@purplesquirrel/volcengine-mcp 1.0.0 → 1.0.3

package/.editorconfig

@@ -0,0 +1,21 @@
+root = true
+
+[*]
+indent_style = space
+indent_size = 2
+end_of_line = lf
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = true
+
+[*.md]
+trim_trailing_whitespace = false
+
+[*.{json,yml,yaml}]
+indent_size = 2
+
+[*.py]
+indent_size = 4
+
+[Makefile]
+indent_style = tab

package/.github/CODEOWNERS

@@ -0,0 +1,11 @@
+# Code Owners
+# These owners will be automatically requested for review on PRs
+
+# Default owner for everything
+* @PurpleSquirrelMedia
+
+# Workflows and CI
+.github/ @PurpleSquirrelMedia
+
+# Source code
+src/ @PurpleSquirrelMedia

package/.github/FUNDING.yml

@@ -0,0 +1,5 @@
+github: PurpleSquirrelMedia
+ko_fi: purplesquirrel
+buy_me_a_coffee: purplesquirrel
+custom:
+  - https://purplesquirrelmedia.github.io/.github/pricing.html

package/.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,29 @@
+---
+name: Bug Report
+about: Report a bug or issue
+title: '[BUG] '
+labels: bug
+assignees: ''
+---
+
+## Description
+A clear description of the bug.
+
+## Steps to Reproduce
+1.
+2.
+3.
+
+## Expected Behavior
+What you expected to happen.
+
+## Actual Behavior
+What actually happened.
+
+## Environment
+- OS:
+- Node.js version:
+- Package version:
+
+## Logs/Screenshots
+If applicable, add logs or screenshots.

package/.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,22 @@
+---
+name: Feature Request
+about: Suggest a new feature
+title: '[FEATURE] '
+labels: enhancement
+assignees: ''
+---
+
+## Description
+A clear description of the feature you'd like.
+
+## Use Case
+Why is this feature needed? What problem does it solve?
+
+## Proposed Solution
+How do you think this should work?
+
+## Alternatives Considered
+Any other approaches you've thought about.
+
+## Additional Context
+Any other relevant information.

package/.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,17 @@
+## Description
+Brief description of the changes.
+
+## Type of Change
+- [ ] Bug fix
+- [ ] New feature
+- [ ] Breaking change
+- [ ] Documentation update
+
+## Testing
+How was this tested?
+
+## Checklist
+- [ ] Code follows project style
+- [ ] Self-reviewed the code
+- [ ] Added/updated tests if needed
+- [ ] Updated documentation if needed

package/.github/dependabot.yml

@@ -5,8 +5,6 @@ updates:
     schedule:
       interval: "weekly"
     open-pull-requests-limit: 10
-    labels:
-      - "dependencies"
     commit-message:
       prefix: "chore(deps)"
 
@@ -14,8 +12,5 @@ updates:
     directory: "/"
     schedule:
       interval: "weekly"
-    labels:
-      - "dependencies"
-      - "github-actions"
     commit-message:
       prefix: "chore(ci)"

package/.github/labeler-config.yml

@@ -0,0 +1,33 @@
+dependencies:
+  - changed-files:
+      - any-glob-to-any-file:
+          - 'package.json'
+          - 'package-lock.json'
+          - 'requirements.txt'
+          - 'pyproject.toml'
+
+documentation:
+  - changed-files:
+      - any-glob-to-any-file:
+          - '**/*.md'
+          - 'docs/**'
+
+ci:
+  - changed-files:
+      - any-glob-to-any-file:
+          - '.github/**'
+
+source:
+  - changed-files:
+      - any-glob-to-any-file:
+          - 'src/**'
+          - 'index.js'
+          - 'index.ts'
+
+tests:
+  - changed-files:
+      - any-glob-to-any-file:
+          - 'test/**'
+          - 'tests/**'
+          - '**/*.test.js'
+          - '**/*.test.ts'

package/.github/release-drafter.yml

@@ -0,0 +1,38 @@
+name-template: 'v$RESOLVED_VERSION'
+tag-template: 'v$RESOLVED_VERSION'
+categories:
+  - title: '🚀 Features'
+    labels:
+      - 'feature'
+      - 'enhancement'
+  - title: '🐛 Bug Fixes'
+    labels:
+      - 'fix'
+      - 'bugfix'
+      - 'bug'
+  - title: '🧰 Maintenance'
+    labels:
+      - 'chore'
+      - 'dependencies'
+change-template: '- $TITLE @$AUTHOR (#$NUMBER)'
+change-title-escapes: '\<*_&'
+version-resolver:
+  major:
+    labels:
+      - 'major'
+  minor:
+    labels:
+      - 'minor'
+      - 'feature'
+  patch:
+    labels:
+      - 'patch'
+      - 'fix'
+      - 'bugfix'
+  default: patch
+template: |
+  ## Changes
+
+  $CHANGES
+
+  **Full Changelog**: https://github.com/$OWNER/$REPOSITORY/compare/$PREVIOUS_TAG...v$RESOLVED_VERSION

package/.github/workflows/codeql.yml

@@ -0,0 +1,40 @@
+name: CodeQL Security Scan
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+  schedule:
+    - cron: '0 6 * * 1'  # Weekly on Monday
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: ['javascript']
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v3
+        with:
+          languages: ${{ matrix.language }}
+
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@v3
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v3
+        with:
+          category: "/language:${{ matrix.language }}"

package/.github/workflows/docker-publish.yml

@@ -0,0 +1,46 @@
+name: Docker
+
+on:
+  release:
+    types: [published]
+  push:
+    branches: [main]
+
+env:
+  REGISTRY: ghcr.io
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Log in to Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ github.repository }}
+          tags: |
+            type=ref,event=branch
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+
+      - name: Build and push
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}

package/.github/workflows/labeler.yml

@@ -0,0 +1,16 @@
+name: Label PRs
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]
+
+jobs:
+  label:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: write
+    steps:
+      - uses: actions/labeler@v5
+        with:
+          repo-token: ${{ secrets.GITHUB_TOKEN }}

package/.github/workflows/npm-publish.yml

@@ -0,0 +1,38 @@
+name: Publish to npm
+
+on:
+  release:
+    types: [published]
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20.x'
+          registry-url: 'https://registry.npmjs.org'
+          cache: 'npm'
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Build
+        run: npm run build --if-present
+
+      - name: Update version from release tag
+        run: |
+          VERSION=${GITHUB_REF#refs/tags/v}
+          npm version $VERSION --no-git-tag-version --allow-same-version
+
+      - name: Publish to npm with provenance
+        run: npm publish --access public --provenance
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

package/.github/workflows/release-drafter.yml

@@ -0,0 +1,19 @@
+name: Release Drafter
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    types: [opened, reopened, synchronize]
+
+permissions:
+  contents: read
+  pull-requests: write
+
+jobs:
+  update_release_draft:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: release-drafter/release-drafter@v6
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

package/.github/workflows/scorecard.yml

@@ -0,0 +1,35 @@
+name: Scorecard analysis
+on:
+  branch_protection_rule:
+  schedule:
+    - cron: '0 7 * * 1'
+  push:
+    branches: [main]
+
+permissions: read-all
+
+jobs:
+  analysis:
+    name: Scorecard analysis
+    runs-on: ubuntu-latest
+    permissions:
+      security-events: write
+      id-token: write
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+
+      - name: Run analysis
+        uses: ossf/scorecard-action@v2.4.0
+        with:
+          results_file: results.sarif
+          results_format: sarif
+          publish_results: true
+
+      - name: Upload to code-scanning
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: results.sarif

package/.lintstagedrc.json

@@ -0,0 +1,4 @@
+{
+  "*.{js,ts}": ["eslint --fix", "prettier --write"],
+  "*.{json,md,yml,yaml}": ["prettier --write"]
+}

package/.nvmrc

@@ -0,0 +1 @@
+20

package/.prettierrc

@@ -0,0 +1,7 @@
+{
+  "semi": true,
+  "singleQuote": true,
+  "tabWidth": 2,
+  "trailingComma": "es5",
+  "printWidth": 100
+}

package/CHANGELOG.md

@@ -0,0 +1,26 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [1.0.1] - 2026-01-06
+
+### Fixed
+- Fixed npm package execution (added bin entry and compiled TypeScript)
+
+### Added
+- CI/CD workflows for automated testing and publishing
+- CodeQL security scanning
+- OpenSSF Scorecard analysis
+- Dependabot configuration
+- Issue and PR templates
+- Security policy and code of conduct
+
+## [1.0.0] - 2026-01-05
+
+### Added
+- Initial release
+- Full MCP server implementation
+- MIT license

package/CODE_OF_CONDUCT.md

@@ -0,0 +1,26 @@
+# Code of Conduct
+
+## Our Pledge
+
+We pledge to make participation in our community a harassment-free experience for everyone.
+
+## Our Standards
+
+**Positive behaviors:**
+- Using welcoming and inclusive language
+- Being respectful of differing viewpoints
+- Gracefully accepting constructive criticism
+- Focusing on what is best for the community
+
+**Unacceptable behaviors:**
+- Harassment, trolling, or personal attacks
+- Publishing others' private information
+- Other conduct which could reasonably be considered inappropriate
+
+## Enforcement
+
+Instances of abusive behavior may be reported to the project maintainers. All complaints will be reviewed and investigated promptly and fairly.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant](https://www.contributor-covenant.org), version 2.1.

package/CONTRIBUTING.md

@@ -0,0 +1,62 @@
+# Contributing
+
+Thank you for your interest in contributing! We welcome contributions from the community.
+
+## Getting Started
+
+1. Fork the repository
+2. Clone your fork: `git clone https://github.com/YOUR_USERNAME/REPO_NAME.git`
+3. Create a branch: `git checkout -b feature/your-feature-name`
+4. Make your changes
+5. Test your changes
+6. Commit: `git commit -m "Add your feature"`
+7. Push: `git push origin feature/your-feature-name`
+8. Open a Pull Request
+
+## Development Setup
+
+```bash
+# Install dependencies
+npm install
+
+# Run in development mode
+npm run dev
+
+# Run tests
+npm test
+```
+
+## Code Style
+
+- Use meaningful variable and function names
+- Add comments for complex logic
+- Follow existing code patterns
+- Keep functions small and focused
+
+## Pull Request Guidelines
+
+- Provide a clear description of the changes
+- Reference any related issues
+- Ensure all tests pass
+- Update documentation if needed
+
+## Reporting Issues
+
+When reporting issues, please include:
+
+- A clear description of the problem
+- Steps to reproduce
+- Expected vs actual behavior
+- Environment details (OS, Node.js version, etc.)
+
+## Code of Conduct
+
+Be respectful and inclusive. We're all here to learn and build together.
+
+## Questions?
+
+Feel free to open an issue for any questions or discussions.
+
+## License
+
+By contributing, you agree that your contributions will be licensed under the MIT License.

package/Dockerfile

@@ -0,0 +1,18 @@
+FROM node:20-alpine
+
+WORKDIR /app
+
+# Copy package files
+COPY package*.json ./
+
+# Install dependencies
+RUN npm ci --only=production
+
+# Copy source
+COPY . .
+
+# Build if needed
+RUN npm run build --if-present
+
+# Run the server
+CMD ["node", "dist/index.js"]

package/README.md

@@ -1,7 +1,11 @@
 [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+
+[![npm version](https://img.shields.io/npm/v/@purplesquirrel/volcengine-mcp.svg)](https://www.npmjs.com/package/@purplesquirrel/volcengine-mcp) [![npm downloads](https://img.shields.io/npm/dm/@purplesquirrel/volcengine-mcp.svg)](https://www.npmjs.com/package/@purplesquirrel/volcengine-mcp) [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+
 [![MCP](https://img.shields.io/badge/MCP-Server-blue)](https://modelcontextprotocol.io)
 [![Doubao](https://img.shields.io/badge/ByteDance-Doubao-00D1C1)](https://www.volcengine.com)
 [![CI](https://github.com/PurpleSquirrelMedia/volcengine-mcp/actions/workflows/ci.yml/badge.svg)](https://github.com/PurpleSquirrelMedia/volcengine-mcp/actions/workflows/ci.yml)
+[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/PurpleSquirrelMedia/volcengine-mcp/badge)](https://securityscorecards.dev/viewer/?uri=github.com/PurpleSquirrelMedia/volcengine-mcp)
 
 # Volcano Engine MCP Server
 
@@ -162,3 +166,14 @@ Matthew Karsten
 ## License
 
 MIT
+
+
+## 💜 Support This Project
+
+If this MCP server is useful to you, consider supporting its development:
+
+[![GitHub Sponsors](https://img.shields.io/badge/Sponsor-GitHub-ea4aaa?style=for-the-badge&logo=github)](https://github.com/sponsors/PurpleSquirrelMedia)
+[![Buy Me a Coffee](https://img.shields.io/badge/Buy%20Me%20a%20Coffee-ffdd00?style=for-the-badge&logo=buy-me-a-coffee&logoColor=black)](https://buymeacoffee.com/purplesquirrel)
+
+**Enterprise support available** - [Contact us](mailto:enterprise@purplesquirrel.media) for SLAs, custom development, and priority support.
+

package/SECURITY.md

@@ -0,0 +1,34 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 1.x.x   | :white_check_mark: |
+
+## Reporting a Vulnerability
+
+We take security seriously. If you discover a security vulnerability, please report it responsibly.
+
+### How to Report
+
+1. **Do NOT open a public issue** for security vulnerabilities
+2. Email security concerns to: security@purplesquirrel.media
+3. Or use GitHub's private vulnerability reporting feature
+
+### What to Include
+
+- Description of the vulnerability
+- Steps to reproduce
+- Potential impact
+- Suggested fix (if any)
+
+### Response Timeline
+
+- **Initial response**: Within 48 hours
+- **Status update**: Within 1 week
+- **Fix timeline**: Depends on severity, typically within 30 days
+
+### Recognition
+
+We appreciate responsible disclosure and will acknowledge security researchers who report valid vulnerabilities.

package/package.json

@@ -1,11 +1,15 @@
 {
   "name": "@purplesquirrel/volcengine-mcp",
-  "version": "1.0.0",
+  "version": "1.0.3",
   "description": "MCP server for ByteDance Volcano Engine (Doubao) integration with Claude Code",
   "main": "index.js",
   "type": "module",
+  "bin": {
+    "volcengine-mcp": "./index.js"
+  },
   "scripts": {
-    "start": "node index.js"
+    "start": "node index.js",
+    "prepare": "husky install || true"
   },
   "keywords": [
     "mcp",
@@ -20,5 +24,17 @@
   "license": "MIT",
   "dependencies": {
     "@modelcontextprotocol/sdk": "^1.24.0"
+  },
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "devDependencies": {
+    "husky": "^9.0.0",
+    "lint-staged": "^15.0.0",
+    "prettier": "^3.0.0"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/PurpleSquirrelMedia/volcengine-mcp"
   }
 }

package/test/smoke.test.js

@@ -0,0 +1,34 @@
+#!/usr/bin/env node
+
+/**
+ * Smoke test - verifies the package can be imported
+ */
+
+const { spawn } = require('child_process');
+const path = require('path');
+
+async function test() {
+  console.log('Running smoke test...');
+
+  // Test 1: Package can be required
+  try {
+    const pkg = require('./package.json');
+    console.log(`✓ Package ${pkg.name}@${pkg.version} loaded`);
+  } catch (err) {
+    console.error('✗ Failed to load package.json');
+    process.exit(1);
+  }
+
+  // Test 2: Main entry point exists
+  try {
+    const main = require('.');
+    console.log('✓ Main entry point loaded');
+  } catch (err) {
+    console.error('✗ Failed to load main entry:', err.message);
+    process.exit(1);
+  }
+
+  console.log('All smoke tests passed!');
+}
+
+test();