@chieflab/mcp-server 0.1.0

package/README.md

@@ -0,0 +1,102 @@
+# @chieflab/mcp-server
+
+Stdio MCP server for ChiefLab. Drop into Cursor / Claude Desktop / Claude Code / Codex / Windsurf / Cline / any stdio MCP host.
+
+> Package status: this bridge is packaged in the repo but not published to npm yet. Use the hosted MCP endpoint directly today: `https://api.chieflab.io/api/mcp`.
+
+Current status: packaged in repo, not published to npm yet. Do not tell users to
+run `npx @chieflab/mcp-server` until `npm view @chieflab/mcp-server` resolves.
+Use the hosted MCP URL directly today.
+
+After npm publish:
+
+```bash
+npm install -g @chieflab/mcp-server
+```
+
+Then in your MCP host config:
+
+```json
+{
+  "mcpServers": {
+    "chieflab": {
+      "command": "chieflab-mcp",
+      "env": { "CHIEFLAB_API_KEY": "clp_live_..." }
+    }
+  }
+}
+```
+
+Restart the host. ChiefLab's launch tool set is now available — the primary after-build tool is `chieflab_get_users_after_build` and the canonical launch operator is `chiefmo_launch_product`. Trigger phrases the host's agent should pick up: *launch this · get users · find customers · make money from this · market this · announce this · post this*.
+
+## What this is
+
+A thin stdio→HTTPS bridge. Forwards JSON-RPC frames over stdio to the hosted ChiefLab MCP at <https://api.chieflab.io/api/mcp>. Same JSON-RPC 2.0 / MCP 2024-11-05 contract on both sides.
+
+**Why a bridge instead of bundling the full server:**
+
+1. **Zero version skew.** Whatever tools the hosted MCP exposes today, this client surfaces today. No `npm update` required to pick up new tools.
+2. **~5KB package.** No need to ship the full ChiefLab core library + Supabase + connector deps just to run a local stdio MCP.
+3. **Auth + rate limiting + per-workspace scoping all happen server-side.** The local bridge holds nothing sensitive beyond your API key in env.
+
+## Get an API key
+
+One click, no email: <https://chieflab.io/get-key>
+
+## What ChiefLab does
+
+ChiefLab is the business execution layer for agent-built companies, starting with GTM. ChiefMO plans the launch grounded in repoContext, creates assets or briefs, opens an approval room, returns a paste-ready `agentGuide.userMessage`, publishes via Zernio after human approval, sends launch email via Resend, reads results 24h later via GA4 + Search Console + Zernio, remembers what worked, and recommends the next iteration. The v1 wedge is launch/distribution; see `/trust` for the live-vs-mock connector reality.
+
+Before calling ChiefLab, coding agents can gather repo context locally:
+
+```bash
+curl -fsSL https://chieflab.io/repo-context.mjs | node - --what-changed="what I just shipped"
+```
+
+Pass the printed JSON as `repoContext` to `chieflab_get_users_after_build`.
+
+To install persistent repo instructions for agents:
+
+Working installer today:
+
+```bash
+curl -fsSL https://chieflab.io/install-agent-hook.mjs | node -
+```
+
+Windows PowerShell:
+
+```powershell
+iwr https://chieflab.io/install-agent-hook.mjs -OutFile .chieflab-install-agent-hook.mjs; node .\.chieflab-install-agent-hook.mjs
+```
+
+npm command after publish:
+
+```bash
+npx @chieflab/cli init
+```
+
+This writes the after-build hook (`AGENTS.md`, Cursor rule, Claude command, Codex note, MCP config stub) so future "launch this / get users / make money" prompts route to `chieflab_get_users_after_build`, then resume with `chiefmo_continue_launch_loop`.
+
+Full docs: <https://chieflab.io/for-agents>
+
+## Direct alternatives
+
+- **Without install** — call the hosted MCP directly: `POST https://api.chieflab.io/api/mcp` with `Authorization: Bearer clp_live_...`. Any HTTP client works.
+- **CLI** — packaged in-repo, npm publish pending. Use hosted MCP until it resolves publicly.
+- **One-click Cursor** — <https://chieflab.io/install> has a `cursor://` deeplink.
+
+## Env
+
+| Var | Default | What |
+|---|---|---|
+| `CHIEFLAB_API_KEY` | _(required)_ | Bearer key. `clp_live_...` or `clp_dev_...`. |
+| `CHIEFLAB_ENDPOINT` | `https://api.chieflab.io/api/mcp` | Override (staging / self-hosted). |
+| `CHIEFLAB_TIMEOUT_MS` | `120000` | Per-request timeout. |
+
+## Self-host the full server
+
+If you want a stdio MCP that runs the full ChiefLab tool set locally (Supabase persistence, connector OAuth, your own Zernio/Resend keys), clone the source repo and run `node apps/mcp/src/server.js` from there. This npm package is the **client-side bridge** to the hosted runtime; `apps/mcp` is the **server-side runtime itself**.
+
+## Source
+
+<https://github.com/bdentech/chieflab/tree/main/packages/mcp-server> · Apache 2.0

package/package.json

@@ -0,0 +1,45 @@
+{
+  "name": "@chieflab/mcp-server",
+  "version": "0.1.0",
+  "mcpName": "io.github.bdentech/chieflab",
+  "description": "ChiefLab stdio MCP server — after-build GTM for agents. Bridges Cursor / Claude Desktop / Claude Code / Codex / Windsurf / Cline to the hosted ChiefLab MCP so agents can launch products, get users, approval-gate execution, and measure the next move.",
+  "type": "module",
+  "bin": {
+    "chieflab-mcp": "src/index.js"
+  },
+  "files": [
+    "src/",
+    "README.md"
+  ],
+  "engines": {
+    "node": ">=20"
+  },
+  "keywords": [
+    "chieflab",
+    "chiefmo",
+    "mcp",
+    "model-context-protocol",
+    "ai-agent",
+    "agent-built",
+    "get-users",
+    "product-launch",
+    "marketing",
+    "launch",
+    "gtm",
+    "startup",
+    "cursor",
+    "claude",
+    "codex",
+    "stdio"
+  ],
+  "homepage": "https://chieflab.io",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/bdentech/chieflab.git",
+    "directory": "packages/mcp-server"
+  },
+  "license": "Apache-2.0",
+  "publishConfig": {
+    "access": "public"
+  }
+}

package/src/index.js

@@ -0,0 +1,172 @@
+#!/usr/bin/env node
+// @chieflab/mcp-server — stdio MCP server.
+//
+// Thin bridge from stdio JSON-RPC (what Cursor / Claude Desktop / Claude
+// Code / Codex / Windsurf / Cline speak) to the hosted ChiefLab MCP at
+// chieflab.io/api/mcp via HTTPS. Streams every JSON-RPC frame through
+// untouched — same JSON-RPC 2.0 / MCP 2024-11-05 contract on both sides.
+//
+// Why a bridge instead of bundling the full server? Three reasons:
+//   1. Zero version skew. Whatever tools the hosted MCP exposes today,
+//      this client surfaces today. No `npm update` required.
+//   2. ~5KB package. No need to ship packages/core or its transitive
+//      Supabase / connector deps just to run a stdio MCP locally.
+//   3. Auth + rate limiting + per-workspace scoping all happen server-side.
+//      The local bridge holds nothing sensitive beyond the API key in env.
+//
+// USAGE
+//   after npm publish: npm install -g @chieflab/mcp-server
+//   CHIEFLAB_API_KEY=clp_live_... chieflab-mcp
+//
+// Or in an MCP host config (Cursor / Claude Desktop):
+//   {
+//     "mcpServers": {
+//       "chieflab": {
+//         "command": "chieflab-mcp",
+//         "env": { "CHIEFLAB_API_KEY": "clp_live_..." }
+//       }
+//     }
+//   }
+//
+// ENV
+//   CHIEFLAB_API_KEY     Bearer key. Required for everything except the
+//                        agent-first signup tool. Get one at
+//                        https://chieflab.io/get-key (one click, no email).
+//   CHIEFLAB_ENDPOINT    Override hosted endpoint (default
+//                        https://api.chieflab.io/api/mcp). Useful for staging
+//                        or self-hosted runners.
+//   CHIEFLAB_TIMEOUT_MS  Per-request timeout (default 120000).
+
+import readline from "node:readline";
+
+const ENDPOINT = process.env.CHIEFLAB_ENDPOINT || "https://api.chieflab.io/api/mcp";
+const API_KEY = process.env.CHIEFLAB_API_KEY || process.env.CHIEFMO_API_KEY || "";
+const TIMEOUT_MS = Number(process.env.CHIEFLAB_TIMEOUT_MS) || 120_000;
+const VERSION = "0.1.0";
+
+function writeMessage(message) {
+  process.stdout.write(`${JSON.stringify(message)}\n`);
+}
+
+function logErr(...args) {
+  // MCP stdio: stderr is fine for diagnostics; stdout is reserved for
+  // JSON-RPC frames the host will parse.
+  process.stderr.write(`[chieflab-mcp] ${args.join(" ")}\n`);
+}
+
+async function forwardToHosted(request) {
+  const headers = { "Content-Type": "application/json", "Accept": "application/json" };
+  if (API_KEY) headers["Authorization"] = `Bearer ${API_KEY}`;
+
+  const ctrl = new AbortController();
+  const t = setTimeout(() => ctrl.abort(), TIMEOUT_MS);
+
+  let res;
+  try {
+    res = await fetch(ENDPOINT, {
+      method: "POST",
+      headers,
+      body: JSON.stringify(request),
+      signal: ctrl.signal
+    });
+  } catch (err) {
+    clearTimeout(t);
+    if (err.name === "AbortError") {
+      return {
+        jsonrpc: "2.0",
+        id: request.id ?? null,
+        error: { code: -32000, message: `Hosted ChiefLab MCP timed out after ${TIMEOUT_MS}ms` }
+      };
+    }
+    return {
+      jsonrpc: "2.0",
+      id: request.id ?? null,
+      error: { code: -32000, message: `Network error reaching ${ENDPOINT}: ${err.message}` }
+    };
+  }
+  clearTimeout(t);
+
+  const text = await res.text();
+  if (!res.ok && res.status === 401) {
+    return {
+      jsonrpc: "2.0",
+      id: request.id ?? null,
+      error: {
+        code: -32001,
+        message: "Unauthorized. Set CHIEFLAB_API_KEY env var (get one at https://chieflab.io/get-key) and restart your MCP host."
+      }
+    };
+  }
+  if (!res.ok) {
+    return {
+      jsonrpc: "2.0",
+      id: request.id ?? null,
+      error: { code: -32000, message: `Hosted MCP returned ${res.status}: ${text.slice(0, 300)}` }
+    };
+  }
+
+  // Pass through verbatim. The hosted endpoint already returns a valid
+  // JSON-RPC envelope.
+  try {
+    return JSON.parse(text);
+  } catch {
+    return {
+      jsonrpc: "2.0",
+      id: request.id ?? null,
+      error: { code: -32700, message: `Hosted MCP returned non-JSON: ${text.slice(0, 200)}` }
+    };
+  }
+}
+
+// notifications/initialized is a notification (no id, no response per spec).
+// Don't forward — short-circuit locally to match hosted behavior.
+async function handleRequest(request) {
+  if (!request || typeof request !== "object") {
+    return {
+      jsonrpc: "2.0",
+      id: null,
+      error: { code: -32600, message: "Invalid request — not a JSON object" }
+    };
+  }
+  if (request.method === "notifications/initialized") return null;
+  return forwardToHosted(request);
+}
+
+// Surface a readable startup line on stderr so host logs show what's running.
+logErr(`@chieflab/mcp-server v${VERSION} → ${ENDPOINT}`);
+if (!API_KEY) {
+  logErr("CHIEFLAB_API_KEY not set. Most tools will return 401. Get a key: https://chieflab.io/get-key");
+}
+
+const rl = readline.createInterface({ input: process.stdin, crlfDelay: Infinity });
+
+// Track in-flight handler promises so we don't exit before responses are
+// written. MCP hosts pipe many requests in succession; each must complete.
+const inflight = new Set();
+
+rl.on("line", (line) => {
+  if (!line.trim()) return;
+  const work = (async () => {
+    let request;
+    try {
+      request = JSON.parse(line);
+    } catch (err) {
+      writeMessage({
+        jsonrpc: "2.0",
+        id: null,
+        error: { code: -32700, message: `Parse error: ${err.message}` }
+      });
+      return;
+    }
+    const response = await handleRequest(request);
+    if (response) writeMessage(response);
+  })();
+  inflight.add(work);
+  work.finally(() => inflight.delete(work));
+});
+
+// Clean exit on stdin close — but only after all in-flight responses are written.
+rl.on("close", async () => {
+  if (inflight.size > 0) await Promise.allSettled(inflight);
+  process.exit(0);
+});