@tymio/mcp-server 1.0.0 → 1.0.1

package/dist/cliMessages.js

@@ -0,0 +1,53 @@
+import { existsSync, readFileSync } from "node:fs";
+import path from "node:path";
+import { fileURLToPath } from "node:url";
+const GUIDANCE_FILE = "TYMIO_MCP_CLI_AGENT_GUIDANCE.md";
+function loadAgentGuidanceMarkdown() {
+    const here = path.dirname(fileURLToPath(import.meta.url));
+    const packaged = path.join(here, "..", GUIDANCE_FILE);
+    try {
+        if (existsSync(packaged))
+            return readFileSync(packaged, "utf8");
+    }
+    catch {
+        /* fall through */
+    }
+    return [
+        "# Tymio MCP CLI",
+        "",
+        "The guidance file `TYMIO_MCP_CLI_AGENT_GUIDANCE.md` was not found next to this package (expected beside `dist/`). Reinstall `@tymio/mcp-server` or run from the repository checkout.",
+        "",
+        "## Critical (read before advising the user)",
+        "",
+        "- **No per-user MCP API key** exists in Tymio Settings, Profile, or Account. Do not tell users to copy one from the UI.",
+        "- **OAuth:** remote MCP URL `https://tymio.app/mcp` (or your host) in the IDE, or install `@tymio/mcp-server` and run `tymio-mcp login` for stdio **without** `DRD_API_KEY`/`API_KEY` on that process unless you want API-key mode.",
+        "- **`DRD_API_KEY`/`API_KEY`** on the stdio process is the **server deployment** automation secret, not a personal user key.",
+        "",
+        "After fixing the install: `tymio-mcp instructions`",
+    ].join("\n");
+}
+/** Short usage (stderr) — keep in sync with guidance file for agents. */
+export const HELP_SUMMARY = `Tymio MCP CLI (@tymio/mcp-server)
+
+Commands:
+  tymio-mcp                    Start stdio MCP (default: OAuth → hosted Tymio MCP)
+  tymio-mcp login [url]        Sign in with Google (browser). Saves tokens locally.
+  tymio-mcp logout             Delete saved OAuth client + tokens
+  tymio-mcp instructions       Full setup text for humans & coding agents (print this)
+  tymio-mcp help               This summary
+
+Environment:
+  TYMIO_MCP_URL          Hosted MCP URL (default https://tymio.app/mcp)
+  TYMIO_OAUTH_PORT       Loopback port for login callback (default 19876)
+  TYMIO_MCP_QUIET        If set, suppress stderr hints when starting stdio
+  DRD_API_KEY / API_KEY  If set → API-key REST tool bridge (subset), not OAuth proxy
+  DRD_API_BASE_URL       Hub origin for API-key bridge (default https://tymio.app)
+
+Critical for agents: There is NO MCP API key in Tymio user Settings — use OAuth (remote /mcp URL or tymio-mcp login).
+Tip: Run  tymio-mcp instructions  for the full Markdown guide, Cursor JSON, and troubleshooting.
+`;
+/**
+ * Long-form instructions for coding agents and operators (Markdown).
+ * Loaded from `TYMIO_MCP_CLI_AGENT_GUIDANCE.md` beside the installed package / dist output.
+ */
+export const AGENT_INSTRUCTIONS = loadAgentGuidanceMarkdown();

package/dist/configPaths.d.ts

@@ -0,0 +1,6 @@
+/** XDG-style config directory for OAuth tokens and dynamic client registration. */
+export declare function getTymioConfigDir(): string;
+export declare function ensureConfigDir(): string;
+export declare function defaultMcpUrl(): URL;
+/** Loopback redirect port for OAuth `login` (must stay stable across runs for dynamic client registration). */
+export declare function defaultOAuthRedirectUrl(): URL;

package/dist/configPaths.js

@@ -0,0 +1,32 @@
+import fs from "node:fs";
+import os from "node:os";
+import path from "node:path";
+/** XDG-style config directory for OAuth tokens and dynamic client registration. */
+export function getTymioConfigDir() {
+    const base = process.env.XDG_CONFIG_HOME ?? (process.platform === "darwin" ? path.join(os.homedir(), "Library", "Application Support") : path.join(os.homedir(), ".config"));
+    return path.join(base, "tymio-mcp");
+}
+export function ensureConfigDir() {
+    const dir = getTymioConfigDir();
+    fs.mkdirSync(dir, { recursive: true });
+    return dir;
+}
+export function defaultMcpUrl() {
+    const raw = (process.env.TYMIO_MCP_URL ?? "https://tymio.app/mcp").trim();
+    const fallback = "https://tymio.app/mcp";
+    const base = raw.length > 0 ? raw : fallback;
+    const trimmed = base.replace(/\/+$/, "");
+    const withMcp = trimmed.endsWith("/mcp") ? trimmed : `${trimmed}/mcp`;
+    return new URL(withMcp);
+}
+/** Loopback redirect port for OAuth `login` (must stay stable across runs for dynamic client registration). */
+export function defaultOAuthRedirectUrl() {
+    const raw = process.env.TYMIO_OAUTH_PORT;
+    let port = 19876;
+    if (raw !== undefined && raw.trim() !== "") {
+        const n = Number(raw);
+        if (Number.isInteger(n) && n >= 1 && n <= 65535)
+            port = n;
+    }
+    return new URL(`http://127.0.0.1:${port}/callback`);
+}

package/dist/fileOAuthProvider.d.ts

@@ -0,0 +1,27 @@
+import type { OAuthClientProvider, OAuthDiscoveryState } from "@modelcontextprotocol/sdk/client/auth.js";
+import type { OAuthClientInformationMixed, OAuthClientMetadata, OAuthTokens } from "@modelcontextprotocol/sdk/shared/auth.js";
+/**
+ * Persists MCP OAuth dynamic registration + tokens for the Tymio hub Streamable HTTP endpoint.
+ */
+export declare class FileOAuthProvider implements OAuthClientProvider {
+    private readonly dir;
+    private readonly redirect;
+    private codeVerifierValue?;
+    private oauthState?;
+    constructor(redirectUrl: URL);
+    get redirectUrl(): URL;
+    get clientMetadata(): OAuthClientMetadata;
+    clientInformation(): OAuthClientInformationMixed | undefined;
+    saveClientInformation(clientInformation: OAuthClientInformationMixed): void;
+    tokens(): OAuthTokens | undefined;
+    saveTokens(tokens: OAuthTokens): void;
+    saveCodeVerifier(codeVerifier: string): void;
+    codeVerifier(): string;
+    state(): Promise<string>;
+    clearLoginSession(): void;
+    redirectToAuthorization(authorizationUrl: URL): void;
+    saveDiscoveryState(state: OAuthDiscoveryState): Promise<void>;
+    discoveryState(): Promise<OAuthDiscoveryState | undefined>;
+    invalidateCredentials(scope: "all" | "client" | "tokens" | "verifier" | "discovery"): Promise<void>;
+}
+export declare function removeAllOAuthFiles(): void;

package/dist/fileOAuthProvider.js

@@ -0,0 +1,127 @@
+import { spawn } from "node:child_process";
+import fs from "node:fs";
+import path from "node:path";
+import { randomBytes } from "node:crypto";
+import { ensureConfigDir, getTymioConfigDir } from "./configPaths.js";
+const CLIENT_FILE = "oauth-client.json";
+const TOKENS_FILE = "oauth-tokens.json";
+const DISCOVERY_FILE = "oauth-discovery.json";
+function readJson(file) {
+    try {
+        return JSON.parse(fs.readFileSync(file, "utf8"));
+    }
+    catch {
+        return undefined;
+    }
+}
+function writeJson(file, data) {
+    fs.writeFileSync(file, JSON.stringify(data, null, 2), "utf8");
+}
+function openUrlInBrowser(url) {
+    if (process.platform === "darwin") {
+        spawn("open", [url], { detached: true, stdio: "ignore" }).unref();
+    }
+    else if (process.platform === "win32") {
+        spawn("cmd", ["/c", "start", "", url], { detached: true, stdio: "ignore" }).unref();
+    }
+    else {
+        spawn("xdg-open", [url], { detached: true, stdio: "ignore" }).unref();
+    }
+}
+/**
+ * Persists MCP OAuth dynamic registration + tokens for the Tymio hub Streamable HTTP endpoint.
+ */
+export class FileOAuthProvider {
+    dir;
+    redirect;
+    codeVerifierValue;
+    oauthState;
+    constructor(redirectUrl) {
+        this.dir = ensureConfigDir();
+        this.redirect = redirectUrl;
+    }
+    get redirectUrl() {
+        return this.redirect;
+    }
+    get clientMetadata() {
+        return {
+            redirect_uris: [this.redirect.toString()],
+            client_name: "Tymio MCP CLI",
+            grant_types: ["authorization_code", "refresh_token"],
+            response_types: ["code"],
+            token_endpoint_auth_method: "none",
+            scope: "mcp:tools"
+        };
+    }
+    clientInformation() {
+        return readJson(path.join(this.dir, CLIENT_FILE));
+    }
+    saveClientInformation(clientInformation) {
+        writeJson(path.join(this.dir, CLIENT_FILE), clientInformation);
+    }
+    tokens() {
+        return readJson(path.join(this.dir, TOKENS_FILE));
+    }
+    saveTokens(tokens) {
+        writeJson(path.join(this.dir, TOKENS_FILE), tokens);
+    }
+    saveCodeVerifier(codeVerifier) {
+        this.codeVerifierValue = codeVerifier;
+    }
+    codeVerifier() {
+        if (!this.codeVerifierValue)
+            throw new Error("Missing PKCE code verifier");
+        return this.codeVerifierValue;
+    }
+    async state() {
+        if (!this.oauthState) {
+            this.oauthState = randomBytes(16).toString("hex");
+        }
+        return this.oauthState;
+    }
+    clearLoginSession() {
+        this.codeVerifierValue = undefined;
+        this.oauthState = undefined;
+    }
+    redirectToAuthorization(authorizationUrl) {
+        process.stderr.write(`Opening browser to sign in to Tymio…\n${authorizationUrl.toString()}\n`);
+        openUrlInBrowser(authorizationUrl.toString());
+    }
+    async saveDiscoveryState(state) {
+        writeJson(path.join(this.dir, DISCOVERY_FILE), state);
+    }
+    async discoveryState() {
+        return readJson(path.join(this.dir, DISCOVERY_FILE));
+    }
+    async invalidateCredentials(scope) {
+        const base = getTymioConfigDir();
+        const rm = (f) => {
+            try {
+                fs.unlinkSync(path.join(base, f));
+            }
+            catch {
+                /* ignore */
+            }
+        };
+        if (scope === "all" || scope === "tokens")
+            rm(TOKENS_FILE);
+        if (scope === "all" || scope === "client")
+            rm(CLIENT_FILE);
+        if (scope === "all" || scope === "discovery")
+            rm(DISCOVERY_FILE);
+        if (scope === "all" || scope === "verifier") {
+            this.codeVerifierValue = undefined;
+        }
+    }
+}
+export function removeAllOAuthFiles() {
+    const base = getTymioConfigDir();
+    for (const f of [CLIENT_FILE, TOKENS_FILE, DISCOVERY_FILE]) {
+        try {
+            fs.unlinkSync(path.join(base, f));
+        }
+        catch {
+            /* ignore */
+        }
+    }
+}

package/dist/hubProxyStdio.d.ts

@@ -0,0 +1,4 @@
+/**
+ * Stdio MCP server that proxies to the hosted Tymio Streamable HTTP MCP endpoint with OAuth tokens on disk.
+ */
+export declare function runHubOAuthStdio(mcpUrl?: URL): Promise<void>;

package/dist/hubProxyStdio.js

@@ -0,0 +1,59 @@
+import { readFileSync } from "node:fs";
+import { z } from "zod";
+import { Client } from "@modelcontextprotocol/sdk/client/index.js";
+import { StreamableHTTPClientTransport } from "@modelcontextprotocol/sdk/client/streamableHttp.js";
+import { UnauthorizedError } from "@modelcontextprotocol/sdk/client/auth.js";
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
+import { defaultMcpUrl, defaultOAuthRedirectUrl } from "./configPaths.js";
+import { FileOAuthProvider } from "./fileOAuthProvider.js";
+import { AGENT_INSTRUCTIONS } from "./cliMessages.js";
+import { writeStdioStartupHint } from "./stdioHints.js";
+function pkgVersion() {
+    try {
+        const raw = readFileSync(new URL("../package.json", import.meta.url), "utf8");
+        return JSON.parse(raw).version;
+    }
+    catch {
+        return "1.0.0";
+    }
+}
+const passthroughArgs = z.object({}).passthrough();
+/**
+ * Stdio MCP server that proxies to the hosted Tymio Streamable HTTP MCP endpoint with OAuth tokens on disk.
+ */
+export async function runHubOAuthStdio(mcpUrl = defaultMcpUrl()) {
+    writeStdioStartupHint("oauth");
+    const redirectUrl = defaultOAuthRedirectUrl();
+    const provider = new FileOAuthProvider(redirectUrl);
+    const transport = new StreamableHTTPClientTransport(mcpUrl, { authProvider: provider });
+    const client = new Client({ name: "@tymio/mcp-server", version: pkgVersion() }, { capabilities: {} });
+    try {
+        await client.connect(transport);
+    }
+    catch (e) {
+        if (e instanceof UnauthorizedError) {
+            process.stderr.write("Tymio MCP: not signed in or session expired.\n  Run: tymio-mcp login  (there is no MCP API key in Tymio user Settings)\n  Or:  tymio-mcp instructions  (full setup for agents)\n  API-key mode: set DRD_API_KEY (server deployment secret), not a UI setting.\n");
+            process.exit(1);
+        }
+        throw e;
+    }
+    const { tools } = await client.listTools();
+    const server = new McpServer({ name: "tymio-hub", version: pkgVersion() }, { instructions: AGENT_INSTRUCTIONS });
+    for (const tool of tools) {
+        const name = tool.name;
+        server.registerTool(name, {
+            title: tool.title,
+            description: tool.description ?? "",
+            inputSchema: passthroughArgs
+        }, async (args) => {
+            const result = await client.callTool({
+                name,
+                arguments: args ?? {}
+            });
+            return result;
+        });
+    }
+    const stdio = new StdioServerTransport();
+    await server.connect(stdio);
+}

package/dist/index.js

@@ -1,283 +1,6 @@
 #!/usr/bin/env node
-/**
- * Tymio MCP server (stdio) — exposes hub REST APIs as MCP tools for agents.
- * Set DRD_API_BASE_URL and DRD_API_KEY in the environment.
- */
-import { z } from "zod";
-import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
-import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
-import { drdFetch, drdFetchText, getBaseUrl, hasApiKey } from "./api.js";
-import { toolTextWithFeedback } from "./mcpFeedbackFooter.js";
-const server = new McpServer({
-    name: "tymio-hub",
-    version: "1.0.0"
-});
-async function textContent(text) {
-    return toolTextWithFeedback(getBaseUrl(), text);
-}
-// --- Health & meta (no auth required for health)
-server.registerTool("drd_health", {
-    title: "Tymio API health check",
-    description: "Check if the Tymio hub API is reachable.",
-    inputSchema: z.object({})
-}, async () => {
-    const data = await drdFetch("/api/health");
-    return textContent(JSON.stringify(data));
-});
-server.registerTool("drd_meta", {
-    title: "Get Tymio meta",
-    description: "Get meta data: domains, products, accounts, partners, personas, revenue streams, users.",
-    inputSchema: z.object({})
-}, async () => {
-    const data = await drdFetch("/api/meta");
-    return textContent(JSON.stringify(data, null, 2));
-});
-// --- Initiatives
-const listInitiativesSchema = z.object({
-    domainId: z.string().optional(),
-    ownerId: z.string().optional(),
-    horizon: z.enum(["NOW", "NEXT", "LATER"]).optional(),
-    priority: z.enum(["P0", "P1", "P2", "P3"]).optional(),
-    isGap: z.boolean().optional()
-});
-server.registerTool("drd_list_initiatives", {
-    title: "List initiatives",
-    description: "List initiatives with optional filters: domainId, ownerId, horizon, priority, isGap.",
-    inputSchema: listInitiativesSchema
-}, async (args) => {
-    const params = new URLSearchParams();
-    if (args.domainId)
-        params.set("domainId", args.domainId);
-    if (args.ownerId)
-        params.set("ownerId", args.ownerId);
-    if (args.horizon)
-        params.set("horizon", args.horizon);
-    if (args.priority)
-        params.set("priority", args.priority);
-    if (args.isGap !== undefined)
-        params.set("isGap", String(args.isGap));
-    const data = await drdFetch(`/api/initiatives?${params.toString()}`);
-    return textContent(JSON.stringify(data.initiatives, null, 2));
-});
-server.registerTool("drd_get_initiative", {
-    title: "Get initiative by ID",
-    description: "Get a single initiative by its ID.",
-    inputSchema: z.object({ id: z.string().describe("Initiative ID") })
-}, async ({ id }) => {
-    const data = await drdFetch(`/api/initiatives/${id}`);
-    return textContent(JSON.stringify(data.initiative, null, 2));
-});
-server.registerTool("drd_create_initiative", {
-    title: "Create initiative",
-    description: "Create a new initiative. Requires admin/editor role.",
-    inputSchema: z.object({
-        title: z.string(),
-        domainId: z.string(),
-        description: z.string().optional(),
-        ownerId: z.string().optional(),
-        priority: z.enum(["P0", "P1", "P2", "P3"]).optional(),
-        horizon: z.enum(["NOW", "NEXT", "LATER"]).optional(),
-        status: z.enum(["IDEA", "PLANNED", "IN_PROGRESS", "DONE", "BLOCKED"]).optional(),
-        commercialType: z.string().optional(),
-        isGap: z.boolean().optional()
-    })
-}, async (body) => {
-    const data = await drdFetch("/api/initiatives", {
-        method: "POST",
-        body: JSON.stringify(body)
-    });
-    return textContent(JSON.stringify(data.initiative, null, 2));
-});
-server.registerTool("drd_update_initiative", {
-    title: "Update initiative",
-    description: "Update an existing initiative by ID.",
-    inputSchema: z.object({
-        id: z.string(),
-        title: z.string().optional(),
-        domainId: z.string().optional(),
-        description: z.string().optional(),
-        ownerId: z.string().optional(),
-        priority: z.enum(["P0", "P1", "P2", "P3"]).optional(),
-        horizon: z.enum(["NOW", "NEXT", "LATER"]).optional(),
-        status: z.enum(["IDEA", "PLANNED", "IN_PROGRESS", "DONE", "BLOCKED"]).optional(),
-        commercialType: z.string().optional(),
-        isGap: z.boolean().optional()
-    })
-}, async ({ id, ...body }) => {
-    const data = await drdFetch(`/api/initiatives/${id}`, {
-        method: "PUT",
-        body: JSON.stringify(body)
-    });
-    return textContent(JSON.stringify(data.initiative, null, 2));
-});
-server.registerTool("drd_delete_initiative", {
-    title: "Delete initiative",
-    description: "Delete an initiative by ID.",
-    inputSchema: z.object({ id: z.string() })
-}, async ({ id }) => {
-    await drdFetch(`/api/initiatives/${id}`, { method: "DELETE" });
-    return textContent(JSON.stringify({ ok: true }));
-});
-// --- Domains, products, personas
-server.registerTool("drd_list_domains", {
-    title: "List domains",
-    description: "List all domains.",
-    inputSchema: z.object({})
-}, async () => {
-    const data = await drdFetch("/api/domains");
-    return textContent(JSON.stringify(data.domains, null, 2));
-});
-server.registerTool("drd_create_domain", {
-    title: "Create domain",
-    description: "Create a new domain (pillar). Requires workspace OWNER or ADMIN.",
-    inputSchema: z.object({
-        name: z.string().min(1),
-        color: z.string().min(1),
-        sortOrder: z.number().int().optional()
-    })
-}, async (body) => {
-    const data = await drdFetch("/api/domains", {
-        method: "POST",
-        body: JSON.stringify({
-            name: body.name,
-            color: body.color,
-            sortOrder: body.sortOrder ?? 0
-        })
-    });
-    return textContent(JSON.stringify(data.domain, null, 2));
-});
-server.registerTool("drd_list_products", {
-    title: "List products",
-    description: "List all products (with hierarchy).",
-    inputSchema: z.object({})
-}, async () => {
-    const data = await drdFetch("/api/products");
-    return textContent(JSON.stringify(data.products, null, 2));
-});
-server.registerTool("drd_list_personas", {
-    title: "List personas",
-    description: "List all personas.",
-    inputSchema: z.object({})
-}, async () => {
-    const data = await drdFetch("/api/personas");
-    return textContent(JSON.stringify(data.personas, null, 2));
-});
-server.registerTool("drd_list_accounts", {
-    title: "List accounts",
-    description: "List all accounts.",
-    inputSchema: z.object({})
-}, async () => {
-    const data = await drdFetch("/api/accounts");
-    return textContent(JSON.stringify(data.accounts, null, 2));
-});
-server.registerTool("drd_list_partners", {
-    title: "List partners",
-    description: "List all partners.",
-    inputSchema: z.object({})
-}, async () => {
-    const data = await drdFetch("/api/partners");
-    return textContent(JSON.stringify(data.partners, null, 2));
-});
-// --- KPIs, milestones, stakeholders
-server.registerTool("drd_list_kpis", {
-    title: "List KPIs",
-    description: "List all initiative KPIs with their initiative context (title, domain, owner).",
-    inputSchema: z.object({})
-}, async () => {
-    const data = await drdFetch("/api/kpis");
-    return textContent(JSON.stringify(data.kpis, null, 2));
-});
-server.registerTool("drd_list_milestones", {
-    title: "List milestones",
-    description: "List all initiative milestones with their initiative context.",
-    inputSchema: z.object({})
-}, async () => {
-    const data = await drdFetch("/api/milestones");
-    return textContent(JSON.stringify(data.milestones, null, 2));
-});
-server.registerTool("drd_list_demands", {
-    title: "List demands",
-    description: "List all demands (from accounts, partners, internal, compliance).",
-    inputSchema: z.object({})
-}, async () => {
-    const data = await drdFetch("/api/demands");
-    return textContent(JSON.stringify(data.demands, null, 2));
-});
-server.registerTool("drd_list_revenue_streams", {
-    title: "List revenue streams",
-    description: "List all revenue streams.",
-    inputSchema: z.object({})
-}, async () => {
-    const data = await drdFetch("/api/revenue-streams");
-    return textContent(JSON.stringify(data.revenueStreams, null, 2));
-});
-server.registerTool("tymio_get_coding_agent_guide", {
-    title: "Get Tymio coding agent playbook (Markdown)",
-    description: "Full docs/CODING_AGENT_TYMIO.md: MCP usage, as-is to Tymio, feature lifecycle. Call at session start when automating this hub.",
-    inputSchema: z.object({})
-}, async () => {
-    const md = await drdFetchText("/api/agent/coding-guide");
-    return textContent(md);
-});
-server.registerTool("tymio_get_agent_brief", {
-    title: "Get compiled agent capability brief",
-    description: "Returns the hub capability ontology as Markdown or JSON. mode=compact|full, format=md|json.",
-    inputSchema: z.object({
-        mode: z.enum(["compact", "full"]).default("compact"),
-        format: z.enum(["md", "json"]).default("md")
-    })
-}, async (args) => {
-    const params = new URLSearchParams({ mode: args.mode, format: args.format });
-    const q = params.toString();
-    if (args.format === "md") {
-        const text = await drdFetchText(`/api/ontology/brief?${q}`);
-        return textContent(text);
-    }
-    const raw = await drdFetchText(`/api/ontology/brief?${q}`);
-    try {
-        const parsed = JSON.parse(raw);
-        return textContent(JSON.stringify(parsed, null, 2));
-    }
-    catch {
-        return textContent(raw);
-    }
-});
-server.registerTool("tymio_list_capabilities", {
-    title: "List hub capabilities (ontology)",
-    description: "Optional status: ACTIVE, DRAFT, DEPRECATED.",
-    inputSchema: z.object({ status: z.enum(["ACTIVE", "DRAFT", "DEPRECATED"]).optional() })
-}, async (args) => {
-    const params = new URLSearchParams();
-    if (args.status)
-        params.set("status", args.status);
-    const q = params.toString();
-    const data = await drdFetch(`/api/ontology/capabilities${q ? `?${q}` : ""}`);
-    return textContent(JSON.stringify(data, null, 2));
-});
-server.registerTool("tymio_get_capability", {
-    title: "Get one capability by id or slug",
-    description: "Provide id or slug.",
-    inputSchema: z.object({ id: z.string().optional(), slug: z.string().optional() })
-}, async (args) => {
-    if (args.id) {
-        const data = await drdFetch(`/api/ontology/capabilities/${args.id}`);
-        return textContent(JSON.stringify(data, null, 2));
-    }
-    if (args.slug) {
-        const data = await drdFetch(`/api/ontology/capabilities/by-slug/${encodeURIComponent(args.slug)}`);
-        return textContent(JSON.stringify(data, null, 2));
-    }
-    throw new Error("Provide id or slug");
-});
-// --- Run
-async function main() {
-    if (!hasApiKey()) {
-        process.stderr.write("Warning: DRD_API_KEY is not set. Authenticated API calls will fail. Set DRD_API_KEY and API_KEY on the server.\n");
-    }
-    const transport = new StdioServerTransport();
-    await server.connect(transport);
-}
-main().catch((err) => {
+import { runCli } from "./cli.js";
+runCli(process.argv).catch((err) => {
     console.error(err);
     process.exit(1);
 });

package/dist/loginCommand.d.ts

@@ -0,0 +1 @@
+export declare function runLoginCommand(mcpUrl?: URL): Promise<void>;

package/dist/loginCommand.js

@@ -0,0 +1,30 @@
+import { auth } from "@modelcontextprotocol/sdk/client/auth.js";
+import { defaultMcpUrl, defaultOAuthRedirectUrl } from "./configPaths.js";
+import { FileOAuthProvider } from "./fileOAuthProvider.js";
+import { startOAuthCallbackServer } from "./oauthCallbackServer.js";
+export async function runLoginCommand(mcpUrl = defaultMcpUrl()) {
+    const redirectUrl = defaultOAuthRedirectUrl();
+    const provider = new FileOAuthProvider(redirectUrl);
+    const { waitForCode, close } = await startOAuthCallbackServer(redirectUrl, provider);
+    try {
+        let result = await auth(provider, { serverUrl: mcpUrl });
+        if (result === "REDIRECT") {
+            const code = await waitForCode;
+            result = await auth(provider, { serverUrl: mcpUrl, authorizationCode: code });
+        }
+        else {
+            void waitForCode.catch(() => {
+                /* already authorized; browser callback not used */
+            });
+        }
+        if (result !== "AUTHORIZED") {
+            throw new Error(`Unexpected auth result: ${result}`);
+        }
+        provider.clearLoginSession();
+        process.stderr.write("Tymio MCP login succeeded. You can run your editor MCP client (tymio-mcp).\n");
+    }
+    finally {
+        close();
+        provider.clearLoginSession();
+    }
+}

package/dist/oauthCallbackServer.d.ts

@@ -0,0 +1,10 @@
+import type { FileOAuthProvider } from "./fileOAuthProvider.js";
+export interface OAuthCallbackHandle {
+    waitForCode: Promise<string>;
+    close: () => void;
+}
+/**
+ * Listens on the host/port of `redirectUrl` and resolves with the authorization `code`
+ * once the browser hits the redirect URI. Resolves after the socket is accepting connections.
+ */
+export declare function startOAuthCallbackServer(redirectUrl: URL, provider: FileOAuthProvider): Promise<OAuthCallbackHandle>;