@hapticpaper/mcp-server 1.0.38 → 1.0.41

package/dist/constants/scopes.js

@@ -0,0 +1,7 @@
+export const REQUIRED_SCOPES = [
+    'tasks:read',
+    'tasks:write',
+    'workers:read',
+    'account:read',
+    'account:write'
+];

package/dist/index.js

@@ -13,9 +13,11 @@ import path from 'node:path';
 import jwt from 'jsonwebtoken';
 import { HapticPaperClient } from "./client/hapticPaperClient.js";
 import { CANONICAL_WIDGET_RESOURCES, LEGACY_WIDGET_RESOURCES } from "./constants/widget.js";
-import { registerAllTools } from "./tools/index.js";
+import { registerAllTools, ALL_TOOL_SCOPES } from "./tools/index.js";
 import { registerAllResources } from "./resources/index.js";
 import { TokenManager, MCPOAuthHandler } from "./auth/oauth.js";
+// REQUIRED_SCOPES is now deprecated in favor of ALL_TOOL_SCOPES
+// import { REQUIRED_SCOPES } from "./constants/scopes.js";
 dotenv.config();
 async function main() {
     const args = process.argv.slice(2);
@@ -42,7 +44,7 @@ async function main() {
             process.exit(1);
         }
     }
-    function registerWidgetTemplate(server) {
+    function registerWidgetTemplate(server, resourceBaseUrlOrigin) {
         // The widget bundle is built by packages/mcp-server/web and inlined into the HTML template.
         const widgetBundlePath = path.resolve(process.cwd(), 'web', 'dist', 'widget.js');
         if (!fs.existsSync(widgetBundlePath)) {
@@ -98,14 +100,15 @@ ${widgetJs}
             registerWidgetResource(name, uri);
         }
     }
-    function createMcpServer(client) {
+    function createMcpServer(client, resourceBaseUrlOrigin) {
         const server = new McpServer({
             name: "haptic-paper",
             version: "1.0.0"
         });
-        registerWidgetTemplate(server);
+        registerWidgetTemplate(server, resourceBaseUrlOrigin);
         registerAllTools(server, client);
         registerAllResources(server, client);
+        const scopesSupported = [...ALL_TOOL_SCOPES];
         return server;
     }
     const transportType = process.env.MCP_TRANSPORT || 'stdio';
@@ -117,7 +120,7 @@ ${widgetJs}
             authorizationUrl: process.env.AUTH_URL || 'https://hh.hapticpaper.com/oauth/authorize',
             tokenUrl: process.env.TOKEN_URL || 'https://hh.hapticpaper.com/api/v1/oauth/token',
             redirectUri: 'http://127.0.0.1/callback',
-            scopes: ['tasks:read', 'tasks:write', 'workers:read', 'account:read']
+            scopes: [...ALL_TOOL_SCOPES]
         });
         const tokens = await auth.authenticate();
         await tokenManager.saveTokens(tokens);
@@ -141,6 +144,23 @@ ${widgetJs}
                     console.error('Token expired, re-authenticating...');
                     return runOAuthFlow();
                 }
+                // Check for required scopes
+                try {
+                    const decoded = jwt.decode(tokens.access_token);
+                    if (decoded && typeof decoded === 'object') {
+                        const tokenScopes = decoded.scope?.split(' ') || [];
+                        const tokenScopeSet = new Set(tokenScopes);
+                        const missingScopes = ALL_TOOL_SCOPES.filter(s => !tokenScopeSet.has(s));
+                        if (missingScopes.length > 0) {
+                            console.error(`Stored token missing scopes: ${missingScopes.join(', ')}. Re-authenticating...`);
+                            return runOAuthFlow();
+                        }
+                    }
+                }
+                catch (e) {
+                    console.error('Error validating token scopes, re-authenticating...', e);
+                    return runOAuthFlow();
+                }
                 return tokens.access_token;
             }
             // 3. No token - auto-trigger OAuth
@@ -405,7 +425,7 @@ ${widgetJs}
                         delete transports[transport.sessionId];
                     }
                 };
-                const server = createMcpServer(client);
+                const server = createMcpServer(client, resourceServerUrl.origin);
                 await server.connect(transport);
             }
             else {
@@ -441,7 +461,7 @@ ${widgetJs}
     }
     else {
         const transport = new StdioServerTransport();
-        const server = createMcpServer(client);
+        const server = createMcpServer(client, 'https://hh.hapticpaper.com');
         await server.connect(transport);
         console.error('MCP Server running on stdio');
     }

package/dist/tools/account.js

@@ -1,6 +1,7 @@
 import { z } from "zod";
 import { requireScopes } from "../auth/access.js";
 import { HAPTICPAPER_WIDGET_URI } from "../constants/widget.js";
+export const ACCOUNT_TOOL_SCOPES = ['account:read', 'account:write'];
 import { handleToolError } from "./errorHandler.js";
 function oauthSecuritySchemes(scopes) {
     return [

package/dist/tools/index.js

@@ -1,9 +1,17 @@
-import { registerTasksTools } from "./tasks.js";
-import { registerWorkerTools } from "./workers.js";
-import { registerAccountTools } from "./account.js";
+import { registerTasksTools, TASKS_TOOL_SCOPES } from "./tasks.js";
+import { registerWorkerTools, WORKERS_TOOL_SCOPES } from "./workers.js";
+import { registerAccountTools, ACCOUNT_TOOL_SCOPES } from "./account.js";
 import { registerQualificationTools } from "./qualification.js";
 import { registerGeneralTools } from "./general.js";
-import { registerMessagesTools } from "./messages.js";
+import { registerMessagesTools, MESSAGES_TOOL_SCOPES } from "./messages.js";
+// Aggregate all scopes from tools
+export const ALL_TOOL_SCOPES = [
+    ...TASKS_TOOL_SCOPES,
+    ...WORKERS_TOOL_SCOPES,
+    ...ACCOUNT_TOOL_SCOPES,
+    ...MESSAGES_TOOL_SCOPES,
+    // Add other tool scopes here as they are defined
+];
 export function registerAllTools(server, client) {
     registerTasksTools(server, client);
     registerWorkerTools(server, client);

package/dist/tools/messages.js

@@ -1,6 +1,7 @@
 import { z } from "zod";
 import { requireScopes } from "../auth/access.js";
 import { HAPTICPAPER_WIDGET_URI } from "../constants/widget.js";
+export const MESSAGES_TOOL_SCOPES = ['messages:read', 'messages:write'];
 function oauthSecuritySchemes(scopes) {
     return [
         { type: 'oauth2', scopes },

package/dist/tools/tasks.js

@@ -2,6 +2,7 @@ import { z } from "zod";
 import { requireScopes } from "../auth/access.js";
 import { HAPTICPAPER_WIDGET_URI } from "../constants/widget.js";
 import crypto from 'node:crypto';
+export const TASKS_TOOL_SCOPES = ['tasks:read', 'tasks:write'];
 // --- Shared Helpers ---
 function stableSessionId(prefix, value) {
     const raw = value ?? 'unknown';

package/dist/tools/workers.js

@@ -2,6 +2,7 @@ import { z } from "zod";
 import { requireScopes } from "../auth/access.js";
 import { HAPTICPAPER_WIDGET_URI } from "../constants/widget.js";
 import crypto from 'node:crypto';
+export const WORKERS_TOOL_SCOPES = ['workers:read', 'workers:write'];
 // --- Shared Helpers ---
 function stableSessionId(prefix, value) {
     const raw = value ?? 'unknown';

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@hapticpaper/mcp-server",
   "mcpName": "com.hapticpaper/mcp",
-  "version": "1.0.38",
+  "version": "1.0.41",
   "description": "Official MCP Server for Haptic Paper - Connect your account to create human tasks from agentic pipelines.",
   "type": "module",
   "main": "dist/index.js",

package/server.json

@@ -25,7 +25,7 @@
     "subfolder": "packages/mcp-server"
   },
   "websiteUrl": "https://hapticpaper.com/developer",
-  "version": "1.0.38",
+  "version": "1.0.41",
   "remotes": [
     {
       "type": "streamable-http",
@@ -37,7 +37,7 @@
       "registryType": "npm",
       "registryBaseUrl": "https://registry.npmjs.org",
       "identifier": "@hapticpaper/mcp-server",
-      "version": "1.0.38",
+      "version": "1.0.41",
       "transport": {
         "type": "stdio"
       },