@kelpi/mcp 0.1.0

package/dist/tools/auth/index.js

@@ -0,0 +1,50 @@
+import { loginInputSchema, statusInputSchema } from './schemas.js';
+import { loginHandler } from './login.js';
+import { statusHandler } from './status.js';
+/**
+ * kelpi_login tool definition and handler
+ *
+ * Initiates browser-based authentication using device code flow.
+ * Returns verification URL and user code for the user to complete authentication.
+ */
+export const kelpiLogin = {
+    definition: {
+        name: 'kelpi_login',
+        description: `Authenticate with Kelpi using browser-based login.
+
+This tool initiates the device code authentication flow:
+1. Creates an authentication session
+2. Returns a verification URL and code
+3. Polls for completion while you authenticate in the browser
+4. Saves the API key to config on success
+
+After running this tool, open the provided URL in your browser and enter the code to complete authentication.`,
+        inputSchema: loginInputSchema,
+    },
+    handler: loginHandler,
+};
+/**
+ * kelpi_status tool definition and handler
+ *
+ * Checks current authentication status and returns workspace information.
+ */
+export const kelpiStatus = {
+    definition: {
+        name: 'kelpi_status',
+        description: `Check current authentication status and display workspace information.
+
+Returns:
+- authenticated: whether you are currently logged in
+- workspace_id: ID of the current workspace
+- workspace_name: name of the current workspace
+- key_type: whether using a public or secret API key`,
+        inputSchema: statusInputSchema,
+    },
+    handler: statusHandler,
+};
+// Re-export schemas
+export * from './schemas.js';
+// Re-export handler factories for testing
+export { createLoginHandler, validateVerificationUrl } from './login.js';
+export { createStatusHandler } from './status.js';
+//# sourceMappingURL=index.js.map

package/dist/tools/auth/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/tools/auth/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AACnE,OAAO,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAC1C,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAE5C;;;;;GAKG;AACH,MAAM,CAAC,MAAM,UAAU,GAAoB;IACzC,UAAU,EAAE;QACV,IAAI,EAAE,aAAa;QACnB,WAAW,EAAE;;;;;;;;8GAQ6F;QAC1G,WAAW,EAAE,gBAAgB;KAC9B;IACD,OAAO,EAAE,YAAY;CACtB,CAAC;AAEF;;;;GAIG;AACH,MAAM,CAAC,MAAM,WAAW,GAAoB;IAC1C,UAAU,EAAE;QACV,IAAI,EAAE,cAAc;QACpB,WAAW,EAAE;;;;;;qDAMoC;QACjD,WAAW,EAAE,iBAAiB;KAC/B;IACD,OAAO,EAAE,aAAa;CACvB,CAAC;AAEF,oBAAoB;AACpB,cAAc,cAAc,CAAC;AAE7B,0CAA0C;AAC1C,OAAO,EAAE,kBAAkB,EAAE,uBAAuB,EAAE,MAAM,YAAY,CAAC;AACzE,OAAO,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC"}

package/dist/tools/auth/login.d.ts

@@ -0,0 +1,37 @@
+import type { ToolHandler } from '../../lib/tool-registry.js';
+/**
+ * Options for the login handler
+ */
+export interface LoginHandlerOptions {
+    apiUrl?: string;
+    maxPollAttempts?: number;
+    pollIntervalMs?: number;
+}
+/**
+ * Validate a verification URL for security.
+ *
+ * Security checks:
+ * 1. Only allow http/https protocols
+ * 2. Reject URLs that are too long (potential buffer overflow)
+ * 3. Reject empty or whitespace-only URLs
+ * 4. Ensure URL has a valid hostname
+ *
+ * Note: We use spawn() with array arguments to open the browser,
+ * which bypasses shell interpretation entirely, so shell metacharacters
+ * are not a security concern here.
+ *
+ * @param url - The URL to validate
+ * @returns true if the URL is safe to open in a browser, false otherwise
+ */
+export declare function validateVerificationUrl(url: string): boolean;
+/**
+ * Creates a login handler with the specified options.
+ * This factory function allows for dependency injection in tests.
+ */
+export declare function createLoginHandler(options?: LoginHandlerOptions): ToolHandler;
+/**
+ * Default login handler that uses configured API URL
+ * Supports KELPI_API_URL environment variable for local development
+ */
+export declare const loginHandler: ToolHandler;
+//# sourceMappingURL=login.d.ts.map

package/dist/tools/auth/login.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"login.d.ts","sourceRoot":"","sources":["../../../src/tools/auth/login.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAc,MAAM,4BAA4B,CAAC;AAoC1E;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAED;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,uBAAuB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAqC5D;AA0CD;;;GAGG;AACH,wBAAgB,kBAAkB,CAAC,OAAO,GAAE,mBAAwB,GAAG,WAAW,CA0KjF;AAED;;;GAGG;AACH,eAAO,MAAM,YAAY,EAAE,WAI1B,CAAC"}

package/dist/tools/auth/login.js

@@ -0,0 +1,257 @@
+import { saveConfig, getApiUrl } from '../../lib/config.js';
+import { spawn } from 'node:child_process';
+import { MCP_VERSION } from '../../lib/version.js';
+/**
+ * Default API URL for Kelpi
+ */
+const DEFAULT_API_URL = 'https://api.kelpi.ai';
+/**
+ * Maximum allowed URL length to prevent buffer overflow attacks
+ */
+const MAX_URL_LENGTH = 2048;
+/**
+ * Validate a verification URL for security.
+ *
+ * Security checks:
+ * 1. Only allow http/https protocols
+ * 2. Reject URLs that are too long (potential buffer overflow)
+ * 3. Reject empty or whitespace-only URLs
+ * 4. Ensure URL has a valid hostname
+ *
+ * Note: We use spawn() with array arguments to open the browser,
+ * which bypasses shell interpretation entirely, so shell metacharacters
+ * are not a security concern here.
+ *
+ * @param url - The URL to validate
+ * @returns true if the URL is safe to open in a browser, false otherwise
+ */
+export function validateVerificationUrl(url) {
+    // Reject null, undefined, or non-string values
+    if (url === null || url === undefined || typeof url !== 'string') {
+        return false;
+    }
+    // Reject empty or whitespace-only URLs
+    const trimmedUrl = url.trim();
+    if (trimmedUrl.length === 0) {
+        return false;
+    }
+    // Reject URLs that are too long
+    if (url.length > MAX_URL_LENGTH) {
+        return false;
+    }
+    // Parse the URL to validate protocol and structure
+    let parsedUrl;
+    try {
+        parsedUrl = new URL(url);
+    }
+    catch {
+        // Invalid URL format
+        return false;
+    }
+    // Only allow http and https protocols
+    if (parsedUrl.protocol !== 'http:' && parsedUrl.protocol !== 'https:') {
+        return false;
+    }
+    // Ensure the URL has a hostname
+    if (!parsedUrl.hostname) {
+        return false;
+    }
+    return true;
+}
+/**
+ * Open a URL in the user's default browser.
+ * Cross-platform implementation for macOS, Linux, and Windows.
+ *
+ * Uses spawn() with array arguments instead of exec() with shell strings
+ * to prevent command injection attacks. The URL is passed directly to
+ * the browser command without shell interpretation.
+ *
+ * @param url - The URL to open
+ */
+function openBrowser(url) {
+    const platform = process.platform;
+    const [command, args] = platform === 'darwin'
+        ? ['open', [url]]
+        : platform === 'win32'
+            ? ['cmd', ['/c', 'start', '', url]]
+            : ['xdg-open', [url]];
+    const child = spawn(command, args, {
+        detached: true,
+        stdio: 'ignore',
+    });
+    child.on('error', (err) => {
+        // Don't fail the whole flow if browser opening fails
+        // User can still manually open the URL
+        console.error('Failed to open browser:', err);
+    });
+    child.unref();
+}
+/**
+ * Sleep helper for polling interval
+ */
+function sleep(ms) {
+    return new Promise((resolve) => setTimeout(resolve, ms));
+}
+/**
+ * Creates a login handler with the specified options.
+ * This factory function allows for dependency injection in tests.
+ */
+export function createLoginHandler(options = {}) {
+    const { apiUrl = DEFAULT_API_URL, maxPollAttempts = 60, // Default: poll for up to 5 minutes (60 * 5 seconds)
+    pollIntervalMs = 5000, // Default: 5 seconds
+     } = options;
+    return async () => {
+        // Step 1: Create a CLI auth session
+        let session;
+        try {
+            const response = await fetch(`${apiUrl}/api/cli/auth/session`, {
+                method: 'POST',
+                headers: {
+                    'Content-Type': 'application/json',
+                    'User-Agent': `kelpi-mcp/${MCP_VERSION}`,
+                },
+            });
+            if (!response.ok) {
+                const errorBody = await response.json().catch(() => ({ error: 'Unknown error' }));
+                throw new Error(errorBody.error || `HTTP ${response.status}`);
+            }
+            session = await response.json();
+        }
+        catch (err) {
+            return {
+                content: [
+                    {
+                        type: 'text',
+                        text: JSON.stringify({
+                            error: 'Failed to create authentication session',
+                            details: err instanceof Error ? err.message : 'Unknown error',
+                            instructions: 'Check your network connection and try again.',
+                        }, null, 2),
+                    },
+                ],
+                isError: true,
+            };
+        }
+        // Step 2: Validate the verification URL from server
+        if (!validateVerificationUrl(session.verification_url)) {
+            return {
+                content: [
+                    {
+                        type: 'text',
+                        text: JSON.stringify({
+                            error: 'Invalid verification URL received from server',
+                            details: 'The verification URL did not pass security validation.',
+                        }, null, 2),
+                    },
+                ],
+                isError: true,
+            };
+        }
+        // Step 3: Open the verification URL in the user's browser
+        openBrowser(session.verification_url);
+        // Step 4: Poll for completion
+        const pollInterval = session.interval ? session.interval * 1000 : pollIntervalMs;
+        let pollResult = 'pending';
+        let apiKey;
+        for (let attempt = 0; attempt < maxPollAttempts; attempt++) {
+            await sleep(pollInterval);
+            try {
+                const pollResponse = await fetch(`${apiUrl}/api/cli/auth/session/poll/${session.device_code}`, {
+                    method: 'GET',
+                    headers: {
+                        'User-Agent': `kelpi-mcp/${MCP_VERSION}`,
+                    },
+                });
+                if (!pollResponse.ok) {
+                    // Session might have expired (404/410) or other error
+                    if (pollResponse.status === 404 || pollResponse.status === 410) {
+                        pollResult = 'expired';
+                        break;
+                    }
+                    // Other errors - continue polling
+                    continue;
+                }
+                const status = await pollResponse.json();
+                if (status.status === 'completed' && status.api_key) {
+                    pollResult = 'success';
+                    apiKey = status.api_key;
+                    // Save the API key to config
+                    await saveConfig({
+                        api_key: status.api_key,
+                        api_url: apiUrl,
+                    });
+                    break;
+                }
+                if (status.status === 'expired') {
+                    pollResult = 'expired';
+                    break;
+                }
+                // Still pending - continue polling
+            }
+            catch {
+                // Network error - continue polling
+            }
+        }
+        // Step 5: Return result based on poll outcome
+        if (pollResult === 'success') {
+            return {
+                content: [
+                    {
+                        type: 'text',
+                        text: JSON.stringify({
+                            status: 'success',
+                            message: 'Authentication successful! You are now logged in to Kelpi.',
+                            api_key: apiKey ? `${apiKey.substring(0, 15)}...` : undefined,
+                        }, null, 2),
+                    },
+                ],
+            };
+        }
+        if (pollResult === 'expired') {
+            return {
+                content: [
+                    {
+                        type: 'text',
+                        text: JSON.stringify({
+                            error: 'Authentication session expired',
+                            instructions: 'Please run kelpi_login again to start a new session.',
+                        }, null, 2),
+                    },
+                ],
+                isError: true,
+            };
+        }
+        // Still pending after max attempts - return instructions for manual completion
+        return {
+            content: [
+                {
+                    type: 'text',
+                    text: JSON.stringify({
+                        status: 'pending',
+                        instructions: `To complete authentication:
+
+1. Open this URL in your browser:
+   ${session.verification_url}
+
+2. Enter this code when prompted:
+   ${session.user_code}
+
+3. After completing authentication in the browser, run kelpi_status to verify.`,
+                        verification_url: session.verification_url,
+                        user_code: session.user_code,
+                    }, null, 2),
+                },
+            ],
+        };
+    };
+}
+/**
+ * Default login handler that uses configured API URL
+ * Supports KELPI_API_URL environment variable for local development
+ */
+export const loginHandler = async (input) => {
+    const apiUrl = await getApiUrl();
+    const handler = createLoginHandler({ apiUrl });
+    return handler(input);
+};
+//# sourceMappingURL=login.js.map

package/dist/tools/auth/login.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"login.js","sourceRoot":"","sources":["../../../src/tools/auth/login.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAC;AAC5D,OAAO,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAC3C,OAAO,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC;AAEnD;;GAEG;AACH,MAAM,eAAe,GAAG,sBAAsB,CAAC;AAE/C;;GAEG;AACH,MAAM,cAAc,GAAG,IAAI,CAAC;AAgC5B;;;;;;;;;;;;;;;GAeG;AACH,MAAM,UAAU,uBAAuB,CAAC,GAAW;IACjD,+CAA+C;IAC/C,IAAI,GAAG,KAAK,IAAI,IAAI,GAAG,KAAK,SAAS,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QACjE,OAAO,KAAK,CAAC;IACf,CAAC;IAED,uCAAuC;IACvC,MAAM,UAAU,GAAG,GAAG,CAAC,IAAI,EAAE,CAAC;IAC9B,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC5B,OAAO,KAAK,CAAC;IACf,CAAC;IAED,gCAAgC;IAChC,IAAI,GAAG,CAAC,MAAM,GAAG,cAAc,EAAE,CAAC;QAChC,OAAO,KAAK,CAAC;IACf,CAAC;IAED,mDAAmD;IACnD,IAAI,SAAc,CAAC;IACnB,IAAI,CAAC;QACH,SAAS,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;IAC3B,CAAC;IAAC,MAAM,CAAC;QACP,qBAAqB;QACrB,OAAO,KAAK,CAAC;IACf,CAAC;IAED,sCAAsC;IACtC,IAAI,SAAS,CAAC,QAAQ,KAAK,OAAO,IAAI,SAAS,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QACtE,OAAO,KAAK,CAAC;IACf,CAAC;IAED,gCAAgC;IAChC,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,CAAC;QACxB,OAAO,KAAK,CAAC;IACf,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;;;;GASG;AACH,SAAS,WAAW,CAAC,GAAW;IAC9B,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;IAClC,MAAM,CAAC,OAAO,EAAE,IAAI,CAAC,GACnB,QAAQ,KAAK,QAAQ;QACnB,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC;QACjB,CAAC,CAAC,QAAQ,KAAK,OAAO;YACpB,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,GAAG,CAAC,CAAC;YACnC,CAAC,CAAC,CAAC,UAAU,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAE5B,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,EAAE,IAAI,EAAE;QACjC,QAAQ,EAAE,IAAI;QACd,KAAK,EAAE,QAAQ;KAChB,CAAC,CAAC;IAEH,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;QACxB,qDAAqD;QACrD,uCAAuC;QACvC,OAAO,CAAC,KAAK,CAAC,yBAAyB,EAAE,GAAG,CAAC,CAAC;IAChD,CAAC,CAAC,CAAC;IAEH,KAAK,CAAC,KAAK,EAAE,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,SAAS,KAAK,CAAC,EAAU;IACvB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC;AAC3D,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,kBAAkB,CAAC,UAA+B,EAAE;IAClE,MAAM,EACJ,MAAM,GAAG,eAAe,EACxB,eAAe,GAAG,EAAE,EAAE,qDAAqD;IAC3E,cAAc,GAAG,IAAI,EAAE,qBAAqB;MAC7C,GAAG,OAAO,CAAC;IAEZ,OAAO,KAAK,IAAyB,EAAE;QACrC,oCAAoC;QACpC,IAAI,OAAwB,CAAC;QAE7B,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,MAAM,uBAAuB,EAAE;gBAC7D,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE;oBACP,cAAc,EAAE,kBAAkB;oBAClC,YAAY,EAAE,aAAa,WAAW,EAAE;iBACzC;aACF,CAAC,CAAC;YAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,KAAK,EAAE,eAAe,EAAE,CAAC,CAAuB,CAAC;gBACxG,MAAM,IAAI,KAAK,CAAC,SAAS,CAAC,KAAK,IAAI,QAAQ,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;YAChE,CAAC;YAED,OAAO,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAqB,CAAC;QACrD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO;gBACL,OAAO,EAAE;oBACP;wBACE,IAAI,EAAE,MAAM;wBACZ,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;4BACnB,KAAK,EAAE,yCAAyC;4BAChD,OAAO,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe;4BAC7D,YAAY,EAAE,8CAA8C;yBAC7D,EAAE,IAAI,EAAE,CAAC,CAAC;qBACZ;iBACF;gBACD,OAAO,EAAE,IAAI;aACd,CAAC;QACJ,CAAC;QAED,oDAAoD;QACpD,IAAI,CAAC,uBAAuB,CAAC,OAAO,CAAC,gBAAgB,CAAC,EAAE,CAAC;YACvD,OAAO;gBACL,OAAO,EAAE;oBACP;wBACE,IAAI,EAAE,MAAM;wBACZ,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;4BACnB,KAAK,EAAE,+CAA+C;4BACtD,OAAO,EAAE,wDAAwD;yBAClE,EAAE,IAAI,EAAE,CAAC,CAAC;qBACZ;iBACF;gBACD,OAAO,EAAE,IAAI;aACd,CAAC;QACJ,CAAC;QAED,0DAA0D;QAC1D,WAAW,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC;QAEtC,8BAA8B;QAC9B,MAAM,YAAY,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC,CAAC,CAAC,cAAc,CAAC;QACjF,IAAI,UAAU,GAAgD,SAAS,CAAC;QACxE,IAAI,MAA0B,CAAC;QAE/B,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,GAAG,eAAe,EAAE,OAAO,EAAE,EAAE,CAAC;YAC3D,MAAM,KAAK,CAAC,YAAY,CAAC,CAAC;YAE1B,IAAI,CAAC;gBACH,MAAM,YAAY,GAAG,MAAM,KAAK,CAC9B,GAAG,MAAM,8BAA8B,OAAO,CAAC,WAAW,EAAE,EAC5D;oBACE,MAAM,EAAE,KAAK;oBACb,OAAO,EAAE;wBACP,YAAY,EAAE,aAAa,WAAW,EAAE;qBACzC;iBACF,CACF,CAAC;gBAEF,IAAI,CAAC,YAAY,CAAC,EAAE,EAAE,CAAC;oBACrB,sDAAsD;oBACtD,IAAI,YAAY,CAAC,MAAM,KAAK,GAAG,IAAI,YAAY,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;wBAC/D,UAAU,GAAG,SAAS,CAAC;wBACvB,MAAM;oBACR,CAAC;oBACD,kCAAkC;oBAClC,SAAS;gBACX,CAAC;gBAED,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,IAAI,EAAwB,CAAC;gBAE/D,IAAI,MAAM,CAAC,MAAM,KAAK,WAAW,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;oBACpD,UAAU,GAAG,SAAS,CAAC;oBACvB,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC;oBAExB,6BAA6B;oBAC7B,MAAM,UAAU,CAAC;wBACf,OAAO,EAAE,MAAM,CAAC,OAAO;wBACvB,OAAO,EAAE,MAAM;qBAChB,CAAC,CAAC;oBAEH,MAAM;gBACR,CAAC;gBAED,IAAI,MAAM,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;oBAChC,UAAU,GAAG,SAAS,CAAC;oBACvB,MAAM;gBACR,CAAC;gBAED,mCAAmC;YACrC,CAAC;YAAC,MAAM,CAAC;gBACP,mCAAmC;YACrC,CAAC;QACH,CAAC;QAED,8CAA8C;QAC9C,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;YAC7B,OAAO;gBACL,OAAO,EAAE;oBACP;wBACE,IAAI,EAAE,MAAM;wBACZ,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;4BACnB,MAAM,EAAE,SAAS;4BACjB,OAAO,EAAE,4DAA4D;4BACrE,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;yBAC9D,EAAE,IAAI,EAAE,CAAC,CAAC;qBACZ;iBACF;aACF,CAAC;QACJ,CAAC;QAED,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;YAC7B,OAAO;gBACL,OAAO,EAAE;oBACP;wBACE,IAAI,EAAE,MAAM;wBACZ,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;4BACnB,KAAK,EAAE,gCAAgC;4BACvC,YAAY,EAAE,sDAAsD;yBACrE,EAAE,IAAI,EAAE,CAAC,CAAC;qBACZ;iBACF;gBACD,OAAO,EAAE,IAAI;aACd,CAAC;QACJ,CAAC;QAED,+EAA+E;QAC/E,OAAO;YACL,OAAO,EAAE;gBACP;oBACE,IAAI,EAAE,MAAM;oBACZ,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;wBACnB,MAAM,EAAE,SAAS;wBACjB,YAAY,EAAE;;;KAGrB,OAAO,CAAC,gBAAgB;;;KAGxB,OAAO,CAAC,SAAS;;+EAEyD;wBACnE,gBAAgB,EAAE,OAAO,CAAC,gBAAgB;wBAC1C,SAAS,EAAE,OAAO,CAAC,SAAS;qBAC7B,EAAE,IAAI,EAAE,CAAC,CAAC;iBACZ;aACF;SACF,CAAC;IACJ,CAAC,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,MAAM,YAAY,GAAgB,KAAK,EAAE,KAA8B,EAAuB,EAAE;IACrG,MAAM,MAAM,GAAG,MAAM,SAAS,EAAE,CAAC;IACjC,MAAM,OAAO,GAAG,kBAAkB,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;IAC/C,OAAO,OAAO,CAAC,KAAK,CAAC,CAAC;AACxB,CAAC,CAAC"}

package/dist/tools/auth/schemas.d.ts

@@ -0,0 +1,69 @@
+import { z } from 'zod';
+/**
+ * Schema for kelpi_login tool input.
+ * The login tool has no input parameters - authentication is browser-based.
+ */
+export declare const loginInputSchema: z.ZodObject<{}, "strip", z.ZodTypeAny, {}, {}>;
+/**
+ * Schema for kelpi_login tool output.
+ * Returns verification URL and user code for browser authentication,
+ * and optionally the result of polling.
+ */
+export declare const loginOutputSchema: z.ZodObject<{
+    verification_url: z.ZodString;
+    user_code: z.ZodString;
+    instructions: z.ZodString;
+    poll_result: z.ZodOptional<z.ZodEnum<["pending", "success", "expired", "error"]>>;
+    api_key: z.ZodOptional<z.ZodString>;
+    workspace_id: z.ZodOptional<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    verification_url: string;
+    user_code: string;
+    instructions: string;
+    poll_result?: "error" | "pending" | "success" | "expired" | undefined;
+    api_key?: string | undefined;
+    workspace_id?: string | undefined;
+}, {
+    verification_url: string;
+    user_code: string;
+    instructions: string;
+    poll_result?: "error" | "pending" | "success" | "expired" | undefined;
+    api_key?: string | undefined;
+    workspace_id?: string | undefined;
+}>;
+/**
+ * Schema for kelpi_status tool input.
+ * The status tool has no input parameters.
+ */
+export declare const statusInputSchema: z.ZodObject<{}, "strip", z.ZodTypeAny, {}, {}>;
+/**
+ * Schema for kelpi_status tool output.
+ * Returns current authentication state and workspace info.
+ */
+export declare const statusOutputSchema: z.ZodObject<{
+    authenticated: z.ZodBoolean;
+    workspace_id: z.ZodOptional<z.ZodString>;
+    workspace_name: z.ZodOptional<z.ZodString>;
+    key_type: z.ZodOptional<z.ZodEnum<["public", "secret"]>>;
+    error: z.ZodOptional<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    authenticated: boolean;
+    error?: string | undefined;
+    workspace_id?: string | undefined;
+    workspace_name?: string | undefined;
+    key_type?: "public" | "secret" | undefined;
+}, {
+    authenticated: boolean;
+    error?: string | undefined;
+    workspace_id?: string | undefined;
+    workspace_name?: string | undefined;
+    key_type?: "public" | "secret" | undefined;
+}>;
+/**
+ * Type aliases for convenience
+ */
+export type LoginInput = z.infer<typeof loginInputSchema>;
+export type LoginOutput = z.infer<typeof loginOutputSchema>;
+export type StatusInput = z.infer<typeof statusInputSchema>;
+export type StatusOutput = z.infer<typeof statusOutputSchema>;
+//# sourceMappingURL=schemas.d.ts.map

package/dist/tools/auth/schemas.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"schemas.d.ts","sourceRoot":"","sources":["../../../src/tools/auth/schemas.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB;;;GAGG;AACH,eAAO,MAAM,gBAAgB,gDAAe,CAAC;AAE7C;;;;GAIG;AACH,eAAO,MAAM,iBAAiB;;;;;;;;;;;;;;;;;;;;;EAO5B,CAAC;AAEH;;;GAGG;AACH,eAAO,MAAM,iBAAiB,gDAAe,CAAC;AAE9C;;;GAGG;AACH,eAAO,MAAM,kBAAkB;;;;;;;;;;;;;;;;;;EAM7B,CAAC;AAEH;;GAEG;AACH,MAAM,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAC;AAC1D,MAAM,MAAM,WAAW,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAC5D,MAAM,MAAM,WAAW,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAC5D,MAAM,MAAM,YAAY,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC"}

package/dist/tools/auth/schemas.js

@@ -0,0 +1,36 @@
+import { z } from 'zod';
+/**
+ * Schema for kelpi_login tool input.
+ * The login tool has no input parameters - authentication is browser-based.
+ */
+export const loginInputSchema = z.object({});
+/**
+ * Schema for kelpi_login tool output.
+ * Returns verification URL and user code for browser authentication,
+ * and optionally the result of polling.
+ */
+export const loginOutputSchema = z.object({
+    verification_url: z.string().url(),
+    user_code: z.string(),
+    instructions: z.string(),
+    poll_result: z.enum(['pending', 'success', 'expired', 'error']).optional(),
+    api_key: z.string().optional(),
+    workspace_id: z.string().optional(),
+});
+/**
+ * Schema for kelpi_status tool input.
+ * The status tool has no input parameters.
+ */
+export const statusInputSchema = z.object({});
+/**
+ * Schema for kelpi_status tool output.
+ * Returns current authentication state and workspace info.
+ */
+export const statusOutputSchema = z.object({
+    authenticated: z.boolean(),
+    workspace_id: z.string().optional(),
+    workspace_name: z.string().optional(),
+    key_type: z.enum(['public', 'secret']).optional(),
+    error: z.string().optional(),
+});
+//# sourceMappingURL=schemas.js.map

package/dist/tools/auth/schemas.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"schemas.js","sourceRoot":"","sources":["../../../src/tools/auth/schemas.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB;;;GAGG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;AAE7C;;;;GAIG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,CAAC,MAAM,CAAC;IACxC,gBAAgB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE;IAClC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;IACrB,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE;IACxB,WAAW,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC,CAAC,QAAQ,EAAE;IAC1E,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC9B,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACpC,CAAC,CAAC;AAEH;;;GAGG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;AAE9C;;;GAGG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAAC,CAAC,MAAM,CAAC;IACzC,aAAa,EAAE,CAAC,CAAC,OAAO,EAAE;IAC1B,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACnC,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACrC,QAAQ,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC,CAAC,QAAQ,EAAE;IACjD,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CAC7B,CAAC,CAAC"}

package/dist/tools/auth/status.d.ts

@@ -0,0 +1,11 @@
+import type { ToolHandler } from '../../lib/tool-registry.js';
+/**
+ * Creates a status handler.
+ * This factory function allows for dependency injection in tests.
+ */
+export declare function createStatusHandler(): ToolHandler;
+/**
+ * Default status handler
+ */
+export declare const statusHandler: ToolHandler;
+//# sourceMappingURL=status.d.ts.map

package/dist/tools/auth/status.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"status.d.ts","sourceRoot":"","sources":["../../../src/tools/auth/status.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAc,MAAM,4BAA4B,CAAC;AAwB1E;;;GAGG;AACH,wBAAgB,mBAAmB,IAAI,WAAW,CA8BjD;AAED;;GAEG;AACH,eAAO,MAAM,aAAa,aAAwB,CAAC"}

package/dist/tools/auth/status.js

@@ -0,0 +1,50 @@
+import { loadConfig, getApiUrl } from '../../lib/config.js';
+import { createApiClient } from '../../lib/api-client.js';
+import { successResponse } from '../../lib/tool-helpers.js';
+/**
+ * Determines the key type from the API key prefix.
+ */
+function getKeyType(apiKey) {
+    if (apiKey.startsWith('klp_sk_'))
+        return 'secret';
+    if (apiKey.startsWith('klp_pk_'))
+        return 'public';
+    return undefined;
+}
+/**
+ * Creates a status handler.
+ * This factory function allows for dependency injection in tests.
+ */
+export function createStatusHandler() {
+    return async () => {
+        const config = await loadConfig();
+        // If no API key, return unauthenticated state
+        if (!config.api_key) {
+            return successResponse({ authenticated: false });
+        }
+        const keyType = getKeyType(config.api_key);
+        const apiUrl = config.api_url || (await getApiUrl());
+        try {
+            const client = createApiClient({ apiKey: config.api_key, apiUrl });
+            const response = await client.get('/api/v1/auth/me');
+            return successResponse({
+                authenticated: true,
+                workspace_id: response.data.workspace.id,
+                workspace_name: response.data.workspace.name,
+                key_type: keyType,
+            });
+        }
+        catch (err) {
+            // If API call fails, mark as unauthenticated with error
+            return successResponse({
+                authenticated: false,
+                error: err instanceof Error ? err.message : 'Unknown error',
+            });
+        }
+    };
+}
+/**
+ * Default status handler
+ */
+export const statusHandler = createStatusHandler();
+//# sourceMappingURL=status.js.map

package/dist/tools/auth/status.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"status.js","sourceRoot":"","sources":["../../../src/tools/auth/status.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAC;AAC5D,OAAO,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAC1D,OAAO,EAAE,eAAe,EAAE,MAAM,2BAA2B,CAAC;AAY5D;;GAEG;AACH,SAAS,UAAU,CAAC,MAAc;IAChC,IAAI,MAAM,CAAC,UAAU,CAAC,SAAS,CAAC;QAAE,OAAO,QAAQ,CAAC;IAClD,IAAI,MAAM,CAAC,UAAU,CAAC,SAAS,CAAC;QAAE,OAAO,QAAQ,CAAC;IAClD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,mBAAmB;IACjC,OAAO,KAAK,IAAyB,EAAE;QACrC,MAAM,MAAM,GAAG,MAAM,UAAU,EAAE,CAAC;QAElC,8CAA8C;QAC9C,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACpB,OAAO,eAAe,CAAC,EAAE,aAAa,EAAE,KAAK,EAAE,CAAC,CAAC;QACnD,CAAC;QAED,MAAM,OAAO,GAAG,UAAU,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAC3C,MAAM,MAAM,GAAG,MAAM,CAAC,OAAO,IAAI,CAAC,MAAM,SAAS,EAAE,CAAC,CAAC;QAErD,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,eAAe,CAAC,EAAE,MAAM,EAAE,MAAM,CAAC,OAAO,EAAE,MAAM,EAAE,CAAC,CAAC;YACnE,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,GAAG,CAAwB,iBAAiB,CAAC,CAAC;YAE5E,OAAO,eAAe,CAAC;gBACrB,aAAa,EAAE,IAAI;gBACnB,YAAY,EAAE,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE;gBACxC,cAAc,EAAE,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI;gBAC5C,QAAQ,EAAE,OAAO;aAClB,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,wDAAwD;YACxD,OAAO,eAAe,CAAC;gBACrB,aAAa,EAAE,KAAK;gBACpB,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe;aAC5D,CAAC,CAAC;QACL,CAAC;IACH,CAAC,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG,mBAAmB,EAAE,CAAC"}

package/dist/tools/contacts/create.d.ts

@@ -0,0 +1,11 @@
+import type { ToolHandler } from '../../lib/tool-registry.js';
+/**
+ * Creates a create contact handler.
+ * This factory function allows for dependency injection in tests.
+ */
+export declare function createCreateContactHandler(): ToolHandler;
+/**
+ * Default create contact handler
+ */
+export declare const createContactHandler: ToolHandler;
+//# sourceMappingURL=create.d.ts.map

package/dist/tools/contacts/create.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"create.d.ts","sourceRoot":"","sources":["../../../src/tools/contacts/create.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAc,MAAM,4BAA4B,CAAC;AAW1E;;;GAGG;AACH,wBAAgB,0BAA0B,IAAI,WAAW,CAwCxD;AAED;;GAEG;AACH,eAAO,MAAM,oBAAoB,aAA+B,CAAC"}

package/dist/tools/contacts/create.js

@@ -0,0 +1,47 @@
+import { ApiError } from '../../lib/api-client.js';
+import { withAuth, successResponse, validationErrorResponse, errorResponse, unknownErrorResponse, } from '../../lib/tool-helpers.js';
+import { createContactInputSchema } from './schemas.js';
+/**
+ * Creates a create contact handler.
+ * This factory function allows for dependency injection in tests.
+ */
+export function createCreateContactHandler() {
+    return async (input) => {
+        // Validate input using Zod schema
+        const validationResult = createContactInputSchema.safeParse(input);
+        if (!validationResult.success) {
+            return validationErrorResponse(validationResult.error);
+        }
+        const data = validationResult.data;
+        // Custom validation: at least one identifier required
+        // (Can't use .refine() in schema as it breaks JSON Schema conversion for MCP)
+        if (!data.email && !data.external_id) {
+            return errorResponse('Validation error', 'At least one of email or external_id is required');
+        }
+        return withAuth('creating contacts', async ({ client }) => {
+            try {
+                // Send validated data directly - no need to rebuild the body
+                const response = await client.post('/api/v1/contacts', validationResult.data);
+                return successResponse(response.data);
+            }
+            catch (err) {
+                if (err instanceof ApiError) {
+                    // Handle duplicate contact (409 Conflict)
+                    if (err.status === 409) {
+                        return errorResponse('Contact already exists', err.message, { status: err.status });
+                    }
+                    return errorResponse('Failed to create contact', err.message, {
+                        status: err.status,
+                        ...(err.validationErrors && { validation_errors: err.validationErrors }),
+                    });
+                }
+                return unknownErrorResponse(err, 'create contact');
+            }
+        });
+    };
+}
+/**
+ * Default create contact handler
+ */
+export const createContactHandler = createCreateContactHandler();
+//# sourceMappingURL=create.js.map

package/dist/tools/contacts/create.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"create.js","sourceRoot":"","sources":["../../../src/tools/contacts/create.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,QAAQ,EAAE,MAAM,yBAAyB,CAAC;AACnD,OAAO,EACL,QAAQ,EACR,eAAe,EACf,uBAAuB,EACvB,aAAa,EACb,oBAAoB,GACrB,MAAM,2BAA2B,CAAC;AACnC,OAAO,EAAE,wBAAwB,EAAwB,MAAM,cAAc,CAAC;AAE9E;;;GAGG;AACH,MAAM,UAAU,0BAA0B;IACxC,OAAO,KAAK,EAAE,KAA8B,EAAuB,EAAE;QACnE,kCAAkC;QAClC,MAAM,gBAAgB,GAAG,wBAAwB,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QACnE,IAAI,CAAC,gBAAgB,CAAC,OAAO,EAAE,CAAC;YAC9B,OAAO,uBAAuB,CAAC,gBAAgB,CAAC,KAAK,CAAC,CAAC;QACzD,CAAC;QAED,MAAM,IAAI,GAAG,gBAAgB,CAAC,IAAI,CAAC;QAEnC,sDAAsD;QACtD,8EAA8E;QAC9E,IAAI,CAAC,IAAI,CAAC,KAAK,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YACrC,OAAO,aAAa,CAClB,kBAAkB,EAClB,kDAAkD,CACnD,CAAC;QACJ,CAAC;QAED,OAAO,QAAQ,CAAC,mBAAmB,EAAE,KAAK,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE;YACxD,IAAI,CAAC;gBACH,6DAA6D;gBAC7D,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,IAAI,CAAkB,kBAAkB,EAAE,gBAAgB,CAAC,IAAI,CAAC,CAAC;gBAC/F,OAAO,eAAe,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;YACxC,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,IAAI,GAAG,YAAY,QAAQ,EAAE,CAAC;oBAC5B,0CAA0C;oBAC1C,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;wBACvB,OAAO,aAAa,CAAC,wBAAwB,EAAE,GAAG,CAAC,OAAO,EAAE,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;oBACtF,CAAC;oBAED,OAAO,aAAa,CAAC,0BAA0B,EAAE,GAAG,CAAC,OAAO,EAAE;wBAC5D,MAAM,EAAE,GAAG,CAAC,MAAM;wBAClB,GAAG,CAAC,GAAG,CAAC,gBAAgB,IAAI,EAAE,iBAAiB,EAAE,GAAG,CAAC,gBAAgB,EAAE,CAAC;qBACzE,CAAC,CAAC;gBACL,CAAC;gBACD,OAAO,oBAAoB,CAAC,GAAG,EAAE,gBAAgB,CAAC,CAAC;YACrD,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAG,0BAA0B,EAAE,CAAC"}

package/dist/tools/contacts/index.d.ts

@@ -0,0 +1,10 @@
+import type { ToolWithHandler } from '../../lib/tool-registry.js';
+/**
+ * kelpi_create_contact tool definition and handler
+ *
+ * Creates a new contact or updates an existing one.
+ */
+export declare const kelpiCreateContact: ToolWithHandler;
+export * from './schemas.js';
+export { createCreateContactHandler } from './create.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/tools/contacts/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/tools/contacts/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,4BAA4B,CAAC;AAIlE;;;;GAIG;AACH,eAAO,MAAM,kBAAkB,EAAE,eA2BhC,CAAC;AAGF,cAAc,cAAc,CAAC;AAG7B,OAAO,EAAE,0BAA0B,EAAE,MAAM,aAAa,CAAC"}