@pharaoh-so/mcp 0.1.5 → 0.2.0

package/dist/index.js

@@ -5,170 +5,104 @@
  * Presents as an MCP server on stdio (for Claude Code) and relays messages
  * to a remote Pharaoh SSE server. Authenticates via RFC 8628 device flow
  * so the user can authorize on any device with a browser.
+ *
+ * Two modes determined by whether stdin is a TTY:
+ * - Interactive (TTY): authenticate, print setup instructions, exit.
+ * - Proxy (pipe):      require pre-existing credentials, bridge stdio ↔ SSE.
  */
 import { printActivationPrompt, printAuthSuccess, pollForToken, requestDeviceCode, } from "./auth.js";
-import { deleteCredentials, isExpired, readCredentials, writeCredentials, } from "./credentials.js";
+import { deleteCredentials, isExpired, readCredentials, writeCredentials } from "./credentials.js";
+import { formatIdentity, formatTtl, parseArgs, printLines, printSetupInstructions, printUsage, resolveSseUrl, tokenToCredentials, } from "./helpers.js";
 import { TokenExpiredError, TenantSuspendedError, startProxy } from "./proxy.js";
-const DEFAULT_SERVER = "https://mcp.pharaoh.so";
-/** Parse CLI arguments. */
-function parseArgs() {
+async function main() {
     const args = process.argv.slice(2);
-    let server = DEFAULT_SERVER;
-    let logout = false;
-    for (let i = 0; i < args.length; i++) {
-        if (args[i] === "--server" && args[i + 1]) {
-            server = args[i + 1];
-            i++;
-        }
-        else if (args[i] === "--logout") {
-            logout = true;
-        }
-        else if (args[i] === "--help" || args[i] === "-h") {
-            printUsage();
-            process.exit(0);
-        }
+    if (args.includes("--help") || args.includes("-h")) {
+        printUsage();
+        process.exit(0);
     }
-    // Strip trailing slash
-    server = server.replace(/\/+$/, "");
-    return { server, logout };
-}
-function printUsage() {
-    process.stderr.write([
-        "Usage: pharaoh-mcp [options]",
-        "",
-        "Options:",
-        "  --server <url>  Pharaoh server URL (default: https://mcp.pharaoh.so)",
-        "  --logout        Clear stored credentials and exit",
-        "  --help, -h      Show this help",
-        "",
-        "Add to Claude Code:",
-        "  claude mcp add pharaoh -- npx @pharaoh-so/mcp",
-        "",
-    ].join("\n") + "\n");
-}
-/** Run the device flow and return a token response. */
-async function authenticate(server) {
-    const deviceCode = await requestDeviceCode(server);
-    printActivationPrompt(deviceCode.user_code, deviceCode.verification_uri);
-    return pollForToken(server, deviceCode.device_code, deviceCode.interval);
-}
-/**
- * Validate that a server-supplied SSE URL shares the same origin as the configured server.
- * Prevents a compromised auth response from redirecting the Bearer token to an attacker's host.
- * Falls back to `${server}/sse` if the URL is missing, malformed, or cross-origin.
- */
-function resolveSseUrl(tokenSseUrl, server) {
-    const fallback = `${server}/sse`;
-    if (!tokenSseUrl)
-        return fallback;
-    try {
-        const sseOrigin = new URL(tokenSseUrl).origin;
-        const serverOrigin = new URL(server).origin;
-        if (sseOrigin !== serverOrigin) {
-            process.stderr.write(`Pharaoh: ignoring cross-origin sse_url (${sseOrigin} ≠ ${serverOrigin})\n`);
-            return fallback;
-        }
-        return tokenSseUrl;
+    // Inspect mode — serve tool schemas over stdio for Glama directory inspection
+    if (args.includes("--inspect")) {
+        const { runInspect } = await import("./inspect.js");
+        await runInspect();
+        return;
     }
-    catch {
-        return fallback;
+    // Install-skills mode — copy bundled skills to ~/.openclaw/skills/
+    if (args.includes("--install-skills")) {
+        const { runInstallSkills } = await import("./install-skills.js");
+        runInstallSkills();
+        return;
     }
-}
-/** Convert a token response to storable credentials. */
-function tokenToCredentials(token, sseUrl) {
-    return {
-        version: 1,
-        access_token: token.access_token,
-        expires_at: new Date(Date.now() + token.expires_in * 1000).toISOString(),
-        expires_in: token.expires_in,
-        sse_url: sseUrl,
-        github_login: token.github_login ?? null,
-        tenant_name: token.tenant_name ?? null,
-        repos: token.repos ?? [],
-    };
-}
-/** Format remaining TTL as human-readable string (e.g. "5d 12h"). */
-function formatTtl(expiresAt) {
-    const remainingMs = new Date(expiresAt).getTime() - Date.now();
-    if (remainingMs <= 0)
-        return "expired";
-    const hours = Math.floor(remainingMs / 3_600_000);
-    const days = Math.floor(hours / 24);
-    const remHours = hours % 24;
-    if (days > 0)
-        return `${days}d ${remHours}h`;
-    if (hours > 0)
-        return `${hours}h`;
-    return `${Math.floor(remainingMs / 60_000)}m`;
-}
-async function main() {
-    const { server, logout } = parseArgs();
-    // --logout: clear credentials and exit
+    const { server, logout } = parseArgs(args);
     if (logout) {
         deleteCredentials();
-        process.stderr.write("Pharaoh: credentials cleared\n");
+        printLines("Pharaoh: credentials cleared");
         process.exit(0);
     }
-    let creds = readCredentials();
-    // If we have valid credentials, try to connect directly
-    if (creds && !isExpired(creds)) {
-        process.stderr.write(`Pharaoh: token valid for ${formatTtl(creds.expires_at)} — connecting\n`);
-        try {
-            await startProxy(creds.sse_url, creds.access_token);
-            return;
-        }
-        catch (err) {
-            if (err instanceof TokenExpiredError) {
-                process.stderr.write("Pharaoh: token rejected by server — re-authenticating\n");
-                deleteCredentials();
-                creds = null;
-            }
-            else if (err instanceof TenantSuspendedError) {
-                process.stderr.write(`Pharaoh: ${err.message}\n`);
-                process.exit(1);
-            }
-            else {
-                throw err;
-            }
+    const creds = readCredentials();
+    const isInteractive = Boolean(process.stdin.isTTY);
+    // ── Interactive mode (user running in a terminal) ──
+    // Authenticate if needed, print setup instructions, and exit.
+    // The proxy is useless without Claude Code on the other end of stdin.
+    if (isInteractive) {
+        if (creds && !isExpired(creds)) {
+            printLines(`Pharaoh: authenticated as ${formatIdentity(creds)} — token valid for ${formatTtl(creds.expires_at)}, ${creds.repos.length} repo${creds.repos.length === 1 ? "" : "s"} connected`);
+            printSetupInstructions();
+            process.exit(0);
         }
-    }
-    // No valid credentials — run device flow
-    if (!creds || isExpired(creds)) {
-        process.stderr.write("Pharaoh: no valid credentials — starting device authorization\n");
-        const token = await authenticate(server);
+        // No valid credentials — run device flow
+        printLines("Pharaoh: no valid credentials — starting device authorization");
+        const deviceCode = await requestDeviceCode(server);
+        printActivationPrompt(deviceCode.user_code, deviceCode.verification_uri);
+        const token = await pollForToken(server, deviceCode.device_code, deviceCode.interval);
         if (token.provisional) {
-            process.stderr.write(`Pharaoh: provisional access — install the GitHub App to map your repos: ${token.install_url ?? ""}\n`);
+            printLines(`Pharaoh: provisional access — install the GitHub App to map your repos: ${token.install_url ?? ""}`);
         }
         const sseUrl = resolveSseUrl(token.sse_url, server);
-        creds = tokenToCredentials(token, sseUrl);
-        writeCredentials(creds);
+        const newCreds = tokenToCredentials(token, sseUrl);
+        writeCredentials(newCreds);
         printAuthSuccess(token.github_login ?? null, token.tenant_name ?? null, token.repos?.length ?? 0);
+        printSetupInstructions();
+        process.exit(0);
+    }
+    // ── Proxy mode (Claude Code spawned us as a stdio MCP server) ──
+    // If no credentials, we can't run the device flow (no TTY for user interaction).
+    if (!creds || isExpired(creds)) {
+        printLines("Pharaoh: no valid credentials — cannot start proxy.", "Run this command first to authenticate:", "  npx @pharaoh-so/mcp", "");
+        process.exit(1);
     }
-    // Start proxy with fresh credentials
+    // Valid credentials — start the proxy
+    printLines(`Pharaoh: token valid for ${formatTtl(creds.expires_at)} — connecting`);
     try {
         await startProxy(creds.sse_url, creds.access_token);
     }
     catch (err) {
         if (err instanceof TokenExpiredError) {
-            // Token expired during session — delete creds and re-auth
-            process.stderr.write("Pharaoh: session expired — re-authenticating\n");
+            printLines("Pharaoh: token expired or revoked.", "Run this command to re-authenticate:", "  npx @pharaoh-so/mcp", "");
             deleteCredentials();
-            const token = await authenticate(server);
-            const sseUrl = resolveSseUrl(token.sse_url, server);
-            creds = tokenToCredentials(token, sseUrl);
-            writeCredentials(creds);
-            await startProxy(creds.sse_url, creds.access_token);
-        }
-        else if (err instanceof TenantSuspendedError) {
-            process.stderr.write(`Pharaoh: ${err.message}\n`);
             process.exit(1);
         }
-        else {
-            throw err;
+        if (err instanceof TenantSuspendedError) {
+            printLines(`Pharaoh: ${err.message}`);
+            process.exit(1);
         }
+        throw err;
     }
 }
 main().catch((err) => {
-    process.stderr.write(`Pharaoh: fatal — ${err instanceof Error ? err.message : String(err)}\n`);
+    // Default: print only error name/code to avoid leaking tokens, internal URLs,
+    // or stack fragments that persist in CI logs. Full message behind PHARAOH_DEBUG.
+    if (process.env.PHARAOH_DEBUG === "1" && err instanceof Error) {
+        // Use main's comprehensive redaction patterns when showing the full message
+        const safeMsg = err.message
+            .replace(/Bearer\s+\S+/gi, "Bearer [REDACTED]")
+            .replace(/(?:phat|phrt|ghp|gho|ghs|ghu)_\S+/gi, "[REDACTED_TOKEN]")
+            .replace(/[?&](?:code|token|key|secret|password|state)=[^&\s]+/gi, "?[REDACTED_PARAM]")
+            .replace(/\b[0-9a-f]{32,}\b/gi, "[REDACTED_HEX]");
+        printLines(`Pharaoh: fatal — ${safeMsg}`);
+    }
+    else {
+        const label = err instanceof Error ? err.name : "Error";
+        printLines(`Pharaoh: fatal — ${label}. Set PHARAOH_DEBUG=1 for details.`);
+    }
     process.exit(1);
 });

package/dist/inspect.d.ts

@@ -0,0 +1,11 @@
+/**
+ * Inspect mode — serves Pharaoh's tool schemas over stdio for Glama inspection.
+ *
+ * Reads pre-generated tool schemas from inspect-tools.json (generated at build
+ * time by the main repo's `generate-inspect-schemas.ts`). Registers each tool
+ * on an MCP server that returns a "connect to mcp.pharaoh.so" message if invoked.
+ *
+ * Zero-drift: schemas are extracted from the same registerXxx() code that the
+ * production server uses, serialized to JSON during build, and shipped in the npm package.
+ */
+export declare function runInspect(): Promise<void>;

package/dist/inspect.js

@@ -0,0 +1,45 @@
+/**
+ * Inspect mode — serves Pharaoh's tool schemas over stdio for Glama inspection.
+ *
+ * Reads pre-generated tool schemas from inspect-tools.json (generated at build
+ * time by the main repo's `generate-inspect-schemas.ts`). Registers each tool
+ * on an MCP server that returns a "connect to mcp.pharaoh.so" message if invoked.
+ *
+ * Zero-drift: schemas are extracted from the same registerXxx() code that the
+ * production server uses, serialized to JSON during build, and shipped in the npm package.
+ */
+import { readFileSync } from "node:fs";
+import { join } from "node:path";
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
+const INSPECT_MSG = "This is Pharaoh's inspection server for directory listings. " +
+    "Connect to https://mcp.pharaoh.so for actual usage.";
+export async function runInspect() {
+    // Load pre-generated schemas (shipped in the npm package)
+    const schemasPath = join(import.meta.dirname, "..", "inspect-tools.json");
+    let schemas;
+    try {
+        schemas = JSON.parse(readFileSync(schemasPath, "utf-8"));
+    }
+    catch {
+        process.stderr.write("Pharaoh: inspect-tools.json not found — rebuild the package.\n");
+        process.exit(1);
+    }
+    const server = new McpServer({ name: "pharaoh", version: "0.1.0" }, {
+        instructions: "Pharaoh turns codebases into knowledge graphs that AI agents can think with. " +
+            "Connect at https://mcp.pharaoh.so for full functionality.",
+    });
+    // Register each tool with pre-serialized JSON Schema.
+    // Cast inputSchema to satisfy TypeScript — at runtime registerTool passes it through as-is.
+    for (const tool of schemas.tools) {
+        // biome-ignore lint/suspicious/noExplicitAny: JSON Schema from inspect-tools.json, not Zod
+        const schema = tool.inputSchema;
+        server.registerTool(tool.name, {
+            description: tool.description,
+            inputSchema: schema,
+            annotations: tool.annotations,
+        }, async () => ({ content: [{ type: "text", text: INSPECT_MSG }] }));
+    }
+    const transport = new StdioServerTransport();
+    await server.connect(transport);
+}

package/dist/install-skills.d.ts

@@ -0,0 +1,33 @@
+/**
+ * Detect whether OpenClaw is installed by checking for ~/.openclaw/.
+ *
+ * @param home - Home directory override (defaults to os.homedir()).
+ * @returns True if ~/.openclaw/ exists.
+ */
+export declare function detectOpenClaw(home?: string): boolean;
+/**
+ * Copy all bundled skill directories to ~/.openclaw/skills/.
+ * Overwrites existing skill dirs on reinstall (cpSync recursive + force).
+ *
+ * @param home - Home directory override (defaults to os.homedir()).
+ * @returns Number of skill directories copied.
+ */
+export declare function installSkills(home?: string): number;
+/**
+ * Read ~/.openclaw/openclaw.json, add the Pharaoh MCP server under `mcpServers`,
+ * and write it back. Creates the file if it does not exist. Does NOT overwrite
+ * an existing `pharaoh` entry — skips if already present.
+ *
+ * @param home - Home directory override (defaults to os.homedir()).
+ * @returns True if the config was written/updated, false if pharaoh was already present.
+ */
+export declare function mergeOpenClawConfig(home?: string): boolean;
+/**
+ * Main entry point for --install-skills.
+ *
+ * Detects OpenClaw, copies skills, merges config, and prints a summary.
+ * If OpenClaw is not detected, prints manual installation instructions instead.
+ *
+ * @param home - Home directory override (defaults to os.homedir()).
+ */
+export declare function runInstallSkills(home?: string): void;

package/dist/install-skills.js

@@ -0,0 +1,121 @@
+/**
+ * --install-skills implementation for the Pharaoh MCP proxy CLI.
+ *
+ * Copies bundled skill directories to ~/.openclaw/skills/ and merges
+ * the Pharaoh MCP server entry into ~/.openclaw/openclaw.json.
+ * If OpenClaw is not detected, prints manual installation instructions.
+ */
+import { cpSync, existsSync, mkdirSync, readFileSync, readdirSync, writeFileSync } from "node:fs";
+import { homedir } from "node:os";
+import { dirname, join } from "node:path";
+import { fileURLToPath } from "node:url";
+const __dirname = dirname(fileURLToPath(import.meta.url));
+/** Path to the bundled skills directory (one level up from dist/). */
+const BUNDLED_SKILLS_DIR = join(__dirname, "..", "skills");
+/**
+ * Detect whether OpenClaw is installed by checking for ~/.openclaw/.
+ *
+ * @param home - Home directory override (defaults to os.homedir()).
+ * @returns True if ~/.openclaw/ exists.
+ */
+export function detectOpenClaw(home = homedir()) {
+    return existsSync(join(home, ".openclaw"));
+}
+/**
+ * Copy all bundled skill directories to ~/.openclaw/skills/.
+ * Overwrites existing skill dirs on reinstall (cpSync recursive + force).
+ *
+ * @param home - Home directory override (defaults to os.homedir()).
+ * @returns Number of skill directories copied.
+ */
+export function installSkills(home = homedir()) {
+    const targetDir = join(home, ".openclaw", "skills");
+    if (!existsSync(targetDir)) {
+        mkdirSync(targetDir, { recursive: true });
+    }
+    const entries = readdirSync(BUNDLED_SKILLS_DIR, { withFileTypes: true });
+    const skillDirs = entries.filter((e) => e.isDirectory()).map((e) => e.name);
+    for (const skillName of skillDirs) {
+        const src = join(BUNDLED_SKILLS_DIR, skillName);
+        const dst = join(targetDir, skillName);
+        cpSync(src, dst, { recursive: true, force: true });
+    }
+    return skillDirs.length;
+}
+/**
+ * Read ~/.openclaw/openclaw.json, add the Pharaoh MCP server under `mcpServers`,
+ * and write it back. Creates the file if it does not exist. Does NOT overwrite
+ * an existing `pharaoh` entry — skips if already present.
+ *
+ * @param home - Home directory override (defaults to os.homedir()).
+ * @returns True if the config was written/updated, false if pharaoh was already present.
+ */
+export function mergeOpenClawConfig(home = homedir()) {
+    const configPath = join(home, ".openclaw", "openclaw.json");
+    let config = {};
+    if (existsSync(configPath)) {
+        try {
+            const raw = readFileSync(configPath, "utf-8");
+            config = JSON.parse(raw);
+        }
+        catch {
+            // Corrupted JSON — refuse to overwrite to avoid losing existing config
+            process.stderr.write([
+                "Pharaoh: ~/.openclaw/openclaw.json exists but is not valid JSON.",
+                "Fix or delete it manually, then re-run --install-skills.",
+                "",
+            ].join("\n"));
+            return false;
+        }
+    }
+    if (!config.mcpServers) {
+        config.mcpServers = {};
+    }
+    // Don't overwrite an existing pharaoh entry
+    if (config.mcpServers.pharaoh) {
+        return false;
+    }
+    config.mcpServers.pharaoh = {
+        command: "npx",
+        args: ["@pharaoh-so/mcp"],
+    };
+    writeFileSync(configPath, JSON.stringify(config, null, "\t"));
+    return true;
+}
+/**
+ * Main entry point for --install-skills.
+ *
+ * Detects OpenClaw, copies skills, merges config, and prints a summary.
+ * If OpenClaw is not detected, prints manual installation instructions instead.
+ *
+ * @param home - Home directory override (defaults to os.homedir()).
+ */
+export function runInstallSkills(home = homedir()) {
+    const hasOpenClaw = detectOpenClaw(home);
+    if (!hasOpenClaw) {
+        process.stderr.write([
+            "Pharaoh: OpenClaw not detected (~/.openclaw/ not found).",
+            "",
+            "To install OpenClaw: https://openclaw.dev/install",
+            "",
+            "Or install skills manually:",
+            `  1. Copy the skills/ directory from this package to ~/.openclaw/skills/`,
+            `  2. Add Pharaoh to ~/.openclaw/openclaw.json under mcpServers:`,
+            `       "pharaoh": { "command": "npx", "args": ["@pharaoh-so/mcp"] }`,
+            "",
+        ].join("\n"));
+        return;
+    }
+    const count = installSkills(home);
+    const configUpdated = mergeOpenClawConfig(home);
+    const configMsg = configUpdated
+        ? "Pharaoh MCP server added to ~/.openclaw/openclaw.json"
+        : "Pharaoh already present in ~/.openclaw/openclaw.json — skipped";
+    process.stderr.write([
+        `Pharaoh: installed ${count} skills to ~/.openclaw/skills/`,
+        configMsg,
+        "",
+        "Restart OpenClaw to pick up the new skills.",
+        "",
+    ].join("\n"));
+}

package/dist/proxy.d.ts

@@ -18,6 +18,10 @@ export declare function classifySSEError(err: Error): void;
  *   Claude Code → stdin → StdioServerTransport.onmessage → SSEClientTransport.send → POST /message
  *   Pharaoh → SSE stream → SSEClientTransport.onmessage → StdioServerTransport.send → stdout
  *
+ * CRITICAL ordering: SSE must be connected BEFORE stdio starts reading stdin.
+ * Otherwise the MCP `initialize` message arrives before the remote transport is ready,
+ * gets permanently lost ("send error — Not connected"), and the client times out.
+ *
  * On SSE disconnect, attempts reconnect with exponential backoff (5 retries, ~62s total).
  * Throws TokenExpiredError on 401, TenantSuspendedError on 403.
  */

package/dist/proxy.js

@@ -67,6 +67,10 @@ function createSSETransport(sseUrl, token) {
  *   Claude Code → stdin → StdioServerTransport.onmessage → SSEClientTransport.send → POST /message
  *   Pharaoh → SSE stream → SSEClientTransport.onmessage → StdioServerTransport.send → stdout
  *
+ * CRITICAL ordering: SSE must be connected BEFORE stdio starts reading stdin.
+ * Otherwise the MCP `initialize` message arrives before the remote transport is ready,
+ * gets permanently lost ("send error — Not connected"), and the client times out.
+ *
  * On SSE disconnect, attempts reconnect with exponential backoff (5 retries, ~62s total).
  * Throws TokenExpiredError on 401, TenantSuspendedError on 403.
  */
@@ -74,6 +78,7 @@ export async function startProxy(sseUrl, token) {
     const stdio = new StdioServerTransport();
     let sse = createSSETransport(sseUrl, token);
     let reconnectAttempt = 0;
+    let stdioStarted = false;
     /** Wire up bidirectional message relay between the two transports. */
     function bridge(sseTransport) {
         stdio.onmessage = (msg) => {
@@ -89,22 +94,7 @@ export async function startProxy(sseUrl, token) {
     }
     /** Handle SSE errors — delegates to classifySSEError for 401/403 detection. */
     const handleSSEError = classifySSEError;
-    // Wire up initial bridge
-    bridge(sse);
-    // Handle SSE connection drops with reconnect
-    sse.onerror = (err) => {
-        try {
-            handleSSEError(err);
-        }
-        catch (typed) {
-            // TokenExpiredError or TenantSuspendedError — propagate via close
-            sse.close().catch(() => { });
-            throw typed;
-        }
-    };
-    // Start both transports
-    await stdio.start();
-    // Connect SSE with reconnect loop
+    // Connect SSE with reconnect loop — stdio starts AFTER first successful connection
     await connectWithReconnect();
     /** Attempt SSE connection with exponential backoff on failure. */
     async function connectWithReconnect() {
@@ -115,10 +105,17 @@ export async function startProxy(sseUrl, token) {
                     process.stderr.write(`Pharaoh: reconnecting in ${delay / 1000}s (attempt ${reconnectAttempt}/${BACKOFF_MS.length})...\n`);
                     await sleep(delay);
                     sse = createSSETransport(sseUrl, token);
-                    bridge(sse);
                 }
                 await sse.start();
                 reconnectAttempt = 0; // Reset on successful connection
+                // Bridge AFTER SSE is connected — messages can now be forwarded
+                bridge(sse);
+                // Start stdio AFTER first SSE connection — prevents initialize race
+                if (!stdioStarted) {
+                    process.stderr.write("Pharaoh: connected\n");
+                    await stdio.start();
+                    stdioStarted = true;
+                }
                 // Wait for close — this promise resolves when SSE disconnects
                 await new Promise((resolve, reject) => {
                     sse.onclose = () => resolve();

package/inspect-tools.json

@@ -633,11 +633,21 @@
     },
     {
       "name": "setup_environment",
-      "description": "Set up the optimal Claude Code environment for this codebase — install Pharaoh's curated plugin bundle.\n\nCALL THIS WHEN:\n• The user says \"set up my environment\", \"install plugins\", or \"optimize my setup\"\n• You want to proactively improve the development experience with proven plugins\n• After noticing the user could benefit from LSP, security scanning, or code review tools\n\nRETURNS: A curated list of recommended plugins with install commands, tailored to the languages in this codebase. Run the install commands to set everything up.\n\nThis is a one-time setup. Once installed, plugins persist across sessions.",
+      "description": "Set up the optimal development environment for this codebase — install Pharaoh's curated plugin bundle.\n\nCALL THIS WHEN:\n• The user says \"set up my environment\", \"install plugins\", or \"optimize my setup\"\n• You want to proactively improve the development experience with proven plugins\n• After noticing the user could benefit from LSP, security scanning, or code review tools\n• The user is on OpenClaw or Cursor and wants to install Pharaoh skills/prompts\n\nRETURNS: A curated list of recommended plugins and install instructions, tailored to the client platform (claude-code, openclaw, or cursor) and languages in this codebase.\n\nThis is a one-time setup. Once installed, plugins persist across sessions.",
       "inputSchema": {
         "$schema": "http://json-schema.org/draft-07/schema#",
         "type": "object",
-        "properties": {}
+        "properties": {
+          "client": {
+            "description": "Client platform — determines install instructions format. Defaults to claude-code.",
+            "type": "string",
+            "enum": [
+              "claude-code",
+              "openclaw",
+              "cursor"
+            ]
+          }
+        }
       },
       "annotations": {
         "title": "Environment Setup",

package/package.json

@@ -1,33 +1,65 @@
 {
-	"name": "@pharaoh-so/mcp",
-	"version": "0.1.5",
-	"description": "Stdio-to-SSE proxy for Pharaoh MCP — enables headless environments (VPS, SSH, CI) via device flow auth",
-	"type": "module",
-	"main": "dist/index.js",
-	"bin": {
-		"pharaoh-mcp": "./dist/index.js"
-	},
-	"scripts": {
-		"build": "tsc && node -e \"const fs=require('fs'),f='dist/index.js',c=fs.readFileSync(f,'utf8');if(!c.startsWith('#!'))fs.writeFileSync(f,'#!/usr/bin/env node\\n'+c);fs.chmodSync(f,0o755)\"",
-		"typecheck": "tsc --noEmit",
-		"test": "vitest run",
-		"lint": "biome check src/"
-	},
-	"files": [
-		"dist",
-		"inspect-tools.json",
-		"README.md"
-	],
-	"license": "MIT",
-	"engines": {
-		"node": ">=18"
-	},
-	"dependencies": {
-		"@modelcontextprotocol/sdk": "^1.26.0"
-	},
-	"devDependencies": {
-		"@biomejs/biome": "^2.3.15",
-		"typescript": "^5.9.3",
-		"vitest": "^4.0.18"
-	}
-}
+  "name": "@pharaoh-so/mcp",
+  "version": "0.2.0",
+  "description": "MCP proxy for Pharaoh — maps codebases into queryable knowledge graphs for AI agents. Enables Claude Code in headless environments (VPS, SSH, CI) via device flow auth.",
+  "type": "module",
+  "main": "dist/index.js",
+  "types": "./dist/index.d.ts",
+  "bin": {
+    "pharaoh-mcp": "./dist/index.js"
+  },
+  "files": [
+    "dist",
+    "skills",
+    "inspect-tools.json",
+    "README.md",
+    "CHANGELOG.md",
+    "LICENSE"
+  ],
+  "keywords": [
+    "mcp",
+    "model-context-protocol",
+    "pharaoh",
+    "codebase",
+    "knowledge-graph",
+    "code-analysis",
+    "architecture",
+    "ai-agent",
+    "claude",
+    "claude-code",
+    "developer-tools",
+    "static-analysis",
+    "dependency-graph"
+  ],
+  "author": "Pharaoh <hello@pharaoh.so> (https://pharaoh.so)",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/Pharaoh-so/pharaoh-mcp.git"
+  },
+  "homepage": "https://pharaoh.so",
+  "bugs": {
+    "url": "https://github.com/Pharaoh-so/pharaoh-mcp/issues"
+  },
+  "funding": {
+    "type": "individual",
+    "url": "https://pharaoh.so"
+  },
+  "engines": {
+    "node": ">=18"
+  },
+  "dependencies": {
+    "@modelcontextprotocol/sdk": "^1.26.0"
+  },
+  "devDependencies": {
+    "@biomejs/biome": "^2.3.15",
+    "typescript": "^5.9.3",
+    "vitest": "^4.0.18"
+  },
+  "scripts": {
+    "build": "tsc && node -e \"const fs=require('fs'),f='dist/index.js',c=fs.readFileSync(f,'utf8');if(!c.startsWith('#!'))fs.writeFileSync(f,'#!/usr/bin/env node\\n'+c);fs.chmodSync(f,0o755)\"",
+    "typecheck": "tsc --noEmit",
+    "test": "vitest run",
+    "lint": "biome check src/"
+  }
+}