@enfyra/mcp-server 0.0.78 → 0.0.80

package/README.md

@@ -219,6 +219,16 @@ When an LLM builds a Nuxt, Next, or other SSR frontend for Enfyra, follow the sa
 - Socket.IO browser clients use a same-origin bridge too. Connect to the namespace, e.g. `io("/chat", { path: "/socket.io", withCredentials: true })`, and proxy `/socket.io/**` to the Enfyra app bridge `/ws/socket.io/**`. The backend gateway metadata path remains `/chat`.
 - Use token-query OAuth callback pages only for non-SSR/manual-token apps.
 
+### OAuth provider setup checklist
+
+OAuth provider setup has three distinct URLs:
+
+- Provider callback URL: Enfyra handles this at `{ENFYRA_API_URL}/auth/{provider}/callback`. If the app proxy base is `http://localhost:3000/api`, the Google callback URL is `http://localhost:3000/api/auth/google/callback`.
+- Enfyra OAuth config: `oauth_config_definition.redirectUri` must exactly match the provider callback URL registered in Google, Facebook, or GitHub. The same row stores the provider client id/secret and enabled state.
+- App return URL: the frontend sends this as the `redirect` query when starting OAuth, for example `/enfyra/auth/google?redirect=https%3A%2F%2Fapp.example.com%2Fchat&cookieBridgePrefix=/enfyra`.
+
+Do not confuse `redirectUri` with `redirect`. `redirectUri` is the provider-to-Enfyra callback. `redirect` is where Enfyra sends the browser after cookies are set. `appCallbackUrl` is only for manual-token apps that intentionally read token query parameters instead of using proxy-owned cookies.
+
 ---
 
 ## Tools (summary)

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@enfyra/mcp-server",
-  "version": "0.0.78",
+  "version": "0.0.80",
   "description": "MCP server for Enfyra - manage your Enfyra instance via Claude Code",
   "type": "module",
   "license": "MIT",

package/src/lib/mcp-examples.js

@@ -153,6 +153,26 @@ onUnmounted(() => {
           'Disconnect the singleton socket when the current user/session clears.',
         ],
       },
+      {
+        name: 'OAuth provider setup values',
+        code: `// Enfyra OAuth config row, stored in oauth_config_definition.
+{
+  "provider": "google",
+  "clientId": "<google-client-id>",
+  "clientSecret": "<google-client-secret>",
+  "redirectUri": "http://localhost:3000/api/auth/google/callback",
+  "isEnabled": true
+}
+
+// Google Cloud Console -> Authorized redirect URIs:
+// http://localhost:3000/api/auth/google/callback`,
+        notes: [
+          'redirectUri is the Enfyra callback URL: {ENFYRA_API_URL}/auth/google/callback.',
+          'The provider console callback URL and oauth_config_definition.redirectUri must match exactly.',
+          'This callback URL is not the app return page; the app return page is sent as the redirect query when starting OAuth.',
+          'Use appCallbackUrl only for manual-token apps that intentionally read token query parameters.',
+        ],
+      },
       {
         name: 'Google OAuth button',
         code: `const redirect = new URL("/chat", window.location.origin)
@@ -164,6 +184,7 @@ window.location.href = url.toString()`,
           'redirect must be absolute and must include the app origin.',
           'cookieBridgePrefix is the app proxy prefix that forwards to Enfyra API routes.',
           'Enfyra redirects through {redirect.origin}{cookieBridgePrefix}/auth/set-cookies before returning to redirect.',
+          'After returning, call /enfyra/me to load the authenticated user; do not parse tokens from the URL in proxy-cookie mode.',
         ],
       },
     ],

package/src/mcp-server-entry.mjs

@@ -513,6 +513,8 @@ function scriptRecordLabel(tableName, record) {
   const method = record.method?.name || record.method?.method || null;
   const route = record.route?.path || null;
   const flow = record.flow?.name || null;
+  const gateway = record.gateway?.path || null;
+  const gqlTable = record.table?.name || null;
   return {
     tableName,
     id: getId(record),
@@ -520,9 +522,26 @@ function scriptRecordLabel(tableName, record) {
     route,
     method,
     flow,
+    gateway,
+    gqlTable,
   };
 }
 
+function scriptTraceFields(tableName) {
+  const common = 'id,_id,name,key,eventName,sourceCode,handlerScript,connectionHandlerScript,code,scriptLanguage';
+  const byTable = {
+    route_handler_definition: `${common},route.id,route.path,method.id,method.name`,
+    pre_hook_definition: `${common},route.id,route.path,methods.id,methods.name,isGlobal`,
+    post_hook_definition: `${common},route.id,route.path,methods.id,methods.name,isGlobal`,
+    flow_step_definition: `${common},flow.id,flow.name`,
+    websocket_event_definition: `${common},gateway.id,gateway.path`,
+    websocket_definition: `${common},path`,
+    gql_definition: `${common},table.id,table.name`,
+    bootstrap_script_definition: common,
+  };
+  return byTable[tableName] || '*';
+}
+
 async function findMethodRecordByName(method) {
   const filter = encodeURIComponent(JSON.stringify({ name: { _eq: method } }));
   const result = await fetchAPI(ENFYRA_API_URL, `/method_definition?filter=${filter}&limit=1&fields=id,_id,name,buttonColor,textColor,isSystem`);
@@ -1874,7 +1893,11 @@ server.tool(
     const sourceContains = (record) => getRecordSource(record).sourceCode.toLowerCase().includes(lower);
 
     const scriptTableResults = await Promise.all(SCRIPT_BACKED_TABLES.map(async (tableName) => {
-      const result = await fetchAPI(ENFYRA_API_URL, `/${tableName}?limit=1000&fields=*`).catch((error) => ({ error }));
+      const fields = scriptTraceFields(tableName);
+      let result = await fetchAPI(ENFYRA_API_URL, `/${tableName}?limit=1000&fields=${encodeURIComponent(fields)}`).catch((error) => ({ error }));
+      if (result?.error && fields !== '*') {
+        result = await fetchAPI(ENFYRA_API_URL, `/${tableName}?limit=1000&fields=*`).catch((error) => ({ error }));
+      }
       return { tableName, records: unwrapData(result), error: result?.error?.message || null };
     }));
     const scriptMatches = [];