npm - burn-mcp-server - Versions diffs - 2.0.7 → 2.1.0 - Mend

burn-mcp-server 2.0.7 → 2.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

package/.cursor-plugin/plugin.json +19 -0
package/.mcp.json +11 -0
package/README.md +30 -56
package/package.json +3 -7
package/server.json +4 -4
package/src/index.ts +1624 -28
package/tsconfig.json +6 -10
package/vercel.json +7 -5
package/api/health.mjs +0 -7
package/public/index.html +0 -47
package/src/http-dev.ts +0 -56
package/src/http.ts +0 -62
package/src/lib/auth-stdio.ts +0 -26
package/src/lib/auth.ts +0 -71
package/src/setup.ts +0 -1529
package/src/vercel-handler.ts +0 -20

package/tsconfig.json CHANGED Viewed

@@ -1,18 +1,14 @@
 {
   "compilerOptions": {
-    "target": "ES2022",
-    "module": "ES2022",
-    "moduleResolution": "node",
-    "lib": ["ES2022"],
+    "target": "ES2020",
+    "module": "commonjs",
+    "lib": ["ES2020"],
     "outDir": "./dist",
     "rootDir": "./src",
-    "strict": false,
+    "strict": true,
     "esModuleInterop": true,
     "skipLibCheck": true,
-    "resolveJsonModule": true,
-    "noEmit": true,
-    "allowJs": true
+    "resolveJsonModule": true
   },
-  "include": ["src/lib/**/*", "src/index.ts", "src/http.ts", "src/http-dev.ts"],
-  "exclude": ["src/setup.ts", "api/**/*", "dist/**/*", "node_modules/**/*"]
+  "include": ["src/**/*"]
 }

package/vercel.json CHANGED Viewed

@@ -1,9 +1,11 @@
 {
-  "$schema": "https://openapi.vercel.sh/vercel.json",
-  "buildCommand": "npm run build:vercel",
-  "outputDirectory": "public",
+  "functions": {
+    "api/mcp.js": {
+      "runtime": "nodejs20.x",
+      "maxDuration": 30
+    }
+  },
   "rewrites": [
-    { "source": "/mcp", "destination": "/api/mcp" },
-    { "source": "/mcp/(.*)", "destination": "/api/mcp" }
+    { "source": "/mcp", "destination": "/api/mcp" }
   ]
 }

package/api/health.mjs DELETED Viewed

@@ -1,7 +0,0 @@
-export const config = { runtime: 'edge' }
-export default async function handler(req) {
-  return new Response(JSON.stringify({ ok: true, url: req.url, method: req.method, runtime: 'edge' }), {
-    status: 200,
-    headers: { 'content-type': 'application/json' },
-  })
-}

package/public/index.html DELETED Viewed

@@ -1,47 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-  <meta charset="utf-8">
-  <title>Burn MCP Server</title>
-  <meta name="viewport" content="width=device-width, initial-scale=1">
-  <style>
-    body { font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', sans-serif; max-width: 640px; margin: 80px auto; padding: 0 20px; line-height: 1.6; color: #1a1a1a; }
-    h1 { font-size: 28px; margin-bottom: 8px; }
-    .tag { display: inline-block; background: #ff6a00; color: white; padding: 2px 10px; border-radius: 10px; font-size: 12px; margin-right: 6px; }
-    pre { background: #f5f5f5; padding: 16px; border-radius: 8px; overflow-x: auto; font-size: 13px; }
-    a { color: #ff6a00; text-decoration: none; }
-    a:hover { text-decoration: underline; }
-    code { background: #f5f5f5; padding: 2px 6px; border-radius: 4px; font-size: 13px; }
-  </style>
-</head>
-<body>
-  <h1>Burn MCP Server</h1>
-  <p><span class="tag">MCP</span> <span class="tag">Streamable HTTP</span> Read less, absorb more.</p>
-  <p>This is the remote HTTP endpoint for <a href="https://burn451.cloud">Burn</a>'s Model Context Protocol server. 26 tools to let Claude / Cursor / Windsurf search, triage, and analyze your saved reading.</p>
-  <h2>Connect</h2>
-  <p>Paste this into your MCP client (Claude Desktop, Cursor, Windsurf, etc.):</p>
-  <pre>{
-  "mcpServers": {
-    "burn": {
-      "url": "https://mcp.burn451.cloud/mcp",
-      "headers": {
-        "Authorization": "Bearer &lt;your-token&gt;"
-      }
-    }
-  }
-}</pre>
-  <p>Get your token: <a href="https://burn451.cloud">burn451.cloud</a> → Settings → MCP Server → Copy Access Token</p>
-  <h2>Links</h2>
-  <ul>
-    <li><a href="https://github.com/Fisher521/burn-mcp-server">Source code on GitHub</a></li>
-    <li><a href="https://www.npmjs.com/package/burn-mcp-server">npm package (stdio mode)</a></li>
-    <li><a href="https://burn451.cloud">Burn web app</a></li>
-    <li><a href="https://x.com/hawking520">Built by @hawking520</a></li>
-  </ul>
-  <p style="color: #888; font-size: 13px; margin-top: 40px;">MIT licensed. Part of an open ecosystem of AI-era reading tools.</p>
-</body>
-</html>

package/src/http-dev.ts DELETED Viewed

@@ -1,56 +0,0 @@
-// Burn MCP — standalone Node HTTP dev server for local testing.
-// For production deploy, see api/mcp.ts (Vercel Edge) or src/http.ts (the handler).
-import { createServer } from 'node:http'
-import { handleMcpRequest } from './http.js'
-const PORT = Number(process.env.PORT) || 3001
-const server = createServer(async (nodeReq, nodeRes) => {
-  try {
-    const url = new URL(nodeReq.url || '/', `http://${nodeReq.headers.host || 'localhost'}`)
-    const headers = new Headers()
-    for (const [k, v] of Object.entries(nodeReq.headers)) {
-      if (typeof v === 'string') headers.set(k, v)
-    }
-    const body = ['GET', 'HEAD'].includes(nodeReq.method || 'GET')
-      ? null
-      : await new Promise<Buffer>((resolve, reject) => {
-          const chunks: Buffer[] = []
-          nodeReq.on('data', c => chunks.push(c))
-          nodeReq.on('end', () => resolve(Buffer.concat(chunks)))
-          nodeReq.on('error', reject)
-        })
-    const webReq = new Request(url, {
-      method: nodeReq.method,
-      headers,
-      body: body && body.length > 0 ? body : null,
-    })
-    const webRes = await handleMcpRequest(webReq)
-    nodeRes.statusCode = webRes.status
-    webRes.headers.forEach((v, k) => nodeRes.setHeader(k, v))
-    if (webRes.body) {
-      const reader = webRes.body.getReader()
-      while (true) {
-        const { done, value } = await reader.read()
-        if (done) break
-        nodeRes.write(value)
-      }
-    }
-    nodeRes.end()
-  } catch (e: any) {
-    nodeRes.statusCode = 500
-    nodeRes.setHeader('content-type', 'application/json')
-    nodeRes.end(JSON.stringify({ error: 'Internal error', detail: String(e?.message || e) }))
-  }
-})
-server.listen(PORT, () => {
-  console.log(`Burn MCP HTTP server listening on http://localhost:${PORT}`)
-  console.log(`Test: curl -H "Authorization: Bearer <TOKEN>" -X POST http://localhost:${PORT}/mcp \\`)
-  console.log(`  -H 'Content-Type: application/json' -H 'Accept: application/json, text/event-stream' \\`)
-  console.log(`  -d '{"jsonrpc":"2.0","method":"tools/list","id":1}'`)
-})

package/src/http.ts DELETED Viewed

@@ -1,62 +0,0 @@
-// Burn MCP — HTTP transport entry (Web Standard fetch API)
-//
-// Works on Vercel Edge / Node runtime, Cloudflare Workers, Deno, Bun.
-// Users connect by adding ONE URL to Claude/Cursor/Windsurf MCP settings instead of installing npx.
-//
-// Auth: each request carries `Authorization: Bearer <BURN_MCP_TOKEN>` header.
-// Stateless: fresh Supabase client per request (short in-memory session cache for performance).
-import { WebStandardStreamableHTTPServerTransport } from '@modelcontextprotocol/sdk/server/webStandardStreamableHttp.js'
-import { createClient } from '@supabase/supabase-js'
-import { getOrExchangeSession, applySession } from './lib/auth.js'
-import { createBurnServer } from './setup.js'
-const SUPABASE_URL = process.env.BURN_SUPABASE_URL || 'https://juqtxylquemiuvvmgbej.supabase.co'
-const SUPABASE_ANON_KEY = process.env.BURN_SUPABASE_ANON_KEY || 'sb_publishable_reVgmmCC6ndIo6jFRMM2LQ_wujj5FrO'
-/** Main handler — turn an incoming HTTP Request into a JSON-RPC MCP Response. */
-export async function handleMcpRequest(req: Request): Promise<Response> {
-  // --- Auth: require Bearer token ---
-  const authHeader = req.headers.get('authorization') || req.headers.get('Authorization') || ''
-  const match = authHeader.match(/^Bearer\s+(.+)$/i)
-  const token = match?.[1]?.trim()
-  if (!token) {
-    return new Response(JSON.stringify({
-      error: 'Missing Authorization header',
-      hint: 'Add `Authorization: Bearer <BURN_MCP_TOKEN>` header. Get your token at https://burn451.cloud → Settings → MCP Server.',
-    }), { status: 401, headers: { 'content-type': 'application/json' } })
-  }
-  // --- Exchange token → Supabase session (cached in memory 5 min per token) ---
-  let session
-  try {
-    session = await getOrExchangeSession(token)
-  } catch (e: any) {
-    return new Response(JSON.stringify({
-      error: 'Invalid or expired Burn MCP token',
-      detail: String(e?.message || e),
-    }), { status: 401, headers: { 'content-type': 'application/json' } })
-  }
-  // --- Build per-request Supabase client with JWT in headers (faster than setSession, Edge-safe) ---
-  const supabase = createClient(SUPABASE_URL, SUPABASE_ANON_KEY, {
-    auth: { persistSession: false, autoRefreshToken: false, detectSessionInUrl: false },
-    global: {
-      headers: { Authorization: `Bearer ${session.access_token}` },
-    },
-  })
-  const server = createBurnServer(supabase, { rateLimitPerMin: 60 })
-  // --- Streamable HTTP transport (stateless mode — no session reuse across requests) ---
-  const transport = new WebStandardStreamableHTTPServerTransport({
-    sessionIdGenerator: undefined, // stateless mode — MCP SDK treats each request as a new conversation
-    enableJsonResponse: true,
-  })
-  await server.connect(transport)
-  return transport.handleRequest(req)
-}
-// Standalone Node dev server is in src/http-dev.ts (npm run dev:http)

package/src/lib/auth-stdio.ts DELETED Viewed

@@ -1,26 +0,0 @@
-// stdio-only: local session cache on disk (~/.burn/mcp-session.json)
-// NEVER import this from http.ts — it pulls in node:fs/os/path which crashes Edge runtime.
-import { homedir } from 'node:os'
-import { readFileSync, writeFileSync, mkdirSync } from 'node:fs'
-import { join } from 'node:path'
-import type { Session } from './auth.js'
-const CACHE_DIR = join(homedir(), '.burn')
-const CACHE_FILE = join(CACHE_DIR, 'mcp-session.json')
-export function loadCachedSession(): Session | null {
-  try {
-    const raw = readFileSync(CACHE_FILE, 'utf-8')
-    const data = JSON.parse(raw)
-    if (data.access_token && data.refresh_token) return data
-  } catch { /* no cache or invalid */ }
-  return null
-}
-export function saveCachedSession(session: Session): void {
-  try {
-    mkdirSync(CACHE_DIR, { recursive: true })
-    writeFileSync(CACHE_FILE, JSON.stringify(session), { mode: 0o600 })
-  } catch { /* non-fatal */ }
-}

package/src/lib/auth.ts DELETED Viewed

@@ -1,71 +0,0 @@
-// Burn MCP auth — Edge/runtime-safe (no node: imports here)
-//
-// stdio-only session cache (fs-based) is in ./auth-stdio.ts — only imported by src/index.ts.
-// HTTP mode uses in-memory TTL cache declared here (safe in Edge).
-import { SupabaseClient } from '@supabase/supabase-js'
-const DEFAULT_EXCHANGE_URL = 'https://api.burn451.cloud/api/mcp-exchange'
-export interface Session {
-  access_token: string
-  refresh_token: string
-}
-/** Exchange a long-lived MCP token for a Supabase session (fresh from API). */
-export async function exchangeToken(
-  mcpToken: string,
-  exchangeUrl: string = process.env.BURN_MCP_EXCHANGE_URL || DEFAULT_EXCHANGE_URL,
-): Promise<Session> {
-  const resp = await fetch(exchangeUrl, {
-    method: 'POST',
-    headers: { 'Content-Type': 'application/json' },
-    body: JSON.stringify({ token: mcpToken }),
-  })
-  if (!resp.ok) {
-    let detail = ''
-    try { detail = JSON.stringify(await resp.json()) } catch {}
-    throw new Error(`Token exchange failed (${resp.status}): ${detail}`)
-  }
-  const data = await resp.json() as any
-  if (!data.access_token || !data.refresh_token) {
-    throw new Error('Token exchange succeeded but returned no session tokens')
-  }
-  return { access_token: data.access_token, refresh_token: data.refresh_token }
-}
-/** Apply a session to a supabase client, with optional auto-cache on token refresh (stdio mode only). */
-export async function applySession(
-  supabase: SupabaseClient,
-  session: Session,
-  onRefresh?: (s: Session) => void,
-): Promise<void> {
-  const { error } = await supabase.auth.setSession(session)
-  if (error) throw new Error(`Failed to set session: ${error.message}`)
-  if (onRefresh) {
-    supabase.auth.onAuthStateChange((_event, s) => {
-      if (s?.access_token && s?.refresh_token) {
-        onRefresh({ access_token: s.access_token, refresh_token: s.refresh_token })
-      }
-    })
-  }
-}
-// ---------------------------------------------------------------------------
-// HTTP mode: per-token in-memory session cache (TTL-based, safe in Edge)
-// ---------------------------------------------------------------------------
-interface CacheEntry { session: Session; expiresAt: number }
-const httpSessionCache = new Map<string, CacheEntry>()
-const HTTP_CACHE_TTL_MS = 5 * 60_000  // 5 min
-/** Get or refresh a session for an HTTP request. */
-export async function getOrExchangeSession(mcpToken: string): Promise<Session> {
-  const now = Date.now()
-  const cached = httpSessionCache.get(mcpToken)
-  if (cached && cached.expiresAt > now) return cached.session
-  const session = await exchangeToken(mcpToken)
-  httpSessionCache.set(mcpToken, { session, expiresAt: now + HTTP_CACHE_TTL_MS })
-  return session
-}