@axiom-billing/mcp 0.1.0

package/README.md

@@ -0,0 +1,61 @@
+# @axiom-billing/mcp
+
+Model Context Protocol server for Axiom. Exposes accounting tools to Claude Desktop, ChatGPT, Codex, or any MCP-capable AI client — so the user's AI can read reports, suggest reconciliations, and create draft invoices without writing custom glue code.
+
+## Install (one command)
+
+```sh
+npx @axiom-billing/mcp install
+```
+
+That command:
+
+1. Discovers your Axiom deployment's OAuth endpoints (`/.well-known/oauth-authorization-server`).
+2. Dynamically registers a new OAuth client (RFC 7591) — no developer-portal step.
+3. Opens your browser to the Axiom consent screen with PKCE.
+4. Captures the redirect on a one-shot loopback listener (`http://127.0.0.1:<port>/callback`).
+5. Exchanges the authorization code for access + refresh tokens.
+6. Writes tokens to `~/.axiom-mcp/config.json` (mode 600).
+7. Updates your Claude Desktop config to register the MCP server.
+
+Restart Claude Desktop. The Axiom tools are now available in any conversation.
+
+## Environment overrides
+
+| Variable | Default | Meaning |
+|---|---|---|
+| `AXIOM_API_URL` | `http://localhost:8200/api` | Base URL of the Axiom API |
+| `AXIOM_SCOPES` | `read:ledger read:invoices read:contacts read:reports read:bank-transactions offline_access` | Space-separated OAuth scopes to request |
+
+## What it exposes
+
+### Read tools
+
+- `find_contact(query)` — fuzzy match contacts.
+- `summarize_ar_aging()` — open AR with aging buckets.
+- `list_open_invoices(contactId?)` — unpaid invoices.
+- `list_unmatched_bank_transactions()` — bank transactions awaiting reconciliation.
+- `explain_ledger_entry(transactionId)` — full debit/credit breakdown of a transaction.
+- `get_report(reportId, dateFrom?, dateTo?)` — runs any of the standard Axiom reports.
+
+### Write tools (approval-gated)
+
+These tools NEVER write directly. They submit a request to the per-company approval queue. A human admin/supervisor explicitly approves each one from the Axiom UI before it runs. The exact policy (auto-approve, require-approval, block) is set per-tool per-company.
+
+- `create_invoice_draft(contactId, items, dueDate?)` — proposes a draft invoice. Never finalizes.
+- `record_payment(invoiceId, amount, method?, receivedDate?)` — proposes a payment row.
+- `propose_reconciliation(bankTransactionId)` — returns a suggested match. Pure read.
+
+## Audit trail
+
+Every API call from this server carries `X-Axiom-Source: mcp`. The Axiom audit log records every mutation with `actorType: ai` and `actorId` = the user the install belongs to. Approved write actions also link the approving admin in the audit row.
+
+## Security
+
+- Tokens at rest in `~/.axiom-mcp/config.json` with file mode 600.
+- Refresh tokens rotate on every use (RFC 6749 §6); reuse of an old refresh token revokes the entire grant chain.
+- Revoke this install at any time from **Connected Apps** in the Axiom UI.
+
+## License
+
+Internal.

package/dist/apiClient.d.ts

@@ -0,0 +1,26 @@
+/**
+ * Thin HTTP client over Axiom's /api/v1 surface. Refreshes the access token
+ * before every call. Every mutation carries X-Axiom-Source: mcp so the audit
+ * log attributes correctly (actorType=ai).
+ */
+export declare class AxiomApiClient {
+    get<T = unknown>(path: string): Promise<T>;
+    post<T = unknown>(path: string, body?: unknown): Promise<T>;
+    put<T = unknown>(path: string, body?: unknown): Promise<T>;
+    delete<T = unknown>(path: string): Promise<T>;
+    private request;
+    getCompanyId(): string;
+}
+export declare const axiomApi: AxiomApiClient;
+/** Standard /api/v1 envelope. */
+export interface Envelope<T> {
+    success: boolean;
+    message: string;
+    data: T;
+    error: null | {
+        title: string;
+        status: number;
+        errorCode: string;
+        detail?: string;
+    };
+}

package/dist/apiClient.js

@@ -0,0 +1,69 @@
+import { randomBytes } from 'node:crypto';
+import { refreshIfNeeded } from './auth.js';
+import { loadConfig } from './config.js';
+/**
+ * Thin HTTP client over Axiom's /api/v1 surface. Refreshes the access token
+ * before every call. Every mutation carries X-Axiom-Source: mcp so the audit
+ * log attributes correctly (actorType=ai).
+ */
+export class AxiomApiClient {
+    async get(path) {
+        return await this.request('GET', path);
+    }
+    async post(path, body) {
+        return await this.request('POST', path, body);
+    }
+    async put(path, body) {
+        return await this.request('PUT', path, body);
+    }
+    async delete(path) {
+        return await this.request('DELETE', path);
+    }
+    async request(method, path, body) {
+        const cfg = loadConfig();
+        const token = await refreshIfNeeded(cfg);
+        const headers = {
+            Authorization: `Bearer ${token}`,
+            'X-Axiom-Source': 'mcp',
+        };
+        if (method !== 'GET' && method !== 'DELETE') {
+            headers['Content-Type'] = 'application/json';
+            headers['Idempotency-Key'] = randomBytes(16).toString('hex');
+        }
+        const res = await fetch(`${cfg.apiBaseUrl}${path}`, {
+            method,
+            headers,
+            body: body ? JSON.stringify(body) : undefined,
+        });
+        if (!res.ok) {
+            const text = await res.text();
+            throw new Error(`Axiom API ${method} ${path} failed: ${res.status} ${text}`);
+        }
+        if (res.status === 204)
+            return undefined;
+        return await res.json();
+    }
+    getCompanyId() {
+        const cfg = loadConfig();
+        const fromToken = extractCompanyIdFromJwt(cfg.accessToken);
+        const companyId = cfg.companyId ?? fromToken;
+        if (!companyId) {
+            throw new Error('No companyId is bound to this MCP install. Reinstall and pick a company on the consent screen.');
+        }
+        return companyId;
+    }
+}
+function extractCompanyIdFromJwt(token) {
+    const parts = token.split('.');
+    if (parts.length < 2)
+        return null;
+    try {
+        const payload = JSON.parse(Buffer.from(parts[1].replace(/-/g, '+').replace(/_/g, '/'), 'base64').toString('utf8'));
+        return payload.companyId ?? null;
+    }
+    catch {
+        return null;
+    }
+}
+export const axiomApi = new AxiomApiClient();
+//# sourceMappingURL=apiClient.js.map

package/dist/apiClient.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"apiClient.js","sourceRoot":"","sources":["../src/apiClient.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAA;AACzC,OAAO,EAAE,eAAe,EAAE,MAAM,WAAW,CAAA;AAC3C,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AAExC;;;;GAIG;AACH,MAAM,OAAO,cAAc;IACvB,KAAK,CAAC,GAAG,CAAc,IAAY;QAC/B,OAAO,MAAM,IAAI,CAAC,OAAO,CAAI,KAAK,EAAE,IAAI,CAAC,CAAA;IAC7C,CAAC;IAED,KAAK,CAAC,IAAI,CAAc,IAAY,EAAE,IAAc;QAChD,OAAO,MAAM,IAAI,CAAC,OAAO,CAAI,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,CAAA;IACpD,CAAC;IAED,KAAK,CAAC,GAAG,CAAc,IAAY,EAAE,IAAc;QAC/C,OAAO,MAAM,IAAI,CAAC,OAAO,CAAI,KAAK,EAAE,IAAI,EAAE,IAAI,CAAC,CAAA;IACnD,CAAC;IAED,KAAK,CAAC,MAAM,CAAc,IAAY;QAClC,OAAO,MAAM,IAAI,CAAC,OAAO,CAAI,QAAQ,EAAE,IAAI,CAAC,CAAA;IAChD,CAAC;IAEO,KAAK,CAAC,OAAO,CAAI,MAAc,EAAE,IAAY,EAAE,IAAc;QACjE,MAAM,GAAG,GAAK,UAAU,EAAE,CAAA;QAC1B,MAAM,KAAK,GAAG,MAAM,eAAe,CAAC,GAAG,CAAC,CAAA;QAExC,MAAM,OAAO,GAA2B;YACpC,aAAa,EAAI,UAAU,KAAK,EAAE;YAClC,gBAAgB,EAAE,KAAK;SAC1B,CAAA;QACD,IAAI,MAAM,KAAK,KAAK,IAAI,MAAM,KAAK,QAAQ,EAAE,CAAC;YAC1C,OAAO,CAAC,cAAc,CAAC,GAAG,kBAAkB,CAAA;YAC5C,OAAO,CAAC,iBAAiB,CAAC,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAA;QAChE,CAAC;QAED,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,GAAG,CAAC,UAAU,GAAG,IAAI,EAAE,EAAE;YAChD,MAAM;YACN,OAAO;YACP,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;SAChD,CAAC,CAAA;QAEF,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACV,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAA;YAC7B,MAAM,IAAI,KAAK,CAAC,aAAa,MAAM,IAAI,IAAI,YAAY,GAAG,CAAC,MAAM,IAAI,IAAI,EAAE,CAAC,CAAA;QAChF,CAAC;QAED,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG;YAAE,OAAO,SAAyB,CAAA;QACxD,OAAO,MAAM,GAAG,CAAC,IAAI,EAAO,CAAA;IAChC,CAAC;IAED,YAAY;QACR,MAAM,GAAG,GAAG,UAAU,EAAE,CAAA;QACxB,MAAM,SAAS,GAAG,uBAAuB,CAAC,GAAG,CAAC,WAAW,CAAC,CAAA;QAC1D,MAAM,SAAS,GAAG,GAAG,CAAC,SAAS,IAAI,SAAS,CAAA;QAC5C,IAAI,CAAC,SAAS,EAAE,CAAC;YACb,MAAM,IAAI,KAAK,CAAC,gGAAgG,CAAC,CAAA;QACrH,CAAC;QACD,OAAO,SAAS,CAAA;IACpB,CAAC;CACJ;AAED,SAAS,uBAAuB,CAAC,KAAa;IAC1C,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IAC9B,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,IAAI,CAAA;IACjC,IAAI,CAAC;QACD,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CACtB,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAC/D,CAAA;QAC3B,OAAO,OAAO,CAAC,SAAS,IAAI,IAAI,CAAA;IACpC,CAAC;IAAC,MAAM,CAAC;QACL,OAAO,IAAI,CAAA;IACf,CAAC;AACL,CAAC;AAED,MAAM,CAAC,MAAM,QAAQ,GAAG,IAAI,cAAc,EAAE,CAAA"}

package/dist/auth.d.ts

@@ -0,0 +1,48 @@
+import { AxiomMcpConfig } from './config.js';
+/**
+ * Discovery → DCR → Authorization-Code-with-PKCE → token-exchange,
+ * per the auth section of the automation enablement plan. The install command
+ * runs this once interactively; the server only uses {@link refreshIfNeeded}.
+ */
+export interface DiscoveryDocument {
+    issuer: string;
+    authorization_endpoint: string;
+    token_endpoint: string;
+    registration_endpoint: string;
+    revocation_endpoint: string;
+    jwks_uri: string;
+    scopes_supported: string[];
+}
+export declare function discover(apiBaseUrl: string): Promise<DiscoveryDocument>;
+export declare function registerClient(registrationEndpoint: string, clientName: string, redirectUri: string): Promise<{
+    clientId: string;
+}>;
+export declare function generatePkcePair(): {
+    verifier: string;
+    challenge: string;
+};
+export declare function exchangeCode(params: {
+    tokenEndpoint: string;
+    code: string;
+    redirectUri: string;
+    clientId: string;
+    codeVerifier: string;
+}): Promise<TokenResponse>;
+export declare function refreshToken(params: {
+    tokenEndpoint: string;
+    refreshToken: string;
+}): Promise<TokenResponse>;
+export interface TokenResponse {
+    access_token: string;
+    token_type: string;
+    expires_in: number;
+    refresh_token: string;
+    scope: string;
+}
+/**
+ * Returns a valid access token, refreshing if the current one is within 60s
+ * of expiry. Updates the on-disk config in place so subsequent server calls
+ * see the new tokens.
+ */
+export declare function refreshIfNeeded(cfg: AxiomMcpConfig): Promise<string>;
+export declare function getAuthenticatedConfig(): Promise<AxiomMcpConfig>;

package/dist/auth.js

@@ -0,0 +1,92 @@
+import { createHash, randomBytes } from 'node:crypto';
+import { loadConfig, saveConfig } from './config.js';
+export async function discover(apiBaseUrl) {
+    const url = `${apiBaseUrl.replace(/\/$/, '')}/.well-known/oauth-authorization-server`;
+    const res = await fetch(url);
+    if (!res.ok)
+        throw new Error(`OAuth discovery failed: ${res.status} ${res.statusText}`);
+    return await res.json();
+}
+export async function registerClient(registrationEndpoint, clientName, redirectUri) {
+    const res = await fetch(registrationEndpoint, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({
+            clientName,
+            redirectUris: [redirectUri],
+            grantTypes: ['authorization_code', 'refresh_token'],
+            tokenEndpointAuthMethod: 'none',
+        }),
+    });
+    if (!res.ok) {
+        throw new Error(`Dynamic client registration failed: ${res.status} ${await res.text()}`);
+    }
+    const json = await res.json();
+    return { clientId: json.clientId };
+}
+export function generatePkcePair() {
+    const verifier = randomBytes(48).toString('base64url');
+    const challenge = createHash('sha256').update(verifier).digest('base64url');
+    return { verifier, challenge };
+}
+export async function exchangeCode(params) {
+    const body = new URLSearchParams({
+        grant_type: 'authorization_code',
+        code: params.code,
+        redirect_uri: params.redirectUri,
+        client_id: params.clientId,
+        code_verifier: params.codeVerifier,
+    });
+    const res = await fetch(params.tokenEndpoint, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+        body,
+    });
+    if (!res.ok)
+        throw new Error(`Token exchange failed: ${res.status} ${await res.text()}`);
+    return await res.json();
+}
+export async function refreshToken(params) {
+    const body = new URLSearchParams({
+        grant_type: 'refresh_token',
+        refresh_token: params.refreshToken,
+    });
+    const res = await fetch(params.tokenEndpoint, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+        body,
+    });
+    if (!res.ok)
+        throw new Error(`Token refresh failed: ${res.status} ${await res.text()}`);
+    return await res.json();
+}
+/**
+ * Returns a valid access token, refreshing if the current one is within 60s
+ * of expiry. Updates the on-disk config in place so subsequent server calls
+ * see the new tokens.
+ */
+export async function refreshIfNeeded(cfg) {
+    const skewMs = 60_000;
+    if (cfg.expiresAt - skewMs > Date.now())
+        return cfg.accessToken;
+    const discovery = await discover(cfg.apiBaseUrl);
+    const refreshed = await refreshToken({
+        tokenEndpoint: discovery.token_endpoint,
+        refreshToken: cfg.refreshToken,
+    });
+    const updated = {
+        ...cfg,
+        accessToken: refreshed.access_token,
+        refreshToken: refreshed.refresh_token,
+        expiresAt: Date.now() + refreshed.expires_in * 1000,
+        scope: refreshed.scope,
+    };
+    saveConfig(updated);
+    return updated.accessToken;
+}
+export async function getAuthenticatedConfig() {
+    const cfg = loadConfig();
+    await refreshIfNeeded(cfg);
+    return loadConfig(); // re-read in case refresh updated it
+}
+//# sourceMappingURL=auth.js.map

package/dist/auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.js","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,aAAa,CAAA;AACrD,OAAO,EAAkB,UAAU,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AAiBpE,MAAM,CAAC,KAAK,UAAU,QAAQ,CAAC,UAAkB;IAC7C,MAAM,GAAG,GAAG,GAAG,UAAU,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,yCAAyC,CAAA;IACrF,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,CAAA;IAC5B,IAAI,CAAC,GAAG,CAAC,EAAE;QAAE,MAAM,IAAI,KAAK,CAAC,2BAA2B,GAAG,CAAC,MAAM,IAAI,GAAG,CAAC,UAAU,EAAE,CAAC,CAAA;IACvF,OAAO,MAAM,GAAG,CAAC,IAAI,EAAuB,CAAA;AAChD,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,cAAc,CAChC,oBAA4B,EAC5B,UAAkB,EAClB,WAAmB;IAEnB,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,oBAAoB,EAAE;QAC1C,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;QAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;YACjB,UAAU;YACV,YAAY,EAAE,CAAC,WAAW,CAAC;YAC3B,UAAU,EAAE,CAAC,oBAAoB,EAAE,eAAe,CAAC;YACnD,uBAAuB,EAAE,MAAM;SAClC,CAAC;KACL,CAAC,CAAA;IACF,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACV,MAAM,IAAI,KAAK,CAAC,uCAAuC,GAAG,CAAC,MAAM,IAAI,MAAM,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC,CAAA;IAC5F,CAAC;IACD,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAA0B,CAAA;IACrD,OAAO,EAAE,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAE,CAAA;AACtC,CAAC;AAED,MAAM,UAAU,gBAAgB;IAC5B,MAAM,QAAQ,GAAI,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAA;IACvD,MAAM,SAAS,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC,CAAA;IAC3E,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAA;AAClC,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,MAMlC;IACG,MAAM,IAAI,GAAG,IAAI,eAAe,CAAC;QAC7B,UAAU,EAAK,oBAAoB;QACnC,IAAI,EAAW,MAAM,CAAC,IAAI;QAC1B,YAAY,EAAG,MAAM,CAAC,WAAW;QACjC,SAAS,EAAM,MAAM,CAAC,QAAQ;QAC9B,aAAa,EAAE,MAAM,CAAC,YAAY;KACrC,CAAC,CAAA;IACF,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,MAAM,CAAC,aAAa,EAAE;QAC1C,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;QAChE,IAAI;KACP,CAAC,CAAA;IACF,IAAI,CAAC,GAAG,CAAC,EAAE;QAAE,MAAM,IAAI,KAAK,CAAC,0BAA0B,GAAG,CAAC,MAAM,IAAI,MAAM,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC,CAAA;IACxF,OAAO,MAAM,GAAG,CAAC,IAAI,EAAmB,CAAA;AAC5C,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,MAGlC;IACG,MAAM,IAAI,GAAG,IAAI,eAAe,CAAC;QAC7B,UAAU,EAAK,eAAe;QAC9B,aAAa,EAAE,MAAM,CAAC,YAAY;KACrC,CAAC,CAAA;IACF,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,MAAM,CAAC,aAAa,EAAE;QAC1C,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;QAChE,IAAI;KACP,CAAC,CAAA;IACF,IAAI,CAAC,GAAG,CAAC,EAAE;QAAE,MAAM,IAAI,KAAK,CAAC,yBAAyB,GAAG,CAAC,MAAM,IAAI,MAAM,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC,CAAA;IACvF,OAAO,MAAM,GAAG,CAAC,IAAI,EAAmB,CAAA;AAC5C,CAAC;AAUD;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,GAAmB;IACrD,MAAM,MAAM,GAAG,MAAM,CAAA;IACrB,IAAI,GAAG,CAAC,SAAS,GAAG,MAAM,GAAG,IAAI,CAAC,GAAG,EAAE;QAAE,OAAO,GAAG,CAAC,WAAW,CAAA;IAE/D,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,GAAG,CAAC,UAAU,CAAC,CAAA;IAChD,MAAM,SAAS,GAAG,MAAM,YAAY,CAAC;QACjC,aAAa,EAAE,SAAS,CAAC,cAAc;QACvC,YAAY,EAAE,GAAG,CAAC,YAAY;KACjC,CAAC,CAAA;IAEF,MAAM,OAAO,GAAmB;QAC5B,GAAG,GAAG;QACN,WAAW,EAAG,SAAS,CAAC,YAAY;QACpC,YAAY,EAAE,SAAS,CAAC,aAAa;QACrC,SAAS,EAAK,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC,UAAU,GAAG,IAAI;QACtD,KAAK,EAAS,SAAS,CAAC,KAAK;KAChC,CAAA;IACD,UAAU,CAAC,OAAO,CAAC,CAAA;IACnB,OAAO,OAAO,CAAC,WAAW,CAAA;AAC9B,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,sBAAsB;IACxC,MAAM,GAAG,GAAG,UAAU,EAAE,CAAA;IACxB,MAAM,eAAe,CAAC,GAAG,CAAC,CAAA;IAC1B,OAAO,UAAU,EAAE,CAAA,CAAC,qCAAqC;AAC7D,CAAC"}

package/dist/config.d.ts

@@ -0,0 +1,25 @@
+/**
+ * Persisted session for the Axiom MCP install. Created by the install command,
+ * consumed by the server on every tool call.
+ */
+export interface AxiomMcpConfig {
+    apiBaseUrl: string;
+    clientId: string;
+    accessToken: string;
+    refreshToken: string;
+    expiresAt: number;
+    scope: string;
+    companyId: string | null;
+}
+declare const CONFIG_DIR: string;
+declare const CONFIG_PATH: string;
+export declare function loadConfig(): AxiomMcpConfig;
+export declare function saveConfig(cfg: AxiomMcpConfig): void;
+export declare function configPath(): string;
+export declare function ensureConfigDir(): void;
+export declare function loadOrThrow(): AxiomMcpConfig;
+/** Test helper — allows pointing at a temp path. */
+export declare function setConfigPathForTesting(path: string): {
+    restore: () => void;
+};
+export { CONFIG_DIR, CONFIG_PATH };

package/dist/config.js

@@ -0,0 +1,38 @@
+import { existsSync, mkdirSync, readFileSync, writeFileSync } from 'node:fs';
+import { join } from 'node:path';
+import { homedir } from 'node:os';
+const CONFIG_DIR = join(homedir(), '.axiom-mcp');
+const CONFIG_PATH = join(CONFIG_DIR, 'config.json');
+export function loadConfig() {
+    if (!existsSync(CONFIG_PATH)) {
+        throw new Error(`Axiom MCP is not installed. Run 'npx @axiom-billing/mcp install' first.\n` +
+            `Expected config at: ${CONFIG_PATH}`);
+    }
+    return JSON.parse(readFileSync(CONFIG_PATH, 'utf8'));
+}
+export function saveConfig(cfg) {
+    if (!existsSync(CONFIG_DIR))
+        mkdirSync(CONFIG_DIR, { recursive: true, mode: 0o700 });
+    writeFileSync(CONFIG_PATH, JSON.stringify(cfg, null, 2), { mode: 0o600 });
+}
+export function configPath() {
+    return CONFIG_PATH;
+}
+export function ensureConfigDir() {
+    if (!existsSync(CONFIG_DIR))
+        mkdirSync(CONFIG_DIR, { recursive: true, mode: 0o700 });
+}
+export function loadOrThrow() {
+    const cfg = loadConfig();
+    if (cfg.expiresAt < Date.now()) {
+        throw new Error('Axiom MCP access token has expired. The server will refresh on the next call.');
+    }
+    return cfg;
+}
+/** Test helper — allows pointing at a temp path. */
+export function setConfigPathForTesting(path) {
+    // Intentionally minimal — tests stub the module instead.
+    return { restore: () => { } };
+}
+export { CONFIG_DIR, CONFIG_PATH };
+//# sourceMappingURL=config.js.map

package/dist/config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,SAAS,CAAA;AAC5E,OAAO,EAAW,IAAI,EAAE,MAAM,WAAW,CAAA;AACzC,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAA;AAgBjC,MAAM,UAAU,GAAI,IAAI,CAAC,OAAO,EAAE,EAAE,YAAY,CAAC,CAAA;AACjD,MAAM,WAAW,GAAG,IAAI,CAAC,UAAU,EAAE,aAAa,CAAC,CAAA;AAEnD,MAAM,UAAU,UAAU;IACtB,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,KAAK,CACX,2EAA2E;YAC3E,uBAAuB,WAAW,EAAE,CACvC,CAAA;IACL,CAAC;IACD,OAAO,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,WAAW,EAAE,MAAM,CAAC,CAAmB,CAAA;AAC1E,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,GAAmB;IAC1C,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC;QAAE,SAAS,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAA;IACpF,aAAa,CAAC,WAAW,EAAE,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAA;AAC7E,CAAC;AAED,MAAM,UAAU,UAAU;IACtB,OAAO,WAAW,CAAA;AACtB,CAAC;AAED,MAAM,UAAU,eAAe;IAC3B,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC;QAAE,SAAS,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAA;AACxF,CAAC;AAED,MAAM,UAAU,WAAW;IACvB,MAAM,GAAG,GAAG,UAAU,EAAE,CAAA;IACxB,IAAI,GAAG,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;QAC7B,MAAM,IAAI,KAAK,CAAC,+EAA+E,CAAC,CAAA;IACpG,CAAC;IACD,OAAO,GAAG,CAAA;AACd,CAAC;AAED,oDAAoD;AACpD,MAAM,UAAU,uBAAuB,CAAC,IAAY;IAChD,yDAAyD;IACzD,OAAO,EAAE,OAAO,EAAE,GAAG,EAAE,GAAc,CAAC,EAAE,CAAA;AAC5C,CAAC;AAED,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,CAAA"}

package/dist/install.d.ts

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+export {};

package/dist/install.js

@@ -0,0 +1,137 @@
+#!/usr/bin/env node
+import { createServer } from 'node:http';
+import { exec } from 'node:child_process';
+import { platform } from 'node:os';
+import { randomBytes } from 'node:crypto';
+import { existsSync, mkdirSync, readFileSync, writeFileSync } from 'node:fs';
+import { join } from 'node:path';
+import { homedir } from 'node:os';
+import { discover, registerClient, exchangeCode, generatePkcePair, } from './auth.js';
+import { saveConfig, configPath } from './config.js';
+/**
+ * One-command install. Drives the full discovery → DCR → PKCE flow against
+ * an Axiom deployment, then writes both the MCP server config AND the
+ * Claude Desktop config block. No credentials in the command — the user
+ * approves in their browser.
+ */
+async function main() {
+    const apiBaseUrl = process.env.AXIOM_API_URL ?? 'http://localhost:8200/api';
+    const scopes = process.env.AXIOM_SCOPES ?? 'read:ledger read:invoices read:contacts read:reports read:bank-transactions offline_access';
+    console.error(`Axiom MCP installer — using API at ${apiBaseUrl}`);
+    const discovery = await discover(apiBaseUrl);
+    // Pick a free port on loopback for the redirect listener.
+    const { port, server, code, state } = await startLoopbackListener();
+    const redirectUri = `http://127.0.0.1:${port}/callback`;
+    const { clientId } = await registerClient(discovery.registration_endpoint, 'Axiom MCP (this machine)', redirectUri);
+    const { verifier, challenge } = generatePkcePair();
+    const resource = apiBaseUrl.endsWith('/') ? apiBaseUrl : `${apiBaseUrl}/`;
+    const authorizeUrl = new URL(discovery.authorization_endpoint);
+    authorizeUrl.searchParams.set('response_type', 'code');
+    authorizeUrl.searchParams.set('client_id', clientId);
+    authorizeUrl.searchParams.set('redirect_uri', redirectUri);
+    authorizeUrl.searchParams.set('code_challenge', challenge);
+    authorizeUrl.searchParams.set('code_challenge_method', 'S256');
+    authorizeUrl.searchParams.set('scope', scopes);
+    authorizeUrl.searchParams.set('state', state);
+    authorizeUrl.searchParams.set('resource', resource);
+    console.error(`Opening browser to: ${authorizeUrl}`);
+    openInBrowser(authorizeUrl.toString());
+    const callbackCode = await code;
+    server.close();
+    const tokens = await exchangeCode({
+        tokenEndpoint: discovery.token_endpoint,
+        code: callbackCode,
+        redirectUri,
+        clientId,
+        codeVerifier: verifier,
+    });
+    saveConfig({
+        apiBaseUrl,
+        clientId,
+        accessToken: tokens.access_token,
+        refreshToken: tokens.refresh_token,
+        expiresAt: Date.now() + tokens.expires_in * 1000,
+        scope: tokens.scope,
+        companyId: null, // server reads the companyId claim from the access token
+    });
+    console.error(`Saved tokens to ${configPath()}`);
+    writeClaudeDesktopBlock();
+    console.error('✔ Done. Restart Claude Desktop to pick up the Axiom MCP server.');
+}
+function startLoopbackListener() {
+    return new Promise((resolve) => {
+        const state = randomBytes(16).toString('hex');
+        let resolveCode;
+        let rejectCode;
+        const code = new Promise((res, rej) => { resolveCode = res; rejectCode = rej; });
+        const server = createServer((req, res) => {
+            if (!req.url) {
+                res.writeHead(400).end('missing url');
+                return;
+            }
+            const u = new URL(req.url, 'http://localhost');
+            if (u.pathname !== '/callback') {
+                res.writeHead(404).end();
+                return;
+            }
+            const returnedState = u.searchParams.get('state');
+            const codeParam = u.searchParams.get('code');
+            const errorParam = u.searchParams.get('error');
+            if (errorParam) {
+                res.writeHead(400, { 'Content-Type': 'text/html' });
+                res.end(`<h1>Authorization failed</h1><p>${errorParam}</p>`);
+                rejectCode(new Error(`Authorization failed: ${errorParam}`));
+                return;
+            }
+            if (returnedState !== state || !codeParam) {
+                res.writeHead(400).end('state mismatch');
+                rejectCode(new Error('state mismatch'));
+                return;
+            }
+            res.writeHead(200, { 'Content-Type': 'text/html' });
+            res.end('<h1>Authorized.</h1><p>You can close this tab.</p>');
+            resolveCode(codeParam);
+        });
+        server.listen(0, '127.0.0.1', () => {
+            const address = server.address();
+            if (typeof address === 'object' && address !== null) {
+                resolve({ port: address.port, server, code, state });
+            }
+        });
+    });
+}
+function openInBrowser(url) {
+    const cmd = platform() === 'win32' ? `start "" "${url}"`
+        : platform() === 'darwin' ? `open "${url}"`
+            : `xdg-open "${url}"`;
+    exec(cmd, () => { });
+}
+function writeClaudeDesktopBlock() {
+    const dir = platform() === 'win32'
+        ? join(process.env.APPDATA ?? join(homedir(), 'AppData', 'Roaming'), 'Claude')
+        : platform() === 'darwin'
+            ? join(homedir(), 'Library', 'Application Support', 'Claude')
+            : join(homedir(), '.config', 'Claude');
+    if (!existsSync(dir))
+        mkdirSync(dir, { recursive: true });
+    const path = join(dir, 'claude_desktop_config.json');
+    let existing = {};
+    if (existsSync(path)) {
+        try {
+            existing = JSON.parse(readFileSync(path, 'utf8'));
+        }
+        catch { /* invalid; overwrite */ }
+    }
+    existing.mcpServers ??= {};
+    existing.mcpServers['axiom'] = {
+        command: process.execPath,
+        args: [new URL('./server.js', import.meta.url).pathname],
+    };
+    writeFileSync(path, JSON.stringify(existing, null, 2));
+    console.error(`Wrote Claude Desktop config: ${path}`);
+}
+main().catch(err => {
+    console.error('Install failed:', err instanceof Error ? err.message : err);
+    process.exit(1);
+});
+//# sourceMappingURL=install.js.map

package/dist/install.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"install.js","sourceRoot":"","sources":["../src/install.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,YAAY,EAAE,MAAM,WAAW,CAAA;AACxC,OAAO,EAAE,IAAI,EAAE,MAAM,oBAAoB,CAAA;AACzC,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAA;AAClC,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAA;AACzC,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,SAAS,CAAA;AAC5E,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAA;AAChC,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAA;AACjC,OAAO,EACH,QAAQ,EACR,cAAc,EACd,YAAY,EACZ,gBAAgB,GACnB,MAAM,WAAW,CAAA;AAClB,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AAEpD;;;;;GAKG;AACH,KAAK,UAAU,IAAI;IACf,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,IAAI,2BAA2B,CAAA;IAC3E,MAAM,MAAM,GAAM,OAAO,CAAC,GAAG,CAAC,YAAY,IAAM,4FAA4F,CAAA;IAE5I,OAAO,CAAC,KAAK,CAAC,sCAAsC,UAAU,EAAE,CAAC,CAAA;IAEjE,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,UAAU,CAAC,CAAA;IAE5C,0DAA0D;IAC1D,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,MAAM,qBAAqB,EAAE,CAAA;IACnE,MAAM,WAAW,GAAG,oBAAoB,IAAI,WAAW,CAAA;IAEvD,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,cAAc,CACrC,SAAS,CAAC,qBAAqB,EAC/B,0BAA0B,EAC1B,WAAW,CACd,CAAA;IAED,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,gBAAgB,EAAE,CAAA;IAClD,MAAM,QAAQ,GAAG,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,GAAG,UAAU,GAAG,CAAA;IAEzE,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,sBAAsB,CAAC,CAAA;IAC9D,YAAY,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,EAAU,MAAM,CAAC,CAAA;IAC9D,YAAY,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,EAAc,QAAQ,CAAC,CAAA;IAChE,YAAY,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,EAAW,WAAW,CAAC,CAAA;IACnE,YAAY,CAAC,YAAY,CAAC,GAAG,CAAC,gBAAgB,EAAS,SAAS,CAAC,CAAA;IACjE,YAAY,CAAC,YAAY,CAAC,GAAG,CAAC,uBAAuB,EAAE,MAAM,CAAC,CAAA;IAC9D,YAAY,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAkB,MAAM,CAAC,CAAA;IAC9D,YAAY,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAkB,KAAK,CAAC,CAAA;IAC7D,YAAY,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,EAAe,QAAQ,CAAC,CAAA;IAEhE,OAAO,CAAC,KAAK,CAAC,uBAAuB,YAAY,EAAE,CAAC,CAAA;IACpD,aAAa,CAAC,YAAY,CAAC,QAAQ,EAAE,CAAC,CAAA;IAEtC,MAAM,YAAY,GAAG,MAAM,IAAI,CAAA;IAC/B,MAAM,CAAC,KAAK,EAAE,CAAA;IAEd,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC;QAC9B,aAAa,EAAE,SAAS,CAAC,cAAc;QACvC,IAAI,EAAW,YAAY;QAC3B,WAAW;QACX,QAAQ;QACR,YAAY,EAAG,QAAQ;KAC1B,CAAC,CAAA;IAEF,UAAU,CAAC;QACP,UAAU;QACV,QAAQ;QACR,WAAW,EAAG,MAAM,CAAC,YAAY;QACjC,YAAY,EAAE,MAAM,CAAC,aAAa;QAClC,SAAS,EAAK,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,UAAU,GAAG,IAAI;QACnD,KAAK,EAAS,MAAM,CAAC,KAAK;QAC1B,SAAS,EAAK,IAAI,EAAE,yDAAyD;KAChF,CAAC,CAAA;IAEF,OAAO,CAAC,KAAK,CAAC,mBAAmB,UAAU,EAAE,EAAE,CAAC,CAAA;IAEhD,uBAAuB,EAAE,CAAA;IAEzB,OAAO,CAAC,KAAK,CAAC,iEAAiE,CAAC,CAAA;AACpF,CAAC;AAED,SAAS,qBAAqB;IAM1B,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAC3B,MAAM,KAAK,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAA;QAC7C,IAAI,WAAiC,CAAA;QACrC,IAAI,UAAgC,CAAA;QACpC,MAAM,IAAI,GAAG,IAAI,OAAO,CAAS,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,GAAG,WAAW,GAAG,GAAG,CAAC,CAAC,UAAU,GAAG,GAAG,CAAA,CAAC,CAAC,CAAC,CAAA;QAEvF,MAAM,MAAM,GAAG,YAAY,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;YACrC,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC;gBACX,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,aAAa,CAAC,CAAA;gBACrC,OAAM;YACV,CAAC;YACD,MAAM,CAAC,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,kBAAkB,CAAC,CAAA;YAC9C,IAAI,CAAC,CAAC,QAAQ,KAAK,WAAW,EAAE,CAAC;gBAC7B,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,CAAA;gBACxB,OAAM;YACV,CAAC;YACD,MAAM,aAAa,GAAG,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;YACjD,MAAM,SAAS,GAAO,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;YAChD,MAAM,UAAU,GAAM,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;YACjD,IAAI,UAAU,EAAE,CAAC;gBACb,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAA;gBACnD,GAAG,CAAC,GAAG,CAAC,mCAAmC,UAAU,MAAM,CAAC,CAAA;gBAC5D,UAAU,CAAC,IAAI,KAAK,CAAC,yBAAyB,UAAU,EAAE,CAAC,CAAC,CAAA;gBAC5D,OAAM;YACV,CAAC;YACD,IAAI,aAAa,KAAK,KAAK,IAAI,CAAC,SAAS,EAAE,CAAC;gBACxC,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAA;gBACxC,UAAU,CAAC,IAAI,KAAK,CAAC,gBAAgB,CAAC,CAAC,CAAA;gBACvC,OAAM;YACV,CAAC;YACD,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAA;YACnD,GAAG,CAAC,GAAG,CAAC,oDAAoD,CAAC,CAAA;YAC7D,WAAW,CAAC,SAAS,CAAC,CAAA;QAC1B,CAAC,CAAC,CAAA;QAEF,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE,WAAW,EAAE,GAAG,EAAE;YAC/B,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,EAAE,CAAA;YAChC,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;gBAClD,OAAO,CAAC,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAA;YACxD,CAAC;QACL,CAAC,CAAC,CAAA;IACN,CAAC,CAAC,CAAA;AACN,CAAC;AAED,SAAS,aAAa,CAAC,GAAW;IAC9B,MAAM,GAAG,GAAG,QAAQ,EAAE,KAAK,OAAO,CAAC,CAAC,CAAC,aAAa,GAAG,GAAG;QACpD,CAAC,CAAO,QAAQ,EAAE,KAAK,QAAQ,CAAC,CAAC,CAAC,SAAS,GAAG,GAAG;YACjD,CAAC,CAAO,aAAa,GAAG,GAAG,CAAA;IAC/B,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAiB,CAAC,CAAC,CAAA;AACtC,CAAC;AAED,SAAS,uBAAuB;IAC5B,MAAM,GAAG,GAAG,QAAQ,EAAE,KAAK,OAAO;QAC9B,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,IAAI,IAAI,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,SAAS,CAAC,EAAE,QAAQ,CAAC;QAC9E,CAAC,CAAC,QAAQ,EAAE,KAAK,QAAQ;YACrB,CAAC,CAAC,IAAI,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,qBAAqB,EAAE,QAAQ,CAAC;YAC7D,CAAC,CAAC,IAAI,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAA;IAE9C,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;QAAE,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAA;IACzD,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,EAAE,4BAA4B,CAAC,CAAA;IAEpD,IAAI,QAAQ,GAA6C,EAAE,CAAA;IAC3D,IAAI,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QACnB,IAAI,CAAC;YAAC,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAA;QAAC,CAAC;QAAC,MAAM,CAAC,CAAC,wBAAwB,CAAC,CAAC;IAChG,CAAC;IACD,QAAQ,CAAC,UAAU,KAAK,EAAE,CACzB;IAAC,QAAQ,CAAC,UAAsC,CAAC,OAAO,CAAC,GAAG;QACzD,OAAO,EAAE,OAAO,CAAC,QAAQ;QACzB,IAAI,EAAK,CAAC,IAAI,GAAG,CAAC,aAAa,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC;KAC9D,CAAA;IACD,aAAa,CAAC,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAA;IACtD,OAAO,CAAC,KAAK,CAAC,gCAAgC,IAAI,EAAE,CAAC,CAAA;AACzD,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE;IACf,OAAO,CAAC,KAAK,CAAC,iBAAiB,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAA;IAC1E,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;AACnB,CAAC,CAAC,CAAA"}

package/dist/logger.d.ts

@@ -0,0 +1,15 @@
+import { Server } from '@modelcontextprotocol/sdk/server/index.js';
+import { LoggingLevel } from '@modelcontextprotocol/sdk/types.js';
+export declare class McpLogger {
+    private server;
+    private level;
+    bind(server: Server): void;
+    setLevel(level: LoggingLevel): void;
+    debug(message: string, data?: Record<string, unknown>): void;
+    info(message: string, data?: Record<string, unknown>): void;
+    notice(message: string, data?: Record<string, unknown>): void;
+    warning(message: string, data?: Record<string, unknown>): void;
+    error(message: string, data?: Record<string, unknown>): void;
+    private emit;
+}
+export declare const logger: McpLogger;

package/dist/logger.js

@@ -0,0 +1,49 @@
+/**
+ * MCP-protocol logger. Emits `notifications/message` events that an MCP client
+ * can subscribe to and filter by level (controlled by the client via
+ * `logging/setLevel`). This is distinct from process stderr — that channel is
+ * still used for fatal startup errors in stdio mode where the protocol stream
+ * isn't yet up.
+ */
+const LEVEL_ORDER = {
+    debug: 0,
+    info: 1,
+    notice: 2,
+    warning: 3,
+    error: 4,
+    critical: 5,
+    alert: 6,
+    emergency: 7,
+};
+export class McpLogger {
+    server = null;
+    level = 'info';
+    bind(server) {
+        this.server = server;
+    }
+    setLevel(level) {
+        this.level = level;
+    }
+    debug(message, data) { this.emit('debug', message, data); }
+    info(message, data) { this.emit('info', message, data); }
+    notice(message, data) { this.emit('notice', message, data); }
+    warning(message, data) { this.emit('warning', message, data); }
+    error(message, data) { this.emit('error', message, data); }
+    emit(level, message, data) {
+        if (!this.server)
+            return;
+        if (LEVEL_ORDER[level] < LEVEL_ORDER[this.level])
+            return;
+        const params = {
+            level,
+            logger: 'axiom-mcp',
+            data: data ? { message, ...data } : { message },
+        };
+        // sendLoggingMessage returns a promise; we fire-and-forget so the caller
+        // (a tool handler) isn't blocked by transport backpressure. Errors here
+        // are swallowed deliberately — failing to log must never break a tool.
+        void this.server.sendLoggingMessage(params).catch(() => { });
+    }
+}
+export const logger = new McpLogger();
+//# sourceMappingURL=logger.js.map

package/dist/logger.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"logger.js","sourceRoot":"","sources":["../src/logger.ts"],"names":[],"mappings":"AAGA;;;;;;GAMG;AAEH,MAAM,WAAW,GAAiC;IAC9C,KAAK,EAAM,CAAC;IACZ,IAAI,EAAO,CAAC;IACZ,MAAM,EAAK,CAAC;IACZ,OAAO,EAAI,CAAC;IACZ,KAAK,EAAM,CAAC;IACZ,QAAQ,EAAG,CAAC;IACZ,KAAK,EAAM,CAAC;IACZ,SAAS,EAAE,CAAC;CACf,CAAA;AAED,MAAM,OAAO,SAAS;IACV,MAAM,GAAkB,IAAI,CAAA;IAC5B,KAAK,GAAiB,MAAM,CAAA;IAEpC,IAAI,CAAC,MAAc;QACf,IAAI,CAAC,MAAM,GAAG,MAAM,CAAA;IACxB,CAAC;IAED,QAAQ,CAAC,KAAmB;QACxB,IAAI,CAAC,KAAK,GAAG,KAAK,CAAA;IACtB,CAAC;IAED,KAAK,CAAC,OAAe,EAAE,IAA8B,IAAY,IAAI,CAAC,IAAI,CAAC,OAAO,EAAI,OAAO,EAAE,IAAI,CAAC,CAAA,CAAC,CAAC;IACtG,IAAI,CAAC,OAAe,EAAE,IAA8B,IAAa,IAAI,CAAC,IAAI,CAAC,MAAM,EAAK,OAAO,EAAE,IAAI,CAAC,CAAA,CAAC,CAAC;IACtG,MAAM,CAAC,OAAe,EAAE,IAA8B,IAAW,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAG,OAAO,EAAE,IAAI,CAAC,CAAA,CAAC,CAAC;IACtG,OAAO,CAAC,OAAe,EAAE,IAA8B,IAAU,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,OAAO,EAAE,IAAI,CAAC,CAAA,CAAC,CAAC;IACtG,KAAK,CAAC,OAAe,EAAE,IAA8B,IAAY,IAAI,CAAC,IAAI,CAAC,OAAO,EAAI,OAAO,EAAE,IAAI,CAAC,CAAA,CAAC,CAAC;IAE9F,IAAI,CAAC,KAAmB,EAAE,OAAe,EAAE,IAA8B;QAC7E,IAAI,CAAC,IAAI,CAAC,MAAM;YAAE,OAAM;QACxB,IAAI,WAAW,CAAC,KAAK,CAAC,GAAG,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC;YAAE,OAAM;QACxD,MAAM,MAAM,GAAG;YACX,KAAK;YACL,MAAM,EAAE,WAAW;YACnB,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,GAAG,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE;SAClD,CAAA;QACD,yEAAyE;QACzE,wEAAwE;QACxE,uEAAuE;QACvE,KAAK,IAAI,CAAC,MAAM,CAAC,kBAAkB,CAAC,MAAM,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAiB,CAAC,CAAC,CAAA;IAC9E,CAAC;CACJ;AAED,MAAM,CAAC,MAAM,MAAM,GAAG,IAAI,SAAS,EAAE,CAAA"}

package/dist/prompts/index.d.ts

@@ -0,0 +1,29 @@
+/**
+ * Prompts are user-facing workflow starters — they appear as slash commands
+ * or quick-actions in MCP-aware UIs. Each one expands to a `messages` array
+ * the host injects into the conversation. The bodies are instruction templates
+ * that ground the model in Axiom's tools and resources; they do NOT execute
+ * tool calls themselves.
+ */
+export interface PromptArgument {
+    name: string;
+    description: string;
+    required: boolean;
+}
+export interface PromptDefinition {
+    name: string;
+    description: string;
+    arguments: PromptArgument[];
+    /** Build the messages payload returned by `prompts/get`. */
+    build: (args: Record<string, string | undefined>) => {
+        description: string;
+        messages: Array<{
+            role: 'user';
+            content: {
+                type: 'text';
+                text: string;
+            };
+        }>;
+    };
+}
+export declare const ALL_PROMPTS: PromptDefinition[];