npm - @genlobe/mcp-server - Versions diffs - 2.2.0 → 3.1.1 - Mend

@genlobe/mcp-server 2.2.0 → 3.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/README.md CHANGED Viewed

@@ -1,116 +1,193 @@
----
-noteId: "5546f5b00e1211f1bab5dd288af14df6"
-tags: []
----
-# 🔌 MCP Server for Multi-tenant SaaS API
-## What is this?
-This is a **documentation SDK for tenants**. Tenants (developers who build on top of this platform) install this MCP server in their AI-enabled IDEs (GitHub Copilot, Cursor, Claude, etc.) so their AI coding assistants can understand and consume the **end-user API** when building frontend applications for their customers (end-users).
-**In short:** Tenant installs MCP → AI assistant learns the API → AI helps build the tenant's app faster.
-This server documents ONLY the **end-user facing endpoints** (API Key + JWT auth). It does NOT document tenant dashboard or admin endpoints, as those are not relevant when building end-user frontends.
-## ⚠️ Important: Two Types of Endpoints
-This API has **TWO types of endpoints**:
-1. **Tenant/Dashboard endpoints** (`/v1/tenant-auth/*`, `/v1/dashboard/*`)
-   - For tenant admins managing their SaaS account
-   - Uses JWT from tenant login
-   - **NOT for end-user frontends — NOT documented by this MCP**
-2. **End-user endpoints** (`/v1/auth/*`, `/v1/organizations/*`, `/v1/users/*`, etc.)
-   - For building frontend applications that serve the tenant's customers
-   - Uses API Key (`X-API-Key`) + User JWT
-   - **USE THESE for end-user frontends — documented by this MCP**
-## 🚀 Installation
-Add this to your project's `.vscode/mcp.json`:
-```json
-{
-  "servers": {
-    "multiagent": {
-      "command": "npx",
-      "args": ["-y", "https://api.your-domain.com/static/mcp-server.tgz"],
-      "env": {
-        "SAAS_API_URL": "https://api.your-domain.com"
-      }
-    }
-  }
-}
-```
-Restart VS Code and you're ready!
----
-## 🛠️ Available Tools
-| Tool | Description |
-|------|-------------|
-| `get_api_overview` | High-level API architecture overview |
-| `get_end_user_endpoints` | Detailed documentation for end-user endpoints |
-| `get_request_headers` | Required HTTP headers for API requests |
-| `get_sdk_template` | Complete TypeScript SDK template |
-| `get_authentication_flow` | Step-by-step auth implementation guide |
-| `get_common_patterns` | Best practices for frontend development |
-| `search_endpoints` | Search endpoints by keyword |
-| `get_endpoint_details` | Get details of a specific endpoint |
-| `get_openapi_spec` | Full OpenAPI specification from live API |
----
-## 📋 Quick Start for AI Assistants
-When building a frontend for end-users:
-1. **Call `get_api_overview`** first to understand the architecture
-2. **Call `get_authentication_flow`** to implement login/register
-3. **Call `get_end_user_endpoints`** to see all available endpoints
-4. **Call `get_sdk_template`** to get a ready-to-use API client
----
-## 📦 Local Development
-```bash
-cd mcp-server
-npm install
-npm run build
-npm pack  # Creates .tgz package
-```
----
-## 📊 End-User Endpoint Coverage
-Categories currently documented in `get_end_user_endpoints`:
-| Category | Routes | Status |
-|----------|--------|--------|
-| `authentication` | `/v1/auth/*` | ✅ Complete |
-| `organizations` | `/v1/organizations/*` (incl. subscription, usage, members) | ✅ Complete |
-| `subscriptions` | `/v1/subscriptions/*` | ✅ Complete |
-| `billing` | `/v1/billing/*` | ✅ Complete |
-| `plans` | `/v1/plans/*` | ✅ Complete |
-| `agents` | `/v1/user/agents/*` | ✅ Complete |
-| `users` | `/v1/users/*` | ✅ Complete |
-| `usage` | `/v1/api/usage/*`, `/v1/usage/*` | ✅ Complete |
-| `entities` | `/v1/entity/schemas/*`, `/v1/entity/records/*` | ✅ Complete |
-| `departments` | `/v1/departments/*` | ✅ Complete |
-| `ai` | `/v1/ai/completions` | ✅ Complete |
----
-## 🔧 Environment Variables
-| Variable | Description | Required |
-|----------|-------------|----------|
-| `SAAS_API_URL` | API base URL | Yes |
-| `SAAS_API_KEY` | API Key for accessing protected docs | No |
+# Genlobe MCP Server
+A Model Context Protocol (MCP) server that turns AI-enabled IDEs (Cursor, Claude Code, GitHub Copilot, Windsurf, etc.) into informed Genlobe API clients. The server hands the assistant up-to-date API docs, ready-to-use SDK templates, security guidance, and stack recommendations — so when a developer says *"build me a login screen"* or *"add a checkout flow"*, the assistant doesn't hallucinate endpoints.
+[![npm version](https://img.shields.io/npm/v/@genlobe/mcp-server.svg)](https://www.npmjs.com/package/@genlobe/mcp-server)
+[![Node](https://img.shields.io/node/v/@genlobe/mcp-server.svg)](https://nodejs.org)
+---
+## Two API surfaces — read this before installing
+The Genlobe API exposes **two separate sets of endpoints**, and this MCP only documents one of them:
+| Surface | Path prefix | Auth | Audience | Documented by this MCP? |
+|---|---|---|---|---|
+| **End-user API** | `/v1/auth/*`, `/v1/agents/*`, `/v1/organizations/*`, `/v1/external-agents/*`, … | `X-API-Key` + end-user JWT | What you build *for your customers* | ✅ Yes — this is what AI assistants need |
+| **Tenant/Dashboard API** | `/v1/tenant-auth/*`, `/v1/dashboard/*` | Tenant member JWT | Internal tenant-admin dashboard | ❌ No — intentionally excluded |
+**If your assistant ever suggests calling `/v1/dashboard/...` or `/v1/tenant-auth/...` from your end-user frontend, it's wrong.** The MCP server never returns those paths; that's by design.
+---
+## Install
+Pick the snippet that matches your IDE.
+### Cursor / Claude Code / Windsurf (`.vscode/mcp.json` or equivalent)
+```json
+{
+  "servers": {
+    "genlobe": {
+      "command": "npx",
+      "args": ["-y", "@genlobe/mcp-server"],
+      "env": {
+        "SAAS_API_URL": "https://api-core.genlobe.ai",
+        "SAAS_API_KEY": "pk_live_or_sk_live_xxx"
+      }
+    }
+  }
+}
+```
+### Claude Desktop (`claude_desktop_config.json`)
+```json
+{
+  "mcpServers": {
+    "genlobe": {
+      "command": "npx",
+      "args": ["-y", "@genlobe/mcp-server"],
+      "env": {
+        "SAAS_API_URL": "https://api-core.genlobe.ai",
+        "SAAS_API_KEY": "pk_live_or_sk_live_xxx"
+      }
+    }
+  }
+}
+```
+Restart the IDE and the `genlobe` server will show up in the MCP server list.
+> The package is published as `@genlobe/mcp-server` on the public npm registry; `npx -y` always pulls the latest version unless you pin one (`@genlobe/mcp-server@3.1.0`).
+---
+## Environment variables
+| Variable | Required | What it's for |
+|---|---|---|
+| `SAAS_API_URL` | yes | Base URL of the Genlobe API. Use **`https://api-core.genlobe.ai`** in production. |
+| `SAAS_API_KEY` | optional | Tenant API key. **Optional** for documentation tools, **required** for the live tools that actually call the API (`validate_credentials`, `list_end_users`, `list_oauth_providers`, `get_openapi_spec` against protected paths). Accepts both `pk_live_*` (public) and `sk_live_*` (secret). |
+`API_URL` and `API_KEY` (without the `SAAS_` prefix) are accepted as aliases for backward compatibility.
+> If `SAAS_API_URL` is not set, the server falls back to `http://localhost:8001` — useful only if you're running the Genlobe backend yourself in development (see [Local development](#local-development) below). For any normal install from npm, set `SAAS_API_URL` explicitly.
+---
+## Tools
+The server exposes 14 tools. They split into three categories:
+### Documentation tools (offline, no API key needed)
+| Tool | What it returns |
+|---|---|
+| `get_api_overview` | High-level architecture: the two API surfaces, auth model, key concepts, recommended call order. **Start here.** |
+| `get_end_user_endpoints` | Detailed reference for every end-user endpoint, optionally filtered by category (`authentication`, `organizations`, `subscriptions`, `billing`, `usage`, `agents`, `users`, `plans`, `ai`, `entities`, `departments`, `files`, `external_agents`). |
+| `get_request_headers` | The exact HTTP headers required for end-user requests, with examples (`X-API-Key`, `Authorization: Bearer …`, `Content-Type`, etc.). |
+| `get_authentication_flow` | Step-by-step guide for register → login → refresh → logout, including token storage rules and refresh-on-401 patterns. |
+| `get_common_patterns` | Frontend implementation patterns: pagination, error handling, optimistic updates, file upload, RAG queries, agent execution. |
+| `get_sdk_template` | A ready-to-paste TypeScript SDK module (`fetch`-based, typed) covering auth, agents, organizations, files, billing. |
+| `search_endpoints` | Keyword search across path, summary, and description (e.g. `"login"`, `"organization"`, `"checkout"`). |
+| `get_endpoint_details` | Full request/response schema of a specific `(method, path)`. |
+### Live tools (require `SAAS_API_KEY`)
+| Tool | What it does |
+|---|---|
+| `validate_credentials` | Probes the API with the configured key. Reports the detected key type (`pk_live_*` vs `sk_live_*`), masked prefix, success/failure of a sample call, and the resolved API URL. **Run this first in any session.** |
+| `get_openapi_spec` | Fetches the live `/v1/openapi.json` from the configured `SAAS_API_URL`. Reflects the deployed version of the API exactly. |
+| `list_end_users` | `GET /v1/auth/users` — paginated list of end-users in the tenant. Requires `sk_live_*`. |
+| `list_oauth_providers` | Lists the OAuth providers (Google, …) the tenant has enabled for end-user social login. Friendly empty-state when none are configured. |
+### Security & architecture tools (key-aware, work without making calls)
+| Tool | What it does |
+|---|---|
+| `get_security_guide` | Returns a key-type-specific safe-usage cheat sheet. For `pk_live_*`: the allowed endpoints and the "may be exposed in browser bundles" rule. For `sk_live_*`: leak vectors (frontend bundle, repo, client logs) and the server-only architecture pattern. |
+| `recommend_stack` | Given an `app_type` (`frontend_only`, `fullstack`, `backend_service`, `mobile_app`, `cli_tool`, `desktop_app`) plus the detected key type, returns a framework recommendation that *physically prevents the key from leaking*. Covers Next.js (App Router), Remix, SvelteKit, Nuxt, Astro for fullstack+secret; appropriate alternatives for the other shapes. |
+---
+## Recommended call order for AI assistants
+This is also what the startup banner of the server prints:
+```
+1. validate_credentials       → confirm SAAS_API_KEY works, learn its type
+2. get_security_guide         → know what you can and can't do with that key
+3. recommend_stack            → pick a framework that won't leak the key
+4. get_api_overview           → understand the API at a high level
+5. get_authentication_flow    → wire up register / login / refresh
+6. get_end_user_endpoints     → see what's available for the feature you're building
+7. get_sdk_template           → start writing real code
+```
+For *targeted* questions ("how do I list organizations?"), `search_endpoints` + `get_endpoint_details` is faster than scrolling through `get_end_user_endpoints`.
+---
+## Local development
+```bash
+cd mcp-server
+npm install
+npm run build      # tsc → dist/
+npm run dev        # tsx, hot-reload
+npm pack           # build a local .tgz to test in your IDE before publishing
+```
+To point your IDE at a local build instead of npm:
+```json
+{
+  "servers": {
+    "genlobe-local": {
+      "command": "node",
+      "args": ["/absolute/path/to/mcp-server/dist/index.js"],
+      "env": {
+        "SAAS_API_URL": "http://localhost:8001",
+        "SAAS_API_KEY": "pk_live_xxx"
+      }
+    }
+  }
+}
+```
+---
+## Releasing a new version
+The MCP version follows semver and is bumped independently of the backend API:
+- **patch** — bug fix in a tool's behavior, doc correction
+- **minor** — new tool, new optional field, new env var with a default
+- **major** — tool removed/renamed, env var removed, breaking change in returned shape
+Publish flow (works around the subtree quirk where `npm version` doesn't always commit cleanly):
+```bash
+cd mcp-server
+# 1. Move CHANGELOG [Unreleased] section under the new version header.
+# 2. Bump versions without letting npm touch git:
+npm version <patch|minor|major> --no-git-tag-version
+# 3. One commit + one tag, both intentional:
+git add package.json package-lock.json CHANGELOG.md
+git commit -m "chore(mcp): release vX.Y.Z"
+git tag -a vX.Y.Z -m "@genlobe/mcp-server vX.Y.Z"
+# 4. Publish (prepublishOnly runs `tsc` automatically):
+npm publish --access public
+# 5. Push commit + tag:
+git push origin main && git push origin vX.Y.Z
+```
+The CI workflow `.github/workflows/publish-mcp.yml` automates steps 4–5 when you push a `mcp-v*` tag (see [Automated publishing](#automated-publishing) below).
+---
+## License
+MIT — see [package.json](./package.json).

package/dist/index.d.ts CHANGED Viewed

@@ -13,7 +13,7 @@
  * the End-user endpoints, NOT the Tenant/Dashboard endpoints.
  *
  * Usage:
- *   npx @multiagent/mcp-server
+ *   npx @genlobe/mcp-server
  *
  * Or configure in VS Code MCP settings with SAAS_API_URL environment variable.
  */