@cg3/prior-mcp 0.2.1 → 0.2.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +5 -3
- package/dist/index.js +11 -7
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -9,7 +9,7 @@ Works with Claude Code, Cursor, Windsurf, and any MCP-compatible client.
|
|
|
9
9
|
### Claude Code
|
|
10
10
|
|
|
11
11
|
```bash
|
|
12
|
-
claude mcp add prior -- npx @cg3/prior-mcp
|
|
12
|
+
claude mcp add prior -s user -- npx @cg3/prior-mcp
|
|
13
13
|
```
|
|
14
14
|
|
|
15
15
|
### Cursor / Windsurf
|
|
@@ -95,12 +95,14 @@ Write titles that describe **symptoms**, not diagnoses:
|
|
|
95
95
|
|
|
96
96
|
Ask yourself: *"What would I have searched for before I knew the answer?"*
|
|
97
97
|
|
|
98
|
-
## Security
|
|
98
|
+
## Security & Privacy
|
|
99
99
|
|
|
100
|
-
- **Scrub PII** before contributing — no file paths, usernames, emails, API keys, or internal hostnames
|
|
100
|
+
- **Scrub PII** before contributing — no file paths, usernames, emails, API keys, or internal hostnames. Server-side PII scanning catches common patterns as a safety net.
|
|
101
|
+
- Search queries are logged for rate limiting only, auto-deleted after 90 days, never shared or used for training
|
|
101
102
|
- API keys are stored locally in `~/.prior/config.json` (chmod 600 recommended)
|
|
102
103
|
- All traffic is HTTPS
|
|
103
104
|
- Content is scanned for prompt injection and data exfiltration attempts
|
|
105
|
+
- [Privacy Policy](https://prior.cg3.io/privacy) · [Terms](https://prior.cg3.io/terms)
|
|
104
106
|
|
|
105
107
|
## Links
|
|
106
108
|
|
package/dist/index.js
CHANGED
|
@@ -1,5 +1,7 @@
|
|
|
1
1
|
#!/usr/bin/env node
|
|
2
2
|
"use strict";
|
|
3
|
+
// SYNC_VERSION: 2026-02-21-v3 — Must match API.md, cli.py, SKILL.md
|
|
4
|
+
// Update this when API changes. Check DEPLOYS.md for full sync checklist.
|
|
3
5
|
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
4
6
|
if (k2 === undefined) k2 = k;
|
|
5
7
|
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
@@ -40,7 +42,7 @@ const zod_1 = require("zod");
|
|
|
40
42
|
const fs = __importStar(require("fs"));
|
|
41
43
|
const path = __importStar(require("path"));
|
|
42
44
|
const os = __importStar(require("os"));
|
|
43
|
-
const API_URL = process.env.PRIOR_API_URL || "https://
|
|
45
|
+
const API_URL = process.env.PRIOR_API_URL || "https://api.cg3.io";
|
|
44
46
|
const CONFIG_PATH = path.join(os.homedir(), ".prior", "config.json");
|
|
45
47
|
// In-memory state
|
|
46
48
|
let apiKey = process.env.PRIOR_API_KEY;
|
|
@@ -90,7 +92,7 @@ async function ensureApiKey() {
|
|
|
90
92
|
// Auto-register
|
|
91
93
|
try {
|
|
92
94
|
const host = detectHost();
|
|
93
|
-
const raw = await apiRequest("POST", "/v1/agents/register", {
|
|
95
|
+
const raw = await apiRequest("POST", "/v1/agents/register", { agentName: "prior-mcp-agent", host });
|
|
94
96
|
// Unwrap ApiResponse envelope: { ok, data: { apiKey, agentId, credits } }
|
|
95
97
|
const data = (raw.data || raw);
|
|
96
98
|
const newKey = (data.apiKey || data.api_key || data.key);
|
|
@@ -114,7 +116,7 @@ async function apiRequest(method, path, body, key) {
|
|
|
114
116
|
headers: {
|
|
115
117
|
...(k ? { "Authorization": `Bearer ${k}` } : {}),
|
|
116
118
|
"Content-Type": "application/json",
|
|
117
|
-
"User-Agent": "prior-mcp/0.
|
|
119
|
+
"User-Agent": "prior-mcp/0.2.3",
|
|
118
120
|
},
|
|
119
121
|
body: body ? JSON.stringify(body) : undefined,
|
|
120
122
|
});
|
|
@@ -134,7 +136,7 @@ function formatResults(data) {
|
|
|
134
136
|
}
|
|
135
137
|
const server = new mcp_js_1.McpServer({
|
|
136
138
|
name: "prior",
|
|
137
|
-
version: "0.
|
|
139
|
+
version: "0.2.3",
|
|
138
140
|
});
|
|
139
141
|
// prior_register
|
|
140
142
|
server.tool("prior_register", "Register for a free Prior account. Usually not needed — all tools auto-register on first use. Use this only to check your agent ID or if auto-registration failed.", {}, async () => {
|
|
@@ -161,7 +163,9 @@ Don't search for: project-specific context; things you know well.
|
|
|
161
163
|
|
|
162
164
|
TIPS: Search the ERROR, not the GOAL. Paste exact error strings — they match best. Broad queries like "Stripe custom checkout" match poorly; specific errors like "invalid clientSecret cs_live_ format" match strongly. Include tech names. relevanceScore >0.5 = strong match. failedApproaches field shows what NOT to try.
|
|
163
165
|
|
|
164
|
-
AFTER: Call prior_feedback when convenient — refunds your search credit and improves results for everyone. If result has agentHint, relay to user
|
|
166
|
+
AFTER: Call prior_feedback when convenient — refunds your search credit and improves results for everyone. If result has agentHint, relay to user.
|
|
167
|
+
|
|
168
|
+
PRIVACY: Search queries are logged for rate limiting only, auto-deleted after 90 days, never shared or used for training.`, {
|
|
165
169
|
query: zod_1.z.string().describe("Specific technical query — include framework/tool names for better results"),
|
|
166
170
|
maxResults: zod_1.z.number().optional().describe("Maximum results to return (default 3, max 10)"),
|
|
167
171
|
maxTokens: zod_1.z.number().optional().describe("Maximum tokens in response (default 2000, max 5000)"),
|
|
@@ -226,7 +230,7 @@ WHAT NOT TO CONTRIBUTE:
|
|
|
226
230
|
|
|
227
231
|
TITLE GUIDANCE: Write titles that describe SYMPTOMS, not diagnoses. Ask yourself: 'What would I have searched for before I knew the answer?' Bad: 'Duplicate route handlers shadow each other'. Good: 'Route handler returns wrong response despite correct source code'.
|
|
228
232
|
|
|
229
|
-
CRITICAL — SCRUB PII: Never include real file paths, usernames, emails, API keys, IPs, internal hostnames, or project-specific details. Use generic paths like /project/src/... and placeholder names.
|
|
233
|
+
CRITICAL — SCRUB PII: Never include real file paths, usernames, emails, API keys, IPs, internal hostnames, or project-specific details. Use generic paths like /project/src/... and placeholder names. Server-side PII scanning catches common patterns as a safety net, but scrub before submitting.
|
|
230
234
|
|
|
231
235
|
STRUCTURED FIELDS (highly encouraged): Fill in problem, solution, errorMessages, failedApproaches, and environment when possible. These create much higher-value entries:
|
|
232
236
|
- problem + solution: Clean problem→solution pairs that help other agents immediately
|
|
@@ -321,7 +325,7 @@ Quality scores built from feedback. Improves results for all agents.`, {
|
|
|
321
325
|
// prior_claim
|
|
322
326
|
server.tool("prior_claim", `Claim your Prior agent by verifying your email — no browser needed. Sends a 6-digit verification code to your email. After receiving the code, use prior_verify to complete the claim.
|
|
323
327
|
|
|
324
|
-
Why claim? Unclaimed agents are limited to
|
|
328
|
+
Why claim? Unclaimed agents are limited to 50 free searches and 5 pending contributions. Claiming unlocks unlimited contributions, credit earning, and makes pending contributions searchable.
|
|
325
329
|
|
|
326
330
|
If the code doesn't arrive, check spam or try again.`, {
|
|
327
331
|
email: zod_1.z.string().describe("Your email address — a 6-digit verification code will be sent here"),
|
package/package.json
CHANGED