ponch-mcp-server 1.0.1

package/dist/auth.d.ts

@@ -0,0 +1,100 @@
+/**
+ * Auth Resolver — Detecta Modo A (Cowork/service account) o Modo B (tenant/credentials)
+ *
+ * Modo A: FIREBASE_SERVICE_ACCOUNT env var apunta al service account JSON
+ *   → Admin SDK, acceso a TODOS los tenants
+ *   → set_context selecciona tenant/brand en cada sesion
+ *
+ * Modo B: ~/.ponch/credentials.json tiene Firebase Auth token del tenant
+ *   → Client SDK, solo SU tenant
+ *   → tenantId viene del token guardado
+ *   → connect_account intercambia codigo por custom token
+ */
+export type AuthMode = 'cowork' | 'tenant';
+export interface AuthContext {
+    mode: AuthMode;
+    tenantId: string | null;
+    brandId: string | null;
+    brands: Array<{
+        id: string;
+        nombre: string;
+    }>;
+    userId: string | null;
+    userName: string | null;
+    rol: string | null;
+    serviceAccountPath: string | null;
+    credentialsPath: string | null;
+}
+export interface SessionContext {
+    tenantId: string | null;
+    brandId: string | null;
+}
+export interface StoredCredentials {
+    tenantId: string;
+    userId: string;
+    userName: string | null;
+    rol: string | null;
+    brands: Array<{
+        id: string;
+        nombre: string;
+    }>;
+    customToken: string;
+    idToken: string | null;
+    refreshToken: string | null;
+    connectedAt: string;
+}
+export declare const CREDENTIALS_DIR: string;
+export declare const CREDENTIALS_PATH: string;
+export declare const FIREBASE_CONFIG: {
+    apiKey: string;
+    authDomain: string;
+    projectId: string;
+    storageBucket: string;
+    messagingSenderId: string;
+    appId: string;
+};
+/**
+ * Resuelve el modo de auth al arrancar el MCP.
+ * 1. Busca FIREBASE_SERVICE_ACCOUNT en env → Modo A
+ * 2. Busca ~/.ponch/credentials.json → Modo B
+ * 3. Si ninguno → Modo B sin conectar (necesita connect_account)
+ */
+export declare function resolveAuth(): AuthContext;
+/**
+ * Guarda credentials en ~/.ponch/credentials.json
+ * Permisos 600 (solo el dueño lee)
+ */
+export declare function saveCredentials(creds: StoredCredentials): void;
+/**
+ * Lee credentials guardadas
+ */
+export declare function readCredentials(): StoredCredentials | null;
+/**
+ * Contexto de sesion mutable — se actualiza con set_context (Modo A)
+ * o se fija desde credentials (Modo B)
+ */
+export declare class Session {
+    private context;
+    private _authContext;
+    constructor(auth: AuthContext);
+    get mode(): AuthMode;
+    get tenantId(): string | null;
+    get brandId(): string | null;
+    get serviceAccountPath(): string | null;
+    get brands(): Array<{
+        id: string;
+        nombre: string;
+    }>;
+    get userName(): string | null;
+    setContext(tenantId: string, brandId: string): void;
+    /**
+     * Actualiza el contexto despues de connect_account (Modo B)
+     */
+    setTenantContext(tenantId: string, brandId: string, brands: Array<{
+        id: string;
+        nombre: string;
+    }>, userId: string, userName: string | null): void;
+    requireTenant(): string;
+    requireBrand(): string;
+}
+//# sourceMappingURL=auth.d.ts.map

package/dist/auth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAMH,MAAM,MAAM,QAAQ,GAAG,QAAQ,GAAG,QAAQ,CAAC;AAE3C,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,QAAQ,CAAC;IACf,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,MAAM,EAAE,KAAK,CAAC;QAAE,EAAE,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAC9C,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,GAAG,EAAE,MAAM,GAAG,IAAI,CAAC;IACnB,kBAAkB,EAAE,MAAM,GAAG,IAAI,CAAC;IAClC,eAAe,EAAE,MAAM,GAAG,IAAI,CAAC;CAChC;AAED,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;CACxB;AAED,MAAM,WAAW,iBAAiB;IAChC,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,GAAG,EAAE,MAAM,GAAG,IAAI,CAAC;IACnB,MAAM,EAAE,KAAK,CAAC;QAAE,EAAE,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAC9C,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,eAAO,MAAM,eAAe,QAA4B,CAAC;AACzD,eAAO,MAAM,gBAAgB,QAA4C,CAAC;AAG1E,eAAO,MAAM,eAAe;;;;;;;CAO3B,CAAC;AAEF;;;;;GAKG;AACH,wBAAgB,WAAW,IAAI,WAAW,CAqDzC;AAED;;;GAGG;AACH,wBAAgB,eAAe,CAAC,KAAK,EAAE,iBAAiB,GAAG,IAAI,CAK9D;AAED;;GAEG;AACH,wBAAgB,eAAe,IAAI,iBAAiB,GAAG,IAAI,CAO1D;AAED;;;GAGG;AACH,qBAAa,OAAO;IAClB,OAAO,CAAC,OAAO,CAAiB;IAChC,OAAO,CAAC,YAAY,CAAc;gBAEtB,IAAI,EAAE,WAAW;IAQ7B,IAAI,IAAI,IAAI,QAAQ,CAEnB;IAED,IAAI,QAAQ,IAAI,MAAM,GAAG,IAAI,CAE5B;IAED,IAAI,OAAO,IAAI,MAAM,GAAG,IAAI,CAE3B;IAED,IAAI,kBAAkB,IAAI,MAAM,GAAG,IAAI,CAEtC;IAED,IAAI,MAAM,IAAI,KAAK,CAAC;QAAE,EAAE,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC,CAElD;IAED,IAAI,QAAQ,IAAI,MAAM,GAAG,IAAI,CAE5B;IAED,UAAU,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,IAAI;IAQnD;;OAEG;IACH,gBAAgB,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,CAAC;QAAE,EAAE,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,IAAI,GAAG,IAAI;IAUjJ,aAAa,IAAI,MAAM;IAWvB,YAAY,IAAI,MAAM;CAMvB"}

package/dist/auth.js

@@ -0,0 +1,175 @@
+/**
+ * Auth Resolver — Detecta Modo A (Cowork/service account) o Modo B (tenant/credentials)
+ *
+ * Modo A: FIREBASE_SERVICE_ACCOUNT env var apunta al service account JSON
+ *   → Admin SDK, acceso a TODOS los tenants
+ *   → set_context selecciona tenant/brand en cada sesion
+ *
+ * Modo B: ~/.ponch/credentials.json tiene Firebase Auth token del tenant
+ *   → Client SDK, solo SU tenant
+ *   → tenantId viene del token guardado
+ *   → connect_account intercambia codigo por custom token
+ */
+import { readFileSync, writeFileSync, existsSync, mkdirSync } from 'fs';
+import { join } from 'path';
+import { homedir } from 'os';
+export const CREDENTIALS_DIR = join(homedir(), '.ponch');
+export const CREDENTIALS_PATH = join(CREDENTIALS_DIR, 'credentials.json');
+// Firebase project config (hardcoded — mismo proyecto para todos)
+export const FIREBASE_CONFIG = {
+    apiKey: 'AIzaSyCe9kCNhi0nFzFEXTsEUmz9UD5AmiN-apE',
+    authDomain: 'atteyo-ops.firebaseapp.com',
+    projectId: 'atteyo-ops',
+    storageBucket: 'atteyo-ops.firebasestorage.app',
+    messagingSenderId: '481353219532',
+    appId: '1:481353219532:web:66f5d26a4efdb589baf169',
+};
+/**
+ * Resuelve el modo de auth al arrancar el MCP.
+ * 1. Busca FIREBASE_SERVICE_ACCOUNT en env → Modo A
+ * 2. Busca ~/.ponch/credentials.json → Modo B
+ * 3. Si ninguno → Modo B sin conectar (necesita connect_account)
+ */
+export function resolveAuth() {
+    // Modo A: service account
+    const saPath = process.env.FIREBASE_SERVICE_ACCOUNT;
+    if (saPath) {
+        const resolvedPath = saPath.startsWith('/') ? saPath : join(process.cwd(), saPath);
+        if (existsSync(resolvedPath)) {
+            return {
+                mode: 'cowork',
+                tenantId: null,
+                brandId: null,
+                brands: [],
+                userId: null,
+                userName: null,
+                rol: 'super_admin', // service account = admin total
+                serviceAccountPath: resolvedPath,
+                credentialsPath: null,
+            };
+        }
+        console.error(`[auth] FIREBASE_SERVICE_ACCOUNT apunta a ${resolvedPath} pero no existe`);
+    }
+    // Modo B: credentials locales del tenant
+    if (existsSync(CREDENTIALS_PATH)) {
+        try {
+            const creds = JSON.parse(readFileSync(CREDENTIALS_PATH, 'utf-8'));
+            return {
+                mode: creds.rol === 'super_admin' ? 'cowork' : 'tenant',
+                tenantId: creds.tenantId ?? null,
+                brandId: creds.brands?.[0]?.id ?? null,
+                brands: creds.brands ?? [],
+                userId: creds.userId ?? null,
+                userName: creds.userName ?? null,
+                rol: creds.rol ?? null,
+                serviceAccountPath: null,
+                credentialsPath: CREDENTIALS_PATH,
+            };
+        }
+        catch {
+            console.error('[auth] Error leyendo credentials.json');
+        }
+    }
+    // Modo B sin conectar
+    return {
+        mode: 'tenant',
+        tenantId: null,
+        brandId: null,
+        brands: [],
+        userId: null,
+        userName: null,
+        rol: null,
+        serviceAccountPath: null,
+        credentialsPath: null,
+    };
+}
+/**
+ * Guarda credentials en ~/.ponch/credentials.json
+ * Permisos 600 (solo el dueño lee)
+ */
+export function saveCredentials(creds) {
+    if (!existsSync(CREDENTIALS_DIR)) {
+        mkdirSync(CREDENTIALS_DIR, { recursive: true, mode: 0o700 });
+    }
+    writeFileSync(CREDENTIALS_PATH, JSON.stringify(creds, null, 2), { mode: 0o600 });
+}
+/**
+ * Lee credentials guardadas
+ */
+export function readCredentials() {
+    if (!existsSync(CREDENTIALS_PATH))
+        return null;
+    try {
+        return JSON.parse(readFileSync(CREDENTIALS_PATH, 'utf-8'));
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Contexto de sesion mutable — se actualiza con set_context (Modo A)
+ * o se fija desde credentials (Modo B)
+ */
+export class Session {
+    context;
+    _authContext;
+    constructor(auth) {
+        this._authContext = auth;
+        this.context = {
+            tenantId: auth.tenantId,
+            brandId: auth.brandId,
+        };
+    }
+    get mode() {
+        return this._authContext.mode;
+    }
+    get tenantId() {
+        return this.context.tenantId;
+    }
+    get brandId() {
+        return this.context.brandId;
+    }
+    get serviceAccountPath() {
+        return this._authContext.serviceAccountPath;
+    }
+    get brands() {
+        return this._authContext.brands;
+    }
+    get userName() {
+        return this._authContext.userName;
+    }
+    setContext(tenantId, brandId) {
+        if (this._authContext.mode !== 'cowork') {
+            throw new Error('set_context solo disponible en Modo Cowork');
+        }
+        this.context.tenantId = tenantId;
+        this.context.brandId = brandId;
+    }
+    /**
+     * Actualiza el contexto despues de connect_account (Modo B)
+     */
+    setTenantContext(tenantId, brandId, brands, userId, userName) {
+        this.context.tenantId = tenantId;
+        this.context.brandId = brandId;
+        this._authContext.tenantId = tenantId;
+        this._authContext.brandId = brandId;
+        this._authContext.brands = brands;
+        this._authContext.userId = userId;
+        this._authContext.userName = userName;
+    }
+    requireTenant() {
+        if (!this.context.tenantId) {
+            throw new Error(this._authContext.mode === 'cowork'
+                ? 'Usa set_context para seleccionar un tenant primero'
+                : 'No conectado. Usa connect_account para conectar tu cuenta de Ponch');
+        }
+        return this.context.tenantId;
+    }
+    requireBrand() {
+        if (!this.context.brandId) {
+            throw new Error('No hay brand seleccionada. Especifica brandId o usa set_context');
+        }
+        return this.context.brandId;
+    }
+}
+//# sourceMappingURL=auth.js.map

package/dist/auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.js","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,IAAI,CAAC;AACxE,OAAO,EAAE,IAAI,EAAW,MAAM,MAAM,CAAC;AACrC,OAAO,EAAE,OAAO,EAAE,MAAM,IAAI,CAAC;AAiC7B,MAAM,CAAC,MAAM,eAAe,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,QAAQ,CAAC,CAAC;AACzD,MAAM,CAAC,MAAM,gBAAgB,GAAG,IAAI,CAAC,eAAe,EAAE,kBAAkB,CAAC,CAAC;AAE1E,kEAAkE;AAClE,MAAM,CAAC,MAAM,eAAe,GAAG;IAC7B,MAAM,EAAE,yCAAyC;IACjD,UAAU,EAAE,4BAA4B;IACxC,SAAS,EAAE,YAAY;IACvB,aAAa,EAAE,gCAAgC;IAC/C,iBAAiB,EAAE,cAAc;IACjC,KAAK,EAAE,2CAA2C;CACnD,CAAC;AAEF;;;;;GAKG;AACH,MAAM,UAAU,WAAW;IACzB,0BAA0B;IAC1B,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC;IACpD,IAAI,MAAM,EAAE,CAAC;QACX,MAAM,YAAY,GAAG,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,MAAM,CAAC,CAAC;QACnF,IAAI,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;YAC7B,OAAO;gBACL,IAAI,EAAE,QAAQ;gBACd,QAAQ,EAAE,IAAI;gBACd,OAAO,EAAE,IAAI;gBACb,MAAM,EAAE,EAAE;gBACV,MAAM,EAAE,IAAI;gBACZ,QAAQ,EAAE,IAAI;gBACd,GAAG,EAAE,aAAa,EAAE,gCAAgC;gBACpD,kBAAkB,EAAE,YAAY;gBAChC,eAAe,EAAE,IAAI;aACtB,CAAC;QACJ,CAAC;QACD,OAAO,CAAC,KAAK,CAAC,4CAA4C,YAAY,iBAAiB,CAAC,CAAC;IAC3F,CAAC;IAED,yCAAyC;IACzC,IAAI,UAAU,CAAC,gBAAgB,CAAC,EAAE,CAAC;QACjC,IAAI,CAAC;YACH,MAAM,KAAK,GAAsB,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,gBAAgB,EAAE,OAAO,CAAC,CAAC,CAAC;YACrF,OAAO;gBACL,IAAI,EAAE,KAAK,CAAC,GAAG,KAAK,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ;gBACvD,QAAQ,EAAE,KAAK,CAAC,QAAQ,IAAI,IAAI;gBAChC,OAAO,EAAE,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,IAAI,IAAI;gBACtC,MAAM,EAAE,KAAK,CAAC,MAAM,IAAI,EAAE;gBAC1B,MAAM,EAAE,KAAK,CAAC,MAAM,IAAI,IAAI;gBAC5B,QAAQ,EAAE,KAAK,CAAC,QAAQ,IAAI,IAAI;gBAChC,GAAG,EAAE,KAAK,CAAC,GAAG,IAAI,IAAI;gBACtB,kBAAkB,EAAE,IAAI;gBACxB,eAAe,EAAE,gBAAgB;aAClC,CAAC;QACJ,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,CAAC,KAAK,CAAC,uCAAuC,CAAC,CAAC;QACzD,CAAC;IACH,CAAC;IAED,sBAAsB;IACtB,OAAO;QACL,IAAI,EAAE,QAAQ;QACd,QAAQ,EAAE,IAAI;QACd,OAAO,EAAE,IAAI;QACb,MAAM,EAAE,EAAE;QACV,MAAM,EAAE,IAAI;QACZ,QAAQ,EAAE,IAAI;QACd,GAAG,EAAE,IAAI;QACT,kBAAkB,EAAE,IAAI;QACxB,eAAe,EAAE,IAAI;KACtB,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,eAAe,CAAC,KAAwB;IACtD,IAAI,CAAC,UAAU,CAAC,eAAe,CAAC,EAAE,CAAC;QACjC,SAAS,CAAC,eAAe,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAC/D,CAAC;IACD,aAAa,CAAC,gBAAgB,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;AACnF,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe;IAC7B,IAAI,CAAC,UAAU,CAAC,gBAAgB,CAAC;QAAE,OAAO,IAAI,CAAC;IAC/C,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,gBAAgB,EAAE,OAAO,CAAC,CAAC,CAAC;IAC7D,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,OAAO,OAAO;IACV,OAAO,CAAiB;IACxB,YAAY,CAAc;IAElC,YAAY,IAAiB;QAC3B,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC;QACzB,IAAI,CAAC,OAAO,GAAG;YACb,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,OAAO,EAAE,IAAI,CAAC,OAAO;SACtB,CAAC;IACJ,CAAC;IAED,IAAI,IAAI;QACN,OAAO,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC;IAChC,CAAC;IAED,IAAI,QAAQ;QACV,OAAO,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC;IAC/B,CAAC;IAED,IAAI,OAAO;QACT,OAAO,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC;IAC9B,CAAC;IAED,IAAI,kBAAkB;QACpB,OAAO,IAAI,CAAC,YAAY,CAAC,kBAAkB,CAAC;IAC9C,CAAC;IAED,IAAI,MAAM;QACR,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC;IAClC,CAAC;IAED,IAAI,QAAQ;QACV,OAAO,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC;IACpC,CAAC;IAED,UAAU,CAAC,QAAgB,EAAE,OAAe;QAC1C,IAAI,IAAI,CAAC,YAAY,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YACxC,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;QAChE,CAAC;QACD,IAAI,CAAC,OAAO,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACjC,IAAI,CAAC,OAAO,CAAC,OAAO,GAAG,OAAO,CAAC;IACjC,CAAC;IAED;;OAEG;IACH,gBAAgB,CAAC,QAAgB,EAAE,OAAe,EAAE,MAA6C,EAAE,MAAc,EAAE,QAAuB;QACxI,IAAI,CAAC,OAAO,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACjC,IAAI,CAAC,OAAO,CAAC,OAAO,GAAG,OAAO,CAAC;QAC/B,IAAI,CAAC,YAAY,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACtC,IAAI,CAAC,YAAY,CAAC,OAAO,GAAG,OAAO,CAAC;QACpC,IAAI,CAAC,YAAY,CAAC,MAAM,GAAG,MAAM,CAAC;QAClC,IAAI,CAAC,YAAY,CAAC,MAAM,GAAG,MAAM,CAAC;QAClC,IAAI,CAAC,YAAY,CAAC,QAAQ,GAAG,QAAQ,CAAC;IACxC,CAAC;IAED,aAAa;QACX,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC;YAC3B,MAAM,IAAI,KAAK,CACb,IAAI,CAAC,YAAY,CAAC,IAAI,KAAK,QAAQ;gBACjC,CAAC,CAAC,oDAAoD;gBACtD,CAAC,CAAC,oEAAoE,CACzE,CAAC;QACJ,CAAC;QACD,OAAO,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC;IAC/B,CAAC;IAED,YAAY;QACV,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;YAC1B,MAAM,IAAI,KAAK,CAAC,iEAAiE,CAAC,CAAC;QACrF,CAAC;QACD,OAAO,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC;IAC9B,CAAC;CACF"}

package/dist/firestore.d.ts

@@ -0,0 +1,64 @@
+/**
+ * Firebase connection + helpers
+ *
+ * Modo A (Cowork): firebase-admin con service account → acceso total
+ * Modo B (Tenant): firebase client SDK con auth token → solo su data (security rules)
+ *
+ * La interfaz de helpers es IDENTICA para ambos modos.
+ * El modo se detecta al inicializar.
+ */
+import type { Session } from './auth.js';
+type FirestoreMode = 'admin' | 'client' | 'none';
+/**
+ * Inicializa Firebase Admin SDK (Modo A).
+ */
+export declare function initFirebaseAdmin(serviceAccountPath: string): void;
+/**
+ * Inicializa Firebase Client SDK (Modo B).
+ * Autentica con custom token de credentials.json.
+ */
+export declare function initFirebaseClient(): Promise<boolean>;
+/**
+ * Re-autenticar despues de connect_account (sin reiniciar el MCP).
+ */
+export declare function reauthClient(customToken: string): Promise<boolean>;
+export declare function getMode(): FirestoreMode;
+interface QueryFilter {
+    field: string;
+    op: '<' | '<=' | '==' | '!=' | '>=' | '>' | 'array-contains' | 'in' | 'not-in' | 'array-contains-any';
+    value: unknown;
+}
+interface QueryOptions {
+    orderBy?: {
+        field: string;
+        direction?: 'asc' | 'desc';
+    };
+    limit?: number;
+}
+/**
+ * Query con tenantId obligatorio.
+ * Funciona identico en Modo A (admin) y Modo B (client).
+ */
+export declare function queryByTenant(session: Session, collectionName: string, filters?: QueryFilter[], options?: QueryOptions): Promise<Record<string, unknown>[]>;
+/**
+ * Lee un documento por ID.
+ */
+export declare function readDoc(collectionName: string, docId: string): Promise<Record<string, unknown> | null>;
+/**
+ * Escribe (set merge) un documento.
+ */
+export declare function writeDoc(collectionName: string, docId: string, data: Record<string, unknown>): Promise<void>;
+/**
+ * Actualiza campos de un documento existente.
+ */
+export declare function updateDoc(collectionName: string, docId: string, data: Record<string, unknown>): Promise<void>;
+/**
+ * Genera un ID unico para un documento nuevo.
+ */
+export declare function generateId(collectionName: string): string;
+/**
+ * Server timestamp para escrituras. Funciona en ambos modos.
+ */
+export declare function serverTimestamp(): unknown;
+export {};
+//# sourceMappingURL=firestore.d.ts.map

package/dist/firestore.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"firestore.d.ts","sourceRoot":"","sources":["../src/firestore.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAuBH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAKzC,KAAK,aAAa,GAAG,OAAO,GAAG,QAAQ,GAAG,MAAM,CAAC;AAOjD;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,kBAAkB,EAAE,MAAM,GAAG,IAAI,CAalE;AAED;;;GAGG;AACH,wBAAsB,kBAAkB,IAAI,OAAO,CAAC,OAAO,CAAC,CAwB3D;AAED;;GAEG;AACH,wBAAsB,YAAY,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAqBxE;AAED,wBAAgB,OAAO,IAAI,aAAa,CAEvC;AAID,UAAU,WAAW;IACnB,KAAK,EAAE,MAAM,CAAC;IACd,EAAE,EAAE,GAAG,GAAG,IAAI,GAAG,IAAI,GAAG,IAAI,GAAG,IAAI,GAAG,GAAG,GAAG,gBAAgB,GAAG,IAAI,GAAG,QAAQ,GAAG,oBAAoB,CAAC;IACtG,KAAK,EAAE,OAAO,CAAC;CAChB;AAED,UAAU,YAAY;IACpB,OAAO,CAAC,EAAE;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,SAAS,CAAC,EAAE,KAAK,GAAG,MAAM,CAAA;KAAE,CAAC;IACxD,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAID;;;GAGG;AACH,wBAAsB,aAAa,CACjC,OAAO,EAAE,OAAO,EAChB,cAAc,EAAE,MAAM,EACtB,OAAO,GAAE,WAAW,EAAO,EAC3B,OAAO,GAAE,YAAiB,GACzB,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,CAAC,CASpC;AAkDD;;GAEG;AACH,wBAAsB,OAAO,CAC3B,cAAc,EAAE,MAAM,EACtB,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC,CAYzC;AAED;;GAEG;AACH,wBAAsB,QAAQ,CAC5B,cAAc,EAAE,MAAM,EACtB,KAAK,EAAE,MAAM,EACb,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAC5B,OAAO,CAAC,IAAI,CAAC,CASf;AAED;;GAEG;AACH,wBAAsB,SAAS,CAC7B,cAAc,EAAE,MAAM,EACtB,KAAK,EAAE,MAAM,EACb,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAC5B,OAAO,CAAC,IAAI,CAAC,CASf;AAED;;GAEG;AACH,wBAAgB,UAAU,CAAC,cAAc,EAAE,MAAM,GAAG,MAAM,CAOzD;AAED;;GAEG;AACH,wBAAgB,eAAe,IAAI,OAAO,CAMzC"}

package/dist/firestore.js

@@ -0,0 +1,207 @@
+/**
+ * Firebase connection + helpers
+ *
+ * Modo A (Cowork): firebase-admin con service account → acceso total
+ * Modo B (Tenant): firebase client SDK con auth token → solo su data (security rules)
+ *
+ * La interfaz de helpers es IDENTICA para ambos modos.
+ * El modo se detecta al inicializar.
+ */
+import admin from 'firebase-admin';
+import { initializeApp as initClientApp } from 'firebase/app';
+import { getFirestore as getClientFirestore, collection as clientCollection, doc as clientDoc, getDoc as clientGetDoc, getDocs as clientGetDocs, setDoc as clientSetDoc, updateDoc as clientUpdateDoc, query as clientQuery, where as clientWhere, orderBy as clientOrderBy, limit as clientLimit, serverTimestamp as clientServerTimestamp, } from 'firebase/firestore';
+import { getAuth as getClientAuth, signInWithCustomToken, } from 'firebase/auth';
+import { readFileSync } from 'fs';
+import { FIREBASE_CONFIG, readCredentials } from './auth.js';
+let mode = 'none';
+let adminDb;
+let clientDb;
+// ─── Inicializacion ───
+/**
+ * Inicializa Firebase Admin SDK (Modo A).
+ */
+export function initFirebaseAdmin(serviceAccountPath) {
+    if (mode !== 'none')
+        return;
+    const serviceAccount = JSON.parse(readFileSync(serviceAccountPath, 'utf-8'));
+    admin.initializeApp({
+        credential: admin.credential.cert(serviceAccount),
+    });
+    adminDb = admin.firestore();
+    mode = 'admin';
+}
+/**
+ * Inicializa Firebase Client SDK (Modo B).
+ * Autentica con custom token de credentials.json.
+ */
+export async function initFirebaseClient() {
+    if (mode !== 'none')
+        return true;
+    const creds = readCredentials();
+    if (!creds?.customToken) {
+        console.error('[firestore] No hay custom token en credentials.json');
+        return false;
+    }
+    try {
+        const app = initClientApp(FIREBASE_CONFIG);
+        const auth = getClientAuth(app);
+        // Autenticar con custom token
+        await signInWithCustomToken(auth, creds.customToken);
+        clientDb = getClientFirestore(app);
+        mode = 'client';
+        console.error('[firestore] Firebase Client SDK autenticado');
+        return true;
+    }
+    catch (err) {
+        console.error('[firestore] Error autenticando con Client SDK:', err);
+        return false;
+    }
+}
+/**
+ * Re-autenticar despues de connect_account (sin reiniciar el MCP).
+ */
+export async function reauthClient(customToken) {
+    try {
+        let app;
+        if (mode === 'client') {
+            // Ya inicializado, solo re-autenticar
+            const { getApp } = await import('firebase/app');
+            app = getApp();
+        }
+        else {
+            app = initClientApp(FIREBASE_CONFIG);
+        }
+        const auth = getClientAuth(app);
+        await signInWithCustomToken(auth, customToken);
+        clientDb = getClientFirestore(app);
+        mode = 'client';
+        return true;
+    }
+    catch (err) {
+        console.error('[firestore] Error re-autenticando:', err);
+        return false;
+    }
+}
+export function getMode() {
+    return mode;
+}
+// ─── Helpers unificados ───
+/**
+ * Query con tenantId obligatorio.
+ * Funciona identico en Modo A (admin) y Modo B (client).
+ */
+export async function queryByTenant(session, collectionName, filters = [], options = {}) {
+    const tenantId = session.requireTenant();
+    if (mode === 'admin') {
+        return queryByTenantAdmin(tenantId, collectionName, filters, options);
+    }
+    else if (mode === 'client') {
+        return queryByTenantClient(tenantId, collectionName, filters, options);
+    }
+    throw new Error('Firebase no inicializado');
+}
+async function queryByTenantAdmin(tenantId, collectionName, filters, options) {
+    let query = adminDb
+        .collection(collectionName)
+        .where('tenantId', '==', tenantId);
+    for (const f of filters) {
+        query = query.where(f.field, f.op, f.value);
+    }
+    if (options.orderBy) {
+        query = query.orderBy(options.orderBy.field, options.orderBy.direction ?? 'asc');
+    }
+    if (options.limit) {
+        query = query.limit(options.limit);
+    }
+    const snapshot = await query.get();
+    return snapshot.docs.map((doc) => ({ id: doc.id, ...doc.data() }));
+}
+async function queryByTenantClient(tenantId, collectionName, filters, options) {
+    const whereConstraints = [clientWhere('tenantId', '==', tenantId)];
+    for (const f of filters) {
+        whereConstraints.push(clientWhere(f.field, f.op, f.value));
+    }
+    const allConstraints = [...whereConstraints];
+    if (options.orderBy) {
+        allConstraints.push(clientOrderBy(options.orderBy.field, options.orderBy.direction ?? 'asc'));
+    }
+    if (options.limit) {
+        allConstraints.push(clientLimit(options.limit));
+    }
+    const q = clientQuery(clientCollection(clientDb, collectionName), ...allConstraints);
+    const snapshot = await clientGetDocs(q);
+    return snapshot.docs.map((doc) => ({ id: doc.id, ...doc.data() }));
+}
+/**
+ * Lee un documento por ID.
+ */
+export async function readDoc(collectionName, docId) {
+    if (mode === 'admin') {
+        const doc = await adminDb.collection(collectionName).doc(docId).get();
+        if (!doc.exists)
+            return null;
+        return { id: doc.id, ...doc.data() };
+    }
+    else if (mode === 'client') {
+        const ref = clientDoc(clientDb, collectionName, docId);
+        const doc = await clientGetDoc(ref);
+        if (!doc.exists())
+            return null;
+        return { id: doc.id, ...doc.data() };
+    }
+    throw new Error('Firebase no inicializado');
+}
+/**
+ * Escribe (set merge) un documento.
+ */
+export async function writeDoc(collectionName, docId, data) {
+    if (mode === 'admin') {
+        await adminDb.collection(collectionName).doc(docId).set(data, { merge: true });
+    }
+    else if (mode === 'client') {
+        const ref = clientDoc(clientDb, collectionName, docId);
+        await clientSetDoc(ref, data, { merge: true });
+    }
+    else {
+        throw new Error('Firebase no inicializado');
+    }
+}
+/**
+ * Actualiza campos de un documento existente.
+ */
+export async function updateDoc(collectionName, docId, data) {
+    if (mode === 'admin') {
+        await adminDb.collection(collectionName).doc(docId).update(data);
+    }
+    else if (mode === 'client') {
+        const ref = clientDoc(clientDb, collectionName, docId);
+        await clientUpdateDoc(ref, data);
+    }
+    else {
+        throw new Error('Firebase no inicializado');
+    }
+}
+/**
+ * Genera un ID unico para un documento nuevo.
+ */
+export function generateId(collectionName) {
+    if (mode === 'admin') {
+        return adminDb.collection(collectionName).doc().id;
+    }
+    else if (mode === 'client') {
+        return clientDoc(clientCollection(clientDb, collectionName)).id;
+    }
+    throw new Error('Firebase no inicializado');
+}
+/**
+ * Server timestamp para escrituras. Funciona en ambos modos.
+ */
+export function serverTimestamp() {
+    if (mode === 'admin') {
+        return admin.firestore.FieldValue.serverTimestamp();
+    }
+    else {
+        return clientServerTimestamp();
+    }
+}
+//# sourceMappingURL=firestore.js.map

package/dist/firestore.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"firestore.js","sourceRoot":"","sources":["../src/firestore.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,MAAM,gBAAgB,CAAC;AACnC,OAAO,EAAE,aAAa,IAAI,aAAa,EAAE,MAAM,cAAc,CAAC;AAC9D,OAAO,EACL,YAAY,IAAI,kBAAkB,EAClC,UAAU,IAAI,gBAAgB,EAC9B,GAAG,IAAI,SAAS,EAChB,MAAM,IAAI,YAAY,EACtB,OAAO,IAAI,aAAa,EACxB,MAAM,IAAI,YAAY,EACtB,SAAS,IAAI,eAAe,EAC5B,KAAK,IAAI,WAAW,EACpB,KAAK,IAAI,WAAW,EACpB,OAAO,IAAI,aAAa,EACxB,KAAK,IAAI,WAAW,EACpB,eAAe,IAAI,qBAAqB,GACzC,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACL,OAAO,IAAI,aAAa,EACxB,qBAAqB,GACtB,MAAM,eAAe,CAAC;AACvB,OAAO,EAAE,YAAY,EAAE,MAAM,IAAI,CAAC;AAElC,OAAO,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAK7D,IAAI,IAAI,GAAkB,MAAM,CAAC;AACjC,IAAI,OAAkC,CAAC;AACvC,IAAI,QAA+C,CAAC;AAEpD,yBAAyB;AAEzB;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,kBAA0B;IAC1D,IAAI,IAAI,KAAK,MAAM;QAAE,OAAO;IAE5B,MAAM,cAAc,GAAG,IAAI,CAAC,KAAK,CAC/B,YAAY,CAAC,kBAAkB,EAAE,OAAO,CAAC,CAC1C,CAAC;IAEF,KAAK,CAAC,aAAa,CAAC;QAClB,UAAU,EAAE,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,cAAc,CAAC;KAClD,CAAC,CAAC;IAEH,OAAO,GAAG,KAAK,CAAC,SAAS,EAAE,CAAC;IAC5B,IAAI,GAAG,OAAO,CAAC;AACjB,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB;IACtC,IAAI,IAAI,KAAK,MAAM;QAAE,OAAO,IAAI,CAAC;IAEjC,MAAM,KAAK,GAAG,eAAe,EAAE,CAAC;IAChC,IAAI,CAAC,KAAK,EAAE,WAAW,EAAE,CAAC;QACxB,OAAO,CAAC,KAAK,CAAC,qDAAqD,CAAC,CAAC;QACrE,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,aAAa,CAAC,eAAe,CAAC,CAAC;QAC3C,MAAM,IAAI,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC;QAEhC,8BAA8B;QAC9B,MAAM,qBAAqB,CAAC,IAAI,EAAE,KAAK,CAAC,WAAW,CAAC,CAAC;QAErD,QAAQ,GAAG,kBAAkB,CAAC,GAAG,CAAC,CAAC;QACnC,IAAI,GAAG,QAAQ,CAAC;QAChB,OAAO,CAAC,KAAK,CAAC,6CAA6C,CAAC,CAAC;QAC7D,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,gDAAgD,EAAE,GAAG,CAAC,CAAC;QACrE,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,WAAmB;IACpD,IAAI,CAAC;QACH,IAAI,GAAG,CAAC;QACR,IAAI,IAAI,KAAK,QAAQ,EAAE,CAAC;YACtB,sCAAsC;YACtC,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,cAAc,CAAC,CAAC;YAChD,GAAG,GAAG,MAAM,EAAE,CAAC;QACjB,CAAC;aAAM,CAAC;YACN,GAAG,GAAG,aAAa,CAAC,eAAe,CAAC,CAAC;QACvC,CAAC;QAED,MAAM,IAAI,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC;QAChC,MAAM,qBAAqB,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;QAE/C,QAAQ,GAAG,kBAAkB,CAAC,GAAG,CAAC,CAAC;QACnC,IAAI,GAAG,QAAQ,CAAC;QAChB,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,oCAAoC,EAAE,GAAG,CAAC,CAAC;QACzD,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,MAAM,UAAU,OAAO;IACrB,OAAO,IAAI,CAAC;AACd,CAAC;AAeD,6BAA6B;AAE7B;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,OAAgB,EAChB,cAAsB,EACtB,UAAyB,EAAE,EAC3B,UAAwB,EAAE;IAE1B,MAAM,QAAQ,GAAG,OAAO,CAAC,aAAa,EAAE,CAAC;IAEzC,IAAI,IAAI,KAAK,OAAO,EAAE,CAAC;QACrB,OAAO,kBAAkB,CAAC,QAAQ,EAAE,cAAc,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;IACxE,CAAC;SAAM,IAAI,IAAI,KAAK,QAAQ,EAAE,CAAC;QAC7B,OAAO,mBAAmB,CAAC,QAAQ,EAAE,cAAc,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;IACzE,CAAC;IACD,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;AAC9C,CAAC;AAED,KAAK,UAAU,kBAAkB,CAC/B,QAAgB,EAChB,cAAsB,EACtB,OAAsB,EACtB,OAAqB;IAErB,IAAI,KAAK,GAA0B,OAAO;SACvC,UAAU,CAAC,cAAc,CAAC;SAC1B,KAAK,CAAC,UAAU,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC;IAErC,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC;IAC9C,CAAC;IACD,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;QACpB,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,OAAO,CAAC,SAAS,IAAI,KAAK,CAAC,CAAC;IACnF,CAAC;IACD,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;QAClB,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IACrC,CAAC;IAED,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE,CAAC;IACnC,OAAO,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,EAAE,EAAE,EAAE,GAAG,CAAC,EAAE,EAAE,GAAG,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC;AACrE,CAAC;AAED,KAAK,UAAU,mBAAmB,CAChC,QAAgB,EAChB,cAAsB,EACtB,OAAsB,EACtB,OAAqB;IAErB,MAAM,gBAAgB,GAAG,CAAC,WAAW,CAAC,UAAU,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC,CAAC;IACnE,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,gBAAgB,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;IAC7D,CAAC;IAED,MAAM,cAAc,GAAwC,CAAC,GAAG,gBAAgB,CAAC,CAAC;IAClF,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;QACpB,cAAc,CAAC,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,OAAO,CAAC,SAAS,IAAI,KAAK,CAAC,CAAC,CAAC;IAChG,CAAC;IACD,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;QAClB,cAAc,CAAC,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC;IAClD,CAAC;IAED,MAAM,CAAC,GAAG,WAAW,CAAC,gBAAgB,CAAC,QAAQ,EAAE,cAAc,CAAC,EAAE,GAAG,cAAc,CAAC,CAAC;IACrF,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,CAAC,CAAC,CAAC;IACxC,OAAO,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,EAAE,EAAE,EAAE,GAAG,CAAC,EAAE,EAAE,GAAG,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC;AACrE,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,OAAO,CAC3B,cAAsB,EACtB,KAAa;IAEb,IAAI,IAAI,KAAK,OAAO,EAAE,CAAC;QACrB,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,UAAU,CAAC,cAAc,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,CAAC;QACtE,IAAI,CAAC,GAAG,CAAC,MAAM;YAAE,OAAO,IAAI,CAAC;QAC7B,OAAO,EAAE,EAAE,EAAE,GAAG,CAAC,EAAE,EAAE,GAAG,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC;IACvC,CAAC;SAAM,IAAI,IAAI,KAAK,QAAQ,EAAE,CAAC;QAC7B,MAAM,GAAG,GAAG,SAAS,CAAC,QAAQ,EAAE,cAAc,EAAE,KAAK,CAAC,CAAC;QACvD,MAAM,GAAG,GAAG,MAAM,YAAY,CAAC,GAAG,CAAC,CAAC;QACpC,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE;YAAE,OAAO,IAAI,CAAC;QAC/B,OAAO,EAAE,EAAE,EAAE,GAAG,CAAC,EAAE,EAAE,GAAG,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC;IACvC,CAAC;IACD,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;AAC9C,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,QAAQ,CAC5B,cAAsB,EACtB,KAAa,EACb,IAA6B;IAE7B,IAAI,IAAI,KAAK,OAAO,EAAE,CAAC;QACrB,MAAM,OAAO,CAAC,UAAU,CAAC,cAAc,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IACjF,CAAC;SAAM,IAAI,IAAI,KAAK,QAAQ,EAAE,CAAC;QAC7B,MAAM,GAAG,GAAG,SAAS,CAAC,QAAQ,EAAE,cAAc,EAAE,KAAK,CAAC,CAAC;QACvD,MAAM,YAAY,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IACjD,CAAC;SAAM,CAAC;QACN,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;IAC9C,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAC7B,cAAsB,EACtB,KAAa,EACb,IAA6B;IAE7B,IAAI,IAAI,KAAK,OAAO,EAAE,CAAC;QACrB,MAAM,OAAO,CAAC,UAAU,CAAC,cAAc,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IACnE,CAAC;SAAM,IAAI,IAAI,KAAK,QAAQ,EAAE,CAAC;QAC7B,MAAM,GAAG,GAAG,SAAS,CAAC,QAAQ,EAAE,cAAc,EAAE,KAAK,CAAC,CAAC;QACvD,MAAM,eAAe,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;IACnC,CAAC;SAAM,CAAC;QACN,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;IAC9C,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,UAAU,CAAC,cAAsB;IAC/C,IAAI,IAAI,KAAK,OAAO,EAAE,CAAC;QACrB,OAAO,OAAO,CAAC,UAAU,CAAC,cAAc,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC;IACrD,CAAC;SAAM,IAAI,IAAI,KAAK,QAAQ,EAAE,CAAC;QAC7B,OAAO,SAAS,CAAC,gBAAgB,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC,CAAC,EAAE,CAAC;IAClE,CAAC;IACD,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;AAC9C,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe;IAC7B,IAAI,IAAI,KAAK,OAAO,EAAE,CAAC;QACrB,OAAO,KAAK,CAAC,SAAS,CAAC,UAAU,CAAC,eAAe,EAAE,CAAC;IACtD,CAAC;SAAM,CAAC;QACN,OAAO,qBAAqB,EAAE,CAAC;IACjC,CAAC;AACH,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,12 @@
+#!/usr/bin/env node
+/**
+ * Ponch MCP Server — Entry Point
+ *
+ * Conecta Claude Desktop/Cowork con Firestore.
+ * Modo A (Cowork): service account admin, multi-tenant
+ * Modo B (Tenant): login una vez con codigo, solo su data
+ *
+ * Docs: docs/logica/LOGICA_MARKETING_MCP_PLAN.md
+ */
+export {};
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AACA;;;;;;;;GAQG"}

package/dist/index.js

@@ -0,0 +1,77 @@
+#!/usr/bin/env node
+/**
+ * Ponch MCP Server — Entry Point
+ *
+ * Conecta Claude Desktop/Cowork con Firestore.
+ * Modo A (Cowork): service account admin, multi-tenant
+ * Modo B (Tenant): login una vez con codigo, solo su data
+ *
+ * Docs: docs/logica/LOGICA_MARKETING_MCP_PLAN.md
+ */
+import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
+import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
+import { resolveAuth, Session } from './auth.js';
+import { initFirebaseAdmin, initFirebaseClient } from './firestore.js';
+import { registerContextTools } from './tools/context.js';
+import { registerCoreTools } from './tools/core.js';
+import { registerMarketingTools } from './tools/marketing.js';
+import { buildSystemPrompt } from './prompts/system.js';
+async function main() {
+    // 1. Resolver auth
+    const authContext = resolveAuth();
+    const session = new Session(authContext);
+    console.error(`[ponch-mcp] Modo: ${authContext.mode}`);
+    // 2. Inicializar Firebase segun el modo
+    if (authContext.serviceAccountPath) {
+        // Modo A puro: service account → Admin SDK
+        initFirebaseAdmin(authContext.serviceAccountPath);
+        console.error('[ponch-mcp] Firebase Admin inicializado. Usa set_context para seleccionar tenant.');
+    }
+    else if (authContext.credentialsPath && authContext.tenantId) {
+        // Modo B (o super_admin con credentials): Client SDK
+        const ok = await initFirebaseClient();
+        if (ok) {
+            const rolLabel = authContext.rol === 'super_admin' ? ' (super_admin — set_context habilitado)' : '';
+            console.error(`[ponch-mcp] Firebase Client autenticado. Tenant: ${authContext.tenantId}${rolLabel}`);
+        }
+        else {
+            console.error('[ponch-mcp] Error autenticando. Usa connect_account para reconectar.');
+        }
+    }
+    else {
+        console.error('[ponch-mcp] Sin conexion. Usa connect_account para conectar tu cuenta de Ponch.');
+    }
+    // 3. Crear MCP Server
+    const server = new McpServer({
+        name: 'ponch',
+        version: '1.0.0',
+    });
+    // 4. Registrar system prompt como resource
+    server.resource('system-prompt', 'ponch://system-prompt', {
+        description: 'System prompt de marketing de Ponch (IP, invisible para el tenant)',
+        mimeType: 'text/plain',
+    }, async () => {
+        const prompt = await buildSystemPrompt(session);
+        return {
+            contents: [{
+                    uri: 'ponch://system-prompt',
+                    text: prompt,
+                    mimeType: 'text/plain',
+                }],
+        };
+    });
+    // 5. Registrar tools
+    registerContextTools(server, session);
+    registerCoreTools(server, session);
+    registerMarketingTools(server, session);
+    console.error(`[ponch-mcp] ${session.mode === 'cowork' ? '13' : '12'} tools registrados.`);
+    // 6. Conectar via stdio
+    const transport = new StdioServerTransport();
+    await server.connect(transport);
+    console.error('[ponch-mcp] Servidor listo.');
+}
+main().catch((error) => {
+    console.error('[ponch-mcp] Error fatal:', error);
+    process.exit(1);
+});
+//# sourceMappingURL=index.js.map