wyrm-mcp 7.2.0 → 7.2.2

package/dist/maintenance.js

@@ -1,150 +1,4 @@
-/**
- * Maintenance ops — v7 F3 (T023).
- *
- * The `wyrm_maintenance` MCP case body (index.ts), extracted VERBATIM so the
- * new `wyrm maintenance` CLI subcommand and the MCP tool run the SAME code
- * path (spec FR-4 / T023: CLI commands wrap existing src modules — never
- * reimplementations). Behavior, knobs, and step order are unchanged:
- *
- *   1. archive old sessions (opt-in via archiveDays)
- *   2. VACUUM (opt-in)
- *   3. prune session_seen_artifacts (WYRM_SEEN_TTL_DAYS, default 7)
- *   4. prune Live Memory events (WYRM_EVENT_RETAIN_DAYS / _MAX_PER_PROJECT)
- *   5. prune failure_blocks (same retention knob as the event log)
- *   6. reap stale presence + expired quest claims (v7 F3 T029 — eviction
- *      previously ran ONLY inline at claim time, so a fleet that stopped
- *      claiming never shed its dead leases between waves)
- *   7. prune run_briefs (T028 fleet-brief cache; same retention knob as
- *      the event log + a WYRM_RUN_BRIEFS_MAX count cap, default 512 —
- *      security pass #1: the soft-ref cache is caller-mintable)
- *   8. run-quarantine sweep (WYRM_RUN_INACTIVE_HOURS, default 24)
- *   9. WAL checkpoint
- *
- * Every prune/sweep step is failure-isolated — maintenance never fails on a
- * single step (the 6.x contract).
- *
- * @copyright 2026 Ghost Protocol (Pvt) Ltd.
- * @license AGPL-3.0-or-later — dual-licensed; commercial terms: ghosts.lk@proton.me. See LICENSE.
- */
-/**
- * Run the full maintenance sequence. Synchronous (every step is SQLite-local;
- * Article III: no network, no LLM). Returns the step report; rendering is the
- * caller's job (MCP case keeps its 6.x text verbatim, the CLI prints its own).
- */
-export function runMaintenance(deps, opts = {}) {
-    const { db, sessionSeen, failures, presence } = deps;
-    const { vacuum, archiveDays } = opts;
-    const lines = [];
-    if (archiveDays) {
-        const projects = db.getAllProjects(1000);
-        let archived = 0;
-        for (const p of projects) {
-            archived += db.archiveOldSessions(p.id, archiveDays);
-        }
-        lines.push(`Archived ${archived} old sessions`);
-    }
-    if (vacuum) {
-        db.vacuum();
-        lines.push(`Vacuumed database`);
-    }
-    // Spec 014: prune session_seen_artifacts older than WYRM_SEEN_TTL_DAYS (default 7).
-    try {
-        const ttlDays = parseInt(process.env.WYRM_SEEN_TTL_DAYS ?? '7', 10);
-        const pruned = sessionSeen.prune(Number.isFinite(ttlDays) && ttlDays > 0 ? ttlDays : 7);
-        if (pruned > 0)
-            lines.push(`Pruned ${pruned} session_seen_artifacts rows older than ${ttlDays}d`);
-    }
-    catch { /* never fail maintenance on this */ }
-    // Live Memory retention: bound the derived event log (default keep 90d /
-    // 5000 per project; override via WYRM_EVENT_RETAIN_DAYS / WYRM_EVENT_MAX_PER_PROJECT).
-    try {
-        const retainDays = parseInt(process.env.WYRM_EVENT_RETAIN_DAYS ?? '90', 10);
-        const maxPer = parseInt(process.env.WYRM_EVENT_MAX_PER_PROJECT ?? '5000', 10);
-        const { deleted } = db.pruneEvents({
-            olderThanDays: Number.isFinite(retainDays) ? retainDays : 90,
-            maxPerProject: Number.isFinite(maxPer) ? maxPer : 5000,
-        });
-        if (deleted > 0)
-            lines.push(`Pruned ${deleted} Live Memory events (retention)`);
-    }
-    catch { /* never fail maintenance on this */ }
-    // v7 F2 review fix: failure_blocks retention. The prevented-repeat
-    // ledger (migration 22) is append-only and caller-amplifiable (one
-    // row per blocked failure_check — a read tool with no rate limit), so
-    // bound it with the SAME retention knob as the event log.
-    try {
-        const retainDays = parseInt(process.env.WYRM_EVENT_RETAIN_DAYS ?? '90', 10);
-        const effectiveDays = Number.isFinite(retainDays) && retainDays > 0 ? retainDays : 90;
-        const prunedBlocks = failures.pruneBlocks(effectiveDays);
-        if (prunedBlocks > 0)
-            lines.push(`Pruned ${prunedBlocks} failure_blocks rows older than ${effectiveDays}d (retention)`);
-    }
-    catch { /* never fail maintenance on this */ }
-    // v7 F3 (T029): stale-claim eviction. presence.reap() previously ran ONLY
-    // inline at claimQuest/activeClaims time — an idle fleet (or one polling
-    // status without claiming) never shed dead-session leases. Maintenance is
-    // the async reclamation path orchestrators run between waves.
-    try {
-        const reaped = presence.reap();
-        if (reaped.presence > 0 || reaped.claims > 0) {
-            lines.push(`Reaped ${reaped.presence} stale presence row(s) and ${reaped.claims} expired quest claim(s)`);
-        }
-    }
-    catch { /* never fail maintenance on this */ }
-    // v7 F3 (T029): run_briefs retention — the T028 fleet-brief cache is one
-    // row per (run_id, role) and a brief is only meaningful DURING its run, so
-    // bound it with the SAME retention knob as the event log.
-    try {
-        const retainDays = parseInt(process.env.WYRM_EVENT_RETAIN_DAYS ?? '90', 10);
-        const effectiveDays = Number.isFinite(retainDays) && retainDays > 0 ? retainDays : 90;
-        const prunedBriefs = db.getDatabase()
-            .prepare(`DELETE FROM run_briefs WHERE created_at < datetime('now', ?)`)
-            .run(`-${effectiveDays} days`).changes;
-        if (prunedBriefs > 0)
-            lines.push(`Pruned ${prunedBriefs} run_briefs rows older than ${effectiveDays}d (retention)`);
-    }
-    catch { /* never fail maintenance on this */ }
-    // Security pass #1 (confirmed finding): run_briefs had a DAYS bound only —
-    // run_id is a deliberate soft reference (no FK, no existence check), so any
-    // caller could mint unbounded multi-KB rows that lived the full 90 days.
-    // Pair the days knob with a COUNT cap (the WYRM_EVENT_MAX_PER_PROJECT
-    // pattern): keep the newest WYRM_RUN_BRIEFS_MAX rows (default 512 — a
-    // 12-role fleet still retains ~40 runs of briefs). `wyrm_run action=end`
-    // also now evicts its run's briefs eagerly; this cap covers runs that
-    // never end cleanly.
-    try {
-        const maxBriefs = parseInt(process.env.WYRM_RUN_BRIEFS_MAX ?? '512', 10);
-        const cap = Number.isFinite(maxBriefs) && maxBriefs > 0 ? maxBriefs : 512;
-        const capped = db.getDatabase().prepare(`
+function _(c,o={}){const{db:t,sessionSeen:u,failures:a,presence:p}=c,{vacuum:d,archiveDays:i}=o,n=[];if(i){const e=t.getAllProjects(1e3);let s=0;for(const r of e)s+=t.archiveOldSessions(r.id,i);n.push(`Archived ${s} old sessions`)}d&&(t.vacuum(),n.push("Vacuumed database"));try{const e=parseInt(process.env.WYRM_SEEN_TTL_DAYS??"7",10),s=u.prune(Number.isFinite(e)&&e>0?e:7);s>0&&n.push(`Pruned ${s} session_seen_artifacts rows older than ${e}d`)}catch{}try{const e=parseInt(process.env.WYRM_EVENT_RETAIN_DAYS??"90",10),s=parseInt(process.env.WYRM_EVENT_MAX_PER_PROJECT??"5000",10),{deleted:r}=t.pruneEvents({olderThanDays:Number.isFinite(e)?e:90,maxPerProject:Number.isFinite(s)?s:5e3});r>0&&n.push(`Pruned ${r} Live Memory events (retention)`)}catch{}try{const e=parseInt(process.env.WYRM_EVENT_RETAIN_DAYS??"90",10),s=Number.isFinite(e)&&e>0?e:90,r=a.pruneBlocks(s);r>0&&n.push(`Pruned ${r} failure_blocks rows older than ${s}d (retention)`)}catch{}try{const e=p.reap();(e.presence>0||e.claims>0)&&n.push(`Reaped ${e.presence} stale presence row(s) and ${e.claims} expired quest claim(s)`)}catch{}try{const e=parseInt(process.env.WYRM_EVENT_RETAIN_DAYS??"90",10),s=Number.isFinite(e)&&e>0?e:90,r=t.getDatabase().prepare("DELETE FROM run_briefs WHERE created_at < datetime('now', ?)").run(`-${s} days`).changes;r>0&&n.push(`Pruned ${r} run_briefs rows older than ${s}d (retention)`)}catch{}try{const e=parseInt(process.env.WYRM_RUN_BRIEFS_MAX??"512",10),s=Number.isFinite(e)&&e>0?e:512,r=t.getDatabase().prepare(`
       DELETE FROM run_briefs WHERE rowid IN (
         SELECT rowid FROM run_briefs ORDER BY created_at DESC, rowid DESC LIMIT -1 OFFSET ?
-      )`).run(cap).changes;
-        if (capped > 0)
-            lines.push(`Pruned ${capped} run_briefs rows over the ${cap}-row cap (WYRM_RUN_BRIEFS_MAX)`);
-    }
-    catch { /* never fail maintenance on this */ }
-    // v7 F2 (T015): run-quarantine sweep — promote unresolved run-scoped
-    // failures from runs that ended or went inactive past the TTL
-    // (default 24h; override WYRM_RUN_INACTIVE_HOURS) and expire
-    // abandoned-run noise. Debrief-independent: works with zero runs rows
-    // (wyrm_run arrives in F3).
-    try {
-        const ttlHours = parseInt(process.env.WYRM_RUN_INACTIVE_HOURS ?? '24', 10);
-        const sweep = failures.sweepRunQuarantine({
-            runInactiveHours: Number.isFinite(ttlHours) && ttlHours > 0 ? ttlHours : 24,
-        });
-        if (sweep.promoted > 0 || sweep.expired > 0 || sweep.runs_abandoned > 0) {
-            lines.push(`Run-quarantine sweep: promoted ${sweep.promoted} failure(s), expired ${sweep.expired} abandoned-run failure(s), TTL-abandoned ${sweep.runs_abandoned} stalled run(s)`);
-        }
-        // A degraded sweep (live memory off, TTL paths skipped) must say so
-        // even when nothing acted — silence here reads as "all promoted".
-        if (sweep.degraded) {
-            lines.push(`Run-quarantine sweep: ${sweep.degraded}`);
-        }
-    }
-    catch { /* never fail maintenance on this */ }
-    db.checkpoint();
-    lines.push(`Checkpointed WAL`);
-    return { lines, dbSize: db.getStats().dbSize };
-}
-//# sourceMappingURL=maintenance.js.map
+      )`).run(s).changes;r>0&&n.push(`Pruned ${r} run_briefs rows over the ${s}-row cap (WYRM_RUN_BRIEFS_MAX)`)}catch{}try{const e=parseInt(process.env.WYRM_RUN_INACTIVE_HOURS??"24",10),s=a.sweepRunQuarantine({runInactiveHours:Number.isFinite(e)&&e>0?e:24});(s.promoted>0||s.expired>0||s.runs_abandoned>0)&&n.push(`Run-quarantine sweep: promoted ${s.promoted} failure(s), expired ${s.expired} abandoned-run failure(s), TTL-abandoned ${s.runs_abandoned} stalled run(s)`),s.degraded&&n.push(`Run-quarantine sweep: ${s.degraded}`)}catch{}return t.checkpoint(),n.push("Checkpointed WAL"),{lines:n,dbSize:t.getStats().dbSize}}export{_ as runMaintenance};

package/dist/mcp-client.js

@@ -1,41 +1,4 @@
-/**
- * Outbound MCP client — Wyrm calls other MCP servers.
- *
- * Wyrm has historically been a server. v5.0 adds the dual: Wyrm can also
- * spawn other MCP servers (over stdio) and invoke their tools. This is
- * what turns `wyrm_act` from "synthesize an answer" into "actually do
- * things" — call `github_create_pr`, `slack_send_message`, etc.
- *
- * Connections are lazy: a server is spawned on first call to its tools,
- * kept alive for `idleTimeoutMs`, then reaped. Spawns are bounded to
- * `maxClients` total to prevent fork-bombing.
- *
- * Config table: `mcp_client_configs`. Add a server via `register()`,
- * disable without removing via `disable()`.
- *
- * @copyright 2026 Ghost Protocol (Pvt) Ltd.
- * @license AGPL-3.0-or-later — dual-licensed; commercial terms: ghosts.lk@proton.me. See LICENSE.
- */
-import { spawn } from 'child_process';
-const DEFAULT_IDLE_TIMEOUT_MS = 5 * 60 * 1000; // 5 minutes
-const DEFAULT_MAX_CLIENTS = 10;
-const CALL_TIMEOUT_MS = 30_000;
-export class OutboundMcpClient {
-    db;
-    opts;
-    clients = new Map();
-    maintenance;
-    constructor(db, opts = {}) {
-        this.db = db;
-        this.opts = opts;
-        // Periodic reap of idle clients
-        this.maintenance = setInterval(() => this.reapIdle(), 30_000);
-        if (this.maintenance.unref)
-            this.maintenance.unref();
-    }
-    /** Register or update an MCP server config row. */
-    register(input) {
-        this.db.prepare(`
+import{spawn as h}from"child_process";const m=300*1e3,g=10,f=3e4;class _{db;opts;clients=new Map;maintenance;constructor(e,t={}){this.db=e,this.opts=t,this.maintenance=setInterval(()=>this.reapIdle(),3e4),this.maintenance.unref&&this.maintenance.unref()}register(e){return this.db.prepare(`
       INSERT INTO mcp_client_configs (server_name, command, args, env)
       VALUES (?, ?, ?, ?)
       ON CONFLICT(server_name) DO UPDATE SET
@@ -43,234 +6,15 @@ export class OutboundMcpClient {
         args = excluded.args,
         env = excluded.env,
         enabled = 1
-    `).run(input.server_name, input.command, input.args ? JSON.stringify(input.args) : null, input.env ? JSON.stringify(input.env) : null);
-        return this.getConfig(input.server_name);
-    }
-    getConfig(server_name) {
-        return this.db.prepare('SELECT * FROM mcp_client_configs WHERE server_name = ?').get(server_name) ?? null;
-    }
-    list() {
-        return this.db.prepare('SELECT * FROM mcp_client_configs ORDER BY server_name').all();
-    }
-    disable(server_name) {
-        const info = this.db.prepare('UPDATE mcp_client_configs SET enabled = 0 WHERE server_name = ?').run(server_name);
-        this.closeClient(server_name);
-        return info.changes > 0;
-    }
-    delete(server_name) {
-        const info = this.db.prepare('DELETE FROM mcp_client_configs WHERE server_name = ?').run(server_name);
-        this.closeClient(server_name);
-        return info.changes > 0;
-    }
-    /** Call a tool on a registered server. Lazily spawns + initializes. */
-    async call(server_name, tool_name, args) {
-        const start = Date.now();
-        const config = this.getConfig(server_name);
-        if (!config) {
-            const r = {
-                ok: false, server_name, tool_name,
-                error: `Server '${server_name}' not registered. Use wyrm_mcp_register first.`,
-                latency_ms: Date.now() - start,
-            };
-            this.logCall(r);
-            return r;
-        }
-        if (!config.enabled) {
-            const r = {
-                ok: false, server_name, tool_name,
-                error: `Server '${server_name}' is disabled.`,
-                latency_ms: Date.now() - start,
-            };
-            this.logCall(r);
-            return r;
-        }
-        try {
-            const client = await this.ensureClient(server_name, config);
-            const result = await this.rpc(client, 'tools/call', { name: tool_name, arguments: args });
-            // Update usage stats
-            this.db.prepare(`
+    `).run(e.server_name,e.command,e.args?JSON.stringify(e.args):null,e.env?JSON.stringify(e.env):null),this.getConfig(e.server_name)}getConfig(e){return this.db.prepare("SELECT * FROM mcp_client_configs WHERE server_name = ?").get(e)??null}list(){return this.db.prepare("SELECT * FROM mcp_client_configs ORDER BY server_name").all()}disable(e){const t=this.db.prepare("UPDATE mcp_client_configs SET enabled = 0 WHERE server_name = ?").run(e);return this.closeClient(e),t.changes>0}delete(e){const t=this.db.prepare("DELETE FROM mcp_client_configs WHERE server_name = ?").run(e);return this.closeClient(e),t.changes>0}async call(e,t,s){const i=Date.now(),r=this.getConfig(e);if(!r){const n={ok:!1,server_name:e,tool_name:t,error:`Server '${e}' not registered. Use wyrm_mcp_register first.`,latency_ms:Date.now()-i};return this.logCall(n),n}if(!r.enabled){const n={ok:!1,server_name:e,tool_name:t,error:`Server '${e}' is disabled.`,latency_ms:Date.now()-i};return this.logCall(n),n}try{const n=await this.ensureClient(e,r),o=await this.rpc(n,"tools/call",{name:t,arguments:s});this.db.prepare(`
         UPDATE mcp_client_configs
         SET last_used_at = datetime('now'),
             use_count = use_count + 1
         WHERE server_name = ?
-      `).run(server_name);
-            const r = {
-                ok: true, server_name, tool_name, result,
-                latency_ms: Date.now() - start,
-            };
-            this.logCall(r, args);
-            return r;
-        }
-        catch (err) {
-            const r = {
-                ok: false, server_name, tool_name,
-                error: err.message,
-                latency_ms: Date.now() - start,
-            };
-            this.logCall(r, args);
-            return r;
-        }
-    }
-    /** List the tools a registered server exposes (one-shot tools/list call). */
-    async listTools(server_name) {
-        const config = this.getConfig(server_name);
-        if (!config)
-            return null;
-        try {
-            const client = await this.ensureClient(server_name, config);
-            const result = await this.rpc(client, 'tools/list', {});
-            return result.tools ?? [];
-        }
-        catch {
-            return null;
-        }
-    }
-    /** Cleanly tear down all clients (call on process exit). */
-    async shutdown() {
-        if (this.maintenance)
-            clearInterval(this.maintenance);
-        for (const name of Array.from(this.clients.keys())) {
-            this.closeClient(name);
-        }
-    }
-    // ============================ internals ============================
-    logCall(r, args) {
-        try {
-            this.db.prepare(`
+      `).run(e);const l={ok:!0,server_name:e,tool_name:t,result:o,latency_ms:Date.now()-i};return this.logCall(l,s),l}catch(n){const o={ok:!1,server_name:e,tool_name:t,error:n.message,latency_ms:Date.now()-i};return this.logCall(o,s),o}}async listTools(e){const t=this.getConfig(e);if(!t)return null;try{const s=await this.ensureClient(e,t);return(await this.rpc(s,"tools/list",{})).tools??[]}catch{return null}}async shutdown(){this.maintenance&&clearInterval(this.maintenance);for(const e of Array.from(this.clients.keys()))this.closeClient(e)}logCall(e,t){try{this.db.prepare(`
         INSERT INTO external_call_log
           (server_name, tool_name, args_summary, success, error_message, latency_ms)
         VALUES (?, ?, ?, ?, ?, ?)
-      `).run(r.server_name, r.tool_name, args ? JSON.stringify(args).slice(0, 500) : null, r.ok ? 1 : 0, r.error ?? null, r.latency_ms);
-        }
-        catch { /* logging never fails the call path */ }
-    }
-    reapIdle() {
-        const idleCap = this.opts.idleTimeoutMs ?? DEFAULT_IDLE_TIMEOUT_MS;
-        const now = Date.now();
-        for (const [name, client] of this.clients) {
-            if (now - client.lastUsedAt > idleCap)
-                this.closeClient(name);
-        }
-    }
-    closeClient(name) {
-        const client = this.clients.get(name);
-        if (!client)
-            return;
-        for (const pending of client.pendingByReqId.values()) {
-            clearTimeout(pending.timer);
-            pending.reject(new Error('Client closing'));
-        }
-        try {
-            client.proc.kill('SIGTERM');
-        }
-        catch { /* best-effort */ }
-        this.clients.delete(name);
-    }
-    async ensureClient(name, config) {
-        const existing = this.clients.get(name);
-        if (existing && !existing.proc.killed) {
-            existing.lastUsedAt = Date.now();
-            return existing;
-        }
-        // Enforce maxClients cap
-        const cap = this.opts.maxClients ?? DEFAULT_MAX_CLIENTS;
-        if (this.clients.size >= cap) {
-            // Evict the least-recently-used
-            const lru = Array.from(this.clients.entries())
-                .sort(([, a], [, b]) => a.lastUsedAt - b.lastUsedAt)[0];
-            if (lru)
-                this.closeClient(lru[0]);
-        }
-        const args = config.args ? JSON.parse(config.args) : [];
-        const env = config.env ? JSON.parse(config.env) : {};
-        // SECURITY: do NOT forward Wyrm's entire process environment to a spawned
-        // external MCP server — that leaks every secret in the parent env
-        // (ANTHROPIC_API_KEY, WYRM_* tokens, OPENAI_API_KEY, …) to a third-party
-        // binary. Pass only a minimal, non-secret base env; the per-server `env`
-        // from its registered config carries anything that server explicitly needs.
-        const ENV_ALLOWLIST = [
-            'PATH', 'HOME', 'TMPDIR', 'TEMP', 'TMP', 'LANG', 'LC_ALL', 'LC_CTYPE',
-            'TERM', 'TZ', 'SHELL', 'USER', 'LOGNAME', 'NODE_PATH',
-            'SystemRoot', 'WINDIR', 'USERPROFILE', 'APPDATA', 'LOCALAPPDATA',
-            'PATHEXT', 'COMSPEC', 'PROGRAMFILES', 'PROGRAMDATA',
-        ];
-        const baseEnv = {};
-        for (const k of ENV_ALLOWLIST) {
-            const v = process.env[k];
-            if (v !== undefined)
-                baseEnv[k] = v;
-        }
-        const proc = spawn(config.command, args, {
-            env: { ...baseEnv, ...env },
-            stdio: ['pipe', 'pipe', 'pipe'],
-        });
-        const client = {
-            proc,
-            pendingByReqId: new Map(),
-            buffer: '',
-            nextReqId: 1,
-            lastUsedAt: Date.now(),
-            initialized: false,
-        };
-        proc.stdout.setEncoding('utf-8');
-        proc.stdout.on('data', (chunk) => this.handleStdout(client, chunk));
-        proc.on('error', () => this.closeClient(name));
-        proc.on('exit', () => this.closeClient(name));
-        this.clients.set(name, client);
-        // MCP handshake: send initialize, wait for response
-        await this.rpc(client, 'initialize', {
-            protocolVersion: '2024-11-05',
-            capabilities: {},
-            clientInfo: { name: 'wyrm-mcp', version: '5.0.0' },
-        });
-        // Some servers expect notifications/initialized after handshake
-        this.send(client, { jsonrpc: '2.0', method: 'notifications/initialized' });
-        client.initialized = true;
-        return client;
-    }
-    handleStdout(client, chunk) {
-        client.buffer += chunk;
-        // MCP uses line-delimited JSON-RPC
-        let idx;
-        while ((idx = client.buffer.indexOf('\n')) >= 0) {
-            const line = client.buffer.slice(0, idx).trim();
-            client.buffer = client.buffer.slice(idx + 1);
-            if (!line)
-                continue;
-            try {
-                const msg = JSON.parse(line);
-                if (msg.id != null) {
-                    const pending = client.pendingByReqId.get(msg.id);
-                    if (pending) {
-                        clearTimeout(pending.timer);
-                        client.pendingByReqId.delete(msg.id);
-                        if (msg.error)
-                            pending.reject(new Error(msg.error.message));
-                        else
-                            pending.resolve(msg.result);
-                    }
-                }
-                // Notifications (no id) — ignore for now
-            }
-            catch { /* malformed line, skip */ }
-        }
-    }
-    send(client, payload) {
-        if (!client.proc.stdin || client.proc.stdin.destroyed)
-            return;
-        client.proc.stdin.write(JSON.stringify(payload) + '\n');
-    }
-    rpc(client, method, params) {
-        const id = client.nextReqId++;
-        const payload = { jsonrpc: '2.0', id, method, params };
-        return new Promise((resolve, reject) => {
-            const timer = setTimeout(() => {
-                client.pendingByReqId.delete(id);
-                reject(new Error(`MCP call timed out after ${CALL_TIMEOUT_MS}ms`));
-            }, CALL_TIMEOUT_MS);
-            client.pendingByReqId.set(id, { resolve, reject, timer });
-            this.send(client, payload);
-        });
-    }
-}
-//# sourceMappingURL=mcp-client.js.map
+      `).run(e.server_name,e.tool_name,t?JSON.stringify(t).slice(0,500):null,e.ok?1:0,e.error??null,e.latency_ms)}catch{}}reapIdle(){const e=this.opts.idleTimeoutMs??m,t=Date.now();for(const[s,i]of this.clients)t-i.lastUsedAt>e&&this.closeClient(s)}closeClient(e){const t=this.clients.get(e);if(t){for(const s of t.pendingByReqId.values())clearTimeout(s.timer),s.reject(new Error("Client closing"));try{t.proc.kill("SIGTERM")}catch{}this.clients.delete(e)}}async ensureClient(e,t){const s=this.clients.get(e);if(s&&!s.proc.killed)return s.lastUsedAt=Date.now(),s;const i=this.opts.maxClients??g;if(this.clients.size>=i){const c=Array.from(this.clients.entries()).sort(([,u],[,p])=>u.lastUsedAt-p.lastUsedAt)[0];c&&this.closeClient(c[0])}const r=t.args?JSON.parse(t.args):[],n=t.env?JSON.parse(t.env):{},o=["PATH","HOME","TMPDIR","TEMP","TMP","LANG","LC_ALL","LC_CTYPE","TERM","TZ","SHELL","USER","LOGNAME","NODE_PATH","SystemRoot","WINDIR","USERPROFILE","APPDATA","LOCALAPPDATA","PATHEXT","COMSPEC","PROGRAMFILES","PROGRAMDATA"],l={};for(const c of o){const u=process.env[c];u!==void 0&&(l[c]=u)}const d=h(t.command,r,{env:{...l,...n},stdio:["pipe","pipe","pipe"]}),a={proc:d,pendingByReqId:new Map,buffer:"",nextReqId:1,lastUsedAt:Date.now(),initialized:!1};return d.stdout.setEncoding("utf-8"),d.stdout.on("data",c=>this.handleStdout(a,c)),d.on("error",()=>this.closeClient(e)),d.on("exit",()=>this.closeClient(e)),this.clients.set(e,a),await this.rpc(a,"initialize",{protocolVersion:"2024-11-05",capabilities:{},clientInfo:{name:"wyrm-mcp",version:"5.0.0"}}),this.send(a,{jsonrpc:"2.0",method:"notifications/initialized"}),a.initialized=!0,a}handleStdout(e,t){e.buffer+=t;let s;for(;(s=e.buffer.indexOf(`
+`))>=0;){const i=e.buffer.slice(0,s).trim();if(e.buffer=e.buffer.slice(s+1),!!i)try{const r=JSON.parse(i);if(r.id!=null){const n=e.pendingByReqId.get(r.id);n&&(clearTimeout(n.timer),e.pendingByReqId.delete(r.id),r.error?n.reject(new Error(r.error.message)):n.resolve(r.result))}}catch{}}}send(e,t){!e.proc.stdin||e.proc.stdin.destroyed||e.proc.stdin.write(JSON.stringify(t)+`
+`)}rpc(e,t,s){const i=e.nextReqId++,r={jsonrpc:"2.0",id:i,method:t,params:s};return new Promise((n,o)=>{const l=setTimeout(()=>{e.pendingByReqId.delete(i),o(new Error(`MCP call timed out after ${f}ms`))},f);e.pendingByReqId.set(i,{resolve:n,reject:o,timer:l}),this.send(e,r)})}}export{_ as OutboundMcpClient};