@deadragdoll/tellymcp 0.0.13 → 0.0.15
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.env.example.client +23 -39
- package/.env.example.gateway +52 -61
- package/CHANGELOG.md +57 -0
- package/README-ru.md +80 -6
- package/README.md +80 -6
- package/TOOLS.md +219 -10
- package/config/templates/env.both.template +19 -7
- package/config/templates/env.client.template +9 -19
- package/config/templates/env.gateway.template +19 -31
- package/dist/cli.js +252 -47
- package/dist/configureServer.js +966 -0
- package/dist/envMigration.js +316 -0
- package/dist/moleculer.config.js +1 -3
- package/dist/services/features/telegram-mcp/approval.service.js +1 -1
- package/dist/services/features/telegram-mcp/browser.service.js +18 -0
- package/dist/services/features/telegram-mcp/collaboration.service.js +2 -2
- package/dist/services/features/telegram-mcp/ensuredb.service.js +1 -1
- package/dist/services/features/telegram-mcp/file-content.service.js +94 -0
- package/dist/services/features/telegram-mcp/gateway-delivery.service.js +5 -1
- package/dist/services/features/telegram-mcp/gateway-socket.service.js +43 -11
- package/dist/services/features/telegram-mcp/gateway.service.js +1 -1
- package/dist/services/features/telegram-mcp/mcp-http.service.js +1 -0
- package/dist/services/features/telegram-mcp/mcp-server.service.js +20 -0
- package/dist/services/features/telegram-mcp/session-context.service.js +25 -1
- package/dist/services/features/telegram-mcp/src/app/bootstrap/runtime.js +79 -67
- package/dist/services/features/telegram-mcp/src/app/config/env.js +129 -38
- package/dist/services/features/telegram-mcp/src/app/config/environmentContract.js +66 -0
- package/dist/services/features/telegram-mcp/src/app/http.js +139 -99
- package/dist/services/features/telegram-mcp/src/app/oauthFacade.js +642 -0
- package/dist/services/features/telegram-mcp/src/app/webapp/assets.js +151 -170
- package/dist/services/features/telegram-mcp/src/app/webapp/auth.js +96 -99
- package/dist/services/features/telegram-mcp/src/entities/request/model/schema.js +88 -19
- package/dist/services/features/telegram-mcp/src/features/browser/model/browserAttachActiveTabTool.js +28 -0
- package/dist/services/features/telegram-mcp/src/features/browser/model/browserAttachTabTool.js +28 -0
- package/dist/services/features/telegram-mcp/src/features/browser/model/browserDetachTabTool.js +28 -0
- package/dist/services/features/telegram-mcp/src/features/browser/model/browserListAttachedInstancesTool.js +1 -1
- package/dist/services/features/telegram-mcp/src/features/browser/model/browserListTabsTool.js +1 -1
- package/dist/services/features/telegram-mcp/src/features/browser/model/browserService.js +412 -29
- package/dist/services/features/telegram-mcp/src/features/browser-attach/model/browserRecordingBundle.js +37 -3
- package/dist/services/features/telegram-mcp/src/features/browser-attach/model/firefoxAttachRegistry.js +7 -6
- package/dist/services/features/telegram-mcp/src/features/browser-attach/model/firefoxAttachServer.js +214 -37
- package/dist/services/features/telegram-mcp/src/features/browser-attach/model/types.js +186 -0
- package/dist/services/features/telegram-mcp/src/features/collaboration/model/collaborationService.js +2 -0
- package/dist/services/features/telegram-mcp/src/features/collaboration/model/gatewaySessionsService.js +5 -5
- package/dist/services/features/telegram-mcp/src/features/collaboration/model/sendPartnerFileService.js +6 -3
- package/dist/services/features/telegram-mcp/src/features/distributed-client/model/gatewayClientAccess.js +5 -2
- package/dist/services/features/telegram-mcp/src/features/distributed-client/model/gatewayCollaborationBackend.js +4 -4
- package/dist/services/features/telegram-mcp/src/features/distributed-gateway/model/gatewayHttpService.js +33 -36
- package/dist/services/features/telegram-mcp/src/features/distributed-gateway/model/remoteConsoleActionClient.js +4 -3
- package/dist/services/features/telegram-mcp/src/features/file-content/model/getFileListTool.js +33 -0
- package/dist/services/features/telegram-mcp/src/features/file-content/model/getFileService.js +327 -0
- package/dist/services/features/telegram-mcp/src/features/file-content/model/getFileTool.js +81 -0
- package/dist/services/features/telegram-mcp/src/features/file-content/model/temporaryFileLinkStore.js +307 -0
- package/dist/services/features/telegram-mcp/src/features/file-content/model/workspaceFilePolicy.js +115 -0
- package/dist/services/features/telegram-mcp/src/features/notify/model/notifyService.js +9 -5
- package/dist/services/features/telegram-mcp/src/features/session-context/model/getRuntimeDiagnosticsTool.js +30 -0
- package/dist/services/features/telegram-mcp/src/features/session-context/model/sessionContextService.js +169 -7
- package/dist/services/features/telegram-mcp/src/shared/integrations/memory/processLocalStateStore.js +260 -0
- package/dist/services/features/telegram-mcp/src/shared/integrations/object-storage/minioExchangeStore.js +1 -1
- package/dist/services/features/telegram-mcp/src/shared/integrations/telegram/transport.js +4 -1
- package/dist/services/features/telegram-mcp/src/shared/integrations/telegram/transportConsoleRegistry.js +2 -2
- package/dist/services/features/telegram-mcp/src/shared/integrations/telegram/transportFileHandoffActions.js +6 -3
- package/dist/services/features/telegram-mcp/src/shared/integrations/telegram/transportMessageFlow.js +1 -1
- package/dist/services/features/telegram-mcp/src/shared/integrations/telegram/transportProjectState.js +2 -2
- package/dist/services/features/telegram-mcp/src/shared/integrations/terminal/client.js +29 -6
- package/dist/services/features/telegram-mcp/src/shared/integrations/terminal/ptyRegistry.js +100 -2
- package/dist/services/features/telegram-mcp/src/shared/lib/bodyLimits.js +63 -0
- package/dist/services/features/telegram-mcp/src/shared/lib/gatewayAuth.js +13 -0
- package/dist/services/features/telegram-mcp/src/shared/lib/gatewayScope.js +5 -5
- package/dist/services/features/telegram-mcp/src/shared/lib/project-identity/projectIdentity.js +10 -0
- package/dist/services/features/telegram-mcp/src/shared/lib/time/localTimestamp.js +21 -0
- package/docs/CHAT_CONNECTOR.md +134 -0
- package/docs/STANDALONE-ru.md +41 -3
- package/docs/STANDALONE.md +41 -3
- package/package.json +5 -3
- package/packages/chrome-attach-extension/dist/background.js +572 -163
- package/packages/chrome-attach-extension/dist/manifest.json +2 -1
- package/packages/chrome-attach-extension/dist/options.js +15 -2
- package/packages/chrome-attach-extension/dist/recorder-content.js +14 -1
- package/packages/chrome-attach-extension/dist/recorder-page.js +34 -18
- package/packages/firefox-attach-extension/dist/background.js +413 -33
- package/packages/firefox-attach-extension/dist/manifest.json +0 -12
- package/packages/firefox-attach-extension/dist/options.js +14 -1
- package/packages/firefox-attach-extension/dist/recorder-content.js +14 -1
- package/packages/firefox-attach-extension/dist/recorder-page.js +34 -18
- package/scripts/postinstall.js +33 -1
|
@@ -54,6 +54,8 @@ exports.resizePtyTarget = resizePtyTarget;
|
|
|
54
54
|
exports.subscribePtyTarget = subscribePtyTarget;
|
|
55
55
|
exports.stopPtyTarget = stopPtyTarget;
|
|
56
56
|
exports.stopAllPtyTargets = stopAllPtyTargets;
|
|
57
|
+
const node_fs_1 = __importDefault(require("node:fs"));
|
|
58
|
+
const node_os_1 = __importDefault(require("node:os"));
|
|
57
59
|
const node_path_1 = __importDefault(require("node:path"));
|
|
58
60
|
const node_pty_1 = require("node-pty");
|
|
59
61
|
const XtermHeadless = __importStar(require("@xterm/headless"));
|
|
@@ -73,6 +75,97 @@ function buildExitLine(record) {
|
|
|
73
75
|
}
|
|
74
76
|
return `${parts.join(" ")}]`;
|
|
75
77
|
}
|
|
78
|
+
function sanitizeFileNameSegment(value) {
|
|
79
|
+
const sanitized = value.trim().replace(/[^a-zA-Z0-9._-]+/gu, "-");
|
|
80
|
+
return sanitized || "session";
|
|
81
|
+
}
|
|
82
|
+
function shellSingleQuote(value) {
|
|
83
|
+
return `'${value.replace(/'/gu, `'\\''`)}'`;
|
|
84
|
+
}
|
|
85
|
+
function buildContextPromptPrefix(record) {
|
|
86
|
+
return `[TELLY ${record.sessionId}]`;
|
|
87
|
+
}
|
|
88
|
+
function buildContextEnv(record) {
|
|
89
|
+
return {
|
|
90
|
+
...process.env,
|
|
91
|
+
TELLYMCP_TERMINAL_CONTEXT: "1",
|
|
92
|
+
TELLYMCP_SESSION_ID: record.sessionId,
|
|
93
|
+
TELLYMCP_TERMINAL_TARGET: record.target,
|
|
94
|
+
TELLYMCP_TERMINAL_CWD: record.cwd,
|
|
95
|
+
};
|
|
96
|
+
}
|
|
97
|
+
function prepareBashLaunch(record) {
|
|
98
|
+
const tempDir = node_fs_1.default.mkdtempSync(node_path_1.default.join(node_os_1.default.tmpdir(), "tellymcp-pty-bash-"));
|
|
99
|
+
const rcPath = node_path_1.default.join(tempDir, `${sanitizeFileNameSegment(record.sessionId)}.bashrc`);
|
|
100
|
+
const promptPrefix = buildContextPromptPrefix(record);
|
|
101
|
+
const script = [
|
|
102
|
+
'if [ -r "$HOME/.profile" ]; then . "$HOME/.profile"; fi',
|
|
103
|
+
'if [ -r "$HOME/.bashrc" ]; then . "$HOME/.bashrc"; fi',
|
|
104
|
+
`export TELLYMCP_TERMINAL_CONTEXT=${shellSingleQuote("1")}`,
|
|
105
|
+
`export TELLYMCP_SESSION_ID=${shellSingleQuote(record.sessionId)}`,
|
|
106
|
+
`export TELLYMCP_TERMINAL_TARGET=${shellSingleQuote(record.target)}`,
|
|
107
|
+
`export TELLYMCP_TERMINAL_CWD=${shellSingleQuote(record.cwd)}`,
|
|
108
|
+
`PS1=${shellSingleQuote(`${promptPrefix} \\u@\\h:\\w\\$ `)}`,
|
|
109
|
+
].join("\n");
|
|
110
|
+
node_fs_1.default.writeFileSync(rcPath, `${script}\n`, "utf8");
|
|
111
|
+
return {
|
|
112
|
+
args: ["--rcfile", rcPath, "-i"],
|
|
113
|
+
env: buildContextEnv(record),
|
|
114
|
+
tempPaths: [tempDir],
|
|
115
|
+
};
|
|
116
|
+
}
|
|
117
|
+
function prepareZshLaunch(record) {
|
|
118
|
+
const tempDir = node_fs_1.default.mkdtempSync(node_path_1.default.join(node_os_1.default.tmpdir(), "tellymcp-pty-zsh-"));
|
|
119
|
+
const promptPrefix = buildContextPromptPrefix(record);
|
|
120
|
+
node_fs_1.default.writeFileSync(node_path_1.default.join(tempDir, ".zshenv"), [
|
|
121
|
+
'if [[ -r "$HOME/.zshenv" ]]; then source "$HOME/.zshenv"; fi',
|
|
122
|
+
`export TELLYMCP_TERMINAL_CONTEXT=${shellSingleQuote("1")}`,
|
|
123
|
+
`export TELLYMCP_SESSION_ID=${shellSingleQuote(record.sessionId)}`,
|
|
124
|
+
`export TELLYMCP_TERMINAL_TARGET=${shellSingleQuote(record.target)}`,
|
|
125
|
+
`export TELLYMCP_TERMINAL_CWD=${shellSingleQuote(record.cwd)}`,
|
|
126
|
+
"",
|
|
127
|
+
].join("\n"), "utf8");
|
|
128
|
+
node_fs_1.default.writeFileSync(node_path_1.default.join(tempDir, ".zshrc"), [
|
|
129
|
+
'if [[ -r "$HOME/.zprofile" ]]; then source "$HOME/.zprofile"; fi',
|
|
130
|
+
'if [[ -r "$HOME/.zshrc" ]]; then source "$HOME/.zshrc"; fi',
|
|
131
|
+
`PROMPT=${shellSingleQuote(`${promptPrefix} %n@%m:%~%# `)}`,
|
|
132
|
+
"RPROMPT=''",
|
|
133
|
+
"",
|
|
134
|
+
].join("\n"), "utf8");
|
|
135
|
+
return {
|
|
136
|
+
args: ["-i"],
|
|
137
|
+
env: {
|
|
138
|
+
...buildContextEnv(record),
|
|
139
|
+
ZDOTDIR: tempDir,
|
|
140
|
+
},
|
|
141
|
+
tempPaths: [tempDir],
|
|
142
|
+
};
|
|
143
|
+
}
|
|
144
|
+
function prepareShellLaunch(record) {
|
|
145
|
+
const shellName = getShellDisplayName(record.shell).toLowerCase();
|
|
146
|
+
if (shellName === "bash") {
|
|
147
|
+
return prepareBashLaunch(record);
|
|
148
|
+
}
|
|
149
|
+
if (shellName === "zsh") {
|
|
150
|
+
return prepareZshLaunch(record);
|
|
151
|
+
}
|
|
152
|
+
return {
|
|
153
|
+
args: [],
|
|
154
|
+
env: buildContextEnv(record),
|
|
155
|
+
tempPaths: [],
|
|
156
|
+
};
|
|
157
|
+
}
|
|
158
|
+
function cleanupRecordTempPaths(record) {
|
|
159
|
+
for (const tempPath of record.tempPaths) {
|
|
160
|
+
try {
|
|
161
|
+
node_fs_1.default.rmSync(tempPath, { recursive: true, force: true });
|
|
162
|
+
}
|
|
163
|
+
catch {
|
|
164
|
+
// ignore cleanup failures
|
|
165
|
+
}
|
|
166
|
+
}
|
|
167
|
+
record.tempPaths = [];
|
|
168
|
+
}
|
|
76
169
|
function createHeadlessTerminal(config) {
|
|
77
170
|
return new XtermHeadless.Terminal({
|
|
78
171
|
cols: config.cols,
|
|
@@ -97,13 +190,16 @@ function createSessionRecord(config, input) {
|
|
|
97
190
|
pendingWrite: Promise.resolve(),
|
|
98
191
|
pty: null,
|
|
99
192
|
exited: false,
|
|
193
|
+
tempPaths: [],
|
|
100
194
|
};
|
|
101
|
-
const
|
|
195
|
+
const launch = prepareShellLaunch(record);
|
|
196
|
+
record.tempPaths = [...launch.tempPaths];
|
|
197
|
+
const pty = (0, node_pty_1.spawn)(record.shell, launch.args, {
|
|
102
198
|
name: "xterm-color",
|
|
103
199
|
cols: record.cols,
|
|
104
200
|
rows: record.rows,
|
|
105
201
|
cwd: record.cwd,
|
|
106
|
-
env:
|
|
202
|
+
env: launch.env,
|
|
107
203
|
});
|
|
108
204
|
pty.onData((data) => {
|
|
109
205
|
record.pendingWrite = record.pendingWrite.then(() => new Promise((resolve) => {
|
|
@@ -115,6 +211,7 @@ function createSessionRecord(config, input) {
|
|
|
115
211
|
record.exited = true;
|
|
116
212
|
record.exitCode = exitCode;
|
|
117
213
|
record.signal = signal;
|
|
214
|
+
cleanupRecordTempPaths(record);
|
|
118
215
|
record.pendingWrite = record.pendingWrite.then(() => new Promise((resolve) => {
|
|
119
216
|
record.terminal.writeln(buildExitLine(record), resolve);
|
|
120
217
|
}));
|
|
@@ -533,6 +630,7 @@ function stopPtyTarget(target) {
|
|
|
533
630
|
record.pty?.kill();
|
|
534
631
|
record.pty = null;
|
|
535
632
|
record.exited = true;
|
|
633
|
+
cleanupRecordTempPaths(record);
|
|
536
634
|
record.terminal.dispose();
|
|
537
635
|
return true;
|
|
538
636
|
}
|
|
@@ -0,0 +1,63 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.readLimitedJsonBody = exports.assertSerializedBodySize = exports.assertStringBodySize = exports.assertBodySize = exports.isBodySizeLimitError = exports.BodySizeLimitError = exports.MAX_BASE64_SOURCE_SIZE_BYTES = exports.MAX_BODY_SIZE_BYTES = exports.MAX_BODY_SIZE = void 0;
|
|
4
|
+
exports.MAX_BODY_SIZE = 16;
|
|
5
|
+
exports.MAX_BODY_SIZE_BYTES = exports.MAX_BODY_SIZE * 1024 * 1024;
|
|
6
|
+
exports.MAX_BASE64_SOURCE_SIZE_BYTES = Math.floor((exports.MAX_BODY_SIZE_BYTES * 3) / 4);
|
|
7
|
+
class BodySizeLimitError extends Error {
|
|
8
|
+
actualBytes;
|
|
9
|
+
maxBytes;
|
|
10
|
+
statusCode = 413;
|
|
11
|
+
constructor(actualBytes, maxBytes = exports.MAX_BODY_SIZE_BYTES) {
|
|
12
|
+
const maxMiB = maxBytes / (1024 * 1024);
|
|
13
|
+
super(`Body size ${actualBytes} bytes exceeds the ${maxMiB} MiB limit.`);
|
|
14
|
+
this.actualBytes = actualBytes;
|
|
15
|
+
this.maxBytes = maxBytes;
|
|
16
|
+
this.name = "BodySizeLimitError";
|
|
17
|
+
}
|
|
18
|
+
}
|
|
19
|
+
exports.BodySizeLimitError = BodySizeLimitError;
|
|
20
|
+
const isBodySizeLimitError = (error) => error instanceof BodySizeLimitError;
|
|
21
|
+
exports.isBodySizeLimitError = isBodySizeLimitError;
|
|
22
|
+
const assertBodySize = (actualBytes, maxBytes = exports.MAX_BODY_SIZE_BYTES) => {
|
|
23
|
+
if (actualBytes > maxBytes) {
|
|
24
|
+
throw new BodySizeLimitError(actualBytes, maxBytes);
|
|
25
|
+
}
|
|
26
|
+
};
|
|
27
|
+
exports.assertBodySize = assertBodySize;
|
|
28
|
+
const assertStringBodySize = (value, maxBytes = exports.MAX_BODY_SIZE_BYTES) => {
|
|
29
|
+
(0, exports.assertBodySize)(Buffer.byteLength(value, "utf8"), maxBytes);
|
|
30
|
+
};
|
|
31
|
+
exports.assertStringBodySize = assertStringBodySize;
|
|
32
|
+
const assertSerializedBodySize = (value) => {
|
|
33
|
+
if (value === undefined) {
|
|
34
|
+
return;
|
|
35
|
+
}
|
|
36
|
+
(0, exports.assertStringBodySize)(JSON.stringify(value));
|
|
37
|
+
};
|
|
38
|
+
exports.assertSerializedBodySize = assertSerializedBodySize;
|
|
39
|
+
const readLimitedJsonBody = async (req) => {
|
|
40
|
+
const contentLength = req.headers["content-length"];
|
|
41
|
+
if (typeof contentLength === "string" && /^\d+$/u.test(contentLength)) {
|
|
42
|
+
(0, exports.assertBodySize)(Number(contentLength));
|
|
43
|
+
}
|
|
44
|
+
const chunks = [];
|
|
45
|
+
let totalBytes = 0;
|
|
46
|
+
for await (const chunk of req) {
|
|
47
|
+
const buffer = Buffer.isBuffer(chunk)
|
|
48
|
+
? chunk
|
|
49
|
+
: Buffer.from(chunk);
|
|
50
|
+
totalBytes += buffer.byteLength;
|
|
51
|
+
(0, exports.assertBodySize)(totalBytes);
|
|
52
|
+
chunks.push(buffer);
|
|
53
|
+
}
|
|
54
|
+
if (chunks.length === 0) {
|
|
55
|
+
return undefined;
|
|
56
|
+
}
|
|
57
|
+
const raw = Buffer.concat(chunks, totalBytes).toString("utf8").trim();
|
|
58
|
+
if (!raw) {
|
|
59
|
+
return undefined;
|
|
60
|
+
}
|
|
61
|
+
return JSON.parse(raw);
|
|
62
|
+
};
|
|
63
|
+
exports.readLimitedJsonBody = readLimitedJsonBody;
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.isGatewayAuthorizationValid = isGatewayAuthorizationValid;
|
|
4
|
+
const node_crypto_1 = require("node:crypto");
|
|
5
|
+
function digest(value) {
|
|
6
|
+
return (0, node_crypto_1.createHash)("sha256").update(value, "utf8").digest();
|
|
7
|
+
}
|
|
8
|
+
function isGatewayAuthorizationValid(authorization, authToken) {
|
|
9
|
+
if (typeof authorization !== "string" || !authToken) {
|
|
10
|
+
return false;
|
|
11
|
+
}
|
|
12
|
+
return (0, node_crypto_1.timingSafeEqual)(digest(authorization), digest(`Bearer ${authToken}`));
|
|
13
|
+
}
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.normalizeGatewayToken = normalizeGatewayToken;
|
|
4
|
-
exports.
|
|
4
|
+
exports.gatewayScopeTokenToScopeKey = gatewayScopeTokenToScopeKey;
|
|
5
5
|
exports.resolveGatewayScopeKey = resolveGatewayScopeKey;
|
|
6
6
|
const node_crypto_1 = require("node:crypto");
|
|
7
7
|
function normalizeGatewayToken(value) {
|
|
@@ -11,13 +11,13 @@ function normalizeGatewayToken(value) {
|
|
|
11
11
|
const token = value.trim();
|
|
12
12
|
return token ? token : null;
|
|
13
13
|
}
|
|
14
|
-
function
|
|
14
|
+
function gatewayScopeTokenToScopeKey(token) {
|
|
15
15
|
return (0, node_crypto_1.createHash)("sha256").update(token).digest("hex");
|
|
16
16
|
}
|
|
17
17
|
function resolveGatewayScopeKey(input) {
|
|
18
|
-
const
|
|
19
|
-
if (
|
|
20
|
-
return
|
|
18
|
+
const gatewayScopeToken = normalizeGatewayToken(input.gateway_token);
|
|
19
|
+
if (gatewayScopeToken) {
|
|
20
|
+
return gatewayScopeTokenToScopeKey(gatewayScopeToken);
|
|
21
21
|
}
|
|
22
22
|
const scopeKey = normalizeGatewayToken(input.scope_key);
|
|
23
23
|
return scopeKey;
|
package/dist/services/features/telegram-mcp/src/shared/lib/project-identity/projectIdentity.js
CHANGED
|
@@ -117,6 +117,10 @@ function readSessionMarkerState(inputCwd, logger) {
|
|
|
117
117
|
parsed.last_notified_tools_hash.trim()
|
|
118
118
|
? { lastNotifiedToolsHash: parsed.last_notified_tools_hash.trim() }
|
|
119
119
|
: {}),
|
|
120
|
+
...(typeof parsed.gateway_client_uuid === "string" &&
|
|
121
|
+
parsed.gateway_client_uuid.trim()
|
|
122
|
+
? { gatewayClientUuid: parsed.gateway_client_uuid.trim() }
|
|
123
|
+
: {}),
|
|
120
124
|
...(typeof parsed.updated_at === "string" && parsed.updated_at.trim()
|
|
121
125
|
? { updatedAt: parsed.updated_at.trim() }
|
|
122
126
|
: {}),
|
|
@@ -166,6 +170,12 @@ function writeSessionMarkerState(input) {
|
|
|
166
170
|
: current?.lastNotifiedToolsHash
|
|
167
171
|
? { last_notified_tools_hash: current.lastNotifiedToolsHash }
|
|
168
172
|
: {}),
|
|
173
|
+
...(typeof input.gatewayClientUuid === "string" &&
|
|
174
|
+
input.gatewayClientUuid.trim()
|
|
175
|
+
? { gateway_client_uuid: input.gatewayClientUuid.trim() }
|
|
176
|
+
: current?.gatewayClientUuid
|
|
177
|
+
? { gateway_client_uuid: current.gatewayClientUuid }
|
|
178
|
+
: {}),
|
|
169
179
|
created_at: now,
|
|
170
180
|
updated_at: now,
|
|
171
181
|
...(current ? { first_seen_local_session_id: current.localSessionId } : {}),
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.formatLocalTimestamp = formatLocalTimestamp;
|
|
4
|
+
exports.formatLocalDateSegment = formatLocalDateSegment;
|
|
5
|
+
exports.formatLocalTimeSegment = formatLocalTimeSegment;
|
|
6
|
+
exports.formatLocalTimestampForFileName = formatLocalTimestampForFileName;
|
|
7
|
+
function padNumber(value, length = 2) {
|
|
8
|
+
return String(value).padStart(length, "0");
|
|
9
|
+
}
|
|
10
|
+
function formatLocalTimestamp(date = new Date()) {
|
|
11
|
+
return `${date.getFullYear()}-${padNumber(date.getMonth() + 1)}-${padNumber(date.getDate())}T${padNumber(date.getHours())}:${padNumber(date.getMinutes())}:${padNumber(date.getSeconds())}.${padNumber(date.getMilliseconds(), 3)}`;
|
|
12
|
+
}
|
|
13
|
+
function formatLocalDateSegment(date = new Date()) {
|
|
14
|
+
return `${date.getFullYear()}-${padNumber(date.getMonth() + 1)}-${padNumber(date.getDate())}`;
|
|
15
|
+
}
|
|
16
|
+
function formatLocalTimeSegment(date = new Date()) {
|
|
17
|
+
return `${padNumber(date.getHours())}-${padNumber(date.getMinutes())}-${padNumber(date.getSeconds())}`;
|
|
18
|
+
}
|
|
19
|
+
function formatLocalTimestampForFileName(date = new Date()) {
|
|
20
|
+
return formatLocalTimestamp(date).replace(/[:.]/gu, "-");
|
|
21
|
+
}
|
|
@@ -0,0 +1,134 @@
|
|
|
1
|
+
# ChatGPT and Claude connector
|
|
2
|
+
|
|
3
|
+
TellyMCP can expose its Streamable HTTP MCP endpoint to ChatGPT and Claude
|
|
4
|
+
through an OAuth 2.0 authorization-code facade with PKCE. The facade coexists
|
|
5
|
+
with `MCP_HTTP_BEARER_TOKEN`; existing internal clients can continue to use the
|
|
6
|
+
static bearer token.
|
|
7
|
+
|
|
8
|
+
## Configure the gateway
|
|
9
|
+
|
|
10
|
+
Add the following to the gateway environment file:
|
|
11
|
+
|
|
12
|
+
```bash
|
|
13
|
+
TELLYMCP_PUBLIC_URL=https://mcp.example.com/api
|
|
14
|
+
TELLYMCP_OAUTH_ISSUER=https://mcp.example.com/api
|
|
15
|
+
TELLYMCP_OAUTH_AUDIENCE=https://mcp.example.com/api
|
|
16
|
+
TELLYMCP_MAGIC_TOKEN=replace_with_a_private_human_login_token
|
|
17
|
+
TELLYMCP_OAUTH_PRIVATE_KEY_PEM="-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----\n"
|
|
18
|
+
```
|
|
19
|
+
|
|
20
|
+
Generate the stable signing key with:
|
|
21
|
+
|
|
22
|
+
```bash
|
|
23
|
+
tellymcp oauth key
|
|
24
|
+
```
|
|
25
|
+
|
|
26
|
+
The command prints a dotenv-ready `TELLYMCP_OAUTH_PRIVATE_KEY_PEM` assignment.
|
|
27
|
+
If the private key is omitted, TellyMCP generates an ephemeral key and existing
|
|
28
|
+
OAuth access tokens stop working after a restart.
|
|
29
|
+
|
|
30
|
+
For a hashed magic token, configure
|
|
31
|
+
`TELLYMCP_MAGIC_TOKEN_HASH=sha256:<64-hex-digest>` instead of the raw token.
|
|
32
|
+
Never configure both forms.
|
|
33
|
+
|
|
34
|
+
Optional restrictions:
|
|
35
|
+
|
|
36
|
+
```bash
|
|
37
|
+
TELLYMCP_OAUTH_CLIENT_ID=tellymcp
|
|
38
|
+
TELLYMCP_OAUTH_CLIENT_SECRET=replace_with_client_secret
|
|
39
|
+
TELLYMCP_ALLOWED_REDIRECT_URIS=https://chatgpt.com/connector/oauth/...,https://claude.ai/api/mcp/auth_callback
|
|
40
|
+
TELLYMCP_AUTH_CODE_TTL_SECONDS=300
|
|
41
|
+
TELLYMCP_OAUTH_SCOPES=tellymcp:read tellymcp:write
|
|
42
|
+
TELLYMCP_OAUTH_KEY_ID=tellymcp-oauth
|
|
43
|
+
```
|
|
44
|
+
|
|
45
|
+
OAuth is enabled when a connector identity, credential, redirect, or signing-key
|
|
46
|
+
setting is present. `TELLYMCP_PUBLIC_URL` and one magic-token form are then
|
|
47
|
+
required. Redirect URIs are matched exactly when the allowlist is configured.
|
|
48
|
+
|
|
49
|
+
## Reverse proxy
|
|
50
|
+
|
|
51
|
+
Proxy all `/api/` routes to TellyMCP and disable response buffering on
|
|
52
|
+
`/api/mcp`. Claude also needs root path-insertion discovery routes such as:
|
|
53
|
+
|
|
54
|
+
```text
|
|
55
|
+
/.well-known/oauth-authorization-server/api
|
|
56
|
+
/.well-known/openid-configuration/api
|
|
57
|
+
/.well-known/oauth-protected-resource/api/mcp
|
|
58
|
+
```
|
|
59
|
+
|
|
60
|
+
The complete Nginx example is in `docs/tellymcp.gw.conf`.
|
|
61
|
+
|
|
62
|
+
## Connect the chat host
|
|
63
|
+
|
|
64
|
+
Use the concrete MCP endpoint in the host's `Connection` field:
|
|
65
|
+
|
|
66
|
+
```text
|
|
67
|
+
https://mcp.example.com/api/mcp
|
|
68
|
+
```
|
|
69
|
+
|
|
70
|
+
Do not enter `https://mcp.example.com/api` as the connection URL. That URL is
|
|
71
|
+
the OAuth issuer/audience base, not an MCP endpoint. With the correct
|
|
72
|
+
connection URL, discovery may legitimately show two related resources:
|
|
73
|
+
|
|
74
|
+
```text
|
|
75
|
+
OAuth issuer/audience: https://mcp.example.com/api
|
|
76
|
+
MCP resource: https://mcp.example.com/api/mcp
|
|
77
|
+
```
|
|
78
|
+
|
|
79
|
+
For the production deployment used while implementing this feature, the
|
|
80
|
+
working ChatGPT values are:
|
|
81
|
+
|
|
82
|
+
```text
|
|
83
|
+
Connection: https://drd.undoo.ru/api/mcp
|
|
84
|
+
Authorization server base: https://drd.undoo.ru/api
|
|
85
|
+
Resource: https://drd.undoo.ru/api/mcp
|
|
86
|
+
OIDC configuration URL: https://drd.undoo.ru/.well-known/openid-configuration/api
|
|
87
|
+
```
|
|
88
|
+
|
|
89
|
+
The `/api` suffix in the root discovery URL is expected RFC 8414
|
|
90
|
+
path-insertion behavior for an issuer whose path is `/api`.
|
|
91
|
+
|
|
92
|
+
Do not give the host `MCP_HTTP_BEARER_TOKEN` or the magic token. The magic token
|
|
93
|
+
is entered only into the authorization page opened by the host. If a client ID
|
|
94
|
+
or client secret is configured in the host, it must match the gateway values.
|
|
95
|
+
|
|
96
|
+
TellyMCP tool names already use Claude-compatible letters, digits, and
|
|
97
|
+
underscores, and the tools publish output schemas.
|
|
98
|
+
|
|
99
|
+
## Verify before connecting
|
|
100
|
+
|
|
101
|
+
```bash
|
|
102
|
+
curl -fsS https://mcp.example.com/api/.well-known/oauth-protected-resource/mcp
|
|
103
|
+
curl -fsS https://mcp.example.com/api/.well-known/oauth-authorization-server
|
|
104
|
+
curl -fsS https://mcp.example.com/.well-known/oauth-authorization-server/api
|
|
105
|
+
curl -fsS https://mcp.example.com/api/.well-known/jwks.json
|
|
106
|
+
curl -i https://mcp.example.com/api/mcp
|
|
107
|
+
```
|
|
108
|
+
|
|
109
|
+
The last response must be `401` and include a `WWW-Authenticate` header whose
|
|
110
|
+
`resource_metadata` value points to the protected-resource metadata endpoint.
|
|
111
|
+
|
|
112
|
+
Access tokens are RS256 JWTs without `exp`, matching the trusted internal
|
|
113
|
+
connector model. Authorization codes remain short-lived, PKCE-bound, and
|
|
114
|
+
one-time-use. Failed magic-token attempts are rate-limited per source address.
|
|
115
|
+
|
|
116
|
+
## Diagnostics
|
|
117
|
+
|
|
118
|
+
OAuth discovery, authorization, token exchange, MCP `initialize`, and
|
|
119
|
+
`tools/list` milestones are logged at `info`. Rejections are logged at `warn`
|
|
120
|
+
without credentials, authorization codes, PKCE verifiers, or access tokens.
|
|
121
|
+
When OAuth is enabled, every HTTP request and completed response is also logged
|
|
122
|
+
with its normalized path, status, user agent, content types, MCP session id,
|
|
123
|
+
and whether an Authorization header was present. Header values and tokens are
|
|
124
|
+
never logged.
|
|
125
|
+
|
|
126
|
+
The production Nginx sample writes connector traffic to:
|
|
127
|
+
|
|
128
|
+
```text
|
|
129
|
+
/var/log/nginx/tellymcp.access.log
|
|
130
|
+
/var/log/nginx/tellymcp.error.log
|
|
131
|
+
```
|
|
132
|
+
|
|
133
|
+
If refresh stops after OAuth metadata and never logs an MCP `initialize`, first
|
|
134
|
+
verify that the host's `Connection` value ends in `/api/mcp`.
|
package/docs/STANDALONE-ru.md
CHANGED
|
@@ -24,7 +24,17 @@
|
|
|
24
24
|
## 1. Установка
|
|
25
25
|
|
|
26
26
|
```bash
|
|
27
|
-
|
|
27
|
+
sudo apt install -y python3 make g++
|
|
28
|
+
npm config set ignore-scripts false
|
|
29
|
+
npm install -g @deadragdoll/tellymcp --foreground-scripts
|
|
30
|
+
```
|
|
31
|
+
|
|
32
|
+
На Linux native addon `node-pty` собирается локально; для Linux ARM64 это
|
|
33
|
+
обязательно, потому что зависимость не поставляет подходящий готовый binary.
|
|
34
|
+
Если после предыдущей установки `pty.node` отсутствует, выполни:
|
|
35
|
+
|
|
36
|
+
```bash
|
|
37
|
+
npm rebuild -g @deadragdoll/tellymcp --foreground-scripts
|
|
28
38
|
```
|
|
29
39
|
|
|
30
40
|
Опционально:
|
|
@@ -64,7 +74,8 @@ DB_PASSWORD=
|
|
|
64
74
|
DB_NAME=
|
|
65
75
|
GATEWAY_PUBLIC_URL=https://your-domain.example/api/gateway
|
|
66
76
|
GATEWAY_WS_URL=wss://your-domain.example/api/gateway/ws
|
|
67
|
-
|
|
77
|
+
GATEWAY_SCOPE_TOKEN=change_me_scope_token
|
|
78
|
+
GATEWAY_AUTH_TOKEN=put_strong_shared_transport_token_here
|
|
68
79
|
ROOT_PREFIX=/api
|
|
69
80
|
PORT=8080
|
|
70
81
|
DISTRIBUTED_MODE=gateway
|
|
@@ -82,10 +93,19 @@ DISTRIBUTED_MODE=gateway
|
|
|
82
93
|
DISTRIBUTED_MODE=client
|
|
83
94
|
GATEWAY_PUBLIC_URL=https://your-domain.example/api/gateway
|
|
84
95
|
GATEWAY_WS_URL=wss://your-domain.example/api/gateway/ws
|
|
85
|
-
|
|
96
|
+
GATEWAY_SCOPE_TOKEN=change_me_scope_token
|
|
97
|
+
GATEWAY_AUTH_TOKEN=put_strong_shared_transport_token_here
|
|
86
98
|
GATEWAY_USER_UUID=put_owner_uuid_here
|
|
87
99
|
```
|
|
88
100
|
|
|
101
|
+
На машине agent/client Redis не нужен. Временное runtime-состояние хранится
|
|
102
|
+
локально, а стабильный gateway client UUID — в `.mcpsession.json`.
|
|
103
|
+
|
|
104
|
+
Используйте один и тот же стойкий `GATEWAY_AUTH_TOKEN` на gateway и всех клиентах.
|
|
105
|
+
Не смешивайте его с `GATEWAY_SCOPE_TOKEN`: последний разделяет данные gateway по scope,
|
|
106
|
+
но не аутентифицирует HTTP- или WebSocket-транспорт. Сгенерируйте токен один раз,
|
|
107
|
+
например командой `openssl rand -hex 32`, и не используйте пример значения выше.
|
|
108
|
+
|
|
89
109
|
Для первого запуска также желательно задать:
|
|
90
110
|
|
|
91
111
|
```env
|
|
@@ -164,9 +184,15 @@ TELEGRAM_WEBHOOK_SECRET=change_me_webhook_secret
|
|
|
164
184
|
|
|
165
185
|
- `/api/telegram/webhook`
|
|
166
186
|
- `/api/gateway`
|
|
187
|
+
- `/api/files` для короткоживущих upload/download запросов `get_file(type="url")`
|
|
167
188
|
- `/api/webapp`
|
|
168
189
|
- `/api/healthz`
|
|
169
190
|
|
|
191
|
+
Отдельный `location ^~ /api/files/` рекомендуется, хотя для самой маршрутизации
|
|
192
|
+
он не обязателен. В нём следует отключить access log, потому что путь содержит
|
|
193
|
+
токен, задать `client_max_body_size 32m` и отключить buffering запросов и
|
|
194
|
+
ответов. Канонический блок приведён в `nginx/tellymcp.gw.conf`.
|
|
195
|
+
|
|
170
196
|
## 8. MCP
|
|
171
197
|
|
|
172
198
|
Локальный client-mode MCP endpoint:
|
|
@@ -179,10 +205,22 @@ http://127.0.0.1:8787/mcp
|
|
|
179
205
|
|
|
180
206
|
## 9. Проверки
|
|
181
207
|
|
|
208
|
+
Настройка dotenv через локальный web-конфигуратор:
|
|
209
|
+
|
|
210
|
+
```bash
|
|
211
|
+
tellymcp configure
|
|
212
|
+
```
|
|
213
|
+
|
|
182
214
|
```bash
|
|
183
215
|
tellymcp doctor --env .env
|
|
184
216
|
```
|
|
185
217
|
|
|
218
|
+
Перед запуском старый env можно нормализовать командой:
|
|
219
|
+
|
|
220
|
+
```bash
|
|
221
|
+
tellymcp migrate-env ./old.env > ./.migrated-env
|
|
222
|
+
```
|
|
223
|
+
|
|
186
224
|
Разрушительная очистка:
|
|
187
225
|
|
|
188
226
|
```bash
|
package/docs/STANDALONE.md
CHANGED
|
@@ -24,7 +24,17 @@ The recommended topology is:
|
|
|
24
24
|
## 1. Install
|
|
25
25
|
|
|
26
26
|
```bash
|
|
27
|
-
|
|
27
|
+
sudo apt install -y python3 make g++
|
|
28
|
+
npm config set ignore-scripts false
|
|
29
|
+
npm install -g @deadragdoll/tellymcp --foreground-scripts
|
|
30
|
+
```
|
|
31
|
+
|
|
32
|
+
Linux installs compile the native `node-pty` addon locally; this is required on
|
|
33
|
+
Linux ARM64 because the dependency does not ship a matching prebuilt binary.
|
|
34
|
+
If `pty.node` is missing after an earlier install, run:
|
|
35
|
+
|
|
36
|
+
```bash
|
|
37
|
+
npm rebuild -g @deadragdoll/tellymcp --foreground-scripts
|
|
28
38
|
```
|
|
29
39
|
|
|
30
40
|
Optional:
|
|
@@ -64,7 +74,8 @@ DB_PASSWORD=
|
|
|
64
74
|
DB_NAME=
|
|
65
75
|
GATEWAY_PUBLIC_URL=https://your-domain.example/api/gateway
|
|
66
76
|
GATEWAY_WS_URL=wss://your-domain.example/api/gateway/ws
|
|
67
|
-
|
|
77
|
+
GATEWAY_SCOPE_TOKEN=change_me_scope_token
|
|
78
|
+
GATEWAY_AUTH_TOKEN=put_strong_shared_transport_token_here
|
|
68
79
|
ROOT_PREFIX=/api
|
|
69
80
|
PORT=8080
|
|
70
81
|
DISTRIBUTED_MODE=gateway
|
|
@@ -82,10 +93,19 @@ Minimum client settings:
|
|
|
82
93
|
DISTRIBUTED_MODE=client
|
|
83
94
|
GATEWAY_PUBLIC_URL=https://your-domain.example/api/gateway
|
|
84
95
|
GATEWAY_WS_URL=wss://your-domain.example/api/gateway/ws
|
|
85
|
-
|
|
96
|
+
GATEWAY_SCOPE_TOKEN=change_me_scope_token
|
|
97
|
+
GATEWAY_AUTH_TOKEN=put_strong_shared_transport_token_here
|
|
86
98
|
GATEWAY_USER_UUID=put_owner_uuid_here
|
|
87
99
|
```
|
|
88
100
|
|
|
101
|
+
The agent/client machine does not need Redis. Its transient runtime state is
|
|
102
|
+
local, while the stable gateway client UUID is stored in `.mcpsession.json`.
|
|
103
|
+
|
|
104
|
+
Use the same strong `GATEWAY_AUTH_TOKEN` on the gateway and every client. Keep it
|
|
105
|
+
separate from `GATEWAY_SCOPE_TOKEN`, which scopes gateway data but does not authenticate
|
|
106
|
+
the HTTP or WebSocket transport. Generate it once, for example with
|
|
107
|
+
`openssl rand -hex 32`, and do not use the illustrative value above.
|
|
108
|
+
|
|
89
109
|
For the first run, also set:
|
|
90
110
|
|
|
91
111
|
```env
|
|
@@ -164,9 +184,15 @@ If nginx already proxies `location /api/ { ... }` to the standalone listener, th
|
|
|
164
184
|
|
|
165
185
|
- `/api/telegram/webhook`
|
|
166
186
|
- `/api/gateway`
|
|
187
|
+
- `/api/files` for short-lived `get_file(type="url")` uploads and downloads
|
|
167
188
|
- `/api/webapp`
|
|
168
189
|
- `/api/healthz`
|
|
169
190
|
|
|
191
|
+
A dedicated `location ^~ /api/files/` is recommended, though not required for
|
|
192
|
+
routing. It should disable access logs because the path contains a token, set
|
|
193
|
+
`client_max_body_size 32m`, and disable proxy request/response buffering. See
|
|
194
|
+
`nginx/tellymcp.gw.conf` for the canonical block.
|
|
195
|
+
|
|
170
196
|
## 8. MCP
|
|
171
197
|
|
|
172
198
|
Local client-mode MCP:
|
|
@@ -179,10 +205,22 @@ Use the MCP HTTP endpoint exposed by `tellymcp run`.
|
|
|
179
205
|
|
|
180
206
|
## 9. Health Checks
|
|
181
207
|
|
|
208
|
+
Guided dotenv setup:
|
|
209
|
+
|
|
210
|
+
```bash
|
|
211
|
+
tellymcp configure
|
|
212
|
+
```
|
|
213
|
+
|
|
182
214
|
```bash
|
|
183
215
|
tellymcp doctor --env .env
|
|
184
216
|
```
|
|
185
217
|
|
|
218
|
+
Normalize a legacy env before startup:
|
|
219
|
+
|
|
220
|
+
```bash
|
|
221
|
+
tellymcp migrate-env ./old.env > ./.migrated-env
|
|
222
|
+
```
|
|
223
|
+
|
|
186
224
|
Destructive cleanup:
|
|
187
225
|
|
|
188
226
|
```bash
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@deadragdoll/tellymcp",
|
|
3
|
-
"version": "0.0.
|
|
3
|
+
"version": "0.0.15",
|
|
4
4
|
"description": "TellyMCP - Telegram control plane for MCP-connected coding agents",
|
|
5
5
|
"main": "dist/services/features/telegram-mcp/runtime.service.js",
|
|
6
6
|
"bin": {
|
|
@@ -17,6 +17,7 @@
|
|
|
17
17
|
"README-ru.md",
|
|
18
18
|
"docs/STANDALONE.md",
|
|
19
19
|
"docs/STANDALONE-ru.md",
|
|
20
|
+
"docs/CHAT_CONNECTOR.md",
|
|
20
21
|
"VERSION.md",
|
|
21
22
|
"CHANGELOG.md",
|
|
22
23
|
"TOOLS.md",
|
|
@@ -76,7 +77,8 @@
|
|
|
76
77
|
"dependencies": {
|
|
77
78
|
"@grammyjs/menu": "^1.3.1",
|
|
78
79
|
"@grammyjs/storage-redis": "^2.5.1",
|
|
79
|
-
"@modelcontextprotocol/sdk": "^1.
|
|
80
|
+
"@modelcontextprotocol/sdk": "^1.29.0",
|
|
81
|
+
"@xterm/addon-fit": "0.10.0",
|
|
80
82
|
"@xterm/headless": "5.5.0",
|
|
81
83
|
"@xterm/xterm": "5.5.0",
|
|
82
84
|
"amqplib": "0.10.9",
|
|
@@ -96,7 +98,7 @@
|
|
|
96
98
|
"pino-pretty": "^13.1.3",
|
|
97
99
|
"playwright": "^1.60.0",
|
|
98
100
|
"socks-proxy-agent": "^8.0.5",
|
|
99
|
-
"ws": "8.
|
|
101
|
+
"ws": "8.21.0",
|
|
100
102
|
"zod": "4.4.3"
|
|
101
103
|
},
|
|
102
104
|
"devDependencies": {
|