harn-vm 0.8.111

Async bytecode virtual machine for the Harn programming language
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267

//! MCP authenticated-identity resolution (harn#3349).
//!
//! MCP has no standard "who am I logged in as" call, so a connected server
//! can't tell a user *which* account/workspace they authorized. This module
//! turns the per-server [`IdentityProbeDescriptor`] recipes from the preset
//! catalog (harn#3348) into a human-readable "logged in as …" string.
//!
//! The headline source — `token_response` — needs no network: many providers
//! (Notion, for one) return workspace/owner fields right in the OAuth token
//! response, which the engine now captures onto
//! [`StoredMcpToken::token_response_extra`]. Resolving identity from that is a
//! pure, synchronous render — cheap enough to fold into `mcp status`. The
//! `tool` / `http` live-probe sources are recognized but resolved by a future
//! follow-up; this module returns `None` for them rather than guessing.

use std::collections::BTreeMap;

use serde_json::Value;

use crate::mcp_oauth::StoredMcpToken;
use crate::mcp_presets::{self, IdentityProbeDescriptor, IdentityProbeKind};

/// The identity descriptor for a server URL, from the preset catalog (including
/// any runtime overlay). `None` when the server isn't a known preset or the
/// preset declares no identity recipe.
pub fn descriptor_for(server_url: &str) -> Option<&'static IdentityProbeDescriptor> {
    mcp_presets::presets()
        .iter()
        .find(|preset| preset.url == server_url)?
        .identity
        .as_ref()
}

/// Resolve a display-identity string for a connected server from data already
/// on hand — the token-response payload captured at authorization. Sync, no
/// network. Returns `None` when there's no descriptor, no captured payload, or
/// nothing renders (e.g. the only sources are live `tool`/`http` probes).
pub fn display_identity(server_url: &str, token: &StoredMcpToken) -> Option<String> {
    let descriptor = descriptor_for(server_url)?;
    render_identity(descriptor, token.token_response_extra.as_ref())
}

/// Render a descriptor against an optional captured token-response payload.
/// Tries each `token_response` source in order; returns the first non-empty
/// render. Pure — the unit of behavior the tests exercise.
pub fn render_identity(
    descriptor: &IdentityProbeDescriptor,
    token_response: Option<&Value>,
) -> Option<String> {
    for source in &descriptor.sources {
        if source.kind != IdentityProbeKind::TokenResponse {
            // `tool` / `http` need a live session; resolved by a follow-up.
            continue;
        }
        let Some(payload) = token_response else {
            continue;
        };
        let captures = capture(payload, &source.fields);
        if let Some(rendered) = render(&descriptor.display_template, &captures) {
            return Some(rendered);
        }
    }
    None
}

/// Capture each declared field (`name -> dotted.json.path`) from a payload.
/// Missing paths and non-scalar / empty values are simply absent from the map.
fn capture(payload: &Value, fields: &BTreeMap<String, String>) -> BTreeMap<String, String> {
    let mut out = BTreeMap::new();
    for (name, path) in fields {
        if let Some(text) = lookup(payload, path).and_then(scalar_to_string) {
            if !text.is_empty() {
                out.insert(name.clone(), text);
            }
        }
    }
    out
}

/// Dotted-path lookup into a JSON value, e.g. `owner.user.person.email`.
fn lookup<'a>(value: &'a Value, path: &str) -> Option<&'a Value> {
    let mut current = value;
    for segment in path.split('.') {
        current = current.get(segment)?;
    }
    Some(current)
}

fn scalar_to_string(value: &Value) -> Option<String> {
    match value {
        Value::String(text) => Some(text.clone()),
        Value::Number(number) => Some(number.to_string()),
        Value::Bool(flag) => Some(flag.to_string()),
        _ => None,
    }
}

/// Render `display_template` (e.g. `"{name} <{email}> — {workspace}"`) from the
/// captured fields. Present `{field}`s substitute; absent ones drop out, then
/// the result is tidied (empty `<>`/`()` removed, whitespace collapsed, dangling
/// separators trimmed). Returns `None` when no field resolved at all.
fn render(template: &str, captures: &BTreeMap<String, String>) -> Option<String> {
    let mut out = String::new();
    let mut any = false;
    for (index, part) in template.split('{').enumerate() {
        if index == 0 {
            out.push_str(part);
            continue;
        }
        match part.split_once('}') {
            Some((key, rest)) => {
                if let Some(value) = captures.get(key) {
                    out.push_str(value);
                    any = true;
                }
                out.push_str(rest);
            }
            // Unbalanced brace — treat literally.
            None => {
                out.push('{');
                out.push_str(part);
            }
        }
    }
    if !any {
        return None;
    }
    let tidied = tidy(&out);
    (!tidied.is_empty()).then_some(tidied)
}

/// Clean up a partially-substituted template: drop now-empty `<>`/`()` pairs,
/// collapse internal whitespace, and trim dangling separators left by missing
/// fields (but never trim `<`/`>` so a real `<email>` survives).
fn tidy(text: &str) -> String {
    let without_empty = text.replace("<>", "").replace("()", "");
    let collapsed = without_empty
        .split_whitespace()
        .collect::<Vec<_>>()
        .join(" ");
    collapsed
        .trim_matches(|c: char| c.is_whitespace() || matches!(c, '' | '-' | '|' | ',' | ':'))
        .to_string()
}

#[cfg(test)]
mod tests {
    use super::*;
    use crate::mcp_presets::{IdentityProbeKind, IdentityProbeSource};
    use serde_json::json;

    fn notion_descriptor() -> IdentityProbeDescriptor {
        IdentityProbeDescriptor {
            display_template: "{name} <{email}> — {workspace}".to_string(),
            sources: vec![IdentityProbeSource {
                kind: IdentityProbeKind::TokenResponse,
                tool: None,
                url: None,
                fields: BTreeMap::from([
                    ("name".to_string(), "owner.user.name".to_string()),
                    ("email".to_string(), "owner.user.person.email".to_string()),
                    ("workspace".to_string(), "workspace_name".to_string()),
                ]),
            }],
        }
    }

    #[test]
    fn lookup_walks_dotted_paths() {
        let payload = json!({"owner": {"user": {"name": "Jane"}}});
        assert_eq!(
            lookup(&payload, "owner.user.name").and_then(scalar_to_string),
            Some("Jane".to_string())
        );
        assert!(lookup(&payload, "owner.user.missing").is_none());
        assert!(lookup(&payload, "nope").is_none());
    }

    #[test]
    fn renders_full_identity() {
        let payload = json!({
            "workspace_name": "Acme",
            "owner": {"user": {"name": "Jane Doe", "person": {"email": "jane@acme.com"}}}
        });
        let rendered = render_identity(&notion_descriptor(), Some(&payload));
        assert_eq!(rendered.as_deref(), Some("Jane Doe <jane@acme.com> — Acme"));
    }

    #[test]
    fn elides_missing_trailing_field() {
        // No workspace_name → the " — {workspace}" tail drops cleanly.
        let payload = json!({
            "owner": {"user": {"name": "Jane Doe", "person": {"email": "jane@acme.com"}}}
        });
        let rendered = render_identity(&notion_descriptor(), Some(&payload));
        assert_eq!(rendered.as_deref(), Some("Jane Doe <jane@acme.com>"));
    }

    #[test]
    fn elides_missing_email_brackets() {
        // No email → the empty "<>" is removed, name + workspace remain.
        let payload = json!({"workspace_name": "Acme", "owner": {"user": {"name": "Jane"}}});
        let rendered = render_identity(&notion_descriptor(), Some(&payload));
        assert_eq!(rendered.as_deref(), Some("Jane — Acme"));
    }

    #[test]
    fn renders_only_workspace() {
        let payload = json!({"workspace_name": "Acme"});
        let rendered = render_identity(&notion_descriptor(), Some(&payload));
        assert_eq!(rendered.as_deref(), Some("Acme"));
    }

    #[test]
    fn none_when_no_fields_resolve() {
        let payload = json!({"unrelated": "x"});
        assert!(render_identity(&notion_descriptor(), Some(&payload)).is_none());
        assert!(render_identity(&notion_descriptor(), None).is_none());
    }

    #[test]
    fn skips_live_probe_only_sources() {
        let descriptor = IdentityProbeDescriptor {
            display_template: "{name}".to_string(),
            sources: vec![IdentityProbeSource {
                kind: IdentityProbeKind::Tool,
                tool: Some("whoami".to_string()),
                url: None,
                fields: BTreeMap::from([("name".to_string(), "name".to_string())]),
            }],
        };
        // Tool source isn't resolved synchronously yet → None even with payload.
        let payload = json!({"name": "Jane"});
        assert!(render_identity(&descriptor, Some(&payload)).is_none());
    }

    #[test]
    fn display_identity_uses_catalog_descriptor_for_notion() {
        // Exercises the catalog wiring end-to-end: the bundled Notion preset
        // ships a token_response descriptor (harn#3349), so a stored token whose
        // captured payload carries Notion's shape renders an identity.
        let token = StoredMcpToken {
            access_token: "a".into(),
            refresh_token: None,
            expires_at_unix: None,
            token_endpoint: "https://auth/token".into(),
            client_id: "c".into(),
            client_secret: None,
            token_endpoint_auth_method: "none".into(),
            issuer: "https://auth".into(),
            resource: "https://mcp.notion.com/mcp".into(),
            scopes: None,
            token_response_extra: Some(json!({
                "workspace_name": "Acme",
                "owner": {"user": {"name": "Jane Doe", "person": {"email": "jane@acme.com"}}}
            })),
        };
        assert_eq!(
            display_identity("https://mcp.notion.com/mcp", &token).as_deref(),
            Some("Jane Doe <jane@acme.com> — Acme")
        );
        // A server with no catalog descriptor yields nothing.
        let mut other = token;
        other.resource = "https://unknown.example/mcp".into();
        assert!(display_identity("https://unknown.example/mcp", &other).is_none());
    }
}