@besales/mcp 0.1.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 BeSales
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,127 @@
+# @besales/mcp
+
+Model Context Protocol server for Animaly / Besales.
+
+Status: public npm package candidate.
+
+## Install
+
+Production users can run the MCP server with `npx`:
+
+```bash
+npx -y @besales/mcp connect
+npx -y @besales/mcp status
+npx -y @besales/mcp
+```
+
+## Development
+
+```bash
+yarn install
+yarn types:gen:api
+yarn types:gen:mcp
+yarn build
+```
+
+The generated files in `src/types/` and `src/schemas/` are committed because
+the source contracts live outside this independent repository.
+
+Run a lightweight local mock API for MCP Inspector tool-call smoke tests:
+
+Terminal 1:
+
+```bash
+yarn dev:mock
+```
+
+Terminal 2:
+
+```bash
+yarn dev:mock:seed
+BESALES_API_BASE_URL=http://127.0.0.1:3100/api/v2 node bin/besales-mcp.js
+```
+
+`yarn dev:mock:seed` and `yarn dev:mock:clear` use the same keytar entries as
+real `besales-mcp connect` credentials. They can overwrite or clear a local real
+connection for the current macOS user.
+
+The mock server only verifies request wiring. Live tool E2E depends on the
+matching `ai-aniomaly` `/api/v2/*` endpoints.
+Remove seeded mock credentials after smoke testing:
+
+```bash
+yarn dev:mock:clear
+```
+
+## CLI
+
+```bash
+node bin/besales-mcp.js connect
+node bin/besales-mcp.js status
+node bin/besales-mcp.js disconnect
+node bin/besales-mcp.js
+```
+
+`BESALES_API_BASE_URL` defaults to `https://app.besales.ai/api/v2`. For local
+development, set it to `http://localhost:3000/api/v2`.
+
+Tool calls require stored credentials. Run `node bin/besales-mcp.js connect`
+against a backend that implements `/api/v2/auth/mcp-connect`, or run
+`yarn dev:mock:seed` for mock-only smoke tests.
+
+For production users, do not set `BESALES_API_BASE_URL`. Run:
+
+```bash
+npx -y @besales/mcp connect
+```
+
+The browser consent flow stores the selected workspace in the local keychain.
+Workspace-level tools default to that connected workspace, so users should not
+provide `workspace_id` manually. To switch workspace, run `besales-mcp
+disconnect`, switch/create the desired workspace in the web app if needed, then
+run `besales-mcp connect` again.
+
+## Resources
+
+The package exposes 5 MCP concept resources:
+
+- `besales://concepts/icp`
+- `besales://concepts/triggers`
+- `besales://concepts/sandbox`
+- `besales://concepts/handoff`
+- `besales://concepts/external-execution`
+
+Inspect them locally:
+
+```bash
+yarn dlx @modelcontextprotocol/inspector node bin/besales-mcp.js
+```
+
+The Inspector should show 31 tools and 5 resources.
+
+## Claude Desktop
+
+For local development before the package is published, install a Claude Desktop
+config entry with:
+
+```bash
+yarn install:claude-desktop
+```
+
+The installer creates a timestamped backup of the existing config and writes only
+the `mcpServers.besales` entry. It uses the absolute Node executable path because
+GUI apps may not inherit the shell `PATH`.
+
+## Host Setup
+
+Host-specific local setup and smoke steps for MCP Inspector, Claude Desktop,
+Claude Code, and Codex CLI are documented in
+[docs/host-setup.md](docs/host-setup.md).
+
+## Scope
+
+- Claude Desktop / Claude Code / Codex call this package through MCP.
+- This package calls Animaly only through `ai-aniomaly` `/api/v2/*`.
+- Direct calls to `prompt-services` are intentionally out of scope.
+
+The package exposes 31 active MCP tools from `src/schemas/mcp-tools.json`.

package/bin/besales-mcp.js

@@ -0,0 +1,10 @@
+#!/usr/bin/env node
+
+import { runCli } from '../dist/cli.js';
+
+runCli().then((exitCode) => {
+  process.exitCode = exitCode;
+}).catch((error) => {
+  console.error('Fatal:', error);
+  process.exit(1);
+});

package/dist/auth/oauth-client.d.ts

@@ -0,0 +1,32 @@
+export declare const DEFAULT_API_BASE_URL = "https://app.besales.ai/api/v2";
+export declare const OAUTH_CALLBACK_HOST = "127.0.0.1";
+export declare const OAUTH_CALLBACK_PATH = "/oauth-callback";
+export declare const OAUTH_SCOPE = "mcp:* mcp:platform-setup";
+export declare const OAUTH_TIMEOUT_MS: number;
+export interface OAuthConnectResult {
+    readonly apiKey: string;
+    readonly workspaceId: string;
+}
+export interface OauthClientOptions {
+    readonly apiBaseUrl?: string;
+    readonly openUrl?: (url: string) => Promise<unknown> | unknown;
+    readonly timeoutMs?: number;
+}
+export declare function generateCodeVerifier(): string;
+export declare function createCodeChallenge(codeVerifier: string): string;
+export declare function generateState(): string;
+export declare function normalizeApiBaseUrl(apiBaseUrl?: string): string;
+export declare function createAuthorizationUrl(input: {
+    readonly apiBaseUrl?: string;
+    readonly state: string;
+    readonly redirectUri: string;
+    readonly codeChallenge: string;
+}): URL;
+export declare class OauthClient {
+    private readonly apiBaseUrl;
+    private readonly openUrl;
+    private readonly timeoutMs;
+    constructor(options?: OauthClientOptions);
+    connect(): Promise<OAuthConnectResult>;
+    private startCallbackServer;
+}

package/dist/auth/oauth-client.js

@@ -0,0 +1,180 @@
+import { createHash, randomBytes } from 'node:crypto';
+import { createServer } from 'node:http';
+import open from 'open';
+import { logger } from '../utils/logger.js';
+export const DEFAULT_API_BASE_URL = 'https://app.besales.ai/api/v2';
+export const OAUTH_CALLBACK_HOST = '127.0.0.1';
+export const OAUTH_CALLBACK_PATH = '/oauth-callback';
+export const OAUTH_SCOPE = 'mcp:* mcp:platform-setup';
+export const OAUTH_TIMEOUT_MS = 5 * 60 * 1000;
+export function generateCodeVerifier() {
+    return randomBytes(32).toString('base64url');
+}
+export function createCodeChallenge(codeVerifier) {
+    return createHash('sha256').update(codeVerifier).digest('base64url');
+}
+export function generateState() {
+    return randomBytes(16).toString('hex');
+}
+export function normalizeApiBaseUrl(apiBaseUrl) {
+    return (apiBaseUrl ?? process.env.BESALES_API_BASE_URL ?? DEFAULT_API_BASE_URL).replace(/\/+$/, '');
+}
+export function createAuthorizationUrl(input) {
+    const url = new URL(`${normalizeApiBaseUrl(input.apiBaseUrl)}/auth/mcp-connect`);
+    url.searchParams.set('state', input.state);
+    url.searchParams.set('redirect_uri', input.redirectUri);
+    url.searchParams.set('code_challenge', input.codeChallenge);
+    url.searchParams.set('code_challenge_method', 'S256');
+    url.searchParams.set('scope', OAUTH_SCOPE);
+    return url;
+}
+export class OauthClient {
+    apiBaseUrl;
+    openUrl;
+    timeoutMs;
+    constructor(options = {}) {
+        this.apiBaseUrl = normalizeApiBaseUrl(options.apiBaseUrl);
+        this.openUrl = options.openUrl ?? ((url) => open(url));
+        this.timeoutMs = options.timeoutMs ?? OAUTH_TIMEOUT_MS;
+    }
+    async connect() {
+        const codeVerifier = generateCodeVerifier();
+        const codeChallenge = createCodeChallenge(codeVerifier);
+        const state = generateState();
+        const callbackServer = await this.startCallbackServer({ expectedState: state });
+        const redirectUri = `http://${OAUTH_CALLBACK_HOST}:${callbackServer.port}${OAUTH_CALLBACK_PATH}`;
+        const authorizationUrl = createAuthorizationUrl({
+            apiBaseUrl: this.apiBaseUrl,
+            state,
+            redirectUri,
+            codeChallenge,
+        });
+        const callbackResult = callbackServer.result;
+        callbackResult.catch(() => undefined);
+        try {
+            await this.openUrl(authorizationUrl.toString());
+            return await callbackResult;
+        }
+        catch (error) {
+            await callbackServer.close();
+            throw error;
+        }
+    }
+    async startCallbackServer(input) {
+        const server = createServer();
+        let settled = false;
+        let timeout;
+        let closePromise = null;
+        const close = async () => {
+            if (closePromise) {
+                return closePromise;
+            }
+            if (timeout) {
+                clearTimeout(timeout);
+                timeout = undefined;
+            }
+            closePromise = new Promise((resolve) => {
+                if (!server.listening) {
+                    resolve();
+                    return;
+                }
+                server.closeAllConnections();
+                server.close(() => resolve());
+            });
+            return closePromise;
+        };
+        const result = new Promise((resolve, reject) => {
+            const settle = (outcome, value) => {
+                if (settled) {
+                    return;
+                }
+                settled = true;
+                if (outcome === 'resolve') {
+                    resolve(value);
+                }
+                else {
+                    reject(value);
+                }
+                void close();
+            };
+            const rejectCallback = (statusCode, responseMessage, errorMessage, response) => {
+                response.writeHead(statusCode, {
+                    'Connection': 'close',
+                    'Content-Type': 'text/plain; charset=utf-8',
+                });
+                response.end(responseMessage);
+                logger.warn({ errorMessage }, 'OAuth callback rejected');
+                settle('reject', new Error(errorMessage));
+            };
+            server.on('request', (request, response) => {
+                if (settled) {
+                    response.writeHead(410, {
+                        'Connection': 'close',
+                        'Content-Type': 'text/plain; charset=utf-8',
+                    });
+                    response.end('OAuth flow already completed');
+                    return;
+                }
+                if (request.method !== 'GET') {
+                    rejectCallback(405, 'Method not allowed', 'OAuth callback method must be GET', response);
+                    return;
+                }
+                const callbackAddress = server.address();
+                const requestUrl = new URL(request.url ?? '/', `http://${OAUTH_CALLBACK_HOST}:${callbackAddress?.port ?? 0}`);
+                if (requestUrl.pathname !== OAUTH_CALLBACK_PATH) {
+                    rejectCallback(404, 'Not found', 'OAuth callback path mismatch', response);
+                    return;
+                }
+                const receivedState = requestUrl.searchParams.get('state');
+                if (receivedState !== input.expectedState) {
+                    rejectCallback(400, 'Invalid state parameter', 'OAuth state mismatch', response);
+                    return;
+                }
+                const apiKey = requestUrl.searchParams.get('api_key');
+                const workspaceId = requestUrl.searchParams.get('workspace_id');
+                if (!apiKey || !workspaceId) {
+                    rejectCallback(400, 'Missing api_key/workspace_id', 'OAuth callback missing required params', response);
+                    return;
+                }
+                response.writeHead(200, {
+                    'Connection': 'close',
+                    'Content-Type': 'text/html; charset=utf-8',
+                });
+                response.end('<html><body><h1>Connected</h1><p>You can close this tab.</p></body></html>');
+                settle('resolve', { apiKey, workspaceId });
+            });
+            server.on('error', (error) => {
+                logger.error({ err: error }, 'OAuth callback server error');
+                settle('reject', error);
+            });
+            timeout = setTimeout(() => {
+                logger.warn('OAuth flow timeout');
+                settle('reject', new Error('OAuth flow timeout (5min)'));
+            }, this.timeoutMs);
+        });
+        await new Promise((resolve, reject) => {
+            const onListenError = (error) => {
+                server.off('listening', onListening);
+                reject(error);
+            };
+            const onListening = () => {
+                server.off('error', onListenError);
+                resolve();
+            };
+            server.once('error', onListenError);
+            server.once('listening', onListening);
+            server.listen(0, OAUTH_CALLBACK_HOST);
+        });
+        const address = server.address();
+        if (!address || typeof address === 'string') {
+            await close();
+            throw new Error('OAuth callback server did not expose a TCP port');
+        }
+        return {
+            port: address.port,
+            result,
+            close,
+        };
+    }
+}
+//# sourceMappingURL=oauth-client.js.map

package/dist/auth/oauth-client.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth-client.js","sourceRoot":"","sources":["../../src/auth/oauth-client.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AACtD,OAAO,EAAE,YAAY,EAAuB,MAAM,WAAW,CAAC;AAG9D,OAAO,IAAI,MAAM,MAAM,CAAC;AAExB,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAE5C,MAAM,CAAC,MAAM,oBAAoB,GAAG,+BAA+B,CAAC;AACpE,MAAM,CAAC,MAAM,mBAAmB,GAAG,WAAW,CAAC;AAC/C,MAAM,CAAC,MAAM,mBAAmB,GAAG,iBAAiB,CAAC;AACrD,MAAM,CAAC,MAAM,WAAW,GAAG,0BAA0B,CAAC;AACtD,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;AAmB9C,MAAM,UAAU,oBAAoB;IAClC,OAAO,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;AAC/C,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,YAAoB;IACtD,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;AACvE,CAAC;AAED,MAAM,UAAU,aAAa;IAC3B,OAAO,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AACzC,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,UAAmB;IACrD,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,oBAAoB,CAAC,CAAC,OAAO,CACrF,MAAM,EACN,EAAE,CACH,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,sBAAsB,CAAC,KAKtC;IACC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,mBAAmB,CAAC,KAAK,CAAC,UAAU,CAAC,mBAAmB,CAAC,CAAC;IAEjF,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;IAC3C,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,EAAE,KAAK,CAAC,WAAW,CAAC,CAAC;IACxD,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,gBAAgB,EAAE,KAAK,CAAC,aAAa,CAAC,CAAC;IAC5D,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,uBAAuB,EAAE,MAAM,CAAC,CAAC;IACtD,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;IAE3C,OAAO,GAAG,CAAC;AACb,CAAC;AAED,MAAM,OAAO,WAAW;IACL,UAAU,CAAS;IACnB,OAAO,CAA8C;IACrD,SAAS,CAAS;IAEnC,YAAY,UAA8B,EAAE;QAC1C,IAAI,CAAC,UAAU,GAAG,mBAAmB,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QAC1D,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,CAAC,CAAC,GAAW,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;QAC/D,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,gBAAgB,CAAC;IACzD,CAAC;IAED,KAAK,CAAC,OAAO;QACX,MAAM,YAAY,GAAG,oBAAoB,EAAE,CAAC;QAC5C,MAAM,aAAa,GAAG,mBAAmB,CAAC,YAAY,CAAC,CAAC;QACxD,MAAM,KAAK,GAAG,aAAa,EAAE,CAAC;QAC9B,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,EAAE,aAAa,EAAE,KAAK,EAAE,CAAC,CAAC;QAChF,MAAM,WAAW,GAAG,UAAU,mBAAmB,IAAI,cAAc,CAAC,IAAI,GAAG,mBAAmB,EAAE,CAAC;QACjG,MAAM,gBAAgB,GAAG,sBAAsB,CAAC;YAC9C,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,KAAK;YACL,WAAW;YACX,aAAa;SACd,CAAC,CAAC;QAEH,MAAM,cAAc,GAAG,cAAc,CAAC,MAAM,CAAC;QAC7C,cAAc,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,CAAC;QAEtC,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,OAAO,CAAC,gBAAgB,CAAC,QAAQ,EAAE,CAAC,CAAC;YAChD,OAAO,MAAM,cAAc,CAAC;QAC9B,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,cAAc,CAAC,KAAK,EAAE,CAAC;YAC7B,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,mBAAmB,CAAC,KAEjC;QACC,MAAM,MAAM,GAAG,YAAY,EAAE,CAAC;QAC9B,IAAI,OAAO,GAAG,KAAK,CAAC;QACpB,IAAI,OAAkD,CAAC;QACvD,IAAI,YAAY,GAAyB,IAAI,CAAC;QAE9C,MAAM,KAAK,GAAG,KAAK,IAAmB,EAAE;YACtC,IAAI,YAAY,EAAE,CAAC;gBACjB,OAAO,YAAY,CAAC;YACtB,CAAC;YAED,IAAI,OAAO,EAAE,CAAC;gBACZ,YAAY,CAAC,OAAO,CAAC,CAAC;gBACtB,OAAO,GAAG,SAAS,CAAC;YACtB,CAAC;YAED,YAAY,GAAG,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;gBACrC,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;oBACtB,OAAO,EAAE,CAAC;oBACV,OAAO;gBACT,CAAC;gBAED,MAAM,CAAC,mBAAmB,EAAE,CAAC;gBAC7B,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC,CAAC;YAChC,CAAC,CAAC,CAAC;YAEH,OAAO,YAAY,CAAC;QACtB,CAAC,CAAC;QAEF,MAAM,MAAM,GAAG,IAAI,OAAO,CAAqB,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACjE,MAAM,MAAM,GAAG,CACb,OAA6B,EAC7B,KAAiC,EAC3B,EAAE;gBACR,IAAI,OAAO,EAAE,CAAC;oBACZ,OAAO;gBACT,CAAC;gBAED,OAAO,GAAG,IAAI,CAAC;gBAEf,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;oBAC1B,OAAO,CAAC,KAA2B,CAAC,CAAC;gBACvC,CAAC;qBAAM,CAAC;oBACN,MAAM,CAAC,KAAK,CAAC,CAAC;gBAChB,CAAC;gBAED,KAAK,KAAK,EAAE,CAAC;YACf,CAAC,CAAC;YAEF,MAAM,cAAc,GAAG,CACrB,UAAkB,EAClB,eAAuB,EACvB,YAAoB,EACpB,QAAwB,EAClB,EAAE;gBACR,QAAQ,CAAC,SAAS,CAAC,UAAU,EAAE;oBAC7B,YAAY,EAAE,OAAO;oBACrB,cAAc,EAAE,2BAA2B;iBAC5C,CAAC,CAAC;gBACH,QAAQ,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;gBAC9B,MAAM,CAAC,IAAI,CAAC,EAAE,YAAY,EAAE,EAAE,yBAAyB,CAAC,CAAC;gBACzD,MAAM,CAAC,QAAQ,EAAE,IAAI,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC;YAC5C,CAAC,CAAC;YAEF,MAAM,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC,OAAO,EAAE,QAAQ,EAAE,EAAE;gBACzC,IAAI,OAAO,EAAE,CAAC;oBACZ,QAAQ,CAAC,SAAS,CAAC,GAAG,EAAE;wBACtB,YAAY,EAAE,OAAO;wBACrB,cAAc,EAAE,2BAA2B;qBAC5C,CAAC,CAAC;oBACH,QAAQ,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAC;oBAC7C,OAAO;gBACT,CAAC;gBAED,IAAI,OAAO,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;oBAC7B,cAAc,CAAC,GAAG,EAAE,oBAAoB,EAAE,mCAAmC,EAAE,QAAQ,CAAC,CAAC;oBACzF,OAAO;gBACT,CAAC;gBAED,MAAM,eAAe,GAAG,MAAM,CAAC,OAAO,EAAwB,CAAC;gBAC/D,MAAM,UAAU,GAAG,IAAI,GAAG,CACxB,OAAO,CAAC,GAAG,IAAI,GAAG,EAClB,UAAU,mBAAmB,IAAI,eAAe,EAAE,IAAI,IAAI,CAAC,EAAE,CAC9D,CAAC;gBAEF,IAAI,UAAU,CAAC,QAAQ,KAAK,mBAAmB,EAAE,CAAC;oBAChD,cAAc,CAAC,GAAG,EAAE,WAAW,EAAE,8BAA8B,EAAE,QAAQ,CAAC,CAAC;oBAC3E,OAAO;gBACT,CAAC;gBAED,MAAM,aAAa,GAAG,UAAU,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;gBAC3D,IAAI,aAAa,KAAK,KAAK,CAAC,aAAa,EAAE,CAAC;oBAC1C,cAAc,CACZ,GAAG,EACH,yBAAyB,EACzB,sBAAsB,EACtB,QAAQ,CACT,CAAC;oBACF,OAAO;gBACT,CAAC;gBAED,MAAM,MAAM,GAAG,UAAU,CAAC,YAAY,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;gBACtD,MAAM,WAAW,GAAG,UAAU,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;gBAEhE,IAAI,CAAC,MAAM,IAAI,CAAC,WAAW,EAAE,CAAC;oBAC5B,cAAc,CACZ,GAAG,EACH,8BAA8B,EAC9B,wCAAwC,EACxC,QAAQ,CACT,CAAC;oBACF,OAAO;gBACT,CAAC;gBAED,QAAQ,CAAC,SAAS,CAAC,GAAG,EAAE;oBACtB,YAAY,EAAE,OAAO;oBACrB,cAAc,EAAE,0BAA0B;iBAC3C,CAAC,CAAC;gBACH,QAAQ,CAAC,GAAG,CACV,4EAA4E,CAC7E,CAAC;gBACF,MAAM,CAAC,SAAS,EAAE,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC,CAAC;YAC7C,CAAC,CAAC,CAAC;YAEH,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE;gBAC3B,MAAM,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,KAAK,EAAE,EAAE,6BAA6B,CAAC,CAAC;gBAC5D,MAAM,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;YAC1B,CAAC,CAAC,CAAC;YAEH,OAAO,GAAG,UAAU,CAAC,GAAG,EAAE;gBACxB,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;gBAClC,MAAM,CAAC,QAAQ,EAAE,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC,CAAC;YAC3D,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;QACrB,CAAC,CAAC,CAAC;QAEH,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YAC1C,MAAM,aAAa,GAAG,CAAC,KAAY,EAAQ,EAAE;gBAC3C,MAAM,CAAC,GAAG,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC;gBACrC,MAAM,CAAC,KAAK,CAAC,CAAC;YAChB,CAAC,CAAC;YAEF,MAAM,WAAW,GAAG,GAAS,EAAE;gBAC7B,MAAM,CAAC,GAAG,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;gBACnC,OAAO,EAAE,CAAC;YACZ,CAAC,CAAC;YAEF,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;YACpC,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC;YACtC,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE,mBAAmB,CAAC,CAAC;QACxC,CAAC,CAAC,CAAC;QAEH,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,EAAE,CAAC;QACjC,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;YAC5C,MAAM,KAAK,EAAE,CAAC;YACd,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;QACrE,CAAC;QAED,OAAO;YACL,IAAI,EAAE,OAAO,CAAC,IAAI;YAClB,MAAM;YACN,KAAK;SACN,CAAC;IACJ,CAAC;CACF"}

package/dist/auth/token-storage.d.ts

@@ -0,0 +1,7 @@
+export declare const TOKEN_STORAGE_SERVICE = "@besales/mcp";
+export type TokenStorageAccount = 'api_key' | 'workspace_id';
+export declare class TokenStorage {
+    set(account: TokenStorageAccount, value: string): Promise<void>;
+    get(account: TokenStorageAccount): Promise<string | null>;
+    clear(): Promise<void>;
+}

package/dist/auth/token-storage.js

@@ -0,0 +1,17 @@
+import * as keytar from 'keytar';
+export const TOKEN_STORAGE_SERVICE = '@besales/mcp';
+export class TokenStorage {
+    async set(account, value) {
+        await keytar.setPassword(TOKEN_STORAGE_SERVICE, account, value);
+    }
+    async get(account) {
+        return keytar.getPassword(TOKEN_STORAGE_SERVICE, account);
+    }
+    async clear() {
+        await Promise.all([
+            keytar.deletePassword(TOKEN_STORAGE_SERVICE, 'api_key'),
+            keytar.deletePassword(TOKEN_STORAGE_SERVICE, 'workspace_id'),
+        ]);
+    }
+}
+//# sourceMappingURL=token-storage.js.map

package/dist/auth/token-storage.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"token-storage.js","sourceRoot":"","sources":["../../src/auth/token-storage.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,MAAM,QAAQ,CAAC;AAEjC,MAAM,CAAC,MAAM,qBAAqB,GAAG,cAAc,CAAC;AAGpD,MAAM,OAAO,YAAY;IACvB,KAAK,CAAC,GAAG,CAAC,OAA4B,EAAE,KAAa;QACnD,MAAM,MAAM,CAAC,WAAW,CAAC,qBAAqB,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;IAClE,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,OAA4B;QACpC,OAAO,MAAM,CAAC,WAAW,CAAC,qBAAqB,EAAE,OAAO,CAAC,CAAC;IAC5D,CAAC;IAED,KAAK,CAAC,KAAK;QACT,MAAM,OAAO,CAAC,GAAG,CAAC;YAChB,MAAM,CAAC,cAAc,CAAC,qBAAqB,EAAE,SAAS,CAAC;YACvD,MAAM,CAAC,cAAc,CAAC,qBAAqB,EAAE,cAAc,CAAC;SAC7D,CAAC,CAAC;IACL,CAAC;CACF"}

package/dist/cli.d.ts

@@ -0,0 +1,22 @@
+import { type OAuthConnectResult } from './auth/oauth-client.js';
+import { type TokenStorageAccount } from './auth/token-storage.js';
+import { startMcpServer } from './server.js';
+export interface CliIo {
+    readonly log: (message: string) => void;
+    readonly error: (message: string) => void;
+}
+export interface OAuthConnector {
+    connect(): Promise<OAuthConnectResult>;
+}
+export interface CredentialStorage {
+    set(account: TokenStorageAccount, value: string): Promise<void>;
+    get(account: TokenStorageAccount): Promise<string | null>;
+    clear(): Promise<void>;
+}
+export interface CliDeps {
+    readonly oauthClient?: OAuthConnector;
+    readonly tokenStorage?: CredentialStorage;
+    readonly startMcpServer?: typeof startMcpServer;
+}
+export declare function getHelpText(version?: string): string;
+export declare function runCli(argv?: readonly string[], io?: CliIo, deps?: CliDeps): Promise<number>;

package/dist/cli.js

@@ -0,0 +1,70 @@
+import { OauthClient } from './auth/oauth-client.js';
+import { TokenStorage } from './auth/token-storage.js';
+import { readPackageVersion } from './package-metadata.js';
+import { startMcpServer } from './server.js';
+import { maskApiKey } from './utils/mask.js';
+const defaultIo = {
+    log: (message) => console.log(message),
+    error: (message) => console.error(message),
+};
+export function getHelpText(version = readPackageVersion()) {
+    return `besales-mcp ${version}
+
+Usage:
+  besales-mcp              Start MCP server
+  besales-mcp connect      Connect Animaly workspace
+  besales-mcp status       Show connection status
+  besales-mcp disconnect   Clear stored credentials
+  besales-mcp --help       Show help
+  besales-mcp --version    Show version`;
+}
+export async function runCli(argv = process.argv.slice(2), io = defaultIo, deps = {}) {
+    const command = argv[0];
+    const oauthClient = deps.oauthClient ?? new OauthClient();
+    const tokenStorage = deps.tokenStorage ?? new TokenStorage();
+    const runMcpServer = deps.startMcpServer ?? startMcpServer;
+    if (command === '--help' || command === '-h') {
+        io.log(getHelpText());
+        return 0;
+    }
+    if (command === '--version' || command === '-v') {
+        io.log(readPackageVersion());
+        return 0;
+    }
+    if (command === 'connect') {
+        const { apiKey, workspaceId } = await oauthClient.connect();
+        try {
+            await tokenStorage.set('workspace_id', workspaceId);
+            await tokenStorage.set('api_key', apiKey);
+        }
+        catch (error) {
+            await tokenStorage.clear();
+            throw error;
+        }
+        io.log(`Connected to workspace ${workspaceId} (key: ${maskApiKey(apiKey)})`);
+        return 0;
+    }
+    if (command === 'status') {
+        const apiKey = await tokenStorage.get('api_key');
+        const workspaceId = await tokenStorage.get('workspace_id');
+        if (!apiKey) {
+            io.log('Not connected');
+            return 0;
+        }
+        io.log(`Connected to workspace ${workspaceId ?? 'unknown'} (key: ${maskApiKey(apiKey)})`);
+        return 0;
+    }
+    if (command === 'disconnect') {
+        await tokenStorage.clear();
+        io.log('Disconnected');
+        return 0;
+    }
+    if (command) {
+        io.error(`Unknown command: ${command}`);
+        io.log(getHelpText());
+        return 1;
+    }
+    await runMcpServer({ stdio: true });
+    return 0;
+}
+//# sourceMappingURL=cli.js.map

package/dist/cli.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAA2B,MAAM,wBAAwB,CAAC;AAC9E,OAAO,EAAE,YAAY,EAA4B,MAAM,yBAAyB,CAAC;AACjF,OAAO,EAAE,kBAAkB,EAAE,MAAM,uBAAuB,CAAC;AAC3D,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAC7C,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAuB7C,MAAM,SAAS,GAAU;IACvB,GAAG,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC;IACtC,KAAK,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC;CAC3C,CAAC;AAEF,MAAM,UAAU,WAAW,CAAC,OAAO,GAAG,kBAAkB,EAAE;IACxD,OAAO,eAAe,OAAO;;;;;;;;wCAQS,CAAC;AACzC,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,MAAM,CAC1B,OAA0B,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAC/C,KAAY,SAAS,EACrB,OAAgB,EAAE;IAElB,MAAM,OAAO,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;IACxB,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,IAAI,IAAI,WAAW,EAAE,CAAC;IAC1D,MAAM,YAAY,GAAG,IAAI,CAAC,YAAY,IAAI,IAAI,YAAY,EAAE,CAAC;IAC7D,MAAM,YAAY,GAAG,IAAI,CAAC,cAAc,IAAI,cAAc,CAAC;IAE3D,IAAI,OAAO,KAAK,QAAQ,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;QAC7C,EAAE,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC;QACtB,OAAO,CAAC,CAAC;IACX,CAAC;IAED,IAAI,OAAO,KAAK,WAAW,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;QAChD,EAAE,CAAC,GAAG,CAAC,kBAAkB,EAAE,CAAC,CAAC;QAC7B,OAAO,CAAC,CAAC;IACX,CAAC;IAED,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;QAC1B,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,WAAW,CAAC,OAAO,EAAE,CAAC;QAE5D,IAAI,CAAC;YACH,MAAM,YAAY,CAAC,GAAG,CAAC,cAAc,EAAE,WAAW,CAAC,CAAC;YACpD,MAAM,YAAY,CAAC,GAAG,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;QAC5C,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,YAAY,CAAC,KAAK,EAAE,CAAC;YAC3B,MAAM,KAAK,CAAC;QACd,CAAC;QAED,EAAE,CAAC,GAAG,CAAC,0BAA0B,WAAW,UAAU,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAC7E,OAAO,CAAC,CAAC;IACX,CAAC;IAED,IAAI,OAAO,KAAK,QAAQ,EAAE,CAAC;QACzB,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QACjD,MAAM,WAAW,GAAG,MAAM,YAAY,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;QAE3D,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,EAAE,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;YACxB,OAAO,CAAC,CAAC;QACX,CAAC;QAED,EAAE,CAAC,GAAG,CAAC,0BAA0B,WAAW,IAAI,SAAS,UAAU,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAC1F,OAAO,CAAC,CAAC;IACX,CAAC;IAED,IAAI,OAAO,KAAK,YAAY,EAAE,CAAC;QAC7B,MAAM,YAAY,CAAC,KAAK,EAAE,CAAC;QAC3B,EAAE,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;QACvB,OAAO,CAAC,CAAC;IACX,CAAC;IAED,IAAI,OAAO,EAAE,CAAC;QACZ,EAAE,CAAC,KAAK,CAAC,oBAAoB,OAAO,EAAE,CAAC,CAAC;QACxC,EAAE,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC;QACtB,OAAO,CAAC,CAAC;IACX,CAAC;IAED,MAAM,YAAY,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IACpC,OAAO,CAAC,CAAC;AACX,CAAC"}

package/dist/http/api-client.d.ts

@@ -0,0 +1,51 @@
+import { type TokenStorageAccount } from '../auth/token-storage.js';
+export declare const API_REQUEST_TIMEOUT_MS = 60000;
+export type ApiMethod = 'GET' | 'POST' | 'PATCH' | 'PUT' | 'DELETE';
+export interface CredentialReader {
+    get(account: TokenStorageAccount): Promise<string | null>;
+}
+export interface ApiTransportRequest {
+    readonly method: ApiMethod;
+    readonly url: string;
+    readonly data?: unknown;
+    readonly headers: Record<string, string>;
+    readonly timeout: number;
+}
+export interface ApiTransportResponse<T> {
+    readonly status: number;
+    readonly data: T;
+}
+export interface ApiTransport {
+    request<T = unknown>(request: ApiTransportRequest): Promise<ApiTransportResponse<T>>;
+}
+export interface ApiClientOptions {
+    readonly apiBaseUrl?: string;
+    readonly tokenStorage?: CredentialReader;
+    readonly transport?: ApiTransport;
+    readonly timeoutMs?: number;
+}
+export interface ToolApiClient {
+    post<T>(path: string, body?: unknown): Promise<T>;
+    request<T>(method: ApiMethod, path: string, body?: unknown): Promise<T>;
+    getStoredWorkspaceId(): Promise<string | null>;
+}
+export declare class ApiClientError extends Error {
+    readonly status?: number | undefined;
+    readonly responseMessage?: string | undefined;
+    constructor(message: string, status?: number | undefined, responseMessage?: string | undefined);
+}
+export declare class ApiClientNetworkError extends Error {
+    constructor(message: string);
+}
+export declare class ApiClient implements ToolApiClient {
+    private readonly apiBaseUrl;
+    private readonly tokenStorage;
+    private readonly transport;
+    private readonly timeoutMs;
+    constructor(options?: ApiClientOptions);
+    post<T>(path: string, body?: unknown): Promise<T>;
+    patch<T>(path: string, body?: unknown): Promise<T>;
+    getStoredWorkspaceId(): Promise<string | null>;
+    request<T>(method: ApiMethod, path: string, body?: unknown): Promise<T>;
+}
+export declare function buildApiUrl(apiBaseUrl: string, path: string): string;