@recall_v3/mcp-server 0.1.0

package/dist/config/index.js

@@ -0,0 +1,256 @@
+"use strict";
+/**
+ * Recall Configuration Management
+ *
+ * Manages the local config file at ~/.recall/config.json.
+ * Handles secure storage of API tokens and team keys.
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getConfigDir = getConfigDir;
+exports.getConfigPath = getConfigPath;
+exports.loadConfig = loadConfig;
+exports.saveConfig = saveConfig;
+exports.getApiBaseUrl = getApiBaseUrl;
+exports.getApiToken = getApiToken;
+exports.setApiToken = setApiToken;
+exports.getActiveTeamId = getActiveTeamId;
+exports.setActiveTeamId = setActiveTeamId;
+exports.setDefaultTeamId = setDefaultTeamId;
+exports.getTeamKey = getTeamKey;
+exports.setTeamKey = setTeamKey;
+exports.setUserInfo = setUserInfo;
+exports.setLastSyncAt = setLastSyncAt;
+exports.isAuthenticated = isAuthenticated;
+exports.clearAuth = clearAuth;
+exports.getExtendedConfig = getExtendedConfig;
+const fs = __importStar(require("node:fs"));
+const path = __importStar(require("node:path"));
+const os = __importStar(require("node:os"));
+// Current config file version
+const CONFIG_VERSION = 1;
+// Default API base URL (v3)
+const DEFAULT_API_BASE_URL = 'https://api-v3.recall.team';
+/**
+ * Get the path to the Recall config directory
+ */
+function getConfigDir() {
+    return path.join(os.homedir(), '.recall');
+}
+/**
+ * Get the path to the config file
+ */
+function getConfigPath() {
+    return path.join(getConfigDir(), 'config.json');
+}
+/**
+ * Ensure the config directory exists with secure permissions
+ */
+function ensureConfigDir() {
+    const configDir = getConfigDir();
+    if (!fs.existsSync(configDir)) {
+        fs.mkdirSync(configDir, { mode: 0o700, recursive: true });
+    }
+}
+/**
+ * Create a default empty config
+ */
+function createDefaultConfig() {
+    return {
+        token: '',
+        defaultTeamId: null,
+        activeTeamId: null,
+        teamKeys: {},
+        user: null,
+        lastSyncAt: null,
+        version: CONFIG_VERSION,
+    };
+}
+/**
+ * Migrate old config format to new if necessary
+ */
+function migrateConfig(config) {
+    const migrated = { ...createDefaultConfig(), ...config };
+    // Future migration logic would go here
+    // For now, just ensure version is set
+    migrated.version = CONFIG_VERSION;
+    return migrated;
+}
+/**
+ * Load configuration from disk
+ * Returns a default config if the file doesn't exist
+ */
+function loadConfig() {
+    const configPath = getConfigPath();
+    if (!fs.existsSync(configPath)) {
+        return createDefaultConfig();
+    }
+    try {
+        const raw = fs.readFileSync(configPath, 'utf-8');
+        const parsed = JSON.parse(raw);
+        // Migrate if necessary
+        if (!parsed.version || parsed.version < CONFIG_VERSION) {
+            const migrated = migrateConfig(parsed);
+            saveConfig(migrated);
+            return migrated;
+        }
+        return migrateConfig(parsed);
+    }
+    catch (error) {
+        // If config is corrupted, return default
+        console.error('Warning: Could not load Recall config, using defaults');
+        return createDefaultConfig();
+    }
+}
+/**
+ * Save configuration to disk with secure permissions (0600)
+ */
+function saveConfig(config) {
+    ensureConfigDir();
+    const current = loadConfig();
+    const merged = {
+        ...current,
+        ...config,
+        version: CONFIG_VERSION,
+    };
+    const configPath = getConfigPath();
+    const json = JSON.stringify(merged, null, 2);
+    // Write with secure permissions (0600 = owner read/write only)
+    fs.writeFileSync(configPath, json, { mode: 0o600 });
+}
+/**
+ * Get the API base URL from config or environment
+ */
+function getApiBaseUrl() {
+    // Environment variable takes precedence (for development)
+    const envUrl = process.env.RECALL_API_URL;
+    if (envUrl) {
+        return envUrl;
+    }
+    return DEFAULT_API_BASE_URL;
+}
+/**
+ * Get the API token from config or environment
+ */
+function getApiToken() {
+    // Environment variable takes precedence
+    const envToken = process.env.RECALL_API_TOKEN;
+    if (envToken) {
+        return envToken;
+    }
+    const config = loadConfig();
+    return config.token || null;
+}
+/**
+ * Store the API token securely
+ */
+function setApiToken(token) {
+    saveConfig({ token });
+}
+/**
+ * Get the active team ID
+ */
+function getActiveTeamId() {
+    const config = loadConfig();
+    return config.activeTeamId ?? config.defaultTeamId ?? null;
+}
+/**
+ * Set the active team ID for this session
+ */
+function setActiveTeamId(teamId) {
+    saveConfig({ activeTeamId: teamId });
+}
+/**
+ * Set the default team ID
+ */
+function setDefaultTeamId(teamId) {
+    saveConfig({ defaultTeamId: teamId, activeTeamId: teamId });
+}
+/**
+ * Get a cached team encryption key
+ */
+function getTeamKey(teamId) {
+    const config = loadConfig();
+    return config.teamKeys[teamId] ?? null;
+}
+/**
+ * Cache a team encryption key
+ */
+function setTeamKey(teamId, key) {
+    const config = loadConfig();
+    const teamKeys = { ...config.teamKeys, [teamId]: key };
+    saveConfig({ teamKeys });
+}
+/**
+ * Update cached user info
+ */
+function setUserInfo(user) {
+    saveConfig({ user });
+}
+/**
+ * Update last sync timestamp
+ */
+function setLastSyncAt(timestamp) {
+    saveConfig({ lastSyncAt: timestamp });
+}
+/**
+ * Check if the user is authenticated (has a token)
+ */
+function isAuthenticated() {
+    return !!getApiToken();
+}
+/**
+ * Clear all authentication data (logout)
+ */
+function clearAuth() {
+    saveConfig({
+        token: '',
+        activeTeamId: null,
+        teamKeys: {},
+        user: null,
+        lastSyncAt: null,
+    });
+}
+/**
+ * Get the full extended config
+ */
+function getExtendedConfig() {
+    const config = loadConfig();
+    return {
+        ...config,
+        apiBaseUrl: getApiBaseUrl(),
+        isAuthenticated: isAuthenticated(),
+    };
+}

package/dist/crypto/index.d.ts

@@ -0,0 +1,56 @@
+/**
+ * Recall Encryption Utilities
+ *
+ * AES-256-GCM encryption/decryption compatible with Web Crypto API.
+ * Uses Node.js crypto module for server-side operations.
+ */
+import type { EncryptedPayload } from '@recall_v3/shared';
+/**
+ * Generate a cryptographically secure random IV
+ */
+export declare function generateIV(): Uint8Array;
+/**
+ * Generate a new AES-256 encryption key
+ * Returns base64-encoded key
+ */
+export declare function generateKey(): string;
+/**
+ * Encrypt plaintext using AES-256-GCM
+ *
+ * @param plaintext - The string to encrypt
+ * @param keyBase64 - Base64-encoded 256-bit key
+ * @returns EncryptedPayload with base64-encoded ciphertext, iv, and tag
+ */
+export declare function encrypt(plaintext: string, keyBase64: string): EncryptedPayload;
+/**
+ * Decrypt an encrypted payload using AES-256-GCM
+ *
+ * @param payload - EncryptedPayload with base64-encoded values
+ * @param keyBase64 - Base64-encoded 256-bit key
+ * @returns Decrypted plaintext string
+ */
+export declare function decrypt(payload: EncryptedPayload, keyBase64: string): string;
+/**
+ * Parse an encrypted string into an EncryptedPayload
+ * The format is: base64(iv):base64(tag):base64(ciphertext)
+ * This is an alternative compact format for storage
+ */
+export declare function parseEncryptedString(encrypted: string): EncryptedPayload;
+/**
+ * Serialize an EncryptedPayload to a compact string
+ * Format: base64(iv):base64(tag):base64(ciphertext)
+ */
+export declare function serializeEncrypted(payload: EncryptedPayload): string;
+/**
+ * Check if a string looks like an encrypted payload
+ */
+export declare function isEncryptedString(str: string): boolean;
+/**
+ * Decrypt content that might be in either format (JSON or compact string)
+ */
+export declare function decryptContent(encrypted: string, keyBase64: string): string;
+/**
+ * Encrypt content and return as JSON string
+ */
+export declare function encryptContent(plaintext: string, keyBase64: string): string;
+//# sourceMappingURL=index.d.ts.map

package/dist/crypto/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/crypto/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AAO1D;;GAEG;AACH,wBAAgB,UAAU,IAAI,UAAU,CAEvC;AAED;;;GAGG;AACH,wBAAgB,WAAW,IAAI,MAAM,CAGpC;AAED;;;;;;GAMG;AACH,wBAAgB,OAAO,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,gBAAgB,CA+B9E;AAED;;;;;;GAMG;AACH,wBAAgB,OAAO,CAAC,OAAO,EAAE,gBAAgB,EAAE,SAAS,EAAE,MAAM,GAAG,MAAM,CA0C5E;AAED;;;;GAIG;AACH,wBAAgB,oBAAoB,CAAC,SAAS,EAAE,MAAM,GAAG,gBAAgB,CAWxE;AAED;;;GAGG;AACH,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,gBAAgB,GAAG,MAAM,CAEpE;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CA8BtD;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,MAAM,CAY3E;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,MAAM,CAG3E"}

package/dist/crypto/index.js

@@ -0,0 +1,224 @@
+"use strict";
+/**
+ * Recall Encryption Utilities
+ *
+ * AES-256-GCM encryption/decryption compatible with Web Crypto API.
+ * Uses Node.js crypto module for server-side operations.
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.generateIV = generateIV;
+exports.generateKey = generateKey;
+exports.encrypt = encrypt;
+exports.decrypt = decrypt;
+exports.parseEncryptedString = parseEncryptedString;
+exports.serializeEncrypted = serializeEncrypted;
+exports.isEncryptedString = isEncryptedString;
+exports.decryptContent = decryptContent;
+exports.encryptContent = encryptContent;
+const crypto = __importStar(require("node:crypto"));
+// AES-256-GCM constants
+const ALGORITHM = 'aes-256-gcm';
+const IV_LENGTH = 12; // 96 bits for GCM
+const TAG_LENGTH = 16; // 128 bits for GCM auth tag
+/**
+ * Generate a cryptographically secure random IV
+ */
+function generateIV() {
+    return crypto.randomBytes(IV_LENGTH);
+}
+/**
+ * Generate a new AES-256 encryption key
+ * Returns base64-encoded key
+ */
+function generateKey() {
+    const key = crypto.randomBytes(32); // 256 bits
+    return key.toString('base64');
+}
+/**
+ * Encrypt plaintext using AES-256-GCM
+ *
+ * @param plaintext - The string to encrypt
+ * @param keyBase64 - Base64-encoded 256-bit key
+ * @returns EncryptedPayload with base64-encoded ciphertext, iv, and tag
+ */
+function encrypt(plaintext, keyBase64) {
+    // Decode the key
+    const key = Buffer.from(keyBase64, 'base64');
+    if (key.length !== 32) {
+        throw new Error(`Invalid key length: expected 32 bytes, got ${key.length}`);
+    }
+    // Generate a random IV
+    const iv = generateIV();
+    // Create cipher
+    const cipher = crypto.createCipheriv(ALGORITHM, key, iv, {
+        authTagLength: TAG_LENGTH,
+    });
+    // Encrypt
+    const encrypted = Buffer.concat([
+        cipher.update(plaintext, 'utf8'),
+        cipher.final(),
+    ]);
+    // Get auth tag
+    const tag = cipher.getAuthTag();
+    // Return base64-encoded values
+    return {
+        ciphertext: encrypted.toString('base64'),
+        iv: Buffer.from(iv).toString('base64'),
+        tag: tag.toString('base64'),
+    };
+}
+/**
+ * Decrypt an encrypted payload using AES-256-GCM
+ *
+ * @param payload - EncryptedPayload with base64-encoded values
+ * @param keyBase64 - Base64-encoded 256-bit key
+ * @returns Decrypted plaintext string
+ */
+function decrypt(payload, keyBase64) {
+    // Decode all components
+    const key = Buffer.from(keyBase64, 'base64');
+    const iv = Buffer.from(payload.iv, 'base64');
+    const ciphertext = Buffer.from(payload.ciphertext, 'base64');
+    const tag = Buffer.from(payload.tag, 'base64');
+    if (key.length !== 32) {
+        throw new Error(`Invalid key length: expected 32 bytes, got ${key.length}`);
+    }
+    if (iv.length !== IV_LENGTH) {
+        throw new Error(`Invalid IV length: expected ${IV_LENGTH} bytes, got ${iv.length}`);
+    }
+    if (tag.length !== TAG_LENGTH) {
+        throw new Error(`Invalid tag length: expected ${TAG_LENGTH} bytes, got ${tag.length}`);
+    }
+    // Create decipher
+    const decipher = crypto.createDecipheriv(ALGORITHM, key, iv, {
+        authTagLength: TAG_LENGTH,
+    });
+    // Set auth tag
+    decipher.setAuthTag(tag);
+    // Decrypt
+    try {
+        const decrypted = Buffer.concat([
+            decipher.update(ciphertext),
+            decipher.final(),
+        ]);
+        return decrypted.toString('utf8');
+    }
+    catch (error) {
+        // GCM authentication failure
+        if (error instanceof Error && error.message.includes('Unsupported state')) {
+            throw new Error('Decryption failed: authentication tag mismatch');
+        }
+        throw error;
+    }
+}
+/**
+ * Parse an encrypted string into an EncryptedPayload
+ * The format is: base64(iv):base64(tag):base64(ciphertext)
+ * This is an alternative compact format for storage
+ */
+function parseEncryptedString(encrypted) {
+    const parts = encrypted.split(':');
+    if (parts.length !== 3) {
+        throw new Error('Invalid encrypted string format');
+    }
+    return {
+        iv: parts[0],
+        tag: parts[1],
+        ciphertext: parts[2],
+    };
+}
+/**
+ * Serialize an EncryptedPayload to a compact string
+ * Format: base64(iv):base64(tag):base64(ciphertext)
+ */
+function serializeEncrypted(payload) {
+    return `${payload.iv}:${payload.tag}:${payload.ciphertext}`;
+}
+/**
+ * Check if a string looks like an encrypted payload
+ */
+function isEncryptedString(str) {
+    // Check for compact format (iv:tag:ciphertext)
+    if (str.includes(':')) {
+        const parts = str.split(':');
+        if (parts.length === 3) {
+            // Each part should be valid base64
+            return parts.every(part => {
+                try {
+                    Buffer.from(part, 'base64');
+                    return true;
+                }
+                catch {
+                    return false;
+                }
+            });
+        }
+    }
+    // Check for JSON format
+    try {
+        const parsed = JSON.parse(str);
+        return (typeof parsed === 'object' &&
+            parsed !== null &&
+            'ciphertext' in parsed &&
+            'iv' in parsed &&
+            'tag' in parsed);
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * Decrypt content that might be in either format (JSON or compact string)
+ */
+function decryptContent(encrypted, keyBase64) {
+    let payload;
+    // Try JSON format first
+    try {
+        payload = JSON.parse(encrypted);
+    }
+    catch {
+        // Try compact string format
+        payload = parseEncryptedString(encrypted);
+    }
+    return decrypt(payload, keyBase64);
+}
+/**
+ * Encrypt content and return as JSON string
+ */
+function encryptContent(plaintext, keyBase64) {
+    const payload = encrypt(plaintext, keyBase64);
+    return JSON.stringify(payload);
+}

package/dist/index.d.ts

@@ -0,0 +1,10 @@
+#!/usr/bin/env node
+/**
+ * Recall MCP Server v3
+ * Local MCP server for AI coding assistants
+ *
+ * This package provides the local MCP server that connects
+ * to the Recall API for team memory synchronization.
+ */
+export {};
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAEA;;;;;;GAMG"}