tachibot-mcp 2.0.2

package/dist/src/tools/workflow-validator-tool.js

@@ -0,0 +1,107 @@
+/**
+ * Workflow validator MCP tool
+ */
+import { z } from 'zod';
+import { workflowValidator } from '../validators/workflow-validator.js';
+// Get all registered tools from the server
+// We'll treat ALL known tools as "enabled" for validation purposes
+// The tool validator will distinguish between "unknown" (error) and "disabled" (warning)
+function getAllKnownTools() {
+    // Return all known tool names
+    return new Set([
+        // Core
+        'think', 'focus', 'nextThought',
+        // Perplexity
+        'perplexity_ask', 'perplexity_reason', 'perplexity_research',
+        // Grok
+        'grok_reason', 'grok_code', 'grok_debug', 'grok_architect', 'grok_brainstorm', 'grok_search',
+        // OpenAI
+        'openai_compare', 'openai_brainstorm', 'openai_gpt5_reason', 'openai_code_review', 'openai_explain',
+        // Gemini
+        'gemini_brainstorm', 'gemini_analyze_code', 'gemini_analyze_text',
+        // Qwen
+        'qwen_coder',
+        // Kimi
+        'kimi_thinking',
+        // Advanced modes
+        'verifier', 'scout', 'challenger', 'hunter',
+        // Workflow
+        'workflow', 'list_workflows', 'create_workflow', 'visualize_workflow',
+        // Collaborative
+        'pingpong', 'qwen_competitive'
+    ]);
+}
+export const validateWorkflowTool = {
+    name: 'validate_workflow',
+    description: `Validates workflow YAML/JSON files for correctness.
+
+Checks:
+- Valid YAML/JSON syntax
+- Interpolation references (\${step.output}, \${variable}) point to valid steps/variables
+- Tool names exist and are enabled in tools.config.json
+- No circular dependencies in step execution order
+- Variable names follow snake_case convention
+
+Returns detailed error messages with suggestions for fixing issues.`,
+    parameters: z.object({
+        workflowContent: z.string()
+            .describe('The YAML or JSON content of the workflow to validate'),
+        isJson: z.boolean()
+            .optional()
+            .default(false)
+            .describe('Set to true if the content is JSON instead of YAML'),
+        format: z.enum(['text', 'json'])
+            .optional()
+            .default('text')
+            .describe('Output format: "text" for human-readable, "json" for structured data')
+    }),
+    execute: async (args) => {
+        try {
+            const result = await workflowValidator.validate(args.workflowContent, args.isJson || false, getAllKnownTools());
+            if (args.format === 'json') {
+                return workflowValidator.formatResultsJSON(result);
+            }
+            else {
+                return workflowValidator.formatResults(result);
+            }
+        }
+        catch (error) {
+            return `❌ Validation error: ${error.message}`;
+        }
+    }
+};
+export const validateWorkflowFileTool = {
+    name: 'validate_workflow_file',
+    description: `Validates a workflow file from the filesystem.
+
+Checks:
+- Valid YAML/JSON syntax
+- Interpolation references (\${step.output}, \${variable}) point to valid steps/variables
+- Tool names exist and are enabled in tools.config.json
+- No circular dependencies in step execution order
+- Variable names follow snake_case convention
+
+Returns detailed error messages with suggestions for fixing issues.`,
+    parameters: z.object({
+        filePath: z.string()
+            .describe('Path to the workflow file (YAML or JSON)'),
+        format: z.enum(['text', 'json'])
+            .optional()
+            .default('text')
+            .describe('Output format: "text" for human-readable, "json" for structured data')
+    }),
+    execute: async (args) => {
+        try {
+            const result = await workflowValidator.validateFile(args.filePath, getAllKnownTools());
+            if (args.format === 'json') {
+                return workflowValidator.formatResultsJSON(result);
+            }
+            else {
+                return workflowValidator.formatResults(result);
+            }
+        }
+        catch (error) {
+            return `❌ Validation error: ${error.message}`;
+        }
+    }
+};

package/dist/src/types.js

@@ -0,0 +1,23 @@
+export var WorkflowType;
+(function (WorkflowType) {
+    WorkflowType["CREATIVE_DISCOVERY"] = "creative_discovery";
+    WorkflowType["DEEP_RESEARCH"] = "deep_research";
+    WorkflowType["PROBLEM_SOLVING"] = "problem_solving";
+    WorkflowType["SYNTHESIS"] = "synthesis";
+    WorkflowType["FACT_CHECK"] = "fact_check";
+    // New Developer-Focused Workflows
+    WorkflowType["RAPID_PROTOTYPE"] = "rapid_prototype";
+    WorkflowType["CODE_QUALITY"] = "code_quality";
+    WorkflowType["SECURE_DEPLOYMENT"] = "secure_deployment";
+    WorkflowType["FULL_STACK_DEVELOPMENT"] = "full_stack_development";
+    WorkflowType["TEST_DRIVEN_DEVELOPMENT"] = "test_driven_development";
+    WorkflowType["CODE_REVIEW_WORKFLOW"] = "code_review_workflow";
+    WorkflowType["DOCUMENTATION_GENERATION"] = "documentation_generation";
+})(WorkflowType || (WorkflowType = {}));
+export var ToolStatus;
+(function (ToolStatus) {
+    ToolStatus["IDLE"] = "idle";
+    ToolStatus["PROCESSING"] = "processing";
+    ToolStatus["COMPLETE"] = "complete";
+    ToolStatus["ERROR"] = "error";
+})(ToolStatus || (ToolStatus = {}));

package/dist/src/utils/input-validator.js

@@ -0,0 +1,130 @@
+/**
+ * Input Validation and Sanitization Utilities
+ * Prevents prompt injection, XSS, and other security issues
+ */
+// Security constants
+export const MAX_INPUT_LENGTH = 50000; // 50k chars max
+export const MAX_PROMPT_LENGTH = 20000;
+export const MAX_SYSTEM_PROMPT_LENGTH = 5000;
+// Patterns to detect potential injection attempts
+// NOTE: Role injection (user:/assistant:/system:) pattern removed due to false positives
+// with legitimate LLM-generated content. For LLM-to-LLM calls, use skipValidation flag.
+const SUSPICIOUS_PATTERNS = [
+    /<\s*script/gi, // XSS attempts
+    /\b(exec|eval|require)\s*\(/gi, // Code execution attempts (must be function calls)
+    /;\s*(rm|del|format|drop\s+table)/gi, // Command/SQL injection
+    /\.\.\//g, // Path traversal
+    /\x00/g, // Null byte injection
+];
+/**
+ * Sanitize user input - remove control characters and limit length
+ */
+export function sanitizeInput(input, maxLength = MAX_INPUT_LENGTH) {
+    if (typeof input !== 'string') {
+        throw new Error('Input must be a string');
+    }
+    // Remove control characters (except newlines, tabs)
+    let sanitized = input.replace(/[\x00-\x08\x0B-\x0C\x0E-\x1F\x7F]/g, '');
+    // Limit length
+    if (sanitized.length > maxLength) {
+        sanitized = sanitized.slice(0, maxLength);
+    }
+    return sanitized;
+}
+/**
+ * Validate and sanitize tool input
+ */
+export function validateToolInput(input) {
+    try {
+        if (typeof input === 'string') {
+            // Check for empty input
+            if (input.trim().length === 0) {
+                return {
+                    valid: false,
+                    error: 'Input cannot be empty'
+                };
+            }
+            // Check length before sanitization
+            if (input.length > MAX_INPUT_LENGTH) {
+                return {
+                    valid: false,
+                    error: `Input too long (max ${MAX_INPUT_LENGTH} characters)`
+                };
+            }
+            // Check for suspicious patterns
+            for (const pattern of SUSPICIOUS_PATTERNS) {
+                if (pattern.test(input)) {
+                    return {
+                        valid: false,
+                        error: 'Input contains potentially malicious content'
+                    };
+                }
+            }
+            return {
+                valid: true,
+                sanitized: sanitizeInput(input)
+            };
+        }
+        if (typeof input === 'object' && input !== null) {
+            // Recursively sanitize object properties
+            const sanitized = Array.isArray(input) ? [] : {};
+            for (const [key, value] of Object.entries(input)) {
+                if (typeof value === 'string') {
+                    const result = validateToolInput(value);
+                    if (!result.valid)
+                        return result;
+                    sanitized[key] = result.sanitized;
+                }
+                else if (typeof value === 'object') {
+                    const result = validateToolInput(value);
+                    if (!result.valid)
+                        return result;
+                    sanitized[key] = result.sanitized;
+                }
+                else {
+                    sanitized[key] = value;
+                }
+            }
+            return { valid: true, sanitized };
+        }
+        return { valid: true, sanitized: input };
+    }
+    catch (error) {
+        return {
+            valid: false,
+            error: error instanceof Error ? error.message : 'Validation error'
+        };
+    }
+}
+/**
+ * Redact secrets from strings before logging
+ */
+export function sanitizeForLogging(text) {
+    let sanitized = text;
+    // Redact API keys
+    sanitized = sanitized.replace(/Bearer\s+[\w-]+/gi, 'Bearer [REDACTED]');
+    sanitized = sanitized.replace(/sk-[\w-]+/g, 'sk-[REDACTED]');
+    sanitized = sanitized.replace(/gsk_[\w-]+/g, 'gsk_[REDACTED]');
+    // Redact environment variable values
+    sanitized = sanitized.replace(/(API_KEY|TOKEN|SECRET)=[\w-]+/gi, '$1=[REDACTED]');
+    // Redact potential tokens in errors
+    sanitized = sanitized.replace(/["'][\w-]{32,}["']/g, '"[REDACTED]"');
+    return sanitized;
+}
+/**
+ * Validate model name to prevent injection
+ */
+export function validateModelName(model) {
+    // Allow only alphanumeric, hyphens, underscores, dots
+    const validPattern = /^[a-zA-Z0-9._-]+$/;
+    return validPattern.test(model) && model.length < 100;
+}
+/**
+ * Sanitize error for safe logging
+ */
+export function sanitizeError(error) {
+    if (error instanceof Error) {
+        return sanitizeForLogging(error.message);
+    }
+    return sanitizeForLogging(String(error));
+}

package/dist/src/utils/model-router.js

@@ -0,0 +1,91 @@
+/**
+ * Shared Model Router Utility
+ *
+ * Centralizes AI provider routing logic to eliminate duplication across
+ * Challenger, Verifier, Scout, and other tools.
+ */
+/**
+ * Routes model requests to appropriate AI provider based on model name
+ */
+export class SharedModelRouter {
+    /**
+     * Call any AI model with automatic provider routing
+     */
+    async callModel(options) {
+        const { model, prompt, maxTokens = 2000, temperature = 0.7, messages } = options;
+        const requestMessages = messages || [{ role: 'user', content: prompt }];
+        try {
+            let content;
+            let provider;
+            // Route to appropriate provider based on model name
+            if (model.includes('gemini')) {
+                const { callGemini } = await import('../tools/gemini-tools.js');
+                content = await callGemini(prompt, model, undefined, temperature);
+                provider = 'Google Gemini';
+            }
+            else if (model.includes('grok')) {
+                const { callGrok } = await import('../tools/grok-tools.js');
+                content = await callGrok(requestMessages, model, temperature, maxTokens);
+                provider = 'xAI Grok';
+            }
+            else if (model.includes('qwen') || model.includes('qwq')) {
+                // Qwen models go through OpenRouter
+                const { callOpenRouter } = await import('../tools/openrouter-tools.js');
+                content = await callOpenRouter(requestMessages, model, temperature, maxTokens);
+                provider = 'OpenRouter';
+            }
+            else if (model.includes('gpt')) {
+                const { callOpenAI } = await import('../tools/openai-tools.js');
+                content = await callOpenAI(requestMessages, model, temperature, maxTokens);
+                provider = 'OpenAI';
+            }
+            else if (model.includes('perplexity') || model.includes('sonar')) {
+                const { callPerplexity } = await import('../tools/perplexity-tools.js');
+                content = await callPerplexity(requestMessages, model);
+                provider = 'Perplexity';
+            }
+            else {
+                throw new Error(`Unknown model: ${model}. Supported providers: Gemini, Grok, OpenRouter (qwen/qwq), OpenAI (gpt), Perplexity (sonar)`);
+            }
+            return {
+                content,
+                tokens: Math.floor(content.length / 4),
+                provider
+            };
+        }
+        catch (error) {
+            console.error(`Error calling model ${model}:`, error);
+            throw new Error(`Failed to call ${model}: ${error.message}`);
+        }
+    }
+    /**
+     * Get provider name for a model (useful for logging)
+     */
+    getProviderName(model) {
+        if (model.includes('gemini'))
+            return 'Google Gemini';
+        if (model.includes('grok'))
+            return 'xAI Grok';
+        if (model.includes('qwen') || model.includes('qwq'))
+            return 'OpenRouter';
+        if (model.includes('gpt'))
+            return 'OpenAI';
+        if (model.includes('perplexity') || model.includes('sonar'))
+            return 'Perplexity';
+        return 'Unknown';
+    }
+    /**
+     * Check if a model is supported
+     */
+    isModelSupported(model) {
+        return (model.includes('gemini') ||
+            model.includes('grok') ||
+            model.includes('gpt') ||
+            model.includes('qwen') ||
+            model.includes('qwq') ||
+            model.includes('perplexity') ||
+            model.includes('sonar'));
+    }
+}
+// Singleton instance
+export const modelRouter = new SharedModelRouter();

package/dist/src/utils/progress-stream.js

@@ -0,0 +1,255 @@
+/**
+ * Progress Streaming Utilities
+ *
+ * Provides real-time progress updates for long-running MCP operations.
+ * Users see incremental output instead of waiting for final result.
+ */
+export class ProgressStream {
+    constructor(totalSteps = 1) {
+        this.updates = [];
+        this.currentStep = 0;
+        this.startTime = new Date();
+        this.totalSteps = totalSteps;
+    }
+    /**
+     * Emit progress update to stderr (visible to user in real-time)
+     */
+    emit(update) {
+        this.updates.push(update);
+        // Format for CLI output
+        const elapsed = Math.floor((update.timestamp.getTime() - this.startTime.getTime()) / 1000);
+        const timeStr = `[${elapsed}s]`;
+        let output = '';
+        switch (update.type) {
+            case 'start':
+                output = `\n🚀 ${update.message}`;
+                break;
+            case 'progress':
+                const progressBar = this.renderProgressBar(update.percentage || 0);
+                output = `\r${timeStr} ${progressBar} ${update.message}`;
+                break;
+            case 'step':
+                output = `\n${timeStr} ⚙️  Step ${this.currentStep}/${this.totalSteps}: ${update.message}`;
+                break;
+            case 'complete':
+                output = `\n\n✅ ${update.message} (completed in ${elapsed}s)`;
+                break;
+            case 'error':
+                output = `\n\n❌ ${update.message}`;
+                break;
+        }
+        // Write to stderr so it doesn't interfere with MCP JSON-RPC on stdout
+        console.error(output);
+    }
+    /**
+     * Render ASCII progress bar
+     */
+    renderProgressBar(percentage) {
+        const width = 20;
+        const filled = Math.floor(width * (percentage / 100));
+        const empty = width - filled;
+        return `[${'█'.repeat(filled)}${'░'.repeat(empty)}] ${percentage.toFixed(0)}%`;
+    }
+    /**
+     * Mark operation start
+     */
+    start(message) {
+        this.emit({
+            type: 'start',
+            message,
+            timestamp: new Date()
+        });
+    }
+    /**
+     * Update progress
+     */
+    progress(message, step, total) {
+        if (step !== undefined && total !== undefined) {
+            this.currentStep = step;
+            this.totalSteps = total;
+            const percentage = (step / total) * 100;
+            this.emit({
+                type: 'progress',
+                message,
+                percentage,
+                timestamp: new Date()
+            });
+        }
+        else {
+            this.emit({
+                type: 'progress',
+                message,
+                percentage: undefined,
+                timestamp: new Date()
+            });
+        }
+    }
+    /**
+     * Mark step completion
+     */
+    step(message, stepNumber) {
+        if (stepNumber !== undefined) {
+            this.currentStep = stepNumber;
+        }
+        else {
+            this.currentStep++;
+        }
+        this.emit({
+            type: 'step',
+            message,
+            metadata: { stepNumber: this.currentStep, totalSteps: this.totalSteps },
+            timestamp: new Date()
+        });
+    }
+    /**
+     * Mark operation complete
+     */
+    complete(message) {
+        this.emit({
+            type: 'complete',
+            message,
+            timestamp: new Date()
+        });
+    }
+    /**
+     * Mark operation error
+     */
+    error(message) {
+        this.emit({
+            type: 'error',
+            message,
+            timestamp: new Date()
+        });
+    }
+    /**
+     * Get all updates
+     */
+    getUpdates() {
+        return [...this.updates];
+    }
+    /**
+     * Get duration in seconds
+     */
+    getDuration() {
+        return Math.floor((new Date().getTime() - this.startTime.getTime()) / 1000);
+    }
+}
+/**
+ * Create progress stream for operation
+ */
+export function createProgressStream(totalSteps = 1) {
+    return new ProgressStream(totalSteps);
+}
+/**
+ * Wrap async operation with progress tracking
+ */
+export async function withProgress(operation, operationName, totalSteps) {
+    const stream = new ProgressStream(totalSteps || 1);
+    stream.start(operationName);
+    try {
+        const result = await operation(stream);
+        stream.complete(`${operationName} finished`);
+        return result;
+    }
+    catch (error) {
+        const errorMsg = error instanceof Error ? error.message : String(error);
+        stream.error(`${operationName} failed: ${errorMsg}`);
+        throw error;
+    }
+}
+/**
+ * Progress reporter for multi-model operations
+ */
+export class MultiModelProgressReporter {
+    constructor(models, operationName) {
+        this.models = models;
+        this.stream = new ProgressStream(models.length);
+        this.results = new Map(models.map(m => [m, { status: 'pending' }]));
+        this.stream.start(`${operationName} with ${models.length} models`);
+        this.printModelTable();
+    }
+    /**
+     * Print table of models and their status
+     */
+    printModelTable() {
+        console.error('\n📊 Model Status:');
+        console.error('┌' + '─'.repeat(50) + '┐');
+        this.models.forEach(model => {
+            const status = this.results.get(model)?.status || 'pending';
+            const icon = this.getStatusIcon(status);
+            const padding = ' '.repeat(Math.max(0, 40 - model.length));
+            console.error(`│ ${icon} ${model}${padding} │`);
+        });
+        console.error('└' + '─'.repeat(50) + '┘\n');
+    }
+    /**
+     * Get icon for status
+     */
+    getStatusIcon(status) {
+        switch (status) {
+            case 'pending': return '⏳';
+            case 'running': return '🔄';
+            case 'complete': return '✅';
+            case 'error': return '❌';
+            default: return '�';
+        }
+    }
+    /**
+     * Mark model as running
+     */
+    modelStarted(model) {
+        const result = this.results.get(model);
+        if (result) {
+            result.status = 'running';
+            this.stream.step(`${model} processing...`);
+        }
+    }
+    /**
+     * Mark model as complete
+     */
+    modelCompleted(model, output) {
+        const result = this.results.get(model);
+        if (result) {
+            result.status = 'complete';
+            result.output = output;
+            const completed = Array.from(this.results.values()).filter(r => r.status === 'complete').length;
+            this.stream.progress(`${completed}/${this.models.length} models completed`, completed, this.models.length);
+            // Show preview of output
+            const preview = output.substring(0, 100).replace(/\n/g, ' ');
+            console.error(`   📝 Preview: ${preview}${output.length > 100 ? '...' : ''}`);
+        }
+    }
+    /**
+     * Mark model as error
+     */
+    modelFailed(model, error) {
+        const result = this.results.get(model);
+        if (result) {
+            result.status = 'error';
+            console.error(`   ⚠️  ${model} failed: ${error}`);
+        }
+    }
+    /**
+     * Complete all operations
+     */
+    complete(message) {
+        const completed = Array.from(this.results.values()).filter(r => r.status === 'complete').length;
+        const failed = Array.from(this.results.values()).filter(r => r.status === 'error').length;
+        const summary = message || `${completed} models completed${failed > 0 ? `, ${failed} failed` : ''}`;
+        this.stream.complete(summary);
+        // Print final table
+        this.printModelTable();
+    }
+    /**
+     * Get progress stream
+     */
+    getStream() {
+        return this.stream;
+    }
+}
+/**
+ * Create progress reporter for multi-model operation
+ */
+export function createMultiModelReporter(models, operationName) {
+    return new MultiModelProgressReporter(models, operationName);
+}

package/dist/src/utils/provider-router.js

@@ -0,0 +1,88 @@
+/**
+ * ProviderRouter - Smart routing and failover between multiple providers
+ *
+ * Features:
+ * - Automatic failover on errors
+ * - Priority-based provider selection
+ * - Integration with SmartAPIClient for retries
+ * - NO metrics collection - privacy-first design
+ */
+import { smartAPIClient } from './smart-api-client.js';
+export class ProviderRouter {
+    constructor() {
+        this.smartClient = smartAPIClient;
+    }
+    static getInstance() {
+        if (!ProviderRouter.instance) {
+            ProviderRouter.instance = new ProviderRouter();
+        }
+        return ProviderRouter.instance;
+    }
+    /**
+     * Route request through providers with automatic failover
+     */
+    async route(providers, request, apiConfig) {
+        const startTime = Date.now();
+        const failedProviders = [];
+        let attempts = 0;
+        // Filter and sort providers
+        const availableProviders = this.selectAvailableProviders(providers);
+        if (availableProviders.length === 0) {
+            throw new Error('[ProviderRouter] No providers available or enabled');
+        }
+        console.log(`[ProviderRouter] Available providers: ${availableProviders.map(p => p.name).join(', ')}`);
+        // Try each provider in order
+        for (const provider of availableProviders) {
+            attempts++;
+            try {
+                console.log(`[ProviderRouter] Attempting ${provider.name} (attempt ${attempts}/${availableProviders.length})`);
+                const result = await this.smartClient.callWithRetries(provider.callable, {
+                    provider: provider.name,
+                    ...apiConfig
+                });
+                const totalTime = Date.now() - startTime;
+                console.log(`[ProviderRouter] Success with ${provider.name} ` +
+                    `(total time: ${totalTime}ms, attempts: ${attempts})`);
+                return {
+                    result,
+                    provider: provider.name,
+                    attempts,
+                    totalTime,
+                    failedProviders
+                };
+            }
+            catch (error) {
+                console.error(`[ProviderRouter] Provider ${provider.name} failed: ${error.message}`);
+                failedProviders.push(provider.name);
+                // If this was the last provider, throw
+                if (attempts >= availableProviders.length) {
+                    const totalTime = Date.now() - startTime;
+                    throw new Error(`[ProviderRouter] All providers exhausted (${availableProviders.map(p => p.name).join(', ')}) ` +
+                        `after ${attempts} attempts in ${totalTime}ms. Last error: ${error.message}`);
+                }
+                // Otherwise continue to next provider
+                console.log(`[ProviderRouter] Failing over to next provider...`);
+            }
+        }
+        // Should never reach here, but TypeScript needs it
+        throw new Error('[ProviderRouter] Unexpected routing failure');
+    }
+    /**
+     * Select and order available providers based on priority
+     */
+    selectAvailableProviders(providers) {
+        // Filter enabled providers
+        const enabled = providers.filter(p => p.enabled);
+        if (enabled.length === 0) {
+            return [];
+        }
+        // Sort by priority (lower first)
+        return enabled.sort((a, b) => {
+            const priorityA = a.priority ?? 999;
+            const priorityB = b.priority ?? 999;
+            return priorityA - priorityB;
+        });
+    }
+}
+// Export singleton instance
+export const providerRouter = ProviderRouter.getInstance();