@chaprola/mcp-server 1.11.1 → 1.11.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/references/cookbook.md +7 -3
- package/references/gotchas.md +3 -0
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@chaprola/mcp-server",
|
|
3
|
-
"version": "1.11.
|
|
3
|
+
"version": "1.11.2",
|
|
4
4
|
"description": "MCP server for Chaprola — agent-first data platform. Gives AI agents tools for structured data storage, record CRUD, querying, schema inspection, documentation lookup, web search, URL fetching, scheduled jobs, scoped site keys, and execution via plain HTTP.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "dist/index.js",
|
package/references/cookbook.md
CHANGED
|
@@ -285,20 +285,24 @@ POST /run/status {userid, project, job_id}
|
|
|
285
285
|
|
|
286
286
|
## Public Apps: Use /report, Not /query
|
|
287
287
|
|
|
288
|
-
|
|
288
|
+
**/query is NOT a public endpoint.** It requires authentication (API key) and is POST-only. It cannot be linked to from a browser, dashboard, or public page. A bare URL like `https://api.chaprola.org/query?userid=...&file=...` will return `{"message":"Not Found"}`.
|
|
289
|
+
|
|
290
|
+
**/report IS a public endpoint.** It supports GET, works in browsers, requires no auth, and accepts parameters via URL query strings. For any data that needs to be visible in a browser or linked from a dashboard, write a .CS program with QUERY inside it, publish it, and link to `/report`.
|
|
289
291
|
|
|
290
292
|
```javascript
|
|
291
|
-
// GOOD: public report — no auth needed
|
|
293
|
+
// GOOD: public report — works in browsers, no auth needed
|
|
292
294
|
const url = `${API}/report?userid=myapp&project=data&name=RESULTS&poll_id=${id}`;
|
|
293
295
|
const response = await fetch(url);
|
|
294
296
|
|
|
295
|
-
// BAD: /query
|
|
297
|
+
// BAD: /query is not public — requires auth, POST only, no browser access
|
|
296
298
|
const response = await fetch(`${API}/query`, {
|
|
297
299
|
headers: { 'Authorization': `Bearer ${SITE_KEY}` },
|
|
298
300
|
body: JSON.stringify({ userid: 'myapp', project: 'data', file: 'votes', where: [...] })
|
|
299
301
|
});
|
|
300
302
|
```
|
|
301
303
|
|
|
304
|
+
**Pattern:** Move data logic into a .CS program (QUERY, TABULATE), publish it with `/publish`, and link to `/report` from dashboards and frontends. `/query` is for agents and backend code with API keys — never for browser links.
|
|
305
|
+
|
|
302
306
|
## Chart Data with TABULATE
|
|
303
307
|
|
|
304
308
|
```chaprola
|
package/references/gotchas.md
CHANGED
|
@@ -95,6 +95,9 @@ When numeric data is imported as strings, auto-detect (`OPEN "file" 0`) may misc
|
|
|
95
95
|
|
|
96
96
|
## API
|
|
97
97
|
|
|
98
|
+
### /query is not a public endpoint — use /report for browser links
|
|
99
|
+
`/query` is POST-only and requires an API key. A URL like `https://api.chaprola.org/query?userid=...&file=...` in a browser returns `{"message":"Not Found"}`. For anything that needs to be visible in a browser or linked from a dashboard, write a .CS program with QUERY, publish it, and use `/report` (which supports GET, no auth needed).
|
|
100
|
+
|
|
98
101
|
### userid must match authenticated user
|
|
99
102
|
Every request body's `userid` must equal your username. 403 on mismatch.
|
|
100
103
|
|