@hostingguru/mcp-server 1.0.0 → 1.0.1

package/main.cjs

@@ -234,9 +234,12 @@ function extractTokenCookie(setCookie) {
     const eq = first.indexOf("=");
     if (eq < 0)
       continue;
-    if (first.slice(0, eq) === "token") {
-      return decodeURIComponent(first.slice(eq + 1));
-    }
+    if (first.slice(0, eq) !== "token")
+      continue;
+    const value = decodeURIComponent(first.slice(eq + 1));
+    if (!value)
+      continue;
+    return value;
   }
   return null;
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@hostingguru/mcp-server",
-  "version": "1.0.0",
+  "version": "1.0.1",
   "description": "Model Context Protocol server for HostingGuru — sign in, manage workspaces, deploy GitHub repositories, and inspect deployments from your AI coding tool.",
   "keywords": [
     "mcp",

package/README.md

@@ -1,94 +0,0 @@
-# @hostingguru/mcp-server
-
-Model Context Protocol server for [HostingGuru](https://hostingguru.io). Connect
-your AI coding tool to your HostingGuru account to sign in, manage workspaces,
-deploy GitHub repositories, and inspect deployment status — all through tool
-calls.
-
-## Install
-
-The MCP server is published as a Node CLI:
-
-```bash
-npx -y @hostingguru/mcp-server
-```
-
-### Claude Desktop
-
-Add this to `claude_desktop_config.json`:
-
-```json
-{
-  "mcpServers": {
-    "hostingguru": {
-      "command": "npx",
-      "args": ["-y", "@hostingguru/mcp-server"]
-    }
-  }
-}
-```
-
-### Cursor / Windsurf / other MCP clients
-
-Use the same `command` + `args` shape in the client's MCP config.
-
-## Sign in
-
-The MCP server stores credentials encrypted at `~/.hostingguru/credentials.json`.
-
-### Email + password
-
-In your AI tool, run the `auth_login` tool. The server opens a local URL like
-`http://localhost:54321/login`. Open it in your browser, enter your email and
-password, and submit. The form posts to a one-shot endpoint on the same
-local port — credentials never pass through the AI tool, and the form itself
-is bound to a single-use nonce so no other process can race the submission.
-
-If your email is unknown, an account is created and you'll receive a
-verification email — same flow as `dashboard.hostingguru.io`.
-
-### Google or GitHub (OAuth)
-
-OAuth providers redirect to the dashboard, not to a CLI, so:
-
-1. Sign in at `https://dashboard.hostingguru.io/auth` with Google or GitHub.
-2. Open DevTools → Application → Cookies → copy the value of the `token`
-   cookie.
-3. In your AI tool, run `auth_token` and paste it.
-
-### Sign out
-
-Run `auth_logout`. The local credentials file is removed and the backend
-cookie is invalidated.
-
-## Tools
-
-| Tool | What it does |
-| --- | --- |
-| `auth_login` | Email/password sign-in or sign-up via local browser page |
-| `auth_token` | Authenticate with a session token (for OAuth users) |
-| `auth_status` | Show authenticated state + selected workspace |
-| `auth_logout` | Sign out locally and on the backend |
-| `list_workspaces` / `select_workspace` | Workspace selection |
-| `list_projects` / `create_project` / `get_project` | Project management |
-| `list_deployments` / `get_deployment` / `trigger_deployment` | Deployments |
-| `list_env_vars` / `set_env_var` / `delete_env_var` | Environment variables |
-| `list_repositories` / `connect_github` | GitHub integration |
-| `attach_domain` / `verify_domain` | Custom domains |
-| `get_subscription` | Billing status |
-
-## Security
-
-- All traffic to the API uses HTTPS to `backend.hostingguru.io`.
-- The session JWT is sent via `Cookie: token=…` (matches the dashboard's
-  cookie-only auth).
-- Local sign-in helper binds to `127.0.0.1` only on an ephemeral port and
-  shuts down after 5 minutes or after first use.
-- A random per-session nonce binds the `/submit` POST to the served login
-  page, so other local processes can't hijack the credential submission.
-- Credentials at rest are AES-256-GCM encrypted with a key derived from
-  hostname + username + homedir.
-
-## License
-
-MIT