@spacelr/mcp 0.0.4 → 0.0.5

package/dist/index.mjs

@@ -76,13 +76,13 @@ async function refreshToken(credentials) {
     clearTimeout(timer);
   }
 }
-async function resolveAuthToken() {
+async function resolveAuthToken(forceRefresh = false) {
   const envToken = process.env["SPACELR_AUTH_TOKEN"];
   if (envToken) return envToken;
   const credentials = readStoredCredentials();
   if (!credentials) return null;
   const isExpired = Date.now() >= credentials.expiresAt - 6e4;
-  if (!isExpired) return credentials.accessToken;
+  if (!forceRefresh && !isExpired) return credentials.accessToken;
   return refreshToken(credentials);
 }
 function warnIfInsecureUrl(url) {
@@ -119,6 +119,14 @@ function resolveApiUrl(credentials) {
   console.error(`Warning: No API URL configured, using default: ${defaultUrl}`);
   return defaultUrl;
 }
+function resolveApiBaseUrl() {
+  try {
+    const credentials = readStoredCredentials();
+    return resolveApiUrl(credentials);
+  } catch {
+    return null;
+  }
+}
 async function loadConfig() {
   const credentials = readStoredCredentials();
   const authToken = await resolveAuthToken();
@@ -175,9 +183,9 @@ var ApiClient = class {
   async delete(path2, opts) {
     return this.requestWithRetry("DELETE", path2, opts);
   }
-  async refreshAuthToken() {
+  async refreshAuthToken(force = false) {
     if (!this.refreshPromise) {
-      this.refreshPromise = resolveAuthToken().finally(() => {
+      this.refreshPromise = resolveAuthToken(force).finally(() => {
         this.refreshPromise = null;
       });
     }
@@ -189,7 +197,14 @@ var ApiClient = class {
     } catch (error) {
       if (error instanceof ApiError && error.status === 401) {
         const currentToken = this.headers["Authorization"];
-        const newToken = await this.refreshAuthToken();
+        let newToken = await this.refreshAuthToken();
+        const newBaseUrl = resolveApiBaseUrl();
+        if (newBaseUrl && newBaseUrl !== this.baseUrl) {
+          this.baseUrl = newBaseUrl;
+        }
+        if (newToken && `Bearer ${newToken}` === currentToken) {
+          newToken = await resolveAuthToken(true);
+        }
         if (newToken && `Bearer ${newToken}` !== currentToken) {
           this.headers["Authorization"] = `Bearer ${newToken}`;
           return this.request(method, path2, opts);
@@ -2282,6 +2297,64 @@ function registerFunctionTools(server, api) {
       }
     }
   );
+  server.registerTool(
+    "functions_get_env_vars",
+    {
+      description: "Get environment variables for a function (decrypted). Use these to store API keys and secrets.",
+      inputSchema: {
+        projectId: z7.string(),
+        functionId: z7.string()
+      }
+    },
+    async ({ projectId, functionId }) => {
+      try {
+        const result = await api.get(
+          `/projects/${encodeURIComponent(projectId)}/functions/${encodeURIComponent(functionId)}/env`
+        );
+        return {
+          content: [{ type: "text", text: JSON.stringify(result, null, 2) }]
+        };
+      } catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        return {
+          content: [{ type: "text", text: `Failed to get env vars: ${message}` }],
+          isError: true
+        };
+      }
+    }
+  );
+  server.registerTool(
+    "functions_set_env_vars",
+    {
+      description: "Set environment variables for a function. Merges with existing vars. Values are encrypted at rest.",
+      inputSchema: {
+        projectId: z7.string(),
+        functionId: z7.string(),
+        variables: z7.record(z7.string(), z7.string())
+      }
+    },
+    async ({ projectId, functionId, variables }) => {
+      try {
+        const existing = await api.get(
+          `/projects/${encodeURIComponent(projectId)}/functions/${encodeURIComponent(functionId)}/env`
+        );
+        const merged = { ...existing, ...variables };
+        await api.patch(
+          `/projects/${encodeURIComponent(projectId)}/functions/${encodeURIComponent(functionId)}`,
+          { body: { environmentVariables: merged } }
+        );
+        return {
+          content: [{ type: "text", text: JSON.stringify({ success: true, keys: Object.keys(merged) }, null, 2) }]
+        };
+      } catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        return {
+          content: [{ type: "text", text: `Failed to set env vars: ${message}` }],
+          isError: true
+        };
+      }
+    }
+  );
   server.registerTool(
     "functions_kv_list",
     {
@@ -2310,6 +2383,178 @@ function registerFunctionTools(server, api) {
   );
 }
 
+// libs/mcp-server/src/tools/emailTemplates.ts
+import { z as z8 } from "zod";
+function registerEmailTemplateTools(server, api) {
+  server.registerTool(
+    "email_templates_list",
+    {
+      description: "List all email templates for a project (includes system defaults)",
+      inputSchema: {
+        projectId: z8.string()
+      }
+    },
+    async ({ projectId }) => {
+      try {
+        const result = await api.get(`/projects/${encodeURIComponent(projectId)}/email-templates`);
+        return {
+          content: [{ type: "text", text: JSON.stringify(result, null, 2) }]
+        };
+      } catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        return {
+          content: [{ type: "text", text: `Failed to list email templates: ${message}` }],
+          isError: true
+        };
+      }
+    }
+  );
+  server.registerTool(
+    "email_templates_get",
+    {
+      description: "Get a single email template by ID",
+      inputSchema: {
+        id: z8.string()
+      }
+    },
+    async ({ id }) => {
+      try {
+        const result = await api.get(`/email-templates/${encodeURIComponent(id)}`);
+        return {
+          content: [{ type: "text", text: JSON.stringify(result, null, 2) }]
+        };
+      } catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        return {
+          content: [{ type: "text", text: `Failed to get email template: ${message}` }],
+          isError: true
+        };
+      }
+    }
+  );
+  server.registerTool(
+    "email_templates_create",
+    {
+      description: 'Create a new project-specific email template. The type identifies the template purpose (e.g. "verify-email", "welcome", "invoice").',
+      inputSchema: {
+        projectId: z8.string(),
+        type: z8.string(),
+        name: z8.string(),
+        subject: z8.string(),
+        mjmlSource: z8.string(),
+        variables: z8.array(z8.string()).optional(),
+        isActive: z8.boolean().optional()
+      }
+    },
+    async ({ projectId, type, name, subject, mjmlSource, variables, isActive }) => {
+      try {
+        const body = { projectId, type, name, subject, mjmlSource };
+        if (variables !== void 0) body.variables = variables;
+        if (isActive !== void 0) body.isActive = isActive;
+        const result = await api.post(`/projects/${encodeURIComponent(projectId)}/email-templates`, { body });
+        return {
+          content: [{ type: "text", text: JSON.stringify(result, null, 2) }]
+        };
+      } catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        return {
+          content: [{ type: "text", text: `Failed to create email template: ${message}` }],
+          isError: true
+        };
+      }
+    }
+  );
+  server.registerTool(
+    "email_templates_update",
+    {
+      description: "Update an existing email template",
+      inputSchema: {
+        id: z8.string(),
+        name: z8.string().optional(),
+        subject: z8.string().optional(),
+        mjmlSource: z8.string().optional(),
+        variables: z8.array(z8.string()).optional(),
+        isActive: z8.boolean().optional()
+      }
+    },
+    async ({ id, name, subject, mjmlSource, variables, isActive }) => {
+      try {
+        const body = {};
+        if (name !== void 0) body.name = name;
+        if (subject !== void 0) body.subject = subject;
+        if (mjmlSource !== void 0) body.mjmlSource = mjmlSource;
+        if (variables !== void 0) body.variables = variables;
+        if (isActive !== void 0) body.isActive = isActive;
+        if (Object.keys(body).length === 0) {
+          return {
+            content: [{ type: "text", text: "At least one field must be provided" }],
+            isError: true
+          };
+        }
+        const result = await api.patch(`/email-templates/${encodeURIComponent(id)}`, { body });
+        return {
+          content: [{ type: "text", text: JSON.stringify(result, null, 2) }]
+        };
+      } catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        return {
+          content: [{ type: "text", text: `Failed to update email template: ${message}` }],
+          isError: true
+        };
+      }
+    }
+  );
+  server.registerTool(
+    "email_templates_delete",
+    {
+      description: "Delete an email template. System default templates cannot be deleted.",
+      inputSchema: {
+        id: z8.string()
+      }
+    },
+    async ({ id }) => {
+      try {
+        const result = await api.delete(`/email-templates/${encodeURIComponent(id)}`);
+        return {
+          content: [{ type: "text", text: result ? JSON.stringify(result, null, 2) : "Email template deleted" }]
+        };
+      } catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        return {
+          content: [{ type: "text", text: `Failed to delete email template: ${message}` }],
+          isError: true
+        };
+      }
+    }
+  );
+  server.registerTool(
+    "email_templates_preview",
+    {
+      description: "Preview a compiled email template. Renders MJML to HTML and applies Handlebars variables.",
+      inputSchema: {
+        mjmlSource: z8.string(),
+        variables: z8.record(z8.string(), z8.unknown()).optional()
+      }
+    },
+    async ({ mjmlSource, variables }) => {
+      try {
+        const body = { mjmlSource };
+        if (variables !== void 0) body.variables = variables;
+        const result = await api.post("/email-templates/preview", { body });
+        return {
+          content: [{ type: "text", text: JSON.stringify(result, null, 2) }]
+        };
+      } catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        return {
+          content: [{ type: "text", text: `Failed to preview email template: ${message}` }],
+          isError: true
+        };
+      }
+    }
+  );
+}
+
 // libs/mcp-server/src/tools/index.ts
 function registerAllTools(server, api) {
   registerAuthTools(server, api);
@@ -2319,10 +2564,11 @@ function registerAllTools(server, api) {
   registerHostingTools(server, api);
   registerStorageTools(server, api);
   registerFunctionTools(server, api);
+  registerEmailTemplateTools(server, api);
 }
 
 // libs/mcp-server/src/prompts/database.ts
-import { z as z8 } from "zod";
+import { z as z9 } from "zod";
 function registerDatabasePrompts(server) {
   server.registerPrompt(
     "setup-collection",
@@ -2330,9 +2576,9 @@ function registerDatabasePrompts(server) {
       title: "Setup Database Collection",
       description: "Guide for creating a new database collection with proper security rules. Collections MUST have rules defined before data can be inserted.",
       argsSchema: {
-        projectId: z8.string().describe("Project ID"),
-        collectionName: z8.string().describe("Name of the collection to create"),
-        access: z8.enum(["public-read", "authenticated", "admin-only"]).optional().describe("Access level (default: admin-only)")
+        projectId: z9.string().describe("Project ID"),
+        collectionName: z9.string().describe("Name of the collection to create"),
+        access: z9.enum(["public-read", "authenticated", "admin-only"]).optional().describe("Access level (default: admin-only)")
       }
     },
     async ({ projectId, collectionName, access }) => {
@@ -2397,7 +2643,7 @@ function registerDatabasePrompts(server) {
       title: "Database Workflow Guide",
       description: "Explains how the Spacelr database system works: rules-first approach, collection lifecycle, and security model.",
       argsSchema: {
-        projectId: z8.string().describe("Project ID")
+        projectId: z9.string().describe("Project ID")
       }
     },
     async ({ projectId }) => {
@@ -2446,7 +2692,7 @@ function registerDatabasePrompts(server) {
 }
 
 // libs/mcp-server/src/prompts/functions.ts
-import { z as z9 } from "zod";
+import { z as z10 } from "zod";
 function registerFunctionPrompts(server) {
   server.registerPrompt(
     "deploy-function",
@@ -2454,9 +2700,9 @@ function registerFunctionPrompts(server) {
       title: "Deploy a Serverless Function",
       description: "Step-by-step guide for creating, deploying, and testing a serverless function. Covers the full lifecycle from creation to execution.",
       argsSchema: {
-        projectId: z9.string().describe("Project ID"),
-        name: z9.string().describe("Function name"),
-        useCase: z9.string().optional().describe('What the function should do (e.g. "fetch data from API and store in DB")')
+        projectId: z10.string().describe("Project ID"),
+        name: z10.string().describe("Function name"),
+        useCase: z10.string().optional().describe('What the function should do (e.g. "fetch data from API and store in DB")')
       }
     },
     async ({ projectId, name, useCase }) => {
@@ -2484,10 +2730,12 @@ function registerFunctionPrompts(server) {
                 "   - await fetch(url, options) \u2014 HTTP client (10s timeout, 5MB limit)",
                 "     Response: { status, headers, body } where body is a STRING",
                 "     Use JSON.parse(response.body) for JSON APIs",
-                "   - env.get(key) \u2014 read environment variables",
+                "   - env.get(key) \u2014 read environment variables (API keys, secrets \u2014 set via Console UI or CLI)",
                 "   - await kv.get/set/delete/list() \u2014 Redis KV store (256KB values, 1000 keys)",
                 "   - await spacelr.db.collection(name).find/insertOne/insertMany()",
                 "   - await spacelr.storage.list/getInfo/getDownloadUrl()",
+                "   - await spacelr.email.send/sendRaw() \u2014 send template or raw emails",
+                "   - await spacelr.notifications.send/sendMany() \u2014 push notifications",
                 "",
                 "   IMPORTANT: Top-level await is supported. No imports/require available.",
                 "",
@@ -2557,9 +2805,12 @@ function registerFunctionPrompts(server) {
                 "  NOTE: body is always a string \u2014 use JSON.parse(response.body) for JSON",
                 "  Limits: 10s timeout, 5MB response, no private/internal URLs (SSRF blocked)",
                 "",
-                "\u2550\u2550\u2550 ENV \u2550\u2550\u2550",
+                "\u2550\u2550\u2550 ENV (Environment Variables) \u2550\u2550\u2550",
                 "env.get(key) \u2192 string | undefined",
                 "Read-only access to function environment variables.",
+                "Use env vars to store API keys, secrets, and configuration \u2014 never hardcode them in function code.",
+                "Set via Console UI (Function Detail \u2192 Environment Variables) or CLI (spacelr functions env set).",
+                "Values are encrypted at rest and only decrypted when the function executes.",
                 "",
                 "\u2550\u2550\u2550 KV STORE \u2550\u2550\u2550",
                 "await kv.get(key) \u2192 string | null",
@@ -2582,6 +2833,24 @@ function registerFunctionPrompts(server) {
                 "await spacelr.storage.getDownloadUrl(fileId) \u2192 string",
                 "Scoped to the function's project.",
                 "",
+                "\u2550\u2550\u2550 EMAIL \u2550\u2550\u2550",
+                "await spacelr.email.send({ to, template, variables })",
+                "  Sends a template-based email using project templates (MJML + Handlebars).",
+                "  template: template name (must exist in the project)",
+                "  variables: Record<string, string> of template variables",
+                "  Returns: { messageId }",
+                "await spacelr.email.sendRaw({ to, subject, html })",
+                "  Sends a raw HTML email directly. Max 500KB HTML.",
+                "  Returns: { messageId }",
+                "Rate limit: 100 emails/hour per project (configurable via FUNCTION_EMAIL_HOURLY_LIMIT).",
+                "",
+                "\u2550\u2550\u2550 NOTIFICATIONS \u2550\u2550\u2550",
+                "await spacelr.notifications.send({ userId, title, body, data? })",
+                "  Sends a push notification to a specific user in the project.",
+                "await spacelr.notifications.sendMany({ userIds, title, body, data? })",
+                "  Sends to multiple users. Deduplicates userIds automatically.",
+                "Rate limit: 500 notifications/hour per project (configurable via FUNCTION_NOTIFICATION_HOURLY_LIMIT). Scoped to the function's project.",
+                "",
                 "\u2550\u2550\u2550 RESOURCE LIMITS \u2550\u2550\u2550",
                 "Execution timeout: 30s default, 120s max",
                 "Memory: 128MB default, 512MB max",