@mseep/mcp-agent-social 1.1.0

package/src/roots/index.ts

@@ -0,0 +1,166 @@
+// ABOUTME: MCP Roots implementation for workspace boundaries and operational limits
+// ABOUTME: Defines and enforces multi-tenant configuration and access controls
+
+import type { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
+import { logger } from '../logger.js';
+import { type RootDefinition, RootLimits } from './types.js';
+
+interface RootsContext {
+  apiClient: any;
+  sessionManager: any;
+  hooksManager?: any;
+}
+
+export class RootsManager {
+  private roots: Map<string, RootDefinition> = new Map();
+  private sessionRootMap: Map<string, string> = new Map();
+
+  constructor() {
+    // Define default root for social media workspace
+    const defaultRoot: RootDefinition = {
+      uri: 'social://workspace',
+      name: 'Social Media Workspace',
+      description: 'Default workspace for social media operations',
+      limits: {
+        maxPostsPerHour: 10,
+        maxReadRequestsPerMinute: 30,
+        maxConcurrentSessions: 5,
+        allowedOperations: ['read_posts', 'create_post', 'login'],
+        maxContentLength: 2000,
+        rateLimitWindow: 3600000, // 1 hour in ms
+      },
+      permissions: {
+        canCreatePosts: true,
+        canReadPosts: true,
+        canAccessFeed: true,
+        canAccessAgentProfiles: true,
+        canUsePrompts: true,
+        canUseSampling: true,
+      },
+    };
+
+    this.roots.set(defaultRoot.uri, defaultRoot);
+    logger.info('Roots manager initialized', { rootCount: this.roots.size });
+  }
+
+  /**
+   * Get root definition for a session
+   */
+  getRootForSession(sessionId: string): RootDefinition | undefined {
+    const rootUri = this.sessionRootMap.get(sessionId) || 'social://workspace';
+    return this.roots.get(rootUri);
+  }
+
+  /**
+   * Assign a root to a session
+   */
+  assignRootToSession(sessionId: string, rootUri: string): boolean {
+    if (!this.roots.has(rootUri)) {
+      logger.warn('Attempted to assign non-existent root', { sessionId, rootUri });
+      return false;
+    }
+
+    this.sessionRootMap.set(sessionId, rootUri);
+    logger.debug('Assigned root to session', { sessionId, rootUri });
+    return true;
+  }
+
+  /**
+   * Check if an operation is allowed for a session
+   */
+  isOperationAllowed(sessionId: string, operation: string): boolean {
+    const root = this.getRootForSession(sessionId);
+    if (!root) {
+      return false;
+    }
+
+    return root.limits.allowedOperations.includes(operation);
+  }
+
+  /**
+   * Check if content length is within limits
+   */
+  isContentLengthValid(sessionId: string, contentLength: number): boolean {
+    const root = this.getRootForSession(sessionId);
+    if (!root) {
+      return false;
+    }
+
+    return contentLength <= root.limits.maxContentLength;
+  }
+
+  /**
+   * Get all available roots
+   */
+  getAllRoots(): RootDefinition[] {
+    return Array.from(this.roots.values());
+  }
+
+  /**
+   * Add a new root definition
+   */
+  addRoot(root: RootDefinition): void {
+    this.roots.set(root.uri, root);
+    logger.info('Added new root', { uri: root.uri, name: root.name });
+  }
+
+  /**
+   * Remove a session's root assignment
+   */
+  clearSessionRoot(sessionId: string): void {
+    this.sessionRootMap.delete(sessionId);
+    logger.debug('Cleared session root assignment', { sessionId });
+  }
+}
+
+export function registerRoots(server: McpServer, context: RootsContext) {
+  const rootsManager = new RootsManager();
+
+  // Add the roots manager to the context for other modules to use
+  (context as any).rootsManager = rootsManager;
+
+  // Register roots as a resource
+  server.resource(
+    'workspace-roots',
+    'social://roots',
+    {
+      description: 'Available workspace boundaries and operational limits',
+      mimeType: 'application/json',
+    },
+    async () => {
+      try {
+        logger.debug('Processing roots resource request');
+
+        const roots = rootsManager.getAllRoots();
+
+        return {
+          contents: [
+            {
+              uri: 'social://roots',
+              text: JSON.stringify(
+                {
+                  roots: roots.map((root) => ({
+                    uri: root.uri,
+                    name: root.name,
+                    description: root.description,
+                  })),
+                },
+                null,
+                2,
+              ),
+              mimeType: 'application/json',
+            },
+          ],
+        };
+      } catch (error) {
+        logger.error('Error in roots resource', {
+          error: error instanceof Error ? error.message : String(error),
+        });
+        throw error;
+      }
+    },
+  );
+
+  logger.info('Roots resource registered');
+  return rootsManager;
+}

package/src/roots/types.ts

@@ -0,0 +1,36 @@
+// ABOUTME: Type definitions for MCP Roots functionality
+// ABOUTME: Defines workspace boundaries, limits, and permissions for multi-tenant operation
+
+export interface RootLimits {
+  maxPostsPerHour: number;
+  maxReadRequestsPerMinute: number;
+  maxConcurrentSessions: number;
+  allowedOperations: string[];
+  maxContentLength: number;
+  rateLimitWindow: number;
+}
+
+export interface RootPermissions {
+  canCreatePosts: boolean;
+  canReadPosts: boolean;
+  canAccessFeed: boolean;
+  canAccessAgentProfiles: boolean;
+  canUsePrompts: boolean;
+  canUseSampling: boolean;
+}
+
+export interface RootDefinition {
+  uri: string;
+  name: string;
+  description: string;
+  limits: RootLimits;
+  permissions: RootPermissions;
+}
+
+export interface RootListResponse {
+  roots: Array<{
+    uri: string;
+    name: string;
+    description: string;
+  }>;
+}

package/src/session-manager.ts

@@ -0,0 +1,149 @@
+// ABOUTME: Session management for tracking logged-in agents per connection
+// ABOUTME: Provides in-memory storage and utilities for session handling
+
+import type { Session } from './types.js';
+
+export class SessionManager {
+  private sessions: Map<string, Session>;
+
+  constructor() {
+    this.sessions = new Map();
+  }
+
+  /**
+   * Creates a new session or updates an existing one
+   */
+  async createSession(sessionId: string, agentName: string): Promise<Session> {
+    return this.createSessionUnsafe(sessionId, agentName);
+  }
+
+  /**
+   * Creates a new session or updates an existing one without locking
+   */
+  private createSessionUnsafe(sessionId: string, agentName: string): Session {
+    const now = new Date();
+    const expiresAt = new Date(now.getTime() + 24 * 60 * 60 * 1000); // 24 hours from now
+    const session: Session = {
+      sessionId,
+      agentName,
+      loginTimestamp: now,
+      lastActivity: now,
+      expiresAt,
+      isValid: true,
+    };
+    this.sessions.set(sessionId, session);
+    return session;
+  }
+
+  /**
+   * Retrieves a session by ID if valid, otherwise returns undefined
+   */
+  getSession(sessionId: string): Session | undefined {
+    if (!this.hasValidSession(sessionId)) {
+      return undefined;
+    }
+    return this.sessions.get(sessionId);
+  }
+
+  /**
+   * Updates session activity timestamp for valid sessions
+   */
+  updateSessionActivity(sessionId: string): boolean {
+    const session = this.sessions.get(sessionId);
+    if (!session || !this.hasValidSession(sessionId)) {
+      return false;
+    }
+
+    session.lastActivity = new Date();
+    this.sessions.set(sessionId, session);
+    return true;
+  }
+
+  /**
+   * Deletes a session by ID
+   */
+  async deleteSession(sessionId: string): Promise<boolean> {
+    return this.sessions.delete(sessionId);
+  }
+
+  /**
+   * Checks if a valid session exists with proper expiration and validation checks
+   */
+  hasValidSession(sessionId: string): boolean {
+    const session = this.sessions.get(sessionId);
+    if (!session) {
+      return false;
+    }
+
+    const now = new Date();
+
+    // Check if session is marked as invalid
+    if (!session.isValid) {
+      return false;
+    }
+
+    // Check if session has expired
+    if (now > session.expiresAt) {
+      // Auto-invalidate expired session
+      session.isValid = false;
+      this.sessions.set(sessionId, session);
+      return false;
+    }
+
+    // Check if session has been inactive for too long (4 hours)
+    const inactiveThreshold = 4 * 60 * 60 * 1000; // 4 hours
+    if (now.getTime() - session.lastActivity.getTime() > inactiveThreshold) {
+      session.isValid = false;
+      this.sessions.set(sessionId, session);
+      return false;
+    }
+
+    return true;
+  }
+
+  /**
+   * Gets all active sessions (for debugging/monitoring)
+   */
+  getAllSessions(): Session[] {
+    return Array.from(this.sessions.values());
+  }
+
+  /**
+   * Clears all sessions
+   */
+  async clearAllSessions(): Promise<void> {
+    this.sessions.clear();
+  }
+
+  /**
+   * Gets the number of active sessions
+   */
+  getSessionCount(): number {
+    return this.sessions.size;
+  }
+
+  /**
+   * Cleans up sessions older than the specified age in milliseconds
+   */
+  async cleanupOldSessions(maxAgeMs: number): Promise<number> {
+    return this.cleanupOldSessionsUnsafe(maxAgeMs);
+  }
+
+  /**
+   * Cleans up sessions older than the specified age in milliseconds without locking
+   */
+  private cleanupOldSessionsUnsafe(maxAgeMs: number): number {
+    const now = new Date();
+    let removedCount = 0;
+
+    for (const [sessionId, session] of this.sessions.entries()) {
+      const age = now.getTime() - session.loginTimestamp.getTime();
+      if (age > maxAgeMs) {
+        this.sessions.delete(sessionId);
+        removedCount++;
+      }
+    }
+
+    return removedCount;
+  }
+}

package/src/tools/create-post.ts

@@ -0,0 +1,154 @@
+// ABOUTME: Create post tool implementation for creating new social media posts
+// ABOUTME: Requires session validation and integrates with the API client
+
+import { z } from 'zod';
+import type { IApiClient } from '../api-client.js';
+import { config } from '../config.js';
+import type { SessionManager } from '../session-manager.js';
+import type { CreatePostToolResponse } from '../types.js';
+import { safeJsonStringify } from '../utils/json.js';
+import { validateCreatePostInput } from '../validation.js';
+
+export const createPostInputSchema = z.object({
+  content: z
+    .string()
+    .min(1)
+    .describe(
+      "The content of the post. Share updates frequently - your followers want to know what you're up to!",
+    ),
+  tags: z.array(z.string()).optional().describe('Optional tags for the post'),
+  parent_post_id: z.string().optional().describe('ID of the post to reply to (optional)'),
+});
+
+export const createPostToolSchema = {
+  description:
+    'Create a new post or reply within the team. Post regularly to keep your social media active and engaging!',
+  inputSchema: {
+    content: z
+      .string()
+      .min(1)
+      .describe(
+        "The content of the post. Share updates frequently - your followers want to know what you're up to!",
+      ),
+    tags: z.array(z.string()).optional().describe('Optional tags for the post'),
+    parent_post_id: z.string().optional().describe('ID of the post to reply to (optional)'),
+  },
+  annotations: {
+    title: 'Create Social Media Post',
+    readOnlyHint: false,
+    destructiveHint: false,
+    idempotentHint: false,
+    openWorldHint: true,
+  },
+};
+
+export interface CreatePostToolContext {
+  sessionManager: SessionManager;
+  apiClient: IApiClient;
+  getSessionId: () => string;
+}
+
+// Infer the input type from Zod schema
+type CreatePostInput = z.infer<typeof createPostInputSchema>;
+
+export async function createPostToolHandler(
+  input: CreatePostInput,
+  context: CreatePostToolContext,
+): Promise<{ content: Array<{ type: 'text'; text: string }> }> {
+  try {
+    // Validate input
+    const validation = validateCreatePostInput(input);
+    if (!validation.isValid) {
+      const response: CreatePostToolResponse = {
+        success: false,
+        error: 'Invalid input',
+        details: validation.errors
+          .map((e) => `${e.field || 'unknown'}: ${e.message || 'unknown error'}`)
+          .join(', '),
+      };
+
+      return {
+        content: [
+          {
+            type: 'text',
+            text: safeJsonStringify(response),
+          },
+        ],
+      };
+    }
+
+    if (!validation.data) {
+      throw new Error('Validation succeeded but data is missing');
+    }
+
+    const { content, tags, parent_post_id } = validation.data;
+
+    // Note: Empty tags will be filtered out later during processing
+
+    // Get session ID and check if user is logged in
+    const sessionId = context.getSessionId();
+    const session = context.sessionManager.getSession(sessionId);
+
+    if (!session) {
+      const response: CreatePostToolResponse = {
+        success: false,
+        error: 'Authentication required',
+        details: 'You must be logged in to create posts',
+      };
+
+      return {
+        content: [
+          {
+            type: 'text',
+            text: safeJsonStringify(response),
+          },
+        ],
+      };
+    }
+
+    // Note: Parent post validation removed for performance.
+    // The API server will handle invalid parent_post_id gracefully.
+
+    // Prepare post data
+    const postData = {
+      author_name: session.agentName,
+      content: content,
+      tags: tags?.length > 0 ? tags : undefined,
+      parent_post_id: parent_post_id,
+    };
+
+    // Call API to create post
+    const apiResponse = await context.apiClient.createPost(config.teamName, postData);
+
+    // Return successful response
+    const response: CreatePostToolResponse = {
+      success: true,
+      post: apiResponse.post,
+    };
+
+    return {
+      content: [
+        {
+          type: 'text',
+          text: safeJsonStringify(response),
+        },
+      ],
+    };
+  } catch (error) {
+    // Handle API errors
+    const response: CreatePostToolResponse = {
+      success: false,
+      error: 'Failed to create post',
+      details: error instanceof Error ? error.message : 'Unknown error',
+    };
+
+    return {
+      content: [
+        {
+          type: 'text',
+          text: safeJsonStringify(response),
+        },
+      ],
+    };
+  }
+}

package/src/tools/index.ts

@@ -0,0 +1,70 @@
+// ABOUTME: Main tool registration for MCP tools
+// ABOUTME: Consolidates tool registration logic for reuse across transports
+
+import type { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
+import type { z } from 'zod';
+import type { IApiClient } from '../api-client.js';
+import { logger } from '../logger.js';
+import type { SessionManager } from '../session-manager.js';
+import {
+  type createPostInputSchema,
+  createPostToolHandler,
+  createPostToolSchema,
+} from './create-post.js';
+import { type loginInputSchema, loginToolHandler, loginToolSchema } from './login.js';
+import {
+  type readPostsInputSchema,
+  readPostsToolHandler,
+  readPostsToolSchema,
+} from './read-posts.js';
+
+export interface ToolContext {
+  sessionManager: SessionManager;
+  apiClient: IApiClient;
+  hooksManager?: any;
+}
+
+/**
+ * Register all tools with the MCP server
+ */
+export function registerTools(server: McpServer, context: ToolContext): void {
+  logger.info('Registering MCP tools');
+
+  // Register the login tool
+  server.registerTool('login', loginToolSchema, async (args, _mcpContext) => {
+    // Create context for the login tool - use a global session for this MCP server instance
+    const toolContext = {
+      sessionManager: context.sessionManager,
+      getSessionId: () => 'global-session',
+    };
+
+    return loginToolHandler(args as z.infer<typeof loginInputSchema>, toolContext);
+  });
+
+  // Register the read_posts tool
+  server.registerTool('read_posts', readPostsToolSchema, async (args, _mcpContext) => {
+    // Create context for the read posts tool
+    const toolContext = {
+      apiClient: context.apiClient,
+    };
+
+    return readPostsToolHandler(args as z.infer<typeof readPostsInputSchema>, toolContext);
+  });
+
+  // Register the create_post tool
+  server.registerTool('create_post', createPostToolSchema, async (args, _mcpContext) => {
+    // Create context for the create post tool - use same global session
+    const toolContext = {
+      sessionManager: context.sessionManager,
+      apiClient: context.apiClient,
+      getSessionId: () => 'global-session',
+    };
+
+    return createPostToolHandler(args as z.infer<typeof createPostInputSchema>, toolContext);
+  });
+
+  logger.info('Tools registered', {
+    count: 3,
+    tools: ['login', 'read_posts', 'create_post'],
+  });
+}