@flomenco/claude-plugin-mcp 0.1.2 → 0.1.3

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@flomenco/claude-plugin-mcp",
-  "version": "0.1.2",
+  "version": "0.1.3",
   "description": "Flo Claude Co-Work plugin bridge for Claude Desktop/Code",
   "private": false,
   "license": "UNLICENSED",

package/src/index.js

@@ -17,6 +17,7 @@ import { spawn } from "node:child_process";
 const DEFAULT_TIMEOUT_MS = 60_000;
 const OAUTH_WAIT_TIMEOUT_MS = 180_000;
 const TOKEN_REFRESH_SKEW_SECONDS = 60;
+const ASSET_ID_REGEX = /^[A-Za-z0-9._-]+$/;
 const DEFAULT_TOKEN_CACHE_PATH = path.join(
   os.homedir(),
   ".flo",
@@ -78,6 +79,17 @@ function defaultSettingsUrlForEnv() {
   return "https://dev.floapp.co/settings/api";
 }
 
+function defaultWebAppUrlForEnv() {
+  const env = normalizedPluginEnv();
+  if (env === "prod") {
+    return "https://floapp.co";
+  }
+  if (env === "stg") {
+    return "https://stg.floapp.co";
+  }
+  return "https://dev.floapp.co";
+}
+
 function getInvocationUrl() {
   const raw =
     process.env.FLO_INTERFACE_AGENT_INVOCATION_URL ||
@@ -119,6 +131,8 @@ function getOAuthConfig(strict = false) {
     process.env.FLO_OAUTH_CLIENT_ID_HELP_URL ||
     defaultSettingsUrlForEnv()
   ).trim();
+  const rawAppLoginUrl = (process.env.FLO_OAUTH_APP_LOGIN_URL || "").trim();
+  const appLoginUrl = rawAppLoginUrl || `${defaultWebAppUrlForEnv()}/login`;
 
   const ready = Boolean(authorizeUrl && tokenUrl && clientId);
   if (strict && !ready) {
@@ -141,6 +155,7 @@ function getOAuthConfig(strict = false) {
     userPoolName,
     expectedClientName,
     settingsUrl,
+    appLoginUrl,
   };
 }
 
@@ -643,6 +658,17 @@ function requireString(value, fieldName) {
   return value.trim();
 }
 
+function requireAssetId(value, fieldName) {
+  const assetId = requireString(value, fieldName);
+  if (assetId.length > 128 || !ASSET_ID_REGEX.test(assetId)) {
+    throw new McpError(
+      ErrorCode.InvalidParams,
+      `\`${fieldName}\` must match ^[A-Za-z0-9._-]+$ and be <= 128 chars.`
+    );
+  }
+  return assetId;
+}
+
 function assertSearchPayload(payload) {
   if (!payload || payload.status !== "ok" || !Array.isArray(payload.menuItems)) {
     throw new McpError(
@@ -742,7 +768,7 @@ const tools = [
   {
     name: "flo_auth_login",
     description:
-      "Start OAuth login (browser PKCE flow), cache token locally, and return auth status.",
+      "Start OAuth login (browser PKCE flow), cache token locally, and return auth status. If prompted by hosted login UI, first sign in via appLoginUrl.",
     inputSchema: {
       type: "object",
       properties: {},
@@ -777,6 +803,28 @@ const tools = [
       additionalProperties: false,
     },
   },
+  {
+    name: "flo_analyze",
+    description:
+      "Analyze an asset directly (friendly alias for /flo:analyze-image <assetId>).",
+    inputSchema: {
+      type: "object",
+      properties: {
+        assetId: {
+          type: "string",
+          minLength: 1,
+          maxLength: 128,
+          pattern: "^[A-Za-z0-9._-]+$",
+        },
+        authToken: {
+          type: "string",
+          description: "Optional bearer token override for this call only.",
+        },
+      },
+      required: ["assetId"],
+      additionalProperties: false,
+    },
+  },
   {
     name: "flo_search",
     description:
@@ -814,11 +862,16 @@ const tools = [
   {
     name: "flo_skill_routing",
     description:
-      "Run /flo:skill-routing for an asset and return available plugin skills.",
+      "List available actions for an asset (what can I do with this file?).",
     inputSchema: {
       type: "object",
       properties: {
-        assetId: { type: "string", minLength: 1 },
+        assetId: {
+          type: "string",
+          minLength: 1,
+          maxLength: 128,
+          pattern: "^[A-Za-z0-9._-]+$",
+        },
         authToken: {
           type: "string",
           description: "Optional bearer token override for this call only.",
@@ -960,6 +1013,7 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
       oauthUserPoolName: oauth.userPoolName,
       oauthUserPoolId: oauth.userPoolId || null,
       oauthSettingsUrl: oauth.settingsUrl,
+      appLoginUrl: oauth.appLoginUrl,
       envTokenConfigured: envToken,
       cachePath: getTokenCachePath(),
       cachedTokenPresent: Boolean(cachedToken?.access_token),
@@ -982,11 +1036,19 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
       oauthUserPoolName: oauth.userPoolName,
       oauthUserPoolId: oauth.userPoolId || null,
       oauthSettingsUrl: oauth.settingsUrl,
+      appLoginUrl: oauth.appLoginUrl,
       message:
-        "Open oauthSettingsUrl, then copy the app client id for oauthExpectedClientName into FLO_OAUTH_CLIENT_ID.",
+        "If hosted login UI appears, sign in at appLoginUrl first, then run flo_auth_login again. Open oauthSettingsUrl to copy client id for oauthExpectedClientName into FLO_OAUTH_CLIENT_ID.",
     });
   }
 
+  if (name === "flo_analyze") {
+    const assetId = requireAssetId(args.assetId, "assetId");
+    const prompt = `/flo:analyze-image ${assetId}`;
+    const bodyText = await invokeInterfaceAgent(prompt, args.authToken);
+    return asTextResult(parseMaybeJson(bodyText) || bodyText);
+  }
+
   if (name === "flo_auth_logout") {
     await clearCachedToken();
     return asTextResult({
@@ -1011,7 +1073,7 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
   }
 
   if (name === "flo_skill_routing") {
-    const assetId = requireString(args.assetId, "assetId");
+    const assetId = requireAssetId(args.assetId, "assetId");
     const prompt = `/flo:skill-routing ${assetId}`;
     const bodyText = await invokeInterfaceAgent(prompt, args.authToken);
     return asTextResult(parseMaybeJson(bodyText) || bodyText);