@chaprola/mcp-server 1.6.0 → 1.6.2

package/dist/index.js

@@ -276,13 +276,16 @@ server.tool("chaprola_report", "Run a published program and return output. No au
     userid: z.string().describe("Owner of the published program"),
     project: z.string().describe("Project containing the program"),
     name: z.string().describe("Name of the published .PR file"),
+    token: z.string().optional().describe("Action token (act_...) for writable reports. Required to persist WRITE/DELETE/QUERY operations. Provided when program was published with writable=true."),
     params: z.record(z.union([z.string(), z.number()])).optional().describe("Parameters to inject before execution. Named params (e.g., {deck: \"kanji\", level: 3}) are read in programs via PARAM.name. Legacy R-variables (r1-r20) also supported. Use chaprola_report_params to discover what params a report accepts."),
-}, async ({ userid, project, name, params }) => {
-    // Build URL with query params for r1-r20
+}, async ({ userid, project, name, token, params }) => {
     const urlParams = new URLSearchParams();
     urlParams.set("userid", userid);
     urlParams.set("project", project);
     urlParams.set("name", name);
+    if (token) {
+        urlParams.set("token", token);
+    }
     if (params) {
         for (const [key, value] of Object.entries(params)) {
             urlParams.set(key, String(value));

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@chaprola/mcp-server",
-  "version": "1.6.0",
+  "version": "1.6.2",
   "description": "MCP server for Chaprola — agent-first data platform. Gives AI agents 46 tools for structured data storage, record CRUD, querying, schema inspection, web search, URL fetching, scheduled jobs, and execution via plain HTTP.",
   "type": "module",
   "main": "dist/index.js",

package/references/auth.md

@@ -26,6 +26,7 @@ POST /login {"username": "my-agent", "passcode": "a-long-secure-passcode-16-char
 
 - **API keys never expire.** Only invalidated by re-login or account deletion.
 - **Login replaces the key.** Old key stops working immediately. Save the new one.
+- **Site keys never expire.** They persist until explicitly deleted via `/delete-site-key`. Login does not affect site keys.
 - **Passcode requirements:** 16-128 characters.
 - **Username requirements:** 3-40 chars, alphanumeric + hyphens/underscores, starts with letter.
 - **Userid must match.** Every request body's `userid` field must match the authenticated username (403 if not).

package/references/cookbook.md

@@ -167,18 +167,17 @@ PRINT 0
 
 ## GROUP BY with Pivot (via /query)
 
-Chaprola's pivot IS GROUP BY. Set `row` = grouping field, `values` = aggregate functions.
+Chaprola's pivot IS GROUP BY. Schema: `{row, column, value, aggregate}`.
 
 ```bash
-# SQL: SELECT department, COUNT(*), AVG(salary) FROM staff GROUP BY department
+# SQL: SELECT department, AVG(salary) FROM staff GROUP BY department
 POST /query {
   userid, project, file: "STAFF",
   pivot: {
     row: "department",
-    values: [
-      {field: "department", function: "count"},
-      {field: "salary", function: "avg"}
-    ]
+    column: "",
+    value: "salary",
+    aggregate: "avg"
   }
 }
 
@@ -188,26 +187,17 @@ POST /query {
   pivot: {
     row: "department",
     column: "year",
-    values: [{field: "revenue", function: "sum"}],
-    totals: true
-  }
-}
-```
-
-For simple aggregation without a cross-tabulation column, set `column` to empty string:
-```bash
-# Count records per department (no cross-tab)
-POST /query {
-  userid, project, file: "STAFF",
-  pivot: {
-    row: "department",
-    column: "",
-    values: [{field: "department", function: "count"}]
+    value: "revenue",
+    aggregate: "sum"
   }
 }
 ```
 
-Supported aggregate functions: `count`, `sum`, `avg`, `min`, `max`, `stddev`.
+- `row` — grouping field
+- `column` — cross-tab field (use `""` for simple aggregation)
+- `value` — field to aggregate (string or array of strings)
+- `aggregate` — function: `count`, `sum`, `avg`, `min`, `max`, `stddev`
+- Row and column totals included automatically in response
 
 ## PUT Format Codes
 

package/references/endpoints.md

@@ -82,6 +82,6 @@ Auth: `Authorization: Bearer chp_your_api_key` on all protected endpoints.
 ## Key Rules
 
 - `userid` in every request body must match the authenticated user (403 if not)
-- API keys expire after 90 days. Login generates a new key (old keys remain valid until expiration)
+- API keys expire after 90 days. Login generates a new key (old key is immediately invalidated)
 - BAA only required for PHI data. Non-PHI data works without signing a BAA
 - All `.DA` files expire after 90 days by default. Set `expires_in_days` on import to override (up to 36500 days)

package/references/ref-auth.md

@@ -10,9 +10,10 @@ POST /register {"username": "my-agent", "passcode": "16-chars-minimum-passcode"}
 → {"api_key": "chp_..."}
 
 POST /login {"username": "my-agent", "passcode": "..."}
-→ {"api_key": "chp_..."}  # old keys remain valid until expiration
+→ {"api_key": "chp_..."}  # old key immediately invalidated
 ```
 - Passcode: 16-128 chars. Username: 3-40 chars, alphanumeric + hyphens/underscores.
+- Site keys (`site_...`) never expire. Only removed by `/delete-site-key`. Login does not affect them.
 - Rate limits: auth 5 rps, data 20 rps.
 
 ## BAA

package/references/ref-pivot.md

@@ -2,31 +2,45 @@
 
 Chaprola's pivot IS GROUP BY. Add `pivot` to `/query`.
 
-## Simple aggregation (no cross-tab)
+## Schema
+```json
+"pivot": {
+  "row": "grouping_field",
+  "column": "cross_tab_field",
+  "value": "measure_field",
+  "aggregate": "sum"
+}
+```
+- `row` — grouping field (like SQL GROUP BY)
+- `column` — cross-tabulation field (use `""` for simple aggregation)
+- `value` — field to aggregate (string, or array of strings for multiple measures)
+- `aggregate` — function name: `count`, `sum`, `avg`, `min`, `max`, `stddev`
+
+## Simple aggregation
 ```json
 POST /query {
   "userid": "...", "project": "...", "file": "STAFF",
   "pivot": {
     "row": "department",
     "column": "",
-    "values": [
-      {"field": "department", "function": "count"},
-      {"field": "salary", "function": "avg"}
-    ]
+    "value": "salary",
+    "aggregate": "avg"
   }
 }
 ```
-SQL equivalent: `SELECT department, COUNT(*), AVG(salary) FROM staff GROUP BY department`
+SQL equivalent: `SELECT department, AVG(salary) FROM staff GROUP BY department`
+
+For COUNT: `"value": "department", "aggregate": "count"`
 
 ## Cross-tabulation
 ```json
 "pivot": {
   "row": "department",
   "column": "year",
-  "values": [{"field": "revenue", "function": "sum"}],
-  "totals": true
+  "value": "revenue",
+  "aggregate": "sum"
 }
 ```
 SQL equivalent: `SELECT department, year, SUM(revenue) FROM sales GROUP BY department, year`
 
-Supported functions: `count`, `sum`, `avg`, `min`, `max`, `stddev`.
+Row and column totals are included automatically in the response.