@wipcomputer/memory-crystal 0.7.34-alpha.3 → 0.7.34-alpha.4

package/dist/worker-mcp.js

@@ -1,404 +0,0 @@
-import {
-  CloudCrystal
-} from "./chunk-J7MRSZIO.js";
-
-// src/worker-mcp.ts
-function json(data, status = 200, headers = {}) {
-  return new Response(JSON.stringify(data), {
-    status,
-    headers: { "Content-Type": "application/json", ...headers }
-  });
-}
-function cors(response) {
-  const headers = new Headers(response.headers);
-  headers.set("Access-Control-Allow-Origin", "*");
-  headers.set("Access-Control-Allow-Methods", "GET, POST, DELETE, OPTIONS");
-  headers.set("Access-Control-Allow-Headers", "Authorization, Content-Type");
-  return new Response(response.body, { status: response.status, headers });
-}
-async function sha256(input) {
-  const encoded = new TextEncoder().encode(input);
-  const hash = await crypto.subtle.digest("SHA-256", encoded);
-  return Array.from(new Uint8Array(hash)).map((b) => b.toString(16).padStart(2, "0")).join("");
-}
-async function sha256Base64url(input) {
-  const encoded = new TextEncoder().encode(input);
-  const hash = await crypto.subtle.digest("SHA-256", encoded);
-  const bytes = new Uint8Array(hash);
-  return btoa(String.fromCharCode.apply(null, Array.from(bytes))).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
-}
-function generateToken() {
-  const bytes = new Uint8Array(32);
-  crypto.getRandomValues(bytes);
-  return Array.from(bytes).map((b) => b.toString(16).padStart(2, "0")).join("");
-}
-function handleProtectedResourceMetadata(url) {
-  return json({
-    resource: url.origin,
-    authorization_servers: [url.origin],
-    bearer_methods_supported: ["header"]
-  });
-}
-function handleAuthServerMetadata(url) {
-  return json({
-    issuer: url.origin,
-    authorization_endpoint: `${url.origin}/oauth/authorize`,
-    token_endpoint: `${url.origin}/oauth/token`,
-    registration_endpoint: `${url.origin}/oauth/register`,
-    response_types_supported: ["code"],
-    grant_types_supported: ["authorization_code"],
-    code_challenge_methods_supported: ["S256"],
-    token_endpoint_auth_methods_supported: ["none"],
-    scopes_supported: ["memory"]
-  });
-}
-async function handleRegister(request, env) {
-  const body = await request.json();
-  if (!body.redirect_uris?.length) {
-    return json({ error: "redirect_uris required" }, 400);
-  }
-  const clientId = crypto.randomUUID();
-  await env.DB.prepare(`
-    INSERT INTO oauth_clients (client_id, redirect_uris, client_name)
-    VALUES (?, ?, ?)
-  `).bind(clientId, JSON.stringify(body.redirect_uris), body.client_name || "").run();
-  return json({
-    client_id: clientId,
-    redirect_uris: body.redirect_uris,
-    client_name: body.client_name || "",
-    token_endpoint_auth_method: "none"
-  }, 201);
-}
-async function handleAuthorize(request, url, env) {
-  const clientId = url.searchParams.get("client_id");
-  const redirectUri = url.searchParams.get("redirect_uri");
-  const codeChallenge = url.searchParams.get("code_challenge");
-  const codeChallengeMethod = url.searchParams.get("code_challenge_method") || "S256";
-  const state = url.searchParams.get("state");
-  const scope = url.searchParams.get("scope") || "memory";
-  if (!clientId || !redirectUri || !codeChallenge) {
-    return json({ error: "Missing required parameters (client_id, redirect_uri, code_challenge)" }, 400);
-  }
-  if (codeChallengeMethod !== "S256") {
-    return json({ error: "Only S256 code_challenge_method supported" }, 400);
-  }
-  const client = await env.DB.prepare(
-    "SELECT * FROM oauth_clients WHERE client_id = ?"
-  ).bind(clientId).first();
-  if (!client) {
-    return json({ error: "Unknown client_id" }, 400);
-  }
-  const allowedUris = JSON.parse(client.redirect_uris);
-  if (!allowedUris.includes(redirectUri)) {
-    return json({ error: "redirect_uri not registered" }, 400);
-  }
-  if (request.method === "GET") {
-    return new Response(consentPage(clientId, redirectUri, codeChallenge, codeChallengeMethod, state, scope), {
-      headers: { "Content-Type": "text/html" }
-    });
-  }
-  const formData = await request.formData();
-  const email = formData.get("email");
-  if (!email) {
-    return json({ error: "Email required" }, 400);
-  }
-  const userId = await sha256(email.toLowerCase().trim());
-  await env.DB.prepare(`
-    INSERT INTO users (user_id, email) VALUES (?, ?)
-    ON CONFLICT (user_id) DO NOTHING
-  `).bind(userId, email.toLowerCase().trim()).run();
-  const code = generateToken();
-  const expiresAt = new Date(Date.now() + 10 * 60 * 1e3).toISOString();
-  await env.DB.prepare(`
-    INSERT INTO authorization_codes (code, client_id, user_id, code_challenge, code_challenge_method, redirect_uri, scope, expires_at)
-    VALUES (?, ?, ?, ?, ?, ?, ?, ?)
-  `).bind(code, clientId, userId, codeChallenge, codeChallengeMethod, redirectUri, scope, expiresAt).run();
-  const redirect = new URL(redirectUri);
-  redirect.searchParams.set("code", code);
-  if (state) redirect.searchParams.set("state", state);
-  return Response.redirect(redirect.toString(), 302);
-}
-async function handleToken(request, env) {
-  const body = await request.formData();
-  const grantType = body.get("grant_type");
-  const code = body.get("code");
-  const redirectUri = body.get("redirect_uri");
-  const codeVerifier = body.get("code_verifier");
-  if (grantType !== "authorization_code") {
-    return json({ error: "unsupported_grant_type" }, 400);
-  }
-  if (!code || !codeVerifier) {
-    return json({ error: "Missing code or code_verifier" }, 400);
-  }
-  const authCode = await env.DB.prepare(
-    "SELECT * FROM authorization_codes WHERE code = ? AND used = 0"
-  ).bind(code).first();
-  if (!authCode) {
-    return json({ error: "invalid_grant", error_description: "Code not found or already used" }, 400);
-  }
-  if (new Date(authCode.expires_at) < /* @__PURE__ */ new Date()) {
-    return json({ error: "invalid_grant", error_description: "Code expired" }, 400);
-  }
-  if (redirectUri && authCode.redirect_uri !== redirectUri) {
-    return json({ error: "invalid_grant", error_description: "redirect_uri mismatch" }, 400);
-  }
-  const expectedChallenge = await sha256Base64url(codeVerifier);
-  if (expectedChallenge !== authCode.code_challenge) {
-    return json({ error: "invalid_grant", error_description: "PKCE verification failed" }, 400);
-  }
-  await env.DB.prepare("UPDATE authorization_codes SET used = 1 WHERE code = ?").bind(code).run();
-  const user = await env.DB.prepare("SELECT * FROM users WHERE user_id = ?").bind(authCode.user_id).first();
-  const tier = user?.tier || "sovereign";
-  const accessToken = generateToken();
-  const tokenHash = await sha256(accessToken);
-  const expiresAt = new Date(Date.now() + 90 * 24 * 60 * 60 * 1e3).toISOString();
-  await env.DB.prepare(`
-    INSERT INTO access_tokens (token_hash, client_id, user_id, scope, tier, expires_at)
-    VALUES (?, ?, ?, ?, ?, ?)
-  `).bind(tokenHash, authCode.client_id, authCode.user_id, authCode.scope, tier, expiresAt).run();
-  return json({
-    access_token: accessToken,
-    token_type: "Bearer",
-    expires_in: 90 * 24 * 60 * 60,
-    scope: authCode.scope
-  });
-}
-async function verifyToken(request, env) {
-  const auth = request.headers.get("Authorization");
-  if (!auth?.startsWith("Bearer ")) {
-    return json({ error: "Missing Authorization header" }, 401);
-  }
-  const token = auth.slice(7);
-  const tokenHash = await sha256(token);
-  const row = await env.DB.prepare(
-    "SELECT * FROM access_tokens WHERE token_hash = ?"
-  ).bind(tokenHash).first();
-  if (!row) {
-    return json({ error: "Invalid token" }, 401);
-  }
-  if (new Date(row.expires_at) < /* @__PURE__ */ new Date()) {
-    return json({ error: "Token expired" }, 401);
-  }
-  return {
-    user_id: row.user_id,
-    client_id: row.client_id,
-    scope: row.scope,
-    tier: row.tier
-  };
-}
-function consentPage(clientId, redirectUri, codeChallenge, codeChallengeMethod, state, scope) {
-  return `<!DOCTYPE html>
-<html>
-<head>
-  <meta charset="utf-8">
-  <meta name="viewport" content="width=device-width, initial-scale=1">
-  <title>Memory Crystal</title>
-  <style>
-    body { font-family: -apple-system, system-ui, sans-serif; max-width: 420px; margin: 60px auto; padding: 0 20px; color: #1a1a1a; }
-    h1 { font-size: 1.4em; }
-    p { color: #555; line-height: 1.5; }
-    form { margin-top: 24px; }
-    label { display: block; font-weight: 500; margin-bottom: 6px; }
-    input[type=email] { width: 100%; padding: 10px; border: 1px solid #ccc; border-radius: 6px; font-size: 16px; box-sizing: border-box; }
-    button { margin-top: 16px; width: 100%; padding: 12px; background: #1a1a1a; color: white; border: none; border-radius: 6px; font-size: 16px; cursor: pointer; }
-    button:hover { background: #333; }
-    .note { font-size: 0.85em; color: #888; margin-top: 16px; }
-  </style>
-</head>
-<body>
-  <h1>Memory Crystal</h1>
-  <p>An app wants to access your memory. Enter your email to continue.</p>
-  <form method="POST">
-    <input type="hidden" name="client_id" value="${clientId}">
-    <input type="hidden" name="redirect_uri" value="${redirectUri}">
-    <input type="hidden" name="code_challenge" value="${codeChallenge}">
-    <input type="hidden" name="code_challenge_method" value="${codeChallengeMethod}">
-    ${state ? `<input type="hidden" name="state" value="${state}">` : ""}
-    <input type="hidden" name="scope" value="${scope}">
-    <label for="email">Email</label>
-    <input type="email" id="email" name="email" required placeholder="you@example.com" autocomplete="email">
-    <button type="submit">Connect Memory</button>
-  </form>
-  <p class="note">Your email identifies your memory account. No password needed... your AI client handles authentication.</p>
-</body>
-</html>`;
-}
-var TOOLS = [
-  {
-    name: "memory_search",
-    description: "Search your memories across all conversations and surfaces.",
-    inputSchema: {
-      type: "object",
-      properties: {
-        query: { type: "string", description: "What to search for" },
-        limit: { type: "number", description: "Max results (default 5, max 20)" }
-      },
-      required: ["query"]
-    },
-    annotations: { readOnlyHint: true, openWorldHint: false }
-  },
-  {
-    name: "memory_remember",
-    description: "Save a fact, preference, or observation to your memory.",
-    inputSchema: {
-      type: "object",
-      properties: {
-        text: { type: "string", description: "The fact or observation to remember" },
-        category: {
-          type: "string",
-          enum: ["fact", "preference", "event", "opinion", "skill"],
-          description: "Category of memory (default: fact)"
-        }
-      },
-      required: ["text"]
-    },
-    annotations: { readOnlyHint: false, destructiveHint: false, openWorldHint: false }
-  },
-  {
-    name: "memory_forget",
-    description: "Deprecate a memory by ID.",
-    inputSchema: {
-      type: "object",
-      properties: {
-        id: { type: "number", description: "Memory ID to deprecate" }
-      },
-      required: ["id"]
-    },
-    annotations: { readOnlyHint: false, destructiveHint: true, idempotentHint: true }
-  },
-  {
-    name: "memory_status",
-    description: "Show your memory status: chunk count, memory count, connected agents.",
-    inputSchema: { type: "object", properties: {} },
-    annotations: { readOnlyHint: true, openWorldHint: false }
-  }
-];
-async function handleMCP(request, env, tokenInfo) {
-  const body = await request.json();
-  const { method, id, params } = body;
-  const crystal = new CloudCrystal(env.DB, env.VECTORIZE, env.OPENAI_API_KEY);
-  let result;
-  switch (method) {
-    case "initialize":
-      result = {
-        protocolVersion: "2025-03-26",
-        serverInfo: { name: "memory-crystal", version: "0.2.0" },
-        capabilities: { tools: {} }
-      };
-      break;
-    case "tools/list":
-      result = { tools: TOOLS };
-      break;
-    case "tools/call": {
-      const toolName = params?.name;
-      const args = params?.arguments || {};
-      switch (toolName) {
-        case "memory_search": {
-          if (tokenInfo.tier === "sovereign") {
-            result = {
-              content: [{
-                type: "text",
-                text: "Search is available on your local devices only (Sovereign tier). Your memories from this session have been saved and will be searchable from any device with Memory Crystal installed locally."
-              }]
-            };
-          } else {
-            const limit = Math.min(args.limit || 5, 20);
-            const results = await crystal.search(tokenInfo.user_id, args.query, limit);
-            const formatted = results.map(
-              (r, i) => `[${i + 1}] (${r.score.toFixed(1)}% match, ${r.agent_id}, ${r.created_at})
-${r.text}`
-            ).join("\n\n");
-            result = {
-              content: [{
-                type: "text",
-                text: results.length > 0 ? formatted : `No results for "${args.query}".`
-              }]
-            };
-          }
-          break;
-        }
-        case "memory_remember": {
-          if (tokenInfo.tier === "sovereign") {
-          }
-          const memId = await crystal.remember(tokenInfo.user_id, args.text, args.category || "fact");
-          result = {
-            content: [{
-              type: "text",
-              text: `Remembered (id: ${memId}, category: ${args.category || "fact"}): ${args.text}`
-            }]
-          };
-          break;
-        }
-        case "memory_forget": {
-          const ok = await crystal.forget(tokenInfo.user_id, args.id);
-          result = {
-            content: [{
-              type: "text",
-              text: ok ? `Memory ${args.id} deprecated.` : `Memory ${args.id} not found or already deprecated.`
-            }]
-          };
-          break;
-        }
-        case "memory_status": {
-          const status = await crystal.status(tokenInfo.user_id);
-          result = {
-            content: [{
-              type: "text",
-              text: [
-                `Chunks: ${status.chunks}`,
-                `Memories: ${status.memories}`,
-                `Agents: ${status.agents.join(", ") || "none"}`,
-                `Tier: ${status.tier}`
-              ].join("\n")
-            }]
-          };
-          break;
-        }
-        default:
-          return json({ jsonrpc: "2.0", id, error: { code: -32601, message: `Unknown tool: ${toolName}` } });
-      }
-      break;
-    }
-    case "notifications/initialized":
-      return new Response(null, { status: 204 });
-    default:
-      return json({ jsonrpc: "2.0", id, error: { code: -32601, message: `Unknown method: ${method}` } });
-  }
-  return json({ jsonrpc: "2.0", id, result });
-}
-var worker_mcp_default = {
-  async fetch(request, env) {
-    const url = new URL(request.url);
-    const path = url.pathname;
-    if (request.method === "OPTIONS") {
-      return cors(new Response(null, { status: 204 }));
-    }
-    if (path === "/health" && request.method === "GET") {
-      return cors(json({ ok: true, service: "memory-crystal-cloud", version: "0.2.0" }));
-    }
-    if (path === "/.well-known/oauth-protected-resource") {
-      return cors(handleProtectedResourceMetadata(url));
-    }
-    if (path === "/.well-known/oauth-authorization-server") {
-      return cors(handleAuthServerMetadata(url));
-    }
-    if (path === "/oauth/register" && request.method === "POST") {
-      return cors(await handleRegister(request, env));
-    }
-    if (path === "/oauth/authorize") {
-      return await handleAuthorize(request, url, env);
-    }
-    if (path === "/oauth/token" && request.method === "POST") {
-      return cors(await handleToken(request, env));
-    }
-    if (path === "/mcp" && request.method === "POST") {
-      const tokenResult = await verifyToken(request, env);
-      if (tokenResult instanceof Response) return cors(tokenResult);
-      return cors(await handleMCP(request, env, tokenResult));
-    }
-    return cors(json({ error: "Not found" }, 404));
-  }
-};
-export {
-  worker_mcp_default as default
-};

package/scripts/crystal-capture 2.sh

@@ -1,29 +0,0 @@
-#!/bin/bash
-# Job: crystal-capture
-# Continuous capture for Claude Code sessions.
-# Reads JSONL files on disk, ingests into Crystal, exports MD sessions, writes daily logs.
-# Primary capture path. Runs every minute via cron.
-# The Stop hook (cc-hook.ts) is a redundancy check only.
-#
-# Source of truth: memory-crystal-private/scripts/crystal-capture.sh
-# Deployed to: ~/.ldm/bin/crystal-capture.sh (via crystal init)
-# Cron entry: * * * * * ~/.ldm/bin/crystal-capture.sh >> /tmp/ldm-dev-tools/crystal-capture.log 2>&1
-#
-# The Node poller fetches the OpenAI API key internally via opRead() in core.ts.
-# opRead uses: op read "op://Agent Secrets/OpenAI API/api key" with the SA token from
-# ~/.openclaw/secrets/op-sa-token. Do NOT call op from this shell script... it triggers
-# macOS TCC popups when run from cron.
-
-# Cron provides minimal PATH. Ensure Homebrew binaries (node, op) are findable.
-export PATH="/opt/homebrew/bin:$PATH"
-
-POLLER="$HOME/.ldm/extensions/memory-crystal/dist/cc-poller.js"
-NODE="/opt/homebrew/bin/node"
-
-if [ ! -f "$POLLER" ]; then
-  echo "ERROR: cc-poller not found at $POLLER"
-  exit 1
-fi
-
-# Single run: scan all sessions, ingest new turns, export MD, exit.
-$NODE "$POLLER" 2>&1

package/scripts/deploy-cloud 2.sh

@@ -1,153 +0,0 @@
-#!/usr/bin/env bash
-#
-# deploy-cloud.sh — Deploy Memory Crystal Cloud MCP server to Cloudflare.
-# Pulls all credentials from 1Password. No keys in env files.
-#
-# Usage:
-#   bash scripts/deploy-cloud.sh          # full setup (first time)
-#   bash scripts/deploy-cloud.sh deploy   # just redeploy Worker code
-#
-# Prerequisites:
-#   - wrangler CLI installed (npm install -g wrangler)
-#   - 1Password items populated:
-#     "Parker - Cloudflare Memory Crystal Keys" (api-token, account-id)
-#     "OpenAI API" (api key)
-
-set -euo pipefail
-
-REPO_DIR="$(cd "$(dirname "$0")/.." && pwd)"
-cd "$REPO_DIR"
-
-# ── Pull credentials from 1Password ──
-
-echo "Pulling credentials from 1Password..."
-
-OP_TOKEN=$(cat ~/.openclaw/secrets/op-sa-token)
-
-CF_API_TOKEN=$(OP_SERVICE_ACCOUNT_TOKEN="$OP_TOKEN" op item get "Parker - Cloudflare Memory Crystal Keys" \
-  --vault="Agent Secrets" --fields label=api-token --reveal)
-
-CF_ACCOUNT_ID=$(OP_SERVICE_ACCOUNT_TOKEN="$OP_TOKEN" op item get "Parker - Cloudflare Memory Crystal Keys" \
-  --vault="Agent Secrets" --fields label=account-id --reveal)
-
-OPENAI_API_KEY=$(OP_SERVICE_ACCOUNT_TOKEN="$OP_TOKEN" op item get "OpenAI API" \
-  --vault="Agent Secrets" --fields label="api key" --reveal)
-
-if [[ "$CF_API_TOKEN" == "REPLACE_WITH_CLOUDFLARE_API_TOKEN" || "$CF_ACCOUNT_ID" == "REPLACE_WITH_CLOUDFLARE_ACCOUNT_ID" ]]; then
-  echo "Error: Cloudflare credentials not yet filled in 1Password."
-  echo "Update 'Parker - Cloudflare Memory Crystal Keys' in Agent Secrets vault."
-  exit 1
-fi
-
-export CLOUDFLARE_API_TOKEN="$CF_API_TOKEN"
-export CLOUDFLARE_ACCOUNT_ID="$CF_ACCOUNT_ID"
-
-echo "  Cloudflare Account ID: ${CF_ACCOUNT_ID:0:8}..."
-echo "  Cloudflare API Token: ${CF_API_TOKEN:0:8}..."
-echo "  OpenAI API Key: ${OPENAI_API_KEY:0:8}..."
-
-# ── Deploy only? ──
-
-if [[ "${1:-}" == "deploy" ]]; then
-  echo ""
-  echo "Building and deploying Worker..."
-  npm run build:cloud
-  npx wrangler deploy --config wrangler-mcp.toml
-  echo "Done. Worker deployed."
-  exit 0
-fi
-
-# ── Full setup (first time) ──
-
-echo ""
-echo "=== Step 1: Create D1 database ==="
-
-# Check if database already exists
-DB_ID=$(npx wrangler d1 list --json 2>/dev/null | python3 -c "
-import sys, json
-dbs = json.load(sys.stdin)
-for db in dbs:
-    if db['name'] == 'memory-crystal-cloud':
-        print(db['uuid'])
-        break
-" 2>/dev/null || echo "")
-
-if [[ -z "$DB_ID" ]]; then
-  echo "Creating D1 database: memory-crystal-cloud"
-  DB_OUTPUT=$(npx wrangler d1 create memory-crystal-cloud 2>&1)
-  DB_ID=$(echo "$DB_OUTPUT" | grep -oE '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}' | head -1)
-  echo "  Created: $DB_ID"
-else
-  echo "  Already exists: $DB_ID"
-fi
-
-if [[ -z "$DB_ID" ]]; then
-  echo "Error: Could not get D1 database ID"
-  exit 1
-fi
-
-# Update wrangler-mcp.toml with database ID
-if grep -q 'database_id = ""' wrangler-mcp.toml; then
-  sed -i.bak "s/database_id = \"\"/database_id = \"$DB_ID\"/" wrangler-mcp.toml
-  rm -f wrangler-mcp.toml.bak
-  echo "  Updated wrangler-mcp.toml with database_id"
-fi
-
-echo ""
-echo "=== Step 2: Create Vectorize index ==="
-
-VEC_EXISTS=$(npx wrangler vectorize list --json 2>/dev/null | python3 -c "
-import sys, json
-indexes = json.load(sys.stdin)
-for idx in indexes:
-    if idx['name'] == 'memory-crystal-chunks':
-        print('yes')
-        break
-" 2>/dev/null || echo "")
-
-if [[ "$VEC_EXISTS" != "yes" ]]; then
-  echo "Creating Vectorize index: memory-crystal-chunks (1024 dims, cosine)"
-  npx wrangler vectorize create memory-crystal-chunks --dimensions 1024 --metric cosine
-  echo "  Created."
-else
-  echo "  Already exists."
-fi
-
-echo ""
-echo "=== Step 3: Run D1 migrations ==="
-
-npx wrangler d1 migrations apply memory-crystal-cloud --config wrangler-mcp.toml
-echo "  Migrations applied."
-
-echo ""
-echo "=== Step 4: Set Worker secrets ==="
-
-echo "$OPENAI_API_KEY" | npx wrangler secret put OPENAI_API_KEY --config wrangler-mcp.toml
-echo "  OPENAI_API_KEY set."
-
-# Generate signing key for OAuth tokens
-MCP_SIGNING_KEY=$(openssl rand -hex 32)
-echo "$MCP_SIGNING_KEY" | npx wrangler secret put MCP_SIGNING_KEY --config wrangler-mcp.toml
-echo "  MCP_SIGNING_KEY set (generated)."
-
-# Generate relay encryption key (base64, 32 bytes)
-RELAY_KEY=$(openssl rand -base64 32)
-echo "$RELAY_KEY" | npx wrangler secret put RELAY_ENCRYPTION_KEY --config wrangler-mcp.toml
-echo "  RELAY_ENCRYPTION_KEY set (generated)."
-
-echo ""
-echo "=== Step 5: Build and deploy ==="
-
-npm run build:cloud
-npx wrangler deploy --config wrangler-mcp.toml
-
-echo ""
-echo "=== Done ==="
-echo ""
-echo "Memory Crystal Cloud MCP server deployed."
-echo "Worker URL: https://memory-crystal-cloud.<your-subdomain>.workers.dev"
-echo ""
-echo "Next steps:"
-echo "  1. Test: curl https://memory-crystal-cloud.<subdomain>.workers.dev/health"
-echo "  2. Test OAuth: GET /.well-known/oauth-authorization-server"
-echo "  3. Connect from ChatGPT or Claude"