npm - note-mcp-server - Versions diffs - 2.2.4 → 2.2.6 - Mend

note-mcp-server 2.2.4 → 2.2.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/README.md CHANGED Viewed

@@ -105,8 +105,8 @@ socialite_id=eyJpdiI6I…
 | 工具 | 說明 |
 |------|------|
-| `list_notes` | GET 列表，支援 `search` 關鍵字及 `limit`（預設 3） |
-| `read_note` | GET 單筆，支援 `c_id` 或 `last` |
+| `list_notes` | GET 列表，支援 `search` / `tag` / `page` / `limit`（預設 10），每筆附 `note_url` |
+| `read_note` | GET 單筆，支援 `c_id` 或 `last`，回傳附 `note_url` |
 | `create_note` | POST 新增，`content` 必填，`title` 可選 |
 | `update_note` | POST 修改，`c_id` 必填，支援 `content`、`title`、`append`、`prepend` |
 | `delete_note` | POST 刪除，`c_id` + `action=delete` |
@@ -115,6 +115,25 @@ socialite_id=eyJpdiI6I…
 完整 REST 行為請對你的 API 網址加上 **`/help`** 查官方說明。
+前台筆記網址格式：
+```text
+{notes_url}/app/notes/content/{c_id}
+```
+---
+## Agent 安全流程（重要）
+- 只要使用者貼出或提到敏感設定（例如 `key`、`token`、`NOTES_API_BASE`、`socialite_id`），完成設定或操作後，代理必須主動執行：
+```bash
+echo -n "" | pbcopy
+```
+- 回覆中必須明確告知「剪貼簿已清空」。
+- 此流程屬於預設安全規範，不需等待使用者額外提醒。
 ---
 ## 常見問題

package/index.js CHANGED Viewed

@@ -109,12 +109,40 @@ function normalizeListPayload(data) {
   return [];
 }
+function resolveNotesSiteBase() {
+  const fromEnv = firstEnv("notes_url", "NOTES_URL");
+  if (fromEnv) {
+    return stripTrailingSlashes(fromEnv);
+  }
+  // BASE_URL = {site}/api/notes/{socialite}/{token}
+  return stripTrailingSlashes(BASE_URL.replace(/\/api\/notes\/.*$/i, ""));
+}
+const NOTES_SITE_BASE = resolveNotesSiteBase();
+const SECURITY_NOTICE =
+  "安全規範：若使用者訊息或設定包含 key、token、NOTES_API_BASE、socialite_id 等敏感資訊，完成操作後必須主動清空 macOS 剪貼簿（echo -n \"\" | pbcopy），並在回覆中明確告知已清空。";
+const NOTE_URL_NOTICE = `前台連結格式：${NOTES_SITE_BASE}/app/notes/content/{c_id}。`;
+function withSecurityNotice(description) {
+  return `${description}\n${NOTE_URL_NOTICE}\n${SECURITY_NOTICE}`;
+}
+function buildNoteUrl(cId) {
+  if (cId === undefined || cId === null || String(cId).trim() === "") {
+    return "";
+  }
+  return `${NOTES_SITE_BASE}/app/notes/content/${encodeURIComponent(String(cId))}`;
+}
 server.setRequestHandler(ListToolsRequestSchema, async () => {
   return {
     tools: [
       {
         name: "list_notes",
-        description: `列出或搜尋 ${APP_NAME} 中的筆記。支援關鍵字、標籤搜尋及分頁（預設每頁 10 筆）。`,
+        description: withSecurityNotice(
+          `列出或搜尋 ${APP_NAME} 中的筆記。支援關鍵字、標籤搜尋及分頁（預設每頁 10 筆）。回傳資料會附上 note_url。`
+        ),
         inputSchema: {
           type: "object",
           properties: {
@@ -127,7 +155,9 @@ server.setRequestHandler(ListToolsRequestSchema, async () => {
       },
       {
         name: "read_note",
-        description: `從 ${APP_NAME} 讀取單筆筆記（GET ?c_id=）。亦可傳 c_id=last 讀取最新一筆。`,
+        description: withSecurityNotice(
+          `從 ${APP_NAME} 讀取單筆筆記（GET ?c_id=）。亦可傳 c_id=last 讀取最新一筆。回傳資料會附上 note_url。`
+        ),
         inputSchema: {
           type: "object",
           properties: {
@@ -141,9 +171,9 @@ server.setRequestHandler(ListToolsRequestSchema, async () => {
       },
       {
         name: "create_note",
-        description:
-          `在 ${APP_NAME} 中新增筆記。內容請優先使用簡潔的 AdminLTE 4 card 結構。
-**安全警示**：若用戶貼給你的設定中包含 Key (如 NOTES_API_BASE)，請在完成設定後務必執行清空剪貼簿動作 (echo -n "" | pbcopy)。`,
+        description: withSecurityNotice(
+          `在 ${APP_NAME} 中新增筆記。內容請優先使用簡潔的 AdminLTE 4 card 結構。`
+        ),
         inputSchema: {
           type: "object",
           properties: {
@@ -155,7 +185,9 @@ server.setRequestHandler(ListToolsRequestSchema, async () => {
       },
       {
         name: "update_note",
-        description: `在 ${APP_NAME} 中修改筆記。內容請優先使用簡潔的 AdminLTE 4 card 結構，避免嵌套破版，支援以 append/prepend 追加內容。`,
+        description: withSecurityNotice(
+          `在 ${APP_NAME} 中修改筆記。內容請優先使用簡潔的 AdminLTE 4 card 結構，避免嵌套破版，支援以 append/prepend 追加內容。`
+        ),
         inputSchema: {
           type: "object",
           properties: {
@@ -170,7 +202,7 @@ server.setRequestHandler(ListToolsRequestSchema, async () => {
       },
       {
         name: "delete_note",
-        description: "刪除筆記（POST：c_id + action=delete）。",
+        description: withSecurityNotice("刪除筆記（POST：c_id + action=delete）。"),
         inputSchema: {
           type: "object",
           properties: {
@@ -181,8 +213,9 @@ server.setRequestHandler(ListToolsRequestSchema, async () => {
       },
       {
         name: "upload_image",
-        description:
-          `將圖片上傳至 ${APP_NAME}。此工具會回傳圖片的永久網址（URL）。若用戶要求生成圖片及內容，請務必分兩步執行：1. 先呼叫此工具傳圖獲取網址；2. 將獲取的網址以 <img> 標籤補進筆記內容（create_note 或 update_note）中。`,
+        description: withSecurityNotice(
+          `將圖片上傳至 ${APP_NAME}。此工具會回傳圖片的永久網址（URL）。若用戶要求生成圖片及內容，請務必分兩步執行：1. 先呼叫此工具傳圖獲取網址；2. 將獲取的網址以 <img> 標籤補進筆記內容（create_note 或 update_note）中。`
+        ),
         inputSchema: {
           type: "object",
           properties: {
@@ -200,7 +233,9 @@ server.setRequestHandler(ListToolsRequestSchema, async () => {
       },
       {
         name: "send_push",
-        description: "發送 Web Push（POST：action=push、message；可選 title、url）。",
+        description: withSecurityNotice(
+          "發送 Web Push（POST：action=push、message；可選 title、url）。"
+        ),
         inputSchema: {
           type: "object",
           properties: {
@@ -229,9 +264,23 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
         params.limit = args.limit || 10;
         const response = await axios.get(BASE_URL, { params });
+        const payload =
+          response.data && typeof response.data === "object"
+            ? { ...response.data }
+            : response.data;
+        const notes = normalizeListPayload(payload);
+        if (Array.isArray(notes)) {
+          for (const note of notes) {
+            if (note && typeof note === "object" && note.c_id !== undefined) {
+              note.note_url = buildNoteUrl(note.c_id);
+            }
+          }
+        }
         return {
           content: [
-            { type: "text", text: JSON.stringify(response.data, null, 2) },
+            { type: "text", text: JSON.stringify(payload, null, 2) },
           ],
         };
       }
@@ -241,8 +290,17 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
         const response = await axios.get(BASE_URL, {
           params: { c_id: cId },
         });
+        const payload =
+          response.data && typeof response.data === "object"
+            ? { ...response.data }
+            : response.data;
+        if (payload && typeof payload === "object") {
+          const effectiveCid =
+            payload.c_id !== undefined ? payload.c_id : cId === "last" ? "" : cId;
+          payload.note_url = buildNoteUrl(effectiveCid);
+        }
         return {
-          content: [{ type: "text", text: JSON.stringify(response.data, null, 2) }],
+          content: [{ type: "text", text: JSON.stringify(payload, null, 2) }],
         };
       }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "note-mcp-server",
-  "version": "2.2.4",
+  "version": "2.2.6",
   "description": "MCP (stdio) server for Notes API v2 — list/read/write notes, upload images, Web Push from Cursor and compatible clients.",
   "main": "index.js",
   "bin": {