npm - @studiometa/productive-mcp - Versions diffs - 0.3.0 → 0.4.5 - Mend

@studiometa/productive-mcp 0.3.0 → 0.4.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (23) hide show

package/README.md +58 -17
package/dist/crypto.d.ts +58 -0
package/dist/crypto.d.ts.map +1 -0
package/dist/crypto.js +73 -0
package/dist/crypto.js.map +1 -0
package/dist/http.d.ts.map +1 -1
package/dist/http.js +9 -2
package/dist/http.js.map +1 -1
package/dist/index.d.ts.map +1 -1
package/dist/index.js +2 -1
package/dist/index.js.map +1 -1
package/dist/oauth.d.ts +95 -0
package/dist/oauth.d.ts.map +1 -0
package/dist/oauth.js +492 -0
package/dist/oauth.js.map +1 -0
package/dist/server.d.ts.map +1 -1
package/dist/server.js +19 -5
package/dist/server.js.map +1 -1
package/dist/version-3wN4XBZL.js +5 -0
package/dist/version-3wN4XBZL.js.map +1 -0
package/dist/version.d.ts +2 -0
package/dist/version.d.ts.map +1 -0
package/package.json +10 -2

package/README.md CHANGED Viewed

@@ -10,6 +10,7 @@ MCP (Model Context Protocol) server for [Productive.io](https://productive.io) A
 - ✅ Full Productive.io API access via MCP
 - 🔧 Support for projects, tasks, time entries, services, and people
 - 🔐 Two modes: local (stdio) and remote (HTTP)
+- 🔑 **OAuth 2.0 support** for Claude Desktop custom connectors
 - 🌐 Deploy once, share with your team via Claude Desktop custom connectors
 - 🐳 Docker-ready for easy deployment
 - 📦 Built on [@studiometa/productive-cli](../productive-cli)
@@ -83,9 +84,14 @@ Deploy once, share with your entire team via Claude Desktop's **custom connector
 ### How It Works
+The server supports **OAuth 2.0** for seamless Claude Desktop integration:
 1. Deploy the HTTP server to a URL (e.g., `https://productive.mcp.example.com`)
-2. Each team member generates their own Bearer token with their Productive credentials
-3. Team members add the custom connector in Claude Desktop with their personal token
+2. Add the custom connector in Claude Desktop with OAuth enabled
+3. When connecting, users are presented with a login form to enter their Productive credentials
+4. Credentials are securely encrypted and exchanged via OAuth tokens
+No central credential storage required - each user's credentials are encrypted directly in their OAuth token.
 ### Deploy the Server
@@ -128,22 +134,21 @@ services:
     environment:
       PORT: 3000
       HOST: 0.0.0.0
+      OAUTH_SECRET: "your-random-secret-here"  # Required for production!
 ```
-### Generate Your Token
+### Environment Variables
-Each team member generates their own token containing their Productive credentials:
-```bash
-# Format: base64(organizationId:apiToken:userId)
-echo -n "YOUR_ORG_ID:YOUR_API_TOKEN:YOUR_USER_ID" | base64
-```
+| Variable | Required | Description |
+|----------|----------|-------------|
+| `PORT` | No | Server port (default: 3000) |
+| `HOST` | No | Bind address (default: 0.0.0.0) |
+| `OAUTH_SECRET` | **Yes (production)** | Secret key for encrypting OAuth tokens |
-Example:
-```bash
-echo -n "12345:pk_abc123xyz:67890" | base64
-# Output: MTIzNDU6cGtfYWJjMTIzeHl6OjY3ODkw
-```
+> ⚠️ **Important**: Always set `OAUTH_SECRET` in production. Generate a random secret:
+> ```bash
+> openssl rand -base64 32
+> ```
 ### Configure Claude Desktop Custom Connector
@@ -153,10 +158,25 @@ echo -n "12345:pk_abc123xyz:67890" | base64
 4. Configure:
    - **Name**: `Productive`
    - **Remote MCP server URL**: `https://productive.mcp.example.com/mcp`
-   - Leave OAuth fields empty (we use Bearer token)
-5. When making requests, Claude will include your token in the `Authorization` header
+   - **Authorization URL**: `https://productive.mcp.example.com/authorize`
+   - **Token URL**: `https://productive.mcp.example.com/token`
+5. Claude will redirect you to a login form to enter your Productive credentials
+6. After login, you're connected and can start using Productive tools
+### Alternative: Manual Bearer Token
+If you prefer not to use OAuth, you can generate a Bearer token manually:
-> **Note**: As of now, Claude Desktop custom connectors may require OAuth. If Bearer token auth isn't supported directly, you can use a reverse proxy to inject the Authorization header, or wait for Claude Desktop to support custom headers.
+```bash
+# Format: base64(organizationId:apiToken:userId)
+echo -n "YOUR_ORG_ID:YOUR_API_TOKEN:YOUR_USER_ID" | base64
+```
+Example:
+```bash
+echo -n "12345:pk_abc123xyz:67890" | base64
+# Output: MTIzNDU6cGtfYWJjMTIzeHl6OjY3ODkw
+```
 ### Server Endpoints
@@ -165,6 +185,10 @@ echo -n "12345:pk_abc123xyz:67890" | base64
 | `/mcp` | POST | MCP JSON-RPC endpoint |
 | `/health` | GET | Health check |
 | `/` | GET | Server info |
+| `/authorize` | GET | OAuth authorization (login form) |
+| `/authorize` | POST | OAuth authorization (process login) |
+| `/token` | POST | OAuth token exchange |
+| `/.well-known/oauth-authorization-server` | GET | OAuth metadata |
 ---
@@ -326,6 +350,9 @@ productive-mcp/
 ├── src/
 │   ├── index.ts      # Stdio transport (local mode)
 │   ├── server.ts     # HTTP transport (remote mode)
+│   ├── http.ts       # HTTP routes and MCP endpoint
+│   ├── oauth.ts      # OAuth 2.0 endpoints
+│   ├── crypto.ts     # Encryption for stateless OAuth tokens
 │   ├── tools.ts      # Tool definitions (shared)
 │   ├── handlers.ts   # Tool execution (shared)
 │   └── auth.ts       # Bearer token parsing
@@ -333,6 +360,20 @@ productive-mcp/
 └── README.md
 ```
+### OAuth Flow (Stateless)
+The OAuth implementation is **stateless** - no database or session storage required:
+1. User visits `/authorize` → sees login form
+2. User enters Productive credentials (org ID, API token, user ID)
+3. Server encrypts credentials into the authorization code using `OAUTH_SECRET`
+4. Redirects back to Claude with the encrypted code
+5. Claude calls `/token` with the code
+6. Server decrypts the code → returns access token (base64 credentials)
+7. All MCP requests include this token in the `Authorization: Bearer` header
+This approach keeps the server stateless while securely passing credentials through the OAuth flow.
 ## Related Packages
 - [@studiometa/productive-cli](../productive-cli) - CLI tool for Productive.io

package/dist/crypto.d.ts ADDED Viewed

@@ -0,0 +1,58 @@
+/**
+ * Cryptographic utilities for stateless OAuth tokens
+ *
+ * Uses AES-256-GCM for authenticated encryption.
+ * The authorization code contains encrypted credentials that can be
+ * decrypted without server-side storage.
+ */
+/**
+ * Get the encryption secret from environment or generate a default
+ * In production, OAUTH_SECRET should always be set
+ */
+export declare function getSecret(): string;
+/**
+ * Encrypt data using AES-256-GCM
+ *
+ * Output format: base64(salt + iv + authTag + ciphertext)
+ *
+ * @param plaintext - Data to encrypt
+ * @param secret - Encryption secret (defaults to OAUTH_SECRET env var)
+ * @returns Base64-encoded encrypted data
+ */
+export declare function encrypt(plaintext: string, secret?: string): string;
+/**
+ * Decrypt data encrypted with encrypt()
+ *
+ * @param ciphertext - Base64-encoded encrypted data
+ * @param secret - Encryption secret (defaults to OAUTH_SECRET env var)
+ * @returns Decrypted plaintext
+ * @throws Error if decryption fails (invalid data or wrong secret)
+ */
+export declare function decrypt(ciphertext: string, secret?: string): string;
+/**
+ * Authorization code payload structure
+ */
+export interface AuthCodePayload {
+    orgId: string;
+    apiToken: string;
+    userId?: string;
+    codeChallenge?: string;
+    codeChallengeMethod?: string;
+}
+/**
+ * Create an encrypted authorization code containing credentials and PKCE challenge
+ *
+ * @param credentials - Object with orgId, apiToken, userId, and optional PKCE params
+ * @param expiresInSeconds - Code expiration time (default: 5 minutes)
+ * @returns Encrypted authorization code
+ */
+export declare function createAuthCode(credentials: AuthCodePayload, expiresInSeconds?: number): string;
+/**
+ * Decode and validate an authorization code
+ *
+ * @param code - Encrypted authorization code
+ * @returns Decoded payload with credentials and PKCE challenge
+ * @throws Error if code is invalid or expired
+ */
+export declare function decodeAuthCode(code: string): AuthCodePayload;
+//# sourceMappingURL=crypto.d.ts.map

package/dist/crypto.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"crypto.d.ts","sourceRoot":"","sources":["../src/crypto.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAgBH;;;GAGG;AACH,wBAAgB,SAAS,IAAI,MAAM,CASlC;AAED;;;;;;;;GAQG;AACH,wBAAgB,OAAO,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,GAAE,MAAoB,GAAG,MAAM,CAa/E;AAED;;;;;;;GAOG;AACH,wBAAgB,OAAO,CAAC,UAAU,EAAE,MAAM,EAAE,MAAM,GAAE,MAAoB,GAAG,MAAM,CAwBhF;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,mBAAmB,CAAC,EAAE,MAAM,CAAC;CAC9B;AAED;;;;;;GAMG;AACH,wBAAgB,cAAc,CAC5B,WAAW,EAAE,eAAe,EAC5B,gBAAgB,GAAE,MAAY,GAC7B,MAAM,CAMR;AAED;;;;;;GAMG;AACH,wBAAgB,cAAc,CAAC,IAAI,EAAE,MAAM,GAAG,eAAe,CAc5D"}

package/dist/crypto.js ADDED Viewed

@@ -0,0 +1,73 @@
+import { randomBytes, createCipheriv, createDecipheriv, scryptSync } from "node:crypto";
+const ALGORITHM = "aes-256-gcm";
+const IV_LENGTH = 12;
+const AUTH_TAG_LENGTH = 16;
+const SALT_LENGTH = 16;
+function deriveKey(password, salt) {
+  return scryptSync(password, salt, 32);
+}
+function getSecret() {
+  const secret = process.env.OAUTH_SECRET;
+  if (!secret) {
+    console.warn(
+      "WARNING: OAUTH_SECRET not set. Using default secret. Set OAUTH_SECRET in production!"
+    );
+    return "productive-mcp-default-secret-change-me";
+  }
+  return secret;
+}
+function encrypt(plaintext, secret = getSecret()) {
+  const salt = randomBytes(SALT_LENGTH);
+  const key = deriveKey(secret, salt);
+  const iv = randomBytes(IV_LENGTH);
+  const cipher = createCipheriv(ALGORITHM, key, iv);
+  const encrypted = Buffer.concat([cipher.update(plaintext, "utf8"), cipher.final()]);
+  const authTag = cipher.getAuthTag();
+  const combined = Buffer.concat([salt, iv, authTag, encrypted]);
+  return combined.toString("base64url");
+}
+function decrypt(ciphertext, secret = getSecret()) {
+  try {
+    const combined = Buffer.from(ciphertext, "base64url");
+    const salt = combined.subarray(0, SALT_LENGTH);
+    const iv = combined.subarray(SALT_LENGTH, SALT_LENGTH + IV_LENGTH);
+    const authTag = combined.subarray(
+      SALT_LENGTH + IV_LENGTH,
+      SALT_LENGTH + IV_LENGTH + AUTH_TAG_LENGTH
+    );
+    const encrypted = combined.subarray(SALT_LENGTH + IV_LENGTH + AUTH_TAG_LENGTH);
+    const key = deriveKey(secret, salt);
+    const decipher = createDecipheriv(ALGORITHM, key, iv);
+    decipher.setAuthTag(authTag);
+    const decrypted = Buffer.concat([decipher.update(encrypted), decipher.final()]);
+    return decrypted.toString("utf8");
+  } catch {
+    throw new Error("Decryption failed: invalid token or secret");
+  }
+}
+function createAuthCode(credentials, expiresInSeconds = 300) {
+  const payload = {
+    ...credentials,
+    exp: Date.now() + expiresInSeconds * 1e3
+  };
+  return encrypt(JSON.stringify(payload));
+}
+function decodeAuthCode(code) {
+  const payload = JSON.parse(decrypt(code));
+  if (payload.exp && Date.now() > payload.exp) {
+    throw new Error("Authorization code expired");
+  }
+  const { orgId, apiToken, userId, codeChallenge, codeChallengeMethod } = payload;
+  if (!orgId || !apiToken) {
+    throw new Error("Invalid authorization code: missing credentials");
+  }
+  return { orgId, apiToken, userId, codeChallenge, codeChallengeMethod };
+}
+export {
+  createAuthCode,
+  decodeAuthCode,
+  decrypt,
+  encrypt,
+  getSecret
+};
+//# sourceMappingURL=crypto.js.map

package/dist/crypto.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"crypto.js","sources":["../src/crypto.ts"],"sourcesContent":["/**\n * Cryptographic utilities for stateless OAuth tokens\n *\n * Uses AES-256-GCM for authenticated encryption.\n * The authorization code contains encrypted credentials that can be\n * decrypted without server-side storage.\n */\n\nimport { createCipheriv, createDecipheriv, randomBytes, scryptSync } from 'node:crypto';\n\nconst ALGORITHM = 'aes-256-gcm';\nconst IV_LENGTH = 12; // GCM recommended IV length\nconst AUTH_TAG_LENGTH = 16;\nconst SALT_LENGTH = 16;\n\n/**\n * Derive a 256-bit key from a password using scrypt\n */\nfunction deriveKey(password: string, salt: Buffer): Buffer {\n return scryptSync(password, salt, 32);\n}\n\n/**\n * Get the encryption secret from environment or generate a default\n * In production, OAUTH_SECRET should always be set\n */\nexport function getSecret(): string {\n const secret = process.env.OAUTH_SECRET;\n if (!secret) {\n console.warn(\n 'WARNING: OAUTH_SECRET not set. Using default secret. Set OAUTH_SECRET in production!'\n );\n return 'productive-mcp-default-secret-change-me';\n }\n return secret;\n}\n\n/**\n * Encrypt data using AES-256-GCM\n *\n * Output format: base64(salt + iv + authTag + ciphertext)\n *\n * @param plaintext - Data to encrypt\n * @param secret - Encryption secret (defaults to OAUTH_SECRET env var)\n * @returns Base64-encoded encrypted data\n */\nexport function encrypt(plaintext: string, secret: string = getSecret()): string {\n const salt = randomBytes(SALT_LENGTH);\n const key = deriveKey(secret, salt);\n const iv = randomBytes(IV_LENGTH);\n\n const cipher = createCipheriv(ALGORITHM, key, iv);\n const encrypted = Buffer.concat([cipher.update(plaintext, 'utf8'), cipher.final()]);\n const authTag = cipher.getAuthTag();\n\n // Combine: salt + iv + authTag + ciphertext\n const combined = Buffer.concat([salt, iv, authTag, encrypted]);\n\n return combined.toString('base64url');\n}\n\n/**\n * Decrypt data encrypted with encrypt()\n *\n * @param ciphertext - Base64-encoded encrypted data\n * @param secret - Encryption secret (defaults to OAUTH_SECRET env var)\n * @returns Decrypted plaintext\n * @throws Error if decryption fails (invalid data or wrong secret)\n */\nexport function decrypt(ciphertext: string, secret: string = getSecret()): string {\n try {\n const combined = Buffer.from(ciphertext, 'base64url');\n\n // Extract components\n const salt = combined.subarray(0, SALT_LENGTH);\n const iv = combined.subarray(SALT_LENGTH, SALT_LENGTH + IV_LENGTH);\n const authTag = combined.subarray(\n SALT_LENGTH + IV_LENGTH,\n SALT_LENGTH + IV_LENGTH + AUTH_TAG_LENGTH\n );\n const encrypted = combined.subarray(SALT_LENGTH + IV_LENGTH + AUTH_TAG_LENGTH);\n\n const key = deriveKey(secret, salt);\n\n const decipher = createDecipheriv(ALGORITHM, key, iv);\n decipher.setAuthTag(authTag);\n\n const decrypted = Buffer.concat([decipher.update(encrypted), decipher.final()]);\n\n return decrypted.toString('utf8');\n } catch {\n throw new Error('Decryption failed: invalid token or secret');\n }\n}\n\n/**\n * Authorization code payload structure\n */\nexport interface AuthCodePayload {\n orgId: string;\n apiToken: string;\n userId?: string;\n codeChallenge?: string;\n codeChallengeMethod?: string;\n}\n\n/**\n * Create an encrypted authorization code containing credentials and PKCE challenge\n *\n * @param credentials - Object with orgId, apiToken, userId, and optional PKCE params\n * @param expiresInSeconds - Code expiration time (default: 5 minutes)\n * @returns Encrypted authorization code\n */\nexport function createAuthCode(\n credentials: AuthCodePayload,\n expiresInSeconds: number = 300\n): string {\n const payload = {\n ...credentials,\n exp: Date.now() + expiresInSeconds * 1000,\n };\n return encrypt(JSON.stringify(payload));\n}\n\n/**\n * Decode and validate an authorization code\n *\n * @param code - Encrypted authorization code\n * @returns Decoded payload with credentials and PKCE challenge\n * @throws Error if code is invalid or expired\n */\nexport function decodeAuthCode(code: string): AuthCodePayload {\n const payload = JSON.parse(decrypt(code));\n\n if (payload.exp && Date.now() > payload.exp) {\n throw new Error('Authorization code expired');\n }\n\n const { orgId, apiToken, userId, codeChallenge, codeChallengeMethod } = payload;\n\n if (!orgId || !apiToken) {\n throw new Error('Invalid authorization code: missing credentials');\n }\n\n return { orgId, apiToken, userId, codeChallenge, codeChallengeMethod };\n}\n"],"names":[],"mappings":";AAUA,MAAM,YAAY;AAClB,MAAM,YAAY;AAClB,MAAM,kBAAkB;AACxB,MAAM,cAAc;AAKpB,SAAS,UAAU,UAAkB,MAAsB;AACzD,SAAO,WAAW,UAAU,MAAM,EAAE;AACtC;AAMO,SAAS,YAAoB;AAClC,QAAM,SAAS,QAAQ,IAAI;AAC3B,MAAI,CAAC,QAAQ;AACX,YAAQ;AAAA,MACN;AAAA,IAAA;AAEF,WAAO;AAAA,EACT;AACA,SAAO;AACT;AAWO,SAAS,QAAQ,WAAmB,SAAiB,aAAqB;AAC/E,QAAM,OAAO,YAAY,WAAW;AACpC,QAAM,MAAM,UAAU,QAAQ,IAAI;AAClC,QAAM,KAAK,YAAY,SAAS;AAEhC,QAAM,SAAS,eAAe,WAAW,KAAK,EAAE;AAChD,QAAM,YAAY,OAAO,OAAO,CAAC,OAAO,OAAO,WAAW,MAAM,GAAG,OAAO,MAAA,CAAO,CAAC;AAClF,QAAM,UAAU,OAAO,WAAA;AAGvB,QAAM,WAAW,OAAO,OAAO,CAAC,MAAM,IAAI,SAAS,SAAS,CAAC;AAE7D,SAAO,SAAS,SAAS,WAAW;AACtC;AAUO,SAAS,QAAQ,YAAoB,SAAiB,aAAqB;AAChF,MAAI;AACF,UAAM,WAAW,OAAO,KAAK,YAAY,WAAW;AAGpD,UAAM,OAAO,SAAS,SAAS,GAAG,WAAW;AAC7C,UAAM,KAAK,SAAS,SAAS,aAAa,cAAc,SAAS;AACjE,UAAM,UAAU,SAAS;AAAA,MACvB,cAAc;AAAA,MACd,cAAc,YAAY;AAAA,IAAA;AAE5B,UAAM,YAAY,SAAS,SAAS,cAAc,YAAY,eAAe;AAE7E,UAAM,MAAM,UAAU,QAAQ,IAAI;AAElC,UAAM,WAAW,iBAAiB,WAAW,KAAK,EAAE;AACpD,aAAS,WAAW,OAAO;AAE3B,UAAM,YAAY,OAAO,OAAO,CAAC,SAAS,OAAO,SAAS,GAAG,SAAS,MAAA,CAAO,CAAC;AAE9E,WAAO,UAAU,SAAS,MAAM;AAAA,EAClC,QAAQ;AACN,UAAM,IAAI,MAAM,4CAA4C;AAAA,EAC9D;AACF;AAoBO,SAAS,eACd,aACA,mBAA2B,KACnB;AACR,QAAM,UAAU;AAAA,IACd,GAAG;AAAA,IACH,KAAK,KAAK,IAAA,IAAQ,mBAAmB;AAAA,EAAA;AAEvC,SAAO,QAAQ,KAAK,UAAU,OAAO,CAAC;AACxC;AASO,SAAS,eAAe,MAA+B;AAC5D,QAAM,UAAU,KAAK,MAAM,QAAQ,IAAI,CAAC;AAExC,MAAI,QAAQ,OAAO,KAAK,IAAA,IAAQ,QAAQ,KAAK;AAC3C,UAAM,IAAI,MAAM,4BAA4B;AAAA,EAC9C;AAEA,QAAM,EAAE,OAAO,UAAU,QAAQ,eAAe,wBAAwB;AAExE,MAAI,CAAC,SAAS,CAAC,UAAU;AACvB,UAAM,IAAI,MAAM,iDAAiD;AAAA,EACnE;AAEA,SAAO,EAAE,OAAO,UAAU,QAAQ,eAAe,oBAAA;AACnD;"}

package/dist/http.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"http.d.ts","sourceRoot":"","sources":["../src/http.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAOL,KAAK,GAAG,EACT,MAAM,IAAI,CAAC;~~AAMZ~~;;GAEG;AACH,wBAAgB,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,GAAE,MAAM,GAAG,MAAM,GAAG,IAAW;;;;;;;EAM5F;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,MAAM,EAAE,OAAO,EAAE,EAAE,GAAE,MAAM,GAAG,MAAM,GAAG,IAAW;;;;EAMhF;AAED;;GAEG;AACH,wBAAgB,gBAAgB;;;;;;;;;EAW/B;AAED;;GAEG;AACH,wBAAgB,eAAe;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAE9B;AAED;;GAEG;AACH,wBAAgB,aAAa,IAAI,GAAG,~~CAyHnC~~"}
1	+ {"version":3,"file":"http.d.ts","sourceRoot":"","sources":["../src/http.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAOL,KAAK,GAAG,EACT,MAAM,IAAI,CAAC;AAcZ;;GAEG;AACH,wBAAgB,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,GAAE,MAAM,GAAG,MAAM,GAAG,IAAW;;;;;;;EAM5F;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,MAAM,EAAE,OAAO,EAAE,EAAE,GAAE,MAAM,GAAG,MAAM,GAAG,IAAW;;;;EAMhF;AAED;;GAEG;AACH,wBAAgB,gBAAgB;;;;;;;;;EAW/B;AAED;;GAEG;AACH,wBAAgB,eAAe;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAE9B;AAED;;GAEG;AACH,wBAAgB,aAAa,IAAI,GAAG,CAgInC"}

package/dist/http.js CHANGED Viewed

@@ -2,6 +2,8 @@ import { createApp, createRouter, defineEventHandler, getHeader, setResponseHead
 import { TOOLS } from "./tools.js";
 import { executeToolWithCredentials } from "./handlers.js";
 import { parseAuthHeader } from "./auth.js";
+import { V as VERSION } from "./version-3wN4XBZL.js";
+import { oauthMetadataHandler, registerHandler, authorizeGetHandler, authorizePostHandler, tokenHandler } from "./oauth.js";
 function jsonRpcError(code, message, id = null) {
   return {
     jsonrpc: "2.0",
@@ -21,7 +23,7 @@ function handleInitialize() {
     protocolVersion: "2024-11-05",
     serverInfo: {
       name: "productive-mcp",
-      version: "0.1.0"
+      version: VERSION
     },
     capabilities: {
       tools: {}
@@ -34,10 +36,15 @@ function handleToolsList() {
 function createHttpApp() {
   const app = createApp();
   const router = createRouter();
+  router.get("/.well-known/oauth-authorization-server", oauthMetadataHandler);
+  router.post("/register", registerHandler);
+  router.get("/authorize", authorizeGetHandler);
+  router.post("/authorize", authorizePostHandler);
+  router.post("/token", tokenHandler);
   router.get(
     "/",
     defineEventHandler(() => {
-      return { status: "ok", service: "productive-mcp", version: "0.1.0" };
+      return { status: "ok", service: "productive-mcp", version: VERSION };
     })
   );
   router.get(

package/dist/http.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"http.js","sources":["../src/http.ts"],"sourcesContent":["/*\n HTTP transport handlers for Productive MCP Server\n \n This module contains the app/router creation logic for the HTTP transport.\n * The actual server startup is in server.ts.\n /\n\nimport {\n createApp,\n createRouter,\n defineEventHandler,\n readBody,\n getHeader,\n setResponseHeader,\n type App,\n} from 'h3';\n\nimport { TOOLS } from './tools.js';\nimport { executeToolWithCredentials } from './handlers.js';\nimport { parseAuthHeader } from './auth.js';\n\n/\n JSON-RPC error response\n /\nexport function jsonRpcError(code: number, message: string, id: string \| number \| null = null) {\n return {\n jsonrpc: '2.0',\n error: { code, message },\n id,\n };\n}\n\n/\n JSON-RPC success response\n /\nexport function jsonRpcSuccess(result: unknown, id: string \| number \| null = null) {\n return {\n jsonrpc: '2.0',\n result,\n id,\n };\n}\n\n/\n Handle the initialize JSON-RPC method\n /\nexport function handleInitialize() {\n return {\n protocolVersion: '2024-11-05',\n serverInfo: {\n name: 'productive-mcp',\n version: ~~'0.1.0'~~,\n },\n capabilities: {\n tools: {},\n },\n };\n}\n\n/\n Handle the tools/list JSON-RPC method\n /\nexport function handleToolsList() {\n return { tools: TOOLS };\n}\n\n/\n Create the h3 application with all routes\n */\nexport function createHttpApp(): App {\n const app = createApp();\n const router = createRouter();\n\n // Health check endpoint\n router.get(\n '/',\n defineEventHandler(() => {\n return { status: 'ok', service: 'productive-mcp', version: ~~'0.1.0'~~ };\n })\n );\n\n router.get(\n '/health',\n defineEventHandler(() => {\n return { status: 'ok' };\n })\n );\n\n // MCP endpoint - handles JSON-RPC over HTTP\n router.post(\n '/mcp',\n defineEventHandler(async (event) => {\n // Parse authorization header\n const authHeader = getHeader(event, 'authorization');\n const credentials = parseAuthHeader(authHeader);\n\n if (!credentials) {\n setResponseHeader(event, 'Content-Type', 'application/json');\n event.node.res.statusCode = 401;\n return jsonRpcError(\n -32001,\n 'Authentication required. Provide Bearer token with base64(organizationId:apiToken:userId)'\n );\n }\n\n setResponseHeader(event, 'Content-Type', 'application/json');\n\n // Parse JSON-RPC request\n let body: { method?: string; params?: unknown; id?: string \| number };\n try {\n body = await readBody(event);\n } catch {\n event.node.res.statusCode = 400;\n return jsonRpcError(-32700, 'Parse error: Invalid JSON');\n }\n\n if (!body \|\| typeof body !== 'object') {\n event.node.res.statusCode = 400;\n return jsonRpcError(-32700, 'Parse error: Invalid JSON');\n }\n\n const { method, params, id } = body;\n\n try {\n if (method === 'initialize') {\n return jsonRpcSuccess(handleInitialize(), id ?? null);\n }\n\n if (method === 'tools/list') {\n return jsonRpcSuccess(handleToolsList(), id ?? null);\n }\n\n if (method === 'tools/call') {\n const { name, arguments: args } = params as {\n name: string;\n arguments?: Record<string, unknown>;\n };\n const result = await executeToolWithCredentials(name, args \|\| {}, credentials);\n return jsonRpcSuccess(result, id ?? null);\n }\n\n // Unknown method\n return jsonRpcError(-32601, `Method not found: ${method}`, id ?? null);\n } catch (error) {\n const message = error instanceof Error ? error.message : String(error);\n return jsonRpcError(-32603, `Internal error: ${message}`, id ?? null);\n }\n })\n );\n\n // SSE endpoint for server-sent events (optional, for streaming responses)\n router.get(\n '/mcp/sse',\n defineEventHandler(async (event) => {\n const authHeader = getHeader(event, 'authorization');\n const credentials = parseAuthHeader(authHeader);\n\n if (!credentials) {\n event.node.res.statusCode = 401;\n return { error: 'Authentication required' };\n }\n\n // Set SSE headers\n setResponseHeader(event, 'Content-Type', 'text/event-stream');\n setResponseHeader(event, 'Cache-Control', 'no-cache');\n setResponseHeader(event, 'Connection', 'keep-alive');\n\n // Generate session ID and send it\n const sessionId = crypto.randomUUID();\n\n // Send initial session event\n event.node.res.write(`event: session\\ndata: ${JSON.stringify({ sessionId })}\\n\\n`);\n\n // Keep connection alive\n const keepAlive = setInterval(() => {\n event.node.res.write(': keepalive\\n\\n');\n }, 30000);\n\n // Clean up on close\n event.node.req.on('close', () => {\n clearInterval(keepAlive);\n });\n\n // Don't end the response - keep it open for SSE\n return new Promise(() => {});\n })\n );\n\n app.use(router);\n return app;\n}\n"],"names":[],"mappings":"~~;;;;AAwBO~~,SAAS,aAAa,MAAc,SAAiB,KAA6B,MAAM;AAC7F,SAAO;AAAA,IACL,SAAS;AAAA,IACT,OAAO,EAAE,MAAM,QAAA;AAAA,IACf;AAAA,EAAA;AAEJ;AAKO,SAAS,eAAe,QAAiB,KAA6B,MAAM;AACjF,SAAO;AAAA,IACL,SAAS;AAAA,IACT;AAAA,IACA;AAAA,EAAA;AAEJ;AAKO,SAAS,mBAAmB;AACjC,SAAO;AAAA,IACL,iBAAiB;AAAA,IACjB,YAAY;AAAA,MACV,MAAM;AAAA,MACN,SAAS;AAAA,IAAA;AAAA,IAEX,cAAc;AAAA,MACZ,OAAO,CAAA;AAAA,IAAC;AAAA,EACV;AAEJ;AAKO,SAAS,kBAAkB;AAChC,SAAO,EAAE,OAAO,MAAA;AAClB;AAKO,SAAS,gBAAqB;AACnC,QAAM,MAAM,UAAA;AACZ,QAAM,SAAS,aAAA;AAGf,SAAO;AAAA,IACL;AAAA,IACA,mBAAmB,MAAM;AACvB,aAAO,EAAE,QAAQ,MAAM,SAAS,kBAAkB,SAAS,QAAA;AAAA,IAC7D,CAAC;AAAA,EAAA;AAGH,SAAO;AAAA,IACL;AAAA,IACA,mBAAmB,MAAM;AACvB,aAAO,EAAE,QAAQ,KAAA;AAAA,IACnB,CAAC;AAAA,EAAA;AAIH,SAAO;AAAA,IACL;AAAA,IACA,mBAAmB,OAAO,UAAU;AAElC,YAAM,aAAa,UAAU,OAAO,eAAe;AACnD,YAAM,cAAc,gBAAgB,UAAU;AAE9C,UAAI,CAAC,aAAa;AAChB,0BAAkB,OAAO,gBAAgB,kBAAkB;AAC3D,cAAM,KAAK,IAAI,aAAa;AAC5B,eAAO;AAAA,UACL;AAAA,UACA;AAAA,QAAA;AAAA,MAEJ;AAEA,wBAAkB,OAAO,gBAAgB,kBAAkB;AAG3D,UAAI;AACJ,UAAI;AACF,eAAO,MAAM,SAAS,KAAK;AAAA,MAC7B,QAAQ;AACN,cAAM,KAAK,IAAI,aAAa;AAC5B,eAAO,aAAa,QAAQ,2BAA2B;AAAA,MACzD;AAEA,UAAI,CAAC,QAAQ,OAAO,SAAS,UAAU;AACrC,cAAM,KAAK,IAAI,aAAa;AAC5B,eAAO,aAAa,QAAQ,2BAA2B;AAAA,MACzD;AAEA,YAAM,EAAE,QAAQ,QAAQ,GAAA,IAAO;AAE/B,UAAI;AACF,YAAI,WAAW,cAAc;AAC3B,iBAAO,eAAe,oBAAoB,MAAM,IAAI;AAAA,QACtD;AAEA,YAAI,WAAW,cAAc;AAC3B,iBAAO,eAAe,mBAAmB,MAAM,IAAI;AAAA,QACrD;AAEA,YAAI,WAAW,cAAc;AAC3B,gBAAM,EAAE,MAAM,WAAW,KAAA,IAAS;AAIlC,gBAAM,SAAS,MAAM,2BAA2B,MAAM,QAAQ,CAAA,GAAI,WAAW;AAC7E,iBAAO,eAAe,QAAQ,MAAM,IAAI;AAAA,QAC1C;AAGA,eAAO,aAAa,QAAQ,qBAAqB,MAAM,IAAI,MAAM,IAAI;AAAA,MACvE,SAAS,OAAO;AACd,cAAM,UAAU,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AACrE,eAAO,aAAa,QAAQ,mBAAmB,OAAO,IAAI,MAAM,IAAI;AAAA,MACtE;AAAA,IACF,CAAC;AAAA,EAAA;AAIH,SAAO;AAAA,IACL;AAAA,IACA,mBAAmB,OAAO,UAAU;AAClC,YAAM,aAAa,UAAU,OAAO,eAAe;AACnD,YAAM,cAAc,gBAAgB,UAAU;AAE9C,UAAI,CAAC,aAAa;AAChB,cAAM,KAAK,IAAI,aAAa;AAC5B,eAAO,EAAE,OAAO,0BAAA;AAAA,MAClB;AAGA,wBAAkB,OAAO,gBAAgB,mBAAmB;AAC5D,wBAAkB,OAAO,iBAAiB,UAAU;AACpD,wBAAkB,OAAO,cAAc,YAAY;AAGnD,YAAM,YAAY,OAAO,WAAA;AAGzB,YAAM,KAAK,IAAI,MAAM;AAAA,QAAyB,KAAK,UAAU,EAAE,WAAW,CAAC;AAAA;AAAA,CAAM;AAGjF,YAAM,YAAY,YAAY,MAAM;AAClC,cAAM,KAAK,IAAI,MAAM,iBAAiB;AAAA,MACxC,GAAG,GAAK;AAGR,YAAM,KAAK,IAAI,GAAG,SAAS,MAAM;AAC/B,sBAAc,SAAS;AAAA,MACzB,CAAC;AAGD,aAAO,IAAI,QAAQ,MAAM;AAAA,MAAC,CAAC;AAAA,IAC7B,CAAC;AAAA,EAAA;AAGH,MAAI,IAAI,MAAM;AACd,SAAO;AACT;"}
1	+ {"version":3,"file":"http.js","sources":["../src/http.ts"],"sourcesContent":["/*\n HTTP transport handlers for Productive MCP Server\n \n This module contains the app/router creation logic for the HTTP transport.\n * The actual server startup is in server.ts.\n /\n\nimport {\n createApp,\n createRouter,\n defineEventHandler,\n readBody,\n getHeader,\n setResponseHeader,\n type App,\n} from 'h3';\n\nimport { TOOLS } from './tools.js';\nimport { executeToolWithCredentials } from './handlers.js';\nimport { parseAuthHeader } from './auth.js';\nimport { VERSION } from './version.js';\nimport {\n oauthMetadataHandler,\n registerHandler,\n authorizeGetHandler,\n authorizePostHandler,\n tokenHandler,\n} from './oauth.js';\n\n/\n JSON-RPC error response\n /\nexport function jsonRpcError(code: number, message: string, id: string \| number \| null = null) {\n return {\n jsonrpc: '2.0',\n error: { code, message },\n id,\n };\n}\n\n/\n JSON-RPC success response\n /\nexport function jsonRpcSuccess(result: unknown, id: string \| number \| null = null) {\n return {\n jsonrpc: '2.0',\n result,\n id,\n };\n}\n\n/\n Handle the initialize JSON-RPC method\n /\nexport function handleInitialize() {\n return {\n protocolVersion: '2024-11-05',\n serverInfo: {\n name: 'productive-mcp',\n version: VERSION,\n },\n capabilities: {\n tools: {},\n },\n };\n}\n\n/\n Handle the tools/list JSON-RPC method\n /\nexport function handleToolsList() {\n return { tools: TOOLS };\n}\n\n/\n Create the h3 application with all routes\n */\nexport function createHttpApp(): App {\n const app = createApp();\n const router = createRouter();\n\n // OAuth 2.0 endpoints for Claude Desktop integration (MCP auth spec)\n router.get('/.well-known/oauth-authorization-server', oauthMetadataHandler);\n router.post('/register', registerHandler); // Dynamic Client Registration (RFC 7591)\n router.get('/authorize', authorizeGetHandler);\n router.post('/authorize', authorizePostHandler);\n router.post('/token', tokenHandler);\n\n // Health check endpoint\n router.get(\n '/',\n defineEventHandler(() => {\n return { status: 'ok', service: 'productive-mcp', version: VERSION };\n })\n );\n\n router.get(\n '/health',\n defineEventHandler(() => {\n return { status: 'ok' };\n })\n );\n\n // MCP endpoint - handles JSON-RPC over HTTP\n router.post(\n '/mcp',\n defineEventHandler(async (event) => {\n // Parse authorization header\n const authHeader = getHeader(event, 'authorization');\n const credentials = parseAuthHeader(authHeader);\n\n if (!credentials) {\n setResponseHeader(event, 'Content-Type', 'application/json');\n event.node.res.statusCode = 401;\n return jsonRpcError(\n -32001,\n 'Authentication required. Provide Bearer token with base64(organizationId:apiToken:userId)'\n );\n }\n\n setResponseHeader(event, 'Content-Type', 'application/json');\n\n // Parse JSON-RPC request\n let body: { method?: string; params?: unknown; id?: string \| number };\n try {\n body = await readBody(event);\n } catch {\n event.node.res.statusCode = 400;\n return jsonRpcError(-32700, 'Parse error: Invalid JSON');\n }\n\n if (!body \|\| typeof body !== 'object') {\n event.node.res.statusCode = 400;\n return jsonRpcError(-32700, 'Parse error: Invalid JSON');\n }\n\n const { method, params, id } = body;\n\n try {\n if (method === 'initialize') {\n return jsonRpcSuccess(handleInitialize(), id ?? null);\n }\n\n if (method === 'tools/list') {\n return jsonRpcSuccess(handleToolsList(), id ?? null);\n }\n\n if (method === 'tools/call') {\n const { name, arguments: args } = params as {\n name: string;\n arguments?: Record<string, unknown>;\n };\n const result = await executeToolWithCredentials(name, args \|\| {}, credentials);\n return jsonRpcSuccess(result, id ?? null);\n }\n\n // Unknown method\n return jsonRpcError(-32601, `Method not found: ${method}`, id ?? null);\n } catch (error) {\n const message = error instanceof Error ? error.message : String(error);\n return jsonRpcError(-32603, `Internal error: ${message}`, id ?? null);\n }\n })\n );\n\n // SSE endpoint for server-sent events (optional, for streaming responses)\n router.get(\n '/mcp/sse',\n defineEventHandler(async (event) => {\n const authHeader = getHeader(event, 'authorization');\n const credentials = parseAuthHeader(authHeader);\n\n if (!credentials) {\n event.node.res.statusCode = 401;\n return { error: 'Authentication required' };\n }\n\n // Set SSE headers\n setResponseHeader(event, 'Content-Type', 'text/event-stream');\n setResponseHeader(event, 'Cache-Control', 'no-cache');\n setResponseHeader(event, 'Connection', 'keep-alive');\n\n // Generate session ID and send it\n const sessionId = crypto.randomUUID();\n\n // Send initial session event\n event.node.res.write(`event: session\\ndata: ${JSON.stringify({ sessionId })}\\n\\n`);\n\n // Keep connection alive\n const keepAlive = setInterval(() => {\n event.node.res.write(': keepalive\\n\\n');\n }, 30000);\n\n // Clean up on close\n event.node.req.on('close', () => {\n clearInterval(keepAlive);\n });\n\n // Don't end the response - keep it open for SSE\n return new Promise(() => {});\n })\n );\n\n app.use(router);\n return app;\n}\n"],"names":[],"mappings":";;;;;;AAgCO,SAAS,aAAa,MAAc,SAAiB,KAA6B,MAAM;AAC7F,SAAO;AAAA,IACL,SAAS;AAAA,IACT,OAAO,EAAE,MAAM,QAAA;AAAA,IACf;AAAA,EAAA;AAEJ;AAKO,SAAS,eAAe,QAAiB,KAA6B,MAAM;AACjF,SAAO;AAAA,IACL,SAAS;AAAA,IACT;AAAA,IACA;AAAA,EAAA;AAEJ;AAKO,SAAS,mBAAmB;AACjC,SAAO;AAAA,IACL,iBAAiB;AAAA,IACjB,YAAY;AAAA,MACV,MAAM;AAAA,MACN,SAAS;AAAA,IAAA;AAAA,IAEX,cAAc;AAAA,MACZ,OAAO,CAAA;AAAA,IAAC;AAAA,EACV;AAEJ;AAKO,SAAS,kBAAkB;AAChC,SAAO,EAAE,OAAO,MAAA;AAClB;AAKO,SAAS,gBAAqB;AACnC,QAAM,MAAM,UAAA;AACZ,QAAM,SAAS,aAAA;AAGf,SAAO,IAAI,2CAA2C,oBAAoB;AAC1E,SAAO,KAAK,aAAa,eAAe;AACxC,SAAO,IAAI,cAAc,mBAAmB;AAC5C,SAAO,KAAK,cAAc,oBAAoB;AAC9C,SAAO,KAAK,UAAU,YAAY;AAGlC,SAAO;AAAA,IACL;AAAA,IACA,mBAAmB,MAAM;AACvB,aAAO,EAAE,QAAQ,MAAM,SAAS,kBAAkB,SAAS,QAAA;AAAA,IAC7D,CAAC;AAAA,EAAA;AAGH,SAAO;AAAA,IACL;AAAA,IACA,mBAAmB,MAAM;AACvB,aAAO,EAAE,QAAQ,KAAA;AAAA,IACnB,CAAC;AAAA,EAAA;AAIH,SAAO;AAAA,IACL;AAAA,IACA,mBAAmB,OAAO,UAAU;AAElC,YAAM,aAAa,UAAU,OAAO,eAAe;AACnD,YAAM,cAAc,gBAAgB,UAAU;AAE9C,UAAI,CAAC,aAAa;AAChB,0BAAkB,OAAO,gBAAgB,kBAAkB;AAC3D,cAAM,KAAK,IAAI,aAAa;AAC5B,eAAO;AAAA,UACL;AAAA,UACA;AAAA,QAAA;AAAA,MAEJ;AAEA,wBAAkB,OAAO,gBAAgB,kBAAkB;AAG3D,UAAI;AACJ,UAAI;AACF,eAAO,MAAM,SAAS,KAAK;AAAA,MAC7B,QAAQ;AACN,cAAM,KAAK,IAAI,aAAa;AAC5B,eAAO,aAAa,QAAQ,2BAA2B;AAAA,MACzD;AAEA,UAAI,CAAC,QAAQ,OAAO,SAAS,UAAU;AACrC,cAAM,KAAK,IAAI,aAAa;AAC5B,eAAO,aAAa,QAAQ,2BAA2B;AAAA,MACzD;AAEA,YAAM,EAAE,QAAQ,QAAQ,GAAA,IAAO;AAE/B,UAAI;AACF,YAAI,WAAW,cAAc;AAC3B,iBAAO,eAAe,oBAAoB,MAAM,IAAI;AAAA,QACtD;AAEA,YAAI,WAAW,cAAc;AAC3B,iBAAO,eAAe,mBAAmB,MAAM,IAAI;AAAA,QACrD;AAEA,YAAI,WAAW,cAAc;AAC3B,gBAAM,EAAE,MAAM,WAAW,KAAA,IAAS;AAIlC,gBAAM,SAAS,MAAM,2BAA2B,MAAM,QAAQ,CAAA,GAAI,WAAW;AAC7E,iBAAO,eAAe,QAAQ,MAAM,IAAI;AAAA,QAC1C;AAGA,eAAO,aAAa,QAAQ,qBAAqB,MAAM,IAAI,MAAM,IAAI;AAAA,MACvE,SAAS,OAAO;AACd,cAAM,UAAU,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AACrE,eAAO,aAAa,QAAQ,mBAAmB,OAAO,IAAI,MAAM,IAAI;AAAA,MACtE;AAAA,IACF,CAAC;AAAA,EAAA;AAIH,SAAO;AAAA,IACL;AAAA,IACA,mBAAmB,OAAO,UAAU;AAClC,YAAM,aAAa,UAAU,OAAO,eAAe;AACnD,YAAM,cAAc,gBAAgB,UAAU;AAE9C,UAAI,CAAC,aAAa;AAChB,cAAM,KAAK,IAAI,aAAa;AAC5B,eAAO,EAAE,OAAO,0BAAA;AAAA,MAClB;AAGA,wBAAkB,OAAO,gBAAgB,mBAAmB;AAC5D,wBAAkB,OAAO,iBAAiB,UAAU;AACpD,wBAAkB,OAAO,cAAc,YAAY;AAGnD,YAAM,YAAY,OAAO,WAAA;AAGzB,YAAM,KAAK,IAAI,MAAM;AAAA,QAAyB,KAAK,UAAU,EAAE,WAAW,CAAC;AAAA;AAAA,CAAM;AAGjF,YAAM,YAAY,YAAY,MAAM;AAClC,cAAM,KAAK,IAAI,MAAM,iBAAiB;AAAA,MACxC,GAAG,GAAK;AAGR,YAAM,KAAK,IAAI,GAAG,SAAS,MAAM;AAC/B,sBAAc,SAAS;AAAA,MACzB,CAAC;AAGD,aAAO,IAAI,QAAQ,MAAM;AAAA,MAAC,CAAC;AAAA,IAC7B,CAAC;AAAA,EAAA;AAGH,MAAI,IAAI,MAAM;AACd,SAAO;AACT;"}

package/dist/index.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAEA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,2CAA2C,CAAC;~~AAgBnE~~;;GAEG;AACH,wBAAgB,iBAAiB,IAAI,MAAM,CA6C1C;AAED;;GAEG;AACH,wBAAsB,gBAAgB,IAAI,OAAO,CAAC,IAAI,CAAC,CAKtD"}
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAEA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,2CAA2C,CAAC;AAiBnE;;GAEG;AACH,wBAAgB,iBAAiB,IAAI,MAAM,CA6C1C;AAED;;GAEG;AACH,wBAAsB,gBAAgB,IAAI,OAAO,CAAC,IAAI,CAAC,CAKtD"}

package/dist/index.js CHANGED Viewed

@@ -3,11 +3,12 @@ import { Server } from "@modelcontextprotocol/sdk/server/index.js";
 import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
 import { ListToolsRequestSchema, ListPromptsRequestSchema, GetPromptRequestSchema, CallToolRequestSchema } from "@modelcontextprotocol/sdk/types.js";
 import { getAvailableTools, getAvailablePrompts, handlePrompt, handleToolCall } from "./stdio.js";
+import { V as VERSION } from "./version-3wN4XBZL.js";
 function createStdioServer() {
   const server = new Server(
     {
       name: "productive-mcp",
-      version: "0.1.0"
+      version: VERSION
     },
     {
       capabilities: {

package/dist/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.js","sources":["../src/index.ts"],"sourcesContent":["#!/usr/bin/env node\n\n/*\n Productive MCP Server - Stdio Transport\n \n This is the local execution mode using stdio transport.\n * For remote HTTP deployment, use server.ts instead.\n \n Usage:\n * npx @studiometa/productive-mcp\n \n Or in Claude Desktop config:\n * {\n * \"mcpServers\": {\n * \"productive\": {\n * \"command\": \"npx\",\n * \"args\": [\"@studiometa/productive-mcp\"]\n * }\n * }\n * }\n /\n\nimport { Server } from '@modelcontextprotocol/sdk/server/index.js';\nimport { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';\nimport {\n CallToolRequestSchema,\n ListToolsRequestSchema,\n ListPromptsRequestSchema,\n GetPromptRequestSchema,\n} from '@modelcontextprotocol/sdk/types.js';\n\nimport {\n getAvailableTools,\n getAvailablePrompts,\n handleToolCall,\n handlePrompt,\n} from './stdio.js';\n\n/\n Create and configure the MCP server\n /\nexport function createStdioServer(): Server {\n const server = new Server(\n {\n name: 'productive-mcp',\n version: ~~'0.1.0'~~,\n },\n {\n capabilities: {\n tools: {},\n prompts: {},\n },\n }\n );\n\n // List available tools (including stdio-only configuration tools)\n server.setRequestHandler(ListToolsRequestSchema, async () => {\n return { tools: getAvailableTools() };\n });\n\n // List available prompts\n server.setRequestHandler(ListPromptsRequestSchema, async () => {\n return { prompts: getAvailablePrompts() };\n });\n\n // Get prompt\n server.setRequestHandler(GetPromptRequestSchema, async (request) => {\n return handlePrompt(request.params.name);\n });\n\n // Handle tool calls\n server.setRequestHandler(CallToolRequestSchema, async (request) => {\n const { name, arguments: args } = request.params;\n\n try {\n return await handleToolCall(name, (args as Record<string, unknown>) \|\| {});\n } catch (error) {\n const message = error instanceof Error ? error.message : String(error);\n return {\n content: [{ type: 'text', text: `Error: ${message}` }],\n isError: true,\n };\n }\n });\n\n return server;\n}\n\n/\n Start the stdio server\n */\nexport async function startStdioServer(): Promise<void> {\n const server = createStdioServer();\n const transport = new StdioServerTransport();\n await server.connect(transport);\n console.error('Productive MCP server running on stdio');\n}\n\n// Start server when run directly\nconst isMainModule = import.meta.url === `file://${process.argv[1]}` \|\|\n process.argv[1]?.endsWith('/productive-mcp') \|\|\n process.argv[1]?.endsWith('\\\\productive-mcp');\n\nif (isMainModule) {\n startStdioServer().catch((error) => {\n console.error('Fatal error:', error);\n process.exit(1);\n });\n}\n"],"names":[],"mappings":"~~;;;;;AAyCO~~,SAAS,oBAA4B;AAC1C,QAAM,SAAS,IAAI;AAAA,IACjB;AAAA,MACE,MAAM;AAAA,MACN,SAAS;AAAA,IAAA;AAAA,IAEX;AAAA,MACE,cAAc;AAAA,QACZ,OAAO,CAAA;AAAA,QACP,SAAS,CAAA;AAAA,MAAC;AAAA,IACZ;AAAA,EACF;AAIF,SAAO,kBAAkB,wBAAwB,YAAY;AAC3D,WAAO,EAAE,OAAO,oBAAkB;AAAA,EACpC,CAAC;AAGD,SAAO,kBAAkB,0BAA0B,YAAY;AAC7D,WAAO,EAAE,SAAS,sBAAoB;AAAA,EACxC,CAAC;AAGD,SAAO,kBAAkB,wBAAwB,OAAO,YAAY;AAClE,WAAO,aAAa,QAAQ,OAAO,IAAI;AAAA,EACzC,CAAC;AAGD,SAAO,kBAAkB,uBAAuB,OAAO,YAAY;AACjE,UAAM,EAAE,MAAM,WAAW,KAAA,IAAS,QAAQ;AAE1C,QAAI;AACF,aAAO,MAAM,eAAe,MAAO,QAAoC,CAAA,CAAE;AAAA,IAC3E,SAAS,OAAO;AACd,YAAM,UAAU,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AACrE,aAAO;AAAA,QACL,SAAS,CAAC,EAAE,MAAM,QAAQ,MAAM,UAAU,OAAO,IAAI;AAAA,QACrD,SAAS;AAAA,MAAA;AAAA,IAEb;AAAA,EACF,CAAC;AAED,SAAO;AACT;AAKA,eAAsB,mBAAkC;AACtD,QAAM,SAAS,kBAAA;AACf,QAAM,YAAY,IAAI,qBAAA;AACtB,QAAM,OAAO,QAAQ,SAAS;AAC9B,UAAQ,MAAM,wCAAwC;AACxD;AAGA,MAAM,eAAe,YAAY,QAAQ,UAAU,QAAQ,KAAK,CAAC,CAAC,MAChE,QAAQ,KAAK,CAAC,GAAG,SAAS,iBAAiB,KAC3C,QAAQ,KAAK,CAAC,GAAG,SAAS,kBAAkB;AAE9C,IAAI,cAAc;AAChB,mBAAA,EAAmB,MAAM,CAAC,UAAU;AAClC,YAAQ,MAAM,gBAAgB,KAAK;AACnC,YAAQ,KAAK,CAAC;AAAA,EAChB,CAAC;AACH;"}
1	+ {"version":3,"file":"index.js","sources":["../src/index.ts"],"sourcesContent":["#!/usr/bin/env node\n\n/*\n Productive MCP Server - Stdio Transport\n \n This is the local execution mode using stdio transport.\n * For remote HTTP deployment, use server.ts instead.\n \n Usage:\n * npx @studiometa/productive-mcp\n \n Or in Claude Desktop config:\n * {\n * \"mcpServers\": {\n * \"productive\": {\n * \"command\": \"npx\",\n * \"args\": [\"@studiometa/productive-mcp\"]\n * }\n * }\n * }\n /\n\nimport { Server } from '@modelcontextprotocol/sdk/server/index.js';\nimport { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';\nimport {\n CallToolRequestSchema,\n ListToolsRequestSchema,\n ListPromptsRequestSchema,\n GetPromptRequestSchema,\n} from '@modelcontextprotocol/sdk/types.js';\n\nimport {\n getAvailableTools,\n getAvailablePrompts,\n handleToolCall,\n handlePrompt,\n} from './stdio.js';\nimport { VERSION } from './version.js';\n\n/\n Create and configure the MCP server\n /\nexport function createStdioServer(): Server {\n const server = new Server(\n {\n name: 'productive-mcp',\n version: VERSION,\n },\n {\n capabilities: {\n tools: {},\n prompts: {},\n },\n }\n );\n\n // List available tools (including stdio-only configuration tools)\n server.setRequestHandler(ListToolsRequestSchema, async () => {\n return { tools: getAvailableTools() };\n });\n\n // List available prompts\n server.setRequestHandler(ListPromptsRequestSchema, async () => {\n return { prompts: getAvailablePrompts() };\n });\n\n // Get prompt\n server.setRequestHandler(GetPromptRequestSchema, async (request) => {\n return handlePrompt(request.params.name);\n });\n\n // Handle tool calls\n server.setRequestHandler(CallToolRequestSchema, async (request) => {\n const { name, arguments: args } = request.params;\n\n try {\n return await handleToolCall(name, (args as Record<string, unknown>) \|\| {});\n } catch (error) {\n const message = error instanceof Error ? error.message : String(error);\n return {\n content: [{ type: 'text', text: `Error: ${message}` }],\n isError: true,\n };\n }\n });\n\n return server;\n}\n\n/\n Start the stdio server\n */\nexport async function startStdioServer(): Promise<void> {\n const server = createStdioServer();\n const transport = new StdioServerTransport();\n await server.connect(transport);\n console.error('Productive MCP server running on stdio');\n}\n\n// Start server when run directly\nconst isMainModule = import.meta.url === `file://${process.argv[1]}` \|\|\n process.argv[1]?.endsWith('/productive-mcp') \|\|\n process.argv[1]?.endsWith('\\\\productive-mcp');\n\nif (isMainModule) {\n startStdioServer().catch((error) => {\n console.error('Fatal error:', error);\n process.exit(1);\n });\n}\n"],"names":[],"mappings":";;;;;;AA0CO,SAAS,oBAA4B;AAC1C,QAAM,SAAS,IAAI;AAAA,IACjB;AAAA,MACE,MAAM;AAAA,MACN,SAAS;AAAA,IAAA;AAAA,IAEX;AAAA,MACE,cAAc;AAAA,QACZ,OAAO,CAAA;AAAA,QACP,SAAS,CAAA;AAAA,MAAC;AAAA,IACZ;AAAA,EACF;AAIF,SAAO,kBAAkB,wBAAwB,YAAY;AAC3D,WAAO,EAAE,OAAO,oBAAkB;AAAA,EACpC,CAAC;AAGD,SAAO,kBAAkB,0BAA0B,YAAY;AAC7D,WAAO,EAAE,SAAS,sBAAoB;AAAA,EACxC,CAAC;AAGD,SAAO,kBAAkB,wBAAwB,OAAO,YAAY;AAClE,WAAO,aAAa,QAAQ,OAAO,IAAI;AAAA,EACzC,CAAC;AAGD,SAAO,kBAAkB,uBAAuB,OAAO,YAAY;AACjE,UAAM,EAAE,MAAM,WAAW,KAAA,IAAS,QAAQ;AAE1C,QAAI;AACF,aAAO,MAAM,eAAe,MAAO,QAAoC,CAAA,CAAE;AAAA,IAC3E,SAAS,OAAO;AACd,YAAM,UAAU,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AACrE,aAAO;AAAA,QACL,SAAS,CAAC,EAAE,MAAM,QAAQ,MAAM,UAAU,OAAO,IAAI;AAAA,QACrD,SAAS;AAAA,MAAA;AAAA,IAEb;AAAA,EACF,CAAC;AAED,SAAO;AACT;AAKA,eAAsB,mBAAkC;AACtD,QAAM,SAAS,kBAAA;AACf,QAAM,YAAY,IAAI,qBAAA;AACtB,QAAM,OAAO,QAAQ,SAAS;AAC9B,UAAQ,MAAM,wCAAwC;AACxD;AAGA,MAAM,eAAe,YAAY,QAAQ,UAAU,QAAQ,KAAK,CAAC,CAAC,MAChE,QAAQ,KAAK,CAAC,GAAG,SAAS,iBAAiB,KAC3C,QAAQ,KAAK,CAAC,GAAG,SAAS,kBAAkB;AAE9C,IAAI,cAAc;AAChB,mBAAA,EAAmB,MAAM,CAAC,UAAU;AAClC,YAAQ,MAAM,gBAAgB,KAAK;AACnC,YAAQ,KAAK,CAAC;AAAA,EAChB,CAAC;AACH;"}

package/dist/oauth.d.ts ADDED Viewed

@@ -0,0 +1,95 @@
+/**
+ * OAuth 2.0 endpoints for Claude Desktop integration
+ *
+ * Implements OAuth 2.1 with PKCE as specified in the MCP authorization spec.
+ * Uses stateless encrypted tokens - no server-side storage required.
+ *
+ * Spec: https://modelcontextprotocol.io/specification/2025-03-26/basic/authorization
+ *
+ * Flow:
+ * 1. Claude redirects user to /authorize with OAuth params (including PKCE)
+ * 2. User enters Productive credentials in login form
+ * 3. Server encrypts credentials + PKCE challenge into authorization code
+ * 4. Redirects back to Claude with the code
+ * 5. Claude exchanges code for access token via /token (with code_verifier)
+ * 6. Server validates PKCE and returns access token
+ */
+/**
+ * OAuth metadata for discovery (RFC 8414)
+ * GET /.well-known/oauth-authorization-server
+ *
+ * MCP clients MUST check this endpoint first for server capabilities.
+ */
+export declare const oauthMetadataHandler: import("h3").EventHandler<import("h3").EventHandlerRequest, {
+    issuer: string;
+    authorization_endpoint: string;
+    token_endpoint: string;
+    response_types_supported: string[];
+    grant_types_supported: string[];
+    code_challenge_methods_supported: string[];
+    token_endpoint_auth_methods_supported: string[];
+    registration_endpoint: string;
+    scopes_supported: string[];
+    service_documentation: string;
+}>;
+/**
+ * Dynamic Client Registration endpoint (RFC 7591)
+ * POST /register
+ *
+ * MCP servers SHOULD support DCR to allow clients to register automatically.
+ * Since we use stateless tokens, we accept any registration and return
+ * a generated client_id.
+ */
+export declare const registerHandler: import("h3").EventHandler<import("h3").EventHandlerRequest, Promise<{
+    error: string;
+    error_description: string;
+    client_id?: undefined;
+    client_name?: undefined;
+    redirect_uris?: undefined;
+    token_endpoint_auth_method?: undefined;
+    grant_types?: undefined;
+    response_types?: undefined;
+} | {
+    client_id: string;
+    client_name: string;
+    redirect_uris: string[];
+    token_endpoint_auth_method: string;
+    grant_types: string[];
+    response_types: string[];
+    error?: undefined;
+    error_description?: undefined;
+}>>;
+/**
+ * Authorization endpoint - shows login form
+ * GET /authorize
+ */
+export declare const authorizeGetHandler: import("h3").EventHandler<import("h3").EventHandlerRequest, string | Promise<void>>;
+/**
+ * Authorization endpoint - process login
+ * POST /authorize
+ */
+export declare const authorizePostHandler: import("h3").EventHandler<import("h3").EventHandlerRequest, Promise<string | void>>;
+/**
+ * Token endpoint - exchange code for access token
+ * POST /token
+ *
+ * Supports:
+ * - authorization_code grant (with PKCE validation)
+ * - refresh_token grant
+ */
+export declare const tokenHandler: import("h3").EventHandler<import("h3").EventHandlerRequest, Promise<{
+    error: string;
+    error_description: string;
+    access_token?: undefined;
+    token_type?: undefined;
+    expires_in?: undefined;
+    refresh_token?: undefined;
+} | {
+    access_token: string;
+    token_type: string;
+    expires_in: number;
+    refresh_token: string;
+    error?: undefined;
+    error_description?: undefined;
+}>>;
+//# sourceMappingURL=oauth.d.ts.map

package/dist/oauth.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"oauth.d.ts","sourceRoot":"","sources":["../src/oauth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAcH;;;;;GAKG;AACH,eAAO,MAAM,oBAAoB;;;;;;;;;;;EAyB/B,CAAC;AAEH;;;;;;;GAOG;AACH,eAAO,MAAM,eAAe;;;;;;;;;;;;;;;;;;GAoC1B,CAAC;AAEH;;;GAGG;AACH,eAAO,MAAM,mBAAmB,qFA+C9B,CAAC;AAEH;;;GAGG;AACH,eAAO,MAAM,oBAAoB,qFAgE/B,CAAC;AAEH;;;;;;;GAOG;AACH,eAAO,MAAM,YAAY;;;;;;;;;;;;;;GA+FvB,CAAC"}

package/dist/oauth.js ADDED Viewed

@@ -0,0 +1,492 @@
+import { createHash } from "node:crypto";
+import { defineEventHandler, setResponseHeader, readBody, getQuery, sendRedirect } from "h3";
+import { createAuthCode, decodeAuthCode } from "./crypto.js";
+import { createAuthToken } from "./auth.js";
+const oauthMetadataHandler = defineEventHandler((event) => {
+  const host = event.node.req.headers.host || "localhost:3000";
+  const protocol = event.node.req.headers["x-forwarded-proto"] || "http";
+  const baseUrl = `${protocol}://${host}`;
+  setResponseHeader(event, "Content-Type", "application/json");
+  setResponseHeader(event, "Cache-Control", "public, max-age=3600");
+  return {
+    // Required fields per RFC 8414
+    issuer: baseUrl,
+    authorization_endpoint: `${baseUrl}/authorize`,
+    token_endpoint: `${baseUrl}/token`,
+    response_types_supported: ["code"],
+    // OAuth 2.1 / MCP requirements
+    grant_types_supported: ["authorization_code", "refresh_token"],
+    code_challenge_methods_supported: ["S256"],
+    token_endpoint_auth_methods_supported: ["none"],
+    // Public client
+    // Optional but useful
+    registration_endpoint: `${baseUrl}/register`,
+    scopes_supported: ["productive"],
+    service_documentation: "https://github.com/studiometa/productive-tools"
+  };
+});
+const registerHandler = defineEventHandler(async (event) => {
+  setResponseHeader(event, "Content-Type", "application/json");
+  let body;
+  try {
+    body = await readBody(event);
+  } catch {
+    event.node.res.statusCode = 400;
+    return {
+      error: "invalid_request",
+      error_description: "Invalid JSON body"
+    };
+  }
+  const clientName = body.client_name || "MCP Client";
+  const redirectUris = body.redirect_uris || [];
+  const clientId = Buffer.from(
+    JSON.stringify({
+      name: clientName,
+      ts: Date.now()
+    })
+  ).toString("base64url");
+  event.node.res.statusCode = 201;
+  return {
+    client_id: clientId,
+    client_name: clientName,
+    redirect_uris: redirectUris,
+    token_endpoint_auth_method: "none",
+    grant_types: ["authorization_code", "refresh_token"],
+    response_types: ["code"]
+  };
+});
+const authorizeGetHandler = defineEventHandler((event) => {
+  const query = getQuery(event);
+  query.client_id;
+  const redirectUri = query.redirect_uri;
+  const state = query.state;
+  const codeChallenge = query.code_challenge;
+  const codeChallengeMethod = query.code_challenge_method;
+  query.scope;
+  if (!redirectUri) {
+    setResponseHeader(event, "Content-Type", "text/html; charset=utf-8");
+    event.node.res.statusCode = 400;
+    return renderErrorPage("Missing required parameter: redirect_uri");
+  }
+  if (!codeChallenge) {
+    const errorUrl = new URL(redirectUri);
+    errorUrl.searchParams.set("error", "invalid_request");
+    errorUrl.searchParams.set("error_description", "code_challenge is required");
+    if (state) errorUrl.searchParams.set("state", state);
+    return sendRedirect(event, errorUrl.toString());
+  }
+  if (codeChallengeMethod && codeChallengeMethod !== "S256") {
+    const errorUrl = new URL(redirectUri);
+    errorUrl.searchParams.set("error", "invalid_request");
+    errorUrl.searchParams.set("error_description", "Only S256 code_challenge_method is supported");
+    if (state) errorUrl.searchParams.set("state", state);
+    return sendRedirect(event, errorUrl.toString());
+  }
+  setResponseHeader(event, "Content-Type", "text/html; charset=utf-8");
+  return renderLoginForm({
+    redirectUri,
+    state,
+    codeChallenge,
+    codeChallengeMethod: codeChallengeMethod || "S256"
+  });
+});
+const authorizePostHandler = defineEventHandler(async (event) => {
+  const body = await readBody(event);
+  const {
+    orgId,
+    apiToken,
+    userId,
+    redirectUri,
+    state,
+    codeChallenge,
+    codeChallengeMethod
+  } = body;
+  if (!redirectUri) {
+    setResponseHeader(event, "Content-Type", "text/html; charset=utf-8");
+    event.node.res.statusCode = 400;
+    return renderErrorPage("Missing redirect_uri parameter");
+  }
+  try {
+    const uri = new URL(redirectUri);
+    const isLocalhost = uri.hostname === "localhost" || uri.hostname === "127.0.0.1";
+    const isHttps = uri.protocol === "https:";
+    if (!isLocalhost && !isHttps) {
+      event.node.res.statusCode = 400;
+      return renderErrorPage("redirect_uri must be HTTPS or localhost");
+    }
+  } catch {
+    event.node.res.statusCode = 400;
+    return renderErrorPage("Invalid redirect_uri format");
+  }
+  if (!orgId || !apiToken) {
+    setResponseHeader(event, "Content-Type", "text/html; charset=utf-8");
+    return renderLoginForm({
+      redirectUri,
+      state,
+      codeChallenge,
+      codeChallengeMethod,
+      error: "Organization ID and API Token are required"
+    });
+  }
+  const code = createAuthCode({
+    orgId,
+    apiToken,
+    userId: userId || void 0,
+    codeChallenge,
+    codeChallengeMethod: codeChallengeMethod || "S256"
+  });
+  const redirectUrl = new URL(redirectUri);
+  redirectUrl.searchParams.set("code", code);
+  if (state) {
+    redirectUrl.searchParams.set("state", state);
+  }
+  return sendRedirect(event, redirectUrl.toString());
+});
+const tokenHandler = defineEventHandler(async (event) => {
+  setResponseHeader(event, "Content-Type", "application/json");
+  let body;
+  const contentType = event.node.req.headers["content-type"] || "";
+  if (contentType.includes("application/x-www-form-urlencoded")) {
+    const rawBody = await readBody(event);
+    if (typeof rawBody === "string") {
+      body = Object.fromEntries(new URLSearchParams(rawBody));
+    } else {
+      body = rawBody;
+    }
+  } else {
+    body = await readBody(event);
+  }
+  const { grant_type, code, code_verifier, refresh_token } = body;
+  if (grant_type === "refresh_token") {
+    return handleRefreshToken(event, refresh_token);
+  }
+  if (grant_type !== "authorization_code") {
+    event.node.res.statusCode = 400;
+    return {
+      error: "unsupported_grant_type",
+      error_description: "Supported grant types: authorization_code, refresh_token"
+    };
+  }
+  if (!code) {
+    event.node.res.statusCode = 400;
+    return {
+      error: "invalid_request",
+      error_description: "Missing authorization code"
+    };
+  }
+  if (!code_verifier) {
+    event.node.res.statusCode = 400;
+    return {
+      error: "invalid_request",
+      error_description: "Missing code_verifier (PKCE required)"
+    };
+  }
+  try {
+    const payload = decodeAuthCode(code);
+    if (payload.codeChallenge) {
+      const expectedChallenge = createS256Challenge(code_verifier);
+      if (expectedChallenge !== payload.codeChallenge) {
+        event.node.res.statusCode = 400;
+        return {
+          error: "invalid_grant",
+          error_description: "Invalid code_verifier"
+        };
+      }
+    }
+    const accessToken = createAuthToken({
+      organizationId: payload.orgId,
+      apiToken: payload.apiToken,
+      userId: payload.userId
+    });
+    const refreshToken = createAuthCode(
+      {
+        orgId: payload.orgId,
+        apiToken: payload.apiToken,
+        userId: payload.userId
+      },
+      86400 * 30
+      // 30 days
+    );
+    return {
+      access_token: accessToken,
+      token_type: "Bearer",
+      expires_in: 3600,
+      // 1 hour (access tokens should be short-lived)
+      refresh_token: refreshToken
+    };
+  } catch (error) {
+    event.node.res.statusCode = 400;
+    return {
+      error: "invalid_grant",
+      error_description: error instanceof Error ? error.message : "Invalid authorization code"
+    };
+  }
+});
+function handleRefreshToken(event, refreshToken) {
+  if (!refreshToken) {
+    event.node.res.statusCode = 400;
+    return {
+      error: "invalid_request",
+      error_description: "Missing refresh_token"
+    };
+  }
+  try {
+    const payload = decodeAuthCode(refreshToken);
+    const accessToken = createAuthToken({
+      organizationId: payload.orgId,
+      apiToken: payload.apiToken,
+      userId: payload.userId
+    });
+    const newRefreshToken = createAuthCode(
+      {
+        orgId: payload.orgId,
+        apiToken: payload.apiToken,
+        userId: payload.userId
+      },
+      86400 * 30
+      // 30 days
+    );
+    return {
+      access_token: accessToken,
+      token_type: "Bearer",
+      expires_in: 3600,
+      refresh_token: newRefreshToken
+    };
+  } catch (error) {
+    event.node.res.statusCode = 400;
+    return {
+      error: "invalid_grant",
+      error_description: error instanceof Error ? error.message : "Invalid refresh token"
+    };
+  }
+}
+function createS256Challenge(codeVerifier) {
+  return createHash("sha256").update(codeVerifier).digest("base64url");
+}
+function renderLoginForm(params) {
+  const { redirectUri, state, codeChallenge, codeChallengeMethod, error } = params;
+  return `<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>Connect to Productive.io</title>
+  <style>
+    * {
+      box-sizing: border-box;
+      margin: 0;
+      padding: 0;
+    }
+    body {
+      font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
+      background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
+      min-height: 100vh;
+      display: flex;
+      align-items: center;
+      justify-content: center;
+      padding: 20px;
+    }
+    .container {
+      background: white;
+      border-radius: 16px;
+      box-shadow: 0 20px 60px rgba(0, 0, 0, 0.3);
+      padding: 40px;
+      width: 100%;
+      max-width: 420px;
+    }
+    .logo {
+      text-align: center;
+      margin-bottom: 24px;
+    }
+    .logo svg {
+      width: 48px;
+      height: 48px;
+    }
+    h1 {
+      text-align: center;
+      color: #1a1a2e;
+      font-size: 24px;
+      margin-bottom: 8px;
+    }
+    .subtitle {
+      text-align: center;
+      color: #666;
+      font-size: 14px;
+      margin-bottom: 32px;
+    }
+    .error {
+      background: #fee2e2;
+      border: 1px solid #fecaca;
+      color: #dc2626;
+      padding: 12px 16px;
+      border-radius: 8px;
+      margin-bottom: 24px;
+      font-size: 14px;
+    }
+    .form-group {
+      margin-bottom: 20px;
+    }
+    label {
+      display: block;
+      font-size: 14px;
+      font-weight: 500;
+      color: #374151;
+      margin-bottom: 6px;
+    }
+    input {
+      width: 100%;
+      padding: 12px 16px;
+      border: 1px solid #d1d5db;
+      border-radius: 8px;
+      font-size: 16px;
+      transition: border-color 0.2s, box-shadow 0.2s;
+    }
+    input:focus {
+      outline: none;
+      border-color: #667eea;
+      box-shadow: 0 0 0 3px rgba(102, 126, 234, 0.2);
+    }
+    input::placeholder {
+      color: #9ca3af;
+    }
+    .help-text {
+      font-size: 12px;
+      color: #6b7280;
+      margin-top: 4px;
+    }
+    button {
+      width: 100%;
+      padding: 14px 24px;
+      background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
+      color: white;
+      border: none;
+      border-radius: 8px;
+      font-size: 16px;
+      font-weight: 600;
+      cursor: pointer;
+      transition: transform 0.2s, box-shadow 0.2s;
+    }
+    button:hover {
+      transform: translateY(-1px);
+      box-shadow: 0 4px 12px rgba(102, 126, 234, 0.4);
+    }
+    button:active {
+      transform: translateY(0);
+    }
+    .footer {
+      text-align: center;
+      margin-top: 24px;
+      font-size: 12px;
+      color: #9ca3af;
+    }
+    .footer a {
+      color: #667eea;
+      text-decoration: none;
+    }
+    .footer a:hover {
+      text-decoration: underline;
+    }
+  </style>
+</head>
+<body>
+  <div class="container">
+    <div class="logo">
+      <svg viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
+        <path d="M12 2L2 7L12 12L22 7L12 2Z" stroke="#667eea" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+        <path d="M2 17L12 22L22 17" stroke="#764ba2" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+        <path d="M2 12L12 17L22 12" stroke="#667eea" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+      </svg>
+    </div>
+    <h1>Connect to Productive.io</h1>
+    <p class="subtitle">Enter your Productive.io credentials to connect with Claude</p>
+    ${error ? `<div class="error">${escapeHtml(error)}</div>` : ""}
+    <form method="POST" action="/authorize">
+      <input type="hidden" name="redirectUri" value="${escapeHtml(redirectUri || "")}">
+      <input type="hidden" name="state" value="${escapeHtml(state || "")}">
+      <input type="hidden" name="codeChallenge" value="${escapeHtml(codeChallenge || "")}">
+      <input type="hidden" name="codeChallengeMethod" value="${escapeHtml(codeChallengeMethod || "S256")}">
+      <div class="form-group">
+        <label for="orgId">Organization ID *</label>
+        <input type="text" id="orgId" name="orgId" required placeholder="e.g., 12345">
+        <p class="help-text">Found in Settings → API integrations</p>
+      </div>
+      <div class="form-group">
+        <label for="apiToken">API Token *</label>
+        <input type="password" id="apiToken" name="apiToken" required placeholder="pk_...">
+        <p class="help-text">Generate at Settings → API integrations → Generate new token</p>
+      </div>
+      <div class="form-group">
+        <label for="userId">User ID (optional)</label>
+        <input type="text" id="userId" name="userId" placeholder="e.g., 67890">
+        <p class="help-text">Required for creating time entries. Found in your profile URL.</p>
+      </div>
+      <button type="submit">Connect to Productive</button>
+    </form>
+    <p class="footer">
+      Your credentials are encrypted and sent directly to Claude.<br>
+      <a href="https://developer.productive.io" target="_blank">Productive.io API Documentation</a>
+    </p>
+  </div>
+</body>
+</html>`;
+}
+function renderErrorPage(message) {
+  return `<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>Error - Productive MCP</title>
+  <style>
+    body {
+      font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
+      background: #f3f4f6;
+      min-height: 100vh;
+      display: flex;
+      align-items: center;
+      justify-content: center;
+      padding: 20px;
+    }
+    .container {
+      background: white;
+      border-radius: 16px;
+      box-shadow: 0 4px 6px rgba(0, 0, 0, 0.1);
+      padding: 40px;
+      text-align: center;
+      max-width: 400px;
+    }
+    h1 {
+      color: #dc2626;
+      margin-bottom: 16px;
+    }
+    p {
+      color: #6b7280;
+    }
+  </style>
+</head>
+<body>
+  <div class="container">
+    <h1>Error</h1>
+    <p>${escapeHtml(message)}</p>
+  </div>
+</body>
+</html>`;
+}
+function escapeHtml(str) {
+  return str.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;").replace(/'/g, "&#039;");
+}
+export {
+  authorizeGetHandler,
+  authorizePostHandler,
+  oauthMetadataHandler,
+  registerHandler,
+  tokenHandler
+};
+//# sourceMappingURL=oauth.js.map

package/dist/oauth.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"oauth.js","sources":["../src/oauth.ts"],"sourcesContent":["/**\n * OAuth 2.0 endpoints for Claude Desktop integration\n *\n * Implements OAuth 2.1 with PKCE as specified in the MCP authorization spec.\n * Uses stateless encrypted tokens - no server-side storage required.\n *\n * Spec: https://modelcontextprotocol.io/specification/2025-03-26/basic/authorization\n *\n * Flow:\n * 1. Claude redirects user to /authorize with OAuth params (including PKCE)\n * 2. User enters Productive credentials in login form\n * 3. Server encrypts credentials + PKCE challenge into authorization code\n * 4. Redirects back to Claude with the code\n * 5. Claude exchanges code for access token via /token (with code_verifier)\n * 6. Server validates PKCE and returns access token\n */\n\nimport { createHash } from 'node:crypto';\nimport {\n defineEventHandler,\n getQuery,\n readBody,\n sendRedirect,\n setResponseHeader,\n type H3Event,\n} from 'h3';\nimport { createAuthCode, decodeAuthCode } from './crypto.js';\nimport { createAuthToken } from './auth.js';\n\n/**\n * OAuth metadata for discovery (RFC 8414)\n * GET /.well-known/oauth-authorization-server\n *\n * MCP clients MUST check this endpoint first for server capabilities.\n */\nexport const oauthMetadataHandler = defineEventHandler((event: H3Event) => {\n const host = event.node.req.headers.host || 'localhost:3000';\n const protocol = event.node.req.headers['x-forwarded-proto'] || 'http';\n const baseUrl = `${protocol}://${host}`;\n\n setResponseHeader(event, 'Content-Type', 'application/json');\n setResponseHeader(event, 'Cache-Control', 'public, max-age=3600');\n\n return {\n // Required fields per RFC 8414\n issuer: baseUrl,\n authorization_endpoint: `${baseUrl}/authorize`,\n token_endpoint: `${baseUrl}/token`,\n response_types_supported: ['code'],\n\n // OAuth 2.1 / MCP requirements\n grant_types_supported: ['authorization_code', 'refresh_token'],\n code_challenge_methods_supported: ['S256'],\n token_endpoint_auth_methods_supported: ['none'], // Public client\n\n // Optional but useful\n registration_endpoint: `${baseUrl}/register`,\n scopes_supported: ['productive'],\n service_documentation: 'https://github.com/studiometa/productive-tools',\n };\n});\n\n/**\n * Dynamic Client Registration endpoint (RFC 7591)\n * POST /register\n *\n * MCP servers SHOULD support DCR to allow clients to register automatically.\n * Since we use stateless tokens, we accept any registration and return\n * a generated client_id.\n */\nexport const registerHandler = defineEventHandler(async (event: H3Event) => {\n setResponseHeader(event, 'Content-Type', 'application/json');\n\n let body: Record<string, unknown>;\n try {\n body = await readBody(event);\n } catch {\n event.node.res.statusCode = 400;\n return {\n error: 'invalid_request',\n error_description: 'Invalid JSON body',\n };\n }\n\n // Extract client metadata\n const clientName = (body.client_name as string) || 'MCP Client';\n const redirectUris = (body.redirect_uris as string[]) || [];\n\n // Generate a client_id based on the registration\n // Since we're stateless, we encode minimal info in the client_id\n const clientId = Buffer.from(\n JSON.stringify({\n name: clientName,\n ts: Date.now(),\n })\n ).toString('base64url');\n\n event.node.res.statusCode = 201;\n return {\n client_id: clientId,\n client_name: clientName,\n redirect_uris: redirectUris,\n token_endpoint_auth_method: 'none',\n grant_types: ['authorization_code', 'refresh_token'],\n response_types: ['code'],\n };\n});\n\n/**\n * Authorization endpoint - shows login form\n * GET /authorize\n */\nexport const authorizeGetHandler = defineEventHandler((event: H3Event) => {\n const query = getQuery(event);\n\n // Extract OAuth parameters\n const clientId = query.client_id as string;\n const redirectUri = query.redirect_uri as string;\n const state = query.state as string;\n const codeChallenge = query.code_challenge as string;\n const codeChallengeMethod = query.code_challenge_method as string;\n const scope = query.scope as string;\n\n // Validate required parameters per OAuth 2.1\n if (!redirectUri) {\n setResponseHeader(event, 'Content-Type', 'text/html; charset=utf-8');\n event.node.res.statusCode = 400;\n return renderErrorPage('Missing required parameter: redirect_uri');\n }\n\n // PKCE is REQUIRED for public clients per MCP spec\n if (!codeChallenge) {\n // Redirect back with error per OAuth spec\n const errorUrl = new URL(redirectUri);\n errorUrl.searchParams.set('error', 'invalid_request');\n errorUrl.searchParams.set('error_description', 'code_challenge is required');\n if (state) errorUrl.searchParams.set('state', state);\n return sendRedirect(event, errorUrl.toString());\n }\n\n if (codeChallengeMethod && codeChallengeMethod !== 'S256') {\n const errorUrl = new URL(redirectUri);\n errorUrl.searchParams.set('error', 'invalid_request');\n errorUrl.searchParams.set('error_description', 'Only S256 code_challenge_method is supported');\n if (state) errorUrl.searchParams.set('state', state);\n return sendRedirect(event, errorUrl.toString());\n }\n\n setResponseHeader(event, 'Content-Type', 'text/html; charset=utf-8');\n\n // Render login form\n return renderLoginForm({\n clientId,\n redirectUri,\n state,\n codeChallenge,\n codeChallengeMethod: codeChallengeMethod || 'S256',\n scope,\n });\n});\n\n/**\n * Authorization endpoint - process login\n * POST /authorize\n */\nexport const authorizePostHandler = defineEventHandler(async (event: H3Event) => {\n const body = await readBody(event);\n\n const {\n orgId,\n apiToken,\n userId,\n redirectUri,\n state,\n codeChallenge,\n codeChallengeMethod,\n } = body;\n\n // Validate redirect URI first (security requirement)\n if (!redirectUri) {\n setResponseHeader(event, 'Content-Type', 'text/html; charset=utf-8');\n event.node.res.statusCode = 400;\n return renderErrorPage('Missing redirect_uri parameter');\n }\n\n // Validate redirect URI format (must be HTTPS or localhost)\n try {\n const uri = new URL(redirectUri);\n const isLocalhost = uri.hostname === 'localhost' || uri.hostname === '127.0.0.1';\n const isHttps = uri.protocol === 'https:';\n if (!isLocalhost && !isHttps) {\n event.node.res.statusCode = 400;\n return renderErrorPage('redirect_uri must be HTTPS or localhost');\n }\n } catch {\n event.node.res.statusCode = 400;\n return renderErrorPage('Invalid redirect_uri format');\n }\n\n // Validate required credentials\n if (!orgId || !apiToken) {\n setResponseHeader(event, 'Content-Type', 'text/html; charset=utf-8');\n return renderLoginForm({\n redirectUri,\n state,\n codeChallenge,\n codeChallengeMethod,\n error: 'Organization ID and API Token are required',\n });\n }\n\n // Create encrypted authorization code with PKCE challenge\n const code = createAuthCode({\n orgId,\n apiToken,\n userId: userId || undefined,\n codeChallenge,\n codeChallengeMethod: codeChallengeMethod || 'S256',\n });\n\n // Build redirect URL with authorization code\n const redirectUrl = new URL(redirectUri);\n redirectUrl.searchParams.set('code', code);\n if (state) {\n redirectUrl.searchParams.set('state', state);\n }\n\n // Redirect back to Claude\n return sendRedirect(event, redirectUrl.toString());\n});\n\n/**\n * Token endpoint - exchange code for access token\n * POST /token\n *\n * Supports:\n * - authorization_code grant (with PKCE validation)\n * - refresh_token grant\n */\nexport const tokenHandler = defineEventHandler(async (event: H3Event) => {\n setResponseHeader(event, 'Content-Type', 'application/json');\n\n let body: Record<string, string>;\n const contentType = event.node.req.headers['content-type'] || '';\n\n if (contentType.includes('application/x-www-form-urlencoded')) {\n const rawBody = await readBody(event);\n if (typeof rawBody === 'string') {\n body = Object.fromEntries(new URLSearchParams(rawBody));\n } else {\n body = rawBody;\n }\n } else {\n body = await readBody(event);\n }\n\n const { grant_type, code, code_verifier, refresh_token } = body;\n\n // Handle refresh token grant\n if (grant_type === 'refresh_token') {\n return handleRefreshToken(event, refresh_token);\n }\n\n // Validate authorization code grant\n if (grant_type !== 'authorization_code') {\n event.node.res.statusCode = 400;\n return {\n error: 'unsupported_grant_type',\n error_description: 'Supported grant types: authorization_code, refresh_token',\n };\n }\n\n if (!code) {\n event.node.res.statusCode = 400;\n return {\n error: 'invalid_request',\n error_description: 'Missing authorization code',\n };\n }\n\n if (!code_verifier) {\n event.node.res.statusCode = 400;\n return {\n error: 'invalid_request',\n error_description: 'Missing code_verifier (PKCE required)',\n };\n }\n\n try {\n // Decode the authorization code\n const payload = decodeAuthCode(code);\n\n // Validate PKCE: SHA256(code_verifier) must equal code_challenge\n if (payload.codeChallenge) {\n const expectedChallenge = createS256Challenge(code_verifier);\n if (expectedChallenge !== payload.codeChallenge) {\n event.node.res.statusCode = 400;\n return {\n error: 'invalid_grant',\n error_description: 'Invalid code_verifier',\n };\n }\n }\n\n // Create access token (base64 encoded credentials)\n const accessToken = createAuthToken({\n organizationId: payload.orgId,\n apiToken: payload.apiToken,\n userId: payload.userId,\n });\n\n // Create refresh token (encrypted credentials, longer expiry)\n const refreshToken = createAuthCode(\n {\n orgId: payload.orgId,\n apiToken: payload.apiToken,\n userId: payload.userId,\n },\n 86400 * 30 // 30 days\n );\n\n return {\n access_token: accessToken,\n token_type: 'Bearer',\n expires_in: 3600, // 1 hour (access tokens should be short-lived)\n refresh_token: refreshToken,\n };\n } catch (error) {\n event.node.res.statusCode = 400;\n return {\n error: 'invalid_grant',\n error_description: error instanceof Error ? error.message : 'Invalid authorization code',\n };\n }\n});\n\n/**\n * Handle refresh token grant\n */\nfunction handleRefreshToken(event: H3Event, refreshToken: string | undefined) {\n if (!refreshToken) {\n event.node.res.statusCode = 400;\n return {\n error: 'invalid_request',\n error_description: 'Missing refresh_token',\n };\n }\n\n try {\n // Decode refresh token (it's just an encrypted auth code with longer expiry)\n const payload = decodeAuthCode(refreshToken);\n\n // Create new access token\n const accessToken = createAuthToken({\n organizationId: payload.orgId,\n apiToken: payload.apiToken,\n userId: payload.userId,\n });\n\n // Create new refresh token (rotate for security)\n const newRefreshToken = createAuthCode(\n {\n orgId: payload.orgId,\n apiToken: payload.apiToken,\n userId: payload.userId,\n },\n 86400 * 30 // 30 days\n );\n\n return {\n access_token: accessToken,\n token_type: 'Bearer',\n expires_in: 3600,\n refresh_token: newRefreshToken,\n };\n } catch (error) {\n event.node.res.statusCode = 400;\n return {\n error: 'invalid_grant',\n error_description: error instanceof Error ? error.message : 'Invalid refresh token',\n };\n }\n}\n\n/**\n * Create S256 PKCE challenge from verifier\n * SHA256(code_verifier) encoded as base64url\n */\nfunction createS256Challenge(codeVerifier: string): string {\n return createHash('sha256').update(codeVerifier).digest('base64url');\n}\n\n/**\n * Render the login form HTML\n */\nfunction renderLoginForm(params: {\n clientId?: string;\n redirectUri?: string;\n state?: string;\n codeChallenge?: string;\n codeChallengeMethod?: string;\n scope?: string;\n error?: string;\n}): string {\n const { redirectUri, state, codeChallenge, codeChallengeMethod, error } = params;\n\n return `<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n <meta charset=\"UTF-8\">\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\n <title>Connect to Productive.io</title>\n <style>\n * {\n box-sizing: border-box;\n margin: 0;\n padding: 0;\n }\n body {\n font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;\n background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);\n min-height: 100vh;\n display: flex;\n align-items: center;\n justify-content: center;\n padding: 20px;\n }\n .container {\n background: white;\n border-radius: 16px;\n box-shadow: 0 20px 60px rgba(0, 0, 0, 0.3);\n padding: 40px;\n width: 100%;\n max-width: 420px;\n }\n .logo {\n text-align: center;\n margin-bottom: 24px;\n }\n .logo svg {\n width: 48px;\n height: 48px;\n }\n h1 {\n text-align: center;\n color: #1a1a2e;\n font-size: 24px;\n margin-bottom: 8px;\n }\n .subtitle {\n text-align: center;\n color: #666;\n font-size: 14px;\n margin-bottom: 32px;\n }\n .error {\n background: #fee2e2;\n border: 1px solid #fecaca;\n color: #dc2626;\n padding: 12px 16px;\n border-radius: 8px;\n margin-bottom: 24px;\n font-size: 14px;\n }\n .form-group {\n margin-bottom: 20px;\n }\n label {\n display: block;\n font-size: 14px;\n font-weight: 500;\n color: #374151;\n margin-bottom: 6px;\n }\n input {\n width: 100%;\n padding: 12px 16px;\n border: 1px solid #d1d5db;\n border-radius: 8px;\n font-size: 16px;\n transition: border-color 0.2s, box-shadow 0.2s;\n }\n input:focus {\n outline: none;\n border-color: #667eea;\n box-shadow: 0 0 0 3px rgba(102, 126, 234, 0.2);\n }\n input::placeholder {\n color: #9ca3af;\n }\n .help-text {\n font-size: 12px;\n color: #6b7280;\n margin-top: 4px;\n }\n button {\n width: 100%;\n padding: 14px 24px;\n background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);\n color: white;\n border: none;\n border-radius: 8px;\n font-size: 16px;\n font-weight: 600;\n cursor: pointer;\n transition: transform 0.2s, box-shadow 0.2s;\n }\n button:hover {\n transform: translateY(-1px);\n box-shadow: 0 4px 12px rgba(102, 126, 234, 0.4);\n }\n button:active {\n transform: translateY(0);\n }\n .footer {\n text-align: center;\n margin-top: 24px;\n font-size: 12px;\n color: #9ca3af;\n }\n .footer a {\n color: #667eea;\n text-decoration: none;\n }\n .footer a:hover {\n text-decoration: underline;\n }\n </style>\n</head>\n<body>\n <div class=\"container\">\n <div class=\"logo\">\n <svg viewBox=\"0 0 24 24\" fill=\"none\" xmlns=\"http://www.w3.org/2000/svg\">\n <path d=\"M12 2L2 7L12 12L22 7L12 2Z\" stroke=\"#667eea\" stroke-width=\"2\" stroke-linecap=\"round\" stroke-linejoin=\"round\"/>\n <path d=\"M2 17L12 22L22 17\" stroke=\"#764ba2\" stroke-width=\"2\" stroke-linecap=\"round\" stroke-linejoin=\"round\"/>\n <path d=\"M2 12L12 17L22 12\" stroke=\"#667eea\" stroke-width=\"2\" stroke-linecap=\"round\" stroke-linejoin=\"round\"/>\n </svg>\n </div>\n <h1>Connect to Productive.io</h1>\n <p class=\"subtitle\">Enter your Productive.io credentials to connect with Claude</p>\n \n ${error ? `<div class=\"error\">${escapeHtml(error)}</div>` : ''}\n \n <form method=\"POST\" action=\"/authorize\">\n <input type=\"hidden\" name=\"redirectUri\" value=\"${escapeHtml(redirectUri || '')}\">\n <input type=\"hidden\" name=\"state\" value=\"${escapeHtml(state || '')}\">\n <input type=\"hidden\" name=\"codeChallenge\" value=\"${escapeHtml(codeChallenge || '')}\">\n <input type=\"hidden\" name=\"codeChallengeMethod\" value=\"${escapeHtml(codeChallengeMethod || 'S256')}\">\n \n <div class=\"form-group\">\n <label for=\"orgId\">Organization ID *</label>\n <input type=\"text\" id=\"orgId\" name=\"orgId\" required placeholder=\"e.g., 12345\">\n <p class=\"help-text\">Found in Settings → API integrations</p>\n </div>\n \n <div class=\"form-group\">\n <label for=\"apiToken\">API Token *</label>\n <input type=\"password\" id=\"apiToken\" name=\"apiToken\" required placeholder=\"pk_...\">\n <p class=\"help-text\">Generate at Settings → API integrations → Generate new token</p>\n </div>\n \n <div class=\"form-group\">\n <label for=\"userId\">User ID (optional)</label>\n <input type=\"text\" id=\"userId\" name=\"userId\" placeholder=\"e.g., 67890\">\n <p class=\"help-text\">Required for creating time entries. Found in your profile URL.</p>\n </div>\n \n <button type=\"submit\">Connect to Productive</button>\n </form>\n \n <p class=\"footer\">\n Your credentials are encrypted and sent directly to Claude.<br>\n <a href=\"https://developer.productive.io\" target=\"_blank\">Productive.io API Documentation</a>\n </p>\n </div>\n</body>\n</html>`;\n}\n\n/**\n * Render error page\n */\nfunction renderErrorPage(message: string): string {\n return `<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n <meta charset=\"UTF-8\">\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\n <title>Error - Productive MCP</title>\n <style>\n body {\n font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;\n background: #f3f4f6;\n min-height: 100vh;\n display: flex;\n align-items: center;\n justify-content: center;\n padding: 20px;\n }\n .container {\n background: white;\n border-radius: 16px;\n box-shadow: 0 4px 6px rgba(0, 0, 0, 0.1);\n padding: 40px;\n text-align: center;\n max-width: 400px;\n }\n h1 {\n color: #dc2626;\n margin-bottom: 16px;\n }\n p {\n color: #6b7280;\n }\n </style>\n</head>\n<body>\n <div class=\"container\">\n <h1>Error</h1>\n <p>${escapeHtml(message)}</p>\n </div>\n</body>\n</html>`;\n}\n\n/**\n * Escape HTML special characters\n */\nfunction escapeHtml(str: string): string {\n return str\n .replace(/&/g, '&')\n .replace(/</g, '<')\n .replace(/>/g, '>')\n .replace(/\"/g, '"')\n .replace(/'/g, ''');\n}\n"],"names":[],"mappings":";;;;AAmCO,MAAM,uBAAuB,mBAAmB,CAAC,UAAmB;AACzE,QAAM,OAAO,MAAM,KAAK,IAAI,QAAQ,QAAQ;AAC5C,QAAM,WAAW,MAAM,KAAK,IAAI,QAAQ,mBAAmB,KAAK;AAChE,QAAM,UAAU,GAAG,QAAQ,MAAM,IAAI;AAErC,oBAAkB,OAAO,gBAAgB,kBAAkB;AAC3D,oBAAkB,OAAO,iBAAiB,sBAAsB;AAEhE,SAAO;AAAA;AAAA,IAEL,QAAQ;AAAA,IACR,wBAAwB,GAAG,OAAO;AAAA,IAClC,gBAAgB,GAAG,OAAO;AAAA,IAC1B,0BAA0B,CAAC,MAAM;AAAA;AAAA,IAGjC,uBAAuB,CAAC,sBAAsB,eAAe;AAAA,IAC7D,kCAAkC,CAAC,MAAM;AAAA,IACzC,uCAAuC,CAAC,MAAM;AAAA;AAAA;AAAA,IAG9C,uBAAuB,GAAG,OAAO;AAAA,IACjC,kBAAkB,CAAC,YAAY;AAAA,IAC/B,uBAAuB;AAAA,EAAA;AAE3B,CAAC;AAUM,MAAM,kBAAkB,mBAAmB,OAAO,UAAmB;AAC1E,oBAAkB,OAAO,gBAAgB,kBAAkB;AAE3D,MAAI;AACJ,MAAI;AACF,WAAO,MAAM,SAAS,KAAK;AAAA,EAC7B,QAAQ;AACN,UAAM,KAAK,IAAI,aAAa;AAC5B,WAAO;AAAA,MACL,OAAO;AAAA,MACP,mBAAmB;AAAA,IAAA;AAAA,EAEvB;AAGA,QAAM,aAAc,KAAK,eAA0B;AACnD,QAAM,eAAgB,KAAK,iBAA8B,CAAA;AAIzD,QAAM,WAAW,OAAO;AAAA,IACtB,KAAK,UAAU;AAAA,MACb,MAAM;AAAA,MACN,IAAI,KAAK,IAAA;AAAA,IAAI,CACd;AAAA,EAAA,EACD,SAAS,WAAW;AAEtB,QAAM,KAAK,IAAI,aAAa;AAC5B,SAAO;AAAA,IACL,WAAW;AAAA,IACX,aAAa;AAAA,IACb,eAAe;AAAA,IACf,4BAA4B;AAAA,IAC5B,aAAa,CAAC,sBAAsB,eAAe;AAAA,IACnD,gBAAgB,CAAC,MAAM;AAAA,EAAA;AAE3B,CAAC;AAMM,MAAM,sBAAsB,mBAAmB,CAAC,UAAmB;AACxE,QAAM,QAAQ,SAAS,KAAK;AAGX,QAAM;AACvB,QAAM,cAAc,MAAM;AAC1B,QAAM,QAAQ,MAAM;AACpB,QAAM,gBAAgB,MAAM;AAC5B,QAAM,sBAAsB,MAAM;AACpB,QAAM;AAGpB,MAAI,CAAC,aAAa;AAChB,sBAAkB,OAAO,gBAAgB,0BAA0B;AACnE,UAAM,KAAK,IAAI,aAAa;AAC5B,WAAO,gBAAgB,0CAA0C;AAAA,EACnE;AAGA,MAAI,CAAC,eAAe;AAElB,UAAM,WAAW,IAAI,IAAI,WAAW;AACpC,aAAS,aAAa,IAAI,SAAS,iBAAiB;AACpD,aAAS,aAAa,IAAI,qBAAqB,4BAA4B;AAC3E,QAAI,MAAO,UAAS,aAAa,IAAI,SAAS,KAAK;AACnD,WAAO,aAAa,OAAO,SAAS,SAAA,CAAU;AAAA,EAChD;AAEA,MAAI,uBAAuB,wBAAwB,QAAQ;AACzD,UAAM,WAAW,IAAI,IAAI,WAAW;AACpC,aAAS,aAAa,IAAI,SAAS,iBAAiB;AACpD,aAAS,aAAa,IAAI,qBAAqB,8CAA8C;AAC7F,QAAI,MAAO,UAAS,aAAa,IAAI,SAAS,KAAK;AACnD,WAAO,aAAa,OAAO,SAAS,SAAA,CAAU;AAAA,EAChD;AAEA,oBAAkB,OAAO,gBAAgB,0BAA0B;AAGnE,SAAO,gBAAgB;AAAA,IAErB;AAAA,IACA;AAAA,IACA;AAAA,IACA,qBAAqB,uBAAuB;AAAA,EAE9C,CAAC;AACH,CAAC;AAMM,MAAM,uBAAuB,mBAAmB,OAAO,UAAmB;AAC/E,QAAM,OAAO,MAAM,SAAS,KAAK;AAEjC,QAAM;AAAA,IACJ;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EAAA,IACE;AAGJ,MAAI,CAAC,aAAa;AAChB,sBAAkB,OAAO,gBAAgB,0BAA0B;AACnE,UAAM,KAAK,IAAI,aAAa;AAC5B,WAAO,gBAAgB,gCAAgC;AAAA,EACzD;AAGA,MAAI;AACF,UAAM,MAAM,IAAI,IAAI,WAAW;AAC/B,UAAM,cAAc,IAAI,aAAa,eAAe,IAAI,aAAa;AACrE,UAAM,UAAU,IAAI,aAAa;AACjC,QAAI,CAAC,eAAe,CAAC,SAAS;AAC5B,YAAM,KAAK,IAAI,aAAa;AAC5B,aAAO,gBAAgB,yCAAyC;AAAA,IAClE;AAAA,EACF,QAAQ;AACN,UAAM,KAAK,IAAI,aAAa;AAC5B,WAAO,gBAAgB,6BAA6B;AAAA,EACtD;AAGA,MAAI,CAAC,SAAS,CAAC,UAAU;AACvB,sBAAkB,OAAO,gBAAgB,0BAA0B;AACnE,WAAO,gBAAgB;AAAA,MACrB;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA,OAAO;AAAA,IAAA,CACR;AAAA,EACH;AAGA,QAAM,OAAO,eAAe;AAAA,IAC1B;AAAA,IACA;AAAA,IACA,QAAQ,UAAU;AAAA,IAClB;AAAA,IACA,qBAAqB,uBAAuB;AAAA,EAAA,CAC7C;AAGD,QAAM,cAAc,IAAI,IAAI,WAAW;AACvC,cAAY,aAAa,IAAI,QAAQ,IAAI;AACzC,MAAI,OAAO;AACT,gBAAY,aAAa,IAAI,SAAS,KAAK;AAAA,EAC7C;AAGA,SAAO,aAAa,OAAO,YAAY,SAAA,CAAU;AACnD,CAAC;AAUM,MAAM,eAAe,mBAAmB,OAAO,UAAmB;AACvE,oBAAkB,OAAO,gBAAgB,kBAAkB;AAE3D,MAAI;AACJ,QAAM,cAAc,MAAM,KAAK,IAAI,QAAQ,cAAc,KAAK;AAE9D,MAAI,YAAY,SAAS,mCAAmC,GAAG;AAC7D,UAAM,UAAU,MAAM,SAAS,KAAK;AACpC,QAAI,OAAO,YAAY,UAAU;AAC/B,aAAO,OAAO,YAAY,IAAI,gBAAgB,OAAO,CAAC;AAAA,IACxD,OAAO;AACL,aAAO;AAAA,IACT;AAAA,EACF,OAAO;AACL,WAAO,MAAM,SAAS,KAAK;AAAA,EAC7B;AAEA,QAAM,EAAE,YAAY,MAAM,eAAe,kBAAkB;AAG3D,MAAI,eAAe,iBAAiB;AAClC,WAAO,mBAAmB,OAAO,aAAa;AAAA,EAChD;AAGA,MAAI,eAAe,sBAAsB;AACvC,UAAM,KAAK,IAAI,aAAa;AAC5B,WAAO;AAAA,MACL,OAAO;AAAA,MACP,mBAAmB;AAAA,IAAA;AAAA,EAEvB;AAEA,MAAI,CAAC,MAAM;AACT,UAAM,KAAK,IAAI,aAAa;AAC5B,WAAO;AAAA,MACL,OAAO;AAAA,MACP,mBAAmB;AAAA,IAAA;AAAA,EAEvB;AAEA,MAAI,CAAC,eAAe;AAClB,UAAM,KAAK,IAAI,aAAa;AAC5B,WAAO;AAAA,MACL,OAAO;AAAA,MACP,mBAAmB;AAAA,IAAA;AAAA,EAEvB;AAEA,MAAI;AAEF,UAAM,UAAU,eAAe,IAAI;AAGnC,QAAI,QAAQ,eAAe;AACzB,YAAM,oBAAoB,oBAAoB,aAAa;AAC3D,UAAI,sBAAsB,QAAQ,eAAe;AAC/C,cAAM,KAAK,IAAI,aAAa;AAC5B,eAAO;AAAA,UACL,OAAO;AAAA,UACP,mBAAmB;AAAA,QAAA;AAAA,MAEvB;AAAA,IACF;AAGA,UAAM,cAAc,gBAAgB;AAAA,MAClC,gBAAgB,QAAQ;AAAA,MACxB,UAAU,QAAQ;AAAA,MAClB,QAAQ,QAAQ;AAAA,IAAA,CACjB;AAGD,UAAM,eAAe;AAAA,MACnB;AAAA,QACE,OAAO,QAAQ;AAAA,QACf,UAAU,QAAQ;AAAA,QAClB,QAAQ,QAAQ;AAAA,MAAA;AAAA,MAElB,QAAQ;AAAA;AAAA,IAAA;AAGV,WAAO;AAAA,MACL,cAAc;AAAA,MACd,YAAY;AAAA,MACZ,YAAY;AAAA;AAAA,MACZ,eAAe;AAAA,IAAA;AAAA,EAEnB,SAAS,OAAO;AACd,UAAM,KAAK,IAAI,aAAa;AAC5B,WAAO;AAAA,MACL,OAAO;AAAA,MACP,mBAAmB,iBAAiB,QAAQ,MAAM,UAAU;AAAA,IAAA;AAAA,EAEhE;AACF,CAAC;AAKD,SAAS,mBAAmB,OAAgB,cAAkC;AAC5E,MAAI,CAAC,cAAc;AACjB,UAAM,KAAK,IAAI,aAAa;AAC5B,WAAO;AAAA,MACL,OAAO;AAAA,MACP,mBAAmB;AAAA,IAAA;AAAA,EAEvB;AAEA,MAAI;AAEF,UAAM,UAAU,eAAe,YAAY;AAG3C,UAAM,cAAc,gBAAgB;AAAA,MAClC,gBAAgB,QAAQ;AAAA,MACxB,UAAU,QAAQ;AAAA,MAClB,QAAQ,QAAQ;AAAA,IAAA,CACjB;AAGD,UAAM,kBAAkB;AAAA,MACtB;AAAA,QACE,OAAO,QAAQ;AAAA,QACf,UAAU,QAAQ;AAAA,QAClB,QAAQ,QAAQ;AAAA,MAAA;AAAA,MAElB,QAAQ;AAAA;AAAA,IAAA;AAGV,WAAO;AAAA,MACL,cAAc;AAAA,MACd,YAAY;AAAA,MACZ,YAAY;AAAA,MACZ,eAAe;AAAA,IAAA;AAAA,EAEnB,SAAS,OAAO;AACd,UAAM,KAAK,IAAI,aAAa;AAC5B,WAAO;AAAA,MACL,OAAO;AAAA,MACP,mBAAmB,iBAAiB,QAAQ,MAAM,UAAU;AAAA,IAAA;AAAA,EAEhE;AACF;AAMA,SAAS,oBAAoB,cAA8B;AACzD,SAAO,WAAW,QAAQ,EAAE,OAAO,YAAY,EAAE,OAAO,WAAW;AACrE;AAKA,SAAS,gBAAgB,QAQd;AACT,QAAM,EAAE,aAAa,OAAO,eAAe,qBAAqB,UAAU;AAE1E,SAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,MAuIH,QAAQ,sBAAsB,WAAW,KAAK,CAAC,WAAW,EAAE;AAAA;AAAA;AAAA,uDAGX,WAAW,eAAe,EAAE,CAAC;AAAA,iDACnC,WAAW,SAAS,EAAE,CAAC;AAAA,yDACf,WAAW,iBAAiB,EAAE,CAAC;AAAA,+DACzB,WAAW,uBAAuB,MAAM,CAAC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AA8BxG;AAKA,SAAS,gBAAgB,SAAyB;AAChD,SAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,SAoCA,WAAW,OAAO,CAAC;AAAA;AAAA;AAAA;AAI5B;AAKA,SAAS,WAAW,KAAqB;AACvC,SAAO,IACJ,QAAQ,MAAM,OAAO,EACrB,QAAQ,MAAM,MAAM,EACpB,QAAQ,MAAM,MAAM,EACpB,QAAQ,MAAM,QAAQ,EACtB,QAAQ,MAAM,QAAQ;AAC3B;"}

package/dist/server.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":";AAEA;;;;;;;;;;;;;;;;;;;GAmBG;AAEH,OAAO,EAAgB,KAAK,MAAM,EAAE,MAAM,WAAW,CAAC;~~AAOtD~~;;GAEG;AACH,wBAAgB,eAAe,CAC7B,IAAI,GAAE,MAAqB,EAC3B,IAAI,GAAE,MAAqB,GAC1B,OAAO,CAAC,MAAM,CAAC,~~CAsBjB~~"}
1	+ {"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":";AAEA;;;;;;;;;;;;;;;;;;;GAmBG;AAEH,OAAO,EAAgB,KAAK,MAAM,EAAE,MAAM,WAAW,CAAC;AAQtD;;GAEG;AACH,wBAAgB,eAAe,CAC7B,IAAI,GAAE,MAAqB,EAC3B,IAAI,GAAE,MAAqB,GAC1B,OAAO,CAAC,MAAM,CAAC,CAmCjB"}

package/dist/server.js CHANGED Viewed

@@ -2,6 +2,7 @@
 import { createServer } from "node:http";
 import { toNodeListener } from "h3";
 import { createHttpApp } from "./http.js";
+import { V as VERSION } from "./version-3wN4XBZL.js";
 const DEFAULT_PORT = 3e3;
 const DEFAULT_HOST = "0.0.0.0";
 function startHttpServer(port = DEFAULT_PORT, host = DEFAULT_HOST) {
@@ -10,18 +11,31 @@ function startHttpServer(port = DEFAULT_PORT, host = DEFAULT_HOST) {
     const server = createServer(toNodeListener(app));
     server.listen(port, host, () => {
       const displayHost = host === "0.0.0.0" ? "localhost" : host;
-      console.log(`Productive MCP server running at http://${displayHost}:${port}`);
+      console.log(`Productive MCP server v${VERSION}`);
+      console.log(`Node.js ${process.version}`);
+      console.log("");
+      console.log(`Running at http://${displayHost}:${port}`);
       console.log("");
       console.log("Endpoints:");
       console.log(`  POST http://${displayHost}:${port}/mcp - MCP JSON-RPC endpoint`);
       console.log(`  GET  http://${displayHost}:${port}/health - Health check`);
       console.log("");
+      console.log("OAuth 2.0 (MCP auth spec compliant):");
+      console.log(`  GET  http://${displayHost}:${port}/.well-known/oauth-authorization-server`);
+      console.log(`  POST http://${displayHost}:${port}/register - Dynamic Client Registration`);
+      console.log(`  GET  http://${displayHost}:${port}/authorize - Authorization endpoint`);
+      console.log(`  POST http://${displayHost}:${port}/token - Token endpoint`);
+      console.log("");
       console.log("Authentication:");
-      console.log("  Pass Bearer token in Authorization header");
-      console.log("  Token format: base64(organizationId:apiToken:userId)");
+      console.log("  Option 1: OAuth flow (Claude Desktop will handle this automatically)");
+      console.log("  Option 2: Bearer token in Authorization header");
+      console.log("            Token format: base64(organizationId:apiToken:userId)");
       console.log("");
-      console.log("Generate token:");
-      console.log('  echo -n "ORG_ID:API_TOKEN:USER_ID" | base64');
+      if (!process.env.OAUTH_SECRET) {
+        console.log("⚠️  WARNING: OAUTH_SECRET not set. Set it in production!");
+        console.log('   export OAUTH_SECRET="your-random-secret-here"');
+        console.log("");
+      }
       resolve(server);
     });
   });

package/dist/server.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"server.js","sources":["../src/server.ts"],"sourcesContent":["#!/usr/bin/env node\n\n/*\n Productive MCP Server - HTTP Transport\n \n This is the remote HTTP server mode for Claude Desktop custom connectors.\n * Credentials are passed via Bearer token in the Authorization header.\n \n Token format: base64(organizationId:apiToken) or base64(organizationId:apiToken:userId)\n \n Generate your token:\n * echo -n \"YOUR_ORG_ID:YOUR_API_TOKEN:YOUR_USER_ID\" \| base64\n \n Usage:\n * productive-mcp-server\n * PORT=3000 productive-mcp-server\n \n Claude Desktop custom connector config:\n * Name: Productive\n * URL: https://productive.mcp.ikko.dev\n * (No OAuth needed - uses Bearer token)\n /\n\nimport { createServer, type Server } from 'node:http';\nimport { toNodeListener } from 'h3';\nimport { createHttpApp } from './http.js';\n\nconst DEFAULT_PORT = 3000;\nconst DEFAULT_HOST = '0.0.0.0';\n\n/\n Start the HTTP server\n */\nexport function startHttpServer(\n port: number = DEFAULT_PORT,\n host: string = DEFAULT_HOST\n): Promise<Server> {\n return new Promise((resolve) => {\n const app = createHttpApp();\n const server = createServer(toNodeListener(app));\n\n server.listen(port, host, () => {\n const displayHost = host === '0.0.0.0' ? 'localhost' : host;\n console.log(`Productive MCP server ~~running~~ at http://${displayHost}:${port}`);\n console.log('');\n console.log('Endpoints:');\n console.log(` POST http://${displayHost}:${port}/mcp - MCP JSON-RPC endpoint`);\n console.log(` GET http://${displayHost}:${port}/health - Health check`);\n console.log('');\n console.log('Authentication:');\n console.log(' ~~Pass~~ Bearer token in Authorization header');\n console.log(' Token format: base64(organizationId:apiToken:userId)');\n console.log('');\n console.log('~~Generate~~ ~~token:~~');\n console.log(' ~~echo~~ -n \"~~ORG_ID:API_TOKEN:USER_ID\" \| base64~~');\n resolve(server);\n });\n });\n}\n\n// Start server when run directly\nconst isMainModule =\n import.meta.url === `file://${process.argv[1]}` \|\|\n process.argv[1]?.endsWith('/productive-mcp-server') \|\|\n process.argv[1]?.endsWith('\\\\productive-mcp-server');\n\nif (isMainModule) {\n const port = Number.parseInt(process.env.PORT \|\| String(DEFAULT_PORT), 10);\n const host = process.env.HOST \|\| DEFAULT_HOST;\n\n startHttpServer(port, host).catch((error) => {\n console.error('Fatal error:', error);\n process.exit(1);\n });\n}\n"],"names":[],"mappings":"~~;;;;AA2BA~~,MAAM,eAAe;AACrB,MAAM,eAAe;AAKd,SAAS,gBACd,OAAe,cACf,OAAe,cACE;AACjB,SAAO,IAAI,QAAQ,CAAC,YAAY;AAC9B,UAAM,MAAM,cAAA;AACZ,UAAM,SAAS,aAAa,eAAe,GAAG,CAAC;AAE/C,WAAO,OAAO,MAAM,MAAM,MAAM;AAC9B,YAAM,cAAc,SAAS,YAAY,cAAc;AACvD,cAAQ,IAAI,~~2CAA2C~~,WAAW,IAAI,IAAI,EAAE;~~AAC5E~~,cAAQ,IAAI,EAAE;AACd,cAAQ,IAAI,YAAY;AACxB,cAAQ,IAAI,iBAAiB,WAAW,IAAI,IAAI,8BAA8B;AAC9E,cAAQ,IAAI,iBAAiB,WAAW,IAAI,IAAI,wBAAwB;AACxE,cAAQ,IAAI,EAAE;AACd,cAAQ,IAAI,iBAAiB;~~AAC7B~~,cAAQ,IAAI,~~6CAA6C~~;~~AACzD~~,cAAQ,IAAI,~~wDAAwD~~;~~AACpE~~,cAAQ,IAAI,EAAE;AACd,cAAQ,IAAI,iBAAiB;AAC7B,cAAQ,IAAI~~,+CAA+C~~;~~AAC3D~~,cAAQ,MAAM;AAAA,IAChB,CAAC;AAAA,EACH,CAAC;AACH;AAGA,MAAM,eACJ,YAAY,QAAQ,UAAU,QAAQ,KAAK,CAAC,CAAC,MAC7C,QAAQ,KAAK,CAAC,GAAG,SAAS,wBAAwB,KAClD,QAAQ,KAAK,CAAC,GAAG,SAAS,yBAAyB;AAErD,IAAI,cAAc;AAChB,QAAM,OAAO,OAAO,SAAS,QAAQ,IAAI,QAAQ,OAAO,YAAY,GAAG,EAAE;AACzE,QAAM,OAAO,QAAQ,IAAI,QAAQ;AAEjC,kBAAgB,MAAM,IAAI,EAAE,MAAM,CAAC,UAAU;AAC3C,YAAQ,MAAM,gBAAgB,KAAK;AACnC,YAAQ,KAAK,CAAC;AAAA,EAChB,CAAC;AACH;"}
1	+ {"version":3,"file":"server.js","sources":["../src/server.ts"],"sourcesContent":["#!/usr/bin/env node\n\n/*\n Productive MCP Server - HTTP Transport\n \n This is the remote HTTP server mode for Claude Desktop custom connectors.\n * Credentials are passed via Bearer token in the Authorization header.\n \n Token format: base64(organizationId:apiToken) or base64(organizationId:apiToken:userId)\n \n Generate your token:\n * echo -n \"YOUR_ORG_ID:YOUR_API_TOKEN:YOUR_USER_ID\" \| base64\n \n Usage:\n * productive-mcp-server\n * PORT=3000 productive-mcp-server\n \n Claude Desktop custom connector config:\n * Name: Productive\n * URL: https://productive.mcp.ikko.dev\n * (No OAuth needed - uses Bearer token)\n /\n\nimport { createServer, type Server } from 'node:http';\nimport { toNodeListener } from 'h3';\nimport { createHttpApp } from './http.js';\nimport { VERSION } from './version.js';\n\nconst DEFAULT_PORT = 3000;\nconst DEFAULT_HOST = '0.0.0.0';\n\n/\n Start the HTTP server\n */\nexport function startHttpServer(\n port: number = DEFAULT_PORT,\n host: string = DEFAULT_HOST\n): Promise<Server> {\n return new Promise((resolve) => {\n const app = createHttpApp();\n const server = createServer(toNodeListener(app));\n\n server.listen(port, host, () => {\n const displayHost = host === '0.0.0.0' ? 'localhost' : host;\n console.log(`Productive MCP server v${VERSION}`);\n console.log(`Node.js ${process.version}`);\n console.log('');\n console.log(`Running at http://${displayHost}:${port}`);\n console.log('');\n console.log('Endpoints:');\n console.log(` POST http://${displayHost}:${port}/mcp - MCP JSON-RPC endpoint`);\n console.log(` GET http://${displayHost}:${port}/health - Health check`);\n console.log('');\n console.log('OAuth 2.0 (MCP auth spec compliant):');\n console.log(` GET http://${displayHost}:${port}/.well-known/oauth-authorization-server`);\n console.log(` POST http://${displayHost}:${port}/register - Dynamic Client Registration`);\n console.log(` GET http://${displayHost}:${port}/authorize - Authorization endpoint`);\n console.log(` POST http://${displayHost}:${port}/token - Token endpoint`);\n console.log('');\n console.log('Authentication:');\n console.log(' Option 1: OAuth flow (Claude Desktop will handle this automatically)');\n console.log(' Option 2: Bearer token in Authorization header');\n console.log(' Token format: base64(organizationId:apiToken:userId)');\n console.log('');\n if (!process.env.OAUTH_SECRET) {\n console.log('⚠️ WARNING: OAUTH_SECRET not set. Set it in production!');\n console.log(' export OAUTH_SECRET=\"your-random-secret-here\"');\n console.log('');\n }\n resolve(server);\n });\n });\n}\n\n// Start server when run directly\nconst isMainModule =\n import.meta.url === `file://${process.argv[1]}` \|\|\n process.argv[1]?.endsWith('/productive-mcp-server') \|\|\n process.argv[1]?.endsWith('\\\\productive-mcp-server');\n\nif (isMainModule) {\n const port = Number.parseInt(process.env.PORT \|\| String(DEFAULT_PORT), 10);\n const host = process.env.HOST \|\| DEFAULT_HOST;\n\n startHttpServer(port, host).catch((error) => {\n console.error('Fatal error:', error);\n process.exit(1);\n });\n}\n"],"names":[],"mappings":";;;;;AA4BA,MAAM,eAAe;AACrB,MAAM,eAAe;AAKd,SAAS,gBACd,OAAe,cACf,OAAe,cACE;AACjB,SAAO,IAAI,QAAQ,CAAC,YAAY;AAC9B,UAAM,MAAM,cAAA;AACZ,UAAM,SAAS,aAAa,eAAe,GAAG,CAAC;AAE/C,WAAO,OAAO,MAAM,MAAM,MAAM;AAC9B,YAAM,cAAc,SAAS,YAAY,cAAc;AACvD,cAAQ,IAAI,0BAA0B,OAAO,EAAE;AAC/C,cAAQ,IAAI,WAAW,QAAQ,OAAO,EAAE;AACxC,cAAQ,IAAI,EAAE;AACd,cAAQ,IAAI,qBAAqB,WAAW,IAAI,IAAI,EAAE;AACtD,cAAQ,IAAI,EAAE;AACd,cAAQ,IAAI,YAAY;AACxB,cAAQ,IAAI,iBAAiB,WAAW,IAAI,IAAI,8BAA8B;AAC9E,cAAQ,IAAI,iBAAiB,WAAW,IAAI,IAAI,wBAAwB;AACxE,cAAQ,IAAI,EAAE;AACd,cAAQ,IAAI,sCAAsC;AAClD,cAAQ,IAAI,iBAAiB,WAAW,IAAI,IAAI,yCAAyC;AACzF,cAAQ,IAAI,iBAAiB,WAAW,IAAI,IAAI,yCAAyC;AACzF,cAAQ,IAAI,iBAAiB,WAAW,IAAI,IAAI,qCAAqC;AACrF,cAAQ,IAAI,iBAAiB,WAAW,IAAI,IAAI,yBAAyB;AACzE,cAAQ,IAAI,EAAE;AACd,cAAQ,IAAI,iBAAiB;AAC7B,cAAQ,IAAI,wEAAwE;AACpF,cAAQ,IAAI,kDAAkD;AAC9D,cAAQ,IAAI,kEAAkE;AAC9E,cAAQ,IAAI,EAAE;AACd,UAAI,CAAC,QAAQ,IAAI,cAAc;AAC7B,gBAAQ,IAAI,0DAA0D;AACtE,gBAAQ,IAAI,kDAAkD;AAC9D,gBAAQ,IAAI,EAAE;AAAA,MAChB;AACA,cAAQ,MAAM;AAAA,IAChB,CAAC;AAAA,EACH,CAAC;AACH;AAGA,MAAM,eACJ,YAAY,QAAQ,UAAU,QAAQ,KAAK,CAAC,CAAC,MAC7C,QAAQ,KAAK,CAAC,GAAG,SAAS,wBAAwB,KAClD,QAAQ,KAAK,CAAC,GAAG,SAAS,yBAAyB;AAErD,IAAI,cAAc;AAChB,QAAM,OAAO,OAAO,SAAS,QAAQ,IAAI,QAAQ,OAAO,YAAY,GAAG,EAAE;AACzE,QAAM,OAAO,QAAQ,IAAI,QAAQ;AAEjC,kBAAgB,MAAM,IAAI,EAAE,MAAM,CAAC,UAAU;AAC3C,YAAQ,MAAM,gBAAgB,KAAK;AACnC,YAAQ,KAAK,CAAC;AAAA,EAChB,CAAC;AACH;"}

package/dist/version-3wN4XBZL.js ADDED Viewed

@@ -0,0 +1,5 @@
+const VERSION = "0.4.5";
+export {
+  VERSION as V
+};
+//# sourceMappingURL=version-3wN4XBZL.js.map

package/dist/version-3wN4XBZL.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"version-3wN4XBZL.js","sources":["../src/version.ts"],"sourcesContent":["/*\n Package version - injected from package.json at build time\n */\ndeclare const __VERSION__: string;\nexport const VERSION = __VERSION__;\n"],"names":[],"mappings":"AAIO,MAAM,UAAU;"}

package/dist/version.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export declare const VERSION: string;
2	+ //# sourceMappingURL=version.d.ts.map

package/dist/version.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"version.d.ts","sourceRoot":"","sources":["../src/version.ts"],"names":[],"mappings":"AAIA,eAAO,MAAM,OAAO,QAAc,CAAC"}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@studiometa/productive-mcp",
-  "version": "0.3.0",
+  "version": "0.4.5",
   "description": "MCP server for Productive.io API - Model Context Protocol integration for Claude Desktop",
   "type": "module",
   "publishConfig": {
@@ -25,6 +25,14 @@
       "import": "./dist/auth.js",
       "types": "./dist/auth.d.ts"
     },
+    "./crypto": {
+      "import": "./dist/crypto.js",
+      "types": "./dist/crypto.d.ts"
+    },
+    "./oauth": {
+      "import": "./dist/oauth.js",
+      "types": "./dist/oauth.d.ts"
+    },
     "./tools": {
       "import": "./dist/tools.js",
       "types": "./dist/tools.d.ts"
@@ -65,7 +73,7 @@
   "license": "MIT",
   "repository": {
     "type": "git",
-    "url": "https://github.com/studiometa/productive-cli",
+    "url": "https://github.com/studiometa/productive-tools",
     "directory": "packages/productive-mcp"
   },
   "engines": {