circuit-mcp 2.3.4 → 2.4.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024-2025 Circuit (withcircuit.com)
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/package.json

@@ -1,12 +1,19 @@
 {
   "name": "circuit-mcp",
-  "version": "2.3.4",
+  "version": "2.4.0",
   "description": "Connect Circuit to Cursor and Claude Code - bring customer priorities and engineering briefs into your AI coding assistant",
   "type": "module",
   "bin": {
     "circuit-mcp": "./bin/circuit-mcp.js"
   },
   "main": "./src/index.js",
+  "exports": "./src/index.js",
+  "files": [
+    "bin/",
+    "src/",
+    "LICENSE",
+    "README.md"
+  ],
   "scripts": {
     "start": "node bin/circuit-mcp.js"
   },
@@ -25,15 +32,15 @@
     "customer-feedback"
   ],
   "author": "Circuit <hello@withcircuit.com>",
-  "license": "UNLICENSED",
+  "license": "MIT",
   "homepage": "https://withcircuit.com",
   "repository": {
     "type": "git",
-    "url": "https://github.com/CatherineWilliamsTreloar/Circuit.git",
+    "url": "https://github.com/withcircuit/Circuit.git",
     "directory": "circuit-mcp"
   },
   "bugs": {
-    "url": "https://github.com/CatherineWilliamsTreloar/Circuit/issues"
+    "url": "https://github.com/withcircuit/Circuit/issues"
   },
   "dependencies": {
     "chalk": "^5.3.0",

package/src/auth.js

@@ -1,6 +1,6 @@
 import http from 'http';
 import { URL } from 'url';
-import { randomBytes } from 'crypto';
+import { randomBytes, createHash } from 'crypto';
 import fs from 'fs/promises';
 import path from 'path';
 import os from 'os';
@@ -12,20 +12,53 @@ const CIRCUIT_URL = process.env.CIRCUIT_APP_URL || 'https://app.withcircuit.com'
 const TOKEN_FILE = path.join(os.homedir(), '.circuit', 'token.json');
 
 /**
- * Get stored token from disk
+ * Get stored token from disk. Attempts refresh if access token is expired.
  */
 export async function getStoredToken() {
   try {
     const data = await fs.readFile(TOKEN_FILE, 'utf-8');
-    const { token, expiresAt } = JSON.parse(data);
+    const { token, expiresAt, refreshToken, refreshExpiresAt } = JSON.parse(data);
 
-    // Check if expired
-    if (expiresAt && new Date(expiresAt) < new Date()) {
-      await clearToken();
-      return null;
+    // Check if access token is still valid
+    if (expiresAt && new Date(expiresAt) > new Date()) {
+      return token;
     }
 
-    return token;
+    // Access token expired — try refresh
+    if (refreshToken && refreshExpiresAt && new Date(refreshExpiresAt) > new Date()) {
+      const refreshed = await refreshAccessToken(refreshToken);
+      if (refreshed) return refreshed;
+    }
+
+    // Both expired
+    await clearToken();
+    return null;
+  } catch {
+    return null;
+  }
+}
+
+/**
+ * Refresh an expired access token using the refresh token.
+ */
+async function refreshAccessToken(refreshToken) {
+  const CIRCUIT_API = process.env.CIRCUIT_API_URL || 'https://api.withcircuit.com';
+  try {
+    const response = await fetch(`${CIRCUIT_API}/mcp/token`, {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({
+        grant_type: 'refresh_token',
+        refresh_token: refreshToken,
+      }),
+    });
+    if (!response.ok) return null;
+    const data = await response.json();
+    if (data.access_token) {
+      await storeToken(data.access_token, data.expires_in, data.refresh_token);
+      return data.access_token;
+    }
+    return null;
   } catch {
     return null;
   }
@@ -34,12 +67,18 @@ export async function getStoredToken() {
 /**
  * Store token to disk
  */
-async function storeToken(token, expiresIn = 86400 * 30) {
+async function storeToken(token, expiresIn = 86400 * 30, refreshToken = null) {
   const dir = path.dirname(TOKEN_FILE);
   await fs.mkdir(dir, { recursive: true });
 
   const expiresAt = new Date(Date.now() + expiresIn * 1000).toISOString();
-  await fs.writeFile(TOKEN_FILE, JSON.stringify({ token, expiresAt }, null, 2));
+  const tokenData = { token, expiresAt };
+  if (refreshToken) {
+    tokenData.refreshToken = refreshToken;
+    // Refresh tokens last 90 days
+    tokenData.refreshExpiresAt = new Date(Date.now() + 90 * 86400 * 1000).toISOString();
+  }
+  await fs.writeFile(TOKEN_FILE, JSON.stringify(tokenData, null, 2));
 }
 
 /**
@@ -66,11 +105,18 @@ export async function authenticate() {
       const callbackUrl = `http://127.0.0.1:${port}/callback`;
       const state = randomBytes(16).toString('hex');
 
-      // Build auth URL
+      // PKCE (RFC 7636): generate code_verifier and code_challenge
+      const codeVerifier = randomBytes(32).toString('base64url');
+      const codeChallenge = createHash('sha256').update(codeVerifier).digest('base64url');
+
+      // Build auth URL with PKCE (RFC 7636)
       const authUrl = new URL(`${CIRCUIT_URL}/mcp/auth`);
       authUrl.searchParams.set('redirect_uri', callbackUrl);
       authUrl.searchParams.set('state', state);
       authUrl.searchParams.set('response_type', 'code');
+      authUrl.searchParams.set('code_challenge', codeChallenge);
+      authUrl.searchParams.set('code_challenge_method', 'S256');
+      authUrl.searchParams.set('code_verifier', codeVerifier);
 
       // Handle callback
       server.on('request', async (req, res) => {
@@ -78,6 +124,7 @@ export async function authenticate() {
 
         if (url.pathname === '/callback') {
           const token = url.searchParams.get('access_token');
+          const refreshTokenParam = url.searchParams.get('refresh_token');
           const error = url.searchParams.get('error');
           const returnedState = url.searchParams.get('state');
 
@@ -97,8 +144,8 @@ export async function authenticate() {
             return;
           }
 
-          // Store token
-          await storeToken(token);
+          // Store token (with refresh token if available)
+          await storeToken(token, 86400 * 30, refreshTokenParam);
 
           // Send success page and close after response is fully sent
           res.writeHead(200, { 'Content-Type': 'text/html' });

package/src/server.js

@@ -83,8 +83,8 @@ async function handleMessage(message, token) {
         jsonrpc: '2.0',
         id,
         result: {
-          protocolVersion: '2024-11-05',
-          serverInfo: { name: 'circuit-mcp', version: '2.2.0' },
+          protocolVersion: '2025-03-26',
+          serverInfo: { name: 'circuit-mcp', version: '2.4.0' },
           capabilities: { tools: {}, resources: {} },
           instructions: `Circuit is connected. 4 tools available:
 • circuit.priorities — what to work on next
@@ -201,14 +201,14 @@ const TOOLS = [
   },
   {
     name: 'circuit.act',
-    description: "Take action. Start building, ship it, share back with customers, assign, correct a classification, submit feedback, or submit a transcript.",
+    description: "Take action. Start building, ship it, share back with customers, assign, correct a classification, park a priority, submit feedback, or submit a transcript.",
     inputSchema: {
       type: 'object',
       properties: {
         action: {
           type: 'string',
-          description: "'build' (start building), 'ship' (mark shipped), 'share' (notify customers via email/widget), 'assign' (assign to team member), 'correct' (fix classification), 'submit' (add feedback), 'transcript' (submit a transcript)",
-          enum: ['build', 'ship', 'share', 'assign', 'correct', 'submit', 'transcript']
+          description: "'build' (start building), 'ship' (mark shipped), 'share' (notify customers via email/widget), 'assign' (assign to team member), 'correct' (fix classification), 'park' (park priority with reason), 'submit' (add feedback), 'transcript' (submit a transcript)",
+          enum: ['build', 'ship', 'share', 'assign', 'correct', 'park', 'submit', 'transcript']
         },
         spec_id: {
           type: 'string',
@@ -229,7 +229,11 @@ const TOOLS = [
         },
         priority_id: {
           type: 'string',
-          description: "Priority ID (for correct)"
+          description: "Priority ID (for correct, park)"
+        },
+        park_reason: {
+          type: 'string',
+          description: "Reason for parking this priority (for park action). E.g. 'Out of scope this quarter', 'Waiting for more signal', 'Low revenue impact'"
         },
         correction_type: {
           type: 'string',
@@ -557,11 +561,12 @@ Ranked customer priorities with revenue impact and trend data.
 * "Export all ready specs for sprint planning"
 
 ## circuit.act — Ship it and close the loop
-Start building, mark as shipped, notify customers, assign to a team member, or submit new feedback.
+Start building, mark as shipped, notify customers, assign, park a priority, or submit new feedback.
 * "Start building <spec_id>"
 * "Mark <spec_id> as shipped"
 * "Tell customers we shipped <spec_id>"
 * "Assign <spec_id> to Catherine"
+* "Park <priority_id> — waiting for more signal"
 * "Submit feedback: users want dark mode"
 * "Submit transcript: <transcript text>"
 

package/preview-error.html

@@ -1,57 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-  <title>Circuit - Connection Failed</title>
-  <style>
-    * { margin: 0; padding: 0; box-sizing: border-box; }
-    body {
-      font-family: 'Geist', -apple-system, BlinkMacSystemFont, system-ui, 'Segoe UI', Roboto, sans-serif;
-      background: #F5F3F0;
-      min-height: 100vh;
-      display: flex;
-      align-items: center;
-      justify-content: center;
-      color: #1C1A18;
-      padding: 24px;
-    }
-    .content {
-      text-align: center;
-      max-width: 400px;
-    }
-    .icon {
-      margin-bottom: 24px;
-    }
-    .icon svg {
-      width: 48px;
-      height: 48px;
-      color: #D64545;
-    }
-    h1 {
-      font-size: 24px;
-      font-weight: 600;
-      color: #1C1A18;
-      margin-bottom: 12px;
-    }
-    p {
-      font-size: 14px;
-      color: rgba(28, 26, 24, 0.6);
-      line-height: 1.6;
-    }
-    .hint {
-      font-size: 12px;
-      color: rgba(28, 26, 24, 0.6);
-      margin-top: 16px;
-    }
-  </style>
-</head>
-<body>
-  <div class="content">
-    <div class="icon">
-      <svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="10"/><line x1="15" y1="9" x2="9" y2="15"/><line x1="9" y1="9" x2="15" y2="15"/></svg>
-    </div>
-    <h1>Connection Failed</h1>
-    <p>Authentication timed out</p>
-    <p class="hint">Please try connecting again from your AI assistant.</p>
-  </div>
-</body>
-</html>

package/preview-success.html

@@ -1,57 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-  <title>Circuit - Connected</title>
-  <style>
-    * { margin: 0; padding: 0; box-sizing: border-box; }
-    body {
-      font-family: 'Geist', -apple-system, BlinkMacSystemFont, system-ui, 'Segoe UI', Roboto, sans-serif;
-      background: #F5F3F0;
-      min-height: 100vh;
-      display: flex;
-      align-items: center;
-      justify-content: center;
-      color: #1C1A18;
-      padding: 24px;
-    }
-    .content {
-      text-align: center;
-      max-width: 400px;
-    }
-    .icon {
-      margin-bottom: 24px;
-    }
-    .icon svg {
-      width: 48px;
-      height: 48px;
-      color: #1C1A18;
-    }
-    h1 {
-      font-size: 24px;
-      font-weight: 600;
-      color: #1C1A18;
-      margin-bottom: 12px;
-    }
-    p {
-      font-size: 14px;
-      color: rgba(28, 26, 24, 0.6);
-      line-height: 1.6;
-    }
-    .hint {
-      font-size: 12px;
-      color: rgba(28, 26, 24, 0.6);
-      margin-top: 16px;
-    }
-  </style>
-</head>
-<body>
-  <div class="content">
-    <div class="icon">
-      <svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M22 11.08V12a10 10 0 1 1-5.93-9.14"/><polyline points="22 4 12 14.01 9 11.01"/></svg>
-    </div>
-    <h1>Connected.</h1>
-    <p>Your AI coding assistant is now connected to Circuit.</p>
-    <p class="hint">This window will close automatically...</p>
-  </div>
-</body>
-</html>

package/publish.sh

@@ -1,30 +0,0 @@
-#!/bin/bash
-
-# Publish script for circuit-mcp package
-# Uses token to bypass 2FA
-# 
-# Usage:
-#   NPM_TOKEN=your_token ./publish.sh
-# 
-# Or set NPM_TOKEN in your environment
-
-set -e
-
-# Use NPM_TOKEN from environment, or prompt if not set
-if [ -z "$NPM_TOKEN" ]; then
-  echo "Error: NPM_TOKEN environment variable is required"
-  echo "Usage: NPM_TOKEN=your_token ./publish.sh"
-  exit 1
-fi
-
-# Create temporary .npmrc with token
-echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" > .npmrc
-
-# Publish the package
-npm publish --access public
-
-# Clean up .npmrc
-rm .npmrc
-
-echo "✅ Published successfully!"
-