@cyanheads/libofcongress-mcp-server 0.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (64) hide show
  1. package/AGENTS.md +388 -0
  2. package/CLAUDE.md +388 -0
  3. package/Dockerfile +83 -0
  4. package/LICENSE +201 -0
  5. package/README.md +316 -0
  6. package/changelog/0.1.x/0.1.0.md +22 -0
  7. package/changelog/0.1.x/0.1.1.md +29 -0
  8. package/changelog/0.2.x/0.2.0.md +13 -0
  9. package/changelog/0.2.x/0.2.1.md +14 -0
  10. package/changelog/template.md +119 -0
  11. package/dist/config/server-config.d.ts +13 -0
  12. package/dist/config/server-config.d.ts.map +1 -0
  13. package/dist/config/server-config.js +25 -0
  14. package/dist/config/server-config.js.map +1 -0
  15. package/dist/index.d.ts +7 -0
  16. package/dist/index.d.ts.map +1 -0
  17. package/dist/index.js +35 -0
  18. package/dist/index.js.map +1 -0
  19. package/dist/mcp-server/resources/definitions/libofcongress-item.resource.d.ts +9 -0
  20. package/dist/mcp-server/resources/definitions/libofcongress-item.resource.d.ts.map +1 -0
  21. package/dist/mcp-server/resources/definitions/libofcongress-item.resource.js +24 -0
  22. package/dist/mcp-server/resources/definitions/libofcongress-item.resource.js.map +1 -0
  23. package/dist/mcp-server/tools/definitions/libofcongress-browse-collections.tool.d.ts +35 -0
  24. package/dist/mcp-server/tools/definitions/libofcongress-browse-collections.tool.d.ts.map +1 -0
  25. package/dist/mcp-server/tools/definitions/libofcongress-browse-collections.tool.js +119 -0
  26. package/dist/mcp-server/tools/definitions/libofcongress-browse-collections.tool.js.map +1 -0
  27. package/dist/mcp-server/tools/definitions/libofcongress-get-item.tool.d.ts +32 -0
  28. package/dist/mcp-server/tools/definitions/libofcongress-get-item.tool.d.ts.map +1 -0
  29. package/dist/mcp-server/tools/definitions/libofcongress-get-item.tool.js +97 -0
  30. package/dist/mcp-server/tools/definitions/libofcongress-get-item.tool.js.map +1 -0
  31. package/dist/mcp-server/tools/definitions/libofcongress-get-newspaper-page.tool.d.ts +29 -0
  32. package/dist/mcp-server/tools/definitions/libofcongress-get-newspaper-page.tool.d.ts.map +1 -0
  33. package/dist/mcp-server/tools/definitions/libofcongress-get-newspaper-page.tool.js +89 -0
  34. package/dist/mcp-server/tools/definitions/libofcongress-get-newspaper-page.tool.js.map +1 -0
  35. package/dist/mcp-server/tools/definitions/libofcongress-search-newspapers.tool.d.ts +40 -0
  36. package/dist/mcp-server/tools/definitions/libofcongress-search-newspapers.tool.d.ts.map +1 -0
  37. package/dist/mcp-server/tools/definitions/libofcongress-search-newspapers.tool.js +162 -0
  38. package/dist/mcp-server/tools/definitions/libofcongress-search-newspapers.tool.js.map +1 -0
  39. package/dist/mcp-server/tools/definitions/libofcongress-search-subjects.tool.d.ts +24 -0
  40. package/dist/mcp-server/tools/definitions/libofcongress-search-subjects.tool.d.ts.map +1 -0
  41. package/dist/mcp-server/tools/definitions/libofcongress-search-subjects.tool.js +86 -0
  42. package/dist/mcp-server/tools/definitions/libofcongress-search-subjects.tool.js.map +1 -0
  43. package/dist/mcp-server/tools/definitions/libofcongress-search.tool.d.ts +50 -0
  44. package/dist/mcp-server/tools/definitions/libofcongress-search.tool.d.ts.map +1 -0
  45. package/dist/mcp-server/tools/definitions/libofcongress-search.tool.js +171 -0
  46. package/dist/mcp-server/tools/definitions/libofcongress-search.tool.js.map +1 -0
  47. package/dist/services/lc-linked-data/lc-linked-data-service.d.ts +17 -0
  48. package/dist/services/lc-linked-data/lc-linked-data-service.d.ts.map +1 -0
  49. package/dist/services/lc-linked-data/lc-linked-data-service.js +71 -0
  50. package/dist/services/lc-linked-data/lc-linked-data-service.js.map +1 -0
  51. package/dist/services/lc-linked-data/types.d.ts +11 -0
  52. package/dist/services/lc-linked-data/types.d.ts.map +1 -0
  53. package/dist/services/lc-linked-data/types.js +6 -0
  54. package/dist/services/lc-linked-data/types.js.map +1 -0
  55. package/dist/services/loc-api/loc-api-service.d.ts +65 -0
  56. package/dist/services/loc-api/loc-api-service.d.ts.map +1 -0
  57. package/dist/services/loc-api/loc-api-service.js +418 -0
  58. package/dist/services/loc-api/loc-api-service.js.map +1 -0
  59. package/dist/services/loc-api/types.d.ts +156 -0
  60. package/dist/services/loc-api/types.d.ts.map +1 -0
  61. package/dist/services/loc-api/types.js +6 -0
  62. package/dist/services/loc-api/types.js.map +1 -0
  63. package/package.json +92 -0
  64. package/server.json +127 -0
package/AGENTS.md ADDED
@@ -0,0 +1,388 @@
1
+ # Developer Protocol
2
+
3
+ **Server:** libofcongress-mcp-server
4
+ **Version:** 0.2.1
5
+ **Framework:** [@cyanheads/mcp-ts-core](https://www.npmjs.com/package/@cyanheads/mcp-ts-core) `^0.9.9`
6
+ **Engines:** Bun ≥1.3.0, Node ≥24.0.0
7
+ **MCP SDK:** `@modelcontextprotocol/sdk` ^1.29.0
8
+ **Zod:** ^4.4.3
9
+
10
+ > **Read the framework docs first:** `node_modules/@cyanheads/mcp-ts-core/CLAUDE.md` contains the full API reference — builders, Context, error codes, exports, patterns. This file covers server-specific conventions only.
11
+
12
+ ---
13
+
14
+ ## What's Next?
15
+
16
+ When the user asks what's next or needs direction, suggest options based on the current project state. Common next steps:
17
+
18
+ 1. **Re-run the `setup` skill** — ensures CLAUDE.md, skills, structure, and metadata are populated and up to date with the current codebase
19
+ 2. **Run the `design-mcp-server` skill** — if the tool/resource surface hasn't been mapped yet, work through domain design
20
+ 3. **Add tools/resources/prompts** — scaffold new definitions using the `add-tool`, `add-app-tool`, `add-resource`, `add-prompt` skills
21
+ 4. **Add services** — scaffold domain service integrations using the `add-service` skill
22
+ 5. **Add tests** — scaffold tests for existing definitions using the `add-test` skill
23
+ 6. **Field-test definitions** — exercise tools/resources/prompts with real inputs using the `field-test` skill, get a report of issues and pain points
24
+ 7. **Run `devcheck`** — lint, format, typecheck, and security audit
25
+ 8. **Run the `security-pass` skill** — audit handlers for MCP-specific security gaps: output injection, scope blast radius, input sinks, tenant isolation
26
+ 9. **Run the `polish-docs-meta` skill** — finalize README, CHANGELOG, metadata, and agent protocol for shipping
27
+ 10. **Run the `maintenance` skill** — investigate changelogs, adopt upstream changes, and sync skills after `bun update --latest`
28
+
29
+ Tailor suggestions to what's actually missing or stale — don't recite the full list every time.
30
+
31
+ ---
32
+
33
+ ## Core Rules
34
+
35
+ - **Logic throws, framework catches.** Tool/resource handlers are pure — throw on failure, no `try/catch`. Plain `Error` is fine; the framework catches, classifies, and formats. Use error factories (`notFound()`, `validationError()`, etc.) when the error code matters.
36
+ - **Use `ctx.log`** for request-scoped logging. No `console` calls.
37
+ - **Use `ctx.state`** for tenant-scoped storage. Never access persistence directly.
38
+ - **Check `ctx.elicit` / `ctx.sample`** for presence before calling.
39
+ - **Secrets in env vars only** — never hardcoded.
40
+ - **Close the loop on issues.** When implementing work tracked by a GitHub issue, comment on the issue with what landed before moving on. The comment is for future readers — state the concrete changes, not the conversation that produced them.
41
+
42
+ ---
43
+
44
+ ## Patterns
45
+
46
+ ### Tool
47
+
48
+ ```ts
49
+ import { tool, z } from '@cyanheads/mcp-ts-core';
50
+ import { JsonRpcErrorCode } from '@cyanheads/mcp-ts-core/errors';
51
+ import { getLocApiService } from '@/services/loc-api/loc-api-service.js';
52
+
53
+ export const locSearch = tool('libofcongress_search', {
54
+ description: 'Search the Library of Congress digital collections by keyword with format, date range, subject heading, and geographic location filters.',
55
+ annotations: { readOnlyHint: true, openWorldHint: true },
56
+ input: z.object({
57
+ query: z.string().min(1).describe('Full-text search across metadata and available descriptive text.'),
58
+ format: z.enum(['photo', 'map', 'newspaper', 'manuscript', 'audio', 'film', 'book', 'notated-music']).optional().describe('Material type filter.'),
59
+ limit: z.number().int().min(1).max(100).default(25).describe('Results per page. Default 25, max 100.'),
60
+ page: z.number().int().min(1).default(1).describe('1-indexed page number.'),
61
+ }),
62
+ output: z.object({
63
+ items: z.array(z.object({
64
+ id: z.string().describe('LOC item ID — pass to libofcongress_get_item for full metadata.'),
65
+ title: z.string().describe('Item title.'),
66
+ url: z.string().describe('LOC item URL.'),
67
+ })).describe('Item summaries matching the search query and filters.'),
68
+ total: z.number().describe('Total number of matching items across all pages.'),
69
+ has_next: z.boolean().describe('True when more pages are available after this one.'),
70
+ }),
71
+ errors: [
72
+ { reason: 'empty_results', code: JsonRpcErrorCode.NotFound,
73
+ when: 'No items matched the query and filters.',
74
+ recovery: 'Broaden the query, widen the date range, or use libofcongress_search_subjects to find the correct subject heading spelling.' },
75
+ ],
76
+ async handler(input, ctx) {
77
+ ctx.log.info('libofcongress_search', { query: input.query, page: input.page });
78
+ const svc = getLocApiService();
79
+ const result = await svc.search({ query: input.query, limit: input.limit, page: input.page }, ctx);
80
+ return { items: result.items, total: result.pagination.total, has_next: result.pagination.hasNext };
81
+ },
82
+ format: (result) => [{
83
+ type: 'text',
84
+ text: result.items.map(i => `**${i.title}** (${i.id})\n${i.url}`).join('\n\n'),
85
+ }],
86
+ });
87
+ ```
88
+
89
+ ### Resource
90
+
91
+ ```ts
92
+ import { resource, z } from '@cyanheads/mcp-ts-core';
93
+ import { getLocApiService } from '@/services/loc-api/loc-api-service.js';
94
+
95
+ export const locItemResource = resource('libofcongress://item/{item_id}', {
96
+ name: 'loc-item',
97
+ description: 'LOC digital item metadata by ID. Stable URI for injecting item context into agent conversations.',
98
+ mimeType: 'application/json',
99
+ params: z.object({ item_id: z.string().describe('LOC item ID (e.g., "loc.pnp.ppmsc.02404").') }),
100
+ handler(params, ctx) {
101
+ ctx.log.debug('libofcongress://item resource', { item_id: params.item_id });
102
+ const svc = getLocApiService();
103
+ return svc.getItem(params.item_id, ctx);
104
+ },
105
+ });
106
+ ```
107
+
108
+ ### Server config
109
+
110
+ ```ts
111
+ // src/config/server-config.ts
112
+ import { z } from '@cyanheads/mcp-ts-core';
113
+ import { parseEnvConfig } from '@cyanheads/mcp-ts-core/config';
114
+
115
+ const ServerConfigSchema = z.object({
116
+ userAgent: z.string().default('libofcongress-mcp-server/0.2.1').describe('User-Agent header for LOC API requests.'),
117
+ requestDelayMs: z.coerce.number().default(3100).describe('Delay in ms between LOC API requests.'),
118
+ });
119
+
120
+ let _config: z.infer<typeof ServerConfigSchema> | undefined;
121
+ export function getServerConfig() {
122
+ _config ??= parseEnvConfig(ServerConfigSchema, {
123
+ userAgent: 'LOC_USER_AGENT',
124
+ requestDelayMs: 'LOC_REQUEST_DELAY_MS',
125
+ });
126
+ return _config;
127
+ }
128
+ ```
129
+
130
+ `parseEnvConfig` maps Zod schema paths → env var names so errors name the variable (`LOC_USER_AGENT`) not the path (`userAgent`). Throws `ConfigurationError`, which the framework prints as a clean startup banner.
131
+
132
+ ---
133
+
134
+ ## Context
135
+
136
+ Handlers receive a unified `ctx` object. Key properties:
137
+
138
+ | Property | Description |
139
+ |:---------|:------------|
140
+ | `ctx.log` | Request-scoped logger — `.debug()`, `.info()`, `.notice()`, `.warning()`, `.error()`. Auto-correlates requestId, traceId, tenantId. |
141
+ | `ctx.state` | Tenant-scoped KV — `.get(key)`, `.set(key, value, { ttl? })`, `.delete(key)`, `.list(prefix, { cursor, limit })`. Accepts any serializable value. |
142
+ | `ctx.elicit` | Ask user for structured input. **Check for presence first:** `if (ctx.elicit) { ... }` |
143
+ | `ctx.sample` | Request LLM completion from the client. **Check for presence first:** `if (ctx.sample) { ... }` |
144
+ | `ctx.signal` | `AbortSignal` for cancellation. |
145
+ | `ctx.progress` | Task progress (present when `task: true`) — `.setTotal(n)`, `.increment()`, `.update(message)`. |
146
+ | `ctx.requestId` | Unique request ID. |
147
+ | `ctx.tenantId` | Tenant ID from JWT or `'default'` for stdio. |
148
+
149
+ ---
150
+
151
+ ## Errors
152
+
153
+ Handlers throw — the framework catches, classifies, and formats.
154
+
155
+ **Recommended: typed error contract.** Declare `errors: [{ reason, code, when, recovery, retryable? }]` on `tool()` / `resource()` to receive `ctx.fail(reason, …)` typed against the reason union. TypeScript catches typos at compile time, `data.reason` is auto-populated for observability, linter enforces conformance against the handler body. `recovery` is required descriptive metadata for the agent's next move (≥ 5 words, lint-validated); for the wire `data.recovery.hint` (mirrored into `content[]` text), pass explicitly at the throw site when dynamic context matters: `ctx.fail('reason', msg, { recovery: { hint: '...' } })`. Baseline codes (`InternalError`, `ServiceUnavailable`, `Timeout`, `ValidationError`, `SerializationError`) bubble freely and don't need declaring.
156
+
157
+ ```ts
158
+ errors: [
159
+ { reason: 'no_match', code: JsonRpcErrorCode.NotFound,
160
+ when: 'No item matched the query',
161
+ recovery: 'Broaden the query or check the spelling and try again.' },
162
+ ],
163
+ async handler(input, ctx) {
164
+ const item = await db.find(input.id);
165
+ if (!item) throw ctx.fail('no_match', `No item ${input.id}`);
166
+ return item;
167
+ }
168
+ ```
169
+
170
+ **Declare contracts inline on each tool.** The contract is part of the tool's public surface — one file should give the full picture. Don't extract a shared `errors[]` constant; per-tool repetition is the intended cost of locality.
171
+
172
+ **Fallback (no contract entry fits):** throw via factories or plain `Error`.
173
+
174
+ ```ts
175
+ // Error factories — explicit code
176
+ import { notFound, serviceUnavailable } from '@cyanheads/mcp-ts-core/errors';
177
+ throw notFound('Item not found', { itemId });
178
+ throw serviceUnavailable('API unavailable', { url }, { cause: err });
179
+
180
+ // Plain Error — framework auto-classifies from message patterns
181
+ throw new Error('Item not found'); // → NotFound
182
+ throw new Error('Invalid query format'); // → ValidationError
183
+
184
+ // McpError — when no factory exists for the code
185
+ import { McpError, JsonRpcErrorCode } from '@cyanheads/mcp-ts-core/errors';
186
+ throw new McpError(JsonRpcErrorCode.DatabaseError, 'Connection failed', { pool: 'primary' });
187
+ ```
188
+
189
+ See framework CLAUDE.md and the `api-errors` skill for the full auto-classification table, all available factories, and the contract reference.
190
+
191
+ ---
192
+
193
+ ## Structure
194
+
195
+ ```text
196
+ src/
197
+ index.ts # createApp() entry point — registers tools, resource, and initializes services
198
+ config/
199
+ server-config.ts # LOC_USER_AGENT and LOC_REQUEST_DELAY_MS (Zod schema)
200
+ services/
201
+ loc-api/
202
+ loc-api-service.ts # LOC JSON API client — rate pacing, search, item fetch, newspaper page
203
+ types.ts # Raw and normalized LOC API types
204
+ lc-linked-data/
205
+ lc-linked-data-service.ts # id.loc.gov LCSH subject suggest client
206
+ types.ts # Subject heading types
207
+ mcp-server/
208
+ tools/definitions/
209
+ libofcongress-search.tool.ts # libofcongress_search — general LOC collection search
210
+ libofcongress-get-item.tool.ts # libofcongress_get_item — full item metadata
211
+ libofcongress-search-newspapers.tool.ts # libofcongress_search_newspapers — Chronicling America search
212
+ libofcongress-get-newspaper-page.tool.ts # libofcongress_get_newspaper_page — full OCR text
213
+ libofcongress-search-subjects.tool.ts # libofcongress_search_subjects — LCSH subject heading lookup
214
+ libofcongress-browse-collections.tool.ts # libofcongress_browse_collections — curated collection browser
215
+ resources/definitions/
216
+ libofcongress-item.resource.ts # libofcongress://item/{item_id} — stable item URI
217
+ ```
218
+
219
+ ---
220
+
221
+ ## Naming
222
+
223
+ | What | Convention | Example |
224
+ |:-----|:-----------|:--------|
225
+ | Files | kebab-case with suffix | `search-docs.tool.ts` |
226
+ | Tool/resource/prompt names | snake_case | `search_docs` |
227
+ | Directories | kebab-case | `src/services/doc-search/` |
228
+ | Descriptions | Single string or template literal, no `+` concatenation | `'Search items by query and filter.'` |
229
+
230
+ ---
231
+
232
+ ## Skills
233
+
234
+ Skills are modular instructions in `skills/` at the project root. Read them directly when a task matches — e.g., `skills/add-tool/SKILL.md` when adding a tool.
235
+
236
+ **Agent skill directory:** Copy skills into the directory your agent discovers (Claude Code: `.claude/skills/`, others: equivalent). Skills then load as context without referencing `skills/` paths. After framework updates, run the `maintenance` skill — Phase B re-syncs the agent directory.
237
+
238
+ Available skills:
239
+
240
+ | Skill | Purpose |
241
+ |:------|:--------|
242
+ | `setup` | Post-init project orientation |
243
+ | `design-mcp-server` | Design tool surface, resources, and services for a new server |
244
+ | `add-tool` | Scaffold a new tool definition |
245
+ | `add-app-tool` | Scaffold an MCP App tool + paired UI resource |
246
+ | `add-resource` | Scaffold a new resource definition |
247
+ | `add-prompt` | Scaffold a new prompt definition |
248
+ | `add-service` | Scaffold a new service integration |
249
+ | `add-test` | Scaffold test file for a tool, resource, or service |
250
+ | `field-test` | Exercise tools/resources/prompts with real inputs, verify behavior, report issues |
251
+ | `security-pass` | Audit server for MCP-flavored security gaps: output injection, scope blast radius, input sinks, tenant isolation |
252
+ | `devcheck` | Lint, format, typecheck, audit |
253
+ | `polish-docs-meta` | Finalize docs, README, metadata, and agent protocol for shipping |
254
+ | `maintenance` | Investigate changelogs, adopt upstream changes, sync skills to agent dirs |
255
+ | `report-issue-framework` | File a bug or feature request against `@cyanheads/mcp-ts-core` via `gh` CLI |
256
+ | `report-issue-local` | File a bug or feature request against this server's own repo via `gh` CLI |
257
+ | `api-auth` | Auth modes, scopes, JWT/OAuth |
258
+ | `api-canvas` | DataCanvas: register tabular data, run SQL, export, plus the `spillover()` helper for big result sets — Tier 3 opt-in |
259
+ | `api-config` | AppConfig, parseConfig, env vars |
260
+ | `api-context` | Context interface, logger, state, progress |
261
+ | `api-errors` | McpError, JsonRpcErrorCode, error patterns |
262
+ | `api-services` | LLM, Speech, Graph services |
263
+ | `api-testing` | createMockContext, test patterns |
264
+ | `api-utils` | Formatting, parsing, security, pagination, scheduling, telemetry helpers |
265
+ | `api-telemetry` | OTel catalog: spans, metrics, completion logs, env config, cardinality rules |
266
+ | `api-workers` | Cloudflare Workers runtime |
267
+
268
+ When you complete a skill's checklist, check the boxes and add a completion timestamp at the end (e.g., `Completed: 2026-03-11`).
269
+
270
+ ---
271
+
272
+ ## Commands
273
+
274
+ **Runtime:** Scripts use `tsx` — both `npm run <cmd>` and `bun run <cmd>` work. `bun` is slightly faster for script invocation but not required.
275
+
276
+ | Command | Purpose |
277
+ |:--------|:--------|
278
+ | `npm run build` | Compile TypeScript |
279
+ | `npm run rebuild` | Clean + build |
280
+ | `npm run clean` | Remove build artifacts |
281
+ | `npm run devcheck` | Lint + format + typecheck + security + changelog sync |
282
+ | `bun run audit:refresh` | Delete `bun.lock`, reinstall, re-audit. Use when `devcheck` flags a transitive advisory — stale lockfile can mask already-patched deps. If advisory survives, it's real. |
283
+ | `npm run tree` | Generate directory structure doc |
284
+ | `npm run format` | Auto-fix formatting |
285
+ | `npm test` | Run tests |
286
+ | `npm run start:stdio` | Production mode (stdio) |
287
+ | `npm run start:http` | Production mode (HTTP) |
288
+ | `npm run changelog:build` | Regenerate `CHANGELOG.md` from `changelog/*.md` |
289
+ | `npm run changelog:check` | Verify `CHANGELOG.md` is in sync (used by devcheck) |
290
+ | `npm run bundle` | Build and pack as `.mcpb` for one-click Claude Desktop install |
291
+
292
+ ---
293
+
294
+ ## Bundling
295
+
296
+ `npm run bundle` produces a `.mcpb` extension bundle for one-click install in Claude Desktop. MCPB is stdio-only — HTTP and Cloudflare Workers deployments are unaffected. Consumers who don't need it can delete `manifest.json` and `.mcpbignore`; `lint:packaging` skips cleanly.
297
+
298
+ **Adding an env var requires both files:** `server.json` (registry discovery, `environmentVariables[]`) and `manifest.json` (bundle install UX, `mcp_config.env` + `user_config`). `lint:packaging` (run by `devcheck`) verifies the env var names match.
299
+
300
+ **README install badges.** Drop these into the project README to give users one-click install paths. Fill in `<OWNER>` / `<REPO>` / `<PACKAGE_NAME>` and encode the per-server config. Cursor + VS Code badges assume the server is published to npm; Claude Desktop downloads the `.mcpb` directly so npm publishing isn't required.
301
+
302
+ | Client | Mechanism |
303
+ |:-------|:----------|
304
+ | Claude Desktop | Browser downloads the `.mcpb` from the latest GitHub Release; OS file handler routes it to Claude Desktop, which opens the install dialog. No deep-link URL scheme yet — this is the canonical path. |
305
+ | Cursor | Official `https://cursor.com/en/install-mcp` endpoint with base64 JSON config. |
306
+ | VS Code / Insiders | Official `vscode:mcp/install?...` deep link, wrapped in `https://vscode.dev/redirect?url=` so GitHub-rendered markdown doesn't strip the non-HTTP scheme. |
307
+ | Claude Code / Codex | CLI only (`claude mcp add` / `codex mcp add`); no URL scheme. |
308
+
309
+ ```markdown
310
+ [![Install in Claude Desktop](https://img.shields.io/badge/Install_in-Claude_Desktop-D97757?style=for-the-badge&logo=anthropic&logoColor=white)](https://github.com/<OWNER>/<REPO>/releases/latest/download/<PACKAGE_NAME>.mcpb)
311
+ [![Install in Cursor](https://cursor.com/deeplink/mcp-install-dark.svg)](https://cursor.com/en/install-mcp?name=<PACKAGE_NAME>&config=<BASE64_CONFIG>)
312
+ [![Install in VS Code](https://img.shields.io/badge/VS_Code-Install_Server-0098FF?style=for-the-badge&logo=visualstudiocode&logoColor=white)](https://vscode.dev/redirect?url=vscode:mcp/install?<URLENCODED_JSON>)
313
+ ```
314
+
315
+ Both install links route through HTTPS endpoints (`cursor.com/en/install-mcp` and `vscode.dev/redirect`) — GitHub-rendered markdown strips non-HTTP URL schemes from anchors, so a raw `cursor://` or `vscode:` link won't click through from github.com.
316
+
317
+ Generate the encoded configs (replace `<PACKAGE_NAME>` and add env vars for any required API keys):
318
+
319
+ ```bash
320
+ # Cursor: base64-encoded JSON. Split command/args, add env when keys are needed.
321
+ echo -n '{"command":"npx","args":["-y","<PACKAGE_NAME>"],"env":{"API_KEY":"your-api-key"}}' | base64
322
+ # Without env (no required keys):
323
+ echo -n '{"command":"npx","args":["-y","<PACKAGE_NAME>"]}' | base64
324
+
325
+ # VS Code: URL-encoded JSON. Same shape plus a `name` field.
326
+ node -p 'encodeURIComponent(JSON.stringify({name:"<SHORT_NAME>",command:"npx",args:["-y","<PACKAGE_NAME>"],env:{API_KEY:"your-api-key"}}))'
327
+ # Without env:
328
+ node -p 'encodeURIComponent(JSON.stringify({name:"<SHORT_NAME>",command:"npx",args:["-y","<PACKAGE_NAME>"]}))'
329
+ ```
330
+
331
+ Both clients use the same `{command, args, env}` shape (matching `mcp.json` schema). VS Code adds a top-level `name` field. Omit `env` entirely when no API keys are needed — don't include empty objects or framework-only vars like `MCP_TRANSPORT_TYPE`.
332
+
333
+ The Claude Desktop badge requires the bundle to ship with a stable filename — `bun run bundle` outputs `dist/<PACKAGE_NAME>.mcpb`, and `release-and-publish` attaches that file to the GitHub Release. `releases/latest/download/<PACKAGE_NAME>.mcpb` then redirects to the most recent release.
334
+
335
+ ---
336
+
337
+ ## Changelog
338
+
339
+ Directory-based, grouped by minor series via the `.x` semver-wildcard convention. Source of truth: `changelog/<major.minor>.x/<version>.md` (e.g. `changelog/0.1.x/0.1.0.md`) — one file per release, shipped in the npm package. At release, author the per-version file with a concrete version and date, then run `npm run changelog:build` to regenerate the rollup. `changelog/template.md` is a **pristine format reference** — never edited or moved; read it for the frontmatter + section layout when scaffolding. `CHANGELOG.md` is a **navigation index** (header + link + summary per version), regenerated by `npm run changelog:build` — devcheck hard-fails on drift; never hand-edit it.
340
+
341
+ Each per-version file opens with YAML frontmatter:
342
+
343
+ ```markdown
344
+ ---
345
+ summary: "One-line headline, ≤350 chars" # required — powers the rollup index
346
+ breaking: false # optional — true flags breaking changes
347
+ security: false # optional — true flags security fixes
348
+ ---
349
+
350
+ # 0.1.0 — YYYY-MM-DD
351
+ ...
352
+ ```
353
+
354
+ `breaking: true` renders a `· ⚠️ Breaking` badge — use it when consumers must update code on upgrade (signature changes, removed APIs, config renames). `security: true` renders a `· 🛡️ Security` badge and pairs with a `## Security` body section. When both are set, badges render `· ⚠️ Breaking · 🛡️ Security`.
355
+
356
+ **Section order** (Keep a Changelog): Added, Changed, Deprecated, Removed, Fixed, Security. Include only sections with entries — don't ship empty headers.
357
+
358
+ **Tag annotations** render as GitHub Release bodies via `--notes-from-tag`. They must be structured markdown — never a flat comma-separated string. Subject omits the version number (GitHub prepends it). See `changelog/template.md` for the full format reference.
359
+
360
+ ---
361
+
362
+ ## Imports
363
+
364
+ ```ts
365
+ // Framework — z is re-exported, no separate zod import needed
366
+ import { tool, z } from '@cyanheads/mcp-ts-core';
367
+ import { McpError, JsonRpcErrorCode } from '@cyanheads/mcp-ts-core/errors';
368
+
369
+ // Server's own code — via path alias
370
+ import { getMyService } from '@/services/my-domain/my-service.js';
371
+ ```
372
+
373
+ ---
374
+
375
+ ## Checklist
376
+
377
+ - [ ] Zod schemas: all fields have `.describe()`, only JSON-Schema-serializable types (no `z.custom()`, `z.date()`, `z.transform()`, `z.bigint()`, `z.symbol()`, `z.void()`, `z.map()`, `z.set()`, `z.function()`, `z.nan()`)
378
+ - [ ] Optional nested objects: handler guards for empty inner values from form-based clients (`if (input.obj?.field && ...)`, not just `if (input.obj)`). When regex/length constraints matter, use `z.union([z.literal(''), z.string().regex(...).describe(...)])` — literal variants are exempt from `describe-on-fields`.
379
+ - [ ] JSDoc `@fileoverview` + `@module` on every file
380
+ - [ ] `ctx.log` for logging, `ctx.state` for storage
381
+ - [ ] Handlers throw on failure — error factories or plain `Error`, no try/catch
382
+ - [ ] `format()` renders all data the LLM needs — different clients forward different surfaces (Claude Code → `structuredContent`, Claude Desktop → `content[]`); both must carry the same data
383
+ - [ ] If wrapping external API: raw/domain/output schemas reviewed against real upstream sparsity/nullability before finalizing required vs optional fields
384
+ - [ ] If wrapping external API: normalization and `format()` preserve uncertainty; do not fabricate facts from missing upstream data
385
+ - [ ] If wrapping external API: tests include at least one sparse payload case with omitted upstream fields
386
+ - [ ] Registered in `createApp()` arrays (directly or via barrel exports)
387
+ - [ ] Tests use `createMockContext()` from `@cyanheads/mcp-ts-core/testing`
388
+ - [ ] `npm run devcheck` passes