@getcheddar/cheddar-mcp 1.0.5 → 2.0.1

package/README.md

@@ -1,379 +1,105 @@
-# Cheddar MCP Server
+# Cheddar MCP Server (legacy API)
 
-A Model Context Protocol (MCP) server for integrating with the Cheddar Payment Platform. This server provides AI assistants with tools to generate payment integration code and manage Cheddar resources.
+Model Context Protocol server that calls the **legacy Cheddar merchant API** documented at [https://docs.getcheddar.com/](https://docs.getcheddar.com/) using **HTTP Basic** authentication (`Authorization: Basic …`).
 
-**Package:** `@getcheddar/cheddar-mcp`  
-**Version:** 1.0.5
-
----
-
-## Two Modes of Operation
-
-The MCP server works in two modes depending on whether you provide API credentials:
-
-### Mode A: Code Generation Only (No Auth Required)
-
-**Use this mode to:**
-
-- Generate integration code (React, Vue, Next.js, etc.)
-- Create checkout forms and hosted page URLs
-- Configure webhooks and validation logic
-- Get code recommendations and best practices
-
-**No API credentials needed!** These tools work out of the box:
-
-| Tool                                         | Description                                      |
-| -------------------------------------------- | ------------------------------------------------ |
-| `cheddar_checkout_generate_hosted_url`       | Generate hosted checkout page URLs               |
-| `cheddar_checkout_generate_embedded_form`    | Generate embedded checkout form code             |
-| `cheddar_checkout_generate_integration_code` | Generate complete framework-specific integration |
-| `cheddar_checkout_configure_webhook`         | Generate webhook handler code                    |
-| `cheddar_checkout_validate_webhook`          | Validate webhook signatures                      |
-
-**Quick Start (No Auth):**
+This package **does not** use `https://api.*` OAuth2 / Bearer REST.
 
-```json
-{
-  "mcpServers": {
-    "cheddar": {
-      "command": "npx",
-      "args": ["-y", "@getcheddar/cheddar-mcp@1.0.5"]
-    }
-  }
-}
-```
-
-**Example Prompt for Lovable:**
-
-```
-Create a React checkout page for my SaaS using Cheddar payments.
-- Collect customer email and name
-- Accept credit card payments securely
-- Subscribe customers to a "Pro Plan"
-- Handle errors gracefully
-
-Use cheddar_checkout_generate_integration_code with framework "react".
-```
-
----
-
-### Mode B: Full API Access (Auth Required)
-
-**Use this mode to:**
-
-- Query actual customer data from your Cheddar account
-- Create and update customers, subscriptions, payment methods
-- Manage billing and plan changes
-- Access real-time subscription status
-
-**Requires Cheddar API credentials.** These tools need authentication:
-
-| Tool                           | Description                        |
-| ------------------------------ | ---------------------------------- |
-| `cheddar_customer_get`         | Retrieve customer by ID or code    |
-| `cheddar_customer_create`      | Create a new customer              |
-| `cheddar_customer_update`      | Update customer information        |
-| `cheddar_payment_method_get`   | Retrieve payment method by ID      |
-| `cheddar_payment_token_create` | Tokenize card data (PCI-compliant) |
-| `cheddar_subscription_get`     | Retrieve subscription details      |
-| `cheddar_plan_get`             | Retrieve plan information          |
+**Package:** `@getcheddar/cheddar-mcp`  
+**Version:** 2.0.1
 
-**Setup with Auth:**
+## Requirements
 
-1. **Sign up for Cheddar:** https://getcheddar.com/signup
-2. **Get your credentials:**
-   - **Username:** Your Cheddar account email
-   - **Secret Key:** Top navbar → Configuration → Product Settings → Secret Key
+- Node.js **18+**
+- The **origin that serves legacy `/xml/…` routes** for your product (see [CHEDDAR_BASE_URL](#cheddar_base_url) below — it is **not** always the same host as hosted **ChargeVault** checkout pages).
+- **Product code** (`productCode` in URLs)
+- An **authorized user email** and **password** *or* the product **API key** (“secret key” from Configuration → Settings) as the Basic password ([auth docs](https://docs.getcheddar.com/#authentication))
 
-3. **Configure MCP:**
+## CHEDDAR_BASE_URL
 
-```json
-{
-  "mcpServers": {
-    "cheddar": {
-      "command": "npx",
-      "args": ["-y", "@getcheddar/cheddar-mcp@1.0.5"],
-      "env": {
-        "CHEDDAR_API_URL": "https://api.getcheddar.com",
-        "CHEDDAR_USERNAME": "your-email@example.com",
-        "CHEDDAR_SECRET_KEY": "your-secret-key-here"
-      }
-    }
-  }
-}
-```
+The MCP calls paths such as **`/xml/plans/get/productCode/{productCode}`** on whatever origin you set.
 
-**Alternative: OAuth2 Access Token**
+- **GetCheddar cloud** products often serve the legacy XML API from **`https://getcheddar.com`**, while **hosted signup / checkout** may live on **`https://{subdomain}.chargevault.com`**. Using only the ChargeVault host can return **404** for `/xml/…` because that host is for **hosted pages**, not the full legacy app.
+- **Self-hosted** Cheddar may use your own domain (the same origin you use in the browser for product admin and legacy XML).
 
-If you have an OAuth2 access token instead:
+**How to verify:** with your credentials, `GET {CHEDDAR_BASE_URL}/xml/plans/get/productCode/{CHEDDAR_PRODUCT_CODE}` should return **200** and XML (or JSON if supported), not an HTML error page. On startup the server runs this check unless `CHEDDAR_SKIP_PREFLIGHT=1`.
 
-```json
-{
-  "mcpServers": {
-    "cheddar": {
-      "command": "npx",
-      "args": ["-y", "@getcheddar/cheddar-mcp@1.0.5"],
-      "env": {
-        "CHEDDAR_API_URL": "https://api.getcheddar.com",
-        "CHEDDAR_ACCESS_TOKEN": "your-oauth2-access-token"
-      }
-    }
-  }
-}
-```
+## Environment variables
 
-**Example Prompt with Auth:**
+| Variable | Required | Description |
+|----------|----------|-------------|
+| `CHEDDAR_BASE_URL` | **Yes** | Origin where **`/xml/…`** is available, no trailing slash (often `https://getcheddar.com` for cloud; use your real API host if self-hosted). |
+| `CHEDDAR_PRODUCT_CODE` | **Yes** | Your product’s `productCode` segment in legacy URLs. |
+| `CHEDDAR_USERNAME` | **Yes** | Email of an API-enabled user on that product. |
+| `CHEDDAR_PASSWORD` | One of | That user’s login password. |
+| `CHEDDAR_PRODUCT_API_KEY` | One of | Product secret key from admin settings; used as Basic **password** if `CHEDDAR_PASSWORD` is unset. |
+| `CHEDDAR_SKIP_PREFLIGHT` | No | If set to `1`, skip startup `GET /xml/plans/get/...` check. |
 
-```
-Get customer details for customer code "cust_12345" and show me their subscription status and payment methods.
+## Install & run
 
-Use cheddar_customer_get, then cheddar_subscription_get and cheddar_payment_method_get.
+```bash
+cd packages/cheddar-mcp
+npm install
+npm run build
 ```
 
----
-
-## Configuration Reference
-
-| Variable               | Mode      | Description                                              |
-| ---------------------- | --------- | -------------------------------------------------------- |
-| `CHEDDAR_API_URL`      | Auth only | REST API base URL. Default: `https://api.getcheddar.com` |
-| `CHEDDAR_USERNAME`     | Auth only | Your Cheddar account email address                       |
-| `CHEDDAR_SECRET_KEY`   | Auth only | Secret Key from Product Settings                         |
-| `CHEDDAR_ACCESS_TOKEN` | Auth only | OAuth2 Bearer token (alternative to username/secret)     |
-
-**Note:** If no auth credentials are provided, the server runs in **code generation mode only** and will return clear error messages if you try to use data access tools.
-
----
-
-## Usage with Claude Desktop
-
-Add to your Claude Desktop configuration:
-
-**For code generation (no auth):**
+```bash
+export CHEDDAR_BASE_URL=https://getcheddar.com
+export CHEDDAR_PRODUCT_CODE=YOUR_PRODUCT_CODE
+export CHEDDAR_USERNAME=api-user@example.com
+export CHEDDAR_PRODUCT_API_KEY=your_secret_key
 
-```json
-{
-  "mcpServers": {
-    "cheddar": {
-      "command": "npx",
-      "args": ["-y", "@getcheddar/cheddar-mcp@1.0.5"]
-    }
-  }
-}
+npm run start
+# or: node dist/index.js
 ```
 
-**For full API access (with auth):**
+Or with `npx` after publish:
 
-```json
-{
-  "mcpServers": {
-    "cheddar": {
-      "command": "npx",
-      "args": ["-y", "@getcheddar/cheddar-mcp@1.0.5"],
-      "env": {
-        "CHEDDAR_API_URL": "https://api.getcheddar.com",
-        "CHEDDAR_USERNAME": "your-email@example.com",
-        "CHEDDAR_SECRET_KEY": "your-secret-key"
-      }
-    }
-  }
-}
+```bash
+npx -y @getcheddar/cheddar-mcp
 ```
 
----
-
-## Usage with Cursor
-
-1. Open Cursor Settings
-2. Navigate to **Features → MCP**
-3. Add a new MCP server:
-
-**For code generation:**
-
-- **Name:** `cheddar`
-- **Command:** `npx`
-- **Arguments:** `-y`, `@getcheddar/cheddar-mcp@1.0.5`
-
-**For full API access:**
-
-- **Name:** `cheddar`
-- **Command:** `npx`
-- **Arguments:** `-y`, `@getcheddar/cheddar-mcp@1.0.5`
-- **Environment:** Set `CHEDDAR_USERNAME` and `CHEDDAR_SECRET_KEY`
-
----
-
-## Usage with Lovable.dev
-
-### Step 1: Get Credentials (for full API access, optional)
+## Tools
 
-1. Sign up at https://getcheddar.com/signup
-2. Configure your product
-3. Get your Secret Key: Top navbar → Configuration → Product Settings → Secret Key
+| Tool | Legacy endpoint (conceptually) |
+|------|--------------------------------|
+| `cheddar_customer_get` | `GET /xml/customers/get/productCode/.../code/…` or `/id/…` |
+| `cheddar_customers_search` | `GET /xml/customers/search/productCode/...` (requests `format=json` when supported) |
+| `cheddar_customer_create` | `POST /xml/customers/new/productCode/...` (form body) |
+| `cheddar_customer_update` | `POST /xml/customers/edit/productCode/.../code/...` |
+| `cheddar_plans_get` | `GET /xml/plans/get/productCode/...` (optional `planCode`) |
 
-### Step 2: Configure MCP in Lovable
+Responses are returned as **JSON text**: XML from the API is parsed to a plain object where possible.
 
-Add to your Lovable project configuration:
+## Claude Desktop example
 
-**Option 1: Code Generation Only (Recommended for starters)**
+**Recommended:** `npx` (no local build path):
 
 ```json
 {
   "mcpServers": {
     "cheddar": {
       "command": "npx",
-      "args": ["-y", "@getcheddar/cheddar-mcp@1.0.5"]
-    }
-  }
-}
-```
-
-**Option 2: Full API Access**
-
-```json
-{
-  "mcpServers": {
-    "cheddar": {
-      "command": "npx",
-      "args": ["-y", "@getcheddar/cheddar-mcp@1.0.5"],
+      "args": ["-y", "@getcheddar/cheddar-mcp"],
       "env": {
-        "CHEDDAR_API_URL": "https://api.getcheddar.com",
-        "CHEDDAR_USERNAME": "your-email@example.com",
-        "CHEDDAR_SECRET_KEY": "your-secret-key"
+        "CHEDDAR_BASE_URL": "https://getcheddar.com",
+        "CHEDDAR_PRODUCT_CODE": "YOUR_PRODUCT_CODE",
+        "CHEDDAR_USERNAME": "api-user@example.com",
+        "CHEDDAR_PRODUCT_API_KEY": "your_secret_key"
       }
     }
   }
 }
 ```
 
-### Step 3: Try These Prompts
-
-**For code generation (no auth needed):**
-
-```
-Create a complete payment integration for my React app:
-1. A pricing page with 3 tiers (Basic, Pro, Enterprise)
-2. Checkout flow using Cheddar's embedded form
-3. Webhook handler for subscription events
-4. Use Tailwind CSS for styling
-
-Start with cheddar_checkout_generate_integration_code.
-```
-
-**For data access (requires auth):**
-
-```
-Build a customer dashboard showing:
-- Customer profile from Cheddar
-- Current subscription plan
-- Payment methods on file
-- Recent invoices
-
-Use cheddar_customer_get and related tools.
-```
-
----
-
-## Testing
-
-### Sandbox Environment
-
-Use the sandbox for testing before going live:
-
-```json
-{
-  "env": {
-    "CHEDDAR_API_URL": "https://sandbox.getcheddar.com",
-    "CHEDDAR_USERNAME": "your-sandbox-email",
-    "CHEDDAR_SECRET_KEY": "your-sandbox-secret"
-  }
-}
-```
-
-### Test Card Numbers
-
-- `4111111111111111` - Visa (success)
-- `4000000000000002` - Declined
-
----
-
-## Complete Tool Reference
-
-### Code Generation Tools (No Auth Required)
-
-| Tool                                         | Description                                  |
-| -------------------------------------------- | -------------------------------------------- |
-| `cheddar_checkout_generate_hosted_url`       | Generate hosted checkout page URLs           |
-| `cheddar_checkout_generate_embedded_form`    | Generate embedded checkout form code         |
-| `cheddar_checkout_generate_integration_code` | Generate framework-specific integration code |
-| `cheddar_checkout_configure_webhook`         | Generate webhook handler code                |
-| `cheddar_checkout_validate_webhook`          | Validate webhook signatures                  |
-
-### Data Access Tools (Auth Required)
-
-| Tool                                         | Description                              |
-| -------------------------------------------- | ---------------------------------------- |
-| `cheddar_customer_get`                       | Retrieve a customer by ID or code        |
-| `cheddar_customer_create`                    | Create a new customer                    |
-| `cheddar_customer_update`                    | Update customer information              |
-| `cheddar_payment_method_get`                 | Retrieve a payment method by ID          |
-| `cheddar_payment_method_get_customer`        | Get customer from payment method         |
-| `cheddar_payment_method_get_gateway_account` | Get gateway account for payment method   |
-| `cheddar_payment_token_create`               | Tokenize card data (PCI-compliant)       |
-| `cheddar_payment_method_add_to_customer`     | Add tokenized payment method to customer |
-| `cheddar_subscription_get`                   | Retrieve subscription by ID              |
-| `cheddar_subscription_get_customer`          | Get customer from subscription           |
-| `cheddar_subscription_get_plan`              | Get plan from subscription               |
-| `cheddar_subscription_get_payment_method`    | Get payment method from subscription     |
-| `cheddar_subscription_delete_promotion`      | Remove promotion from subscription       |
-| `cheddar_plan_get`                           | Retrieve plan by ID or code              |
-| `cheddar_gateway_account_get`                | Get gateway account details              |
-
----
-
-## Docker Usage
-
-Build and run with Docker:
-
-```bash
-# Build
-docker build -t cheddar-mcp ./packages/cheddar-mcp
-
-# Run (code generation only)
-docker run -i --rm cheddar-mcp
-
-# Run with auth
-docker run -i --rm \
-  -e CHEDDAR_API_URL=https://api.getcheddar.com \
-  -e CHEDDAR_USERNAME=your-email \
-  -e CHEDDAR_SECRET_KEY=your-secret \
-  cheddar-mcp
-```
-
----
+**Local dev:** point `command` / `args` at `node` and `./dist/index.js` (or `bin/cheddar-mcp.mjs`) under this package after `npm run build`.
 
 ## Development
 
 ```bash
-# Clone the repository
-git clone https://github.com/chdr/cheddar-ai-tools.git
-cd cheddar-ai-tools/packages/cheddar-mcp
-
-# Install dependencies
-npm install
-
-# Build
 npm run build
-
-# Run in development mode
-npm run dev
-
-# Test
 npm test
 ```
 
----
-
 ## License
 
 MIT © Cheddar (chdr)

package/bin/cheddar-mcp.mjs

@@ -0,0 +1,5 @@
+#!/usr/bin/env node
+/**
+ * CLI entry for npm `bin` (stable path). npm 10+ may reject `bin` pointing at build output under `dist/`.
+ */
+import "../dist/index.js";

package/dist/core.d.ts

@@ -0,0 +1,17 @@
+import { Server } from "@modelcontextprotocol/sdk/server/index.js";
+import { LegacyCheddarClient } from "./lib/legacy-client.js";
+/** Keep in sync with package.json version. */
+export declare const MCP_PACKAGE_VERSION = "2.0.1";
+export type CheddarEnv = {
+    baseUrl: string;
+    productCode: string;
+    username: string;
+    password: string;
+};
+export declare function loadCheddarEnv(): CheddarEnv;
+export declare function createCheddarMcpServer(version: string): {
+    server: Server;
+    client: LegacyCheddarClient;
+};
+export declare function runPreflight(client: LegacyCheddarClient): Promise<void>;
+//# sourceMappingURL=core.d.ts.map

package/dist/core.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"core.d.ts","sourceRoot":"","sources":["../src/core.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,2CAA2C,CAAC;AAMnE,OAAO,EAAkB,mBAAmB,EAAE,MAAM,wBAAwB,CAAC;AAI7E,8CAA8C;AAC9C,eAAO,MAAM,mBAAmB,UAAU,CAAC;AAE3C,MAAM,MAAM,UAAU,GAAG;IACvB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;CAClB,CAAC;AAEF,wBAAgB,cAAc,IAAI,UAAU,CAc3C;AAED,wBAAgB,sBAAsB,CAAC,OAAO,EAAE,MAAM,GAAG;IACvD,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,mBAAmB,CAAC;CAC7B,CAiEA;AAED,wBAAsB,YAAY,CAAC,MAAM,EAAE,mBAAmB,GAAG,OAAO,CAAC,IAAI,CAAC,CAK7E"}

package/dist/core.js

@@ -0,0 +1,79 @@
+import { Server } from "@modelcontextprotocol/sdk/server/index.js";
+import { CallToolRequestSchema, ListToolsRequestSchema, } from "@modelcontextprotocol/sdk/types.js";
+import { LegacyApiError, LegacyCheddarClient } from "./lib/legacy-client.js";
+import { customerTools, handleCustomerTool } from "./tools/customers.js";
+import { planTools, handlePlanTool } from "./tools/plans.js";
+/** Keep in sync with package.json version. */
+export const MCP_PACKAGE_VERSION = "2.0.1";
+export function loadCheddarEnv() {
+    const baseUrl = (process.env.CHEDDAR_BASE_URL || "").replace(/\/+$/, "");
+    const productCode = process.env.CHEDDAR_PRODUCT_CODE || "";
+    const username = process.env.CHEDDAR_USERNAME || "";
+    const password = process.env.CHEDDAR_PASSWORD || process.env.CHEDDAR_PRODUCT_API_KEY || "";
+    if (!baseUrl || !productCode || !username || !password) {
+        throw new Error("Missing config. Set CHEDDAR_BASE_URL, CHEDDAR_PRODUCT_CODE, CHEDDAR_USERNAME, and CHEDDAR_PASSWORD or CHEDDAR_PRODUCT_API_KEY.");
+    }
+    return { baseUrl, productCode, username, password };
+}
+export function createCheddarMcpServer(version) {
+    const { baseUrl, productCode, username, password } = loadCheddarEnv();
+    const client = new LegacyCheddarClient({
+        baseUrl,
+        productCode,
+        username,
+        password,
+    });
+    const ALL_TOOLS = [...customerTools, ...planTools];
+    const server = new Server({
+        name: "cheddar-mcp",
+        version,
+    }, {
+        capabilities: {
+            tools: {},
+        },
+    });
+    server.setRequestHandler(ListToolsRequestSchema, async () => ({ tools: ALL_TOOLS }));
+    function toolErrorMessage(error) {
+        if (error instanceof LegacyApiError) {
+            return `Cheddar API error (HTTP ${error.status}). See server logs for details.`;
+        }
+        if (error instanceof Error) {
+            return error.message;
+        }
+        return String(error);
+    }
+    server.setRequestHandler(CallToolRequestSchema, async (request) => {
+        const { name, arguments: args } = request.params;
+        try {
+            if (name.startsWith("cheddar_customer")) {
+                return await handleCustomerTool(client, name, args);
+            }
+            if (name.startsWith("cheddar_plans_")) {
+                return await handlePlanTool(client, name, args);
+            }
+            throw new Error(`Unknown tool: ${name}`);
+        }
+        catch (error) {
+            if (error instanceof LegacyApiError) {
+                console.error("[cheddar-mcp] LegacyApiError body:", typeof error.body === "string"
+                    ? error.body.slice(0, 4000)
+                    : JSON.stringify(error.body).slice(0, 4000));
+            }
+            else {
+                console.error("[cheddar-mcp] Tool error:", error);
+            }
+            return {
+                content: [{ type: "text", text: `Error: ${toolErrorMessage(error)}` }],
+                isError: true,
+            };
+        }
+    });
+    return { server, client };
+}
+export async function runPreflight(client) {
+    if (process.env.CHEDDAR_SKIP_PREFLIGHT) {
+        return;
+    }
+    await client.ping();
+}
+//# sourceMappingURL=core.js.map

package/dist/core.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"core.js","sourceRoot":"","sources":["../src/core.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,2CAA2C,CAAC;AACnE,OAAO,EACL,qBAAqB,EACrB,sBAAsB,GAEvB,MAAM,oCAAoC,CAAC;AAC5C,OAAO,EAAE,cAAc,EAAE,mBAAmB,EAAE,MAAM,wBAAwB,CAAC;AAC7E,OAAO,EAAE,aAAa,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AACzE,OAAO,EAAE,SAAS,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAE7D,8CAA8C;AAC9C,MAAM,CAAC,MAAM,mBAAmB,GAAG,OAAO,CAAC;AAS3C,MAAM,UAAU,cAAc;IAC5B,MAAM,OAAO,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IACzE,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,EAAE,CAAC;IAC3D,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,EAAE,CAAC;IACpD,MAAM,QAAQ,GACZ,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,OAAO,CAAC,GAAG,CAAC,uBAAuB,IAAI,EAAE,CAAC;IAE5E,IAAI,CAAC,OAAO,IAAI,CAAC,WAAW,IAAI,CAAC,QAAQ,IAAI,CAAC,QAAQ,EAAE,CAAC;QACvD,MAAM,IAAI,KAAK,CACb,gIAAgI,CACjI,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,WAAW,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC;AACtD,CAAC;AAED,MAAM,UAAU,sBAAsB,CAAC,OAAe;IAIpD,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,QAAQ,EAAE,QAAQ,EAAE,GAAG,cAAc,EAAE,CAAC;IAEtE,MAAM,MAAM,GAAG,IAAI,mBAAmB,CAAC;QACrC,OAAO;QACP,WAAW;QACX,QAAQ;QACR,QAAQ;KACT,CAAC,CAAC;IAEH,MAAM,SAAS,GAAW,CAAC,GAAG,aAAa,EAAE,GAAG,SAAS,CAAC,CAAC;IAE3D,MAAM,MAAM,GAAG,IAAI,MAAM,CACvB;QACE,IAAI,EAAE,aAAa;QACnB,OAAO;KACR,EACD;QACE,YAAY,EAAE;YACZ,KAAK,EAAE,EAAE;SACV;KACF,CACF,CAAC;IAEF,MAAM,CAAC,iBAAiB,CAAC,sBAAsB,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC;IAErF,SAAS,gBAAgB,CAAC,KAAc;QACtC,IAAI,KAAK,YAAY,cAAc,EAAE,CAAC;YACpC,OAAO,2BAA2B,KAAK,CAAC,MAAM,iCAAiC,CAAC;QAClF,CAAC;QACD,IAAI,KAAK,YAAY,KAAK,EAAE,CAAC;YAC3B,OAAO,KAAK,CAAC,OAAO,CAAC;QACvB,CAAC;QACD,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC;IACvB,CAAC;IAED,MAAM,CAAC,iBAAiB,CAAC,qBAAqB,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE;QAChE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC;QACjD,IAAI,CAAC;YACH,IAAI,IAAI,CAAC,UAAU,CAAC,kBAAkB,CAAC,EAAE,CAAC;gBACxC,OAAO,MAAM,kBAAkB,CAAC,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;YACtD,CAAC;YACD,IAAI,IAAI,CAAC,UAAU,CAAC,gBAAgB,CAAC,EAAE,CAAC;gBACtC,OAAO,MAAM,cAAc,CAAC,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;YAClD,CAAC;YACD,MAAM,IAAI,KAAK,CAAC,iBAAiB,IAAI,EAAE,CAAC,CAAC;QAC3C,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,cAAc,EAAE,CAAC;gBACpC,OAAO,CAAC,KAAK,CACX,oCAAoC,EACpC,OAAO,KAAK,CAAC,IAAI,KAAK,QAAQ;oBAC5B,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC;oBAC3B,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,CAC9C,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,KAAK,CAAC,2BAA2B,EAAE,KAAK,CAAC,CAAC;YACpD,CAAC;YACD,OAAO;gBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,gBAAgB,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC;gBACtE,OAAO,EAAE,IAAI;aACd,CAAC;QACJ,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;AAC5B,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,MAA2B;IAC5D,IAAI,OAAO,CAAC,GAAG,CAAC,sBAAsB,EAAE,CAAC;QACvC,OAAO;IACT,CAAC;IACD,MAAM,MAAM,CAAC,IAAI,EAAE,CAAC;AACtB,CAAC"}

package/dist/http.d.ts

@@ -0,0 +1,6 @@
+/**
+ * MCP over Streamable HTTP + ALB-friendly GET /health (plain 200).
+ * Bind with MCP_ALLOWED_HOSTS (comma-separated hostnames) when not using 0.0.0.0 DNS-rebinding defaults.
+ */
+import "dotenv/config";
+//# sourceMappingURL=http.d.ts.map

package/dist/http.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"http.d.ts","sourceRoot":"","sources":["../src/http.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,OAAO,eAAe,CAAC"}

package/dist/http.js

@@ -0,0 +1,65 @@
+/**
+ * MCP over Streamable HTTP + ALB-friendly GET /health (plain 200).
+ * Bind with MCP_ALLOWED_HOSTS (comma-separated hostnames) when not using 0.0.0.0 DNS-rebinding defaults.
+ */
+import "dotenv/config";
+import { createMcpExpressApp } from "@modelcontextprotocol/sdk/server/express.js";
+import { StreamableHTTPServerTransport } from "@modelcontextprotocol/sdk/server/streamableHttp.js";
+import { LegacyApiError } from "./lib/legacy-client.js";
+import { createCheddarMcpServer, MCP_PACKAGE_VERSION, runPreflight, } from "./core.js";
+const MCP_PATH = (process.env.MCP_HTTP_PATH || "/mcp").replace(/\/+$/, "") || "/mcp";
+function parseAllowedHosts() {
+    const raw = process.env.MCP_ALLOWED_HOSTS?.trim();
+    if (!raw) {
+        return undefined;
+    }
+    return raw.split(",").map((h) => h.trim()).filter(Boolean);
+}
+async function main() {
+    let server;
+    let client;
+    try {
+        ({ server, client } = createCheddarMcpServer(MCP_PACKAGE_VERSION));
+    }
+    catch (e) {
+        console.error(e instanceof Error ? e.message : String(e));
+        process.exit(1);
+    }
+    try {
+        await runPreflight(client);
+    }
+    catch (err) {
+        const msg = err instanceof Error ? err.message : String(err);
+        console.error(`Cheddar legacy API preflight failed: ${msg}`);
+        if (err instanceof LegacyApiError) {
+            console.error("[cheddar-mcp] Preflight response body:", typeof err.body === "string"
+                ? err.body.slice(0, 4000)
+                : JSON.stringify(err.body).slice(0, 4000));
+        }
+        process.exit(1);
+    }
+    const allowedHosts = parseAllowedHosts();
+    const app = createMcpExpressApp(allowedHosts
+        ? { host: "0.0.0.0", allowedHosts }
+        : { host: "0.0.0.0" });
+    app.get("/health", (_req, res) => {
+        res.status(200).type("text/plain").send("ok");
+    });
+    const transport = new StreamableHTTPServerTransport({
+        sessionIdGenerator: undefined,
+    });
+    await server.connect(transport);
+    app.all(MCP_PATH, async (req, res) => {
+        await transport.handleRequest(req, res, req.body);
+    });
+    const port = Number(process.env.PORT || 3000);
+    const listenHost = process.env.MCP_HTTP_HOST || "0.0.0.0";
+    app.listen(port, listenHost, () => {
+        console.error(`Cheddar MCP Streamable HTTP on http://${listenHost}:${port}${MCP_PATH} (health: GET /health)`);
+    });
+}
+main().catch((error) => {
+    console.error("Fatal error:", error);
+    process.exit(1);
+});
+//# sourceMappingURL=http.js.map

package/dist/http.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"http.js","sourceRoot":"","sources":["../src/http.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,OAAO,eAAe,CAAC;AAEvB,OAAO,EAAE,mBAAmB,EAAE,MAAM,6CAA6C,CAAC;AAClF,OAAO,EAAE,6BAA6B,EAAE,MAAM,oDAAoD,CAAC;AACnG,OAAO,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAC;AACxD,OAAO,EACL,sBAAsB,EACtB,mBAAmB,EACnB,YAAY,GACb,MAAM,WAAW,CAAC;AAEnB,MAAM,QAAQ,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,aAAa,IAAI,MAAM,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,IAAI,MAAM,CAAC;AAErF,SAAS,iBAAiB;IACxB,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,EAAE,IAAI,EAAE,CAAC;IAClD,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,OAAO,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;AAC7D,CAAC;AAED,KAAK,UAAU,IAAI;IACjB,IAAI,MAAM,CAAC;IACX,IAAI,MAAM,CAAC;IACX,IAAI,CAAC;QACH,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,sBAAsB,CAAC,mBAAmB,CAAC,CAAC,CAAC;IACrE,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,OAAO,CAAC,KAAK,CAAC,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;QAC1D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,IAAI,CAAC;QACH,MAAM,YAAY,CAAC,MAAM,CAAC,CAAC;IAC7B,CAAC;IAAC,OAAO,GAAY,EAAE,CAAC;QACtB,MAAM,GAAG,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAC7D,OAAO,CAAC,KAAK,CAAC,wCAAwC,GAAG,EAAE,CAAC,CAAC;QAC7D,IAAI,GAAG,YAAY,cAAc,EAAE,CAAC;YAClC,OAAO,CAAC,KAAK,CACX,wCAAwC,EACxC,OAAO,GAAG,CAAC,IAAI,KAAK,QAAQ;gBAC1B,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC;gBACzB,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,CAC5C,CAAC;QACJ,CAAC;QACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,YAAY,GAAG,iBAAiB,EAAE,CAAC;IACzC,MAAM,GAAG,GAAG,mBAAmB,CAC7B,YAAY;QACV,CAAC,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,YAAY,EAAE;QACnC,CAAC,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,CACxB,CAAC;IAEF,GAAG,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC,IAAa,EAAE,GAAa,EAAE,EAAE;QAClD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAChD,CAAC,CAAC,CAAC;IAEH,MAAM,SAAS,GAAG,IAAI,6BAA6B,CAAC;QAClD,kBAAkB,EAAE,SAAS;KAC9B,CAAC,CAAC;IACH,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAEhC,GAAG,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,EAAE;QACtD,MAAM,SAAS,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;IACpD,CAAC,CAAC,CAAC;IAEH,MAAM,IAAI,GAAG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,IAAI,CAAC,CAAC;IAC9C,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,IAAI,SAAS,CAAC;IAE1D,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,UAAU,EAAE,GAAG,EAAE;QAChC,OAAO,CAAC,KAAK,CACX,yCAAyC,UAAU,IAAI,IAAI,GAAG,QAAQ,wBAAwB,CAC/F,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;IACrB,OAAO,CAAC,KAAK,CAAC,cAAc,EAAE,KAAK,CAAC,CAAC;IACrC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}

package/dist/index.d.ts

@@ -1,2 +1,2 @@
-export {};
+import "dotenv/config";
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":""}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,eAAe,CAAC"}