@chaprola/mcp-server 1.4.2 → 1.4.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/references/auth.md +2 -4
- package/references/cookbook.md +71 -0
- package/references/endpoints.md +4 -4
- package/references/gotchas.md +2 -2
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@chaprola/mcp-server",
|
|
3
|
-
"version": "1.4.
|
|
3
|
+
"version": "1.4.3",
|
|
4
4
|
"description": "MCP server for Chaprola — agent-first data platform. Gives AI agents 46 tools for structured data storage, record CRUD, querying, schema inspection, web search, URL fetching, scheduled jobs, and execution via plain HTTP.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "dist/index.js",
|
package/references/auth.md
CHANGED
|
@@ -33,16 +33,14 @@ POST /login {"username": "my-agent", "passcode": "a-long-secure-passcode-16-char
|
|
|
33
33
|
|
|
34
34
|
## BAA (Business Associate Agreement)
|
|
35
35
|
|
|
36
|
-
|
|
36
|
+
**Only needed for PHI (Protected Health Information).** Non-PHI data works without a BAA. If your data contains no patient names, SSNs, dates of birth, or other HIPAA identifiers, skip the BAA entirely.
|
|
37
37
|
|
|
38
|
-
|
|
38
|
+
If you do handle PHI, sign the BAA once per account:
|
|
39
39
|
1. `POST /baa-text` → get BAA text (show to human)
|
|
40
40
|
2. Human reviews and agrees
|
|
41
41
|
3. `POST /sign-baa` → sign it (one-time per account)
|
|
42
42
|
4. `POST /baa-status` → verify signing status
|
|
43
43
|
|
|
44
|
-
**Exempt endpoints** (no BAA required): /hello, /register, /login, /check-username, /delete-account, /sign-baa, /baa-status, /baa-text, /report, /email/inbound
|
|
45
|
-
|
|
46
44
|
## MCP Server Environment Variables
|
|
47
45
|
|
|
48
46
|
| Variable | Description |
|
package/references/cookbook.md
CHANGED
|
@@ -83,6 +83,77 @@ POST /run/status {userid, project, job_id}
|
|
|
83
83
|
# Response: {status: "done", output: "..."}
|
|
84
84
|
```
|
|
85
85
|
|
|
86
|
+
## Parameterized Reports (PARAM.name)
|
|
87
|
+
|
|
88
|
+
Programs can accept named parameters from URL query strings. Use this for dynamic reports.
|
|
89
|
+
|
|
90
|
+
```chaprola
|
|
91
|
+
// Report that accepts &deck=kanji&level=3 as URL params
|
|
92
|
+
MOVE PARAM.deck U.1 20 // string param → U buffer
|
|
93
|
+
LET lvl = PARAM.level // numeric param → R variable
|
|
94
|
+
SEEK 1
|
|
95
|
+
100 IF EOF GOTO 900
|
|
96
|
+
MOVE P.deck U.30 10
|
|
97
|
+
IF EQUAL PARAM.deck U.30 GOTO 200 // filter by deck param
|
|
98
|
+
GOTO 300
|
|
99
|
+
200 GET cardlvl FROM P.level
|
|
100
|
+
IF cardlvl NE lvl GOTO 300 // filter by level param
|
|
101
|
+
MOVE P.kanji U.1 4
|
|
102
|
+
MOVE P.reading U.6 10
|
|
103
|
+
PRINT 0
|
|
104
|
+
300 LET rec = rec + 1
|
|
105
|
+
SEEK rec
|
|
106
|
+
GOTO 100
|
|
107
|
+
900 END
|
|
108
|
+
```
|
|
109
|
+
|
|
110
|
+
Publish with: `POST /publish {userid, project, name, primary_file, acl: "authenticated"}`
|
|
111
|
+
Call with: `GET /report?userid=X&project=Y&name=Z&deck=kanji&level=3`
|
|
112
|
+
Discover params: `POST /report/params {userid, project, name}` → returns .PF schema (field names, types, widths)
|
|
113
|
+
|
|
114
|
+
## Named Output Positions (U.name)
|
|
115
|
+
|
|
116
|
+
Instead of `U.1`, `U.12`, etc., use named positions for readable code:
|
|
117
|
+
|
|
118
|
+
```chaprola
|
|
119
|
+
// U.name positions are auto-allocated by the compiler
|
|
120
|
+
MOVE P.name U.name 20
|
|
121
|
+
MOVE P.dept U.dept 10
|
|
122
|
+
PUT sal INTO U.salary 10 D 0
|
|
123
|
+
PRINT 0
|
|
124
|
+
```
|
|
125
|
+
|
|
126
|
+
## GROUP BY with Pivot (via /query)
|
|
127
|
+
|
|
128
|
+
Chaprola's pivot IS GROUP BY. Set `row` = grouping field, `values` = aggregate functions.
|
|
129
|
+
|
|
130
|
+
```bash
|
|
131
|
+
# SQL: SELECT department, COUNT(*), AVG(salary) FROM staff GROUP BY department
|
|
132
|
+
POST /query {
|
|
133
|
+
userid, project, file: "STAFF",
|
|
134
|
+
pivot: {
|
|
135
|
+
row: "department",
|
|
136
|
+
values: [
|
|
137
|
+
{field: "department", function: "count"},
|
|
138
|
+
{field: "salary", function: "avg"}
|
|
139
|
+
]
|
|
140
|
+
}
|
|
141
|
+
}
|
|
142
|
+
|
|
143
|
+
# SQL: SELECT department, year, SUM(revenue) FROM sales GROUP BY department, year
|
|
144
|
+
POST /query {
|
|
145
|
+
userid, project, file: "SALES",
|
|
146
|
+
pivot: {
|
|
147
|
+
row: "department",
|
|
148
|
+
column: "year",
|
|
149
|
+
values: [{field: "revenue", function: "sum"}],
|
|
150
|
+
totals: true
|
|
151
|
+
}
|
|
152
|
+
}
|
|
153
|
+
```
|
|
154
|
+
|
|
155
|
+
Supported aggregate functions: `count`, `sum`, `avg`, `min`, `max`, `stddev`.
|
|
156
|
+
|
|
86
157
|
## PUT Format Codes
|
|
87
158
|
|
|
88
159
|
| Code | Description | Example |
|
package/references/endpoints.md
CHANGED
|
@@ -14,7 +14,7 @@ Auth: `Authorization: Bearer chp_your_api_key` on all protected endpoints.
|
|
|
14
14
|
| `POST /check-username` | `{username}` → `{available: bool}` |
|
|
15
15
|
| `POST /delete-account` | `{username, passcode}` → deletes account + all data |
|
|
16
16
|
| `POST /baa-text` | `{}` → `{baa_version, text}`. Get BAA for human review |
|
|
17
|
-
| `POST /report` | `{userid, project, name}` → program output. Program must be published |
|
|
17
|
+
| `POST /report` | `{userid, project, name, ¶m=value}` → program output. Accepts named params via URL query strings. Use `/report/params` to discover schema. Program must be published |
|
|
18
18
|
|
|
19
19
|
## Protected Endpoints (auth required)
|
|
20
20
|
|
|
@@ -41,7 +41,7 @@ Auth: `Authorization: Bearer chp_your_api_key` on all protected endpoints.
|
|
|
41
41
|
| `POST /compile` | `{userid, project, name, source, primary_format?, secondary_format?}` | `{instructions, bytes}` |
|
|
42
42
|
| `POST /run` | `{userid, project, name, primary_file?, record?, async?, nophi?}` | `{output, registers}` or `{job_id}` |
|
|
43
43
|
| `POST /run/status` | `{userid, project, job_id}` | `{status: "running"/"done", output?}` |
|
|
44
|
-
| `POST /publish` | `{userid, project, name, primary_file?, record?}` | `{report_url}` |
|
|
44
|
+
| `POST /publish` | `{userid, project, name, primary_file?, record?, acl?}` | `{report_url}`. ACL: `public` (default), `authenticated`, `owner`, `token` |
|
|
45
45
|
| `POST /unpublish` | `{userid, project, name}` | `{status: "ok"}` |
|
|
46
46
|
| `POST /export-report` | `{userid, project, name, primary_file?, format?, title?, nophi?}` | `{output, files_written}` |
|
|
47
47
|
|
|
@@ -83,5 +83,5 @@ Auth: `Authorization: Bearer chp_your_api_key` on all protected endpoints.
|
|
|
83
83
|
|
|
84
84
|
- `userid` in every request body must match the authenticated user (403 if not)
|
|
85
85
|
- API keys never expire. Login generates a new key and invalidates the old one
|
|
86
|
-
-
|
|
87
|
-
- All `.DA` files expire after 90 days by default
|
|
86
|
+
- BAA only required for PHI data. Non-PHI data works without signing a BAA
|
|
87
|
+
- All `.DA` files expire after 90 days by default. Set `expires_in_days` on import to override (up to 36500 days)
|
package/references/gotchas.md
CHANGED
|
@@ -52,8 +52,8 @@ Every request body's `userid` must equal your username. 403 on mismatch.
|
|
|
52
52
|
### Login invalidates the old key
|
|
53
53
|
`POST /login` generates a new API key. The old one is dead. Save the new one immediately.
|
|
54
54
|
|
|
55
|
-
### BAA required for
|
|
56
|
-
|
|
55
|
+
### BAA only required for PHI
|
|
56
|
+
The BAA is only needed if your data contains Protected Health Information (patient names, SSNs, dates of birth, etc.). Non-PHI data works without signing a BAA. If you get a 403 on a PHI-flagged field, either sign the BAA or rename the field to avoid PHI auto-detection.
|
|
57
57
|
|
|
58
58
|
### Async for large datasets
|
|
59
59
|
`POST /run` with `async: true` for >100K records. API Gateway has a 30-second timeout; async bypasses it. Poll `/run/status` until `status: "done"`.
|