npm - @clavisagent/mcp-server - Versions diffs - 0.1.0 → 0.1.1 - Mend

@clavisagent/mcp-server 0.1.0 → 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/README.md CHANGED Viewed

@@ -1,54 +1,91 @@
-# Clavis MCP Server
+# @clavisagent/mcp-server
-Secure credential management for Claude Desktop and MCP servers.
+MCP server for [Clavis](https://clavisagent.com) — secure credential management for Claude Desktop.
-## Features
-- 🔐 Encrypted credential storage (AES-256)
-- 🔄 Automatic OAuth token refresh
-- ⚡ Distributed rate limiting
-- 📊 Full audit logging
+Credentials are injected server-side. **Claude never sees raw API keys.**
 ## Installation
-```bash
-npx @clavisagent/mcp-server
-```
-Or install globally:
 ```bash
 npm install -g @clavisagent/mcp-server
 ```
-## Usage with Claude Desktop
+## Claude Desktop Setup
-Add the following to your Claude Desktop configuration file (`claude_desktop_config.json`):
+Add to your `claude_desktop_config.json`:
 ```json
 {
   "mcpServers": {
     "clavis": {
       "command": "npx",
-      "args": ["-y", "@clavisagent/mcp-server"]
+      "args": ["-y", "@clavisagent/mcp-server"],
+      "env": {
+        "CLAVIS_API_KEY": "eyJ...",
+        "CLAVIS_API_URL": "https://your-clavis-instance.com"
+      }
     }
   }
 }
 ```
-## Usage with Claude Code
+Config file locations:
+- **macOS:** `~/Library/Application Support/Claude/claude_desktop_config.json`
+- **Windows:** `%APPDATA%\Claude\claude_desktop_config.json`
-```bash
-claude mcp add clavis -- npx -y @clavisagent/mcp-server
+Get your API key from `POST /v1/auth/login` — use the `access_token` (JWT), not the `cla_...` key shown at registration.
+## Tools
+### `list_services`
+List all services with stored credentials.
+### `check_credential_status`
+Check credential health without making any external API call.
+```
+service_name: "stripe"
+→ Valid: yes, Status: healthy, Expires in: 58 minutes
+```
+### `call_service` ← Recommended
+Make an API call with server-side credential injection. The credential never reaches Claude.
+```
+service_name: "stripe"
+method: "GET"
+url: "https://api.stripe.com/v1/balance"
+→ Status: 200, Body: {"object": "balance", ...}
 ```
-## Available Tools
+### `get_credentials` ← Legacy
+Returns raw credential data. Use `call_service` instead — it keeps secrets out of the conversation entirely.
+## Self-Hosted Setup
+If running Clavis locally:
+```json
+{
+  "mcpServers": {
+    "clavis": {
+      "command": "node",
+      "args": ["/path/to/clavis-mcp/dist/index.js"],
+      "env": {
+        "CLAVIS_API_KEY": "eyJ...",
+        "CLAVIS_API_URL": "http://localhost:8000"
+      }
+    }
+  }
+}
+```
+## Changelog
+### v0.1.1
+- Added `call_service` tool (server-side credential injection)
+- `call_service` is the recommended tool for prompt injection immunity
-| Tool | Description |
-|---|---|
-| `get_credentials` | Retrieve a valid access token or API key for a named service |
-| `list_services` | List all services with stored credentials |
-| `check_credential_status` | Check the status and expiry of credentials for a service |
+### v0.1.0
+- Initial release: `list_services`, `check_credential_status`, `get_credentials`
 ## License

package/dist/index.d.ts CHANGED Viewed

@@ -2,9 +2,9 @@
 /**
  * Clavis MCP Server
  *
- * Exposes Clavis credential management to Claude Desktop and other MCP clients.
- * Configure via environment variable:
- *   CLAVIS_API_KEY — your Clavis JWT (from POST /v1/auth/login)
+ * Exposes Clavis credential management to Claude Desktop via the
+ * Model Context Protocol. Credentials are injected server-side —
+ * Claude never sees raw API keys.
  */
 export {};
 //# sourceMappingURL=index.d.ts.map

package/dist/index.js CHANGED Viewed

@@ -1,138 +1,274 @@
 #!/usr/bin/env node
+"use strict";
 /**
  * Clavis MCP Server
  *
- * Exposes Clavis credential management to Claude Desktop and other MCP clients.
- * Configure via environment variable:
- *   CLAVIS_API_KEY — your Clavis JWT (from POST /v1/auth/login)
+ * Exposes Clavis credential management to Claude Desktop via the
+ * Model Context Protocol. Credentials are injected server-side —
+ * Claude never sees raw API keys.
  */
-import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
-import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
-import { z } from "zod";
+Object.defineProperty(exports, "__esModule", { value: true });
+const index_js_1 = require("@modelcontextprotocol/sdk/server/index.js");
+const stdio_js_1 = require("@modelcontextprotocol/sdk/server/stdio.js");
+const types_js_1 = require("@modelcontextprotocol/sdk/types.js");
 // ---------------------------------------------------------------------------
-// Config
+// Config from environment
 // ---------------------------------------------------------------------------
-const BASE_URL = "https://clavisagent.com";
-const apiKey = process.env.CLAVIS_API_KEY;
-if (!apiKey) {
-    console.error("[clavis-mcp] Error: CLAVIS_API_KEY environment variable is not set.");
-    process.exit(1);
+const CLAVIS_API_URL = (process.env.CLAVIS_API_URL ?? "http://localhost:8000").replace(/\/$/, "");
+const CLAVIS_API_KEY = process.env.CLAVIS_API_KEY ?? "";
+if (!CLAVIS_API_KEY) {
+    process.stderr.write("[clavis-mcp] WARNING: CLAVIS_API_KEY is not set. All requests will fail with 401.\n");
 }
-const authHeaders = {
-    Authorization: `Bearer ${apiKey}`,
+const AUTH_HEADERS = {
+    Authorization: `Bearer ${CLAVIS_API_KEY}`,
     "Content-Type": "application/json",
 };
+// ---------------------------------------------------------------------------
+// Clavis API helpers
+// ---------------------------------------------------------------------------
 async function clavisGet(path) {
-    const url = `${BASE_URL}${path}`;
-    const res = await fetch(url, { headers: authHeaders });
+    const { default: fetch } = await import("node-fetch");
+    const url = `${CLAVIS_API_URL}${path}`;
+    const res = await fetch(url, { headers: AUTH_HEADERS });
+    const body = await res.json();
     if (!res.ok) {
-        let detail = `HTTP ${res.status}`;
-        try {
-            const body = (await res.json());
-            detail = body.detail ?? body.message ?? detail;
-        }
-        catch {
-            // ignore parse error — use status code only
-        }
-        throw new Error(`Clavis API error on ${path}: ${detail}`);
+        const detail = body.detail ?? res.statusText;
+        throw new Error(`Clavis API error ${res.status}: ${detail}`);
     }
-    return res.json();
+    return body;
+}
+async function clavisPost(path, payload) {
+    const { default: fetch } = await import("node-fetch");
+    const url = `${CLAVIS_API_URL}${path}`;
+    const res = await fetch(url, {
+        method: "POST",
+        headers: AUTH_HEADERS,
+        body: JSON.stringify(payload),
+    });
+    const body = await res.json();
+    if (!res.ok) {
+        const detail = body.detail ?? res.statusText;
+        throw new Error(`Clavis API error ${res.status}: ${detail}`);
+    }
+    return body;
 }
 // ---------------------------------------------------------------------------
-// MCP Server
+// Tool definitions
 // ---------------------------------------------------------------------------
-const server = new McpServer({
-    name: "clavis",
-    version: "0.1.0",
-});
-// ── Tool 1: get_credentials ────────────────────────────────────────────────
-server.tool("get_credentials", "Retrieve a valid access token or API key for a named service from Clavis. " +
-    "Clavis handles token refresh and rotation automatically.", {
-    service_name: z
-        .string()
-        .min(1)
-        .describe("The name of the service to retrieve credentials for (e.g. 'github', 'openai')"),
-}, async ({ service_name }) => {
-    const data = await clavisGet(`/v1/tokens/${service_name}`);
-    return {
-        content: [
-            {
-                type: "text",
-                text: JSON.stringify({
-                    service: service_name,
-                    access_token: data.access_token,
-                    token_type: data.token_type ?? "Bearer",
-                    ...(data.expires_in != null && { expires_in_seconds: data.expires_in }),
-                }, null, 2),
+const TOOLS = [
+    {
+        name: "list_services",
+        description: "List all services with stored credentials in Clavis. Returns service names and connector types.",
+        inputSchema: {
+            type: "object",
+            properties: {},
+            required: [],
+        },
+    },
+    {
+        name: "check_credential_status",
+        description: "Check credential health for a service without making any external API call. " +
+            "Returns validity, expiry, and rate-limit info. Safe to call frequently as a health check.",
+        inputSchema: {
+            type: "object",
+            properties: {
+                service_name: {
+                    type: "string",
+                    description: "Name of the service to check (e.g. 'openai', 'stripe')",
+                },
             },
-        ],
-    };
-});
-// ── Tool 2: list_services ─────────────────────────────────────────────────
-server.tool("list_services", "List all services configured in Clavis for the authenticated developer.", {}, async () => {
-    const data = await clavisGet("/v1/services");
-    // Normalise: API may return an array directly or wrapped in { services: [...] }
-    const services = Array.isArray(data)
-        ? data
-        : data.services ?? [];
-    const active = services.filter((s) => s.is_active);
-    return {
-        content: [
-            {
-                type: "text",
-                text: JSON.stringify({
-                    total: services.length,
-                    active: active.length,
-                    services: services.map((s) => ({
-                        name: s.name,
-                        id: s.id,
-                        is_active: s.is_active,
-                        created_at: s.created_at,
-                    })),
-                }, null, 2),
+            required: ["service_name"],
+        },
+    },
+    {
+        name: "call_service",
+        description: "RECOMMENDED: Make an API call with server-side credential injection. " +
+            "The credential is fetched from the Clavis vault and injected into the upstream request. " +
+            "Claude never sees the raw API key — this is the secure way to call external APIs.",
+        inputSchema: {
+            type: "object",
+            properties: {
+                service_name: {
+                    type: "string",
+                    description: "Name of the Clavis service whose credentials to inject (e.g. 'openai')",
+                },
+                method: {
+                    type: "string",
+                    enum: ["GET", "POST", "PUT", "PATCH", "DELETE"],
+                    description: "HTTP method",
+                },
+                url: {
+                    type: "string",
+                    description: "Full URL to call. Must be on the service's allowed domain (SSRF protection).",
+                },
+                headers: {
+                    type: "object",
+                    description: "Additional request headers (optional)",
+                    additionalProperties: { type: "string" },
+                },
+                params: {
+                    type: "object",
+                    description: "URL query parameters (optional)",
+                    additionalProperties: true,
+                },
+                json: {
+                    type: "object",
+                    description: "JSON request body (optional, mutually exclusive with data)",
+                    additionalProperties: true,
+                },
+                data: {
+                    description: "Form-encoded body (optional, mutually exclusive with json)",
+                },
             },
-        ],
-    };
-});
-// ── Tool 3: check_credential_status ───────────────────────────────────────
-server.tool("check_credential_status", "Check the validity and rate-limit status of credentials for a service. " +
-    "NOTE: The /v1/credentials/{service}/check endpoint is not yet implemented — " +
-    "returns a stub response until the API endpoint is live.", {
-    service_name: z
-        .string()
-        .min(1)
-        .describe("The name of the service to check (e.g. 'github', 'openai')"),
-}, async ({ service_name }) => {
-    // Stub — endpoint /v1/credentials/{service_name}/check is not yet implemented.
-    // When the endpoint goes live, replace the body below with:
-    //   const data = await clavisGet<CredentialStatus>(`/v1/credentials/${service_name}/check`);
-    //   return { content: [{ type: "text", text: JSON.stringify(data, null, 2) }] };
-    const stub = {
-        service_name,
-        valid: true,
-        expires_in: undefined,
-        rate_limit_remaining: undefined,
-        note: "check_credential_status is stubbed — /v1/credentials/{service}/check not yet implemented.",
-    };
-    return {
-        content: [
-            {
-                type: "text",
-                text: JSON.stringify(stub, null, 2),
+            required: ["service_name", "method", "url"],
+        },
+    },
+    {
+        name: "get_credentials",
+        description: "LEGACY — returns raw credential data. Prefer call_service for security: " +
+            "call_service injects credentials server-side so Claude never sees raw keys. " +
+            "Use this only if you need the credential value directly.",
+        inputSchema: {
+            type: "object",
+            properties: {
+                service_name: {
+                    type: "string",
+                    description: "Name of the service (e.g. 'openai', 'stripe')",
+                },
             },
-        ],
+            required: ["service_name"],
+        },
+    },
+];
+// ---------------------------------------------------------------------------
+// Tool handlers
+// ---------------------------------------------------------------------------
+async function handleListServices() {
+    const data = await clavisGet("/v1/services");
+    const items = Array.isArray(data)
+        ? data
+        : data.items
+            ?? data.services
+            ?? [];
+    if (items.length === 0) {
+        return "No services registered in Clavis yet. Add one via the Clavis API or dashboard.";
+    }
+    const lines = items.map((s) => {
+        const svc = s;
+        const name = svc.name ?? svc.service_name ?? "unknown";
+        const connector = svc.connector_name ? ` (${svc.connector_name})` : "";
+        return `- ${name}${connector}`;
+    });
+    return `${items.length} service(s) registered:\n${lines.join("\n")}`;
+}
+async function handleCheckCredentialStatus(serviceName) {
+    const data = await clavisGet(`/v1/credentials/${encodeURIComponent(serviceName)}/check`);
+    const lines = [
+        `Service: ${serviceName}`,
+        `Valid: ${data.valid ? "yes" : "no"}`,
+        `Status: ${data.status ?? "unknown"}`,
+    ];
+    if (data.expires_in != null) {
+        const mins = Math.floor(data.expires_in / 60);
+        lines.push(`Expires in: ${mins > 0 ? `${mins} minutes` : "< 1 minute"}`);
+    }
+    if (data.rate_limit_remaining != null) {
+        lines.push(`Rate limit remaining: ${data.rate_limit_remaining}`);
+    }
+    if (data.last_used) {
+        lines.push(`Last used: ${data.last_used}`);
+    }
+    if (!data.valid && data.error) {
+        lines.push(`Error: ${data.error}`);
+    }
+    return lines.join("\n");
+}
+async function handleCallService(args) {
+    const payload = {
+        method: args.method,
+        url: args.url,
+        headers: args.headers ?? null,
+        params: args.params ?? null,
+        json: args.json ?? null,
+        data: args.data ?? null,
     };
+    const result = await clavisPost(`/v1/call/${encodeURIComponent(args.service_name)}`, payload);
+    const bodyStr = typeof result.body === "string"
+        ? result.body
+        : JSON.stringify(result.body, null, 2);
+    return [`Status: ${result.status_code}`, `Body:\n${bodyStr}`].join("\n");
+}
+async function handleGetCredentials(serviceName) {
+    const data = await clavisGet(`/v1/credentials/${encodeURIComponent(serviceName)}`);
+    return ("WARNING: This returned raw credential data. " +
+        "For future calls, prefer call_service — it injects credentials server-side " +
+        "so this conversation never contains raw API keys.\n\n" +
+        JSON.stringify(data, null, 2));
+}
+// ---------------------------------------------------------------------------
+// MCP Server
+// ---------------------------------------------------------------------------
+const server = new index_js_1.Server({ name: "clavis", version: "0.1.1" }, { capabilities: { tools: {} } });
+server.setRequestHandler(types_js_1.ListToolsRequestSchema, async () => ({ tools: TOOLS }));
+server.setRequestHandler(types_js_1.CallToolRequestSchema, async (request) => {
+    const { name, arguments: args } = request.params;
+    const a = (args ?? {});
+    try {
+        let text;
+        switch (name) {
+            case "list_services":
+                text = await handleListServices();
+                break;
+            case "check_credential_status":
+                if (typeof a.service_name !== "string")
+                    throw new Error("service_name is required");
+                text = await handleCheckCredentialStatus(a.service_name);
+                break;
+            case "call_service":
+                if (typeof a.service_name !== "string")
+                    throw new Error("service_name is required");
+                if (typeof a.method !== "string")
+                    throw new Error("method is required");
+                if (typeof a.url !== "string")
+                    throw new Error("url is required");
+                text = await handleCallService({
+                    service_name: a.service_name,
+                    method: a.method,
+                    url: a.url,
+                    headers: a.headers,
+                    params: a.params,
+                    json: a.json,
+                    data: a.data,
+                });
+                break;
+            case "get_credentials":
+                if (typeof a.service_name !== "string")
+                    throw new Error("service_name is required");
+                text = await handleGetCredentials(a.service_name);
+                break;
+            default:
+                throw new Error(`Unknown tool: ${name}`);
+        }
+        return { content: [{ type: "text", text }] };
+    }
+    catch (err) {
+        const message = err instanceof Error ? err.message : String(err);
+        return {
+            content: [{ type: "text", text: `Error: ${message}` }],
+            isError: true,
+        };
+    }
 });
 // ---------------------------------------------------------------------------
 // Start
 // ---------------------------------------------------------------------------
 async function main() {
-    const transport = new StdioServerTransport();
+    const transport = new stdio_js_1.StdioServerTransport();
     await server.connect(transport);
-    console.error("[clavis-mcp] Server running on stdio");
+    process.stderr.write(`[clavis-mcp] Server started. API: ${CLAVIS_API_URL}\n`);
 }
 main().catch((err) => {
-    console.error("[clavis-mcp] Fatal error:", err);
+    process.stderr.write(`[clavis-mcp] Fatal: ${err}\n`);
     process.exit(1);
 });
 //# sourceMappingURL=index.js.map

package/dist/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AACA;;;;;;GAMG;AAEH,~~OAAO~~,~~EAAE~~,~~SAAS~~,~~EAAE~~,~~MAAM~~,~~yCAAyC,CAAC~~;~~AACpE~~,~~OAAO~~,~~EAAE~~,~~oBAAoB~~,~~EAAE~~,~~MAAM~~,~~2CAA2C,~~CAAC~~;AACjF~~,~~OAAO~~,~~EAAE,~~CAAC,~~EAAE~~,~~MAAM~~,~~KAAK~~,CAAC~~;AAExB~~,~~8EAA8E;AAC9E~~,~~SAAS;AACT~~,~~8EAA8E;AAE9E~~,~~MAAM~~,~~QAAQ~~,~~GAAG~~,~~yBAAyB~~,CAAC;~~AAE3C~~,MAAM,~~MAAM~~,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;~~AAC1C~~,IAAI,CAAC,~~MAAM~~,EAAE,CAAC;~~IACZ~~,OAAO,CAAC,~~KAAK~~,CAAC,~~qEAAqE~~,~~CAAC~~,~~CAAC;IACrF~~,~~OAAO~~,CAAC~~,IAAI,CAAC,CAAC,CAAC,CAAC~~;~~AAClB~~,CAAC;AAED,MAAM,~~WAAW~~,GAA2B;~~IAC1C~~,aAAa,EAAE,UAAU,~~MAAM~~,EAAE;~~IACjC~~,cAAc,EAAE,kBAAkB;CACnC,CAAC;~~AAWF~~,KAAK,UAAU,SAAS,~~CAAI~~,IAAY;~~IACtC~~,MAAM,GAAG,GAAG,GAAG,~~QAAQ~~,GAAG,IAAI,EAAE,CAAC;~~IACjC~~,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE,EAAE,OAAO,EAAE,~~WAAW~~,EAAE,CAAC,CAAC;~~IAEvD~~,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACZ,~~IAAI~~,MAAM,GAAG,~~QAAQ~~,GAAG,CAAC,MAAM,EAAE,CAAC;~~QAClC~~,IAAI,CAAC;~~YACH~~,MAAM,~~IAAI~~,GAAG,CAAC,MAAM,GAAG,~~CAAC~~,IAAI,EAAE,~~CAAgB,~~CAAC;~~YAC/C~~,MAAM,GAAG,~~IAAI~~,CAAC,MAAM,IAAI,IAAI,CAAC,OAAO,IAAI,MAAM,CAAC;~~QACjD~~,CAAC;~~QAAC~~,MAAM,CAAC~~;YACP~~,~~4CAA4C;QAC9C~~,CAAC;~~QACD~~,MAAM,IAAI,KAAK,CAAC,~~uBAAuB~~,~~IAAI~~,KAAK,MAAM,EAAE,CAAC,CAAC;~~IAC5D~~,CAAC;~~IAED~~,OAAO,~~GAAG,CAAC,~~IAAI,~~EAAgB,~~CAAC;~~AAClC~~,CAAC;~~AAgCD~~,8EAA8E;AAC9E,~~aAAa~~;~~AACb~~,8EAA8E;AAE9E,MAAM,~~MAAM~~,~~GAAG~~,IAAI,~~SAAS~~,~~CAAC~~;~~IAC3B~~,IAAI,EAAE,QAAQ;~~IACd~~,~~OAAO~~,EAAE,~~OAAO~~;~~CACjB~~,~~CAAC~~,~~CAAC~~;~~AAEH~~,8EAA8E;~~AAE9E~~,~~MAAM~~,~~CAAC~~,IAAI,~~CACT~~,~~iBAAiB~~,~~EACjB~~,~~4EAA4E~~;~~IAC1E~~,~~0DAA0D~~,~~EAC5D~~;~~IACE~~,~~YAAY~~,EAAE,~~CAAC~~;~~SACZ~~,~~MAAM~~,EAAE;~~SACR~~,~~GAAG~~,~~CAAC~~,CAAC,CAAC;~~SACN~~,~~QAAQ~~,~~CAAC,+EAA+E~~,~~CAAC~~;~~CAC7F~~,~~EACD~~,~~KAAK~~,EAAE,EAAE,YAAY,EAAE,EAAE,EAAE;~~IACzB~~,MAAM,IAAI,~~GAAG~~,MAAM,~~SAAS~~,~~CAAgB~~,~~cAAc~~,~~YAAY~~,EAAE,~~CAAC~~,CAAC;~~IAE1E~~,~~OAAO~~;~~QACL~~,OAAO,EAAE;~~YACP~~;~~gBACE~~,IAAI,EAAE,~~MAAe~~;~~gBACrB~~,IAAI,EAAE,IAAI,~~CAAC~~,~~SAAS~~,~~CAClB~~;~~oBACE~~,~~OAAO~~,EAAE,~~YAAY~~;~~oBACrB~~,~~YAAY~~,EAAE,IAAI,CAAC,~~YAAY~~;~~oBAC/B~~,~~UAAU~~,EAAE,IAAI,~~CAAC~~,UAAU,IAAI,QAAQ;~~oBACvC~~,~~GAAG~~,CAAC,~~IAAI~~,CAAC,UAAU,~~IAAI~~,IAAI,IAAI,~~EAAE~~,~~kBAAkB~~,~~EAAE~~,IAAI,CAAC,~~UAAU~~,EAAE,CAAC;~~iBACxE~~,~~EACD,~~IAAI,~~EACJ~~,CAAC,~~CACF~~;~~aACF~~;~~SACF;KACF~~,CAAC;~~AACJ~~,CAAC,~~CACF~~,CAAC;~~AAEF~~,~~6EAA6E~~;~~AAE7E~~,MAAM,CAAC,IAAI,~~CACT~~,~~eAAe~~,~~EACf~~,~~yEAAyE~~,~~EACzE~~,EAAE,~~EACF~~,KAAK,IAAI,EAAE;~~IACT~~,MAAM,IAAI,GAAG,MAAM,SAAS,~~CAA+B~~,~~cAAc~~,CAAC,CAAC~~;IAE3E~~,~~gFAAgF~~;~~IAChF~~,MAAM,~~QAAQ~~,~~GAAc~~,KAAK,CAAC,~~OAAO~~,CAAC,~~IAAI~~,CAAC~~;QAC7C~~,CAAC,CAAC,IAAI;~~QACN~~,CAAC,~~CAAE~~,~~IAAyB~~,CAAC,~~QAAQ~~,IAAI,EAAE,CAAC;~~IAE9C~~,MAAM,~~MAAM~~,GAAG,~~QAAQ~~,CAAC,~~MAAM~~,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,~~SAAS~~,CAAC,CAAC;~~IAEnD~~,~~OAAO~~;~~QACL~~,~~OAAO~~,EAAE;~~YACP~~;~~gBACE~~,IAAI,EAAE,~~MAAe~~;~~gBACrB~~,IAAI,EAAE,IAAI,CAAC,~~SAAS~~,~~CAClB~~;~~oBACE~~,KAAK,~~EAAE~~,~~QAAQ~~,CAAC,MAAM;~~oBACtB~~,MAAM,EAAE,~~MAAM~~,CAAC,MAAM;~~oBACrB~~,~~QAAQ~~,EAAE,~~QAAQ~~,CAAC,GAAG,~~CAAC~~,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;~~wBAC7B~~,IAAI,EAAE,CAAC,CAAC,IAAI~~;wBACZ~~,~~EAAE~~,~~EAAE~~,CAAC,CAAC,~~EAAE~~;~~wBACR~~,SAAS,EAAE,CAAC,CAAC,~~SAAS~~;~~wBACtB~~,UAAU,EAAE,CAAC,CAAC,~~UAAU~~;~~qBACzB~~,CAAC,CAAC;~~iBACJ~~,~~EACD~~,IAAI,~~EACJ~~,CAAC,~~CACF;aACF;SACF;KACF~~,CAAC~~;AACJ~~,CAAC,~~CACF~~,CAAC;~~AAEF~~,6EAA6E;~~AAE7E~~,~~MAAM~~,CAAC,IAAI,~~CACT~~,~~yBAAyB~~,~~EACzB~~,~~yEAAyE~~;~~IACvE~~,8EAA8E;~~IAC9E~~,~~yDAAyD~~,~~EAC3D~~;~~IACE~~,YAAY,EAAE,CAAC;~~SACZ~~,MAAM,EAAE~~;SACR~~,~~GAAG~~,CAAC,CAAC,CAAC;~~SACN~~,~~QAAQ~~,CAAC,~~4DAA4D~~,CAAC~~;CAC1E~~,~~EACD~~,KAAK,EAAE,EAAE,~~YAAY~~,EAAE,EAAE,EAAE;~~IACzB,+EAA+E~~;~~IAC/E~~,~~4DAA4D~~;~~IAC5D~~,~~6FAA6F~~;~~IAC7F~~,~~iFAAiF~~;~~IAEjF~~,MAAM,IAAI,~~GAAqB~~;~~QAC7B~~,YAAY;~~QACZ~~,KAAK,~~EAAE~~,IAAI;~~QACX~~,~~UAAU~~,~~EAAE~~,~~SAAS~~;~~QACrB~~,oBAAoB,~~EAAE~~,~~SAAS~~;~~QAC/B~~,IAAI,EAAE,~~2FAA2F~~;~~KAClG~~,CAAC;~~IAEF~~,~~OAAO~~;~~QACL~~,OAAO,EAAE;~~YACP~~;~~gBACE~~,IAAI,EAAE,~~MAAe~~;~~gBACrB~~,IAAI,EAAE,IAAI,CAAC,~~SAAS~~,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;~~aACpC~~;~~SACF~~;~~KACF~~,CAAC;~~AACJ~~,CAAC,~~CACF~~,CAAC;~~AAEF~~,8EAA8E;AAC9E,QAAQ;AACR,8EAA8E;AAE9E,KAAK,UAAU,IAAI;IACjB,MAAM,SAAS,GAAG,IAAI,~~oBAAoB,~~EAAE,CAAC;IAC7C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAChC,OAAO,CAAC,KAAK,CAAC,~~sCAAsC~~,CAAC,CAAC;~~AACxD~~,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;IACnB,OAAO,CAAC,KAAK,CAAC,~~2BAA2B~~,~~EAAE,~~GAAG,CAAC,CAAC;~~IAChD~~,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;AACA;;;;;;GAMG;;AAEH,wEAAmE;AACnE,wEAAiF;AACjF,iEAI4C;AAE5C,8EAA8E;AAC9E,0BAA0B;AAC1B,8EAA8E;AAE9E,MAAM,cAAc,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,uBAAuB,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;AAClG,MAAM,cAAc,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,EAAE,CAAC;AAExD,IAAI,CAAC,cAAc,EAAE,CAAC;IACpB,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,qFAAqF,CACtF,CAAC;AACJ,CAAC;AAED,MAAM,YAAY,GAA2B;IAC3C,aAAa,EAAE,UAAU,cAAc,EAAE;IACzC,cAAc,EAAE,kBAAkB;CACnC,CAAC;AAEF,8EAA8E;AAC9E,qBAAqB;AACrB,8EAA8E;AAE9E,KAAK,UAAU,SAAS,CAAC,IAAY;IACnC,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,CAAC;IACtD,MAAM,GAAG,GAAG,GAAG,cAAc,GAAG,IAAI,EAAE,CAAC;IACvC,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE,EAAE,OAAO,EAAE,YAAY,EAAE,CAAC,CAAC;IACxD,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAa,CAAC;IACzC,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACZ,MAAM,MAAM,GAAI,IAA4B,CAAC,MAAM,IAAI,GAAG,CAAC,UAAU,CAAC;QACtE,MAAM,IAAI,KAAK,CAAC,oBAAoB,GAAG,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC,CAAC;IAC/D,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,KAAK,UAAU,UAAU,CAAC,IAAY,EAAE,OAAgB;IACtD,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,CAAC;IACtD,MAAM,GAAG,GAAG,GAAG,cAAc,GAAG,IAAI,EAAE,CAAC;IACvC,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;QAC3B,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,YAAY;QACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC;KAC9B,CAAC,CAAC;IACH,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAa,CAAC;IACzC,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACZ,MAAM,MAAM,GAAI,IAA4B,CAAC,MAAM,IAAI,GAAG,CAAC,UAAU,CAAC;QACtE,MAAM,IAAI,KAAK,CAAC,oBAAoB,GAAG,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC,CAAC;IAC/D,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,8EAA8E;AAC9E,mBAAmB;AACnB,8EAA8E;AAE9E,MAAM,KAAK,GAAW;IACpB;QACE,IAAI,EAAE,eAAe;QACrB,WAAW,EACT,iGAAiG;QACnG,WAAW,EAAE;YACX,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE,EAAE;YACd,QAAQ,EAAE,EAAE;SACb;KACF;IACD;QACE,IAAI,EAAE,yBAAyB;QAC/B,WAAW,EACT,8EAA8E;YAC9E,2FAA2F;QAC7F,WAAW,EAAE;YACX,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE;gBACV,YAAY,EAAE;oBACZ,IAAI,EAAE,QAAQ;oBACd,WAAW,EAAE,wDAAwD;iBACtE;aACF;YACD,QAAQ,EAAE,CAAC,cAAc,CAAC;SAC3B;KACF;IACD;QACE,IAAI,EAAE,cAAc;QACpB,WAAW,EACT,uEAAuE;YACvE,0FAA0F;YAC1F,mFAAmF;QACrF,WAAW,EAAE;YACX,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE;gBACV,YAAY,EAAE;oBACZ,IAAI,EAAE,QAAQ;oBACd,WAAW,EAAE,wEAAwE;iBACtF;gBACD,MAAM,EAAE;oBACN,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,CAAC;oBAC/C,WAAW,EAAE,aAAa;iBAC3B;gBACD,GAAG,EAAE;oBACH,IAAI,EAAE,QAAQ;oBACd,WAAW,EACT,8EAA8E;iBACjF;gBACD,OAAO,EAAE;oBACP,IAAI,EAAE,QAAQ;oBACd,WAAW,EAAE,uCAAuC;oBACpD,oBAAoB,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;iBACzC;gBACD,MAAM,EAAE;oBACN,IAAI,EAAE,QAAQ;oBACd,WAAW,EAAE,iCAAiC;oBAC9C,oBAAoB,EAAE,IAAI;iBAC3B;gBACD,IAAI,EAAE;oBACJ,IAAI,EAAE,QAAQ;oBACd,WAAW,EAAE,4DAA4D;oBACzE,oBAAoB,EAAE,IAAI;iBAC3B;gBACD,IAAI,EAAE;oBACJ,WAAW,EAAE,4DAA4D;iBAC1E;aACF;YACD,QAAQ,EAAE,CAAC,cAAc,EAAE,QAAQ,EAAE,KAAK,CAAC;SAC5C;KACF;IACD;QACE,IAAI,EAAE,iBAAiB;QACvB,WAAW,EACT,0EAA0E;YAC1E,8EAA8E;YAC9E,0DAA0D;QAC5D,WAAW,EAAE;YACX,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE;gBACV,YAAY,EAAE;oBACZ,IAAI,EAAE,QAAQ;oBACd,WAAW,EAAE,+CAA+C;iBAC7D;aACF;YACD,QAAQ,EAAE,CAAC,cAAc,CAAC;SAC3B;KACF;CACF,CAAC;AAEF,8EAA8E;AAC9E,gBAAgB;AAChB,8EAA8E;AAE9E,KAAK,UAAU,kBAAkB;IAC/B,MAAM,IAAI,GAAG,MAAM,SAAS,CAAC,cAAc,CAA4D,CAAC;IACxG,MAAM,KAAK,GAAc,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC;QAC1C,CAAC,CAAC,IAAI;QACN,CAAC,CAAE,IAAoD,CAAC,KAAK;eACvD,IAAiC,CAAC,QAAQ;eAC3C,EAAE,CAAC;IAEV,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,OAAO,gFAAgF,CAAC;IAC1F,CAAC;IAED,MAAM,KAAK,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;QAC5B,MAAM,GAAG,GAAG,CAAsE,CAAC;QACnF,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,YAAY,IAAI,SAAS,CAAC;QACvD,MAAM,SAAS,GAAG,GAAG,CAAC,cAAc,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,cAAc,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;QACvE,OAAO,KAAK,IAAI,GAAG,SAAS,EAAE,CAAC;IACjC,CAAC,CAAC,CAAC;IAEH,OAAO,GAAG,KAAK,CAAC,MAAM,4BAA4B,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;AACvE,CAAC;AAED,KAAK,UAAU,2BAA2B,CAAC,WAAmB;IAC5D,MAAM,IAAI,GAAG,MAAM,SAAS,CAAC,mBAAmB,kBAAkB,CAAC,WAAW,CAAC,QAAQ,CAOtF,CAAC;IAEF,MAAM,KAAK,GAAa;QACtB,YAAY,WAAW,EAAE;QACzB,UAAU,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE;QACrC,WAAW,IAAI,CAAC,MAAM,IAAI,SAAS,EAAE;KACtC,CAAC;IAEF,IAAI,IAAI,CAAC,UAAU,IAAI,IAAI,EAAE,CAAC;QAC5B,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,GAAG,EAAE,CAAC,CAAC;QAC9C,KAAK,CAAC,IAAI,CAAC,eAAe,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,IAAI,UAAU,CAAC,CAAC,CAAC,YAAY,EAAE,CAAC,CAAC;IAC3E,CAAC;IACD,IAAI,IAAI,CAAC,oBAAoB,IAAI,IAAI,EAAE,CAAC;QACtC,KAAK,CAAC,IAAI,CAAC,yBAAyB,IAAI,CAAC,oBAAoB,EAAE,CAAC,CAAC;IACnE,CAAC;IACD,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;QACnB,KAAK,CAAC,IAAI,CAAC,cAAc,IAAI,CAAC,SAAS,EAAE,CAAC,CAAC;IAC7C,CAAC;IACD,IAAI,CAAC,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;QAC9B,KAAK,CAAC,IAAI,CAAC,UAAU,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC;IACrC,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,KAAK,UAAU,iBAAiB,CAAC,IAQhC;IACC,MAAM,OAAO,GAAG;QACd,MAAM,EAAE,IAAI,CAAC,MAAM;QACnB,GAAG,EAAE,IAAI,CAAC,GAAG;QACb,OAAO,EAAE,IAAI,CAAC,OAAO,IAAI,IAAI;QAC7B,MAAM,EAAE,IAAI,CAAC,MAAM,IAAI,IAAI;QAC3B,IAAI,EAAE,IAAI,CAAC,IAAI,IAAI,IAAI;QACvB,IAAI,EAAE,IAAI,CAAC,IAAI,IAAI,IAAI;KACxB,CAAC;IAEF,MAAM,MAAM,GAAG,MAAM,UAAU,CAC7B,YAAY,kBAAkB,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,EACnD,OAAO,CAKR,CAAC;IAEF,MAAM,OAAO,GACX,OAAO,MAAM,CAAC,IAAI,KAAK,QAAQ;QAC7B,CAAC,CAAC,MAAM,CAAC,IAAI;QACb,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IAE3C,OAAO,CAAC,WAAW,MAAM,CAAC,WAAW,EAAE,EAAE,UAAU,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC3E,CAAC;AAED,KAAK,UAAU,oBAAoB,CAAC,WAAmB;IACrD,MAAM,IAAI,GAAG,MAAM,SAAS,CAAC,mBAAmB,kBAAkB,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;IACnF,OAAO,CACL,8CAA8C;QAC9C,6EAA6E;QAC7E,uDAAuD;QACvD,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,CAC9B,CAAC;AACJ,CAAC;AAED,8EAA8E;AAC9E,aAAa;AACb,8EAA8E;AAE9E,MAAM,MAAM,GAAG,IAAI,iBAAM,CACvB,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,EACpC,EAAE,YAAY,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE,CAChC,CAAC;AAEF,MAAM,CAAC,iBAAiB,CAAC,iCAAsB,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC;AAEjF,MAAM,CAAC,iBAAiB,CAAC,gCAAqB,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE;IAChE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC;IACjD,MAAM,CAAC,GAAG,CAAC,IAAI,IAAI,EAAE,CAA4B,CAAC;IAElD,IAAI,CAAC;QACH,IAAI,IAAY,CAAC;QAEjB,QAAQ,IAAI,EAAE,CAAC;YACb,KAAK,eAAe;gBAClB,IAAI,GAAG,MAAM,kBAAkB,EAAE,CAAC;gBAClC,MAAM;YAER,KAAK,yBAAyB;gBAC5B,IAAI,OAAO,CAAC,CAAC,YAAY,KAAK,QAAQ;oBAAE,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;gBACpF,IAAI,GAAG,MAAM,2BAA2B,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC;gBACzD,MAAM;YAER,KAAK,cAAc;gBACjB,IAAI,OAAO,CAAC,CAAC,YAAY,KAAK,QAAQ;oBAAE,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;gBACpF,IAAI,OAAO,CAAC,CAAC,MAAM,KAAK,QAAQ;oBAAE,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;gBACxE,IAAI,OAAO,CAAC,CAAC,GAAG,KAAK,QAAQ;oBAAE,MAAM,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAC;gBAClE,IAAI,GAAG,MAAM,iBAAiB,CAAC;oBAC7B,YAAY,EAAE,CAAC,CAAC,YAAY;oBAC5B,MAAM,EAAE,CAAC,CAAC,MAAM;oBAChB,GAAG,EAAE,CAAC,CAAC,GAAG;oBACV,OAAO,EAAE,CAAC,CAAC,OAA6C;oBACxD,MAAM,EAAE,CAAC,CAAC,MAA6C;oBACvD,IAAI,EAAE,CAAC,CAAC,IAA2C;oBACnD,IAAI,EAAE,CAAC,CAAC,IAAI;iBACb,CAAC,CAAC;gBACH,MAAM;YAER,KAAK,iBAAiB;gBACpB,IAAI,OAAO,CAAC,CAAC,YAAY,KAAK,QAAQ;oBAAE,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;gBACpF,IAAI,GAAG,MAAM,oBAAoB,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC;gBAClD,MAAM;YAER;gBACE,MAAM,IAAI,KAAK,CAAC,iBAAiB,IAAI,EAAE,CAAC,CAAC;QAC7C,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;IAC/C,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO;YACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,OAAO,EAAE,EAAE,CAAC;YACtD,OAAO,EAAE,IAAI;SACd,CAAC;IACJ,CAAC;AACH,CAAC,CAAC,CAAC;AAEH,8EAA8E;AAC9E,QAAQ;AACR,8EAA8E;AAE9E,KAAK,UAAU,IAAI;IACjB,MAAM,SAAS,GAAG,IAAI,+BAAoB,EAAE,CAAC;IAC7C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAChC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,qCAAqC,cAAc,IAAI,CAAC,CAAC;AAChF,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;IACnB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,uBAAuB,GAAG,IAAI,CAAC,CAAC;IACrD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}

package/package.json CHANGED Viewed

@@ -1,48 +1,32 @@
 {
   "name": "@clavisagent/mcp-server",
-  "version": "0.1.0",
-  "description": "MCP server for secure credential management. Handles encrypted storage, auto token refresh, and rate limiting for Claude Desktop and AI agents.",
-  "type": "module",
-  "author": "Clavis",
-  "license": "MIT",
-  "homepage": "https://clavisagent.com",
-  "keywords": [
-    "mcp",
-    "model-context-protocol",
-    "claude",
-    "anthropic",
-    "credentials",
-    "authentication",
-    "api-keys",
-    "oauth",
-    "token-refresh",
-    "rate-limiting",
-    "ai-agents",
-    "security"
-  ],
+  "version": "0.1.1",
+  "description": "MCP server for Clavis — secure credential management for Claude Desktop",
+  "main": "dist/index.js",
   "bin": {
-    "clavis-mcp": "./dist/index.js"
+    "clavis-mcp": "dist/index.js"
   },
-  "main": "./dist/index.js",
-  "files": [
-    "dist/",
-    "README.md",
-    "LICENSE"
-  ],
   "scripts": {
     "build": "tsc",
-    "dev": "tsc --watch",
-    "start": "node dist/index.js"
+    "start": "node dist/index.js",
+    "dev": "ts-node src/index.ts"
   },
   "dependencies": {
-    "@modelcontextprotocol/sdk": "^1.9.0",
-    "zod": "^3.23.8"
+    "@modelcontextprotocol/sdk": "^1.0.0",
+    "node-fetch": "^3.3.2"
   },
   "devDependencies": {
-    "@types/node": "^22.0.0",
-    "typescript": "^5.5.0"
+    "@types/node": "^20.0.0",
+    "typescript": "^5.4.0",
+    "ts-node": "^10.9.0"
   },
   "engines": {
     "node": ">=18"
-  }
+  },
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/KN0WBOT/clavis"
+  },
+  "keywords": ["mcp", "clavis", "credentials", "claude", "ai-agents"]
 }

package/src/index.ts ADDED Viewed

@@ -0,0 +1,342 @@
+#!/usr/bin/env node
+/**
+ * Clavis MCP Server
+ *
+ * Exposes Clavis credential management to Claude Desktop via the
+ * Model Context Protocol. Credentials are injected server-side —
+ * Claude never sees raw API keys.
+ */
+import { Server } from "@modelcontextprotocol/sdk/server/index.js";
+import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
+import {
+  CallToolRequestSchema,
+  ListToolsRequestSchema,
+  Tool,
+} from "@modelcontextprotocol/sdk/types.js";
+// ---------------------------------------------------------------------------
+// Config from environment
+// ---------------------------------------------------------------------------
+const CLAVIS_API_URL = (process.env.CLAVIS_API_URL ?? "http://localhost:8000").replace(/\/$/, "");
+const CLAVIS_API_KEY = process.env.CLAVIS_API_KEY ?? "";
+if (!CLAVIS_API_KEY) {
+  process.stderr.write(
+    "[clavis-mcp] WARNING: CLAVIS_API_KEY is not set. All requests will fail with 401.\n"
+  );
+}
+const AUTH_HEADERS: Record<string, string> = {
+  Authorization: `Bearer ${CLAVIS_API_KEY}`,
+  "Content-Type": "application/json",
+};
+// ---------------------------------------------------------------------------
+// Clavis API helpers
+// ---------------------------------------------------------------------------
+async function clavisGet(path: string): Promise<unknown> {
+  const { default: fetch } = await import("node-fetch");
+  const url = `${CLAVIS_API_URL}${path}`;
+  const res = await fetch(url, { headers: AUTH_HEADERS });
+  const body = await res.json() as unknown;
+  if (!res.ok) {
+    const detail = (body as { detail?: string }).detail ?? res.statusText;
+    throw new Error(`Clavis API error ${res.status}: ${detail}`);
+  }
+  return body;
+}
+async function clavisPost(path: string, payload: unknown): Promise<unknown> {
+  const { default: fetch } = await import("node-fetch");
+  const url = `${CLAVIS_API_URL}${path}`;
+  const res = await fetch(url, {
+    method: "POST",
+    headers: AUTH_HEADERS,
+    body: JSON.stringify(payload),
+  });
+  const body = await res.json() as unknown;
+  if (!res.ok) {
+    const detail = (body as { detail?: string }).detail ?? res.statusText;
+    throw new Error(`Clavis API error ${res.status}: ${detail}`);
+  }
+  return body;
+}
+// ---------------------------------------------------------------------------
+// Tool definitions
+// ---------------------------------------------------------------------------
+const TOOLS: Tool[] = [
+  {
+    name: "list_services",
+    description:
+      "List all services with stored credentials in Clavis. Returns service names and connector types.",
+    inputSchema: {
+      type: "object",
+      properties: {},
+      required: [],
+    },
+  },
+  {
+    name: "check_credential_status",
+    description:
+      "Check credential health for a service without making any external API call. " +
+      "Returns validity, expiry, and rate-limit info. Safe to call frequently as a health check.",
+    inputSchema: {
+      type: "object",
+      properties: {
+        service_name: {
+          type: "string",
+          description: "Name of the service to check (e.g. 'openai', 'stripe')",
+        },
+      },
+      required: ["service_name"],
+    },
+  },
+  {
+    name: "call_service",
+    description:
+      "RECOMMENDED: Make an API call with server-side credential injection. " +
+      "The credential is fetched from the Clavis vault and injected into the upstream request. " +
+      "Claude never sees the raw API key — this is the secure way to call external APIs.",
+    inputSchema: {
+      type: "object",
+      properties: {
+        service_name: {
+          type: "string",
+          description: "Name of the Clavis service whose credentials to inject (e.g. 'openai')",
+        },
+        method: {
+          type: "string",
+          enum: ["GET", "POST", "PUT", "PATCH", "DELETE"],
+          description: "HTTP method",
+        },
+        url: {
+          type: "string",
+          description:
+            "Full URL to call. Must be on the service's allowed domain (SSRF protection).",
+        },
+        headers: {
+          type: "object",
+          description: "Additional request headers (optional)",
+          additionalProperties: { type: "string" },
+        },
+        params: {
+          type: "object",
+          description: "URL query parameters (optional)",
+          additionalProperties: true,
+        },
+        json: {
+          type: "object",
+          description: "JSON request body (optional, mutually exclusive with data)",
+          additionalProperties: true,
+        },
+        data: {
+          description: "Form-encoded body (optional, mutually exclusive with json)",
+        },
+      },
+      required: ["service_name", "method", "url"],
+    },
+  },
+  {
+    name: "get_credentials",
+    description:
+      "LEGACY — returns raw credential data. Prefer call_service for security: " +
+      "call_service injects credentials server-side so Claude never sees raw keys. " +
+      "Use this only if you need the credential value directly.",
+    inputSchema: {
+      type: "object",
+      properties: {
+        service_name: {
+          type: "string",
+          description: "Name of the service (e.g. 'openai', 'stripe')",
+        },
+      },
+      required: ["service_name"],
+    },
+  },
+];
+// ---------------------------------------------------------------------------
+// Tool handlers
+// ---------------------------------------------------------------------------
+async function handleListServices(): Promise<string> {
+  const data = await clavisGet("/v1/services") as { items?: unknown[]; services?: unknown[] } | unknown[];
+  const items: unknown[] = Array.isArray(data)
+    ? data
+    : (data as { items?: unknown[]; services?: unknown[] }).items
+      ?? (data as { services?: unknown[] }).services
+      ?? [];
+  if (items.length === 0) {
+    return "No services registered in Clavis yet. Add one via the Clavis API or dashboard.";
+  }
+  const lines = items.map((s) => {
+    const svc = s as { name?: string; service_name?: string; connector_name?: string };
+    const name = svc.name ?? svc.service_name ?? "unknown";
+    const connector = svc.connector_name ? ` (${svc.connector_name})` : "";
+    return `- ${name}${connector}`;
+  });
+  return `${items.length} service(s) registered:\n${lines.join("\n")}`;
+}
+async function handleCheckCredentialStatus(serviceName: string): Promise<string> {
+  const data = await clavisGet(`/v1/credentials/${encodeURIComponent(serviceName)}/check`) as {
+    valid?: boolean;
+    status?: string;
+    expires_in?: number | null;
+    rate_limit_remaining?: number | null;
+    last_used?: string | null;
+    error?: string;
+  };
+  const lines: string[] = [
+    `Service: ${serviceName}`,
+    `Valid: ${data.valid ? "yes" : "no"}`,
+    `Status: ${data.status ?? "unknown"}`,
+  ];
+  if (data.expires_in != null) {
+    const mins = Math.floor(data.expires_in / 60);
+    lines.push(`Expires in: ${mins > 0 ? `${mins} minutes` : "< 1 minute"}`);
+  }
+  if (data.rate_limit_remaining != null) {
+    lines.push(`Rate limit remaining: ${data.rate_limit_remaining}`);
+  }
+  if (data.last_used) {
+    lines.push(`Last used: ${data.last_used}`);
+  }
+  if (!data.valid && data.error) {
+    lines.push(`Error: ${data.error}`);
+  }
+  return lines.join("\n");
+}
+async function handleCallService(args: {
+  service_name: string;
+  method: string;
+  url: string;
+  headers?: Record<string, string>;
+  params?: Record<string, unknown>;
+  json?: Record<string, unknown>;
+  data?: unknown;
+}): Promise<string> {
+  const payload = {
+    method: args.method,
+    url: args.url,
+    headers: args.headers ?? null,
+    params: args.params ?? null,
+    json: args.json ?? null,
+    data: args.data ?? null,
+  };
+  const result = await clavisPost(
+    `/v1/call/${encodeURIComponent(args.service_name)}`,
+    payload
+  ) as {
+    status_code: number;
+    headers: Record<string, string>;
+    body: unknown;
+  };
+  const bodyStr =
+    typeof result.body === "string"
+      ? result.body
+      : JSON.stringify(result.body, null, 2);
+  return [`Status: ${result.status_code}`, `Body:\n${bodyStr}`].join("\n");
+}
+async function handleGetCredentials(serviceName: string): Promise<string> {
+  const data = await clavisGet(`/v1/credentials/${encodeURIComponent(serviceName)}`);
+  return (
+    "WARNING: This returned raw credential data. " +
+    "For future calls, prefer call_service — it injects credentials server-side " +
+    "so this conversation never contains raw API keys.\n\n" +
+    JSON.stringify(data, null, 2)
+  );
+}
+// ---------------------------------------------------------------------------
+// MCP Server
+// ---------------------------------------------------------------------------
+const server = new Server(
+  { name: "clavis", version: "0.1.1" },
+  { capabilities: { tools: {} } }
+);
+server.setRequestHandler(ListToolsRequestSchema, async () => ({ tools: TOOLS }));
+server.setRequestHandler(CallToolRequestSchema, async (request) => {
+  const { name, arguments: args } = request.params;
+  const a = (args ?? {}) as Record<string, unknown>;
+  try {
+    let text: string;
+    switch (name) {
+      case "list_services":
+        text = await handleListServices();
+        break;
+      case "check_credential_status":
+        if (typeof a.service_name !== "string") throw new Error("service_name is required");
+        text = await handleCheckCredentialStatus(a.service_name);
+        break;
+      case "call_service":
+        if (typeof a.service_name !== "string") throw new Error("service_name is required");
+        if (typeof a.method !== "string") throw new Error("method is required");
+        if (typeof a.url !== "string") throw new Error("url is required");
+        text = await handleCallService({
+          service_name: a.service_name,
+          method: a.method,
+          url: a.url,
+          headers: a.headers as Record<string, string> | undefined,
+          params: a.params as Record<string, unknown> | undefined,
+          json: a.json as Record<string, unknown> | undefined,
+          data: a.data,
+        });
+        break;
+      case "get_credentials":
+        if (typeof a.service_name !== "string") throw new Error("service_name is required");
+        text = await handleGetCredentials(a.service_name);
+        break;
+      default:
+        throw new Error(`Unknown tool: ${name}`);
+    }
+    return { content: [{ type: "text", text }] };
+  } catch (err) {
+    const message = err instanceof Error ? err.message : String(err);
+    return {
+      content: [{ type: "text", text: `Error: ${message}` }],
+      isError: true,
+    };
+  }
+});
+// ---------------------------------------------------------------------------
+// Start
+// ---------------------------------------------------------------------------
+async function main(): Promise<void> {
+  const transport = new StdioServerTransport();
+  await server.connect(transport);
+  process.stderr.write(`[clavis-mcp] Server started. API: ${CLAVIS_API_URL}\n`);
+}
+main().catch((err) => {
+  process.stderr.write(`[clavis-mcp] Fatal: ${err}\n`);
+  process.exit(1);
+});

package/tsconfig.json ADDED Viewed

@@ -0,0 +1,17 @@
+{
+  "compilerOptions": {
+    "target": "ES2022",
+    "module": "Node16",
+    "moduleResolution": "Node16",
+    "outDir": "./dist",
+    "rootDir": "./src",
+    "strict": true,
+    "esModuleInterop": true,
+    "skipLibCheck": true,
+    "declaration": true,
+    "declarationMap": true,
+    "sourceMap": true
+  },
+  "include": ["src/**/*"],
+  "exclude": ["node_modules", "dist"]
+}