@cronicorn/mcp-server 1.15.0 → 1.16.0

package/dist/docs/developers/authentication.md

@@ -1,7 +1,7 @@
 ---
 id: developer-authentication
 title: Authentication Configuration
-description: Configure authentication methods for your Cronicorn deployment
+description: Configure GitHub OAuth, API keys, and programmatic access
 tags:
   - developer
   - configuration
@@ -14,45 +14,22 @@ mcp:
 
 # Authentication Configuration
 
-Cronicorn supports two authentication methods. At least one must be enabled.
+> **Getting started?** See [Quick Start](./quick-start.md) - no configuration required for local development.
 
-## Quick Reference
+This guide covers advanced authentication setup: GitHub OAuth for production, API keys, and programmatic access.
 
-```bash
-# Admin User (local dev, CI/CD)
-ADMIN_USER_EMAIL=admin@example.com
-ADMIN_USER_PASSWORD=your-secure-password-min-8-chars
-
-# GitHub OAuth (production)
-GITHUB_CLIENT_ID=your_github_client_id
-GITHUB_CLIENT_SECRET=your_github_client_secret
-```
-
-**Choose based on your use case:**
-- **Local Dev**: Admin user only (no OAuth setup needed)
-- **Production**: GitHub OAuth (for multiple users)
-- **Hybrid**: Both (admins use email, users use GitHub)
-
-## Admin User Setup
-
-Perfect for development and self-hosting.
-
-**1. Edit `.env`:**
-```bash
-ADMIN_USER_EMAIL=admin@example.com
-ADMIN_USER_PASSWORD=your-secure-password
-ADMIN_USER_NAME=Admin  # Optional
-```
-
-**2. Restart the app** - admin user auto-created on startup
+## Authentication Methods
 
-**3. Login** at `http://localhost:5173/login` with your email/password
-
-**Benefits**: ✅ No OAuth app needed, ✅ Works offline, ✅ Perfect for CI/CD
+| Method | Use Case | Setup Required |
+|--------|----------|----------------|
+| Admin User | Local dev, self-hosting | None (works by default) |
+| GitHub OAuth | Production with multiple users | GitHub OAuth app |
+| API Keys | Service-to-service | Generate in web UI |
+| Bearer Tokens | CLI/AI agents | Device authorization flow |
 
 ## GitHub OAuth Setup
 
-Best for production with multiple users.
+Best for production deployments with multiple users.
 
 **1. [Create GitHub OAuth app](https://github.com/settings/developers)**
 
@@ -60,7 +37,7 @@ Best for production with multiple users.
 ```
 ${BETTER_AUTH_URL}/api/auth/callback/github
 ```
-Example: `http://localhost:3333/api/auth/callback/github`
+Example: `https://api.yourdomain.com/api/auth/callback/github`
 
 **3. Add to `.env`:**
 ```bash
@@ -68,110 +45,77 @@ GITHUB_CLIENT_ID=your_client_id
 GITHUB_CLIENT_SECRET=your_client_secret
 ```
 
-**4. Login** - click "Sign in with GitHub" button
-
-## Validation Rules
+**4. Restart the app** - "Sign in with GitHub" button will appear
 
-**At least one method required.** App validates on startup:
-
-| Configuration | Status |
-|---------------|--------|
-| Admin user only | ✅ Works |
-| GitHub OAuth only | ✅ Works |
-| Both enabled | ✅ Works |
-| Neither enabled | ❌ Fails |
+## Programmatic Access
 
-## Required Environment Variables
+### API Keys
 
-### Base Config (Always Required)
+Generate in web UI at `/settings/api-keys`:
 
 ```bash
-DATABASE_URL=postgresql://user:password@localhost:6666/db
-BETTER_AUTH_SECRET=$(openssl rand -base64 32)
-BETTER_AUTH_URL=http://localhost:3333
-WEB_URL=http://localhost:5173
+curl -H "X-API-Key: your-api-key" \
+  http://localhost:3333/api/jobs
 ```
 
-### Admin User (Optional*)
-
-| Variable | Description |
-|----------|-------------|
-| `ADMIN_USER_EMAIL` | Valid email address |
-| `ADMIN_USER_PASSWORD` | Minimum 8 characters |
-| `ADMIN_USER_NAME` | Display name (optional) |
-
-*Required if GitHub OAuth not configured
-
-### GitHub OAuth (Optional*)
-
-| Variable | Description |
-|----------|-------------|
-| `GITHUB_CLIENT_ID` | From GitHub OAuth app |
-| `GITHUB_CLIENT_SECRET` | From GitHub OAuth app |
-
-*Required if admin user not configured
-
-## Common Issues
-
-### Admin user not created
+### Bearer Tokens (CLI/AI Agents)
 
-1. Check both `ADMIN_USER_EMAIL` and `ADMIN_USER_PASSWORD` are in `.env`
-2. Restart the application
-3. Check logs for "Admin user created successfully"
+Use the OAuth device authorization flow:
 
-### Login returns 404
+```bash
+# 1. Initiate device flow
+curl -X POST http://localhost:3333/api/auth/device/code
 
-1. Restart API server after changing `.env`
-2. Verify: `curl http://localhost:3333/api/auth/config`
+# 2. User authorizes in browser at the provided URL
 
-### Wrong credentials
+# 3. Poll for token
+curl -X POST http://localhost:3333/api/auth/device/token \
+  -d "device_code=DEVICE_CODE"
 
-1. Check email/password match `.env` exactly (case-sensitive)
-2. Password must be at least 8 characters
-3. Remove any extra whitespace
+# 4. Use in API requests
+curl -H "Authorization: Bearer TOKEN" \
+  http://localhost:3333/api/jobs
+```
 
 ## Production Configuration
 
-**Admin for emergency access:**
 ```bash
+# Required: Secure secret (generate with: openssl rand -base64 32)
+BETTER_AUTH_SECRET=your-secure-random-secret-min-32-chars
+
+# Required: Production URLs
+BETTER_AUTH_URL=https://api.yourdomain.com
+WEB_URL=https://yourdomain.com
+
+# Option A: Admin user for emergency access
 ADMIN_USER_EMAIL=admin@yourdomain.com
 ADMIN_USER_PASSWORD=${SECRET_FROM_VAULT}
-```
 
-**GitHub for regular users:**
-```bash
+# Option B: GitHub OAuth for regular users
 GITHUB_CLIENT_ID=${GITHUB_CLIENT_ID}
 GITHUB_CLIENT_SECRET=${GITHUB_CLIENT_SECRET}
-BETTER_AUTH_URL=https://api.yourdomain.com
-WEB_URL=https://yourdomain.com
 ```
 
-**Security**: Use secrets manager, not plain `.env` files
+> ⚠️ **Security**: Use a secrets manager in production, not plain `.env` files.
 
-## Programmatic Access
-
-### Bearer Tokens (CLI/AI Agents)
-
-```bash
-# 1. Initiate device flow
-curl -X POST http://localhost:3333/api/auth/device/code
+## Validation Rules
 
-# 2. User authorizes in browser
+At least one authentication method must be configured:
 
-# 3. Poll for token
-curl -X POST http://localhost:3333/api/auth/device/token \
-  -d "device_code=DEVICE_CODE"
+| Configuration | Status |
+|---------------|--------|
+| Admin user only | ✅ Works |
+| GitHub OAuth only | ✅ Works |
+| Both enabled | ✅ Works |
+| Neither enabled | ❌ App won't start |
 
-# 4. Use in API requests
-curl -H "Authorization: Bearer TOKEN" \
-  http://localhost:3333/api/jobs
-```
+## Troubleshooting
 
-### API Keys
+**Login returns 404?**  
+→ Restart API server after changing `.env`
 
-Generate in web UI at `/settings/api-keys`:
+**Admin user not created?**  
+→ Run `pnpm db:seed` or check logs for "Admin user created"
 
-```bash
-curl -H "X-API-Key: your-api-key" \
-  http://localhost:3333/api/jobs
-```
+**GitHub OAuth not working?**  
+→ Verify callback URL matches `${BETTER_AUTH_URL}/api/auth/callback/github`

package/dist/docs/developers/environment-configuration.md

@@ -1,197 +1,103 @@
 ---
 id: environment-configuration
 title: Environment Configuration
-description: Understanding Cronicorn's zero-config approach and environment variables
+description: Complete reference for all Cronicorn environment variables
 tags:
   - developer
   - configuration
-  - setup
-sidebar_position: 2
+  - reference
+sidebar_position: 3
 ---
 
 # Environment Configuration
 
-## Zero-Config Local Development
+> **Getting started?** See [Quick Start](./quick-start.md) - no configuration required for local development.
 
-Cronicorn is designed for **zero-configuration local development**. All environment variables have sensible defaults, so you can run the entire stack without creating a `.env` file.
+This is the complete reference for all environment variables. Local development works out of the box with sensible defaults.
 
-```bash
-# That's it - no .env file needed!
-pnpm install
-pnpm db
-pnpm db:migrate
-pnpm dev
-```
-
-Login at http://localhost:5173 with:
-- Email: `admin@example.com`
-- Password: `devpassword`
-
-## How It Works
-
-### Centralized Defaults
+## Default Values
 
-All default values are maintained in a single package: `@cronicorn/config-defaults`
+All defaults are maintained in `@cronicorn/config-defaults` for consistency across apps.
 
-This ensures:
-- **Consistency** - Same defaults across all apps (API, scheduler, ai-planner, web)
-- **Maintainability** - One place to update defaults
-- **Type safety** - TypeScript constants prevent typos
-- **Security** - Production validation prevents using dev defaults
+### Development Defaults (No .env Required)
 
-### Development Defaults
+| Category | Variable | Default |
+|----------|----------|---------|
+| **Auth** | `ADMIN_USER_EMAIL` | `admin@example.com` |
+| | `ADMIN_USER_PASSWORD` | `devpassword` |
+| | `BETTER_AUTH_SECRET` | `dev-secret-DO-NOT-USE...` |
+| **Database** | `DATABASE_URL` | `postgresql://user:password@localhost:6666/db` |
+| **URLs** | `BETTER_AUTH_URL` | `http://localhost:3333` |
+| | `WEB_URL` | `http://localhost:5173` |
+| | `API_URL` | `http://localhost:3333` |
+| **Ports** | `API_PORT` | `3333` |
+| | `WEB_PORT` | `5173` |
+| | `DB_PORT` | `6666` |
+| **Stripe** | `STRIPE_SECRET_KEY` | `sk_test_dummy_key...` |
+| | `STRIPE_WEBHOOK_SECRET` | `whsec_test_dummy...` |
 
-| Category | Variable | Default Value |
-|----------|----------|---------------|
-| **Ports** | API_PORT | 3333 |
-| | WEB_PORT | 5173 |
-| | DB_PORT | 6666 |
-| **Database** | DATABASE_URL | postgresql://user:password@localhost:6666/db |
-| **Auth** | ADMIN_USER_EMAIL | admin@example.com |
-| | ADMIN_USER_PASSWORD | devpassword |
-| | BETTER_AUTH_SECRET | dev-secret-DO-NOT-USE-IN-PRODUCTION-min32chars |
-| **URLs** | BETTER_AUTH_URL | http://localhost:3333 |
-| | WEB_URL | http://localhost:5173 |
-| | API_URL | http://localhost:3333 |
-| **Stripe** | STRIPE_SECRET_KEY | sk_test_dummy_key_for_local_dev_only |
-| | STRIPE_WEBHOOK_SECRET | whsec_test_dummy_secret_for_local_dev |
+⚠️ **Security**: These defaults are for local development only. Production must override them.
 
-⚠️ **Security Warning**: These are insecure defaults for local development only. Production deployments MUST override these values.
+## Customizing for Local Development
 
-## Customizing Configuration
-
-
-### Full Configuration (.env.example)
-
-For production or advanced setup:
+To override defaults locally, create a `.env` file:
 
 ```bash
-# Copy the full example
 cp .env.example .env
-
-# Edit with your production values
-vim .env
+# Edit only the variables you need to change
 ```
 
-See all available variables with descriptions in `.env.example`.
-
 ## Production Deployment
 
-### Required Changes
-
-Production deployments MUST set these variables:
+Production deployments MUST override these variables:
 
 ```bash
 # 1. Secure auth secret (generate with: openssl rand -base64 32)
 BETTER_AUTH_SECRET=your-secure-random-secret-min-32-chars
 
-# 2. Choose authentication method:
-# Option A: Admin User
+# 2. Production URLs
+WEB_URL=https://yourdomain.com
+API_URL=https://api.yourdomain.com
+BETTER_AUTH_URL=https://api.yourdomain.com
+
+# 3. Authentication (at least one required)
 ADMIN_USER_EMAIL=admin@yourcompany.com
 ADMIN_USER_PASSWORD=strong-unique-password
-
-# Option B: GitHub OAuth
+# OR
 GITHUB_CLIENT_ID=your_github_client_id
 GITHUB_CLIENT_SECRET=your_github_client_secret
 
-# 3. Real Stripe keys (if using payments)
+# 4. Stripe (if using payments)
 STRIPE_SECRET_KEY=sk_live_your_production_key
 STRIPE_WEBHOOK_SECRET=whsec_your_production_webhook_secret
-STRIPE_PRICE_PRO=price_live_pro_monthly
-STRIPE_PRICE_ENTERPRISE=price_live_enterprise_monthly
-
-# 4. Production URLs
-BASE_URL=https://your-production-domain.com
-WEB_URL=https://your-production-domain.com
-API_URL=https://api.your-production-domain.com
-BETTER_AUTH_URL=https://api.your-production-domain.com
 ```
 
-### Production Validation
+The app validates on startup and exits if dev defaults are used in production.
 
-The application automatically validates that dev defaults are not used in production:
-
-```typescript
-// Automatically runs on startup in production
-if (NODE_ENV === "production") {
-  // Checks BETTER_AUTH_SECRET, ADMIN_USER_PASSWORD, STRIPE_SECRET_KEY
-  // Exits with error if using dev defaults
-}
-```
+## Architecture
 
-## Configuration Architecture
-
-### Per-App Config Files
-
-Each app has its own configuration file that imports shared defaults:
+Defaults are centralized in `@cronicorn/config-defaults` and imported by each app:
 
 ```
-apps/
-  api/src/lib/config.ts          # API server config
-  scheduler/src/index.ts          # Scheduler worker config  
-  ai-planner/src/index.ts         # AI planner config
-  web/src/config.ts               # Web app config
+packages/config-defaults/src/index.ts  # Single source of truth
+apps/api/src/lib/config.ts             # API imports defaults
+apps/scheduler/src/index.ts            # Scheduler imports defaults
+apps/web/src/config.ts                 # Web imports defaults
 ```
 
-### Shared Defaults Package
-
-```
-packages/
-  config-defaults/
-    src/index.ts                  # Single source of truth
-    README.md                     # Usage documentation
-```
-
-## Best Practices
-
-### Local Development
-- ✅ Use defaults (empty .env or .env.minimal)
-- ✅ Override only what you need to test
-- ✅ Keep .env out of git (already in .gitignore)
-
-### Production
-- ✅ Set all required variables explicitly
-- ✅ Use secure secrets (never dev defaults)
-- ✅ Validate with `NODE_ENV=production` locally first
-- ✅ Use environment-specific .env files (.env.production, .env.staging)
-
-### Team Development
-- ✅ Document custom local overrides in team wiki (not in .env)
-- ✅ Keep .env.example up to date
-- ✅ Use the same default ports to avoid conflicts
-- ✅ Update shared defaults in config-defaults package only
-
 ## Troubleshooting
 
-### "Cannot find module @cronicorn/config-defaults"
-
-Run `pnpm build:packages` to build the shared config package:
-
-```bash
-pnpm build:packages
-```
-
-### "Environment variable validation failed"
-
-Check the error message for which variable is invalid:
+**"Cannot find module @cronicorn/config-defaults"**  
+→ Run `pnpm build:packages`
 
-```bash
-# See current environment
-pnpm exec dotenv -e .env -- env | grep -E "(DATABASE_URL|STRIPE|ADMIN|GITHUB)"
-```
+**"Environment variable validation failed"**  
+→ Check the error message for which variable is invalid
 
-### "Auth not working in production"
-
-Ensure you've overridden the dev defaults:
-
-```bash
-# Never use these in production:
-ADMIN_USER_PASSWORD=devpassword  # ❌
-BETTER_AUTH_SECRET=dev-secret-DO-NOT-USE-IN-PRODUCTION-min32chars  # ❌
-```
+**"Auth not working in production"**  
+→ Ensure you've overridden `BETTER_AUTH_SECRET` and `ADMIN_USER_PASSWORD`
 
 ## Related
 
-- **[Quick Start](./quick-start.md)** - Get started with development
-- **[Quality Checks](./quality-checks.md)** - Testing and validation
+- **[Quick Start](./quick-start.md)** - Get running with zero config
+- **[Authentication](./authentication.md)** - GitHub OAuth, API keys, programmatic access
 - **[Workspace Structure](./workspace-structure.md)** - Project organization

package/dist/docs/developers/quick-start.md

@@ -1,7 +1,7 @@
 ---
 id: developer-quick-start
 title: Developer Quick Start
-description: Set up your Cronicorn development environment in 4 steps
+description: Set up your Cronicorn development environment with zero configuration
 tags:
   - developer
   - essential
@@ -14,44 +14,46 @@ mcp:
 
 # Developer Quick Start
 
-Get Cronicorn running locally in 4 steps.
+Get Cronicorn running locally with **zero configuration**.
 
 ## Prerequisites
 
 - Node.js 24+ and pnpm 10+
 - Docker (for PostgreSQL)
 
-## Setup
+## Setup (No .env Required)
 
 ```bash
 # 1. Clone and install
 git clone https://github.com/weskerllc/cronicorn.git
 cd cronicorn
-pnpm install  # Auto-builds packages
+pnpm install
 
-# 2. Configure authentication (optional - use defaults)
-cp .env.example .env
-# Edit .env and uncomment ADMIN_USER_EMAIL and ADMIN_USER_PASSWORD
-# Or leave as-is to use GitHub OAuth (requires setup)
-
-# 3. Start database
+# 2. Start database
 pnpm db
 
-# 4. Run migrations
+# 3. Run migrations
 pnpm db:migrate
 
+# 4. Seed demo data (OPTIONAL: seeds sample data)
+pnpm db:seed
+
 # 5. Start development
 pnpm dev
 ```
 
-**Login**: Open http://localhost:5173
+**That's it!** No `.env` file needed for local development.
+
+## Login
 
-- **Admin User**: Use email/password from your `.env` file
-- **GitHub OAuth**: Click "Sign in with GitHub" (if configured)
+Open http://localhost:5173 and login with:
 
-> 💡 **Tip**: For local dev, uncomment the admin user credentials in `.env` for instant login without OAuth setup.
+| Field | Value |
+|-------|-------|
+| Email | `admin@example.com` |
+| Password | `devpassword` |
 
-> ⚠️ You'll see a warning about `OPENAI_API_KEY` - this is normal. AI features are optional.
+> 💡 **For AI Agents**: The app works out of the box with default credentials. No environment variables or configuration required.
 
 ## Common Commands
 
@@ -62,18 +64,24 @@ pnpm dev
 | `pnpm dev:web` | Web app only |
 | `pnpm db` | Start PostgreSQL |
 | `pnpm db:migrate` | Run migrations |
-| `pnpm db:reset` | Reset db |
-| `pnpm db:generate` | Generate migrations when you make schema changes |
-| `pnpm studio` | Database Browser |
+| `pnpm db:seed` | Seed demo data |
+| `pnpm db:reset` | Reset database |
+| `pnpm db:generate` | Generate migrations after schema changes |
+| `pnpm studio` | Database browser |
 | `pnpm build` | Production build |
 
 ## Troubleshooting
 
 **Can't login?**  
-→ Check `.env` has either admin user credentials uncommented OR GitHub OAuth configured
+→ Run `pnpm db:seed` to create the admin user
 
 **Module errors?**  
 → `pnpm build:packages`
 
 **Database errors?**  
 → Ensure Docker is running, then `pnpm db`
+
+## Next Steps
+
+- **[Environment Configuration](./environment-configuration.md)** - Customize settings or configure for production
+- **[Authentication](./authentication.md)** - Set up GitHub OAuth or API keys