@kadoa/mcp 0.3.7-rc.2 → 0.3.7-rc.4

package/README.md

@@ -4,7 +4,7 @@ Use [Kadoa](https://kadoa.com) from ChatGPT, Claude.ai, Claude Code, Cursor, and
 
 ## Remote Server (no install needed)
 
-A hosted MCP server is available at `https://mcp.kadoa.com/mcp`. Connect from any MCP client — no local install needed. You sign in with your Kadoa account via OAuth.
+A hosted MCP server is available at `https://mcp.kadoa.com/mcp`. Connect from any MCP client — no local install, no API key config. You sign in with your Kadoa account via OAuth.
 
 ### Claude Code
 
@@ -24,7 +24,7 @@ claude mcp add kadoa --transport http https://mcp.kadoa.com/mcp
 2. Enter the URL: `https://mcp.kadoa.com/mcp`
 3. Sign in with your Kadoa account via OAuth
 
-### Cursor
+### Cursor (Remote)
 
 Add to `.cursor/mcp.json`:
 
@@ -43,6 +43,101 @@ Add to `.cursor/mcp.json`:
 
 Point your client to `https://mcp.kadoa.com/mcp` with OAuth authentication.
 
+---
+
+## Local Setup (stdio)
+
+If you prefer to run the MCP server locally (e.g., for development or to use your own API key), install via npx:
+
+### Claude Code
+
+```bash
+claude mcp add --transport stdio -e KADOA_API_KEY=tk-your_api_key kadoa -- npx -y @kadoa/mcp
+```
+
+Add `-s user` to enable for all projects. If you have the [Kadoa CLI](https://www.npmjs.com/package/@kadoa/cli) installed, you can skip the `-e` flag — just run `kadoa login` and the MCP will use your saved key automatically.
+
+### Claude Desktop
+
+Add to `~/.config/Claude/claude_desktop_config.json`:
+
+```json
+{
+  "mcpServers": {
+    "kadoa": {
+      "command": "npx",
+      "args": ["-y", "@kadoa/mcp"],
+      "env": {
+        "KADOA_API_KEY": "tk-your_api_key"
+      }
+    }
+  }
+}
+```
+
+Restart Claude Desktop.
+
+### Cursor
+
+Add to `.cursor/mcp.json`:
+
+```json
+{
+  "mcpServers": {
+    "kadoa": {
+      "command": "npx",
+      "args": ["-y", "@kadoa/mcp"],
+      "env": {
+        "KADOA_API_KEY": "tk-your_api_key"
+      }
+    }
+  }
+}
+```
+
+### Codex
+
+```bash
+codex mcp add kadoa -- npx -y @kadoa/mcp
+```
+
+Or add to `~/.codex/config.toml`:
+
+```toml
+[mcp_servers.kadoa]
+command = "npx"
+args = ["-y", "@kadoa/mcp"]
+
+[mcp_servers.kadoa.env]
+KADOA_API_KEY = "tk-your_api_key"
+```
+
+### Gemini CLI
+
+```bash
+gemini mcp add -t stdio kadoa npx -- -y @kadoa/mcp
+```
+
+Or add to `~/.gemini/settings.json`:
+
+```json
+{
+  "mcpServers": {
+    "kadoa": {
+      "command": "npx",
+      "args": ["-y", "@kadoa/mcp"],
+      "env": {
+        "KADOA_API_KEY": "tk-your_api_key"
+      }
+    }
+  }
+}
+```
+
+## Get Your API Key
+
+Get your API key from [kadoa.com/settings](https://kadoa.com/settings).
+
 ## Tools
 
 | Tool | Description |
@@ -119,10 +214,14 @@ delete_workflow for each, confirming before proceeding.
 
 ## Troubleshooting
 
+**"No API key found"**
+- Run `kadoa login` (requires `npm i -g @kadoa/cli`), or
+- Set `KADOA_API_KEY` in your MCP config or environment
+- API keys start with `tk-`
+
 **Claude says "I don't have access to Kadoa"**
 - Verify the MCP server is configured correctly
 - Restart your MCP client
-- Re-authenticate via OAuth if prompted
 
 ## Deploying the Remote Server
 
@@ -157,15 +256,24 @@ bun run build      # Build for distribution
 
 To develop and test against a local Kadoa backend (instead of the production API), point the MCP at your local `public-api` service using the `KADOA_PUBLIC_API_URI` environment variable.
 
-**Prerequisites:** the `public-api` service must be running locally (default port `12380`).
+**Prerequisites:** the `public-api` service must be running locally (default port `12380`). You also need a local API key — check your backend seed data or API key table.
 
 **Run the MCP server locally:**
 
 ```bash
-KADOA_PUBLIC_API_URI=http://localhost:12380 bun run dev
+KADOA_PUBLIC_API_URI=http://localhost:12380 KADOA_API_KEY=tk-your_local_api_key bun src/index.ts
+```
+
+**Add as a local MCP in Claude Code** (alongside the remote one):
+
+```bash
+claude mcp add --transport stdio \
+  -e KADOA_PUBLIC_API_URI=http://localhost:12380 \
+  -e KADOA_API_KEY=tk-your_local_api_key \
+  kadoa-local -- bun /path/to/kadoa-mcp/src/index.ts
 ```
 
-The server starts in HTTP mode. You authenticate via OAuth the same way as with the remote server.
+This registers a `kadoa-local` server that coexists with the production `kadoa` server, so you can use both without conflicts (`mcp__kadoa__*` for prod, `mcp__kadoa-local__*` for local).
 
 ## License
 

package/dist/index.js

@@ -1,4 +1,4 @@
-#!/usr/bin/env bun
+#!/usr/bin/env node
 // @bun
 import { createRequire } from "node:module";
 var __create = Object.create;
@@ -28800,6 +28800,102 @@ var init_mcp = __esm(() => {
   };
 });
 
+// node_modules/@modelcontextprotocol/sdk/dist/esm/shared/stdio.js
+class ReadBuffer {
+  append(chunk) {
+    this._buffer = this._buffer ? Buffer.concat([this._buffer, chunk]) : chunk;
+  }
+  readMessage() {
+    if (!this._buffer) {
+      return null;
+    }
+    const index = this._buffer.indexOf(`
+`);
+    if (index === -1) {
+      return null;
+    }
+    const line = this._buffer.toString("utf8", 0, index).replace(/\r$/, "");
+    this._buffer = this._buffer.subarray(index + 1);
+    return deserializeMessage(line);
+  }
+  clear() {
+    this._buffer = undefined;
+  }
+}
+function deserializeMessage(line) {
+  return JSONRPCMessageSchema.parse(JSON.parse(line));
+}
+function serializeMessage(message) {
+  return JSON.stringify(message) + `
+`;
+}
+var init_stdio = __esm(() => {
+  init_types2();
+});
+
+// node_modules/@modelcontextprotocol/sdk/dist/esm/server/stdio.js
+import process3 from "node:process";
+
+class StdioServerTransport {
+  constructor(_stdin = process3.stdin, _stdout = process3.stdout) {
+    this._stdin = _stdin;
+    this._stdout = _stdout;
+    this._readBuffer = new ReadBuffer;
+    this._started = false;
+    this._ondata = (chunk) => {
+      this._readBuffer.append(chunk);
+      this.processReadBuffer();
+    };
+    this._onerror = (error48) => {
+      this.onerror?.(error48);
+    };
+  }
+  async start() {
+    if (this._started) {
+      throw new Error("StdioServerTransport already started! If using Server class, note that connect() calls start() automatically.");
+    }
+    this._started = true;
+    this._stdin.on("data", this._ondata);
+    this._stdin.on("error", this._onerror);
+  }
+  processReadBuffer() {
+    while (true) {
+      try {
+        const message = this._readBuffer.readMessage();
+        if (message === null) {
+          break;
+        }
+        this.onmessage?.(message);
+      } catch (error48) {
+        this.onerror?.(error48);
+      }
+    }
+  }
+  async close() {
+    this._stdin.off("data", this._ondata);
+    this._stdin.off("error", this._onerror);
+    const remainingDataListeners = this._stdin.listenerCount("data");
+    if (remainingDataListeners === 0) {
+      this._stdin.pause();
+    }
+    this._readBuffer.clear();
+    this.onclose?.();
+  }
+  send(message) {
+    return new Promise((resolve) => {
+      const json2 = serializeMessage(message);
+      if (this._stdout.write(json2)) {
+        resolve();
+      } else {
+        this._stdout.once("drain", resolve);
+      }
+    });
+  }
+}
+var init_stdio2 = __esm(() => {
+  init_stdio();
+});
+
 // node_modules/axios/lib/helpers/bind.js
 function bind(fn, thisArg) {
   return function wrap() {
@@ -48947,10 +49043,51 @@ var init_dist2 = __esm(() => {
 });
 
 // src/client.ts
+import { existsSync, mkdirSync, readFileSync, writeFileSync } from "node:fs";
+import { dirname, join } from "node:path";
+import { homedir } from "node:os";
+function getConfigPath() {
+  const home = process.env.HOME || homedir();
+  return join(home, ".kadoa", "config.json");
+}
+function loadConfig() {
+  const configFile = getConfigPath();
+  if (!existsSync(configFile))
+    return {};
+  try {
+    return JSON.parse(readFileSync(configFile, "utf-8"));
+  } catch {
+    return {};
+  }
+}
+function loadApiKeyFromConfig() {
+  return loadConfig().apiKey;
+}
+function resolveApiKey(apiKey) {
+  const key = apiKey || process.env.KADOA_API_KEY || loadApiKeyFromConfig();
+  if (!key) {
+    throw new Error("No API key found. Set KADOA_API_KEY env var or run 'kadoa login' (npm i -g @kadoa/cli).");
+  }
+  return key;
+}
 function createKadoaClient(auth) {
-  const client = new KadoaClient({ bearerToken: auth.jwt });
+  let client;
+  let teamId;
+  if (typeof auth === "object" && auth !== null) {
+    if ("jwt" in auth) {
+      client = new KadoaClient({ bearerToken: auth.jwt });
+      teamId = auth.teamId;
+    } else {
+      client = new KadoaClient({ apiKey: auth.apiKey });
+    }
+  } else {
+    client = new KadoaClient({ apiKey: resolveApiKey(auth) });
+  }
   client.axiosInstance.interceptors.request.use((config2) => {
     config2.headers["x-kadoa-source"] = "mcp";
+    if (teamId) {
+      config2.headers["x-team-id"] = teamId;
+    }
     return config2;
   });
   return client;
@@ -48962,6 +49099,41 @@ var init_client = __esm(() => {
 });
 
 // src/client.ts
+import { existsSync as existsSync2, mkdirSync as mkdirSync2, readFileSync as readFileSync2, writeFileSync as writeFileSync2 } from "node:fs";
+import { dirname as dirname2, join as join2 } from "node:path";
+import { homedir as homedir2 } from "node:os";
+function getConfigPath2() {
+  const home = process.env.HOME || homedir2();
+  return join2(home, ".kadoa", "config.json");
+}
+function loadConfig2() {
+  const configFile = getConfigPath2();
+  if (!existsSync2(configFile))
+    return {};
+  try {
+    return JSON.parse(readFileSync2(configFile, "utf-8"));
+  } catch {
+    return {};
+  }
+}
+function saveConfig(config2) {
+  const configFile = getConfigPath2();
+  mkdirSync2(dirname2(configFile), { recursive: true });
+  writeFileSync2(configFile, JSON.stringify(config2, null, 2), "utf-8");
+}
+function decodeJwtClaims(jwt2) {
+  try {
+    const payload = JSON.parse(Buffer.from(jwt2.split(".")[1], "base64url").toString());
+    return {
+      sub: payload.sub,
+      email: payload.email,
+      activeTeamId: payload.active_team_id ?? payload.app_metadata?.active_team_id,
+      exp: payload.exp
+    };
+  } catch {
+    return {};
+  }
+}
 function isJwtExpired(jwt2) {
   try {
     const payload = JSON.parse(Buffer.from(jwt2.split(".")[1], "base64url").toString());
@@ -49000,6 +49172,15 @@ async function refreshSupabaseJwt(ctx) {
     ctx.supabaseJwt = data.access_token;
     ctx.supabaseRefreshToken = data.refresh_token;
     ctx.client.setBearerToken(data.access_token);
+    try {
+      await ctx.persist?.({
+        supabaseJwt: ctx.supabaseJwt,
+        supabaseRefreshToken: ctx.supabaseRefreshToken,
+        teamId: ctx.teamId
+      });
+    } catch (e) {
+      console.error("[JWT_REFRESH] WARN: persist failed, tokens updated in-memory only:", e);
+    }
     console.error(`[JWT_REFRESH] OK: token refreshed (team=${ctx.teamId ?? "unknown"}, newRefreshToken=${data.refresh_token.slice(0, 12)}...)`);
     return data.access_token;
   } catch (error48) {
@@ -49084,7 +49265,7 @@ function classifyError(error48) {
           if (httpError.httpStatus === 403) {
             return `Access denied${status}. Your current team role may not have permission for this action. Use the whoami tool to check your role, or contact your team admin to request elevated access.`;
           }
-          return `Authentication failed${status}. Please re-authenticate via OAuth.`;
+          return `Authentication failed${status}. Your Kadoa API key may be invalid or expired. Please check your KADOA_API_KEY or re-authenticate.`;
         case "NOT_FOUND":
           return `Not found${status}. The workflow may have been deleted or the ID is incorrect.`;
         case "RATE_LIMITED":
@@ -49102,7 +49283,7 @@ function classifyError(error48) {
     }
     switch (code) {
       case "AUTH_ERROR":
-        return "Authentication failed. Please re-authenticate via OAuth.";
+        return "Authentication failed. Your Kadoa API key may be invalid or expired. Please check your KADOA_API_KEY or re-authenticate.";
       case "NOT_FOUND":
         return "Not found. The workflow may have been deleted or the ID is incorrect.";
       case "RATE_LIMITED":
@@ -49128,6 +49309,13 @@ function registerTools(server, ctx) {
     return async (...args) => {
       try {
         await getValidJwt(ctx);
+        if (ctx.teamId && ctx.supabaseJwt) {
+          const claims = decodeJwtClaims(ctx.supabaseJwt);
+          if (claims.activeTeamId && claims.activeTeamId !== ctx.teamId) {
+            console.error(`[TEAM_SYNC] JWT active_team_id (${claims.activeTeamId}) != ctx.teamId (${ctx.teamId}), calling setActiveTeam`);
+            await ctx.client.setActiveTeam(ctx.teamId);
+          }
+        }
         return await handler(...args);
       } catch (error48) {
         let message = classifyError(error48);
@@ -49135,7 +49323,8 @@ function registerTools(server, ctx) {
           try {
             const jwt2 = ctx.supabaseJwt;
             const teams = await ctx.client.listTeams(jwt2 ? { bearerToken: jwt2 } : undefined);
-            const activeTeamId = ctx.teamId ?? teams[0]?.id;
+            const config2 = loadConfig2();
+            const activeTeamId = ctx.teamId ?? config2.teamId ?? teams[0]?.id;
             const activeTeam = teams.find((t) => t.id === activeTeamId);
             if (activeTeam?.adminEmail) {
               message += ` Your team admin is ${activeTeam.adminEmail}.`;
@@ -49154,11 +49343,13 @@ function registerTools(server, ctx) {
   }, withErrorHandling("whoami", async () => {
     const jwt2 = await getValidJwt(ctx);
     const user = await ctx.client.user.getCurrentUser();
+    const authMethod = jwt2 ? "OAuth (JWT)" : "API Key";
     const teams = await ctx.client.listTeams(jwt2 ? { bearerToken: jwt2 } : undefined);
-    const activeTeamId = ctx.teamId ?? teams[0]?.id;
+    const config2 = loadConfig2();
+    const activeTeamId = ctx.teamId ?? config2.teamId ?? teams[0]?.id;
     return jsonResult({
       email: user.email,
-      authMethod: "OAuth",
+      authMethod,
       teams: teams.map((t) => ({
         name: t.name,
         memberRole: t.memberRole,
@@ -49802,7 +49993,8 @@ function registerTools(server, ctx) {
   }, withErrorHandling("team_list", async () => {
     const jwt2 = await getValidJwt(ctx);
     const teams = await ctx.client.listTeams(jwt2 ? { bearerToken: jwt2 } : undefined);
-    const activeTeamId = ctx.teamId ?? teams[0]?.id;
+    const config2 = loadConfig2();
+    const activeTeamId = ctx.teamId ?? config2.teamId ?? teams[0]?.id;
     return jsonResult({
       teams: teams.map((t) => ({
         id: t.id,
@@ -49822,6 +50014,9 @@ function registerTools(server, ctx) {
     annotations: { readOnlyHint: false, destructiveHint: false, idempotentHint: true }
   }, withErrorHandling("team_switch", async (args) => {
     const jwt2 = await getValidJwt(ctx);
+    if (!jwt2) {
+      return errorResult("Team switching requires OAuth authentication (HTTP mode). " + "In stdio mode, re-run with a different KADOA_API_KEY or use 'kadoa login' to authenticate via the CLI.");
+    }
     const teams = await ctx.client.listTeams({ bearerToken: jwt2 });
     const identifier = args.teamIdentifier;
     const match = teams.find((t) => t.id === identifier || t.name.toLowerCase() === identifier.toLowerCase());
@@ -49829,11 +50024,16 @@ function registerTools(server, ctx) {
       return errorResult(`Team not found: "${identifier}". Available teams: ${teams.map((t) => t.name).join(", ")}`);
     }
     await ctx.client.setActiveTeam(match.id);
-    const newJwt = await refreshSupabaseJwt(ctx);
-    if (!newJwt) {
-      return errorResult("Failed to refresh session after team switch");
-    }
     ctx.teamId = match.id;
+    try {
+      await ctx.persist?.({ teamId: match.id });
+    } catch (e) {
+      console.error("[TEAM_SWITCH] WARN: persist failed:", e);
+    }
+    const config2 = loadConfig2();
+    config2.teamId = match.id;
+    config2.teamName = match.name;
+    saveConfig(config2);
     return jsonResult({
       success: true,
       teamId: match.id,
@@ -53895,7 +54095,11 @@ async function refreshSupabaseToken(supabaseRefreshToken, context) {
 function jwtClaims(jwt2) {
   try {
     const payload = JSON.parse(Buffer.from(jwt2.split(".")[1], "base64url").toString());
-    return { email: payload.email, sub: payload.sub };
+    return {
+      email: payload.email,
+      sub: payload.sub,
+      activeTeamId: payload.app_metadata?.active_team_id
+    };
   } catch {
     return {};
   }
@@ -54202,20 +54406,22 @@ class KadoaOAuthProvider {
     } else {
       console.error(`[AUTH] REFRESH_WARN: using stale Supabase JWT as fallback (${context})`);
     }
+    const freshClaims = jwtClaims(supabaseJwt);
+    const teamId = freshClaims.activeTeamId ?? entry.teamId;
     const newAccessToken = randomToken();
     const newRefreshToken = randomToken();
     const expiresAt = Date.now() + ACCESS_TOKEN_TTL * 1000;
     await this.store.set("access_tokens", newAccessToken, {
       supabaseJwt,
       supabaseRefreshToken,
-      teamId: entry.teamId,
+      teamId,
       clientId: entry.clientId,
       expiresAt
     }, ACCESS_TOKEN_TTL);
     await this.store.set("refresh_tokens", newRefreshToken, {
       supabaseJwt,
       supabaseRefreshToken,
-      teamId: entry.teamId,
+      teamId,
       clientId: entry.clientId
     }, 2592000);
     return {
@@ -54226,6 +54432,15 @@ class KadoaOAuthProvider {
     };
   }
   async verifyAccessToken(token) {
+    if (token.startsWith("tk-")) {
+      return {
+        token,
+        clientId: "direct-api-key",
+        scopes: [],
+        expiresAt: Math.floor(Date.now() / 1000) + 3600,
+        extra: { apiKey: token }
+      };
+    }
     const entry = await this.store.get("access_tokens", token);
     if (!entry) {
       const sessionCount = await this.store.size("access_tokens");
@@ -54877,6 +55092,9 @@ function resolveAuth(req) {
     console.error("[AUTH_RESOLVE] FAIL: req.auth.extra is missing");
     return;
   }
+  if (typeof extra.apiKey === "string" && extra.apiKey.startsWith("tk-")) {
+    return { kind: "apiKey", apiKey: extra.apiKey };
+  }
   if (typeof extra.supabaseJwt === "string") {
     const claims = jwtClaims2(extra.supabaseJwt);
     const userId = claims.sub;
@@ -54894,13 +55112,15 @@ function resolveAuth(req) {
       }
     }
     return {
+      kind: "jwt",
       jwt: extra.supabaseJwt,
       refreshToken: extra.supabaseRefreshToken ?? "",
       teamId: extra.teamId ?? "",
-      userId
+      userId,
+      mcpToken: req.auth.token
     };
   }
-  console.error(`[AUTH_RESOLVE] FAIL: no supabaseJwt in extra (keys: ${Object.keys(extra).join(", ")})`);
+  console.error(`[AUTH_RESOLVE] FAIL: no apiKey or supabaseJwt in extra (keys: ${Object.keys(extra).join(", ")})`);
   return;
 }
 async function startHttpServer(options) {
@@ -54950,17 +55170,37 @@ async function startHttpServer(options) {
       });
       return;
     }
-    const identity = `jwt:${auth.userId.slice(0, 8)}...:team=${auth.teamId.slice(0, 8)}...`;
+    const identity = auth.kind === "jwt" ? `jwt:${auth.userId.slice(0, 8)}...:team=${auth.teamId.slice(0, 8)}...` : `apiKey:${auth.apiKey.slice(0, 12)}...`;
     try {
       console.error(`[MCP] POST method=${method} auth=${identity}`);
       const transport = new StreamableHTTPServerTransport({
         sessionIdGenerator: undefined
       });
-      const server = createServer({
+      const server = auth.kind === "jwt" ? createServer({
         jwt: auth.jwt,
         refreshToken: auth.refreshToken,
-        teamId: auth.teamId
-      });
+        teamId: auth.teamId,
+        persist: async (state) => {
+          const entry = await store.get("access_tokens", auth.mcpToken);
+          if (!entry) {
+            console.error(`[PERSIST] WARN: access token gone from store (token=${auth.mcpToken.slice(0, 12)}...)`);
+            return;
+          }
+          const remainingMs = entry.expiresAt - Date.now();
+          if (remainingMs <= 0) {
+            console.error(`[PERSIST] WARN: access token already expired, skipping persist`);
+            return;
+          }
+          const ttlSeconds = Math.ceil(remainingMs / 1000);
+          await store.set("access_tokens", auth.mcpToken, {
+            ...entry,
+            supabaseJwt: state.supabaseJwt ?? entry.supabaseJwt,
+            supabaseRefreshToken: state.supabaseRefreshToken ?? entry.supabaseRefreshToken,
+            teamId: state.teamId ?? entry.teamId
+          }, ttlSeconds);
+          console.error(`[PERSIST] OK: updated access token in store (token=${auth.mcpToken.slice(0, 12)}..., team=${state.teamId ?? "unchanged"}, ttl=${ttlSeconds}s)`);
+        }
+      }) : createServer({ apiKey: auth.apiKey });
       await server.connect(transport);
       await transport.handleRequest(req, res, req.body);
     } catch (error48) {
@@ -55013,24 +55253,61 @@ var init_http2 = __esm(async () => {
 
 // src/index.ts
 function createServer(auth) {
-  const ctx = {
-    client: createKadoaClient({ jwt: auth.jwt }),
-    supabaseJwt: auth.jwt,
-    supabaseRefreshToken: auth.refreshToken,
-    teamId: auth.teamId
-  };
+  let ctx;
+  if (typeof auth === "object" && auth !== null && "jwt" in auth) {
+    ctx = {
+      client: createKadoaClient({ jwt: auth.jwt, teamId: auth.teamId }),
+      supabaseJwt: auth.jwt,
+      supabaseRefreshToken: auth.refreshToken,
+      teamId: auth.teamId,
+      persist: auth.persist
+    };
+  } else if (typeof auth === "object" && auth !== null && "apiKey" in auth) {
+    ctx = {
+      client: createKadoaClient({ apiKey: auth.apiKey })
+    };
+  } else {
+    ctx = {
+      client: createKadoaClient(auth)
+    };
+  }
   const server = new McpServer({ name: "kadoa", version: "0.3.2" });
   registerTools(server, ctx);
   server.server.onerror = (error48) => console.error("[MCP Error]", error48);
   return server;
 }
+async function validateApiKey() {
+  const client = createKadoaClient();
+  try {
+    await client.workflow.list({ limit: 1 });
+  } catch (error48) {
+    if (KadoaSdkException.isInstance(error48) && error48.code === "AUTH_ERROR") {
+      console.error("Kadoa MCP: Invalid API key. Check KADOA_API_KEY or run 'kadoa login'.");
+      process.exit(1);
+    }
+  }
+}
 var init_src = __esm(async () => {
   init_mcp();
+  init_stdio2();
   init_client();
   init_tools();
   if (!process.env.VITEST && !process.env.BUN_TEST) {
-    const { startHttpServer: startHttpServer2 } = await init_http2().then(() => exports_http);
-    await startHttpServer2();
+    const httpMode = process.argv.includes("--http") || process.env.MCP_HTTP === "1";
+    if (httpMode) {
+      const { startHttpServer: startHttpServer2 } = await init_http2().then(() => exports_http);
+      await startHttpServer2();
+    } else {
+      await validateApiKey();
+      const server = createServer();
+      const transport = new StdioServerTransport;
+      await server.connect(transport);
+      console.error("Kadoa MCP Server started");
+      process.on("SIGINT", async () => {
+        await server.close();
+        process.exit(0);
+      });
+    }
   }
 });
 await init_src();

package/package.json

@@ -1,9 +1,12 @@
 {
   "name": "@kadoa/mcp",
-  "version": "0.3.7-rc.2",
+  "version": "0.3.7-rc.4",
   "description": "Kadoa MCP Server — manage workflows from Claude Desktop, Cursor, and other MCP clients",
   "type": "module",
   "main": "dist/index.js",
+  "bin": {
+    "kadoa-mcp": "dist/index.js"
+  },
   "publishConfig": {
     "access": "public"
   },
@@ -15,7 +18,8 @@
     "lint": "bunx biome check",
     "lint:fix": "bunx biome check --write",
     "dev": "bun src/index.ts",
-    "build": "bun build src/index.ts --outdir=dist --target=node --external express --external ioredis",
+    "dev:http": "MCP_HTTP=1 bun src/index.ts",
+    "build": "bun build src/index.ts --outdir=dist --target=node --external express --external ioredis && node -e \"const f='dist/index.js';require('fs').writeFileSync(f,require('fs').readFileSync(f,'utf8').replace('#!/usr/bin/env bun','#!/usr/bin/env node'))\"",
     "check-types": "tsc --noEmit",
     "test": "BUN_TEST=1 bun test",
     "test:unit": "BUN_TEST=1 bun test tests/unit --timeout=120000",