npm - @floomhq/floom-mcp-sync - Versions diffs - 1.0.0 - Mend

@floomhq/floom-mcp-sync 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

package/LICENSE ADDED Viewed

@@ -0,0 +1,21 @@
+MIT License
+Copyright (c) 2026 Floom
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md ADDED Viewed

@@ -0,0 +1,28 @@
+# Floom MCP Sync
+Tiny MCP server for Floom skills. This package is part of the Floom Version 1 synchronization preview.
+```bash
+npx -y @floomhq/floom-mcp-sync
+```
+On startup it reads `~/.floom/config.json`, fetches your own published Floom skills, and writes missing files to `~/.claude/skills/`. The background sync behavior is a Version 1 preview path.
+Sync stores a machine-local manifest next to the Floom CLI config at `~/.floom/sync-manifest.json`.
+Version 1 sync does not replace existing local Markdown files. Remote updates, existing untracked
+files, and locally edited tracked files are skipped as conflicts. Symlinks are never followed. Move
+or delete the local file to accept the Floom version on the next sync.
+The poll uses HTTP `If-None-Match` against `/api/me/skills`, so unchanged responses are 304 with no body. Steady-state polling is ~free on bandwidth. If a Floom-tracked local file is missing after a 304, MCP refetches once without the ETag so Version 1 can recreate missing files without overwriting existing Markdown.
+Configure the preview poll interval with `FLOOM_SYNC_INTERVAL_MS` (default `60000`, minimum `10000`).
+Tools:
+- `floom_install_skill(slug)` fetches `/s/<slug>.md` and writes it locally.
+- `floom_publish_skill(name, content, description?, visibility?, asset_type?, installs_as?, version?)` publishes Markdown through `/api/skills`.
+  - `asset_type`: `knowledge`, `instruction`, `workflow`, or `skill` (default `skill`)
+  - `installs_as`: `claude_skill`, `memory`, `rule`, `codex_instruction`, `opencode_instruction`, `cursor_rule`, or `other` (default `claude_skill`)
+  - `version`: optional label like `1.0.0` or `v1-preview`
+Library management and share-invite tools are planned for a later Floom version.

package/bin/floom-mcp-sync.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ #!/usr/bin/env node
2	+ import "../dist/server.js";

package/dist/auto-sync.js ADDED Viewed

@@ -0,0 +1,458 @@
+import { constants } from "node:fs";
+import { lstat, mkdir, open } from "node:fs/promises";
+import { basename, dirname, isAbsolute, join, relative, resolve, sep } from "node:path";
+import { apiUrlFromConfig, readConfig } from "./lib/config.js";
+import { getJsonWithEtag, FloomApiError } from "./lib/api.js";
+import { sha256 } from "./lib/hash.js";
+import { assertValidSlug } from "./lib/slug.js";
+import { skillsDir, skillTargetPath } from "./lib/paths.js";
+import { ensureSyncManifestDir, manifestKey, markSynced, readSyncManifest, unmarkSynced, writeSyncManifest } from "./lib/manifest.js";
+// Module-level cache: ETag from the last successful (non-304) response, plus
+// the last time we logged a heartbeat. Survives across setInterval ticks
+// inside a single MCP server process.
+let cachedEtag = null;
+let lastHeartbeatAt = 0;
+let lastAuthWarningAt = 0;
+const HEARTBEAT_MS = 10 * 60 * 1000; // 10 minutes
+const AUTH_WARNING_MS = 10 * 60 * 1000;
+const MANIFEST_SEGMENT_RE = /^[A-Za-z0-9._-]{1,128}$/;
+const FD_PATH_ROOT = "/proc/self/fd";
+async function localState(path) {
+    try {
+        const handle = await open(path, constants.O_RDONLY | constants.O_NOFOLLOW);
+        try {
+            const stat = await handle.stat();
+            if (!stat.isFile()) {
+                return { kind: "conflict", reason: "path is blocked by an existing local file or directory" };
+            }
+            return { kind: "file", hash: sha256(await handle.readFile("utf8")) };
+        }
+        finally {
+            await handle.close();
+        }
+    }
+    catch (err) {
+        const code = err.code;
+        if (code === "ENOENT")
+            return { kind: "missing" };
+        if (code === "ELOOP")
+            return { kind: "conflict", reason: "path is a symbolic link" };
+        if (code === "ENOTDIR" || code === "EISDIR") {
+            return { kind: "conflict", reason: "path is blocked by an existing local file or directory" };
+        }
+        throw err;
+    }
+}
+function targetFromManifestKey(root, key) {
+    if (!key || isAbsolute(key) || key.includes("\\") || key.length > 512) {
+        throw new Error("Invalid manifest target path");
+    }
+    const segments = key.split("/");
+    if (segments.some((segment) => segment === "." || segment === ".." || !MANIFEST_SEGMENT_RE.test(segment))) {
+        throw new Error("Invalid manifest target path");
+    }
+    const target = join(root, ...segments);
+    const relativeTarget = relative(resolve(root), resolve(target));
+    if (relativeTarget === ".." || relativeTarget.startsWith(`..${sep}`) || isAbsolute(relativeTarget)) {
+        throw new Error("Invalid manifest target path");
+    }
+    return target;
+}
+function validateSyncSkillShape(skill) {
+    if (!skill || typeof skill !== "object")
+        throw new Error("Invalid sync response");
+    const candidate = skill;
+    if (typeof candidate.slug !== "string" || typeof candidate.body_md !== "string") {
+        throw new Error("Invalid sync response");
+    }
+    if (candidate.folder !== undefined &&
+        candidate.folder !== null &&
+        typeof candidate.folder !== "string") {
+        throw new Error("Invalid sync response");
+    }
+    if (candidate.library_slug !== undefined &&
+        candidate.library_slug !== null &&
+        typeof candidate.library_slug !== "string") {
+        throw new Error("Invalid sync response");
+    }
+}
+async function manifestHasMissingTrackedFile(manifest, root) {
+    for (const key of Object.keys(manifest.files)) {
+        let target;
+        try {
+            target = targetFromManifestKey(root, key);
+            await assertSafeExistingParentDirectory(root, target);
+        }
+        catch {
+            continue;
+        }
+        const state = await localState(target);
+        if (state.kind === "missing")
+            return true;
+    }
+    return false;
+}
+export async function autoSync(log = (message) => process.stderr.write(`${message}\n`)) {
+    const cfg = await readConfig();
+    if (!cfg) {
+        maybeAuthWarning(log, "[floom] not signed in; skipping sync (run `floom login`)");
+        return { synced: 0, unchanged: 0, updated: 0, conflicts: 0 };
+    }
+    await ensureSyncManifestDir();
+    const manifest = await readSyncManifest();
+    const root = skillsDir();
+    const apiUrl = apiUrlFromConfig(cfg);
+    let response;
+    try {
+        response = await getJsonWithEtag(`${apiUrl}/api/me/skills`, cfg.accessToken, cachedEtag);
+    }
+    catch (err) {
+        if (err instanceof FloomApiError && err.status === 401) {
+            maybeAuthWarning(log, "[floom] sign-in expired; skipping sync (run `floom login` again)");
+            return { synced: 0, unchanged: 0, updated: 0, conflicts: 0 };
+        }
+        throw err;
+    }
+    if (response.status === 304) {
+        if (await manifestHasMissingTrackedFile(manifest, root)) {
+            response = await getJsonWithEtag(`${apiUrl}/api/me/skills`, cfg.accessToken, null);
+        }
+        else {
+            maybeHeartbeat(log);
+            return { synced: 0, unchanged: 0, updated: 0, conflicts: 0 };
+        }
+    }
+    if (response.status === 304) {
+        maybeHeartbeat(log);
+        return { synced: 0, unchanged: 0, updated: 0, conflicts: 0 };
+    }
+    if (response.etag)
+        cachedEtag = response.etag;
+    const payload = response.body;
+    if (!payload) {
+        return { synced: 0, unchanged: 0, updated: 0, conflicts: 0 };
+    }
+    await mkdir(skillsDir(), { recursive: true, mode: 0o700 });
+    if (!Array.isArray(payload.skills)) {
+        throw new Error("Invalid sync response");
+    }
+    for (const skill of payload.skills)
+        validateSyncSkillShape(skill);
+    // Version 1 preview syncs owned published skills only.
+    const buckets = [
+        { skills: payload.skills, defaultLib: null },
+    ];
+    let unchanged = 0;
+    let updated = 0;
+    let conflicts = 0;
+    let total = 0;
+    const writtenPaths = new Set();
+    const activeTargetKeys = new Set();
+    const pruneBlockedSlugs = new Set();
+    const noteConflict = (target, reason) => {
+        conflicts += 1;
+        log(`[floom] skipped local conflict: ${manifestKey(root, target)} (${reason})`);
+    };
+    const noteKeyConflict = (key, reason) => {
+        conflicts += 1;
+        log(`[floom] skipped local conflict: ${key} (${reason})`);
+    };
+    const noteRemoteConflict = (slug, reason) => {
+        conflicts += 1;
+        const label = typeof slug === "string" && slug ? slug : "<invalid>";
+        log(`[floom] skipped remote conflict: ${label} (${reason})`);
+    };
+    for (const bucket of buckets) {
+        const skills = bucket.skills ?? [];
+        for (const skill of skills) {
+            let target;
+            try {
+                assertValidSlug(skill.slug);
+                target = skillTargetPath({
+                    slug: skill.slug,
+                    folder: skill.folder ?? null,
+                    librarySlug: skill.library_slug ?? bucket.defaultLib,
+                });
+            }
+            catch (err) {
+                if (typeof skill.slug === "string")
+                    pruneBlockedSlugs.add(skill.slug);
+                noteRemoteConflict(skill.slug, err instanceof Error ? err.message : "invalid remote metadata");
+                continue;
+            }
+            if (writtenPaths.has(target))
+                continue;
+            writtenPaths.add(target);
+            total += 1;
+            const remoteHash = sha256(skill.body_md);
+            const targetKey = manifestKey(root, target);
+            activeTargetKeys.add(targetKey);
+            const tracked = manifest.files[targetKey];
+            try {
+                await assertSafeExistingParentDirectory(root, target);
+            }
+            catch (err) {
+                const code = err.code;
+                if (code === "ELOOP") {
+                    noteConflict(target, "path contains a symbolic link");
+                    continue;
+                }
+                if (code === "ENOTDIR" || code === "EISDIR") {
+                    noteConflict(target, "path is blocked by an existing local file or directory");
+                    continue;
+                }
+                if (code === "EEXIST" || code === "ENOENT") {
+                    noteConflict(target, err instanceof Error ? err.message : "local file changed during Floom sync");
+                    continue;
+                }
+                throw err;
+            }
+            const state = await localState(target);
+            if (state.kind === "conflict") {
+                noteConflict(target, state.reason);
+                continue;
+            }
+            if (state.kind === "file" && !tracked) {
+                noteConflict(target, "existing file is not tracked by Floom sync");
+                continue;
+            }
+            if (state.kind === "file" && state.hash !== tracked?.hash) {
+                noteConflict(target, "local file changed since the last Floom sync");
+                continue;
+            }
+            if (state.kind === "file" && state.hash === remoteHash) {
+                unchanged += 1;
+                continue;
+            }
+            if (state.kind === "file") {
+                noteConflict(target, "remote skill changed; move or delete the local file to accept the Floom version");
+                continue;
+            }
+            try {
+                await writeSyncedFile(target, skill.body_md);
+            }
+            catch (err) {
+                const code = err.code;
+                if (code === "ELOOP") {
+                    noteConflict(target, "path contains a symbolic link");
+                    continue;
+                }
+                if (code === "ENOTDIR" || code === "EISDIR") {
+                    noteConflict(target, "path is blocked by an existing local file or directory");
+                    continue;
+                }
+                throw err;
+            }
+            markSynced(manifest, targetKey, skill.slug, remoteHash);
+            await writeSyncManifest(manifest);
+            updated += 1;
+        }
+    }
+    if (payload.full_sync === true) {
+        for (const [key, entry] of Object.entries(manifest.files)) {
+            if (activeTargetKeys.has(key))
+                continue;
+            if (pruneBlockedSlugs.has(entry.slug)) {
+                noteKeyConflict(key, "remote metadata is invalid for this skill");
+                continue;
+            }
+            let target;
+            try {
+                target = targetFromManifestKey(root, key);
+                await assertSafeExistingParentDirectory(root, target);
+            }
+            catch (err) {
+                const code = err.code;
+                if (code === "ELOOP") {
+                    noteKeyConflict(key, "path contains a symbolic link");
+                    continue;
+                }
+                if (code === "ENOTDIR" || code === "EISDIR") {
+                    noteKeyConflict(key, "path is blocked by an existing local file or directory");
+                    continue;
+                }
+                noteKeyConflict(key, "invalid manifest target path");
+                continue;
+            }
+            const state = await localState(target);
+            if (state.kind === "missing") {
+                unmarkSynced(manifest, key);
+                await writeSyncManifest(manifest);
+                continue;
+            }
+            if (state.kind === "conflict") {
+                noteConflict(target, state.reason);
+                continue;
+            }
+            if (state.hash !== entry.hash) {
+                noteConflict(target, "local file changed since the last Floom sync");
+                continue;
+            }
+            unmarkSynced(manifest, key);
+            await writeSyncManifest(manifest);
+        }
+    }
+    // Only log when there's actual movement (skills updated) OR heartbeat is due.
+    // Steady-state polling stays quiet so it doesn't pollute MCP stderr.
+    if (updated > 0) {
+        const conflictNote = conflicts > 0 ? `, ${conflicts} conflicts skipped` : "";
+        log(`[floom] synced ${total} skills (${unchanged} unchanged, ${updated} updated${conflictNote})`);
+        lastHeartbeatAt = Date.now();
+        if (updated > 0) {
+            // Activation telemetry counts syncs that write new content. Best-effort;
+            // never blocks or throws.
+            void emitSyncCompleted(apiUrl, cfg.accessToken, { total, updated, unchanged }).catch(() => { });
+        }
+    }
+    else if (conflicts > 0) {
+        log(`[floom] synced ${total} skills (${unchanged} unchanged, ${updated} updated, ${conflicts} conflicts skipped)`);
+        lastHeartbeatAt = Date.now();
+    }
+    else {
+        maybeHeartbeat(log, () => `[floom] heartbeat: ${total} skills tracked, all up-to-date`);
+    }
+    return { synced: total, unchanged, updated, conflicts };
+}
+async function emitSyncCompleted(apiUrl, token, props) {
+    try {
+        await fetch(`${apiUrl}/api/v1/events`, {
+            method: "POST",
+            headers: {
+                "Content-Type": "application/json",
+                authorization: `Bearer ${token}`,
+            },
+            body: JSON.stringify({
+                event_name: "sync.completed",
+                source: "mcp",
+                props: {
+                    total: props.total,
+                    updated: props.updated,
+                    unchanged: props.unchanged,
+                },
+            }),
+        });
+    }
+    catch {
+        // never throw from telemetry
+    }
+}
+async function writeSyncedFile(target, body) {
+    const parent = await openSafeParentDirectory(skillsDir(), target, true);
+    let handle = null;
+    try {
+        handle = await open(childCreatePath(parent, dirname(target), basename(target)), constants.O_WRONLY | constants.O_CREAT | constants.O_EXCL | constants.O_NOFOLLOW, 0o600);
+        await writeAll(handle, body);
+    }
+    finally {
+        await handle?.close();
+        await parent.close();
+    }
+}
+async function openSafeParentDirectory(root, target, create) {
+    if (create)
+        await ensureSafeParentDirectory(root, target);
+    else
+        await assertSafeExistingParentDirectory(root, target);
+    return open(dirname(target), constants.O_RDONLY | constants.O_DIRECTORY | constants.O_NOFOLLOW);
+}
+function childCreatePath(parent, fallbackParent, name) {
+    if (process.platform === "linux")
+        return `${FD_PATH_ROOT}/${parent.fd}/${name}`;
+    return join(resolve(fallbackParent), name);
+}
+async function writeAll(handle, body) {
+    const buffer = Buffer.from(body, "utf8");
+    let offset = 0;
+    while (offset < buffer.length) {
+        const result = await handle.write(buffer, offset, buffer.length - offset, offset);
+        if (result.bytesWritten === 0)
+            throw conflictError("failed to write local skill file", "EIO");
+        offset += result.bytesWritten;
+    }
+}
+async function ensureSafeParentDirectory(root, target) {
+    const resolvedRoot = resolve(root);
+    const resolvedParent = resolve(dirname(target));
+    const relativeParent = relative(resolvedRoot, resolvedParent);
+    if (relativeParent === ".." || relativeParent.startsWith(`..${sep}`) || isAbsolute(relativeParent)) {
+        throw conflictError("Invalid skill target path.", "EINVAL");
+    }
+    await mkdir(resolvedRoot, { recursive: true, mode: 0o700 });
+    await assertSafeDirectory(resolvedRoot);
+    if (!relativeParent || relativeParent === ".")
+        return;
+    let current = resolvedRoot;
+    for (const segment of relativeParent.split(sep).filter(Boolean)) {
+        current = join(current, segment);
+        try {
+            await assertSafeDirectory(current);
+        }
+        catch (err) {
+            if (err.code !== "ENOENT")
+                throw err;
+            await mkdir(current, { mode: 0o700 });
+            await assertSafeDirectory(current);
+        }
+    }
+}
+async function assertSafeExistingParentDirectory(root, target) {
+    const resolvedRoot = resolve(root);
+    const resolvedParent = resolve(dirname(target));
+    const relativeParent = relative(resolvedRoot, resolvedParent);
+    if (relativeParent === ".." || relativeParent.startsWith(`..${sep}`) || isAbsolute(relativeParent)) {
+        throw conflictError("Invalid skill target path.", "EINVAL");
+    }
+    await assertSafeDirectory(resolvedRoot);
+    if (!relativeParent || relativeParent === ".")
+        return;
+    let current = resolvedRoot;
+    for (const segment of relativeParent.split(sep).filter(Boolean)) {
+        current = join(current, segment);
+        try {
+            await assertSafeDirectory(current);
+        }
+        catch (err) {
+            if (err.code === "ENOENT")
+                return;
+            throw err;
+        }
+    }
+}
+async function assertSafeDirectory(path) {
+    const stat = await lstat(path);
+    if (stat.isSymbolicLink())
+        throw conflictError("path contains a symbolic link", "ELOOP");
+    if (!stat.isDirectory()) {
+        throw conflictError("path is blocked by an existing local file or directory", "ENOTDIR");
+    }
+}
+function conflictError(message, code) {
+    const err = new Error(message);
+    err.code = code;
+    return err;
+}
+function maybeHeartbeat(log, message) {
+    const now = Date.now();
+    if (lastHeartbeatAt === 0) {
+        // Initialise without logging; first sync result was already logged or was a 304.
+        lastHeartbeatAt = now;
+        return;
+    }
+    if (now - lastHeartbeatAt < HEARTBEAT_MS)
+        return;
+    if (message)
+        log(message());
+    lastHeartbeatAt = now;
+}
+function maybeAuthWarning(log, message) {
+    const now = Date.now();
+    if (lastAuthWarningAt !== 0 && now - lastAuthWarningAt < AUTH_WARNING_MS)
+        return;
+    log(message);
+    lastAuthWarningAt = now;
+}
+// TODO(option-B): swap polling for SSE. Add `/api/v1/sync-stream` route that
+// holds a per-user EventSource open and pushes `{type:"skills-updated"}` from a
+// Supabase post-write trigger or webhook. MCP listens, calls autoSync() on
+// event. Drops sync latency from <=60s to <=2s. Trade-off: needs reconnect
+// logic, Vercel's 5-min connection cap, and a server-side change-fanout path.

package/dist/lib/api.js ADDED Viewed

@@ -0,0 +1,90 @@
+export class FloomApiError extends Error {
+    status;
+    constructor(status, message) {
+        super(message);
+        this.status = status;
+        this.name = "FloomApiError";
+    }
+}
+async function readError(res) {
+    const text = await res.text();
+    if (!text)
+        return `Floom API returned HTTP ${res.status}`;
+    try {
+        const parsed = JSON.parse(text);
+        if (typeof parsed.error === "string")
+            return parsed.error;
+    }
+    catch {
+        return text;
+    }
+    return text;
+}
+export async function getJson(url, token) {
+    const headers = {};
+    if (token)
+        headers.authorization = `Bearer ${token}`;
+    const res = await fetch(url, { headers });
+    if (!res.ok)
+        throw new FloomApiError(res.status, await readError(res));
+    return (await res.json());
+}
+/**
+ * GET helper that participates in HTTP conditional requests via ETag.
+ * Pass the previously-seen ETag (or null on first call). On 304, body is null.
+ */
+export async function getJsonWithEtag(url, token, etag) {
+    const headers = { authorization: `Bearer ${token}` };
+    if (etag)
+        headers["if-none-match"] = etag;
+    const res = await fetch(url, { headers });
+    const responseEtag = res.headers.get("etag");
+    if (res.status === 304) {
+        return { status: 304, body: null, etag: responseEtag ?? etag };
+    }
+    if (!res.ok)
+        throw new FloomApiError(res.status, await readError(res));
+    const body = (await res.json());
+    return { status: res.status, body, etag: responseEtag };
+}
+export async function getText(url) {
+    const res = await fetch(url);
+    if (!res.ok)
+        throw new FloomApiError(res.status, await readError(res));
+    return res.text();
+}
+export async function postJson(url, token, body) {
+    const res = await fetch(url, {
+        method: "POST",
+        headers: {
+            authorization: `Bearer ${token}`,
+            "content-type": "application/json",
+        },
+        body: JSON.stringify(body),
+    });
+    if (!res.ok)
+        throw new FloomApiError(res.status, await readError(res));
+    return (await res.json());
+}
+export async function putJson(url, token, body) {
+    const res = await fetch(url, {
+        method: "PUT",
+        headers: {
+            authorization: `Bearer ${token}`,
+            "content-type": "application/json",
+        },
+        body: JSON.stringify(body),
+    });
+    if (!res.ok)
+        throw new FloomApiError(res.status, await readError(res));
+    return (await res.json());
+}
+export async function deleteRequest(url, token) {
+    const res = await fetch(url, {
+        method: "DELETE",
+        headers: { authorization: `Bearer ${token}` },
+    });
+    if (!res.ok)
+        throw new FloomApiError(res.status, await readError(res));
+    return (await res.json());
+}

package/dist/lib/config.js ADDED Viewed

@@ -0,0 +1,26 @@
+import { readFile } from "node:fs/promises";
+import { configPath } from "./paths.js";
+export const DEFAULT_API_URL = "https://floom.dev";
+export function apiUrlFromConfig(cfg) {
+    return (cfg.apiUrl ?? process.env.FLOOM_API_URL ?? DEFAULT_API_URL).replace(/\/$/, "");
+}
+export async function readConfig() {
+    try {
+        const raw = await readFile(configPath(), "utf8");
+        const parsed = JSON.parse(raw);
+        if (typeof parsed.accessToken !== "string" || parsed.accessToken.length === 0)
+            return null;
+        return {
+            accessToken: parsed.accessToken,
+            ...(typeof parsed.apiUrl === "string" ? { apiUrl: parsed.apiUrl } : {}),
+            ...(typeof parsed.refreshToken === "string" ? { refreshToken: parsed.refreshToken } : {}),
+            ...(typeof parsed.expiresAt === "number" ? { expiresAt: parsed.expiresAt } : {}),
+            ...(typeof parsed.email === "string" || parsed.email === null ? { email: parsed.email } : {}),
+        };
+    }
+    catch (err) {
+        if (err.code === "ENOENT")
+            return null;
+        throw err;
+    }
+}

package/dist/lib/hash.js ADDED Viewed

@@ -0,0 +1,4 @@
+import { createHash } from "node:crypto";
+export function sha256(input) {
+    return createHash("sha256").update(input).digest("hex");
+}

package/dist/lib/manifest.js ADDED Viewed

@@ -0,0 +1,129 @@
+import { constants } from "node:fs";
+import { lstat, mkdir, open, rename } from "node:fs/promises";
+import { dirname, join, relative, resolve, sep } from "node:path";
+import { configPath } from "./paths.js";
+const MANIFEST_VERSION = 1;
+const SLUG_RE = /^[A-Za-z0-9_-]{1,128}$/;
+const FD_PATH_ROOT = "/proc/self/fd";
+function manifestPath() {
+    return join(dirname(configPath()), "sync-manifest.json");
+}
+function emptyManifest() {
+    return { version: MANIFEST_VERSION, files: {} };
+}
+function isEntryForKey(key, value) {
+    if (!value || typeof value !== "object")
+        return false;
+    const entry = value;
+    return (typeof entry.hash === "string" &&
+        typeof entry.slug === "string" &&
+        typeof entry.target === "string" &&
+        typeof entry.syncedAt === "string" &&
+        entry.target === key &&
+        SLUG_RE.test(entry.slug) &&
+        key.split("/").at(-1) === `${entry.slug}.md`);
+}
+export async function readSyncManifest() {
+    try {
+        await ensureSyncManifestDir();
+        const handle = await open(manifestPath(), constants.O_RDONLY | constants.O_NOFOLLOW);
+        let body;
+        try {
+            body = await handle.readFile("utf8");
+        }
+        finally {
+            await handle.close();
+        }
+        const parsed = JSON.parse(body);
+        if (parsed.version !== MANIFEST_VERSION || !parsed.files || typeof parsed.files !== "object") {
+            return emptyManifest();
+        }
+        const manifest = emptyManifest();
+        for (const [key, value] of Object.entries(parsed.files)) {
+            if (isEntryForKey(key, value))
+                manifest.files[key] = value;
+        }
+        return manifest;
+    }
+    catch (err) {
+        if (err.code === "ENOENT")
+            return emptyManifest();
+        if (err instanceof SyntaxError)
+            return emptyManifest();
+        throw err;
+    }
+}
+export async function writeSyncManifest(manifest) {
+    await ensureSyncManifestDir();
+    const path = manifestPath();
+    const dirPath = dirname(path);
+    const dir = await open(dirPath, constants.O_RDONLY | constants.O_DIRECTORY | constants.O_NOFOLLOW);
+    const tmpBase = `sync-manifest.json.${process.pid}.${Date.now()}`;
+    const body = JSON.stringify(manifest, null, 2);
+    try {
+        for (let attempt = 0; attempt < 10; attempt += 1) {
+            const tmpName = attempt === 0 ? `${tmpBase}.tmp` : `${tmpBase}.${attempt}.tmp`;
+            const tmpPath = childPath(dir, dirPath, tmpName);
+            let handle = null;
+            try {
+                handle = await open(tmpPath, constants.O_WRONLY | constants.O_CREAT | constants.O_EXCL | constants.O_NOFOLLOW, 0o600);
+                await handle.writeFile(body, "utf8");
+                await handle.close();
+                handle = null;
+                await rename(tmpPath, childPath(dir, dirPath, "sync-manifest.json"));
+                return;
+            }
+            catch (err) {
+                await handle?.close().catch(() => { });
+                if (err.code === "EEXIST")
+                    continue;
+                throw err;
+            }
+        }
+    }
+    finally {
+        await dir.close();
+    }
+    const err = new Error("temporary sync manifest file already exists");
+    err.code = "EEXIST";
+    throw err;
+}
+function childPath(parent, fallbackParent, name) {
+    if (process.platform === "linux")
+        return `${FD_PATH_ROOT}/${parent.fd}/${name}`;
+    return join(resolve(fallbackParent), name);
+}
+export async function ensureSyncManifestDir() {
+    const path = manifestPath();
+    const dir = dirname(path);
+    await mkdir(dir, { recursive: true, mode: 0o700 });
+    const stat = await lstat(dir);
+    if (stat.isSymbolicLink()) {
+        const err = new Error("sync manifest directory is a symbolic link");
+        err.code = "ELOOP";
+        throw err;
+    }
+    if (!stat.isDirectory()) {
+        const err = new Error("sync manifest path is blocked by an existing local file");
+        err.code = "ENOTDIR";
+        throw err;
+    }
+}
+export function manifestKey(root, target) {
+    const relativeTarget = relative(resolve(root), resolve(target));
+    if (relativeTarget === ".." || relativeTarget.startsWith(`..${sep}`)) {
+        throw new Error("Invalid manifest target path.");
+    }
+    return relativeTarget.split(sep).join("/");
+}
+export function markSynced(manifest, key, slug, hash) {
+    manifest.files[key] = {
+        hash,
+        slug,
+        target: key,
+        syncedAt: new Date().toISOString(),
+    };
+}
+export function unmarkSynced(manifest, key) {
+    delete manifest.files[key];
+}

package/dist/lib/paths.js ADDED Viewed

@@ -0,0 +1,46 @@
+import { homedir } from "node:os";
+import { isAbsolute, join, relative, resolve, sep } from "node:path";
+import { assertValidSlug } from "./slug.js";
+export function configPath() {
+    return process.env.FLOOM_CONFIG_PATH ?? join(homedir(), ".floom", "config.json");
+}
+export function skillsDir() {
+    return process.env.CLAUDE_SKILLS_DIR ?? join(homedir(), ".claude", "skills");
+}
+export function skillPath(slug) {
+    return join(skillsDir(), `${slug}.md`);
+}
+const PATH_SEGMENT_RE = /^[a-z0-9._-]{1,128}$/;
+function safePathSegments(value, label) {
+    if (!value)
+        return [];
+    if (isAbsolute(value))
+        throw new Error(`Invalid ${label}`);
+    const segments = value.split(/[\\/]+/).filter(Boolean);
+    if (segments.some((segment) => segment === "." || segment === ".." || !PATH_SEGMENT_RE.test(segment))) {
+        throw new Error(`Invalid ${label}`);
+    }
+    return segments;
+}
+/**
+ * Compute the on-disk path for a skill given optional folder + library
+ * grouping. Version 1 preview uses owned skills at the skills root or inside
+ * `<folder>/`. Library grouping remains a later-version path shape.
+ *
+ * The slug always becomes the filename. Folder/library segments must already
+ * be validated by the API (server-side regex enforces lowercase tokens).
+ */
+export function skillTargetPath(opts) {
+    assertValidSlug(opts.slug);
+    const root = skillsDir();
+    const segments = [root];
+    segments.push(...safePathSegments(opts.librarySlug, "library slug"));
+    segments.push(...safePathSegments(opts.folder, "folder"));
+    segments.push(`${opts.slug}.md`);
+    const target = join(...segments);
+    const relativeTarget = relative(resolve(root), resolve(target));
+    if (relativeTarget === ".." || relativeTarget.startsWith(`..${sep}`) || isAbsolute(relativeTarget)) {
+        throw new Error("Invalid skill target path");
+    }
+    return target;
+}

package/dist/lib/slug.js ADDED Viewed

@@ -0,0 +1,6 @@
+const SLUG_RE = /^[A-Za-z0-9_-]{1,128}$/;
+export function assertValidSlug(slug) {
+    if (!SLUG_RE.test(slug)) {
+        throw new Error("Invalid skill slug");
+    }
+}

package/dist/server.js ADDED Viewed

@@ -0,0 +1,258 @@
+#!/usr/bin/env node
+import { createInterface } from "node:readline";
+import { stdin, stdout } from "node:process";
+import { autoSync } from "./auto-sync.js";
+import { installSkill } from "./tools/install.js";
+import { publishSkill } from "./tools/publish.js";
+const SERVER_VERSION = "1.0.0";
+const DEFAULT_INTERVAL_MS = 60_000;
+const MIN_INTERVAL_MS = 10_000;
+const VERSION_RE = /^[A-Za-z0-9][A-Za-z0-9._+-]{0,63}$/;
+const VISIBILITIES = new Set(["unlisted", "public", "private"]);
+const ASSET_TYPES = new Set(["knowledge", "instruction", "workflow", "skill"]);
+const INSTALL_TARGETS = new Set([
+    "claude_skill",
+    "memory",
+    "rule",
+    "codex_instruction",
+    "opencode_instruction",
+    "cursor_rule",
+    "other",
+]);
+function usage() {
+    return `
+floom-mcp-sync v${SERVER_VERSION}
+Floom MCP server for Version 1 preview sync.
+Usage
+  floom-mcp-sync
+Behavior
+  Starts a stdio MCP server.
+  Syncs your own published Floom skills into ~/.claude/skills/ on startup.
+  Polls for updates while the MCP process is running.
+Options
+  --help, -h       Show this help.
+  --version        Print the version.
+Env
+  FLOOM_API_URL              Override the API host.
+  FLOOM_SYNC_INTERVAL_MS     Poll interval in milliseconds. Minimum: 10000.
+`.trimStart();
+}
+function handleCliArgs(argv) {
+    if (argv.includes("--version")) {
+        stdout.write(`${SERVER_VERSION}\n`);
+        return true;
+    }
+    if (argv.includes("--help") || argv.includes("-h")) {
+        stdout.write(usage());
+        return true;
+    }
+    return false;
+}
+function ok(payload) {
+    return {
+        content: [{ type: "text", text: JSON.stringify(payload, null, 2) }],
+        structuredContent: payload,
+    };
+}
+function resolvePollIntervalMs() {
+    const raw = process.env.FLOOM_SYNC_INTERVAL_MS;
+    if (!raw)
+        return DEFAULT_INTERVAL_MS;
+    if (!/^\d+$/.test(raw)) {
+        process.stderr.write(`[floom] invalid FLOOM_SYNC_INTERVAL_MS=${raw}, using ${DEFAULT_INTERVAL_MS}ms\n`);
+        return DEFAULT_INTERVAL_MS;
+    }
+    const parsed = Number.parseInt(raw, 10);
+    if (parsed < MIN_INTERVAL_MS) {
+        process.stderr.write(`[floom] FLOOM_SYNC_INTERVAL_MS=${parsed} below minimum, clamping to ${MIN_INTERVAL_MS}ms\n`);
+        return MIN_INTERVAL_MS;
+    }
+    return parsed;
+}
+function startPolling(intervalMs, state) {
+    return setInterval(() => {
+        if (state.inFlight) {
+            process.stderr.write("[floom] previous sync poll still running; skipping this tick\n");
+            return;
+        }
+        state.inFlight = true;
+        autoSync().catch((err) => {
+            process.stderr.write(`[floom] poll failed: ${err instanceof Error ? err.message : String(err)}\n`);
+        }).finally(() => {
+            state.inFlight = false;
+        });
+    }, intervalMs);
+}
+function toolList() {
+    return {
+        tools: [
+            {
+                name: "floom_install_skill",
+                description: "Fetch a Floom skill by slug and install it into ~/.claude/skills/.",
+                inputSchema: {
+                    type: "object",
+                    properties: {
+                        slug: { type: "string", minLength: 1, maxLength: 128 },
+                    },
+                    required: ["slug"],
+                    additionalProperties: false,
+                },
+            },
+            {
+                name: "floom_publish_skill",
+                description: "Publish Markdown content to Floom as a skill.",
+                inputSchema: {
+                    type: "object",
+                    properties: {
+                        name: { type: "string", minLength: 1, maxLength: 200 },
+                        content: { type: "string", minLength: 1, maxLength: 500_000 },
+                        description: { type: "string", maxLength: 1000 },
+                        visibility: { type: "string", enum: [...VISIBILITIES] },
+                        asset_type: { type: "string", enum: [...ASSET_TYPES] },
+                        installs_as: { type: ["string", "null"], enum: [...INSTALL_TARGETS, null] },
+                        version: { type: "string", pattern: "^[A-Za-z0-9][A-Za-z0-9._+-]{0,63}$" },
+                    },
+                    required: ["name", "content"],
+                    additionalProperties: false,
+                },
+            },
+        ],
+    };
+}
+function asObject(value) {
+    if (!value || typeof value !== "object" || Array.isArray(value))
+        throw new Error("Expected object arguments.");
+    return value;
+}
+function asString(value, label, min, max) {
+    if (typeof value !== "string" || value.length < min || value.length > max) {
+        throw new Error(`Invalid ${label}.`);
+    }
+    return value;
+}
+function optionalString(value, label, max) {
+    if (value === undefined)
+        return undefined;
+    if (typeof value !== "string" || value.length > max)
+        throw new Error(`Invalid ${label}.`);
+    return value;
+}
+function enumValue(value, label, allowed, fallback) {
+    if (value === undefined)
+        return fallback;
+    if (typeof value !== "string" || !allowed.has(value))
+        throw new Error(`Invalid ${label}.`);
+    return value;
+}
+function nullableEnumValue(value, label, allowed, fallback) {
+    if (value === undefined)
+        return fallback;
+    if (value === null)
+        return null;
+    if (typeof value !== "string" || !allowed.has(value))
+        throw new Error(`Invalid ${label}.`);
+    return value;
+}
+async function callTool(params) {
+    const parsed = asObject(params);
+    const name = asString(parsed.name, "tool name", 1, 200);
+    const args = asObject(parsed.arguments ?? {});
+    if (name === "floom_install_skill") {
+        return ok(await installSkill(asString(args.slug, "slug", 1, 128)));
+    }
+    if (name === "floom_publish_skill") {
+        const version = optionalString(args.version, "version", 64);
+        if (version !== undefined && !VERSION_RE.test(version))
+            throw new Error("Invalid version.");
+        return ok(await publishSkill(asString(args.name, "name", 1, 200), asString(args.content, "content", 1, 500_000), optionalString(args.description, "description", 1000), enumValue(args.visibility, "visibility", VISIBILITIES, "unlisted"), enumValue(args.asset_type, "asset_type", ASSET_TYPES, "skill"), nullableEnumValue(args.installs_as, "installs_as", INSTALL_TARGETS, "claude_skill"), version));
+    }
+    throw new Error(`Unknown tool: ${name}`);
+}
+function response(id, result) {
+    return `${JSON.stringify({ jsonrpc: "2.0", id, result })}\n`;
+}
+function errorResponse(id, code, message) {
+    return `${JSON.stringify({ jsonrpc: "2.0", id, error: { code, message } })}\n`;
+}
+function isJsonRpcId(raw) {
+    return typeof raw === "string" || typeof raw === "number";
+}
+async function handleRequest(message) {
+    if (message.id === undefined)
+        return;
+    const id = isJsonRpcId(message.id) ? message.id : null;
+    if (message.jsonrpc !== "2.0" || !isJsonRpcId(message.id) || typeof message.method !== "string") {
+        stdout.write(errorResponse(id, -32600, "Invalid request."));
+        return;
+    }
+    try {
+        if (message.method === "initialize") {
+            stdout.write(response(id, {
+                protocolVersion: "2025-06-18",
+                capabilities: { tools: {} },
+                serverInfo: { name: "floom-mcp-sync", version: SERVER_VERSION },
+            }));
+            return;
+        }
+        if (message.method === "ping") {
+            stdout.write(response(id, {}));
+            return;
+        }
+        if (message.method === "tools/list") {
+            stdout.write(response(id, toolList()));
+            return;
+        }
+        if (message.method === "tools/call") {
+            stdout.write(response(id, await callTool(message.params)));
+            return;
+        }
+        stdout.write(errorResponse(id, -32601, `Method not found: ${message.method}`));
+    }
+    catch (err) {
+        stdout.write(errorResponse(id, -32000, err instanceof Error ? err.message : String(err)));
+    }
+}
+async function main() {
+    if (handleCliArgs(process.argv.slice(2)))
+        return;
+    const intervalMs = resolvePollIntervalMs();
+    process.stderr.write(`[floom] starting sync poller (interval ${intervalMs}ms)\n`);
+    const syncState = { inFlight: true };
+    void autoSync().catch((err) => {
+        process.stderr.write(`[floom] initial sync failed: ${err instanceof Error ? err.message : String(err)}\n`);
+    }).finally(() => {
+        syncState.inFlight = false;
+    });
+    const pollHandle = startPolling(intervalMs, syncState);
+    const shutdown = (signal) => {
+        clearInterval(pollHandle);
+        process.stderr.write(`[floom] received ${signal}, stopping sync poller\n`);
+        process.exit(0);
+    };
+    process.once("SIGINT", () => shutdown("SIGINT"));
+    process.once("SIGTERM", () => shutdown("SIGTERM"));
+    const rl = createInterface({ input: stdin, crlfDelay: Infinity });
+    for await (const line of rl) {
+        if (!line.trim())
+            continue;
+        try {
+            const message = JSON.parse(line);
+            if (!message || typeof message !== "object" || Array.isArray(message)) {
+                stdout.write(errorResponse(null, -32600, "Invalid request."));
+                continue;
+            }
+            await handleRequest(message);
+        }
+        catch {
+            stdout.write(errorResponse(null, -32700, "Parse error."));
+        }
+    }
+}
+main().catch((err) => {
+    process.stderr.write(`[floom] fatal: ${err instanceof Error ? err.message : String(err)}\n`);
+    process.exit(1);
+});

package/dist/tools/install.js ADDED Viewed

@@ -0,0 +1,117 @@
+import { constants } from "node:fs";
+import { lstat, mkdir, open } from "node:fs/promises";
+import { createHash } from "node:crypto";
+import { basename, dirname, isAbsolute, join, relative, resolve, sep } from "node:path";
+import { apiUrlFromConfig, readConfig, DEFAULT_API_URL } from "../lib/config.js";
+import { getText } from "../lib/api.js";
+import { assertValidSlug } from "../lib/slug.js";
+import { skillPath, skillsDir } from "../lib/paths.js";
+const FD_PATH_ROOT = "/proc/self/fd";
+export async function installSkill(slug) {
+    assertValidSlug(slug);
+    const cfg = await readConfig();
+    const apiUrl = cfg ? apiUrlFromConfig(cfg) : (process.env.FLOOM_API_URL ?? DEFAULT_API_URL).replace(/\/$/, "");
+    const body = await getText(`${apiUrl}/s/${slug}.md`);
+    if (typeof body !== "string")
+        throw new Error("Invalid skill response");
+    const target = skillPath(slug);
+    const remoteHash = sha256(body);
+    const existing = await localHash(target);
+    if (existing !== null && existing !== remoteHash) {
+        throw new Error("Local skill already exists with different content");
+    }
+    if (existing === null)
+        await writeInstallFile(target, body);
+    return { slug, path: target, bytes: Buffer.byteLength(body) };
+}
+function sha256(input) {
+    return createHash("sha256").update(input).digest("hex");
+}
+async function localHash(path) {
+    try {
+        const handle = await open(path, constants.O_RDONLY | constants.O_NOFOLLOW);
+        try {
+            const stat = await handle.stat();
+            if (!stat.isFile())
+                throw new Error("path is blocked by an existing local file or directory");
+            return sha256(await handle.readFile("utf8"));
+        }
+        finally {
+            await handle.close();
+        }
+    }
+    catch (err) {
+        if (err.code === "ENOENT")
+            return null;
+        throw err;
+    }
+}
+async function writeInstallFile(target, body) {
+    const parent = await openSafeParentDirectory(skillsDir(), target);
+    let handle = null;
+    try {
+        handle = await open(childCreatePath(parent, dirname(target), basename(target)), constants.O_WRONLY | constants.O_CREAT | constants.O_EXCL | constants.O_NOFOLLOW, 0o600);
+        await writeAll(handle, body);
+    }
+    finally {
+        await handle?.close();
+        await parent.close();
+    }
+}
+async function openSafeParentDirectory(root, target) {
+    await ensureSafeParentDirectory(root, target);
+    return open(dirname(target), constants.O_RDONLY | constants.O_DIRECTORY | constants.O_NOFOLLOW);
+}
+function childCreatePath(parent, fallbackParent, name) {
+    if (process.platform === "linux")
+        return `${FD_PATH_ROOT}/${parent.fd}/${name}`;
+    return join(resolve(fallbackParent), name);
+}
+async function writeAll(handle, body) {
+    const buffer = Buffer.from(body, "utf8");
+    let offset = 0;
+    while (offset < buffer.length) {
+        const result = await handle.write(buffer, offset, buffer.length - offset, offset);
+        if (result.bytesWritten === 0)
+            throw new Error("failed to write local skill file");
+        offset += result.bytesWritten;
+    }
+}
+async function ensureSafeParentDirectory(root, target) {
+    const resolvedRoot = resolve(root);
+    const resolvedParent = resolve(dirname(target));
+    const relativeParent = relative(resolvedRoot, resolvedParent);
+    if (relativeParent === ".." || relativeParent.startsWith(`..${sep}`) || isAbsolute(relativeParent)) {
+        throw new Error("Invalid skill target path");
+    }
+    await mkdir(resolvedRoot, { recursive: true, mode: 0o700 });
+    await assertSafeDirectory(resolvedRoot);
+    if (!relativeParent || relativeParent === ".")
+        return;
+    let current = resolvedRoot;
+    for (const segment of relativeParent.split(sep).filter(Boolean)) {
+        current = join(current, segment);
+        try {
+            await assertSafeDirectory(current);
+        }
+        catch (err) {
+            if (err.code !== "ENOENT")
+                throw err;
+            await mkdir(current, { mode: 0o700 });
+            await assertSafeDirectory(current);
+        }
+    }
+}
+async function assertSafeDirectory(path) {
+    const stat = await lstat(path);
+    if (stat.isSymbolicLink()) {
+        const err = new Error("path contains a symbolic link");
+        err.code = "ELOOP";
+        throw err;
+    }
+    if (!stat.isDirectory()) {
+        const err = new Error("path is blocked by an existing local file or directory");
+        err.code = "ENOTDIR";
+        throw err;
+    }
+}

package/dist/tools/libraries.js ADDED Viewed

@@ -0,0 +1,28 @@
+import { apiUrlFromConfig, readConfig, DEFAULT_API_URL } from "../lib/config.js";
+import { deleteRequest, getJson, postJson, putJson } from "../lib/api.js";
+export async function listLibraries() {
+    const cfg = await readConfig();
+    const apiUrl = cfg ? apiUrlFromConfig(cfg) : (process.env.FLOOM_API_URL ?? DEFAULT_API_URL).replace(/\/$/, "");
+    return await getJson(`${apiUrl}/api/v1/libraries`, cfg?.accessToken);
+}
+export async function subscribeLibrary(slug) {
+    const cfg = await readConfig();
+    if (!cfg)
+        throw new Error("Not signed in. Run `floom login` first.");
+    const apiUrl = apiUrlFromConfig(cfg);
+    return await postJson(`${apiUrl}/api/v1/me/subscriptions`, cfg.accessToken, { library_slug: slug });
+}
+export async function unsubscribeLibrary(slug) {
+    const cfg = await readConfig();
+    if (!cfg)
+        throw new Error("Not signed in. Run `floom login` first.");
+    const apiUrl = apiUrlFromConfig(cfg);
+    return await deleteRequest(`${apiUrl}/api/v1/me/subscriptions/${encodeURIComponent(slug)}`, cfg.accessToken);
+}
+export async function moveSkill(slug, folder, tags) {
+    const cfg = await readConfig();
+    if (!cfg)
+        throw new Error("Not signed in. Run `floom login` first.");
+    const apiUrl = apiUrlFromConfig(cfg);
+    return await putJson(`${apiUrl}/api/v1/me/skills/${encodeURIComponent(slug)}/override`, cfg.accessToken, { folder, tags });
+}

package/dist/tools/publish.js ADDED Viewed

@@ -0,0 +1,24 @@
+import { apiUrlFromConfig, readConfig } from "../lib/config.js";
+import { postJson } from "../lib/api.js";
+export async function publishSkill(name, content, description, visibility = "unlisted", assetType = "skill", installsAs = "claude_skill", version) {
+    const cfg = await readConfig();
+    if (!cfg)
+        throw new Error("Not signed in. Run `floom login` first.");
+    const apiUrl = apiUrlFromConfig(cfg);
+    const data = await postJson(`${apiUrl}/api/skills`, cfg.accessToken, {
+        title: name,
+        description: description ?? null,
+        body_md: content,
+        visibility,
+        asset_type: assetType,
+        source: "markdown",
+        installs_as: installsAs,
+        version: version ?? null,
+        published_via: "mcp",
+    });
+    return {
+        slug: data.slug,
+        url: data.url ?? `${apiUrl}/s/${data.slug}.md`,
+        ...(data.version ? { version: data.version } : {}),
+    };
+}

package/package.json ADDED Viewed

@@ -0,0 +1,45 @@
+{
+  "name": "@floomhq/floom-mcp-sync",
+  "version": "1.0.0",
+  "description": "Lightweight Floom MCP server for installing, publishing, and startup-syncing skills.",
+  "license": "MIT",
+  "type": "module",
+  "bin": {
+    "floom-mcp-sync": "bin/floom-mcp-sync.js"
+  },
+  "files": [
+    "bin",
+    "dist",
+    "README.md",
+    "LICENSE"
+  ],
+  "engines": {
+    "node": ">=20"
+  },
+  "scripts": {
+    "build": "tsc",
+    "test": "npm run build && node --test test/*.mjs",
+    "pack:check": "npm pack --dry-run",
+    "prepack": "npm run build",
+    "prepublishOnly": "npm run build"
+  },
+  "dependencies": {},
+  "devDependencies": {
+    "@types/node": "22.10.5",
+    "typescript": "5.7.3"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/floomhq/floom.git",
+    "directory": "mcp-sync"
+  },
+  "keywords": [
+    "floom",
+    "mcp",
+    "claude",
+    "skills"
+  ]
+}