npm - @kadoa/mcp - Versions diffs - 0.3.7-rc.1 → 0.3.7-rc.2 - Mend

@kadoa/mcp 0.3.7-rc.1 → 0.3.7-rc.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/README.md CHANGED Viewed

@@ -4,7 +4,7 @@ Use [Kadoa](https://kadoa.com) from ChatGPT, Claude.ai, Claude Code, Cursor, and
 ## Remote Server (no install needed)
-A hosted MCP server is available at `https://mcp.kadoa.com/mcp`. Connect from any MCP client — no local install, no API key config. You sign in with your Kadoa account via OAuth.
+A hosted MCP server is available at `https://mcp.kadoa.com/mcp`. Connect from any MCP client — no local install needed. You sign in with your Kadoa account via OAuth.
 ### Claude Code
@@ -24,7 +24,7 @@ claude mcp add kadoa --transport http https://mcp.kadoa.com/mcp
 2. Enter the URL: `https://mcp.kadoa.com/mcp`
 3. Sign in with your Kadoa account via OAuth
-### Cursor (Remote)
+### Cursor
 Add to `.cursor/mcp.json`:
@@ -43,101 +43,6 @@ Add to `.cursor/mcp.json`:
 Point your client to `https://mcp.kadoa.com/mcp` with OAuth authentication.
----
-## Local Setup (stdio)
-If you prefer to run the MCP server locally (e.g., for development or to use your own API key), install via npx:
-### Claude Code
-```bash
-claude mcp add --transport stdio -e KADOA_API_KEY=tk-your_api_key kadoa -- npx -y @kadoa/mcp
-```
-Add `-s user` to enable for all projects. If you have the [Kadoa CLI](https://www.npmjs.com/package/@kadoa/cli) installed, you can skip the `-e` flag — just run `kadoa login` and the MCP will use your saved key automatically.
-### Claude Desktop
-Add to `~/.config/Claude/claude_desktop_config.json`:
-```json
-{
-  "mcpServers": {
-    "kadoa": {
-      "command": "npx",
-      "args": ["-y", "@kadoa/mcp"],
-      "env": {
-        "KADOA_API_KEY": "tk-your_api_key"
-      }
-    }
-  }
-}
-```
-Restart Claude Desktop.
-### Cursor
-Add to `.cursor/mcp.json`:
-```json
-{
-  "mcpServers": {
-    "kadoa": {
-      "command": "npx",
-      "args": ["-y", "@kadoa/mcp"],
-      "env": {
-        "KADOA_API_KEY": "tk-your_api_key"
-      }
-    }
-  }
-}
-```
-### Codex
-```bash
-codex mcp add kadoa -- npx -y @kadoa/mcp
-```
-Or add to `~/.codex/config.toml`:
-```toml
-[mcp_servers.kadoa]
-command = "npx"
-args = ["-y", "@kadoa/mcp"]
-[mcp_servers.kadoa.env]
-KADOA_API_KEY = "tk-your_api_key"
-```
-### Gemini CLI
-```bash
-gemini mcp add -t stdio kadoa npx -- -y @kadoa/mcp
-```
-Or add to `~/.gemini/settings.json`:
-```json
-{
-  "mcpServers": {
-    "kadoa": {
-      "command": "npx",
-      "args": ["-y", "@kadoa/mcp"],
-      "env": {
-        "KADOA_API_KEY": "tk-your_api_key"
-      }
-    }
-  }
-}
-```
-## Get Your API Key
-Get your API key from [kadoa.com/settings](https://kadoa.com/settings).
 ## Tools
 | Tool | Description |
@@ -214,14 +119,10 @@ delete_workflow for each, confirming before proceeding.
 ## Troubleshooting
-**"No API key found"**
-- Run `kadoa login` (requires `npm i -g @kadoa/cli`), or
-- Set `KADOA_API_KEY` in your MCP config or environment
-- API keys start with `tk-`
 **Claude says "I don't have access to Kadoa"**
 - Verify the MCP server is configured correctly
 - Restart your MCP client
+- Re-authenticate via OAuth if prompted
 ## Deploying the Remote Server
@@ -256,24 +157,15 @@ bun run build      # Build for distribution
 To develop and test against a local Kadoa backend (instead of the production API), point the MCP at your local `public-api` service using the `KADOA_PUBLIC_API_URI` environment variable.
-**Prerequisites:** the `public-api` service must be running locally (default port `12380`). You also need a local API key — check your backend seed data or API key table.
+**Prerequisites:** the `public-api` service must be running locally (default port `12380`).
 **Run the MCP server locally:**
 ```bash
-KADOA_PUBLIC_API_URI=http://localhost:12380 KADOA_API_KEY=tk-your_local_api_key bun src/index.ts
-```
-**Add as a local MCP in Claude Code** (alongside the remote one):
-```bash
-claude mcp add --transport stdio \
-  -e KADOA_PUBLIC_API_URI=http://localhost:12380 \
-  -e KADOA_API_KEY=tk-your_local_api_key \
-  kadoa-local -- bun /path/to/kadoa-mcp/src/index.ts
+KADOA_PUBLIC_API_URI=http://localhost:12380 bun run dev
 ```
-This registers a `kadoa-local` server that coexists with the production `kadoa` server, so you can use both without conflicts (`mcp__kadoa__*` for prod, `mcp__kadoa-local__*` for local).
+The server starts in HTTP mode. You authenticate via OAuth the same way as with the remote server.
 ## License

package/dist/index.js CHANGED Viewed

@@ -1,4 +1,4 @@
-#!/usr/bin/env node
+#!/usr/bin/env bun
 // @bun
 import { createRequire } from "node:module";
 var __create = Object.create;
@@ -28800,102 +28800,6 @@ var init_mcp = __esm(() => {
   };
 });
-// node_modules/@modelcontextprotocol/sdk/dist/esm/shared/stdio.js
-class ReadBuffer {
-  append(chunk) {
-    this._buffer = this._buffer ? Buffer.concat([this._buffer, chunk]) : chunk;
-  }
-  readMessage() {
-    if (!this._buffer) {
-      return null;
-    }
-    const index = this._buffer.indexOf(`
-`);
-    if (index === -1) {
-      return null;
-    }
-    const line = this._buffer.toString("utf8", 0, index).replace(/\r$/, "");
-    this._buffer = this._buffer.subarray(index + 1);
-    return deserializeMessage(line);
-  }
-  clear() {
-    this._buffer = undefined;
-  }
-}
-function deserializeMessage(line) {
-  return JSONRPCMessageSchema.parse(JSON.parse(line));
-}
-function serializeMessage(message) {
-  return JSON.stringify(message) + `
-`;
-}
-var init_stdio = __esm(() => {
-  init_types2();
-});
-// node_modules/@modelcontextprotocol/sdk/dist/esm/server/stdio.js
-import process3 from "node:process";
-class StdioServerTransport {
-  constructor(_stdin = process3.stdin, _stdout = process3.stdout) {
-    this._stdin = _stdin;
-    this._stdout = _stdout;
-    this._readBuffer = new ReadBuffer;
-    this._started = false;
-    this._ondata = (chunk) => {
-      this._readBuffer.append(chunk);
-      this.processReadBuffer();
-    };
-    this._onerror = (error48) => {
-      this.onerror?.(error48);
-    };
-  }
-  async start() {
-    if (this._started) {
-      throw new Error("StdioServerTransport already started! If using Server class, note that connect() calls start() automatically.");
-    }
-    this._started = true;
-    this._stdin.on("data", this._ondata);
-    this._stdin.on("error", this._onerror);
-  }
-  processReadBuffer() {
-    while (true) {
-      try {
-        const message = this._readBuffer.readMessage();
-        if (message === null) {
-          break;
-        }
-        this.onmessage?.(message);
-      } catch (error48) {
-        this.onerror?.(error48);
-      }
-    }
-  }
-  async close() {
-    this._stdin.off("data", this._ondata);
-    this._stdin.off("error", this._onerror);
-    const remainingDataListeners = this._stdin.listenerCount("data");
-    if (remainingDataListeners === 0) {
-      this._stdin.pause();
-    }
-    this._readBuffer.clear();
-    this.onclose?.();
-  }
-  send(message) {
-    return new Promise((resolve) => {
-      const json2 = serializeMessage(message);
-      if (this._stdout.write(json2)) {
-        resolve();
-      } else {
-        this._stdout.once("drain", resolve);
-      }
-    });
-  }
-}
-var init_stdio2 = __esm(() => {
-  init_stdio();
-});
 // node_modules/axios/lib/helpers/bind.js
 function bind(fn, thisArg) {
   return function wrap() {
@@ -49043,44 +48947,8 @@ var init_dist2 = __esm(() => {
 });
 // src/client.ts
-import { existsSync, mkdirSync, readFileSync, writeFileSync } from "node:fs";
-import { dirname, join } from "node:path";
-import { homedir } from "node:os";
-function getConfigPath() {
-  const home = process.env.HOME || homedir();
-  return join(home, ".kadoa", "config.json");
-}
-function loadConfig() {
-  const configFile = getConfigPath();
-  if (!existsSync(configFile))
-    return {};
-  try {
-    return JSON.parse(readFileSync(configFile, "utf-8"));
-  } catch {
-    return {};
-  }
-}
-function loadApiKeyFromConfig() {
-  return loadConfig().apiKey;
-}
-function resolveApiKey(apiKey) {
-  const key = apiKey || process.env.KADOA_API_KEY || loadApiKeyFromConfig();
-  if (!key) {
-    throw new Error("No API key found. Set KADOA_API_KEY env var or run 'kadoa login' (npm i -g @kadoa/cli).");
-  }
-  return key;
-}
 function createKadoaClient(auth) {
-  let client;
-  if (typeof auth === "object" && auth !== null) {
-    if ("jwt" in auth) {
-      client = new KadoaClient({ bearerToken: auth.jwt });
-    } else {
-      client = new KadoaClient({ apiKey: auth.apiKey });
-    }
-  } else {
-    client = new KadoaClient({ apiKey: resolveApiKey(auth) });
-  }
+  const client = new KadoaClient({ bearerToken: auth.jwt });
   client.axiosInstance.interceptors.request.use((config2) => {
     config2.headers["x-kadoa-source"] = "mcp";
     return config2;
@@ -49094,28 +48962,6 @@ var init_client = __esm(() => {
 });
 // src/client.ts
-import { existsSync as existsSync2, mkdirSync as mkdirSync2, readFileSync as readFileSync2, writeFileSync as writeFileSync2 } from "node:fs";
-import { dirname as dirname2, join as join2 } from "node:path";
-import { homedir as homedir2 } from "node:os";
-function getConfigPath2() {
-  const home = process.env.HOME || homedir2();
-  return join2(home, ".kadoa", "config.json");
-}
-function loadConfig2() {
-  const configFile = getConfigPath2();
-  if (!existsSync2(configFile))
-    return {};
-  try {
-    return JSON.parse(readFileSync2(configFile, "utf-8"));
-  } catch {
-    return {};
-  }
-}
-function saveConfig(config2) {
-  const configFile = getConfigPath2();
-  mkdirSync2(dirname2(configFile), { recursive: true });
-  writeFileSync2(configFile, JSON.stringify(config2, null, 2), "utf-8");
-}
 function isJwtExpired(jwt2) {
   try {
     const payload = JSON.parse(Buffer.from(jwt2.split(".")[1], "base64url").toString());
@@ -49238,7 +49084,7 @@ function classifyError(error48) {
           if (httpError.httpStatus === 403) {
             return `Access denied${status}. Your current team role may not have permission for this action. Use the whoami tool to check your role, or contact your team admin to request elevated access.`;
           }
-          return `Authentication failed${status}. Your Kadoa API key may be invalid or expired. Please check your KADOA_API_KEY or re-authenticate.`;
+          return `Authentication failed${status}. Please re-authenticate via OAuth.`;
         case "NOT_FOUND":
           return `Not found${status}. The workflow may have been deleted or the ID is incorrect.`;
         case "RATE_LIMITED":
@@ -49256,7 +49102,7 @@ function classifyError(error48) {
     }
     switch (code) {
       case "AUTH_ERROR":
-        return "Authentication failed. Your Kadoa API key may be invalid or expired. Please check your KADOA_API_KEY or re-authenticate.";
+        return "Authentication failed. Please re-authenticate via OAuth.";
       case "NOT_FOUND":
         return "Not found. The workflow may have been deleted or the ID is incorrect.";
       case "RATE_LIMITED":
@@ -49289,8 +49135,7 @@ function registerTools(server, ctx) {
           try {
             const jwt2 = ctx.supabaseJwt;
             const teams = await ctx.client.listTeams(jwt2 ? { bearerToken: jwt2 } : undefined);
-            const config2 = loadConfig2();
-            const activeTeamId = ctx.teamId ?? config2.teamId ?? teams[0]?.id;
+            const activeTeamId = ctx.teamId ?? teams[0]?.id;
             const activeTeam = teams.find((t) => t.id === activeTeamId);
             if (activeTeam?.adminEmail) {
               message += ` Your team admin is ${activeTeam.adminEmail}.`;
@@ -49309,13 +49154,11 @@ function registerTools(server, ctx) {
   }, withErrorHandling("whoami", async () => {
     const jwt2 = await getValidJwt(ctx);
     const user = await ctx.client.user.getCurrentUser();
-    const authMethod = jwt2 ? "OAuth (JWT)" : "API Key";
     const teams = await ctx.client.listTeams(jwt2 ? { bearerToken: jwt2 } : undefined);
-    const config2 = loadConfig2();
-    const activeTeamId = ctx.teamId ?? config2.teamId ?? teams[0]?.id;
+    const activeTeamId = ctx.teamId ?? teams[0]?.id;
     return jsonResult({
       email: user.email,
-      authMethod,
+      authMethod: "OAuth",
       teams: teams.map((t) => ({
         name: t.name,
         memberRole: t.memberRole,
@@ -49959,8 +49802,7 @@ function registerTools(server, ctx) {
   }, withErrorHandling("team_list", async () => {
     const jwt2 = await getValidJwt(ctx);
     const teams = await ctx.client.listTeams(jwt2 ? { bearerToken: jwt2 } : undefined);
-    const config2 = loadConfig2();
-    const activeTeamId = ctx.teamId ?? config2.teamId ?? teams[0]?.id;
+    const activeTeamId = ctx.teamId ?? teams[0]?.id;
     return jsonResult({
       teams: teams.map((t) => ({
         id: t.id,
@@ -49980,9 +49822,6 @@ function registerTools(server, ctx) {
     annotations: { readOnlyHint: false, destructiveHint: false, idempotentHint: true }
   }, withErrorHandling("team_switch", async (args) => {
     const jwt2 = await getValidJwt(ctx);
-    if (!jwt2) {
-      return errorResult("Team switching requires OAuth authentication (HTTP mode). " + "In stdio mode, re-run with a different KADOA_API_KEY or use 'kadoa login' to authenticate via the CLI.");
-    }
     const teams = await ctx.client.listTeams({ bearerToken: jwt2 });
     const identifier = args.teamIdentifier;
     const match = teams.find((t) => t.id === identifier || t.name.toLowerCase() === identifier.toLowerCase());
@@ -49995,10 +49834,6 @@ function registerTools(server, ctx) {
       return errorResult("Failed to refresh session after team switch");
     }
     ctx.teamId = match.id;
-    const config2 = loadConfig2();
-    config2.teamId = match.id;
-    config2.teamName = match.name;
-    saveConfig(config2);
     return jsonResult({
       success: true,
       teamId: match.id,
@@ -54391,15 +54226,6 @@ class KadoaOAuthProvider {
     };
   }
   async verifyAccessToken(token) {
-    if (token.startsWith("tk-")) {
-      return {
-        token,
-        clientId: "direct-api-key",
-        scopes: [],
-        expiresAt: Math.floor(Date.now() / 1000) + 3600,
-        extra: { apiKey: token }
-      };
-    }
     const entry = await this.store.get("access_tokens", token);
     if (!entry) {
       const sessionCount = await this.store.size("access_tokens");
@@ -55051,9 +54877,6 @@ function resolveAuth(req) {
     console.error("[AUTH_RESOLVE] FAIL: req.auth.extra is missing");
     return;
   }
-  if (typeof extra.apiKey === "string" && extra.apiKey.startsWith("tk-")) {
-    return { kind: "apiKey", apiKey: extra.apiKey };
-  }
   if (typeof extra.supabaseJwt === "string") {
     const claims = jwtClaims2(extra.supabaseJwt);
     const userId = claims.sub;
@@ -55071,21 +54894,20 @@ function resolveAuth(req) {
       }
     }
     return {
-      kind: "jwt",
       jwt: extra.supabaseJwt,
       refreshToken: extra.supabaseRefreshToken ?? "",
       teamId: extra.teamId ?? "",
       userId
     };
   }
-  console.error(`[AUTH_RESOLVE] FAIL: no apiKey or supabaseJwt in extra (keys: ${Object.keys(extra).join(", ")})`);
+  console.error(`[AUTH_RESOLVE] FAIL: no supabaseJwt in extra (keys: ${Object.keys(extra).join(", ")})`);
   return;
 }
-async function startHttpServer() {
+async function startHttpServer(options) {
   const port = parseInt(process.env.PORT || "3000", 10);
   const app = createMcpExpressApp({ host: "0.0.0.0" });
   app.set("trust proxy", 1);
-  const store = new RedisTokenStore;
+  const store = options?.store ?? new RedisTokenStore;
   const provider = new KadoaOAuthProvider(store);
   const serverUrl = process.env.MCP_SERVER_URL || `http://localhost:${port}`;
   app.use(mcpAuthRouter({
@@ -55128,17 +54950,17 @@ async function startHttpServer() {
       });
       return;
     }
-    const identity = auth.kind === "jwt" ? `jwt:${auth.userId.slice(0, 8)}...:team=${auth.teamId.slice(0, 8)}...` : `apiKey:${auth.apiKey.slice(0, 12)}...`;
+    const identity = `jwt:${auth.userId.slice(0, 8)}...:team=${auth.teamId.slice(0, 8)}...`;
     try {
       console.error(`[MCP] POST method=${method} auth=${identity}`);
       const transport = new StreamableHTTPServerTransport({
         sessionIdGenerator: undefined
       });
-      const server = auth.kind === "jwt" ? createServer({
+      const server = createServer({
         jwt: auth.jwt,
         refreshToken: auth.refreshToken,
         teamId: auth.teamId
-      }) : createServer({ apiKey: auth.apiKey });
+      });
       await server.connect(transport);
       await transport.handleRequest(req, res, req.body);
     } catch (error48) {
@@ -55191,60 +55013,24 @@ var init_http2 = __esm(async () => {
 // src/index.ts
 function createServer(auth) {
-  let ctx;
-  if (typeof auth === "object" && auth !== null && "jwt" in auth) {
-    ctx = {
-      client: createKadoaClient({ jwt: auth.jwt }),
-      supabaseJwt: auth.jwt,
-      supabaseRefreshToken: auth.refreshToken,
-      teamId: auth.teamId
-    };
-  } else if (typeof auth === "object" && auth !== null && "apiKey" in auth) {
-    ctx = {
-      client: createKadoaClient({ apiKey: auth.apiKey })
-    };
-  } else {
-    ctx = {
-      client: createKadoaClient(auth)
-    };
-  }
+  const ctx = {
+    client: createKadoaClient({ jwt: auth.jwt }),
+    supabaseJwt: auth.jwt,
+    supabaseRefreshToken: auth.refreshToken,
+    teamId: auth.teamId
+  };
   const server = new McpServer({ name: "kadoa", version: "0.3.2" });
   registerTools(server, ctx);
   server.server.onerror = (error48) => console.error("[MCP Error]", error48);
   return server;
 }
-async function validateApiKey() {
-  const client = createKadoaClient();
-  try {
-    await client.workflow.list({ limit: 1 });
-  } catch (error48) {
-    if (KadoaSdkException.isInstance(error48) && error48.code === "AUTH_ERROR") {
-      console.error("Kadoa MCP: Invalid API key. Check KADOA_API_KEY or run 'kadoa login'.");
-      process.exit(1);
-    }
-  }
-}
 var init_src = __esm(async () => {
   init_mcp();
-  init_stdio2();
   init_client();
   init_tools();
   if (!process.env.VITEST && !process.env.BUN_TEST) {
-    const httpMode = process.argv.includes("--http") || process.env.MCP_HTTP === "1";
-    if (httpMode) {
-      const { startHttpServer: startHttpServer2 } = await init_http2().then(() => exports_http);
-      await startHttpServer2();
-    } else {
-      await validateApiKey();
-      const server = createServer();
-      const transport = new StdioServerTransport;
-      await server.connect(transport);
-      console.error("Kadoa MCP Server started");
-      process.on("SIGINT", async () => {
-        await server.close();
-        process.exit(0);
-      });
-    }
+    const { startHttpServer: startHttpServer2 } = await init_http2().then(() => exports_http);
+    await startHttpServer2();
   }
 });
 await init_src();

package/package.json CHANGED Viewed

@@ -1,12 +1,9 @@
 {
   "name": "@kadoa/mcp",
-  "version": "0.3.7-rc.1",
+  "version": "0.3.7-rc.2",
   "description": "Kadoa MCP Server — manage workflows from Claude Desktop, Cursor, and other MCP clients",
   "type": "module",
   "main": "dist/index.js",
-  "bin": {
-    "kadoa-mcp": "dist/index.js"
-  },
   "publishConfig": {
     "access": "public"
   },
@@ -18,8 +15,7 @@
     "lint": "bunx biome check",
     "lint:fix": "bunx biome check --write",
     "dev": "bun src/index.ts",
-    "dev:http": "MCP_HTTP=1 bun src/index.ts",
-    "build": "bun build src/index.ts --outdir=dist --target=node --external express --external ioredis && node -e \"const f='dist/index.js';require('fs').writeFileSync(f,require('fs').readFileSync(f,'utf8').replace('#!/usr/bin/env bun','#!/usr/bin/env node'))\"",
+    "build": "bun build src/index.ts --outdir=dist --target=node --external express --external ioredis",
     "check-types": "tsc --noEmit",
     "test": "BUN_TEST=1 bun test",
     "test:unit": "BUN_TEST=1 bun test tests/unit --timeout=120000",