@open-loyalty/mcp-server 1.0.0 → 1.0.2

package/dist/auth/storage.js

@@ -0,0 +1,98 @@
+/**
+ * Storage abstraction for OAuth data
+ * Uses Redis if REDIS_URL is set, otherwise falls back to in-memory storage
+ */
+import { Redis } from "ioredis";
+/**
+ * In-memory storage for local development
+ */
+class InMemoryStorage {
+    data = new Map();
+    async get(key) {
+        const entry = this.data.get(key);
+        if (!entry)
+            return null;
+        if (entry.expiresAt && entry.expiresAt < Date.now()) {
+            this.data.delete(key);
+            return null;
+        }
+        return entry.value;
+    }
+    async set(key, value, ttlMs) {
+        this.data.set(key, {
+            value,
+            expiresAt: ttlMs ? Date.now() + ttlMs : undefined,
+        });
+    }
+    async delete(key) {
+        this.data.delete(key);
+    }
+}
+/**
+ * Redis storage for production
+ */
+class RedisStorage {
+    client;
+    constructor(redisUrl) {
+        this.client = new Redis(redisUrl, {
+            maxRetriesPerRequest: 3,
+            retryStrategy: (times) => Math.min(times * 100, 3000),
+        });
+        this.client.on("error", (err) => {
+            console.error("Redis connection error:", err.message);
+        });
+        this.client.on("connect", () => {
+            console.log("Connected to Redis");
+        });
+    }
+    async get(key) {
+        const data = await this.client.get(key);
+        if (!data)
+            return null;
+        try {
+            return JSON.parse(data);
+        }
+        catch {
+            return null;
+        }
+    }
+    async set(key, value, ttlMs) {
+        const data = JSON.stringify(value);
+        if (ttlMs) {
+            await this.client.set(key, data, "PX", ttlMs);
+        }
+        else {
+            await this.client.set(key, data);
+        }
+    }
+    async delete(key) {
+        await this.client.del(key);
+    }
+}
+// Singleton storage instance
+let storage = null;
+/**
+ * Get the storage backend (Redis if available, otherwise in-memory)
+ */
+export function getStorage() {
+    if (storage)
+        return storage;
+    const redisUrl = process.env.REDIS_URL;
+    if (redisUrl) {
+        console.log("Using Redis for OAuth storage");
+        storage = new RedisStorage(redisUrl);
+    }
+    else {
+        console.log("Using in-memory storage for OAuth (set REDIS_URL for persistence)");
+        storage = new InMemoryStorage();
+    }
+    return storage;
+}
+// Storage key prefixes
+export const KEYS = {
+    client: (id) => `oauth:client:${id}`,
+    authCode: (code) => `oauth:code:${code}`,
+    session: (id) => `oauth:session:${id}`,
+    token: (token) => `oauth:token:${token}`,
+    config: (clientId) => `oauth:config:${clientId}`,
+};

package/dist/config.d.ts

@@ -13,5 +13,17 @@ declare const ConfigSchema: z.ZodObject<{
     defaultStoreCode: string;
 }>;
 export type Config = z.infer<typeof ConfigSchema>;
+/**
+ * Sets a config override for the current request (OAuth mode)
+ */
+export declare function setConfigOverride(override: {
+    apiUrl: string;
+    apiToken: string;
+    storeCode: string;
+}): void;
+/**
+ * Clears the config override after request completes
+ */
+export declare function clearConfigOverride(): void;
 export declare function getConfig(): Config;
 export {};

package/dist/config.js

@@ -5,7 +5,29 @@ const ConfigSchema = z.object({
     defaultStoreCode: z.string().min(1),
 });
 let config = null;
+// Per-request config override for OAuth mode
+let configOverride = null;
+/**
+ * Sets a config override for the current request (OAuth mode)
+ */
+export function setConfigOverride(override) {
+    configOverride = {
+        apiUrl: override.apiUrl,
+        apiToken: override.apiToken,
+        defaultStoreCode: override.storeCode,
+    };
+}
+/**
+ * Clears the config override after request completes
+ */
+export function clearConfigOverride() {
+    configOverride = null;
+}
 export function getConfig() {
+    // Return override if set (OAuth mode)
+    if (configOverride) {
+        return configOverride;
+    }
     if (config) {
         return config;
     }

package/dist/http.d.ts

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+import "dotenv/config";

package/dist/http.js

@@ -0,0 +1,214 @@
+#!/usr/bin/env node
+import "dotenv/config";
+import express from "express";
+import cors from "cors";
+import { randomUUID } from "crypto";
+import { StreamableHTTPServerTransport } from "@modelcontextprotocol/sdk/server/streamableHttp.js";
+import { mcpAuthRouter } from "@modelcontextprotocol/sdk/server/auth/router.js";
+import { createServer, SERVER_INSTRUCTIONS } from "./server.js";
+import { getConfig, setConfigOverride, clearConfigOverride } from "./config.js";
+import { createOAuthProvider, completeAuthorization, validateOpenLoyaltyCredentials, getClientConfig, } from "./auth/provider.js";
+// Check if OAuth mode is enabled
+const OAUTH_ENABLED = process.env.OAUTH_ENABLED === "true";
+const BASE_URL = process.env.BASE_URL || `http://localhost:${process.env.PORT || 3000}`;
+// In non-OAuth mode, validate config on startup
+if (!OAUTH_ENABLED) {
+    try {
+        getConfig();
+    }
+    catch (error) {
+        console.error("Configuration error:", error instanceof Error ? error.message : error);
+        process.exit(1);
+    }
+}
+const app = express();
+// CORS for ChatGPT
+app.use(cors({
+    origin: "*",
+    methods: ["GET", "POST", "PUT", "DELETE", "OPTIONS"],
+    allowedHeaders: ["Content-Type", "Authorization", "MCP-Session-Id", "MCP-Protocol-Version"],
+    exposedHeaders: ["MCP-Session-Id"],
+}));
+app.use(express.json());
+// Store transports by session ID for stateful connections
+const transports = new Map();
+// Health check endpoint
+app.get("/health", (_req, res) => {
+    res.json({ status: "ok", server: "openloyalty-mcp", oauth: OAUTH_ENABLED });
+});
+// OAuth mode setup
+if (OAUTH_ENABLED) {
+    const provider = createOAuthProvider(BASE_URL);
+    // Add MCP SDK auth router (handles /.well-known/*, /authorize, /token, /register)
+    app.use(mcpAuthRouter({
+        provider,
+        issuerUrl: new URL(BASE_URL),
+        baseUrl: new URL(BASE_URL),
+        serviceDocumentationUrl: new URL("https://github.com/OpenLoyalty/openloyalty-mcp"),
+    }));
+    // Authorization form submission endpoint
+    app.post("/authorize/submit", async (req, res) => {
+        const { session_id, api_url, api_token, store_code } = req.body;
+        if (!session_id || !api_url || !api_token || !store_code) {
+            res.status(400).json({ error: "Missing required fields" });
+            return;
+        }
+        const config = {
+            apiUrl: api_url.replace(/\/$/, ""),
+            apiToken: api_token,
+            storeCode: store_code,
+        };
+        // Validate credentials
+        const validation = await validateOpenLoyaltyCredentials(config);
+        if (!validation.valid) {
+            res.status(400).json({ error: validation.error });
+            return;
+        }
+        // Complete authorization
+        const result = await completeAuthorization(session_id, config);
+        if ("error" in result) {
+            res.status(400).json({ error: result.error });
+            return;
+        }
+        res.json({ redirect_url: result.redirectUrl });
+    });
+    // Auth middleware for /mcp endpoint
+    const authMiddleware = async (req, res, next) => {
+        const authHeader = req.headers.authorization;
+        if (!authHeader || !authHeader.startsWith("Bearer ")) {
+            res.status(401).json({ error: "Missing or invalid Authorization header" });
+            return;
+        }
+        const token = authHeader.slice(7);
+        try {
+            const authInfo = await provider.verifyAccessToken(token);
+            // Get client's Open Loyalty config
+            const config = await getClientConfig(authInfo.clientId);
+            if (!config) {
+                res.status(401).json({ error: "Open Loyalty not configured. Please re-authorize." });
+                return;
+            }
+            // Set config override for this request
+            setConfigOverride(config);
+            // Store clientId for cleanup
+            req.clientId = authInfo.clientId;
+            next();
+        }
+        catch (error) {
+            res.status(401).json({
+                error: error instanceof Error ? error.message : "Authentication failed",
+            });
+        }
+    };
+    // Apply auth middleware to /mcp
+    app.use("/mcp", authMiddleware);
+}
+// MCP endpoint - handles both initialization and messages
+app.all("/mcp", async (req, res) => {
+    const sessionId = req.headers["mcp-session-id"];
+    try {
+        // Handle GET requests for SSE streams
+        if (req.method === "GET") {
+            if (!sessionId || !transports.has(sessionId)) {
+                res.status(400).json({ error: "Invalid or missing session ID for SSE stream" });
+                return;
+            }
+            const transport = transports.get(sessionId);
+            await transport.handleRequest(req, res);
+            return;
+        }
+        // Handle DELETE requests for session cleanup
+        if (req.method === "DELETE") {
+            if (sessionId && transports.has(sessionId)) {
+                const transport = transports.get(sessionId);
+                await transport.close();
+                transports.delete(sessionId);
+                res.status(204).send();
+            }
+            else {
+                res.status(404).json({ error: "Session not found" });
+            }
+            return;
+        }
+        // Handle POST requests
+        if (req.method === "POST") {
+            // Check if this is an initialization request (no session ID)
+            if (!sessionId) {
+                // Create new session
+                const newSessionId = randomUUID();
+                const transport = new StreamableHTTPServerTransport({
+                    sessionIdGenerator: () => newSessionId,
+                });
+                // Create and connect server
+                const server = createServer();
+                await server.connect(transport);
+                // Store transport for future requests
+                transports.set(newSessionId, transport);
+                // Clean up on close
+                transport.onclose = () => {
+                    transports.delete(newSessionId);
+                };
+                // Handle the request
+                await transport.handleRequest(req, res, req.body);
+                return;
+            }
+            // Existing session - route to stored transport
+            const transport = transports.get(sessionId);
+            if (!transport) {
+                res.status(404).json({ error: "Session not found. Initialize a new session first." });
+                return;
+            }
+            await transport.handleRequest(req, res, req.body);
+            return;
+        }
+        // Unsupported method
+        res.status(405).json({ error: "Method not allowed" });
+    }
+    finally {
+        // Clean up config override in OAuth mode
+        if (OAUTH_ENABLED) {
+            clearConfigOverride();
+        }
+    }
+});
+// Server info endpoint
+app.get("/", (_req, res) => {
+    const endpoints = {
+        mcp: "/mcp",
+        health: "/health",
+    };
+    if (OAUTH_ENABLED) {
+        endpoints.authorize = "/authorize";
+        endpoints.token = "/token";
+        endpoints.register = "/register";
+        endpoints.oauth_metadata = "/.well-known/oauth-authorization-server";
+    }
+    res.json({
+        name: "Open Loyalty MCP Server",
+        version: "1.0.0",
+        transport: "streamable-http",
+        oauth: OAUTH_ENABLED,
+        endpoints,
+        instructions: SERVER_INSTRUCTIONS.slice(0, 500) + "...",
+    });
+});
+const PORT = parseInt(process.env.MCP_HTTP_PORT || process.env.PORT || "3000", 10);
+app.listen(PORT, () => {
+    console.log(`Open Loyalty MCP HTTP Server running on port ${PORT}`);
+    console.log(`  - MCP endpoint: http://localhost:${PORT}/mcp`);
+    console.log(`  - Health check: http://localhost:${PORT}/health`);
+    console.log(`  - Server info:  http://localhost:${PORT}/`);
+    if (OAUTH_ENABLED) {
+        console.log("");
+        console.log("OAuth 2.1 enabled:");
+        console.log(`  - Authorize:    ${BASE_URL}/authorize`);
+        console.log(`  - Token:        ${BASE_URL}/token`);
+        console.log(`  - Register:     ${BASE_URL}/register`);
+        console.log(`  - Metadata:     ${BASE_URL}/.well-known/oauth-authorization-server`);
+    }
+    else {
+        console.log("");
+        console.log("OAuth disabled. Using environment variables for API credentials.");
+        console.log("Set OAUTH_ENABLED=true and BASE_URL for OAuth mode.");
+    }
+});

package/dist/index.d.ts

@@ -1,2 +1,2 @@
 #!/usr/bin/env node
-export {};
+import "dotenv/config";

package/dist/index.js

@@ -1,4 +1,5 @@
 #!/usr/bin/env node
+import "dotenv/config";
 import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
 import { createServer } from "./server.js";
 import { getConfig } from "./config.js";

package/package.json

@@ -1,18 +1,10 @@
 {
   "name": "@open-loyalty/mcp-server",
-  "version": "1.0.0",
+  "version": "1.0.2",
   "type": "module",
   "description": "MCP server for Open Loyalty API - enables AI agents to manage loyalty programs, members, points, rewards, and transactions",
   "author": "Marcin Dyguda <md@openloyalty.io>",
   "license": "MIT",
-  "repository": {
-    "type": "git",
-    "url": "git+https://github.com/openloyalty/mcp-server.git"
-  },
-  "homepage": "https://github.com/openloyalty/mcp-server#readme",
-  "bugs": {
-    "url": "https://github.com/openloyalty/mcp-server/issues"
-  },
   "keywords": [
     "mcp",
     "model-context-protocol",
@@ -25,7 +17,8 @@
   ],
   "main": "dist/index.js",
   "bin": {
-    "openloyalty-mcp": "./dist/index.js"
+    "openloyalty-mcp": "./dist/index.js",
+    "openloyalty-mcp-http": "./dist/http.js"
   },
   "files": [
     "dist",
@@ -36,7 +29,9 @@
     "build": "tsc",
     "prepublishOnly": "npm run build",
     "start": "node dist/index.js",
+    "start:http": "node dist/http.js",
     "dev": "tsx src/index.ts",
+    "dev:http": "tsx src/http.ts",
     "typecheck": "tsc --noEmit",
     "test": "vitest",
     "test:run": "vitest run",
@@ -46,9 +41,15 @@
   "dependencies": {
     "@modelcontextprotocol/sdk": "^1.0.0",
     "axios": "^1.6.0",
+    "cors": "^2.8.5",
+    "dotenv": "^17.2.3",
+    "express": "^5.2.1",
+    "ioredis": "^5.9.2",
     "zod": "^3.22.0"
   },
   "devDependencies": {
+    "@types/cors": "^2.8.19",
+    "@types/express": "^5.0.6",
     "@types/node": "^20.10.0",
     "@vitest/coverage-v8": "^4.0.17",
     "axios-mock-adapter": "^2.1.0",

package/dist/tools/member.test.d.ts

@@ -1 +0,0 @@
-export {};

package/dist/tools/member.test.js

@@ -1,213 +0,0 @@
-// src/tools/member.test.ts
-import { describe, it, expect, beforeEach, afterEach } from 'vitest';
-import { setupMockAxios, teardownMockAxios, getMockAxios } from '../../tests/mocks/http.mock.js';
-import { memberFixtures } from '../../tests/fixtures/member.fixtures.js';
-import { memberCreate, memberGet, memberList, memberUpdate, memberActivate, memberDeactivate, memberDelete, memberGetTierProgress, memberAssignTier, memberRemoveManualTier, } from './member.js';
-describe('Member Operations', () => {
-    beforeEach(() => {
-        setupMockAxios();
-    });
-    afterEach(() => {
-        teardownMockAxios();
-    });
-    describe('memberCreate', () => {
-        it('should create member with required fields only', async () => {
-            const mockAxios = getMockAxios();
-            mockAxios.onPost('/default/member').reply(200, memberFixtures.createResponse);
-            const result = await memberCreate({
-                email: 'test@example.com',
-            });
-            expect(result).toEqual({
-                memberId: '550e8400-e29b-41d4-a716-446655440000',
-                loyaltyCardNumber: 'CARD123456789',
-                email: 'test@example.com',
-            });
-            // Verify request body format with customer wrapper
-            const requestData = JSON.parse(mockAxios.history.post[0].data);
-            expect(requestData).toEqual({
-                customer: {
-                    email: 'test@example.com',
-                },
-            });
-        });
-        it('should create member with all optional fields', async () => {
-            const mockAxios = getMockAxios();
-            mockAxios.onPost('/default/member').reply(200, {
-                customerId: 'full-uuid',
-                loyaltyCardNumber: 'CUSTOM123',
-                email: 'full@example.com',
-            });
-            const result = await memberCreate({
-                email: 'full@example.com',
-                firstName: 'John',
-                lastName: 'Doe',
-                phone: '+1234567890',
-                birthDate: '1990-01-15',
-                gender: 'male',
-                loyaltyCardNumber: 'CUSTOM123',
-                agreement1: true,
-                agreement2: false,
-                agreement3: true,
-                address: {
-                    street: '123 Main St',
-                    city: 'New York',
-                    postal: '10001',
-                    country: 'US',
-                },
-            });
-            expect(result.memberId).toBe('full-uuid');
-            // Verify all fields in request
-            const requestData = JSON.parse(mockAxios.history.post[0].data);
-            expect(requestData.customer.firstName).toBe('John');
-            expect(requestData.customer.lastName).toBe('Doe');
-            expect(requestData.customer.address.city).toBe('New York');
-            expect(requestData.customer.agreement1).toBe(true);
-            expect(requestData.customer.agreement2).toBe(false);
-        });
-        it('should use custom storeCode when provided', async () => {
-            const mockAxios = getMockAxios();
-            mockAxios.onPost('/custom-store/member').reply(200, {
-                customerId: 'uuid',
-                email: 'test@example.com',
-            });
-            await memberCreate({
-                storeCode: 'custom-store',
-                email: 'test@example.com',
-            });
-            expect(mockAxios.history.post[0].url).toBe('/custom-store/member');
-        });
-        it('should throw formatted error on API error', async () => {
-            const mockAxios = getMockAxios();
-            mockAxios.onPost('/default/member').reply(400, {
-                message: 'Email already exists',
-                code: 400,
-            });
-            await expect(memberCreate({ email: 'duplicate@example.com' }))
-                .rejects.toThrow();
-        });
-    });
-    describe('memberGet', () => {
-        it('should get member details and map customerId to memberId', async () => {
-            const mockAxios = getMockAxios();
-            mockAxios.onGet('/default/member/member-uuid').reply(200, memberFixtures.getResponse);
-            const result = await memberGet({ memberId: 'member-uuid' });
-            expect(result.memberId).toBe('550e8400-e29b-41d4-a716-446655440000');
-            expect(result.email).toBe('test@example.com');
-            expect(result.firstName).toBe('John');
-            expect(result.levelName).toBe('Silver');
-        });
-        it('should use custom storeCode', async () => {
-            const mockAxios = getMockAxios();
-            mockAxios.onGet('/other-store/member/id123').reply(200, memberFixtures.getResponse);
-            await memberGet({ storeCode: 'other-store', memberId: 'id123' });
-            expect(mockAxios.history.get[0].url).toBe('/other-store/member/id123');
-        });
-    });
-    describe('memberList', () => {
-        it('should list members and map customerId to memberId', async () => {
-            const mockAxios = getMockAxios();
-            mockAxios.onGet('/default/member').reply(200, memberFixtures.listResponse);
-            const result = await memberList({});
-            expect(result.members).toHaveLength(2);
-            expect(result.members[0].memberId).toBe('uuid-1');
-            expect(result.members[0].email).toBe('user1@example.com');
-            expect(result.total.all).toBe(100);
-            expect(result.total.filtered).toBe(2);
-        });
-        it('should include pagination params with correct names', async () => {
-            const mockAxios = getMockAxios();
-            mockAxios.onGet(/\/default\/member/).reply(200, memberFixtures.listResponse);
-            await memberList({ page: 2, perPage: 25 });
-            const url = mockAxios.history.get[0].url;
-            expect(url).toContain('_page=2');
-            expect(url).toContain('_itemsOnPage=25');
-        });
-        it('should include filter params', async () => {
-            const mockAxios = getMockAxios();
-            mockAxios.onGet(/\/default\/member/).reply(200, memberFixtures.listResponse);
-            await memberList({
-                email: 'test@example.com',
-                firstName: 'John',
-                active: true,
-            });
-            const url = mockAxios.history.get[0].url;
-            expect(url).toContain('email=test%40example.com');
-            expect(url).toContain('firstName=John');
-            expect(url).toContain('active=true');
-        });
-    });
-    describe('memberUpdate', () => {
-        it('should update member with customer wrapper', async () => {
-            const mockAxios = getMockAxios();
-            mockAxios.onPut('/default/member/member-uuid').reply(200);
-            await memberUpdate({
-                memberId: 'member-uuid',
-                firstName: 'Jane',
-                lastName: 'Smith',
-            });
-            const requestData = JSON.parse(mockAxios.history.put[0].data);
-            expect(requestData).toEqual({
-                customer: {
-                    firstName: 'Jane',
-                    lastName: 'Smith',
-                },
-            });
-        });
-    });
-    describe('memberActivate', () => {
-        it('should call activate endpoint', async () => {
-            const mockAxios = getMockAxios();
-            mockAxios.onPost('/default/member/member-uuid/activate').reply(200);
-            await memberActivate({ memberId: 'member-uuid' });
-            expect(mockAxios.history.post[0].url).toBe('/default/member/member-uuid/activate');
-        });
-    });
-    describe('memberDeactivate', () => {
-        it('should call deactivate endpoint', async () => {
-            const mockAxios = getMockAxios();
-            mockAxios.onPost('/default/member/member-uuid/deactivate').reply(200);
-            await memberDeactivate({ memberId: 'member-uuid' });
-            expect(mockAxios.history.post[0].url).toBe('/default/member/member-uuid/deactivate');
-        });
-    });
-    describe('memberDelete', () => {
-        it('should call delete endpoint', async () => {
-            const mockAxios = getMockAxios();
-            mockAxios.onDelete('/default/member/member-uuid').reply(200);
-            await memberDelete({ memberId: 'member-uuid' });
-            expect(mockAxios.history.delete[0].url).toBe('/default/member/member-uuid');
-        });
-    });
-    describe('memberGetTierProgress', () => {
-        it('should get tier progress information', async () => {
-            const mockAxios = getMockAxios();
-            mockAxios.onGet('/default/member/member-uuid/tier').reply(200, memberFixtures.tierProgressResponse);
-            const result = await memberGetTierProgress({ memberId: 'member-uuid' });
-            expect(result.currentTier?.name).toBe('Silver');
-            expect(result.nextTier?.name).toBe('Gold');
-            expect(result.currentValue).toBe(750);
-            expect(result.requiredValue).toBe(1000);
-            expect(result.progressPercent).toBe(75);
-        });
-    });
-    describe('memberAssignTier', () => {
-        it('should assign tier to member', async () => {
-            const mockAxios = getMockAxios();
-            mockAxios.onPost('/default/member/member-uuid/tier').reply(200);
-            await memberAssignTier({
-                memberId: 'member-uuid',
-                levelId: 'gold-level-uuid',
-            });
-            const requestData = JSON.parse(mockAxios.history.post[0].data);
-            expect(requestData.levelId).toBe('gold-level-uuid');
-        });
-    });
-    describe('memberRemoveManualTier', () => {
-        it('should remove manual tier assignment', async () => {
-            const mockAxios = getMockAxios();
-            mockAxios.onDelete('/default/member/member-uuid/tier').reply(200);
-            await memberRemoveManualTier({ memberId: 'member-uuid' });
-            expect(mockAxios.history.delete[0].url).toBe('/default/member/member-uuid/tier');
-        });
-    });
-});

package/dist/tools/points.test.d.ts

@@ -1 +0,0 @@
-export {};