@roadmapperai/mcp 0.1.0 → 0.3.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@roadmapperai/mcp",
-  "version": "0.1.0",
+  "version": "0.3.0",
   "description": "Roadmapper AI MCP server — exposes a planning surface (themes, capabilities, tasks, sprints, PRs) to coding agents via stdio JSON-RPC. Pairs with the Roadmapper AI workspace at dashboard.roadmapperai.com.",
   "keywords": [
     "mcp",

package/server.mjs

@@ -111,6 +111,47 @@ function readAgentsMd() {
   }
 }
 
+/**
+ * Fetch a workspace-scoped rubric override via the mcp-broker.
+ *
+ * Returns the workspace's custom rubric content if they've authored
+ * one in the dashboard's Settings → Workspace customization tab,
+ * null if the workspace is on the default, or null on any error
+ * (we fall back to the bundled AGENTS.md rather than refuse to
+ * serve get_agents_md).
+ *
+ * Only called when ROADMAPPER_API_KEY is set — i.e. the customer
+ * install path. Operator path (SUPABASE_SERVICE_ROLE_KEY) skips
+ * this and always serves the bundled rubric.
+ */
+async function fetchWorkspaceRubric() {
+  const { apiKey, brokerUrl } = supabaseConfig();
+  if (!apiKey || !brokerUrl) return null;
+  try {
+    const res = await fetch(brokerUrl, {
+      method: "POST",
+      headers: {
+        Authorization: `Bearer ${apiKey}`,
+        "content-type": "application/json",
+        Accept: "application/json",
+      },
+      body: JSON.stringify({ rpc: "get_workspace_rubric", body: {} }),
+    });
+    if (!res.ok) return null;
+    const parsed = await res.json();
+    if (typeof parsed === "string" && parsed.length > 0) return parsed;
+    return null;
+  } catch {
+    return null;
+  }
+}
+
+async function readAgentsMdForWorkspace() {
+  const custom = await fetchWorkspaceRubric();
+  if (custom) return custom;
+  return readAgentsMd();
+}
+
 /**
  * The read key used to fetch the workspace row. Accepts the new
  * publishable key (`sb_publishable_…`) or the legacy `anon`/JWT key.
@@ -129,6 +170,18 @@ function supabaseConfig() {
     readKey: readKey(),
     writeKey: process.env.SUPABASE_SERVICE_ROLE_KEY || null,
     workspaceId: process.env.SUPABASE_WORKSPACE_ID || null,
+    // ROADMAPPER_API_KEY is the customer-facing path: a per-workspace
+    // token (rmpr_…) minted from the dashboard. When set, write tools
+    // route through the mcp-broker Edge Function instead of needing
+    // a service-role key on the customer's machine. The broker URL
+    // defaults to the public Supabase project's edge endpoint but is
+    // overridable for self-hosted deployments / staging.
+    apiKey: process.env.ROADMAPPER_API_KEY || null,
+    brokerUrl:
+      process.env.ROADMAPPER_BROKER_URL ||
+      (process.env.SUPABASE_URL
+        ? `${process.env.SUPABASE_URL.replace(/\/$/, "")}/functions/v1/mcp-broker`
+        : null),
   };
 }
 
@@ -350,12 +403,46 @@ function stripUndefined(o) {
  * function bodies.
  */
 async function rpcCall(fn, body) {
-  const { url, writeKey } = supabaseConfig();
+  const { url, writeKey, apiKey, brokerUrl } = supabaseConfig();
   // body must already carry p_workspace_id — the per-tool resolver
   // injects it before calling rpcCall so the override path works.
-  if (!url || !writeKey || !body?.p_workspace_id) {
+  if (!url || !body?.p_workspace_id) {
     throw new Error(
-      "Write tools require SUPABASE_URL + SUPABASE_SERVICE_ROLE_KEY in env and a resolvable workspaceId (either SUPABASE_WORKSPACE_ID env or workspaceId arg)."
+      "Write tools require SUPABASE_URL in env and a resolvable workspaceId (either SUPABASE_WORKSPACE_ID env or workspaceId arg)."
+    );
+  }
+
+  // Customer path: ROADMAPPER_API_KEY routes through the mcp-broker
+  // Edge Function, which validates the key, hashes it against
+  // workspace_api_keys, and performs the RPC with service-role
+  // credentials never leaving the server side. This is what the
+  // published @roadmapperai/mcp package uses; customers' machines
+  // never see SUPABASE_SERVICE_ROLE_KEY.
+  if (apiKey && brokerUrl) {
+    const res = await fetch(brokerUrl, {
+      method: "POST",
+      headers: {
+        Authorization: `Bearer ${apiKey}`,
+        "content-type": "application/json",
+        Accept: "application/json",
+      },
+      body: JSON.stringify({ rpc: fn, body }),
+    });
+    if (!res.ok) {
+      const txt = await res.text();
+      throw new Error(
+        `mcp-broker rejected ${fn}: ${res.status} ${txt.slice(0, 300)}`
+      );
+    }
+    return res.json();
+  }
+
+  // Operator / dev path: SUPABASE_SERVICE_ROLE_KEY in env — bypasses
+  // RLS and the broker. Used in CI and the maintainer's local
+  // workspace; not what customers should ever configure.
+  if (!writeKey) {
+    throw new Error(
+      "Write tools require either ROADMAPPER_API_KEY (customer path) or SUPABASE_SERVICE_ROLE_KEY (operator path)."
     );
   }
   const res = await fetch(`${url}/rest/v1/rpc/${fn}`, {
@@ -1605,7 +1692,11 @@ async function callTool(name, args) {
       const fresh = session.rubricFetchedAt === null;
       session.rubricFetchedAt = Date.now();
       if (fresh) recordTelemetry("rubric_fetched", { via: "tool" }, wsId);
-      return textResult(readAgentsMd(), {
+      // Customer path (ROADMAPPER_API_KEY set): ask the broker for
+      // a workspace-scoped rubric. Falls back to the bundled
+      // AGENTS.md when the workspace hasn't customized one.
+      const rubric = await readAgentsMdForWorkspace();
+      return textResult(rubric, {
         _meta: {
           roadmapper: {
             reminder:
@@ -2819,7 +2910,14 @@ async function readResource(uri) {
     }
     return {
       contents: [
-        { uri, mimeType: "text/markdown", text: readAgentsMd() },
+        {
+          uri,
+          mimeType: "text/markdown",
+          // Resource handler is also async, so the workspace
+          // rubric override applies here too — same fallback chain
+          // as the get_agents_md tool.
+          text: await readAgentsMdForWorkspace(),
+        },
       ],
     };
   }