adoptai-mcp 1.0.0

package/README.md

@@ -0,0 +1,70 @@
+# adoptai-mcp
+
+Single CLI to connect **Cursor**, **Claude Desktop**, **Windsurf**, or **VS Code** to AdoptAI MCP integrations (GitHub, Salesforce, Notion, Figma, Canva).
+
+> Published npm name is **`adoptai-mcp`** (no org scope yet). When the `@adoptai` org is ready, rename the package to `@adoptai/mcp` and update MCP config args accordingly.
+
+## Quick start
+
+```bash
+npx adoptai-mcp add --app github --client cursor
+```
+
+One command walks through credentials, validates them against the live API, encrypts and stores them under `~/.adoptai/`, and adds an `mcpServers` entry to your client config.
+
+## Commands
+
+| Command | Description |
+|--------|-------------|
+| `add --app <name> --client <client>` | Interactive setup for one app |
+| `add --apps a,b,c --client <client>` | Set up several apps in sequence |
+| `remove --app <name> --client <client>` | Remove server from client; optional credential delete |
+| `list` | Apps, tool counts, and whether credentials exist |
+| `status` | Which clients reference AdoptAI servers and total tools for authenticated apps |
+| `serve --app <name>` | **Internal** — stdio MCP server (used by client configs) |
+
+Clients: `cursor` \| `claude` \| `windsurf` \| `vscode` (VS Code uses `code --add-mcp` when available).
+
+## MCP config shape
+
+Each app is registered as `<app>-adoptai`, for example:
+
+```json
+{
+  "mcpServers": {
+    "salesforce-adoptai": {
+      "command": "npx",
+      "args": ["-y", "adoptai-mcp", "serve", "--app", "salesforce"],
+      "env": {}
+    }
+  }
+}
+```
+
+## Build (from repo)
+
+```bash
+cd packages/adoptai-mcp
+npm install
+npm run build
+npm link
+adoptai-mcp list
+```
+
+`npm run build` runs TypeScript and copies bundled integration sources plus `specs/` into `dist/` so the published tarball does not depend on the monorepo `integrations/` tree.
+
+## Local checks
+
+1. `node --check dist/cli/index.js`
+2. `adoptai-mcp list` (after `npm link`)
+3. `adoptai-mcp add --app github --client cursor` (requires network + valid token)
+4. Confirm `~/.cursor/mcp.json` (or your client’s file) contains the new server
+5. Restart the client and confirm tools appear
+
+## Salesforce authentication
+
+The CLI uses **SOAP login** (username + password + security token) and stores the resulting **session id** as the REST bearer token. Use **Sandbox** when prompted if your org logs in via `test.salesforce.com`.
+
+## License
+
+MIT

package/bin/adoptai-mcp.js

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+import '../dist/cli/index.js';

package/dist/apps/canva.js

@@ -0,0 +1 @@
+export const appSlug = 'canva';

package/dist/apps/figma.js

@@ -0,0 +1 @@
+export const appSlug = 'figma';

package/dist/apps/github.js

@@ -0,0 +1,2 @@
+/** GitHub aggregate MCP (all github-* REST surfaces). */
+export const appSlug = 'github';

package/dist/apps/notion.js

@@ -0,0 +1 @@
+export const appSlug = 'notion';

package/dist/apps/registry.js

@@ -0,0 +1,20 @@
+export const APP_SLUGS = ['github', 'salesforce', 'notion', 'figma', 'canva'];
+export function isAppSlug(s) {
+    return APP_SLUGS.includes(s);
+}
+export function parseAppList(arg) {
+    if (!arg?.trim())
+        return [];
+    return arg
+        .split(',')
+        .map((a) => a.trim().toLowerCase())
+        .filter((a) => isAppSlug(a));
+}
+/** Resolve tools module URL relative to dist/apps/registry.js or dist/server/*.js. */
+export function toolsModuleUrl(app) {
+    return new URL(`../integrations/${app}/tools.js`, import.meta.url).href;
+}
+export async function countToolsForApp(app) {
+    const mod = await import(toolsModuleUrl(app));
+    return Array.isArray(mod.tools) ? mod.tools.length : 0;
+}

package/dist/apps/salesforce.js

@@ -0,0 +1 @@
+export const appSlug = 'salesforce';

package/dist/cli/add.js

@@ -0,0 +1,532 @@
+import axios from 'axios';
+import chalk from 'chalk';
+import { randomBytes, createHash } from 'node:crypto';
+import { createServer } from 'node:http';
+import { spawn } from 'node:child_process';
+import inquirer from 'inquirer';
+import ora from 'ora';
+import { countToolsForApp, isAppSlug } from '../apps/registry.js';
+import { getCredentialsStore, hasAppCredentials } from '../config/credentials.js';
+import { isClientId, upsertAdoptaiMcpServer } from '../config/clients.js';
+const NOTION_VERSION = '2025-09-03';
+const CANVA_AUTH_URL = 'https://www.canva.com/api/oauth/authorize';
+const CANVA_TOKEN_URL = 'https://api.canva.com/rest/v1/oauth/token';
+const CANVA_DEFAULT_SCOPES = [
+    'design:permission:read',
+    'brandtemplate:content:write',
+    'folder:permission:write',
+    'app:read',
+    'comment:write',
+    'asset:write',
+    'profile:read',
+    'brandtemplate:meta:read',
+    'asset:read',
+    'design:content:read',
+    'app:write',
+    'design:content:write',
+    'design:permission:write',
+    'brandtemplate:content:read',
+    'comment:read',
+    'folder:permission:read',
+    'folder:write',
+    'folder:read',
+].join(' ');
+function escapeXml(s) {
+    return s
+        .replace(/&/g, '&')
+        .replace(/</g, '&lt;')
+        .replace(/>/g, '&gt;')
+        .replace(/"/g, '&quot;')
+        .replace(/'/g, '&apos;');
+}
+function openBrowser(url) {
+    if (process.platform === 'darwin') {
+        spawn('open', [url], { detached: true, stdio: 'ignore' }).unref();
+    }
+    else if (process.platform === 'win32') {
+        spawn('cmd', ['/c', 'start', '""', url], { detached: true, stdio: 'ignore' }).unref();
+    }
+    else {
+        spawn('xdg-open', [url], { detached: true, stdio: 'ignore' }).unref();
+    }
+}
+function pkcePair() {
+    const codeVerifier = randomBytes(32).toString('base64url');
+    const codeChallenge = createHash('sha256').update(codeVerifier).digest('base64url');
+    return { codeVerifier, codeChallenge };
+}
+async function salesforceSoapLogin(opts) {
+    const { username, password, securityToken, loginHost } = opts;
+    const pw = password + (securityToken || '');
+    const body = `<?xml version="1.0" encoding="utf-8" ?>
+<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:urn="urn:partner.soap.sforce.com">
+  <soapenv:Body>
+    <urn:login>
+      <urn:username>${escapeXml(username)}</urn:username>
+      <urn:password>${escapeXml(pw)}</urn:password>
+    </urn:login>
+  </soapenv:Body>
+</soapenv:Envelope>`;
+    const url = `${loginHost.replace(/\/$/, '')}/services/Soap/u/59.0`;
+    const res = await axios.post(url, body, {
+        headers: {
+            'Content-Type': 'text/xml; charset=UTF-8',
+            SOAPAction: '""',
+        },
+        validateStatus: () => true,
+        timeout: 60000,
+    });
+    if (res.status >= 400) {
+        throw new Error(`SOAP login HTTP ${res.status}: ${String(res.data).slice(0, 500)}`);
+    }
+    const xml = typeof res.data === 'string' ? res.data : String(res.data);
+    const fault = xml.match(/<faultstring>([^<]*)<\/faultstring>/);
+    if (fault)
+        throw new Error(fault[1] || 'Salesforce login failed');
+    const sid = xml.match(/<sessionId>([^<]+)<\/sessionId>/);
+    const surl = xml.match(/<serverUrl>([^<]+)<\/serverUrl>/);
+    if (!sid?.[1] || !surl?.[1])
+        throw new Error('Could not parse Salesforce login response');
+    const u = new URL(surl[1]);
+    const instanceUrl = `${u.protocol}//${u.host}`;
+    return { sessionId: sid[1], instanceUrl };
+}
+async function testSalesforceLimits(instanceUrl, sessionId) {
+    const url = `${instanceUrl.replace(/\/$/, '')}/services/data/v59.0/limits`;
+    const res = await axios.get(url, {
+        headers: { Authorization: `Bearer ${sessionId}` },
+        validateStatus: () => true,
+        timeout: 30000,
+    });
+    if (res.status < 200 || res.status >= 300) {
+        throw new Error(`Limits check failed (${res.status})`);
+    }
+}
+async function testGithubToken(token) {
+    const res = await axios.get('https://api.github.com/user', {
+        headers: { Authorization: `Bearer ${token}` },
+        validateStatus: () => true,
+        timeout: 20000,
+    });
+    if (res.status < 200 || res.status >= 300) {
+        throw new Error(res.data?.message || `GitHub API returned ${res.status}`);
+    }
+}
+async function testNotionToken(token) {
+    const res = await axios.get('https://api.notion.com/v1/users/me', {
+        headers: { Authorization: `Bearer ${token}`, 'Notion-Version': NOTION_VERSION },
+        validateStatus: () => true,
+        timeout: 20000,
+    });
+    if (res.status < 200 || res.status >= 300) {
+        throw new Error(res.data?.message || `Notion API returned ${res.status}`);
+    }
+}
+async function testFigmaToken(token) {
+    const res = await axios.get('https://api.figma.com/v1/me', {
+        headers: { 'X-Figma-Token': token },
+        validateStatus: () => true,
+        timeout: 20000,
+    });
+    if (res.status < 200 || res.status >= 300) {
+        throw new Error(res.data?.err || `Figma API returned ${res.status}`);
+    }
+}
+async function testCanvaToken(accessToken) {
+    const res = await axios.get('https://api.canva.com/rest/v1/users/me', {
+        headers: { Authorization: `Bearer ${accessToken}` },
+        validateStatus: () => true,
+        timeout: 20000,
+    });
+    if (res.status < 200 || res.status >= 300) {
+        throw new Error(`Canva API returned ${res.status}`);
+    }
+}
+async function canvaOAuthFlow(clientId, clientSecret) {
+    const { codeVerifier, codeChallenge } = pkcePair();
+    const state = randomBytes(16).toString('hex');
+    const listenPort = 3000;
+    const redirectUri = `http://127.0.0.1:${listenPort}/callback`;
+    const server = await new Promise((resolve, reject) => {
+        const s = createServer();
+        s.once('error', (err) => reject(err));
+        s.listen(listenPort, '127.0.0.1', () => resolve(s));
+    }).catch((err) => {
+        if (err?.code === 'EADDRINUSE') {
+            throw new Error(`Port ${listenPort} is already in use. Stop the other process or set CANVA_REDIRECT_URI to another localhost port in a future version.`);
+        }
+        throw err;
+    });
+    const scope = process.env.CANVA_SCOPES?.trim() || CANVA_DEFAULT_SCOPES;
+    const authParams = new URLSearchParams({
+        response_type: 'code',
+        client_id: clientId,
+        redirect_uri: redirectUri,
+        scope,
+        state,
+        code_challenge: codeChallenge,
+        code_challenge_method: 's256',
+    });
+    const authorizeFull = `${CANVA_AUTH_URL}?${authParams.toString()}`;
+    const result = new Promise((resolve, reject) => {
+        server.on('request', (req, res) => {
+            try {
+                const u = new URL(req.url || '/', `http://127.0.0.1:${listenPort}`);
+                if (u.pathname !== '/callback') {
+                    res.writeHead(404);
+                    res.end();
+                    return;
+                }
+                const code = u.searchParams.get('code');
+                const returned = u.searchParams.get('state');
+                const err = u.searchParams.get('error');
+                if (err) {
+                    res.writeHead(400, { 'Content-Type': 'text/plain' });
+                    res.end(`Error: ${err}`);
+                    server.close();
+                    reject(new Error(u.searchParams.get('error_description') || err));
+                    return;
+                }
+                if (!code || returned !== state) {
+                    res.writeHead(400, { 'Content-Type': 'text/plain' });
+                    res.end('Invalid callback');
+                    server.close();
+                    reject(new Error('Invalid OAuth callback'));
+                    return;
+                }
+                res.writeHead(200, { 'Content-Type': 'text/html' });
+                res.end('<html><body>You can close this window and return to the terminal.</body></html>');
+                server.close();
+                resolve(code);
+            }
+            catch (e) {
+                reject(e);
+            }
+        });
+    });
+    openBrowser(authorizeFull);
+    let code;
+    try {
+        code = await result;
+    }
+    catch (e) {
+        server.close();
+        throw e;
+    }
+    const body = new URLSearchParams({
+        grant_type: 'authorization_code',
+        code,
+        redirect_uri: redirectUri,
+        code_verifier: codeVerifier,
+        client_id: clientId,
+        client_secret: clientSecret,
+    });
+    const tok = await axios.post(CANVA_TOKEN_URL, body.toString(), {
+        headers: { 'Content-Type': 'application/x-www-form-urlencoded', Accept: 'application/json' },
+        timeout: 60000,
+        validateStatus: () => true,
+    });
+    if (tok.status < 200 || tok.status >= 300) {
+        const hint = typeof tok.data === 'object' ? JSON.stringify(tok.data) : String(tok.data);
+        throw new Error(`Canva token exchange failed (${tok.status}): ${hint}`);
+    }
+    const d = tok.data;
+    const accessToken = d.access_token;
+    const refreshToken = d.refresh_token;
+    const expiresIn = Number(d.expires_in) || 14_400;
+    if (!accessToken || !refreshToken) {
+        throw new Error('Token response missing access_token or refresh_token');
+    }
+    const expiresAt = new Date(Date.now() + expiresIn * 1000).toISOString();
+    return { accessToken, refreshToken, expiresAt };
+}
+async function flowGithub(store) {
+    const { token } = await inquirer.prompt([
+        {
+            type: 'password',
+            name: 'token',
+            message: 'Personal Access Token (from github.com/settings/tokens): ',
+            mask: '*',
+        },
+    ]);
+    const t = String(token || '').trim();
+    if (!t)
+        throw new Error('Token is required');
+    const spin = ora('Testing connection…').start();
+    try {
+        await testGithubToken(t);
+        spin.succeed('Connected to GitHub');
+    }
+    catch (e) {
+        spin.fail('Connection failed');
+        throw e;
+    }
+    const savedAt = new Date().toISOString();
+    store.set('github', { token: t, savedAt });
+}
+async function flowSalesforce(store) {
+    const answers = await inquirer.prompt([
+        {
+            type: 'input',
+            name: 'instanceHint',
+            message: 'Instance URL (e.g. https://yourorg.salesforce.com): ',
+        },
+        { type: 'input', name: 'username', message: 'Username: ' },
+        { type: 'password', name: 'password', message: 'Password: ', mask: '*' },
+        { type: 'password', name: 'securityToken', message: 'Security Token: ', mask: '*' },
+        {
+            type: 'confirm',
+            name: 'sandbox',
+            message: 'Is this a Sandbox org (login at test.salesforce.com)?',
+            default: false,
+        },
+    ]);
+    const loginHost = answers.sandbox ? 'https://test.salesforce.com' : 'https://login.salesforce.com';
+    const spin = ora('Testing connection (SOAP login + REST limits)…').start();
+    let sessionId;
+    let instanceUrl;
+    try {
+        ({ sessionId, instanceUrl } = await salesforceSoapLogin({
+            username: String(answers.username).trim(),
+            password: String(answers.password),
+            securityToken: String(answers.securityToken || ''),
+            loginHost,
+        }));
+        await testSalesforceLimits(instanceUrl, sessionId);
+        spin.succeed('Connected to Salesforce! (API v59.0)');
+    }
+    catch (e) {
+        spin.fail('Connection failed');
+        throw e;
+    }
+    const hint = String(answers.instanceHint || '')
+        .trim()
+        .replace(/\/$/, '');
+    if (hint && hint.startsWith('http')) {
+        try {
+            const parsed = new URL(hint);
+            const normalized = `${parsed.protocol}//${parsed.host}`;
+            if (normalized.replace(/\/$/, '') !== instanceUrl.replace(/\/$/, '')) {
+                console.log(chalk.yellow(`Note: Using instance URL from login response (${instanceUrl}), not the hint you entered.`));
+            }
+        }
+        catch {
+            /* ignore */
+        }
+    }
+    const savedAt = new Date().toISOString();
+    store.set('salesforce', {
+        instanceUrl,
+        username: String(answers.username).trim(),
+        accessToken: sessionId,
+        savedAt,
+    });
+}
+async function flowNotion(store) {
+    const { token } = await inquirer.prompt([
+        {
+            type: 'password',
+            name: 'token',
+            message: 'Integration Token (from notion.so/my-integrations): ',
+            mask: '*',
+        },
+    ]);
+    const t = String(token || '').trim();
+    if (!t)
+        throw new Error('Token is required');
+    const spin = ora('Testing connection…').start();
+    try {
+        await testNotionToken(t);
+        spin.succeed('Connected to Notion');
+    }
+    catch (e) {
+        spin.fail('Connection failed');
+        throw e;
+    }
+    store.set('notion', { token: t, savedAt: new Date().toISOString() });
+}
+async function flowFigma(store) {
+    const { token } = await inquirer.prompt([
+        {
+            type: 'password',
+            name: 'token',
+            message: 'Personal Access Token (from figma.com/settings): ',
+            mask: '*',
+        },
+    ]);
+    const t = String(token || '').trim();
+    if (!t)
+        throw new Error('Token is required');
+    const spin = ora('Testing connection…').start();
+    try {
+        await testFigmaToken(t);
+        spin.succeed('Connected to Figma');
+    }
+    catch (e) {
+        spin.fail('Connection failed');
+        throw e;
+    }
+    store.set('figma', { token: t, savedAt: new Date().toISOString() });
+}
+async function flowCanva(store) {
+    const { open, clientId, clientSecret } = await inquirer.prompt([
+        {
+            type: 'confirm',
+            name: 'open',
+            message: 'Open browser for Canva OAuth?',
+            default: true,
+        },
+        { type: 'input', name: 'clientId', message: 'Canva integration Client ID: ' },
+        { type: 'password', name: 'clientSecret', message: 'Canva integration Client secret: ', mask: '*' },
+    ]);
+    if (!open)
+        throw new Error('Canva setup requires completing OAuth in the browser.');
+    const cid = String(clientId || '').trim();
+    const sec = String(clientSecret || '').trim();
+    if (!cid || !sec)
+        throw new Error('Client ID and Client secret are required');
+    console.log(chalk.dim('\nLocal callback listens on http://127.0.0.1:3000/callback — add this URL to your Canva integration.\n'));
+    const spin = ora('Waiting for Canva OAuth callback on port 3000…').start();
+    let tokens;
+    try {
+        tokens = await canvaOAuthFlow(cid, sec);
+        spin.succeed('Canva OAuth complete');
+    }
+    catch (e) {
+        spin.fail('Canva OAuth failed');
+        throw e;
+    }
+    const spin2 = ora('Verifying token…').start();
+    try {
+        await testCanvaToken(tokens.accessToken);
+        spin2.succeed('Connected to Canva');
+    }
+    catch (e) {
+        spin2.fail('Verification failed');
+        throw e;
+    }
+    store.set('canva', {
+        accessToken: tokens.accessToken,
+        refreshToken: tokens.refreshToken,
+        clientId: cid,
+        clientSecret: sec,
+        expiresAt: tokens.expiresAt,
+        savedAt: new Date().toISOString(),
+    });
+}
+async function runOneApp(app, client, store) {
+    console.log(chalk.bold.cyan(`\n  ${app.charAt(0).toUpperCase() + app.slice(1)} Setup`));
+    console.log(chalk.dim('  ────────────────────────────────────'));
+    if (hasAppCredentials(app)) {
+        const { again } = await inquirer.prompt([
+            {
+                type: 'confirm',
+                name: 'again',
+                message: `${app} is already configured. Re-authenticate?`,
+                default: false,
+            },
+        ]);
+        if (!again) {
+            console.log(chalk.yellow('Skipped (keeping existing credentials).'));
+            const spin = ora('Updating client config…').start();
+            try {
+                const written = upsertAdoptaiMcpServer(client, app);
+                spin.succeed(`Config updated (${written})`);
+            }
+            catch (e) {
+                spin.fail('Config update failed');
+                throw e;
+            }
+            const n = await countToolsForApp(app);
+            printSuccess(app, n, client);
+            return;
+        }
+    }
+    let ok = false;
+    let lastErr;
+    while (!ok) {
+        try {
+            switch (app) {
+                case 'github':
+                    await flowGithub(store);
+                    break;
+                case 'salesforce':
+                    await flowSalesforce(store);
+                    break;
+                case 'notion':
+                    await flowNotion(store);
+                    break;
+                case 'figma':
+                    await flowFigma(store);
+                    break;
+                case 'canva':
+                    await flowCanva(store);
+                    break;
+                default:
+                    throw new Error(`Unknown app: ${app}`);
+            }
+            ok = true;
+        }
+        catch (err) {
+            lastErr = err;
+            const msg = err instanceof Error ? err.message : String(err);
+            console.log(chalk.red(`\n  ${msg}`));
+            const { retry } = await inquirer.prompt([
+                {
+                    type: 'confirm',
+                    name: 'retry',
+                    message: 'Try again with different credentials?',
+                    default: true,
+                },
+            ]);
+            if (!retry)
+                throw lastErr;
+        }
+    }
+    const spinSave = ora('Saving credentials…').start();
+    spinSave.succeed('Credentials saved');
+    const spinCfg = ora('Updating client config…').start();
+    try {
+        const pathOrLabel = upsertAdoptaiMcpServer(client, app);
+        spinCfg.succeed(`Config written (${pathOrLabel})`);
+    }
+    catch (e) {
+        spinCfg.fail('Config update failed');
+        throw e;
+    }
+    const n = await countToolsForApp(app);
+    printSuccess(app, n, client);
+}
+function printSuccess(app, toolCount, client) {
+    const label = app.charAt(0).toUpperCase() + app.slice(1);
+    console.log(chalk.green('\n  ──────────────────────────────────────────'));
+    console.log(chalk.green.bold(`  🎉 ${label} is ready!`));
+    console.log(chalk.green(`     ${toolCount} tools available in ${client}`));
+    console.log(chalk.cyan('\n  🔄 Restart Cursor (or your client) to activate.'));
+    console.log(chalk.green('  ──────────────────────────────────────────\n'));
+}
+export async function runAdd(argv) {
+    const clientRaw = argv.client;
+    if (!isClientId(clientRaw)) {
+        console.error(chalk.red(`Unknown client "${clientRaw}". Use: cursor | claude | windsurf | vscode`));
+        process.exit(1);
+    }
+    const client = clientRaw;
+    const fromApps = argv.apps ? argv.apps.split(',').map((s) => s.trim().toLowerCase()) : [];
+    const single = argv.app ? [argv.app.trim().toLowerCase()] : [];
+    const names = fromApps.length ? fromApps : single;
+    if (!names.length) {
+        console.error(chalk.red('Provide --app <name> or --apps a,b,c'));
+        process.exit(1);
+    }
+    const apps = names.filter(isAppSlug);
+    if (apps.length !== names.length) {
+        const bad = names.filter((a) => !isAppSlug(a));
+        console.error(chalk.red(`Unknown app(s): ${bad.join(', ')}`));
+        process.exit(1);
+    }
+    const store = getCredentialsStore();
+    for (const app of apps) {
+        await runOneApp(app, client, store);
+    }
+}

package/dist/cli/index.js

@@ -0,0 +1,39 @@
+import yargs from 'yargs';
+import { hideBin } from 'yargs/helpers';
+import { runAdd } from './add.js';
+import { runList } from './list.js';
+import { runRemove } from './remove.js';
+import { runServe } from './serve.js';
+import { runStatus } from './status.js';
+await yargs(hideBin(process.argv))
+    .scriptName('adoptai-mcp')
+    .usage('$0 <command> [options]')
+    .command('add', 'Authenticate, save credentials, and register the MCP server in your client', (y) => y
+    .option('app', { type: 'string', describe: 'Single app id' })
+    .option('apps', { type: 'string', describe: 'Comma-separated app ids' })
+    .option('client', { type: 'string', demandOption: true, describe: 'cursor | claude | windsurf | vscode' }), async (argv) => {
+    await runAdd({
+        app: argv.app,
+        apps: argv.apps,
+        client: argv.client,
+    });
+})
+    .command('remove', 'Remove AdoptAI MCP from a client config; optionally delete stored credentials', (y) => y
+    .option('app', { type: 'string', demandOption: true })
+    .option('client', { type: 'string', demandOption: true }), async (argv) => {
+    await runRemove({ app: argv.app, client: argv.client });
+})
+    .command('list', 'List apps, tool counts, and authentication status', {}, async () => {
+    await runList();
+})
+    .command('status', 'Show client configs and connected apps', {}, async () => {
+    await runStatus();
+})
+    .command('serve', 'Internal: run stdio MCP for one app (used by client config)', (y) => y.option('app', { type: 'string', demandOption: true }), async (argv) => {
+    await runServe({ app: argv.app });
+})
+    .demandCommand(1, 'Choose a command: add, remove, list, status, serve')
+    .strict()
+    .help()
+    .alias('h', 'help')
+    .parseAsync();