@elliotding/ai-agent-mcp 0.1.1 → 0.1.3

package/src/api/client.ts

@@ -23,11 +23,21 @@ class APIClient {
       },
     });
 
-    // Request interceptor for authentication and logging
+    // Request interceptor for authentication and logging.
+    // Every request MUST carry a per-request Authorization header supplied by
+    // the caller via authConfig(userToken). If none is present the request is
+    // rejected immediately with a clear error so the caller knows they must
+    // configure their token in mcp.json under env.CSP_API_TOKEN.
     this.client.interceptors.request.use(
       (requestConfig) => {
-        if (config.csp.apiToken) {
-          requestConfig.headers.Authorization = `Bearer ${config.csp.apiToken}`;
+        if (!requestConfig.headers.Authorization) {
+          return Promise.reject(
+            new Error(
+              'CSP_API_TOKEN is not configured. ' +
+              'Please add your personal CSP token to your mcp.json under ' +
+              'mcpServers["csp-ai-agent"].env.CSP_API_TOKEN and restart Cursor.'
+            )
+          );
         }
         
         // Enhanced request logging
@@ -115,6 +125,27 @@ class APIClient {
     );
   }
 
+  /**
+   * Build an AxiosRequestConfig that carries a per-request user token.
+   * Pass the result as the `config` argument to get/post/put/delete or merge it
+   * into any existing request config so that the caller's token overrides the
+   * server-level fallback set in the interceptor.
+   *
+   * Usage:
+   *   await apiClient.get('/some/path', apiClient.authConfig(userToken));
+   *   await apiClient.post('/some/path', body, apiClient.authConfig(userToken));
+   */
+  authConfig(token: string | undefined, extra?: AxiosRequestConfig): AxiosRequestConfig {
+    if (!token) return extra ?? {};
+    return {
+      ...extra,
+      headers: {
+        ...(extra?.headers ?? {}),
+        Authorization: `Bearer ${token}`,
+      },
+    };
+  }
+
   /**
    * Sanitize headers to hide sensitive information
    */
@@ -241,12 +272,19 @@ class APIClient {
 
   /**
    * Get subscription list
+   *
+   * @param params   Query parameters for filtering subscriptions.
+   * @param userToken Per-request token from the caller's mcp.json configuration.
+   *                  When provided it overrides the server-level fallback token.
    */
-  async getSubscriptions(params?: {
-    scope?: 'general' | 'team' | 'user' | 'all';
-    types?: string[];
-    detail?: boolean;  // Added: include detailed metadata
-  }): Promise<{
+  async getSubscriptions(
+    params?: {
+      scope?: 'general' | 'team' | 'user' | 'all';
+      types?: string[];
+      detail?: boolean;
+    },
+    userToken?: string
+  ): Promise<{
     total: number;
     subscriptions: Array<{
       id: string;
@@ -281,27 +319,29 @@ class APIClient {
           };
         }>;
       };
-    }>('/csp/api/resources/subscriptions', { params });
-    
-    // Extract data from CSP API response format
+    }>('/csp/api/resources/subscriptions', this.authConfig(userToken, { params }));
+
     if (!response.data) {
       throw new Error('Invalid API response: missing data field');
     }
-    
+
     return response.data;
   }
 
   /**
    * Subscribe to resource
+   *
+   * @param userToken Per-request token from the caller's mcp.json configuration.
    */
   async subscribe(
-    resourceIds: string[], 
+    resourceIds: string[],
     autoSync = true,
-    scope?: 'general' | 'team' | 'user'  // Added: subscription scope
+    scope?: 'general' | 'team' | 'user',
+    userToken?: string
   ): Promise<{
     success: boolean;
-    subscriptions: Array<{ 
-      id: string; 
+    subscriptions: Array<{
+      id: string;
       name: string;
       type: string;
       subscribed_at: string;
@@ -312,44 +352,39 @@ class APIClient {
       result: string;
       data: {
         success?: boolean;
-        subscriptions: Array<{ 
-          id: string; 
+        subscriptions: Array<{
+          id: string;
           name: string;
           type: string;
           subscribed_at: string;
         }>;
       };
-    }>('/csp/api/resources/subscriptions/add', {
-      resource_ids: resourceIds,
-      auto_sync: autoSync,
-      scope,
-    });
-    
+    }>(
+      '/csp/api/resources/subscriptions/add',
+      { resource_ids: resourceIds, auto_sync: autoSync, scope },
+      this.authConfig(userToken)
+    );
+
     if (!response.data) {
       throw new Error('Invalid API response: missing data field');
     }
-    
-    return {
-      success: true,
-      subscriptions: response.data.subscriptions
-    };
+
+    return { success: true, subscriptions: response.data.subscriptions };
   }
 
   /**
    * Unsubscribe from resource
+   *
+   * @param userToken Per-request token from the caller's mcp.json configuration.
    */
-  async unsubscribe(resourceIds: string | string[]): Promise<void> {
-    // Support batch unsubscribe
+  async unsubscribe(resourceIds: string | string[], userToken?: string): Promise<void> {
     const ids = Array.isArray(resourceIds) ? resourceIds : [resourceIds];
     const response = await this.delete<{
       code: number;
       result: string;
       data: { removed_count: number };
-    }>('/csp/api/resources/subscriptions/remove', {
-      data: { resource_ids: ids }
-    });
-    
-    // Just validate response, no need to return anything
+    }>('/csp/api/resources/subscriptions/remove', this.authConfig(userToken, { data: { resource_ids: ids } }));
+
     if (!response.data) {
       throw new Error('Invalid API response: missing data field');
     }
@@ -357,15 +392,20 @@ class APIClient {
 
   /**
    * Search resources
+   *
+   * @param userToken Per-request token from the caller's mcp.json configuration.
    */
-  async searchResources(params: {
-    keyword: string;
-    team?: string;
-    type?: string;
-    detail?: boolean;      // Added: include detailed metadata
-    page?: number;         // Added: pagination
-    page_size?: number;    // Added: page size
-  }): Promise<{
+  async searchResources(
+    params: {
+      keyword: string;
+      team?: string;
+      type?: string;
+      detail?: boolean;
+      page?: number;
+      page_size?: number;
+    },
+    userToken?: string
+  ): Promise<{
     total: number;
     page?: number;
     page_size?: number;
@@ -415,22 +455,21 @@ class APIClient {
           };
         }>;
       };
-    }>('/csp/api/resources/search', { params });
-    
-    // Extract data from CSP API response format
+    }>('/csp/api/resources/search', this.authConfig(userToken, { params }));
+
     if (!response.data) {
       throw new Error('Invalid API response: missing data field');
     }
-    
+
     return {
       total: response.data.total,
       page: response.data.page,
       page_size: response.data.page_size,
-      results: response.data.results.map(r => ({
+      results: response.data.results.map((r) => ({
         ...r,
         score: r.score || 0,
-        is_subscribed: r.is_subscribed || false
-      }))
+        is_subscribed: r.is_subscribed || false,
+      })),
     };
   }
 
@@ -443,8 +482,13 @@ class APIClient {
    * files[].path is the relative path within the resource directory.
    * Single-file resources (command, rule) have exactly one element.
    * Multi-file resources (skill, mcp) have all their files included.
+   *
+   * @param userToken Per-request token from the caller's mcp.json configuration.
    */
-  async downloadResource(resourceId: string): Promise<{
+  async downloadResource(
+    resourceId: string,
+    userToken?: string
+  ): Promise<{
     resource_id: string;
     name: string;
     type: string;
@@ -463,14 +507,19 @@ class APIClient {
         hash: string;
         files: Array<{ path: string; content: string }>;
       };
-    }>(`/csp/api/resources/download/${resourceId}`);
+    }>(`/csp/api/resources/download/${resourceId}`, this.authConfig(userToken));
     return response.data;
   }
 
   /**
    * Get resource detail
+   *
+   * @param userToken Per-request token from the caller's mcp.json configuration.
    */
-  async getResourceDetail(resourceId: string): Promise<{
+  async getResourceDetail(
+    resourceId: string,
+    userToken?: string
+  ): Promise<{
     id: string;
     name: string;
     type: string;
@@ -489,7 +538,7 @@ class APIClient {
     };
     download_url: string;
   }> {
-    return this.get(`/csp/api/resources/${resourceId}`);
+    return this.get(`/csp/api/resources/${resourceId}`, this.authConfig(userToken));
   }
 
   /**
@@ -501,22 +550,29 @@ class APIClient {
    *
    * The server validates path traversal, total size (< 10 MB), and name conflicts.
    * All file types are supported — mcp packages may include .py, .js, package.json, etc.
+   *
+   * @param userToken Per-request token from the caller's mcp.json configuration.
    */
-  async uploadResourceFiles(params: {
-    type: string;
-    name: string;
-    files: Array<{ path: string; content: string }>;
-    target_source?: string;
-    force?: boolean;
-  }): Promise<{
+  async uploadResourceFiles(
+    params: {
+      type: string;
+      name: string;
+      files: Array<{ path: string; content: string }>;
+      target_source?: string;
+      force?: boolean;
+    },
+    userToken?: string
+  ): Promise<{
     upload_id: string;
     status: string;
     expires_at: string;
     preview_url?: string;
   }> {
-    const resp = await this.post<{ code: number; result: string; data: { upload_id: string; status: string; expires_at: string; preview_url?: string } }>(
-      '/csp/api/resources/upload', params
-    );
+    const resp = await this.post<{
+      code: number;
+      result: string;
+      data: { upload_id: string; status: string; expires_at: string; preview_url?: string };
+    }>('/csp/api/resources/upload', params, this.authConfig(userToken));
     return resp.data;
   }
 
@@ -526,19 +582,34 @@ class APIClient {
    * POST /csp/api/resources/finalize
    * Body: { upload_id, commit_message }
    * Response: { resource_id, version, url, commit_hash, download_url }
+   *
+   * @param userToken Per-request token from the caller's mcp.json configuration.
    */
-  async finalizeResourceUpload(uploadId: string, commitMessage: string): Promise<{
+  async finalizeResourceUpload(
+    uploadId: string,
+    commitMessage: string,
+    userToken?: string
+  ): Promise<{
     resource_id: string;
     version?: string;
     url?: string;
     commit_hash?: string;
     download_url?: string;
   }> {
-    const resp = await this.post<{ code: number; result: string; data: { resource_id: string; version?: string; url?: string; commit_hash?: string; download_url?: string } }>(
-      '/csp/api/resources/finalize', {
-        upload_id: uploadId,
-        commit_message: commitMessage,
-      }
+    const resp = await this.post<{
+      code: number;
+      result: string;
+      data: {
+        resource_id: string;
+        version?: string;
+        url?: string;
+        commit_hash?: string;
+        download_url?: string;
+      };
+    }>(
+      '/csp/api/resources/finalize',
+      { upload_id: uploadId, commit_message: commitMessage },
+      this.authConfig(userToken)
     );
     return resp.data;
   }

package/src/tools/manage-subscription.ts

@@ -37,7 +37,9 @@ export async function manageSubscription(params: unknown): Promise<ToolResult<Ma
         // Subscribe to resources
         const subResult = await apiClient.subscribe(
           typedParams.resource_ids,
-          typedParams.auto_sync
+          typedParams.auto_sync,
+          undefined,
+          typedParams.user_token
         );
 
         logger.info({ count: subResult.subscriptions.length }, 'Resources subscribed successfully');
@@ -50,7 +52,11 @@ export async function manageSubscription(params: unknown): Promise<ToolResult<Ma
 
         if (shouldAutoSync && subResult.subscriptions.length > 0) {
           logger.info({ resourceIds: typedParams.resource_ids }, 'Auto-syncing newly subscribed resources...');
-          const syncResult = await syncResources({ mode: 'incremental', scope: typedParams.scope || 'global' });
+          const syncResult = await syncResources({
+            mode: 'incremental',
+            scope: typedParams.scope || 'global',
+            user_token: typedParams.user_token,
+          });
           if (syncResult.success && syncResult.data) {
             const sd = syncResult.data;
             syncSummary = `Auto-sync: ${sd.summary.synced} synced, ${sd.summary.cached} cached, ${sd.summary.failed} failed`;
@@ -97,7 +103,7 @@ export async function manageSubscription(params: unknown): Promise<ToolResult<Ma
         logger.debug({ resourceIds: typedParams.resource_ids }, 'Unsubscribing from resources...');
 
         // Cancel server-side subscription
-        await apiClient.unsubscribe(typedParams.resource_ids);
+        await apiClient.unsubscribe(typedParams.resource_ids, typedParams.user_token);
         logger.info({ count: typedParams.resource_ids.length }, 'Server-side subscriptions removed');
 
         // Uninstall local files and MCP config for each resource
@@ -156,7 +162,7 @@ export async function manageSubscription(params: unknown): Promise<ToolResult<Ma
         logger.debug({ scope: typedParams.scope || 'all' }, 'Listing subscriptions...');
 
         // Get subscriptions list
-        const subs = await apiClient.getSubscriptions({});
+        const subs = await apiClient.getSubscriptions({}, typedParams.user_token);
 
         result = {
           action: 'list',
@@ -188,7 +194,9 @@ export async function manageSubscription(params: unknown): Promise<ToolResult<Ma
 
         const batchSubResult = await apiClient.subscribe(
           typedParams.resource_ids,
-          typedParams.auto_sync
+          typedParams.auto_sync,
+          undefined,
+          typedParams.user_token
         );
 
         logger.info({ count: batchSubResult.subscriptions.length }, 'Batch subscription completed');
@@ -201,7 +209,11 @@ export async function manageSubscription(params: unknown): Promise<ToolResult<Ma
 
         if (shouldBatchAutoSync && batchSubResult.subscriptions.length > 0) {
           logger.info({ count: batchSubResult.subscriptions.length }, 'Auto-syncing batch subscribed resources...');
-          const batchSyncResult = await syncResources({ mode: 'incremental', scope: typedParams.scope || 'global' });
+          const batchSyncResult = await syncResources({
+            mode: 'incremental',
+            scope: typedParams.scope || 'global',
+            user_token: typedParams.user_token,
+          });
           if (batchSyncResult.success && batchSyncResult.data) {
             const sd = batchSyncResult.data;
             batchSyncSummary = `Auto-sync: ${sd.summary.synced} synced, ${sd.summary.cached} cached, ${sd.summary.failed} failed`;
@@ -325,6 +337,13 @@ export const manageSubscriptionTool = {
         description: 'Enable update notifications',
         default: true,
       },
+      user_token: {
+        type: 'string',
+        description:
+          'CSP API token for the current user. Read this from the CSP_API_TOKEN environment ' +
+          'variable configured in the user\'s mcp.json. When provided, this token is used ' +
+          'for all CSP API calls in this request instead of the server-level fallback token.',
+      },
     },
     required: ['action'],
   },

package/src/tools/search-resources.ts

@@ -84,11 +84,14 @@ export async function searchResources(params: unknown): Promise<ToolResult<Searc
     // Search via API
     logger.debug({ team: typedParams.team, type: typedParams.type, keyword: typedParams.keyword }, 'Searching resources...');
     
-    const searchResults = await apiClient.searchResources({
-      team: typedParams.team,
-      type: typedParams.type,
-      keyword: typedParams.keyword,
-    });
+    const searchResults = await apiClient.searchResources(
+      {
+        team: typedParams.team,
+        type: typedParams.type,
+        keyword: typedParams.keyword,
+      },
+      typedParams.user_token
+    );
 
     // Check subscription and installation status for each result
     const enhancedResults = await Promise.all(
@@ -170,6 +173,13 @@ export const searchResourcesTool = {
         type: 'string',
         description: 'Search keyword (searches in name, description, tags)',
       },
+      user_token: {
+        type: 'string',
+        description:
+          'CSP API token for the current user. Read this from the CSP_API_TOKEN environment ' +
+          'variable configured in the user\'s mcp.json. When provided, this token is used ' +
+          'for all CSP API calls in this request instead of the server-level fallback token.',
+      },
     },
     required: ['keyword'],
   },

package/src/tools/sync-resources.ts

@@ -303,9 +303,10 @@ export async function syncResources(params: unknown): Promise<ToolResult<SyncRes
   logToolStep('sync_resources', 'Tool invocation started', { params: typedParams });
 
   try {
-    const mode  = typedParams.mode  || 'incremental';
-    const scope = typedParams.scope || 'global';
-    const types = typedParams.types;
+    const mode      = typedParams.mode  || 'incremental';
+    const scope     = typedParams.scope || 'global';
+    const types     = typedParams.types;
+    const userToken = typedParams.user_token;
 
     logToolStep('sync_resources', 'Parameters validated', { mode, scope, types });
 
@@ -313,7 +314,7 @@ export async function syncResources(params: unknown): Promise<ToolResult<SyncRes
     logToolStep('sync_resources', 'Step 1: Fetching subscriptions from API', { scope, types });
     const t1 = Date.now();
 
-    const subscriptions = await apiClient.getSubscriptions({ types });
+    const subscriptions = await apiClient.getSubscriptions({ types }, userToken);
 
     logToolStep('sync_resources', 'Subscriptions fetched', {
       total: subscriptions.total,
@@ -405,7 +406,7 @@ export async function syncResources(params: unknown): Promise<ToolResult<SyncRes
           resourceType: sub.type,
         });
         const tDl = Date.now();
-        const downloadResult = await apiClient.downloadResource(sub.id);
+        const downloadResult = await apiClient.downloadResource(sub.id, userToken);
         logToolStep('sync_resources', 'Download complete', {
           resourceId: sub.id,
           fileCount: downloadResult.files.length,
@@ -656,6 +657,13 @@ export const syncResourcesTool = {
         type: 'array',
         description: 'Filter by resource types (empty = all types)',
       },
+      user_token: {
+        type: 'string',
+        description:
+          'CSP API token for the current user. Read this from the CSP_API_TOKEN environment ' +
+          'variable configured in the user\'s mcp.json. When provided, this token is used ' +
+          'for all CSP API calls in this request instead of the server-level fallback token.',
+      },
     },
   },
   handler: syncResources,