@re9ti/timesheet-mcp 1.0.0

package/README.md

@@ -0,0 +1,90 @@
+# @re9ti/timesheet-mcp
+
+MCP Server para integrar o **Claude** (Code, Desktop, Web) com o **Timesheet Inteligente RE9TI**.
+
+Lance timesheets, consulte horas, gerencie timers — tudo via linguagem natural no Claude.
+
+## Setup rápido
+
+```bash
+npx @re9ti/timesheet-mcp setup
+```
+
+O wizard vai:
+1. Pedir seu email e senha do Timesheet
+2. Validar suas credenciais
+3. Configurar o Claude Code e/ou Desktop automaticamente
+
+Reinicie o Claude e pronto!
+
+## Uso
+
+Depois de configurado, fale naturalmente com o Claude:
+
+| Exemplo | O que faz |
+|---------|-----------|
+| "Lança 2h para cliente Silva, reunião de alinhamento" | Cria timesheet |
+| "Quantas horas trabalhei hoje?" | Resumo do dia |
+| "Lista meus lançamentos da semana" | Lista timesheets |
+| "Inicia timer para projeto X" | Inicia cronômetro |
+| "Para o timer" | Para e registra |
+| "Quais clientes tenho?" | Lista clientes |
+
+## Ferramentas disponíveis
+
+| Ferramenta | Descrição |
+|------------|-----------|
+| `login` | Autenticar no sistema |
+| `criar_timesheet` | Criar lançamento |
+| `listar_timesheets` | Listar lançamentos |
+| `consultar_horas` | Resumo de horas + top apps |
+| `listar_clientes` | Clientes disponíveis |
+| `listar_contratos` | Contratos por cliente |
+| `chat_timesheet` | Linguagem natural |
+| `timer_iniciar` | Iniciar cronômetro |
+| `timer_parar` | Parar cronômetro |
+| `timer_pausar` | Pausar cronômetro |
+| `timer_retomar` | Retomar cronômetro |
+| `timer_status` | Status dos timers |
+
+## Segurança
+
+- Sua senha é usada **apenas uma vez** durante o setup e **nunca é armazenada**
+- O setup gera um **device token** (90 dias, revogável) que é salvo no config
+- O admin pode revogar o token a qualquer momento no painel Dispositivos
+- Quando o token expirar, re-execute `npx @re9ti/timesheet-mcp setup`
+
+## Configuração manual
+
+Se preferir configurar manualmente, adicione ao `settings.json` do Claude Code (`~/.claude/settings.json`):
+
+```json
+{
+  "mcpServers": {
+    "timesheet-re9ti": {
+      "command": "npx",
+      "args": ["-y", "@re9ti/timesheet-mcp"],
+      "env": {
+        "TIMESHEET_API_URL": "https://timesheet.re9ti.com.br",
+        "TIMESHEET_DEVICE_TOKEN": "seu-token-aqui"
+      }
+    }
+  }
+}
+```
+
+Para obter um token manualmente, use `POST /auth/login-device` na API.
+
+## Variáveis de ambiente
+
+| Variável | Default | Descrição |
+|----------|---------|-----------|
+| `TIMESHEET_API_URL` | `https://timesheet.re9ti.com.br` | URL da API |
+| `TIMESHEET_DEVICE_TOKEN` | — | Token de dispositivo (preferido) |
+| `TIMESHEET_EMAIL` | — | Email (fallback legacy) |
+| `TIMESHEET_PASSWORD` | — | Senha (fallback legacy) |
+
+## Requisitos
+
+- Node.js >= 18
+- Conta no Timesheet Inteligente RE9TI

package/bin/cli.js

@@ -0,0 +1,25 @@
+#!/usr/bin/env node
+
+/**
+ * CLI entry point for @re9ti/timesheet-mcp
+ *
+ * Usage:
+ *   npx @re9ti/timesheet-mcp          → run MCP server (stdio)
+ *   npx @re9ti/timesheet-mcp setup    → interactive setup wizard
+ */
+
+import { createRequire } from "module";
+import { fileURLToPath } from "url";
+import { dirname, join } from "path";
+
+const __dirname = dirname(fileURLToPath(import.meta.url));
+
+const command = process.argv[2];
+
+if (command === "setup") {
+  const setup = await import(join(__dirname, "..", "dist", "setup.js"));
+  setup.default();
+} else {
+  // Default: run MCP server via stdio
+  await import(join(__dirname, "..", "dist", "index.js"));
+}

package/dist/api.d.ts

@@ -0,0 +1,36 @@
+/**
+ * HTTP client for the Timesheet Inteligente API.
+ *
+ * Auth priority:
+ *   1. TIMESHEET_DEVICE_TOKEN (device token from setup wizard — preferred, no password stored)
+ *   2. TIMESHEET_EMAIL + TIMESHEET_PASSWORD (legacy fallback)
+ */
+export declare function setCredentials(e: string, p: string): void;
+export declare function setDeviceToken(token: string): void;
+/**
+ * Obtain a device token via login-device endpoint.
+ * Used by the setup wizard — exchanges email+password for a long-lived revocable token.
+ */
+export declare function obtainDeviceToken(loginEmail: string, loginPassword: string): Promise<{
+    device_token: string;
+    user_id: string;
+    org_id: string;
+    user_name: string;
+    user_email: string;
+} | null>;
+/**
+ * Login with email/password (legacy fallback).
+ */
+export declare function login(overrideEmail?: string, overridePassword?: string): Promise<boolean>;
+/**
+ * Make an authenticated API call.
+ * Uses device token (Bearer) if available, falls back to session cookie/token.
+ */
+export declare function api(method: string, path: string, options?: {
+    params?: Record<string, string | number>;
+    body?: unknown;
+}): Promise<Record<string, unknown>>;
+export declare function getApiUrl(): string;
+export declare function getEmail(): string;
+export declare function isAuthenticated(): boolean;
+export declare function hasDeviceToken(): boolean;

package/dist/api.js

@@ -0,0 +1,144 @@
+/**
+ * HTTP client for the Timesheet Inteligente API.
+ *
+ * Auth priority:
+ *   1. TIMESHEET_DEVICE_TOKEN (device token from setup wizard — preferred, no password stored)
+ *   2. TIMESHEET_EMAIL + TIMESHEET_PASSWORD (legacy fallback)
+ */
+import { randomUUID } from "crypto";
+import { hostname } from "os";
+const API_URL = process.env.TIMESHEET_API_URL || "https://timesheet.re9ti.com.br";
+// Device token auth (preferred)
+let deviceToken = process.env.TIMESHEET_DEVICE_TOKEN || null;
+// Legacy email/password fallback
+let email = process.env.TIMESHEET_EMAIL || "";
+let password = process.env.TIMESHEET_PASSWORD || "";
+// Session state
+let authToken = null;
+let authCookie = null;
+export function setCredentials(e, p) {
+    email = e;
+    password = p;
+}
+export function setDeviceToken(token) {
+    deviceToken = token;
+}
+/**
+ * Obtain a device token via login-device endpoint.
+ * Used by the setup wizard — exchanges email+password for a long-lived revocable token.
+ */
+export async function obtainDeviceToken(loginEmail, loginPassword) {
+    const deviceId = `mcp-${randomUUID()}`;
+    const resp = await fetch(`${API_URL}/auth/login-device`, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({
+            email: loginEmail,
+            password: loginPassword,
+            device_id: deviceId,
+            hostname: `mcp-${hostname()}`,
+        }),
+    });
+    if (!resp.ok)
+        return null;
+    const data = (await resp.json());
+    // Store for immediate use
+    deviceToken = data.device_token;
+    return data;
+}
+/**
+ * Login with email/password (legacy fallback).
+ */
+export async function login(overrideEmail, overridePassword) {
+    const loginEmail = overrideEmail || email;
+    const loginPassword = overridePassword || password;
+    if (!loginEmail || !loginPassword) {
+        return false;
+    }
+    const resp = await fetch(`${API_URL}/auth/login`, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({ email: loginEmail, password: loginPassword }),
+    });
+    if (!resp.ok)
+        return false;
+    const data = (await resp.json());
+    authToken = data.token ?? null;
+    const setCookie = resp.headers.get("set-cookie");
+    if (setCookie) {
+        const match = setCookie.match(/att_session=([^;]+)/);
+        if (match)
+            authCookie = match[1];
+    }
+    if (overrideEmail)
+        email = overrideEmail;
+    if (overridePassword)
+        password = overridePassword;
+    return true;
+}
+/**
+ * Make an authenticated API call.
+ * Uses device token (Bearer) if available, falls back to session cookie/token.
+ */
+export async function api(method, path, options = {}) {
+    // Auto-authenticate if needed
+    if (!deviceToken && !authToken && !authCookie) {
+        await login();
+    }
+    const url = new URL(path, API_URL);
+    if (options.params) {
+        for (const [k, v] of Object.entries(options.params)) {
+            if (v !== undefined && v !== null && v !== "") {
+                url.searchParams.set(k, String(v));
+            }
+        }
+    }
+    const headers = { "Content-Type": "application/json" };
+    // Auth priority: device token > cookie > JWT
+    if (deviceToken) {
+        headers["Authorization"] = `Bearer ${deviceToken}`;
+    }
+    else if (authCookie) {
+        headers["Cookie"] = `att_session=${authCookie}`;
+    }
+    else if (authToken) {
+        headers["Authorization"] = `Bearer ${authToken}`;
+    }
+    let resp = await fetch(url.toString(), {
+        method,
+        headers,
+        body: options.body ? JSON.stringify(options.body) : undefined,
+    });
+    // On 401, try re-login (only for legacy email/password mode)
+    if (resp.status === 401 && !deviceToken) {
+        const ok = await login();
+        if (ok) {
+            if (authCookie)
+                headers["Cookie"] = `att_session=${authCookie}`;
+            else if (authToken)
+                headers["Authorization"] = `Bearer ${authToken}`;
+            resp = await fetch(url.toString(), {
+                method,
+                headers,
+                body: options.body ? JSON.stringify(options.body) : undefined,
+            });
+        }
+    }
+    if (!resp.ok) {
+        const text = await resp.text();
+        return { error: true, status: resp.status, detail: text };
+    }
+    return (await resp.json());
+}
+export function getApiUrl() {
+    return API_URL;
+}
+export function getEmail() {
+    return email;
+}
+export function isAuthenticated() {
+    return !!(deviceToken || authToken || authCookie);
+}
+export function hasDeviceToken() {
+    return !!deviceToken;
+}

package/dist/index.d.ts

@@ -0,0 +1,7 @@
+/**
+ * MCP Server for Timesheet Inteligente — RE9TI
+ *
+ * Exposes timesheet management tools to Claude via Model Context Protocol.
+ * Runs over stdio transport (standard for Claude Code / Desktop).
+ */
+export {};

package/dist/index.js

@@ -0,0 +1,391 @@
+/**
+ * MCP Server for Timesheet Inteligente — RE9TI
+ *
+ * Exposes timesheet management tools to Claude via Model Context Protocol.
+ * Runs over stdio transport (standard for Claude Code / Desktop).
+ */
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
+import { z } from "zod";
+import { api, login, setCredentials, getEmail, hasDeviceToken } from "./api.js";
+const server = new McpServer({
+    name: "timesheet-re9ti",
+    version: "1.0.0",
+});
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+function fmt(seconds) {
+    const h = Math.floor(seconds / 3600);
+    const m = Math.floor((seconds % 3600) / 60);
+    return `${h}h${m.toString().padStart(2, "0")}min`;
+}
+function today() {
+    return new Date().toISOString().slice(0, 10);
+}
+function nowHHMM() {
+    return new Date().toTimeString().slice(0, 5);
+}
+// ---------------------------------------------------------------------------
+// Tools
+// ---------------------------------------------------------------------------
+server.tool("login", "Autenticar no sistema de timesheet. Normalmente desnecessário — o token de dispositivo do setup já autentica automaticamente. Use apenas se precisar trocar de conta.", { email: z.string().optional(), password: z.string().optional() }, async ({ email: e, password: p }) => {
+    if (hasDeviceToken()) {
+        return {
+            content: [
+                {
+                    type: "text",
+                    text: "Já autenticado via token de dispositivo (configurado no setup). Não é necessário login manual.",
+                },
+            ],
+        };
+    }
+    if (e)
+        setCredentials(e, p || "");
+    const ok = await login(e, p);
+    return {
+        content: [
+            {
+                type: "text",
+                text: ok
+                    ? `Login realizado com sucesso como ${getEmail()}`
+                    : "Falha no login. Verifique email e senha.",
+            },
+        ],
+    };
+});
+server.tool("criar_timesheet", `Criar um novo lançamento de timesheet.
+Informe descricao + cliente + (hora_inicio/hora_fim OU duracao_minutos).
+Data default = hoje. Horário default = agora.`, {
+    descricao: z.string().describe("Descrição do trabalho realizado"),
+    cliente: z.string().describe("Nome do cliente"),
+    data: z.string().optional().describe("Data YYYY-MM-DD (default: hoje)"),
+    hora_inicio: z.string().optional().describe("HH:MM início"),
+    hora_fim: z.string().optional().describe("HH:MM fim"),
+    duracao_minutos: z.number().optional().describe("Duração em minutos"),
+    projeto: z.string().optional().describe("Nome do projeto/contrato"),
+    cobravel: z.boolean().optional().describe("Hora cobrável (default: true)"),
+    profissional: z.string().optional().describe("Nome do profissional"),
+    referencia: z.string().optional().describe("Referência externa"),
+}, async (args) => {
+    const targetDate = args.data || today();
+    let startedAt;
+    let endedAt;
+    let durationS;
+    if (args.hora_inicio && args.hora_fim) {
+        startedAt = `${targetDate}T${args.hora_inicio}:00`;
+        endedAt = `${targetDate}T${args.hora_fim}:00`;
+        durationS = (new Date(endedAt).getTime() - new Date(startedAt).getTime()) / 1000;
+    }
+    else if (args.duracao_minutos && args.duracao_minutos > 0) {
+        durationS = args.duracao_minutos * 60;
+        if (args.hora_inicio) {
+            startedAt = `${targetDate}T${args.hora_inicio}:00`;
+            const end = new Date(new Date(startedAt).getTime() + durationS * 1000);
+            endedAt = `${targetDate}T${end.toTimeString().slice(0, 5)}:00`;
+        }
+        else {
+            const now = new Date();
+            endedAt = `${targetDate}T${nowHHMM()}:00`;
+            const start = new Date(now.getTime() - durationS * 1000);
+            startedAt = `${targetDate}T${start.toTimeString().slice(0, 5)}:00`;
+        }
+    }
+    else {
+        return {
+            content: [
+                {
+                    type: "text",
+                    text: "Erro: informe hora_inicio + hora_fim OU duracao_minutos.",
+                },
+            ],
+        };
+    }
+    if (durationS <= 0) {
+        return {
+            content: [{ type: "text", text: "Erro: duração deve ser positiva." }],
+        };
+    }
+    const body = {
+        client_name: args.cliente,
+        description: args.descricao,
+        started_at: startedAt,
+        ended_at: endedAt,
+        duration_s: durationS,
+        billable: args.cobravel !== false,
+        source_type: "mcp",
+        status: "draft",
+    };
+    if (args.projeto)
+        body.project_name = args.projeto;
+    if (args.profissional)
+        body.professional_name = args.profissional;
+    if (args.referencia)
+        body.entry_reference = args.referencia;
+    const result = await api("POST", "/api/v1/timesheets", { body });
+    if (result.error) {
+        return {
+            content: [
+                { type: "text", text: `Erro ao criar timesheet: ${result.detail}` },
+            ],
+        };
+    }
+    return {
+        content: [
+            {
+                type: "text",
+                text: [
+                    "Timesheet criado com sucesso!",
+                    `- ID: ${result.timesheet_id}`,
+                    `- Cliente: ${args.cliente}`,
+                    `- Data: ${targetDate}`,
+                    `- Duração: ${fmt(durationS)}`,
+                    `- Cobrável: ${args.cobravel !== false ? "Sim" : "Não"}`,
+                    `- Status: rascunho`,
+                ].join("\n"),
+            },
+        ],
+    };
+});
+server.tool("listar_timesheets", "Listar lançamentos de timesheet com filtros por data, cliente, profissional.", {
+    data_inicio: z.string().optional().describe("Data inicial YYYY-MM-DD (default: hoje)"),
+    data_fim: z.string().optional().describe("Data final YYYY-MM-DD (default: hoje)"),
+    cliente: z.string().optional().describe("Filtrar por cliente"),
+    profissional: z.string().optional().describe("Filtrar por profissional"),
+    fonte: z.string().optional().describe("local | glpi | both (default: local)"),
+    limite: z.number().optional().describe("Máximo de resultados (default: 20)"),
+}, async (args) => {
+    const params = {
+        date_from: args.data_inicio || today(),
+        date_to: args.data_fim || today(),
+        limit: args.limite || 20,
+    };
+    if (args.cliente)
+        params.client_name = args.cliente;
+    if (args.profissional)
+        params.professional_name = args.profissional;
+    if (args.fonte && args.fonte !== "local")
+        params.source = args.fonte;
+    const result = await api("GET", "/api/v1/timesheets", { params });
+    if (result.error) {
+        return {
+            content: [{ type: "text", text: `Erro: ${result.detail}` }],
+        };
+    }
+    const entries = (result.timesheets || result.entries || []);
+    if (!entries.length) {
+        return {
+            content: [{ type: "text", text: "Nenhum lançamento encontrado." }],
+        };
+    }
+    let totalS = 0;
+    const lines = [`**${entries.length} lançamento(s):**\n`];
+    for (const ts of entries) {
+        const dur = ts.duration_s || 0;
+        totalS += dur;
+        const billable = ts.billable ? "$$" : "--";
+        lines.push(`- [${billable}] ${ts.date || "?"} ${ts.time_start || "?"}-${ts.time_end || "?"} (${fmt(dur)}) | ${ts.client_name || "?"} | ${(ts.description || "").slice(0, 60)} [${ts.status}]`);
+    }
+    lines.push(`\n**Total: ${fmt(totalS)}**`);
+    return { content: [{ type: "text", text: lines.join("\n") }] };
+});
+server.tool("consultar_horas", "Consultar resumo de horas trabalhadas no período, com top apps.", {
+    data_inicio: z.string().optional().describe("YYYY-MM-DD (default: hoje)"),
+    data_fim: z.string().optional().describe("YYYY-MM-DD (default: hoje)"),
+}, async (args) => {
+    const params = {
+        date_from: args.data_inicio || today(),
+        date_to: args.data_fim || today(),
+    };
+    const result = await api("GET", "/api/v1/timesheet", { params });
+    if (result.error) {
+        return { content: [{ type: "text", text: `Erro: ${result.detail}` }] };
+    }
+    const total = result.total_seconds || 0;
+    const active = result.active_seconds || 0;
+    const idle = result.idle_seconds || 0;
+    const entries = (result.entries || []);
+    const appTotals = {};
+    for (const e of entries) {
+        const app = e.app_name || "?";
+        appTotals[app] = (appTotals[app] || 0) + (e.total_seconds || 0);
+    }
+    const lines = [
+        `**Resumo (${params.date_from} a ${params.date_to}):**\n`,
+        `- Total capturado: ${fmt(total)}`,
+        `- Ativo: ${fmt(active)}`,
+        `- Ocioso: ${fmt(idle)}`,
+        `- Apps distintos: ${new Set(entries.map((e) => e.app_name)).size}`,
+    ];
+    const sorted = Object.entries(appTotals).sort((a, b) => b[1] - a[1]);
+    if (sorted.length) {
+        lines.push("\n**Top apps:**");
+        for (const [app, secs] of sorted.slice(0, 8)) {
+            lines.push(`- ${app}: ${fmt(secs)}`);
+        }
+    }
+    return { content: [{ type: "text", text: lines.join("\n") }] };
+});
+server.tool("listar_clientes", "Listar clientes disponíveis (GLPI + manuais).", {}, async () => {
+    const result = await api("GET", "/api/v1/glpi/clients");
+    if (result.error) {
+        return { content: [{ type: "text", text: `Erro: ${result.detail}` }] };
+    }
+    const clients = (Array.isArray(result) ? result : result.clients || []);
+    if (!clients.length) {
+        return { content: [{ type: "text", text: "Nenhum cliente encontrado." }] };
+    }
+    const lines = [`**${clients.length} cliente(s):**\n`];
+    for (const c of clients.slice(0, 50)) {
+        lines.push(`- [${c.id}] ${c.name || c.completename}`);
+    }
+    if (clients.length > 50)
+        lines.push(`\n... e mais ${clients.length - 50}`);
+    return { content: [{ type: "text", text: lines.join("\n") }] };
+});
+server.tool("listar_contratos", "Listar contratos disponíveis, opcionalmente filtrados por cliente.", { cliente_id: z.number().optional().describe("ID do cliente (0 = todos)") }, async (args) => {
+    const params = {};
+    if (args.cliente_id)
+        params.entity_id = args.cliente_id;
+    const result = await api("GET", "/api/v1/glpi/contracts", { params });
+    if (result.error) {
+        return { content: [{ type: "text", text: `Erro: ${result.detail}` }] };
+    }
+    const contracts = (Array.isArray(result) ? result : result.contracts || []);
+    if (!contracts.length) {
+        return { content: [{ type: "text", text: "Nenhum contrato encontrado." }] };
+    }
+    const lines = [`**${contracts.length} contrato(s):**\n`];
+    for (const c of contracts.slice(0, 30)) {
+        lines.push(`- [${c.id}] ${c.name}`);
+    }
+    return { content: [{ type: "text", text: lines.join("\n") }] };
+});
+server.tool("chat_timesheet", `Enviar mensagem em linguagem natural para criar/consultar timesheets.
+Exemplos: "Lançar 2h para Silva, reunião" / "Quantas horas hoje?" / "Listar semana"`, { mensagem: z.string().describe("Mensagem em linguagem natural") }, async (args) => {
+    const result = await api("POST", "/api/v1/chat/message", {
+        body: { message: args.mensagem, mode: "direct" },
+    });
+    if (result.error) {
+        return { content: [{ type: "text", text: `Erro: ${result.detail}` }] };
+    }
+    const reply = result.reply || "Sem resposta";
+    const action = result.action;
+    let text = reply;
+    if (action?.type === "created") {
+        text += `\n\nTimesheet criado com ID: ${action.timesheet_id}`;
+    }
+    else if (action?.type === "prefill") {
+        const data = action.data || {};
+        text += `\n\nDados extraídos:\n- Cliente: ${data.client_name}\n- Duração: ${Math.floor((data.duration_s || 0) / 60)} min\n- Descrição: ${data.description}\n\nUse criar_timesheet para confirmar.`;
+    }
+    return { content: [{ type: "text", text }] };
+});
+// --- Timer tools ---
+server.tool("timer_iniciar", "Iniciar um timer/cronômetro de trabalho.", {
+    cliente: z.string().optional().describe("Nome do cliente"),
+    projeto: z.string().optional().describe("Nome do projeto"),
+    descricao: z.string().optional().describe("Descrição do trabalho"),
+}, async (args) => {
+    const body = {};
+    if (args.cliente)
+        body.client_name = args.cliente;
+    if (args.projeto)
+        body.project_name = args.projeto;
+    if (args.descricao)
+        body.description = args.descricao;
+    const result = await api("POST", "/api/v1/timesheets/timer/start", { body });
+    if (result.error) {
+        return { content: [{ type: "text", text: `Erro: ${result.detail}` }] };
+    }
+    return {
+        content: [
+            {
+                type: "text",
+                text: `Timer iniciado!\n- ID: ${result.entry_id}\n- Início: ${result.started_at}\nUse timer_parar quando terminar.`,
+            },
+        ],
+    };
+});
+server.tool("timer_parar", "Parar um timer e converter em lançamento de timesheet.", { timer_id: z.string().optional().describe("ID do timer (vazio = timer ativo)") }, async (args) => {
+    let timerId = args.timer_id;
+    if (!timerId) {
+        const status = await api("GET", "/api/v1/timesheets/timer/status");
+        if (status.error) {
+            return { content: [{ type: "text", text: `Erro: ${status.detail}` }] };
+        }
+        const timers = status.timers || [];
+        const running = timers.find((t) => t.status === "running");
+        timerId = (running || timers[0])?.entry_id || "";
+        if (!timerId) {
+            return { content: [{ type: "text", text: "Nenhum timer ativo." }] };
+        }
+    }
+    const result = await api("POST", `/api/v1/timesheets/timer/stop/${timerId}`);
+    if (result.error) {
+        return { content: [{ type: "text", text: `Erro: ${result.detail}` }] };
+    }
+    const dur = result.duration_s || 0;
+    return {
+        content: [
+            {
+                type: "text",
+                text: [
+                    "Timer parado!",
+                    `- Duração: ${fmt(dur)}`,
+                    `- Horário: ${result.time_start} - ${result.time_end}`,
+                    `- Cliente: ${result.client_name || "-"}`,
+                    `- Descrição: ${result.description || "-"}`,
+                ].join("\n"),
+            },
+        ],
+    };
+});
+server.tool("timer_status", "Verificar status dos timers ativos.", {}, async () => {
+    const result = await api("GET", "/api/v1/timesheets/timer/status");
+    if (result.error) {
+        return { content: [{ type: "text", text: `Erro: ${result.detail}` }] };
+    }
+    const timers = result.timers || [];
+    if (!timers.length) {
+        return { content: [{ type: "text", text: "Nenhum timer ativo." }] };
+    }
+    const lines = [`**${timers.length} timer(s):**\n`];
+    for (const t of timers) {
+        const elapsed = t.elapsed_s || 0;
+        const icon = t.status === "running" ? "▶" : "⏸";
+        lines.push(`- ${icon} [${(t.entry_id || "").slice(0, 8)}] ${fmt(elapsed)} | ${t.client_name || "-"} | ${t.description || "-"} (${t.status})`);
+    }
+    return { content: [{ type: "text", text: lines.join("\n") }] };
+});
+server.tool("timer_pausar", "Pausar um timer ativo.", { timer_id: z.string().describe("ID do timer") }, async (args) => {
+    const result = await api("POST", `/api/v1/timesheets/timer/pause/${args.timer_id}`);
+    if (result.error) {
+        return { content: [{ type: "text", text: `Erro: ${result.detail}` }] };
+    }
+    return {
+        content: [
+            { type: "text", text: `Timer pausado. Acumulado: ${fmt(result.elapsed_s || 0)}` },
+        ],
+    };
+});
+server.tool("timer_retomar", "Retomar um timer pausado.", { timer_id: z.string().describe("ID do timer") }, async (args) => {
+    const result = await api("POST", `/api/v1/timesheets/timer/resume/${args.timer_id}`);
+    if (result.error) {
+        return { content: [{ type: "text", text: `Erro: ${result.detail}` }] };
+    }
+    return {
+        content: [{ type: "text", text: `Timer retomado! Status: ${result.status}` }],
+    };
+});
+// ---------------------------------------------------------------------------
+// Start server
+// ---------------------------------------------------------------------------
+async function main() {
+    const transport = new StdioServerTransport();
+    await server.connect(transport);
+}
+main().catch((err) => {
+    console.error("Fatal:", err);
+    process.exit(1);
+});

package/dist/setup.d.ts

@@ -0,0 +1,12 @@
+/**
+ * Interactive setup wizard for @re9ti/timesheet-mcp.
+ *
+ * Security model:
+ *   1. User provides email + password ONCE during setup
+ *   2. We exchange them for a device token (90-day, revocable)
+ *   3. Only the device token is saved to config — password is NEVER stored
+ *   4. Token can be revoked by admin in the Timesheet dashboard
+ *
+ * Run: npx @re9ti/timesheet-mcp setup
+ */
+export default function setup(): Promise<void>;

package/dist/setup.js

@@ -0,0 +1,165 @@
+/**
+ * Interactive setup wizard for @re9ti/timesheet-mcp.
+ *
+ * Security model:
+ *   1. User provides email + password ONCE during setup
+ *   2. We exchange them for a device token (90-day, revocable)
+ *   3. Only the device token is saved to config — password is NEVER stored
+ *   4. Token can be revoked by admin in the Timesheet dashboard
+ *
+ * Run: npx @re9ti/timesheet-mcp setup
+ */
+import { createInterface } from "readline";
+import { existsSync, mkdirSync, readFileSync, writeFileSync } from "fs";
+import { homedir, hostname } from "os";
+import { join } from "path";
+import { randomUUID } from "crypto";
+const rl = createInterface({ input: process.stdin, output: process.stdout });
+function ask(question, defaultVal = "") {
+    const suffix = defaultVal ? ` [${defaultVal}]` : "";
+    return new Promise((resolve) => {
+        rl.question(`${question}${suffix}: `, (answer) => {
+            resolve(answer.trim() || defaultVal);
+        });
+    });
+}
+function banner() {
+    console.log(`
+╔══════════════════════════════════════════════════╗
+║     Timesheet Inteligente — MCP Setup            ║
+║     Integração com Claude Code / Desktop         ║
+╚══════════════════════════════════════════════════╝
+`);
+}
+function getClaudeCodeSettingsPath() {
+    return join(homedir(), ".claude", "settings.json");
+}
+function getClaudeDesktopConfigPath() {
+    const platform = process.platform;
+    if (platform === "win32") {
+        return join(process.env.APPDATA || "", "Claude", "claude_desktop_config.json");
+    }
+    else if (platform === "darwin") {
+        return join(homedir(), "Library", "Application Support", "Claude", "claude_desktop_config.json");
+    }
+    return join(homedir(), ".config", "Claude", "claude_desktop_config.json");
+}
+function readJsonFile(path) {
+    if (!existsSync(path))
+        return {};
+    try {
+        return JSON.parse(readFileSync(path, "utf-8"));
+    }
+    catch {
+        return {};
+    }
+}
+function writeJsonFile(path, data) {
+    const dir = join(path, "..");
+    if (!existsSync(dir))
+        mkdirSync(dir, { recursive: true });
+    writeFileSync(path, JSON.stringify(data, null, 2) + "\n", "utf-8");
+}
+async function obtainDeviceToken(apiUrl, email, password) {
+    const deviceId = `mcp-${randomUUID()}`;
+    const resp = await fetch(`${apiUrl}/auth/login-device`, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({
+            email,
+            password,
+            device_id: deviceId,
+            hostname: `mcp-${hostname()}`,
+        }),
+    });
+    if (!resp.ok)
+        return null;
+    return (await resp.json());
+}
+export default async function setup() {
+    banner();
+    // 1. Collect credentials (used only once, never stored)
+    const apiUrl = await ask("URL da API do Timesheet", "https://timesheet.re9ti.com.br");
+    const email = await ask("Seu email de login");
+    const password = await ask("Sua senha");
+    if (!email || !password) {
+        console.log("\n  Email e senha sao obrigatorios.");
+        rl.close();
+        process.exit(1);
+    }
+    // 2. Exchange credentials for device token
+    console.log("\nAutenticando e obtendo token de dispositivo...");
+    let deviceTokenData = null;
+    try {
+        deviceTokenData = await obtainDeviceToken(apiUrl, email, password);
+    }
+    catch (err) {
+        console.log(`  Erro de conexao: ${err}`);
+        rl.close();
+        process.exit(1);
+    }
+    if (!deviceTokenData) {
+        console.log("  Login falhou. Verifique email e senha.");
+        rl.close();
+        process.exit(1);
+    }
+    console.log(`  Autenticado! Bem-vindo, ${deviceTokenData.user_name || email}`);
+    console.log("  Token de dispositivo obtido (90 dias, revogavel pelo admin).");
+    console.log("  Sua senha NAO sera armazenada.\n");
+    // 3. Choose target
+    console.log("Onde deseja configurar?\n");
+    console.log("  1) Claude Code (global — recomendado)");
+    console.log("  2) Claude Desktop");
+    console.log("  3) Ambos");
+    const choice = await ask("Escolha", "1");
+    // Only device token + API URL are stored — no email, no password
+    const mcpConfig = {
+        command: "npx",
+        args: ["-y", "@re9ti/timesheet-mcp"],
+        env: {
+            TIMESHEET_API_URL: apiUrl,
+            TIMESHEET_DEVICE_TOKEN: deviceTokenData.device_token,
+        },
+    };
+    const targets = [];
+    if (choice === "1" || choice === "3") {
+        const ccPath = getClaudeCodeSettingsPath();
+        const settings = readJsonFile(ccPath);
+        if (!settings.mcpServers)
+            settings.mcpServers = {};
+        settings.mcpServers["timesheet-re9ti"] = mcpConfig;
+        writeJsonFile(ccPath, settings);
+        targets.push(`Claude Code: ${ccPath}`);
+    }
+    if (choice === "2" || choice === "3") {
+        const cdPath = getClaudeDesktopConfigPath();
+        const config = readJsonFile(cdPath);
+        if (!config.mcpServers)
+            config.mcpServers = {};
+        config.mcpServers["timesheet-re9ti"] = mcpConfig;
+        writeJsonFile(cdPath, config);
+        targets.push(`Claude Desktop: ${cdPath}`);
+    }
+    // 4. Done
+    console.log("\n  Configuracao salva em:");
+    for (const t of targets) {
+        console.log(`   ${t}`);
+    }
+    console.log(`
++--------------------------------------------------+
+|  Pronto! Reinicie o Claude Code / Desktop.        |
+|                                                   |
+|  Depois, basta dizer:                             |
+|  "Lanca 2h para cliente Silva, reuniao"           |
+|  "Quantas horas trabalhei hoje?"                  |
+|  "Inicia timer para projeto X"                    |
+|                                                   |
+|  Seguranca:                                       |
+|  - Apenas o token de dispositivo foi salvo        |
+|  - Sua senha NAO esta armazenada em nenhum lugar  |
+|  - Token expira em 90 dias (re-execute o setup)   |
+|  - Admin pode revogar o token a qualquer momento  |
++--------------------------------------------------+
+`);
+    rl.close();
+}

package/package.json

@@ -0,0 +1,36 @@
+{
+  "name": "@re9ti/timesheet-mcp",
+  "version": "1.0.0",
+  "description": "MCP Server para integrar Claude com o Timesheet Inteligente RE9TI",
+  "keywords": ["mcp", "timesheet", "claude", "re9ti"],
+  "license": "MIT",
+  "author": "RE9TI <contato@re9ti.com.br>",
+  "type": "module",
+  "bin": {
+    "re9ti-timesheet-mcp": "./bin/cli.js"
+  },
+  "main": "./dist/index.js",
+  "files": [
+    "dist",
+    "bin",
+    "README.md"
+  ],
+  "scripts": {
+    "build": "tsc",
+    "dev": "tsc --watch",
+    "start": "node dist/index.js",
+    "setup": "node dist/setup.js",
+    "prepublishOnly": "npm run build"
+  },
+  "dependencies": {
+    "@modelcontextprotocol/sdk": "^1.12.0",
+    "zod": "^3.23.0"
+  },
+  "devDependencies": {
+    "@types/node": "^22.0.0",
+    "typescript": "^5.5.0"
+  },
+  "engines": {
+    "node": ">=18"
+  }
+}