dashley-mcp-framework 1.0.1

package/README.md

@@ -0,0 +1,70 @@
+# mcp-chaos-auth
+
+MCP server with authenticated access to Chaos Auth backend.
+
+## Installation
+
+```bash
+npm install -g mcp-chaos-auth
+rm -rf /Users/joshua.icuss/mcp-servers/claude-mcp-minimal; mkdir /Users/joshua.icuss/mcp-servers/claude-mcp-minimal
+cp -R /Users/joshua.icuss/Documents/claude-mcp-minimal/* /Users/joshua.icuss/mcp-servers/claude-mcp-minimal
+   
+
+Link it locally for development - If you want to test the CLI tool while developing, you can link it:
+
+
+npm install
+npm run build
+npm link
+
+/opt/homebrew/bin/npx
+
+tasty-mcp-minimal
+
+
+     
+node /Users/joshua.icuss/mcp-servers/claude-mcp-minimal/dist/index.js     
+npm login
+
+Update package.json:
+File operations writeTFile operations writeResultDone
+
+npm run build
+npm publish
+
+npm run build
+npm unlink -g
+npm link
+
+mcp-chaos-auth-server
+
+
+npm install mcp-chaos-auth
+
+npm mcp-chaos-auth-server
+
+**Option 1 - Global install:**
+```bash
+npm install -g mcp-chaos-auth
+mcp-chaos-auth-server
+```
+```bash
+mcp-chaos-auth login
+mcp-chaos-auth status
+```
+
+Shows session expiry and permission count. Does not call backend.
+
+### Claude Desktop
+
+Add to `claude_desktop_config.json`:
+
+```json
+{
+  "mcpServers": {
+    "chaos-auth": {
+      "command": "tasty-mcp-server"
+    }
+  }
+}
+```

package/dist/api/client.d.ts

@@ -0,0 +1,2 @@
+import { AxiosInstance } from 'axios';
+export declare function createClient(apiUrl: string): AxiosInstance;

package/dist/api/client.js

@@ -0,0 +1,35 @@
+import axios from 'axios';
+import { readSession, deleteSession } from '../auth/session.js';
+import { refreshIfNeeded } from '../auth/refresh.js';
+export function createClient(apiUrl) {
+    const client = axios.create({
+        baseURL: apiUrl,
+    });
+    client.interceptors.request.use(async (config) => {
+        const session = readSession();
+        if (!session) {
+            throw new Error('Not logged in. Run: mcp-chaos-auth login');
+        }
+        const refreshedSession = await refreshIfNeeded(session, apiUrl);
+        if (!refreshedSession) {
+            deleteSession();
+            throw new Error('Session expired. Run: mcp-chaos-auth login');
+        }
+        config.headers.Authorization = `Bearer ${refreshedSession.token}`;
+        return config;
+    });
+    client.interceptors.response.use((response) => response, (error) => {
+        if (error.response?.status === 401) {
+            deleteSession();
+            throw new Error('Authentication failed. Please login again.');
+        }
+        if (error.response?.status === 403) {
+            throw new Error(`Insufficient permissions: ${error.response.data?.detail || 'Access denied'}`);
+        }
+        if (error.response?.status >= 500) {
+            throw new Error(`Server error: ${error.response.status}`);
+        }
+        throw error;
+    });
+    return client;
+}

package/dist/api/endpoints.d.ts

@@ -0,0 +1,7 @@
+import type { AxiosInstance } from 'axios';
+export declare function validateSession(client: AxiosInstance): Promise<{
+    username: string;
+    roles: string[];
+    permissions: string[];
+}>;
+export declare function getUserPermissions(client: AxiosInstance): Promise<string[]>;

package/dist/api/endpoints.js

@@ -0,0 +1,8 @@
+export async function validateSession(client) {
+    const response = await client.get('/auth/validate');
+    return response.data;
+}
+export async function getUserPermissions(client) {
+    const response = await client.get('/users/me/permissions');
+    return response.data;
+}

package/dist/api/types.d.ts

@@ -0,0 +1,9 @@
+export interface ApiError {
+    error: string;
+    detail: string;
+    code: number;
+}
+export interface MFAChallengeRequest {
+    challenge_token: string;
+    code: string;
+}

package/dist/api/types.js

@@ -0,0 +1 @@
+export {};

package/dist/auth/login.d.ts

@@ -0,0 +1,2 @@
+import type { Session } from './types.js';
+export declare function login(apiUrl: string): Promise<Session>;

package/dist/auth/login.js

@@ -0,0 +1,112 @@
+import * as readline from 'readline';
+import axios from 'axios';
+async function prompt(question) {
+    const rl = readline.createInterface({
+        input: process.stdin,
+        output: process.stdout,
+    });
+    return new Promise((resolve) => {
+        rl.question(question, (answer) => {
+            rl.close();
+            resolve(answer);
+        });
+    });
+}
+async function promptSecret(question) {
+    return new Promise((resolve) => {
+        const rl = readline.createInterface({
+            input: process.stdin,
+            output: process.stdout,
+            terminal: false,
+        });
+        const stdin = process.stdin;
+        stdin.setRawMode(true);
+        stdin.resume();
+        stdin.setEncoding('utf8');
+        process.stdout.write(question);
+        let password = '';
+        const onData = (char) => {
+            switch (char) {
+                case '\n':
+                case '\r':
+                case '\u0004':
+                    stdin.setRawMode(false);
+                    stdin.pause();
+                    stdin.removeListener('data', onData);
+                    process.stdout.write('\n');
+                    resolve(password);
+                    break;
+                case '\u0003':
+                    stdin.setRawMode(false);
+                    process.exit(1);
+                    break;
+                case '\u007f':
+                    if (password.length > 0) {
+                        password = password.slice(0, -1);
+                        process.stdout.write('\b \b');
+                    }
+                    break;
+                default:
+                    if (char.charCodeAt(0) >= 32) {
+                        password += char;
+                        process.stdout.write('*');
+                    }
+                    break;
+            }
+        };
+        stdin.on('data', onData);
+    });
+}
+export async function login(apiUrl) {
+    const username = await prompt('Username: ');
+    const password = await promptSecret('Password: ');
+    try {
+        const loginResponse = await axios.post(`${apiUrl}/auth/login`, {
+            username,
+            password,
+        });
+        let accessToken = loginResponse.data.access_token;
+        let permissions = loginResponse.data.permissions || [];
+        if (loginResponse.data.mfa_required && loginResponse.data.challenge_token) {
+            const challengeToken = loginResponse.data.challenge_token;
+            for (let attempt = 1; attempt <= 3; attempt++) {
+                const mfaCode = await prompt('MFA Code: ');
+                try {
+                    const mfaResponse = await axios.post(`${apiUrl}/auth/mfa/challenge`, {
+                        challenge_token: challengeToken,
+                        code: mfaCode,
+                    });
+                    accessToken = mfaResponse.data.access_token;
+                    permissions = mfaResponse.data.permissions || [];
+                    break;
+                }
+                catch (error) {
+                    if (attempt === 3) {
+                        throw new Error('MFA verification failed after 3 attempts');
+                    }
+                    console.error('Invalid MFA code, try again');
+                }
+            }
+        }
+        const validateResponse = await axios.get(`${apiUrl}/auth/validate`, {
+            headers: { Authorization: `Bearer ${accessToken}` },
+        });
+        const validatedPermissions = validateResponse.data.permissions || permissions;
+        const now = new Date();
+        return {
+            token: accessToken,
+            expiresAt: new Date(now.getTime() + loginResponse.data.expires_in * 1000),
+            loginAt: now,
+            permissions: validatedPermissions,
+        };
+    }
+    catch (error) {
+        if (error.response?.status === 401) {
+            throw new Error('Invalid credentials');
+        }
+        if (!error.response) {
+            throw new Error('Cannot reach auth server');
+        }
+        throw new Error(error.response?.data?.detail || error.message);
+    }
+}

package/dist/auth/refresh.d.ts

@@ -0,0 +1,2 @@
+import type { Session } from './types.js';
+export declare function refreshIfNeeded(session: Session, apiUrl: string): Promise<Session | null>;

package/dist/auth/refresh.js

@@ -0,0 +1,29 @@
+import axios from 'axios';
+import { isExpired } from './session.js';
+export async function refreshIfNeeded(session, apiUrl) {
+    if (isExpired(session)) {
+        return null;
+    }
+    const now = new Date();
+    const minutesUntilExpiry = (session.expiresAt.getTime() - now.getTime()) / (1000 * 60);
+    if (minutesUntilExpiry > 5) {
+        return session;
+    }
+    try {
+        const response = await axios.post(`${apiUrl}/auth/token/refresh`, {}, {
+            headers: { Authorization: `Bearer ${session.token}` },
+        });
+        return {
+            token: response.data.access_token,
+            expiresAt: session.expiresAt,
+            loginAt: session.loginAt,
+            permissions: session.permissions,
+        };
+    }
+    catch (error) {
+        if (error.response?.status === 401) {
+            return null;
+        }
+        return session;
+    }
+}

package/dist/auth/session.d.ts

@@ -0,0 +1,5 @@
+import type { Session } from './types.js';
+export declare function readSession(): Session | null;
+export declare function writeSession(token: string, expiresIn: number, permissions: string[]): void;
+export declare function deleteSession(): void;
+export declare function isExpired(session: Session): boolean;

package/dist/auth/session.js

@@ -0,0 +1,50 @@
+import * as fs from 'fs';
+import * as path from 'path';
+import * as os from 'os';
+const CONFIG_DIR = path.join(os.homedir(), '.config', 'mcp-chaos-auth');
+const SESSION_FILE = path.join(CONFIG_DIR, 'session.json');
+export function readSession() {
+    try {
+        const data = fs.readFileSync(SESSION_FILE, 'utf-8');
+        const parsed = JSON.parse(data);
+        const session = {
+            ...parsed,
+            expiresAt: new Date(parsed.expiresAt),
+            loginAt: new Date(parsed.loginAt),
+        };
+        if (isExpired(session)) {
+            return null;
+        }
+        return session;
+    }
+    catch {
+        return null;
+    }
+}
+export function writeSession(token, expiresIn, permissions) {
+    const now = new Date();
+    const session = {
+        token,
+        expiresAt: new Date(now.getTime() + expiresIn * 1000),
+        loginAt: now,
+        permissions,
+    };
+    try {
+        fs.mkdirSync(CONFIG_DIR, { recursive: true });
+        fs.writeFileSync(SESSION_FILE, JSON.stringify(session, null, 2), { mode: 0o600 });
+    }
+    catch (error) {
+        throw new Error(`Failed to write session: ${error}`);
+    }
+}
+export function deleteSession() {
+    try {
+        fs.unlinkSync(SESSION_FILE);
+    }
+    catch {
+        // Ignore errors
+    }
+}
+export function isExpired(session) {
+    return new Date() > session.expiresAt;
+}

package/dist/auth/types.d.ts

@@ -0,0 +1,14 @@
+export interface Session {
+    token: string;
+    expiresAt: Date;
+    loginAt: Date;
+    permissions: string[];
+}
+export interface LoginResponse {
+    access_token: string;
+    token_type: string;
+    expires_in: number;
+    permissions?: string[];
+    mfa_required?: boolean;
+    challenge_token?: string;
+}

package/dist/auth/types.js

@@ -0,0 +1 @@
+export {};

package/dist/cli/index.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/cli/index.js

@@ -0,0 +1,14 @@
+import { loginCommand } from './login.js';
+import { statusCommand } from './status.js';
+import { API_URL } from '../config.js';
+const command = process.argv[2];
+if (command === 'login') {
+    loginCommand(API_URL);
+}
+else if (command === 'status') {
+    statusCommand();
+}
+else {
+    console.error('Usage: mcp-chaos-auth <login|status>');
+    process.exit(1);
+}

package/dist/cli/login.d.ts

@@ -0,0 +1 @@
+export declare function loginCommand(apiUrl: string): Promise<void>;

package/dist/cli/login.js

@@ -0,0 +1,17 @@
+import { login } from '../auth/login.js';
+import { writeSession } from '../auth/session.js';
+export async function loginCommand(apiUrl) {
+    try {
+        const session = await login(apiUrl);
+        const expiresIn = Math.floor((session.expiresAt.getTime() - session.loginAt.getTime()) / 1000);
+        writeSession(session.token, expiresIn, session.permissions);
+        console.log('✓ Logged in successfully');
+        console.log(`Session valid until: ${session.expiresAt.toLocaleString()}`);
+        console.log("Run 'mcp-chaos-auth status' to check session");
+        process.exit(0);
+    }
+    catch (error) {
+        console.error(`Error: ${error.message}`);
+        process.exit(1);
+    }
+}

package/dist/cli/status.d.ts

@@ -0,0 +1 @@
+export declare function statusCommand(): Promise<void>;

package/dist/cli/status.js

@@ -0,0 +1,20 @@
+import { readSession } from '../auth/session.js';
+export async function statusCommand() {
+    const session = readSession();
+    if (!session) {
+        console.log('Not logged in');
+        process.exit(0);
+    }
+    const now = new Date();
+    if (now > session.expiresAt) {
+        console.log('Session expired');
+        process.exit(0);
+    }
+    const timeRemaining = Math.floor((session.expiresAt.getTime() - now.getTime()) / (1000 * 60));
+    const hours = Math.floor(timeRemaining / 60);
+    const minutes = timeRemaining % 60;
+    console.log(`Session expires: ${session.expiresAt.toLocaleString()}`);
+    console.log(`Time remaining: ${hours}h ${minutes}m`);
+    console.log(`Permissions: ${session.permissions.length} loaded`);
+    process.exit(0);
+}

package/dist/config.d.ts

@@ -0,0 +1 @@
+export declare const API_URL: string;

package/dist/config.js

@@ -0,0 +1 @@
+export const API_URL = process.env.AUTH_API_URL || 'https://authentication.stable.tastydata.io/api';

package/dist/index.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/index.js

@@ -0,0 +1,3 @@
+import { startServer } from './mcp/server.js';
+import { API_URL } from './config.js';
+startServer(API_URL);

package/dist/mcp/server.d.ts

@@ -0,0 +1 @@
+export declare function startServer(apiUrl: string): Promise<void>;

package/dist/mcp/server.js

@@ -0,0 +1,71 @@
+import { Server } from '@modelcontextprotocol/sdk/server/index.js';
+import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
+import { CallToolRequestSchema, ListToolsRequestSchema } from '@modelcontextprotocol/sdk/types.js';
+import { readSession } from '../auth/session.js';
+import { createClient } from '../api/client.js';
+import { validateSession } from '../api/endpoints.js';
+import { tools } from './tools/index.js';
+export async function startServer(apiUrl) {
+    const session = readSession();
+    if (!session) {
+        console.error('No session found. Run: mcp-chaos-auth login');
+        process.exit(1);
+    }
+    const client = createClient(apiUrl);
+    try {
+        await validateSession(client);
+        console.error('MCP server starting');
+        console.error(`Session valid until ${session.expiresAt.toISOString()}`);
+        console.error(`Loaded ${tools.length} tools`);
+    }
+    catch (error) {
+        console.error(`Cannot reach auth server: ${error.message}`);
+        process.exit(1);
+    }
+    const server = new Server({
+        name: 'mcp-chaos-auth',
+        version: '1.0.0',
+    }, {
+        capabilities: {
+            tools: {},
+        },
+    });
+    server.setRequestHandler(ListToolsRequestSchema, async () => ({
+        tools: tools.map((tool) => ({
+            name: tool.name,
+            description: tool.description,
+            inputSchema: tool.inputSchema,
+        })),
+    }));
+    server.setRequestHandler(CallToolRequestSchema, async (request) => {
+        const tool = tools.find((t) => t.name === request.params.name);
+        if (!tool) {
+            throw new Error(`Tool not found: ${request.params.name}`);
+        }
+        try {
+            const result = await tool.handler(client);
+            return {
+                content: [
+                    {
+                        type: 'text',
+                        text: JSON.stringify(result, null, 2),
+                    },
+                ],
+            };
+        }
+        catch (error) {
+            return {
+                content: [
+                    {
+                        type: 'text',
+                        text: `Error: ${error.message}`,
+                    },
+                ],
+                isError: true,
+            };
+        }
+    });
+    const transport = new StdioServerTransport();
+    await server.connect(transport);
+    console.error('MCP server ready');
+}

package/dist/mcp/tools/example-tool.d.ts

@@ -0,0 +1,15 @@
+import type { AxiosInstance } from 'axios';
+export declare const exampleTool: {
+    name: string;
+    description: string;
+    inputSchema: {
+        type: string;
+        properties: {};
+        required: never[];
+    };
+    handler: (client: AxiosInstance) => Promise<{
+        username: any;
+        roles: any;
+        permissions: any;
+    }>;
+};

package/dist/mcp/tools/example-tool.js

@@ -0,0 +1,17 @@
+export const exampleTool = {
+    name: "chaos_auth_whoami",
+    description: "Get current authenticated user info",
+    inputSchema: {
+        type: "object",
+        properties: {},
+        required: [],
+    },
+    handler: async (client) => {
+        const response = await client.get("/users/me");
+        return {
+            username: response.data.username,
+            roles: response.data.roles,
+            permissions: response.data.permissions,
+        };
+    },
+};

package/dist/mcp/tools/index.d.ts

@@ -0,0 +1,14 @@
+export declare const tools: {
+    name: string;
+    description: string;
+    inputSchema: {
+        type: string;
+        properties: {};
+        required: never[];
+    };
+    handler: (client: import("axios").AxiosInstance) => Promise<{
+        username: any;
+        roles: any;
+        permissions: any;
+    }>;
+}[];

package/dist/mcp/tools/index.js

@@ -0,0 +1,4 @@
+import { exampleTool } from './example-tool.js';
+export const tools = [
+    exampleTool,
+];

package/package.json

@@ -0,0 +1,35 @@
+{
+  "name": "dashley-mcp-framework",
+  "version": "1.0.1",
+  "description": "MCP server with authenticated access to Chaos Auth backend",
+  "author": "Joshua Icuss",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/yourusername/mcp-chaos-auth"
+  },
+  "keywords": ["mcp", "authentication", "chaos-auth"],
+  "type": "module",
+  "files": [
+    "dist",
+    "bin"
+  ],
+  "bin": {
+    "tasty-auth": "./bin/tasty-auth",
+    "tasty-mcp-server": "./bin/tasty-mcp-server"
+  },
+  "scripts": {
+    "build": "tsc",
+    "dev": "tsx src/index.ts",
+    "login": "tsx src/cli/index.ts login"
+  },
+  "dependencies": {
+    "@modelcontextprotocol/sdk": "^1.0.4",
+    "axios": "^1.7.9"
+  },
+  "devDependencies": {
+    "@types/node": "^22.10.5",
+    "tsx": "^4.19.2",
+    "typescript": "^5.7.2"
+  }
+}