npm - @kadoa/mcp - Versions diffs - 0.3.2 → 0.3.3-rc.1 - Mend

@kadoa/mcp 0.3.2 → 0.3.3-rc.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/index.js +455 -23
package/package.json +1 -1

package/dist/index.js CHANGED Viewed

@@ -49167,6 +49167,20 @@ function errorResult(message) {
     isError: true
   };
 }
+function extractApiMessage(responseBody) {
+  const body = responseBody;
+  if (!body || typeof body !== "object")
+    return;
+  const msg = typeof body.error === "string" && body.error || typeof body.message === "string" && body.message || undefined;
+  if (!msg)
+    return;
+  if (body.validationErrors && typeof body.validationErrors === "object" && body.validationErrors !== null) {
+    const details = Object.entries(body.validationErrors).map(([field, err]) => `${field}: "${err}"`).join(", ");
+    if (details)
+      return `${msg} — Details: ${details}`;
+  }
+  return msg;
+}
 function classifyError(error48) {
   if (KadoaSdkException.isInstance(error48)) {
     const code = error48.code;
@@ -49186,9 +49200,9 @@ function classifyError(error48) {
           return `Request timed out${status}. Please try again.`;
         case "VALIDATION_ERROR":
         case "BAD_REQUEST":
-          return httpError.message;
+          return extractApiMessage(httpError.responseBody) || httpError.message;
         default:
-          return `Kadoa API error${status}. Please try again later.`;
+          return extractApiMessage(httpError.responseBody) || `Kadoa API error${status}. Please try again later.`;
       }
     }
     switch (code) {
@@ -53676,14 +53690,139 @@ class KadoaOAuthProvider {
       params,
       supabaseCodeVerifier: verifier
     });
+    res.type("html").send(renderLoginPage(state));
+  }
+  async handleGoogleLogin(req, res) {
+    const { state } = req.body;
+    const pending = pendingAuths.get(state);
+    if (!pending) {
+      res.status(400).send("Unknown or expired state parameter");
+      return;
+    }
+    const supabaseUrl = process.env.SUPABASE_URL;
+    const serverUrl = process.env.MCP_SERVER_URL;
+    if (!supabaseUrl || !serverUrl) {
+      res.status(500).send("Server misconfigured");
+      return;
+    }
     const redirectTo = `${serverUrl}/auth/callback?mcp_state=${state}`;
     const authUrl = new URL(`${supabaseUrl}/auth/v1/authorize`);
     authUrl.searchParams.set("provider", "google");
     authUrl.searchParams.set("redirect_to", redirectTo);
-    authUrl.searchParams.set("code_challenge", challenge);
+    authUrl.searchParams.set("code_challenge", pending.supabaseCodeVerifier ? createHash2("sha256").update(pending.supabaseCodeVerifier).digest("base64url") : "");
     authUrl.searchParams.set("code_challenge_method", "S256");
     res.redirect(authUrl.toString());
   }
+  async handleEmailPasswordLogin(req, res) {
+    const { state, email: email3, password } = req.body;
+    if (!state || !email3 || !password) {
+      res.status(400).send("Missing required fields");
+      return;
+    }
+    const pending = pendingAuths.get(state);
+    if (!pending) {
+      res.status(400).type("html").send(renderLoginPage(state, "Session expired — please try again"));
+      return;
+    }
+    const supabaseUrl = process.env.SUPABASE_URL;
+    if (!supabaseUrl) {
+      res.status(500).send("Server misconfigured");
+      return;
+    }
+    try {
+      const tokenRes = await fetch(`${supabaseUrl}/auth/v1/token?grant_type=password`, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json",
+          apikey: process.env.SUPABASE_ANON_KEY
+        },
+        body: JSON.stringify({ email: email3, password })
+      });
+      if (!tokenRes.ok) {
+        const body = await tokenRes.json().catch(() => ({ error_description: "Authentication failed" }));
+        const message = body.error_description || body.msg || "Invalid email or password";
+        res.type("html").send(renderLoginPage(state, message));
+        return;
+      }
+      const data = await tokenRes.json();
+      pendingAuths.delete(state);
+      await this.completeAuthWithTokens(pending, res, data.access_token, data.refresh_token);
+    } catch (error48) {
+      console.error("Email/password login error:", error48);
+      res.type("html").send(renderLoginPage(state, "An unexpected error occurred"));
+    }
+  }
+  async handleSSOLogin(req, res) {
+    const { state, email: email3 } = req.body;
+    if (!state || !email3) {
+      res.status(400).send("Missing required fields");
+      return;
+    }
+    const pending = pendingAuths.get(state);
+    if (!pending) {
+      res.status(400).type("html").send(renderLoginPage(state, "Session expired — please try again"));
+      return;
+    }
+    const supabaseUrl = process.env.SUPABASE_URL;
+    const serverUrl = process.env.MCP_SERVER_URL;
+    if (!supabaseUrl || !serverUrl) {
+      res.status(500).send("Server misconfigured");
+      return;
+    }
+    const domain2 = email3.includes("@") ? email3.split("@").pop() : email3;
+    try {
+      const ssoRes = await fetch(`${supabaseUrl}/auth/v1/sso`, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json",
+          apikey: process.env.SUPABASE_ANON_KEY
+        },
+        body: JSON.stringify({
+          domain: domain2,
+          redirect_to: `${serverUrl}/auth/callback?mcp_state=${state}`,
+          skip_http_redirect: true,
+          code_challenge: createHash2("sha256").update(pending.supabaseCodeVerifier).digest("base64url"),
+          code_challenge_method: "s256"
+        })
+      });
+      if (!ssoRes.ok) {
+        const body = await ssoRes.json().catch(() => ({}));
+        const message = body.error_description || body.msg || body.message || "No SSO provider configured for this domain";
+        res.type("html").send(renderLoginPage(state, message));
+        return;
+      }
+      const data = await ssoRes.json();
+      if (!data.url) {
+        res.type("html").send(renderLoginPage(state, "No SSO provider configured for this domain"));
+        return;
+      }
+      res.redirect(data.url);
+    } catch (error48) {
+      console.error("SSO login error:", error48);
+      res.type("html").send(renderLoginPage(state, "An unexpected error occurred"));
+    }
+  }
+  async completeAuthWithTokens(pending, res, supabaseJwt, supabaseRefreshToken) {
+    const teams = await fetchUserTeams(supabaseJwt);
+    if (teams.length === 1) {
+      const refreshed = await setActiveTeamAndRefresh(supabaseJwt, supabaseRefreshToken, teams[0].id);
+      this.completeAuthFlow(pending, res, {
+        jwt: refreshed.jwt,
+        refreshToken: refreshed.refreshToken,
+        teamId: teams[0].id
+      });
+      return;
+    }
+    const selectionToken = randomToken();
+    pendingTeamSelections.set(selectionToken, {
+      supabaseJwt,
+      supabaseRefreshToken,
+      teams,
+      pending,
+      expiresAt: Date.now() + TEAM_SELECTION_TTL
+    });
+    res.type("html").send(renderTeamSelectionPage(teams, selectionToken));
+  }
   async challengeForAuthorizationCode(_client, authorizationCode) {
     const entry = authCodes.get(authorizationCode);
     if (!entry)
@@ -53815,26 +53954,7 @@ class KadoaOAuthProvider {
     pendingAuths.delete(state);
     try {
       const supabaseTokens = await exchangeSupabaseCode(code, pending.supabaseCodeVerifier);
-      const supabaseJwt = supabaseTokens.accessToken;
-      const teams = await fetchUserTeams(supabaseJwt);
-      if (teams.length === 1) {
-        const refreshed = await setActiveTeamAndRefresh(supabaseJwt, supabaseTokens.refreshToken, teams[0].id);
-        this.completeAuthFlow(pending, res, {
-          jwt: refreshed.jwt,
-          refreshToken: refreshed.refreshToken,
-          teamId: teams[0].id
-        });
-        return;
-      }
-      const selectionToken = randomToken();
-      pendingTeamSelections.set(selectionToken, {
-        supabaseJwt,
-        supabaseRefreshToken: supabaseTokens.refreshToken,
-        teams,
-        pending,
-        expiresAt: Date.now() + TEAM_SELECTION_TTL
-      });
-      res.type("html").send(renderTeamSelectionPage(teams, selectionToken));
+      await this.completeAuthWithTokens(pending, res, supabaseTokens.accessToken, supabaseTokens.refreshToken);
     } catch (error48) {
       console.error("Auth callback error:", error48);
       const redirectUrl = new URL(pending.params.redirectUri);
@@ -54017,6 +54137,309 @@ function renderTeamSelectionPage(teams, selectionToken) {
 </body>
 </html>`;
 }
+function renderLoginPage(state, error48) {
+  const errorHtml = error48 ? `<div class="error">${escapeHtml(error48)}</div>` : "";
+  return `<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="utf-8" />
+  <meta name="viewport" content="width=device-width, initial-scale=1" />
+  <title>Sign In - Kadoa</title>
+  <style>
+    * { margin: 0; padding: 0; box-sizing: border-box; }
+    body {
+      font-family: ui-sans-serif, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, sans-serif;
+      background: hsl(0 0% 98%);
+      color: #18181b;
+      min-height: 100dvh;
+      display: flex;
+      align-items: center;
+      justify-content: center;
+      background-image: radial-gradient(circle, #d4d4d8 1px, transparent 1px);
+      background-size: 24px 24px;
+      background-position: center top;
+    }
+    .card {
+      width: 100%;
+      max-width: 460px;
+      background: #fff;
+      padding: 1rem;
+      display: flex;
+      flex-direction: column;
+      gap: 1rem;
+      min-height: 100dvh;
+    }
+    @media (min-width: 768px) {
+      .card { padding: 3rem; min-height: auto; border-left: 1px solid #e0e1e5; border-right: 1px solid #e0e1e5; }
+    }
+    .logo { display: grid; place-content: center; }
+    h1 {
+      font-size: 20px;
+      font-weight: 600;
+      text-align: center;
+      color: #18181b;
+    }
+    .spacer { height: 0; }
+    @media (min-width: 768px) { .spacer { height: 3rem; } }
+    .error {
+      background: #fef2f2;
+      color: #991b1b;
+      border: 1px solid #fecaca;
+      border-radius: 4px;
+      padding: 0.6rem 0.875rem;
+      font-size: 15px;
+    }
+    /* Buttons — matching KUI default + primary looks */
+    .btn {
+      width: 100%;
+      padding: 0.6em 1em;
+      border-radius: 4px;
+      font-size: 16px;
+      font-weight: 500;
+      cursor: pointer;
+      display: flex;
+      align-items: center;
+      justify-content: center;
+      gap: 0.5rem;
+      transition: background 0.15s, border-color 0.15s;
+      text-decoration: none;
+    }
+    .btn-default {
+      background: #fff;
+      color: #18181b;
+      border: 1px solid #d4d4d8;
+      box-shadow: inset 0 -3px 0 0 rgba(0,0,0,0.03), 0 1px 0px 1px rgba(255,255,255,0.5), 0 -1px 0px 1px rgba(0,0,0,0.02);
+    }
+    .btn-default:hover {
+      background: rgba(113,113,122,0.1);
+    }
+    .btn-primary {
+      background: hsl(212 70% 27%);
+      color: #fff;
+      border: 1px solid hsl(214 70% 23%);
+      box-shadow: inset 0 2px 0 0 rgba(56,189,248,0.2), 0 -1px 0px 1px rgba(0,0,0,0.02);
+    }
+    .btn-primary:hover {
+      background: hsl(212 70% 33%);
+    }
+    /* OR divider */
+    .line-or {
+      display: flex;
+      align-items: center;
+      gap: 0.5rem;
+      font-weight: 500;
+      color: rgba(24,24,27,0.6);
+      font-size: 14px;
+      margin: 0.5rem 0;
+    }
+    .line-or hr {
+      flex: 1;
+      border: none;
+      border-top: 1px solid rgba(113,113,122,0.15);
+    }
+    /* Form inputs — matching KUI input style */
+    label {
+      display: block;
+      font-size: 16px;
+      font-weight: 500;
+      margin-bottom: 0.25rem;
+      color: #18181b;
+    }
+    input[type="email"], input[type="password"] {
+      width: 100%;
+      padding: 0.35em 0.5em;
+      border: 1px solid #d4d4d8;
+      border-radius: 4px;
+      font-size: 18px;
+      font-family: inherit;
+      color: #18181b;
+      background: #fff;
+      outline: none;
+      box-shadow: inset 0 3px 0 0 rgba(0,0,0,0.025);
+      transition: border-color 0.15s;
+      caret-color: hsl(25 98% 53%);
+    }
+    input[type="email"]:hover, input[type="password"]:hover {
+      border-color: hsl(31 99% 72%);
+    }
+    input[type="email"]:focus, input[type="password"]:focus {
+      border-color: hsl(25 98% 53%);
+      box-shadow: inset 0 3px 0 0 rgba(0,0,0,0.025), 0 0 0 2px rgba(249,115,22,0.2);
+    }
+    .field { margin-bottom: 0.75rem; }
+    hr.separator {
+      border: none;
+      border-top: 1px solid rgba(113,113,122,0.15);
+      margin: 0.5rem 0;
+    }
+    .google-icon { width: 18px; height: 18px; }
+    .key-icon { width: 16px; height: 16px; }
+    /* Tabs for email/SSO — keep simple, same visual weight */
+    .tabs {
+      display: none;
+    }
+    .tab-content { display: none; }
+    .tab-content.active { display: block; }
+    .tab-switch {
+      text-align: center;
+      margin-top: 0.25rem;
+    }
+    .tab-switch a {
+      font-size: 15px;
+      color: #18181b;
+      text-decoration: underline;
+      text-decoration-color: rgba(251,146,60,0.5);
+      text-underline-offset: 2px;
+      cursor: pointer;
+    }
+    .tab-switch a:hover {
+      background: rgba(251,146,60,0.1);
+      border-radius: 2px;
+    }
+  </style>
+</head>
+<body>
+  <div class="card">
+    <!-- Logo {k} -->
+    <div class="logo">
+      <svg width="40" height="40" viewBox="0 0 40 40" fill="none" xmlns="http://www.w3.org/2000/svg">
+        <path opacity="0.15" d="M25.3196 6.25H14.6804C14.6804 7.49264 13.6596 8.5 12.4005 8.5C11.3808 8.5 10.8312 8.67478 10.5466 8.82497C10.3001 8.95506 10.147 9.11941 10.0189 9.38005C9.85482 9.7141 9.74438 10.1712 9.68281 10.8152C9.62136 11.458 9.61405 12.2133 9.61405 13.125L9.61416 13.3731C9.61532 14.9118 9.61694 17.0733 8.75235 18.8332C8.55109 19.2428 8.30266 19.6357 8 20C8.30266 20.3643 8.55109 20.7572 8.75235 21.1668C9.61694 22.9267 9.61532 25.0882 9.61416 26.6269L9.61405 26.875C9.61405 27.7867 9.62136 28.542 9.68281 29.1848C9.74438 29.8288 9.85482 30.2859 10.0189 30.6199C10.147 30.8806 10.3001 31.0449 10.5466 31.175C10.8312 31.3252 11.3808 31.5 12.4005 31.5C13.6596 31.5 14.6804 32.5074 14.6804 33.75H25.3196C25.3196 32.5074 26.3404 31.5 27.5995 31.5C28.6192 31.5 29.1688 31.3252 29.4534 31.175C29.6999 31.0449 29.853 30.8806 29.9811 30.6199C30.1452 30.2859 30.2556 29.8288 30.3172 29.1848C30.3786 28.542 30.386 27.7867 30.386 26.875L30.3858 26.6269C30.3847 25.0882 30.3831 22.9267 31.2477 21.1668C31.4489 20.7572 31.6973 20.3643 32 20C31.6973 19.6357 31.4489 19.2428 31.2477 18.8332C30.3831 17.0733 30.3847 14.9118 30.3858 13.3731L30.386 13.125C30.386 12.2133 30.3786 11.458 30.3172 10.8152C30.2556 10.1712 30.1452 9.7141 29.9811 9.38005C29.853 9.11941 29.6999 8.95506 29.4534 8.82497C29.1688 8.67478 28.6192 8.5 27.5995 8.5C26.3404 8.5 25.3196 7.49264 25.3196 6.25Z" fill="#fd7412"/>
+        <path d="M12.5 6.25C2.5 6.25 12.5 20 2.5 20C12.5 20 2.5 33.75 12.5 33.75" stroke="#fd7412" stroke-linecap="round" stroke-linejoin="round" stroke-width="1.8"/>
+        <path d="M16 10V29" stroke="#18181B" stroke-linecap="round" stroke-linejoin="round" stroke-width="1.8"/>
+        <path d="M27.5 6.25C37.5 6.25 27.5 20 37.5 20C27.5 20 37.5 33.75 27.5 33.75" stroke="#fd7412" stroke-linecap="round" stroke-linejoin="round" stroke-width="1.8"/>
+        <path d="M16 23L25 18" stroke="#18181B" stroke-linecap="round" stroke-linejoin="round" stroke-width="1.8"/>
+        <path d="M25 29L16 23" stroke="#18181B" stroke-linecap="round" stroke-linejoin="round" stroke-width="1.8"/>
+      </svg>
+    </div>
+    <!-- Heading -->
+    <h1>Sign in to Kadoa</h1>
+    <div class="spacer"></div>
+    ${errorHtml}
+    <!-- Continue with Google -->
+    <form method="POST" action="/auth/google">
+      <input type="hidden" name="state" value="${escapeHtml(state)}" />
+      <button type="submit" class="btn btn-default">
+        <svg class="google-icon" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg">
+          <path d="M22.56 12.25c0-.78-.07-1.53-.2-2.25H12v4.26h5.92a5.06 5.06 0 0 1-2.2 3.32v2.77h3.57c2.08-1.92 3.28-4.74 3.28-8.1z" fill="#4285F4"/>
+          <path d="M12 23c2.97 0 5.46-.98 7.28-2.66l-3.57-2.77c-.98.66-2.23 1.06-3.71 1.06-2.86 0-5.29-1.93-6.16-4.53H2.18v2.84C3.99 20.53 7.7 23 12 23z" fill="#34A853"/>
+          <path d="M5.84 14.09c-.22-.66-.35-1.36-.35-2.09s.13-1.43.35-2.09V7.07H2.18C1.43 8.55 1 10.22 1 12s.43 3.45 1.18 4.93l2.85-2.22.81-.62z" fill="#FBBC05"/>
+          <path d="M12 5.38c1.62 0 3.06.56 4.21 1.64l3.15-3.15C17.45 2.09 14.97 1 12 1 7.7 1 3.99 3.47 2.18 7.07l3.66 2.84c.87-2.6 3.3-4.53 6.16-4.53z" fill="#EA4335"/>
+        </svg>
+        Continue with Google
+      </button>
+    </form>
+    <!-- Continue with SSO -->
+    <div id="sso-button-wrapper">
+      <form method="POST" action="/auth/sso" id="sso-direct-form" style="display:none">
+        <input type="hidden" name="state" value="${escapeHtml(state)}" />
+        <input type="hidden" name="email" id="sso-email-hidden" />
+      </form>
+      <button type="button" class="btn btn-default" id="sso-toggle-btn">
+        <svg class="key-icon" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg">
+          <path d="M10 1a5 5 0 0 0-4.546 7.066l-4.161 4.16a.5.5 0 0 0-.146.354V14.5a.5.5 0 0 0 .5.5h2a.5.5 0 0 0 .5-.5V14h1a.5.5 0 0 0 .5-.5v-1h1a.5.5 0 0 0 .354-.146l.94-.94A5 5 0 1 0 10 1zm1.5 4a1.5 1.5 0 1 1 0-3 1.5 1.5 0 0 1 0 3z" fill="currentColor"/>
+        </svg>
+        Continue with SSO
+      </button>
+    </div>
+    <!-- OR divider -->
+    <div class="line-or">
+      <hr />
+      OR
+      <hr />
+    </div>
+    <!-- Email + Password form -->
+    <div class="tab-content active" id="tab-email">
+      <form method="POST" action="/auth/login">
+        <input type="hidden" name="state" value="${escapeHtml(state)}" />
+        <div class="field">
+          <label for="email">Sign in with email:</label>
+          <input type="email" id="email" name="email" required autocomplete="email" />
+        </div>
+        <div class="field">
+          <label for="password">Your password:</label>
+          <input type="password" id="password" name="password" required autocomplete="current-password" />
+        </div>
+        <button type="submit" class="btn btn-primary">Continue</button>
+      </form>
+    </div>
+    <!-- SSO form (shown when "Continue with SSO" is clicked) -->
+    <div class="tab-content" id="tab-sso">
+      <form method="POST" action="/auth/sso">
+        <input type="hidden" name="state" value="${escapeHtml(state)}" />
+        <div class="field">
+          <label for="sso-email">Work email:</label>
+          <input type="email" id="sso-email" name="email" required autocomplete="email" />
+        </div>
+        <button type="submit" class="btn btn-primary">Continue with SSO</button>
+      </form>
+      <div class="tab-switch">
+        <a id="back-to-email">Sign in with email instead</a>
+      </div>
+    </div>
+    <div style="flex:1"></div>
+    <script>
+      var ssoBtn = document.getElementById('sso-toggle-btn');
+      var tabEmail = document.getElementById('tab-email');
+      var tabSso = document.getElementById('tab-sso');
+      var ssoWrapper = document.getElementById('sso-button-wrapper');
+      var lineOr = document.querySelector('.line-or');
+      var backLink = document.getElementById('back-to-email');
+      ssoBtn.addEventListener('click', function() {
+        tabEmail.classList.remove('active');
+        tabSso.classList.add('active');
+        ssoWrapper.style.display = 'none';
+        lineOr.style.display = 'none';
+        document.getElementById('sso-email').focus();
+      });
+      backLink.addEventListener('click', function() {
+        tabSso.classList.remove('active');
+        tabEmail.classList.add('active');
+        ssoWrapper.style.display = '';
+        lineOr.style.display = '';
+      });
+    </script>
+  </div>
+</body>
+</html>`;
+}
 function escapeHtml(str) {
   return str.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;").replace(/'/g, "&#39;");
 }
@@ -54098,6 +54521,15 @@ async function startHttpServer() {
   app.get("/auth/callback", (req, res) => {
     provider.handleAuthCallback(req, res);
   });
+  app.post("/auth/google", express8.urlencoded({ extended: false }), (req, res) => {
+    provider.handleGoogleLogin(req, res);
+  });
+  app.post("/auth/login", express8.urlencoded({ extended: false }), (req, res) => {
+    provider.handleEmailPasswordLogin(req, res);
+  });
+  app.post("/auth/sso", express8.urlencoded({ extended: false }), (req, res) => {
+    provider.handleSSOLogin(req, res);
+  });
   app.post("/team-select", express8.urlencoded({ extended: false }), (req, res) => {
     provider.handleTeamSelection(req, res);
   });

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@kadoa/mcp",
-  "version": "0.3.2",
+  "version": "0.3.3-rc.1",
   "description": "Kadoa MCP Server — manage workflows from Claude Desktop, Cursor, and other MCP clients",
   "type": "module",
   "main": "dist/index.js",