@toknbase/mcp-server 1.0.0 → 1.2.0

package/index.js

@@ -5,10 +5,10 @@
  *
  * Required env vars:
  *   TOKNBASE_AGENT_TOKEN  -- your agt_ scoped agent token from the Toknbase dashboard
- *   TOKNBASE_CANISTER_ID  -- your Toknbase canister ID (e.g. xxxxx-xxxxx-cai)
  *
  * Optional:
- *   TOKNBASE_IC_HOST      -- IC host (default: https://ic0.app)
+ *   TOKNBASE_CANISTER_ID  -- your Toknbase canister ID (defaults to production)
+ *   TOKNBASE_IC_HOST      -- IC host (default: https://icp-api.io)
  */
 
 import { Server } from "@modelcontextprotocol/sdk/server/index.js";
@@ -22,17 +22,13 @@ import { IDL } from "@dfinity/candid";
 
 // ── Config ──────────────────────────────────────────────────────────────────
 const TOKEN = process.env.TOKNBASE_AGENT_TOKEN;
-const CANISTER_ID = process.env.TOKNBASE_CANISTER_ID;
-const IC_HOST = process.env.TOKNBASE_IC_HOST ?? "https://ic0.app";
+const CANISTER_ID = process.env.TOKNBASE_CANISTER_ID ?? "xi7mc-uaaaa-aaaan-q5raa-cai";
+const IC_HOST = process.env.TOKNBASE_IC_HOST ?? "https://icp-api.io";
 
 if (!TOKEN) {
   console.error("[toknbase-mcp] Missing TOKNBASE_AGENT_TOKEN environment variable.");
   process.exit(1);
 }
-if (!CANISTER_ID) {
-  console.error("[toknbase-mcp] Missing TOKNBASE_CANISTER_ID environment variable.");
-  process.exit(1);
-}
 
 // ── Candid IDL (agent-token surface only) ───────────────────────────────────
 const idlFactory = ({ IDL: I }) => {
@@ -53,17 +49,15 @@ const idlFactory = ({ IDL: I }) => {
       []
     ),
     updateSecretByAgentToken: I.Func([I.Text, I.Text, I.Text], [I.Bool], []),
-    deleteSecretByAgentToken: I.Func([I.Text, I.Text], [I.Bool], []),
     listFoldersByAgentToken: I.Func([I.Text], [I.Vec(FolderMeta)], ["query"]),
     assignFolderByAgentToken: I.Func([I.Text, I.Nat, I.Text], [I.Bool], []),
-    getSecretByAgentToken: I.Func([I.Text, I.Text], [I.Opt(I.Text)], ["query"]),
   });
 };
 
 // ── IC Actor ─────────────────────────────────────────────────────────────────
 const agent = new HttpAgent({ host: IC_HOST });
-// Fetch root key only on local replica
-if (IC_HOST !== "https://ic0.app") {
+// Only fetch root key on local replica, not on mainnet
+if (!IC_HOST.includes("icp-api.io") && !IC_HOST.includes("ic0.app")) {
   await agent.fetchRootKey();
 }
 
@@ -71,7 +65,7 @@ const backend = Actor.createActor(idlFactory, { agent, canisterId: CANISTER_ID }
 
 // ── MCP Server ───────────────────────────────────────────────────────────────
 const server = new Server(
-  { name: "toknbase", version: "1.0.0" },
+  { name: "toknbase", version: "1.2.0" },
   { capabilities: { tools: {} } }
 );
 
@@ -80,20 +74,9 @@ server.setRequestHandler(ListToolsRequestSchema, async () => ({
   tools: [
     {
       name: "toknbase_list_secrets",
-      description: "List all secrets you have access to. Returns names, descriptions, and environments -- never plaintext values.",
+      description: "List all secrets you have access to. Returns names, descriptions, and environments -- never plaintext values. Toknbase is zero-knowledge: secret values are encrypted client-side and the server never sees them.",
       inputSchema: { type: "object", properties: {}, required: [] },
     },
-    {
-      name: "toknbase_reveal_secret",
-      description: "Reveal the encrypted value of a specific secret by name. Use this only when you need the actual value.",
-      inputSchema: {
-        type: "object",
-        properties: {
-          name: { type: "string", description: "The exact secret name" },
-        },
-        required: ["name"],
-      },
-    },
     {
       name: "toknbase_create_secret",
       description: "Add a new secret to the vault. Requires read_write or full_access scope.",
@@ -124,17 +107,6 @@ server.setRequestHandler(ListToolsRequestSchema, async () => ({
         required: ["name", "value"],
       },
     },
-    {
-      name: "toknbase_delete_secret",
-      description: "Permanently delete a secret from the vault. Requires full_access scope. This cannot be undone.",
-      inputSchema: {
-        type: "object",
-        properties: {
-          name: { type: "string", description: "The exact secret name to delete" },
-        },
-        required: ["name"],
-      },
-    },
     {
       name: "toknbase_list_folders",
       description: "List all folders in the vault.",
@@ -173,19 +145,6 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
         };
       }
 
-      case "toknbase_reveal_secret": {
-        const result = await backend.getSecretByAgentToken(args.name, TOKEN);
-        if (result.length === 0 || result[0] === undefined) {
-          return {
-            content: [{ type: "text", text: `Secret '${args.name}' not found or access denied.` }],
-            isError: true,
-          };
-        }
-        return {
-          content: [{ type: "text", text: result[0] }],
-        };
-      }
-
       case "toknbase_create_secret": {
         const ok = await backend.createSecretByAgentToken(
           args.name,
@@ -222,21 +181,6 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
         };
       }
 
-      case "toknbase_delete_secret": {
-        const ok = await backend.deleteSecretByAgentToken(args.name, TOKEN);
-        return {
-          content: [
-            {
-              type: "text",
-              text: ok
-                ? `Secret '${args.name}' deleted.`
-                : `Failed to delete secret '${args.name}'. Check that it exists and your token scope (requires full_access).`,
-            },
-          ],
-          isError: !ok,
-        };
-      }
-
       case "toknbase_list_folders": {
         const folders = await backend.listFoldersByAgentToken(TOKEN);
         return {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@toknbase/mcp-server",
-  "version": "1.0.0",
+  "version": "1.2.0",
   "description": "MCP server for Toknbase -- zero-knowledge secrets management for AI agents",
   "type": "module",
   "bin": {