tylor-mcp 1.1.0 → 1.1.2

package/bin/tylor.js

@@ -55,4 +55,3 @@ if (result.error || result.status !== 0) {
 }
 
 process.exit(result.status);
-

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "tylor-mcp",
-  "version": "1.1.0",
+  "version": "1.1.2",
   "description": "Give Claude Code persistent memory, laser-focused context, and an autonomous team of specialists.",
   "main": "server/main.py",
   "bin": {
@@ -20,5 +20,8 @@
     "github-copilot"
   ],
   "author": "Gunjan Grunge",
-  "license": "MIT"
+  "license": "MIT",
+  "scripts": {
+    "dev:sync": "node scripts/dev-sync.js"
+  }
 }

package/pytest.ini

@@ -1,2 +1,2 @@
-[pytest]
-asyncio_mode = auto
+[pytest]
+asyncio_mode = auto

package/scripts/dev-sync.js

@@ -0,0 +1,113 @@
+#!/usr/bin/env node
+/**
+ * dev-sync.js — sync dev changes to the live installed server.
+ *
+ * Reads PYTHONPATH from ~/.claude/settings.json (written there by install.py),
+ * so it always targets the correct installed location regardless of npm version
+ * or _npx cache hash. No hardcoding.
+ *
+ * Usage:
+ *   npm run dev:sync
+ */
+
+const fs   = require('fs');
+const path = require('path');
+const os   = require('os');
+
+// ── Find the installed server path from settings.json ────────────────────────
+
+function findInstalledPath() {
+  const candidates = [
+    path.join(os.homedir(), '.claude', 'settings.json'),
+    path.join(os.homedir(), 'AppData', 'Roaming', 'Claude', 'settings.json'),
+  ];
+
+  for (const candidate of candidates) {
+    if (!fs.existsSync(candidate)) continue;
+    try {
+      const settings = JSON.parse(fs.readFileSync(candidate, 'utf8'));
+      const pythonpath =
+        settings?.mcpServers?.agent101?.env?.PYTHONPATH;
+      if (pythonpath && fs.existsSync(pythonpath)) {
+        return pythonpath;
+      }
+    } catch (_) { /* malformed — skip */ }
+  }
+  return null;
+}
+
+// ── Files and directories to sync ────────────────────────────────────────────
+
+const DEV_ROOT = path.join(__dirname, '..');
+
+const SYNC_FILES = [
+  'server/tools/harness.py',
+  'server/tools/security.py',
+  'server/tools/executor.py',
+  'server/tools/registry.py',
+];
+
+const SYNC_DIRS = [
+  'skills',
+];
+
+// ── Helpers ───────────────────────────────────────────────────────────────────
+
+function copyFile(src, dst) {
+  fs.mkdirSync(path.dirname(dst), { recursive: true });
+  fs.copyFileSync(src, dst);
+}
+
+function syncDir(srcDir, dstDir) {
+  if (!fs.existsSync(srcDir)) return 0;
+  let count = 0;
+  for (const entry of fs.readdirSync(srcDir, { withFileTypes: true })) {
+    const srcPath = path.join(srcDir, entry.name);
+    const dstPath = path.join(dstDir, entry.name);
+    if (entry.isDirectory()) {
+      count += syncDir(srcPath, dstPath);
+    } else {
+      copyFile(srcPath, dstPath);
+      count++;
+    }
+  }
+  return count;
+}
+
+// ── Main ──────────────────────────────────────────────────────────────────────
+
+const installed = findInstalledPath();
+
+if (!installed) {
+  console.error('❌  Could not find installed server path in ~/.claude/settings.json');
+  console.error('    Run: npx tylor-mcp  to install first.');
+  process.exit(1);
+}
+
+console.log(`🎯  Target: ${installed}\n`);
+
+let total = 0;
+
+for (const rel of SYNC_FILES) {
+  const src = path.join(DEV_ROOT, rel);
+  const dst = path.join(installed, rel);
+  if (!fs.existsSync(src)) {
+    console.warn(`⚠️   skip (not found): ${rel}`);
+    continue;
+  }
+  copyFile(src, dst);
+  console.log(`  ✓  ${rel}`);
+  total++;
+}
+
+for (const rel of SYNC_DIRS) {
+  const src = path.join(DEV_ROOT, rel);
+  const dst = path.join(installed, rel);
+  const n = syncDir(src, dst);
+  if (n > 0) {
+    console.log(`  ✓  ${rel}/ (${n} files)`);
+    total += n;
+  }
+}
+
+console.log(`\n✅  ${total} file(s) synced. Restart Claude Code to pick up changes.`);

package/server/tools/agents.py

@@ -235,16 +235,29 @@ def _run_persona_agent(
         return {"output_sk": None, "output": "", "error": str(exc)}
 
     # Persist output to thread
-    try:
-        result = persist_agent_output(
-            thread_id=thread_id,
-            agent_id=agent_id,
-            output=output or "(no output)",
-            task=task,
-        )
-        output_sk = result.get("output_sk")
-    except Exception:
-        output_sk = None
+    try:
+        result = persist_agent_output(
+            thread_id=thread_id,
+            agent_id=agent_id,
+            output=output or "(no output)",
+            task=task,
+        )
+        output_sk = result.get("output_sk")
+    except Exception as exc:
+        message = f"{persona} output persistence failed: {exc}"
+        _record_agent_event(db, thread_id, agent_id, persona, "error", message)
+        _write_agent_state(
+            db,
+            thread_id,
+            agent_id,
+            {
+                "Status": "failed",
+                "Persona": persona,
+                "Task": task,
+                "Error": str(exc),
+            },
+        )
+        return {"output_sk": None, "output": output, "error": str(exc)}
 
     # Update agent state to completed
     _write_agent_state(
@@ -332,7 +345,11 @@ def spawn_agent(persona: str, thread_id: str, task: str, wait_for_completion: bo
         )
         worker.start()
 
-    return {
+    status = "running"
+    if wait_for_completion:
+        status = "failed" if execution.get("error") else "completed"
+
+    return {
         "agent_id": agent_id,
         "persona": definition.name,
         "thread_id": thread_id,
@@ -341,7 +358,7 @@ def spawn_agent(persona: str, thread_id: str, task: str, wait_for_completion: bo
         "task": task,
         "state_sk": state_item["SK"],
         "output_sk": execution.get("output_sk"),
-        "status": "completed" if wait_for_completion else "running",
+        "status": status,
         "streaming": not wait_for_completion,
         "skill_loads": persona_skill_loads,
         "task_skill": task_skill,

package/server/tools/executor.py

@@ -13,7 +13,7 @@ from pathlib import Path
 from mcp.server.fastmcp.exceptions import ToolError
 
 from ._mcp import mcp
-from .security import run_bumblebee_security_gate
+from .security import run_bumblebee_security_gate, should_prompt_on_push
 
 
 NO_SANDBOX_MESSAGE = "No sandbox configured — run /set-sandbox <path> first"
@@ -272,17 +272,34 @@ def _validate_command_paths(
 
 
 def _terminate_process_group(process: subprocess.Popen) -> None:
-    try:
-        os.killpg(process.pid, signal.SIGTERM)
-    except ProcessLookupError:
-        return
-    try:
-        process.wait(timeout=2)
-    except subprocess.TimeoutExpired:
+    """Terminate a process and its children — cross-platform."""
+    if os.name == "nt":
+        # Windows: no process groups — use taskkill to kill the tree
+        try:
+            subprocess.run(
+                ["taskkill", "/F", "/T", "/PID", str(process.pid)],
+                capture_output=True,
+                check=False,
+            )
+        except OSError:
+            pass
+        try:
+            process.kill()
+        except OSError:
+            pass
+    else:
+        # Unix: kill the entire process group (shell + children)
         try:
-            os.killpg(process.pid, signal.SIGKILL)
+            os.killpg(process.pid, signal.SIGTERM)
         except ProcessLookupError:
             return
+        try:
+            process.wait(timeout=2)
+        except subprocess.TimeoutExpired:
+            try:
+                os.killpg(process.pid, signal.SIGKILL)
+            except ProcessLookupError:
+                return
 
 
 @mcp.tool()
@@ -362,6 +379,18 @@ def execute_in_sandbox(
             },
         )
 
+    if should_prompt_on_push(command):
+        return {
+            "status": "confirmation_required",
+            "command": command,
+            "message": (
+                "[bumblebee] 🛡️  git push detected. "
+                "Want a security scan before others pull? "
+                "Reply yes to scan first, or re-call execute_in_sandbox with "
+                "the original command to push without scanning."
+            ),
+        }
+
     start = time.monotonic()
     try:
         args = shlex.split(command)
@@ -403,10 +432,15 @@ def execute_in_sandbox(
             },
         )
         return result
-    except subprocess.TimeoutExpired as exc:
+    except subprocess.TimeoutExpired:
         _terminate_process_group(process)
-        stdout = exc.stdout or ""
-        stderr = exc.stderr or ""
+        # Drain the pipe after kill to capture any partial output.
+        # This is critical on Windows where exc.stdout may be empty
+        # because the pipe buffer wasn't read before the process was killed.
+        try:
+            stdout, stderr = process.communicate(timeout=5)
+        except (subprocess.TimeoutExpired, OSError):
+            stdout, stderr = "", ""
         if isinstance(stdout, bytes):
             stdout = stdout.decode("utf-8", errors="replace")
         if isinstance(stderr, bytes):

package/server/tools/harness.py

@@ -7,13 +7,15 @@ Persistent session memory per thread. Interactive with human-in-the-loop.
 """
 from __future__ import annotations
 
-import asyncio
-import json
-from pathlib import Path
-from typing import AsyncIterator
+import asyncio
+import json
+import os
+from pathlib import Path
+from typing import AsyncIterator
 
 from ._mcp import mcp
 from .registry import ECC_SKILLS, detect_registry_skill
+from .security import is_dep_file, scan_packages_async, should_prompt_on_push
 
 # ── 5 roles (lenses, not knowledge bases) ────────────────────────────────────
 
@@ -233,64 +235,52 @@ def _load_session_id(thread_id: str) -> str | None:
         return None
 
 
-def _save_session_id(thread_id: str, session_id: str) -> None:
-    import fcntl
-    f = _sessions_file()
-    f.parent.mkdir(parents=True, exist_ok=True)
-    lock = f.with_suffix(".lock")
-    with lock.open("a") as lf:
-        fcntl.flock(lf, fcntl.LOCK_EX)
-        try:
-            data: dict = {}
-            if f.exists():
-                try:
-                    data = json.loads(f.read_text())
-                except Exception:
-                    pass
-            data[thread_id] = session_id
-            tmp = f.with_suffix(".tmp")
-            tmp.write_text(json.dumps(data, indent=2))
-            tmp.replace(f)
-        finally:
-            fcntl.flock(lf, fcntl.LOCK_UN)
+def _save_session_id(thread_id: str, session_id: str) -> None:
+    f = _sessions_file()
+    f.parent.mkdir(parents=True, exist_ok=True)
+    lock = f.with_suffix(".lock")
+    with lock.open("a+b") as lf:
+        if os.name == "nt":
+            import msvcrt
+
+            if lf.tell() == 0:
+                lf.write(b"\0")
+                lf.flush()
+            lf.seek(0)
+            msvcrt.locking(lf.fileno(), msvcrt.LK_LOCK, 1)
+        else:
+            import fcntl
+
+            fcntl.flock(lf, fcntl.LOCK_EX)
+        try:
+            data: dict = {}
+            if f.exists():
+                try:
+                    data = json.loads(f.read_text(encoding="utf-8"))
+                except Exception:
+                    pass
+            data[thread_id] = session_id
+            tmp = f.with_suffix(".tmp")
+            tmp.write_text(json.dumps(data, indent=2), encoding="utf-8")
+            tmp.replace(f)
+        finally:
+            if os.name == "nt":
+                lf.seek(0)
+                msvcrt.locking(lf.fileno(), msvcrt.LK_UNLCK, 1)
+            else:
+                fcntl.flock(lf, fcntl.LOCK_UN)
 
 
 # ── Core harness ──────────────────────────────────────────────────────────────
 
-def _block_to_verbose_text(block) -> str | None:
-    text = getattr(block, "text", None)
-    if isinstance(text, str) and text:
-        return text
-
-    block_type = getattr(block, "type", None) or block.__class__.__name__
-    name = getattr(block, "name", None)
-    tool_input = getattr(block, "input", None)
-    content = getattr(block, "content", None)
-
-    if name:
-        suffix = ""
-        if tool_input:
-            try:
-                suffix = " " + json.dumps(tool_input, ensure_ascii=False)[:500]
-            except Exception:
-                suffix = f" {tool_input!s}"[:500]
-        return f"\n$ {name}{suffix}\n"
-
-    if content:
-        if isinstance(content, str):
-            return f"\n[{block_type}] {content}\n"
-        return f"\n[{block_type}] {content!s}\n"
-
-    if block_type and block_type not in {"TextBlock", "text"}:
-        return f"\n[{block_type}]\n"
-    return None
-
 async def run_with_agents(
     message: str,
     thread_id: str,
     thread_name: str = "",
     cwd: str | None = None,
     system_prompt: str | None = None,
+    extra_tools: list[str] | None = None,
+    is_new_session: bool = False,
 ) -> AsyncIterator[str]:
     try:
         from claude_agent_sdk import query, ClaudeAgentOptions
@@ -305,43 +295,132 @@ async def run_with_agents(
 
     session_id = _load_session_id(thread_id)
 
+    base_tools = [
+        "Read", "Write", "Edit", "Bash", "Glob", "Grep",
+        "WebFetch", "WebSearch", "AskUserQuestion", "Agent",
+    ]
+    allowed_tools = base_tools + [t for t in (extra_tools or []) if t not in base_tools]
+
     options = ClaudeAgentOptions(
         system_prompt=system_prompt,
-        allowed_tools=[
-            "Read", "Write", "Edit", "Bash", "Glob", "Grep",
-            "WebFetch", "WebSearch", "AskUserQuestion", "Agent",
-        ],
+        allowed_tools=allowed_tools,
         agents=agent_registry,
         resume=session_id,
         cwd=cwd,
         max_turns=20,
     )
 
-    new_session_id: str | None = None
-    try:
-        async for msg in query(prompt=message, options=options):
-            # Capture session ID from ResultMessage (end of run)
+    # Kick off session-start scan in background so it runs alongside the agent
+    start_scan_task: asyncio.Task | None = None
+    if is_new_session and cwd:
+        yield "[bumblebee] starting session-start package scan...\n"
+        start_scan_task = asyncio.create_task(scan_packages_async(cwd))
+
+    agent_count = 0
+    dep_scan_tasks: list[tuple[str, asyncio.Task]] = []
+    bash_commands_seen: list[str] = []
+    new_session_id: str | None = None
+    query_error: Exception | None = None
+
+    try:
+        async for msg in query(prompt=message, options=options):
             sid = getattr(msg, "session_id", None)
             if sid:
                 new_session_id = sid
 
-            # Stream text and tool activity so the UI can mirror terminal-style
-            # verbose agent progress instead of only showing final answers.
             content = getattr(msg, "content", None) or getattr(msg, "text", None)
             if isinstance(content, str) and content:
                 yield content
             elif isinstance(content, list):
                 for block in content:
-                    verbose = _block_to_verbose_text(block)
-                    if verbose:
-                        yield verbose
-
-    except Exception as exc:
-        yield f"\n⚠️  Error: {exc}"
+                    name = getattr(block, "name", None)
+                    input_ = getattr(block, "input", None) or {}
+
+                    # ── Display ──────────────────────────────────────────────
+                    text = getattr(block, "text", None)
+                    if isinstance(text, str) and text:
+                        yield text
+                    elif name == "Agent":
+                        agent_count += 1
+                        role = (
+                            input_.get("subagent_type")
+                            or input_.get("description", "agent")
+                        )
+                        task_hint = (
+                            input_.get("description") or input_.get("prompt", "")
+                        )[:80].replace("\n", " ")
+                        yield f"\n[agent: {role} #{agent_count}] starting — {task_hint}\n"
+                    elif name:
+                        yield f"\n$ {name}\n"
+
+                    # ── Security side-effects ─────────────────────────────────
+                    if name in ("Write", "Edit"):
+                        fp = input_.get("file_path", "")
+                        if fp and is_dep_file(fp):
+                            fname = Path(fp).name
+                            dep_scan_tasks.append((
+                                fname,
+                                asyncio.create_task(
+                                    scan_packages_async(cwd or str(Path(fp).parent))
+                                ),
+                            ))
+                            yield f"\n[bumblebee] 📦 {fname} modified — scanning dependencies...\n"
+                    elif name == "Bash":
+                        cmd = input_.get("command", "")
+                        if cmd:
+                            bash_commands_seen.append(cmd)
+
+    except Exception as exc:
+        query_error = exc
+        yield f"\n⚠️  Error: {exc}"
 
     if new_session_id:
         _save_session_id(thread_id, new_session_id)
 
+    # ── Collect session-start scan result ─────────────────────────────────────
+    if start_scan_task:
+        try:
+            findings = await asyncio.wait_for(start_scan_task, timeout=60)
+            if findings:
+                yield "\n[bumblebee] ⚠️  session-start scan findings:\n"
+                for f in findings:
+                    yield f"  • {f}\n"
+            else:
+                yield "\n[bumblebee] ✅ session-start scan — no vulnerabilities found\n"
+        except asyncio.TimeoutError:
+            yield "\n[bumblebee] ⚠️  session-start scan timed out\n"
+        except Exception as exc:
+            yield f"\n[bumblebee] scan error: {exc}\n"
+
+    # ── Collect dep-file scan results ─────────────────────────────────────────
+    for fname, task in dep_scan_tasks:
+        try:
+            findings = await asyncio.wait_for(task, timeout=30)
+            if findings:
+                yield f"\n[bumblebee] ⚠️  {fname} scan findings:\n"
+                for f in findings:
+                    yield f"  • {f}\n"
+            else:
+                yield f"\n[bumblebee] ✅ {fname} scan — clean\n"
+        except asyncio.TimeoutError:
+            yield f"\n[bumblebee] ⚠️  {fname} scan timed out\n"
+        except Exception:
+            pass
+
+    # ── Push prompt ───────────────────────────────────────────────────────────
+    if any(should_prompt_on_push(cmd) for cmd in bash_commands_seen):
+        yield (
+            "\n[bumblebee] 🛡️  git push detected — want a security scan before others pull? "
+            "Ask me to run a security check or re-invoke with that request.\n"
+        )
+
+    # ── Completion summary ────────────────────────────────────────────────────
+    agent_label = f"{agent_count} agent{'s' if agent_count != 1 else ''}" if agent_count else "no sub-agents"
+    if query_error is not None:
+        yield f"\n[supervisor] failed — {agent_label} ran before error\n"
+    else:
+        yield f"\n[supervisor] complete — {agent_label} ran\n"
+
 
 # ── MCP tools ─────────────────────────────────────────────────────────────────
 
@@ -371,19 +450,42 @@ async def run_in_thread(thread_id: str, message: str, cwd: str | None = None) ->
     except Exception:
         pass
 
+    is_new_session = _load_session_id(thread_id) is None
+
     chunks: list[str] = []
+
+    # ── Intent classification log ─────────────────────────────────────────────
+    roles = _role_matches(message)
+    chunks.append(f"[agent101] intent classified: {', '.join(roles)}\n")
+
+    # ── Skill auto-detection and load ─────────────────────────────────────────
     auto_loaded = _auto_load_for_message(message)
+    extra_tools: list[str] = []
     if auto_loaded.get("matched"):
+        skill_name = auto_loaded.get("skill", "")
+        loaded = auto_loaded.get("loaded") or {}
+        extra_tools = list(loaded.get("tools", []))
         chunks.append(
-            "[agent101] auto-loaded skill "
-            f"{auto_loaded.get('skill')} ({auto_loaded.get('action')})\n"
+            f"[agent101] auto-loaded skill: {skill_name} "
+            f"({', '.join(extra_tools) if extra_tools else auto_loaded.get('action')})\n"
         )
+
+    ecc_matches = _matching_ecc_groups(message)
+    for match in ecc_matches:
+        group = match.get("tool_group", "")
+        if group and not any(t in extra_tools for t in (group,)):
+            chunks.append(f"[agent101] suggested skill: {group}\n")
+
     try:
-        async for chunk in run_with_agents(message, thread_id, thread_name, cwd):
+        async for chunk in run_with_agents(
+            message, thread_id, thread_name, cwd,
+            extra_tools=extra_tools,
+            is_new_session=is_new_session,
+        ):
             chunks.append(chunk)
     except asyncio.TimeoutError:
         chunks.append("\n⚠️  Harness timed out (240s). The agent may still be running.")
-    return "".join(chunks) or "(no output)"
+    return "Tylor:\n" + ("".join(chunks) or "(no output)")
 
 
 @mcp.tool()