@cyanheads/workflows-mcp-server 0.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CLAUDE.md +376 -0
- package/Dockerfile +99 -0
- package/LICENSE +201 -0
- package/README.md +306 -0
- package/changelog/0.1.x/0.1.0.md +19 -0
- package/changelog/0.1.x/0.1.1.md +25 -0
- package/changelog/template.md +127 -0
- package/dist/config/server-config.d.ts +13 -0
- package/dist/config/server-config.d.ts.map +1 -0
- package/dist/config/server-config.js +30 -0
- package/dist/config/server-config.js.map +1 -0
- package/dist/index.d.ts +7 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +30 -0
- package/dist/index.js.map +1 -0
- package/dist/mcp-server/tools/definitions/index.d.ts +132 -0
- package/dist/mcp-server/tools/definitions/index.d.ts.map +1 -0
- package/dist/mcp-server/tools/definitions/index.js +14 -0
- package/dist/mcp-server/tools/definitions/index.js.map +1 -0
- package/dist/mcp-server/tools/definitions/workflow-create-temp.tool.d.ts +34 -0
- package/dist/mcp-server/tools/definitions/workflow-create-temp.tool.d.ts.map +1 -0
- package/dist/mcp-server/tools/definitions/workflow-create-temp.tool.js +132 -0
- package/dist/mcp-server/tools/definitions/workflow-create-temp.tool.js.map +1 -0
- package/dist/mcp-server/tools/definitions/workflow-create.tool.d.ts +40 -0
- package/dist/mcp-server/tools/definitions/workflow-create.tool.d.ts.map +1 -0
- package/dist/mcp-server/tools/definitions/workflow-create.tool.js +153 -0
- package/dist/mcp-server/tools/definitions/workflow-create.tool.js.map +1 -0
- package/dist/mcp-server/tools/definitions/workflow-get.tool.d.ts +52 -0
- package/dist/mcp-server/tools/definitions/workflow-get.tool.d.ts.map +1 -0
- package/dist/mcp-server/tools/definitions/workflow-get.tool.js +163 -0
- package/dist/mcp-server/tools/definitions/workflow-get.tool.js.map +1 -0
- package/dist/mcp-server/tools/definitions/workflow-list.tool.d.ts +28 -0
- package/dist/mcp-server/tools/definitions/workflow-list.tool.d.ts.map +1 -0
- package/dist/mcp-server/tools/definitions/workflow-list.tool.js +148 -0
- package/dist/mcp-server/tools/definitions/workflow-list.tool.js.map +1 -0
- package/dist/services/workflow-index/types.d.ts +49 -0
- package/dist/services/workflow-index/types.d.ts.map +1 -0
- package/dist/services/workflow-index/types.js +6 -0
- package/dist/services/workflow-index/types.js.map +1 -0
- package/dist/services/workflow-index/workflow-index-service.d.ts +47 -0
- package/dist/services/workflow-index/workflow-index-service.d.ts.map +1 -0
- package/dist/services/workflow-index/workflow-index-service.js +395 -0
- package/dist/services/workflow-index/workflow-index-service.js.map +1 -0
- package/package.json +103 -0
- package/server.json +129 -0
package/CLAUDE.md
ADDED
|
@@ -0,0 +1,376 @@
|
|
|
1
|
+
# Agent Protocol
|
|
2
|
+
|
|
3
|
+
**Server:** @cyanheads/workflows-mcp-server
|
|
4
|
+
**Version:** 0.1.1
|
|
5
|
+
**Framework:** [@cyanheads/mcp-ts-core](https://www.npmjs.com/package/@cyanheads/mcp-ts-core) `^0.9.11`
|
|
6
|
+
**Engines:** Bun ≥1.3.0, Node ≥24.0.0
|
|
7
|
+
**MCP SDK:** `@modelcontextprotocol/sdk` ^1.29.0
|
|
8
|
+
**Zod:** ^4.4.3
|
|
9
|
+
|
|
10
|
+
> **Read the framework docs first:** `node_modules/@cyanheads/mcp-ts-core/CLAUDE.md` contains the full API reference — builders, Context, error codes, exports, patterns. This file covers server-specific conventions only.
|
|
11
|
+
|
|
12
|
+
---
|
|
13
|
+
|
|
14
|
+
## What's Next?
|
|
15
|
+
|
|
16
|
+
When the user asks what's next or needs direction, suggest options based on the current project state. Common next steps:
|
|
17
|
+
|
|
18
|
+
1. **Re-run the `setup` skill** — ensures CLAUDE.md, skills, structure, and metadata are populated and up to date with the current codebase
|
|
19
|
+
2. **Run the `design-mcp-server` skill** — if the tool/resource surface hasn't been mapped yet, work through domain design
|
|
20
|
+
3. **Add tools/resources/prompts** — scaffold new definitions using the `add-tool`, `add-app-tool`, `add-resource`, `add-prompt` skills
|
|
21
|
+
4. **Add services** — scaffold domain service integrations using the `add-service` skill
|
|
22
|
+
5. **Add tests** — scaffold tests for existing definitions using the `add-test` skill
|
|
23
|
+
6. **Field-test definitions** — exercise tools/resources/prompts with real inputs using the `field-test` skill, get a report of issues and pain points
|
|
24
|
+
7. **Run `devcheck`** — lint, format, typecheck, and security audit
|
|
25
|
+
8. **Run the `security-pass` skill** — audit handlers for MCP-specific security gaps: output injection, scope blast radius, input sinks, tenant isolation
|
|
26
|
+
9. **Run the `polish-docs-meta` skill** — finalize README, CHANGELOG, metadata, and agent protocol for shipping
|
|
27
|
+
10. **Run the `maintenance` skill** — investigate changelogs, adopt upstream changes, and sync skills after `bun update --latest`
|
|
28
|
+
|
|
29
|
+
Tailor suggestions to what's actually missing or stale — don't recite the full list every time.
|
|
30
|
+
|
|
31
|
+
---
|
|
32
|
+
|
|
33
|
+
## Core Rules
|
|
34
|
+
|
|
35
|
+
- **Logic throws, framework catches.** Tool/resource handlers are pure — throw on failure, no `try/catch`. Plain `Error` is fine; the framework catches, classifies, and formats. Use error factories (`notFound()`, `validationError()`, etc.) when the error code matters.
|
|
36
|
+
- **Use `ctx.log`** for request-scoped logging. No `console` calls.
|
|
37
|
+
- **Use `ctx.state`** for tenant-scoped storage. Never access persistence directly.
|
|
38
|
+
- **Check `ctx.elicit` / `ctx.sample`** for presence before calling.
|
|
39
|
+
- **Secrets in env vars only** — never hardcoded.
|
|
40
|
+
- **Close the loop on issues.** When implementing work tracked by a GitHub issue, comment on the issue with what landed and close it. Do both — a comment without a close leaves stale issues open; a close without a comment leaves no record of what shipped. The comment is for future readers — state the concrete changes, not the conversation that produced them.
|
|
41
|
+
|
|
42
|
+
---
|
|
43
|
+
|
|
44
|
+
## Patterns
|
|
45
|
+
|
|
46
|
+
### Tool
|
|
47
|
+
|
|
48
|
+
```ts
|
|
49
|
+
import { tool, z } from '@cyanheads/mcp-ts-core';
|
|
50
|
+
import { JsonRpcErrorCode } from '@cyanheads/mcp-ts-core/errors';
|
|
51
|
+
import { getWorkflowIndexService } from '@/services/workflow-index/workflow-index-service.js';
|
|
52
|
+
|
|
53
|
+
export const workflowList = tool('workflow_list', {
|
|
54
|
+
description: 'List all permanent workflows in the index. Supports optional filtering by category and tags (AND match).',
|
|
55
|
+
annotations: { readOnlyHint: true, idempotentHint: true, openWorldHint: false },
|
|
56
|
+
input: z.object({
|
|
57
|
+
category: z.string().optional().describe('Filter by category (case-insensitive substring).'),
|
|
58
|
+
tags: z.array(z.string()).optional().describe('Filter to workflows that have ALL of these tags.'),
|
|
59
|
+
includeTools: z.boolean().optional().describe('When true, include unique server/tool pairs per workflow.'),
|
|
60
|
+
}),
|
|
61
|
+
output: z.object({
|
|
62
|
+
workflows: z.array(z.object({ name: z.string().describe('Workflow name.'), /* ... */ })).describe('Matching workflows.'),
|
|
63
|
+
totalCount: z.number().describe('Total number of matching workflows.'),
|
|
64
|
+
}),
|
|
65
|
+
errors: [
|
|
66
|
+
{ reason: 'index_unavailable', code: JsonRpcErrorCode.ServiceUnavailable,
|
|
67
|
+
when: 'The workflow index has not finished building yet.',
|
|
68
|
+
recovery: 'Retry after the server has finished initializing its workflow index.' },
|
|
69
|
+
],
|
|
70
|
+
handler(input, ctx) {
|
|
71
|
+
const svc = getWorkflowIndexService();
|
|
72
|
+
if (!svc.ready) throw ctx.fail('index_unavailable', 'Index not ready', ctx.recoveryFor('index_unavailable'));
|
|
73
|
+
// ... filter and return results
|
|
74
|
+
return { workflows: [], totalCount: 0 };
|
|
75
|
+
},
|
|
76
|
+
format: (result) => [{ type: 'text', text: `**Total:** ${result.totalCount}` }],
|
|
77
|
+
});
|
|
78
|
+
```
|
|
79
|
+
|
|
80
|
+
### Server config
|
|
81
|
+
|
|
82
|
+
```ts
|
|
83
|
+
// src/config/server-config.ts — lazy-parsed, separate from framework config
|
|
84
|
+
import { z } from '@cyanheads/mcp-ts-core';
|
|
85
|
+
import { parseEnvConfig } from '@cyanheads/mcp-ts-core/config';
|
|
86
|
+
|
|
87
|
+
const ServerConfigSchema = z.object({
|
|
88
|
+
workflowsDir: z
|
|
89
|
+
.string()
|
|
90
|
+
.default('./workflows-yaml')
|
|
91
|
+
.describe('Absolute or relative path to the workflows root directory'),
|
|
92
|
+
globalInstructionsPath: z
|
|
93
|
+
.string()
|
|
94
|
+
.default('')
|
|
95
|
+
.describe('Path to the global instructions markdown file. Empty string means derive from WORKFLOWS_DIR.'),
|
|
96
|
+
watcherDebounceMs: z.coerce
|
|
97
|
+
.number()
|
|
98
|
+
.default(500)
|
|
99
|
+
.describe('Milliseconds to debounce filesystem change events before rebuilding the index'),
|
|
100
|
+
});
|
|
101
|
+
|
|
102
|
+
let _config: z.infer<typeof ServerConfigSchema> | undefined;
|
|
103
|
+
export function getServerConfig() {
|
|
104
|
+
_config ??= parseEnvConfig(ServerConfigSchema, {
|
|
105
|
+
workflowsDir: 'WORKFLOWS_DIR',
|
|
106
|
+
globalInstructionsPath: 'GLOBAL_INSTRUCTIONS_PATH',
|
|
107
|
+
watcherDebounceMs: 'WATCHER_DEBOUNCE_MS',
|
|
108
|
+
});
|
|
109
|
+
return _config;
|
|
110
|
+
}
|
|
111
|
+
```
|
|
112
|
+
|
|
113
|
+
`parseEnvConfig` maps Zod schema paths → env var names so errors name the variable (`WORKFLOWS_DIR`) not the path (`workflowsDir`). Throws `ConfigurationError`, which the framework prints as a clean startup banner.
|
|
114
|
+
|
|
115
|
+
---
|
|
116
|
+
|
|
117
|
+
## Context
|
|
118
|
+
|
|
119
|
+
Handlers receive a unified `ctx` object. Key properties:
|
|
120
|
+
|
|
121
|
+
| Property | Description |
|
|
122
|
+
|:---------|:------------|
|
|
123
|
+
| `ctx.log` | Request-scoped logger — `.debug()`, `.info()`, `.notice()`, `.warning()`, `.error()`. Auto-correlates requestId, traceId, tenantId. |
|
|
124
|
+
| `ctx.signal` | `AbortSignal` for cancellation. |
|
|
125
|
+
| `ctx.requestId` | Unique request ID. |
|
|
126
|
+
| `ctx.tenantId` | Tenant ID from JWT or `'default'` for stdio. |
|
|
127
|
+
| `ctx.fail` | Typed error factory for declared error contracts — `ctx.fail('reason', msg, ctx.recoveryFor('reason'))`. |
|
|
128
|
+
|
|
129
|
+
---
|
|
130
|
+
|
|
131
|
+
## Errors
|
|
132
|
+
|
|
133
|
+
Handlers throw — the framework catches, classifies, and formats.
|
|
134
|
+
|
|
135
|
+
**Recommended: typed error contract.** Declare `errors: [{ reason, code, when, recovery, retryable? }]` on `tool()` / `resource()` to receive `ctx.fail(reason, …)` typed against the reason union. TypeScript catches typos at compile time, `data.reason` is auto-populated for observability, linter enforces conformance against the handler body. `recovery` is required descriptive metadata for the agent's next move (≥ 5 words, lint-validated); for the wire `data.recovery.hint` (mirrored into `content[]` text), pass explicitly at the throw site when dynamic context matters: `ctx.fail('reason', msg, { recovery: { hint: '...' } })`. Baseline codes (`InternalError`, `ServiceUnavailable`, `Timeout`, `ValidationError`, `SerializationError`) bubble freely and don't need declaring.
|
|
136
|
+
|
|
137
|
+
```ts
|
|
138
|
+
errors: [
|
|
139
|
+
{ reason: 'no_match', code: JsonRpcErrorCode.NotFound,
|
|
140
|
+
when: 'No item matched the query',
|
|
141
|
+
recovery: 'Broaden the query or check the spelling and try again.' },
|
|
142
|
+
],
|
|
143
|
+
async handler(input, ctx) {
|
|
144
|
+
const item = await db.find(input.id);
|
|
145
|
+
if (!item) throw ctx.fail('no_match', `No item ${input.id}`);
|
|
146
|
+
return item;
|
|
147
|
+
}
|
|
148
|
+
```
|
|
149
|
+
|
|
150
|
+
**Declare contracts inline on each tool.** The contract is part of the tool's public surface — one file should give the full picture. Don't extract a shared `errors[]` constant; per-tool repetition is the intended cost of locality.
|
|
151
|
+
|
|
152
|
+
**Fallback (no contract entry fits):** throw via factories or plain `Error`.
|
|
153
|
+
|
|
154
|
+
```ts
|
|
155
|
+
// Error factories — explicit code
|
|
156
|
+
import { notFound, serviceUnavailable } from '@cyanheads/mcp-ts-core/errors';
|
|
157
|
+
throw notFound('Item not found', { itemId });
|
|
158
|
+
throw serviceUnavailable('API unavailable', { url }, { cause: err });
|
|
159
|
+
|
|
160
|
+
// Plain Error — framework auto-classifies from message patterns
|
|
161
|
+
throw new Error('Item not found'); // → NotFound
|
|
162
|
+
throw new Error('Invalid query format'); // → ValidationError
|
|
163
|
+
|
|
164
|
+
// McpError — when no factory exists for the code
|
|
165
|
+
import { McpError, JsonRpcErrorCode } from '@cyanheads/mcp-ts-core/errors';
|
|
166
|
+
throw new McpError(JsonRpcErrorCode.DatabaseError, 'Connection failed', { pool: 'primary' });
|
|
167
|
+
```
|
|
168
|
+
|
|
169
|
+
See framework CLAUDE.md and the `api-errors` skill for the full auto-classification table, all available factories, and the contract reference.
|
|
170
|
+
|
|
171
|
+
---
|
|
172
|
+
|
|
173
|
+
## Structure
|
|
174
|
+
|
|
175
|
+
```text
|
|
176
|
+
src/
|
|
177
|
+
index.ts # createApp() entry point — registers tools, inits WorkflowIndexService
|
|
178
|
+
config/
|
|
179
|
+
server-config.ts # Server-specific env vars (WORKFLOWS_DIR, GLOBAL_INSTRUCTIONS_PATH, WATCHER_DEBOUNCE_MS)
|
|
180
|
+
services/
|
|
181
|
+
workflow-index/
|
|
182
|
+
workflow-index-service.ts # WorkflowIndexService — index build, watcher, semver lookup, write helpers
|
|
183
|
+
types.ts # ParsedWorkflow, WorkflowEntry, WorkflowIndex types
|
|
184
|
+
mcp-server/
|
|
185
|
+
tools/definitions/
|
|
186
|
+
workflow-list.tool.ts # workflow_list — list permanent workflows with filters
|
|
187
|
+
workflow-get.tool.ts # workflow_get — retrieve full workflow + global instructions
|
|
188
|
+
workflow-create.tool.ts # workflow_create — write permanent workflow YAML
|
|
189
|
+
workflow-create-temp.tool.ts # workflow_create_temp — write temporary workflow
|
|
190
|
+
index.ts # Barrel export
|
|
191
|
+
workflows-yaml/ # Workflow library root (configurable via WORKFLOWS_DIR)
|
|
192
|
+
categories/ # Permanent workflows organized by category
|
|
193
|
+
temp/ # Temporary workflows (gitignored)
|
|
194
|
+
global_instructions.md # Global instructions injected into every workflow_get response
|
|
195
|
+
_index.json # Auto-generated snapshot (gitignored)
|
|
196
|
+
```
|
|
197
|
+
|
|
198
|
+
---
|
|
199
|
+
|
|
200
|
+
## Naming
|
|
201
|
+
|
|
202
|
+
| What | Convention | Example |
|
|
203
|
+
|:-----|:-----------|:--------|
|
|
204
|
+
| Files | kebab-case with suffix | `search-docs.tool.ts` |
|
|
205
|
+
| Tool/resource/prompt names | snake_case | `search_docs` |
|
|
206
|
+
| Directories | kebab-case | `src/services/doc-search/` |
|
|
207
|
+
| Descriptions | Single string or template literal, no `+` concatenation | `'Search items by query and filter.'` |
|
|
208
|
+
|
|
209
|
+
---
|
|
210
|
+
|
|
211
|
+
## Skills
|
|
212
|
+
|
|
213
|
+
Skills are modular instructions in `skills/` at the project root. Read them directly when a task matches — e.g., `skills/add-tool/SKILL.md` when adding a tool.
|
|
214
|
+
|
|
215
|
+
**Agent skill directory:** Copy skills into the directory your agent discovers (Claude Code: `.claude/skills/`, others: equivalent). Skills then load as context without referencing `skills/` paths. After framework updates, run the `maintenance` skill — Phase B re-syncs the agent directory.
|
|
216
|
+
|
|
217
|
+
Available skills:
|
|
218
|
+
|
|
219
|
+
| Skill | Purpose |
|
|
220
|
+
|:------|:--------|
|
|
221
|
+
| `setup` | Post-init project orientation |
|
|
222
|
+
| `design-mcp-server` | Design tool surface, resources, and services for a new server |
|
|
223
|
+
| `add-tool` | Scaffold a new tool definition |
|
|
224
|
+
| `add-app-tool` | Scaffold an MCP App tool + paired UI resource |
|
|
225
|
+
| `add-resource` | Scaffold a new resource definition |
|
|
226
|
+
| `add-prompt` | Scaffold a new prompt definition |
|
|
227
|
+
| `add-service` | Scaffold a new service integration |
|
|
228
|
+
| `add-test` | Scaffold test file for a tool, resource, or service |
|
|
229
|
+
| `field-test` | Exercise tools/resources/prompts with real inputs, verify behavior, report issues |
|
|
230
|
+
| `tool-defs-analysis` | Read-only audit of MCP definition language across the surface — voice, leaks, defaults, recovery hints, output descriptions |
|
|
231
|
+
| `security-pass` | Audit server for MCP-flavored security gaps: output injection, scope blast radius, input sinks, tenant isolation |
|
|
232
|
+
| `code-simplifier` | Post-session cleanup against `git diff` — modernize syntax, consolidate duplication, align with the codebase |
|
|
233
|
+
| `devcheck` | Lint, format, typecheck, audit |
|
|
234
|
+
| `polish-docs-meta` | Finalize docs, README, metadata, and agent protocol for shipping |
|
|
235
|
+
| `git-wrapup` | Land working-tree changes as a versioned commit + annotated tag — version bump, changelog, verify, tag. Local only. |
|
|
236
|
+
| `release-and-publish` | Push + npm + MCP Registry + GH Release + Docker. Picks up from `git-wrapup` |
|
|
237
|
+
| `migrate-mcp-ts-template` | One-time migration of an existing project to the current framework template |
|
|
238
|
+
| `maintenance` | Investigate changelogs, adopt upstream changes, sync skills to agent dirs |
|
|
239
|
+
| `report-issue-framework` | File a bug or feature request against `@cyanheads/mcp-ts-core` via `gh` CLI |
|
|
240
|
+
| `report-issue-local` | File a bug or feature request against this server's own repo via `gh` CLI |
|
|
241
|
+
| `api-auth` | Auth modes, scopes, JWT/OAuth |
|
|
242
|
+
| `api-canvas` | DataCanvas: register tabular data, run SQL, export, plus the `spillover()` helper for big result sets — Tier 3 opt-in |
|
|
243
|
+
| `api-config` | AppConfig, parseConfig, env vars |
|
|
244
|
+
| `api-context` | Context interface, logger, state, progress |
|
|
245
|
+
| `api-errors` | McpError, JsonRpcErrorCode, error patterns |
|
|
246
|
+
| `api-linter` | Definition linter rule catalog — invoked by `bun run lint:mcp` and `devcheck` |
|
|
247
|
+
| `api-services` | LLM, Speech, Graph services |
|
|
248
|
+
| `api-testing` | createMockContext, test patterns |
|
|
249
|
+
| `api-utils` | Formatting, parsing, security, pagination, scheduling, telemetry helpers |
|
|
250
|
+
| `api-telemetry` | OTel catalog: spans, metrics, completion logs, env config, cardinality rules |
|
|
251
|
+
| `api-workers` | Cloudflare Workers runtime |
|
|
252
|
+
|
|
253
|
+
When you complete a skill's checklist, check the boxes and add a completion timestamp at the end (e.g., `Completed: 2026-03-11`).
|
|
254
|
+
|
|
255
|
+
---
|
|
256
|
+
|
|
257
|
+
## Commands
|
|
258
|
+
|
|
259
|
+
| Command | Purpose |
|
|
260
|
+
|:--------|:--------|
|
|
261
|
+
| `bun run build` | Compile TypeScript |
|
|
262
|
+
| `bun run rebuild` | Clean + build |
|
|
263
|
+
| `bun run clean` | Remove build artifacts |
|
|
264
|
+
| `bun run devcheck` | Lint + format + typecheck + security + changelog sync |
|
|
265
|
+
| `bun run audit:refresh` | Delete `bun.lock`, reinstall, re-audit. Use when `devcheck` flags a transitive advisory — stale lockfile can mask already-patched deps. If advisory survives, it's real. |
|
|
266
|
+
| `bun run tree` | Generate directory structure doc |
|
|
267
|
+
| `bun run format` | Auto-fix formatting |
|
|
268
|
+
| `bun run test` | Run tests |
|
|
269
|
+
| `bun run start:stdio` | Production mode (stdio) |
|
|
270
|
+
| `bun run start:http` | Production mode (HTTP) |
|
|
271
|
+
| `bun run changelog:build` | Regenerate `CHANGELOG.md` from `changelog/*.md` |
|
|
272
|
+
| `bun run changelog:check` | Verify `CHANGELOG.md` is in sync (used by devcheck) |
|
|
273
|
+
| `bun run bundle` | Build and pack as `.mcpb` for one-click Claude Desktop install |
|
|
274
|
+
|
|
275
|
+
---
|
|
276
|
+
|
|
277
|
+
## Bundling
|
|
278
|
+
|
|
279
|
+
`bun run bundle` produces a `.mcpb` extension bundle for one-click install in Claude Desktop. MCPB is stdio-only — HTTP and Cloudflare Workers deployments are unaffected. Consumers who don't need it can delete `manifest.json` and `.mcpbignore`; `lint:packaging` skips cleanly.
|
|
280
|
+
|
|
281
|
+
**Adding an env var requires both files:** `server.json` (registry discovery, `environmentVariables[]`) and `manifest.json` (bundle install UX, `mcp_config.env` + `user_config`). `lint:packaging` (run by `devcheck`) verifies the env var names match.
|
|
282
|
+
|
|
283
|
+
**README install badges.** Drop these into the project README to give users one-click install paths. Fill in `<OWNER>` / `<REPO>` / `<PACKAGE_NAME>` and encode the per-server config. Cursor + VS Code badges assume the server is published to npm; Claude Desktop downloads the `.mcpb` directly so npm publishing isn't required.
|
|
284
|
+
|
|
285
|
+
| Client | Mechanism |
|
|
286
|
+
|:-------|:----------|
|
|
287
|
+
| Claude Desktop | Browser downloads the `.mcpb` from the latest GitHub Release; OS file handler routes it to Claude Desktop, which opens the install dialog. No deep-link URL scheme yet — this is the canonical path. |
|
|
288
|
+
| Cursor | Official `https://cursor.com/en/install-mcp` endpoint with base64 JSON config. |
|
|
289
|
+
| VS Code / Insiders | Official `vscode:mcp/install?...` deep link, wrapped in `https://vscode.dev/redirect?url=` so GitHub-rendered markdown doesn't strip the non-HTTP scheme. |
|
|
290
|
+
| Claude Code / Codex | CLI only (`claude mcp add` / `codex mcp add`); no URL scheme. |
|
|
291
|
+
|
|
292
|
+
```markdown
|
|
293
|
+
[](https://github.com/<OWNER>/<REPO>/releases/latest/download/<PACKAGE_NAME>.mcpb)
|
|
294
|
+
[](https://cursor.com/en/install-mcp?name=<PACKAGE_NAME>&config=<BASE64_CONFIG>)
|
|
295
|
+
[](https://vscode.dev/redirect?url=vscode:mcp/install?<URLENCODED_JSON>)
|
|
296
|
+
```
|
|
297
|
+
|
|
298
|
+
Both install links route through HTTPS endpoints (`cursor.com/en/install-mcp` and `vscode.dev/redirect`) — GitHub-rendered markdown strips non-HTTP URL schemes from anchors, so a raw `cursor://` or `vscode:` link won't click through from github.com.
|
|
299
|
+
|
|
300
|
+
Generate the encoded configs (replace `<PACKAGE_NAME>` and add env vars for any required API keys):
|
|
301
|
+
|
|
302
|
+
```bash
|
|
303
|
+
# Cursor: base64-encoded JSON. Split command/args, add env when keys are needed.
|
|
304
|
+
echo -n '{"command":"npx","args":["-y","<PACKAGE_NAME>"],"env":{"API_KEY":"your-api-key"}}' | base64
|
|
305
|
+
# Without env (no required keys):
|
|
306
|
+
echo -n '{"command":"npx","args":["-y","<PACKAGE_NAME>"]}' | base64
|
|
307
|
+
|
|
308
|
+
# VS Code: URL-encoded JSON. Same shape plus a `name` field.
|
|
309
|
+
node -p 'encodeURIComponent(JSON.stringify({name:"<SHORT_NAME>",command:"npx",args:["-y","<PACKAGE_NAME>"],env:{API_KEY:"your-api-key"}}))'
|
|
310
|
+
# Without env:
|
|
311
|
+
node -p 'encodeURIComponent(JSON.stringify({name:"<SHORT_NAME>",command:"npx",args:["-y","<PACKAGE_NAME>"]}))'
|
|
312
|
+
```
|
|
313
|
+
|
|
314
|
+
Both clients use the same `{command, args, env}` shape (matching `mcp.json` schema). VS Code adds a top-level `name` field. Omit `env` entirely when no API keys are needed — don't include empty objects or framework-only vars like `MCP_TRANSPORT_TYPE`.
|
|
315
|
+
|
|
316
|
+
The Claude Desktop badge requires the bundle to ship with a stable filename — `bun run bundle` outputs `dist/<PACKAGE_NAME>.mcpb`, and `release-and-publish` attaches that file to the GitHub Release. `releases/latest/download/<PACKAGE_NAME>.mcpb` then redirects to the most recent release.
|
|
317
|
+
|
|
318
|
+
---
|
|
319
|
+
|
|
320
|
+
## Changelog
|
|
321
|
+
|
|
322
|
+
Directory-based, grouped by minor series via the `.x` semver-wildcard convention. Source of truth: `changelog/<major.minor>.x/<version>.md` (e.g. `changelog/0.1.x/0.1.0.md`) — one file per release, shipped in the npm package. At release, author the per-version file with a concrete version and date, then run `bun run changelog:build` to regenerate the rollup. `changelog/template.md` is a **pristine format reference** — never edited or moved; read it for the frontmatter + section layout when scaffolding. `CHANGELOG.md` is a **navigation index** (header + link + summary per version), regenerated by `bun run changelog:build` — devcheck hard-fails on drift; never hand-edit it.
|
|
323
|
+
|
|
324
|
+
Each per-version file opens with YAML frontmatter:
|
|
325
|
+
|
|
326
|
+
```markdown
|
|
327
|
+
---
|
|
328
|
+
summary: "One-line headline, ≤350 chars" # required — powers the rollup index
|
|
329
|
+
breaking: false # optional — true flags breaking changes
|
|
330
|
+
security: false # optional — true flags security fixes
|
|
331
|
+
---
|
|
332
|
+
|
|
333
|
+
# 0.1.0 — YYYY-MM-DD
|
|
334
|
+
...
|
|
335
|
+
```
|
|
336
|
+
|
|
337
|
+
`breaking: true` renders a `· ⚠️ Breaking` badge — use it when consumers must update code on upgrade (signature changes, removed APIs, config renames). `security: true` renders a `· 🛡️ Security` badge and pairs with a `## Security` body section. When both are set, badges render `· ⚠️ Breaking · 🛡️ Security`.
|
|
338
|
+
|
|
339
|
+
`agent-notes` is an optional free-form field for maintenance agents processing the release downstream. Content here won't appear in the rendered CHANGELOG — it's consumed by agents running the `maintenance` skill. Use it for adoption instructions that don't fit the human-facing sections: new files to create, fields to populate, one-time migration steps. Omit entirely when there's nothing to say.
|
|
340
|
+
|
|
341
|
+
**Section order** (Keep a Changelog): Added, Changed, Deprecated, Removed, Fixed, Security. Include only sections with entries — don't ship empty headers.
|
|
342
|
+
|
|
343
|
+
**Tag annotations** render as GitHub Release bodies via `--notes-from-tag`. They must be structured markdown — never a flat comma-separated string. Subject omits the version number (GitHub prepends it). See `changelog/template.md` for the full format reference.
|
|
344
|
+
|
|
345
|
+
---
|
|
346
|
+
|
|
347
|
+
## Imports
|
|
348
|
+
|
|
349
|
+
```ts
|
|
350
|
+
// Framework — z is re-exported, no separate zod import needed
|
|
351
|
+
import { tool, z } from '@cyanheads/mcp-ts-core';
|
|
352
|
+
import { McpError, JsonRpcErrorCode } from '@cyanheads/mcp-ts-core/errors';
|
|
353
|
+
|
|
354
|
+
// Server's own code — via path alias
|
|
355
|
+
import { getMyService } from '@/services/my-domain/my-service.js';
|
|
356
|
+
```
|
|
357
|
+
|
|
358
|
+
---
|
|
359
|
+
|
|
360
|
+
## Checklist
|
|
361
|
+
|
|
362
|
+
- [ ] Zod schemas: all fields have `.describe()`, only JSON-Schema-serializable types (no `z.custom()`, `z.date()`, `z.transform()`, `z.bigint()`, `z.symbol()`, `z.void()`, `z.map()`, `z.set()`, `z.function()`, `z.nan()`)
|
|
363
|
+
- [ ] Optional nested objects: handler guards for empty inner values from form-based clients (`if (input.obj?.field && ...)`, not just `if (input.obj)`). When regex/length constraints matter, use `z.union([z.literal(''), z.string().regex(...).describe(...)])` — literal variants are exempt from `describe-on-fields`.
|
|
364
|
+
- [ ] JSDoc `@fileoverview` + `@module` on every file
|
|
365
|
+
- [ ] `ctx.log` for logging, `ctx.state` for storage
|
|
366
|
+
- [ ] Handlers throw on failure — error factories or plain `Error`, no try/catch
|
|
367
|
+
- [ ] `format()` renders all data the LLM needs — different clients forward different surfaces (Claude Code → `structuredContent`, Claude Desktop → `content[]`); both must carry the same data
|
|
368
|
+
- [ ] If wrapping external API: raw/domain/output schemas reviewed against real upstream sparsity/nullability before finalizing required vs optional fields
|
|
369
|
+
- [ ] If wrapping external API: normalization and `format()` preserve uncertainty; do not fabricate facts from missing upstream data
|
|
370
|
+
- [ ] If wrapping external API: tests include at least one sparse payload case with omitted upstream fields
|
|
371
|
+
- [ ] Registered in `createApp()` arrays (directly or via barrel exports)
|
|
372
|
+
- [ ] Tests use `createMockContext()` from `@cyanheads/mcp-ts-core/testing`
|
|
373
|
+
- [ ] `.codex-plugin/plugin.json` populated — `name`, `version`, `description`, `repository`, `license` from `package.json`; `interface.displayName` = package name; `interface.shortDescription` from `package.json` description
|
|
374
|
+
- [ ] `.codex-plugin/mcp.json` updated — server name key matches `package.json` name; env vars added for any required API keys
|
|
375
|
+
- [ ] `.claude-plugin/plugin.json` populated — `name`, `version`, `description`, `repository`, `license` from `package.json`; inline `mcpServers` entry with server name key, env vars for any required API keys
|
|
376
|
+
- [ ] `bun run devcheck` passes
|
package/Dockerfile
ADDED
|
@@ -0,0 +1,99 @@
|
|
|
1
|
+
# ==============================================================================
|
|
2
|
+
# Build Stage
|
|
3
|
+
#
|
|
4
|
+
# This stage installs all dependencies (including dev), builds the TypeScript
|
|
5
|
+
# source code into JavaScript, and prepares the production assets.
|
|
6
|
+
# ==============================================================================
|
|
7
|
+
FROM oven/bun:1.3 AS build
|
|
8
|
+
|
|
9
|
+
WORKDIR /usr/src/app
|
|
10
|
+
|
|
11
|
+
# Copy dependency manifests for optimized layer caching
|
|
12
|
+
COPY package.json bun.lock ./
|
|
13
|
+
|
|
14
|
+
# Install all dependencies (including dev dependencies for building)
|
|
15
|
+
RUN bun install --frozen-lockfile
|
|
16
|
+
|
|
17
|
+
# Copy the rest of the source code
|
|
18
|
+
COPY . .
|
|
19
|
+
|
|
20
|
+
# Build the application
|
|
21
|
+
RUN bun run build
|
|
22
|
+
|
|
23
|
+
|
|
24
|
+
# ==============================================================================
|
|
25
|
+
# Production Stage
|
|
26
|
+
#
|
|
27
|
+
# This stage creates a minimal, optimized, and secure image for running the
|
|
28
|
+
# application. It uses a slim base image and only includes production
|
|
29
|
+
# dependencies and build artifacts.
|
|
30
|
+
# ==============================================================================
|
|
31
|
+
FROM oven/bun:1.3-slim AS production
|
|
32
|
+
|
|
33
|
+
WORKDIR /usr/src/app
|
|
34
|
+
|
|
35
|
+
# Set the environment to production for performance and to ensure only
|
|
36
|
+
# production dependencies are installed.
|
|
37
|
+
ENV NODE_ENV=production
|
|
38
|
+
|
|
39
|
+
# OCI image metadata (https://github.com/opencontainers/image-spec/blob/main/annotations.md)
|
|
40
|
+
LABEL org.opencontainers.image.title="@cyanheads/workflows-mcp-server"
|
|
41
|
+
LABEL org.opencontainers.image.description="Store, query, and create YAML workflow playbooks for LLM agents via MCP."
|
|
42
|
+
LABEL org.opencontainers.image.source="https://github.com/cyanheads/workflows-mcp-server"
|
|
43
|
+
LABEL org.opencontainers.image.licenses="Apache-2.0"
|
|
44
|
+
|
|
45
|
+
# Copy dependency manifests
|
|
46
|
+
COPY package.json bun.lock ./
|
|
47
|
+
|
|
48
|
+
# Install only production dependencies, ignoring any lifecycle scripts (like 'prepare')
|
|
49
|
+
# that are not needed in the final production image.
|
|
50
|
+
RUN bun install --production --frozen-lockfile --ignore-scripts
|
|
51
|
+
|
|
52
|
+
# Conditionally install OpenTelemetry optional peer dependencies (Tier 3).
|
|
53
|
+
# These are not bundled by default to keep the base image lean. Enable at build time
|
|
54
|
+
# with: docker build --build-arg OTEL_ENABLED=true
|
|
55
|
+
ARG OTEL_ENABLED=true
|
|
56
|
+
RUN if [ "$OTEL_ENABLED" = "true" ]; then \
|
|
57
|
+
bun add @hono/otel \
|
|
58
|
+
@opentelemetry/instrumentation-http \
|
|
59
|
+
@opentelemetry/exporter-metrics-otlp-http \
|
|
60
|
+
@opentelemetry/exporter-trace-otlp-http \
|
|
61
|
+
@opentelemetry/instrumentation-pino \
|
|
62
|
+
@opentelemetry/resources \
|
|
63
|
+
@opentelemetry/sdk-metrics \
|
|
64
|
+
@opentelemetry/sdk-node \
|
|
65
|
+
@opentelemetry/sdk-trace-node \
|
|
66
|
+
@opentelemetry/semantic-conventions; \
|
|
67
|
+
fi
|
|
68
|
+
|
|
69
|
+
# Copy the compiled application code from the build stage
|
|
70
|
+
COPY --from=build /usr/src/app/dist ./dist
|
|
71
|
+
|
|
72
|
+
# The 'oven/bun' image already provides a non-root user named 'bun'.
|
|
73
|
+
# We will use this existing user for enhanced security.
|
|
74
|
+
|
|
75
|
+
# Create and set permissions for the log directory, assigning ownership to the 'bun' user.
|
|
76
|
+
RUN mkdir -p /var/log/workflows-mcp-server && chown -R bun:bun /var/log/workflows-mcp-server
|
|
77
|
+
|
|
78
|
+
# Switch to the non-root user
|
|
79
|
+
USER bun
|
|
80
|
+
|
|
81
|
+
# Define an argument for the port, allowing it to be overridden at build time.
|
|
82
|
+
# The `PORT` variable is often injected by cloud environments at runtime.
|
|
83
|
+
ARG PORT
|
|
84
|
+
|
|
85
|
+
# Set runtime environment variables
|
|
86
|
+
# Note: PORT is an automatic variable in many cloud environments (e.g., Cloud Run)
|
|
87
|
+
ENV MCP_HTTP_PORT=${PORT:-3010}
|
|
88
|
+
ENV MCP_HTTP_HOST="0.0.0.0"
|
|
89
|
+
ENV MCP_TRANSPORT_TYPE="http"
|
|
90
|
+
ENV MCP_SESSION_MODE="stateless"
|
|
91
|
+
ENV MCP_LOG_LEVEL="info"
|
|
92
|
+
ENV LOGS_DIR="/var/log/workflows-mcp-server"
|
|
93
|
+
ENV MCP_FORCE_CONSOLE_LOGGING="true"
|
|
94
|
+
|
|
95
|
+
# Expose the port the server listens on
|
|
96
|
+
EXPOSE ${MCP_HTTP_PORT}
|
|
97
|
+
|
|
98
|
+
# The command to start the server
|
|
99
|
+
CMD ["bun", "run", "dist/index.js"]
|