@lightsparkdev/grid-mcp 0.3.0

package/src/code-tool.ts

@@ -0,0 +1,140 @@
+// File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
+
+import { McpTool, Metadata, ToolCallResult, asErrorResult, asTextContentResult } from './types';
+import { Tool } from '@modelcontextprotocol/sdk/types.js';
+import { readEnv, requireValue } from './server';
+import { WorkerInput, WorkerOutput } from './code-tool-types';
+import { SdkMethod } from './methods';
+import { LightsparkGrid } from '@lightsparkdev/grid';
+
+const prompt = `Runs JavaScript code to interact with the Lightspark Grid API.
+
+You are a skilled programmer writing code to interface with the service.
+Define an async function named "run" that takes a single parameter of an initialized SDK client and it will be run.
+For example:
+
+\`\`\`
+async function run(client) {
+  const quote = await client.quotes.create({
+    destination: { accountId: 'ExternalAccount:a12dcbd6-dced-4ec4-b756-3c3a9ea3d123', destinationType: 'ACCOUNT' },
+    lockedCurrencyAmount: 10000,
+    lockedCurrencySide: 'SENDING',
+    source: { accountId: 'InternalAccount:e85dcbd6-dced-4ec4-b756-3c3a9ea3d965', sourceType: 'ACCOUNT' },
+  });
+
+  console.log(quote.createdAt);
+}
+\`\`\`
+
+You will be returned anything that your function returns, plus the results of any console.log statements.
+Do not add try-catch blocks for single API calls. The tool will handle errors for you.
+Do not add comments unless necessary for generating better code.
+Code will run in a container, and cannot interact with the network outside of the given SDK client.
+Variables will not persist between calls, so make sure to return or log any data you might need later.`;
+
+/**
+ * A tool that runs code against a copy of the SDK.
+ *
+ * Instead of exposing every endpoint as its own tool, which uses up too many tokens for LLMs to use at once,
+ * we expose a single tool that can be used to search for endpoints by name, resource, operation, or tag, and then
+ * a generic endpoint that can be used to invoke any endpoint with the provided arguments.
+ *
+ * @param endpoints - The endpoints to include in the list.
+ */
+export function codeTool(params: { blockedMethods: SdkMethod[] | undefined }): McpTool {
+  const metadata: Metadata = { resource: 'all', operation: 'write', tags: [] };
+  const tool: Tool = {
+    name: 'execute',
+    description: prompt,
+    inputSchema: {
+      type: 'object',
+      properties: {
+        code: {
+          type: 'string',
+          description: 'Code to execute.',
+        },
+        intent: {
+          type: 'string',
+          description: 'Task you are trying to perform. Used for improving the service.',
+        },
+      },
+      required: ['code'],
+    },
+  };
+  const handler = async (client: LightsparkGrid, args: any): Promise<ToolCallResult> => {
+    const code = args.code as string;
+    const intent = args.intent as string | undefined;
+
+    // Do very basic blocking of code that includes forbidden method names.
+    //
+    // WARNING: This is not secure against obfuscation and other evasion methods. If
+    // stronger security blocks are required, then these should be enforced in the downstream
+    // API (e.g., by having users call the MCP server with API keys with limited permissions).
+    if (params.blockedMethods) {
+      const blockedMatches = params.blockedMethods.filter((method) =>
+        code.includes(method.fullyQualifiedName),
+      );
+      if (blockedMatches.length > 0) {
+        return asErrorResult(
+          `The following methods have been blocked by the MCP server and cannot be used in code execution: ${blockedMatches
+            .map((m) => m.fullyQualifiedName)
+            .join(', ')}`,
+        );
+      }
+    }
+
+    // this is not required, but passing a Stainless API key for the matching project_name
+    // will allow you to run code-mode queries against non-published versions of your SDK.
+    const stainlessAPIKey = readEnv('STAINLESS_API_KEY');
+    const codeModeEndpoint =
+      readEnv('CODE_MODE_ENDPOINT_URL') ?? 'https://api.stainless.com/api/ai/code-tool';
+
+    const res = await fetch(codeModeEndpoint, {
+      method: 'POST',
+      headers: {
+        ...(stainlessAPIKey && { Authorization: stainlessAPIKey }),
+        'Content-Type': 'application/json',
+        client_envs: JSON.stringify({
+          GRID_CLIENT_ID: requireValue(
+            readEnv('GRID_CLIENT_ID') ?? client.username,
+            'set GRID_CLIENT_ID environment variable or provide username client option',
+          ),
+          GRID_CLIENT_SECRET: requireValue(
+            readEnv('GRID_CLIENT_SECRET') ?? client.password,
+            'set GRID_CLIENT_SECRET environment variable or provide password client option',
+          ),
+          GRID_WEBHOOK_PUBKEY: readEnv('GRID_WEBHOOK_PUBKEY') ?? client.webhookSignature ?? undefined,
+          LIGHTSPARK_GRID_BASE_URL: readEnv('LIGHTSPARK_GRID_BASE_URL') ?? client.baseURL ?? undefined,
+        }),
+      },
+      body: JSON.stringify({
+        project_name: 'grid',
+        code,
+        intent,
+        client_opts: {},
+      } satisfies WorkerInput),
+    });
+
+    if (!res.ok) {
+      throw new Error(
+        `${res.status}: ${
+          res.statusText
+        } error when trying to contact Code Tool server. Details: ${await res.text()}`,
+      );
+    }
+
+    const { is_error, result, log_lines, err_lines } = (await res.json()) as WorkerOutput;
+    const hasLogs = log_lines.length > 0 || err_lines.length > 0;
+    const output = {
+      result,
+      ...(log_lines.length > 0 && { log_lines }),
+      ...(err_lines.length > 0 && { err_lines }),
+    };
+    if (is_error) {
+      return asErrorResult(typeof result === 'string' && !hasLogs ? result : JSON.stringify(output, null, 2));
+    }
+    return asTextContentResult(output);
+  };
+
+  return { metadata, tool, handler };
+}

package/src/docs-search-tool.ts

@@ -0,0 +1,59 @@
+// File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
+
+import { Metadata, asTextContentResult } from './types';
+
+import { Tool } from '@modelcontextprotocol/sdk/types.js';
+
+export const metadata: Metadata = {
+  resource: 'all',
+  operation: 'read',
+  tags: [],
+  httpMethod: 'get',
+};
+
+export const tool: Tool = {
+  name: 'search_docs',
+  description: 'Search for documentation for how to use the client to interact with the API.',
+  inputSchema: {
+    type: 'object',
+    properties: {
+      query: {
+        type: 'string',
+        description: 'The query to search for.',
+      },
+      language: {
+        type: 'string',
+        description: 'The language for the SDK to search for.',
+        enum: ['http', 'python', 'go', 'typescript', 'javascript', 'terraform', 'ruby', 'java', 'kotlin'],
+      },
+      detail: {
+        type: 'string',
+        description: 'The amount of detail to return.',
+        enum: ['default', 'verbose'],
+      },
+    },
+    required: ['query', 'language'],
+  },
+  annotations: {
+    readOnlyHint: true,
+  },
+};
+
+const docsSearchURL =
+  process.env['DOCS_SEARCH_URL'] || 'https://api.stainless.com/api/projects/grid/docs/search';
+
+export const handler = async (_: unknown, args: Record<string, unknown> | undefined) => {
+  const body = args as any;
+  const query = new URLSearchParams(body).toString();
+  const result = await fetch(`${docsSearchURL}?${query}`);
+
+  if (!result.ok) {
+    throw new Error(
+      `${result.status}: ${result.statusText} when using doc search tool. Details: ${await result.text()}`,
+    );
+  }
+
+  return asTextContentResult(await result.json());
+};
+
+export default { metadata, tool, handler };

package/src/headers.ts

@@ -0,0 +1,39 @@
+// File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
+
+import { IncomingMessage } from 'node:http';
+import { ClientOptions } from '@lightsparkdev/grid';
+
+export const parseAuthHeaders = (req: IncomingMessage, required?: boolean): Partial<ClientOptions> => {
+  if (req.headers.authorization) {
+    const scheme = req.headers.authorization.split(' ')[0]!;
+    const value = req.headers.authorization.slice(scheme.length + 1);
+    switch (scheme) {
+      case 'Basic':
+        const rawValue = Buffer.from(value, 'base64').toString();
+        return {
+          username: rawValue.slice(0, rawValue.search(':')),
+          password: rawValue.slice(rawValue.search(':') + 1),
+        };
+      default:
+        throw new Error(
+          'Unsupported authorization scheme. Expected the "Authorization" header to be a supported scheme (Basic).',
+        );
+    }
+  } else if (required) {
+    throw new Error('Missing required Authorization header; see WWW-Authenticate header for details.');
+  }
+
+  const username =
+    Array.isArray(req.headers['x-grid-client-id']) ?
+      req.headers['x-grid-client-id'][0]
+    : req.headers['x-grid-client-id'];
+  const password =
+    Array.isArray(req.headers['x-grid-client-secret']) ?
+      req.headers['x-grid-client-secret'][0]
+    : req.headers['x-grid-client-secret'];
+  const webhookSignature =
+    Array.isArray(req.headers['x-grid-signature']) ?
+      req.headers['x-grid-signature'][0]
+    : req.headers['x-grid-signature'];
+  return { username, password, webhookSignature };
+};

package/src/http.ts

@@ -0,0 +1,130 @@
+// File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
+
+import { McpServer } from '@modelcontextprotocol/sdk/server/mcp';
+import { StreamableHTTPServerTransport } from '@modelcontextprotocol/sdk/server/streamableHttp.js';
+import express from 'express';
+import morgan from 'morgan';
+import morganBody from 'morgan-body';
+import { McpOptions } from './options';
+import { ClientOptions, initMcpServer, newMcpServer } from './server';
+import { parseAuthHeaders } from './headers';
+
+const newServer = async ({
+  clientOptions,
+  mcpOptions,
+  req,
+  res,
+}: {
+  clientOptions: ClientOptions;
+  mcpOptions: McpOptions;
+  req: express.Request;
+  res: express.Response;
+}): Promise<McpServer | null> => {
+  const server = await newMcpServer();
+
+  try {
+    const authOptions = parseAuthHeaders(req, false);
+    await initMcpServer({
+      server: server,
+      mcpOptions: mcpOptions,
+      clientOptions: {
+        ...clientOptions,
+        ...authOptions,
+      },
+    });
+  } catch (error) {
+    res.status(401).json({
+      jsonrpc: '2.0',
+      error: {
+        code: -32000,
+        message: `Unauthorized: ${error instanceof Error ? error.message : error}`,
+      },
+    });
+    return null;
+  }
+
+  return server;
+};
+
+const post =
+  (options: { clientOptions: ClientOptions; mcpOptions: McpOptions }) =>
+  async (req: express.Request, res: express.Response) => {
+    const server = await newServer({ ...options, req, res });
+    // If we return null, we already set the authorization error.
+    if (server === null) return;
+    const transport = new StreamableHTTPServerTransport();
+    await server.connect(transport as any);
+    await transport.handleRequest(req, res, req.body);
+  };
+
+const get = async (req: express.Request, res: express.Response) => {
+  res.status(405).json({
+    jsonrpc: '2.0',
+    error: {
+      code: -32000,
+      message: 'Method not supported',
+    },
+  });
+};
+
+const del = async (req: express.Request, res: express.Response) => {
+  res.status(405).json({
+    jsonrpc: '2.0',
+    error: {
+      code: -32000,
+      message: 'Method not supported',
+    },
+  });
+};
+
+export const streamableHTTPApp = ({
+  clientOptions = {},
+  mcpOptions,
+  debug,
+}: {
+  clientOptions?: ClientOptions;
+  mcpOptions: McpOptions;
+  debug: boolean;
+}): express.Express => {
+  const app = express();
+  app.set('query parser', 'extended');
+  app.use(express.json());
+
+  if (debug) {
+    morganBody(app, {
+      logAllReqHeader: true,
+      logAllResHeader: true,
+      logRequestBody: true,
+      logResponseBody: true,
+    });
+  } else {
+    app.use(morgan('combined'));
+  }
+
+  app.get('/health', async (req: express.Request, res: express.Response) => {
+    res.status(200).send('OK');
+  });
+  app.get('/', get);
+  app.post('/', post({ clientOptions, mcpOptions }));
+  app.delete('/', del);
+
+  return app;
+};
+
+export const launchStreamableHTTPServer = async (params: {
+  mcpOptions: McpOptions;
+  debug: boolean;
+  port: number | string | undefined;
+}) => {
+  const app = streamableHTTPApp({ mcpOptions: params.mcpOptions, debug: params.debug });
+  const server = app.listen(params.port);
+  const address = server.address();
+
+  if (typeof address === 'string') {
+    console.error(`MCP Server running on streamable HTTP at ${address}`);
+  } else if (address !== null) {
+    console.error(`MCP Server running on streamable HTTP on port ${address.port}`);
+  } else {
+    console.error(`MCP Server running on streamable HTTP on port ${params.port}`);
+  }
+};

package/src/index.ts

@@ -0,0 +1,65 @@
+#!/usr/bin/env node
+
+import { selectTools } from './server';
+import { McpOptions, parseCLIOptions } from './options';
+import { launchStdioServer } from './stdio';
+import { launchStreamableHTTPServer } from './http';
+import type { McpTool } from './types';
+
+async function main() {
+  const options = parseOptionsOrError();
+
+  const selectedTools = await selectToolsOrError(options);
+
+  console.error(
+    `MCP Server starting with ${selectedTools.length} tools:`,
+    selectedTools.map((e) => e.tool.name),
+  );
+
+  switch (options.transport) {
+    case 'stdio':
+      await launchStdioServer(options);
+      break;
+    case 'http':
+      await launchStreamableHTTPServer({
+        mcpOptions: options,
+        debug: options.debug,
+        port: options.port ?? options.socket,
+      });
+      break;
+  }
+}
+
+if (require.main === module) {
+  main().catch((error) => {
+    console.error('Fatal error in main():', error);
+    process.exit(1);
+  });
+}
+
+function parseOptionsOrError() {
+  try {
+    return parseCLIOptions();
+  } catch (error) {
+    console.error('Error parsing options:', error);
+    process.exit(1);
+  }
+}
+
+async function selectToolsOrError(options: McpOptions): Promise<McpTool[]> {
+  try {
+    const includedTools = selectTools(options);
+    if (includedTools.length === 0) {
+      console.error('No tools match the provided filters.');
+      process.exit(1);
+    }
+    return includedTools;
+  } catch (error) {
+    if (error instanceof Error) {
+      console.error('Error filtering tools:', error.message);
+    } else {
+      console.error('Error filtering tools:', error);
+    }
+    process.exit(1);
+  }
+}