@hailer/mcp 1.1.12 → 1.1.14

package/dist/mcp-server.js

@@ -45,20 +45,48 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.MCPServerService = void 0;
 const express_1 = __importDefault(require("express"));
 const cors_1 = __importDefault(require("cors"));
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
 const logger_1 = require("./lib/logger");
 const config_1 = require("./config");
 const UserContextCache_1 = require("./mcp/UserContextCache");
 const tool_registry_1 = require("./mcp/tool-registry");
+const session_store_1 = require("./mcp/session-store");
 const webhook_handler_1 = require("./mcp/webhook-handler");
+const vipunen_1 = require("./plugins/vipunen");
+// Load MCP instructions for Claude App
+// Try dist/mcp/ first (production), then src/mcp/ (development)
+let mcpInstructions;
+const instructionsPaths = [
+    path.join(__dirname, 'mcp', 'instructions.md'), // dist/mcp/instructions.md
+    path.join(__dirname, '..', 'src', 'mcp', 'instructions.md'), // src/mcp/instructions.md (from dist/)
+    path.join(process.cwd(), 'src', 'mcp', 'instructions.md') // src/mcp/instructions.md (from cwd)
+];
+for (const instructionsPath of instructionsPaths) {
+    try {
+        mcpInstructions = fs.readFileSync(instructionsPath, 'utf-8');
+        break;
+    }
+    catch {
+        // Try next path
+    }
+}
 class MCPServerService {
+    static ENDPOINTS = {
+        hailer: '/api/mcp',
+        cowork: '/api/cowork/mcp',
+        vipunen: '/api/vipunen'
+    };
     app;
     server;
     logger;
     config;
-    toolRegistry; // ← Injected
+    toolRegistry;
+    appConfig;
     constructor(config) {
         this.config = config;
         this.toolRegistry = config.toolRegistry;
+        this.appConfig = (0, config_1.createApplicationConfig)();
         this.logger = (0, logger_1.createLogger)({
             component: 'mcp-server',
             service: 'hailer-mcp-server'
@@ -66,7 +94,7 @@ class MCPServerService {
         this.app = (0, express_1.default)();
         this.setupMiddleware();
         this.setupRoutes();
-        this.logger.debug('MCP Server initialized', {
+        this.logger.info('MCP Server initialized', {
             port: config.port,
             corsOrigins: config.corsOrigins
         });
@@ -114,19 +142,278 @@ class MCPServerService {
             next();
         });
     }
+    escapeHtml(s) {
+        return String(s).replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/"/g, '&quot;');
+    }
+    getBaseUrl(req) {
+        const protocol = req.headers['x-forwarded-proto'] || req.protocol || 'https';
+        const host = req.headers['x-forwarded-host'] || req.headers.host || 'localhost:3030';
+        return `${protocol}://${host}`;
+    }
     setupRoutes() {
-        const appConfig = (0, config_1.createApplicationConfig)();
         // Health check endpoint (no logging - too noisy)
         this.app.get('/health', (_, res) => {
             const health = {
                 status: 'ok',
                 timestamp: new Date().toISOString(),
                 service: 'hailer-mcp-server',
-                version: config_1.APP_VERSION
+                version: config_1.APP_VERSION,
+                endpoints: MCPServerService.ENDPOINTS
             };
             res.json(health);
         });
-        // Daemon status endpoint - monitor LLM context
+        // API prefix for Claude App / cowork endpoints
+        const API_PREFIX = '/api/cowork';
+        // OAuth 2.0 Authorization Server Metadata (RFC 8414)
+        // This tells mcp-remote where to send users for authorization
+        this.app.get('/.well-known/oauth-authorization-server', (req, res) => {
+            const baseUrl = this.getBaseUrl(req);
+            res.json({
+                issuer: baseUrl,
+                authorization_endpoint: `${baseUrl}${API_PREFIX}/oauth/authorize`,
+                token_endpoint: `${baseUrl}${API_PREFIX}/oauth/token`,
+                registration_endpoint: `${baseUrl}${API_PREFIX}/oauth/register`,
+                response_types_supported: ['code'],
+                grant_types_supported: ['authorization_code'],
+                code_challenge_methods_supported: ['S256'],
+                token_endpoint_auth_methods_supported: ['none']
+            });
+        });
+        // Dynamic Client Registration (RFC 7591)
+        // mcp-remote calls this before starting OAuth flow
+        this.app.post(`${API_PREFIX}/oauth/register`, (req, res) => {
+            const { client_name, redirect_uris } = req.body;
+            req.logger.info('OAuth client registration', { client_name, redirect_uris });
+            // Generate a client_id for this registration
+            const clientId = `mcp_client_${Date.now()}_${Math.random().toString(36).substring(2, 11)}`;
+            // Return client credentials (RFC 7591 response)
+            res.status(201).json({
+                client_id: clientId,
+                client_name: client_name || 'MCP Client',
+                redirect_uris: redirect_uris || [],
+                grant_types: ['authorization_code'],
+                response_types: ['code'],
+                token_endpoint_auth_method: 'none'
+            });
+        });
+        // OAuth Protected Resource Metadata (for MCP endpoint)
+        // Note: mcp-remote requests both /.well-known/oauth-protected-resource AND
+        // /.well-known/oauth-protected-resource{API_PREFIX}/mcp - we handle both
+        const protectedResourceHandler = (req, res) => {
+            const baseUrl = this.getBaseUrl(req);
+            res.json({
+                resource: `${baseUrl}${API_PREFIX}/mcp`,
+                authorization_servers: [baseUrl]
+            });
+        };
+        this.app.get('/.well-known/oauth-protected-resource', protectedResourceHandler);
+        this.app.get(`/.well-known/oauth-protected-resource${API_PREFIX}/mcp`, protectedResourceHandler);
+        // OAuth Authorize endpoint - redirects to Hailer login
+        // Supports both Claude Desktop native connector (redirect_uri=claude.ai) and mcp-remote (localhost)
+        this.app.get(`${API_PREFIX}/oauth/authorize`, (req, res) => {
+            const { redirect_uri, state, code_challenge, code_challenge_method, client_id } = req.query;
+            req.logger.info('OAuth authorize request', {
+                redirect_uri,
+                client_id,
+                state: state ? 'present' : 'missing',
+                code_challenge: code_challenge ? 'present' : 'missing'
+            });
+            // Store PKCE challenge AND original redirect_uri for token exchange
+            if (state) {
+                const pkceKey = `pkce_${state}`;
+                session_store_1.sessionStore.set(pkceKey, code_challenge || '', redirect_uri || '');
+            }
+            // Determine the callback URL for Hailer
+            const baseUrl = this.getBaseUrl(req);
+            const ourCallback = `${baseUrl}${API_PREFIX}/oauth/callback`;
+            // Redirect to Hailer authorization page (hash routing)
+            // The Hailer frontend will create API key and redirect back with code+state
+            const params = new URLSearchParams();
+            params.set('redirectUri', ourCallback);
+            params.set('authorizeAppName', 'Claude');
+            params.set('state', state || '');
+            // Use HAILER_APP_URL env var, default to local dev
+            const hailerAppUrl = process.env.HAILER_APP_URL || 'https://app.hailer.com';
+            const hailerAuthUrl = `${hailerAppUrl}/#/authorize/user-api-key?${params.toString()}`;
+            res.redirect(hailerAuthUrl);
+        });
+        // OAuth Token endpoint - exchanges code for access token
+        // In our flow, the "code" IS the key_id (already registered by frontend)
+        this.app.post(`${API_PREFIX}/oauth/token`, express_1.default.urlencoded({ extended: true }), (req, res) => {
+            const { grant_type, code, code_verifier, redirect_uri } = req.body;
+            req.logger.info('OAuth token request', { grant_type, hasCode: !!code });
+            if (grant_type !== 'authorization_code') {
+                return res.status(400).json({ error: 'unsupported_grant_type' });
+            }
+            if (!code) {
+                return res.status(400).json({ error: 'invalid_request', error_description: 'code is required' });
+            }
+            // The "code" from Hailer frontend is actually the key_id
+            // It was already registered via /auth/register by the frontend
+            const session = session_store_1.sessionStore.get(code);
+            if (!session) {
+                req.logger.warn('OAuth token exchange failed - session not found', { code: code.substring(0, 8) + '...' });
+                return res.status(400).json({ error: 'invalid_grant', error_description: 'Invalid or expired code' });
+            }
+            // Return the key_id as access_token (real apiKey stays in session store)
+            req.logger.info('OAuth token issued', { keyId: code.substring(0, 8) + '...' });
+            res.json({
+                access_token: code,
+                token_type: 'Bearer',
+                expires_in: 86400 // 24 hours (matches session TTL)
+            });
+        });
+        // OAuth Callback endpoint - receives code+state from Hailer frontend via GET redirect
+        // Then redirects to the original redirect_uri (Claude Desktop or mcp-remote)
+        this.app.get(`${API_PREFIX}/oauth/callback`, (req, res) => {
+            const { code, state, error } = req.query;
+            req.logger.info('OAuth callback GET', {
+                hasCode: !!code,
+                hasState: !!state,
+                error
+            });
+            if (error) {
+                req.logger.warn('OAuth callback received error', { error });
+                return res.status(400).send(`
+          <html><body>
+            <h1>Authorization Failed</h1>
+            <p>Error: ${this.escapeHtml(String(error))}</p>
+            <p>You can close this window.</p>
+          </body></html>
+        `);
+            }
+            if (!code || !state) {
+                req.logger.warn('OAuth callback missing code or state');
+                return res.status(400).send(`
+          <html><body>
+            <h1>Authorization Failed</h1>
+            <p>Missing code or state parameter</p>
+          </body></html>
+        `);
+            }
+            // Look up the original redirect_uri from PKCE storage
+            const pkceKey = `pkce_${state}`;
+            const pkceSession = session_store_1.sessionStore.get(pkceKey);
+            if (!pkceSession) {
+                req.logger.warn('OAuth callback - PKCE session not found', { state });
+                return res.status(400).send(`
+          <html><body>
+            <h1>Authorization Failed</h1>
+            <p>Session expired or invalid state</p>
+          </body></html>
+        `);
+            }
+            const originalRedirectUri = pkceSession.workspaceId; // We stored redirect_uri in workspaceId field
+            req.logger.info('OAuth callback redirecting', {
+                keyId: code.substring(0, 8) + '...',
+                redirectUri: originalRedirectUri
+            });
+            // Redirect to original redirect_uri with code and state
+            let finalUrl;
+            try {
+                finalUrl = new URL(originalRedirectUri);
+            }
+            catch {
+                req.logger.error('OAuth callback - invalid redirect_uri', { originalRedirectUri });
+                return res.status(400).send('<html><body><h1>Authorization Failed</h1><p>Invalid redirect URI.</p></body></html>');
+            }
+            finalUrl.searchParams.set('code', code);
+            finalUrl.searchParams.set('state', state);
+            res.redirect(finalUrl.toString());
+        });
+        // Legacy POST callback for backwards compatibility
+        this.app.post(`${API_PREFIX}/oauth/callback`, express_1.default.urlencoded({ extended: true }), (req, res) => {
+            req.logger.debug('OAuth callback POST body', { body: req.body });
+            const { access_token, error } = req.body;
+            if (error) {
+                return res.status(400).send(`<html><body><h1>Authorization Failed</h1><p>Error: ${this.escapeHtml(String(error))}</p></body></html>`);
+            }
+            if (!access_token) {
+                return res.status(400).send(`<html><body><h1>Authorization Failed</h1><p>Missing access token</p></body></html>`);
+            }
+            req.logger.info('OAuth callback POST received', { keyId: access_token.substring(0, 8) + '...' });
+            res.send(`
+        <html><body>
+          <h1>Authorization Successful!</h1>
+          <p>You can close this window and return to Claude.</p>
+        </body></html>
+      `);
+        });
+        // Auth register endpoint - receives key_id + api_key from Hailer frontend
+        // Called after user login to register the session mapping
+        this.app.post(`${API_PREFIX}/auth/register`, (req, res) => {
+            const { key_id, api_key, workspace_id } = req.body;
+            if (!key_id || !api_key) {
+                req.logger.warn('Auth register missing required fields', { hasKeyId: !!key_id, hasApiKey: !!api_key });
+                return res.status(400).json({ error: 'key_id and api_key are required' });
+            }
+            session_store_1.sessionStore.set(key_id, api_key, workspace_id || '');
+            req.logger.info('Auth session registered', { keyId: key_id.substring(0, 8) + '...' });
+            res.json({ status: 'ok' });
+        });
+        // Session stats endpoint (for debugging)
+        this.app.get(`${API_PREFIX}/auth/stats`, (req, res) => {
+            const adminToken = req.headers['x-admin-token'];
+            if (!adminToken || adminToken !== process.env.WEBHOOK_TOKEN) {
+                return res.status(403).json({ error: 'forbidden' });
+            }
+            res.json(session_store_1.sessionStore.getStats());
+        });
+        // ===== Bot Config Webhook API =====
+        // Get secure webhook path (auto-generated token) - null if disabled
+        const webhookPath = (0, webhook_handler_1.getWebhookPath)();
+        if (webhookPath) {
+            // POST /webhook/{token} - Receives updates from Hailer workflow webhooks
+            this.app.post(webhookPath, (req, res) => {
+                req.logger.debug('Bot config webhook received', {
+                    activityId: req.body?._id,
+                    activityName: req.body?.name,
+                    workspaceId: req.body?.cid,
+                });
+                try {
+                    const result = (0, webhook_handler_1.handleBotConfigWebhook)(req.body);
+                    if (result.success) {
+                        req.logger.debug('Bot config updated via webhook', {
+                            action: result.action,
+                            workspaceId: result.workspaceId,
+                            botType: result.botType,
+                        });
+                        res.status(200).json(result);
+                    }
+                    else {
+                        req.logger.warn('Bot config webhook failed', { error: result.error });
+                        res.status(400).json(result);
+                    }
+                }
+                catch (error) {
+                    req.logger.error('Bot config webhook error', { error });
+                    res.status(500).json({
+                        success: false,
+                        error: error instanceof Error ? error.message : 'Internal error',
+                    });
+                }
+            });
+            // GET /webhook/{token}/status - Status endpoint to see all workspace configs
+            this.app.get(`${webhookPath}/status`, (_req, res) => {
+                const configs = (0, webhook_handler_1.listWorkspaceConfigs)();
+                res.json({
+                    timestamp: new Date().toISOString(),
+                    workspaceCount: configs.length,
+                    workspaces: configs.map((c) => ({
+                        workspaceId: c.workspaceId,
+                        workspaceName: c.workspaceName,
+                        hasOrchestrator: !!c.orchestrator,
+                        specialistCount: c.specialists.length,
+                        enabledSpecialists: c.specialists.filter((s) => s.enabled).length,
+                        lastSynced: c.lastSynced,
+                    })),
+                });
+            });
+        }
+        else {
+            this.logger.debug('Webhook endpoint disabled (no WEBHOOK_TOKEN)');
+        }
+        // ===== Daemon status endpoint =====
         this.app.get('/daemon/status', (_, res) => {
             if (!this.config.getDaemonStatus) {
                 res.status(404).json({ error: 'Daemon mode not enabled' });
@@ -137,25 +424,25 @@ class MCPServerService {
                 res.status(503).json({ error: 'Daemon not running' });
                 return;
             }
-            res.json({
-                timestamp: new Date().toISOString(),
-                daemons: status
-            });
+            res.json({ timestamp: new Date().toISOString(), daemons: status });
         });
-        // MCP Protocol handler - shared by both routes
+        // ===== Hailer MCP endpoint — Direct API key auth (for Claude Code, mcp-remote, SDK) =====
+        // Restored original mcpHandler from pre-Cowork era with BOT_INTERNAL filtering and strict access control
         const mcpHandler = async (req, res, apiKeyOverride) => {
             const apiKey = apiKeyOverride || req.query.apiKey;
             req.logger.debug('MCP request received', { method: req.body?.method, apiKey: apiKey?.slice(0, 8) + '...' });
             try {
                 const mcpRequest = req.body;
+                if (!mcpRequest.params) {
+                    mcpRequest.params = {};
+                }
                 let result;
                 if (mcpRequest.method === 'tools/list') {
                     req.logger.debug('Handling tools/list request');
-                    // Get agent configuration for filtering
                     let filterConfig;
                     if (apiKey) {
                         try {
-                            const agentConfig = appConfig.getClientConfig(apiKey);
+                            const agentConfig = this.appConfig.getClientConfig(apiKey);
                             if (agentConfig.allowedTools || agentConfig.allowedGroups) {
                                 filterConfig = {
                                     allowedTools: agentConfig.allowedTools,
@@ -167,26 +454,17 @@ class MCPServerService {
                             req.logger.debug('No config found for apiKey, returning all tools');
                         }
                     }
-                    // Apply default tool group filtering
-                    // - NUCLEAR: Only if ENABLE_NUCLEAR_TOOLS=true
-                    // - BOT_INTERNAL: Only if explicitly requested via params.includeBotInternal (for daemons)
+                    // BOT_INTERNAL filtering: only include if explicitly requested (for daemons)
                     const includeBotInternal = mcpRequest.params?.includeBotInternal === true;
                     if (!filterConfig) {
-                        // No filter yet - create default excluding NUCLEAR and BOT_INTERNAL
                         filterConfig = {
                             allowedGroups: [tool_registry_1.ToolGroup.READ, tool_registry_1.ToolGroup.WRITE, tool_registry_1.ToolGroup.PLAYGROUND]
                         };
                         req.logger.debug('Using default tool filter (excludes NUCLEAR and BOT_INTERNAL)');
                     }
                     else if (filterConfig.allowedGroups) {
-                        // Filter groups - remove BOT_INTERNAL unless explicitly requested, remove NUCLEAR unless enabled
                         filterConfig.allowedGroups = filterConfig.allowedGroups.filter(g => (includeBotInternal || g !== tool_registry_1.ToolGroup.BOT_INTERNAL) &&
                             (config_1.environment.ENABLE_NUCLEAR_TOOLS || g !== tool_registry_1.ToolGroup.NUCLEAR));
-                        req.logger.debug('Filtered tool groups', {
-                            allowedGroups: filterConfig.allowedGroups,
-                            nuclearEnabled: config_1.environment.ENABLE_NUCLEAR_TOOLS,
-                            includeBotInternal
-                        });
                     }
                     result = {
                         tools: this.toolRegistry.getToolDefinitions(filterConfig)
@@ -208,10 +486,13 @@ class MCPServerService {
                     if (!apiKey) {
                         return this.sendMcpError(res, mcpRequest.id, -32602, 'API key required for tools/call', 400);
                     }
+                    if (!mcpRequest.params?.name) {
+                        return this.sendMcpError(res, mcpRequest.id, -32602, 'params.name is required', 400);
+                    }
                     const { name, arguments: args = {} } = mcpRequest.params;
                     req.logger.info('Tool call', { tool: name });
-                    // Check access control
-                    if (!this.canAccessTool(name, apiKey, appConfig)) {
+                    // Strict access control — returns false on catch (no config = no access)
+                    if (!this.canAccessToolStrict(name, apiKey)) {
                         return this.sendMcpError(res, mcpRequest.id, -32603, `Access denied to tool: ${name}`, 403);
                     }
                     const userContext = await UserContextCache_1.UserContextCache.getContext(apiKey);
@@ -253,12 +534,9 @@ class MCPServerService {
             }
             catch (error) {
                 const errorMessage = error instanceof Error ? error.message : String(error);
-                // Check for multi-workspace credentials error - return user-friendly error
-                // Use HTTP 200 so the JSON-RPC error reaches the client properly
                 if (errorMessage.includes('Multi-workspace credentials detected')) {
                     req.logger.warn('Multi-workspace credentials blocked', { apiKey: req.query.apiKey });
-                    this.sendMcpError(res, req.body?.id || null, -32001, errorMessage, 200 // JSON-RPC errors should use HTTP 200 for proper client handling
-                    );
+                    this.sendMcpError(res, req.body?.id || null, -32001, errorMessage, 200);
                 }
                 else {
                     req.logger.error('MCP handler error', error, { apiKey: req.query.apiKey });
@@ -266,25 +544,20 @@ class MCPServerService {
                 }
             }
         };
-        // MCP Protocol endpoint - JSON-RPC 2.0 over SSE
         // Route 1: /api/mcp?apiKey=xxx (standard format)
         this.app.post('/api/mcp', (req, res) => mcpHandler(req, res));
         // Route 2: /:apiKey (simplified format - API key as path)
         // Matches 16-64 char alphanumeric keys, but ONLY for MCP requests (has jsonrpc field)
-        // Non-MCP requests (webhooks) pass through to later routes
         this.app.post('/:apiKey([a-zA-Z0-9_-]{16,64})', (req, res, next) => {
             if (req.body?.jsonrpc) {
-                // MCP request - handle it
                 mcpHandler(req, res, req.params.apiKey);
             }
             else {
-                // Not MCP (likely webhook) - pass to next route
                 next();
             }
         });
         // ===== Bot Configuration API (only when MCP_CLIENT_ENABLED=true) =====
         if (config_1.environment.MCP_CLIENT_ENABLED) {
-            // GET /api/bots - List all bots and their status
             this.app.get('/api/bots', async (req, res) => {
                 req.logger.debug('List bots requested');
                 try {
@@ -301,7 +574,6 @@ class MCPServerService {
                     res.status(500).json({ error: 'Failed to list bots' });
                 }
             });
-            // POST /api/bots/:id/enable - Enable a bot
             this.app.post('/api/bots/:id/enable', async (req, res) => {
                 const { id } = req.params;
                 req.logger.debug('Enable bot requested', { botId: id });
@@ -319,7 +591,6 @@ class MCPServerService {
                     res.status(500).json({ error: 'Failed to enable bot' });
                 }
             });
-            // POST /api/bots/:id/disable - Disable a bot
             this.app.post('/api/bots/:id/disable', async (req, res) => {
                 const { id } = req.params;
                 req.logger.debug('Disable bot requested', { botId: id });
@@ -337,7 +608,6 @@ class MCPServerService {
                     res.status(500).json({ error: 'Failed to disable bot' });
                 }
             });
-            // POST /api/bots/:id/toggle - Toggle a bot
             this.app.post('/api/bots/:id/toggle', async (req, res) => {
                 const { id } = req.params;
                 req.logger.debug('Toggle bot requested', { botId: id });
@@ -357,101 +627,358 @@ class MCPServerService {
                     res.status(500).json({ error: 'Failed to toggle bot' });
                 }
             });
-            // ===== Bot Config Webhook API =====
-            // Get secure webhook path (auto-generated token) - null if disabled
-            const webhookPath = (0, webhook_handler_1.getWebhookPath)();
-            if (webhookPath) {
-                // POST /webhook/{token} - Receives updates from Hailer workflow webhooks
-                this.app.post(webhookPath, (req, res) => {
-                    req.logger.debug('Bot config webhook received', {
-                        activityId: req.body?._id,
-                        activityName: req.body?.name,
-                        workspaceId: req.body?.cid,
-                    });
-                    try {
-                        const result = (0, webhook_handler_1.handleBotConfigWebhook)(req.body);
-                        if (result.success) {
-                            req.logger.debug('Bot config updated via webhook', {
-                                action: result.action,
-                                workspaceId: result.workspaceId,
-                                botType: result.botType,
-                            });
-                            res.status(200).json(result);
-                        }
-                        else {
-                            req.logger.warn('Bot config webhook failed', { error: result.error });
-                            res.status(400).json(result);
+        }
+        // ===== Cowork MCP endpoint — OAuth multi-user (for Claude.ai native connector) =====
+        // MCP session termination endpoint (required by MCP spec)
+        // NOTE: This only closes the MCP transport, NOT the OAuth session
+        // OAuth sessions have their own TTL (24h) and should persist across MCP reconnects
+        this.app.delete(`${API_PREFIX}/mcp`, (req, res) => {
+            req.logger.debug('Cowork MCP session close request');
+            // Don't delete OAuth session - it should persist for reconnects
+            res.status(200).json({ success: true });
+        });
+        // ===== Vipunen endpoint — API key auth only, no OAuth, no session store =====
+        // DELETE /api/vipunen - session close
+        this.app.delete('/api/vipunen', (req, res) => {
+            req.logger.debug('Vipunen MCP session close request');
+            res.status(200).json({ success: true });
+        });
+        // GET /api/vipunen - SSE stream
+        this.app.get('/api/vipunen', (req, res) => {
+            req.logger.debug('Vipunen SSE connection opened');
+            this.setupSseStream(req, res, 'Vipunen ');
+        });
+        // POST /api/vipunen - JSON-RPC 2.0, Vipunen tools only
+        this.app.post('/api/vipunen', async (req, res) => {
+            req.logger.debug('Vipunen MCP request received', { method: req.body?.method });
+            try {
+                const mcpRequest = req.body;
+                if (mcpRequest.method === 'initialize') {
+                    req.logger.info('Vipunen MCP initialize request received');
+                    res.setHeader('Mcp-Session-Id', this.generateSessionId('vipunen-session'));
+                    return this.sendMcpResult(res, mcpRequest.id, {
+                        protocolVersion: '2024-11-05',
+                        capabilities: { tools: {} },
+                        serverInfo: {
+                            name: 'vipunen-server',
+                            version: '1.0.0'
                         }
+                    });
+                }
+                else if (mcpRequest.method === 'notifications/initialized') {
+                    req.logger.info('Vipunen MCP handshake completed');
+                    res.status(204).end();
+                    return;
+                }
+                else if (mcpRequest.method === 'tools/list') {
+                    const vipunenDefs = this.toolRegistry.getToolDefinitionsByContextType('none');
+                    req.logger.debug('Vipunen tools/list', { count: vipunenDefs.length });
+                    return this.sendMcpResult(res, mcpRequest.id, { tools: vipunenDefs });
+                }
+                else if (mcpRequest.method === 'tools/call') {
+                    if (!mcpRequest.params?.name) {
+                        return this.sendMcpError(res, mcpRequest.id, -32602, 'params.name is required', 400);
                     }
-                    catch (error) {
-                        req.logger.error('Bot config webhook error', { error });
-                        res.status(500).json({
-                            success: false,
-                            error: error instanceof Error ? error.message : 'Internal error',
+                    const bearerToken = this.extractBearerToken(req);
+                    // Require valid Vipunen API key
+                    if (!bearerToken || !(0, vipunen_1.isValidVipunenKey)(bearerToken)) {
+                        req.logger.warn('Vipunen tools/call - invalid or missing API key');
+                        res.setHeader('WWW-Authenticate', 'Bearer');
+                        return res.status(401).json({
+                            error: 'unauthorized',
+                            error_description: 'Valid Vipunen API key required.'
                         });
                     }
-                });
-                // GET /webhook/{token}/status - Status endpoint to see all workspace configs
-                this.app.get(`${webhookPath}/status`, (_req, res) => {
-                    const configs = (0, webhook_handler_1.listWorkspaceConfigs)();
-                    res.json({
-                        timestamp: new Date().toISOString(),
-                        workspaceCount: configs.length,
-                        workspaces: configs.map((c) => ({
-                            workspaceId: c.workspaceId,
-                            workspaceName: c.workspaceName,
-                            hasOrchestrator: !!c.orchestrator,
-                            specialistCount: c.specialists.length,
-                            enabledSpecialists: c.specialists.filter((s) => s.enabled).length,
-                            lastSynced: c.lastSynced,
-                        })),
-                    });
-                });
+                    const { name, arguments: args = {} } = mcpRequest.params;
+                    req.logger.debug('Vipunen tools/call', { toolName: name });
+                    const tool = this.toolRegistry.getTool(name);
+                    if (!tool) {
+                        return this.sendMcpError(res, mcpRequest.id, -32601, `Unknown tool: ${name}`, 404);
+                    }
+                    if (tool.contextType !== 'none') {
+                        return this.sendMcpError(res, mcpRequest.id, -32603, `Tool not accessible via Vipunen endpoint: ${name}`, 403);
+                    }
+                    const vipunenCtx = (0, vipunen_1.resolveVipunenContext)(bearerToken);
+                    const result = await this.toolRegistry.executeTool(name, args, vipunenCtx);
+                    return this.sendMcpResult(res, mcpRequest.id, result);
+                }
+                else {
+                    return this.sendMcpError(res, mcpRequest.id, -32601, `Method not found: ${mcpRequest.method}`, 400);
+                }
             }
-            else {
-                this.logger.debug('Webhook endpoint disabled (no WEBHOOK_TOKEN)');
-            }
-            this.logger.debug('Routes configured', {
-                routes: [
-                    '/health',
-                    '/daemon/status',
-                    '/api/mcp',
-                    '/api/bots'
-                ]
+            catch (error) {
+                const errorMessage = error instanceof Error ? error.message : String(error);
+                req.logger.error('Vipunen MCP handler error', error);
+                this.sendMcpError(res, req.body?.id || null, -32000, `Server error: ${errorMessage}`, 500);
+            }
+        });
+        // Cowork MCP Protocol endpoint - GET for SSE stream
+        this.app.get(`${API_PREFIX}/mcp`, (req, res) => {
+            req.logger.debug('Cowork SSE connection opened');
+            this.setupSseStream(req, res, 'Cowork ');
+        });
+        // Cowork MCP Protocol endpoint - JSON-RPC 2.0 over SSE (OAuth auth)
+        this.app.post(`${API_PREFIX}/mcp`, (req, res) => {
+            this.handleCoworkMcp(req, res, {
+                resolveApiKey: (r) => {
+                    const bearer = this.extractBearerToken(r);
+                    let apiKey;
+                    let keyId;
+                    if (bearer) {
+                        keyId = bearer;
+                        const session = session_store_1.sessionStore.get(keyId);
+                        if (session) {
+                            apiKey = session.apiKey;
+                        }
+                    }
+                    // Fallback to query param (legacy support)
+                    if (!apiKey) {
+                        apiKey = r.query.apiKey;
+                    }
+                    return { apiKey, keyId };
+                },
+                onUnauthorized: (r, rs, _id, toolName) => {
+                    const baseUrl = this.getBaseUrl(r);
+                    r.logger.info('No auth for tools/call - returning 401 to trigger OAuth', { tool: toolName });
+                    rs.setHeader('WWW-Authenticate', `Bearer resource="${baseUrl}${API_PREFIX}/mcp"`);
+                    rs.status(401).json({
+                        error: 'unauthorized',
+                        error_description: 'Authentication required. Please authorize via OAuth to use tools.'
+                    });
+                },
+                label: 'Cowork'
             });
+        });
+        this.logger.debug('Routes configured', {
+            routes: [
+                '/health',
+                '/daemon/status',
+                '/api/mcp (Hailer — direct API key)',
+                '/:apiKey (Hailer — API key as path)',
+                '/api/bots (Bot management)',
+                `${API_PREFIX}/mcp (Cowork — OAuth)`,
+                '/api/vipunen (Vipunen — Bearer key)',
+                '/.well-known/oauth-authorization-server',
+                '/.well-known/oauth-protected-resource',
+                `${API_PREFIX}/oauth/register`,
+                `${API_PREFIX}/oauth/authorize`,
+                `${API_PREFIX}/oauth/token`,
+                `${API_PREFIX}/oauth/callback`,
+                `${API_PREFIX}/auth/register`,
+                `${API_PREFIX}/auth/stats`
+            ]
+        });
+    }
+    extractBearerToken(req) {
+        const auth = req.headers.authorization;
+        return auth?.startsWith('Bearer ') ? auth.substring(7) : undefined;
+    }
+    setupSseStream(req, res, label) {
+        res.setHeader('Content-Type', 'text/event-stream');
+        res.setHeader('Cache-Control', 'no-cache');
+        res.setHeader('Connection', 'keep-alive');
+        res.setHeader('X-Accel-Buffering', 'no');
+        res.write(': connected\n\n');
+        const heartbeat = setInterval(() => {
+            if (!res.write(': heartbeat\n\n')) {
+                clearInterval(heartbeat);
+            }
+        }, 30000);
+        req.on('close', () => {
+            clearInterval(heartbeat);
+            req.logger.debug(`${label}SSE connection closed`);
+        });
+    }
+    generateSessionId(prefix) {
+        return `${prefix}-${Date.now()}-${Math.random().toString(36).substring(2, 11)}`;
+    }
+    /**
+     * Strict access control for /api/mcp — returns false on catch (no config = no access)
+     */
+    canAccessToolStrict(toolName, apiKey) {
+        // User API Keys aren't in CLIENT_CONFIGS — apply permissive access (non-NUCLEAR)
+        if (apiKey.startsWith('userapikey_')) {
+            const tool = this.toolRegistry.getTool(toolName);
+            if (!tool)
+                return false;
+            if (tool.group === tool_registry_1.ToolGroup.NUCLEAR && !config_1.environment.ENABLE_NUCLEAR_TOOLS) {
+                return false;
+            }
+            return true;
         }
-        else {
-            this.logger.debug('Routes configured', {
-                routes: [
-                    '/health',
-                    '/daemon/status',
-                    '/api/mcp'
-                ]
-            });
+        try {
+            const agentConfig = this.appConfig.getClientConfig(apiKey);
+            if (agentConfig.allowedTools) {
+                return agentConfig.allowedTools.includes(toolName);
+            }
+            if (agentConfig.allowedGroups) {
+                const tool = this.toolRegistry.getTool(toolName);
+                return tool ? agentConfig.allowedGroups.includes(tool.group) : false;
+            }
+            return true;
+        }
+        catch {
+            return false;
         }
     }
     /**
-     * Check if agent has access to a specific tool
+     * Permissive access control for Cowork — allows non-NUCLEAR tools on catch (OAuth sessions)
      */
-    canAccessTool(toolName, apiKey, appConfig) {
+    canAccessToolPermissive(toolName, apiKey) {
         try {
-            const agentConfig = appConfig.getClientConfig(apiKey);
-            // Explicit tool whitelist (takes precedence)
+            const agentConfig = this.appConfig.getClientConfig(apiKey);
             if (agentConfig.allowedTools) {
                 return agentConfig.allowedTools.includes(toolName);
             }
-            // Group-based access control
             if (agentConfig.allowedGroups) {
                 const tool = this.toolRegistry.getTool(toolName);
                 return tool ? agentConfig.allowedGroups.includes(tool.group) : false;
             }
-            // Default: allow all (backward compatible)
             return true;
         }
         catch {
-            return false;
+            const tool = this.toolRegistry.getTool(toolName);
+            if (!tool)
+                return false;
+            if (tool.group === tool_registry_1.ToolGroup.NUCLEAR && !config_1.environment.ENABLE_NUCLEAR_TOOLS) {
+                return false;
+            }
+            return true;
         }
     }
+    /**
+     * Cowork MCP JSON-RPC handler for /api/cowork/mcp (OAuth multi-user).
+     * Permissive access control, contextType filter, OAuth 401 flow.
+     */
+    async handleCoworkMcp(req, res, options) {
+        req.logger.debug(`${options.label} MCP request received`, { method: req.body?.method });
+        try {
+            const { apiKey, keyId } = options.resolveApiKey(req);
+            if (apiKey) {
+                req.logger.debug(`${options.label} API key resolved`, { keyId: keyId?.substring(0, 8) || 'direct' });
+            }
+            const mcpRequest = req.body;
+            let result;
+            // tools/list is intentionally unauthenticated — MCP clients need the list
+            // to construct the OAuth prompt before they have a token.
+            // tools/call is the enforcement gate.
+            if (mcpRequest.method === 'tools/list') {
+                req.logger.debug(`${options.label} Handling tools/list`);
+                let filterConfig;
+                if (apiKey) {
+                    try {
+                        const agentConfig = this.appConfig.getClientConfig(apiKey);
+                        if (agentConfig.allowedTools || agentConfig.allowedGroups) {
+                            filterConfig = {
+                                allowedTools: agentConfig.allowedTools,
+                                allowedGroups: agentConfig.allowedGroups
+                            };
+                        }
+                    }
+                    catch {
+                        req.logger.debug('No config found for apiKey, returning all tools');
+                    }
+                }
+                if (!filterConfig) {
+                    filterConfig = {
+                        allowedGroups: [tool_registry_1.ToolGroup.READ, tool_registry_1.ToolGroup.WRITE, tool_registry_1.ToolGroup.PLAYGROUND]
+                    };
+                    req.logger.debug('Using default tool filter (excludes NUCLEAR)');
+                }
+                else if (filterConfig.allowedGroups) {
+                    filterConfig.allowedGroups = filterConfig.allowedGroups.filter(g => (config_1.environment.ENABLE_NUCLEAR_TOOLS || g !== tool_registry_1.ToolGroup.NUCLEAR));
+                }
+                result = {
+                    tools: this.toolRegistry.getToolDefinitions(filterConfig)
+                        .filter((def) => {
+                        const tool = this.toolRegistry.getTool(def.name);
+                        return (tool?.contextType ?? 'hailer') !== 'none';
+                    })
+                };
+            }
+            else if (mcpRequest.method === 'tools/get_schema') {
+                const toolName = mcpRequest.params?.name;
+                req.logger.debug(`${options.label} Handling tools/get_schema`, { toolName });
+                if (!toolName) {
+                    return this.sendMcpError(res, mcpRequest.id, -32602, 'Tool name required in params.name', 400);
+                }
+                const schema = this.toolRegistry.getToolSchema(toolName);
+                if (!schema) {
+                    return this.sendMcpError(res, mcpRequest.id, -32602, `Tool not found: ${toolName}`, 404);
+                }
+                result = schema;
+            }
+            else if (mcpRequest.method === 'tools/call') {
+                if (!apiKey) {
+                    return options.onUnauthorized(req, res, mcpRequest.id, mcpRequest.params?.name);
+                }
+                if (!mcpRequest.params?.name) {
+                    return this.sendMcpError(res, mcpRequest.id, -32602, 'params.name is required', 400);
+                }
+                const { name, arguments: args = {} } = mcpRequest.params;
+                req.logger.debug(`${options.label} Handling tools/call`, { toolName: name });
+                const tool = this.toolRegistry.getTool(name);
+                const contextType = tool?.contextType ?? 'hailer';
+                if (!this.canAccessToolPermissive(name, apiKey)) {
+                    return this.sendMcpError(res, mcpRequest.id, -32603, `Access denied to tool: ${name}`, 403);
+                }
+                if (contextType === 'none') {
+                    return this.sendMcpError(res, mcpRequest.id, -32602, `Tool not found: ${name}`, 404);
+                }
+                const userContext = await UserContextCache_1.UserContextCache.getContext(apiKey);
+                result = await this.toolRegistry.executeTool(name, args, userContext);
+            }
+            else if (mcpRequest.method === 'initialize') {
+                req.logger.info(`${options.label} MCP initialize request received`);
+                res.setHeader('Mcp-Session-Id', this.generateSessionId('session'));
+                result = {
+                    protocolVersion: '2024-11-05',
+                    capabilities: { tools: {} },
+                    serverInfo: {
+                        name: 'hailer-mcp-server',
+                        version: '1.0.0'
+                    },
+                    // Instructions help Claude App understand how to use Hailer tools
+                    ...(mcpInstructions && { instructions: mcpInstructions })
+                };
+            }
+            else if (mcpRequest.method === 'notifications/initialized') {
+                req.logger.info(`${options.label} MCP handshake completed`);
+                res.status(204).end();
+                return;
+            }
+            else {
+                return this.sendMcpError(res, mcpRequest.id, -32601, `Method not found: ${mcpRequest.method}`, 400);
+            }
+            this.sendMcpResult(res, mcpRequest.id, result);
+        }
+        catch (error) {
+            const errorMessage = error instanceof Error ? error.message : String(error);
+            if (errorMessage.includes('Multi-workspace credentials detected')) {
+                req.logger.warn('Multi-workspace credentials blocked');
+                this.sendMcpError(res, req.body?.id || null, -32001, errorMessage, 200);
+            }
+            else if (errorMessage.includes('No Hailer account found')) {
+                req.logger.warn('Invalid API key - no Hailer account found');
+                this.sendMcpError(res, req.body?.id || null, -32002, 'Invalid or expired API key. Please disconnect and reconnect the Hailer MCP connector to re-authorize.', 200);
+            }
+            else {
+                req.logger.error(`${options.label} MCP handler error`, error);
+                this.sendMcpError(res, req.body?.id || null, -32000, `Server error: ${errorMessage}`, 500);
+            }
+        }
+    }
+    /**
+     * Send MCP success response via SSE
+     */
+    sendMcpResult(res, id, result) {
+        const response = { jsonrpc: '2.0', result, id };
+        res.setHeader('Content-Type', 'text/event-stream');
+        res.setHeader('Cache-Control', 'no-cache');
+        res.setHeader('Connection', 'keep-alive');
+        res.write(`data: ${JSON.stringify(response)}\n\n`);
+        res.end();
+    }
     /**
      * Send MCP error response
      */
@@ -472,11 +999,12 @@ class MCPServerService {
                 this.logger.info('MCP Server started', {
                     port: port,
                     healthCheck: `http://localhost:${port}/health`,
-                    mcpEndpoint: `http://localhost:${port}/api/mcp`
+                    daemonStatus: `http://localhost:${port}/daemon/status`,
+                    hailerEndpoint: `http://localhost:${port}/api/mcp`,
+                    coworkEndpoint: `http://localhost:${port}/api/cowork/mcp`,
+                    vipunenEndpoint: `http://localhost:${port}/api/vipunen`
                 });
                 // Update .mcp.json with the actual port so Claude Code connects to the right server
-                const fs = require('fs');
-                const path = require('path');
                 const mcpJsonPath = path.join(process.cwd(), '.mcp.json');
                 try {
                     if (fs.existsSync(mcpJsonPath)) {
@@ -495,22 +1023,6 @@ class MCPServerService {
                 catch (err) {
                     this.logger.debug('Could not update .mcp.json', { error: err.message });
                 }
-                // Update .opencode/opencode.json with the actual port so OpenCode connects to the right server
-                const opencodeJsonPath = path.join(process.cwd(), '.opencode', 'opencode.json');
-                try {
-                    if (fs.existsSync(opencodeJsonPath)) {
-                        const opencodeJson = JSON.parse(fs.readFileSync(opencodeJsonPath, 'utf-8'));
-                        const hailerMcp = opencodeJson?.mcp?.hailer;
-                        if (hailerMcp?.url && typeof hailerMcp.url === 'string' && hailerMcp.url.includes('localhost:')) {
-                            hailerMcp.url = hailerMcp.url.replace(/localhost:\d+/, `localhost:${port}`);
-                            fs.writeFileSync(opencodeJsonPath, JSON.stringify(opencodeJson, null, 2) + '\n');
-                            this.logger.debug('.opencode/opencode.json updated with port', { port });
-                        }
-                    }
-                }
-                catch (err) {
-                    this.logger.debug('Could not update .opencode/opencode.json', { error: err.message });
-                }
                 resolve();
             });
             this.server.on('error', (error) => {
@@ -524,7 +1036,7 @@ class MCPServerService {
             const server = this.server;
             return new Promise((resolve) => {
                 server.close(() => {
-                    this.logger.debug('MCP Server stopped gracefully');
+                    this.logger.info('MCP Server stopped gracefully');
                     resolve();
                 });
             });