TODO-3 (commit 8ffe3616) added an optional 'logger' callback to MCPConfig
plus an exported McpLogger interface so consumers can route MCP output
to pino, Fastify request.log, structlog, etc., instead of the default
global console. The package had zero unit tests; the new interface
relied on type-system validation alone.
This commit adds packages/mcp-client/src/logger.test.ts (4 tests) to
cover the public contract introduced by TODO-3:
1. defaults to global console when no logger is provided
\u2014 verifies the '?? console' fallback in the constructor.
2. injected logger receives no spurious calls on early-return paths
\u2014 disconnect() when not connected is a no-op; logger must
not be invoked.
3. structural-typing acceptance test \u2014 a pino-shaped logger
(no-op methods) must construct cleanly. Guards the McpLogger
interface from accidental narrowing during future refactors.
4. variadic-args contract \u2014 McpLogger.info('msg', {ctx}, 42)
accepts trailing structured args; matches console + pino + Fastify.
The deeper integration paths (connect / callTool / readResource) spawn
StdioClientTransport subprocesses and aren't safely runnable in a unit
context; they're covered indirectly by consumers (admin-dashboard
uses the same client and has integration tests).
Result: mcp-client moves from 0 tests to 4 tests passing.
Per user request: 'use the local Gitea and make sure all packages
in Gitea are up to date'.
Built all packages from learning_ai_common_plat/packages/* and ran
scripts/gitea/publish-outdated-packages.sh against the local Gitea
npm registry (http://localhost:3300/api/packages/bytelyst/npm/).
Manifest-based hash comparison flagged 4 packages whose built dist/
content has changed since the last published tarball:
@bytelyst/auth-ui 0.1.5 → 0.1.6
@bytelyst/config 0.1.7 → 0.1.8
@bytelyst/dashboard-shell 0.1.5 → 0.1.6
@bytelyst/mcp-client 0.1.0 → 0.1.1
All four bumped + published successfully. Remaining 60 packages
verified up-to-date. One package skipped by design:
@bytelyst/react-native-platform-sdk (RN — not in npm publish set)
Also incidentally fixed an mcp-client build break before this run:
stale dist/ + node_modules/.cache made tsc think MCPClient was
missing a 'log' property, even though the source had been correctly
refactored to use a private 'log: McpLogger' field. A clean
'rm -rf dist node_modules/.cache && pnpm build' resolved it; no
source changes needed.
Files updated:
- packages/auth-ui/package.json
- packages/config/package.json
- packages/dashboard-shell/package.json
- packages/mcp-client/package.json
- scripts/gitea/.publish-manifest.json (new content hashes)
After this commit, every published @bytelyst/* tarball in local
Gitea matches the source tree exactly.
Previously the @bytelyst/mcp-client package logged directly to the global
`console`, which made its output invisible to consumers running under
Fastify/pino or any structured logger. The scanner exempted the whole
package for console-log findings with a TODO-3 marker; this commit
resolves the marker.
packages/mcp-client/src/index.ts:
+ Added `McpLogger` interface (debug/info/warn/error, variadic) which
is structurally compatible with the global console, pino, and
Fastify's `request.log`.
+ Added optional `logger?: McpLogger` field on MCPConfig with a JSDoc
explaining when consumers should supply their own.
+ MCPClient now stores a `private readonly log: McpLogger` field
initialised from `config.logger ?? console` in the constructor.
+ All 17 internal logging sites switched from `console.X(...)` to
`this.log.X(...)`. Mapping: console.log \u2192 this.log.info (pino
does not have a 'log' method).
scripts/check-rule-violations.sh:
- Removed the blanket /packages/mcp-client/ exemption from the
console-log scanner (TODO-3 marker comment retained for history).
- The ts-any-type exemption stays \u2014 mcp-client still uses `any` at
the JSON-RPC payload boundary (different concern).
Verification:
packages/mcp-client \u2192 `pnpm build` clean (tsc).
`bash scripts/check-rule-violations.sh` \u2192 total still 88, no new
console-log findings (mcp-client is now genuinely clean instead of
blanket-exempted).
OSDiagnosticsLogger was using print() for actual log output despite being
the 'OSLog-based logger' implementation. Per AGENTS.md and the existing
struct name, it should use os.Logger.
Changes:
+ import os
+ private let logger: Logger (initialised in init())
+ logger.debug / info / warning / error replace print() at all 4 sites
+ uses privacy: .public to make messages visible in Console.app
scripts/check-rule-violations.sh shows 4 \u2192 0 swift-print findings in
this package. The common-plat repo now contributes 0 swift-print to
the ecosystem total.
The Gitea outdated-package detector reported @bytelyst/kill-switch-client
as the only @bytelyst/* package whose local content fingerprint differed
from the version already published to the registry. All other 63
packages in packages/ were UP-TO-DATE.
Publishing details:
Before: 0.1.5 (registry + local)
After: 0.1.6 (script auto-bumped patch + published)
Files: 9 (dist/index.* + package.json), 3.2 kB tarball,
shasum a9110243046f12be01b16f48f962ab64c0971d80
Target: http://localhost:3300/api/packages/bytelyst/npm/ (corp SSH tunnel)
Detected via:
bash scripts/gitea/publish-outdated-packages.sh --dry-run
-> Summary: 63 up-to-date, 1 changed, 1 skipped, 0 errors
Published via:
bash scripts/gitea/publish-outdated-packages.sh \
--skip-build \
--filter @bytelyst/kill-switch-client
-> + @bytelyst/kill-switch-client@0.1.6
Re-verification dry-run after publish:
-> Summary: 64 up-to-date, 0 changed, 1 skipped, 0 errors
-> 'All packages are up to date. Nothing to publish.'
This bump touches two files:
- packages/kill-switch-client/package.json (version 0.1.5 -> 0.1.6)
- scripts/gitea/.publish-manifest.json (content-hash bookkeeping
so future dry-runs don't re-flag this version as needing publish)
Used --skip-build because 'pnpm build' would have tried to build
services/platform-service, which currently has 3 unrelated TS errors
(missing @bytelyst/devops/server module + 2 ProductIdentity property
mismatches). Built only @bytelyst/* packages via
'pnpm --filter ./packages/** build' first (all 65 packages built
clean) and then ran the publisher with --skip-build.
The client was calling GET ${baseUrl}/flags/kill-switch which does
not exist on platform-service. The actual kill-switch endpoint lives
under /settings/kill-switch in the settings module (public, no auth
required). The bug was silently masked by the client's fail-open
behavior on non-OK responses, but it produced a 404 on every page
load for every consumer (NoteLett, MindLyst, ChronoMind, FlowMonk,
NomGap, PeakPulse, JarvisJr, LysnrAI, ActionTrail, EffoRise, Local
Memory GPT).
Discovery: running the deployed NoteLett docker stack against the
sibling platform-service, every page load triggered:
GET http://localhost:4003/api/flags/kill-switch?platform=web → 404
Confirmed by curl-ing both endpoints directly:
/api/flags/kill-switch → {"message":"Route GET:/api/flags/kill-switch not found"}
/api/settings/kill-switch → {"enabled":true,"disabled":false,"message":""}
Also adds the productId as a query param. The server route accepts
productId from the query string OR an x-product-id header — sending
both is harmless and improves debuggability when grepping logs.
Updated JSDoc and the corresponding test assertion. Test count
unchanged (6 passed).
Verified:
pnpm --filter @bytelyst/kill-switch-client test → 6/6 passed
pnpm --filter @bytelyst/kill-switch-client build → ok
curl /api/settings/kill-switch?productId=notelett → 200 with payload
Root cause: @bytelyst/ui components reference --bl-* tokens but chronomind.css
only defined --cm-* tokens. This caused all shared UI components to fall back
to hardcoded defaults, breaking the visual appearance.
Adds 31 --bl-* → --cm-* CSS custom property aliases matching the pattern
already used in tokens.css (--bl-* → --ml-*).
- Add card-button export to package.json exports field
- Bump version to 0.1.8
- Publish to Gitea registry
Generated with [Devin](https://cli.devin.ai/docs)
Co-Authored-By: Devin <158243242+devin-ai-integration[bot]@users.noreply.github.com>
Add new reusable MCP client package with connection management, tool execution, caching, rate limiting, audit logging, and error handling. This provides a standardized way to integrate with MCP servers across all ByteLyst products.
Generated with [Devin](https://cli.devin.ai/docs)
Co-Authored-By: Devin <158243242+devin-ai-integration[bot]@users.noreply.github.com>
The Button primitive applies `whitespace-nowrap` + a fixed `h-{size}`
because it's tuned for single-line CTAs. Consumers using Button as a
card-shaped picker — title above description, icon next to multi-line
label — hit collapsed/clipped content because of those constraints.
CardButton is the right primitive for that use case:
- block layout, full-width, left-aligned by default
- whitespace: normal so multi-line content wraps
- height: auto so any number of stacked rows works
- focus-visible ring tied to --bl-focus-ring/--bl-accent (matches Button)
- disabled opacity + pointer-events
- selected? prop with subtle inset accent ring (override-able)
- asChild support via Radix Slot for <Link>/<a> handoff
Bumps @bytelyst/ui to 0.1.6 and re-exports CardButton + CardButtonProps
from the package entry point.
Initial consumers: 5 sites in learning_ai_invt_trdg (StrategyWizard
risk + hours pickers, SimpleView buy + sell plan cards, MyStrategiesTab
diagnostic toggle). See docs/ui/UI_AUDIT.md Pattern A in that repo.
Generated with [Devin](https://cli.devin.ai/docs)
Co-Authored-By: Devin <158243242+devin-ai-integration[bot]@users.noreply.github.com>
@bytelyst/devops 0.1.3:
- Wrap tables in scrollable container (overflow-x: auto) so long values
never push the panel wider than its parent.
- table-layout: fixed + min-width on key column prevents column blow-out.
- Code/value cells use overflow-wrap: anywhere + word-break: break-word
so long commit SHAs and Docker image strings wrap.
- pre block uses pre-wrap + break-word for raw JSON.
- Header actions wrap on narrow viewports.
- Tabs row scrolls horizontally rather than wrapping awkwardly.
- root container: maxWidth 100% + minWidth 0 to play nicely with flex parents.
Generated with [Devin](https://cli.devin.ai/docs)
Co-Authored-By: Devin <158243242+devin-ai-integration[bot]@users.noreply.github.com>
Bumps @bytelyst/devops to 0.1.2.
Adds:
- getBuildInfo() — public-safe build info (commit + branch + image),
no env vars or runtime introspection. Suitable for unauthenticated
/api/devops/version endpoints used by ops/CI.
- getRuntimeInfo() / getConfigInfo() — exposed individually for callers
who want to compose their own payload.
- readServiceVersion(import.meta.url) — walks up to package.json so
consumers don't need to hardcode the version string.
- dependencyCheck(name, fn, timeoutMs) — timed health check wrapper
with consistent ok/latency/detail shape. Enforces a hard timeout.
- httpDependencyCheck(name, url, timeoutMs) — convenience for HTTP probes.
Other improvements:
- SECRET_PATTERN extracted as a module constant.
- 17 unit tests covering build/runtime/config collectors, secret-leak
guards, version walker fallbacks, dep timeouts, full collect payload.
Generated with [Devin](https://cli.devin.ai/docs)
Co-Authored-By: Devin <158243242+devin-ai-integration[bot]@users.noreply.github.com>
- Server collector via @bytelyst/devops/server: build, runtime, config, deps
- React UI via @bytelyst/devops/ui: tabbed view (Build/Runtime/Config/Deps/Raw)
- Build metadata baked from BYTELYST_COMMIT_SHA / BYTELYST_BUILT_AT / etc env vars
- No secret leakage: only env var keys are exposed, never values
Generated with [Devin](https://cli.devin.ai/docs)
Co-Authored-By: Devin <158243242+devin-ai-integration[bot]@users.noreply.github.com>
What changed:
- Added an auth package Vitest config with the existing forks pool and a 15s test timeout.
- Kept production bcryptjs salt rounds and test assertions unchanged.
Why:
- On this machine one 12-round bcryptjs hash can exceed Vitest's default 5s timeout, making the auth suite fail even though the implementation succeeds.
Verification:
- pnpm --filter @bytelyst/auth build
- pnpm --filter @bytelyst/auth test
- pnpm --filter @bytelyst/auth exec eslint . --ext .ts,.tsx
Replace the Headers branch's any cast with a typed copy into a Record so the shared API client keeps the same header merge behavior without a no-explicit-any warning.
Verification: pnpm --filter @bytelyst/api-client build; pnpm --filter @bytelyst/api-client test; pnpm --filter @bytelyst/api-client exec eslint . --ext .ts,.tsx; pnpm lint.
The first `pnpm -r exec eslint .` run was bailing at the very first
package (design-tokens), hiding any lint state in the rest of the 69
workspace packages. This commit fixes the structural blockers so the
pipeline runs end-to-end, then sweeps the small, low-risk lint errors
in the next 4 packages it surfaces. Real lint debt that remains
(85 errors, mostly @typescript-eslint/no-unused-vars across many
unrelated packages) is cataloged in docs/AUDIT_PLATFORM.md for follow-
up by package owners.
Structural fixes (eslint config):
- eslint.config.js (root):
• New flat-config block for **/*.cjs and **/scripts/**/*.{js,cjs}
with Node globals (process, console, require, module, __dirname)
and no-console disabled. CLI scripts legitimately print to
stdout. This alone clears the 45 errors in design-tokens'
validate-tokens.cjs.
• Added XMLHttpRequest + ProgressEvent to browser globals so
feedback-client compiles.
- packages/ui/eslint.config.js:
• Added @typescript-eslint/parser — the package-local override
replaced (didn't merge with) the root config, so TS syntax was
being parsed by espree and erroring on every `interface` /
type import.
• Added ignores for dist/** (root's ignores aren't inherited).
• Extended the files glob to .storybook/**/*.{ts,tsx}.
Mechanical lint fixes (no behaviour change):
- design-tokens/scripts/{validate,token-coverage}.cjs: empty catch
binding (catch (e) → catch).
- feedback-client/src/index.ts:
• captureScreen(): preserve caught error via `{ cause: err }`
on the rethrown Error (preserve-caught-error rule, real bug —
previous chain dropped the original stack).
• captureElement(): rename unused parity params mimeType/quality
to _mimeType/_quality and document why they exist.
- logger/__tests__/logger.test.ts: drop unused `LoggerConfig` import.
- extraction-service/{lib/circuit-breaker,modules/extract/{sidecar-
monitor,usage}}.test.ts: drop 3 unused vitest/type imports.
- tracker-web/__tests__/tracker-proxy.test.ts: rename unused local
`url` → `_url`.
New: docs/AUDIT_PLATFORM.md
Tooling-backed audit summary (pnpm install / typecheck / test / lint
results), classification of remaining lint debt by rule, and an
ordered hand-off plan for package owners to clear the rest with
`pnpm --filter <pkg> lint:fix` followed by an eyeball review.
Verified before commit:
- `pnpm typecheck` → pass (all 69 packages compile)
- `pnpm test` → pass (~2,200 tests across 18+ suites)
- `pnpm lint` → 85 pre-existing errors surfaced (none introduced
by this commit; all in unrelated packages — see AUDIT_PLATFORM.md
section P).
Out of scope (left untouched in working tree):
- In-progress nomgap-on-Vercel migration: docker-compose.ecosystem.yml,
products/nomgap/product.json, services/platform-service/src/
modules/flags/seed.ts.
- pnpm-lock.yaml: my `pnpm install -r` regenerated it (+2.9k/-8.5k
lines) — not part of the audit, owner should commit deliberately.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Three coordinated fixes so 'docker compose up cosmos-emulator platform-service
cowork-service --wait' completes end-to-end (pre-existing blocker surfaced by
W1 post-push review).
1. Remove harmful prepare:tsc from @bytelyst/react-native-platform-sdk
package.json. The hook fires during pnpm install --frozen-lockfile against
an empty src/ tree (because Dockerfiles COPY package.jsons before
sources), tsc aborts, install fails. Canonical monorepo build flow is
pnpm -r build using the existing build:tsc script; prepare only runs for
git+ URL installs (which this published package doesn't use), so removing
it is lossless.
2. Add --ignore-scripts to platform-service + mcp-server Dockerfile install
steps. Mirrors the pattern already used by extraction-service/Dockerfile,
dashboards/admin-web/Dockerfile, dashboards/tracker-web/Dockerfile.
Belt-and-braces against future prepare-hook regressions in any workspace
package.
3. Expand .dockerignore node_modules/dist/.next/coverage to **/ globs.
Docker's .dockerignore with bare 'node_modules' only matches root-level;
nested packages/*/node_modules/ were being COPY'd into images, poisoning
them with host-absolute-path .bin shims (e.g. @bytelyst/storage's tsc
shim resolved to /learning_voice_ai_agent/node_modules/.pnpm/... which
doesn't exist in the container → MODULE_NOT_FOUND). The glob fix makes
COPY packages/ packages/ deliver source only.
Gap: INFRA-gap-02
Verified:
pnpm install --frozen-lockfile ✅
pnpm --filter @bytelyst/react-native-platform-sdk build ✅
pnpm --filter @bytelyst/react-native-platform-sdk typecheck ✅
docker compose build platform-service ✅ (previously failed)
docker compose build mcp-server ✅
docker compose build extraction-service ✅
Browser/React Native-safe typed client for platform-service billing
endpoints: plans, subscriptions, payments, and usage.
Follows the same factory pattern as broadcast-client and survey-client.
Any ByteLyst product can add billing with 5 lines of wiring code.
12 tests covering all methods, auth headers, error handling, and
404 null-return for missing subscriptions.
