-            likelyOAuthLogin: !envValue,
+            likelyOAuthLogin: false,
         };
     }
-    if (/^Bearer\s+\S+/i.test(trimmed)) {
+    const bearerMatch = trimmed.match(/^Bearer\s+(\S+)$/i);
+    if (bearerMatch) {
+        const token = bearerMatch[1];
+        if (token.startsWith('pat_')) {
+            return {
+                authorizationState: 'invalid',
+                authorizationSource: 'literal',
+                authorizationInvalidReason: 'pat_token',
+                likelyOAuthLogin: true,
+            };
+        }
         return {
             authorizationState: 'present',
             authorizationSource: 'literal',
@@ -216,12 +242,19 @@ export async function diagnoseMcpConfig(options) {
         issues.push(`Authorization đang dùng biến môi trường ${authorization.authorizationEnvVar} nhưng biến này chưa có giá trị trong phiên hiện tại.`);
     }
     else if (authorization.authorizationState === 'invalid') {
-        issues.push('Authorization header có định dạng lạ, IDE có thể bỏ qua và bật OAuth.');
+        if (authorization.authorizationInvalidReason === 'pat_token') {
+            issues.push('Authorization đang dùng token dạng pat_. Đây có vẻ là token_id hoặc mã hiển thị, không phải generated_token bí mật cho MCP. Hãy dùng token bắt đầu bằng grc_pat_.');
+        }
+        else {
+            issues.push('Authorization header có định dạng lạ, IDE có thể bỏ qua và bật OAuth.');
+        }
     }
     const oauthDisabled = options.client === 'opencode' && typeof entry.oauth === 'boolean'
         ? entry.oauth === false
         : undefined;
-    if (options.client === 'opencode' && authorization.authorizationState !== 'missing' && oauthDisabled !== true) {
+    if (options.client === 'opencode' &&
+        authorization.authorizationState !== 'missing' &&
+        oauthDisabled !== true) {
         issues.push('OpenCode chưa có oauth=false dù đã cấu hình Authorization header.');
     }
     return {
@@ -241,13 +274,13 @@ export function formatMcpDoctorResult(result) {
         `MCP config cho ${result.client}: ${result.path} (${result.scope})`,
     ];
     if (!result.exists) {
-        lines.push(`- Trạng thái file: thiếu hoặc không đọc được`);
+        lines.push('- Trạng thái file: thiếu hoặc không đọc được');
         for (const issue of result.issues) {
             lines.push(`- Cảnh báo: ${issue}`);
         }
         return lines;
     }
-    lines.push(`- Trạng thái file: đã đọc được`);
+    lines.push('- Trạng thái file: đã đọc được');
     lines.push(`- Server entry: ${result.entryFound
         ? `${result.matchedAlias} (${result.matchedBy === 'endpoint' ? 'khớp theo endpoint' : 'khớp theo alias'})`
         : 'không tìm thấy'}`);
@@ -261,7 +294,9 @@ export function formatMcpDoctorResult(result) {
             : result.authorizationState === 'env-missing'
                 ? `dùng biến môi trường ${result.authorizationEnvVar} nhưng hiện chưa có giá trị`
                 : result.authorizationState === 'invalid'
-                    ? 'có header nhưng định dạng không hợp lệ'
+                    ? result.authorizationInvalidReason === 'pat_token'
+                        ? 'token hiện tại là pat_ nên không hợp lệ cho MCP'
+                        : 'có header nhưng định dạng không hợp lệ'
                     : 'thiếu hoàn toàn';
     lines.push(`- Authorization: ${authText}`);
     if (typeof result.oauthDisabled === 'boolean') {

package/dist/lib/skill.js CHANGED Viewed

@@ -1,6 +1,13 @@
 import os from 'node:os';
 import path from 'node:path';
 import { mkdir, writeFile } from 'node:fs/promises';
+const seoBoosterRemoteUrl = 'https://gitlab.com/secomapp/development/seo-booster.git';
+const seoBoosterProjectGuard = [
+    '- SP-RAG chỉ dành cho repo seo-booster.',
+    '- Trước tiên, nếu basename là `seo-booster` hoặc `sb` thì được phép gọi SP-RAG ngay.',
+    `- Nếu basename không phải \`seo-booster\` hoặc \`sb\`, hãy kiểm tra \`git remote get-url origin\` và chỉ gọi SP-RAG khi remote hiện tại là \`${seoBoosterRemoteUrl}\`.`,
+    '- Nếu project hiện tại không khớp hai điều kiện trên, không được gọi SP-RAG và phải nói rõ MCP này chỉ dành cho seo-booster.',
+].join('\n');
 function clientLabel(client) {
     switch (client) {
         case 'codex':
@@ -22,6 +29,7 @@ function normalizeScope(client, scope) {
         return scope;
     }
     switch (client) {
+        case 'claude-code':
         case 'cursor':
             return 'project';
         case 'vscode':
@@ -43,7 +51,9 @@ export function defaultSkillDir(client = 'codex', cwd, scope) {
         case 'codex':
             return path.join(os.homedir(), '.codex', 'skills', 'sp-rag');
         case 'claude-code':
-            return path.join(os.homedir(), '.claude', 'skills', 'sp-rag');
+            return normalizedScope === 'project'
+                ? path.join(requireProjectCwd(client, cwd), '.claude', 'skills', 'sp-rag')
+                : path.join(os.homedir(), '.claude', 'skills', 'sp-rag');
         case 'antigravity':
             return path.join(os.homedir(), '.gemini', 'antigravity', 'skills', 'sp-rag');
         case 'opencode':
@@ -89,6 +99,7 @@ Docs URL: \`${context.docsUrl}\`
 ## Guardrails
+${seoBoosterProjectGuard}
 - You must call SP-RAG MCP tools first for codebase or domain questions before using local workspace search, grep, or file reads.
 - Prefer MCP-grounded answers before relying on memory.
 - Treat \`answer_brief\` as a hint only. Prefer the richer evidence in \`matched_passages\`, \`top_entities\`, \`top_relations\`, and \`citations\` when writing the final answer.
@@ -107,6 +118,7 @@ alwaysApply: true
 # SP-RAG
+${seoBoosterProjectGuard}
 - You must call the \`${context.serverAlias}\` MCP server first before using local workspace search, grep, or file reads for codebase and domain questions.
 - Use rendered docs from \`${context.docsUrl}\` when documentation already answers the question.
 - For architecture, domain, entities, relations, and business workflow questions, query MCP first and only then synthesize the answer.
@@ -141,6 +153,7 @@ You must call an SP-RAG MCP tool before using local workspace search, grep, or f
 ## Guardrails
+${seoBoosterProjectGuard}
 - Prefer MCP-grounded evidence before answering from memory.
 - Treat \`answer_brief\` as a hint. Prefer the richer evidence in \`matched_passages\`, \`top_entities\`, \`top_relations\`, and \`citations\` when writing the final answer.
 - Do not use local workspace search, grep, or file reads until SP-RAG MCP has been tried first for the current question.
@@ -153,6 +166,7 @@ You must call an SP-RAG MCP tool before using local workspace search, grep, or f
 function renderVsCodeAlwaysOnInstructions(context) {
     return `# SP-RAG workspace instructions
+${seoBoosterProjectGuard}
 - Always use the \`${context.serverAlias}\` MCP server first for codebase, domain, architecture, workflow, and operational questions before local workspace search, grep, or file reads.
 - Start with \`healthz\` only when connectivity is uncertain or the session is new.
 - Use \`query_context\` first for feature, entity, relation, and business-flow questions.

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "sp-rag",
-  "version": "0.6.9",
+  "version": "0.6.11",
   "description": "CLI cho setup MCP, codegraph GitNexus và skill của SP-RAG",
   "type": "module",
   "files": [
@@ -9,12 +9,12 @@
   "bin": {
     "sp-rag": "dist/index.js"
   },
-  "scripts": {
-    "build": "tsc -p tsconfig.json",
-    "prepack": "npm run build",
-    "start": "node dist/index.js",
-    "test": "vitest run"
-  },
+  "scripts": {
+    "build": "tsc -p tsconfig.json",
+    "prepack": "npm run build",
+    "start": "node dist/index.js",
+    "test": "vitest run"
+  },
   "engines": {
     "node": ">=20"
   },