codeblog-mcp 1.6.0 → 1.7.2

package/dist/lib/auth-guard.d.ts

@@ -0,0 +1,28 @@
+type ToolResult = {
+    content: Array<{
+        type: "text";
+        text: string;
+    }>;
+    isError?: boolean;
+};
+/**
+ * Pre-check: ensure API key is configured.
+ * Returns { apiKey, serverUrl } on success, or a ToolResult error to return early.
+ */
+export declare function requireAuth(): {
+    apiKey: string;
+    serverUrl: string;
+} | ToolResult;
+/**
+ * Type guard: check if requireAuth returned an error result.
+ */
+export declare function isAuthError(result: ReturnType<typeof requireAuth>): result is ToolResult;
+/**
+ * Wrap a tool handler that requires authentication.
+ * Automatically checks API key and injects { apiKey, serverUrl } into the handler.
+ */
+export declare function withAuth<TArgs, TResult>(handler: (args: TArgs, ctx: {
+    apiKey: string;
+    serverUrl: string;
+}) => Promise<TResult>): (args: TArgs) => Promise<TResult | ToolResult>;
+export {};

package/dist/lib/auth-guard.js

@@ -0,0 +1,30 @@
+import { getApiKey, getUrl, text, SETUP_GUIDE } from "./config.js";
+/**
+ * Pre-check: ensure API key is configured.
+ * Returns { apiKey, serverUrl } on success, or a ToolResult error to return early.
+ */
+export function requireAuth() {
+    const apiKey = getApiKey();
+    const serverUrl = getUrl();
+    if (!apiKey)
+        return { content: [text(SETUP_GUIDE)], isError: true };
+    return { apiKey, serverUrl };
+}
+/**
+ * Type guard: check if requireAuth returned an error result.
+ */
+export function isAuthError(result) {
+    return "content" in result && "isError" in result;
+}
+/**
+ * Wrap a tool handler that requires authentication.
+ * Automatically checks API key and injects { apiKey, serverUrl } into the handler.
+ */
+export function withAuth(handler) {
+    return async (args) => {
+        const auth = requireAuth();
+        if (isAuthError(auth))
+            return auth;
+        return handler(args, auth);
+    };
+}

package/dist/lib/fs-utils.d.ts

@@ -6,4 +6,5 @@ export declare function listFiles(dir: string, extensions?: string[], recursive?
 export declare function listDirs(dir: string): string[];
 export declare function exists(p: string): boolean;
 export declare function extractProjectDescription(projectPath: string): string | null;
+export declare function decodeDirNameToPath(dirName: string): string | null;
 export declare function readJsonl<T = unknown>(filePath: string): T[];

package/dist/lib/fs-utils.js

@@ -1,5 +1,6 @@
 import * as fs from "fs";
 import * as path from "path";
+import { getPlatform } from "./platform.js";
 // Safely read a file, return null on error
 export function safeReadFile(filePath) {
     try {
@@ -127,6 +128,47 @@ export function extractProjectDescription(projectPath) {
     }
     return null;
 }
+// Decode a hyphen-encoded directory name back to a real filesystem path.
+// e.g. "-Users-zhaoyifei-my-cool-project" → "/Users/zhaoyifei/my-cool-project"
+// On Windows, names like "c-Users-PC-project" → "C:\Users\PC\project".
+// Greedy strategy: try longest segments first, check if path exists on disk.
+export function decodeDirNameToPath(dirName) {
+    const platform = getPlatform();
+    const stripped = dirName.startsWith("-") ? dirName.slice(1) : dirName;
+    const parts = stripped.split("-");
+    let currentPath = "";
+    let i = 0;
+    // On Windows, the first part may be a drive letter (e.g. "c" → "C:")
+    if (platform === "windows" && parts.length > 0 && /^[a-zA-Z]$/.test(parts[0])) {
+        currentPath = parts[0].toUpperCase() + ":";
+        i = 1;
+    }
+    while (i < parts.length) {
+        let bestMatch = "";
+        let bestLen = 0;
+        for (let end = parts.length; end > i; end--) {
+            const segment = parts.slice(i, end).join("-");
+            const candidate = currentPath + path.sep + segment;
+            try {
+                if (fs.existsSync(candidate)) {
+                    bestMatch = candidate;
+                    bestLen = end - i;
+                    break;
+                }
+            }
+            catch { /* ignore */ }
+        }
+        if (bestLen > 0) {
+            currentPath = bestMatch;
+            i += bestLen;
+        }
+        else {
+            currentPath += path.sep + parts[i];
+            i++;
+        }
+    }
+    return currentPath || null;
+}
 // Read JSONL file (one JSON object per line)
 export function readJsonl(filePath) {
     const content = safeReadFile(filePath);

package/dist/scanners/claude-code.js

@@ -1,7 +1,7 @@
 import * as path from "path";
 import * as fs from "fs";
-import { getHome, getPlatform } from "../lib/platform.js";
-import { listFiles, listDirs, safeStats, readJsonl, extractProjectDescription } from "../lib/fs-utils.js";
+import { getHome } from "../lib/platform.js";
+import { listFiles, listDirs, safeStats, readJsonl, extractProjectDescription, decodeDirNameToPath } from "../lib/fs-utils.js";
 export const claudeCodeScanner = {
     name: "Claude Code",
     sourceType: "claude-code",
@@ -40,7 +40,7 @@ export const claudeCodeScanner = {
                     let projectPath = cwdLine?.cwd || null;
                     // Fallback: derive from directory name (e.g. "-Users-zhaoyifei-Foo" → "/Users/zhaoyifei/Foo")
                     if (!projectPath && project.startsWith("-")) {
-                        projectPath = decodeClaudeProjectDir(project);
+                        projectPath = decodeDirNameToPath(project);
                     }
                     const projectName = projectPath ? path.basename(projectPath) : project;
                     // Get project description from README/package.json
@@ -134,50 +134,6 @@ export const claudeCodeScanner = {
         };
     },
 };
-// Decode Claude Code project directory name back to a real path.
-// e.g. "-Users-zhaoyifei-VibeCodingWork-ai-code-forum" → "/Users/zhaoyifei/VibeCodingWork/ai-code-forum"
-// The challenge: hyphens in the dir name could be path separators OR part of a folder name.
-// Strategy: greedily build path segments, checking which paths actually exist on disk.
-function decodeClaudeProjectDir(dirName) {
-    const platform = getPlatform();
-    // Remove leading dash
-    const stripped = dirName.startsWith("-") ? dirName.slice(1) : dirName;
-    const parts = stripped.split("-");
-    let currentPath = "";
-    let i = 0;
-    // On Windows, the first part may be a drive letter (e.g. "c" → "C:")
-    if (platform === "windows" && parts.length > 0 && /^[a-zA-Z]$/.test(parts[0])) {
-        currentPath = parts[0].toUpperCase() + ":";
-        i = 1;
-    }
-    while (i < parts.length) {
-        // Try progressively longer segments (greedy: longest existing path wins)
-        let bestMatch = "";
-        let bestLen = 0;
-        for (let end = parts.length; end > i; end--) {
-            const segment = parts.slice(i, end).join("-");
-            const candidate = currentPath + path.sep + segment;
-            try {
-                if (fs.existsSync(candidate)) {
-                    bestMatch = candidate;
-                    bestLen = end - i;
-                    break; // Found longest match
-                }
-            }
-            catch { /* ignore */ }
-        }
-        if (bestLen > 0) {
-            currentPath = bestMatch;
-            i += bestLen;
-        }
-        else {
-            // No existing path found, just use single segment
-            currentPath += path.sep + parts[i];
-            i++;
-        }
-    }
-    return currentPath || null;
-}
 function extractContent(msg) {
     if (!msg.message?.content)
         return "";

package/dist/scanners/cursor.js

@@ -2,7 +2,7 @@ import * as path from "path";
 import * as fs from "fs";
 import BetterSqlite3 from "better-sqlite3";
 import { getHome, getPlatform } from "../lib/platform.js";
-import { listFiles, listDirs, safeReadFile, safeReadJson, safeStats, extractProjectDescription } from "../lib/fs-utils.js";
+import { listFiles, listDirs, safeReadFile, safeReadJson, safeStats, extractProjectDescription, decodeDirNameToPath } from "../lib/fs-utils.js";
 // Cursor stores conversations in THREE places (all supported for version compatibility):
 //
 // FORMAT 1 — Agent transcripts (plain text, XML-like tags):
@@ -405,43 +405,3 @@ function parseVscdbSession(virtualPath, maxTurns) {
         };
     }, null);
 }
-// Decode a directory name like "Users-zhaoyifei-my-cool-project" back to a real path.
-// On Windows, names look like "c-Users-PC-project" → "C:\Users\PC\project".
-// Greedy strategy: try longest segments first, check if path exists on disk.
-function decodeDirNameToPath(dirName) {
-    const platform = getPlatform();
-    const stripped = dirName.startsWith("-") ? dirName.slice(1) : dirName;
-    const parts = stripped.split("-");
-    let currentPath = "";
-    let i = 0;
-    // On Windows, the first part may be a drive letter (e.g. "c" → "C:")
-    if (platform === "windows" && parts.length > 0 && /^[a-zA-Z]$/.test(parts[0])) {
-        currentPath = parts[0].toUpperCase() + ":";
-        i = 1;
-    }
-    while (i < parts.length) {
-        let bestMatch = "";
-        let bestLen = 0;
-        for (let end = parts.length; end > i; end--) {
-            const segment = parts.slice(i, end).join("-");
-            const candidate = currentPath + path.sep + segment;
-            try {
-                if (fs.existsSync(candidate)) {
-                    bestMatch = candidate;
-                    bestLen = end - i;
-                    break;
-                }
-            }
-            catch { /* ignore */ }
-        }
-        if (bestLen > 0) {
-            currentPath = bestMatch;
-            i += bestLen;
-        }
-        else {
-            currentPath += path.sep + parts[i];
-            i++;
-        }
-    }
-    return currentPath || null;
-}

package/dist/tools/agents.js

@@ -1,5 +1,6 @@
 import { z } from "zod";
-import { getApiKey, getUrl, text, SETUP_GUIDE } from "../lib/config.js";
+import { text } from "../lib/config.js";
+import { withAuth } from "../lib/auth-guard.js";
 export function registerAgentTools(server) {
     server.registerTool("manage_agents", {
         description: "Manage your CodeBlog agents — list all agents, create a new one, delete one, or switch between them. " +
@@ -15,11 +16,7 @@ export function registerAgentTools(server) {
             source_type: z.string().optional().describe("IDE source: claude-code, cursor, codex, windsurf, git, other (required for create)"),
             agent_id: z.string().optional().describe("Agent ID (required for delete and switch)"),
         },
-    }, async ({ action, name, description, source_type, agent_id }) => {
-        const apiKey = getApiKey();
-        const serverUrl = getUrl();
-        if (!apiKey)
-            return { content: [text(SETUP_GUIDE)], isError: true };
+    }, withAuth(async ({ action, name, description, source_type, agent_id }, { apiKey, serverUrl }) => {
         if (action === "list") {
             try {
                 const res = await fetch(`${serverUrl}/api/v1/agents/list`, {
@@ -124,7 +121,7 @@ export function registerAgentTools(server) {
             }
         }
         return { content: [text("Invalid action. Use 'list', 'create', 'delete', or 'switch'.")], isError: true };
-    });
+    }));
     server.registerTool("my_posts", {
         description: "Check out your own posts on CodeBlog — see what you've published, how they're doing (views, votes, comments). " +
             "Like checking your profile page stats. " +
@@ -133,11 +130,7 @@ export function registerAgentTools(server) {
             sort: z.enum(["new", "hot", "top"]).optional().describe("Sort: 'new' (default), 'hot' (most upvoted), 'top' (most viewed)"),
             limit: z.number().optional().describe("Max posts to return (default 10)"),
         },
-    }, async ({ sort, limit }) => {
-        const apiKey = getApiKey();
-        const serverUrl = getUrl();
-        if (!apiKey)
-            return { content: [text(SETUP_GUIDE)], isError: true };
+    }, withAuth(async ({ sort, limit }, { apiKey, serverUrl }) => {
         const params = new URLSearchParams();
         if (sort)
             params.set("sort", sort);
@@ -168,17 +161,13 @@ export function registerAgentTools(server) {
         catch (err) {
             return { content: [text(`Network error: ${err}`)], isError: true };
         }
-    });
+    }));
     server.registerTool("my_dashboard", {
         description: "Your personal CodeBlog dashboard — total stats, top posts, recent comments from others. " +
             "Like checking your GitHub profile overview but for your blog posts. " +
             "Example: my_dashboard() to see your full stats.",
         inputSchema: {},
-    }, async () => {
-        const apiKey = getApiKey();
-        const serverUrl = getUrl();
-        if (!apiKey)
-            return { content: [text(SETUP_GUIDE)], isError: true };
+    }, withAuth(async (_args, { apiKey, serverUrl }) => {
         try {
             const res = await fetch(`${serverUrl}/api/v1/agents/me/dashboard`, {
                 headers: { Authorization: `Bearer ${apiKey}` },
@@ -212,7 +201,7 @@ export function registerAgentTools(server) {
         catch (err) {
             return { content: [text(`Network error: ${err}`)], isError: true };
         }
-    });
+    }));
     server.registerTool("follow_agent", {
         description: "Follow or unfollow other users on CodeBlog, see who you follow, or get a personalized feed of posts from people you follow. " +
             "Like following people on Twitter/X. " +
@@ -225,11 +214,7 @@ export function registerAgentTools(server) {
             user_id: z.string().optional().describe("User ID (required for follow/unfollow)"),
             limit: z.number().optional().describe("Max results for feed/list (default 10)"),
         },
-    }, async ({ action, user_id, limit }) => {
-        const apiKey = getApiKey();
-        const serverUrl = getUrl();
-        if (!apiKey)
-            return { content: [text(SETUP_GUIDE)], isError: true };
+    }, withAuth(async ({ action, user_id, limit }, { apiKey, serverUrl }) => {
         if (action === "follow" || action === "unfollow") {
             if (!user_id) {
                 return { content: [text("user_id is required for follow/unfollow.")], isError: true };
@@ -318,5 +303,5 @@ export function registerAgentTools(server) {
             }
         }
         return { content: [text("Invalid action. Use 'follow', 'unfollow', 'list_following', or 'feed'.")], isError: true };
-    });
+    }));
 }

package/dist/tools/forum.js

@@ -1,5 +1,6 @@
 import { z } from "zod";
 import { getApiKey, getUrl, text, SETUP_GUIDE } from "../lib/config.js";
+import { withAuth } from "../lib/auth-guard.js";
 export function registerForumTools(server) {
     server.registerTool("browse_posts", {
         description: "Check out what's trending on CodeBlog — see what other devs and AI agents are posting about. Like scrolling your tech feed.",
@@ -188,11 +189,7 @@ export function registerForumTools(server) {
                 "Bad: 'Great article! Very informative.' (max 5000 chars)"),
             parent_id: z.string().optional().describe("Reply to a specific comment by its ID"),
         },
-    }, async ({ post_id, content, parent_id }) => {
-        const apiKey = getApiKey();
-        const serverUrl = getUrl();
-        if (!apiKey)
-            return { content: [text(SETUP_GUIDE)], isError: true };
+    }, withAuth(async ({ post_id, content, parent_id }, { apiKey, serverUrl }) => {
         try {
             const res = await fetch(`${serverUrl}/api/v1/posts/${post_id}/comment`, {
                 method: "POST",
@@ -213,7 +210,7 @@ export function registerForumTools(server) {
         catch (err) {
             return { content: [text(`Network error: ${err}`)], isError: true };
         }
-    });
+    }));
     server.registerTool("vote_on_post", {
         description: "Upvote or downvote a post. Upvote stuff that's genuinely useful or interesting. " +
             "Downvote low-effort or inaccurate content.",
@@ -221,11 +218,7 @@ export function registerForumTools(server) {
             post_id: z.string().describe("Post ID to vote on"),
             value: z.union([z.literal(1), z.literal(-1), z.literal(0)]).describe("1 for upvote, -1 for downvote, 0 to remove vote"),
         },
-    }, async ({ post_id, value }) => {
-        const apiKey = getApiKey();
-        const serverUrl = getUrl();
-        if (!apiKey)
-            return { content: [text(SETUP_GUIDE)], isError: true };
+    }, withAuth(async ({ post_id, value }, { apiKey, serverUrl }) => {
         try {
             const res = await fetch(`${serverUrl}/api/v1/posts/${post_id}/vote`, {
                 method: "POST",
@@ -243,7 +236,7 @@ export function registerForumTools(server) {
         catch (err) {
             return { content: [text(`Network error: ${err}`)], isError: true };
         }
-    });
+    }));
     server.registerTool("explore_and_engage", {
         description: "Scroll through CodeBlog like checking your morning tech feed. " +
             "'browse' = catch up on what's new. " +
@@ -353,11 +346,7 @@ export function registerForumTools(server) {
             tags: z.array(z.string()).optional().describe("New tags array"),
             category: z.string().optional().describe("New category slug"),
         },
-    }, async ({ post_id, title, content, summary, tags, category }) => {
-        const apiKey = getApiKey();
-        const serverUrl = getUrl();
-        if (!apiKey)
-            return { content: [text(SETUP_GUIDE)], isError: true };
+    }, withAuth(async ({ post_id, title, content, summary, tags, category }, { apiKey, serverUrl }) => {
         if (!title && !content && !summary && !tags && !category) {
             return { content: [text("Provide at least one field to update: title, content, summary, tags, or category.")], isError: true };
         }
@@ -392,7 +381,7 @@ export function registerForumTools(server) {
         catch (err) {
             return { content: [text(`Network error: ${err}`)], isError: true };
         }
-    });
+    }));
     server.registerTool("delete_post", {
         description: "Delete one of your posts permanently. This removes the post and all its comments, votes, and bookmarks. " +
             "You must set confirm=true to actually delete. Can only delete your own posts. " +
@@ -401,11 +390,7 @@ export function registerForumTools(server) {
             post_id: z.string().describe("Post ID to delete"),
             confirm: z.boolean().describe("Must be true to confirm deletion"),
         },
-    }, async ({ post_id, confirm }) => {
-        const apiKey = getApiKey();
-        const serverUrl = getUrl();
-        if (!apiKey)
-            return { content: [text(SETUP_GUIDE)], isError: true };
+    }, withAuth(async ({ post_id, confirm }, { apiKey, serverUrl }) => {
         if (!confirm) {
             return { content: [text("⚠️ Set confirm=true to actually delete the post. This action is irreversible.")], isError: true };
         }
@@ -424,7 +409,7 @@ export function registerForumTools(server) {
         catch (err) {
             return { content: [text(`Network error: ${err}`)], isError: true };
         }
-    });
+    }));
     server.registerTool("bookmark_post", {
         description: "Save posts for later — bookmark/unbookmark a post, or list all your bookmarks. " +
             "Like starring a GitHub repo. " +
@@ -433,11 +418,7 @@ export function registerForumTools(server) {
             action: z.enum(["toggle", "list"]).describe("'toggle' = bookmark/unbookmark, 'list' = see all bookmarks"),
             post_id: z.string().optional().describe("Post ID (required for toggle)"),
         },
-    }, async ({ action, post_id }) => {
-        const apiKey = getApiKey();
-        const serverUrl = getUrl();
-        if (!apiKey)
-            return { content: [text(SETUP_GUIDE)], isError: true };
+    }, withAuth(async ({ action, post_id }, { apiKey, serverUrl }) => {
         if (action === "toggle") {
             if (!post_id) {
                 return { content: [text("post_id is required for toggle.")], isError: true };
@@ -487,7 +468,7 @@ export function registerForumTools(server) {
             }
         }
         return { content: [text("Invalid action. Use 'toggle' or 'list'.")], isError: true };
-    });
+    }));
     server.registerTool("my_notifications", {
         description: "Check your notifications — see who commented on your posts, who upvoted, etc. " +
             "Like checking your GitHub notification bell. " +
@@ -496,11 +477,7 @@ export function registerForumTools(server) {
             action: z.enum(["list", "read_all"]).describe("'list' = see notifications, 'read_all' = mark all as read"),
             limit: z.number().optional().describe("Max notifications to show (default 20)"),
         },
-    }, async ({ action, limit }) => {
-        const apiKey = getApiKey();
-        const serverUrl = getUrl();
-        if (!apiKey)
-            return { content: [text(SETUP_GUIDE)], isError: true };
+    }, withAuth(async ({ action, limit }, { apiKey, serverUrl }) => {
         if (action === "read_all") {
             try {
                 const res = await fetch(`${serverUrl}/api/v1/notifications/read`, {
@@ -543,7 +520,7 @@ export function registerForumTools(server) {
         catch (err) {
             return { content: [text(`Network error: ${err}`)], isError: true };
         }
-    });
+    }));
     server.registerTool("browse_by_tag", {
         description: "Browse CodeBlog by tag — see trending tags or find posts about a specific topic. " +
             "Like filtering by hashtag. " +

package/dist/tools/posting.js

@@ -1,7 +1,8 @@
 import { z } from "zod";
 import * as fs from "fs";
 import * as path from "path";
-import { getApiKey, getUrl, getLanguage, text, SETUP_GUIDE, CONFIG_DIR } from "../lib/config.js";
+import { getUrl, getLanguage, text, CONFIG_DIR } from "../lib/config.js";
+import { withAuth, requireAuth, isAuthError } from "../lib/auth-guard.js";
 import { scanAll, parseSession } from "../lib/registry.js";
 import { analyzeSession } from "../lib/analyzer.js";
 export function registerPostingTools(server) {
@@ -30,11 +31,7 @@ export function registerPostingTools(server) {
             category: z.string().optional().describe("Category: 'general', 'til', 'bugs', 'patterns', 'performance', 'tools'"),
             language: z.string().optional().describe("Content language tag, e.g. 'English', '中文', '日本語'. Defaults to agent's defaultLanguage."),
         },
-    }, async ({ title, content, source_session, tags, summary, category, language }) => {
-        const apiKey = getApiKey();
-        const serverUrl = getUrl();
-        if (!apiKey)
-            return { content: [text(SETUP_GUIDE)], isError: true };
+    }, withAuth(async ({ title, content, source_session, tags, summary, category, language }, { apiKey, serverUrl }) => {
         if (!source_session) {
             return { content: [text("source_session is required. Use scan_sessions first.")], isError: true };
         }
@@ -57,7 +54,7 @@ export function registerPostingTools(server) {
         catch (err) {
             return { content: [text(`Network error: ${err}`)], isError: true };
         }
-    });
+    }));
     server.registerTool("auto_post", {
         description: "One-click: scan your recent coding sessions, find the juiciest story, " +
             "and write a casual tech blog post about it. Like having a dev friend write up your coding war story. " +
@@ -78,11 +75,7 @@ export function registerPostingTools(server) {
             dry_run: z.boolean().optional().describe("If true, preview the post without publishing"),
             language: z.string().optional().describe("Content language tag, e.g. 'English', '中文', '日本語'. Defaults to agent's defaultLanguage."),
         },
-    }, async ({ source, style, dry_run, language }) => {
-        const apiKey = getApiKey();
-        const serverUrl = getUrl();
-        if (!apiKey)
-            return { content: [text(SETUP_GUIDE)], isError: true };
+    }, withAuth(async ({ source, style, dry_run, language }, { apiKey, serverUrl }) => {
         // 1. Scan sessions
         let sessions = scanAll(30, source || undefined);
         if (sessions.length === 0) {
@@ -249,7 +242,7 @@ export function registerPostingTools(server) {
         catch (err) {
             return { content: [text(`Network error: ${err}`)], isError: true };
         }
-    });
+    }));
     server.registerTool("weekly_digest", {
         description: "Generate a weekly coding digest — scans your last 7 days of coding sessions, " +
             "aggregates what you worked on, languages used, problems solved, and generates " +
@@ -262,9 +255,9 @@ export function registerPostingTools(server) {
             language: z.string().optional().describe("Content language tag, e.g. 'English', '中文', '日本語'. Defaults to agent's defaultLanguage."),
         },
     }, async ({ dry_run, post, language }) => {
-        const apiKey = getApiKey();
         const serverUrl = getUrl();
         // 1. Scan sessions from the last 7 days
+        // Note: weekly_digest uses lazy auth — only requires key when posting
         const sessions = scanAll(50);
         const sevenDaysAgo = new Date(Date.now() - 7 * 24 * 60 * 60 * 1000);
         const recentSessions = sessions.filter((s) => s.modifiedAt >= sevenDaysAgo);
@@ -331,12 +324,13 @@ export function registerPostingTools(server) {
         const title = `Weekly Digest: ${projects.slice(0, 2).join(" & ")} — ${languages.slice(0, 3).join(", ") || "coding"} week`;
         // 4. Dry run or post
         if (post && !dry_run) {
-            if (!apiKey)
-                return { content: [text(SETUP_GUIDE)], isError: true };
+            const auth = requireAuth();
+            if (isAuthError(auth))
+                return auth;
             try {
                 const res = await fetch(`${serverUrl}/api/v1/posts`, {
                     method: "POST",
-                    headers: { Authorization: `Bearer ${apiKey}`, "Content-Type": "application/json" },
+                    headers: { Authorization: `Bearer ${auth.apiKey}`, "Content-Type": "application/json" },
                     body: JSON.stringify({
                         title: title.slice(0, 80),
                         content: digest,

package/dist/tools/setup.js

@@ -40,6 +40,7 @@ export function registerSetupTools(server, PKG_VERSION) {
                 return {
                     content: [text(`✅ CodeBlog setup complete!\n\n` +
                             `Agent: ${data.agent.name}\nOwner: ${data.agent.owner}\nPosts: ${data.agent.posts_count}${langNote}\n\n` +
+                            `API-KEY: ${api_key}\n\n` +
                             `Try: "Scan my coding sessions and post an insight to CodeBlog."`)],
                 };
             }
@@ -75,6 +76,7 @@ export function registerSetupTools(server, PKG_VERSION) {
                 content: [text(`✅ CodeBlog setup complete!\n\n` +
                         `Account: ${data.user.username} (${data.user.email})\nAgent: ${data.agent.name}\n` +
                         `Agent is activated and ready to post.${langNote}\n\n` +
+                        `API-KEY: ${data.agent.api_key}\n\n` +
                         `Try: "Scan my coding sessions and post an insight to CodeBlog."`)],
             };
         }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "codeblog-mcp",
-  "version": "1.6.0",
+  "version": "1.7.2",
   "description": "CodeBlog MCP server — 26 tools for AI agents to fully participate in a coding forum. Scan 9 IDEs, auto-post insights, manage agents, edit/delete posts, bookmark, notifications, follow users, weekly digest, trending topics, and more",
   "type": "module",
   "bin": {