purmemo-mcp 14.0.0 → 14.2.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "purmemo-mcp",
-  "version": "14.0.0",
+  "version": "14.2.0",
   "mcpName": "io.github.purmemo-ai/purmemo",
   "description": "MCP server for pūrmemo - AI conversation memory that works everywhere. Save and recall conversations across Claude Desktop, Cursor, and other MCP-compatible platforms. Intelligent context extraction, smart titles, living documents.",
   "main": "src/server.js",

package/src/remote/connection-monitor.js

@@ -0,0 +1,170 @@
+/**
+ * Connection Monitor — tracks active connections, rates, alerts
+ * Port of Python connection_monitor.py
+ */
+
+export class ConnectionMonitor {
+  constructor(alertThreshold = 100) {
+    this.activeConnections = new Map();
+    this.connectionEvents = []; // last 300 events (~5 min)
+    this.authFailures = [];     // last 100
+    this.toolUsage = new Map(); // conn_id → { tool → count }
+    this.totalConnections = 0;
+    this.successfulConnections = 0;
+    this.failedConnections = 0;
+    this.totalAuthFailures = 0;
+    this.alertThreshold = alertThreshold;
+    this.alertsSent = new Set();
+    this._monitorInterval = null;
+  }
+
+  start() {
+    this._monitorInterval = setInterval(() => this._checkAlerts(), 30000);
+  }
+
+  stop() {
+    if (this._monitorInterval) clearInterval(this._monitorInterval);
+  }
+
+  trackConnection(connId, info = {}) {
+    this.totalConnections++;
+    this.successfulConnections++;
+    this.activeConnections.set(connId, {
+      ...info,
+      connectedAt: Date.now(),
+      lastActivity: Date.now(),
+      toolCalls: {},
+      errors: 0
+    });
+    this._addEvent({ type: 'connect', connId, success: true });
+    this.toolUsage.set(connId, {});
+  }
+
+  trackDisconnection(connId) {
+    const conn = this.activeConnections.get(connId);
+    if (!conn) return;
+    this._addEvent({ type: 'disconnect', connId, duration: Date.now() - conn.connectedAt });
+    this.activeConnections.delete(connId);
+    this.toolUsage.delete(connId);
+  }
+
+  trackAuthFailure(info = {}) {
+    this.totalAuthFailures++;
+    this.failedConnections++;
+    this.authFailures.push({ ...info, timestamp: Date.now() });
+    if (this.authFailures.length > 100) this.authFailures.shift();
+    this._addEvent({ type: 'connect', success: false, reason: 'auth_failure' });
+  }
+
+  trackToolCall(connId, toolName, success = true) {
+    const conn = this.activeConnections.get(connId);
+    if (conn) {
+      conn.lastActivity = Date.now();
+      conn.toolCalls[toolName] = (conn.toolCalls[toolName] || 0) + 1;
+      if (!success) conn.errors++;
+    }
+    const usage = this.toolUsage.get(connId) || {};
+    usage[toolName] = (usage[toolName] || 0) + 1;
+    this.toolUsage.set(connId, usage);
+  }
+
+  _addEvent(event) {
+    this.connectionEvents.push({ ...event, timestamp: Date.now() });
+    if (this.connectionEvents.length > 300) this.connectionEvents.shift();
+  }
+
+  getConnectionRate(windowSec = 300) {
+    const cutoff = Date.now() - windowSec * 1000;
+    const events = this.connectionEvents.filter(e => e.timestamp > cutoff);
+    const connects = events.filter(e => e.type === 'connect' && e.success).length;
+    const failures = events.filter(e => e.type === 'connect' && !e.success).length;
+    const disconnects = events.filter(e => e.type === 'disconnect').length;
+    const total = connects + failures;
+    return {
+      window_seconds: windowSec,
+      connects,
+      failures,
+      disconnects,
+      success_rate: total > 0 ? Math.round(connects / total * 100) : 100,
+      connections_per_minute: Math.round(connects / (windowSec / 60) * 10) / 10
+    };
+  }
+
+  getMetrics() {
+    const last5min = this.getConnectionRate(300);
+    const last1min = this.getConnectionRate(60);
+    const recentAuthFailures = this.authFailures.filter(f => f.timestamp > Date.now() - 300000).length;
+
+    return {
+      active_connections: this.activeConnections.size,
+      total_connections: this.totalConnections,
+      successful_connections: this.successfulConnections,
+      failed_connections: this.failedConnections,
+      connection_rates: { last_1min: last1min, last_5min: last5min },
+      auth_failures: {
+        total: this.totalAuthFailures,
+        last_5min: recentAuthFailures
+      },
+      alerts: {
+        connection_surge: this.activeConnections.size > this.alertThreshold,
+        high_failure_rate: last5min.success_rate < 80,
+        auth_failure_surge: recentAuthFailures > 10
+      }
+    };
+  }
+
+  getSummary() {
+    const rate = this.getConnectionRate(300);
+    const conns = [...this.activeConnections.entries()].slice(0, 10).map(([id, c]) => ({
+      id: id.substring(0, 8),
+      duration_seconds: Math.floor((Date.now() - c.connectedAt) / 1000),
+      tool_calls: Object.values(c.toolCalls).reduce((a, b) => a + b, 0),
+      errors: c.errors
+    }));
+    return {
+      active: this.activeConnections.size,
+      total: this.totalConnections,
+      success_rate: rate.success_rate,
+      connections: conns
+    };
+  }
+
+  _checkAlerts() {
+    const metrics = this.getMetrics();
+    const now = new Date();
+    const dayKey = `${now.getFullYear()}${now.getMonth()}${now.getDate()}`;
+    const hourKey = `${dayKey}${now.getHours()}`;
+
+    if (metrics.alerts.connection_surge) {
+      const key = `surge_${dayKey}`;
+      if (!this.alertsSent.has(key)) {
+        this.alertsSent.add(key);
+        this._log('warning', `Connection surge: ${this.activeConnections.size} active`);
+      }
+    }
+    if (metrics.alerts.high_failure_rate) {
+      const key = `failure_${hourKey}`;
+      if (!this.alertsSent.has(key)) {
+        this.alertsSent.add(key);
+        this._log('critical', `High failure rate: ${metrics.connection_rates.last_5min.success_rate}%`);
+      }
+    }
+    if (metrics.alerts.auth_failure_surge) {
+      const key = `auth_${hourKey}`;
+      if (!this.alertsSent.has(key)) {
+        this.alertsSent.add(key);
+        this._log('critical', `Auth failure surge: ${metrics.auth_failures.last_5min} in 5min`);
+      }
+    }
+  }
+
+  _log(severity, message) {
+    console.error(JSON.stringify({
+      timestamp: new Date().toISOString(),
+      level: severity === 'critical' ? 'ERROR' : 'WARN',
+      message: `[ConnectionMonitor] ${message}`,
+      severity,
+      metrics: this.getSummary()
+    }));
+  }
+}

package/src/remote/login.html

@@ -0,0 +1,295 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>pūrmemo — connect</title>
+  <style>
+    *, *::before, *::after { margin: 0; padding: 0; box-sizing: border-box; }
+    body {
+      font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
+      background: linear-gradient(135deg, #0a0a0a 0%, #1a1a1a 50%, #0a0a0a 100%);
+      min-height: 100vh;
+      display: flex;
+      align-items: center;
+      justify-content: center;
+      padding: 16px;
+    }
+    .wrap {
+      width: 100%;
+      max-width: 24rem;
+      display: flex;
+      flex-direction: column;
+      gap: 10px;
+    }
+    .tagline {
+      color: rgba(255,255,255,0.4);
+      font-size: 12px;
+      text-align: center;
+      line-height: 1.5;
+      letter-spacing: 0.01em;
+    }
+    .badge {
+      width: 100%;
+      background: linear-gradient(135deg, #1a1a1a 0%, #0a0a0a 100%);
+      border: 1px solid rgba(255,255,255,0.1);
+      border-radius: 12px;
+      height: 80px;
+      display: flex;
+      align-items: center;
+      justify-content: center;
+    }
+    .badge img {
+      height: 56px;
+      width: auto;
+      mix-blend-mode: screen;
+    }
+    .card {
+      width: 100%;
+      background: linear-gradient(135deg, #1a1a1a 0%, #0a0a0a 100%);
+      border: 1px solid rgba(255,255,255,0.1);
+      border-radius: 12px;
+      box-shadow: 0 25px 50px -12px rgba(0,0,0,0.8);
+      overflow: hidden;
+    }
+    .card-inner { padding: 28px 28px 24px; }
+    .step { display: none; flex-direction: column; gap: 20px; }
+    .step.active { display: flex; }
+    .heading { color: #fff; font-size: 1.125rem; font-weight: 700; text-align: center; }
+    .subheading { color: rgba(255,255,255,0.5); font-size: 13px; text-align: center; margin-top: 2px; }
+    .oauth-row { display: flex; flex-direction: column; gap: 10px; }
+    .oauth-btn {
+      display: flex; align-items: center; justify-content: center; gap: 10px;
+      padding: 11px 16px; border: 1px solid rgba(255,255,255,0.1);
+      border-radius: 8px; background: rgba(255,255,255,0.04);
+      color: #fff; font-size: 14px; font-weight: 500;
+      text-decoration: none; cursor: pointer;
+      transition: background 0.15s, border-color 0.15s;
+    }
+    .oauth-btn:hover { background: rgba(255,255,255,0.08); border-color: rgba(255,255,255,0.2); }
+    .oauth-btn svg { width: 18px; height: 18px; flex-shrink: 0; }
+    .divider { position: relative; text-align: center; }
+    .divider::before {
+      content: ''; position: absolute; top: 50%; left: 0; right: 0;
+      height: 1px; background: rgba(255,255,255,0.08);
+    }
+    .divider span {
+      position: relative; background: #141414; padding: 0 10px;
+      color: rgba(255,255,255,0.35); font-size: 12px;
+    }
+    input[type="email"], input[type="password"] {
+      width: 100%; padding: 12px 14px;
+      background: rgba(0,0,0,0.4); color: #fff;
+      border: 1px solid rgba(255,255,255,0.1);
+      border-radius: 8px; font-size: 15px;
+      transition: border-color 0.15s, box-shadow 0.15s;
+      outline: none;
+      -webkit-text-fill-color: #fff;
+    }
+    input:-webkit-autofill,
+    input:-webkit-autofill:hover,
+    input:-webkit-autofill:focus {
+      -webkit-box-shadow: 0 0 0 1000px #0d0d0d inset !important;
+      -webkit-text-fill-color: #fff !important;
+      border-color: rgba(255,255,255,0.15) !important;
+    }
+    input::placeholder { color: rgba(255,255,255,0.25); }
+    input:focus {
+      border-color: rgba(255,255,255,0.3);
+      box-shadow: 0 0 0 1px rgba(255,255,255,0.15);
+    }
+    .btn-primary {
+      width: 100%; padding: 12px;
+      background: #fff; color: #000;
+      border: none; border-radius: 8px;
+      font-size: 14px; font-weight: 600;
+      cursor: pointer; transition: opacity 0.15s;
+    }
+    .btn-primary:hover { opacity: 0.9; }
+    .btn-primary:disabled { opacity: 0.5; cursor: not-allowed; }
+    .back-link { text-align: center; font-size: 13px; color: rgba(255,255,255,0.4); }
+    .back-link a { color: rgba(255,255,255,0.7); text-decoration: none; font-weight: 500; cursor: pointer; }
+    .back-link a:hover { color: #fff; }
+    .error-box {
+      background: rgba(239,68,68,0.1); border: 1px solid rgba(239,68,68,0.25);
+      border-radius: 8px; padding: 10px 12px;
+      color: #fca5a5; font-size: 13px; display: none;
+    }
+    .success-banner {
+      background: rgba(34,197,94,0.1); border: 1px solid rgba(34,197,94,0.2);
+      border-radius: 8px; padding: 10px 12px;
+      color: #86efac; font-size: 13px; text-align: center;
+    }
+    .terms {
+      font-size: 11px; color: rgba(255,255,255,0.3); text-align: center; line-height: 1.5;
+    }
+    .terms a { color: rgba(255,255,255,0.5); text-decoration: none; }
+    .terms a:hover { color: #fff; }
+    .field-group { display: flex; flex-direction: column; gap: 12px; }
+  </style>
+</head>
+<body>
+<div class="wrap">
+  <div class="badge">
+    <img src="https://app.purmemo.ai/purmemo-logo-3d.png" alt="pūrmemo">
+  </div>
+  <p class="tagline">Bridge all your AI conversations to<br>build your personal AI intelligence.</p>
+  <div class="card">
+    <div class="card-inner">
+      <!-- SIGNUP_BANNER -->
+      <div class="error-box" id="err"></div>
+
+      <!-- STEP: entry -->
+      <div class="step active" id="step-entry">
+        <div>
+          <div class="heading">Connect pūrmemo</div>
+          <div class="subheading">Sign in or create your account</div>
+        </div>
+        <div class="oauth-row">
+          <a href="/oauth/google/login?params=<!-- PARAMS -->" class="oauth-btn">
+            <svg viewBox="0 0 24 24"><path fill="currentColor" d="M22.56 12.25c0-.78-.07-1.53-.2-2.25H12v4.26h5.92c-.26 1.37-1.04 2.53-2.21 3.31v2.77h3.57c2.08-1.92 3.28-4.74 3.28-8.09z"/><path fill="currentColor" d="M12 23c2.97 0 5.46-.98 7.28-2.66l-3.57-2.77c-.98.66-2.23 1.06-3.71 1.06-2.86 0-5.29-1.93-6.16-4.53H2.18v2.84C3.99 20.53 7.7 23 12 23z"/><path fill="currentColor" d="M5.84 14.09c-.22-.66-.35-1.36-.35-2.09s.13-1.43.35-2.09V7.07H2.18C1.43 8.55 1 10.22 1 12s.43 3.45 1.18 4.93l2.85-2.22.81-.62z"/><path fill="currentColor" d="M12 5.38c1.62 0 3.06.56 4.21 1.64l3.15-3.15C17.45 2.09 14.97 1 12 1 7.7 1 3.99 3.47 2.18 7.07l3.66 2.84c.87-2.6 3.3-4.53 6.16-4.53z"/></svg>
+            Continue with Google
+          </a>
+          <a href="/oauth/github/login?params=<!-- PARAMS -->" class="oauth-btn">
+            <svg viewBox="0 0 24 24" fill="currentColor"><path fill-rule="evenodd" d="M12 2C6.477 2 2 6.484 2 12.017c0 4.425 2.865 8.18 6.839 9.504.5.092.682-.217.682-.483 0-.237-.008-.868-.013-1.703-2.782.605-3.369-1.343-3.369-1.343-.454-1.158-1.11-1.466-1.11-1.466-.908-.62.069-.608.069-.608 1.003.07 1.531 1.032 1.531 1.032.892 1.53 2.341 1.088 2.91.832.092-.647.35-1.088.636-1.338-2.22-.253-4.555-1.113-4.555-4.951 0-1.093.39-1.988 1.029-2.688-.103-.253-.446-1.272.098-2.65 0 0 .84-.27 2.75 1.026A9.564 9.564 0 0112 6.844c.85.004 1.705.115 2.504.337 1.909-1.296 2.747-1.027 2.747-1.027.546 1.379.202 2.398.1 2.651.64.7 1.028 1.595 1.028 2.688 0 3.848-2.339 4.695-4.566 4.943.359.309.678.92.678 1.855 0 1.338-.012 2.419-.012 2.747 0 .268.18.58.688.482A10.019 10.019 0 0022 12.017C22 6.484 17.522 2 12 2z" clip-rule="evenodd"/></svg>
+            Continue with GitHub
+          </a>
+        </div>
+        <div class="divider"><span>or continue with email</span></div>
+        <input type="email" id="entry-email" placeholder="your@email.com" autocomplete="email">
+        <button class="btn-primary" id="entry-continue-btn" onclick="handleEmailContinue()">Continue</button>
+        <div class="terms">By continuing, you agree to our <a href="https://app.purmemo.ai/terms" target="_blank">Terms</a> and <a href="https://app.purmemo.ai/privacy" target="_blank">Privacy Policy</a>.</div>
+      </div>
+
+      <!-- STEP: password (existing user) -->
+      <div class="step" id="step-password">
+        <div>
+          <div class="heading">Welcome back</div>
+          <div class="subheading" id="password-email-label"></div>
+        </div>
+        <div class="field-group">
+          <input type="password" id="pw-input" placeholder="Password" autocomplete="current-password">
+          <button class="btn-primary" id="pw-signin-btn" onclick="handleSignIn()">Sign in</button>
+        </div>
+        <div class="back-link"><a onclick="goBack()">&#8592; Use a different email</a></div>
+      </div>
+
+      <!-- STEP: register (new user) -->
+      <div class="step" id="step-register">
+        <div>
+          <div class="heading">Create your account</div>
+          <div class="subheading" id="register-email-label"></div>
+        </div>
+        <div class="field-group">
+          <input type="password" id="reg-pw-input" placeholder="Choose a password (min 8 chars)" autocomplete="new-password">
+          <button class="btn-primary" id="reg-btn" onclick="handleRegister()">Create account</button>
+        </div>
+        <div class="back-link"><a onclick="goBack()">&#8592; Use a different email</a></div>
+      </div>
+
+    </div>
+  </div>
+</div>
+
+<!-- Hidden forms for POST (preserves PKCE flow) -->
+<form method="POST" action="/login" id="login-form" style="display:none">
+  <input type="hidden" name="params" value="<!-- PARAMS -->">
+  <input type="hidden" name="email" id="form-email">
+  <input type="hidden" name="password" id="form-password">
+</form>
+<form method="POST" action="/register" id="register-form" style="display:none">
+  <input type="hidden" name="params" value="<!-- PARAMS -->">
+  <input type="hidden" name="email" id="reg-form-email">
+  <input type="hidden" name="password" id="reg-form-password">
+</form>
+
+<script>
+  var currentEmail = '';
+
+  function showStep(id) {
+    document.querySelectorAll('.step').forEach(function(el) { el.classList.remove('active'); });
+    document.getElementById(id).classList.add('active');
+    clearError();
+  }
+  function showError(msg) {
+    var el = document.getElementById('err');
+    el.textContent = msg; el.style.display = 'block';
+  }
+  function clearError() {
+    var el = document.getElementById('err');
+    el.style.display = 'none'; el.textContent = '';
+  }
+  function goBack() {
+    showStep('step-entry');
+    document.getElementById('entry-email').focus();
+  }
+  function setLoading(btnId, loading, defaultText) {
+    var btn = document.getElementById(btnId);
+    btn.disabled = loading;
+    btn.textContent = loading ? 'Please wait...' : defaultText;
+  }
+
+  async function handleEmailContinue() {
+    var email = document.getElementById('entry-email').value.trim();
+    if (!email) { document.getElementById('entry-email').focus(); return; }
+    currentEmail = email;
+    setLoading('entry-continue-btn', true, 'Continue');
+    clearError();
+    try {
+      var res = await fetch('/check-email', {
+        method: 'POST',
+        headers: {'Content-Type': 'application/json'},
+        body: JSON.stringify({email: email})
+      });
+      var data = await res.json();
+      if (data.exists) {
+        document.getElementById('password-email-label').textContent = email;
+        showStep('step-password');
+        setTimeout(function() { document.getElementById('pw-input').focus(); }, 50);
+      } else {
+        document.getElementById('register-email-label').textContent = email;
+        showStep('step-register');
+        setTimeout(function() { document.getElementById('reg-pw-input').focus(); }, 50);
+      }
+    } catch(e) {
+      showError('Unable to reach server. Please try again.');
+    } finally {
+      setLoading('entry-continue-btn', false, 'Continue');
+    }
+  }
+
+  function handleSignIn() {
+    var password = document.getElementById('pw-input').value;
+    if (!password) { document.getElementById('pw-input').focus(); return; }
+    setLoading('pw-signin-btn', true, 'Sign in');
+    clearError();
+    document.getElementById('form-email').value = currentEmail;
+    document.getElementById('form-password').value = password;
+    document.getElementById('login-form').submit();
+  }
+
+  function handleRegister() {
+    var password = document.getElementById('reg-pw-input').value;
+    if (!password || password.length < 8) {
+      showError('Password must be at least 8 characters.');
+      return;
+    }
+    setLoading('reg-btn', true, 'Create account');
+    clearError();
+    document.getElementById('reg-form-email').value = currentEmail;
+    document.getElementById('reg-form-password').value = password;
+    document.getElementById('register-form').submit();
+  }
+
+  document.getElementById('entry-email').addEventListener('keydown', function(e) {
+    if (e.key === 'Enter') handleEmailContinue();
+  });
+  document.addEventListener('DOMContentLoaded', function() {
+    var pw = document.getElementById('pw-input');
+    var rg = document.getElementById('reg-pw-input');
+    if (pw) pw.addEventListener('keydown', function(e) { if (e.key === 'Enter') handleSignIn(); });
+    if (rg) rg.addEventListener('keydown', function(e) { if (e.key === 'Enter') handleRegister(); });
+  });
+</script>
+</body>
+</html>

package/src/remote/oauth-simple.js

@@ -0,0 +1,84 @@
+/**
+ * Simplified OAuth implementation — in-memory, no database
+ * Port of Python oauth_simple.py
+ *
+ * Stores auth codes in memory. Single-instance only (codes lost on restart).
+ * This is fine because the OAuth flow completes in seconds — if the server
+ * restarts mid-flow, the user just re-authenticates.
+ */
+
+import crypto from 'node:crypto';
+
+// In-memory storage
+const oauthCodes = new Map();
+
+/** Remove expired codes */
+function cleanupExpired() {
+  const now = Date.now();
+  for (const [code, data] of oauthCodes) {
+    if (data.expiresAt < now) oauthCodes.delete(code);
+  }
+}
+
+/** Generate a secure authorization code */
+export function generateCode() {
+  return `code_${crypto.randomBytes(16).toString('base64url')}`;
+}
+
+/** Verify PKCE code challenge (S256 or plain) */
+export function verifyCodeChallenge(verifier, challenge, method = 'S256') {
+  if (method === 'plain') return verifier === challenge;
+  if (method === 'S256') {
+    const digest = crypto.createHash('sha256').update(verifier, 'utf8').digest();
+    const computed = digest.toString('base64url');
+    // Compare with and without trailing '=' padding
+    return computed === challenge || computed.replace(/=+$/, '') === challenge.replace(/=+$/, '');
+  }
+  return false;
+}
+
+/** Store authorization code with associated API key and OAuth params */
+export function storeAuthCode({
+  code, apiKey, clientId, redirectUri,
+  codeChallenge, codeChallengeMethod,
+  scope = null, state = null, refreshToken = null
+}) {
+  cleanupExpired();
+  oauthCodes.set(code, {
+    apiKey,
+    refreshToken,
+    clientId,
+    redirectUri,
+    codeChallenge,
+    codeChallengeMethod,
+    scope,
+    state,
+    createdAt: Date.now(),
+    expiresAt: Date.now() + 10 * 60 * 1000, // 10 minutes
+    used: false
+  });
+}
+
+/**
+ * Exchange authorization code for access token
+ * Returns [apiKey, refreshToken] or null if invalid
+ */
+export function exchangeCodeForToken({ code, clientId, redirectUri, codeVerifier }) {
+  cleanupExpired();
+
+  const data = oauthCodes.get(code);
+  if (!data) return null;
+  if (data.expiresAt < Date.now()) { oauthCodes.delete(code); return null; }
+  if (data.used) { oauthCodes.delete(code); return null; }
+  if (clientId && clientId !== data.clientId) return null;
+  if (redirectUri !== data.redirectUri) return null;
+  if (!verifyCodeChallenge(codeVerifier, data.codeChallenge, data.codeChallengeMethod)) return null;
+
+  // Mark used and delete
+  data.used = true;
+  const apiKey = data.apiKey;
+  const refreshToken = data.refreshToken;
+  oauthCodes.delete(code);
+
+  return [apiKey, refreshToken];
+}

package/src/remote/success.html

@@ -0,0 +1,91 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Authentication Successful - pūrmemo</title>
+    <style>
+        * { margin: 0; padding: 0; box-sizing: border-box; }
+        body {
+            font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', sans-serif;
+            background: #0a0a0a;
+            min-height: 100vh;
+            display: flex;
+            align-items: center;
+            justify-content: center;
+            padding: 20px;
+        }
+        .container {
+            background: rgba(18, 18, 18, 0.95);
+            border: 1px solid rgba(255, 255, 255, 0.08);
+            border-radius: 20px;
+            padding: 40px;
+            width: 100%;
+            max-width: 420px;
+            text-align: center;
+            display: flex;
+            flex-direction: column;
+            align-items: center;
+            gap: 20px;
+            animation: fadeUp 0.35s cubic-bezier(0.4, 0, 0.2, 1) both;
+        }
+        @keyframes fadeUp {
+            from { opacity: 0; transform: translateY(12px); }
+            to   { opacity: 1; transform: translateY(0); }
+        }
+        .ring-wrap { position: relative; width: 64px; height: 64px; }
+        .ring-svg { position: absolute; inset: 0; transform: rotate(-90deg); overflow: visible; }
+        .ring-track { fill: none; stroke: rgba(16, 185, 129, 0.12); stroke-width: 2.5; }
+        .ring-arc {
+            fill: none; stroke: #10b981; stroke-width: 2.5;
+            stroke-linecap: round; stroke-dasharray: 182.2; stroke-dashoffset: 182.2;
+            transition: stroke-dashoffset 0.45s cubic-bezier(0.4, 0, 0.2, 1);
+        }
+        .ring-arc.complete { stroke-dashoffset: 0; }
+        .check-inner {
+            position: absolute; inset: 0; display: flex;
+            align-items: center; justify-content: center;
+            opacity: 0; transform: scale(0.6);
+            transition: opacity 0.3s ease, transform 0.3s cubic-bezier(0.34, 1.56, 0.64, 1);
+        }
+        .check-inner.visible { opacity: 1; transform: scale(1); }
+        .check-inner svg { width: 22px; height: 22px; color: #10b981; }
+        h1 {
+            font-size: 17px; font-weight: 700; color: #ffffff;
+            letter-spacing: -0.02em; opacity: 0; transform: translateY(6px);
+            transition: opacity 0.4s ease, transform 0.4s ease;
+        }
+        h1.visible { opacity: 1; transform: translateY(0); }
+        .status { color: rgba(255, 255, 255, 0.4); font-size: 13px; opacity: 0; transition: opacity 0.4s ease 0.1s; }
+        .status.visible { opacity: 1; }
+    </style>
+</head>
+<body>
+    <div class="container">
+        <div class="ring-wrap">
+            <svg class="ring-svg" viewBox="0 0 64 64" width="64" height="64">
+                <circle class="ring-track" cx="32" cy="32" r="29"/>
+                <circle class="ring-arc" id="ringArc" cx="32" cy="32" r="29"/>
+            </svg>
+            <div class="check-inner" id="checkInner">
+                <svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2.5" stroke-linecap="round" stroke-linejoin="round">
+                    <polyline points="20 6 9 17 4 12"/>
+                </svg>
+            </div>
+        </div>
+        <h1 id="heading">Connected.</h1>
+        <p class="status" id="status">Returning to Claude...</p>
+        <p class="status" id="close-hint">You can close this tab.</p>
+    </div>
+    <script>
+        setTimeout(function() { document.getElementById('ringArc').classList.add('complete'); }, 30);
+        setTimeout(function() { document.getElementById('checkInner').classList.add('visible'); }, 500);
+        setTimeout(function() {
+            document.getElementById('heading').classList.add('visible');
+            document.getElementById('status').classList.add('visible');
+        }, 650);
+        setTimeout(function() { window.location.href = "<!-- REDIRECT_URL -->"; }, 1200);
+        setTimeout(function() { document.getElementById('close-hint').classList.add('visible'); }, 2500);
+    </script>
+</body>
+</html>