creditkarma-mcp 1.0.0

package/README.md

@@ -0,0 +1,195 @@
+# Credit Karma MCP
+
+A [Model Context Protocol](https://modelcontextprotocol.io) server that connects Claude to [Credit Karma](https://www.creditkarma.com), giving you natural-language access to your transactions, spending patterns, and account summaries.
+
+> [!WARNING]
+> **AI-developed project.** This codebase was entirely built and is actively maintained by [Claude Sonnet 4.6](https://www.anthropic.com/claude). No human has audited the implementation. Review all code and tool permissions before use.
+
+## What you can do
+
+Ask Claude things like:
+
+- *"Sync my latest transactions"*
+- *"What did I spend on food last month?"*
+- *"Show me my top merchants this year"*
+- *"How much did I spend in March compared to February?"*
+- *"Which accounts have the most activity?"*
+- *"Run a SQL query against my transactions"*
+
+## Requirements
+
+- [Claude Desktop](https://claude.ai/download) or [Claude Code](https://claude.ai/code)
+- [Node.js](https://nodejs.org) 18 or later
+- A Credit Karma account
+
+## Installation
+
+### 1. Clone and build
+
+```bash
+git clone https://github.com/chrischall/creditkarma-mcp.git
+cd creditkarma-mcp
+npm install
+npm run build
+```
+
+### 2. Configure
+
+```bash
+cp .env.example .env
+# See "Authentication" below to get your CK_COOKIES value
+```
+
+### 3. Add to Claude
+
+**Claude Code** — add to `.mcp.json` in your project:
+
+```json
+{
+  "mcpServers": {
+    "creditkarma": {
+      "command": "node",
+      "args": ["/absolute/path/to/creditkarma-mcp/dist/index.js"]
+    }
+  }
+}
+```
+
+**Claude Desktop** — edit `~/Library/Application Support/Claude/claude_desktop_config.json` (Mac) or `%APPDATA%\Claude\claude_desktop_config.json` (Windows):
+
+```json
+{
+  "mcpServers": {
+    "creditkarma": {
+      "command": "node",
+      "args": ["/absolute/path/to/creditkarma-mcp/dist/index.js"],
+      "env": {
+        "CK_COOKIES": "your-ckat-value-here"
+      }
+    }
+  }
+}
+```
+
+### 4. Restart Claude
+
+Fully quit and relaunch. Then ask: *"Sync my Credit Karma transactions"*.
+
+## Authentication
+
+Credit Karma uses short-lived JWTs. This server handles automatic token refresh — you only need to set up credentials once (or when your session expires).
+
+### Getting your credentials
+
+1. Log in to [creditkarma.com](https://www.creditkarma.com) in Chrome
+2. Open DevTools → **Application** → **Cookies** → `https://www.creditkarma.com`
+3. Find the `CKAT` cookie and copy its value
+
+### Setting credentials
+
+Call `ck_set_session` with your cookie value — it accepts any of:
+
+| Format | Example |
+|--------|---------|
+| Raw CKAT value | `eyJraWQ...%3BeyJraWQ...` |
+| `CKAT=<value>` | `CKAT=eyJraWQ...%3BeyJraWQ...` |
+| Full Cookie header | *(paste the entire Cookie header from DevTools → Network)* |
+
+Or set `CK_COOKIES` directly in your `.env` file (any of the three formats above).
+
+The server automatically extracts both the access token and refresh token from the CKAT cookie, and refreshes the access token as needed.
+
+### Session expiry
+
+- **Access token**: ~15 minutes (auto-refreshed transparently)
+- **Refresh token**: ~8 hours
+- When the refresh token expires, log in to creditkarma.com again, grab the new CKAT cookie, and call `ck_set_session`
+
+## Available tools
+
+| Tool | What it does |
+|------|-------------|
+| `ck_set_session` | Store credentials from your browser cookies (auto-extracts tokens from CKAT) |
+| `ck_sync_transactions` | Sync transactions into the local SQLite database |
+| `ck_list_transactions` | List transactions with filters (date, account, category, merchant, amount) |
+| `ck_get_recent_transactions` | Fetch the N most recent transactions |
+| `ck_get_spending_by_category` | Spending totals grouped by category |
+| `ck_get_spending_by_merchant` | Spending totals grouped by merchant |
+| `ck_get_account_summary` | Transaction counts and totals by account |
+| `ck_query_sql` | Run a read-only SQL query against the local database |
+
+## How it works
+
+Transactions are synced from Credit Karma's GraphQL API into a local SQLite database (default: `~/.creditkarma-mcp/transactions.db`). All query tools run against this local database — fast, offline-capable, and queryable with SQL.
+
+**Sync strategy**: incremental by default (fetches since last sync date with a 30-day overlap for updates). Use `force_full: true` to re-fetch everything.
+
+**Auto-refresh**: if the access token has expired, the server automatically refreshes it before syncing. If the refresh token has also expired, it throws an error asking you to re-authenticate.
+
+## Database schema
+
+```sql
+transactions (id, date, description, status, amount, account_id, category_id, merchant_id, raw_json)
+accounts     (id, name, type, provider_name, display)
+categories   (id, name, type)
+merchants    (id, name)
+sync_state   (key, value)
+```
+
+## Configuration
+
+| Env var | Description | Default |
+|---------|-------------|---------|
+| `CK_COOKIES` | CKAT value, `CKAT=<value>`, or full Cookie header | *(required)* |
+| `CK_DB_PATH` | Path to SQLite database file | `~/.creditkarma-mcp/transactions.db` |
+
+## Troubleshooting
+
+**"TOKEN_EXPIRED"** — your refresh token has expired. Log in to creditkarma.com, grab the new CKAT cookie, and call `ck_set_session`.
+
+**Sync returns 0 transactions** — check that your `CK_COOKIES` value is fresh. CKAT cookies expire after ~8 hours.
+
+**Tools not appearing** — fully quit and relaunch Claude Desktop. In Claude Code, run `/mcp` to check server status.
+
+**"No such file or directory: dist/transaction.graphql"** — run `npm run build` (not just `tsc`).
+
+## Security
+
+- Credentials are stored only in your local `.env` file (gitignored) or Claude config
+- The server never logs credentials
+- Only SELECT queries are permitted via `ck_query_sql` — no writes to Credit Karma
+
+## Development
+
+```bash
+npm test            # run the test suite
+npm run build       # compile TypeScript → dist/
+npm run test:watch  # watch mode
+```
+
+### Project structure
+
+```
+src/
+  client.ts             Credit Karma GraphQL client with auto-refresh
+  index.ts              MCP server entry point
+  db.ts                 SQLite schema and upsert helpers
+  transaction.graphql   GraphQL query for transactions
+  tools/
+    auth.ts             ck_set_session
+    sync.ts             ck_sync_transactions
+    query.ts            ck_list_transactions, ck_get_recent_transactions, etc.
+    sql.ts              ck_query_sql
+tests/
+  client.test.ts
+  db.test.ts
+  tools/
+    auth.test.ts
+    sync.test.ts
+    query.test.ts
+    sql.test.ts
+```
+
+## License
+
+MIT

package/dist/client.js

@@ -0,0 +1,173 @@
+import { readFileSync } from 'fs';
+import { fileURLToPath } from 'url';
+import { join, dirname } from 'path';
+const TOKEN_TTL_MS = 10 * 60 * 1000; // 10 minutes
+export const GRAPHQL_ENDPOINT = 'https://api.creditkarma.com/graphql';
+export const CK_REFRESH_ENDPOINT = 'https://www.creditkarma.com/member/oauth2/refresh';
+export class CreditKarmaClient {
+    token = null;
+    tokenSetAt = null;
+    refreshToken = null;
+    cookies = null;
+    constructor(token, refreshToken, cookies) {
+        if (token)
+            this.setToken(token);
+        if (refreshToken)
+            this.refreshToken = refreshToken;
+        if (cookies)
+            this.cookies = cookies;
+    }
+    setToken(token) {
+        this.token = token;
+        this.tokenSetAt = Date.now();
+    }
+    getToken() {
+        return this.token;
+    }
+    getRefreshToken() {
+        return this.refreshToken;
+    }
+    setRefreshToken(token) {
+        this.refreshToken = token;
+    }
+    getCookies() {
+        return this.cookies;
+    }
+    setCookies(cookies) {
+        this.cookies = cookies;
+    }
+    isTokenExpired() {
+        if (!this.token || this.tokenSetAt === null)
+            return true;
+        return Date.now() - this.tokenSetAt > TOKEN_TTL_MS;
+    }
+    /** Fetch a single page of transactions. Throws TOKEN_EXPIRED on 401. */
+    async fetchPage(afterCursor) {
+        if (!this.token)
+            throw new Error('TOKEN_EXPIRED');
+        const response = await this.post(GRAPHQL_ENDPOINT, {
+            query: TRANSACTION_QUERY,
+            variables: buildVariables(afterCursor)
+        });
+        if (response.status === 401)
+            throw new Error('TOKEN_EXPIRED');
+        if (response.status === 429) {
+            await sleep(2000);
+            const retry = await this.post(GRAPHQL_ENDPOINT, {
+                query: TRANSACTION_QUERY,
+                variables: buildVariables(afterCursor)
+            });
+            if (retry.status === 401)
+                throw new Error('TOKEN_EXPIRED');
+            if (!retry.ok)
+                throw new Error(`HTTP ${retry.status}`);
+            return parseTransactionPage(await retry.json());
+        }
+        if (!response.ok)
+            throw new Error(`HTTP ${response.status}`);
+        return parseTransactionPage(await response.json());
+    }
+    /**
+     * Refresh the access token using CK's native refresh endpoint.
+     * Requires a refresh token and session cookies (captured after login).
+     */
+    async refreshAccessToken() {
+        if (!this.refreshToken)
+            throw new Error('NO_REFRESH_TOKEN: Call ck_login first.');
+        const headers = {
+            'content-type': 'application/json',
+            'Origin': 'https://www.creditkarma.com',
+            'Referer': 'https://www.creditkarma.com/',
+            'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36',
+            'ck-client-name': 'web',
+            'ck-client-version': '1.0.0',
+            'ck-device-type': 'Desktop',
+        };
+        if (this.token) {
+            headers['authorization'] = `Bearer ${this.token}`;
+            // Extract glid from JWT for ck-trace-id
+            const glid = extractGlidFromJwt(this.token);
+            if (glid)
+                headers['ck-trace-id'] = glid;
+            // Extract CKTRKID cookie for ck-cookie-id
+            const cookieId = extractCookieValue(this.cookies ?? '', 'CKTRKID');
+            if (cookieId)
+                headers['ck-cookie-id'] = cookieId;
+        }
+        if (this.cookies)
+            headers['Cookie'] = this.cookies;
+        const res = await fetch(CK_REFRESH_ENDPOINT, {
+            method: 'POST',
+            headers,
+            body: JSON.stringify({ refreshToken: this.refreshToken })
+        });
+        if (!res.ok)
+            throw new Error(`Token refresh failed: HTTP ${res.status}`);
+        const json = await res.json();
+        if (json.error || !json.accessToken)
+            throw new Error(`Token refresh error: ${json.error ?? 'no accessToken in response'}`);
+        this.setToken(json.accessToken);
+        if (json.refreshToken)
+            this.refreshToken = json.refreshToken;
+        return json.accessToken;
+    }
+    post(url, body) {
+        return fetch(url, {
+            method: 'POST',
+            headers: {
+                'Authorization': `Bearer ${this.token}`,
+                'Content-Type': 'application/json',
+                'Origin': 'https://www.creditkarma.com',
+                'Referer': 'https://www.creditkarma.com/',
+                'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36'
+            },
+            body: JSON.stringify(body)
+        });
+    }
+}
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+function extractGlidFromJwt(token) {
+    try {
+        const payload = JSON.parse(Buffer.from(token.split('.')[1], 'base64url').toString());
+        return payload.glid ?? null;
+    }
+    catch {
+        return null;
+    }
+}
+function extractCookieValue(cookieString, name) {
+    const match = cookieString.match(new RegExp(`(?:^|;\\s*)${name}=([^;]+)`));
+    return match ? match[1] : null;
+}
+// ---------------------------------------------------------------------------
+// GraphQL query
+// ---------------------------------------------------------------------------
+const _dir = dirname(fileURLToPath(import.meta.url));
+export const TRANSACTION_QUERY = readFileSync(join(_dir, 'transaction.graphql'), 'utf8');
+function buildVariables(afterCursor) {
+    return {
+        input: {
+            paginationInput: { afterCursor: afterCursor ?? null },
+            categoryInput: { categoryId: null, primeCategoryType: null },
+            datePeriodInput: { datePeriod: null },
+            accountInput: {}
+        }
+    };
+}
+function parseTransactionPage(json) {
+    const top = json;
+    // CK returns errorCode for some auth failures, errors array for others
+    if (top['errorCode'] || top['errors'])
+        throw new Error(`TOKEN_EXPIRED`);
+    const data = (top['data'] ?? {});
+    const prime = data['prime'];
+    if (!prime)
+        throw new Error(`TOKEN_EXPIRED`);
+    const hub = prime['transactionsHub'];
+    return (hub['transactionPage']);
+}
+function sleep(ms) {
+    return new Promise(resolve => setTimeout(resolve, ms));
+}

package/dist/db.js

@@ -0,0 +1,116 @@
+import BetterSqlite3 from 'better-sqlite3';
+import { mkdirSync } from 'fs';
+import { dirname } from 'path';
+const CURRENT_VERSION = 1;
+const MIGRATIONS = {
+    1: `
+    CREATE TABLE IF NOT EXISTS schema_version (version INTEGER PRIMARY KEY);
+
+    CREATE TABLE IF NOT EXISTS accounts (
+      id            TEXT PRIMARY KEY,
+      name          TEXT NOT NULL,
+      type          TEXT,
+      provider_name TEXT,
+      display       TEXT
+    );
+
+    CREATE TABLE IF NOT EXISTS categories (
+      id   TEXT PRIMARY KEY,
+      name TEXT NOT NULL,
+      type TEXT
+    );
+
+    CREATE TABLE IF NOT EXISTS merchants (
+      id   TEXT PRIMARY KEY,
+      name TEXT NOT NULL
+    );
+
+    CREATE TABLE IF NOT EXISTS transactions (
+      id          TEXT PRIMARY KEY,
+      date        TEXT NOT NULL,
+      description TEXT NOT NULL,
+      status      TEXT,
+      amount      REAL NOT NULL,
+      account_id  TEXT REFERENCES accounts(id),
+      category_id TEXT REFERENCES categories(id),
+      merchant_id TEXT REFERENCES merchants(id),
+      raw_json    TEXT,
+      synced_at   TEXT DEFAULT CURRENT_TIMESTAMP,
+      updated_at  TEXT DEFAULT CURRENT_TIMESTAMP
+    );
+
+    CREATE TABLE IF NOT EXISTS sync_state (
+      key   TEXT PRIMARY KEY,
+      value TEXT
+    );
+
+    INSERT OR IGNORE INTO schema_version VALUES (1);
+  `
+};
+export function initDb(dbPath) {
+    if (dbPath !== ':memory:') {
+        mkdirSync(dirname(dbPath), { recursive: true });
+    }
+    const db = new BetterSqlite3(dbPath);
+    db.pragma('journal_mode = WAL');
+    db.pragma('foreign_keys = ON');
+    const tableExists = db
+        .prepare("SELECT name FROM sqlite_master WHERE type='table' AND name='schema_version'")
+        .get();
+    const currentVersion = tableExists
+        ? (db.prepare('SELECT MAX(version) as v FROM schema_version').get().v ?? 0)
+        : 0;
+    for (let v = currentVersion + 1; v <= CURRENT_VERSION; v++) {
+        db.exec(MIGRATIONS[v]);
+    }
+    return db;
+}
+export function upsertAccount(db, row) {
+    db.prepare(`
+    INSERT INTO accounts (id, name, type, provider_name, display)
+    VALUES (?, ?, ?, ?, ?)
+    ON CONFLICT(id) DO UPDATE SET
+      name = excluded.name,
+      type = excluded.type,
+      provider_name = excluded.provider_name,
+      display = excluded.display
+  `).run(row.id, row.name, row.type ?? null, row.providerName ?? null, row.display ?? null);
+}
+export function upsertCategory(db, row) {
+    db.prepare(`
+    INSERT INTO categories (id, name, type)
+    VALUES (?, ?, ?)
+    ON CONFLICT(id) DO UPDATE SET name = excluded.name, type = excluded.type
+  `).run(row.id, row.name, row.type ?? null);
+}
+export function upsertMerchant(db, row) {
+    db.prepare(`
+    INSERT INTO merchants (id, name)
+    VALUES (?, ?)
+    ON CONFLICT(id) DO UPDATE SET name = excluded.name
+  `).run(row.id, row.name);
+}
+export function upsertTransaction(db, row) {
+    db.prepare(`
+    INSERT INTO transactions (id, date, description, status, amount, account_id, category_id, merchant_id, raw_json)
+    VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)
+    ON CONFLICT(id) DO UPDATE SET
+      date        = excluded.date,
+      description = excluded.description,
+      status      = excluded.status,
+      amount      = excluded.amount,
+      account_id  = excluded.account_id,
+      category_id = excluded.category_id,
+      merchant_id = excluded.merchant_id,
+      raw_json    = excluded.raw_json,
+      updated_at  = CURRENT_TIMESTAMP
+  `).run(row.id, row.date, row.description, row.status, row.amount, row.accountId, row.categoryId, row.merchantId, row.rawJson);
+}
+export function getSyncState(db, key) {
+    const row = db.prepare('SELECT value FROM sync_state WHERE key = ?').get(key);
+    return row?.value ?? null;
+}
+export function setSyncState(db, key, value) {
+    db.prepare('INSERT INTO sync_state (key, value) VALUES (?, ?) ON CONFLICT(key) DO UPDATE SET value = excluded.value')
+        .run(key, value);
+}

package/dist/index.js

@@ -0,0 +1,73 @@
+import { config as loadDotenv } from 'dotenv';
+import { Server } from '@modelcontextprotocol/sdk/server/index.js';
+import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
+import { CallToolRequestSchema, ListToolsRequestSchema } from '@modelcontextprotocol/sdk/types.js';
+import { homedir } from 'os';
+import { join } from 'path';
+// Load .env from the project directory; don't override vars already set by .mcp.json
+loadDotenv({ path: join(process.cwd(), '.env'), override: false });
+import { CreditKarmaClient } from './client.js';
+import { initDb } from './db.js';
+import { authToolDefinitions, handleSetSession } from './tools/auth.js';
+import { syncToolDefinitions, handleSyncTransactions } from './tools/sync.js';
+import { queryToolDefinitions, handleListTransactions, handleGetRecentTransactions, handleGetSpendingByCategory, handleGetSpendingByMerchant, handleGetAccountSummary } from './tools/query.js';
+import { sqlToolDefinitions, handleQuerySql } from './tools/sql.js';
+const allTools = [
+    ...authToolDefinitions,
+    ...syncToolDefinitions,
+    ...queryToolDefinitions,
+    ...sqlToolDefinitions
+];
+function extractCookieValue(cookieString, name) {
+    const match = cookieString.match(new RegExp(`(?:^|;\\s*)${name}=([^;]+)`));
+    return match ? match[1] : undefined;
+}
+async function main() {
+    const dbPath = process.env.CK_DB_PATH || join(homedir(), '.creditkarma-mcp', 'transactions.db');
+    const mcpJsonPath = join(process.cwd(), '.mcp.json');
+    const cookies = process.env.CK_COOKIES || undefined;
+    // Bootstrap tokens from CK_COOKIES: accepts raw CKAT, CKAT=<value>, or full cookie string
+    let token;
+    let refreshToken;
+    if (cookies) {
+        const ckat = extractCookieValue(cookies, 'CKAT') ?? cookies.trim();
+        const parts = ckat.replace('%3B', ';').split(';');
+        token = parts[0]?.trim() || undefined;
+        refreshToken = parts[1]?.trim() || undefined;
+    }
+    const ctx = {
+        client: new CreditKarmaClient(token, refreshToken, cookies),
+        db: initDb(dbPath),
+        mcpJsonPath
+    };
+    const server = new Server({ name: 'creditkarma-mcp', version: '1.0.0' }, { capabilities: { tools: {} } });
+    server.setRequestHandler(ListToolsRequestSchema, async () => ({ tools: allTools }));
+    server.setRequestHandler(CallToolRequestSchema, async (request) => {
+        const { name, arguments: args = {} } = request.params;
+        const result = await dispatch(name, args, ctx);
+        return {
+            content: [{ type: 'text', text: typeof result === 'string' ? result : JSON.stringify(result, null, 2) }]
+        };
+    });
+    const transport = new StdioServerTransport();
+    await server.connect(transport);
+}
+async function dispatch(name, args, ctx) {
+    switch (name) {
+        // Auth
+        case 'ck_set_session': return handleSetSession(args, ctx);
+        // Sync
+        case 'ck_sync_transactions': return handleSyncTransactions(args, ctx);
+        // Query
+        case 'ck_list_transactions': return handleListTransactions(args, ctx);
+        case 'ck_get_recent_transactions': return handleGetRecentTransactions(args, ctx);
+        case 'ck_get_spending_by_category': return handleGetSpendingByCategory(args, ctx);
+        case 'ck_get_spending_by_merchant': return handleGetSpendingByMerchant(args, ctx);
+        case 'ck_get_account_summary': return handleGetAccountSummary(args, ctx);
+        // SQL
+        case 'ck_query_sql': return handleQuerySql(args, ctx);
+        default:
+            throw new Error(`Unknown tool: ${name}`);
+    }
+}
+main().catch(console.error);

package/dist/tools/auth.js

@@ -0,0 +1,69 @@
+import { readFileSync, writeFileSync, existsSync } from 'fs';
+import { join, dirname } from 'path';
+export async function handleSetSession(args, ctx) {
+    // Accept three formats:
+    //   1. Raw CKAT value:      eyJ...%3BeyJ...  or  eyJ...;eyJ...
+    //   2. Full Cookie header:  CKTRKID=...; CKAT=eyJ...%3BeyJ...; ...
+    //   3. Key=value pair:      CKAT=eyJ...%3BeyJ...
+    const ckat = extractCookieValue(args.cookies, 'CKAT') ?? args.cookies.trim();
+    const parts = ckat.replace('%3B', ';').split(';');
+    const accessToken = parts[0]?.trim();
+    const refreshToken = parts[1]?.trim() ?? null;
+    if (!accessToken)
+        return 'Session not saved: could not extract a token from the provided value.';
+    ctx.client.setToken(accessToken);
+    if (refreshToken)
+        ctx.client.setRefreshToken(refreshToken);
+    ctx.client.setCookies(args.cookies);
+    const warning = persistSession(args.cookies, ctx.mcpJsonPath);
+    return warning
+        ? `Session saved. Warning: ${warning}`
+        : 'Session saved. Access token, refresh token, and cookies stored.';
+}
+function extractCookieValue(cookieString, name) {
+    const match = cookieString.match(new RegExp(`(?:^|;\\s*)${name}=([^;]+)`));
+    return match ? match[1] : null;
+}
+/** Persist session to .env. Returns a warning string or null on success. */
+export function persistSession(cookies, mcpJsonPath) {
+    if (!cookies)
+        return null;
+    const envPath = join(dirname(mcpJsonPath), '.env');
+    let existing = '';
+    if (existsSync(envPath)) {
+        try {
+            existing = readFileSync(envPath, 'utf8');
+        }
+        catch {
+            return '.env could not be read — session applied in memory only';
+        }
+    }
+    // Replace or append CK_COOKIES line
+    const line = `CK_COOKIES=${cookies}`;
+    const updated = existing.match(/^CK_COOKIES=/m)
+        ? existing.replace(/^CK_COOKIES=.*/m, line)
+        : existing + (existing.endsWith('\n') || existing === '' ? '' : '\n') + line + '\n';
+    try {
+        writeFileSync(envPath, updated);
+    }
+    catch {
+        return '.env could not be written — session applied in memory only';
+    }
+    return null;
+}
+// Keep old name as alias for tests
+export const persistTokens = persistSession;
+export const authToolDefinitions = [
+    {
+        name: 'ck_set_session',
+        description: 'Store a Credit Karma session to enable automatic token refresh. Accepts any of: (1) the raw CKAT cookie value, (2) the full Cookie header string from any creditkarma.com request, or (3) just "CKAT=<value>". Find CKAT in Chrome DevTools → Application → Cookies → creditkarma.com, or copy the Cookie request header from the Network tab.',
+        annotations: { readOnlyHint: false },
+        inputSchema: {
+            type: 'object',
+            properties: {
+                cookies: { type: 'string', description: 'One of: raw CKAT value, full Cookie header string, or "CKAT=<value>"' },
+            },
+            required: ['cookies']
+        }
+    }
+];