@prompt-ot/mcp 0.1.0

package/README.md

@@ -0,0 +1,79 @@
+# @prompt-ot/mcp
+
+Model Context Protocol server for [PromptOT](https://www.promptot.com).
+
+Use PromptOT directly from Claude Desktop, Cursor, Codex CLI, ChatGPT, claude.ai, or any other MCP-compatible AI tool. The server exposes ~35 tools for managing prompts, blocks, variables, versions, test cases, and more — all gated by scoped API keys.
+
+## Install
+
+### Claude Desktop
+
+Add to `~/Library/Application Support/Claude/claude_desktop_config.json` (macOS) or `%APPDATA%\Claude\claude_desktop_config.json` (Windows):
+
+```json
+{
+  "mcpServers": {
+    "promptot": {
+      "command": "npx",
+      "args": ["-y", "@prompt-ot/mcp"],
+      "env": {
+        "PROMPTOT_API_KEY": "pot_...",
+        "PROMPTOT_MCP_CLIENT": "claude-desktop"
+      }
+    }
+  }
+}
+```
+
+Generate your API key from the PromptOT dashboard → project → API Keys → "Generate MCP Key".
+
+### Cursor
+
+Add to `~/.cursor/mcp.json` (or `.cursor/mcp.json` in your workspace root):
+
+```json
+{
+  "mcpServers": {
+    "promptot": {
+      "command": "npx",
+      "args": ["-y", "@prompt-ot/mcp"],
+      "env": {
+        "PROMPTOT_API_KEY": "pot_...",
+        "PROMPTOT_MCP_CLIENT": "cursor"
+      }
+    }
+  }
+}
+```
+
+### Codex CLI
+
+Add to `~/.codex/config.toml`:
+
+```toml
+[mcp_servers.promptot]
+command = "npx"
+args = ["-y", "@prompt-ot/mcp"]
+env = { PROMPTOT_API_KEY = "pot_...", PROMPTOT_MCP_CLIENT = "codex-cli" }
+```
+
+### ChatGPT & claude.ai (hosted)
+
+The hosted transport is at `https://mcp.promptot.com/mcp`. Connect via OAuth from the client's MCP settings — no config file needed.
+
+## Environment variables
+
+| Variable | Required | Default | Description |
+|---|---|---|---|
+| `PROMPTOT_API_KEY` | Yes | — | Your scoped API key from the PromptOT dashboard |
+| `PROMPTOT_API_URL` | No | `https://api.promptot.com` | Override for self-hosted or local dev |
+| `PROMPTOT_MCP_CLIENT` | No | `unknown` | Client identifier for analytics (`claude-desktop`, `cursor`, `codex-cli`, etc.) |
+| `PROMPTOT_DEBUG` | No | `false` | Enable verbose stderr logging for troubleshooting |
+
+## Docs
+
+Full tool reference and FAQ: https://www.promptot.com/docs/mcp
+
+## License
+
+MIT

package/dist/client.js

@@ -0,0 +1,89 @@
+import { PromptOTError } from './lib/errors.js';
+/**
+ * Thin fetch wrapper around the PromptOT HTTP API.
+ *
+ * Every request carries:
+ * - Authorization: Bearer <API key>
+ * - X-PromptOT-Client: mcp     (so the API can tag request_logs.source='mcp')
+ * - X-PromptOT-Client-Name: <client identifier> (claude-desktop, cursor, …)
+ * - X-PromptOT-Tool: <tool name> (so audit logs can attribute the action)
+ *
+ * Errors in the API envelope are unwrapped into PromptOTError instances so
+ * tool handlers can surface them cleanly to the LLM.
+ */
+export class PromptOTClient {
+    env;
+    constructor(env) {
+        this.env = env;
+    }
+    async get(path, opts = {}) {
+        return this.request('GET', path, undefined, opts);
+    }
+    async post(path, body, opts = {}) {
+        return this.request('POST', path, body, opts);
+    }
+    async patch(path, body, opts = {}) {
+        return this.request('PATCH', path, body, opts);
+    }
+    async delete(path, opts = {}) {
+        return this.request('DELETE', path, undefined, opts);
+    }
+    async request(method, path, body, opts) {
+        const url = new URL(path.startsWith('http') ? path : `${this.env.apiUrl}${path}`);
+        if (opts.query) {
+            for (const [key, value] of Object.entries(opts.query)) {
+                if (value !== undefined) {
+                    url.searchParams.set(key, String(value));
+                }
+            }
+        }
+        const headers = {
+            'Authorization': `Bearer ${this.env.apiKey}`,
+            'X-PromptOT-Client': 'mcp',
+            'X-PromptOT-Client-Name': this.env.clientName,
+            'User-Agent': `@prompt-ot/mcp (${this.env.clientName})`,
+        };
+        if (opts.tool) {
+            headers['X-PromptOT-Tool'] = opts.tool;
+        }
+        if (body !== undefined) {
+            headers['Content-Type'] = 'application/json';
+        }
+        if (this.env.debug) {
+            process.stderr.write(`[promptot-mcp] ${method} ${url.pathname}${url.search}\n`);
+        }
+        const res = await fetch(url, {
+            method,
+            headers,
+            body: body !== undefined ? JSON.stringify(body) : undefined,
+        });
+        // Retry once on 429, honoring Retry-After
+        if (res.status === 429 && opts.retry !== false) {
+            const retryAfter = parseInt(res.headers.get('retry-after') || '1', 10);
+            await new Promise((resolve) => setTimeout(resolve, Math.min(retryAfter, 10) * 1000));
+            return this.request(method, path, body, { ...opts, retry: false });
+        }
+        const text = await res.text();
+        let envelope;
+        try {
+            envelope = text ? JSON.parse(text) : { data: null, error: null };
+        }
+        catch {
+            throw new PromptOTError(res.status, {
+                code: 'INVALID_RESPONSE',
+                message: `Non-JSON response from API (${res.status}): ${text.slice(0, 200)}`,
+            });
+        }
+        if (envelope.error) {
+            throw new PromptOTError(res.status, envelope.error);
+        }
+        if (!res.ok) {
+            throw new PromptOTError(res.status, {
+                code: 'HTTP_ERROR',
+                message: `HTTP ${res.status} ${res.statusText}`,
+            });
+        }
+        return envelope.data;
+    }
+}
+//# sourceMappingURL=client.js.map

package/dist/client.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.js","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAA0B,MAAM,iBAAiB,CAAC;AAiBxE;;;;;;;;;;;GAWG;AACH,MAAM,OAAO,cAAc;IACI;IAA7B,YAA6B,GAAgC;QAAhC,QAAG,GAAH,GAAG,CAA6B;IAAG,CAAC;IAEjE,KAAK,CAAC,GAAG,CAAI,IAAY,EAAE,OAAuB,EAAE;QAClD,OAAO,IAAI,CAAC,OAAO,CAAI,KAAK,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,CAAC;IACvD,CAAC;IAED,KAAK,CAAC,IAAI,CAAI,IAAY,EAAE,IAAa,EAAE,OAAuB,EAAE;QAClE,OAAO,IAAI,CAAC,OAAO,CAAI,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;IACnD,CAAC;IAED,KAAK,CAAC,KAAK,CAAI,IAAY,EAAE,IAAa,EAAE,OAAuB,EAAE;QACnE,OAAO,IAAI,CAAC,OAAO,CAAI,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;IACpD,CAAC;IAED,KAAK,CAAC,MAAM,CAAI,IAAY,EAAE,OAAuB,EAAE;QACrD,OAAO,IAAI,CAAC,OAAO,CAAI,QAAQ,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,CAAC;IAC1D,CAAC;IAEO,KAAK,CAAC,OAAO,CACnB,MAAc,EACd,IAAY,EACZ,IAAa,EACb,IAAoB;QAEpB,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,GAAG,IAAI,EAAE,CAAC,CAAC;QAClF,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;gBACtD,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;oBACxB,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;gBAC3C,CAAC;YACH,CAAC;QACH,CAAC;QAED,MAAM,OAAO,GAA2B;YACtC,eAAe,EAAE,UAAU,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE;YAC5C,mBAAmB,EAAE,KAAK;YAC1B,wBAAwB,EAAE,IAAI,CAAC,GAAG,CAAC,UAAU;YAC7C,YAAY,EAAE,mBAAmB,IAAI,CAAC,GAAG,CAAC,UAAU,GAAG;SACxD,CAAC;QACF,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;YACd,OAAO,CAAC,iBAAiB,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC;QACzC,CAAC;QACD,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;YACvB,OAAO,CAAC,cAAc,CAAC,GAAG,kBAAkB,CAAC;QAC/C,CAAC;QAED,IAAI,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;YACnB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,kBAAkB,MAAM,IAAI,GAAG,CAAC,QAAQ,GAAG,GAAG,CAAC,MAAM,IAAI,CAAC,CAAC;QAClF,CAAC;QAED,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAC3B,MAAM;YACN,OAAO;YACP,IAAI,EAAE,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;SAC5D,CAAC,CAAC;QAEH,0CAA0C;QAC1C,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,IAAI,IAAI,CAAC,KAAK,KAAK,KAAK,EAAE,CAAC;YAC/C,MAAM,UAAU,GAAG,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,IAAI,GAAG,EAAE,EAAE,CAAC,CAAC;YACvE,MAAM,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE,EAAE,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC;YACrF,OAAO,IAAI,CAAC,OAAO,CAAI,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,GAAG,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,CAAC;QACxE,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;QAC9B,IAAI,QAAwB,CAAC;QAC7B,IAAI,CAAC;YACH,QAAQ,GAAG,IAAI,CAAC,CAAC,CAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAoB,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;QACvF,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,aAAa,CAAC,GAAG,CAAC,MAAM,EAAE;gBAClC,IAAI,EAAE,kBAAkB;gBACxB,OAAO,EAAE,+BAA+B,GAAG,CAAC,MAAM,MAAM,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;aAC7E,CAAC,CAAC;QACL,CAAC;QAED,IAAI,QAAQ,CAAC,KAAK,EAAE,CAAC;YACnB,MAAM,IAAI,aAAa,CAAC,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC;QACtD,CAAC;QACD,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,MAAM,IAAI,aAAa,CAAC,GAAG,CAAC,MAAM,EAAE;gBAClC,IAAI,EAAE,YAAY;gBAClB,OAAO,EAAE,QAAQ,GAAG,CAAC,MAAM,IAAI,GAAG,CAAC,UAAU,EAAE;aAChD,CAAC,CAAC;QACL,CAAC;QAED,OAAO,QAAQ,CAAC,IAAS,CAAC;IAC5B,CAAC;CACF"}

package/dist/http.js

@@ -0,0 +1,189 @@
+#!/usr/bin/env node
+/**
+ * Hosted HTTP entry point for @prompt-ot/mcp.
+ *
+ * Runs as a separate Railway service at https://mcp.promptot.com/mcp.
+ * Implements the MCP Streamable HTTP transport spec (POST /mcp + GET /mcp)
+ * and accepts the OAuth-issued access token directly as the API key —
+ * the token IS a PromptOT API key minted by /api/oauth/token. There is
+ * no per-request session lookup; this server is a thin proxy that takes
+ * the bearer token, builds a PromptOTClient, and runs a fresh stateless
+ * MCP server per request.
+ *
+ * Why stateless per-request? Cleanest scaling story for a hosted MCP:
+ * each tool call gets its own server instance, no shared state to
+ * coordinate across nodes, no in-memory session map to evict, trivial
+ * horizontal scaling. The tradeoff is a tiny per-request setup cost
+ * (creating an McpServer + StreamableHTTPServerTransport) which is
+ * negligible compared to the upstream HTTP call to apps/api anyway.
+ *
+ * Auth flow recap:
+ *   1. Client (claude.ai, ChatGPT) hits POST /mcp with no auth → 401
+ *      with WWW-Authenticate header pointing at the OAuth metadata.
+ *   2. Client follows the OAuth flow ending with a call to
+ *      POST {API_URL}/api/oauth/token which mints a real API key.
+ *   3. Client sends Authorization: Bearer pot_... on every /mcp request.
+ *   4. This server forwards that token to apps/api via PromptOTClient.
+ */
+import express from 'express';
+import { randomUUID } from 'node:crypto';
+import { StreamableHTTPServerTransport } from '@modelcontextprotocol/sdk/server/streamableHttp.js';
+import { PromptOTClient } from './client.js';
+import { createMcpServer } from './server.js';
+import { readEnv } from './lib/env.js';
+const PORT = parseInt(process.env.PORT || '3002', 10);
+const PUBLIC_API_URL = (process.env.PROMPTOT_API_URL || 'https://api.promptot.com').replace(/\/$/, '');
+// CORS allowlist for the hosted MCP server. We're stricter than the main
+// API because this surface only serves browser-based MCP clients — there's
+// no server-to-server use case. Add new clients here as the MCP ecosystem
+// grows.
+const CORS_ALLOWLIST = [
+    /^https:\/\/claude\.ai$/,
+    /^https:\/\/.*\.claude\.ai$/,
+    /^https:\/\/chat\.openai\.com$/,
+    /^https:\/\/chatgpt\.com$/,
+    /^https:\/\/.*\.chatgpt\.com$/,
+    /^https:\/\/cursor\.com$/,
+    /^https:\/\/.*\.cursor\.sh$/,
+    // Local dev for Inspector + manual testing
+    /^http:\/\/localhost:\d+$/,
+    /^http:\/\/127\.0\.0\.1:\d+$/,
+];
+function corsMiddleware(req, res, next) {
+    const origin = req.headers.origin;
+    if (typeof origin === 'string' && CORS_ALLOWLIST.some((re) => re.test(origin))) {
+        res.setHeader('Access-Control-Allow-Origin', origin);
+        res.setHeader('Vary', 'Origin');
+    }
+    res.setHeader('Access-Control-Allow-Methods', 'GET, POST, OPTIONS, DELETE');
+    res.setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization, Mcp-Session-Id, Mcp-Protocol-Version');
+    res.setHeader('Access-Control-Expose-Headers', 'Mcp-Session-Id');
+    res.setHeader('Access-Control-Max-Age', '86400');
+    if (req.method === 'OPTIONS') {
+        res.status(204).end();
+        return;
+    }
+    next();
+}
+function extractBearer(req) {
+    const header = req.headers.authorization;
+    if (typeof header !== 'string' || !header.startsWith('Bearer '))
+        return null;
+    return header.slice(7).trim() || null;
+}
+function send401(res, message) {
+    // Per OAuth 2.0 / RFC 6750 + the MCP OAuth spec, we return a 401 with a
+    // WWW-Authenticate header pointing at the resource's OAuth metadata so
+    // discovery clients can find the authorize/token endpoints automatically.
+    res.setHeader('WWW-Authenticate', `Bearer realm="promptot", resource_metadata="${PUBLIC_API_URL}/api/oauth/.well-known/oauth-protected-resource"`);
+    res.status(401).json({
+        error: 'invalid_token',
+        error_description: message,
+    });
+}
+const app = express();
+app.set('trust proxy', 1);
+app.use(corsMiddleware);
+app.use(express.json({ limit: '10mb' }));
+// Health check — Railway uses this for the readiness probe
+app.get('/health', (_req, res) => {
+    res.json({ status: 'ok', service: 'mcp-http', timestamp: new Date().toISOString() });
+});
+// Discovery endpoints — proxied through to the main API so MCP clients
+// only need to know about mcp.promptot.com. The main API serves the
+// canonical metadata at /api/oauth/.well-known/* so we re-export here.
+app.get('/.well-known/oauth-protected-resource', (_req, res) => {
+    res.redirect(`${PUBLIC_API_URL}/api/oauth/.well-known/oauth-protected-resource`);
+});
+app.get('/.well-known/oauth-authorization-server', (_req, res) => {
+    res.redirect(`${PUBLIC_API_URL}/api/oauth/.well-known/oauth-authorization-server`);
+});
+// =============================================================================
+// POST /mcp — JSON-RPC inbound
+// =============================================================================
+async function handleMcpRequest(req, res) {
+    const accessToken = extractBearer(req);
+    if (!accessToken) {
+        send401(res, 'Missing Authorization: Bearer header');
+        return;
+    }
+    // The hosted server runs in stateless mode — every request gets a fresh
+    // McpServer + StreamableHTTPServerTransport pair. The transport hands
+    // back the JSON-RPC response (or starts an SSE stream) and we tear it
+    // down at the end of the request.
+    const baseEnv = readEnv();
+    const client = new PromptOTClient({
+        apiKey: accessToken,
+        apiUrl: baseEnv.apiUrl,
+        // Forward the client identifier from the standard MCP Mcp-Session-Id
+        // header if present, otherwise mark as 'hosted-http' so analytics
+        // can distinguish hosted-OAuth traffic from stdio traffic.
+        clientName: typeof req.headers['mcp-session-id'] === 'string'
+            ? `hosted-${req.headers['mcp-session-id']}`
+            : 'hosted-http',
+        debug: baseEnv.debug,
+    });
+    const server = createMcpServer({ client, clientName: 'hosted-http' });
+    const transport = new StreamableHTTPServerTransport({
+        // Stateless mode: undefined sessionIdGenerator means no session
+        // tracking — each request is independent.
+        sessionIdGenerator: undefined,
+    });
+    // Clean up the per-request transport when the response closes so we
+    // don't leak connections under load.
+    res.on('close', () => {
+        void transport.close();
+        void server.close();
+    });
+    try {
+        await server.connect(transport);
+        await transport.handleRequest(req, res, req.body);
+    }
+    catch (err) {
+        if (baseEnv.debug) {
+            process.stderr.write(`[promptot-mcp-http] handler error: ${err instanceof Error ? err.stack : String(err)}\n`);
+        }
+        if (!res.headersSent) {
+            res.status(500).json({
+                error: 'server_error',
+                error_description: err instanceof Error ? err.message : 'Unknown error',
+            });
+        }
+    }
+}
+app.post('/mcp', (req, res) => {
+    void handleMcpRequest(req, res);
+});
+// GET /mcp is used by clients to open a long-lived SSE channel for
+// server-initiated messages. We delegate to the same handler — the
+// transport handles the GET vs POST distinction internally.
+app.get('/mcp', (req, res) => {
+    void handleMcpRequest(req, res);
+});
+// DELETE /mcp tears down a session in stateful mode. We're stateless so
+// this is a no-op, but we still respond 204 to be a well-behaved server.
+app.delete('/mcp', (_req, res) => {
+    res.status(204).end();
+});
+// Generate a request ID header for the access logs (Railway uses this
+// for tracing).
+app.use((req, _res, next) => {
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+    req.id = randomUUID();
+    next();
+});
+const server = app.listen(PORT, () => {
+    process.stderr.write(`[promptot-mcp-http] Listening on :${PORT} (api=${PUBLIC_API_URL})\n`);
+});
+// Graceful shutdown so Railway's deploy hand-off doesn't drop in-flight requests
+function shutdown(signal) {
+    process.stderr.write(`[promptot-mcp-http] ${signal} received, shutting down\n`);
+    server.close(() => {
+        process.exit(0);
+    });
+    // Hard exit after 10s if connections won't close
+    setTimeout(() => process.exit(1), 10000).unref();
+}
+process.on('SIGTERM', () => shutdown('SIGTERM'));
+process.on('SIGINT', () => shutdown('SIGINT'));
+//# sourceMappingURL=http.js.map

package/dist/http.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"http.js","sourceRoot":"","sources":["../src/http.ts"],"names":[],"mappings":";AACA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AACH,OAAO,OAA2D,MAAM,SAAS,CAAC;AAClF,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,6BAA6B,EAAE,MAAM,oDAAoD,CAAC;AACnG,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAC7C,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAC9C,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AAEvC,MAAM,IAAI,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,MAAM,EAAE,EAAE,CAAC,CAAC;AACtD,MAAM,cAAc,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,0BAA0B,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;AAEvG,yEAAyE;AACzE,2EAA2E;AAC3E,0EAA0E;AAC1E,SAAS;AACT,MAAM,cAAc,GAAG;IACrB,wBAAwB;IACxB,4BAA4B;IAC5B,+BAA+B;IAC/B,0BAA0B;IAC1B,8BAA8B;IAC9B,yBAAyB;IACzB,4BAA4B;IAC5B,2CAA2C;IAC3C,0BAA0B;IAC1B,6BAA6B;CAC9B,CAAC;AAEF,SAAS,cAAc,CAAC,GAAY,EAAE,GAAa,EAAE,IAAkB;IACrE,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC;IAClC,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,cAAc,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC;QAC/E,GAAG,CAAC,SAAS,CAAC,6BAA6B,EAAE,MAAM,CAAC,CAAC;QACrD,GAAG,CAAC,SAAS,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IAClC,CAAC;IACD,GAAG,CAAC,SAAS,CAAC,8BAA8B,EAAE,4BAA4B,CAAC,CAAC;IAC5E,GAAG,CAAC,SAAS,CACX,8BAA8B,EAC9B,mEAAmE,CACpE,CAAC;IACF,GAAG,CAAC,SAAS,CAAC,+BAA+B,EAAE,gBAAgB,CAAC,CAAC;IACjE,GAAG,CAAC,SAAS,CAAC,wBAAwB,EAAE,OAAO,CAAC,CAAC;IACjD,IAAI,GAAG,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;QAC7B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,CAAC;QACtB,OAAO;IACT,CAAC;IACD,IAAI,EAAE,CAAC;AACT,CAAC;AAED,SAAS,aAAa,CAAC,GAAY;IACjC,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC;IACzC,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,SAAS,CAAC;QAAE,OAAO,IAAI,CAAC;IAC7E,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,IAAI,IAAI,CAAC;AACxC,CAAC;AAED,SAAS,OAAO,CAAC,GAAa,EAAE,OAAe;IAC7C,wEAAwE;IACxE,uEAAuE;IACvE,0EAA0E;IAC1E,GAAG,CAAC,SAAS,CACX,kBAAkB,EAClB,+CAA+C,cAAc,kDAAkD,CAChH,CAAC;IACF,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;QACnB,KAAK,EAAE,eAAe;QACtB,iBAAiB,EAAE,OAAO;KAC3B,CAAC,CAAC;AACL,CAAC;AAED,MAAM,GAAG,GAAG,OAAO,EAAE,CAAC;AACtB,GAAG,CAAC,GAAG,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC;AAC1B,GAAG,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;AACxB,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC;AAEzC,2DAA2D;AAC3D,GAAG,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;IAC/B,GAAG,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;AACvF,CAAC,CAAC,CAAC;AAEH,uEAAuE;AACvE,oEAAoE;AACpE,uEAAuE;AACvE,GAAG,CAAC,GAAG,CAAC,uCAAuC,EAAE,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;IAC7D,GAAG,CAAC,QAAQ,CAAC,GAAG,cAAc,iDAAiD,CAAC,CAAC;AACnF,CAAC,CAAC,CAAC;AAEH,GAAG,CAAC,GAAG,CAAC,yCAAyC,EAAE,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;IAC/D,GAAG,CAAC,QAAQ,CAAC,GAAG,cAAc,mDAAmD,CAAC,CAAC;AACrF,CAAC,CAAC,CAAC;AAEH,gFAAgF;AAChF,+BAA+B;AAC/B,gFAAgF;AAEhF,KAAK,UAAU,gBAAgB,CAAC,GAAY,EAAE,GAAa;IACzD,MAAM,WAAW,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC;IACvC,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,OAAO,CAAC,GAAG,EAAE,sCAAsC,CAAC,CAAC;QACrD,OAAO;IACT,CAAC;IAED,wEAAwE;IACxE,sEAAsE;IACtE,sEAAsE;IACtE,kCAAkC;IAClC,MAAM,OAAO,GAAG,OAAO,EAAE,CAAC;IAC1B,MAAM,MAAM,GAAG,IAAI,cAAc,CAAC;QAChC,MAAM,EAAE,WAAW;QACnB,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,qEAAqE;QACrE,kEAAkE;QAClE,2DAA2D;QAC3D,UAAU,EAAE,OAAO,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAAC,KAAK,QAAQ;YAC3D,CAAC,CAAC,UAAU,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAAC,EAAE;YAC3C,CAAC,CAAC,aAAa;QACjB,KAAK,EAAE,OAAO,CAAC,KAAK;KACrB,CAAC,CAAC;IAEH,MAAM,MAAM,GAAG,eAAe,CAAC,EAAE,MAAM,EAAE,UAAU,EAAE,aAAa,EAAE,CAAC,CAAC;IACtE,MAAM,SAAS,GAAG,IAAI,6BAA6B,CAAC;QAClD,gEAAgE;QAChE,0CAA0C;QAC1C,kBAAkB,EAAE,SAAS;KAC9B,CAAC,CAAC;IAEH,oEAAoE;IACpE,qCAAqC;IACrC,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;QACnB,KAAK,SAAS,CAAC,KAAK,EAAE,CAAC;QACvB,KAAK,MAAM,CAAC,KAAK,EAAE,CAAC;IACtB,CAAC,CAAC,CAAC;IAEH,IAAI,CAAC;QACH,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAChC,MAAM,SAAS,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;IACpD,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YAClB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,sCAAsC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QACjH,CAAC;QACD,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;YACrB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,KAAK,EAAE,cAAc;gBACrB,iBAAiB,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe;aACxE,CAAC,CAAC;QACL,CAAC;IACH,CAAC;AACH,CAAC;AAED,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;IAC5B,KAAK,gBAAgB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;AAClC,CAAC,CAAC,CAAC;AAEH,mEAAmE;AACnE,mEAAmE;AACnE,4DAA4D;AAC5D,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;IAC3B,KAAK,gBAAgB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;AAClC,CAAC,CAAC,CAAC;AAEH,wEAAwE;AACxE,yEAAyE;AACzE,GAAG,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;IAC/B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,CAAC;AACxB,CAAC,CAAC,CAAC;AAEH,sEAAsE;AACtE,gBAAgB;AAChB,GAAG,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE;IAC1B,8DAA8D;IAC7D,GAAW,CAAC,EAAE,GAAG,UAAU,EAAE,CAAC;IAC/B,IAAI,EAAE,CAAC;AACT,CAAC,CAAC,CAAC;AAEH,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,GAAG,EAAE;IACnC,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,qCAAqC,IAAI,SAAS,cAAc,KAAK,CACtE,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,iFAAiF;AACjF,SAAS,QAAQ,CAAC,MAAc;IAC9B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,uBAAuB,MAAM,4BAA4B,CAAC,CAAC;IAChF,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE;QAChB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC,CAAC;IACH,iDAAiD;IACjD,UAAU,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,KAAK,EAAE,CAAC;AACnD,CAAC;AAED,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC;AACjD,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,GAAG,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC"}

package/dist/lib/env.js

@@ -0,0 +1,34 @@
+/**
+ * Environment configuration for the PromptOT MCP server.
+ *
+ * Read once at startup; fail fast if PROMPTOT_API_KEY is missing for the
+ * stdio entry point. The hosted HTTP entry point reads the per-session
+ * OAuth token instead and doesn't need a global API key.
+ */
+const DEFAULT_API_URL = 'https://api.promptot.com';
+const DEFAULT_CLIENT_NAME = 'unknown';
+function normalizeClientName(raw) {
+    if (!raw)
+        return DEFAULT_CLIENT_NAME;
+    const trimmed = raw.trim().toLowerCase();
+    if (!trimmed || trimmed.length > 50)
+        return DEFAULT_CLIENT_NAME;
+    return /^[a-z0-9_-]+$/.test(trimmed) ? trimmed : DEFAULT_CLIENT_NAME;
+}
+export function readEnv() {
+    return {
+        apiKey: process.env.PROMPTOT_API_KEY?.trim() || null,
+        apiUrl: (process.env.PROMPTOT_API_URL?.trim() || DEFAULT_API_URL).replace(/\/$/, ''),
+        clientName: normalizeClientName(process.env.PROMPTOT_MCP_CLIENT),
+        debug: process.env.PROMPTOT_DEBUG === 'true' || process.env.PROMPTOT_DEBUG === '1',
+    };
+}
+export function requireApiKey(env) {
+    if (!env.apiKey) {
+        // stderr because stdout is reserved for JSON-RPC over stdio
+        process.stderr.write('[promptot-mcp] ERROR: PROMPTOT_API_KEY is not set.\n' +
+            'Get a key from https://www.promptot.com/projects/<id>/api-keys and add it to your MCP config.\n');
+        process.exit(1);
+    }
+}
+//# sourceMappingURL=env.js.map

package/dist/lib/env.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"env.js","sourceRoot":"","sources":["../../src/lib/env.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AASH,MAAM,eAAe,GAAG,0BAA0B,CAAC;AACnD,MAAM,mBAAmB,GAAG,SAAS,CAAC;AAEtC,SAAS,mBAAmB,CAAC,GAAuB;IAClD,IAAI,CAAC,GAAG;QAAE,OAAO,mBAAmB,CAAC;IACrC,MAAM,OAAO,GAAG,GAAG,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IACzC,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,MAAM,GAAG,EAAE;QAAE,OAAO,mBAAmB,CAAC;IAChE,OAAO,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,mBAAmB,CAAC;AACvE,CAAC;AAED,MAAM,UAAU,OAAO;IACrB,OAAO;QACL,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,gBAAgB,EAAE,IAAI,EAAE,IAAI,IAAI;QACpD,MAAM,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,gBAAgB,EAAE,IAAI,EAAE,IAAI,eAAe,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC;QACpF,UAAU,EAAE,mBAAmB,CAAC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC;QAChE,KAAK,EAAE,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,GAAG;KACnF,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,GAAW;IACvC,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC;QAChB,4DAA4D;QAC5D,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,sDAAsD;YACpD,iGAAiG,CACpG,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC"}

package/dist/lib/errors.js

@@ -0,0 +1,36 @@
+/**
+ * PromptOT API error envelope shape and helpers for turning API errors into
+ * MCP-compatible error responses.
+ */
+export class PromptOTError extends Error {
+    status;
+    code;
+    details;
+    constructor(status, body) {
+        super(body.message);
+        this.name = 'PromptOTError';
+        this.status = status;
+        this.code = body.code;
+        this.details = body.details;
+    }
+    toMcpContent() {
+        const lines = [`Error ${this.status} (${this.code}): ${this.message}`];
+        if (this.details) {
+            lines.push(`Details: ${JSON.stringify(this.details, null, 2)}`);
+        }
+        if (this.code === 'INSUFFICIENT_SCOPE') {
+            lines.push('This API key does not have the required scope for this tool. Regenerate the MCP key from the PromptOT dashboard with the appropriate scopes enabled.');
+        }
+        else if (this.code === 'UNAUTHORIZED') {
+            lines.push('Check that PROMPTOT_API_KEY is set correctly in your MCP client config.');
+        }
+        else if (this.code === 'API_QUOTA_EXCEEDED' || this.code === 'AI_CREDITS_EXHAUSTED') {
+            lines.push('Plan limit reached. Upgrade at https://www.promptot.com/billing.');
+        }
+        return [{ type: 'text', text: lines.join('\n') }];
+    }
+}
+export function isPromptOTError(err) {
+    return err instanceof PromptOTError;
+}
+//# sourceMappingURL=errors.js.map

package/dist/lib/errors.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"errors.js","sourceRoot":"","sources":["../../src/lib/errors.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAQH,MAAM,OAAO,aAAc,SAAQ,KAAK;IAC7B,MAAM,CAAS;IACf,IAAI,CAAS;IACb,OAAO,CAAU;IAE1B,YAAY,MAAc,EAAE,IAAuB;QACjD,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACpB,IAAI,CAAC,IAAI,GAAG,eAAe,CAAC;QAC5B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;QACtB,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC;IAC9B,CAAC;IAED,YAAY;QACV,MAAM,KAAK,GAAG,CAAC,SAAS,IAAI,CAAC,MAAM,KAAK,IAAI,CAAC,IAAI,MAAM,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;QACvE,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACjB,KAAK,CAAC,IAAI,CAAC,YAAY,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC;QAClE,CAAC;QACD,IAAI,IAAI,CAAC,IAAI,KAAK,oBAAoB,EAAE,CAAC;YACvC,KAAK,CAAC,IAAI,CACR,sJAAsJ,CACvJ,CAAC;QACJ,CAAC;aAAM,IAAI,IAAI,CAAC,IAAI,KAAK,cAAc,EAAE,CAAC;YACxC,KAAK,CAAC,IAAI,CAAC,yEAAyE,CAAC,CAAC;QACxF,CAAC;aAAM,IAAI,IAAI,CAAC,IAAI,KAAK,oBAAoB,IAAI,IAAI,CAAC,IAAI,KAAK,sBAAsB,EAAE,CAAC;YACtF,KAAK,CAAC,IAAI,CAAC,kEAAkE,CAAC,CAAC;QACjF,CAAC;QACD,OAAO,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACpD,CAAC;CACF;AAED,MAAM,UAAU,eAAe,CAAC,GAAY;IAC1C,OAAO,GAAG,YAAY,aAAa,CAAC;AACtC,CAAC"}

package/dist/lib/format.js

@@ -0,0 +1,44 @@
+/**
+ * Helpers for formatting PromptOT API responses into MCP tool content blocks.
+ *
+ * Two principles drive this file:
+ *  1. Keep tool responses LLM-friendly — markdown headers and short JSON
+ *     blocks rather than raw object dumps.
+ *  2. Truncate aggressive payloads (compiled prompts can hit 10k+ tokens)
+ *     so a single tool call doesn't blow out the LLM's context window.
+ *     Full text is still available via the promptot:// resource URIs.
+ */
+const CHARS_PER_TOKEN = 4; // matches the API's compilePrompt token estimate
+export function truncateText(text, opts = {}) {
+    if (opts.truncate === false)
+        return text;
+    const maxTokens = opts.maxTokens ?? 2000;
+    const maxChars = maxTokens * CHARS_PER_TOKEN;
+    if (text.length <= maxChars)
+        return text;
+    const truncated = text.slice(0, maxChars);
+    const remainingTokens = Math.ceil((text.length - maxChars) / CHARS_PER_TOKEN);
+    const hint = opts.fullTextHint
+        ? `\n\n... [truncated, ${remainingTokens} more tokens. ${opts.fullTextHint}]`
+        : `\n\n... [truncated, ${remainingTokens} more tokens]`;
+    return truncated + hint;
+}
+/** Wrap a JSON-serializable value into a single MCP text content block. */
+export function jsonContent(value) {
+    return {
+        content: [{ type: 'text', text: JSON.stringify(value, null, 2) }],
+    };
+}
+/** Wrap a plain string into a single MCP text content block. */
+export function textContent(text) {
+    return {
+        content: [{ type: 'text', text }],
+    };
+}
+/** Wrap multiple lines into a single text content block. */
+export function linesContent(...lines) {
+    return {
+        content: [{ type: 'text', text: lines.join('\n') }],
+    };
+}
+//# sourceMappingURL=format.js.map

package/dist/lib/format.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"format.js","sourceRoot":"","sources":["../../src/lib/format.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,MAAM,eAAe,GAAG,CAAC,CAAC,CAAC,iDAAiD;AAW5E,MAAM,UAAU,YAAY,CAAC,IAAY,EAAE,OAAwB,EAAE;IACnE,IAAI,IAAI,CAAC,QAAQ,KAAK,KAAK;QAAE,OAAO,IAAI,CAAC;IACzC,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC;IACzC,MAAM,QAAQ,GAAG,SAAS,GAAG,eAAe,CAAC;IAC7C,IAAI,IAAI,CAAC,MAAM,IAAI,QAAQ;QAAE,OAAO,IAAI,CAAC;IAEzC,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;IAC1C,MAAM,eAAe,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,MAAM,GAAG,QAAQ,CAAC,GAAG,eAAe,CAAC,CAAC;IAC9E,MAAM,IAAI,GAAG,IAAI,CAAC,YAAY;QAC5B,CAAC,CAAC,uBAAuB,eAAe,iBAAiB,IAAI,CAAC,YAAY,GAAG;QAC7E,CAAC,CAAC,uBAAuB,eAAe,eAAe,CAAC;IAC1D,OAAO,SAAS,GAAG,IAAI,CAAC;AAC1B,CAAC;AAED,2EAA2E;AAC3E,MAAM,UAAU,WAAW,CAAC,KAAc;IACxC,OAAO;QACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC;KAClE,CAAC;AACJ,CAAC;AAED,gEAAgE;AAChE,MAAM,UAAU,WAAW,CAAC,IAAY;IACtC,OAAO;QACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;KAClC,CAAC;AACJ,CAAC;AAED,4DAA4D;AAC5D,MAAM,UAAU,YAAY,CAAC,GAAG,KAAe;IAC7C,OAAO;QACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;KACpD,CAAC;AACJ,CAAC"}

package/dist/resources/prompts.js

@@ -0,0 +1,129 @@
+import { ResourceTemplate } from '@modelcontextprotocol/sdk/server/mcp.js';
+import { isPromptOTError } from '../lib/errors.js';
+/**
+ * MCP resources for the PromptOT prompt catalog.
+ *
+ * Resources differ from tools: they're URI-addressable, read-only, and show up
+ * in the @ picker in clients like Claude Desktop. Users can drop them into a
+ * conversation as context without invoking a tool call.
+ *
+ * Three resources:
+ *   - promptot://prompts                   — list of all prompts in the project
+ *   - promptot://prompts/{prompt_id}        — full prompt JSON with compiled output
+ *   - promptot://prompts/{prompt_id}/markdown — compiled prompt as raw markdown
+ *
+ * The markdown form is the lazy escape hatch for tools that truncate compiled
+ * output to protect the LLM context window.
+ */
+export function registerPromptResources(server, client) {
+    // ---------------------------------------------------------------------------
+    // promptot://prompts — list of all prompts
+    // ---------------------------------------------------------------------------
+    server.registerResource('prompts-list', 'promptot://prompts', {
+        title: 'PromptOT prompts',
+        description: 'List of all prompts in the project this MCP key is scoped to.',
+        mimeType: 'application/json',
+    }, async (uri) => {
+        try {
+            const data = await client.get('/api/v1/prompts', { tool: 'resource_list_prompts' });
+            return {
+                contents: [
+                    {
+                        uri: uri.href,
+                        mimeType: 'application/json',
+                        text: JSON.stringify(data, null, 2),
+                    },
+                ],
+            };
+        }
+        catch (err) {
+            if (isPromptOTError(err)) {
+                return {
+                    contents: [
+                        {
+                            uri: uri.href,
+                            mimeType: 'text/plain',
+                            text: `Error fetching prompts: ${err.message}`,
+                        },
+                    ],
+                };
+            }
+            throw err;
+        }
+    });
+    // ---------------------------------------------------------------------------
+    // promptot://prompts/{prompt_id} — full prompt as JSON
+    // ---------------------------------------------------------------------------
+    server.registerResource('prompt-detail', new ResourceTemplate('promptot://prompts/{prompt_id}', { list: undefined }), {
+        title: 'PromptOT prompt detail',
+        description: 'Full JSON of a single prompt including blocks, variables, and compiled output.',
+        mimeType: 'application/json',
+    }, async (uri, variables) => {
+        const promptId = String(variables.prompt_id);
+        try {
+            const data = await client.get(`/api/v1/prompts/${promptId}/full`, {
+                tool: 'resource_get_prompt',
+            });
+            return {
+                contents: [
+                    {
+                        uri: uri.href,
+                        mimeType: 'application/json',
+                        text: JSON.stringify(data, null, 2),
+                    },
+                ],
+            };
+        }
+        catch (err) {
+            if (isPromptOTError(err)) {
+                return {
+                    contents: [
+                        {
+                            uri: uri.href,
+                            mimeType: 'text/plain',
+                            text: `Error fetching prompt ${promptId}: ${err.message}`,
+                        },
+                    ],
+                };
+            }
+            throw err;
+        }
+    });
+    // ---------------------------------------------------------------------------
+    // promptot://prompts/{prompt_id}/markdown — compiled prompt as markdown
+    // ---------------------------------------------------------------------------
+    server.registerResource('prompt-markdown', new ResourceTemplate('promptot://prompts/{prompt_id}/markdown', { list: undefined }), {
+        title: 'PromptOT compiled prompt markdown',
+        description: 'Compiled prompt of a PromptOT prompt rendered as raw markdown — useful for dropping the full text into a conversation as context.',
+        mimeType: 'text/markdown',
+    }, async (uri, variables) => {
+        const promptId = String(variables.prompt_id);
+        try {
+            const data = await client.get(`/api/v1/prompts/${promptId}/compile`, { tool: 'resource_get_prompt_markdown' });
+            return {
+                contents: [
+                    {
+                        uri: uri.href,
+                        mimeType: 'text/markdown',
+                        text: data.compiled_prompt,
+                    },
+                ],
+            };
+        }
+        catch (err) {
+            if (isPromptOTError(err)) {
+                return {
+                    contents: [
+                        {
+                            uri: uri.href,
+                            mimeType: 'text/plain',
+                            text: `Error compiling prompt ${promptId}: ${err.message}`,
+                        },
+                    ],
+                };
+            }
+            throw err;
+        }
+    });
+}
+//# sourceMappingURL=prompts.js.map

package/dist/resources/prompts.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"prompts.js","sourceRoot":"","sources":["../../src/resources/prompts.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,gBAAgB,EAAE,MAAM,yCAAyC,CAAC;AAE3E,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAEnD;;;;;;;;;;;;;;GAcG;AACH,MAAM,UAAU,uBAAuB,CAAC,MAAiB,EAAE,MAAsB;IAC/E,8EAA8E;IAC9E,2CAA2C;IAC3C,8EAA8E;IAC9E,MAAM,CAAC,gBAAgB,CACrB,cAAc,EACd,oBAAoB,EACpB;QACE,KAAK,EAAE,kBAAkB;QACzB,WAAW,EAAE,+DAA+D;QAC5E,QAAQ,EAAE,kBAAkB;KAC7B,EACD,KAAK,EAAE,GAAG,EAAE,EAAE;QACZ,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,GAAG,CAC3B,iBAAiB,EACjB,EAAE,IAAI,EAAE,uBAAuB,EAAE,CAClC,CAAC;YACF,OAAO;gBACL,QAAQ,EAAE;oBACR;wBACE,GAAG,EAAE,GAAG,CAAC,IAAI;wBACb,QAAQ,EAAE,kBAAkB;wBAC5B,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;qBACpC;iBACF;aACF,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,eAAe,CAAC,GAAG,CAAC,EAAE,CAAC;gBACzB,OAAO;oBACL,QAAQ,EAAE;wBACR;4BACE,GAAG,EAAE,GAAG,CAAC,IAAI;4BACb,QAAQ,EAAE,YAAY;4BACtB,IAAI,EAAE,2BAA2B,GAAG,CAAC,OAAO,EAAE;yBAC/C;qBACF;iBACF,CAAC;YACJ,CAAC;YACD,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC,CACF,CAAC;IAEF,8EAA8E;IAC9E,uDAAuD;IACvD,8EAA8E;IAC9E,MAAM,CAAC,gBAAgB,CACrB,eAAe,EACf,IAAI,gBAAgB,CAAC,gCAAgC,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,EAC3E;QACE,KAAK,EAAE,wBAAwB;QAC/B,WAAW,EAAE,gFAAgF;QAC7F,QAAQ,EAAE,kBAAkB;KAC7B,EACD,KAAK,EAAE,GAAG,EAAE,SAAS,EAAE,EAAE;QACvB,MAAM,QAAQ,GAAG,MAAM,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;QAC7C,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,GAAG,CAAU,mBAAmB,QAAQ,OAAO,EAAE;gBACzE,IAAI,EAAE,qBAAqB;aAC5B,CAAC,CAAC;YACH,OAAO;gBACL,QAAQ,EAAE;oBACR;wBACE,GAAG,EAAE,GAAG,CAAC,IAAI;wBACb,QAAQ,EAAE,kBAAkB;wBAC5B,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;qBACpC;iBACF;aACF,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,eAAe,CAAC,GAAG,CAAC,EAAE,CAAC;gBACzB,OAAO;oBACL,QAAQ,EAAE;wBACR;4BACE,GAAG,EAAE,GAAG,CAAC,IAAI;4BACb,QAAQ,EAAE,YAAY;4BACtB,IAAI,EAAE,yBAAyB,QAAQ,KAAK,GAAG,CAAC,OAAO,EAAE;yBAC1D;qBACF;iBACF,CAAC;YACJ,CAAC;YACD,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC,CACF,CAAC;IAEF,8EAA8E;IAC9E,wEAAwE;IACxE,8EAA8E;IAC9E,MAAM,CAAC,gBAAgB,CACrB,iBAAiB,EACjB,IAAI,gBAAgB,CAAC,yCAAyC,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,EACpF;QACE,KAAK,EAAE,mCAAmC;QAC1C,WAAW,EAAE,mIAAmI;QAChJ,QAAQ,EAAE,eAAe;KAC1B,EACD,KAAK,EAAE,GAAG,EAAE,SAAS,EAAE,EAAE;QACvB,MAAM,QAAQ,GAAG,MAAM,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;QAC7C,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,GAAG,CAC3B,mBAAmB,QAAQ,UAAU,EACrC,EAAE,IAAI,EAAE,8BAA8B,EAAE,CACzC,CAAC;YACF,OAAO;gBACL,QAAQ,EAAE;oBACR;wBACE,GAAG,EAAE,GAAG,CAAC,IAAI;wBACb,QAAQ,EAAE,eAAe;wBACzB,IAAI,EAAE,IAAI,CAAC,eAAe;qBAC3B;iBACF;aACF,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,eAAe,CAAC,GAAG,CAAC,EAAE,CAAC;gBACzB,OAAO;oBACL,QAAQ,EAAE;wBACR;4BACE,GAAG,EAAE,GAAG,CAAC,IAAI;4BACb,QAAQ,EAAE,YAAY;4BACtB,IAAI,EAAE,0BAA0B,QAAQ,KAAK,GAAG,CAAC,OAAO,EAAE;yBAC3D;qBACF;iBACF,CAAC;YACJ,CAAC;YACD,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC,CACF,CAAC;AACJ,CAAC"}