@lessie/mcp-server 0.0.6 → 0.1.0

package/mcpb/README.md

@@ -0,0 +1,47 @@
+# MCPB 打包
+
+将 Lessie MCP Server 打包为 `.mcpb` 文件，供 Claude Desktop 用户一键安装。
+
+## 打包
+
+```bash
+# 在项目根目录执行
+npm run build
+npm run mcpb:pack
+```
+
+生成的 `.mcpb` 文件在当前目录下。
+
+## 安装方式
+
+用户拿到 `.mcpb` 文件后：
+
+- **双击**文件自动打开 Claude Desktop
+- **拖拽**到 Claude Desktop 窗口
+- Claude Desktop 菜单：Developer → Extensions → Install Extension
+
+## manifest.json 说明
+
+| 字段 | 说明 |
+|---|---|
+| `server.type` | `node` — Claude Desktop 自带 Node.js 运行时，用户无需额外安装 |
+| `server.entry_point` | 指向编译产物 `dist/index.js` |
+| `tools` | 声明本地工具（`authorize`） |
+| `tools_generated` | `true` — 授权后会动态暴露远程工具 |
+| `user_config` | 安装时 Claude Desktop 自动弹出配置界面，用户可自定义远程服务地址 |
+
+## 添加图标
+
+准备一个 512×512 的 `icon.png` 放到本目录，然后在 `manifest.json` 中添加：
+
+```json
+"icons": {
+  "default": "icon.png"
+}
+```
+
+## 参考
+
+- [MCPB 规范](https://github.com/modelcontextprotocol/mcpb)
+- [Manifest 字段说明](https://github.com/modelcontextprotocol/mcpb/blob/main/MANIFEST.md)
+- [提交到 Anthropic Directory](https://support.claude.com/en/articles/12922832-local-mcp-server-submission-guide)

package/mcpb/manifest.json

@@ -0,0 +1,45 @@
+{
+  "manifest_version": "0.3",
+  "name": "lessie-mcp-server",
+  "display_name": "Lessie",
+  "version": "0.0.8",
+  "description": "Connect Claude to your Lessie account. Authorize via OAuth and access remote Lessie tools directly in conversations.",
+  "author": {
+    "name": "Lessie"
+  },
+  "server": {
+    "type": "node",
+    "entry_point": "dist/index.js",
+    "mcp_config": {
+      "command": "node",
+      "args": ["${__dirname}/dist/index.js"],
+      "env": {
+        "LESSIE_REMOTE_MCP_URL": "${user_config.remote_mcp_url}"
+      }
+    }
+  },
+  "tools": [
+    {
+      "name": "authorize",
+      "description": "Connect to the remote Lessie service. Returns an authorization link on first use or when authorization expires; returns current status when already connected."
+    },
+    {
+      "name": "use_lessie",
+      "description": "Call any remote Lessie tool. Omit the 'tool' parameter to list all available remote tools with their schemas; provide 'tool' and 'arguments' to invoke a specific tool. Requires prior authorization via the 'authorize' tool."
+    }
+  ],
+  "tools_generated": true,
+  "user_config": {
+    "remote_mcp_url": {
+      "type": "string",
+      "title": "Remote MCP Server URL",
+      "description": "The URL of the remote Lessie MCP server",
+      "required": false,
+      "default": "https://www.lessie.ai/mcp-server/mcp"
+    }
+  },
+  "compatibility": {
+    "platforms": ["darwin", "win32"]
+  },
+  "license": "MIT"
+}

package/mcpb/pack.sh

@@ -0,0 +1,36 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+PROJECT_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"
+
+cd "$PROJECT_ROOT"
+
+echo "Bundling with esbuild..."
+rm -rf "$SCRIPT_DIR/dist"
+mkdir -p "$SCRIPT_DIR/dist"
+npx esbuild src/index.ts \
+  --bundle \
+  --platform=node \
+  --format=esm \
+  --target=node18 \
+  --outfile="$SCRIPT_DIR/dist/index.js" \
+  --banner:js='#!/usr/bin/env node'
+
+echo "Copying runtime assets..."
+cp package.json "$SCRIPT_DIR/package.json"
+cp SKILL.md "$SCRIPT_DIR/SKILL.md" 2>/dev/null || true
+
+echo "Packing mcpb..."
+cd "$SCRIPT_DIR"
+TIMESTAMP="$(date +%Y%m%d-%H%M%S)"
+OUTPUT="lessie-mcp-${TIMESTAMP}.mcpb"
+npx @anthropic-ai/mcpb pack . "$OUTPUT"
+
+echo "Cleaning up..."
+rm -rf "$SCRIPT_DIR/dist"
+rm -f "$SCRIPT_DIR/package.json"
+rm -f "$SCRIPT_DIR/SKILL.md"
+rm -f "$SCRIPT_DIR/lessie-mcp-server-"*.mcpb
+
+echo "Done! Output: $SCRIPT_DIR/$OUTPUT"

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lessie/mcp-server",
-  "version": "0.0.6",
+  "version": "0.1.0",
   "type": "module",
   "main": "dist/index.js",
   "bin": {
@@ -9,14 +9,19 @@
   "scripts": {
     "build": "tsc",
     "dev": "tsc --watch",
-    "start": "node dist/index.js"
+    "start": "node dist/index.js",
+    "inspector": "npx @modelcontextprotocol/inspector node dist/index.js",
+    "mcpb:pack": "bash mcpb/pack.sh"
   },
   "dependencies": {
     "@modelcontextprotocol/sdk": "^1.10.0",
     "zod": "^3.23.0"
   },
   "devDependencies": {
+    "@anthropic-ai/mcpb": "^2.1.2",
+    "@modelcontextprotocol/inspector": "^0.21.1",
     "@types/node": "^20.0.0",
+    "esbuild": "^0.27.4",
     "typescript": "^5.4.0"
   },
   "publishConfig": {

package/dist/server/auth.js

@@ -1,36 +0,0 @@
-import { createHash, randomBytes } from "node:crypto";
-import jwt from "jsonwebtoken";
-const JWT_SECRET = process.env.JWT_SECRET || "change-me-in-production";
-const JWT_EXPIRES_IN = 3600; // 1 hour
-// ── API Key 生成 ─────────────────────────────────────────────────────────────
-export function generateApiKey() {
-    const rawKey = "sk-live-v1-" + randomBytes(24).toString("base64url");
-    const keyHash = hashApiKey(rawKey);
-    const keyHint = rawKey.slice(0, 20) + "...";
-    return { rawKey, keyHash, keyHint };
-}
-export function hashApiKey(rawKey) {
-    return createHash("sha256").update(rawKey).digest("hex");
-}
-// ── JWT 签发 ─────────────────────────────────────────────────────────────────
-export function signJwt(payload) {
-    const token = jwt.sign(payload, JWT_SECRET, { expiresIn: JWT_EXPIRES_IN });
-    return { token, expiresIn: JWT_EXPIRES_IN };
-}
-// ── JWT 验证中间件（登录态保护） ──────────────────────────────────────────────
-export function requireAuth(req, res, next) {
-    const header = req.headers.authorization;
-    if (!header?.startsWith("Bearer ")) {
-        res.status(401).json({ error: "Missing or invalid Authorization header" });
-        return;
-    }
-    const token = header.slice(7);
-    try {
-        const decoded = jwt.verify(token, JWT_SECRET);
-        req.user = decoded;
-        next();
-    }
-    catch {
-        res.status(401).json({ error: "Invalid or expired token" });
-    }
-}

package/dist/server/db.js

@@ -1,5 +0,0 @@
-import pg from "pg";
-const pool = new pg.Pool({
-    connectionString: process.env.DATABASE_URL,
-});
-export default pool;

package/dist/server/index.js

@@ -1,11 +0,0 @@
-import express from "express";
-import apiKeysRouter from "./routes/api-keys.js";
-import authTokenRouter from "./routes/auth-token.js";
-const app = express();
-const PORT = parseInt(process.env.PORT || "3000", 10);
-app.use(express.json());
-app.use("/api-keys", apiKeysRouter);
-app.use("/auth/token", authTokenRouter);
-app.listen(PORT, () => {
-    console.log(`Server listening on port ${PORT}`);
-});

package/dist/server/routes/api-keys.js

@@ -1,78 +0,0 @@
-import { Router } from "express";
-import pool from "../db.js";
-import { generateApiKey, requireAuth } from "../auth.js";
-const router = Router();
-router.use(requireAuth);
-const MAX_KEYS_PER_USER = 10;
-// POST /api-keys — 创建 API Key
-router.post("/", async (req, res) => {
-    try {
-        const userId = req.user.sub;
-        const { name, scopes } = req.body;
-        if (!name || typeof name !== "string" || name.trim().length === 0) {
-            res.status(400).json({ error: "name is required" });
-            return;
-        }
-        const validScopes = scopes ?? ["read"];
-        const countResult = await pool.query("SELECT COUNT(*) FROM api_keys WHERE user_id = $1 AND revoked_at IS NULL", [userId]);
-        if (parseInt(countResult.rows[0].count, 10) >= MAX_KEYS_PER_USER) {
-            res.status(400).json({ error: `Maximum ${MAX_KEYS_PER_USER} active API keys allowed` });
-            return;
-        }
-        const { rawKey, keyHash, keyHint } = generateApiKey();
-        await pool.query(`INSERT INTO api_keys (user_id, name, key_hash, key_hint, scopes)
-       VALUES ($1, $2, $3, $4, $5)`, [userId, name.trim(), keyHash, keyHint, validScopes]);
-        res.status(201).json({
-            key: rawKey,
-            hint: keyHint,
-            name: name.trim(),
-            scopes: validScopes,
-        });
-    }
-    catch (err) {
-        console.error("POST /api-keys error:", err);
-        res.status(500).json({ error: "Internal server error" });
-    }
-});
-// GET /api-keys — 列出 API Keys
-router.get("/", async (req, res) => {
-    try {
-        const userId = req.user.sub;
-        const result = await pool.query(`SELECT id, name, key_hint, scopes, last_used_at, created_at
-       FROM api_keys
-       WHERE user_id = $1 AND revoked_at IS NULL
-       ORDER BY created_at DESC`, [userId]);
-        res.json(result.rows.map((row) => ({
-            id: row.id,
-            name: row.name,
-            keyHint: row.key_hint,
-            scopes: row.scopes,
-            lastUsedAt: row.last_used_at,
-            createdAt: row.created_at,
-        })));
-    }
-    catch (err) {
-        console.error("GET /api-keys error:", err);
-        res.status(500).json({ error: "Internal server error" });
-    }
-});
-// DELETE /api-keys/:id — 吊销 API Key（软删除）
-router.delete("/:id", async (req, res) => {
-    try {
-        const userId = req.user.sub;
-        const { id } = req.params;
-        const result = await pool.query(`UPDATE api_keys SET revoked_at = now()
-       WHERE id = $1 AND user_id = $2 AND revoked_at IS NULL
-       RETURNING id`, [id, userId]);
-        if (result.rowCount === 0) {
-            res.status(404).json({ error: "API key not found" });
-            return;
-        }
-        res.status(204).send();
-    }
-    catch (err) {
-        console.error("DELETE /api-keys/:id error:", err);
-        res.status(500).json({ error: "Internal server error" });
-    }
-});
-export default router;

package/dist/server/routes/auth-token.js

@@ -1,41 +0,0 @@
-import { Router } from "express";
-import pool from "../db.js";
-import { hashApiKey, signJwt } from "../auth.js";
-const router = Router();
-// POST /auth/token — API Key 换取 JWT（无需登录态）
-router.post("/", async (req, res) => {
-    try {
-        const { apiKey } = req.body;
-        if (!apiKey || typeof apiKey !== "string") {
-            res.status(401).json({ error: "Invalid credentials" });
-            return;
-        }
-        const keyHash = hashApiKey(apiKey);
-        const result = await pool.query(`SELECT id, user_id, scopes, expires_at
-       FROM api_keys
-       WHERE key_hash = $1 AND revoked_at IS NULL`, [keyHash]);
-        if (result.rowCount === 0) {
-            res.status(401).json({ error: "Invalid credentials" });
-            return;
-        }
-        const row = result.rows[0];
-        if (row.expires_at && new Date(row.expires_at) < new Date()) {
-            res.status(401).json({ error: "Invalid credentials" });
-            return;
-        }
-        // 异步更新 last_used_at，不阻塞响应
-        pool.query("UPDATE api_keys SET last_used_at = now() WHERE id = $1", [row.id]).catch((err) => console.error("Failed to update last_used_at:", err));
-        const { token, expiresIn } = signJwt({
-            sub: row.user_id,
-            scopes: row.scopes ?? ["read"],
-            via: "api_key",
-            kid: row.id,
-        });
-        res.json({ token, expiresIn });
-    }
-    catch (err) {
-        console.error("POST /auth/token error:", err);
-        res.status(500).json({ error: "Internal server error" });
-    }
-});
-export default router;