@wix/mcp 1.0.45 → 1.0.46

package/README.md

@@ -8,6 +8,23 @@
 npx @wix/mcp
 ```
 
+### Authentication via Wix CLI (`--wixCliAuth`)
+
+After `npx @wix/cli login` writes your OAuth token to `~/.wix/auth/account.json`, pass `--wixCliAuth` to enable the auth-requiring tools — `CallWixSiteAPI`, `ListWixSites`, `ManageWixSite`, site-creation widgets, and `SupportAndFeedback`. The access token is refreshed transparently via the Wix OAuth endpoint when it nears expiry, and the refreshed token is written back atomically.
+
+```jsonc
+{
+  "mcpServers": {
+    "wix": {
+      "command": "npx",
+      "args": ["-y", "@wix/mcp", "--wixCliAuth"]
+    }
+  }
+}
+```
+
+Without `--wixCliAuth`, `@wix/mcp` runs in docs-only mode (same as before). If `--wixCliAuth` is set but `~/.wix/auth/account.json` is missing, the process exits with an error telling you to run `wix login` first.
+
 ### Local Development
 
 1. Clone the repository

package/build/bin-standalone.js

@@ -474,13 +474,13 @@ function __disposeResources(env) {
   }
   return next();
 }
-function __rewriteRelativeImportExtension(path3, preserveJsx) {
-  if (typeof path3 === "string" && /^\.\.?\//.test(path3)) {
-    return path3.replace(/\.(tsx)$|((?:\.d)?)((?:\.[^./]+?)?)\.([cm]?)ts$/i, function(m, tsx, d, ext, cm) {
+function __rewriteRelativeImportExtension(path5, preserveJsx) {
+  if (typeof path5 === "string" && /^\.\.?\//.test(path5)) {
+    return path5.replace(/\.(tsx)$|((?:\.d)?)((?:\.[^./]+?)?)\.([cm]?)ts$/i, function(m, tsx, d, ext, cm) {
       return tsx ? preserveJsx ? ".jsx" : ".js" : d && (!ext || !cm) ? m : d + ext + "." + cm.toLowerCase() + "js";
     });
   }
-  return path3;
+  return path5;
 }
 var extendStatics, __assign, __createBinding, __setModuleDefault, ownKeys, _SuppressedError, tslib_es6_default;
 var init_tslib_es6 = __esm({
@@ -1117,8 +1117,8 @@ var require_utils2 = __commonJS({
       }
     }
     exports.silent = silent;
-    function extractProp(data, path3) {
-      return path3.split(".").filter((prop) => prop).reduce((result, prop) => result[prop], data);
+    function extractProp(data, path5) {
+      return path5.split(".").filter((prop) => prop).reduce((result, prop) => result[prop], data);
     }
     exports.extractProp = extractProp;
     function resolveHost(opts) {
@@ -2118,7 +2118,7 @@ var require_has_flag = __commonJS({
 var require_supports_color = __commonJS({
   "../../node_modules/supports-color/index.js"(exports, module) {
     "use strict";
-    var os = __require("os");
+    var os2 = __require("os");
     var hasFlag = require_has_flag();
     var env = process.env;
     var forceColor;
@@ -2156,7 +2156,7 @@ var require_supports_color = __commonJS({
       }
       const min = forceColor ? 1 : 0;
       if (process.platform === "win32") {
-        const osRelease = os.release().split(".");
+        const osRelease = os2.release().split(".");
         if (Number(process.versions.node.split(".")[0]) >= 8 && Number(osRelease[0]) >= 10 && Number(osRelease[2]) >= 10586) {
           return Number(osRelease[2]) >= 14931 ? 3 : 2;
         }
@@ -3920,14 +3920,14 @@ var require_cookies2 = __commonJS({
       // Standard browser envs support document.cookie
       /* @__PURE__ */ (function standardBrowserEnv() {
         return {
-          write: function write(name, value, expires, path3, domain, secure) {
+          write: function write(name, value, expires, path5, domain, secure) {
             var cookie = [];
             cookie.push(name + "=" + encodeURIComponent(value));
             if (utils.isNumber(expires)) {
               cookie.push("expires=" + new Date(expires).toGMTString());
             }
-            if (utils.isString(path3)) {
-              cookie.push("path=" + path3);
+            if (utils.isString(path5)) {
+              cookie.push("path=" + path5);
             }
             if (utils.isString(domain)) {
               cookie.push("domain=" + domain);
@@ -8002,8 +8002,8 @@ var require_utils7 = __commonJS({
       }
     }
     exports.silent = silent;
-    function extractProp(data, path3) {
-      return path3.split(".").filter((prop) => prop).reduce((result, prop) => result[prop], data);
+    function extractProp(data, path5) {
+      return path5.split(".").filter((prop) => prop).reduce((result, prop) => result[prop], data);
     }
     exports.extractProp = extractProp;
     function resolveHost(opts) {
@@ -8926,14 +8926,14 @@ var require_cookies4 = __commonJS({
       // Standard browser envs support document.cookie
       /* @__PURE__ */ (function standardBrowserEnv() {
         return {
-          write: function write(name, value, expires, path3, domain, secure) {
+          write: function write(name, value, expires, path5, domain, secure) {
             var cookie = [];
             cookie.push(name + "=" + encodeURIComponent(value));
             if (utils.isNumber(expires)) {
               cookie.push("expires=" + new Date(expires).toGMTString());
             }
-            if (utils.isString(path3)) {
-              cookie.push("path=" + path3);
+            if (utils.isString(path5)) {
+              cookie.push("path=" + path5);
             }
             if (utils.isString(domain)) {
               cookie.push("domain=" + domain);
@@ -10231,6 +10231,9 @@ Sentry.init({
 
 // src/bin.ts
 import minimist from "minimist";
+import { existsSync as existsSync2 } from "node:fs";
+import { homedir as homedir3 } from "node:os";
+import path4 from "node:path";
 import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
 
 // src/docs/docs.ts
@@ -14136,6 +14139,206 @@ function getCliAuthToken(siteIdOrAccountsFileName) {
   );
 }
 
+// src/cli-tools/account-token-store.ts
+import fs2 from "node:fs/promises";
+import path3 from "node:path";
+import os from "node:os";
+var DEFAULT_ACCOUNT_FILE = path3.join(
+  os.homedir(),
+  ".wix",
+  "auth",
+  "account.json"
+);
+var DEFAULT_CLIENT_ID = "f234ac48-6cab-4ef2-9ea0-03d56a376da4";
+var WixCliAuthError = class extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "WixCliAuthError";
+  }
+};
+var TokenStore = class {
+  current;
+  currentMtimeMs;
+  inflight;
+  accountFile;
+  clientId;
+  bufferSeconds;
+  constructor(opts = {}) {
+    this.accountFile = opts.accountFile ?? DEFAULT_ACCOUNT_FILE;
+    this.clientId = opts.clientId ?? DEFAULT_CLIENT_ID;
+    this.bufferSeconds = opts.expiryBufferSeconds ?? 5 * 60;
+  }
+  async load() {
+    let raw;
+    let mtimeMs;
+    try {
+      const [content, stat] = await Promise.all([
+        fs2.readFile(this.accountFile, "utf-8"),
+        fs2.stat(this.accountFile)
+      ]);
+      raw = content;
+      mtimeMs = stat.mtimeMs;
+    } catch (err) {
+      const code = err?.code;
+      if (code === "ENOENT") {
+        throw new WixCliAuthError(
+          `Wix CLI auth file not found at ${this.accountFile}.
+Run \`npx @wix/cli login\` first, then retry.`
+        );
+      }
+      throw err;
+    }
+    let parsed;
+    try {
+      parsed = JSON.parse(raw);
+    } catch (err) {
+      throw new WixCliAuthError(
+        `Failed to parse ${this.accountFile}: ${err.message}`
+      );
+    }
+    if (!parsed?.accessToken || !parsed?.refreshToken) {
+      throw new WixCliAuthError(
+        `${this.accountFile} is missing accessToken or refreshToken. Re-run \`npx @wix/cli login\`.`
+      );
+    }
+    this.current = parsed;
+    this.currentMtimeMs = mtimeMs;
+    return parsed;
+  }
+  getUserId() {
+    const id = this.current?.userInfo?.userId;
+    if (!id) {
+      throw new WixCliAuthError(
+        `Wix CLI auth file ${this.accountFile} is missing userInfo.userId. Re-run \`npx @wix/cli login\`.`
+      );
+    }
+    return id;
+  }
+  isExpired(token) {
+    const expirationMs = (token.issuedAt + token.expiresIn) * 1e3;
+    return Date.now() > expirationMs - this.bufferSeconds * 1e3;
+  }
+  /**
+   * Re-read the token file if another process has updated it on disk since we
+   * last loaded it. Avoids a redundant refresh when a sibling bridge process
+   * has already done the work.
+   */
+  async refreshFromDiskIfChanged() {
+    try {
+      const stat = await fs2.stat(this.accountFile);
+      if (this.currentMtimeMs === void 0 || stat.mtimeMs > this.currentMtimeMs) {
+        await this.load();
+      }
+    } catch {
+    }
+  }
+  /** Returns a non-expired access token, refreshing and persisting if needed. */
+  async getFreshToken() {
+    if (!this.current) await this.load();
+    else await this.refreshFromDiskIfChanged();
+    const token = this.current;
+    if (!this.isExpired(token)) return token;
+    if (!this.inflight) {
+      this.inflight = this.refresh(token).finally(() => {
+        this.inflight = void 0;
+      });
+    }
+    return this.inflight;
+  }
+  async refresh(token) {
+    const res = await fetch("https://www.wixapis.com/oauth2/token", {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        Authorization: token.accessToken
+      },
+      body: JSON.stringify({
+        clientId: this.clientId,
+        grantType: "refresh_token",
+        scope: "offline_access",
+        refreshToken: token.refreshToken
+      })
+    });
+    if (!res.ok) {
+      const text = await res.text().catch(() => "");
+      throw new WixCliAuthError(
+        `Failed to refresh Wix access token (HTTP ${res.status}): ${text.slice(0, 500)}
+Run \`npx @wix/cli login\` to re-authenticate.`
+      );
+    }
+    const data = await res.json();
+    const next = {
+      ...token,
+      accessToken: data.access_token,
+      refreshToken: data.refresh_token,
+      issuedAt: Math.floor(Date.now() / 1e3),
+      expiresIn: data.expires_in
+    };
+    this.current = next;
+    await this.persist(next);
+    return next;
+  }
+  /** Atomic write: writes to a sibling .tmp file then renames into place. */
+  async persist(token) {
+    const tmp = `${this.accountFile}.tmp-${process.pid}-${Date.now()}`;
+    try {
+      await fs2.writeFile(tmp, JSON.stringify(token), {
+        encoding: "utf-8",
+        mode: 384
+      });
+      await fs2.rename(tmp, this.accountFile);
+      const stat = await fs2.stat(this.accountFile).catch(() => void 0);
+      if (stat) this.currentMtimeMs = stat.mtimeMs;
+    } catch (err) {
+      console.error(
+        `[wix-mcp] Warning: could not persist refreshed token to ${this.accountFile}: ${err.message}`
+      );
+      await fs2.unlink(tmp).catch(() => void 0);
+    }
+  }
+};
+
+// src/cli-tools/account-auth-strategy.ts
+var WIX_OAUTH_TOKEN_URL = "https://www.wixapis.com/oauth2/token";
+var WIX_CLIENT_ID = "f234ac48-6cab-4ef2-9ea0-03d56a376da4";
+function createAccountFileAuthStrategy({
+  tokens
+}) {
+  return {
+    getAccountAuthHeaders: async () => {
+      const token = await tokens.getFreshToken();
+      return {
+        Authorization: token.accessToken,
+        "wix-account-id": tokens.getUserId()
+      };
+    },
+    getSiteAuthHeaders: async (siteId) => {
+      const token = await tokens.getFreshToken();
+      const res = await fetch(WIX_OAUTH_TOKEN_URL, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({
+          clientId: WIX_CLIENT_ID,
+          grantType: "refresh_token",
+          refreshToken: token.refreshToken,
+          siteId
+        })
+      });
+      if (!res.ok) {
+        const body = await res.text().catch(() => "");
+        throw new WixCliAuthError(
+          `Site token exchange failed for site ${siteId} (HTTP ${res.status}): ${body.slice(0, 300)}`
+        );
+      }
+      const data = await res.json();
+      return {
+        Authorization: data.access_token,
+        "wix-site-id": siteId
+      };
+    }
+  };
+}
+
 // src/bin.ts
 var PUBLIC_TOOLS = [...VALID_DOCS_TOOLS];
 var EXPERIMENTAL_TOOLS = [
@@ -14268,6 +14471,19 @@ if (cliTools.length > 0) {
     }
   }
 }
+if (parsedArgs["wixCliAuth"]) {
+  const accountFile = path4.join(homedir3(), ".wix", "auth", "account.json");
+  if (!existsSync2(accountFile)) {
+    logger.error(
+      `--wixCliAuth was set but ${accountFile} does not exist. Run \`npx @wix/cli login\` first.`
+    );
+    process.exit(1);
+  }
+  logger.log("Enabling Wix CLI auth from ~/.wix/auth/account.json");
+  const tokens = new TokenStore({ accountFile });
+  const accountAuthStrategy = createAccountFileAuthStrategy({ tokens });
+  addApiCallTool(server, accountAuthStrategy);
+}
 try {
   const portals = parsedArgs["portals"]?.split(",") || [];
   if (portals.length > 0) {