npm - burn-mcp-server - Versions diffs - 1.1.0 → 1.2.0 - Mend

burn-mcp-server 1.1.0 → 1.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/index.js CHANGED Viewed

@@ -10,32 +10,51 @@ const zod_1 = require("zod");
 // ---------------------------------------------------------------------------
 const SUPABASE_URL = process.env.BURN_SUPABASE_URL || 'https://juqtxylquemiuvvmgbej.supabase.co';
 const SUPABASE_ANON_KEY = process.env.BURN_SUPABASE_ANON_KEY || 'sb_publishable_reVgmmCC6ndIo6jFRMM2LQ_wujj5FrO';
-const SUPABASE_TOKEN = process.env.BURN_SUPABASE_TOKEN;
-if (!SUPABASE_TOKEN) {
-    console.error('Error: BURN_SUPABASE_TOKEN environment variable is required.');
-    console.error('Get your token from: Burn App → Settings → MCP Server → Copy Access Token');
+// Support both old JWT token (BURN_SUPABASE_TOKEN) and new long-lived MCP token (BURN_MCP_TOKEN)
+const MCP_TOKEN = process.env.BURN_MCP_TOKEN;
+const LEGACY_JWT = process.env.BURN_SUPABASE_TOKEN;
+if (!MCP_TOKEN && !LEGACY_JWT) {
+    console.error('Error: BURN_MCP_TOKEN environment variable is required.');
+    console.error('Get your token from: Burn App → Settings → MCP Server → Generate Token');
     process.exit(1);
 }
 // ---------------------------------------------------------------------------
-// Supabase client (authenticated as user via JWT)
+// Supabase client — bootstrapped with anon key, session set after auth below
 // ---------------------------------------------------------------------------
 const supabase = (0, supabase_js_1.createClient)(SUPABASE_URL, SUPABASE_ANON_KEY, {
     auth: {
         persistSession: false,
-        autoRefreshToken: false,
-    },
-    global: {
-        headers: {
-            Authorization: `Bearer ${SUPABASE_TOKEN}`,
-        },
+        autoRefreshToken: true,
     },
+    ...(LEGACY_JWT ? { global: { headers: { Authorization: `Bearer ${LEGACY_JWT}` } } } : {}),
 });
 // ---------------------------------------------------------------------------
+// Auth: exchange MCP token for a real Supabase session (auto-refreshes)
+// ---------------------------------------------------------------------------
+async function initAuth() {
+    if (LEGACY_JWT)
+        return; // legacy mode: JWT already set in headers above
+    // Call SECURITY DEFINER function — works with anon key, no JWT needed
+    const { data, error } = await supabase.rpc('get_mcp_session', { p_token: MCP_TOKEN });
+    if (error || !data || data.length === 0) {
+        console.error('Error: Invalid or revoked BURN_MCP_TOKEN.');
+        console.error('Generate a new token in Burn App → Settings → MCP Server → Generate Token');
+        process.exit(1);
+    }
+    const { refresh_token } = data[0];
+    const { error: refreshError } = await supabase.auth.refreshSession({ refresh_token });
+    if (refreshError) {
+        console.error('Error: Failed to refresh session with stored token.', refreshError.message);
+        process.exit(1);
+    }
+    // supabase client now has a valid session and will auto-refresh going forward
+}
+// ---------------------------------------------------------------------------
 // MCP Server
 // ---------------------------------------------------------------------------
 const server = new mcp_js_1.McpServer({
     name: 'burn-mcp-server',
-    version: '1.1.0',
+    version: '1.2.0',
 });
 // ---------------------------------------------------------------------------
 // Helper: standard text result
@@ -498,6 +517,7 @@ server.resource('vault-categories', 'burn://vault/categories', async (uri) => {
 // Start
 // ---------------------------------------------------------------------------
 async function main() {
+    await initAuth();
     const transport = new stdio_js_1.StdioServerTransport();
     await server.connect(transport);
     console.error('Burn MCP Server running on stdio');

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "burn-mcp-server",
-  "version": "1.1.0",
+  "version": "1.2.0",
   "description": "MCP Server for Burn — access your Vault from Claude/Cursor",
   "main": "dist/index.js",
   "bin": {

package/src/index.ts CHANGED Viewed

@@ -11,37 +11,60 @@ import { z } from 'zod'
 const SUPABASE_URL = process.env.BURN_SUPABASE_URL || 'https://juqtxylquemiuvvmgbej.supabase.co'
 const SUPABASE_ANON_KEY = process.env.BURN_SUPABASE_ANON_KEY || 'sb_publishable_reVgmmCC6ndIo6jFRMM2LQ_wujj5FrO'
-const SUPABASE_TOKEN = process.env.BURN_SUPABASE_TOKEN
-if (!SUPABASE_TOKEN) {
-  console.error('Error: BURN_SUPABASE_TOKEN environment variable is required.')
-  console.error('Get your token from: Burn App → Settings → MCP Server → Copy Access Token')
+// Support both old JWT token (BURN_SUPABASE_TOKEN) and new long-lived MCP token (BURN_MCP_TOKEN)
+const MCP_TOKEN = process.env.BURN_MCP_TOKEN
+const LEGACY_JWT = process.env.BURN_SUPABASE_TOKEN
+if (!MCP_TOKEN && !LEGACY_JWT) {
+  console.error('Error: BURN_MCP_TOKEN environment variable is required.')
+  console.error('Get your token from: Burn App → Settings → MCP Server → Generate Token')
   process.exit(1)
 }
 // ---------------------------------------------------------------------------
-// Supabase client (authenticated as user via JWT)
+// Supabase client — bootstrapped with anon key, session set after auth below
 // ---------------------------------------------------------------------------
 const supabase: SupabaseClient = createClient(SUPABASE_URL, SUPABASE_ANON_KEY, {
   auth: {
     persistSession: false,
-    autoRefreshToken: false,
-  },
-  global: {
-    headers: {
-      Authorization: `Bearer ${SUPABASE_TOKEN}`,
-    },
+    autoRefreshToken: true,
   },
+  ...(LEGACY_JWT ? { global: { headers: { Authorization: `Bearer ${LEGACY_JWT}` } } } : {}),
 })
+// ---------------------------------------------------------------------------
+// Auth: exchange MCP token for a real Supabase session (auto-refreshes)
+// ---------------------------------------------------------------------------
+async function initAuth(): Promise<void> {
+  if (LEGACY_JWT) return // legacy mode: JWT already set in headers above
+  // Call SECURITY DEFINER function — works with anon key, no JWT needed
+  const { data, error } = await supabase.rpc('get_mcp_session', { p_token: MCP_TOKEN })
+  if (error || !data || data.length === 0) {
+    console.error('Error: Invalid or revoked BURN_MCP_TOKEN.')
+    console.error('Generate a new token in Burn App → Settings → MCP Server → Generate Token')
+    process.exit(1)
+  }
+  const { refresh_token } = data[0]
+  const { error: refreshError } = await supabase.auth.refreshSession({ refresh_token })
+  if (refreshError) {
+    console.error('Error: Failed to refresh session with stored token.', refreshError.message)
+    process.exit(1)
+  }
+  // supabase client now has a valid session and will auto-refresh going forward
+}
 // ---------------------------------------------------------------------------
 // MCP Server
 // ---------------------------------------------------------------------------
 const server = new McpServer({
   name: 'burn-mcp-server',
-  version: '1.1.0',
+  version: '1.2.0',
 })
 // ---------------------------------------------------------------------------
@@ -637,6 +660,7 @@ server.resource(
 // ---------------------------------------------------------------------------
 async function main() {
+  await initAuth()
   const transport = new StdioServerTransport()
   await server.connect(transport)
   console.error('Burn MCP Server running on stdio')