@cyanheads/mcp-ts-core 0.7.5 → 0.7.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CLAUDE.md +1 -1
- package/README.md +1 -1
- package/changelog/0.7.x/0.7.5.md +1 -1
- package/changelog/0.7.x/0.7.6.md +23 -0
- package/changelog/template.md +2 -0
- package/dist/logs/combined.log +4 -4
- package/dist/logs/error.log +4 -4
- package/package.json +6 -6
- package/skills/maintenance/SKILL.md +13 -11
- package/skills/release-and-publish/SKILL.md +9 -16
- package/skills/setup/SKILL.md +2 -2
- package/templates/changelog/template.md +2 -0
- package/templates/package.json +2 -0
package/CLAUDE.md
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
# Agent Protocol
|
|
2
2
|
|
|
3
|
-
**Package:** `@cyanheads/mcp-ts-core` · **Version:** 0.7.
|
|
3
|
+
**Package:** `@cyanheads/mcp-ts-core` · **Version:** 0.7.6
|
|
4
4
|
**npm:** [@cyanheads/mcp-ts-core](https://www.npmjs.com/package/@cyanheads/mcp-ts-core) · **Docker:** [ghcr.io/cyanheads/mcp-ts-core](https://ghcr.io/cyanheads/mcp-ts-core)
|
|
5
5
|
|
|
6
6
|
> **Developer note:** Never assume. Read related files and docs before making changes. Read full file content for context. Never edit a file before reading it.
|
package/README.md
CHANGED
|
@@ -5,7 +5,7 @@
|
|
|
5
5
|
|
|
6
6
|
<div align="center">
|
|
7
7
|
|
|
8
|
-
[](./CHANGELOG.md) [](https://github.com/modelcontextprotocol/modelcontextprotocol/blob/main/docs/specification/2025-11-25/changelog.mdx) [](https://modelcontextprotocol.io/) [](./LICENSE)
|
|
9
9
|
|
|
10
10
|
[](https://www.typescriptlang.org/) [](https://bun.sh/)
|
|
11
11
|
|
package/changelog/0.7.x/0.7.5.md
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
---
|
|
2
|
-
summary: init scaffold derives script list from package.json files: (closes #73); field-test and design-mcp-server skills audit descriptions for implementation leaks, meta-coaching, and consumer-aware phrasing (closes #74)
|
|
2
|
+
summary: "init scaffold derives script list from package.json files: (closes #73); field-test and design-mcp-server skills audit descriptions for implementation leaks, meta-coaching, and consumer-aware phrasing (closes #74)"
|
|
3
3
|
breaking: false
|
|
4
4
|
---
|
|
5
5
|
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
---
|
|
2
|
+
summary: "maintenance skill Phase C enumerates package scripts/ instead of a hardcoded list (closes #69); skill git references made tool-agnostic; templates ship runner-friendly start script + bun engine"
|
|
3
|
+
breaking: false
|
|
4
|
+
---
|
|
5
|
+
|
|
6
|
+
# 0.7.6 — 2026-04-27
|
|
7
|
+
|
|
8
|
+
Patch release closing the symmetric drift fix from [#69](https://github.com/cyanheads/mcp-ts-core/issues/69) and tightening agent-facing skill prose. The `maintenance` skill's Phase C now enumerates the package's installed `scripts/` directory directly, mirroring how Phase A handles skills. Skill prose around git operations is reworded so agents pick whichever git tooling they have available rather than being pointed at literal `git <cmd>` invocations. Consumer templates pick up a runner-friendly `start` script and declare `bun` in `engines` alongside `node`.
|
|
9
|
+
|
|
10
|
+
## Fixed
|
|
11
|
+
|
|
12
|
+
- **`skills/maintenance/` Phase C enumerates the installed `scripts/` directory ([#69](https://github.com/cyanheads/mcp-ts-core/issues/69))** — replaced the hardcoded 8-name script list (`build-changelog.ts build.ts check-docs-sync.ts check-skills-sync.ts clean.ts devcheck.ts lint-mcp.ts tree.ts`) with a `for src in node_modules/@cyanheads/mcp-ts-core/scripts/*.ts` loop. The package's `files:` field gates what lands in `node_modules/.../scripts/`, so enumerating that directory IS the canonical "shipped scripts" set — newly-added scripts (like `check-framework-antipatterns.ts`, added in 0.7.2) are now picked up automatically. Loop also reports `added:` vs `updated:` for clearer signal during sync. Same drift class as [#73](https://github.com/cyanheads/mcp-ts-core/issues/73) — paired symmetric fix on the maintenance side. Deletion case (loop is one-way) was assessed and intentionally not pursued: framework script removals are rare, the `Removed` section of `CHANGELOG.md` is the existing human-in-the-loop signal, and the proposed mitigations (manifest file or `@framework-managed` marker) add permanent surface area for a problem that hasn't occurred.
|
|
13
|
+
- **YAML frontmatter quoting in `changelog/0.7.x/0.7.5.md`** — `summary:` value contained an unquoted `:` (colon-space) inside the string, which GitHub's strict YAML parser rejected with `mapping values are not allowed in this context`. Wrapped value in double quotes. Both `changelog/template.md` and `templates/changelog/template.md` gained a comment line warning future authors to keep the quotes.
|
|
14
|
+
|
|
15
|
+
## Changed
|
|
16
|
+
|
|
17
|
+
- **`skills/release-and-publish/`, `skills/setup/`, `skills/maintenance/` reworded git references to be tool-agnostic** — replaced literal `git <cmd>` invocations and `bash` fences with action-verb prose ("Use your git tools to push commits and tags to origin", "diff `bun.lock` to surface version deltas", "revert that file using your git tools"). Lets agents pick whichever git tooling they have — `mcp__git-mcp-server__*`, raw `git` via Bash, or other wrappers — instead of being pointed at a single CLI invocation. `release-and-publish` v2.1 → v2.2; `setup` v1.5 → v1.6; `maintenance` v1.6 → v1.7. Also covers `OWNER/REPO` derivation, working-tree verification, and post-sync diff/restore guidance.
|
|
18
|
+
- **Dependency updates** — patch and minor bumps with no API impact: `jose` 6.2.2 → 6.2.3, `@modelcontextprotocol/ext-apps` 1.7.0 → 1.7.1, `@supabase/supabase-js` 2.104.1 → 2.105.0 (peer + dev), `@cloudflare/workers-types` 4.20260424.1 → 4.20260426.1 (dev), `repomix` 1.13.1 → 1.14.0 (dev). Devcheck and full test suite (2558 passing) clean across all updates.
|
|
19
|
+
|
|
20
|
+
## Added
|
|
21
|
+
|
|
22
|
+
- **`templates/package.json` `start` script** — bare `"start": "node dist/index.js"` alongside the existing explicit `start:stdio` / `start:http` variants. External MCP runners and hosted environments that assume the npm-canonical `start` script now work out of the box. The new script is `.env`-respecting (no inline `MCP_TRANSPORT_TYPE` override) so user-configured transport selection still takes effect.
|
|
23
|
+
- **`templates/package.json` declares `bun` in `engines`** — `bun: >=1.2.0` added alongside the existing `node: >=22.0.0`. Documents that the scaffold works on Bun (it already did — Bun runs the template's `tsx` and `node` invocations transparently). Matches the framework's own `package.json` engines field.
|
package/changelog/template.md
CHANGED
|
@@ -8,6 +8,8 @@
|
|
|
8
8
|
|
|
9
9
|
# Required. One-line headline describing the release. Max 250 chars. No markdown.
|
|
10
10
|
# This line is what the CHANGELOG.md rollup shows — write it like a GitHub Release title.
|
|
11
|
+
# Keep the double quotes around the value — unquoted YAML treats `:` (colon-space)
|
|
12
|
+
# inside the string as a key separator, which fails GitHub's strict YAML parser.
|
|
11
13
|
summary: ""
|
|
12
14
|
|
|
13
15
|
# Set to `true` only if this release has breaking changes (API removals, signature
|
package/dist/logs/combined.log
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
{"level":50,"time":
|
|
2
|
-
{"level":50,"time":
|
|
3
|
-
{"level":50,"time":
|
|
4
|
-
{"level":50,"time":
|
|
1
|
+
{"level":50,"time":1777324706999,"env":"testing","version":"0.0.0-test","pid":89417,"requestId":"AOV5H-H08IQ","timestamp":"2026-04-27T21:18:26.998Z","operation":"HandleToolRequest","critical":false,"errorCode":-32005,"originalErrorType":"McpError","finalErrorType":"McpError","sessionId":"14c2dcafd18a13812e43d4ce0cfc986d843e8c37dc13e1f9caf4fcadd5670b4e","toolName":"scoped_echo","tenantId":"authz-tenant","auth":{"sub":"authz-user","scopes":["tool:other:read"],"clientId":"authz-client","tenantId":"authz-tenant"},"errorData":{"sessionId":"14c2dcafd18a13812e43d4ce0cfc986d843e8c37dc13e1f9caf4fcadd5670b4e","toolName":"scoped_echo","requestId":"AOV5H-H08IQ","timestamp":"2026-04-27T21:18:26.998Z","tenantId":"authz-tenant","operation":"HandleToolRequest","auth":{"sub":"authz-user","scopes":["tool:other:read"],"clientId":"authz-client","tenantId":"authz-tenant"},"originalErrorName":"McpError","originalMessage":"Insufficient permissions.","originalStack":"McpError: Insufficient permissions.\n at forbidden (/Users/casey/Developer/github/mcp-ts-core/dist/types-global/errors.js:84:58)\n at withRequiredScopes (/Users/casey/Developer/github/mcp-ts-core/dist/mcp-server/transports/auth/lib/authUtils.js:61:15)\n at <anonymous> (/Users/casey/Developer/github/mcp-ts-core/dist/mcp-server/tools/utils/toolHandlerFactory.js:72:17)\n at executeToolHandler (/Users/casey/Developer/github/mcp-ts-core/node_modules/@modelcontextprotocol/sdk/dist/esm/server/mcp.js:231:34)\n at <anonymous> (/Users/casey/Developer/github/mcp-ts-core/node_modules/@modelcontextprotocol/sdk/dist/esm/server/mcp.js:126:43)\n at processTicksAndRejections (native:7:39)"},"stack":"McpError: Insufficient permissions.\n at handleError (/Users/casey/Developer/github/mcp-ts-core/dist/utils/internal/error-handler/errorHandler.js:169:23)\n at <anonymous> (/Users/casey/Developer/github/mcp-ts-core/dist/mcp-server/tools/utils/toolHandlerFactory.js:105:42)\n at executeToolHandler (/Users/casey/Developer/github/mcp-ts-core/node_modules/@modelcontextprotocol/sdk/dist/esm/server/mcp.js:231:34)\n at <anonymous> (/Users/casey/Developer/github/mcp-ts-core/node_modules/@modelcontextprotocol/sdk/dist/esm/server/mcp.js:126:43)\n at processTicksAndRejections (native:7:39)","msg":"Error in tool:scoped_echo: Insufficient permissions."}
|
|
2
|
+
{"level":50,"time":1777324707659,"env":"testing","version":"0.7.6","pid":89421,"requestId":"RVDNZ-FA1DS","timestamp":"2026-04-27T21:18:27.658Z","operation":"httpErrorHandler","critical":false,"errorCode":-32006,"originalErrorType":"McpError","finalErrorType":"McpError","path":"/mcp","method":"POST","errorData":{"path":"/mcp","method":"POST","requestId":"RVDNZ-FA1DS","timestamp":"2026-04-27T21:18:27.658Z","operation":"httpErrorHandler","originalErrorName":"McpError","originalMessage":"Missing or invalid Authorization header. Bearer scheme required.","originalStack":"McpError: Missing or invalid Authorization header. Bearer scheme required.\n at unauthorized (/Users/casey/Developer/github/mcp-ts-core/dist/types-global/errors.js:86:61)\n at authMiddleware (/Users/casey/Developer/github/mcp-ts-core/dist/mcp-server/transports/auth/authMiddleware.js:64:19)\n at dispatch (/Users/casey/Developer/github/mcp-ts-core/node_modules/hono/dist/compose.js:22:23)\n at <anonymous> (/Users/casey/Developer/github/mcp-ts-core/dist/mcp-server/transports/http/httpTransport.js:232:22)\n at dispatch (/Users/casey/Developer/github/mcp-ts-core/node_modules/hono/dist/compose.js:22:23)\n at cors2 (/Users/casey/Developer/github/mcp-ts-core/node_modules/hono/dist/middleware/cors/index.js:82:11)\n at processTicksAndRejections (native:7:39)"},"stack":"McpError: Missing or invalid Authorization header. Bearer scheme required.\n at handleError (/Users/casey/Developer/github/mcp-ts-core/dist/utils/internal/error-handler/errorHandler.js:169:23)\n at <anonymous> (/Users/casey/Developer/github/mcp-ts-core/dist/mcp-server/transports/http/httpErrorHandler.js:59:39)\n at dispatch (/Users/casey/Developer/github/mcp-ts-core/node_modules/hono/dist/compose.js:26:25)\n at processTicksAndRejections (native:7:39)","msg":"Error in httpTransport: Missing or invalid Authorization header. Bearer scheme required."}
|
|
3
|
+
{"level":50,"time":1777324707674,"env":"testing","version":"0.7.6","pid":89421,"requestId":"I3QVO-34K3C","timestamp":"2026-04-27T21:18:27.674Z","operation":"httpErrorHandler","critical":false,"errorCode":-32006,"originalErrorType":"McpError","finalErrorType":"McpError","path":"/mcp","method":"POST","errorData":{"path":"/mcp","method":"POST","requestId":"I3QVO-34K3C","timestamp":"2026-04-27T21:18:27.674Z","operation":"httpErrorHandler","originalErrorName":"McpError","originalMessage":"Token has expired.","originalStack":"McpError: Token has expired.\n at unauthorized (/Users/casey/Developer/github/mcp-ts-core/dist/types-global/errors.js:86:61)\n at handleJoseVerifyError (/Users/casey/Developer/github/mcp-ts-core/dist/mcp-server/transports/auth/lib/claimParser.js:56:11)\n at verify (/Users/casey/Developer/github/mcp-ts-core/dist/mcp-server/transports/auth/strategies/jwtStrategy.js:91:13)\n at processTicksAndRejections (native:7:39)"},"stack":"McpError: Token has expired.\n at handleError (/Users/casey/Developer/github/mcp-ts-core/dist/utils/internal/error-handler/errorHandler.js:169:23)\n at <anonymous> (/Users/casey/Developer/github/mcp-ts-core/dist/mcp-server/transports/http/httpErrorHandler.js:59:39)\n at dispatch (/Users/casey/Developer/github/mcp-ts-core/node_modules/hono/dist/compose.js:26:25)\n at processTicksAndRejections (native:7:39)","msg":"Error in httpTransport: Token has expired."}
|
|
4
|
+
{"level":50,"time":1777324707677,"env":"testing","version":"0.7.6","pid":89421,"requestId":"2D53Y-ZJKO6","timestamp":"2026-04-27T21:18:27.677Z","operation":"httpErrorHandler","critical":false,"errorCode":-32006,"originalErrorType":"McpError","finalErrorType":"McpError","path":"/mcp","method":"GET","errorData":{"path":"/mcp","method":"GET","requestId":"2D53Y-ZJKO6","timestamp":"2026-04-27T21:18:27.677Z","operation":"httpErrorHandler","originalErrorName":"McpError","originalMessage":"Missing or invalid Authorization header. Bearer scheme required.","originalStack":"McpError: Missing or invalid Authorization header. Bearer scheme required.\n at unauthorized (/Users/casey/Developer/github/mcp-ts-core/dist/types-global/errors.js:86:61)\n at authMiddleware (/Users/casey/Developer/github/mcp-ts-core/dist/mcp-server/transports/auth/authMiddleware.js:64:19)\n at dispatch (/Users/casey/Developer/github/mcp-ts-core/node_modules/hono/dist/compose.js:22:23)\n at dispatch (/Users/casey/Developer/github/mcp-ts-core/node_modules/hono/dist/compose.js:22:23)\n at <anonymous> (/Users/casey/Developer/github/mcp-ts-core/dist/mcp-server/transports/http/httpTransport.js:232:22)\n at dispatch (/Users/casey/Developer/github/mcp-ts-core/node_modules/hono/dist/compose.js:22:23)\n at cors2 (/Users/casey/Developer/github/mcp-ts-core/node_modules/hono/dist/middleware/cors/index.js:82:11)\n at processTicksAndRejections (native:7:39)"},"stack":"McpError: Missing or invalid Authorization header. Bearer scheme required.\n at handleError (/Users/casey/Developer/github/mcp-ts-core/dist/utils/internal/error-handler/errorHandler.js:169:23)\n at <anonymous> (/Users/casey/Developer/github/mcp-ts-core/dist/mcp-server/transports/http/httpErrorHandler.js:59:39)\n at dispatch (/Users/casey/Developer/github/mcp-ts-core/node_modules/hono/dist/compose.js:26:25)\n at processTicksAndRejections (native:7:39)","msg":"Error in httpTransport: Missing or invalid Authorization header. Bearer scheme required."}
|
package/dist/logs/error.log
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
{"level":50,"time":
|
|
2
|
-
{"level":50,"time":
|
|
3
|
-
{"level":50,"time":
|
|
4
|
-
{"level":50,"time":
|
|
1
|
+
{"level":50,"time":1777324706999,"env":"testing","version":"0.0.0-test","pid":89417,"requestId":"AOV5H-H08IQ","timestamp":"2026-04-27T21:18:26.998Z","operation":"HandleToolRequest","critical":false,"errorCode":-32005,"originalErrorType":"McpError","finalErrorType":"McpError","sessionId":"14c2dcafd18a13812e43d4ce0cfc986d843e8c37dc13e1f9caf4fcadd5670b4e","toolName":"scoped_echo","tenantId":"authz-tenant","auth":{"sub":"authz-user","scopes":["tool:other:read"],"clientId":"authz-client","tenantId":"authz-tenant"},"errorData":{"sessionId":"14c2dcafd18a13812e43d4ce0cfc986d843e8c37dc13e1f9caf4fcadd5670b4e","toolName":"scoped_echo","requestId":"AOV5H-H08IQ","timestamp":"2026-04-27T21:18:26.998Z","tenantId":"authz-tenant","operation":"HandleToolRequest","auth":{"sub":"authz-user","scopes":["tool:other:read"],"clientId":"authz-client","tenantId":"authz-tenant"},"originalErrorName":"McpError","originalMessage":"Insufficient permissions.","originalStack":"McpError: Insufficient permissions.\n at forbidden (/Users/casey/Developer/github/mcp-ts-core/dist/types-global/errors.js:84:58)\n at withRequiredScopes (/Users/casey/Developer/github/mcp-ts-core/dist/mcp-server/transports/auth/lib/authUtils.js:61:15)\n at <anonymous> (/Users/casey/Developer/github/mcp-ts-core/dist/mcp-server/tools/utils/toolHandlerFactory.js:72:17)\n at executeToolHandler (/Users/casey/Developer/github/mcp-ts-core/node_modules/@modelcontextprotocol/sdk/dist/esm/server/mcp.js:231:34)\n at <anonymous> (/Users/casey/Developer/github/mcp-ts-core/node_modules/@modelcontextprotocol/sdk/dist/esm/server/mcp.js:126:43)\n at processTicksAndRejections (native:7:39)"},"stack":"McpError: Insufficient permissions.\n at handleError (/Users/casey/Developer/github/mcp-ts-core/dist/utils/internal/error-handler/errorHandler.js:169:23)\n at <anonymous> (/Users/casey/Developer/github/mcp-ts-core/dist/mcp-server/tools/utils/toolHandlerFactory.js:105:42)\n at executeToolHandler (/Users/casey/Developer/github/mcp-ts-core/node_modules/@modelcontextprotocol/sdk/dist/esm/server/mcp.js:231:34)\n at <anonymous> (/Users/casey/Developer/github/mcp-ts-core/node_modules/@modelcontextprotocol/sdk/dist/esm/server/mcp.js:126:43)\n at processTicksAndRejections (native:7:39)","msg":"Error in tool:scoped_echo: Insufficient permissions."}
|
|
2
|
+
{"level":50,"time":1777324707659,"env":"testing","version":"0.7.6","pid":89421,"requestId":"RVDNZ-FA1DS","timestamp":"2026-04-27T21:18:27.658Z","operation":"httpErrorHandler","critical":false,"errorCode":-32006,"originalErrorType":"McpError","finalErrorType":"McpError","path":"/mcp","method":"POST","errorData":{"path":"/mcp","method":"POST","requestId":"RVDNZ-FA1DS","timestamp":"2026-04-27T21:18:27.658Z","operation":"httpErrorHandler","originalErrorName":"McpError","originalMessage":"Missing or invalid Authorization header. Bearer scheme required.","originalStack":"McpError: Missing or invalid Authorization header. Bearer scheme required.\n at unauthorized (/Users/casey/Developer/github/mcp-ts-core/dist/types-global/errors.js:86:61)\n at authMiddleware (/Users/casey/Developer/github/mcp-ts-core/dist/mcp-server/transports/auth/authMiddleware.js:64:19)\n at dispatch (/Users/casey/Developer/github/mcp-ts-core/node_modules/hono/dist/compose.js:22:23)\n at <anonymous> (/Users/casey/Developer/github/mcp-ts-core/dist/mcp-server/transports/http/httpTransport.js:232:22)\n at dispatch (/Users/casey/Developer/github/mcp-ts-core/node_modules/hono/dist/compose.js:22:23)\n at cors2 (/Users/casey/Developer/github/mcp-ts-core/node_modules/hono/dist/middleware/cors/index.js:82:11)\n at processTicksAndRejections (native:7:39)"},"stack":"McpError: Missing or invalid Authorization header. Bearer scheme required.\n at handleError (/Users/casey/Developer/github/mcp-ts-core/dist/utils/internal/error-handler/errorHandler.js:169:23)\n at <anonymous> (/Users/casey/Developer/github/mcp-ts-core/dist/mcp-server/transports/http/httpErrorHandler.js:59:39)\n at dispatch (/Users/casey/Developer/github/mcp-ts-core/node_modules/hono/dist/compose.js:26:25)\n at processTicksAndRejections (native:7:39)","msg":"Error in httpTransport: Missing or invalid Authorization header. Bearer scheme required."}
|
|
3
|
+
{"level":50,"time":1777324707674,"env":"testing","version":"0.7.6","pid":89421,"requestId":"I3QVO-34K3C","timestamp":"2026-04-27T21:18:27.674Z","operation":"httpErrorHandler","critical":false,"errorCode":-32006,"originalErrorType":"McpError","finalErrorType":"McpError","path":"/mcp","method":"POST","errorData":{"path":"/mcp","method":"POST","requestId":"I3QVO-34K3C","timestamp":"2026-04-27T21:18:27.674Z","operation":"httpErrorHandler","originalErrorName":"McpError","originalMessage":"Token has expired.","originalStack":"McpError: Token has expired.\n at unauthorized (/Users/casey/Developer/github/mcp-ts-core/dist/types-global/errors.js:86:61)\n at handleJoseVerifyError (/Users/casey/Developer/github/mcp-ts-core/dist/mcp-server/transports/auth/lib/claimParser.js:56:11)\n at verify (/Users/casey/Developer/github/mcp-ts-core/dist/mcp-server/transports/auth/strategies/jwtStrategy.js:91:13)\n at processTicksAndRejections (native:7:39)"},"stack":"McpError: Token has expired.\n at handleError (/Users/casey/Developer/github/mcp-ts-core/dist/utils/internal/error-handler/errorHandler.js:169:23)\n at <anonymous> (/Users/casey/Developer/github/mcp-ts-core/dist/mcp-server/transports/http/httpErrorHandler.js:59:39)\n at dispatch (/Users/casey/Developer/github/mcp-ts-core/node_modules/hono/dist/compose.js:26:25)\n at processTicksAndRejections (native:7:39)","msg":"Error in httpTransport: Token has expired."}
|
|
4
|
+
{"level":50,"time":1777324707677,"env":"testing","version":"0.7.6","pid":89421,"requestId":"2D53Y-ZJKO6","timestamp":"2026-04-27T21:18:27.677Z","operation":"httpErrorHandler","critical":false,"errorCode":-32006,"originalErrorType":"McpError","finalErrorType":"McpError","path":"/mcp","method":"GET","errorData":{"path":"/mcp","method":"GET","requestId":"2D53Y-ZJKO6","timestamp":"2026-04-27T21:18:27.677Z","operation":"httpErrorHandler","originalErrorName":"McpError","originalMessage":"Missing or invalid Authorization header. Bearer scheme required.","originalStack":"McpError: Missing or invalid Authorization header. Bearer scheme required.\n at unauthorized (/Users/casey/Developer/github/mcp-ts-core/dist/types-global/errors.js:86:61)\n at authMiddleware (/Users/casey/Developer/github/mcp-ts-core/dist/mcp-server/transports/auth/authMiddleware.js:64:19)\n at dispatch (/Users/casey/Developer/github/mcp-ts-core/node_modules/hono/dist/compose.js:22:23)\n at dispatch (/Users/casey/Developer/github/mcp-ts-core/node_modules/hono/dist/compose.js:22:23)\n at <anonymous> (/Users/casey/Developer/github/mcp-ts-core/dist/mcp-server/transports/http/httpTransport.js:232:22)\n at dispatch (/Users/casey/Developer/github/mcp-ts-core/node_modules/hono/dist/compose.js:22:23)\n at cors2 (/Users/casey/Developer/github/mcp-ts-core/node_modules/hono/dist/middleware/cors/index.js:82:11)\n at processTicksAndRejections (native:7:39)"},"stack":"McpError: Missing or invalid Authorization header. Bearer scheme required.\n at handleError (/Users/casey/Developer/github/mcp-ts-core/dist/utils/internal/error-handler/errorHandler.js:169:23)\n at <anonymous> (/Users/casey/Developer/github/mcp-ts-core/dist/mcp-server/transports/http/httpErrorHandler.js:59:39)\n at dispatch (/Users/casey/Developer/github/mcp-ts-core/node_modules/hono/dist/compose.js:26:25)\n at processTicksAndRejections (native:7:39)","msg":"Error in httpTransport: Missing or invalid Authorization header. Bearer scheme required."}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@cyanheads/mcp-ts-core",
|
|
3
|
-
"version": "0.7.
|
|
3
|
+
"version": "0.7.6",
|
|
4
4
|
"mcpName": "io.github.cyanheads/mcp-ts-core",
|
|
5
5
|
"description": "Agent-native TypeScript framework for building MCP servers. Declarative definitions with auth, multi-backend storage, OpenTelemetry, and first-class support for Bun/Node/Cloudflare Workers.",
|
|
6
6
|
"main": "dist/core/index.js",
|
|
@@ -162,7 +162,7 @@
|
|
|
162
162
|
},
|
|
163
163
|
"devDependencies": {
|
|
164
164
|
"@biomejs/biome": "2.4.13",
|
|
165
|
-
"@cloudflare/workers-types": "^4.
|
|
165
|
+
"@cloudflare/workers-types": "^4.20260426.1",
|
|
166
166
|
"@hono/otel": "^1.1.1",
|
|
167
167
|
"@opentelemetry/exporter-metrics-otlp-http": "^0.215.0",
|
|
168
168
|
"@opentelemetry/exporter-trace-otlp-http": "^0.215.0",
|
|
@@ -173,7 +173,7 @@
|
|
|
173
173
|
"@opentelemetry/sdk-node": "^0.215.0",
|
|
174
174
|
"@opentelemetry/sdk-trace-node": "^2.7.0",
|
|
175
175
|
"@opentelemetry/semantic-conventions": "^1.40.0",
|
|
176
|
-
"@supabase/supabase-js": "^2.
|
|
176
|
+
"@supabase/supabase-js": "^2.105.0",
|
|
177
177
|
"@types/bun": "^1.3.13",
|
|
178
178
|
"@types/js-yaml": "^4.0.9",
|
|
179
179
|
"@types/node": "^25.6.0",
|
|
@@ -199,7 +199,7 @@
|
|
|
199
199
|
"partial-json": "^0.1.7",
|
|
200
200
|
"pdf-lib": "^1.17.1",
|
|
201
201
|
"pino-pretty": "^13.1.3",
|
|
202
|
-
"repomix": "^1.
|
|
202
|
+
"repomix": "^1.14.0",
|
|
203
203
|
"sanitize-html": "^2.17.3",
|
|
204
204
|
"tsc-alias": "^1.8.16",
|
|
205
205
|
"typedoc": "^0.28.19",
|
|
@@ -260,12 +260,12 @@
|
|
|
260
260
|
"dependencies": {
|
|
261
261
|
"@hono/mcp": "^0.2.5",
|
|
262
262
|
"@hono/node-server": "^2.0.0",
|
|
263
|
-
"@modelcontextprotocol/ext-apps": "^1.7.
|
|
263
|
+
"@modelcontextprotocol/ext-apps": "^1.7.1",
|
|
264
264
|
"@modelcontextprotocol/sdk": "^1.29.0",
|
|
265
265
|
"@opentelemetry/api": "^1.9.1",
|
|
266
266
|
"dotenv": "^17.4.2",
|
|
267
267
|
"hono": "^4.12.15",
|
|
268
|
-
"jose": "^6.2.
|
|
268
|
+
"jose": "^6.2.3",
|
|
269
269
|
"pino": "^10.3.1",
|
|
270
270
|
"zod": "^4.3.6"
|
|
271
271
|
},
|
|
@@ -4,7 +4,7 @@ description: >
|
|
|
4
4
|
Investigate, adopt, and verify dependency updates — with special handling for `@cyanheads/mcp-ts-core`. Captures what changed, understands why, cross-references against the codebase, adopts framework improvements, syncs project skills, and runs final checks. Supports two entry modes: run the full flow end-to-end, or review updates you already applied.
|
|
5
5
|
metadata:
|
|
6
6
|
author: cyanheads
|
|
7
|
-
version: "1.
|
|
7
|
+
version: "1.7"
|
|
8
8
|
audience: external
|
|
9
9
|
type: workflow
|
|
10
10
|
---
|
|
@@ -20,7 +20,7 @@ metadata:
|
|
|
20
20
|
| Mode | Starting Point | First Step |
|
|
21
21
|
|:-----|:---------------|:-----------|
|
|
22
22
|
| **A — Full flow** | Lockfile is current; want to update | Step 1 |
|
|
23
|
-
| **B — Post-update review** | User already ran `bun update --latest` + `bun run rebuild` + `bun run test` | Skip to Step 3 with the update output or `
|
|
23
|
+
| **B — Post-update review** | User already ran `bun update --latest` + `bun run rebuild` + `bun run test` | Skip to Step 3 with the update output or a `bun.lock` diff |
|
|
24
24
|
|
|
25
25
|
Both modes converge at Step 3 and end at Step 8.
|
|
26
26
|
|
|
@@ -40,7 +40,7 @@ Note: `bun update --latest` crosses semver majors; `bun update` alone respects r
|
|
|
40
40
|
bun update --latest
|
|
41
41
|
```
|
|
42
42
|
|
|
43
|
-
Capture the `↑ package old → new` lines from stdout — these feed Step 3. Alternatively,
|
|
43
|
+
Capture the `↑ package old → new` lines from stdout — these feed Step 3. Alternatively, diff `bun.lock` to surface version deltas after the fact.
|
|
44
44
|
|
|
45
45
|
### 3. Investigate changelogs
|
|
46
46
|
|
|
@@ -122,20 +122,22 @@ If no agent directory exists, skip Phase B — the project hasn't opted in to pe
|
|
|
122
122
|
The `init` CLI scaffolds a fixed set of framework scripts into consumer projects — these underpin `bun run build`, `bun run devcheck`, `bun run lint:mcp`, `bun run tree`, and the changelog build. They drift silently when the framework updates them. Compare by content hash and overwrite on mismatch:
|
|
123
123
|
|
|
124
124
|
```bash
|
|
125
|
-
for
|
|
126
|
-
src
|
|
125
|
+
for src in node_modules/@cyanheads/mcp-ts-core/scripts/*.ts; do
|
|
126
|
+
s=$(basename "$src")
|
|
127
127
|
dst="scripts/$s"
|
|
128
|
-
[ -f "$
|
|
129
|
-
if [ ! -f "$dst" ] || ! cmp -s "$src" "$dst"; then
|
|
128
|
+
if [ ! -f "$dst" ]; then
|
|
130
129
|
cp "$src" "$dst"
|
|
131
|
-
echo "
|
|
130
|
+
echo "added: $s"
|
|
131
|
+
elif ! cmp -s "$src" "$dst"; then
|
|
132
|
+
cp "$src" "$dst"
|
|
133
|
+
echo "updated: $s"
|
|
132
134
|
fi
|
|
133
135
|
done
|
|
134
136
|
```
|
|
135
137
|
|
|
136
|
-
|
|
138
|
+
Scripts in `scripts/` that aren't present in the package directory are project-specific (custom deploy, codegen, etc.) — leave them alone. The package's `files:` field gates what ships into `node_modules/.../scripts/`, so enumerating that directory is the canonical "shipped scripts" set.
|
|
137
139
|
|
|
138
|
-
If the consumer customized a framework script, the overwrite discards those changes.
|
|
140
|
+
If the consumer customized a framework script, the overwrite discards those changes. After the sync runs, diff `scripts/` to surface replacements — review before committing. If a specific local customization needs to be preserved, revert that file using your git tools.
|
|
139
141
|
|
|
140
142
|
**Report** which skills were added/updated in Phase A (with version deltas), which agent directories were refreshed in Phase B, and which scripts were resynced in Phase C. The user needs to know what new guidance and tooling is now in play.
|
|
141
143
|
|
|
@@ -195,7 +197,7 @@ Present a concise numbered summary to the user:
|
|
|
195
197
|
- [ ] Adoption opportunities identified and applied
|
|
196
198
|
- [ ] Project `skills/` synced from package (Phase A), with a change report
|
|
197
199
|
- [ ] Agent skill directories (`.claude/skills/`, `.agents/skills/`, etc.) refreshed from project `skills/` (Phase B)
|
|
198
|
-
- [ ] Framework `scripts/` resynced from package via content-hash compare (Phase C), with a change report; `
|
|
200
|
+
- [ ] Framework `scripts/` resynced from package via content-hash compare (Phase C), with a change report; `scripts/` diff reviewed before committing
|
|
199
201
|
- [ ] `bun run rebuild` succeeds
|
|
200
202
|
- [ ] `bun run devcheck` passes (includes audit + outdated)
|
|
201
203
|
- [ ] `bun run test` passes
|
|
@@ -4,7 +4,7 @@ description: >
|
|
|
4
4
|
Ship a release end-to-end across every registry the project targets (npm, MCP Registry, GHCR). Runs the final verification gate, pushes commits and tags, then publishes to each applicable destination. Assumes git wrapup (version bumps, changelog, commit, annotated tag) is already complete — this skill is the post-wrapup publish workflow. Retries transient network failures on publish steps; halts with a partial-state report when retries are exhausted or the failure is terminal.
|
|
5
5
|
metadata:
|
|
6
6
|
author: cyanheads
|
|
7
|
-
version: "2.
|
|
7
|
+
version: "2.2"
|
|
8
8
|
audience: external
|
|
9
9
|
type: workflow
|
|
10
10
|
---
|
|
@@ -62,13 +62,11 @@ The user fixes locally and re-invokes. On re-invocation, already-published desti
|
|
|
62
62
|
|
|
63
63
|
### 1. Sanity-check wrapup outputs
|
|
64
64
|
|
|
65
|
-
Read `package.json` → capture `version`. Then verify:
|
|
65
|
+
Read `package.json` → capture `version`. Then use your git tools to verify:
|
|
66
66
|
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
git rev-parse --abbrev-ref HEAD # note the branch name for step 3
|
|
71
|
-
```
|
|
67
|
+
- **Working tree is clean** — no uncommitted changes
|
|
68
|
+
- **HEAD is tagged `v<version>`** — matches the `package.json` version
|
|
69
|
+
- **Current branch name** — note it for step 3
|
|
72
70
|
|
|
73
71
|
If working tree is dirty or HEAD isn't on `v<version>`, halt.
|
|
74
72
|
|
|
@@ -86,12 +84,7 @@ Any non-zero exit → halt with the failing command's output.
|
|
|
86
84
|
|
|
87
85
|
### 3. Push to origin
|
|
88
86
|
|
|
89
|
-
|
|
90
|
-
git push
|
|
91
|
-
git push --tags
|
|
92
|
-
```
|
|
93
|
-
|
|
94
|
-
If the remote rejects either push, halt.
|
|
87
|
+
Use your git tools to push commits and tags to origin. If the remote rejects either push, halt.
|
|
95
88
|
|
|
96
89
|
### 4. Publish to npm
|
|
97
90
|
|
|
@@ -139,7 +132,7 @@ Only if `Dockerfile` exists at the repo root (otherwise skip).
|
|
|
139
132
|
|
|
140
133
|
Derive:
|
|
141
134
|
|
|
142
|
-
- `OWNER/REPO` from
|
|
135
|
+
- `OWNER/REPO` from the origin remote URL — use your git tools to read it; strip `.git`, handle both `https://github.com/<owner>/<repo>` and `git@github.com:<owner>/<repo>` forms
|
|
143
136
|
- `VERSION` from `package.json` (step 1)
|
|
144
137
|
|
|
145
138
|
```bash
|
|
@@ -167,8 +160,8 @@ Skip any destination that was skipped in its step.
|
|
|
167
160
|
- [ ] `bun run devcheck` passes
|
|
168
161
|
- [ ] `bun run rebuild` succeeds
|
|
169
162
|
- [ ] `bun run test:all` (or `test`) passes
|
|
170
|
-
- [ ]
|
|
171
|
-
- [ ]
|
|
163
|
+
- [ ] Commits pushed to origin
|
|
164
|
+
- [ ] Tags pushed to origin
|
|
172
165
|
- [ ] `bun publish --access public` succeeds
|
|
173
166
|
- [ ] `bun run publish-mcp` succeeds (if `server.json` present)
|
|
174
167
|
- [ ] Docker buildx multi-arch push succeeds (if `Dockerfile` present)
|
package/skills/setup/SKILL.md
CHANGED
|
@@ -4,7 +4,7 @@ description: >
|
|
|
4
4
|
Post-init orientation for an MCP server built on @cyanheads/mcp-ts-core. Use after running `@cyanheads/mcp-ts-core init` to understand the project structure, conventions, and skill sync model. Also use when onboarding to an existing project for the first time.
|
|
5
5
|
metadata:
|
|
6
6
|
author: cyanheads
|
|
7
|
-
version: "1.
|
|
7
|
+
version: "1.6"
|
|
8
8
|
audience: external
|
|
9
9
|
type: workflow
|
|
10
10
|
---
|
|
@@ -129,7 +129,7 @@ This step is the **bootstrap** — it creates the agent directory. From then on,
|
|
|
129
129
|
After `bun install`, complete these one-time setup tasks:
|
|
130
130
|
|
|
131
131
|
1. **Update dependencies to latest** — `bun update --latest`. The scaffolded `package.json` pins minimum versions from when the framework was published; updating ensures you start with the latest compatible releases.
|
|
132
|
-
2. **Initialize git** —
|
|
132
|
+
2. **Initialize git** — use your git tools: init the repo, stage all files, and commit with message `chore: scaffold from @cyanheads/mcp-ts-core`
|
|
133
133
|
3. **Verify agent protocol placeholders** — if the `init` CLI was run without a `[name]` argument, `{{PACKAGE_NAME}}` may remain as a literal in `CLAUDE.md`/`AGENTS.md` and `package.json`. Replace it with the actual server name.
|
|
134
134
|
|
|
135
135
|
## Changelog Convention
|
|
@@ -8,6 +8,8 @@
|
|
|
8
8
|
|
|
9
9
|
# Required. One-line headline describing the release. Max 250 chars. No markdown.
|
|
10
10
|
# This line is what the CHANGELOG.md rollup shows — write it like a GitHub Release title.
|
|
11
|
+
# Keep the double quotes around the value — unquoted YAML treats `:` (colon-space)
|
|
12
|
+
# inside the string as a key separator, which fails GitHub's strict YAML parser.
|
|
11
13
|
summary: ""
|
|
12
14
|
|
|
13
15
|
# Set to `true` only if this release has breaking changes (API removals, signature
|
package/templates/package.json
CHANGED
|
@@ -31,6 +31,7 @@
|
|
|
31
31
|
"test": "vitest run",
|
|
32
32
|
"dev:stdio": "MCP_TRANSPORT_TYPE=stdio tsx --watch src/index.ts",
|
|
33
33
|
"dev:http": "MCP_TRANSPORT_TYPE=http tsx --watch src/index.ts",
|
|
34
|
+
"start": "node dist/index.js",
|
|
34
35
|
"start:stdio": "MCP_TRANSPORT_TYPE=stdio node dist/index.js",
|
|
35
36
|
"start:http": "MCP_TRANSPORT_TYPE=http node dist/index.js"
|
|
36
37
|
},
|
|
@@ -45,6 +46,7 @@
|
|
|
45
46
|
},
|
|
46
47
|
"license": "Apache-2.0",
|
|
47
48
|
"engines": {
|
|
49
|
+
"bun": ">=1.2.0",
|
|
48
50
|
"node": ">=22.0.0"
|
|
49
51
|
},
|
|
50
52
|
"publishConfig": {
|