@enfyra/mcp-server 0.0.54 → 0.0.55
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +2 -0
- package/package.json +1 -1
- package/src/lib/fetch.js +1 -1
- package/src/lib/mcp-instructions.js +1 -1
package/README.md
CHANGED
|
@@ -182,6 +182,8 @@ Use this block in any host-specific `mcp.json` / `mcpServers` merge (adjust env
|
|
|
182
182
|
| `ENFYRA_API_URL` | Base for REST + GraphQL + auth through the Nuxt/app proxy | `http://localhost:3000/api` |
|
|
183
183
|
| `ENFYRA_API_TOKEN` | Programmatic token from eApp `/me`. MCP exchanges it through `/auth/token/exchange` for an access token. | — |
|
|
184
184
|
|
|
185
|
+
`ENFYRA_API_TOKEN` is a long-lived programmatic token, not a JWT. MCP must never send it directly as `Authorization: Bearer <token>` to REST tools. The MCP client first calls `POST {ENFYRA_API_URL}/auth/token/exchange` with `{ "apiToken": ENFYRA_API_TOKEN }`, caches the returned `accessToken`, and uses that JWT as the Bearer token for subsequent requests.
|
|
186
|
+
|
|
185
187
|
### `ENFYRA_API_URL` — use the app proxy
|
|
186
188
|
|
|
187
189
|
For normal apps and demos, set `ENFYRA_API_URL` to the Nuxt/app proxy:
|
package/package.json
CHANGED
package/src/lib/fetch.js
CHANGED
|
@@ -17,7 +17,7 @@ const FETCH_TIMEOUT = 30000; // 30 seconds
|
|
|
17
17
|
*/
|
|
18
18
|
export async function fetchAPI(apiUrl, path, options = {}) {
|
|
19
19
|
const url = `${apiUrl}${path}`;
|
|
20
|
-
const token = await getValidToken();
|
|
20
|
+
const token = await getValidToken(apiUrl);
|
|
21
21
|
|
|
22
22
|
const headersList = [
|
|
23
23
|
['Content-Type', 'application/json'],
|
|
@@ -66,7 +66,7 @@ export function buildMcpServerInstructions(apiBaseUrl) {
|
|
|
66
66
|
'- OAuth starts on the same proxy prefix, e.g. **`GET /enfyra/auth/{provider}?redirect=<absoluteReturnUrl>&cookieBridgePrefix=/enfyra`**. `redirect` must be an absolute `http(s)` URL with the app origin. `cookieBridgePrefix` is the third app proxy prefix that forwards to the Enfyra API; Enfyra normalizes it, so `enfyra`, `/enfyra`, and `/enfyra/` all mean `/enfyra`. Use token-query callback handling only when the app intentionally manages tokens itself.',
|
|
67
67
|
'- Socket.IO uses the app bridge too. Browser clients should connect to the gateway namespace with the Socket.IO transport path on the app origin, e.g. `io("/chat", { path: "/socket.io", withCredentials: true })`, while Nuxt proxies `/socket.io/**` to the Enfyra app bridge `/ws/socket.io/**`. Do not connect browser code directly to the hidden backend Socket.IO endpoint.',
|
|
68
68
|
'- If a project explicitly standardizes on `/api/**` instead of `/enfyra/**`, keep the same Cloud-style behavior under that prefix: proxy to the Enfyra API and avoid generated cookie-management routes unless the user asks for a custom auth boundary.',
|
|
69
|
-
'- If you are explaining MCP\'s own internal authentication, that is separate: this MCP server exchanges `ENFYRA_API_TOKEN` against `{ENFYRA_API_URL}/auth/token/exchange
|
|
69
|
+
'- If you are explaining MCP\'s own internal authentication, that is separate: this MCP server exchanges `ENFYRA_API_TOKEN` against `{ENFYRA_API_URL}/auth/token/exchange` before authenticated tool calls. The raw `efy_pat_*` token is never a Bearer token. For normal app work, `ENFYRA_API_URL` must still be the app proxy base such as `{{ nuxtApp }}/api`.',
|
|
70
70
|
'',
|
|
71
71
|
'### Routes vs tables (custom endpoints, handlers, hooks)',
|
|
72
72
|
'- REST-first workflow for any feature: **`inspect_feature`** to locate candidates → **`inspect_table`** for table/field/relation/rule context → **`inspect_route`** for handlers/hooks/guards/permissions → **`test_rest_endpoint`** to verify the actual HTTP behavior.',
|