npm - @kadoa/mcp - Versions diffs - 0.3.6-rc.0 → 0.3.6-rc.2 - Mend

@kadoa/mcp 0.3.6-rc.0 → 0.3.6-rc.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/index.js +76 -89
package/package.json +1 -1

package/dist/index.js CHANGED Viewed

@@ -49219,7 +49219,7 @@ function classifyError(error48) {
       switch (code) {
         case "AUTH_ERROR":
           if (httpError.httpStatus === 403) {
-            return `Access denied${status}. Your current team role may not have permission for this action. Use the team_list tool to check your role, or contact your team admin to request write access.`;
+            return `Access denied${status}. Your current team role may not have permission for this action. Use the whoami tool to check your role, or contact your team admin to request elevated access.`;
           }
           return `Authentication failed${status}. Your Kadoa API key may be invalid or expired. Please check your KADOA_API_KEY or re-authenticate.`;
         case "NOT_FOUND":
@@ -49267,7 +49267,19 @@ function registerTools(server, ctx) {
         await getValidJwt(ctx);
         return await handler(...args);
       } catch (error48) {
-        const message = classifyError(error48);
+        let message = classifyError(error48);
+        if (KadoaHttpException.isInstance(error48) && error48.httpStatus === 403) {
+          try {
+            const jwt2 = ctx.supabaseJwt;
+            const teams = await ctx.client.listTeams(jwt2 ? { bearerToken: jwt2 } : undefined);
+            const config2 = loadConfig2();
+            const activeTeamId = ctx.teamId ?? config2.teamId ?? teams[0]?.id;
+            const activeTeam = teams.find((t) => t.id === activeTeamId);
+            if (activeTeam?.adminEmail) {
+              message += ` Your team admin is ${activeTeam.adminEmail}.`;
+            }
+          } catch {}
+        }
         console.error(`[Tool Error] ${name}:`, error48);
         return errorResult(message);
       }
@@ -49289,7 +49301,8 @@ function registerTools(server, ctx) {
       authMethod,
       teams: teams.map((t) => ({
         name: t.name,
-        role: t.role,
+        memberRole: t.memberRole,
+        ...t.adminEmail ? { adminEmail: t.adminEmail } : {},
         ...t.id === activeTeamId ? { active: true } : {}
       }))
     });
@@ -49304,28 +49317,16 @@ function registerTools(server, ctx) {
     entity: exports_external.string().optional().describe("Entity name for extraction (e.g., 'Product', 'Job Posting')"),
     schema: exports_external.preprocess(coerceArray(), exports_external.array(exports_external.object(SchemaFieldShape))).optional().describe("Extraction schema fields. If omitted, the AI agent auto-detects the schema.")
   };
-  const webhookAuthShape = exports_external.object({
-    type: exports_external.enum(["bearer", "basic", "header"]).describe("Authentication type"),
-    token: exports_external.string().optional().describe("Bearer token (required for 'bearer' type)"),
-    username: exports_external.string().optional().describe("Username (required for 'basic' type)"),
-    password: exports_external.string().optional().describe("Password (required for 'basic' type)"),
-    headers: exports_external.object({}).passthrough().optional().describe("Custom headers as key-value pairs (required for 'header' type)")
-  }).optional().describe("Authentication configuration for the webhook endpoint");
   const notificationsInputShape = {
     notifications: exports_external.object({
-      email: exports_external.object({
-        recipients: exports_external.array(exports_external.string().email()).optional().describe("Email addresses to notify. Omit to use account default email.")
-      }).optional().describe("Send email notifications. Pass {} for account default email, or {recipients: [...]} for custom addresses."),
+      email: exports_external.boolean().optional().describe("Send email notifications to the account email when data changes"),
       webhook: exports_external.object({
         url: exports_external.string().url().describe("Webhook endpoint URL"),
-        httpMethod: exports_external.enum(["POST", "GET", "PUT", "PATCH"]).optional().describe("HTTP method (defaults to POST)"),
-        auth: webhookAuthShape
+        httpMethod: exports_external.enum(["POST", "GET", "PUT", "PATCH"]).optional().describe("HTTP method (defaults to POST)")
       }).optional().describe("Send notifications via HTTP webhook"),
       slack: exports_external.object({
-        webhookUrl: exports_external.string().url().optional().describe("Slack incoming webhook URL (legacy)"),
-        slackChannelId: exports_external.string().optional().describe("Slack channel ID from OAuth integration (e.g. C01ABCDEF)"),
-        slackChannelName: exports_external.string().optional().describe("Slack channel name (e.g. #alerts)")
-      }).optional().describe("Send notifications to a Slack channel. Use slackChannelId/slackChannelName for OAuth integration, or webhookUrl for legacy incoming webhooks."),
+        webhookUrl: exports_external.string().url().describe("Slack incoming webhook URL")
+      }).optional().describe("Send notifications to a Slack channel"),
       websocket: exports_external.boolean().optional().describe("Enable WebSocket notifications for programmatic real-time consumption")
     }).optional().describe("Notification channels to alert when data changes.")
   };
@@ -49346,34 +49347,22 @@ function registerTools(server, ctx) {
   }
   function buildNotificationChannels(n) {
     const channels = {};
-    if (n.email) {
-      if (typeof n.email === "object" && n.email.recipients?.length) {
-        channels.EMAIL = { name: "mcp-email", recipients: n.email.recipients };
-      } else {
-        channels.EMAIL = true;
-      }
-    }
+    if (n.email)
+      channels.EMAIL = true;
     if (n.websocket)
       channels.WEBSOCKET = true;
     if (n.webhook) {
-      const webhookChannel = {
+      channels.WEBHOOK = {
         name: "mcp-webhook",
         webhookUrl: n.webhook.url,
         httpMethod: n.webhook.httpMethod || "POST"
       };
-      if (n.webhook.auth)
-        webhookChannel.auth = n.webhook.auth;
-      channels.WEBHOOK = webhookChannel;
     }
     if (n.slack) {
-      const slackChannel = { name: "mcp-slack" };
-      if (n.slack.webhookUrl)
-        slackChannel.webhookUrl = n.slack.webhookUrl;
-      if (n.slack.slackChannelId)
-        slackChannel.slackChannelId = n.slack.slackChannelId;
-      if (n.slack.slackChannelName)
-        slackChannel.slackChannelName = n.slack.slackChannelName;
-      channels.SLACK = slackChannel;
+      channels.SLACK = {
+        name: "mcp-slack",
+        webhookUrl: n.slack.webhookUrl
+      };
     }
     return channels;
   }
@@ -49382,17 +49371,11 @@ function registerTools(server, ctx) {
       return [];
     const channels = [];
     if (n.email) {
-      if (typeof n.email === "object" && n.email.recipients?.length) {
-        channels.push(`email (${n.email.recipients.join(", ")})`);
-      } else {
-        const user = await ctx.client.user.getCurrentUser();
-        channels.push(`email (${user.email})`);
-      }
-    }
-    if (n.slack) {
-      const slackDesc = n.slack.slackChannelName || n.slack.slackChannelId || n.slack.webhookUrl || "default";
-      channels.push(`slack (${slackDesc})`);
+      const user = await ctx.client.user.getCurrentUser();
+      channels.push(`email (${user.email})`);
     }
+    if (n.slack)
+      channels.push(`slack (${n.slack.webhookUrl})`);
     if (n.webhook)
       channels.push(`webhook (${n.webhook.url})`);
     if (n.websocket)
@@ -49727,24 +49710,15 @@ function registerTools(server, ctx) {
     });
   }));
   server.registerTool("create_notification_channel", {
-    description: "Create a notification channel (email, webhook, slack, or websocket). The channel can then be linked to notification settings for specific events. " + "For SLACK: use slackChannelId + slackChannelName for OAuth integration, or webhookUrl for legacy incoming webhooks. " + "For WEBHOOK: auth is optional and supports bearer, basic, or header authentication.",
+    description: "Create a notification channel (email, webhook, or slack). The channel can then be linked to notification settings for specific events.",
     inputSchema: {
-      channelType: exports_external.enum(["EMAIL", "WEBHOOK", "SLACK", "WEBSOCKET"]).describe("Type of notification channel"),
+      channelType: exports_external.enum(["EMAIL", "WEBHOOK", "SLACK"]).describe("Type of notification channel"),
       name: exports_external.string().optional().describe("Name for the channel (defaults to 'default')"),
       config: exports_external.object({
         recipients: exports_external.array(exports_external.string()).optional().describe("Email recipients (required for EMAIL channels)"),
-        webhookUrl: exports_external.string().optional().describe("Webhook/Slack endpoint URL (required for WEBHOOK, optional for SLACK)"),
-        httpMethod: exports_external.enum(["POST", "GET", "PUT", "PATCH"]).optional().describe("HTTP method for WEBHOOK channels (defaults to POST)"),
-        slackChannelId: exports_external.string().optional().describe("Slack channel ID from OAuth integration (for SLACK channels, e.g. C01ABCDEF)"),
-        slackChannelName: exports_external.string().optional().describe("Slack channel name (for SLACK channels, e.g. #alerts)"),
-        auth: exports_external.object({
-          type: exports_external.enum(["bearer", "basic", "header"]).describe("Authentication type"),
-          token: exports_external.string().optional().describe("Bearer token (for 'bearer' type)"),
-          username: exports_external.string().optional().describe("Username (for 'basic' type)"),
-          password: exports_external.string().optional().describe("Password (for 'basic' type)"),
-          headers: exports_external.object({}).passthrough().optional().describe("Custom headers as key-value pairs (for 'header' type)")
-        }).optional().describe("Authentication for WEBHOOK channels")
-      }).optional().describe("Channel-specific configuration. " + "EMAIL: provide recipients. " + "WEBHOOK: provide webhookUrl, httpMethod, and optionally auth. " + "SLACK: provide slackChannelId + slackChannelName (OAuth) or webhookUrl (legacy). " + "WEBSOCKET: no config needed.")
+        webhookUrl: exports_external.string().optional().describe("Webhook/Slack endpoint URL (required for WEBHOOK and SLACK channels)"),
+        httpMethod: exports_external.enum(["POST", "GET", "PUT", "PATCH"]).optional().describe("HTTP method for WEBHOOK channels (defaults to POST)")
+      }).optional().describe("Channel-specific configuration. For EMAIL: provide recipients. For WEBHOOK: provide webhookUrl. For SLACK: provide webhookUrl.")
     },
     annotations: { readOnlyHint: false, destructiveHint: false, idempotentHint: false }
   }, withErrorHandling("create_notification_channel", async (args) => {
@@ -49794,10 +49768,6 @@ function registerTools(server, ctx) {
         "workflow_failed",
         "workflow_sample_finished",
         "workflow_data_change",
-        "workflow_validation_anomaly_change",
-        "workflow_export_completed",
-        "workflow_health_degraded",
-        "workflow_recovered",
         "system_maintenance",
         "service_degradation",
         "credits_low",
@@ -49828,21 +49798,18 @@ function registerTools(server, ctx) {
     description: "Set up notifications for a workflow or workspace. Creates channels and settings in one step. " + "Specify which events to listen for and which channels to deliver to (email, webhook, slack, websocket).",
     inputSchema: {
       workflowId: exports_external.string().optional().describe("Workflow ID to configure notifications for. Omit for workspace-level notifications."),
-      events: exports_external.array(exports_external.string()).describe('Event types to notify on. Pass ["all"] for all events, or pick from: ' + "workflow_started, workflow_finished, workflow_failed, workflow_sample_finished, " + "workflow_data_change, workflow_validation_anomaly_change, workflow_export_completed, " + "workflow_health_degraded, workflow_recovered, " + "system_maintenance, service_degradation, credits_low, free_trial_ending"),
+      events: exports_external.array(exports_external.string()).describe('Event types to notify on. Pass ["all"] for all events, or pick from: ' + "workflow_started, workflow_finished, workflow_failed, workflow_sample_finished, " + "workflow_data_change, system_maintenance, service_degradation, credits_low, free_trial_ending"),
       channels: exports_external.object({
         email: exports_external.object({
           recipients: exports_external.array(exports_external.string().email()).optional().describe("Email addresses to notify. Omit to use the account default email.")
         }).optional().describe("Send email notifications. Pass {} for default email or {recipients: [...]} for custom addresses."),
         webhook: exports_external.object({
           url: exports_external.string().url().describe("Webhook endpoint URL"),
-          httpMethod: exports_external.enum(["POST", "GET", "PUT", "PATCH"]).optional().describe("HTTP method (defaults to POST)"),
-          auth: webhookAuthShape
+          httpMethod: exports_external.enum(["POST", "GET", "PUT", "PATCH"]).optional().describe("HTTP method (defaults to POST)")
         }).optional().describe("Send via HTTP webhook"),
         slack: exports_external.object({
-          webhookUrl: exports_external.string().url().optional().describe("Slack incoming webhook URL (legacy)"),
-          slackChannelId: exports_external.string().optional().describe("Slack channel ID from OAuth integration (e.g. C01ABCDEF)"),
-          slackChannelName: exports_external.string().optional().describe("Slack channel name (e.g. #alerts)")
-        }).optional().describe("Send to Slack channel. Use slackChannelId/slackChannelName for OAuth integration, or webhookUrl for legacy incoming webhooks."),
+          webhookUrl: exports_external.string().url().describe("Slack incoming webhook URL")
+        }).optional().describe("Send to Slack channel"),
         websocket: exports_external.boolean().optional().describe("Enable WebSocket notifications")
       }).describe("At least one channel must be specified")
     },
@@ -49861,24 +49828,17 @@ function registerTools(server, ctx) {
     if (ch.websocket)
       channelSetup.WEBSOCKET = true;
     if (ch.webhook) {
-      const webhookChannel = {
+      channelSetup.WEBHOOK = {
         name: "mcp-webhook",
         webhookUrl: ch.webhook.url,
         httpMethod: ch.webhook.httpMethod || "POST"
       };
-      if (ch.webhook.auth)
-        webhookChannel.auth = ch.webhook.auth;
-      channelSetup.WEBHOOK = webhookChannel;
     }
     if (ch.slack) {
-      const slackChannel = { name: "mcp-slack" };
-      if (ch.slack.webhookUrl)
-        slackChannel.webhookUrl = ch.slack.webhookUrl;
-      if (ch.slack.slackChannelId)
-        slackChannel.slackChannelId = ch.slack.slackChannelId;
-      if (ch.slack.slackChannelName)
-        slackChannel.slackChannelName = ch.slack.slackChannelName;
-      channelSetup.SLACK = slackChannel;
+      channelSetup.SLACK = {
+        name: "mcp-slack",
+        webhookUrl: ch.slack.webhookUrl
+      };
     }
     if (Object.keys(channelSetup).length === 0) {
       return errorResult("At least one notification channel must be specified (email, webhook, slack, or websocket).");
@@ -49935,7 +49895,8 @@ function registerTools(server, ctx) {
       teams: teams.map((t) => ({
         id: t.id,
         name: t.name,
-        role: t.role,
+        memberRole: t.memberRole,
+        ...t.adminEmail ? { adminEmail: t.adminEmail } : {},
         active: t.id === activeTeamId
       })),
       activeTeamId
@@ -53987,6 +53948,14 @@ function generatePKCE() {
   const challenge = createHash2("sha256").update(verifier).digest("base64url");
   return { verifier, challenge };
 }
+function jwtClaims(jwt2) {
+  try {
+    const payload = JSON.parse(Buffer.from(jwt2.split(".")[1], "base64url").toString());
+    return { email: payload.email, sub: payload.sub };
+  } catch {
+    return {};
+  }
+}
 async function exchangeSupabaseCode(code, codeVerifier) {
   const supabaseUrl = process.env.SUPABASE_URL;
   if (!supabaseUrl)
@@ -54242,6 +54211,8 @@ class KadoaOAuthProvider {
       clientId: entry.clientId
     });
     authCodes.delete(authorizationCode);
+    const claims = jwtClaims(entry.supabaseJwt);
+    console.log(`[AUTH] LOGIN: tokens issued (email=${claims.email}, team=${entry.teamId}, token=${accessToken.slice(0, 12)}..., ttl=${ACCESS_TOKEN_TTL}s, active_sessions=${accessTokens.size})`);
     return {
       access_token: accessToken,
       token_type: "bearer",
@@ -54251,8 +54222,10 @@ class KadoaOAuthProvider {
   }
   async exchangeRefreshToken(_client, refreshToken) {
     const entry = refreshTokens.get(refreshToken);
-    if (!entry)
+    if (!entry) {
+      console.error(`[AUTH] REFRESH_FAIL: unknown refresh token (token=${refreshToken.slice(0, 12)}..., active_sessions=${refreshTokens.size})`);
       throw new Error("Unknown refresh token");
+    }
     refreshTokens.delete(refreshToken);
     let { supabaseJwt, supabaseRefreshToken } = entry;
     try {
@@ -54270,9 +54243,18 @@ class KadoaOAuthProvider {
           const data = await res.json();
           supabaseJwt = data.access_token;
           supabaseRefreshToken = data.refresh_token;
+          const newClaims = jwtClaims(supabaseJwt);
+          console.log(`[AUTH] REFRESH_OK: Supabase JWT refreshed (email=${newClaims.email}, team=${entry.teamId})`);
+        } else {
+          const body = await res.text().catch(() => "");
+          const claims = jwtClaims(entry.supabaseJwt);
+          console.error(`[AUTH] REFRESH_WARN: Supabase refresh failed HTTP ${res.status} (email=${claims.email}, team=${entry.teamId}): ${body.slice(0, 200)}`);
         }
       }
-    } catch {}
+    } catch (err) {
+      const claims = jwtClaims(entry.supabaseJwt);
+      console.error(`[AUTH] REFRESH_WARN: Supabase refresh threw (email=${claims.email}, team=${entry.teamId}):`, err);
+    }
     const newAccessToken = randomToken();
     const newRefreshToken = randomToken();
     const expiresAt = Date.now() + ACCESS_TOKEN_TTL * 1000;
@@ -54307,9 +54289,14 @@ class KadoaOAuthProvider {
       };
     }
     const entry = accessTokens.get(token);
-    if (!entry)
+    if (!entry) {
+      console.error(`[AUTH] VERIFY_FAIL: unknown token (token=${token.slice(0, 12)}..., active_sessions=${accessTokens.size})`);
       throw new Error("Unknown access token");
+    }
     if (entry.expiresAt < Date.now()) {
+      const expiredAgo = Math.round((Date.now() - entry.expiresAt) / 1000);
+      const claims = jwtClaims(entry.supabaseJwt);
+      console.error(`[AUTH] VERIFY_FAIL: token expired ${expiredAgo}s ago (email=${claims.email}, team=${entry.teamId}, token=${token.slice(0, 12)}...)`);
       accessTokens.delete(token);
       throw new Error("Access token expired");
     }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@kadoa/mcp",
-  "version": "0.3.6-rc.0",
+  "version": "0.3.6-rc.2",
   "description": "Kadoa MCP Server — manage workflows from Claude Desktop, Cursor, and other MCP clients",
   "type": "module",
   "main": "dist/index.js",