npm - doora-mcp - Versions diffs - 0.3.1 → 0.4.0 - Mend

doora-mcp 0.3.1 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/README.md CHANGED Viewed

@@ -16,35 +16,44 @@ into your MCP client's config and restart:
   "mcpServers": {
     "doora": {
       "command": "npx",
-      "args": ["-y", "doora-mcp"],
-      "env": {
-        "DOORA_API_KEY": "dk_test_..."
-      }
+      "args": ["-y", "doora-mcp"]
     }
   }
 }
 ```
-You should see "doora" in Claude Desktop's available-tools panel.
+That's it. You should see "doora" in Claude Desktop's available-tools
+panel after restart.
 For Cursor, Continue, Zed, and other clients, see
 **https://www.doora.to/docs/mcp** for per-client config snippets.
-## Get an API key
+## Optional: API key for higher limits
-You'll need a doora merchant API key in the `DOORA_API_KEY` env
-slot. Two flavours:
+During the launch window doora-mcp works with **no configuration** —
+the server falls back to a shared anonymous key. Fine for trying it
+out, occasional lookups, and dev work.
+For higher rate-limit budgets, per-merchant audit attribution, and
+sustained production use, configure your own key in the `env` block:
+```jsonc
+"doora": {
+  "command": "npx",
+  "args": ["-y", "doora-mcp"],
+  "env": {
+    "DOORA_API_KEY": "dk_test_..."   // or dk_live_...
+  }
+}
+```
+Two flavours:
 - **`dk_test_…`** — sandbox key. Resolves only the curated `demo@*`
   handles. Safe to put in a config file shared with collaborators.
-- **`dk_live_…`** — production key, resolves real handles your
-  merchant integration is authorised for.
-Request a key via [the contact form](https://www.doora.to/contact).
+- **`dk_live_…`** — production key, resolves any public doora handle.
-The MCP server makes no auth check at startup — Claude can start it
-and list its tools, and only sees a friendly "configure DOORA_API_KEY"
-error when you first try to resolve a handle.
+Request one via [the contact form](https://www.doora.to/contact).
 ## Tools

package/dist/api-client.js CHANGED Viewed

@@ -1,17 +1,17 @@
 /**
- * HTTP client wrapping the doora merchant API.
+ * HTTP client wrapping the doora public API.
  *
  * Reads:
- *   DOORA_API_KEY  required for every tool that hits the server.
- *                  Format: `dk_test_…` or `dk_live_…`.
+ *   DOORA_API_KEY  OPTIONAL. When set, every request is sent with
+ *                  `Authorization: Bearer ${key}`. Format:
+ *                  `dk_test_…` or `dk_live_…`. Configure for higher
+ *                  rate-limit budgets + per-merchant audit attribution.
  *   DOORA_BASE_URL optional, defaults to https://www.doora.to.
  *                  Override only for staging / local dev.
  *
- * Important: we DO NOT validate DOORA_API_KEY at module load. That
- * would block the MCP server from booting (and listing its tools to
- * Claude Desktop) just because the user hadn't configured the key
- * yet. Instead we surface the missing-key error at tool-invocation
- * time with a clear message pointing at the fix.
+ * No key → unauthenticated request. The server falls back to a
+ * launch-window anonymous-fallback key (see lib/api-keys.ts on the
+ * doora side) so `doora-mcp` works out of the box with zero config.
  */
 const DEFAULT_BASE_URL = 'https://www.doora.to';
 export class DoraApiError extends Error {
@@ -24,14 +24,12 @@ export class DoraApiError extends Error {
         this.body = body;
     }
 }
-/** Throws a tagged error when DOORA_API_KEY is missing. Caller turns
- *  this into a friendly tool response. */
+/** Read DOORA_API_KEY if configured. Empty/unset → null, which makes
+ *  request() send no Authorization header (server picks up the
+ *  anonymous fallback). */
 function readApiKey() {
     const key = process.env.DOORA_API_KEY?.trim();
-    if (!key) {
-        throw new DoraApiError(0, null, 'DOORA_API_KEY environment variable not set. Configure it in your MCP client config (e.g. in claude_desktop_config.json under env). See https://www.doora.to/docs/mcp for setup.');
-    }
-    return key;
+    return key || null;
 }
 function baseUrl() {
     const raw = process.env.DOORA_BASE_URL?.trim() || DEFAULT_BASE_URL;
@@ -40,7 +38,8 @@ function baseUrl() {
 async function request(path, init = {}) {
     const key = readApiKey();
     const headers = new Headers(init.headers);
-    headers.set('authorization', `Bearer ${key}`);
+    if (key)
+        headers.set('authorization', `Bearer ${key}`);
     if (init.body && !headers.has('content-type')) {
         headers.set('content-type', 'application/json');
     }

package/dist/index.js CHANGED Viewed

@@ -49,7 +49,7 @@ import { DoraApiError, resolveHandle, startClaimSession, checkClaimSession, } fr
 const HANDLE_PATTERN = /^([a-z0-9-]{3,24})@([a-z0-9-]{2,16})$/i;
 const server = new McpServer({
     name: 'doora',
-    version: '0.3.1',
+    version: '0.4.0',
 }, {
     capabilities: { tools: {} },
     instructions: `doora exposes India-aware addresses behind memorable handles like \`praneeth@home\`. ` +
@@ -62,14 +62,18 @@ const server = new McpServer({
 server.registerTool('resolve_handle', {
     title: 'Resolve doora handle to address',
     description: 'Look up the full delivery address for a doora handle. Returns coordinates, ' +
-        'DIGIPIN, the place_type (apartment / villa / independent_house / commercial / ' +
-        'other) so you can phrase the response with the right vocabulary (society + flat ' +
-        'for apartment, plot number for villa, suite for commercial, etc.), the building/' +
-        'floor/unit/notes fields the owner has shared, verification method, and an audit ' +
-        'id. Use this when the user mentions any string in `username@label` shape (e.g. ' +
-        '"praneeth@home", "demo@office") and wants the underlying address. Requires the ' +
-        'DOORA_API_KEY environment variable; test keys can only resolve handles owned by ' +
-        'the configured demo user — call list_demo_handles to see those.',
+        'DIGIPIN (modern India-wide locator), the 6-digit India Post pin_code (the ' +
+        'one traditional couriers like DTDC / Bluedart / India Post route on — may ' +
+        'be null if the owner skipped it), the place_type (apartment / villa / ' +
+        'independent_house / commercial / other) so you can phrase the response with ' +
+        'the right vocabulary (society + flat for apartment, plot number for villa, ' +
+        'suite for commercial, etc.), the building/floor/unit/notes fields the owner ' +
+        'has shared, verification method, and an audit id. Use this when the user ' +
+        'mentions any string in `username@label` shape (e.g. "praneeth@home", ' +
+        '"demo@office") and wants the underlying address. Works with NO configuration ' +
+        'during the launch window — DOORA_API_KEY is optional. Set it to get higher ' +
+        'rate-limit budgets and per-merchant audit attribution; test keys are ' +
+        'firewalled to demo handles (call list_demo_handles for those).',
     inputSchema: {
         handle: z.string()
             .describe('Doora handle in the form `username@label`. Case-insensitive; will be lowercased before lookup.'),

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "doora-mcp",
-  "version": "0.3.1",
+  "version": "0.4.0",
   "description": "MCP server for doora — let Claude / Cursor / Continue look up addresses by doora handle.",
   "keywords": [
     "mcp",