@mcpinv/cli 0.1.0

package/README.md

@@ -0,0 +1,36 @@
+# mcpinv — invoke anything
+
+Install, run and host MCP servers in seconds.
+
+## Install
+
+```bash
+npm install -g mcpinv
+```
+
+## Usage
+
+```bash
+inv search github                 # find MCP servers
+inv install github-mcp-server     # install + inject into Claude/Cursor (secrets in Keychain)
+inv status                        # list installed servers
+inv logs github-mcp-server        # tail logs
+inv remove github-mcp-server      # uninstall + remove secrets
+inv migrate                       # move existing plaintext tokens to OS Keychain
+inv update                        # check for updates
+```
+
+## How it works
+
+- Discovers MCP servers via [Smithery](https://smithery.ai)
+- Secrets stored in your OS Keychain — never in config files
+- Auto-injects into Claude Desktop, Cursor, and Cline
+- Works on Windows, macOS, Linux
+
+## Security
+
+`inv migrate` scans your existing MCP configs for plaintext tokens and moves them into the OS Keychain automatically.
+
+## License
+
+MIT

package/dist/commands/install.d.ts

@@ -0,0 +1,2 @@
+import { Command } from 'commander';
+export declare function installCommand(): Command;

package/dist/commands/install.js

@@ -0,0 +1,52 @@
+import { Command } from 'commander';
+import chalk from 'chalk';
+import ora from 'ora';
+import inquirer from 'inquirer';
+import { fetchManifest } from '../services/smithery.js';
+import { setSecret, getSecret } from '../services/keychain.js';
+import { addServer } from '../services/config-manager.js';
+export function installCommand() {
+    return new Command('install')
+        .description('Install an MCP server')
+        .argument('<server-id>', 'Server ID from inv search')
+        .action(async (serverId) => {
+        const spinner = ora(`Fetching manifest for ${serverId}...`).start();
+        let manifest;
+        try {
+            manifest = await fetchManifest(serverId);
+            spinner.succeed(`Found: ${manifest.name} v${manifest.version}`);
+        }
+        catch {
+            spinner.fail(`Server "${serverId}" not found`);
+            process.exit(1);
+        }
+        const env = {};
+        for (const secret of manifest.secrets) {
+            const existing = await getSecret(serverId, secret.key);
+            if (existing) {
+                console.log(chalk.dim(`  ${secret.key}: using stored value`));
+                env[secret.key] = `keychain://mcpinv/${serverId}:${secret.key}`;
+                continue;
+            }
+            if (!secret.required)
+                continue;
+            const answer = await inquirer.prompt([{
+                    name: secret.key,
+                    type: 'password',
+                    message: `${secret.description || secret.key}:`,
+                    mask: '*'
+                }]);
+            await setSecret(serverId, secret.key, answer[secret.key]);
+            env[secret.key] = `keychain://mcpinv/${serverId}:${secret.key}`;
+        }
+        const injectSpinner = ora('Updating client configs...').start();
+        await addServer(serverId, {
+            command: manifest.installCommand,
+            args: manifest.args,
+            env
+        });
+        injectSpinner.succeed('Done!');
+        console.log(chalk.green(`\n✓ ${manifest.name} installed`));
+        console.log(chalk.dim('  Restart Claude Desktop / Cursor to activate\n'));
+    });
+}

package/dist/commands/logs.d.ts

@@ -0,0 +1,2 @@
+import { Command } from 'commander';
+export declare function logsCommand(): Command;

package/dist/commands/logs.js

@@ -0,0 +1,23 @@
+import { Command } from 'commander';
+import chalk from 'chalk';
+import os from 'os';
+import path from 'path';
+import fs from 'fs';
+export function logsCommand() {
+    return new Command('logs')
+        .description('Show logs for an installed MCP server')
+        .argument('<server-id>', 'Server ID')
+        .option('-n, --lines <number>', 'Number of lines', '50')
+        .action(async (serverId, opts) => {
+        const logFile = path.join(os.homedir(), '.mcpinv', 'logs', `${serverId}.log`);
+        if (!fs.existsSync(logFile)) {
+            console.log(chalk.yellow(`No logs found for ${serverId}`));
+            console.log(chalk.dim(`Log file expected at: ${logFile}`));
+            return;
+        }
+        const lines = parseInt(opts.lines, 10);
+        const content = fs.readFileSync(logFile, 'utf-8').split('\n').slice(-lines).join('\n');
+        console.log(chalk.dim(`--- last ${lines} lines: ${logFile} ---\n`));
+        console.log(content);
+    });
+}

package/dist/commands/migrate.d.ts

@@ -0,0 +1,2 @@
+import { Command } from 'commander';
+export declare function migrateCommand(): Command;

package/dist/commands/migrate.js

@@ -0,0 +1,32 @@
+import { Command } from 'commander';
+import chalk from 'chalk';
+import inquirer from 'inquirer';
+import { hasPlaintextSecrets } from '../services/config-manager.js';
+import { setSecret } from '../services/keychain.js';
+export function migrateCommand() {
+    return new Command('migrate')
+        .description('Move plaintext secrets from config files into the OS Keychain')
+        .action(async () => {
+        const found = await hasPlaintextSecrets();
+        if (found.length === 0) {
+            console.log(chalk.green('✓ No plaintext secrets found — you are already secure!'));
+            return;
+        }
+        console.log(chalk.yellow(`\nFound ${found.length} plaintext secret(s) in your config:\n`));
+        for (const s of found) {
+            console.log(`  ${chalk.cyan(s.serverId)} → ${s.key}: ${chalk.red(s.value.slice(0, 8) + '...')}`);
+        }
+        const { confirm } = await inquirer.prompt([{
+                name: 'confirm', type: 'confirm',
+                message: 'Move all to OS Keychain and remove from config?',
+                default: true
+            }]);
+        if (!confirm)
+            return;
+        for (const s of found) {
+            await setSecret(s.serverId, s.key, s.value);
+            console.log(chalk.green(`  ✓ ${s.serverId}:${s.key} → Keychain`));
+        }
+        console.log(chalk.green('\n✓ Migration complete. Restart your AI clients to apply.\n'));
+    });
+}

package/dist/commands/remove.d.ts

@@ -0,0 +1,2 @@
+import { Command } from 'commander';
+export declare function removeCommand(): Command;

package/dist/commands/remove.js

@@ -0,0 +1,25 @@
+import { Command } from 'commander';
+import chalk from 'chalk';
+import inquirer from 'inquirer';
+import { removeServer } from '../services/config-manager.js';
+import { listSecrets, deleteSecret } from '../services/keychain.js';
+export function removeCommand() {
+    return new Command('remove')
+        .description('Uninstall an MCP server')
+        .argument('<server-id>', 'Server to remove')
+        .action(async (serverId) => {
+        const { confirm } = await inquirer.prompt([{
+                name: 'confirm', type: 'confirm',
+                message: `Remove ${serverId} and its stored secrets?`,
+                default: false
+            }]);
+        if (!confirm)
+            return;
+        await removeServer(serverId);
+        const secrets = await listSecrets(serverId);
+        for (const key of secrets)
+            await deleteSecret(serverId, key);
+        console.log(chalk.green(`✓ ${serverId} removed`));
+        console.log(chalk.dim('  Restart Claude Desktop / Cursor to deactivate\n'));
+    });
+}

package/dist/commands/search.d.ts

@@ -0,0 +1,2 @@
+import { Command } from 'commander';
+export declare function searchCommand(): Command;

package/dist/commands/search.js

@@ -0,0 +1,31 @@
+import { Command } from 'commander';
+import chalk from 'chalk';
+import ora from 'ora';
+import { searchServers } from '../services/smithery.js';
+export function searchCommand() {
+    return new Command('search')
+        .description('Search for MCP servers')
+        .argument('<query>', 'Search term')
+        .action(async (query) => {
+        const spinner = ora(`Searching for "${query}"...`).start();
+        try {
+            const results = await searchServers(query);
+            spinner.stop();
+            if (results.length === 0) {
+                console.log(chalk.yellow('No servers found.'));
+                return;
+            }
+            console.log(chalk.bold(`\n${results.length} server(s) found:\n`));
+            for (const s of results) {
+                console.log(`  ${chalk.cyan(s.id)}`);
+                console.log(`  ${chalk.dim(s.description)}`);
+                console.log(`  ${chalk.green(`inv install ${s.id}`)}\n`);
+            }
+        }
+        catch (err) {
+            spinner.fail('Search failed');
+            console.error(chalk.red(String(err)));
+            process.exit(1);
+        }
+    });
+}

package/dist/commands/status.d.ts

@@ -0,0 +1,2 @@
+import { Command } from 'commander';
+export declare function statusCommand(): Command;

package/dist/commands/status.js

@@ -0,0 +1,19 @@
+import { Command } from 'commander';
+import chalk from 'chalk';
+import { listInstalled } from '../services/config-manager.js';
+export function statusCommand() {
+    return new Command('status')
+        .description('Show installed MCP servers')
+        .action(async () => {
+        const servers = await listInstalled();
+        if (servers.length === 0) {
+            console.log(chalk.yellow('No servers installed. Run: inv search <query>'));
+            return;
+        }
+        console.log(chalk.bold(`\nInstalled servers (${servers.length}):\n`));
+        for (const id of servers) {
+            console.log(`  ${chalk.cyan('●')} ${id}`);
+        }
+        console.log();
+    });
+}

package/dist/commands/update.d.ts

@@ -0,0 +1,2 @@
+import { Command } from 'commander';
+export declare function updateCommand(): Command;

package/dist/commands/update.js

@@ -0,0 +1,28 @@
+import { Command } from 'commander';
+import chalk from 'chalk';
+import ora from 'ora';
+import { listInstalled } from '../services/config-manager.js';
+import { fetchManifest } from '../services/smithery.js';
+export function updateCommand() {
+    return new Command('update')
+        .description('Check for updates to installed MCP servers')
+        .action(async () => {
+        const servers = await listInstalled();
+        if (servers.length === 0) {
+            console.log(chalk.yellow('No servers installed.'));
+            return;
+        }
+        console.log(chalk.bold('\nChecking for updates...\n'));
+        for (const id of servers) {
+            const spinner = ora(id).start();
+            try {
+                const manifest = await fetchManifest(id);
+                spinner.succeed(`${id} — latest: v${manifest.version}`);
+            }
+            catch {
+                spinner.warn(`${id} — could not fetch latest version`);
+            }
+        }
+        console.log();
+    });
+}

package/dist/index.d.ts

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+export {};

package/dist/index.js

@@ -0,0 +1,21 @@
+#!/usr/bin/env node
+import { program } from 'commander';
+import { searchCommand } from './commands/search.js';
+import { installCommand } from './commands/install.js';
+import { removeCommand } from './commands/remove.js';
+import { statusCommand } from './commands/status.js';
+import { logsCommand } from './commands/logs.js';
+import { updateCommand } from './commands/update.js';
+import { migrateCommand } from './commands/migrate.js';
+program
+    .name('inv')
+    .description('Install, run and host MCP servers')
+    .version('0.1.0');
+program.addCommand(searchCommand());
+program.addCommand(installCommand());
+program.addCommand(removeCommand());
+program.addCommand(statusCommand());
+program.addCommand(logsCommand());
+program.addCommand(updateCommand());
+program.addCommand(migrateCommand());
+program.parse();

package/dist/services/config-manager.d.ts

@@ -0,0 +1,16 @@
+export interface ServerEntry {
+    command?: string;
+    args?: string[];
+    env?: Record<string, string>;
+    url?: string;
+}
+export interface PlaintextSecret {
+    serverId: string;
+    key: string;
+    value: string;
+}
+export declare function detectClients(): Promise<string[]>;
+export declare function addServer(serverId: string, entry: ServerEntry): Promise<void>;
+export declare function removeServer(serverId: string): Promise<void>;
+export declare function listInstalled(): Promise<string[]>;
+export declare function hasPlaintextSecrets(): Promise<PlaintextSecret[]>;

package/dist/services/config-manager.js

@@ -0,0 +1,98 @@
+import * as fs from 'fs/promises';
+import os from 'os';
+import path from 'path';
+function claudeConfigPath() {
+    const home = os.homedir();
+    const platform = os.platform();
+    if (platform === 'win32') {
+        return path.join(process.env.APPDATA ?? home, 'Claude', 'claude_desktop_config.json');
+    }
+    if (platform === 'darwin') {
+        return path.join(home, 'Library', 'Application Support', 'Claude', 'claude_desktop_config.json');
+    }
+    return path.join(home, '.config', 'claude', 'claude_desktop_config.json');
+}
+function cursorConfigPath() {
+    return path.join(os.homedir(), '.cursor', 'mcp.json');
+}
+async function readJson(filePath) {
+    try {
+        const raw = await fs.readFile(filePath, 'utf-8');
+        return JSON.parse(raw);
+    }
+    catch {
+        return { mcpServers: {} };
+    }
+}
+async function writeJson(filePath, data) {
+    await fs.mkdir(path.dirname(filePath), { recursive: true });
+    await fs.writeFile(filePath, JSON.stringify(data, null, 2), 'utf-8');
+}
+export async function detectClients() {
+    const clients = [];
+    for (const p of [claudeConfigPath(), cursorConfigPath()]) {
+        try {
+            await fs.access(p);
+            clients.push(p);
+        }
+        catch (err) {
+            if (err?.code !== 'ENOENT')
+                throw err;
+        }
+    }
+    return clients;
+}
+export async function addServer(serverId, entry) {
+    const claudePath = claudeConfigPath();
+    const config = await readJson(claudePath);
+    config.mcpServers = config.mcpServers ?? {};
+    config.mcpServers[serverId] = entry;
+    await writeJson(claudePath, config);
+    const cursorPath = cursorConfigPath();
+    try {
+        await fs.access(cursorPath);
+        const cursorConfig = await readJson(cursorPath);
+        cursorConfig.mcpServers = cursorConfig.mcpServers ?? {};
+        cursorConfig.mcpServers[serverId] = entry;
+        await writeJson(cursorPath, cursorConfig);
+    }
+    catch (err) {
+        // Skip clients whose config directory doesn't exist yet
+        if (err?.code !== 'ENOENT')
+            throw err;
+    }
+}
+export async function removeServer(serverId) {
+    const claudePath = claudeConfigPath();
+    const config = await readJson(claudePath);
+    delete config.mcpServers?.[serverId];
+    await writeJson(claudePath, config);
+    const cursorPath = cursorConfigPath();
+    try {
+        await fs.access(cursorPath);
+        const cursorConfig = await readJson(cursorPath);
+        delete cursorConfig.mcpServers?.[serverId];
+        await writeJson(cursorPath, cursorConfig);
+    }
+    catch (err) {
+        // Skip clients whose config directory doesn't exist yet
+        if (err?.code !== 'ENOENT')
+            throw err;
+    }
+}
+export async function listInstalled() {
+    const config = await readJson(claudeConfigPath());
+    return Object.keys(config.mcpServers ?? {});
+}
+export async function hasPlaintextSecrets() {
+    const config = await readJson(claudeConfigPath());
+    const found = [];
+    for (const [serverId, entry] of Object.entries(config.mcpServers ?? {})) {
+        for (const [key, value] of Object.entries(entry.env ?? {})) {
+            if (typeof value === 'string' && !value.startsWith('keychain://')) {
+                found.push({ serverId, key, value });
+            }
+        }
+    }
+    return found;
+}

package/dist/services/keychain.d.ts

@@ -0,0 +1,4 @@
+export declare function setSecret(serverId: string, key: string, value: string): Promise<void>;
+export declare function getSecret(serverId: string, key: string): Promise<string | null>;
+export declare function deleteSecret(serverId: string, key: string): Promise<void>;
+export declare function listSecrets(serverId: string): Promise<string[]>;

package/dist/services/keychain.js

@@ -0,0 +1,20 @@
+import keytar from 'keytar';
+const SERVICE = 'mcpinv';
+function accountKey(serverId, secretKey) {
+    return `${serverId}:${secretKey}`;
+}
+export async function setSecret(serverId, key, value) {
+    await keytar.setPassword(SERVICE, accountKey(serverId, key), value);
+}
+export async function getSecret(serverId, key) {
+    return keytar.getPassword(SERVICE, accountKey(serverId, key));
+}
+export async function deleteSecret(serverId, key) {
+    await keytar.deletePassword(SERVICE, accountKey(serverId, key));
+}
+export async function listSecrets(serverId) {
+    const creds = await keytar.findCredentials(SERVICE);
+    return creds
+        .filter(c => c.account.startsWith(`${serverId}:`))
+        .map(c => c.account.split(':')[1]);
+}

package/dist/services/smithery.d.ts

@@ -0,0 +1,3 @@
+import type { McpServer } from '../types/index.js';
+export declare function searchServers(query: string): Promise<McpServer[]>;
+export declare function fetchManifest(id: string): Promise<McpServer>;

package/dist/services/smithery.js

@@ -0,0 +1,30 @@
+import axios from 'axios';
+const BASE = 'https://registry.smithery.ai';
+export async function searchServers(query) {
+    const { data } = await axios.get(`${BASE}/servers`, {
+        params: { q: query, pageSize: 20 }
+    });
+    return (data.items ?? []).map(mapToServer);
+}
+export async function fetchManifest(id) {
+    const { data } = await axios.get(`${BASE}/servers/${id}`);
+    return mapToServer(data);
+}
+function mapToServer(raw) {
+    const conn = raw.connections?.[0] ?? {};
+    return {
+        id: raw.qualifiedName,
+        name: raw.displayName ?? raw.qualifiedName,
+        description: raw.description ?? '',
+        version: raw.version ?? 'latest',
+        runtime: 'node',
+        secrets: (raw.environmentVariables ?? []).map((e) => ({
+            key: e.name,
+            description: e.description ?? '',
+            required: e.required ?? false
+        })),
+        installCommand: conn.command ?? 'npx',
+        args: conn.args ?? [],
+        source: 'smithery'
+    };
+}

package/dist/types/index.d.ts

@@ -0,0 +1,28 @@
+export interface McpServer {
+    id: string;
+    name: string;
+    description: string;
+    version: string;
+    runtime: 'node' | 'python' | 'binary';
+    secrets: SecretSpec[];
+    installCommand: string;
+    args: string[];
+    source: 'smithery';
+}
+export interface SecretSpec {
+    key: string;
+    description: string;
+    required: boolean;
+}
+export interface InstalledServer {
+    id: string;
+    name: string;
+    version: string;
+    installedAt: string;
+    remoteUrl?: string;
+}
+export interface ClientConfig {
+    claude: string | null;
+    cursor: string | null;
+    cline: string | null;
+}

package/dist/types/index.js

@@ -0,0 +1 @@
+export {};

package/package.json

@@ -0,0 +1,32 @@
+{
+  "name": "@mcpinv/cli",
+  "version": "0.1.0",
+  "description": "Install, run and host MCP servers — invoke anything",
+  "type": "module",
+  "bin": {
+    "inv": "./dist/index.js"
+  },
+  "scripts": {
+    "build": "tsc",
+    "dev": "tsc --watch",
+    "test": "vitest run",
+    "test:watch": "vitest"
+  },
+  "dependencies": {
+    "axios": "^1.7.2",
+    "chalk": "^5.3.0",
+    "commander": "^12.1.0",
+    "inquirer": "^10.1.8",
+    "keytar": "^7.9.0",
+    "ora": "^8.0.1"
+  },
+  "devDependencies": {
+    "@types/node": "^20.14.0",
+    "memfs": "^4.57.8",
+    "typescript": "^5.5.0",
+    "vitest": "^1.6.0"
+  },
+  "engines": {
+    "node": ">=20.0.0"
+  }
+}

package/src/commands/install.ts

@@ -0,0 +1,54 @@
+import { Command } from 'commander'
+import chalk from 'chalk'
+import ora from 'ora'
+import inquirer from 'inquirer'
+import { fetchManifest } from '../services/smithery.js'
+import { setSecret, getSecret } from '../services/keychain.js'
+import { addServer } from '../services/config-manager.js'
+
+export function installCommand(): Command {
+  return new Command('install')
+    .description('Install an MCP server')
+    .argument('<server-id>', 'Server ID from inv search')
+    .action(async (serverId: string) => {
+      const spinner = ora(`Fetching manifest for ${serverId}...`).start()
+      let manifest
+      try {
+        manifest = await fetchManifest(serverId)
+        spinner.succeed(`Found: ${manifest.name} v${manifest.version}`)
+      } catch {
+        spinner.fail(`Server "${serverId}" not found`)
+        process.exit(1)
+      }
+
+      const env: Record<string, string> = {}
+      for (const secret of manifest.secrets) {
+        const existing = await getSecret(serverId, secret.key)
+        if (existing) {
+          console.log(chalk.dim(`  ${secret.key}: using stored value`))
+          env[secret.key] = `keychain://mcpinv/${serverId}:${secret.key}`
+          continue
+        }
+        if (!secret.required) continue
+        const answer = await inquirer.prompt([{
+          name: secret.key,
+          type: 'password',
+          message: `${secret.description || secret.key}:`,
+          mask: '*'
+        }])
+        await setSecret(serverId, secret.key, answer[secret.key])
+        env[secret.key] = `keychain://mcpinv/${serverId}:${secret.key}`
+      }
+
+      const injectSpinner = ora('Updating client configs...').start()
+      await addServer(serverId, {
+        command: manifest.installCommand,
+        args: manifest.args,
+        env
+      })
+      injectSpinner.succeed('Done!')
+
+      console.log(chalk.green(`\n✓ ${manifest.name} installed`))
+      console.log(chalk.dim('  Restart Claude Desktop / Cursor to activate\n'))
+    })
+}

package/src/commands/logs.ts

@@ -0,0 +1,24 @@
+import { Command } from 'commander'
+import chalk from 'chalk'
+import os from 'os'
+import path from 'path'
+import fs from 'fs'
+
+export function logsCommand(): Command {
+  return new Command('logs')
+    .description('Show logs for an installed MCP server')
+    .argument('<server-id>', 'Server ID')
+    .option('-n, --lines <number>', 'Number of lines', '50')
+    .action(async (serverId: string, opts: { lines: string }) => {
+      const logFile = path.join(os.homedir(), '.mcpinv', 'logs', `${serverId}.log`)
+      if (!fs.existsSync(logFile)) {
+        console.log(chalk.yellow(`No logs found for ${serverId}`))
+        console.log(chalk.dim(`Log file expected at: ${logFile}`))
+        return
+      }
+      const lines = parseInt(opts.lines, 10)
+      const content = fs.readFileSync(logFile, 'utf-8').split('\n').slice(-lines).join('\n')
+      console.log(chalk.dim(`--- last ${lines} lines: ${logFile} ---\n`))
+      console.log(content)
+    })
+}

package/src/commands/migrate.ts

@@ -0,0 +1,36 @@
+import { Command } from 'commander'
+import chalk from 'chalk'
+import inquirer from 'inquirer'
+import { hasPlaintextSecrets } from '../services/config-manager.js'
+import { setSecret } from '../services/keychain.js'
+
+export function migrateCommand(): Command {
+  return new Command('migrate')
+    .description('Move plaintext secrets from config files into the OS Keychain')
+    .action(async () => {
+      const found = await hasPlaintextSecrets()
+      if (found.length === 0) {
+        console.log(chalk.green('✓ No plaintext secrets found — you are already secure!'))
+        return
+      }
+
+      console.log(chalk.yellow(`\nFound ${found.length} plaintext secret(s) in your config:\n`))
+      for (const s of found) {
+        console.log(`  ${chalk.cyan(s.serverId)} → ${s.key}: ${chalk.red(s.value.slice(0, 8) + '...')}`)
+      }
+
+      const { confirm } = await inquirer.prompt([{
+        name: 'confirm', type: 'confirm',
+        message: 'Move all to OS Keychain and remove from config?',
+        default: true
+      }])
+      if (!confirm) return
+
+      for (const s of found) {
+        await setSecret(s.serverId, s.key, s.value)
+        console.log(chalk.green(`  ✓ ${s.serverId}:${s.key} → Keychain`))
+      }
+
+      console.log(chalk.green('\n✓ Migration complete. Restart your AI clients to apply.\n'))
+    })
+}

package/src/commands/remove.ts

@@ -0,0 +1,26 @@
+import { Command } from 'commander'
+import chalk from 'chalk'
+import inquirer from 'inquirer'
+import { removeServer } from '../services/config-manager.js'
+import { listSecrets, deleteSecret } from '../services/keychain.js'
+
+export function removeCommand(): Command {
+  return new Command('remove')
+    .description('Uninstall an MCP server')
+    .argument('<server-id>', 'Server to remove')
+    .action(async (serverId: string) => {
+      const { confirm } = await inquirer.prompt([{
+        name: 'confirm', type: 'confirm',
+        message: `Remove ${serverId} and its stored secrets?`,
+        default: false
+      }])
+      if (!confirm) return
+
+      await removeServer(serverId)
+      const secrets = await listSecrets(serverId)
+      for (const key of secrets) await deleteSecret(serverId, key)
+
+      console.log(chalk.green(`✓ ${serverId} removed`))
+      console.log(chalk.dim('  Restart Claude Desktop / Cursor to deactivate\n'))
+    })
+}

package/src/commands/search.ts

@@ -0,0 +1,31 @@
+import { Command } from 'commander'
+import chalk from 'chalk'
+import ora from 'ora'
+import { searchServers } from '../services/smithery.js'
+
+export function searchCommand(): Command {
+  return new Command('search')
+    .description('Search for MCP servers')
+    .argument('<query>', 'Search term')
+    .action(async (query: string) => {
+      const spinner = ora(`Searching for "${query}"...`).start()
+      try {
+        const results = await searchServers(query)
+        spinner.stop()
+        if (results.length === 0) {
+          console.log(chalk.yellow('No servers found.'))
+          return
+        }
+        console.log(chalk.bold(`\n${results.length} server(s) found:\n`))
+        for (const s of results) {
+          console.log(`  ${chalk.cyan(s.id)}`)
+          console.log(`  ${chalk.dim(s.description)}`)
+          console.log(`  ${chalk.green(`inv install ${s.id}`)}\n`)
+        }
+      } catch (err) {
+        spinner.fail('Search failed')
+        console.error(chalk.red(String(err)))
+        process.exit(1)
+      }
+    })
+}

package/src/commands/status.ts

@@ -0,0 +1,20 @@
+import { Command } from 'commander'
+import chalk from 'chalk'
+import { listInstalled } from '../services/config-manager.js'
+
+export function statusCommand(): Command {
+  return new Command('status')
+    .description('Show installed MCP servers')
+    .action(async () => {
+      const servers = await listInstalled()
+      if (servers.length === 0) {
+        console.log(chalk.yellow('No servers installed. Run: inv search <query>'))
+        return
+      }
+      console.log(chalk.bold(`\nInstalled servers (${servers.length}):\n`))
+      for (const id of servers) {
+        console.log(`  ${chalk.cyan('●')} ${id}`)
+      }
+      console.log()
+    })
+}

package/src/commands/update.ts

@@ -0,0 +1,28 @@
+import { Command } from 'commander'
+import chalk from 'chalk'
+import ora from 'ora'
+import { listInstalled } from '../services/config-manager.js'
+import { fetchManifest } from '../services/smithery.js'
+
+export function updateCommand(): Command {
+  return new Command('update')
+    .description('Check for updates to installed MCP servers')
+    .action(async () => {
+      const servers = await listInstalled()
+      if (servers.length === 0) {
+        console.log(chalk.yellow('No servers installed.'))
+        return
+      }
+      console.log(chalk.bold('\nChecking for updates...\n'))
+      for (const id of servers) {
+        const spinner = ora(id).start()
+        try {
+          const manifest = await fetchManifest(id)
+          spinner.succeed(`${id} — latest: v${manifest.version}`)
+        } catch {
+          spinner.warn(`${id} — could not fetch latest version`)
+        }
+      }
+      console.log()
+    })
+}

package/src/index.ts

@@ -0,0 +1,24 @@
+#!/usr/bin/env node
+import { program } from 'commander'
+import { searchCommand } from './commands/search.js'
+import { installCommand } from './commands/install.js'
+import { removeCommand } from './commands/remove.js'
+import { statusCommand } from './commands/status.js'
+import { logsCommand } from './commands/logs.js'
+import { updateCommand } from './commands/update.js'
+import { migrateCommand } from './commands/migrate.js'
+
+program
+  .name('inv')
+  .description('Install, run and host MCP servers')
+  .version('0.1.0')
+
+program.addCommand(searchCommand())
+program.addCommand(installCommand())
+program.addCommand(removeCommand())
+program.addCommand(statusCommand())
+program.addCommand(logsCommand())
+program.addCommand(updateCommand())
+program.addCommand(migrateCommand())
+
+program.parse()

package/src/services/config-manager.ts

@@ -0,0 +1,110 @@
+import * as fs from 'fs/promises'
+import os from 'os'
+import path from 'path'
+
+export interface ServerEntry {
+  command?: string
+  args?: string[]
+  env?: Record<string, string>
+  url?: string
+}
+
+export interface PlaintextSecret {
+  serverId: string
+  key: string
+  value: string
+}
+
+function claudeConfigPath(): string {
+  const home = os.homedir()
+  const platform = os.platform()
+  if (platform === 'win32') {
+    return path.join(process.env.APPDATA ?? home, 'Claude', 'claude_desktop_config.json')
+  }
+  if (platform === 'darwin') {
+    return path.join(home, 'Library', 'Application Support', 'Claude', 'claude_desktop_config.json')
+  }
+  return path.join(home, '.config', 'claude', 'claude_desktop_config.json')
+}
+
+function cursorConfigPath(): string {
+  return path.join(os.homedir(), '.cursor', 'mcp.json')
+}
+
+async function readJson(filePath: string): Promise<any> {
+  try {
+    const raw = await fs.readFile(filePath, 'utf-8')
+    return JSON.parse(raw)
+  } catch {
+    return { mcpServers: {} }
+  }
+}
+
+async function writeJson(filePath: string, data: any): Promise<void> {
+  await fs.mkdir(path.dirname(filePath), { recursive: true })
+  await fs.writeFile(filePath, JSON.stringify(data, null, 2), 'utf-8')
+}
+
+export async function detectClients(): Promise<string[]> {
+  const clients: string[] = []
+  for (const p of [claudeConfigPath(), cursorConfigPath()]) {
+    try { await fs.access(p); clients.push(p) } catch (err: any) { if (err?.code !== 'ENOENT') throw err }
+  }
+  return clients
+}
+
+export async function addServer(serverId: string, entry: ServerEntry): Promise<void> {
+  const claudePath = claudeConfigPath()
+  const config = await readJson(claudePath)
+  config.mcpServers = config.mcpServers ?? {}
+  config.mcpServers[serverId] = entry
+  await writeJson(claudePath, config)
+
+  const cursorPath = cursorConfigPath()
+  try {
+    await fs.access(cursorPath)
+    const cursorConfig = await readJson(cursorPath)
+    cursorConfig.mcpServers = cursorConfig.mcpServers ?? {}
+    cursorConfig.mcpServers[serverId] = entry
+    await writeJson(cursorPath, cursorConfig)
+  } catch (err: any) {
+    // Skip clients whose config directory doesn't exist yet
+    if (err?.code !== 'ENOENT') throw err
+  }
+}
+
+export async function removeServer(serverId: string): Promise<void> {
+  const claudePath = claudeConfigPath()
+  const config = await readJson(claudePath)
+  delete config.mcpServers?.[serverId]
+  await writeJson(claudePath, config)
+
+  const cursorPath = cursorConfigPath()
+  try {
+    await fs.access(cursorPath)
+    const cursorConfig = await readJson(cursorPath)
+    delete cursorConfig.mcpServers?.[serverId]
+    await writeJson(cursorPath, cursorConfig)
+  } catch (err: any) {
+    // Skip clients whose config directory doesn't exist yet
+    if (err?.code !== 'ENOENT') throw err
+  }
+}
+
+export async function listInstalled(): Promise<string[]> {
+  const config = await readJson(claudeConfigPath())
+  return Object.keys(config.mcpServers ?? {})
+}
+
+export async function hasPlaintextSecrets(): Promise<PlaintextSecret[]> {
+  const config = await readJson(claudeConfigPath())
+  const found: PlaintextSecret[] = []
+  for (const [serverId, entry] of Object.entries<any>(config.mcpServers ?? {})) {
+    for (const [key, value] of Object.entries<any>(entry.env ?? {})) {
+      if (typeof value === 'string' && !value.startsWith('keychain://')) {
+        found.push({ serverId, key, value })
+      }
+    }
+  }
+  return found
+}

package/src/services/keychain.ts

@@ -0,0 +1,26 @@
+import keytar from 'keytar'
+
+const SERVICE = 'mcpinv'
+
+function accountKey(serverId: string, secretKey: string): string {
+  return `${serverId}:${secretKey}`
+}
+
+export async function setSecret(serverId: string, key: string, value: string): Promise<void> {
+  await keytar.setPassword(SERVICE, accountKey(serverId, key), value)
+}
+
+export async function getSecret(serverId: string, key: string): Promise<string | null> {
+  return keytar.getPassword(SERVICE, accountKey(serverId, key))
+}
+
+export async function deleteSecret(serverId: string, key: string): Promise<void> {
+  await keytar.deletePassword(SERVICE, accountKey(serverId, key))
+}
+
+export async function listSecrets(serverId: string): Promise<string[]> {
+  const creds = await keytar.findCredentials(SERVICE)
+  return creds
+    .filter(c => c.account.startsWith(`${serverId}:`))
+    .map(c => c.account.split(':')[1])
+}

package/src/services/smithery.ts

@@ -0,0 +1,35 @@
+import axios from 'axios'
+import type { McpServer } from '../types/index.js'
+
+const BASE = 'https://registry.smithery.ai'
+
+export async function searchServers(query: string): Promise<McpServer[]> {
+  const { data } = await axios.get(`${BASE}/servers`, {
+    params: { q: query, pageSize: 20 }
+  })
+  return (data.items ?? []).map(mapToServer)
+}
+
+export async function fetchManifest(id: string): Promise<McpServer> {
+  const { data } = await axios.get(`${BASE}/servers/${id}`)
+  return mapToServer(data)
+}
+
+function mapToServer(raw: any): McpServer {
+  const conn = raw.connections?.[0] ?? {}
+  return {
+    id: raw.qualifiedName,
+    name: raw.displayName ?? raw.qualifiedName,
+    description: raw.description ?? '',
+    version: raw.version ?? 'latest',
+    runtime: 'node',
+    secrets: (raw.environmentVariables ?? []).map((e: any) => ({
+      key: e.name,
+      description: e.description ?? '',
+      required: e.required ?? false
+    })),
+    installCommand: conn.command ?? 'npx',
+    args: conn.args ?? [],
+    source: 'smithery'
+  }
+}

package/src/types/index.ts

@@ -0,0 +1,31 @@
+export interface McpServer {
+  id: string
+  name: string
+  description: string
+  version: string
+  runtime: 'node' | 'python' | 'binary'
+  secrets: SecretSpec[]
+  installCommand: string
+  args: string[]
+  source: 'smithery'
+}
+
+export interface SecretSpec {
+  key: string
+  description: string
+  required: boolean
+}
+
+export interface InstalledServer {
+  id: string
+  name: string
+  version: string
+  installedAt: string
+  remoteUrl?: string
+}
+
+export interface ClientConfig {
+  claude: string | null
+  cursor: string | null
+  cline: string | null
+}

package/tests/commands/install.test.ts

@@ -0,0 +1,50 @@
+import { describe, it, expect, vi } from 'vitest'
+
+vi.mock('../../src/services/smithery.js', () => ({
+  fetchManifest: vi.fn().mockResolvedValue({
+    id: 'github-mcp-server',
+    name: 'GitHub',
+    description: 'GitHub tools',
+    version: '1.0.0',
+    runtime: 'node',
+    secrets: [{ key: 'GITHUB_TOKEN', description: 'GitHub token', required: true }],
+    installCommand: 'npx',
+    args: ['-y', '@modelcontextprotocol/server-github'],
+    source: 'smithery'
+  })
+}))
+vi.mock('../../src/services/keychain.js', () => ({
+  setSecret: vi.fn().mockResolvedValue(undefined),
+  getSecret: vi.fn().mockResolvedValue(null)
+}))
+vi.mock('../../src/services/config-manager.js', () => ({
+  addServer: vi.fn().mockResolvedValue(undefined)
+}))
+vi.mock('inquirer', () => ({
+  default: { prompt: vi.fn().mockResolvedValue({ GITHUB_TOKEN: 'ghp_test' }) }
+}))
+
+describe('install command logic', () => {
+  it('fetches manifest, stores secret, injects config', async () => {
+    const { fetchManifest } = await import('../../src/services/smithery.js')
+    const { setSecret } = await import('../../src/services/keychain.js')
+    const { addServer } = await import('../../src/services/config-manager.js')
+    const inquirer = (await import('inquirer')).default
+
+    const manifest = await fetchManifest('github-mcp-server')
+    const answers = await inquirer.prompt([{ name: 'GITHUB_TOKEN', type: 'password', message: 'GitHub token:' }])
+    await setSecret(manifest.id, 'GITHUB_TOKEN', answers.GITHUB_TOKEN)
+    await addServer(manifest.id, {
+      command: manifest.installCommand,
+      args: manifest.args,
+      env: { GITHUB_TOKEN: `keychain://mcpinv/${manifest.id}:GITHUB_TOKEN` }
+    })
+
+    expect(fetchManifest).toHaveBeenCalledWith('github-mcp-server')
+    expect(setSecret).toHaveBeenCalledWith('github-mcp-server', 'GITHUB_TOKEN', 'ghp_test')
+    expect(addServer).toHaveBeenCalledWith('github-mcp-server', expect.objectContaining({
+      command: 'npx',
+      env: { GITHUB_TOKEN: 'keychain://mcpinv/github-mcp-server:GITHUB_TOKEN' }
+    }))
+  })
+})

package/tests/services/config-manager.test.ts

@@ -0,0 +1,51 @@
+import { describe, it, expect, vi, beforeEach } from 'vitest'
+import { vol } from 'memfs'
+import { detectClients, addServer, removeServer, listInstalled, hasPlaintextSecrets } from '../../src/services/config-manager.js'
+
+vi.mock('fs/promises', () => import('memfs').then(m => m.fs.promises))
+vi.mock('os', () => ({ default: { homedir: () => '/home/test', platform: () => 'linux' } }))
+
+describe('config-manager', () => {
+  beforeEach(() => vol.reset())
+
+  it('addServer writes entry into Claude config', async () => {
+    vol.fromJSON({
+      '/home/test/.config/claude/claude_desktop_config.json': JSON.stringify({ mcpServers: {} })
+    })
+    await addServer('github-mcp-server', {
+      command: 'npx',
+      args: ['-y', '@modelcontextprotocol/server-github'],
+      env: { GITHUB_TOKEN: 'keychain://mcpinv/github-mcp-server:GITHUB_TOKEN' }
+    })
+    const raw = vol.readFileSync('/home/test/.config/claude/claude_desktop_config.json', 'utf8') as string
+    const config = JSON.parse(raw)
+    expect(config.mcpServers['github-mcp-server']).toBeDefined()
+    expect(config.mcpServers['github-mcp-server'].command).toBe('npx')
+  })
+
+  it('removeServer deletes entry from Claude config', async () => {
+    vol.fromJSON({
+      '/home/test/.config/claude/claude_desktop_config.json': JSON.stringify({
+        mcpServers: { 'github-mcp-server': { command: 'npx', args: [] } }
+      })
+    })
+    await removeServer('github-mcp-server')
+    const raw = vol.readFileSync('/home/test/.config/claude/claude_desktop_config.json', 'utf8') as string
+    const config = JSON.parse(raw)
+    expect(config.mcpServers['github-mcp-server']).toBeUndefined()
+  })
+
+  it('hasPlaintextSecrets detects tokens in config', async () => {
+    vol.fromJSON({
+      '/home/test/.config/claude/claude_desktop_config.json': JSON.stringify({
+        mcpServers: {
+          github: { command: 'npx', args: [], env: { GITHUB_TOKEN: 'ghp_realtoken123' } }
+        }
+      })
+    })
+    const found = await hasPlaintextSecrets()
+    expect(found).toHaveLength(1)
+    expect(found[0].key).toBe('GITHUB_TOKEN')
+    expect(found[0].serverId).toBe('github')
+  })
+})

package/tests/services/keychain.test.ts

@@ -0,0 +1,39 @@
+import { describe, it, expect, vi } from 'vitest'
+import { setSecret, getSecret, deleteSecret, listSecrets } from '../../src/services/keychain.js'
+
+vi.mock('keytar', () => ({
+  default: {
+    setPassword: vi.fn().mockResolvedValue(undefined),
+    getPassword: vi.fn().mockResolvedValue('my-token'),
+    deletePassword: vi.fn().mockResolvedValue(true),
+    findCredentials: vi.fn().mockResolvedValue([
+      { account: 'github-mcp-server:GITHUB_TOKEN', password: 'tok' }
+    ])
+  }
+}))
+
+describe('keychain service', () => {
+  it('setSecret stores with service prefix', async () => {
+    const keytar = (await import('keytar')).default
+    await setSecret('github-mcp-server', 'GITHUB_TOKEN', 'ghp_abc')
+    expect(keytar.setPassword).toHaveBeenCalledWith(
+      'mcpinv', 'github-mcp-server:GITHUB_TOKEN', 'ghp_abc'
+    )
+  })
+
+  it('getSecret retrieves stored secret', async () => {
+    const value = await getSecret('github-mcp-server', 'GITHUB_TOKEN')
+    expect(value).toBe('my-token')
+  })
+
+  it('deleteSecret removes entry', async () => {
+    await deleteSecret('github-mcp-server', 'GITHUB_TOKEN')
+    const keytar = (await import('keytar')).default
+    expect(keytar.deletePassword).toHaveBeenCalledWith('mcpinv', 'github-mcp-server:GITHUB_TOKEN')
+  })
+
+  it('listSecrets returns keys for server', async () => {
+    const keys = await listSecrets('github-mcp-server')
+    expect(keys).toContain('GITHUB_TOKEN')
+  })
+})

package/tests/services/smithery.test.ts

@@ -0,0 +1,47 @@
+import { describe, it, expect, vi, beforeEach } from 'vitest'
+import axios from 'axios'
+import { searchServers, fetchManifest } from '../../src/services/smithery.js'
+
+vi.mock('axios')
+const mockedAxios = vi.mocked(axios)
+
+describe('smithery service', () => {
+  beforeEach(() => vi.clearAllMocks())
+
+  it('searchServers returns list for query', async () => {
+    mockedAxios.get = vi.fn().mockResolvedValue({
+      data: {
+        items: [
+          { qualifiedName: 'github-mcp-server', displayName: 'GitHub', description: 'GitHub tools', version: '1.0.0' }
+        ]
+      }
+    })
+    const results = await searchServers('github')
+    expect(results).toHaveLength(1)
+    expect(results[0].id).toBe('github-mcp-server')
+  })
+
+  it('fetchManifest returns server details', async () => {
+    mockedAxios.get = vi.fn().mockResolvedValue({
+      data: {
+        qualifiedName: 'github-mcp-server',
+        displayName: 'GitHub',
+        description: 'GitHub MCP tools',
+        version: '1.2.0',
+        runtime: 'node',
+        connections: [{ type: 'stdio', command: 'npx', args: ['-y', '@modelcontextprotocol/server-github'] }],
+        environmentVariables: [{ name: 'GITHUB_TOKEN', description: 'GitHub personal access token', required: true }]
+      }
+    })
+    const manifest = await fetchManifest('github-mcp-server')
+    expect(manifest.id).toBe('github-mcp-server')
+    expect(manifest.secrets).toHaveLength(1)
+    expect(manifest.secrets[0].key).toBe('GITHUB_TOKEN')
+  })
+
+  it('searchServers returns empty array when no results', async () => {
+    mockedAxios.get = vi.fn().mockResolvedValue({ data: { items: [] } })
+    const results = await searchServers('nonexistent-xyz-123')
+    expect(results).toEqual([])
+  })
+})

package/tsconfig.json

@@ -0,0 +1,15 @@
+{
+  "compilerOptions": {
+    "target": "ES2022",
+    "module": "NodeNext",
+    "moduleResolution": "NodeNext",
+    "outDir": "./dist",
+    "rootDir": "./src",
+    "strict": true,
+    "esModuleInterop": true,
+    "skipLibCheck": true,
+    "declaration": true
+  },
+  "include": ["src/**/*"],
+  "exclude": ["node_modules", "dist", "tests"]
+}

package/vitest.config.ts

@@ -0,0 +1,8 @@
+import { defineConfig } from 'vitest/config'
+
+export default defineConfig({
+  test: {
+    environment: 'node',
+    coverage: { reporter: ['text'] }
+  }
+})