npm - @kadoa/mcp - Versions diffs - 0.3.9 → 0.3.10-rc.2 - Mend

@kadoa/mcp 0.3.9 → 0.3.10-rc.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/index.js +168 -78
package/package.json +1 -1

package/dist/index.js CHANGED Viewed

@@ -49167,13 +49167,37 @@ function createKadoaClient(auth) {
   });
   return client;
 }
-var ctxRefreshMutex;
+var refreshRawMutex, ctxRefreshMutex;
 var init_client = __esm(() => {
   init_dist2();
+  refreshRawMutex = new Map;
   ctxRefreshMutex = new WeakMap;
 });
 // src/client.ts
+var exports_client = {};
+__export(exports_client, {
+  refreshSupabaseJwtRaw: () => refreshSupabaseJwtRaw,
+  refreshSupabaseJwt: () => refreshSupabaseJwt,
+  isJwtExpired: () => isJwtExpired,
+  getValidJwt: () => getValidJwt,
+  decodeJwtClaims: () => decodeJwtClaims,
+  createKadoaClient: () => createKadoaClient2,
+  SessionExpiredError: () => SessionExpiredError,
+  KadoaSdkException: () => KadoaSdkException,
+  KadoaClient: () => KadoaClient
+});
+function createKadoaClient2(auth) {
+  const client = new KadoaClient({ bearerToken: auth.jwt });
+  client.axiosInstance.interceptors.request.use((config2) => {
+    config2.headers["x-kadoa-source"] = "mcp";
+    if (auth.teamId) {
+      config2.headers["x-team-id"] = auth.teamId;
+    }
+    return config2;
+  });
+  return client;
+}
 function decodeJwtClaims(jwt2) {
   try {
     const payload = JSON.parse(Buffer.from(jwt2.split(".")[1], "base64url").toString());
@@ -49195,36 +49219,57 @@ function isJwtExpired(jwt2) {
     return true;
   }
 }
-async function refreshSupabaseJwt(ctx) {
-  if (!ctx.supabaseRefreshToken) {
-    console.error("[JWT_REFRESH] No refresh token available, cannot refresh");
-    return;
+async function refreshSupabaseJwtRaw(supabaseRefreshToken) {
+  const inflight = refreshRawMutex2.get(supabaseRefreshToken);
+  if (inflight) {
+    console.error(`[JWT_REFRESH] DEDUP: reusing in-flight raw refresh`);
+    return inflight;
   }
+  const promise3 = _doRefreshRaw(supabaseRefreshToken).finally(() => {
+    refreshRawMutex2.delete(supabaseRefreshToken);
+  });
+  refreshRawMutex2.set(supabaseRefreshToken, promise3);
+  return promise3;
+}
+async function _doRefreshRaw(supabaseRefreshToken) {
   const supabaseUrl = process.env.SUPABASE_URL;
   if (!supabaseUrl) {
     console.error("[JWT_REFRESH] SUPABASE_URL not set, cannot refresh");
+    return null;
+  }
+  const res = await fetch(`${supabaseUrl}/auth/v1/token?grant_type=refresh_token`, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json",
+      apikey: process.env.SUPABASE_ANON_KEY
+    },
+    body: JSON.stringify({ refresh_token: supabaseRefreshToken })
+  });
+  if (res.ok) {
+    const data = await res.json();
+    return { jwt: data.access_token, refreshToken: data.refresh_token };
+  }
+  const body = await res.text().catch(() => "");
+  console.error(`[JWT_REFRESH] FAIL: Supabase returned ${res.status} (refreshToken=${supabaseRefreshToken.slice(0, 12)}...): ${body}`);
+  if (body.includes("session_expired") || body.includes("refresh_token_not_found") || body.includes("refresh_token_already_used")) {
+    throw new SessionExpiredError("Your Kadoa session has expired due to inactivity. Please reconnect to re-authenticate.");
+  }
+  return null;
+}
+async function refreshSupabaseJwt(ctx) {
+  if (!ctx.supabaseRefreshToken) {
+    console.error("[JWT_REFRESH] No refresh token available, cannot refresh");
     return;
   }
   try {
     const refreshToken = ctx.supabaseRefreshToken;
     console.error(`[JWT_REFRESH] Refreshing Supabase JWT (refreshToken=${refreshToken.slice(0, 12)}..., team=${ctx.teamId ?? "unknown"})`);
-    const res = await fetch(`${supabaseUrl}/auth/v1/token?grant_type=refresh_token`, {
-      method: "POST",
-      headers: {
-        "Content-Type": "application/json",
-        apikey: process.env.SUPABASE_ANON_KEY
-      },
-      body: JSON.stringify({ refresh_token: refreshToken })
-    });
-    if (!res.ok) {
-      const body = await res.text().catch(() => "");
-      console.error(`[JWT_REFRESH] FAIL: Supabase returned ${res.status} (refreshToken=${refreshToken.slice(0, 12)}...): ${body}`);
+    const result = await refreshSupabaseJwtRaw(refreshToken);
+    if (!result)
       return;
-    }
-    const data = await res.json();
-    ctx.supabaseJwt = data.access_token;
-    ctx.supabaseRefreshToken = data.refresh_token;
-    ctx.client.setBearerToken(data.access_token);
+    ctx.supabaseJwt = result.jwt;
+    ctx.supabaseRefreshToken = result.refreshToken;
+    ctx.client.setBearerToken(result.jwt);
     try {
       await ctx.persist?.({
         supabaseJwt: ctx.supabaseJwt,
@@ -49234,9 +49279,11 @@ async function refreshSupabaseJwt(ctx) {
     } catch (e) {
       console.error("[JWT_REFRESH] WARN: persist failed, tokens updated in-memory only:", e);
     }
-    console.error(`[JWT_REFRESH] OK: token refreshed (team=${ctx.teamId ?? "unknown"}, newRefreshToken=${data.refresh_token.slice(0, 12)}...)`);
-    return data.access_token;
+    console.error(`[JWT_REFRESH] OK: token refreshed (team=${ctx.teamId ?? "unknown"}, newRefreshToken=${result.refreshToken.slice(0, 12)}...)`);
+    return result.jwt;
   } catch (error48) {
+    if (error48 instanceof SessionExpiredError)
+      throw error48;
     console.error("[JWT_REFRESH] FAIL: threw", error48);
     return;
   }
@@ -49257,9 +49304,16 @@ async function getValidJwt(ctx) {
   ctxRefreshMutex2.set(ctx, promise3);
   return promise3;
 }
-var ctxRefreshMutex2;
+var SessionExpiredError, refreshRawMutex2, ctxRefreshMutex2;
 var init_client2 = __esm(() => {
   init_dist2();
+  SessionExpiredError = class SessionExpiredError extends Error {
+    constructor(message) {
+      super(message ?? "Supabase session expired. Please re-authenticate.");
+      this.name = "SessionExpiredError";
+    }
+  };
+  refreshRawMutex2 = new Map;
   ctxRefreshMutex2 = new WeakMap;
 });
@@ -49380,6 +49434,10 @@ function registerTools(server, ctx) {
         }
         return await handler(...args);
       } catch (error48) {
+        if (error48 instanceof SessionExpiredError) {
+          console.error(`[Tool Error] ${name}: session expired, user must re-authenticate`);
+          return errorResult("Your session has expired. Please reconnect the MCP server to re-authenticate.");
+        }
         let message = classifyError(error48);
         if (KadoaHttpException.isInstance(error48) && error48.httpStatus === 403) {
           try {
@@ -49529,7 +49587,10 @@ function registerTools(server, ctx) {
     inputSchema: strictSchema({
       ...extractionInputShape,
       ...urlInputShape,
-      interval: exports_external.enum([
+      description: exports_external.string().max(500).optional().describe("Description of what this workflow does (max 500 characters)"),
+      tags: exports_external.preprocess(coerceArray(true), exports_external.array(exports_external.string())).optional().describe("Tags for organizing workflows"),
+      limit: exports_external.number().optional().describe("Maximum number of records to extract per run. Useful for limiting scope or cost control."),
+      updateInterval: exports_external.enum([
         "ONLY_ONCE",
         "EVERY_10_MINUTES",
         "HALF_HOURLY",
@@ -49545,8 +49606,10 @@ function registerTools(server, ctx) {
         "BIWEEKLY",
         "TRIWEEKLY",
         "FOUR_WEEKS",
-        "MONTHLY"
-      ]).optional().describe("How often the workflow runs. Defaults to ONLY_ONCE."),
+        "MONTHLY",
+        "CUSTOM"
+      ]).optional().describe("How often the workflow runs. Defaults to ONLY_ONCE. Use CUSTOM with the 'schedules' field for cron-based scheduling."),
+      schedules: exports_external.preprocess(coerceArray(true), exports_external.array(exports_external.string())).optional().describe("Cron expressions for CUSTOM updateInterval (e.g. '0 8 * * 2' for Tuesdays at 8am UTC). Requires updateInterval='CUSTOM'."),
       ...notificationsInputShape
     }),
     annotations: { readOnlyHint: false, destructiveHint: false, idempotentHint: false }
@@ -49555,13 +49618,18 @@ function registerTools(server, ctx) {
     if (!urls) {
       return errorResult("At least one URL is required. Provide 'urls' (array) or 'url' (string).");
     }
+    if (args.updateInterval === "CUSTOM" && (!args.schedules || args.schedules.length === 0)) {
+      return errorResult("updateInterval='CUSTOM' requires at least one cron expression in the 'schedules' field (e.g. '0 8 * * 2' for Tuesdays at 8am UTC).");
+    }
     let builder = ctx.client.extract({
       urls,
       name: args.name || "Untitled Workflow",
       navigationMode: "agentic-navigation",
       userPrompt: args.prompt,
       extraction: buildExtraction(args),
-      interval: args.interval
+      interval: args.updateInterval,
+      description: args.description,
+      schedules: args.schedules
     });
     const n = args.notifications;
     const hasNotifications = n && (n.email || n.webhook || n.slack || n.websocket);
@@ -49572,6 +49640,15 @@ function registerTools(server, ctx) {
       });
     }
     const workflow = await builder.create();
+    const needsUpdate = args.limit !== undefined || args.tags && args.tags.length > 0;
+    if (needsUpdate) {
+      const updates = {};
+      if (args.limit !== undefined)
+        updates.limit = args.limit;
+      if (args.tags && args.tags.length > 0)
+        updates.tags = args.tags;
+      await ctx.client.workflow.update(workflow.workflowId, updates);
+    }
     const enabledChannels = await describeNotifications(n);
     let message = "Workflow created successfully. The AI agent will start extracting data automatically.";
     if (enabledChannels.length > 0) {
@@ -49592,6 +49669,8 @@ function registerTools(server, ctx) {
     inputSchema: strictSchema({
       ...extractionInputShape,
       ...urlInputShape,
+      description: exports_external.string().max(500).optional().describe("Description of what this monitor watches (max 500 characters)"),
+      tags: exports_external.preprocess(coerceArray(true), exports_external.array(exports_external.string())).optional().describe("Tags for organizing monitors"),
       ...notificationsInputShape
     }),
     annotations: { readOnlyHint: false, destructiveHint: false, idempotentHint: false }
@@ -49610,13 +49689,17 @@ function registerTools(server, ctx) {
       name: args.name || "Untitled Monitor",
       userPrompt: args.prompt,
       extraction: buildExtraction(args),
-      interval: "REAL_TIME"
+      interval: "REAL_TIME",
+      description: args.description
     });
     builder = builder.withNotifications({
       events: ["workflow_data_change"],
       channels: buildNotificationChannels(n)
     });
     const workflow = await builder.create();
+    if (args.tags && args.tags.length > 0) {
+      await ctx.client.workflow.update(workflow.workflowId, { tags: args.tags });
+    }
     const enabledChannels = await describeNotifications(n);
     let message = "Real-time monitor created successfully. It will continuously watch for changes — no manual runs needed.";
     if (enabledChannels.length > 0) {
@@ -49785,7 +49868,7 @@ function registerTools(server, ctx) {
       urls: exports_external.preprocess(coerceArray(true), exports_external.array(exports_external.string()).min(1)).optional().describe("New target URLs for the workflow (array of strings). Also accepts a single URL string."),
       entity: exports_external.string().optional().describe("Entity name for extraction (e.g., 'Product', 'Job Posting')"),
       schema: exports_external.preprocess(coerceArray(), exports_external.array(exports_external.object(SchemaFieldShape))).optional().describe("New extraction schema fields"),
-      description: exports_external.string().optional().describe("Workflow description"),
+      description: exports_external.string().max(500).optional().describe("Workflow description (max 500 characters)"),
       tags: exports_external.preprocess(coerceArray(true), exports_external.array(exports_external.string())).optional().describe("Tags for organizing workflows"),
       userPrompt: exports_external.string().optional().describe("Navigation prompt for agentic-navigation mode (10-5000 characters)"),
       updateInterval: exports_external.enum([
@@ -49824,6 +49907,9 @@ function registerTools(server, ctx) {
         return errorResult("Cannot change a real-time workflow's interval to a scheduled interval. " + "Real-time workflows are architecturally different and cannot be converted to regular workflows. " + "Delete this workflow and create a new one with the desired interval using create_workflow.");
       }
     }
+    if (updates.updateInterval === "CUSTOM" && (!updates.schedules || updates.schedules.length === 0)) {
+      return errorResult("updateInterval='CUSTOM' requires at least one cron expression in the 'schedules' field (e.g. '0 8 * * 2' for Tuesdays at 8am UTC).");
+    }
     const result = await ctx.client.workflow.update(workflowId, updates);
     return jsonResult({
       success: true,
@@ -54108,45 +54194,6 @@ function generatePKCE() {
   const challenge = createHash2("sha256").update(verifier).digest("base64url");
   return { verifier, challenge };
 }
-async function refreshSupabaseToken(supabaseRefreshToken, context) {
-  const inflight = supabaseRefreshMutex.get(supabaseRefreshToken);
-  if (inflight) {
-    console.error(`[AUTH] REFRESH_DEDUP: reusing in-flight refresh (${context})`);
-    return inflight;
-  }
-  const promise3 = (async () => {
-    const supabaseUrl = process.env.SUPABASE_URL;
-    if (!supabaseUrl || !supabaseRefreshToken)
-      return null;
-    try {
-      const res = await fetch(`${supabaseUrl}/auth/v1/token?grant_type=refresh_token`, {
-        method: "POST",
-        headers: {
-          "Content-Type": "application/json",
-          apikey: process.env.SUPABASE_ANON_KEY
-        },
-        body: JSON.stringify({ refresh_token: supabaseRefreshToken })
-      });
-      if (res.ok) {
-        const data = await res.json();
-        const newClaims = jwtClaims(data.access_token);
-        console.log(`[AUTH] REFRESH_OK: Supabase JWT refreshed (${context}, newEmail=${newClaims.email})`);
-        return { jwt: data.access_token, refreshToken: data.refresh_token };
-      }
-      const body = await res.text().catch(() => "");
-      console.error(`[AUTH] REFRESH_FAIL: Supabase returned ${res.status} (${context}): ${body.slice(0, 200)}`);
-      return null;
-    } catch (err) {
-      console.error(`[AUTH] REFRESH_FAIL: Supabase refresh threw (${context}):`, err);
-      return null;
-    }
-  })();
-  supabaseRefreshMutex.set(supabaseRefreshToken, promise3);
-  promise3.finally(() => {
-    supabaseRefreshMutex.delete(supabaseRefreshToken);
-  });
-  return promise3;
-}
 function jwtClaims(jwt2) {
   try {
     const payload = JSON.parse(Buffer.from(jwt2.split(".")[1], "base64url").toString());
@@ -54454,12 +54501,22 @@ class KadoaOAuthProvider {
     let { supabaseJwt, supabaseRefreshToken } = entry;
     const claims = jwtClaims(entry.supabaseJwt);
     const context = `email=${claims.email}, team=${entry.teamId}`;
-    const refreshed = await refreshSupabaseToken(supabaseRefreshToken, context);
-    if (refreshed) {
-      supabaseJwt = refreshed.jwt;
-      supabaseRefreshToken = refreshed.refreshToken;
-    } else {
-      console.error(`[AUTH] REFRESH_WARN: using stale Supabase JWT as fallback (${context})`);
+    try {
+      const { refreshSupabaseJwtRaw: refreshSupabaseJwtRaw2, SessionExpiredError: SessionExpiredError2 } = await Promise.resolve().then(() => (init_client2(), exports_client));
+      const refreshed = await refreshSupabaseJwtRaw2(supabaseRefreshToken);
+      if (refreshed) {
+        supabaseJwt = refreshed.jwt;
+        supabaseRefreshToken = refreshed.refreshToken;
+        console.error(`[AUTH] REFRESH_OK: Supabase JWT refreshed (${context})`);
+      } else {
+        console.error(`[AUTH] REFRESH_WARN: using stale Supabase JWT as fallback (${context})`);
+      }
+    } catch (error48) {
+      if (error48 instanceof Error && error48.name === "SessionExpiredError") {
+        console.error(`[AUTH] REFRESH_DEAD: session permanently expired (${context}): ${error48.message}`);
+        throw new InvalidTokenError("Supabase session expired. Please re-authenticate.");
+      }
+      console.error(`[AUTH] REFRESH_WARN: unexpected error, using stale JWT (${context}):`, error48);
     }
     const freshClaims = jwtClaims(supabaseJwt);
     const teamId = freshClaims.activeTeamId ?? entry.teamId;
@@ -54586,7 +54643,7 @@ class KadoaOAuthProvider {
       codeChallenge: pending.params.codeChallenge,
       clientId: pending.client.client_id,
       redirectUri: pending.params.redirectUri,
-      expiresAt: Date.now() + 10 * 60 * 1000
+      expiresAt: Date.now() + 600000
     }, 600);
     const redirectUrl = new URL(pending.params.redirectUri);
     redirectUrl.searchParams.set("code", mcpCode);
@@ -55015,12 +55072,11 @@ function renderLoginPage(state, error48) {
 function escapeHtml(str) {
   return str.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;").replace(/'/g, "&#39;");
 }
-var TEAM_SELECTION_TTL, ACCESS_TOKEN_TTL, supabaseRefreshMutex;
+var TEAM_SELECTION_TTL, ACCESS_TOKEN_TTL;
 var init_auth2 = __esm(() => {
   init_errors4();
   TEAM_SELECTION_TTL = 10 * 60 * 1000;
   ACCESS_TOKEN_TTL = 7 * 24 * 3600;
-  supabaseRefreshMutex = new Map;
 });
 // src/redis-store.ts
@@ -55213,6 +55269,39 @@ async function startHttpServer(options) {
       return;
     }
     const identity = `jwt:${auth.userId.slice(0, 8)}...:team=${auth.teamId.slice(0, 8)}...`;
+    if (isJwtExpired(auth.jwt)) {
+      try {
+        const refreshed = await refreshSupabaseJwtRaw(auth.refreshToken);
+        if (refreshed) {
+          auth.jwt = refreshed.jwt;
+          auth.refreshToken = refreshed.refreshToken;
+          const entry = await store.get("access_tokens", auth.mcpToken);
+          if (entry) {
+            const remainingMs = entry.expiresAt - Date.now();
+            if (remainingMs > 0) {
+              await store.set("access_tokens", auth.mcpToken, {
+                ...entry,
+                supabaseJwt: refreshed.jwt,
+                supabaseRefreshToken: refreshed.refreshToken
+              }, Math.ceil(remainingMs / 1000));
+              console.error(`[PROACTIVE_REFRESH] OK: JWT refreshed on ${method} (${identity})`);
+            }
+          }
+        }
+      } catch (error48) {
+        if (error48 instanceof SessionExpiredError) {
+          console.error(`[PROACTIVE_REFRESH] Session dead on ${method} (${identity}): ${error48.message}`);
+          await store.del("access_tokens", auth.mcpToken);
+          res.status(401).json({
+            jsonrpc: "2.0",
+            error: { code: -32001, message: error48.message },
+            id: req.body?.id ?? null
+          });
+          return;
+        }
+        console.error(`[PROACTIVE_REFRESH] WARN: refresh failed on ${method}, continuing with stale JWT`, error48);
+      }
+    }
     try {
       console.error(`[MCP] POST method=${method} auth=${identity}`);
       const transport = new StreamableHTTPServerTransport({
@@ -55290,6 +55379,7 @@ var init_http2 = __esm(async () => {
   init_bearerAuth();
   init_auth2();
   init_redis_store();
+  init_client2();
   await init_src();
 });

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@kadoa/mcp",
-  "version": "0.3.9",
+  "version": "0.3.10-rc.2",
   "description": "Kadoa MCP Server — manage workflows from Claude Desktop, Cursor, and other MCP clients",
   "type": "module",
   "main": "dist/index.js",