@mtaap/mcp 0.1.1 → 0.1.2

package/dist/chunk-4ILBJI7A.js

@@ -0,0 +1,1678 @@
+import {
+  dist_exports,
+  prisma
+} from "./chunk-IEQQVLM4.js";
+import {
+  AbandonTaskInputSchema,
+  AddNoteInputSchema,
+  ApiKeyPermission,
+  AssignTaskInputSchema,
+  CompleteTaskInputSchema,
+  CreatePersonalProjectInputSchema,
+  GetProjectContextInputSchema,
+  GetTaskInputSchema,
+  ListProjectsInputSchema,
+  ListTasksInputSchema,
+  ProjectOrigin,
+  ProjectType,
+  ReportErrorInputSchema,
+  TaskState,
+  UpdateProgressInputSchema,
+  UserRole,
+  z
+} from "./chunk-ASNGTDTC.js";
+
+// src/index.ts
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
+
+// ../../packages/auth/dist/nextauth.js
+import Credentials from "next-auth/providers/credentials";
+
+// ../../packages/auth/dist/ldap.js
+async function authenticateWithLdap(email, password, organizationId) {
+  const settings = await prisma.organizationSettings.findUnique({
+    where: { organizationId }
+  });
+  if (!settings?.ldapEnabled || !settings.ldapUrl) {
+    return null;
+  }
+  const config = {
+    url: settings.ldapUrl,
+    bindDN: settings.ldapBindDN || "",
+    searchBase: settings.ldapSearchBase || ""
+  };
+  return performLdapAuth(email, password, config);
+}
+async function performLdapAuth(email, password, config) {
+  const ldapjs = await import("ldapjs");
+  return new Promise((resolve) => {
+    const client = ldapjs.createClient({
+      url: config.url,
+      timeout: 5e3,
+      connectTimeout: 1e4
+    });
+    client.on("error", (err) => {
+      console.error("LDAP connection error:", err.message);
+      resolve(null);
+    });
+    const usernameAttr = "mail";
+    const searchFilter = `(${usernameAttr}=${ldapEscape(email)})`;
+    const searchOptions = {
+      filter: searchFilter,
+      scope: "sub",
+      attributes: ["dn", "mail", "cn", "displayName", "givenName", "sn"]
+    };
+    if (config.bindDN) {
+      client.bind(config.bindDN, "", (bindErr) => {
+        if (bindErr) {
+          console.error("LDAP service bind failed:", bindErr.message);
+          client.unbind();
+          resolve(null);
+          return;
+        }
+        searchAndBind(client, config.searchBase, searchOptions, password, resolve);
+      });
+    } else {
+      searchAndBind(client, config.searchBase, searchOptions, password, resolve);
+    }
+  });
+}
+function searchAndBind(client, searchBase, searchOptions, password, resolve) {
+  client.search(searchBase, searchOptions, (searchErr, searchRes) => {
+    if (searchErr) {
+      console.error("LDAP search error:", searchErr.message);
+      client.unbind();
+      resolve(null);
+      return;
+    }
+    let userEntry = null;
+    searchRes.on("searchEntry", (entry) => {
+      const dn = entry.dn.toString();
+      const attrs = entry.attributes;
+      const mail = getAttrValue(attrs, "mail");
+      const displayName = getAttrValue(attrs, "displayName");
+      const cn = getAttrValue(attrs, "cn");
+      const givenName = getAttrValue(attrs, "givenName");
+      const sn = getAttrValue(attrs, "sn");
+      const name = displayName || cn || [givenName, sn].filter(Boolean).join(" ") || mail;
+      userEntry = {
+        email: mail || "",
+        name: name || "",
+        dn
+      };
+    });
+    searchRes.on("error", (err) => {
+      console.error("LDAP search result error:", err.message);
+      client.unbind();
+      resolve(null);
+    });
+    searchRes.on("end", () => {
+      if (!userEntry) {
+        client.unbind();
+        resolve(null);
+        return;
+      }
+      const userDn = userEntry.dn;
+      const foundUser = userEntry;
+      client.bind(userDn, password, (authErr) => {
+        client.unbind();
+        if (authErr) {
+          console.error("LDAP user bind failed:", authErr.message);
+          resolve(null);
+          return;
+        }
+        resolve(foundUser);
+      });
+    });
+  });
+}
+function getAttrValue(attrs, name) {
+  const attr = attrs.find((a) => a.type.toLowerCase() === name.toLowerCase());
+  if (!attr || !attr.values || attr.values.length === 0) {
+    return void 0;
+  }
+  const val = attr.values[0];
+  if (typeof val === "string")
+    return val;
+  if (val && typeof val === "object" && "toString" in val) {
+    return val.toString();
+  }
+  return void 0;
+}
+function ldapEscape(str) {
+  return str.replace(/[\\*()]/g, (char) => `\\${char.charCodeAt(0).toString(16)}`);
+}
+async function getOrganizationLdapConfig(organizationSlug) {
+  const org = await prisma.organization.findUnique({
+    where: { slug: organizationSlug },
+    include: { settings: true }
+  });
+  if (!org) {
+    return null;
+  }
+  return {
+    enabled: org.settings?.ldapEnabled ?? false,
+    organizationId: org.id
+  };
+}
+async function findOrCreateLdapUser(ldapUser, organizationId) {
+  let user = await prisma.user.findUnique({
+    where: { email: ldapUser.email }
+  });
+  if (!user) {
+    const crypto = await import("crypto");
+    const randomPassword = crypto.randomBytes(32).toString("hex");
+    const bcrypt = await import("bcryptjs");
+    const passwordHash = await bcrypt.hash(randomPassword, 10);
+    user = await prisma.user.create({
+      data: {
+        email: ldapUser.email,
+        name: ldapUser.name,
+        passwordHash,
+        role: UserRole.MEMBER
+      }
+    });
+  }
+  const membership = await prisma.organizationUser.findFirst({
+    where: {
+      userId: user.id,
+      organizationId
+    }
+  });
+  if (!membership) {
+    const subscription = await prisma.subscription.findUnique({
+      where: { organizationId }
+    });
+    if (subscription && subscription.seats > 0) {
+      const currentSeats = await prisma.organizationUser.count({
+        where: { organizationId }
+      });
+      if (currentSeats >= subscription.seats) {
+        throw new Error("No available seats in organization subscription");
+      }
+    }
+    await prisma.organizationUser.create({
+      data: {
+        userId: user.id,
+        organizationId,
+        roleId: UserRole.MEMBER
+      }
+    });
+  }
+  return {
+    id: user.id,
+    email: user.email,
+    name: user.name
+  };
+}
+
+// ../../packages/auth/dist/nextauth.js
+var THIRTY_DAYS_IN_SECONDS = 30 * 24 * 60 * 60;
+var authConfig = {
+  providers: [
+    Credentials({
+      name: "credentials",
+      credentials: {
+        email: { label: "Email", type: "email" },
+        password: { label: "Password", type: "password" },
+        organizationSlug: { label: "Organization", type: "text" }
+      },
+      async authorize(credentials) {
+        const parsed = z.object({
+          email: z.string().email(),
+          password: z.string().min(8),
+          organizationSlug: z.string().optional()
+        }).safeParse(credentials);
+        if (!parsed.success) {
+          return null;
+        }
+        const { email, password, organizationSlug } = parsed.data;
+        if (organizationSlug) {
+          const ldapConfig = await getOrganizationLdapConfig(organizationSlug);
+          if (ldapConfig?.enabled) {
+            const ldapUser = await authenticateWithLdap(email, password, ldapConfig.organizationId);
+            if (ldapUser) {
+              const user2 = await findOrCreateLdapUser(ldapUser, ldapConfig.organizationId);
+              return {
+                id: user2.id,
+                email: user2.email,
+                name: user2.name,
+                role: UserRole.MEMBER,
+                organizationId: ldapConfig.organizationId
+              };
+            }
+            return null;
+          }
+        }
+        const whereClause = {};
+        if (organizationSlug) {
+          whereClause.organization = {
+            slug: organizationSlug
+          };
+        }
+        const user = await prisma.user.findUnique({
+          where: { email },
+          include: {
+            organizations: {
+              where: whereClause,
+              take: 1
+            }
+          }
+        });
+        if (!user) {
+          return null;
+        }
+        const bcrypt = await import("bcryptjs");
+        const isValid = await bcrypt.compare(password, user.passwordHash);
+        if (!isValid) {
+          return null;
+        }
+        const orgUser = user.organizations?.[0];
+        const role = orgUser ? orgUser.roleId : UserRole.MEMBER;
+        return {
+          id: user.id,
+          email: user.email,
+          name: user.name,
+          role,
+          organizationId: orgUser?.organizationId
+        };
+      }
+    })
+  ],
+  session: {
+    strategy: "jwt",
+    maxAge: THIRTY_DAYS_IN_SECONDS
+  },
+  pages: {
+    signIn: "/auth/signin",
+    error: "/auth/error"
+  },
+  callbacks: {
+    async jwt({ token, user }) {
+      if (user) {
+        token.id = user.id;
+        token.role = user.role;
+        token.organizationId = user.organizationId;
+      }
+      return token;
+    },
+    async session({ session, token }) {
+      if (token) {
+        session.user = {
+          ...session.user,
+          id: token.id,
+          role: token.role,
+          organizationId: token.organizationId
+        };
+      }
+      return session;
+    }
+  }
+};
+async function validateApiKey(apiKey) {
+  const keyHash = await hashApiKey(apiKey);
+  const keyRecord = await prisma.apiKey.findFirst({
+    where: {
+      keyHash,
+      revoked: false
+    },
+    include: {
+      user: {
+        include: {
+          organizations: {
+            take: 1,
+            include: {
+              organization: true
+            }
+          }
+        }
+      }
+    }
+  });
+  if (!keyRecord || keyRecord.expiresAt && keyRecord.expiresAt < /* @__PURE__ */ new Date()) {
+    return null;
+  }
+  await prisma.apiKey.update({
+    where: { id: keyRecord.id },
+    data: { lastUsedAt: /* @__PURE__ */ new Date() }
+  });
+  const orgUser = keyRecord.user.organizations?.[0];
+  return {
+    user: keyRecord.user,
+    organization: orgUser?.organization,
+    apiKey: keyRecord
+  };
+}
+var API_KEY_PERMISSION_RANK = {
+  [ApiKeyPermission.READ]: 1,
+  [ApiKeyPermission.WRITE]: 2,
+  [ApiKeyPermission.ADMIN]: 3
+};
+async function hashApiKey(apiKey) {
+  const crypto = await import("crypto");
+  return crypto.createHash("sha256").update(apiKey).digest("hex");
+}
+
+// ../../packages/auth/dist/stateMachine.js
+var VALID_TRANSITIONS = {
+  [TaskState.BACKLOG]: [TaskState.READY],
+  [TaskState.READY]: [TaskState.IN_PROGRESS],
+  [TaskState.IN_PROGRESS]: [TaskState.REVIEW],
+  [TaskState.REVIEW]: [TaskState.DONE, TaskState.IN_PROGRESS],
+  [TaskState.DONE]: []
+};
+
+// src/version.ts
+var VERSION = "0.1.2";
+
+// ../../packages/git/dist/github.js
+import { Octokit } from "octokit";
+var GitHubProvider = class {
+  octokit;
+  constructor(token) {
+    this.octokit = new Octokit({ auth: token });
+  }
+  async createBranch(options) {
+    try {
+      const { data: ref } = await this.octokit.rest.git.getRef({
+        owner: options.owner,
+        repo: options.repo,
+        ref: `heads/${options.sourceBranch}`
+      });
+      await this.octokit.rest.git.createRef({
+        owner: options.owner,
+        repo: options.repo,
+        ref: `refs/heads/${options.newBranch}`,
+        sha: ref.object.sha
+      });
+      return {
+        success: true,
+        branchName: options.newBranch
+      };
+    } catch (error) {
+      return {
+        success: false,
+        branchName: options.newBranch,
+        error: error.message || "Failed to create branch"
+      };
+    }
+  }
+  async createPR(options) {
+    try {
+      const { data: pr } = await this.octokit.rest.pulls.create({
+        owner: options.owner,
+        repo: options.repo,
+        title: options.title,
+        body: options.body,
+        head: options.head,
+        base: options.base
+      });
+      return {
+        success: true,
+        prUrl: pr.html_url,
+        prNumber: pr.number
+      };
+    } catch (error) {
+      return {
+        success: false,
+        prUrl: "",
+        prNumber: 0,
+        error: error.message || "Failed to create pull request"
+      };
+    }
+  }
+  async getBranchInfo(options) {
+    try {
+      const { data: ref } = await this.octokit.rest.git.getRef({
+        owner: options.owner,
+        repo: options.repo,
+        ref: `heads/${options.branch}`
+      });
+      return ref.object.sha;
+    } catch {
+      return null;
+    }
+  }
+  async listBranches(owner, repo) {
+    try {
+      const { data: branches } = await this.octokit.rest.repos.listBranches({
+        owner,
+        repo,
+        per_page: 100
+      });
+      return branches.map((branch) => ({
+        name: branch.name,
+        commitSha: branch.commit.sha,
+        protected: branch.protected
+      }));
+    } catch (error) {
+      console.error("Failed to list branches:", error);
+      return [];
+    }
+  }
+  async setupWebhook(options) {
+    try {
+      const { data: webhook } = await this.octokit.rest.repos.createWebhook({
+        owner: options.owner,
+        repo: options.repo,
+        name: "web",
+        config: {
+          url: options.url,
+          content_type: "json",
+          secret: options.secret
+        },
+        events: options.events || ["push", "pull_request"],
+        active: true
+      });
+      return {
+        success: true,
+        webhookId: webhook.id
+      };
+    } catch (error) {
+      return {
+        success: false,
+        webhookId: 0,
+        error: error.message || "Failed to setup webhook"
+      };
+    }
+  }
+  async getPRInfo(prNumber, owner, repo) {
+    try {
+      const { data: pr } = await this.octokit.rest.pulls.get({
+        owner,
+        repo,
+        pull_number: prNumber
+      });
+      return {
+        number: pr.number,
+        title: pr.title,
+        state: pr.state,
+        htmlUrl: pr.html_url,
+        mergedAt: pr.merged_at ? new Date(pr.merged_at) : void 0,
+        user: pr.user ? {
+          login: pr.user.login
+        } : void 0
+      };
+    } catch {
+      return null;
+    }
+  }
+  async getRecentCommits(owner, repo, branch, limit = 10) {
+    try {
+      const { data: commits } = await this.octokit.rest.repos.listCommits({
+        owner,
+        repo,
+        sha: branch,
+        per_page: limit
+      });
+      return commits.map((commit) => ({
+        sha: commit.sha,
+        message: commit.commit.message,
+        author: commit.commit.author?.name && commit.commit.author?.email ? {
+          name: commit.commit.author.name,
+          email: commit.commit.author.email
+        } : void 0,
+        date: new Date(commit.commit.author?.date || Date.now())
+      }));
+    } catch {
+      return [];
+    }
+  }
+  async deleteBranch(owner, repo, branch) {
+    try {
+      await this.octokit.rest.git.deleteRef({
+        owner,
+        repo,
+        ref: `heads/${branch}`
+      });
+      return true;
+    } catch (error) {
+      console.error(`Failed to delete branch ${branch}:`, error.message);
+      return false;
+    }
+  }
+  async getRepositoryReadme(owner, repo) {
+    try {
+      const { data } = await this.octokit.rest.repos.getReadme({
+        owner,
+        repo,
+        mediaType: {
+          format: "raw"
+        }
+      });
+      return data;
+    } catch {
+      return null;
+    }
+  }
+  async getRepositoryPackageJson(owner, repo) {
+    try {
+      const { data } = await this.octokit.rest.repos.getContent({
+        owner,
+        repo,
+        path: "package.json"
+      });
+      if ("content" in data && data.type === "file") {
+        return Buffer.from(data.content, "base64").toString("utf-8");
+      }
+      return null;
+    } catch {
+      return null;
+    }
+  }
+  static parseRepositoryUrl(url) {
+    try {
+      const match = url.match(/github\.com[/:]([^/]+)\/([^/.]+)/);
+      if (!match || match.length < 3) {
+        return null;
+      }
+      return {
+        owner: match[1],
+        repo: match[2].replace(/\.git$/, "")
+      };
+    } catch {
+      return null;
+    }
+  }
+  static async verifyWebhookSignature(payload, signature, secret) {
+    const crypto = await import("crypto");
+    const expectedSignature = crypto.createHmac("sha256", secret).update(payload).digest("hex");
+    const parts = signature.split("=");
+    if (parts.length < 2) {
+      return false;
+    }
+    const receivedSignature = parts[1];
+    return crypto.timingSafeEqual(Buffer.from(receivedSignature), Buffer.from(expectedSignature));
+  }
+  async verifyRepositoryAccess(owner, repo) {
+    try {
+      await this.octokit.rest.repos.get({
+        owner,
+        repo
+      });
+      return { success: true };
+    } catch (error) {
+      if (error.status === 404) {
+        return {
+          success: false,
+          error: "Repository not found or you don't have access"
+        };
+      }
+      if (error.status === 401 || error.status === 403) {
+        return {
+          success: false,
+          error: "Authentication failed. Check your GitHub token permissions"
+        };
+      }
+      return {
+        success: false,
+        error: error.message || "Failed to verify repository access"
+      };
+    }
+  }
+};
+
+// ../../packages/git/dist/errors.js
+var GitErrorType;
+(function(GitErrorType2) {
+  GitErrorType2["BRANCH_NOT_FOUND"] = "BRANCH_NOT_FOUND";
+  GitErrorType2["BRANCH_EXISTS"] = "BRANCH_EXISTS";
+  GitErrorType2["AUTH_INVALID"] = "AUTH_INVALID";
+  GitErrorType2["REPOSITORY_NOT_FOUND"] = "REPOSITORY_NOT_FOUND";
+  GitErrorType2["RATE_LIMITED"] = "RATE_LIMITED";
+  GitErrorType2["NETWORK_ERROR"] = "NETWORK_ERROR";
+  GitErrorType2["PERMISSION_DENIED"] = "PERMISSION_DENIED";
+  GitErrorType2["UNKNOWN_ERROR"] = "UNKNOWN_ERROR";
+})(GitErrorType || (GitErrorType = {}));
+
+// src/permissions.ts
+var PERMISSION_RANK = {
+  READ: 1,
+  WRITE: 2,
+  ADMIN: 3
+};
+function assertApiKeyPermission(apiKey, required, toolName) {
+  const actualRank = PERMISSION_RANK[apiKey.permissions] ?? 0;
+  const requiredRank = PERMISSION_RANK[required] ?? 0;
+  if (actualRank >= requiredRank) {
+    return;
+  }
+  console.warn("API key permission violation", {
+    keyId: apiKey.id,
+    requiredPermission: required,
+    actualPermission: apiKey.permissions,
+    tool: toolName
+  });
+  const error = new Error(
+    `API key lacks required permissions (required: ${required})`
+  );
+  error.status = 403;
+  throw error;
+}
+
+// src/index.ts
+async function getAuthenticatedUser(apiKey) {
+  const result = await validateApiKey(apiKey);
+  if (!result) {
+    throw new Error("Invalid API key");
+  }
+  return {
+    userId: result.user.id,
+    organizationId: result.organization?.id,
+    apiKey: result.apiKey
+  };
+}
+async function ensureAccessControl(projectId, userId, organizationId) {
+  if (!organizationId) {
+    const project = await prisma.project.findUnique({
+      where: { id: projectId },
+      include: { owner: true }
+    });
+    if (project?.ownerId !== userId) {
+      throw new Error(
+        "Access denied: You do not have permission to access this project"
+      );
+    }
+  } else {
+    const project = await prisma.project.findUnique({
+      where: { id: projectId },
+      include: { organization: true }
+    });
+    if (!project || project.organizationId !== organizationId) {
+      throw new Error(
+        "Access denied: You do not have permission to access this project"
+      );
+    }
+    const userTags = await prisma.userTag.findMany({
+      where: { userId },
+      include: { tag: true }
+    });
+    const projectTags = await prisma.projectTag.findMany({
+      where: { projectId },
+      include: { tag: true }
+    });
+    const userTagNames = new Set(
+      userTags.map((ut) => ut.tag.name)
+    );
+    const projectTagNames = new Set(
+      projectTags.map((pt) => pt.tag.name)
+    );
+    const hasAccess = [...userTagNames].some((tag) => projectTagNames.has(tag));
+    if (!hasAccess) {
+      throw new Error(
+        "Access denied: Your tags do not grant access to this project"
+      );
+    }
+  }
+}
+function getGitHubClient(_organizationId) {
+  const githubToken = process.env.GITHUB_TOKEN;
+  if (!githubToken) {
+    throw new Error("GitHub token not configured");
+  }
+  return new GitHubProvider(githubToken);
+}
+function slugify(text, maxLength = 50) {
+  return text.toLowerCase().replace(/[^a-z0-9]+/g, "-").substring(0, maxLength);
+}
+async function createMCPServer() {
+  const server = new McpServer({
+    name: "mtaap",
+    version: VERSION
+  });
+  const apiKey = process.env.MTAAP_API_KEY;
+  if (!apiKey) {
+    throw new Error("MTAAP_API_KEY environment variable is required");
+  }
+  const auth = await getAuthenticatedUser(apiKey);
+  server.registerTool(
+    "list_projects",
+    {
+      description: "List accessible projects (personal + team via tags)"
+    },
+    async (args) => {
+      assertApiKeyPermission(
+        auth.apiKey,
+        ApiKeyPermission.READ,
+        "list_projects"
+      );
+      const validated = ListProjectsInputSchema.parse(args);
+      const projects = await listProjects(
+        auth.userId,
+        auth.organizationId,
+        validated.workspaceType
+      );
+      return {
+        content: [
+          {
+            type: "text",
+            text: JSON.stringify(projects, null, 2)
+          }
+        ]
+      };
+    }
+  );
+  server.registerTool(
+    "list_tasks",
+    {
+      description: "Returns available tasks (filterable by project, state)"
+    },
+    async (args) => {
+      assertApiKeyPermission(auth.apiKey, ApiKeyPermission.READ, "list_tasks");
+      const validated = ListTasksInputSchema.parse(args);
+      if (validated.projectId) {
+        await ensureAccessControl(
+          validated.projectId,
+          auth.userId,
+          auth.organizationId
+        );
+      }
+      const tasks = await listTasks(
+        auth.userId,
+        auth.organizationId,
+        validated.projectId,
+        validated.state,
+        validated.assigneeId
+      );
+      return {
+        content: [
+          {
+            type: "text",
+            text: JSON.stringify(tasks, null, 2)
+          }
+        ]
+      };
+    }
+  );
+  server.registerTool(
+    "get_task",
+    {
+      description: "Full task details including acceptance criteria"
+    },
+    async (args) => {
+      assertApiKeyPermission(auth.apiKey, ApiKeyPermission.READ, "get_task");
+      const validated = GetTaskInputSchema.parse(args);
+      const task = await getTaskWithChecks(
+        validated.taskId,
+        auth.userId,
+        auth.organizationId
+      );
+      return {
+        content: [
+          {
+            type: "text",
+            text: JSON.stringify(task, null, 2)
+          }
+        ]
+      };
+    }
+  );
+  server.registerTool(
+    "assign_task",
+    {
+      description: "Atomic claim \u2192 creates branch. Fails if already taken."
+    },
+    async (args) => {
+      assertApiKeyPermission(
+        auth.apiKey,
+        ApiKeyPermission.WRITE,
+        "assign_task"
+      );
+      const validated = AssignTaskInputSchema.parse(args);
+      const result = await assignTask(
+        validated.projectId,
+        validated.taskId,
+        auth.userId,
+        auth.organizationId,
+        validated.expectedState
+      );
+      return {
+        content: [
+          {
+            type: "text",
+            text: JSON.stringify(result, null, 2)
+          }
+        ]
+      };
+    }
+  );
+  server.registerTool(
+    "update_progress",
+    {
+      description: "Reports status, updates checkboxes, writes checkpoint"
+    },
+    async (args) => {
+      assertApiKeyPermission(
+        auth.apiKey,
+        ApiKeyPermission.WRITE,
+        "update_progress"
+      );
+      const validated = UpdateProgressInputSchema.parse(args);
+      const result = await updateProgress(
+        validated.taskId,
+        auth.userId,
+        validated.statusMessage,
+        validated.completedCheckpointIds,
+        validated.currentCheckpointIndex
+      );
+      return {
+        content: [
+          {
+            type: "text",
+            text: JSON.stringify(result, null, 2)
+          }
+        ]
+      };
+    }
+  );
+  server.registerTool(
+    "complete_task",
+    {
+      description: "Marks complete, triggers PR, deletes local state file"
+    },
+    async (args) => {
+      assertApiKeyPermission(
+        auth.apiKey,
+        ApiKeyPermission.WRITE,
+        "complete_task"
+      );
+      const validated = CompleteTaskInputSchema.parse(args);
+      const result = await completeTask(
+        validated.projectId,
+        validated.taskId,
+        auth.userId,
+        auth.organizationId,
+        validated.pullRequestTitle,
+        validated.pullRequestBody
+      );
+      return {
+        content: [
+          {
+            type: "text",
+            text: JSON.stringify(result, null, 2)
+          }
+        ]
+      };
+    }
+  );
+  server.registerTool(
+    "check_active_task",
+    {
+      description: "Check for resumable task in .mtaap/active-task.json"
+    },
+    async () => {
+      assertApiKeyPermission(
+        auth.apiKey,
+        ApiKeyPermission.READ,
+        "check_active_task"
+      );
+      const result = await checkActiveTask();
+      return {
+        content: [
+          {
+            type: "text",
+            text: JSON.stringify(result, null, 2)
+          }
+        ]
+      };
+    }
+  );
+  server.registerTool(
+    "report_error",
+    {
+      description: "Report unrecoverable error, displays on task in webapp"
+    },
+    async (args) => {
+      assertApiKeyPermission(
+        auth.apiKey,
+        ApiKeyPermission.WRITE,
+        "report_error"
+      );
+      const validated = ReportErrorInputSchema.parse(args);
+      const result = await reportTaskError(
+        validated.taskId,
+        auth.userId,
+        validated.errorType,
+        validated.errorMessage,
+        validated.context
+      );
+      return {
+        content: [
+          {
+            type: "text",
+            text: JSON.stringify(result, null, 2)
+          }
+        ]
+      };
+    }
+  );
+  server.registerTool(
+    "get_project_context",
+    {
+      description: "Returns assembled context (README, stack, conventions)"
+    },
+    async (args) => {
+      assertApiKeyPermission(
+        auth.apiKey,
+        ApiKeyPermission.READ,
+        "get_project_context"
+      );
+      const validated = GetProjectContextInputSchema.parse(args);
+      await ensureAccessControl(
+        validated.projectId,
+        auth.userId,
+        auth.organizationId
+      );
+      const context = await getProjectContext(validated.projectId);
+      return {
+        content: [
+          {
+            type: "text",
+            text: JSON.stringify(context, null, 2)
+          }
+        ]
+      };
+    }
+  );
+  server.registerTool(
+    "add_note",
+    {
+      description: "Append implementation notes to task"
+    },
+    async (args) => {
+      assertApiKeyPermission(auth.apiKey, ApiKeyPermission.WRITE, "add_note");
+      const validated = AddNoteInputSchema.parse(args);
+      const result = await addTaskNote(
+        validated.taskId,
+        auth.userId,
+        validated.content
+      );
+      return {
+        content: [
+          {
+            type: "text",
+            text: JSON.stringify(result, null, 2)
+          }
+        ]
+      };
+    }
+  );
+  server.registerTool(
+    "abandon_task",
+    {
+      description: "Unassign from a task and optionally delete the branch"
+    },
+    async (args) => {
+      assertApiKeyPermission(
+        auth.apiKey,
+        ApiKeyPermission.WRITE,
+        "abandon_task"
+      );
+      const validated = AbandonTaskInputSchema.parse(args);
+      await ensureAccessControl(
+        validated.projectId,
+        auth.userId,
+        auth.organizationId || null
+      );
+      const result = await abandonTask(
+        validated.taskId,
+        validated.projectId,
+        auth.userId,
+        validated.deleteBranch
+      );
+      return {
+        content: [
+          {
+            type: "text",
+            text: JSON.stringify(result, null, 2)
+          }
+        ]
+      };
+    }
+  );
+  server.registerTool(
+    "create_personal_project",
+    {
+      description: "Create project in user's personal workspace"
+    },
+    async (args) => {
+      assertApiKeyPermission(
+        auth.apiKey,
+        ApiKeyPermission.WRITE,
+        "create_personal_project"
+      );
+      const validated = CreatePersonalProjectInputSchema.parse(args);
+      const result = await createPersonalProject(
+        auth.userId,
+        validated.name,
+        validated.description,
+        validated.repositoryUrl
+      );
+      return {
+        content: [
+          {
+            type: "text",
+            text: JSON.stringify(result, null, 2)
+          }
+        ]
+      };
+    }
+  );
+  server.registerTool(
+    "get_version",
+    {
+      description: "Get the current MTAAP version"
+    },
+    async () => {
+      assertApiKeyPermission(auth.apiKey, ApiKeyPermission.READ, "get_version");
+      return {
+        content: [
+          {
+            type: "text",
+            text: JSON.stringify(
+              {
+                version: VERSION,
+                timestamp: (/* @__PURE__ */ new Date()).toISOString()
+              },
+              null,
+              2
+            )
+          }
+        ]
+      };
+    }
+  );
+  const transport = new StdioServerTransport();
+  await server.connect(transport);
+}
+async function listProjects(userId, organizationId, workspaceType = "ALL") {
+  const where = {};
+  const include = {};
+  if (workspaceType === "PERSONAL" || workspaceType === "ALL") {
+    where.ownerId = userId;
+    include.owner = true;
+  }
+  if (organizationId && (workspaceType === "TEAM" || workspaceType === "ALL")) {
+    where.OR = [
+      { organizationId },
+      { type: ProjectType.PERSONAL, ownerId: userId }
+    ];
+    include.organization = true;
+    include.projectTags = {
+      include: { tag: true }
+    };
+  }
+  const projects = await prisma.project.findMany({
+    where,
+    include,
+    orderBy: { updatedAt: "desc" }
+  });
+  const formattedProjects = projects.map(
+    (project) => ({
+      id: project.id,
+      name: project.name,
+      description: project.description,
+      type: project.type,
+      origin: project.origin,
+      repositoryUrl: project.repositoryUrl,
+      baseBranch: project.baseBranch,
+      tags: project.projectTags?.map((pt) => pt.tag.name) || [],
+      createdAt: project.createdAt,
+      updatedAt: project.updatedAt
+    })
+  );
+  return formattedProjects;
+}
+async function listTasks(userId, organizationId, projectId, state, assigneeId) {
+  const where = { projectId };
+  if (organizationId) {
+    where.project = {
+      organizationId
+    };
+  }
+  if (state) {
+    where.state = state;
+  }
+  if (assigneeId) {
+    where.assigneeId = assigneeId;
+  }
+  const tasks = await prisma.task.findMany({
+    where,
+    include: {
+      project: true,
+      assignee: true,
+      creator: true,
+      epic: true
+    },
+    orderBy: { createdAt: "desc" }
+  });
+  const formattedTasks = await Promise.all(
+    tasks.map(async (task) => {
+      const acceptanceCriteria = await prisma.acceptanceCriterion.findMany({
+        where: { taskId: task.id },
+        orderBy: { order: "asc" }
+      });
+      return {
+        id: task.id,
+        projectId: task.projectId,
+        projectName: task.project?.name || "Unknown",
+        epicId: task.epicId,
+        epicName: task.epic?.name || null,
+        title: task.title,
+        description: task.description,
+        state: task.state,
+        priority: task.priority,
+        assigneeId: task.assigneeId,
+        assigneeName: task.assignee?.name || null,
+        assigneeEmail: task.assignee?.email || null,
+        createdBy: task.createdBy,
+        createdByName: task.creator?.name || null,
+        assignedAt: task.assignedAt,
+        startedAt: task.startedAt,
+        completedAt: task.completedAt,
+        branchName: task.branchName,
+        pullRequestUrl: task.pullRequestUrl,
+        pullRequestNumber: task.pullRequestNumber,
+        errorType: task.errorType,
+        errorMessage: task.errorMessage,
+        acceptanceCriteria: acceptanceCriteria.map((ac) => ({
+          id: ac.id,
+          description: ac.description,
+          completed: ac.completed,
+          completedAt: ac.completedAt,
+          order: ac.order
+        })),
+        createdAt: task.createdAt,
+        updatedAt: task.updatedAt
+      };
+    })
+  );
+  return formattedTasks;
+}
+async function getTaskWithChecks(taskId, userId, organizationId) {
+  const task = await prisma.task.findUnique({
+    where: { id: taskId },
+    include: {
+      project: {
+        include: {
+          organization: true,
+          projectTags: {
+            include: { tag: true }
+          }
+        }
+      },
+      epic: true,
+      assignee: true,
+      creator: true,
+      acceptanceCriteria: {
+        orderBy: { order: "asc" }
+      },
+      progressUpdates: {
+        orderBy: { createdAt: "desc" },
+        take: 10
+      },
+      notes: {
+        orderBy: { createdAt: "desc" },
+        take: 10
+      }
+    }
+  });
+  if (!task) {
+    throw new Error("Task not found");
+  }
+  if (organizationId && task.project?.organizationId !== organizationId) {
+    const userTags = await prisma.userTag.findMany({
+      where: { userId },
+      include: { tag: true }
+    });
+    const projectTagNames = new Set(
+      task.project.projectTags?.map(
+        (pt) => pt.tag.name
+      ) || []
+    );
+    const userTagNames = new Set(
+      userTags.map((ut) => ut.tag.name)
+    );
+    const hasAccess = [...userTagNames].some((tag) => projectTagNames.has(tag));
+    if (!hasAccess) {
+      throw new Error(
+        "Access denied: Your tags do not grant access to this project"
+      );
+    }
+  }
+  const formattedTask = {
+    id: task.id,
+    projectId: task.projectId,
+    projectName: task.project?.name || "Unknown",
+    epicId: task.epicId,
+    epicName: task.epic?.name || null,
+    title: task.title,
+    description: task.description,
+    state: task.state,
+    priority: task.priority,
+    assigneeId: task.assigneeId,
+    assigneeName: task.assignee?.name || null,
+    assigneeEmail: task.assignee?.email || null,
+    createdBy: task.createdBy,
+    createdByName: task.creator?.name || null,
+    assignedAt: task.assignedAt,
+    startedAt: task.startedAt,
+    completedAt: task.completedAt,
+    branchName: task.branchName,
+    pullRequestUrl: task.pullRequestUrl,
+    pullRequestNumber: task.pullRequestNumber,
+    errorType: task.errorType,
+    errorMessage: task.errorMessage,
+    acceptanceCriteria: task.acceptanceCriteria.map(
+      (ac) => ({
+        id: ac.id,
+        description: ac.description,
+        completed: ac.completed,
+        completedAt: ac.completedAt,
+        order: ac.order
+      })
+    ),
+    progressUpdates: task.progressUpdates.map(
+      (pu) => ({
+        id: pu.id,
+        message: pu.message,
+        checkpoints: pu.checkpoints,
+        userId: pu.userId,
+        createdAt: pu.createdAt
+      })
+    ),
+    notes: task.notes.map((note) => ({
+      id: note.id,
+      content: note.content,
+      userId: note.userId,
+      createdAt: note.createdAt
+    })),
+    createdAt: task.createdAt,
+    updatedAt: task.updatedAt
+  };
+  return formattedTask;
+}
+async function assignTask(projectId, taskId, userId, organizationId, expectedState = TaskState.READY) {
+  await ensureAccessControl(projectId, userId, organizationId);
+  const task = await prisma.task.findUnique({
+    where: { id: taskId },
+    include: { project: true }
+  });
+  if (!task) {
+    throw new Error("Task not found");
+  }
+  if (task.state !== expectedState) {
+    return {
+      success: false,
+      taskId,
+      currentState: task.state,
+      message: `Task is already in state: ${task.state}`
+    };
+  }
+  const repoInfo = GitHubProvider.parseRepositoryUrl(
+    task.project?.repositoryUrl || ""
+  );
+  if (!repoInfo) {
+    throw new Error("Invalid repository URL");
+  }
+  const github = getGitHubClient(task.project?.organizationId || "");
+  const branchSuffix = slugify(task.title);
+  const branchName = `feature/${taskId}-${branchSuffix}`;
+  const createResult = await github.createBranch({
+    owner: repoInfo.owner,
+    repo: repoInfo.repo,
+    sourceBranch: task.project?.baseBranch || "develop",
+    newBranch: branchName
+  });
+  if (!createResult.success) {
+    throw new Error(`Failed to create branch: ${createResult.error}`);
+  }
+  const updatedTask = await prisma.task.update({
+    where: { id: taskId },
+    data: {
+      state: TaskState.IN_PROGRESS,
+      assigneeId: userId,
+      assignedAt: /* @__PURE__ */ new Date(),
+      branchName,
+      startedAt: /* @__PURE__ */ new Date()
+    }
+  });
+  return {
+    success: true,
+    taskId: updatedTask.id,
+    branchName
+  };
+}
+async function updateProgress(taskId, userId, statusMessage, completedCheckpointIds, _currentCheckpointIndex) {
+  const task = await prisma.task.findUnique({
+    where: { id: taskId }
+  });
+  if (!task) {
+    throw new Error("Task not found");
+  }
+  if (task.assigneeId !== userId) {
+    throw new Error("You are not assigned to this task");
+  }
+  if (completedCheckpointIds && completedCheckpointIds.length > 0) {
+    await prisma.acceptanceCriterion.updateMany({
+      where: {
+        id: { in: completedCheckpointIds }
+      },
+      data: {
+        completed: true,
+        completedAt: /* @__PURE__ */ new Date()
+      }
+    });
+  }
+  if (statusMessage) {
+    await prisma.progressUpdate.create({
+      data: {
+        taskId,
+        userId,
+        message: statusMessage,
+        checkpoints: []
+      }
+    });
+  }
+  const updatedTask = await prisma.task.update({
+    where: { id: taskId },
+    data: {
+      updatedAt: /* @__PURE__ */ new Date()
+    }
+  });
+  return {
+    success: true,
+    taskId: updatedTask.id
+  };
+}
+async function completeTask(projectId, taskId, userId, organizationId, pullRequestTitle, pullRequestBody) {
+  await ensureAccessControl(projectId, userId, organizationId);
+  const task = await prisma.task.findUnique({
+    where: { id: taskId },
+    include: { project: true }
+  });
+  if (!task) {
+    throw new Error("Task not found");
+  }
+  if (task.assigneeId !== userId) {
+    throw new Error("You are not assigned to this task");
+  }
+  if (task.state !== TaskState.IN_PROGRESS) {
+    throw new Error("Task must be in progress to be completed");
+  }
+  if (!task.branchName) {
+    throw new Error("Task has no associated branch");
+  }
+  const repoInfo = GitHubProvider.parseRepositoryUrl(
+    task.project?.repositoryUrl || ""
+  );
+  if (!repoInfo) {
+    throw new Error("Invalid repository URL");
+  }
+  const github = getGitHubClient(task.project?.organizationId || "");
+  const acceptanceCriteria = await prisma.acceptanceCriterion.findMany({
+    where: { taskId },
+    orderBy: { order: "asc" }
+  });
+  const acceptanceChecklist = acceptanceCriteria.map(
+    (ac) => `- [${ac.completed ? "x" : " "}] ${ac.description}`
+  ).join("\n");
+  const prTitle = pullRequestTitle || `[${taskId}] ${task.title}`;
+  const prBody = pullRequestBody || `${task.description}
+
+### Acceptance Criteria
+
+${acceptanceChecklist}`;
+  const createResult = await github.createPR({
+    owner: repoInfo.owner,
+    repo: repoInfo.repo,
+    title: prTitle,
+    body: prBody,
+    head: task.branchName,
+    base: task.project?.baseBranch || "develop"
+  });
+  if (!createResult.success) {
+    throw new Error(`Failed to create PR: ${createResult.error}`);
+  }
+  const updatedTask = await prisma.task.update({
+    where: { id: taskId },
+    data: {
+      state: TaskState.REVIEW,
+      completedAt: /* @__PURE__ */ new Date(),
+      pullRequestUrl: createResult.prUrl,
+      pullRequestNumber: createResult.prNumber
+    }
+  });
+  return {
+    success: true,
+    taskId: updatedTask.id,
+    prUrl: createResult.prUrl,
+    prNumber: createResult.prNumber
+  };
+}
+async function checkActiveTask() {
+  const fs = await import("fs");
+  const path = await import("path");
+  const activeTaskPath = path.join(process.cwd(), ".mtaap", "active-task.json");
+  if (!await fs.promises.access(activeTaskPath).catch(() => false)) {
+    return {
+      hasActiveTask: false,
+      task: null
+    };
+  }
+  const content = await fs.promises.readFile(activeTaskPath, "utf-8");
+  const activeTask = JSON.parse(content);
+  return {
+    hasActiveTask: true,
+    task: activeTask
+  };
+}
+async function reportTaskError(taskId, userId, errorType, errorMessage, _context) {
+  const task = await prisma.task.findUnique({
+    where: { id: taskId }
+  });
+  if (!task) {
+    throw new Error("Task not found");
+  }
+  if (task.assigneeId !== userId) {
+    throw new Error("You are not assigned to this task");
+  }
+  const updatedTask = await prisma.task.update({
+    where: { id: taskId },
+    data: {
+      errorType,
+      errorMessage
+    }
+  });
+  return {
+    success: true,
+    taskId: updatedTask.id
+  };
+}
+async function getProjectContext(projectId) {
+  const project = await prisma.project.findUnique({
+    where: { id: projectId },
+    include: {
+      organization: {
+        include: { settings: true }
+      }
+    }
+  });
+  if (!project) {
+    throw new Error("Project not found");
+  }
+  const repoInfo = GitHubProvider.parseRepositoryUrl(project.repositoryUrl);
+  let readme = "";
+  let stack = [];
+  if (repoInfo) {
+    const github = getGitHubClient(project.organizationId || "");
+    const readmeResult = await github.getRepositoryReadme(
+      repoInfo.owner,
+      repoInfo.repo
+    );
+    readme = readmeResult || "No README found";
+    const packageJsonResult = await github.getRepositoryPackageJson(
+      repoInfo.owner,
+      repoInfo.repo
+    );
+    if (packageJsonResult) {
+      const packageJson = JSON.parse(packageJsonResult);
+      const deps = {
+        ...packageJson.dependencies,
+        ...packageJson.devDependencies
+      };
+      stack = Object.keys(deps).slice(0, 20);
+    }
+  }
+  const recentCompletedTasks = await prisma.task.findMany({
+    where: {
+      project: {
+        id: projectId
+      },
+      state: TaskState.DONE
+    },
+    orderBy: { completedAt: "desc" },
+    take: 10,
+    include: {
+      creator: {
+        select: { id: true, name: true }
+      }
+    }
+  });
+  const conventions = {
+    branchPrefix: "feature/",
+    commitFormat: project.organization?.settings?.enforceConventionalCommits ? "conventional" : "none",
+    testCommand: "npm test",
+    baseBranch: project.baseBranch || "develop",
+    notes: project.organization?.settings?.maxPersonalProjectsPerUser?.toString() || ""
+  };
+  return {
+    readme: readme.substring(0, 2e3),
+    stack,
+    recentCompleted: recentCompletedTasks.map(
+      (task) => ({
+        id: task.id,
+        title: task.title,
+        completedAt: task.completedAt
+      })
+    ),
+    conventions
+  };
+}
+async function addTaskNote(taskId, userId, content) {
+  const task = await prisma.task.findUnique({
+    where: { id: taskId }
+  });
+  if (!task) {
+    throw new Error("Task not found");
+  }
+  if (task.assigneeId !== userId) {
+    throw new Error("You are not assigned to this task");
+  }
+  const note = await prisma.taskNote.create({
+    data: {
+      taskId,
+      userId,
+      content
+    }
+  });
+  return {
+    success: true,
+    noteId: note.id
+  };
+}
+async function abandonTask(taskId, projectId, userId, deleteBranch) {
+  const task = await prisma.task.findUnique({
+    where: { id: taskId },
+    include: { project: true }
+  });
+  if (!task) {
+    throw new Error("Task not found");
+  }
+  if (task.projectId !== projectId) {
+    throw new Error("Task does not belong to the specified project");
+  }
+  if (task.assigneeId !== userId) {
+    throw new Error("You can only abandon tasks you are assigned to");
+  }
+  const repositoryUrl = task.project?.repositoryUrl;
+  const repoInfo = repositoryUrl ? GitHubProvider.parseRepositoryUrl(repositoryUrl) : void 0;
+  if (deleteBranch && repoInfo && task.branchName) {
+    const github = getGitHubClient(task.project?.organizationId || "");
+    try {
+      await github.deleteBranch(repoInfo.owner, repoInfo.repo, task.branchName);
+    } catch (error) {
+      console.error("Failed to delete GitHub branch when abandoning task", {
+        taskId,
+        projectId: task.projectId,
+        organizationId: task.project?.organizationId,
+        repositoryOwner: repoInfo.owner,
+        repositoryName: repoInfo.repo,
+        branchName: task.branchName,
+        error
+      });
+      throw new Error("Failed to delete branch");
+    }
+  }
+  const newState = task.state === TaskState.IN_PROGRESS ? TaskState.READY : task.state;
+  const updatedTask = await prisma.task.update({
+    where: { id: taskId },
+    data: {
+      state: newState,
+      assigneeId: null,
+      assignedAt: null,
+      startedAt: null,
+      updatedAt: /* @__PURE__ */ new Date()
+    }
+  });
+  return {
+    success: true,
+    taskId: updatedTask.id,
+    state: updatedTask.state,
+    branchDeleted: deleteBranch ? !!repoInfo && !!task.branchName : false
+  };
+}
+async function createPersonalProject(userId, name, description, repositoryUrl) {
+  const user = await prisma.user.findUnique({
+    where: { id: userId },
+    include: { organizations: true }
+  });
+  if (!user) {
+    throw new Error("User not found");
+  }
+  const repoInfo = GitHubProvider.parseRepositoryUrl(repositoryUrl);
+  if (!repoInfo) {
+    throw new Error("Invalid repository URL");
+  }
+  const github = getGitHubClient(user.organizations[0]?.organizationId || "");
+  const branchInfo = await github.getBranchInfo({
+    owner: repoInfo.owner,
+    repo: repoInfo.repo,
+    branch: "main"
+  });
+  if (!branchInfo) {
+    throw new Error("Could not get repository branch info");
+  }
+  const project = await prisma.project.create({
+    data: {
+      name,
+      description,
+      type: ProjectType.PERSONAL,
+      origin: ProjectOrigin.CREATED,
+      ownerId: userId,
+      organizationId: null,
+      repositoryUrl,
+      baseBranch: "main"
+    }
+  });
+  return {
+    success: true,
+    projectId: project.id
+  };
+}
+
+export {
+  createMCPServer
+};
+//# sourceMappingURL=chunk-4ILBJI7A.js.map