@nado-language/mcp 0.1.5 → 0.1.7

package/README.md

@@ -7,6 +7,7 @@ This stdio MCP server lets AI chat clients save and practice Nado Language study
 - `nado_whoami`: validates the configured Nado account.
 - `nado_save_flashcard`: saves a structured flashcard generated by the user's chat AI. Nado does not call AI for this path.
 - `nado_save_study_item`: alias of `nado_save_flashcard` for natural memorization requests such as "암기할래", "외울래", "암기장에 넣어줘", and "단어장에 추가".
+- `nado_update_study_item`: updates an existing saved Nado card with a revised meaning, description/explanation, examples, variants, or context. Use it for requests like "hello 설명 추가", "description 추가", "뜻 수정", and "예문 추가".
 - `nado_analyze_and_save_flashcard`: Pro/Admin only. Nado AI generates the learner definition, usage note, examples, and variants, then saves the flashcard.
 - `nado_list_study_items`: loads saved flashcards for the authenticated user.
 - `nado_generate_practice`: builds practice exercises from saved flashcards only.
@@ -15,7 +16,8 @@ The default MCP path is designed to avoid double charging for AI. ChatGPT, Claud
 
 Intent routing:
 
-- If the user provides a new English item and says "암기할래", "외울래", "암기장에 추가", "단어장에 넣어줘", "remember this", or "add this to my flashcards", use `nado_save_flashcard` or `nado_save_study_item`.
+- If the user provides a new English item and says "나두 암기장", "nado 암기장", "암기할래", "외울래", "암기장에 추가", "단어장에 넣어줘", "remember this", or "add this to my flashcards", use `nado_save_flashcard` or `nado_save_study_item`. Do not create local Markdown files or Google Drive documents for these Nado requests.
+- If the user asks to add or change description/설명/뜻/예문 on an already saved card, use `nado_update_study_item`.
 - If the user asks to study already saved cards with phrases like "외울래", "암기 연습", "퀴즈 내줘", "쓰기연습", "영작하기", or "복습할래", use `nado_generate_practice`.
 - If the user wants to inspect saved items first, use `nado_list_study_items`.
 
@@ -42,25 +44,25 @@ nado-mcp login
 Source checkout alias:
 
 ```bash
-npm run mcp:nado:auth -- --provider google
+npm run mcp:nado:auth
 ```
 
-This opens the provider login page, relays the Supabase OAuth callback through the existing Azure Static Web Apps site, receives the final callback on `127.0.0.1`, and writes ignored local tokens to the user's OS config directory for package installs or `.env.mcp.local` in a repo checkout:
+This opens the Nado web connect page. The user signs in there with any login method already supported by Nado, then the page sends the browser session to the local `127.0.0.1` helper and writes ignored local tokens to the user's OS config directory for package installs or `.env.mcp.local` in a repo checkout:
 
 ```bash
 NADO_MCP_ACCESS_TOKEN='supabase-user-access-token'
 NADO_MCP_REFRESH_TOKEN='supabase-user-refresh-token'
 ```
 
-By default this uses the existing Azure Static Web Apps production site as a static OAuth relay. It does not require a new Azure Function, App Service, database, or paid runtime. The local helper still receives the final callback on `127.0.0.1`; Azure only serves the static relay page.
+By default this uses the existing Azure Static Web Apps production site as a provider-neutral connect page. It does not require a new Azure Function, App Service, database, or paid runtime. The browser posts the session directly to the local helper; tokens are not placed in the browser URL.
 
-The installed CLI opens the Nado relay page first. The relay stores the local callback in browser session storage, then sends Supabase a fixed redirect URL. This avoids Supabase rejecting a dynamic `redirect_to` URL with `local_callback` query parameters and falling back to the normal Nado web site.
+Legacy direct OAuth remains available with `nado-mcp login --provider google|kakao|apple`, but normal users should omit `--provider`.
 
 The MCP server refreshes expired access tokens with `NADO_MCP_REFRESH_TOKEN` and updates the auth file when Supabase rotates the refresh token.
 
-Supported local browser providers are `google`, `kakao`, and `apple`. Naver login is not available in the local MCP flow yet because the current Naver Edge Function uses fixed web/native redirect URLs.
+Supported web login methods are the same as Nado web login, including Google, Kakao, Naver, and Apple.
 
-Supabase Auth must allow the Azure relay redirect URL:
+Legacy direct OAuth provider mode requires Supabase Auth to allow the Azure relay redirect URL:
 
 ```text
 https://language.nado.ai.kr/auth/mcp-callback
@@ -94,7 +96,7 @@ If the browser shows an error about an old, incomplete, truncated, or invalid PK
 ```bash
 npm install --global @nado-language/mcp@latest
 nado-mcp --version
-nado-mcp login --provider google
+nado-mcp login
 ```
 
 Manual access-token option:
@@ -128,6 +130,7 @@ Optional environment:
 ```bash
 export NADO_MCP_SUPABASE_URL='https://ptbwzhxifxdnfmqsiugi.supabase.co'
 export NADO_MCP_SUPABASE_ANON_KEY='...'
+export NADO_MCP_CONNECT_URL='https://language.nado.ai.kr/mcp/connect'
 export NADO_MCP_AUTH_RELAY_URL='https://language.nado.ai.kr/auth/mcp-callback'
 ```
 

package/dist/nado-language-server.mjs

@@ -43,6 +43,7 @@ const saveFlashcardInputSchema = {
     definition: { type: 'string', minLength: 1, description: 'Learner-language definition or translation generated by the chat AI.' },
     inlineDefinition: { type: 'string', description: 'Short review-side meaning. Defaults to a compact definition.' },
     explanation: { type: 'string', description: 'Optional nuance, usage note, or grammar explanation.' },
+    description: { type: 'string', description: 'Alias for explanation when the user asks for a description/설명 field.' },
     exampleSentences: {
       type: 'array',
       items: { type: 'string' },
@@ -64,6 +65,38 @@ const saveFlashcardInputSchema = {
   additionalProperties: false,
 };
 
+const updateStudyItemInputSchema = {
+  type: 'object',
+  required: ['query'],
+  properties: {
+    query: {
+      type: 'string',
+      minLength: 1,
+      description: 'Saved Nado card id, exact original text, or search text to update. Example: for "hello 설명 추가해줘", use "hello".',
+    },
+    definition: { type: 'string', description: 'Replacement learner-language definition/meaning. Use for 뜻/의미 수정 requests.' },
+    inlineDefinition: { type: 'string', description: 'Replacement short review-side meaning.' },
+    explanation: { type: 'string', description: 'Replacement usage note or explanation. Use this for 설명/description 추가 requests.' },
+    description: { type: 'string', description: 'Alias for explanation when the user says description.' },
+    exampleSentences: {
+      type: 'array',
+      items: { type: 'string' },
+      description: 'Example sentences to append by default, or replace when appendExampleSentences is false.',
+    },
+    appendExampleSentences: { type: 'boolean', default: true },
+    variants: {
+      type: 'array',
+      items: { type: 'string' },
+      description: 'Related forms, collocations, or variants to append by default, or replace when appendVariants is false.',
+    },
+    appendVariants: { type: 'boolean', default: true },
+    contextSentence: { type: 'string', description: 'Replacement context sentence.' },
+    sourceLang: { type: 'string', description: 'Replacement user language for definitions.' },
+    targetLang: { type: 'string', description: 'Replacement language being learned.' },
+  },
+  additionalProperties: false,
+};
+
 const tools = [
   {
     name: 'nado_whoami',
@@ -76,14 +109,19 @@ const tools = [
   },
   {
     name: 'nado_save_flashcard',
-    description: 'Save a structured Nado Language flashcard that the chat model already generated. Use this when the user gives an English item and asks to memorize/save it, for example "암기장에 추가해줘", "암기할래", "외울래", "단어장에 넣어줘", "remember this", or "add this to my flashcards". This does not call Nado AI; the user/chat AI supplies the content quality.',
+    description: 'Save a structured flashcard to the user\'s Nado Language/Nado 암기장. Use this when the user gives a new English item and asks to memorize/save it, for example "나두 암기장에 추가해줘", "nado 암기장에 넣어줘", "암기장에 추가해줘", "암기할래", "외울래", "단어장에 넣어줘", "remember this", or "add this to my flashcards". Do not create local Markdown files or Google Drive documents for these Nado requests. This does not call Nado AI; the user/chat AI supplies the content quality.',
     inputSchema: saveFlashcardInputSchema,
   },
   {
     name: 'nado_save_study_item',
-    description: 'Alias of nado_save_flashcard for study-list and memorization intents. Prefer this or nado_save_flashcard when the user asks to save a specific word/phrase/sentence to Nado for later memorization, including Korean requests like "암기할래", "외울래", "암기장에 넣어줘", or "단어장에 추가". This free path does not call Nado AI.',
+    description: 'Alias of nado_save_flashcard for Nado Language study-list and memorization intents. Prefer this or nado_save_flashcard when the user asks to save a specific word/phrase/sentence to Nado for later memorization, including Korean requests like "나두 암기장", "nado language", "암기할래", "외울래", "암기장에 넣어줘", or "단어장에 추가". Do not answer by editing local files or Drive docs when the user names Nado/Nado MCP. This free path does not call Nado AI.',
     inputSchema: saveFlashcardInputSchema,
   },
+  {
+    name: 'nado_update_study_item',
+    description: 'Update an existing saved card in the user\'s Nado Language/Nado 암기장. Use this for requests like "나두 암기장에 hello description 추가해줘", "hello 설명 추가", "뜻 수정", "예문 추가", or "update my saved Nado card". The query selects an existing saved card; explanation/description maps to the card explanation field. This updates Nado storage, not a local file or Google Drive document.',
+    inputSchema: updateStudyItemInputSchema,
+  },
   {
     name: 'nado_analyze_and_save_flashcard',
     description: 'Pro/Admin only: use Nado AI to produce validated definitions/examples for a word, phrase, or sentence, then save the flashcard. Use only when the user explicitly wants Nado-verified/pro quality analysis or examples; normal memorize/save requests should use nado_save_flashcard so the user AI supplies the content.',
@@ -257,7 +295,7 @@ async function getAccessToken() {
   const email = clampText(env.NADO_MCP_EMAIL || '', 320);
   const password = env.NADO_MCP_PASSWORD || '';
   if (!email || !password) {
-    throw new Error('AUTH_NOT_CONFIGURED: run `nado-mcp login`, or in a repo checkout run `npm run mcp:nado:auth -- --provider google`, before using Nado MCP tools.');
+    throw new Error('AUTH_NOT_CONFIGURED: run `nado-mcp login`, or in a repo checkout run `npm run mcp:nado:auth`, before using Nado MCP tools.');
   }
 
   if (cachedPasswordGrant && cachedPasswordGrant.expiresAt > Date.now() + 60_000) {
@@ -496,7 +534,7 @@ function normalizeFlashcardDraft(args) {
 
   const type = FLASHCARD_TYPES.has(args.type) ? args.type : inferFlashcardType(original);
   const definition = clampText(args.definition || '', 4000);
-  const explanation = clampText(args.explanation || '', 4000);
+  const explanation = clampText(args.explanation || args.description || '', 4000);
   const inlineDefinition = clampText(
     args.inlineDefinition || compactDefinition(definition || explanation),
     1000,
@@ -636,6 +674,43 @@ function rowToFlashcard(row) {
   };
 }
 
+function flashcardToRow(card) {
+  return {
+    id: card.id,
+    source_highlight_id: card.sourceHighlightId ?? 'shared',
+    article_id: card.articleId ?? 'shared',
+    original: card.original,
+    type: card.type ?? 'phrase',
+    definition: card.definition ?? '',
+    inline_definition: card.inlineDefinition ?? '',
+    explanation: card.explanation ?? '',
+    example_sentences: card.exampleSentences ?? [],
+    variants: card.variants ?? [],
+    context_sentence: card.contextSentence ?? '',
+    context_start_index: typeof card.contextStartIndex === 'number' ? card.contextStartIndex : null,
+    context_end_index: typeof card.contextEndIndex === 'number' ? card.contextEndIndex : null,
+    source_lang: card.sourceLang ?? 'ko',
+    target_lang: card.targetLang ?? 'en',
+    excluded: card.excluded ?? false,
+    used_in_writing: card.usedInWriting ?? false,
+    used_in_writing_at: card.usedInWritingAt ?? null,
+    pending_ai: card.pendingAI ?? false,
+    stability: card.stability ?? 0,
+    difficulty: card.difficulty ?? 0,
+    elapsed_days: card.elapsedDays ?? 0,
+    scheduled_days: card.scheduledDays ?? 0,
+    reps: card.reps ?? 0,
+    lapses: card.lapses ?? 0,
+    state: card.state ?? 'new',
+    learning_step: card.learningStep ?? 0,
+    next_review_at: card.nextReviewAt ?? new Date().toISOString(),
+    last_review_at: card.lastReviewAt ?? null,
+    created_at: card.createdAt ?? new Date().toISOString(),
+    updated_at: card.updatedAt ?? new Date().toISOString(),
+    deleted: false,
+  };
+}
+
 async function loadStudyItems(args = {}) {
   const limit = parseLimit(args.limit, 20, 1, 100);
   const includeExcluded = args.includeExcluded === true;
@@ -653,6 +728,7 @@ async function loadStudyItems(args = {}) {
     .filter((card) => {
       if (!query) return true;
       const haystack = [
+        card.id,
         card.original,
         card.definition,
         card.inlineDefinition,
@@ -765,6 +841,94 @@ async function handleListStudyItems(args) {
   };
 }
 
+function mergeStringArray(current, incoming, append, maxItems) {
+  const next = asStringArray(incoming);
+  if (next.length === 0) return current ?? [];
+  const values = append === false ? next : [...(current ?? []), ...next];
+  const seen = new Set();
+  return values
+    .map((value) => clampText(value, 1000))
+    .filter(Boolean)
+    .filter((value) => {
+      const key = value.toLocaleLowerCase();
+      if (seen.has(key)) return false;
+      seen.add(key);
+      return true;
+    })
+    .slice(0, maxItems);
+}
+
+function selectStudyItemForUpdate(items, query) {
+  const normalized = query.toLocaleLowerCase();
+  const exact = items.find((item) => item.id === query || item.original.toLocaleLowerCase() === normalized);
+  if (exact) return exact;
+  if (items.length === 1) return items[0];
+  if (items.length === 0) throw new Error(`STUDY_ITEM_NOT_FOUND: ${query}`);
+  throw new Error(`AMBIGUOUS_STUDY_ITEM: ${items.length} saved cards matched "${query}". Narrow the query or use a card id from nado_list_study_items.`);
+}
+
+async function handleUpdateStudyItem(args) {
+  const query = clampText(args.query || '', 500);
+  if (!query) throw new Error('QUERY_REQUIRED');
+
+  const matches = await loadStudyItems({ query, limit: 20, includeExcluded: true });
+  const current = selectStudyItemForUpdate(matches, query);
+  const updated = { ...current };
+  let changed = false;
+
+  if (typeof args.definition === 'string') {
+    updated.definition = clampText(args.definition, 4000);
+    changed = true;
+  }
+  if (typeof args.inlineDefinition === 'string') {
+    updated.inlineDefinition = clampText(args.inlineDefinition, 1000);
+    changed = true;
+  }
+  if (typeof args.explanation === 'string' || typeof args.description === 'string') {
+    updated.explanation = clampText(args.explanation ?? args.description, 4000);
+    changed = true;
+  }
+  if (Array.isArray(args.exampleSentences)) {
+    updated.exampleSentences = mergeStringArray(current.exampleSentences, args.exampleSentences, args.appendExampleSentences, 6);
+    changed = true;
+  }
+  if (Array.isArray(args.variants)) {
+    updated.variants = mergeStringArray(current.variants, args.variants, args.appendVariants, 12);
+    changed = true;
+  }
+  if (typeof args.contextSentence === 'string') {
+    updated.contextSentence = clampText(args.contextSentence, 2200);
+    changed = true;
+  }
+  if (typeof args.sourceLang === 'string') {
+    updated.sourceLang = clampText(args.sourceLang, 8) || current.sourceLang;
+    changed = true;
+  }
+  if (typeof args.targetLang === 'string') {
+    updated.targetLang = clampText(args.targetLang, 8) || current.targetLang;
+    changed = true;
+  }
+
+  if (!changed) throw new Error('UPDATE_FIELDS_REQUIRED');
+  updated.updatedAt = new Date().toISOString();
+
+  const row = flashcardToRow(updated);
+  const saved = await callAppData({
+    action: 'upsertRows',
+    table: 'flashcards',
+    rows: [row],
+  });
+
+  return {
+    updated: true,
+    matchedCount: matches.length,
+    qualitySource: 'user_ai',
+    qualityPolicy: 'Nado updated the existing card without calling Nado AI. Content quality is supplied by the user/chat AI.',
+    persisted: saved,
+    flashcard: rowToFlashcard(row),
+  };
+}
+
 async function handleGeneratePractice(args) {
   const mode = String(args.mode || '');
   if (!PRACTICE_MODES.has(mode)) throw new Error(`UNSUPPORTED_PRACTICE_MODE: ${mode}`);
@@ -895,6 +1059,7 @@ async function callTool(name, args = {}) {
   if (name === 'nado_whoami') return handleWhoami();
   if (name === 'nado_save_flashcard') return handleSaveFlashcard(args);
   if (name === 'nado_save_study_item') return handleSaveFlashcard(args);
+  if (name === 'nado_update_study_item') return handleUpdateStudyItem(args);
   if (name === 'nado_analyze_and_save_flashcard') return handleAnalyzeAndSaveFlashcard(args);
   if (name === 'nado_list_study_items') return handleListStudyItems(args);
   if (name === 'nado_generate_practice') return handleGeneratePractice(args);

package/dist/nado-mcp-auth.mjs

@@ -11,6 +11,7 @@ import { fileURLToPath } from 'node:url';
 const DEFAULT_SUPABASE_URL = 'https://ptbwzhxifxdnfmqsiugi.supabase.co';
 const DEFAULT_SUPABASE_ANON_KEY = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6InB0Ynd6aHhpZnhkbmZtcXNpdWdpIiwicm9sZSI6ImFub24iLCJpYXQiOjE3NzU1MTU4MjEsImV4cCI6MjA5MTA5MTgyMX0.c0SU8lvIb8BbwhYyI529dn7tQUfwTl1cGqeahGKaD_g';
 const DEFAULT_RELAY_URL = 'https://language.nado.ai.kr/auth/mcp-callback';
+const DEFAULT_CONNECT_URL = 'https://language.nado.ai.kr/mcp/connect';
 const SUPPORTED_PROVIDERS = new Set(['google', 'kakao', 'apple']);
 const SUPPORTED_REDIRECT_MODES = new Set(['azure', 'local']);
 
@@ -51,13 +52,14 @@ function parseCli(argv) {
   }
 
   const options = {
-    provider: 'google',
+    provider: '',
     port: 0,
     envFile: process.env.NADO_MCP_AUTH_ENV_FILE || defaultAuthEnvFile(),
     supabaseUrl: process.env.NADO_MCP_SUPABASE_URL || process.env.EXPO_PUBLIC_SUPABASE_URL || DEFAULT_SUPABASE_URL,
     anonKey: process.env.NADO_MCP_SUPABASE_ANON_KEY || process.env.EXPO_PUBLIC_SUPABASE_ANON_KEY || DEFAULT_SUPABASE_ANON_KEY,
     redirectMode: 'azure',
     relayUrl: process.env.NADO_MCP_AUTH_RELAY_URL || DEFAULT_RELAY_URL,
+    connectUrl: process.env.NADO_MCP_CONNECT_URL || DEFAULT_CONNECT_URL,
     noOpen: false,
     timeoutMs: 300_000,
     help: false,
@@ -80,6 +82,7 @@ function parseCli(argv) {
     else if (flag === '--anon-key') options.anonKey = readValue();
     else if (flag === '--redirect-mode') options.redirectMode = readValue();
     else if (flag === '--relay-url') options.relayUrl = readValue();
+    else if (flag === '--connect-url') options.connectUrl = readValue();
     else if (flag === '--timeout-ms') options.timeoutMs = Number(readValue());
     else if (flag === '--no-open') options.noOpen = true;
     else if (flag === '--help' || flag === '-h') options.help = true;
@@ -123,10 +126,7 @@ function defaultUserAuthEnvFile() {
 
 async function login(options) {
   const provider = String(options.provider || '').toLowerCase();
-  if (provider === 'naver') {
-    throw new Error('Naver login is not available for local MCP auth yet because the Naver Edge Function uses fixed redirect URLs. Use google, kakao, or apple.');
-  }
-  if (!SUPPORTED_PROVIDERS.has(provider)) {
+  if (provider && !SUPPORTED_PROVIDERS.has(provider)) {
     throw new Error(`Unsupported provider: ${provider}. Use google, kakao, or apple.`);
   }
 
@@ -145,6 +145,10 @@ async function login(options) {
           sendHtml(response, 404, 'Nado MCP Auth', 'Unknown callback path.');
           return;
         }
+        if (request.method === 'OPTIONS') {
+          sendCors(response, 204);
+          return;
+        }
         if (settled) {
           sendHtml(response, 200, 'Nado MCP Auth', 'Login already completed. You can close this tab.');
           return;
@@ -154,6 +158,23 @@ async function login(options) {
         if (oauthError) throw new Error(oauthError);
         if (url.searchParams.get('state') !== state) throw new Error('Invalid OAuth state.');
 
+        if (request.method === 'POST') {
+          const session = await readPostedSession(request);
+          const user = await fetchUser(options.supabaseUrl, options.anonKey, session.access_token);
+
+          writeAuthEnv(options.envFile, {
+            NADO_MCP_SUPABASE_URL: options.supabaseUrl,
+            NADO_MCP_SUPABASE_ANON_KEY: options.anonKey,
+            NADO_MCP_ACCESS_TOKEN: session.access_token,
+            NADO_MCP_REFRESH_TOKEN: session.refresh_token,
+          });
+
+          settled = true;
+          sendJson(response, 200, { ok: true, email: user.email || null });
+          resolve({ session, user });
+          return;
+        }
+
         const code = url.searchParams.get('code');
         if (!code) throw new Error('Missing OAuth code.');
 
@@ -197,9 +218,9 @@ async function login(options) {
     codeChallenge,
   });
 
-  console.log(`Opening browser for Nado MCP login (${provider}).`);
+  console.log('Opening browser for Nado MCP login.');
   console.log(`Local callback: ${localCallbackUrl.toString()}`);
-  if (options.redirectMode === 'azure') console.log(`Azure relay: ${options.relayUrl}`);
+  if (provider && options.redirectMode === 'azure') console.log(`Azure relay: ${options.relayUrl}`);
   if (!options.noOpen) openBrowser(browserUrl);
   console.log(`If the browser did not open, visit:\n${browserUrl}`);
 
@@ -221,14 +242,21 @@ async function login(options) {
 function loginTimeoutError(options) {
   return new Error([
     'Timed out waiting for browser login.',
-    `Rerun \`nado-mcp login --provider ${options.provider} --timeout-ms 900000\` and keep the terminal open until the browser says login completed.`,
+    'Rerun `nado-mcp login --timeout-ms 900000` and keep the terminal open until the browser says login completed.',
     'If the browser did not open, copy the printed URL into the same desktop browser where you can sign in.',
-    'If Google login succeeds but the browser lands on the normal Nado site, upgrade @nado-language/mcp and confirm Supabase Auth allows the exact relay URL without query parameters.',
-    'If it still times out after the relay page says it is returning to the local helper, check that the browser can reach the printed 127.0.0.1 local callback URL.',
+    'If login succeeds but this still times out, check that the browser can reach the printed 127.0.0.1 local callback URL.',
   ].join(' '));
 }
 
 function buildBrowserLoginUrl({ options, provider, localCallbackUrl, codeChallenge }) {
+  if (!provider) {
+    return buildConnectUrl({
+      connectUrl: options.connectUrl,
+      localCallbackUrl,
+      supabaseUrl: options.supabaseUrl,
+    });
+  }
+
   if (options.redirectMode === 'local') {
     return buildAuthorizeUrl({
       supabaseUrl: options.supabaseUrl,
@@ -260,6 +288,17 @@ function buildRelayStartUrl({ relayUrl: value, localCallbackUrl, provider, supab
   return relayUrl.toString();
 }
 
+function buildConnectUrl({ connectUrl: value, localCallbackUrl, supabaseUrl }) {
+  const connectUrl = new URL(value);
+  if (connectUrl.protocol !== 'https:' && connectUrl.hostname !== 'localhost' && connectUrl.hostname !== '127.0.0.1') {
+    throw new Error('--connect-url must be an HTTPS URL unless it points to localhost.');
+  }
+  connectUrl.searchParams.set('local_callback', localCallbackUrl);
+  connectUrl.searchParams.set('supabase_url', supabaseUrl);
+  connectUrl.searchParams.set('client_version', packageVersion);
+  return connectUrl.toString();
+}
+
 function printStatus(options) {
   const values = readEnvFile(options.envFile);
   const accessToken = process.env.NADO_MCP_ACCESS_TOKEN || values.NADO_MCP_ACCESS_TOKEN || process.env.NADO_ACCESS_TOKEN || '';
@@ -339,6 +378,34 @@ async function readJsonResponse(response) {
   }
 }
 
+async function readPostedSession(request) {
+  const body = await readRequestJson(request);
+  const session = body?.session && typeof body.session === 'object' ? body.session : body;
+  const accessToken = typeof session?.access_token === 'string' ? session.access_token : '';
+  const refreshToken = typeof session?.refresh_token === 'string' ? session.refresh_token : '';
+  if (!accessToken || !refreshToken) {
+    throw new Error('Missing session tokens from Nado web login.');
+  }
+  return {
+    access_token: accessToken,
+    refresh_token: refreshToken,
+  };
+}
+
+async function readRequestJson(request) {
+  const chunks = [];
+  for await (const chunk of request) {
+    chunks.push(Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk));
+  }
+  const text = Buffer.concat(chunks).toString('utf8');
+  if (!text) return {};
+  try {
+    return JSON.parse(text);
+  } catch {
+    throw new Error('Invalid JSON callback payload.');
+  }
+}
+
 function openBrowser(url) {
   const platform = os.platform();
   const command = platform === 'darwin' ? 'open' : platform === 'win32' ? 'cmd' : 'xdg-open';
@@ -503,10 +570,29 @@ function closeServer(server) {
 }
 
 function sendHtml(response, status, title, message) {
-  response.writeHead(status, { 'content-type': 'text/html; charset=utf-8' });
+  response.writeHead(status, { ...callbackCorsHeaders(), 'content-type': 'text/html; charset=utf-8' });
   response.end(`<!doctype html><html><head><meta charset="utf-8"><title>${escapeHtml(title)}</title></head><body><h1>${escapeHtml(title)}</h1><p>${escapeHtml(message)}</p></body></html>`);
 }
 
+function sendJson(response, status, body) {
+  response.writeHead(status, { ...callbackCorsHeaders(), 'content-type': 'application/json; charset=utf-8' });
+  response.end(JSON.stringify(body));
+}
+
+function sendCors(response, status) {
+  response.writeHead(status, callbackCorsHeaders());
+  response.end();
+}
+
+function callbackCorsHeaders() {
+  return {
+    'access-control-allow-origin': '*',
+    'access-control-allow-methods': 'GET,POST,OPTIONS',
+    'access-control-allow-headers': 'content-type',
+    'access-control-allow-private-network': 'true',
+  };
+}
+
 function escapeHtml(value) {
   return String(value)
     .replace(/&/g, '&amp;')
@@ -520,30 +606,36 @@ function printHelp() {
   console.log(`Nado Language MCP browser auth
 
 Usage:
-  nado-mcp login [--provider google|kakao|apple]
+  nado-mcp login
+  nado-mcp login --provider google|kakao|apple
   nado-mcp status
   nado-mcp logout
   nado-mcp-auth --version
 
 Repo checkout aliases:
-  npm run mcp:nado:auth -- [login] [--provider google|kakao|apple]
+  npm run mcp:nado:auth -- [login]
   npm run mcp:nado:auth -- status
   npm run mcp:nado:auth -- logout
 
 Options:
-  --provider <name>       OAuth provider for login. Default: google
+  --provider <name>       Legacy direct OAuth provider. Normally omit this and sign in on the Nado web page.
   --auth-file <path>      Auth env file to write. Default: OS user config in package installs, .env.mcp.local in repo checkouts
   --port <number>         Local callback port. Default: 0 (random)
   --redirect-mode <mode>  azure or local. Default: azure
   --relay-url <url>       Azure Static Web Apps relay URL. Default: ${DEFAULT_RELAY_URL}
+  --connect-url <url>     Provider-neutral Nado web connect URL. Default: ${DEFAULT_CONNECT_URL}
   --no-open               Print the URL without opening a browser
   --timeout-ms <number>   Login wait timeout. Default: 300000
   --supabase-url <url>    Supabase project URL
   --anon-key <key>        Supabase anon key
   --version               Print installed Nado MCP version
 
-Default mode uses the existing Azure Static Web Apps site as a zero-new-resource
-OAuth relay. Supabase Auth must allow this redirect URL:
+Default mode opens the Nado web connect page. Sign in there with any provider
+supported by the web app, then the page posts the browser session to the local
+127.0.0.1 helper. Tokens are not placed in the browser URL.
+
+Legacy provider mode uses the existing Azure Static Web Apps site as a
+zero-new-resource OAuth relay. Supabase Auth must allow this redirect URL:
   ${DEFAULT_RELAY_URL}
 
 The relay starts login with local state in browser sessionStorage, then sends

package/dist/nado-mcp-cli.mjs

@@ -256,10 +256,14 @@ async function doctor() {
   console.log(`Claude Desktop config: ${registrationText(claude)}`);
   console.log(`OpenCode config: ${registrationText(opencode)}`);
   console.log('');
+  console.log('Current AI chat visibility: not detectable from this CLI.');
+  console.log('A green local server check only proves the stdio server can list tools; it does not prove an already-open chat loaded them.');
+  console.log('');
   console.log('If the server check is ok but Nado tools are not visible in the AI app:');
   console.log('  1. Fully quit and restart the desktop app after `nado-mcp connect`.');
   console.log('  2. Start a new chat/session; existing sessions may not reload newly added MCP tools.');
   console.log('  3. Run `nado-mcp status` for auth and `nado-mcp probe list` for local server tools.');
+  console.log('  4. If a chat tries local files or Google Drive for "나두/Nado 암기장", that chat did not load the Nado MCP tools.');
 }
 
 function printToolProbeSummary() {
@@ -630,6 +634,8 @@ function printUnknownClientSetup(client) {
 function printLoginNext(flow = {}) {
   if (flow.loginAfter) console.log('Browser login will open next.');
   else console.log('Next: run `nado-mcp login`.');
+  console.log('After login: fully restart the AI desktop app and start a new chat so it reloads MCP tools.');
+  console.log('If the chat still cannot see Nado tools, run `nado-mcp doctor`.');
 }
 
 function printIndented(text) {
@@ -827,8 +833,8 @@ Usage:
   nado-mcp status                     Show local auth status
   nado-mcp logout                     Remove local auth tokens
   nado-mcp server                     Start the stdio MCP server
-  nado-mcp probe list                 List exposed MCP tools
-  nado-mcp doctor                     Print local paths and auth status
+  nado-mcp probe list                 List local MCP server tools, not saved flashcards
+  nado-mcp doctor                     Diagnose local server, client config, auth, and chat reload state
   nado-mcp --version                  Print installed Nado MCP version
 
 Supported automatic setup clients:

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nado-language/mcp",
-  "version": "0.1.5",
+  "version": "0.1.7",
   "description": "Nado Language MCP server for saving AI-generated English flashcards and practicing saved materials.",
   "type": "module",
   "private": false,