ring-skills-mcp 1.2.2 → 1.3.0

package/dist/index.js

@@ -6,6 +6,311 @@ import { exec } from "child_process";
 import { promisify } from "util";
 import path from "path";
 const execAsync = promisify(exec);
+/**
+ * Login to GitLab and create a Personal Access Token
+ * This simulates the browser login flow to obtain an access token
+ */
+async function loginToGitLabAndCreateToken(host, username, password, tokenName = "ring-skills-mcp-auto") {
+    const baseUrl = `https://${host}`;
+    try {
+        // Step 1: Get the sign-in page to extract CSRF token
+        const signInPageResponse = await fetch(`${baseUrl}/users/sign_in`, {
+            method: "GET",
+            headers: {
+                "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36",
+                "Accept": "text/html,application/xhtml+xml",
+            },
+            redirect: "manual",
+        });
+        const signInHtml = await signInPageResponse.text();
+        // Extract CSRF token from the page
+        const csrfMatch = signInHtml.match(/name="authenticity_token"\s+value="([^"]+)"/);
+        if (!csrfMatch) {
+            return { success: false, error: "Could not get CSRF token from login page. GitLab page structure may have changed." };
+        }
+        const csrfToken = csrfMatch[1];
+        // Get cookies from sign-in page
+        const cookies = signInPageResponse.headers.get("set-cookie") || "";
+        // Step 2: Submit login form
+        const loginFormData = new URLSearchParams({
+            "authenticity_token": csrfToken,
+            "user[login]": username,
+            "user[password]": password,
+            "user[remember_me]": "0",
+        });
+        const loginResponse = await fetch(`${baseUrl}/users/sign_in`, {
+            method: "POST",
+            headers: {
+                "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36",
+                "Content-Type": "application/x-www-form-urlencoded",
+                "Accept": "text/html,application/xhtml+xml",
+                "Cookie": cookies,
+                "Referer": `${baseUrl}/users/sign_in`,
+            },
+            body: loginFormData.toString(),
+            redirect: "manual",
+        });
+        // Check if login was successful (usually redirects to root or dashboard)
+        const loginStatus = loginResponse.status;
+        const loginCookies = loginResponse.headers.get("set-cookie") || "";
+        const allCookies = combineCookies(cookies, loginCookies);
+        if (loginStatus !== 302 && loginStatus !== 303) {
+            const loginHtml = await loginResponse.text();
+            if (loginHtml.includes("Invalid login or password") || loginHtml.includes("Invalid Login or password")) {
+                return { success: false, error: "Invalid username or password" };
+            }
+            if (loginHtml.includes("Two-Factor Authentication") || loginHtml.includes("two_factor")) {
+                return { success: false, error: "This account has Two-Factor Authentication (2FA) enabled. Cannot auto-login. Please create a Personal Access Token manually." };
+            }
+            return { success: false, error: `Login failed with status code: ${loginStatus}` };
+        }
+        // Step 3: Access the personal access tokens page to get new CSRF token
+        const tokensPageResponse = await fetch(`${baseUrl}/-/user_settings/personal_access_tokens`, {
+            method: "GET",
+            headers: {
+                "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36",
+                "Accept": "text/html,application/xhtml+xml",
+                "Cookie": allCookies,
+            },
+            redirect: "follow",
+        });
+        const tokensHtml = await tokensPageResponse.text();
+        // Check if we're actually logged in
+        if (tokensHtml.includes("users/sign_in") || tokensHtml.includes("You need to sign in")) {
+            return { success: false, error: "Login session invalid. Please check your username and password." };
+        }
+        // Extract new CSRF token for creating token
+        const tokenCsrfMatch = tokensHtml.match(/name="authenticity_token"\s+value="([^"]+)"/);
+        if (!tokenCsrfMatch) {
+            // Try alternative pattern
+            const metaCsrfMatch = tokensHtml.match(/<meta\s+name="csrf-token"\s+content="([^"]+)"/);
+            if (!metaCsrfMatch) {
+                return { success: false, error: "Could not get CSRF token from token creation page" };
+            }
+        }
+        const tokenCsrf = tokenCsrfMatch ? tokenCsrfMatch[1] : tokensHtml.match(/<meta\s+name="csrf-token"\s+content="([^"]+)"/)[1];
+        // Update cookies
+        const tokenPageCookies = tokensPageResponse.headers.get("set-cookie") || "";
+        const finalCookies = combineCookies(allCookies, tokenPageCookies);
+        // Step 4: Create new Personal Access Token
+        // Token expires in 1 year
+        const expiresAt = new Date();
+        expiresAt.setFullYear(expiresAt.getFullYear() + 1);
+        const expiresAtStr = expiresAt.toISOString().split("T")[0];
+        const createTokenData = new URLSearchParams({
+            "authenticity_token": tokenCsrf,
+            "personal_access_token[name]": `${tokenName}-${Date.now()}`,
+            "personal_access_token[expires_at]": expiresAtStr,
+            "personal_access_token[scopes][]": "read_repository",
+        });
+        // Add additional scopes that might be needed
+        createTokenData.append("personal_access_token[scopes][]", "read_api");
+        const createTokenResponse = await fetch(`${baseUrl}/-/user_settings/personal_access_tokens`, {
+            method: "POST",
+            headers: {
+                "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36",
+                "Content-Type": "application/x-www-form-urlencoded",
+                "Accept": "text/html,application/xhtml+xml",
+                "Cookie": finalCookies,
+                "Referer": `${baseUrl}/-/user_settings/personal_access_tokens`,
+            },
+            body: createTokenData.toString(),
+            redirect: "follow",
+        });
+        const createTokenHtml = await createTokenResponse.text();
+        // Extract the newly created token from the response
+        // GitLab shows the token in a specific element after creation
+        const newTokenMatch = createTokenHtml.match(/id="created-personal-access-token"[^>]*value="([^"]+)"/);
+        if (!newTokenMatch) {
+            // Try alternative pattern - look for the token in a flash message or specific div
+            const altTokenMatch = createTokenHtml.match(/new_token['"]\s*:\s*['"]([^'"]+)['"]/);
+            if (!altTokenMatch) {
+                // Try to find in clipboard copy button
+                const clipboardMatch = createTokenHtml.match(/data-clipboard-text="(glpat-[^"]+)"/);
+                if (!clipboardMatch) {
+                    // Check if there's an error message
+                    if (createTokenHtml.includes("error") || createTokenHtml.includes("Error")) {
+                        return { success: false, error: "Failed to create token. A token with the same name may already exist or you may lack permissions." };
+                    }
+                    return { success: false, error: "Token was created but could not be extracted. Please copy it manually from the GitLab page." };
+                }
+                return { success: true, token: clipboardMatch[1] };
+            }
+            return { success: true, token: altTokenMatch[1] };
+        }
+        return { success: true, token: newTokenMatch[1] };
+    }
+    catch (error) {
+        if (error instanceof Error) {
+            if (error.message.includes("ENOTFOUND") || error.message.includes("getaddrinfo")) {
+                return { success: false, error: `Cannot connect to ${host}. Please check if the domain is correct.` };
+            }
+            if (error.message.includes("ECONNREFUSED")) {
+                return { success: false, error: `Connection refused. ${host} may not be accessible.` };
+            }
+            return { success: false, error: `Login error: ${error.message}` };
+        }
+        return { success: false, error: "Unknown error" };
+    }
+}
+/**
+ * Combine multiple Set-Cookie headers
+ */
+function combineCookies(...cookieHeaders) {
+    const cookies = {};
+    for (const header of cookieHeaders) {
+        if (!header)
+            continue;
+        // Split multiple cookies
+        const parts = header.split(/,(?=\s*[^;]+=[^;]+)/);
+        for (const part of parts) {
+            const cookiePart = part.split(";")[0].trim();
+            const eqIndex = cookiePart.indexOf("=");
+            if (eqIndex > 0) {
+                const name = cookiePart.substring(0, eqIndex);
+                const value = cookiePart.substring(eqIndex + 1);
+                cookies[name] = value;
+            }
+        }
+    }
+    return Object.entries(cookies).map(([k, v]) => `${k}=${v}`).join("; ");
+}
+/**
+ * Open URL in default browser
+ */
+async function openInBrowser(url) {
+    const platform = process.platform;
+    let command;
+    if (platform === "darwin") {
+        command = `open "${url}"`;
+    }
+    else if (platform === "win32") {
+        command = `start "" "${url}"`;
+    }
+    else {
+        command = `xdg-open "${url}"`;
+    }
+    await execAsync(command);
+}
+/**
+ * Check if error message indicates authentication failure
+ */
+function isAuthenticationError(errorMessage) {
+    const authErrorPatterns = [
+        /authentication failed/i,
+        /could not read username/i,
+        /could not read password/i,
+        /invalid credentials/i,
+        /401/i,
+        /403/i,
+        /permission denied/i,
+        /access denied/i,
+        /fatal: repository .* not found/i,
+        /fatal: could not read from remote repository/i,
+    ];
+    return authErrorPatterns.some(pattern => pattern.test(errorMessage));
+}
+/**
+ * Check if git credentials exist for a given host
+ */
+async function checkGitCredentials(host) {
+    try {
+        const input = `protocol=https\nhost=${host}\n\n`;
+        const { stdout } = await execAsync(`echo "${input}" | git credential fill`, {
+            timeout: 5000,
+        });
+        // If we get username and password back, credentials exist
+        return stdout.includes('username=') && stdout.includes('password=');
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * Save git credentials using git credential store
+ */
+async function saveGitCredentials(host, username, token) {
+    // First, ensure credential helper is configured
+    try {
+        const { stdout: helperOutput } = await execAsync('git config --global credential.helper');
+        if (!helperOutput.trim()) {
+            // Configure credential helper based on OS
+            const platform = process.platform;
+            if (platform === 'darwin') {
+                await execAsync('git config --global credential.helper osxkeychain');
+            }
+            else if (platform === 'win32') {
+                await execAsync('git config --global credential.helper wincred');
+            }
+            else {
+                await execAsync('git config --global credential.helper store');
+            }
+        }
+    }
+    catch {
+        // If no helper configured, set one
+        const platform = process.platform;
+        if (platform === 'darwin') {
+            await execAsync('git config --global credential.helper osxkeychain');
+        }
+        else if (platform === 'win32') {
+            await execAsync('git config --global credential.helper wincred');
+        }
+        else {
+            await execAsync('git config --global credential.helper store');
+        }
+    }
+    // Save credentials using git credential approve
+    const credentialInput = `protocol=https
+host=${host}
+username=${username}
+password=${token}
+`;
+    await execAsync(`printf "${credentialInput}" | git credential approve`);
+}
+/**
+ * Generate helpful authentication error message
+ */
+function generateAuthErrorMessage(host, repoUrl) {
+    return `
+❌ **Authentication Failed**: Cannot access private repository \`${repoUrl}\`
+
+This is a private GitLab repository that requires authentication.
+
+---
+
+### 🔐 First, check if credentials already exist
+
+\`\`\`
+check_gitlab_credentials:
+  host: ${host}
+\`\`\`
+
+---
+
+### If no credentials, use \`setup_gitlab_credentials\` to login
+
+Just enter your username and password once. The system will automatically obtain and save a Token:
+
+\`\`\`
+setup_gitlab_credentials:
+  host: ${host}
+  username: <your_gitlab_username>
+  password: <your_gitlab_password>
+\`\`\`
+
+🔒 **Security Note:**
+- Your password is **only used once for login** and is NOT stored
+- Only the auto-generated Token is saved
+- No need to enter password again in the future
+
+**Note:** If Two-Factor Authentication (2FA) is enabled, you will be guided to create a Token manually.
+
+---
+
+Once configured, future private skill installations will not require any credentials!
+`.trim();
+}
 // Configuration
 const DEFAULT_API_HOST = process.env.SKILLS_API_HOST || "";
 const DEFAULT_AUTH_TOKEN = process.env.SKILLS_AUTH_TOKEN || "";
@@ -189,11 +494,29 @@ async function installFromGitHub(urlInfo, destPath) {
 /**
  * Install Skill from GitLab using git sparse-checkout
  * For private GitLab repositories that degit doesn't support
+ * @param urlInfo - Parsed git URL information
+ * @param destPath - Destination path for the skill
+ * @param gitPassword - Optional GitLab password (Personal Access Token) for authentication
+ * @param gitUsername - Optional GitLab username for authentication
+ * @param saveCredentials - Whether to save credentials after successful authentication
  */
-async function installFromGitLab(urlInfo, destPath) {
+async function installFromGitLab(urlInfo, destPath, gitPassword, gitUsername, saveCredentials = true) {
     const skillsDir = path.dirname(destPath);
     const tempDir = `temp-${urlInfo.skillName}-${Date.now()}`;
-    const repoUrl = `https://${urlInfo.host}/${urlInfo.owner}/${urlInfo.repo}.git`;
+    // Build repo URL - if password provided, use authenticated URL
+    let repoUrl;
+    let displayUrl;
+    // Determine username: provided > system username > oauth2
+    const effectiveUsername = gitUsername || process.env.USER || process.env.USERNAME || "oauth2";
+    if (gitPassword) {
+        // Use username:password in URL for authentication
+        repoUrl = `https://${encodeURIComponent(effectiveUsername)}:${encodeURIComponent(gitPassword)}@${urlInfo.host}/${urlInfo.owner}/${urlInfo.repo}.git`;
+        displayUrl = `https://${urlInfo.host}/${urlInfo.owner}/${urlInfo.repo}.git`;
+    }
+    else {
+        repoUrl = `https://${urlInfo.host}/${urlInfo.owner}/${urlInfo.repo}.git`;
+        displayUrl = repoUrl;
+    }
     // Build command sequence:
     // 1. Create target directory
     // 2. Clone with sparse checkout
@@ -210,14 +533,46 @@ async function installFromGitLab(urlInfo, destPath) {
         `mv ${tempDir}/${urlInfo.skillPath} ${urlInfo.skillName}`,
         `rm -rf ${tempDir}`,
     ].join(" && ");
-    const { stdout, stderr } = await execAsync(commands);
-    const output = stdout || stderr || "Installation completed";
-    return `✅ Skill "${urlInfo.skillName}" has been successfully installed to ${destPath}\n\nSource: ${repoUrl} (${urlInfo.skillPath})\n${output}`;
+    try {
+        const { stdout, stderr } = await execAsync(commands);
+        const output = stdout || stderr || "Installation completed";
+        // If we used a password and saveCredentials is true, save credentials for future use
+        if (gitPassword && saveCredentials) {
+            try {
+                await saveGitCredentials(urlInfo.host, effectiveUsername, gitPassword);
+            }
+            catch {
+                // Silently fail credential saving - installation was successful
+            }
+        }
+        return `✅ Skill "${urlInfo.skillName}" has been successfully installed to ${destPath}\n\nSource: ${displayUrl} (${urlInfo.skillPath})\n${output}`;
+    }
+    catch (error) {
+        const errorMessage = error instanceof Error ? error.message : String(error);
+        // Check if this is an authentication error
+        if (isAuthenticationError(errorMessage)) {
+            // Clean up any partial temp directory
+            try {
+                await execAsync(`rm -rf ${path.join(skillsDir, tempDir)}`);
+            }
+            catch {
+                // Ignore cleanup errors
+            }
+            throw new Error(generateAuthErrorMessage(urlInfo.host, displayUrl));
+        }
+        throw error;
+    }
 }
 /**
  * Install Skill to specified project using gitUrl
+ * @param gitUrl - Git URL of the skill
+ * @param projectPath - Path to the project where skill will be installed
+ * @param targetDir - Target directory within the project (default: .claude/skills)
+ * @param gitPassword - Optional GitLab password (Personal Access Token) for private repos
+ * @param gitUsername - Optional GitLab username for authentication
+ * @param saveCredentials - Whether to save credentials after successful auth
  */
-async function installSkillFromGitUrl(gitUrl, projectPath, targetDir = ".claude/skills") {
+async function installSkillFromGitUrl(gitUrl, projectPath, targetDir = ".claude/skills", gitPassword, gitUsername, saveCredentials = true) {
     const urlInfo = parseGitUrl(gitUrl);
     if (!urlInfo) {
         throw new Error(`Could not parse git URL: ${gitUrl}`);
@@ -231,7 +586,7 @@ async function installSkillFromGitUrl(gitUrl, projectPath, targetDir = ".claude/
         }
         else if (urlInfo.type === "gitlab") {
             // Use git sparse-checkout for GitLab (supports private repos)
-            return await installFromGitLab(urlInfo, destPath);
+            return await installFromGitLab(urlInfo, destPath, gitPassword, gitUsername, saveCredentials);
         }
         else {
             throw new Error(`Unsupported git URL type: ${gitUrl}`);
@@ -344,7 +699,7 @@ server.tool("list_skills", "Fetch company Skills list. You can search for specif
     }
 });
 // Register tool: Install Skill
-server.tool("install_skill", "Install skill to local project by gitUrl. Uses npx degit for GitHub repositories and git sparse-checkout for GitLab repositories. Project path is required, which can be the project path of the currently opened file in IDE.", {
+server.tool("install_skill", "Install skill to local project by gitUrl. Uses npx degit for GitHub repositories and git sparse-checkout for GitLab repositories. Project path is required, which can be the project path of the currently opened file in IDE. For private GitLab repositories, provide gitToken for authentication.", {
     gitUrl: z.string().describe("Git URL of the skill (e.g., 'https://github.com/anthropics/skills/tree/main/skills/webapp-testing'). The skill name will be extracted from this URL."),
     projectPath: z
         .string()
@@ -354,7 +709,19 @@ server.tool("install_skill", "Install skill to local project by gitUrl. Uses npx
         .string()
         .optional()
         .describe("Installation target directory, default: .claude/skills"),
-}, async ({ gitUrl, projectPath, targetDir }) => {
+    gitPassword: z
+        .string()
+        .optional()
+        .describe("GitLab password (Personal Access Token) for private repository authentication. If provided, will be used for this installation and saved for future use."),
+    gitUsername: z
+        .string()
+        .optional()
+        .describe("GitLab username for authentication. Default: your system username or 'oauth2'"),
+    saveCredentials: z
+        .boolean()
+        .optional()
+        .describe("Whether to save the provided credentials for future use. Default: true"),
+}, async ({ gitUrl, projectPath, targetDir, gitPassword, gitUsername, saveCredentials }) => {
     // Check if project path is provided
     if (!projectPath) {
         return {
@@ -368,12 +735,17 @@ server.tool("install_skill", "Install skill to local project by gitUrl. Uses npx
         };
     }
     try {
-        const result = await installSkillFromGitUrl(gitUrl, projectPath, targetDir || ".claude/skills");
+        const result = await installSkillFromGitUrl(gitUrl, projectPath, targetDir || ".claude/skills", gitPassword, gitUsername, saveCredentials !== false // default to true
+        );
+        let successMessage = result;
+        if (gitPassword && saveCredentials !== false) {
+            successMessage += "\n\n💾 **Credentials Saved**: GitLab credentials have been automatically saved to your system. No need to provide password for future installations.";
+        }
         return {
             content: [
                 {
                     type: "text",
-                    text: result,
+                    text: successMessage,
                 },
             ],
         };
@@ -383,7 +755,7 @@ server.tool("install_skill", "Install skill to local project by gitUrl. Uses npx
             content: [
                 {
                     type: "text",
-                    text: `❌ Error: ${error instanceof Error ? error.message : "Unknown error"}`,
+                    text: `${error instanceof Error ? error.message : "Unknown error"}`,
                 },
             ],
             isError: true,
@@ -391,7 +763,7 @@ server.tool("install_skill", "Install skill to local project by gitUrl. Uses npx
     }
 });
 // Register tool: Install Skill Group
-server.tool("install_skill_group", "Install ALL skills from a skill group to local project at once. When user wants to install an entire skill group (shown in list_skills results with group ID), use this tool instead of install_skill. This will fetch the group details by ID and install all skills that have gitUrl.", {
+server.tool("install_skill_group", "Install ALL skills from a skill group to local project at once. When user wants to install an entire skill group (shown in list_skills results with group ID), use this tool instead of install_skill. This will fetch the group details by ID and install all skills that have gitUrl. For private GitLab repositories, provide gitToken for authentication.", {
     groupId: z.string().describe("The ID of the skill group to install. You can get this ID from list_skills results (e.g., '697190fc88f4e586fb1a7114')"),
     host: z
         .string()
@@ -409,7 +781,15 @@ server.tool("install_skill_group", "Install ALL skills from a skill group to loc
         .string()
         .optional()
         .describe("Installation target directory, default: .claude/skills"),
-}, async ({ groupId, host, token, projectPath, targetDir }) => {
+    gitPassword: z
+        .string()
+        .optional()
+        .describe("GitLab password (Personal Access Token) for private repository authentication. If provided, will be used for all skill installations and saved for future use."),
+    gitUsername: z
+        .string()
+        .optional()
+        .describe("GitLab username for authentication. Default: your system username or 'oauth2'"),
+}, async ({ groupId, host, token, projectPath, targetDir, gitPassword, gitUsername }) => {
     // Check if project path is provided
     if (!projectPath) {
         return {
@@ -468,10 +848,15 @@ server.tool("install_skill_group", "Install ALL skills from a skill group to loc
         const results = [];
         const errors = [];
         const installDir = targetDir || ".claude/skills";
+        let credentialsSaved = false;
         for (const skill of skillsWithGitUrl) {
             try {
-                const result = await installSkillFromGitUrl(skill.gitUrl, projectPath, installDir);
+                const result = await installSkillFromGitUrl(skill.gitUrl, projectPath, installDir, gitPassword, gitUsername, !credentialsSaved // Only save credentials on first successful installation
+                );
                 results.push(`✅ ${skill.title}: Installed successfully`);
+                if (gitPassword && !credentialsSaved) {
+                    credentialsSaved = true;
+                }
             }
             catch (error) {
                 const errorMsg = error instanceof Error ? error.message : "Unknown error";
@@ -479,7 +864,7 @@ server.tool("install_skill_group", "Install ALL skills from a skill group to loc
             }
         }
         // Build summary
-        const summary = [
+        const summaryParts = [
             `## ${groupIcon} Skill Group: ${groupName}`,
             ``,
             `**Total skills:** ${skillsWithGitUrl.length}`,
@@ -489,7 +874,11 @@ server.tool("install_skill_group", "Install ALL skills from a skill group to loc
             `### Installation Results:`,
             ...results,
             ...(errors.length > 0 ? [``, `### Errors:`, ...errors] : []),
-        ].join("\n");
+        ];
+        if (gitPassword && credentialsSaved) {
+            summaryParts.push(``, `💾 **Credentials Saved**: GitLab credentials have been automatically saved to your system. No need to provide password for future installations.`);
+        }
+        const summary = summaryParts.join("\n");
         return {
             content: [
                 {
@@ -511,6 +900,230 @@ server.tool("install_skill_group", "Install ALL skills from a skill group to loc
         };
     }
 });
+// Register tool: Check GitLab Credentials Status
+server.tool("check_gitlab_credentials", "Check if GitLab credentials are already configured for a host. Use this to verify your credential status before trying to install private skills.", {
+    host: z
+        .string()
+        .describe("GitLab host domain to check (e.g., 'git.ringcentral.com')"),
+}, async ({ host }) => {
+    try {
+        const hasCredentials = await checkGitCredentials(host);
+        if (hasCredentials) {
+            return {
+                content: [
+                    {
+                        type: "text",
+                        text: `✅ **Credentials Configured!**
+
+**Host:** \`${host}\`
+
+Your GitLab credentials already exist. You can directly use:
+- \`install_skill\` to install skills from private repositories
+- \`install_skill_group\` to install private skill groups
+
+**No need to configure credentials again!**`,
+                    },
+                ],
+            };
+        }
+        else {
+            return {
+                content: [
+                    {
+                        type: "text",
+                        text: `⚠️ **No Credentials Found**
+
+**Host:** \`${host}\`
+
+GitLab credentials for this host have not been configured. Please use \`setup_gitlab_credentials\` to configure:
+
+\`\`\`
+setup_gitlab_credentials:
+  host: ${host}
+  username: <your_gitlab_username>
+  password: <your_gitlab_password>
+\`\`\`
+
+**Security Note:** Your password is only used once for login to obtain a Token and is NOT stored.`,
+                    },
+                ],
+            };
+        }
+    }
+    catch (error) {
+        return {
+            content: [
+                {
+                    type: "text",
+                    text: `❌ Error checking credentials: ${error instanceof Error ? error.message : "Unknown error"}`,
+                },
+            ],
+            isError: true,
+        };
+    }
+});
+// Register tool: Setup GitLab Credentials (with auto-login)
+server.tool("setup_gitlab_credentials", "Login to GitLab with your username and password to automatically configure credentials. Your password is ONLY used once to obtain a Token and is NOT stored anywhere. The Token will be saved for future use.", {
+    host: z
+        .string()
+        .describe("GitLab host domain (e.g., 'git.ringcentral.com', 'gitlab.com')"),
+    username: z
+        .string()
+        .describe("Your GitLab username (e.g., 'john.doe')"),
+    password: z
+        .string()
+        .describe("Your GitLab password (used ONCE to login and get Token, NOT stored)"),
+    force: z
+        .boolean()
+        .optional()
+        .describe("Force re-login even if credentials already exist. Default: false"),
+    openBrowser: z
+        .boolean()
+        .optional()
+        .describe("If auto-login fails, whether to open browser to manually create token. Default: true"),
+}, async ({ host, username, password, force, openBrowser }) => {
+    try {
+        // Step 0: Check if credentials already exist (unless force=true)
+        if (!force) {
+            const existingCredentials = await checkGitCredentials(host);
+            if (existingCredentials) {
+                return {
+                    content: [
+                        {
+                            type: "text",
+                            text: `✅ **Credentials Already Exist, No Need to Reconfigure!**
+
+**Host:** \`${host}\`
+
+Your GitLab credentials are already configured. You can directly use \`install_skill\` to install private skills.
+
+If you need to re-login (e.g., Token expired), add \`force: true\` parameter:
+
+\`\`\`
+setup_gitlab_credentials:
+  host: ${host}
+  username: ${username}
+  password: <your_password>
+  force: true
+\`\`\``,
+                        },
+                    ],
+                };
+            }
+        }
+        // Step 1: Try auto-login to GitLab and create token
+        const loginResult = await loginToGitLabAndCreateToken(host, username, password);
+        if (loginResult.success && loginResult.token) {
+            // Auto-login succeeded! Save the token (NOT password) as git credentials
+            await saveGitCredentials(host, username, loginResult.token);
+            return {
+                content: [
+                    {
+                        type: "text",
+                        text: `✅ **GitLab Login Successful! Credentials Auto-Configured!**
+
+**Host:** \`${host}\`
+**Username:** \`${username}\`
+**Token:** Auto-created and saved (valid for 1 year)
+
+🔒 **Security Note:**
+- Your **password was NOT saved**, only used for this one-time login
+- Only the auto-generated **Token** is stored (not your password)
+- Token is stored in your system's Git credential manager (e.g., macOS Keychain)
+
+Now you can:
+- Use \`install_skill\` to install skills from private repositories
+- Use \`install_skill_group\` to install private skill groups
+
+**No need to enter any credentials in the future!**`,
+                    },
+                ],
+            };
+        }
+        // Auto-login failed, provide guidance
+        const errorMessage = loginResult.error || "Unknown error";
+        // If openBrowser is not explicitly false, try to open browser
+        if (openBrowser !== false) {
+            try {
+                const tokenUrl = `https://${host}/-/user_settings/personal_access_tokens`;
+                await openInBrowser(tokenUrl);
+                return {
+                    content: [
+                        {
+                            type: "text",
+                            text: `⚠️ **Auto-login Failed**: ${errorMessage}
+
+Browser has been opened to the Token creation page. Please follow these steps:
+
+1. Login to GitLab in the browser (if not already logged in)
+2. Enter a name in "Token name" (e.g., \`ring-skills-mcp\`)
+3. Select an expiration date in "Expiration date" (recommended: 1 year)
+4. Check \`read_repository\` scope
+5. Click "Create personal access token"
+6. **Copy the generated Token**
+
+Then call this tool again, paste the Token in the password field:
+
+\`\`\`
+setup_gitlab_credentials:
+  host: ${host}
+  username: ${username}
+  password: <paste_your_copied_token>
+\`\`\``,
+                        },
+                    ],
+                };
+            }
+            catch {
+                // Failed to open browser, fall through to manual instructions
+            }
+        }
+        return {
+            content: [
+                {
+                    type: "text",
+                    text: `❌ **Auto-login Failed**: ${errorMessage}
+
+**Manual Token Creation Steps:**
+
+1. Open browser and visit: https://${host}/-/user_settings/personal_access_tokens
+2. Login to your GitLab account
+3. Create a new Token:
+   - Token name: \`ring-skills-mcp\`
+   - Expiration: Select a date 1 year from now
+   - Scopes: Check \`read_repository\`
+4. Click "Create personal access token"
+5. Copy the generated Token
+
+Then call this tool again, paste the Token in the password field.
+
+**Common Issues:**
+- If your account has Two-Factor Authentication (2FA) enabled, you must create a Token manually
+- If you forgot your password, please reset it on the GitLab website first`,
+                },
+            ],
+            isError: true,
+        };
+    }
+    catch (error) {
+        return {
+            content: [
+                {
+                    type: "text",
+                    text: `❌ **Login Process Error**
+
+Error: ${error instanceof Error ? error.message : "Unknown error"}
+
+Please create a Token manually:
+1. Open https://${host}/-/user_settings/personal_access_tokens
+2. Create a Token with \`read_repository\` scope
+3. Call this tool again, paste the Token in the password field`,
+                },
+            ],
+            isError: true,
+        };
+    }
+});
 // Start server
 async function main() {
     const transport = new StdioServerTransport();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "ring-skills-mcp",
-  "version": "1.2.2",
+  "version": "1.3.0",
   "description": "MCP service for fetching and installing company Skills",
   "type": "module",
   "main": "dist/index.js",