@kadoa/mcp 0.3.6 → 0.3.7-rc.2

package/README.md

@@ -4,7 +4,7 @@ Use [Kadoa](https://kadoa.com) from ChatGPT, Claude.ai, Claude Code, Cursor, and
 
 ## Remote Server (no install needed)
 
-A hosted MCP server is available at `https://mcp.kadoa.com/mcp`. Connect from any MCP client — no local install, no API key config. You sign in with your Kadoa account via OAuth.
+A hosted MCP server is available at `https://mcp.kadoa.com/mcp`. Connect from any MCP client — no local install needed. You sign in with your Kadoa account via OAuth.
 
 ### Claude Code
 
@@ -24,7 +24,7 @@ claude mcp add kadoa --transport http https://mcp.kadoa.com/mcp
 2. Enter the URL: `https://mcp.kadoa.com/mcp`
 3. Sign in with your Kadoa account via OAuth
 
-### Cursor (Remote)
+### Cursor
 
 Add to `.cursor/mcp.json`:
 
@@ -43,101 +43,6 @@ Add to `.cursor/mcp.json`:
 
 Point your client to `https://mcp.kadoa.com/mcp` with OAuth authentication.
 
----
-
-## Local Setup (stdio)
-
-If you prefer to run the MCP server locally (e.g., for development or to use your own API key), install via npx:
-
-### Claude Code
-
-```bash
-claude mcp add --transport stdio -e KADOA_API_KEY=tk-your_api_key kadoa -- npx -y @kadoa/mcp
-```
-
-Add `-s user` to enable for all projects. If you have the [Kadoa CLI](https://www.npmjs.com/package/@kadoa/cli) installed, you can skip the `-e` flag — just run `kadoa login` and the MCP will use your saved key automatically.
-
-### Claude Desktop
-
-Add to `~/.config/Claude/claude_desktop_config.json`:
-
-```json
-{
-  "mcpServers": {
-    "kadoa": {
-      "command": "npx",
-      "args": ["-y", "@kadoa/mcp"],
-      "env": {
-        "KADOA_API_KEY": "tk-your_api_key"
-      }
-    }
-  }
-}
-```
-
-Restart Claude Desktop.
-
-### Cursor
-
-Add to `.cursor/mcp.json`:
-
-```json
-{
-  "mcpServers": {
-    "kadoa": {
-      "command": "npx",
-      "args": ["-y", "@kadoa/mcp"],
-      "env": {
-        "KADOA_API_KEY": "tk-your_api_key"
-      }
-    }
-  }
-}
-```
-
-### Codex
-
-```bash
-codex mcp add kadoa -- npx -y @kadoa/mcp
-```
-
-Or add to `~/.codex/config.toml`:
-
-```toml
-[mcp_servers.kadoa]
-command = "npx"
-args = ["-y", "@kadoa/mcp"]
-
-[mcp_servers.kadoa.env]
-KADOA_API_KEY = "tk-your_api_key"
-```
-
-### Gemini CLI
-
-```bash
-gemini mcp add -t stdio kadoa npx -- -y @kadoa/mcp
-```
-
-Or add to `~/.gemini/settings.json`:
-
-```json
-{
-  "mcpServers": {
-    "kadoa": {
-      "command": "npx",
-      "args": ["-y", "@kadoa/mcp"],
-      "env": {
-        "KADOA_API_KEY": "tk-your_api_key"
-      }
-    }
-  }
-}
-```
-
-## Get Your API Key
-
-Get your API key from [kadoa.com/settings](https://kadoa.com/settings).
-
 ## Tools
 
 | Tool | Description |
@@ -214,14 +119,10 @@ delete_workflow for each, confirming before proceeding.
 
 ## Troubleshooting
 
-**"No API key found"**
-- Run `kadoa login` (requires `npm i -g @kadoa/cli`), or
-- Set `KADOA_API_KEY` in your MCP config or environment
-- API keys start with `tk-`
-
 **Claude says "I don't have access to Kadoa"**
 - Verify the MCP server is configured correctly
 - Restart your MCP client
+- Re-authenticate via OAuth if prompted
 
 ## Deploying the Remote Server
 
@@ -256,24 +157,15 @@ bun run build      # Build for distribution
 
 To develop and test against a local Kadoa backend (instead of the production API), point the MCP at your local `public-api` service using the `KADOA_PUBLIC_API_URI` environment variable.
 
-**Prerequisites:** the `public-api` service must be running locally (default port `12380`). You also need a local API key — check your backend seed data or API key table.
+**Prerequisites:** the `public-api` service must be running locally (default port `12380`).
 
 **Run the MCP server locally:**
 
 ```bash
-KADOA_PUBLIC_API_URI=http://localhost:12380 KADOA_API_KEY=tk-your_local_api_key bun src/index.ts
-```
-
-**Add as a local MCP in Claude Code** (alongside the remote one):
-
-```bash
-claude mcp add --transport stdio \
-  -e KADOA_PUBLIC_API_URI=http://localhost:12380 \
-  -e KADOA_API_KEY=tk-your_local_api_key \
-  kadoa-local -- bun /path/to/kadoa-mcp/src/index.ts
+KADOA_PUBLIC_API_URI=http://localhost:12380 bun run dev
 ```
 
-This registers a `kadoa-local` server that coexists with the production `kadoa` server, so you can use both without conflicts (`mcp__kadoa__*` for prod, `mcp__kadoa-local__*` for local).
+The server starts in HTTP mode. You authenticate via OAuth the same way as with the remote server.
 
 ## License
 

package/dist/index.js

@@ -1,4 +1,4 @@
-#!/usr/bin/env node
+#!/usr/bin/env bun
 // @bun
 import { createRequire } from "node:module";
 var __create = Object.create;
@@ -28800,102 +28800,6 @@ var init_mcp = __esm(() => {
   };
 });
 
-// node_modules/@modelcontextprotocol/sdk/dist/esm/shared/stdio.js
-class ReadBuffer {
-  append(chunk) {
-    this._buffer = this._buffer ? Buffer.concat([this._buffer, chunk]) : chunk;
-  }
-  readMessage() {
-    if (!this._buffer) {
-      return null;
-    }
-    const index = this._buffer.indexOf(`
-`);
-    if (index === -1) {
-      return null;
-    }
-    const line = this._buffer.toString("utf8", 0, index).replace(/\r$/, "");
-    this._buffer = this._buffer.subarray(index + 1);
-    return deserializeMessage(line);
-  }
-  clear() {
-    this._buffer = undefined;
-  }
-}
-function deserializeMessage(line) {
-  return JSONRPCMessageSchema.parse(JSON.parse(line));
-}
-function serializeMessage(message) {
-  return JSON.stringify(message) + `
-`;
-}
-var init_stdio = __esm(() => {
-  init_types2();
-});
-
-// node_modules/@modelcontextprotocol/sdk/dist/esm/server/stdio.js
-import process3 from "node:process";
-
-class StdioServerTransport {
-  constructor(_stdin = process3.stdin, _stdout = process3.stdout) {
-    this._stdin = _stdin;
-    this._stdout = _stdout;
-    this._readBuffer = new ReadBuffer;
-    this._started = false;
-    this._ondata = (chunk) => {
-      this._readBuffer.append(chunk);
-      this.processReadBuffer();
-    };
-    this._onerror = (error48) => {
-      this.onerror?.(error48);
-    };
-  }
-  async start() {
-    if (this._started) {
-      throw new Error("StdioServerTransport already started! If using Server class, note that connect() calls start() automatically.");
-    }
-    this._started = true;
-    this._stdin.on("data", this._ondata);
-    this._stdin.on("error", this._onerror);
-  }
-  processReadBuffer() {
-    while (true) {
-      try {
-        const message = this._readBuffer.readMessage();
-        if (message === null) {
-          break;
-        }
-        this.onmessage?.(message);
-      } catch (error48) {
-        this.onerror?.(error48);
-      }
-    }
-  }
-  async close() {
-    this._stdin.off("data", this._ondata);
-    this._stdin.off("error", this._onerror);
-    const remainingDataListeners = this._stdin.listenerCount("data");
-    if (remainingDataListeners === 0) {
-      this._stdin.pause();
-    }
-    this._readBuffer.clear();
-    this.onclose?.();
-  }
-  send(message) {
-    return new Promise((resolve) => {
-      const json2 = serializeMessage(message);
-      if (this._stdout.write(json2)) {
-        resolve();
-      } else {
-        this._stdout.once("drain", resolve);
-      }
-    });
-  }
-}
-var init_stdio2 = __esm(() => {
-  init_stdio();
-});
-
 // node_modules/axios/lib/helpers/bind.js
 function bind(fn, thisArg) {
   return function wrap() {
@@ -49043,41 +48947,13 @@ var init_dist2 = __esm(() => {
 });
 
 // src/client.ts
-import { existsSync, mkdirSync, readFileSync, writeFileSync } from "node:fs";
-import { dirname, join } from "node:path";
-import { homedir } from "node:os";
-function getConfigPath() {
-  const home = process.env.HOME || homedir();
-  return join(home, ".kadoa", "config.json");
-}
-function loadConfig() {
-  const configFile = getConfigPath();
-  if (!existsSync(configFile))
-    return {};
-  try {
-    return JSON.parse(readFileSync(configFile, "utf-8"));
-  } catch {
-    return {};
-  }
-}
-function loadApiKeyFromConfig() {
-  return loadConfig().apiKey;
-}
-function resolveApiKey(apiKey) {
-  const key = apiKey || process.env.KADOA_API_KEY || loadApiKeyFromConfig();
-  if (!key) {
-    throw new Error("No API key found. Set KADOA_API_KEY env var or run 'kadoa login' (npm i -g @kadoa/cli).");
-  }
-  return key;
-}
 function createKadoaClient(auth) {
-  if (typeof auth === "object" && auth !== null) {
-    if ("jwt" in auth) {
-      return new KadoaClient({ bearerToken: auth.jwt });
-    }
-    return new KadoaClient({ apiKey: auth.apiKey });
-  }
-  return new KadoaClient({ apiKey: resolveApiKey(auth) });
+  const client = new KadoaClient({ bearerToken: auth.jwt });
+  client.axiosInstance.interceptors.request.use((config2) => {
+    config2.headers["x-kadoa-source"] = "mcp";
+    return config2;
+  });
+  return client;
 }
 var ctxRefreshMutex;
 var init_client = __esm(() => {
@@ -49086,28 +48962,6 @@ var init_client = __esm(() => {
 });
 
 // src/client.ts
-import { existsSync as existsSync2, mkdirSync as mkdirSync2, readFileSync as readFileSync2, writeFileSync as writeFileSync2 } from "node:fs";
-import { dirname as dirname2, join as join2 } from "node:path";
-import { homedir as homedir2 } from "node:os";
-function getConfigPath2() {
-  const home = process.env.HOME || homedir2();
-  return join2(home, ".kadoa", "config.json");
-}
-function loadConfig2() {
-  const configFile = getConfigPath2();
-  if (!existsSync2(configFile))
-    return {};
-  try {
-    return JSON.parse(readFileSync2(configFile, "utf-8"));
-  } catch {
-    return {};
-  }
-}
-function saveConfig(config2) {
-  const configFile = getConfigPath2();
-  mkdirSync2(dirname2(configFile), { recursive: true });
-  writeFileSync2(configFile, JSON.stringify(config2, null, 2), "utf-8");
-}
 function isJwtExpired(jwt2) {
   try {
     const payload = JSON.parse(Buffer.from(jwt2.split(".")[1], "base64url").toString());
@@ -49230,7 +49084,7 @@ function classifyError(error48) {
           if (httpError.httpStatus === 403) {
             return `Access denied${status}. Your current team role may not have permission for this action. Use the whoami tool to check your role, or contact your team admin to request elevated access.`;
           }
-          return `Authentication failed${status}. Your Kadoa API key may be invalid or expired. Please check your KADOA_API_KEY or re-authenticate.`;
+          return `Authentication failed${status}. Please re-authenticate via OAuth.`;
         case "NOT_FOUND":
           return `Not found${status}. The workflow may have been deleted or the ID is incorrect.`;
         case "RATE_LIMITED":
@@ -49248,7 +49102,7 @@ function classifyError(error48) {
     }
     switch (code) {
       case "AUTH_ERROR":
-        return "Authentication failed. Your Kadoa API key may be invalid or expired. Please check your KADOA_API_KEY or re-authenticate.";
+        return "Authentication failed. Please re-authenticate via OAuth.";
       case "NOT_FOUND":
         return "Not found. The workflow may have been deleted or the ID is incorrect.";
       case "RATE_LIMITED":
@@ -49281,8 +49135,7 @@ function registerTools(server, ctx) {
           try {
             const jwt2 = ctx.supabaseJwt;
             const teams = await ctx.client.listTeams(jwt2 ? { bearerToken: jwt2 } : undefined);
-            const config2 = loadConfig2();
-            const activeTeamId = ctx.teamId ?? config2.teamId ?? teams[0]?.id;
+            const activeTeamId = ctx.teamId ?? teams[0]?.id;
             const activeTeam = teams.find((t) => t.id === activeTeamId);
             if (activeTeam?.adminEmail) {
               message += ` Your team admin is ${activeTeam.adminEmail}.`;
@@ -49301,13 +49154,11 @@ function registerTools(server, ctx) {
   }, withErrorHandling("whoami", async () => {
     const jwt2 = await getValidJwt(ctx);
     const user = await ctx.client.user.getCurrentUser();
-    const authMethod = jwt2 ? "OAuth (JWT)" : "API Key";
     const teams = await ctx.client.listTeams(jwt2 ? { bearerToken: jwt2 } : undefined);
-    const config2 = loadConfig2();
-    const activeTeamId = ctx.teamId ?? config2.teamId ?? teams[0]?.id;
+    const activeTeamId = ctx.teamId ?? teams[0]?.id;
     return jsonResult({
       email: user.email,
-      authMethod,
+      authMethod: "OAuth",
       teams: teams.map((t) => ({
         name: t.name,
         memberRole: t.memberRole,
@@ -49951,8 +49802,7 @@ function registerTools(server, ctx) {
   }, withErrorHandling("team_list", async () => {
     const jwt2 = await getValidJwt(ctx);
     const teams = await ctx.client.listTeams(jwt2 ? { bearerToken: jwt2 } : undefined);
-    const config2 = loadConfig2();
-    const activeTeamId = ctx.teamId ?? config2.teamId ?? teams[0]?.id;
+    const activeTeamId = ctx.teamId ?? teams[0]?.id;
     return jsonResult({
       teams: teams.map((t) => ({
         id: t.id,
@@ -49972,9 +49822,6 @@ function registerTools(server, ctx) {
     annotations: { readOnlyHint: false, destructiveHint: false, idempotentHint: true }
   }, withErrorHandling("team_switch", async (args) => {
     const jwt2 = await getValidJwt(ctx);
-    if (!jwt2) {
-      return errorResult("Team switching requires OAuth authentication (HTTP mode). " + "In stdio mode, re-run with a different KADOA_API_KEY or use 'kadoa login' to authenticate via the CLI.");
-    }
     const teams = await ctx.client.listTeams({ bearerToken: jwt2 });
     const identifier = args.teamIdentifier;
     const match = teams.find((t) => t.id === identifier || t.name.toLowerCase() === identifier.toLowerCase());
@@ -49987,10 +49834,6 @@ function registerTools(server, ctx) {
       return errorResult("Failed to refresh session after team switch");
     }
     ctx.teamId = match.id;
-    const config2 = loadConfig2();
-    config2.teamId = match.id;
-    config2.teamName = match.name;
-    saveConfig(config2);
     return jsonResult({
       success: true,
       teamId: match.id,
@@ -54383,15 +54226,6 @@ class KadoaOAuthProvider {
     };
   }
   async verifyAccessToken(token) {
-    if (token.startsWith("tk-")) {
-      return {
-        token,
-        clientId: "direct-api-key",
-        scopes: [],
-        expiresAt: Math.floor(Date.now() / 1000) + 3600,
-        extra: { apiKey: token }
-      };
-    }
     const entry = await this.store.get("access_tokens", token);
     if (!entry) {
       const sessionCount = await this.store.size("access_tokens");
@@ -55043,9 +54877,6 @@ function resolveAuth(req) {
     console.error("[AUTH_RESOLVE] FAIL: req.auth.extra is missing");
     return;
   }
-  if (typeof extra.apiKey === "string" && extra.apiKey.startsWith("tk-")) {
-    return { kind: "apiKey", apiKey: extra.apiKey };
-  }
   if (typeof extra.supabaseJwt === "string") {
     const claims = jwtClaims2(extra.supabaseJwt);
     const userId = claims.sub;
@@ -55063,21 +54894,20 @@ function resolveAuth(req) {
       }
     }
     return {
-      kind: "jwt",
       jwt: extra.supabaseJwt,
       refreshToken: extra.supabaseRefreshToken ?? "",
       teamId: extra.teamId ?? "",
       userId
     };
   }
-  console.error(`[AUTH_RESOLVE] FAIL: no apiKey or supabaseJwt in extra (keys: ${Object.keys(extra).join(", ")})`);
+  console.error(`[AUTH_RESOLVE] FAIL: no supabaseJwt in extra (keys: ${Object.keys(extra).join(", ")})`);
   return;
 }
-async function startHttpServer() {
+async function startHttpServer(options) {
   const port = parseInt(process.env.PORT || "3000", 10);
   const app = createMcpExpressApp({ host: "0.0.0.0" });
   app.set("trust proxy", 1);
-  const store = new RedisTokenStore;
+  const store = options?.store ?? new RedisTokenStore;
   const provider = new KadoaOAuthProvider(store);
   const serverUrl = process.env.MCP_SERVER_URL || `http://localhost:${port}`;
   app.use(mcpAuthRouter({
@@ -55120,17 +54950,17 @@ async function startHttpServer() {
       });
       return;
     }
-    const identity = auth.kind === "jwt" ? `jwt:${auth.userId.slice(0, 8)}...:team=${auth.teamId.slice(0, 8)}...` : `apiKey:${auth.apiKey.slice(0, 12)}...`;
+    const identity = `jwt:${auth.userId.slice(0, 8)}...:team=${auth.teamId.slice(0, 8)}...`;
     try {
       console.error(`[MCP] POST method=${method} auth=${identity}`);
       const transport = new StreamableHTTPServerTransport({
         sessionIdGenerator: undefined
       });
-      const server = auth.kind === "jwt" ? createServer({
+      const server = createServer({
         jwt: auth.jwt,
         refreshToken: auth.refreshToken,
         teamId: auth.teamId
-      }) : createServer({ apiKey: auth.apiKey });
+      });
       await server.connect(transport);
       await transport.handleRequest(req, res, req.body);
     } catch (error48) {
@@ -55183,60 +55013,24 @@ var init_http2 = __esm(async () => {
 
 // src/index.ts
 function createServer(auth) {
-  let ctx;
-  if (typeof auth === "object" && auth !== null && "jwt" in auth) {
-    ctx = {
-      client: createKadoaClient({ jwt: auth.jwt }),
-      supabaseJwt: auth.jwt,
-      supabaseRefreshToken: auth.refreshToken,
-      teamId: auth.teamId
-    };
-  } else if (typeof auth === "object" && auth !== null && "apiKey" in auth) {
-    ctx = {
-      client: createKadoaClient({ apiKey: auth.apiKey })
-    };
-  } else {
-    ctx = {
-      client: createKadoaClient(auth)
-    };
-  }
+  const ctx = {
+    client: createKadoaClient({ jwt: auth.jwt }),
+    supabaseJwt: auth.jwt,
+    supabaseRefreshToken: auth.refreshToken,
+    teamId: auth.teamId
+  };
   const server = new McpServer({ name: "kadoa", version: "0.3.2" });
   registerTools(server, ctx);
   server.server.onerror = (error48) => console.error("[MCP Error]", error48);
   return server;
 }
-async function validateApiKey() {
-  const client = createKadoaClient();
-  try {
-    await client.workflow.list({ limit: 1 });
-  } catch (error48) {
-    if (KadoaSdkException.isInstance(error48) && error48.code === "AUTH_ERROR") {
-      console.error("Kadoa MCP: Invalid API key. Check KADOA_API_KEY or run 'kadoa login'.");
-      process.exit(1);
-    }
-  }
-}
 var init_src = __esm(async () => {
   init_mcp();
-  init_stdio2();
   init_client();
   init_tools();
   if (!process.env.VITEST && !process.env.BUN_TEST) {
-    const httpMode = process.argv.includes("--http") || process.env.MCP_HTTP === "1";
-    if (httpMode) {
-      const { startHttpServer: startHttpServer2 } = await init_http2().then(() => exports_http);
-      await startHttpServer2();
-    } else {
-      await validateApiKey();
-      const server = createServer();
-      const transport = new StdioServerTransport;
-      await server.connect(transport);
-      console.error("Kadoa MCP Server started");
-      process.on("SIGINT", async () => {
-        await server.close();
-        process.exit(0);
-      });
-    }
+    const { startHttpServer: startHttpServer2 } = await init_http2().then(() => exports_http);
+    await startHttpServer2();
   }
 });
 await init_src();

package/package.json

@@ -1,12 +1,9 @@
 {
   "name": "@kadoa/mcp",
-  "version": "0.3.6",
+  "version": "0.3.7-rc.2",
   "description": "Kadoa MCP Server — manage workflows from Claude Desktop, Cursor, and other MCP clients",
   "type": "module",
   "main": "dist/index.js",
-  "bin": {
-    "kadoa-mcp": "dist/index.js"
-  },
   "publishConfig": {
     "access": "public"
   },
@@ -18,8 +15,7 @@
     "lint": "bunx biome check",
     "lint:fix": "bunx biome check --write",
     "dev": "bun src/index.ts",
-    "dev:http": "MCP_HTTP=1 bun src/index.ts",
-    "build": "bun build src/index.ts --outdir=dist --target=node --external express --external ioredis && node -e \"const f='dist/index.js';require('fs').writeFileSync(f,require('fs').readFileSync(f,'utf8').replace('#!/usr/bin/env bun','#!/usr/bin/env node'))\"",
+    "build": "bun build src/index.ts --outdir=dist --target=node --external express --external ioredis",
     "check-types": "tsc --noEmit",
     "test": "BUN_TEST=1 bun test",
     "test:unit": "BUN_TEST=1 bun test tests/unit --timeout=120000",