npm - tandem-editor - Versions diffs - 0.6.3 → 0.7.0 - Mend

tandem-editor 0.6.3 → 0.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/dist/channel/index.js CHANGED Viewed

@@ -17925,6 +17925,25 @@ function resolveTandemUrl(override) {
   const raw = override ?? process.env.TANDEM_URL ?? `http://localhost:${DEFAULT_MCP_PORT}`;
   return raw.replace(/\/$/, "");
 }
+var VALID_TOKEN_RE = /^[A-Za-z0-9_\-]{32,}$/;
+var _warnedInvalidToken = false;
+async function authFetch(url, init) {
+  const token = process.env.TANDEM_AUTH_TOKEN;
+  if (token !== void 0 && token.trim() !== "") {
+    if (VALID_TOKEN_RE.test(token.trim())) {
+      const headers = new Headers(init?.headers);
+      headers.set("Authorization", `Bearer ${token.trim()}`);
+      return fetch(url, { ...init, headers });
+    }
+    if (!_warnedInvalidToken) {
+      _warnedInvalidToken = true;
+      console.error(
+        "[tandem] authFetch: TANDEM_AUTH_TOKEN is set but invalid (must be 32+ alphanumeric chars [A-Za-z0-9_-]); sending without Authorization header"
+      );
+    }
+  }
+  return fetch(url, init);
+}
 // src/server/events/types.ts
 var VALID_EVENT_TYPES = /* @__PURE__ */ new Set([
@@ -18042,7 +18061,7 @@ async function startEventBridge(mcp, tandemUrl) {
       if (retries >= CHANNEL_MAX_RETRIES) {
         console.error("[Channel] SSE connection exhausted, reporting error and exiting");
         try {
-          await fetch(`${tandemUrl}/api/channel-error`, {
+          await authFetch(`${tandemUrl}/api/channel-error`, {
             method: "POST",
             headers: { "Content-Type": "application/json" },
             body: JSON.stringify({
@@ -18065,7 +18084,7 @@ async function startEventBridge(mcp, tandemUrl) {
 async function connectAndStream(mcp, tandemUrl, lastEventId, onEventId) {
   const headers = { Accept: "text/event-stream" };
   if (lastEventId) headers["Last-Event-ID"] = lastEventId;
-  const res = await fetch(`${tandemUrl}/api/events`, { headers });
+  const res = await authFetch(`${tandemUrl}/api/events`, { headers });
   if (!res.ok) throw new Error(`SSE endpoint returned ${res.status}`);
   if (!res.body) throw new Error("SSE endpoint returned no body");
   const reader = res.body.getReader();
@@ -18076,7 +18095,7 @@ async function connectAndStream(mcp, tandemUrl, lastEventId, onEventId) {
   let pendingAwareness = null;
   const AWARENESS_CLEAR_MS = 3e3;
   function clearAwareness(documentId) {
-    fetch(`${tandemUrl}/api/channel-awareness`, {
+    authFetch(`${tandemUrl}/api/channel-awareness`, {
       method: "POST",
       headers: { "Content-Type": "application/json" },
       body: JSON.stringify({
@@ -18091,7 +18110,7 @@ async function connectAndStream(mcp, tandemUrl, lastEventId, onEventId) {
     if (!pendingAwareness) return;
     const event = pendingAwareness;
     pendingAwareness = null;
-    fetch(`${tandemUrl}/api/channel-awareness`, {
+    authFetch(`${tandemUrl}/api/channel-awareness`, {
       method: "POST",
       headers: { "Content-Type": "application/json" },
       body: JSON.stringify({
@@ -18168,7 +18187,7 @@ async function getCachedMode(tandemUrl) {
   const now = Date.now();
   if (now - cachedModeAt < MODE_CACHE_TTL_MS) return cachedMode;
   try {
-    const res = await fetch(`${tandemUrl}/api/mode`);
+    const res = await authFetch(`${tandemUrl}/api/mode`);
     if (res.ok) {
       const { mode } = await res.json();
       cachedMode = mode;
@@ -18240,7 +18259,7 @@ async function runChannel(opts = {}) {
     if (req.params.name === "tandem_reply") {
       const args = req.params.arguments;
       try {
-        const res = await fetch(`${tandemUrl}/api/channel-reply`, {
+        const res = await authFetch(`${tandemUrl}/api/channel-reply`, {
           method: "POST",
           headers: { "Content-Type": "application/json" },
           body: JSON.stringify(args)
@@ -18288,7 +18307,7 @@ async function runChannel(opts = {}) {
   });
   mcp.setNotificationHandler(PermissionRequestSchema, async ({ params }) => {
     try {
-      const res = await fetch(`${tandemUrl}/api/channel-permission`, {
+      const res = await authFetch(`${tandemUrl}/api/channel-permission`, {
         method: "POST",
         headers: { "Content-Type": "application/json" },
         body: JSON.stringify({
@@ -18353,6 +18372,21 @@ async function checkServerReachable(url, timeoutMs = 2e3) {
 }
 // src/channel/index.ts
+process.once("uncaughtException", (err) => {
+  const msg = err instanceof Error ? err.stack ?? err.message : String(err);
+  try {
+    process.stderr.write(`[tandem channel] uncaughtException: ${msg}
+`);
+  } catch {
+  }
+  process.exit(1);
+});
+process.once("unhandledRejection", (reason) => {
+  const detail = reason instanceof Error ? reason.message : String(reason);
+  process.stderr.write(`[tandem channel] unhandledRejection: ${detail}
+`);
+  process.exit(1);
+});
 runChannel().catch((err) => {
   console.error("[Channel] Fatal error:", err);
   process.exit(1);