@kya-os/create-mcpi-app 1.7.19 → 1.7.20

package/src/utils/validate-project-name.ts

@@ -0,0 +1,132 @@
+import fs from "fs-extra";
+import path from "path";
+
+/**
+ * Validate project name meets requirements
+ */
+export function validateProjectName(name: string): {
+  valid: boolean;
+  issues: string[];
+} {
+  const issues: string[] = [];
+
+  // Check if name is empty
+  if (!name || name.trim().length === 0) {
+    issues.push("Project name cannot be empty");
+    return { valid: false, issues };
+  }
+
+  const trimmedName = name.trim();
+
+  // Check length
+  if (trimmedName.length < 1) {
+    issues.push("Project name must be at least 1 character long");
+  }
+
+  if (trimmedName.length > 214) {
+    issues.push("Project name must be less than 214 characters");
+  }
+
+  // Check for invalid characters (npm package name rules)
+  if (!/^[a-z0-9@._/-]+$/.test(trimmedName)) {
+    issues.push(
+      "Project name can only contain lowercase letters, numbers, and the characters @._/-"
+    );
+  }
+
+  // Check if it starts with . or _
+  if (trimmedName.startsWith(".") || trimmedName.startsWith("_")) {
+    issues.push("Project name cannot start with . or _");
+  }
+
+  // Check for reserved names
+  const reservedNames = [
+    "node_modules",
+    "favicon.ico",
+    "package.json",
+    "package-lock.json",
+    "yarn.lock",
+    "pnpm-lock.yaml",
+    ".git",
+    ".gitignore",
+    ".env",
+    "readme",
+    "readme.md",
+    "readme.txt",
+    "license",
+    "license.md",
+    "license.txt",
+    "changelog",
+    "changelog.md",
+    "changelog.txt",
+  ];
+
+  if (reservedNames.includes(trimmedName.toLowerCase())) {
+    issues.push(
+      `"${trimmedName}" is a reserved name and cannot be used as a project name`
+    );
+  }
+
+  // Check for scoped package format
+  if (trimmedName.startsWith("@")) {
+    const parts = trimmedName.split("/");
+    if (parts.length !== 2) {
+      issues.push("Scoped package names must be in the format @scope/name");
+    } else if (parts[1].length === 0) {
+      issues.push("Scoped package name cannot have empty package name");
+    }
+  }
+
+  return {
+    valid: issues.length === 0,
+    issues,
+  };
+}
+
+/**
+ * Check if directory is available for project creation
+ */
+export function validateDirectoryAvailability(projectPath: string): {
+  valid: boolean;
+  issues: string[];
+} {
+  const issues: string[] = [];
+
+  try {
+    // Check if path exists
+    if (fs.existsSync(projectPath)) {
+      const stats = fs.statSync(projectPath);
+
+      if (!stats.isDirectory()) {
+        issues.push(`Path exists but is not a directory: ${projectPath}`);
+      } else {
+        // Check if directory is empty
+        const files = fs.readdirSync(projectPath);
+        const nonHiddenFiles = files.filter(
+          (file: string) => !file.startsWith(".")
+        );
+
+        if (nonHiddenFiles.length > 0) {
+          issues.push(`Directory is not empty: ${projectPath}`);
+        }
+      }
+    }
+
+    // Check if parent directory is writable
+    const parentDir = path.dirname(projectPath);
+    try {
+      fs.accessSync(parentDir, fs.constants.W_OK);
+    } catch {
+      issues.push(`Parent directory is not writable: ${parentDir}`);
+    }
+  } catch (error) {
+    issues.push(
+      `Error checking directory: ${error instanceof Error ? error.message : String(error)}`
+    );
+  }
+
+  return {
+    valid: issues.length === 0,
+    issues,
+  };
+}

package/test-cloudflare/README.md

@@ -0,0 +1,164 @@
+# test-cloudflare
+
+MCP-I server running on Cloudflare Workers with identity verification.
+
+## Quick Start
+
+### 1. Install Dependencies
+
+```bash
+npm install
+```
+
+### 2. Create KV Namespace
+
+```bash
+npm run kv:create
+```
+
+This runs: `wrangler kv namespace create NONCE_CACHE`
+
+Copy the `id` from the output and update `wrangler.toml`:
+
+```toml
+[[kv_namespaces]]
+binding = "NONCE_CACHE"
+id = "your-actual-kv-id-here"  # ← Update this
+```
+
+### 3. Test Locally
+
+```bash
+npm run dev
+```
+
+**Endpoints:**
+- MCP: http://localhost:8787/mcp
+- Verify: http://localhost:8787/verify
+- Health: http://localhost:8787/health
+
+### 4. Deploy to Cloudflare
+
+```bash
+# Login to Cloudflare (first time only)
+npx wrangler login
+
+# Deploy to development
+npm run deploy
+
+# Deploy to production
+npm run deploy --env production
+```
+
+## Connect with Claude Desktop
+
+Add to your `claude_desktop_config.json`:
+
+```json
+{
+  "mcpServers": {
+    "test-cloudflare": {
+      "command": "npx",
+      "args": [
+        "mcp-remote",
+        "https://your-worker.workers.dev/mcp"
+      ]
+    }
+  }
+}
+```
+
+## Adding Tools
+
+Create new tools in `src/tools/`:
+
+```typescript
+// src/tools/example.ts
+import { z } from "zod";
+import type { RequestHandlerExtra } from "@modelcontextprotocol/sdk/types.js";
+
+export const exampleTool = {
+  name: "example",
+  description: "Example tool description",
+  inputSchema: z.object({
+    input: z.string().describe("Input parameter"),
+  }),
+  handler: async (args: { [key: string]: any }, extra: RequestHandlerExtra<any, any>) => {
+    const { input } = args as { input: string };
+    return {
+      content: [
+        {
+          type: "text" as const,
+          text: `Result: ${input}`
+        }
+      ],
+    };
+  },
+};
+```
+
+Register in `src/index.ts`:
+
+```typescript
+import { exampleTool } from "./tools/example";
+
+async init() {
+  this.server.tool(
+    exampleTool.name,
+    exampleTool.description,
+    exampleTool.inputSchema.shape,
+    exampleTool.handler
+  );
+}
+```
+
+## API Endpoints
+
+### `GET /health`
+Health check endpoint.
+
+**Response:**
+```json
+{
+  "status": "healthy",
+  "timestamp": "2024-10-10T12:00:00.000Z"
+}
+```
+
+### `POST /mcp`
+MCP protocol endpoint for tool calls.
+
+### `POST /verify`
+Verify MCP-I cryptographic proofs.
+
+**Request:**
+```json
+{
+  "proof": {
+    "agentDid": "did:web:example.com",
+    "timestamp": 1234567890,
+    "nonce": "abc123",
+    "signature": "...",
+    "publicKey": "..."
+  }
+}
+```
+
+**Response:**
+```json
+{
+  "verified": true,
+  "agent": {
+    "did": "did:web:example.com",
+    "keyId": "key-123",
+    "scopes": ["read", "write"],
+    "session": "session-456"
+  }
+}
+```
+
+## Learn More
+
+- [MCP-I Documentation](https://github.com/kya-os/xmcp-i)
+- [Cloudflare Workers](https://developers.cloudflare.com/workers/)
+- [agents/mcp](https://www.npmjs.com/package/agents)

package/test-cloudflare/package.json

@@ -0,0 +1,28 @@
+{
+  "name": "test-cloudflare",
+  "version": "0.1.0",
+  "private": true,
+  "scripts": {
+    "deploy": "wrangler deploy",
+    "dev": "wrangler dev",
+    "start": "wrangler dev",
+    "test": "vitest run",
+    "test:watch": "vitest",
+    "kv:create": "wrangler kv namespace create NONCE_CACHE",
+    "kv:list": "wrangler kv namespace list",
+    "type-check": "tsc --noEmit"
+  },
+  "dependencies": {
+    "@kya-os/mcp-i-cloudflare": "^1.0.0",
+    "@modelcontextprotocol/sdk": "^1.19.1",
+    "agents": "^0.2.8",
+    "hono": "^4.9.10",
+    "zod": "^3.25.76"
+  },
+  "devDependencies": {
+    "@cloudflare/workers-types": "^4.20240925.0",
+    "typescript": "^5.6.2",
+    "vitest": "^2.1.8",
+    "wrangler": "^4.42.2"
+  }
+}

package/test-cloudflare/src/index.ts

@@ -0,0 +1,340 @@
+import { McpAgent } from "agents/mcp";
+import { Hono } from "hono";
+import { cors } from "hono/cors";
+import { createCloudflareRuntime, KVProofArchive } from "@kya-os/mcp-i-cloudflare";
+import type { MCPIRuntimeBase } from "@kya-os/mcp-i-core";
+import { WELL_KNOWN_CORS_HEADERS } from "@kya-os/mcp-i-core";
+import { greetTool } from "./tools/greet";
+
+interface Env {
+  MCP_OBJECT: DurableObjectNamespace;
+  NONCE_CACHE: KVNamespace;
+  PROOF_ARCHIVE?: KVNamespace;
+  XMCP_I_TS_SKEW_SEC?: string;
+  XMCP_I_SESSION_TTL?: string;
+  ADMIN_PROOFS_ENABLED?: string;
+  MCP_IDENTITY_PRIVATE_KEY?: string;
+  MCP_IDENTITY_PUBLIC_KEY?: string;
+  MCP_IDENTITY_AGENT_DID?: string;
+}
+
+export class CloudflareMCP extends McpAgent {
+  private mcpiRuntime?: MCPIRuntimeBase;
+  private proofArchive?: KVProofArchive;
+  private sessionId?: string;
+
+  constructor(state: DurableObjectState, env: Env) {
+    super(state, env);
+
+    this.mcpiRuntime = createCloudflareRuntime({
+      env: env as any,
+      environment: 'development',
+      timestampSkewSeconds: parseInt(env.XMCP_I_TS_SKEW_SEC || '120'),
+      sessionTtlMinutes: parseInt(env.XMCP_I_SESSION_TTL || '1800') / 60,
+      audit: {
+        enabled: true
+      }
+    });
+
+    if (env.PROOF_ARCHIVE) {
+      this.proofArchive = new KVProofArchive(env.PROOF_ARCHIVE, {
+        ttl: 86400 * 30
+      });
+    }
+  }
+
+  async init() {
+    await this.mcpiRuntime?.initialize();
+
+    this.server.tool(
+      greetTool.name,
+      greetTool.description,
+      greetTool.inputSchema.shape,
+      async (args: any) => {
+        const identity = await this.mcpiRuntime!.getIdentity();
+        const sessionId = await this.ensureSessionId();
+        const establishedAt = await this.state.storage.get<number>("establishedAt") ?? Date.now();
+        const nonce = await this.mcpiRuntime!.issueNonce(sessionId);
+
+        const sessionContext = {
+          sessionId,
+          agentDid: identity.did,
+          kid: identity.kid,
+          establishedAt,
+          lastActivityAt: Date.now(),
+          nonce,
+        };
+
+        const result = await this.mcpiRuntime!.processToolCall(
+          greetTool.name,
+          args,
+          greetTool.handler,
+          sessionContext
+        );
+
+        if (this.proofArchive) {
+          const proof = this.mcpiRuntime!.getLastProof();
+          if (proof) {
+            await this.proofArchive.store(proof, { toolName: greetTool.name, sessionId });
+          }
+        }
+
+        return result;
+      }
+    );
+  }
+
+  private async ensureSessionId(): Promise<string> {
+    if (!this.sessionId) {
+      this.sessionId = await this.state.storage.get<string>("sessionId");
+      if (!this.sessionId) {
+        this.sessionId = crypto.randomUUID();
+        await this.state.storage.put("sessionId", this.sessionId);
+        await this.state.storage.put("establishedAt", Date.now());
+      }
+    }
+    return this.sessionId;
+  }
+
+  async fetch(request: Request): Promise<Response> {
+    const url = new URL(request.url);
+
+    if (url.pathname === '/_internal/identity') {
+      const identity = await this.mcpiRuntime!.getIdentity();
+      return new Response(JSON.stringify({
+        did: identity.did,
+        publicKey: identity.publicKey,
+        kid: identity.kid
+      }), {
+        headers: { 'Content-Type': 'application/json' }
+      });
+    }
+
+    if (url.pathname.startsWith('/_internal/well-known/')) {
+      const handler = this.mcpiRuntime!.createWellKnownHandler({
+        serviceName: 'test-cloudflare',
+        serviceEndpoint: request.headers.get('X-Service-Origin') || url.origin
+      });
+      const path = url.pathname.replace('/_internal/well-known/', '/.well-known/');
+      const result = await handler(path);
+
+      if (result?.status && result?.headers && result?.body) {
+        return new Response(result.body, {
+          status: result.status,
+          headers: result.headers
+        });
+      }
+
+      return new Response(JSON.stringify(result), {
+        headers: { 'Content-Type': 'application/json' }
+      });
+    }
+
+    if (url.pathname === '/_internal/verify') {
+      const body = await request.json() as { data: any; proof: any };
+      const isValid = await this.mcpiRuntime!.verifyProof(body.data, body.proof);
+      return new Response(JSON.stringify({ valid: isValid }), {
+        headers: { 'Content-Type': 'application/json' }
+      });
+    }
+
+    if (url.pathname === '/_internal/proofs') {
+      if (!this.proofArchive) {
+        return new Response(JSON.stringify({ error: 'Proof archive not initialized' }), {
+          status: 500,
+          headers: { 'Content-Type': 'application/json' }
+        });
+      }
+
+      const limit = parseInt(url.searchParams.get('limit') || '10');
+      const sessionId = url.searchParams.get('sessionId');
+
+      const proofs = sessionId
+        ? await this.proofArchive.getBySession(sessionId, limit)
+        : await this.proofArchive.getRecent(limit);
+
+      return new Response(JSON.stringify({ proofs }), {
+        headers: { 'Content-Type': 'application/json' }
+      });
+    }
+
+    if (url.pathname === '/_internal/proofs/tail') {
+      if (!this.proofArchive) {
+        return new Response(JSON.stringify({ error: 'Proof archive not initialized' }), {
+          status: 500,
+          headers: { 'Content-Type': 'application/json' }
+        });
+      }
+
+      const sessionId = url.searchParams.get('session') ?? '';
+      const limit = parseInt(url.searchParams.get('limit') || '10');
+      let iv: ReturnType<typeof setInterval> | undefined;
+
+      const stream = new ReadableStream({
+        start: async (controller) => {
+          const enc = new TextEncoder();
+          let lastSeenId: string | null = null;
+
+          const send = (p: any) => {
+            const data = `event: mcpi-proof\ndata: ${JSON.stringify(p)}\n\n`;
+            controller.enqueue(enc.encode(data));
+          };
+
+          const poll = async () => {
+            try {
+              const list = sessionId
+                ? await this.proofArchive!.getBySession(sessionId, limit)
+                : await this.proofArchive!.getRecent(limit);
+
+              for (const p of list) {
+                if (!lastSeenId || p.id > lastSeenId) {
+                  send(p);
+                  lastSeenId = p.id;
+                }
+              }
+            } catch (error) {
+              console.error('Error polling proofs:', error);
+            }
+          };
+
+          await poll();
+          iv = setInterval(poll, 500);
+        },
+        cancel() {
+          if (iv) clearInterval(iv);
+        }
+      });
+
+      return new Response(stream, {
+        headers: {
+          'Content-Type': 'text/event-stream',
+          'Cache-Control': 'no-cache',
+          'Connection': 'keep-alive'
+        }
+      });
+    }
+
+    return super.fetch(request);
+  }
+}
+
+const app = new Hono<{ Bindings: Env }>();
+
+app.use("/*", cors({
+  origin: "*",
+  allowMethods: ["GET", "POST", "PUT", "DELETE", "OPTIONS"],
+  allowHeaders: ["Content-Type", "Authorization", "mcp-session-id", "mcp-protocol-version"],
+  exposeHeaders: ["mcp-session-id"],
+}));
+
+app.get("/health", (c) => c.json({
+  status: 'healthy',
+  timestamp: new Date().toISOString(),
+  transport: { sse: '/sse', streamableHttp: '/mcp' }
+}));
+
+app.get("/.well-known/did.json", async (c) => {
+  const stub = c.env.MCP_OBJECT.get(c.env.MCP_OBJECT.idFromName("singleton"));
+  const origin = new URL(c.req.url).origin;
+  const response = await stub.fetch("https://do/_internal/well-known/did.json", {
+    headers: { 'X-Service-Origin': origin }
+  });
+
+  return new Response(response.body, {
+    status: response.status,
+    headers: {
+      ...Object.fromEntries(response.headers),
+      ...WELL_KNOWN_CORS_HEADERS
+    }
+  });
+});
+
+app.get("/.well-known/agent.json", async (c) => {
+  const stub = c.env.MCP_OBJECT.get(c.env.MCP_OBJECT.idFromName("singleton"));
+  const origin = new URL(c.req.url).origin;
+  const response = await stub.fetch("https://do/_internal/well-known/agent.json", {
+    headers: { 'X-Service-Origin': origin }
+  });
+
+  return new Response(response.body, {
+    status: response.status,
+    headers: {
+      ...Object.fromEntries(response.headers),
+      ...WELL_KNOWN_CORS_HEADERS
+    }
+  });
+});
+
+app.get("/.well-known/mcp-identity", async (c) => {
+  const stub = c.env.MCP_OBJECT.get(c.env.MCP_OBJECT.idFromName("singleton"));
+  const origin = new URL(c.req.url).origin;
+  const response = await stub.fetch("https://do/_internal/well-known/mcp-identity", {
+    headers: { 'X-Service-Origin': origin }
+  });
+
+  return new Response(response.body, {
+    status: response.status,
+    headers: {
+      ...Object.fromEntries(response.headers),
+      ...WELL_KNOWN_CORS_HEADERS
+    }
+  });
+});
+
+app.post("/verify", async (c) => {
+  const stub = c.env.MCP_OBJECT.get(c.env.MCP_OBJECT.idFromName("singleton"));
+  const body = await c.req.json();
+
+  const response = await stub.fetch("https://do/_internal/verify", {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify(body)
+  });
+
+  return c.json(await response.json());
+});
+
+app.get("/admin/proofs", async (c) => {
+  if (c.env.ADMIN_PROOFS_ENABLED !== 'true') {
+    return c.json({ error: 'Admin endpoint disabled' }, 403);
+  }
+
+  const stub = c.env.MCP_OBJECT.get(c.env.MCP_OBJECT.idFromName("singleton"));
+  const limit = c.req.query('limit') || '10';
+  const sessionId = c.req.query('sessionId');
+
+  const url = new URL("https://do/_internal/proofs");
+  url.searchParams.set('limit', limit);
+  if (sessionId) {
+    url.searchParams.set('sessionId', sessionId);
+  }
+
+  const response = await stub.fetch(url.toString());
+  return c.json(await response.json());
+});
+
+app.get("/proofs", async (c) => {
+  const stub = c.env.MCP_OBJECT.get(c.env.MCP_OBJECT.idFromName("singleton"));
+  const sessionId = c.req.query('session') ?? '';
+  const limit = c.req.query('limit') || '10';
+
+  const url = new URL("https://do/_internal/proofs/tail");
+  url.searchParams.set('session', sessionId);
+  url.searchParams.set('limit', limit);
+
+  const response = await stub.fetch(url.toString());
+
+  return new Response(response.body, {
+    headers: {
+      'Content-Type': 'text/event-stream',
+      'Cache-Control': 'no-cache',
+      'Connection': 'keep-alive',
+      'Access-Control-Allow-Origin': '*'
+    }
+  });
+});
+
+app.mount("/sse", CloudflareMCP.serveSSE("/sse").fetch, { replaceRequest: false });
+app.mount("/mcp", CloudflareMCP.serve("/mcp").fetch, { replaceRequest: false });
+
+export default app;

package/test-cloudflare/src/tools/greet.ts

@@ -0,0 +1,19 @@
+import { z } from "zod";
+
+export const greetTool = {
+  name: "greet",
+  description: "Greet a user by name",
+  inputSchema: z.object({
+    name: z.string().describe("The name of the user to greet")
+  }),
+  handler: async ({ name }: { name: string }) => {
+    return {
+      content: [
+        {
+          type: "text" as const,
+          text: `Hello, ${name}! Welcome to your Cloudflare MCP server.`
+        }
+      ]
+    };
+  }
+};