@tymio/mcp-server 1.0.0 → 2.0.0

package/dist/hubProxyStdio.js

@@ -0,0 +1,64 @@
+import { readFileSync } from "node:fs";
+import { z } from "zod";
+import { Client } from "@modelcontextprotocol/sdk/client/index.js";
+import { StreamableHTTPClientTransport } from "@modelcontextprotocol/sdk/client/streamableHttp.js";
+import { UnauthorizedError } from "@modelcontextprotocol/sdk/client/auth.js";
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
+import { defaultMcpUrl, defaultOAuthRedirectUrl } from "./configPaths.js";
+import { FileOAuthProvider } from "./fileOAuthProvider.js";
+import { getMcpServerInstructions } from "./persona.js";
+import { writeStdioStartupHint } from "./stdioHints.js";
+import { assertToolArgsMatchPinnedWorkspace, readPinnedWorkspaceSlugForStdio } from "./workspaceSlug.js";
+function pkgVersion() {
+    try {
+        const raw = readFileSync(new URL("../package.json", import.meta.url), "utf8");
+        return JSON.parse(raw).version;
+    }
+    catch {
+        return "1.0.0";
+    }
+}
+const passthroughArgs = z.object({}).passthrough();
+/**
+ * Stdio MCP server that proxies to the hosted Tymio Streamable HTTP MCP endpoint with OAuth tokens on disk.
+ */
+export async function runHubOAuthStdio(mcpUrl = defaultMcpUrl()) {
+    writeStdioStartupHint("oauth");
+    const pinnedWorkspaceSlug = readPinnedWorkspaceSlugForStdio();
+    const redirectUrl = defaultOAuthRedirectUrl();
+    const provider = new FileOAuthProvider(redirectUrl);
+    const transport = new StreamableHTTPClientTransport(mcpUrl, { authProvider: provider });
+    const client = new Client({ name: "@tymio/mcp-server", version: pkgVersion() }, { capabilities: {} });
+    try {
+        await client.connect(transport);
+    }
+    catch (e) {
+        if (e instanceof UnauthorizedError) {
+            process.stderr.write("Tymio MCP: not signed in or session expired.\n  Run: tymio-mcp login  (there is no MCP API key in Tymio user Settings)\n  Or:  tymio-mcp instructions  (full setup for agents)\n  API-key mode: set DRD_API_KEY (server deployment secret), not a UI setting.\n");
+            process.exit(1);
+        }
+        throw e;
+    }
+    const { tools } = await client.listTools();
+    const server = new McpServer({ name: "tymio-hub", version: pkgVersion() }, { instructions: getMcpServerInstructions() });
+    for (const tool of tools) {
+        const name = tool.name;
+        server.registerTool(name, {
+            title: tool.title,
+            description: tool.description ?? "",
+            inputSchema: passthroughArgs
+        }, async (args) => {
+            if (pinnedWorkspaceSlug) {
+                assertToolArgsMatchPinnedWorkspace(args ?? {}, pinnedWorkspaceSlug, name);
+            }
+            const result = await client.callTool({
+                name,
+                arguments: args ?? {}
+            });
+            return result;
+        });
+    }
+    const stdio = new StdioServerTransport();
+    await server.connect(stdio);
+}

package/dist/index.js

@@ -1,283 +1,6 @@
 #!/usr/bin/env node
-/**
- * Tymio MCP server (stdio) — exposes hub REST APIs as MCP tools for agents.
- * Set DRD_API_BASE_URL and DRD_API_KEY in the environment.
- */
-import { z } from "zod";
-import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
-import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
-import { drdFetch, drdFetchText, getBaseUrl, hasApiKey } from "./api.js";
-import { toolTextWithFeedback } from "./mcpFeedbackFooter.js";
-const server = new McpServer({
-    name: "tymio-hub",
-    version: "1.0.0"
-});
-async function textContent(text) {
-    return toolTextWithFeedback(getBaseUrl(), text);
-}
-// --- Health & meta (no auth required for health)
-server.registerTool("drd_health", {
-    title: "Tymio API health check",
-    description: "Check if the Tymio hub API is reachable.",
-    inputSchema: z.object({})
-}, async () => {
-    const data = await drdFetch("/api/health");
-    return textContent(JSON.stringify(data));
-});
-server.registerTool("drd_meta", {
-    title: "Get Tymio meta",
-    description: "Get meta data: domains, products, accounts, partners, personas, revenue streams, users.",
-    inputSchema: z.object({})
-}, async () => {
-    const data = await drdFetch("/api/meta");
-    return textContent(JSON.stringify(data, null, 2));
-});
-// --- Initiatives
-const listInitiativesSchema = z.object({
-    domainId: z.string().optional(),
-    ownerId: z.string().optional(),
-    horizon: z.enum(["NOW", "NEXT", "LATER"]).optional(),
-    priority: z.enum(["P0", "P1", "P2", "P3"]).optional(),
-    isGap: z.boolean().optional()
-});
-server.registerTool("drd_list_initiatives", {
-    title: "List initiatives",
-    description: "List initiatives with optional filters: domainId, ownerId, horizon, priority, isGap.",
-    inputSchema: listInitiativesSchema
-}, async (args) => {
-    const params = new URLSearchParams();
-    if (args.domainId)
-        params.set("domainId", args.domainId);
-    if (args.ownerId)
-        params.set("ownerId", args.ownerId);
-    if (args.horizon)
-        params.set("horizon", args.horizon);
-    if (args.priority)
-        params.set("priority", args.priority);
-    if (args.isGap !== undefined)
-        params.set("isGap", String(args.isGap));
-    const data = await drdFetch(`/api/initiatives?${params.toString()}`);
-    return textContent(JSON.stringify(data.initiatives, null, 2));
-});
-server.registerTool("drd_get_initiative", {
-    title: "Get initiative by ID",
-    description: "Get a single initiative by its ID.",
-    inputSchema: z.object({ id: z.string().describe("Initiative ID") })
-}, async ({ id }) => {
-    const data = await drdFetch(`/api/initiatives/${id}`);
-    return textContent(JSON.stringify(data.initiative, null, 2));
-});
-server.registerTool("drd_create_initiative", {
-    title: "Create initiative",
-    description: "Create a new initiative. Requires admin/editor role.",
-    inputSchema: z.object({
-        title: z.string(),
-        domainId: z.string(),
-        description: z.string().optional(),
-        ownerId: z.string().optional(),
-        priority: z.enum(["P0", "P1", "P2", "P3"]).optional(),
-        horizon: z.enum(["NOW", "NEXT", "LATER"]).optional(),
-        status: z.enum(["IDEA", "PLANNED", "IN_PROGRESS", "DONE", "BLOCKED"]).optional(),
-        commercialType: z.string().optional(),
-        isGap: z.boolean().optional()
-    })
-}, async (body) => {
-    const data = await drdFetch("/api/initiatives", {
-        method: "POST",
-        body: JSON.stringify(body)
-    });
-    return textContent(JSON.stringify(data.initiative, null, 2));
-});
-server.registerTool("drd_update_initiative", {
-    title: "Update initiative",
-    description: "Update an existing initiative by ID.",
-    inputSchema: z.object({
-        id: z.string(),
-        title: z.string().optional(),
-        domainId: z.string().optional(),
-        description: z.string().optional(),
-        ownerId: z.string().optional(),
-        priority: z.enum(["P0", "P1", "P2", "P3"]).optional(),
-        horizon: z.enum(["NOW", "NEXT", "LATER"]).optional(),
-        status: z.enum(["IDEA", "PLANNED", "IN_PROGRESS", "DONE", "BLOCKED"]).optional(),
-        commercialType: z.string().optional(),
-        isGap: z.boolean().optional()
-    })
-}, async ({ id, ...body }) => {
-    const data = await drdFetch(`/api/initiatives/${id}`, {
-        method: "PUT",
-        body: JSON.stringify(body)
-    });
-    return textContent(JSON.stringify(data.initiative, null, 2));
-});
-server.registerTool("drd_delete_initiative", {
-    title: "Delete initiative",
-    description: "Delete an initiative by ID.",
-    inputSchema: z.object({ id: z.string() })
-}, async ({ id }) => {
-    await drdFetch(`/api/initiatives/${id}`, { method: "DELETE" });
-    return textContent(JSON.stringify({ ok: true }));
-});
-// --- Domains, products, personas
-server.registerTool("drd_list_domains", {
-    title: "List domains",
-    description: "List all domains.",
-    inputSchema: z.object({})
-}, async () => {
-    const data = await drdFetch("/api/domains");
-    return textContent(JSON.stringify(data.domains, null, 2));
-});
-server.registerTool("drd_create_domain", {
-    title: "Create domain",
-    description: "Create a new domain (pillar). Requires workspace OWNER or ADMIN.",
-    inputSchema: z.object({
-        name: z.string().min(1),
-        color: z.string().min(1),
-        sortOrder: z.number().int().optional()
-    })
-}, async (body) => {
-    const data = await drdFetch("/api/domains", {
-        method: "POST",
-        body: JSON.stringify({
-            name: body.name,
-            color: body.color,
-            sortOrder: body.sortOrder ?? 0
-        })
-    });
-    return textContent(JSON.stringify(data.domain, null, 2));
-});
-server.registerTool("drd_list_products", {
-    title: "List products",
-    description: "List all products (with hierarchy).",
-    inputSchema: z.object({})
-}, async () => {
-    const data = await drdFetch("/api/products");
-    return textContent(JSON.stringify(data.products, null, 2));
-});
-server.registerTool("drd_list_personas", {
-    title: "List personas",
-    description: "List all personas.",
-    inputSchema: z.object({})
-}, async () => {
-    const data = await drdFetch("/api/personas");
-    return textContent(JSON.stringify(data.personas, null, 2));
-});
-server.registerTool("drd_list_accounts", {
-    title: "List accounts",
-    description: "List all accounts.",
-    inputSchema: z.object({})
-}, async () => {
-    const data = await drdFetch("/api/accounts");
-    return textContent(JSON.stringify(data.accounts, null, 2));
-});
-server.registerTool("drd_list_partners", {
-    title: "List partners",
-    description: "List all partners.",
-    inputSchema: z.object({})
-}, async () => {
-    const data = await drdFetch("/api/partners");
-    return textContent(JSON.stringify(data.partners, null, 2));
-});
-// --- KPIs, milestones, stakeholders
-server.registerTool("drd_list_kpis", {
-    title: "List KPIs",
-    description: "List all initiative KPIs with their initiative context (title, domain, owner).",
-    inputSchema: z.object({})
-}, async () => {
-    const data = await drdFetch("/api/kpis");
-    return textContent(JSON.stringify(data.kpis, null, 2));
-});
-server.registerTool("drd_list_milestones", {
-    title: "List milestones",
-    description: "List all initiative milestones with their initiative context.",
-    inputSchema: z.object({})
-}, async () => {
-    const data = await drdFetch("/api/milestones");
-    return textContent(JSON.stringify(data.milestones, null, 2));
-});
-server.registerTool("drd_list_demands", {
-    title: "List demands",
-    description: "List all demands (from accounts, partners, internal, compliance).",
-    inputSchema: z.object({})
-}, async () => {
-    const data = await drdFetch("/api/demands");
-    return textContent(JSON.stringify(data.demands, null, 2));
-});
-server.registerTool("drd_list_revenue_streams", {
-    title: "List revenue streams",
-    description: "List all revenue streams.",
-    inputSchema: z.object({})
-}, async () => {
-    const data = await drdFetch("/api/revenue-streams");
-    return textContent(JSON.stringify(data.revenueStreams, null, 2));
-});
-server.registerTool("tymio_get_coding_agent_guide", {
-    title: "Get Tymio coding agent playbook (Markdown)",
-    description: "Full docs/CODING_AGENT_TYMIO.md: MCP usage, as-is to Tymio, feature lifecycle. Call at session start when automating this hub.",
-    inputSchema: z.object({})
-}, async () => {
-    const md = await drdFetchText("/api/agent/coding-guide");
-    return textContent(md);
-});
-server.registerTool("tymio_get_agent_brief", {
-    title: "Get compiled agent capability brief",
-    description: "Returns the hub capability ontology as Markdown or JSON. mode=compact|full, format=md|json.",
-    inputSchema: z.object({
-        mode: z.enum(["compact", "full"]).default("compact"),
-        format: z.enum(["md", "json"]).default("md")
-    })
-}, async (args) => {
-    const params = new URLSearchParams({ mode: args.mode, format: args.format });
-    const q = params.toString();
-    if (args.format === "md") {
-        const text = await drdFetchText(`/api/ontology/brief?${q}`);
-        return textContent(text);
-    }
-    const raw = await drdFetchText(`/api/ontology/brief?${q}`);
-    try {
-        const parsed = JSON.parse(raw);
-        return textContent(JSON.stringify(parsed, null, 2));
-    }
-    catch {
-        return textContent(raw);
-    }
-});
-server.registerTool("tymio_list_capabilities", {
-    title: "List hub capabilities (ontology)",
-    description: "Optional status: ACTIVE, DRAFT, DEPRECATED.",
-    inputSchema: z.object({ status: z.enum(["ACTIVE", "DRAFT", "DEPRECATED"]).optional() })
-}, async (args) => {
-    const params = new URLSearchParams();
-    if (args.status)
-        params.set("status", args.status);
-    const q = params.toString();
-    const data = await drdFetch(`/api/ontology/capabilities${q ? `?${q}` : ""}`);
-    return textContent(JSON.stringify(data, null, 2));
-});
-server.registerTool("tymio_get_capability", {
-    title: "Get one capability by id or slug",
-    description: "Provide id or slug.",
-    inputSchema: z.object({ id: z.string().optional(), slug: z.string().optional() })
-}, async (args) => {
-    if (args.id) {
-        const data = await drdFetch(`/api/ontology/capabilities/${args.id}`);
-        return textContent(JSON.stringify(data, null, 2));
-    }
-    if (args.slug) {
-        const data = await drdFetch(`/api/ontology/capabilities/by-slug/${encodeURIComponent(args.slug)}`);
-        return textContent(JSON.stringify(data, null, 2));
-    }
-    throw new Error("Provide id or slug");
-});
-// --- Run
-async function main() {
-    if (!hasApiKey()) {
-        process.stderr.write("Warning: DRD_API_KEY is not set. Authenticated API calls will fail. Set DRD_API_KEY and API_KEY on the server.\n");
-    }
-    const transport = new StdioServerTransport();
-    await server.connect(transport);
-}
-main().catch((err) => {
+import { runCli } from "./cli.js";
+runCli(process.argv).catch((err) => {
     console.error(err);
     process.exit(1);
 });

package/dist/loginCommand.d.ts

@@ -0,0 +1 @@
+export declare function runLoginCommand(mcpUrl?: URL): Promise<void>;

package/dist/loginCommand.js

@@ -0,0 +1,30 @@
+import { auth } from "@modelcontextprotocol/sdk/client/auth.js";
+import { defaultMcpUrl, defaultOAuthRedirectUrl } from "./configPaths.js";
+import { FileOAuthProvider } from "./fileOAuthProvider.js";
+import { startOAuthCallbackServer } from "./oauthCallbackServer.js";
+export async function runLoginCommand(mcpUrl = defaultMcpUrl()) {
+    const redirectUrl = defaultOAuthRedirectUrl();
+    const provider = new FileOAuthProvider(redirectUrl);
+    const { waitForCode, close } = await startOAuthCallbackServer(redirectUrl, provider);
+    try {
+        let result = await auth(provider, { serverUrl: mcpUrl });
+        if (result === "REDIRECT") {
+            const code = await waitForCode;
+            result = await auth(provider, { serverUrl: mcpUrl, authorizationCode: code });
+        }
+        else {
+            void waitForCode.catch(() => {
+                /* already authorized; browser callback not used */
+            });
+        }
+        if (result !== "AUTHORIZED") {
+            throw new Error(`Unexpected auth result: ${result}`);
+        }
+        provider.clearLoginSession();
+        process.stderr.write("Tymio MCP login succeeded. You can run your editor MCP client (tymio-mcp).\n");
+    }
+    finally {
+        close();
+        provider.clearLoginSession();
+    }
+}

package/dist/oauthCallbackServer.d.ts

@@ -0,0 +1,10 @@
+import type { FileOAuthProvider } from "./fileOAuthProvider.js";
+export interface OAuthCallbackHandle {
+    waitForCode: Promise<string>;
+    close: () => void;
+}
+/**
+ * Listens on the host/port of `redirectUrl` and resolves with the authorization `code`
+ * once the browser hits the redirect URI. Resolves after the socket is accepting connections.
+ */
+export declare function startOAuthCallbackServer(redirectUrl: URL, provider: FileOAuthProvider): Promise<OAuthCallbackHandle>;

package/dist/oauthCallbackServer.js

@@ -0,0 +1,89 @@
+import http from "node:http";
+/**
+ * Listens on the host/port of `redirectUrl` and resolves with the authorization `code`
+ * once the browser hits the redirect URI. Resolves after the socket is accepting connections.
+ */
+export async function startOAuthCallbackServer(redirectUrl, provider) {
+    const pathname = redirectUrl.pathname || "/";
+    let resolveCode;
+    let rejectWait;
+    const waitForCode = new Promise((resolve, reject) => {
+        resolveCode = resolve;
+        rejectWait = reject;
+    });
+    const server = http.createServer(async (req, res) => {
+        try {
+            if (!req.url) {
+                res.writeHead(400);
+                res.end("Bad request");
+                return;
+            }
+            const u = new URL(req.url, `http://${req.headers.host ?? "127.0.0.1"}`);
+            if (u.pathname !== pathname) {
+                res.writeHead(404);
+                res.end("Not found");
+                return;
+            }
+            const code = u.searchParams.get("code");
+            const state = u.searchParams.get("state");
+            const errParam = u.searchParams.get("error");
+            if (errParam) {
+                const desc = u.searchParams.get("error_description") ?? errParam;
+                res.writeHead(200, { "Content-Type": "text/html; charset=utf-8" });
+                res.end(`<p>Authorization failed: ${escapeHtml(desc)}</p>`);
+                rejectWait(new Error(desc));
+                return;
+            }
+            if (!code || !state) {
+                res.writeHead(400);
+                res.end("Missing code or state");
+                rejectWait(new Error("Missing authorization code"));
+                return;
+            }
+            const expected = await provider.state();
+            if (state !== expected) {
+                res.writeHead(400);
+                res.end("Invalid state");
+                rejectWait(new Error("OAuth state mismatch"));
+                return;
+            }
+            res.writeHead(200, { "Content-Type": "text/html; charset=utf-8" });
+            res.end("<p>Signed in to Tymio. You can close this tab and return to the terminal.</p>");
+            resolveCode(code);
+        }
+        catch (e) {
+            res.writeHead(500);
+            res.end("Internal error");
+            rejectWait(e instanceof Error ? e : new Error(String(e)));
+        }
+    });
+    const host = redirectUrl.hostname;
+    const port = Number(redirectUrl.port) || (redirectUrl.protocol === "https:" ? 443 : 80);
+    const listening = new Promise((resolve, reject) => {
+        server.once("error", reject);
+        server.listen(port, host, () => {
+            process.stderr.write(`Listening for OAuth callback on ${redirectUrl.origin}${pathname}\n`);
+            server.off("error", reject);
+            resolve();
+        });
+    });
+    try {
+        await listening;
+    }
+    catch (err) {
+        server.close();
+        throw err instanceof Error ? err : new Error(String(err));
+    }
+    server.on("error", (err) => {
+        rejectWait(err instanceof Error ? err : new Error(String(err)));
+    });
+    return {
+        waitForCode,
+        close: () => {
+            server.close();
+        }
+    };
+}
+function escapeHtml(s) {
+    return s.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;");
+}

package/dist/persona.d.ts

@@ -0,0 +1,16 @@
+declare const PERSONA_IDS: readonly ["pm", "po", "dev", "workspace"];
+export type PersonaId = (typeof PERSONA_IDS)[number];
+/** `hub` is an alias for `workspace` (base hub agent behavior). */
+export declare function normalizePersonaId(raw: string | undefined): PersonaId | null;
+export declare function listPersonaIds(): readonly PersonaId[];
+export declare function loadPersonaMarkdown(id: PersonaId): string;
+export declare function personaListHelpText(): string;
+/**
+ * Full MCP server `instructions`: base CLI guide plus optional persona from `TYMIO_MCP_PERSONA`.
+ */
+export declare function getMcpServerInstructions(): string;
+/** Non-empty when a valid persona is active (for stderr startup hint). */
+export declare function activePersonaForHint(): PersonaId | null;
+/** CLI subcommand: `tymio-mcp persona …` — exit code. */
+export declare function runPersonaCli(argv: string[]): number;
+export {};

package/dist/persona.js

@@ -0,0 +1,93 @@
+import { existsSync, readFileSync } from "node:fs";
+import path from "node:path";
+import { fileURLToPath } from "node:url";
+import { AGENT_INSTRUCTIONS } from "./cliMessages.js";
+const PERSONA_IDS = ["pm", "po", "dev", "workspace"];
+function personasDir() {
+    return path.join(path.dirname(fileURLToPath(import.meta.url)), "..", "personas");
+}
+/** `hub` is an alias for `workspace` (base hub agent behavior). */
+export function normalizePersonaId(raw) {
+    if (!raw?.trim())
+        return null;
+    const s = raw.trim().toLowerCase();
+    if (s === "hub")
+        return "workspace";
+    if (PERSONA_IDS.includes(s))
+        return s;
+    return null;
+}
+export function listPersonaIds() {
+    return PERSONA_IDS;
+}
+export function loadPersonaMarkdown(id) {
+    const file = path.join(personasDir(), `${id}.md`);
+    if (!existsSync(file)) {
+        throw new Error(`Bundled persona file missing: ${file}`);
+    }
+    return readFileSync(file, "utf8");
+}
+export function personaListHelpText() {
+    return `Tymio MCP — bundled agent personas (Markdown prompts)
+
+Usage:
+  tymio-mcp persona list              Show this list
+  tymio-mcp persona <id>            Print persona prompt to stdout (pipe into your agent / docs)
+
+Ids: ${PERSONA_IDS.join(", ")}
+
+Embed in MCP sessions (stdio / some clients read server instructions):
+  export TYMIO_MCP_PERSONA=pm        # or po, dev, workspace
+  tymio-mcp                          # persona text is appended to MCP server instructions
+
+Cursor: you can instead enable Skills (.cursor/skills/tymio-*-agent); CLI personas help IDEs without Skills or CI.
+
+`;
+}
+/**
+ * Full MCP server `instructions`: base CLI guide plus optional persona from `TYMIO_MCP_PERSONA`.
+ */
+export function getMcpServerInstructions() {
+    const raw = process.env.TYMIO_MCP_PERSONA;
+    if (!raw?.trim())
+        return AGENT_INSTRUCTIONS;
+    const id = normalizePersonaId(raw);
+    if (!id) {
+        process.stderr.write(`[tymio-mcp] Unknown TYMIO_MCP_PERSONA="${raw.trim()}". Valid: ${PERSONA_IDS.join(", ")} (hub aliases workspace). See: tymio-mcp persona list\n`);
+        return AGENT_INSTRUCTIONS;
+    }
+    let block;
+    try {
+        block = loadPersonaMarkdown(id);
+    }
+    catch (e) {
+        process.stderr.write(`[tymio-mcp] Could not load persona "${id}": ${e}\n`);
+        return AGENT_INSTRUCTIONS;
+    }
+    return `${AGENT_INSTRUCTIONS}\n\n---\n\n## Bundled agent persona (\`TYMIO_MCP_PERSONA=${id}\`)\n\n${block}\n`;
+}
+/** Non-empty when a valid persona is active (for stderr startup hint). */
+export function activePersonaForHint() {
+    return normalizePersonaId(process.env.TYMIO_MCP_PERSONA);
+}
+/** CLI subcommand: `tymio-mcp persona …` — exit code. */
+export function runPersonaCli(argv) {
+    const sub = argv[0];
+    if (!sub || sub === "list" || sub === "--help" || sub === "-h") {
+        process.stderr.write(personaListHelpText());
+        return 0;
+    }
+    const id = normalizePersonaId(sub);
+    if (!id) {
+        process.stderr.write(`Unknown persona "${sub}". Run: tymio-mcp persona list\n`);
+        return 1;
+    }
+    try {
+        process.stdout.write(loadPersonaMarkdown(id));
+        return 0;
+    }
+    catch (e) {
+        process.stderr.write(String(e) + "\n");
+        return 1;
+    }
+}

package/dist/stdioHints.d.ts

@@ -0,0 +1,5 @@
+/**
+ * One-line stderr hint when starting stdio (does not touch stdout — MCP JSON-RPC stays clean).
+ * Suppress with TYMIO_MCP_QUIET=1 or non-TTY stderr.
+ */
+export declare function writeStdioStartupHint(mode: "oauth" | "api-key"): void;

package/dist/stdioHints.js

@@ -0,0 +1,21 @@
+import { activePersonaForHint } from "./persona.js";
+/**
+ * One-line stderr hint when starting stdio (does not touch stdout — MCP JSON-RPC stays clean).
+ * Suppress with TYMIO_MCP_QUIET=1 or non-TTY stderr.
+ */
+export function writeStdioStartupHint(mode) {
+    if (process.env.TYMIO_MCP_QUIET)
+        return;
+    if (!process.stderr.isTTY)
+        return;
+    if (mode === "oauth") {
+        process.stderr.write("[tymio-mcp] OAuth proxy to Tymio MCP. No MCP key in Tymio Settings — use login/OAuth. First run: `tymio-mcp login`. Set TYMIO_WORKSPACE_SLUG (or DRD_WORKSPACE_SLUG) to pin this server to one workspace. Guide: `tymio-mcp instructions` | `tymio-mcp help`\n");
+    }
+    else {
+        process.stderr.write("[tymio-mcp] API-key REST bridge. Set DRD_API_BASE_URL + DRD_API_KEY + TYMIO_WORKSPACE_SLUG (tenant resolved to X-Tenant-Id). Agent guide: `tymio-mcp instructions`\n");
+    }
+    const persona = activePersonaForHint();
+    if (persona) {
+        process.stderr.write(`[tymio-mcp] TYMIO_MCP_PERSONA=${persona} — persona text is appended to MCP server instructions. Print prompt: tymio-mcp persona ${persona}\n`);
+    }
+}

package/dist/workspaceSlug.d.ts

@@ -0,0 +1,13 @@
+import { z } from "zod";
+/** Matches hub workspace slug rules (see server tenant slug validation). */
+export declare const WORKSPACE_SLUG_ZOD: z.ZodString;
+export declare function isValidWorkspaceSlugFormat(slug: string): boolean;
+/**
+ * Pinned slug for this stdio process: every proxied MCP tool call must use this workspace.
+ * Set `TYMIO_MCP_SKIP_WORKSPACE_PINNING=1` only in tests.
+ */
+export declare function readPinnedWorkspaceSlugForStdio(): string | null;
+/** Enforce agent-supplied slug matches pinned CLI config (defense in depth vs hub session). */
+export declare function assertToolArgsMatchPinnedWorkspace(args: unknown, pinnedSlug: string, toolName: string): void;
+/** After assert, remove workspaceSlug before REST bodies. */
+export declare function omitWorkspaceSlug<T extends Record<string, unknown>>(args: T): Omit<T, "workspaceSlug">;