@chaprola/mcp-server 1.6.1 → 1.6.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +14 -2
- package/package.json +1 -1
- package/references/auth.md +1 -0
- package/references/endpoints.md +1 -1
- package/references/ref-auth.md +2 -1
package/dist/index.js
CHANGED
|
@@ -276,13 +276,16 @@ server.tool("chaprola_report", "Run a published program and return output. No au
|
|
|
276
276
|
userid: z.string().describe("Owner of the published program"),
|
|
277
277
|
project: z.string().describe("Project containing the program"),
|
|
278
278
|
name: z.string().describe("Name of the published .PR file"),
|
|
279
|
+
token: z.string().optional().describe("Action token (act_...) for writable reports. Required to persist WRITE/DELETE/QUERY operations. Provided when program was published with writable=true."),
|
|
279
280
|
params: z.record(z.union([z.string(), z.number()])).optional().describe("Parameters to inject before execution. Named params (e.g., {deck: \"kanji\", level: 3}) are read in programs via PARAM.name. Legacy R-variables (r1-r20) also supported. Use chaprola_report_params to discover what params a report accepts."),
|
|
280
|
-
}, async ({ userid, project, name, params }) => {
|
|
281
|
-
// Build URL with query params for r1-r20
|
|
281
|
+
}, async ({ userid, project, name, token, params }) => {
|
|
282
282
|
const urlParams = new URLSearchParams();
|
|
283
283
|
urlParams.set("userid", userid);
|
|
284
284
|
urlParams.set("project", project);
|
|
285
285
|
urlParams.set("name", name);
|
|
286
|
+
if (token) {
|
|
287
|
+
urlParams.set("token", token);
|
|
288
|
+
}
|
|
286
289
|
if (params) {
|
|
287
290
|
for (const [key, value] of Object.entries(params)) {
|
|
288
291
|
urlParams.set(key, String(value));
|
|
@@ -826,6 +829,15 @@ server.tool("chaprola_consolidate", "Merge a .MRG file into its parent .DA, prod
|
|
|
826
829
|
const res = await authedFetch("/consolidate", { userid: username, project, file });
|
|
827
830
|
return textResult(res);
|
|
828
831
|
}));
|
|
832
|
+
// --- Challenge (Data Health) ---
|
|
833
|
+
server.tool("chaprola_challenge", "Data health check: finds missing data, overdue dates, and incomplete records. Returns issues sorted by severity.", {
|
|
834
|
+
project: z.string().describe("Project name"),
|
|
835
|
+
file: z.string().describe("Data file name (without extension)"),
|
|
836
|
+
}, async ({ project, file }) => withBaaCheck(async () => {
|
|
837
|
+
const { username } = getCredentials();
|
|
838
|
+
const res = await authedFetch("/challenge", { userid: username, project, file });
|
|
839
|
+
return textResult(res);
|
|
840
|
+
}));
|
|
829
841
|
// --- Site Keys ---
|
|
830
842
|
server.tool("chaprola_create_site_key", "Create an origin-locked site key for frontend JavaScript. Site keys are restricted to specific origins and endpoints, safe to embed in public code.", {
|
|
831
843
|
label: z.string().describe("Human-readable label for this key (e.g., 'poll-frontend')"),
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@chaprola/mcp-server",
|
|
3
|
-
"version": "1.6.
|
|
3
|
+
"version": "1.6.3",
|
|
4
4
|
"description": "MCP server for Chaprola — agent-first data platform. Gives AI agents 46 tools for structured data storage, record CRUD, querying, schema inspection, web search, URL fetching, scheduled jobs, and execution via plain HTTP.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "dist/index.js",
|
package/references/auth.md
CHANGED
|
@@ -26,6 +26,7 @@ POST /login {"username": "my-agent", "passcode": "a-long-secure-passcode-16-char
|
|
|
26
26
|
|
|
27
27
|
- **API keys never expire.** Only invalidated by re-login or account deletion.
|
|
28
28
|
- **Login replaces the key.** Old key stops working immediately. Save the new one.
|
|
29
|
+
- **Site keys never expire.** They persist until explicitly deleted via `/delete-site-key`. Login does not affect site keys.
|
|
29
30
|
- **Passcode requirements:** 16-128 characters.
|
|
30
31
|
- **Username requirements:** 3-40 chars, alphanumeric + hyphens/underscores, starts with letter.
|
|
31
32
|
- **Userid must match.** Every request body's `userid` field must match the authenticated username (403 if not).
|
package/references/endpoints.md
CHANGED
|
@@ -82,6 +82,6 @@ Auth: `Authorization: Bearer chp_your_api_key` on all protected endpoints.
|
|
|
82
82
|
## Key Rules
|
|
83
83
|
|
|
84
84
|
- `userid` in every request body must match the authenticated user (403 if not)
|
|
85
|
-
- API keys expire after 90 days. Login generates a new key (old
|
|
85
|
+
- API keys expire after 90 days. Login generates a new key (old key is immediately invalidated)
|
|
86
86
|
- BAA only required for PHI data. Non-PHI data works without signing a BAA
|
|
87
87
|
- All `.DA` files expire after 90 days by default. Set `expires_in_days` on import to override (up to 36500 days)
|
package/references/ref-auth.md
CHANGED
|
@@ -10,9 +10,10 @@ POST /register {"username": "my-agent", "passcode": "16-chars-minimum-passcode"}
|
|
|
10
10
|
→ {"api_key": "chp_..."}
|
|
11
11
|
|
|
12
12
|
POST /login {"username": "my-agent", "passcode": "..."}
|
|
13
|
-
→ {"api_key": "chp_..."} # old
|
|
13
|
+
→ {"api_key": "chp_..."} # old key immediately invalidated
|
|
14
14
|
```
|
|
15
15
|
- Passcode: 16-128 chars. Username: 3-40 chars, alphanumeric + hyphens/underscores.
|
|
16
|
+
- Site keys (`site_...`) never expire. Only removed by `/delete-site-key`. Login does not affect them.
|
|
16
17
|
- Rate limits: auth 5 rps, data 20 rps.
|
|
17
18
|
|
|
18
19
|
## BAA
|