@leadbay/mcp 0.2.0

package/dist/bin.js

@@ -0,0 +1,824 @@
+#!/usr/bin/env node
+import {
+  compositeReadTools,
+  compositeWriteTools,
+  createClient,
+  granularReadTools,
+  granularWriteTools,
+  resolveRegion
+} from "./chunk-BGJ6JWIO.js";
+
+// src/bin.ts
+import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
+
+// src/server.ts
+import { Server } from "@modelcontextprotocol/sdk/server/index.js";
+import {
+  CallToolRequestSchema,
+  ListToolsRequestSchema
+} from "@modelcontextprotocol/sdk/types.js";
+var SERVER_INSTRUCTIONS = "After every email, call, message, or meeting with a lead's contact, you MUST call leadbay_report_outreach with verification={source, ref} (gmail_message_id from the Gmail send, calendar_event_id from a booking, or user_confirmed='<the user's literal confirmation>'). Skipping or fabricating verification poisons the human team's pipeline.\n\nStart with leadbay_account_status to see the user's state, then leadbay_pull_leads to surface fresh leads. Use leadbay_research_lead to dig into one lead deeply (qualification answers, signals, contacts). When the user wants more leads, narrower audience, refined criteria, or contact enrichment, use the matching composite tool (bulk_qualify_leads / adjust_audience / refine_prompt / enrich_titles) \u2014 they hide lens permissions, region routing, polling, and selection state from you.";
+function formatErrorForLLM(err) {
+  if (err && typeof err === "object" && err.error === true) {
+    const parts = [`${err.message}.`, err.hint];
+    if (err._meta?.region) {
+      parts.push(`(region=${err._meta.region}, endpoint=${err._meta.endpoint || "?"})`);
+    }
+    if (err._meta?.retry_after) {
+      parts.push(`Retry after ${err._meta.retry_after}s.`);
+    }
+    return parts.filter(Boolean).join(" ").trim();
+  }
+  if (err instanceof Error) {
+    return err.message;
+  }
+  return String(err);
+}
+function toolsListPayload(tools) {
+  return tools.map((t) => ({
+    name: t.name,
+    description: t.description,
+    inputSchema: t.inputSchema
+  }));
+}
+function buildServer(client, opts = {}) {
+  const server = new Server(
+    { name: "leadbay", version: "0.2.0" },
+    {
+      capabilities: { tools: {} },
+      instructions: SERVER_INSTRUCTIONS
+    }
+  );
+  const exposedTools = [];
+  exposedTools.push(...compositeReadTools);
+  if (opts.includeWrite) {
+    exposedTools.push(...compositeWriteTools);
+  }
+  if (opts.includeAdvanced) {
+    exposedTools.push(...granularReadTools);
+    if (opts.includeWrite) {
+      exposedTools.push(...granularWriteTools);
+    }
+  }
+  const toolByName = /* @__PURE__ */ new Map();
+  for (const t of exposedTools) {
+    if (!toolByName.has(t.name) && t.name !== "leadbay_login") {
+      toolByName.set(t.name, t);
+    }
+  }
+  server.setRequestHandler(ListToolsRequestSchema, async () => ({
+    tools: toolsListPayload([...toolByName.values()])
+  }));
+  server.setRequestHandler(CallToolRequestSchema, async (req) => {
+    const name = req.params.name;
+    const tool = toolByName.get(name);
+    if (!tool) {
+      return {
+        content: [
+          {
+            type: "text",
+            text: `Unknown Leadbay tool: ${name}. Available: ${[...toolByName.keys()].join(", ")}.`
+          }
+        ],
+        isError: true
+      };
+    }
+    const args = req.params.arguments ?? {};
+    try {
+      const result = await tool.execute(client, args, { logger: opts.logger });
+      if (result && typeof result === "object" && result.error === true) {
+        return {
+          content: [
+            { type: "text", text: formatErrorForLLM(result) }
+          ],
+          isError: true
+        };
+      }
+      return {
+        content: [
+          { type: "text", text: JSON.stringify(result, null, 2) }
+        ]
+      };
+    } catch (err) {
+      return {
+        content: [
+          { type: "text", text: formatErrorForLLM(err) }
+        ],
+        isError: true
+      };
+    }
+  });
+  return server;
+}
+
+// src/bin.ts
+import { createRequire } from "module";
+var VERSION = "0.2.0";
+var HELP = `
+leadbay-mcp ${VERSION} \u2014 Leadbay Model Context Protocol server
+
+USAGE
+  leadbay-mcp            Run the MCP stdio server (for Claude Desktop, Cursor, etc.)
+  leadbay-mcp install    One-shot setup: mint a token AND register the MCP server with
+                         your installed MCP clients (Claude Code / Claude Desktop /
+                         Cursor). Auto-detects which clients are installed; you confirm
+                         before each write. Token never lands in terminal scrollback.
+                         Run this first if you're getting started.
+  leadbay-mcp login      Lower-level: just mint a bearer token (no auto-install).
+                         Use when you want to copy the token into a config file
+                         yourself.
+  leadbay-mcp doctor     Validate your token, probe your region, print account + quota.
+  leadbay-mcp --version  Print version
+  leadbay-mcp --help     Print this help
+
+ENV VARS
+  LEADBAY_TOKEN          (required) Bearer token from https://app.leadbay.ai/settings/api-tokens
+  LEADBAY_REGION         (optional) "us" or "fr". Auto-detected from /users/me if unset.
+  LEADBAY_BASE_URL       (optional) Override API base URL (for staging/dev).
+  LEADBAY_MCP_ADVANCED   (optional) Set to "1" to expose granular API tools alongside
+                         the composite workflow tools. Most users don't need this.
+  LEADBAY_MCP_WRITE      (optional) Set to "1" to expose write composites (refine_prompt,
+                         report_outreach, adjust_audience, etc.) and write granulars.
+                         Defaults off \u2014 read composites are exposed by default; mutations
+                         require explicit opt-in.
+  LEADBAY_MOCK           (optional) Set to "1" to serve all responses from on-disk fixtures
+                         (no network, no real auth). Useful for agent-author dry-running.
+                         GETs are matched against fixture JSON files; POSTs/DELETEs are
+                         journaled in-process and return {mocked: true, would_call: {...}}.
+  LEADBAY_MOCK_DIR       (optional) Fixture directory. Default: ./.context/leadbay-live-shapes/
+  LEADBAY_LOG_LEVEL      (optional) "debug" | "info" | "error" (default "error"). Logs to stderr.
+
+EXAMPLE Claude Desktop config (~/Library/Application Support/Claude/claude_desktop_config.json)
+  {
+    "mcpServers": {
+      "leadbay": {
+        "command": "npx",
+        "args": ["-y", "@leadbay/mcp@0.1"],
+        "env": {
+          "LEADBAY_TOKEN": "lb_...",
+          "LEADBAY_REGION": "us"
+        }
+      }
+    }
+  }
+
+DOCS
+  https://github.com/leadbay/leadclaw#readme
+`.trim();
+function makeStderrLogger(level) {
+  const rank = { debug: 0, info: 1, error: 2 };
+  const threshold = rank[level] ?? rank.error;
+  return {
+    info: (m) => {
+      if (rank.info >= threshold) process.stderr.write(`[leadbay-mcp info] ${m}
+`);
+    },
+    warn: (m) => {
+      if (rank.info >= threshold) process.stderr.write(`[leadbay-mcp warn] ${m}
+`);
+    },
+    error: (m) => {
+      process.stderr.write(`[leadbay-mcp error] ${m}
+`);
+    }
+  };
+}
+function parseLogLevel(raw) {
+  if (raw === "debug" || raw === "info") return raw;
+  return "error";
+}
+function exitWithTokenError() {
+  process.stderr.write(
+    "leadbay-mcp: LEADBAY_TOKEN environment variable is required.\n  1. Create a token at https://app.leadbay.ai/settings/api-tokens\n  2. Set it in your MCP client config (e.g. claude_desktop_config.json).\n\nRun `leadbay-mcp --help` for the full config template.\n"
+  );
+  process.exit(1);
+}
+async function resolveClientFromEnv(logger) {
+  const token = process.env.LEADBAY_TOKEN;
+  if (!token) exitWithTokenError();
+  const regionEnv = process.env.LEADBAY_REGION;
+  const explicitRegion = regionEnv === "us" || regionEnv === "fr" ? regionEnv : void 0;
+  const baseUrl = process.env.LEADBAY_BASE_URL;
+  if (baseUrl || explicitRegion) {
+    const config = { token };
+    if (baseUrl) config.baseUrl = baseUrl;
+    if (explicitRegion) config.region = explicitRegion;
+    return createClient(config);
+  }
+  process.stderr.write(
+    "[leadbay-mcp warn] LEADBAY_REGION is unset; probing api-us and api-fr in parallel.\n  Your bearer token will be sent to BOTH backends. Set LEADBAY_REGION=us|fr in your\n  MCP client config to avoid this.\n"
+  );
+  logger.info?.("Auto-detecting region via /users/me on us and fr...");
+  const probe = async (region) => {
+    const c = createClient({ token, region });
+    await c.request("GET", "/users/me");
+    return c;
+  };
+  try {
+    return await Promise.any([probe("us"), probe("fr")]);
+  } catch (err) {
+    const errors = err?.errors ?? [];
+    const firstAuth = errors.find(
+      (e) => e?.code === "AUTH_EXPIRED" || e?.code === "NOT_AUTHENTICATED"
+    );
+    if (firstAuth) {
+      process.stderr.write(
+        `leadbay-mcp: ${firstAuth.message}. ${firstAuth.hint}
+Tip: verify your LEADBAY_TOKEN is valid and, if you know your region, set LEADBAY_REGION=us or LEADBAY_REGION=fr.
+`
+      );
+      process.exit(1);
+    }
+    const firstMsg = errors[0]?.message ?? String(err);
+    process.stderr.write(
+      `leadbay-mcp: region auto-detection failed (${firstMsg}). Defaulting to us; set LEADBAY_REGION to skip probing.
+`
+    );
+    return createClient({ token, region: "us" });
+  }
+}
+async function readPassword() {
+  const envPwd = process.env.LEADBAY_PASSWORD;
+  if (envPwd) return envPwd;
+  const isTTY = process.stdin.isTTY === true;
+  if (!isTTY) {
+    return await new Promise((resolve) => {
+      const chunks = [];
+      process.stdin.on("data", (c) => {
+        chunks.push(typeof c === "string" ? Buffer.from(c, "utf8") : c);
+      });
+      process.stdin.on(
+        "end",
+        () => resolve(Buffer.concat(chunks).toString("utf8").replace(/\r?\n$/, ""))
+      );
+    });
+  }
+  process.stderr.write("Password: ");
+  process.stdin.setRawMode(true);
+  process.stdin.resume();
+  process.stdin.setEncoding("utf8");
+  let buf = "";
+  return await new Promise((resolve) => {
+    const onData = (key) => {
+      if (key === "" || key === "") {
+        process.stdin.setRawMode(false);
+        process.stdin.pause();
+        process.stderr.write("\n");
+        process.exit(130);
+      }
+      if (key === "\r" || key === "\n") {
+        process.stdin.setRawMode(false);
+        process.stdin.pause();
+        process.stdin.removeListener("data", onData);
+        process.stderr.write("\n");
+        resolve(buf);
+        return;
+      }
+      if (key === "\x7F" || key === "\b") {
+        if (buf.length > 0) buf = buf.slice(0, -1);
+        return;
+      }
+      buf += key;
+    };
+    process.stdin.on("data", onData);
+  });
+}
+function parseFlag(args, name) {
+  for (let i = 0; i < args.length; i++) {
+    if (args[i] === `--${name}` && i + 1 < args.length) return args[i + 1];
+    if (args[i].startsWith(`--${name}=`)) return args[i].slice(name.length + 3);
+  }
+  return void 0;
+}
+function hasFlag(args, name) {
+  return args.some((a) => a === `--${name}`);
+}
+async function runLogin(args) {
+  const email = parseFlag(args, "email");
+  if (!email) {
+    process.stderr.write(
+      "Usage: leadbay-mcp login --email you@example.com [--region us|fr] [--allow-region-fallback] [--write-config PATH] [--quiet]\n  Then enter your password (hidden), or pipe it via stdin / set $LEADBAY_PASSWORD.\n  --region            Pin the backend (us|fr); avoids sending your password to a backend you don't use.\n                      Defaults to $LEADBAY_REGION if set; otherwise asks you to pass --allow-region-fallback.\n  --allow-region-fallback   Try us, then fr (or fr, then us). Your password hits BOTH backends if the\n                            first 401s. Only do this if you're OK with that.\n  --write-config PATH       Write the resulting MCP-client JSON to PATH with 0600 permissions instead\n                            of stdout. Recommended \u2014 keeps the token out of terminal scrollback / CI logs.\n  --quiet             With --write-config, suppress the printed Claude-Code one-liner that includes the token.\n"
+    );
+    return 2;
+  }
+  const regionArg = parseFlag(args, "region");
+  const regionEnv = process.env.LEADBAY_REGION;
+  const allowFallback = hasFlag(args, "allow-region-fallback");
+  let pinnedRegion = null;
+  if (regionArg === "us" || regionArg === "fr") pinnedRegion = regionArg;
+  else if (!regionArg && (regionEnv === "us" || regionEnv === "fr")) pinnedRegion = regionEnv;
+  else if (regionArg) {
+    process.stderr.write(`leadbay-mcp login: invalid --region '${regionArg}' (use us or fr)
+`);
+    return 2;
+  }
+  if (!pinnedRegion && !allowFallback) {
+    process.stderr.write(
+      "leadbay-mcp login: refusing to auto-detect region without consent.\n  Avoiding silent credential cross-leak: by default, --region (or $LEADBAY_REGION) must be set\n  so your password only ever hits the backend that owns your account.\n  Either:\n    --region us    (or --region fr)\n  or, if you don't know your region and accept the trade-off:\n    --allow-region-fallback   (your password will hit BOTH backends if the first 401s)\n"
+    );
+    return 2;
+  }
+  const password = await readPassword();
+  if (!password) {
+    process.stderr.write("leadbay-mcp login: empty password\n");
+    return 2;
+  }
+  let result;
+  try {
+    if (pinnedRegion && !allowFallback) {
+      const { REGIONS } = await import("./dist-PIXZN6N4.js");
+      const baseUrl = REGIONS[pinnedRegion];
+      const c = createClient({ region: pinnedRegion });
+      const token = await loginAt(baseUrl, email, password);
+      result = { region: pinnedRegion, baseUrl, token, verified: true };
+      void c;
+    } else {
+      result = await resolveRegion(email, password, pinnedRegion ?? void 0);
+    }
+  } catch (err) {
+    process.stderr.write(`leadbay-mcp login: ${err?.message ?? String(err)}
+`);
+    return 1;
+  }
+  const config = {
+    mcpServers: {
+      leadbay: {
+        command: "npx",
+        args: ["-y", "@leadbay/mcp@0.2"],
+        env: {
+          LEADBAY_TOKEN: result.token,
+          LEADBAY_REGION: result.region
+        }
+      }
+    }
+  };
+  const writeConfigPath = parseFlag(args, "write-config");
+  const quiet = hasFlag(args, "quiet");
+  if (writeConfigPath) {
+    const { writeFileSync, chmodSync } = await import("fs");
+    writeFileSync(writeConfigPath, JSON.stringify(config, null, 2) + "\n", {
+      encoding: "utf8",
+      mode: 384
+    });
+    try {
+      chmodSync(writeConfigPath, 384);
+    } catch {
+    }
+    process.stderr.write(
+      `
+Logged in to ${result.region.toUpperCase()} backend (${result.verified ? "verified" : "UNVERIFIED \u2014 check your email"}).
+Wrote MCP config to ${writeConfigPath} (mode 0600). Token NOT printed to terminal.
+`
+    );
+    if (!quiet) {
+      process.stderr.write(
+        `
+For Claude Code, run:
+  claude mcp add leadbay --env LEADBAY_TOKEN=$(jq -r .mcpServers.leadbay.env.LEADBAY_TOKEN ${writeConfigPath}) --env LEADBAY_REGION=${result.region} -- npx -y @leadbay/mcp@0.2
+`
+      );
+    }
+    process.stderr.write(
+      `
+TREAT THE TOKEN AS A SECRET. It grants full access to your Leadbay account.
+Delete the config file once your MCP client has it loaded, or keep it 0600.
+`
+    );
+    return 0;
+  }
+  process.stderr.write(
+    `
+Logged in to ${result.region.toUpperCase()} backend (${result.verified ? "verified" : "UNVERIFIED \u2014 check your email"}).
+
+\u26A0\uFE0F  About to print your bearer token to STDOUT.
+   Treat it like a password. Do NOT paste this into chat, screen-share, or commit it.
+   For safer handling, re-run with --write-config /path/to/config.json (writes 0600).
+
+Add this to your MCP client config:
+
+`
+  );
+  process.stdout.write(JSON.stringify(config, null, 2) + "\n");
+  process.stderr.write(
+    `
+Or for Claude Code (token included \u2014 same warning applies):
+
+  claude mcp add leadbay \\
+    --env LEADBAY_TOKEN=${result.token} \\
+    --env LEADBAY_REGION=${result.region} \\
+    -- npx -y @leadbay/mcp@0.2
+
+Restart your MCP client to pick up the new server.
+`
+  );
+  return 0;
+}
+async function loginAt(baseUrl, email, password) {
+  const https = await import("https");
+  return await new Promise((resolve, reject) => {
+    const body = JSON.stringify({ email, password });
+    const u = new URL(baseUrl + "/1.5/auth/login");
+    const r = https.request(
+      {
+        hostname: u.hostname,
+        port: 443,
+        path: u.pathname,
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json",
+          "Content-Length": Buffer.byteLength(body)
+        }
+      },
+      (res) => {
+        const chunks = [];
+        res.on("data", (c) => chunks.push(c));
+        res.on("end", () => {
+          const raw = Buffer.concat(chunks).toString("utf8");
+          if (res.statusCode === 200) {
+            try {
+              const parsed = JSON.parse(raw);
+              if (parsed?.token) return resolve(parsed.token);
+              return reject(new Error("login response had no token"));
+            } catch {
+              return reject(new Error("login response was not JSON"));
+            }
+          }
+          reject(
+            new Error(
+              `login failed (${res.statusCode}) at ${baseUrl}: ${raw.slice(0, 200)}`
+            )
+          );
+        });
+      }
+    );
+    r.on("error", reject);
+    r.write(body);
+    r.end();
+  });
+}
+async function detectClients() {
+  const out = [];
+  const { existsSync } = await import("fs");
+  const os = await import("os");
+  const claudeBin = await new Promise((resolve) => {
+    const cmd = process.platform === "win32" ? "where" : "which";
+    const child = require_("node:child_process").spawn(cmd, ["claude"], {
+      stdio: ["ignore", "pipe", "ignore"]
+    });
+    let buf = "";
+    child.stdout.on("data", (c) => buf += c.toString());
+    child.on(
+      "close",
+      (code) => resolve(code === 0 ? buf.split(/\r?\n/)[0] : null)
+    );
+  });
+  if (claudeBin) {
+    out.push({ id: "claude-code", label: "Claude Code", detail: `${claudeBin} mcp add ...` });
+  }
+  const home = os.homedir();
+  const cdPath = process.platform === "win32" ? `${process.env.APPDATA ?? `${home}\\AppData\\Roaming`}\\Claude\\claude_desktop_config.json` : process.platform === "darwin" ? `${home}/Library/Application Support/Claude/claude_desktop_config.json` : `${home}/.config/Claude/claude_desktop_config.json`;
+  if (existsSync(cdPath)) {
+    out.push({ id: "claude-desktop", label: "Claude Desktop", detail: cdPath });
+  }
+  const cursorPath = process.platform === "win32" ? `${home}\\.cursor\\mcp.json` : `${home}/.cursor/mcp.json`;
+  if (existsSync(cursorPath)) {
+    out.push({ id: "cursor", label: "Cursor", detail: cursorPath });
+  } else {
+    const cursorDir = process.platform === "win32" ? `${home}\\.cursor` : `${home}/.cursor`;
+    if (existsSync(cursorDir)) {
+      out.push({
+        id: "cursor",
+        label: "Cursor",
+        detail: cursorPath + " (will be created)"
+      });
+    }
+  }
+  return out;
+}
+function require_(mod) {
+  return createRequire(import.meta.url)(mod);
+}
+async function readChoice(prompt, def = true) {
+  const isTTY = process.stdin.isTTY === true && process.stdout.isTTY === true;
+  if (!isTTY) return def;
+  process.stderr.write(`${prompt} ${def ? "[Y/n]" : "[y/N]"} `);
+  process.stdin.setRawMode(true);
+  process.stdin.resume();
+  process.stdin.setEncoding("utf8");
+  return await new Promise((resolve) => {
+    const onData = (k) => {
+      if (k === "\r" || k === "\n") {
+        process.stdin.setRawMode(false);
+        process.stdin.pause();
+        process.stdin.removeListener("data", onData);
+        process.stderr.write(def ? "y\n" : "n\n");
+        return resolve(def);
+      }
+      if (k === "" || k === "") {
+        process.stdin.setRawMode(false);
+        process.stdin.pause();
+        process.stderr.write("\n");
+        process.exit(130);
+      }
+      const lower = k.toLowerCase();
+      if (lower === "y" || lower === "n") {
+        process.stdin.setRawMode(false);
+        process.stdin.pause();
+        process.stdin.removeListener("data", onData);
+        process.stderr.write(`${lower}
+`);
+        return resolve(lower === "y");
+      }
+    };
+    process.stdin.on("data", onData);
+  });
+}
+async function installInClaudeCode(token, region, includeWrite) {
+  const cp = await import("child_process");
+  const args = [
+    "mcp",
+    "add",
+    "leadbay",
+    "--env",
+    `LEADBAY_TOKEN=${token}`,
+    "--env",
+    `LEADBAY_REGION=${region}`
+  ];
+  if (includeWrite) args.push("--env", `LEADBAY_MCP_WRITE=1`);
+  args.push("--", "npx", "-y", "@leadbay/mcp@0.2");
+  return await new Promise((resolve) => {
+    const child = cp.spawn("claude", args, { stdio: ["ignore", "pipe", "pipe"] });
+    let stderr = "";
+    child.stderr.on("data", (c) => stderr += c.toString());
+    child.on(
+      "close",
+      (code) => resolve({
+        ok: code === 0,
+        message: code === 0 ? "registered" : `claude mcp add exited ${code}: ${stderr.trim().slice(0, 200)}`
+      })
+    );
+    child.on(
+      "error",
+      (err) => resolve({ ok: false, message: `failed to spawn claude: ${err.message}` })
+    );
+  });
+}
+async function installInJsonConfig(configPath, token, region, includeWrite) {
+  try {
+    const { readFileSync, writeFileSync, existsSync, mkdirSync, statSync } = await import("fs");
+    const { dirname } = await import("path");
+    let parsed = {};
+    let preserved = {};
+    if (existsSync(configPath)) {
+      const raw = readFileSync(configPath, "utf8");
+      try {
+        preserved = JSON.parse(raw);
+        parsed = preserved;
+      } catch {
+        return { ok: false, message: `existing ${configPath} is not valid JSON; refusing to overwrite` };
+      }
+    } else {
+      mkdirSync(dirname(configPath), { recursive: true });
+    }
+    parsed.mcpServers = parsed.mcpServers ?? {};
+    const env = {
+      LEADBAY_TOKEN: token,
+      LEADBAY_REGION: region
+    };
+    if (includeWrite) env.LEADBAY_MCP_WRITE = "1";
+    parsed.mcpServers.leadbay = {
+      command: "npx",
+      args: ["-y", "@leadbay/mcp@0.2"],
+      env
+    };
+    const tmp = configPath + ".tmp";
+    writeFileSync(tmp, JSON.stringify(parsed, null, 2) + "\n", "utf8");
+    const { renameSync, chmodSync } = await import("fs");
+    renameSync(tmp, configPath);
+    try {
+      const st = statSync(configPath);
+      if ((st.mode & 511) > 384 && Object.keys(preserved).length === 0) {
+        chmodSync(configPath, 384);
+      }
+    } catch {
+    }
+    return { ok: true, message: "registered" };
+  } catch (err) {
+    return { ok: false, message: err?.message ?? String(err) };
+  }
+}
+async function runInstall(args) {
+  const email = parseFlag(args, "email");
+  if (!email) {
+    process.stderr.write(
+      "Usage: leadbay-mcp install --email you@example.com [--region us|fr]\n                          [--allow-region-fallback] [--include-write]\n                          [--target claude-code,claude-desktop,cursor] [--yes]\n  Mints a token AND registers the MCP server with your installed clients.\n  --target            Comma-separated subset; default = all detected.\n  --include-write     Enable LEADBAY_MCP_WRITE=1 (composite write tools \u2014 refine_prompt,\n                      report_outreach, adjust_audience). Off by default; off means the\n                      agent can read your Leadbay account but not mutate it.\n  --yes               Don't ask before installing into each detected client.\n"
+    );
+    return 2;
+  }
+  const regionArg = parseFlag(args, "region");
+  const regionEnv = process.env.LEADBAY_REGION;
+  const allowFallback = hasFlag(args, "allow-region-fallback");
+  let pinnedRegion = null;
+  if (regionArg === "us" || regionArg === "fr") pinnedRegion = regionArg;
+  else if (!regionArg && (regionEnv === "us" || regionEnv === "fr")) pinnedRegion = regionEnv;
+  else if (regionArg) {
+    process.stderr.write(`leadbay-mcp install: invalid --region '${regionArg}' (use us or fr)
+`);
+    return 2;
+  }
+  if (!pinnedRegion && !allowFallback) {
+    process.stderr.write(
+      "leadbay-mcp install: --region us|fr (or $LEADBAY_REGION) is required by default.\n  This avoids sending your password to a Leadbay backend you don't use.\n  Pass --allow-region-fallback to opt in to auto-detect (your password will hit BOTH backends if the first 401s).\n"
+    );
+    return 2;
+  }
+  const detected = await detectClients();
+  const targetArg = parseFlag(args, "target");
+  let chosen = detected;
+  if (targetArg) {
+    const want = new Set(targetArg.split(",").map((s) => s.trim()));
+    chosen = detected.filter((c) => want.has(c.id));
+    const missing = [...want].filter((id) => !detected.some((c) => c.id === id));
+    if (missing.length) {
+      process.stderr.write(
+        `leadbay-mcp install: --target requested [${[...want].join(", ")}] but these were not detected on this machine: ${missing.join(", ")}
+`
+      );
+    }
+  }
+  if (chosen.length === 0) {
+    process.stderr.write(
+      "leadbay-mcp install: no MCP clients detected on this machine.\n  Install Claude Code (https://docs.claude.com/claude-code), Claude Desktop, or Cursor first,\n  or use `leadbay-mcp login --write-config /path/to/config.json` to mint a token without auto-install.\n"
+    );
+    return 1;
+  }
+  process.stderr.write(
+    `
+leadbay-mcp install \u2014 detected MCP clients on this machine:
+`
+  );
+  for (const c of chosen) process.stderr.write(`  \u2022 ${c.label.padEnd(16)} ${c.detail}
+`);
+  process.stderr.write("\n");
+  const password = await readPassword();
+  if (!password) {
+    process.stderr.write("leadbay-mcp install: empty password\n");
+    return 2;
+  }
+  let token;
+  let region;
+  try {
+    if (pinnedRegion && !allowFallback) {
+      const { REGIONS } = await import("./dist-PIXZN6N4.js");
+      const baseUrl = REGIONS[pinnedRegion];
+      token = await loginAt(baseUrl, email, password);
+      region = pinnedRegion;
+    } else {
+      const result = await resolveRegion(email, password, pinnedRegion ?? void 0);
+      token = result.token;
+      region = result.region;
+    }
+  } catch (err) {
+    process.stderr.write(`leadbay-mcp install: ${err?.message ?? String(err)}
+`);
+    return 1;
+  }
+  process.stderr.write(`Logged in to ${region.toUpperCase()} backend.
+
+`);
+  const includeWrite = hasFlag(args, "include-write");
+  if (!includeWrite) {
+    process.stderr.write(
+      "Note: write tools (refine_prompt, report_outreach, adjust_audience, etc.) are NOT enabled.\n      Re-run with --include-write to enable them.\n\n"
+    );
+  }
+  const skipPrompts = hasFlag(args, "yes");
+  const results = [];
+  for (const c of chosen) {
+    const ok = skipPrompts || await readChoice(`Install into ${c.label} (${c.detail})?`, true);
+    if (!ok) {
+      results.push({ id: c.id, label: c.label, ok: false, message: "skipped by user" });
+      continue;
+    }
+    let res;
+    if (c.id === "claude-code") {
+      res = await installInClaudeCode(token, region, includeWrite);
+    } else {
+      const path = c.detail.split(" ")[0];
+      res = await installInJsonConfig(path, token, region, includeWrite);
+    }
+    results.push({ id: c.id, label: c.label, ...res });
+  }
+  process.stderr.write("\n=== install summary ===\n");
+  let anyOk = false;
+  for (const r of results) {
+    process.stderr.write(`  ${r.ok ? "\u2713" : "\u2717"} ${r.label.padEnd(16)} ${r.message}
+`);
+    if (r.ok) anyOk = true;
+  }
+  process.stderr.write(
+    `
+The token was written into client config files but never printed to your terminal.
+Verify with: LEADBAY_TOKEN=$(...) npx -y @leadbay/mcp@0.2 doctor
+Restart your MCP client(s) to pick up the new server.
+If you ever leak the token, log in to app.leadbay.ai again to invalidate the prior session.
+`
+  );
+  return anyOk ? 0 : 1;
+}
+async function runDoctor() {
+  const token = process.env.LEADBAY_TOKEN;
+  if (!token) {
+    exitWithTokenError();
+  }
+  const logger = makeStderrLogger(parseLogLevel(process.env.LEADBAY_LOG_LEVEL));
+  const regionEnv = process.env.LEADBAY_REGION;
+  const baseUrl = process.env.LEADBAY_BASE_URL;
+  const regions = regionEnv === "fr" ? ["fr", "us"] : regionEnv === "us" ? ["us", "fr"] : ["us", "fr"];
+  for (const region of regions) {
+    const config = { token };
+    if (baseUrl) config.baseUrl = baseUrl;
+    else config.region = region;
+    const client = createClient(config);
+    logger.info?.(`Trying region="${region}" baseUrl="${client.baseUrl}"`);
+    try {
+      const me = await client.request("GET", "/users/me");
+      process.stdout.write(
+        `Leadbay connection OK.
+  Region:        ${baseUrl ? "(custom baseUrl)" : region}
+  Base URL:      ${client.baseUrl}
+  Organization:  ${me.organization.name} (${me.organization.id})
+  Billing:       ${me.organization.billing?.status ?? "unknown"}
+  AI credits:    ${me.organization.billing?.ai_credits ?? "?"} / ${me.organization.billing?.ai_credits_quota ?? "?"}
+`
+      );
+      return 0;
+    } catch (err) {
+      logger.error?.(`${region}: ${err?.message ?? err}`);
+      if (err?.code === "AUTH_EXPIRED" || err?.code === "NOT_AUTHENTICATED") {
+        process.stderr.write(
+          `Leadbay: your LEADBAY_TOKEN is not valid for ${region}. ${err.hint}
+`
+        );
+        return 1;
+      }
+    }
+    if (baseUrl) break;
+  }
+  process.stderr.write(
+    "Leadbay doctor: could not reach any Leadbay region with this token. Check the token and your network.\n"
+  );
+  return 1;
+}
+async function main() {
+  const arg = process.argv[2];
+  if (arg === "--version" || arg === "-v") {
+    process.stdout.write(`${VERSION}
+`);
+    return;
+  }
+  if (arg === "--help" || arg === "-h" || arg === "help") {
+    process.stdout.write(`${HELP}
+`);
+    return;
+  }
+  if (arg === "install") {
+    process.exit(await runInstall(process.argv.slice(3)));
+  }
+  if (arg === "login") {
+    process.exit(await runLogin(process.argv.slice(3)));
+  }
+  if (arg === "doctor") {
+    process.exit(await runDoctor());
+  }
+  const logger = makeStderrLogger(parseLogLevel(process.env.LEADBAY_LOG_LEVEL));
+  const client = await resolveClientFromEnv(logger);
+  const includeAdvanced = process.env.LEADBAY_MCP_ADVANCED === "1";
+  const includeWrite = process.env.LEADBAY_MCP_WRITE === "1";
+  const server = buildServer(client, { includeAdvanced, includeWrite, logger });
+  const transport = new StdioServerTransport();
+  logger.info?.(
+    `Starting MCP server v${VERSION} (advanced=${includeAdvanced}, write=${includeWrite}, baseUrl=${client.baseUrl})`
+  );
+  await server.connect(transport);
+}
+var isEntrypoint = (() => {
+  try {
+    const entry = process.argv[1];
+    if (!entry) return false;
+    const url = new URL(import.meta.url);
+    return url.pathname === entry || url.pathname.endsWith(entry);
+  } catch {
+    return false;
+  }
+})();
+if (isEntrypoint) {
+  main().catch((err) => {
+    process.stderr.write(`leadbay-mcp: ${err?.message ?? err}
+`);
+    process.exit(1);
+  });
+}
+export {
+  resolveClientFromEnv
+};