npm - syncromsp-mcp - Versions diffs - 1.3.2 → 1.4.1 - Mend

syncromsp-mcp 1.3.2 → 1.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/README.md CHANGED Viewed

@@ -1,22 +1,45 @@
 # SyncroMSP MCP Server
-A fully-featured [Model Context Protocol](https://modelcontextprotocol.io) server for the [SyncroMSP](https://syncromsp.com) IT/MSP platform. Provides AI assistants with access to tickets, customers, assets, invoices, and 30+ resource types through a domain-navigation architecture that keeps token usage efficient.
+A fully-featured [Model Context Protocol](https://modelcontextprotocol.io) server for the [SyncroMSP](https://syncromsp.com) IT/MSP platform. Gives AI assistants full access to tickets, customers, assets, invoices, and 30+ resource types.
 ## Features
-- **170 API endpoints** across 15 lazy-loaded domains
-- **Domain navigation** — only 3-8 tools visible at a time, not 170
+- **170 API endpoints** across 15 domains
 - **Full CRUD** for tickets, customers, invoices, estimates, appointments, contracts, products, and more
 - **Ticket comments** — email replies, public notes, and private/internal notes
 - **Line items** — add products from catalog or manual entries to tickets, invoices, estimates, schedules
 - **RMM alerts** — create, read, mute, resolve alerts on assets
 - **Rate limiting** — built-in 180 req/min token bucket (Syncro API limit)
 - **Confirmation required** for all destructive operations (DELETE, etc.)
-- **Docker deployment** with OAuth2 proxy for remote/team access
+- **Auto-update check** — warns on startup if a newer version is available
-## Quick Start
+### Deployment Options
-### Claude Code
+| Method | Best For | Auto-Updates |
+|--------|----------|-------------|
+| [**Claude Code**](#claude-code) | Developers using Claude Code CLI | Yes (npx) |
+| [**Claude Desktop**](#claude-desktop) | Local desktop app users | Yes (npx) |
+| [**Docker + Claude.ai**](#docker-deployment-remote-mcp) | Teams, remote access, Claude.ai web | Yes (Watchtower) |
+| [**From Source**](#from-source) | Development and customization | Manual |
+---
+## Prerequisites
+### Getting Your Syncro API Key
+1. Log in to your Syncro account
+2. Go to **Admin** > **API Tokens**
+3. Click **+ New Token**
+4. Select the **Custom Permissions** tab
+5. Name your token and set permissions for the resources you need
+6. Click **Create** and copy the token (it cannot be retrieved later)
+Your **subdomain** is the part before `.syncromsp.com` in your Syncro URL (e.g., `mycompany` from `mycompany.syncromsp.com`).
+---
+## Claude Code
 ```bash
 claude mcp add syncromsp \
@@ -25,13 +48,17 @@ claude mcp add syncromsp \
   -- npx syncromsp-mcp
 ```
-### Claude Desktop
+That's it. Claude Code will download and run the latest version automatically.
-#### Option 1: MCPB Extension (Recommended)
+---
+## Claude Desktop
+### Option 1: MCPB Extension
 Download the latest `.mcpb` file from [Releases](https://github.com/advenimus/syncromsp-mcp/releases) and double-click to install. Claude Desktop will prompt you for your API key and subdomain.
-#### Option 2: Manual Configuration
+### Option 2: Manual Configuration
 Add to your `claude_desktop_config.json`:
@@ -40,7 +67,7 @@ Add to your `claude_desktop_config.json`:
   "mcpServers": {
     "syncromsp": {
       "command": "npx",
-      "args": ["syncromsp-mcp"],
+      "args": ["-y", "syncromsp-mcp"],
       "env": {
         "SYNCRO_API_KEY": "your-api-key",
         "SYNCRO_SUBDOMAIN": "your-subdomain"
@@ -54,162 +81,198 @@ Config file location:
 - **macOS**: `~/Library/Application Support/Claude/claude_desktop_config.json`
 - **Windows**: `%APPDATA%\Claude\claude_desktop_config.json`
-### From Source
+Restart Claude Desktop after saving. The server updates automatically via npx on each restart.
+---
+## Docker Deployment (Remote MCP)
+Deploy as a Docker container for remote access from Claude.ai, shared team usage, or running on a server. Includes built-in OAuth 2.1 authentication so only authorized users can connect.
+### Step 1: Clone and Configure
 ```bash
 git clone https://github.com/advenimus/syncromsp-mcp.git
 cd syncromsp-mcp
-npm install
-npm run build
-# Set environment variables
-export SYNCRO_API_KEY=your-api-key
-export SYNCRO_SUBDOMAIN=your-subdomain
-# Run
-npm start
+cp .env.example .env
 ```
-## Getting Your API Key
+Edit `.env` with your settings:
-1. Log in to your Syncro account
-2. Go to **Admin** > **API Tokens**
-3. Click **+ New Token**
-4. Select the **Custom Permissions** tab
-5. Name your token and set permissions for the resources you need
-6. Click **Create** and copy the token (it cannot be retrieved later)
-Your subdomain is the part before `.syncromsp.com` in your Syncro URL (e.g., `mycompany` from `mycompany.syncromsp.com`).
+```bash
+# Required: Syncro credentials
+SYNCRO_API_KEY=your-api-key
+SYNCRO_SUBDOMAIN=your-subdomain
-## How It Works
+# Required: The public URL where this server will be reachable
+# Must be HTTPS for production (put behind Traefik, Caddy, nginx, etc.)
+MCP_BASE_URL=https://mcp.yourcompany.com
-### Domain Navigation
+# Required: Access key that users must enter to authorize connections
+# Generate one with: openssl rand -hex 32
+MCP_AUTH_SECRET=your-strong-secret-here
+```
-Instead of loading 170+ tools at once (which would overwhelm any AI), the server uses a **navigation pattern**:
+### Step 2: Deploy
+```bash
+docker compose up -d
 ```
-Startup → 3 tools visible:
-  syncro_navigate("tickets")  → loads ticket tools
-  syncro_status()             → shows current domain
-  syncro_back()               → returns to root
-After navigating to "tickets" → domain tools visible:
-  tickets_list, tickets_get, tickets_create, tickets_update,
-  tickets_delete, tickets_comment, tickets_add_line_item, ...
-  syncro_back()
-```
-### Available Domains
-| Domain | Description | Key Operations |
-|--------|-------------|---------------|
-| **tickets** | Service tickets | CRUD, comments (email/public/private), line items, timers, attachments |
-| **customers** | Customer records | CRUD, phone numbers, autocomplete |
-| **assets** | Customer assets | CRUD, patches, properties (OS, RAM, HDD, etc.) |
-| **contacts** | Customer contacts | CRUD |
-| **invoices** | Invoices | CRUD, line items (manual + product catalog), print, email |
-| **estimates** | Estimates/quotes | CRUD, line items, print, email, convert to invoice |
-| **appointments** | Calendar appointments | CRUD, appointment types, ticket linking |
-| **products** | Inventory/products | CRUD, serials, SKUs, categories, images |
-| **payments** | Payment records | Create, read, multi-invoice distribution |
-| **leads** | Leads/opportunities | Create, read, update |
-| **contracts** | Service contracts | CRUD |
-| **rmm** | RMM alerts | Create, read, mute, resolve |
-| **scheduling** | Recurring invoices | CRUD, schedule line items |
-| **time** | Timers and time logs | List, update |
-| **admin** | Search, users, vendors, wiki, portal, settings, purchase orders, and more | Various |
+The container runs on port 8080 by default. You need a reverse proxy (Traefik, Caddy, nginx) in front to provide HTTPS.
-## Docker Deployment (Remote MCP with OAuth)
+### Step 3: Connect from Claude.ai
-For connecting Claude.ai or other remote MCP clients with built-in OAuth 2.1 authentication:
+1. In Claude.ai, go to **Settings** > **MCP Servers** > **Add Remote Server**
+2. Enter your MCP URL: `https://mcp.yourcompany.com/mcp`
+3. Claude.ai will auto-discover the OAuth endpoints
+4. A login page appears — enter the `MCP_AUTH_SECRET` you configured in Step 1
+5. Once authenticated, Claude.ai connects and all 170 tools become available
-```bash
-cp .env.example .env
-# Edit .env with your Syncro credentials and base URL
-```
+### How Authentication Works
-Set `MCP_BASE_URL` to your public HTTPS URL (required for OAuth):
+The server implements the [MCP OAuth 2.1 + PKCE](https://spec.modelcontextprotocol.io) spec with an access key gate:
-```bash
-SYNCRO_API_KEY=your-api-key
-SYNCRO_SUBDOMAIN=your-subdomain
-MCP_BASE_URL=https://mcp.yourcompany.com
+```
+Client connects → 401 Unauthorized
+  → Client discovers /.well-known/oauth-authorization-server
+  → Client dynamically registers (RFC 7591)
+  → Client redirects user to /authorize
+  → User sees login page, enters MCP_AUTH_SECRET
+  → Correct key: auth code issued → token granted → MCP access
+  → Wrong key: 403 Access Denied, connection rejected
 ```
-Then deploy:
+- Tokens are validated on every MCP request via bearer auth
+- Access tokens expire after 24 hours (refresh tokens last 30 days)
+- Timing-safe secret comparison prevents side-channel attacks
+- Server **refuses to start** if `MCP_AUTH_SECRET` is not set
-```bash
-docker compose up -d
+### Example: Docker with Traefik
+```yaml
+services:
+  syncro-mcp:
+    image: ghcr.io/advenimus/syncromsp-mcp:latest
+    container_name: syncromsp-mcp
+    restart: unless-stopped
+    environment:
+      - SYNCRO_API_KEY=${SYNCRO_API_KEY}
+      - SYNCRO_SUBDOMAIN=${SYNCRO_SUBDOMAIN}
+      - MCP_TRANSPORT=http
+      - MCP_PORT=8080
+      - MCP_BASE_URL=https://mcp.yourcompany.com
+      - MCP_AUTH_SECRET=${MCP_AUTH_SECRET}
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.mcp.rule=Host(`mcp.yourcompany.com`)"
+      - "traefik.http.routers.mcp.entrypoints=websecure"
+      - "traefik.http.routers.mcp.tls.certresolver=letsencrypt"
+      - "traefik.http.services.mcp.loadbalancer.server.port=8080"
 ```
-### Connecting Claude.ai
+### Example: Docker with Caddy
+```yaml
+services:
+  syncro-mcp:
+    image: ghcr.io/advenimus/syncromsp-mcp:latest
+    container_name: syncromsp-mcp
+    restart: unless-stopped
+    environment:
+      - SYNCRO_API_KEY=${SYNCRO_API_KEY}
+      - SYNCRO_SUBDOMAIN=${SYNCRO_SUBDOMAIN}
+      - MCP_TRANSPORT=http
+      - MCP_BASE_URL=https://mcp.yourcompany.com
+      - MCP_AUTH_SECRET=${MCP_AUTH_SECRET}
+    expose:
+      - "8080"
+  caddy:
+    image: caddy:2
+    restart: unless-stopped
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - ./Caddyfile:/etc/caddy/Caddyfile
+      - caddy_data:/data
-1. Deploy the server with HTTPS (via reverse proxy like Traefik, Caddy, or nginx)
-2. In Claude.ai, go to **Settings** > **MCP Servers** > **Add Remote Server**
-3. Enter your MCP URL: `https://mcp.yourcompany.com/mcp`
-4. Claude.ai will auto-discover the OAuth endpoints and authenticate
+volumes:
+  caddy_data:
+```
-The server implements the full MCP OAuth 2.1 + PKCE spec:
-- `/.well-known/oauth-authorization-server` — discovery metadata
-- `/authorize` — authorization endpoint (auto-approves since you control the server)
-- `/token` — token endpoint with PKCE S256 validation
-- `/register` — dynamic client registration (RFC 7591)
-- Bearer token validation on all MCP requests
+`Caddyfile`:
+```
+mcp.yourcompany.com {
+    reverse_proxy syncro-mcp:8080
+}
+```
-### Disabling Auth
+### Disabling Auth (Not Recommended)
-For testing or private networks, disable OAuth:
+For testing on private networks only:
 ```bash
 MCP_AUTH=false docker compose up -d
 ```
+**Warning:** Without auth, anyone who can reach the URL gets full access to your Syncro account.
+---
 ## Environment Variables
-| Variable | Required | Description |
-|----------|----------|-------------|
-| `SYNCRO_API_KEY` | Yes | Your Syncro API token |
-| `SYNCRO_SUBDOMAIN` | Yes | Your Syncro subdomain |
-| `MCP_TRANSPORT` | No | `stdio` (default) or `http` |
-| `MCP_PORT` | No | HTTP port (default: `8080`) |
-| `MCP_BASE_URL` | For OAuth | Public HTTPS URL (e.g., `https://mcp.yourcompany.com`) |
-| `MCP_AUTH` | No | `true` (default) or `false` to disable OAuth |
-| `MCP_TOOL_MODE` | No | `flat` (default, all tools) or `navigation` (lazy domains) |
+| Variable | Required | Default | Description |
+|----------|----------|---------|-------------|
+| `SYNCRO_API_KEY` | Yes | — | Your Syncro API token |
+| `SYNCRO_SUBDOMAIN` | Yes | — | Your Syncro subdomain |
+| `MCP_TRANSPORT` | No | `stdio` | `stdio` (local) or `http` (Docker/remote) |
+| `MCP_PORT` | No | `8080` | HTTP listen port |
+| `MCP_BASE_URL` | For Docker | — | Public HTTPS URL (e.g., `https://mcp.yourcompany.com`) |
+| `MCP_AUTH` | No | `true` | `true` or `false` to disable OAuth |
+| `MCP_AUTH_SECRET` | For Docker | — | Access key users enter to authorize (min 8 chars) |
+| `MCP_TOOL_MODE` | No | `flat` | `flat` (all tools) or `navigation` (lazy domains) |
-## API Rate Limits
+---
-Syncro enforces a rate limit of **180 requests per minute per IP**. The server includes a built-in token bucket rate limiter that automatically queues requests when approaching the limit.
+## Available Domains
-## Important Notes
+| Domain | Description | Key Operations |
+|--------|-------------|---------------|
+| **tickets** | Service tickets | CRUD, comments (email/public/private), line items, timers, attachments |
+| **customers** | Customer records | CRUD, phone numbers, autocomplete |
+| **assets** | Customer assets | CRUD, patches, properties (OS, RAM, HDD, etc.) |
+| **contacts** | Customer contacts | CRUD |
+| **invoices** | Invoices | CRUD, line items (manual + product catalog), print, email |
+| **estimates** | Estimates/quotes | CRUD, line items, print, email, convert to invoice |
+| **appointments** | Calendar appointments | CRUD, appointment types, ticket linking |
+| **products** | Inventory/products | CRUD, serials, SKUs, categories, images |
+| **payments** | Payment records | Create, read, multi-invoice distribution |
+| **leads** | Leads/opportunities | Create, read, update |
+| **contracts** | Service contracts | CRUD |
+| **rmm** | RMM alerts | Create, read, mute, resolve |
+| **scheduling** | Recurring invoices | CRUD, schedule line items |
+| **time** | Timers and time logs | List, update |
+| **admin** | Search, users, vendors, wiki, portal, settings, purchase orders, and more | Various |
-- **Destructive operations** (DELETE, remove line item, etc.) require explicit confirmation
-- **Line items** cannot be added inline during resource creation — always add them via separate API calls after creating the parent resource
-- **Ticket comments** have 3 modes: email reply, public note, and private/internal note
-- Some resources have no DELETE endpoint (vendors, leads, products, assets) — use `disabled: true` via update instead
+---
 ## Staying Up to Date
 The server checks for updates on startup and logs a warning if a newer version is available.
-### npx
-Always uses the latest published version automatically:
-```bash
-npx syncromsp-mcp@latest
-```
-### Claude Desktop (MCPB)
-Download the latest `.mcpb` from [Releases](https://github.com/advenimus/syncromsp-mcp/releases) and reinstall.
+| Method | How to Update |
+|--------|--------------|
+| **npx / Claude Desktop** | Automatic — npx pulls latest on each run |
+| **Docker** | `docker compose pull && docker compose up -d` |
+| **Docker (auto)** | Add [Watchtower](https://containrrr.dev/watchtower/) for automatic daily updates |
+| **MCPB** | Download latest `.mcpb` from [Releases](https://github.com/advenimus/syncromsp-mcp/releases) |
+| **From Source** | `git pull && npm install && npm run build` |
-### Docker
-```bash
-docker compose pull
-docker compose up -d
-```
+### Auto-Update with Watchtower
-For **automatic updates**, add [Watchtower](https://containrrr.dev/watchtower/):
+Add to your `docker-compose.yml`:
 ```yaml
 services:
@@ -218,16 +281,33 @@ services:
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
     environment:
-      - WATCHTOWER_POLL_INTERVAL=86400  # Check daily
+      - WATCHTOWER_POLL_INTERVAL=86400  # Check every 24 hours
       - WATCHTOWER_CLEANUP=true
 ```
-### From Source
+---
+## Important Notes
+- **Destructive operations** (DELETE, remove line item, etc.) require explicit confirmation
+- **Line items** cannot be added inline during resource creation — always add them via separate API calls after creating the parent resource
+- **Ticket comments** have 3 modes: email reply (`do_not_email: false`), public note (`do_not_email: true, hidden: false`), and private note (`hidden: true`)
+- Some resources have no DELETE endpoint (vendors, leads, products, assets) — use `disabled: true` via update instead
+- **Rate limit**: 180 requests per minute per IP (enforced by Syncro, managed by built-in rate limiter)
+---
+## From Source
 ```bash
-git pull
+git clone https://github.com/advenimus/syncromsp-mcp.git
+cd syncromsp-mcp
 npm install
 npm run build
+export SYNCRO_API_KEY=your-api-key
+export SYNCRO_SUBDOMAIN=your-subdomain
+npm start
 ```
 ## Development

package/dist/auth.d.ts CHANGED Viewed

@@ -9,22 +9,28 @@ declare class InMemoryClientsStore implements OAuthRegisteredClientsStore {
     registerClient(clientMetadata: OAuthClientInformationFull): Promise<OAuthClientInformationFull>;
 }
 /**
- * OAuth provider for MCP server authentication.
+ * Secure OAuth provider for MCP server authentication.
  *
- * Implements the MCP OAuth 2.1 + PKCE spec so that Claude.ai and other
- * remote MCP clients can authenticate against this server.
+ * When MCP_AUTH_SECRET is set, the authorize flow presents a login page
+ * requiring the secret before granting access. This prevents unauthorized
+ * clients from completing the OAuth flow even if they discover the server URL.
  *
- * The authorize flow auto-approves requests — since the server operator
- * deployed this themselves with their Syncro API key, any client that
- * can reach the server and complete the OAuth flow is authorized.
+ * Without MCP_AUTH_SECRET, the server refuses to start in auth mode.
  */
 export declare class McpOAuthProvider implements OAuthServerProvider {
     readonly clientsStore: InMemoryClientsStore;
     private readonly codes;
     private readonly tokens;
+    private readonly pendingAuths;
     private readonly tokenLifetimeMs;
-    constructor(tokenLifetimeHours?: number);
+    private readonly authSecret;
+    constructor(authSecret: string, tokenLifetimeHours?: number);
     authorize(client: OAuthClientInformationFull, params: AuthorizationParams, res: Response): Promise<void>;
+    /**
+     * Called from the /authorize/callback POST handler.
+     * Validates the secret and either redirects with an auth code or shows an error.
+     */
+    handleAuthCallback(pendingId: string, secret: string, res: Response): Promise<void>;
     challengeForAuthorizationCode(_client: OAuthClientInformationFull, authorizationCode: string): Promise<string>;
     exchangeAuthorizationCode(client: OAuthClientInformationFull, authorizationCode: string, _codeVerifier?: string): Promise<OAuthTokens>;
     exchangeRefreshToken(client: OAuthClientInformationFull, refreshToken: string, _scopes?: string[], _resource?: URL): Promise<OAuthTokens>;

package/dist/auth.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EACV,mBAAmB,EACnB,mBAAmB,EACpB,MAAM,mDAAmD,CAAC;AAC3D,OAAO,KAAK,EAAE,2BAA2B,EAAE,MAAM,kDAAkD,CAAC;AACpG,OAAO,KAAK,EACV,0BAA0B,EAC1B,WAAW,EACZ,MAAM,0CAA0C,CAAC;AAClD,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,gDAAgD,CAAC;AAC/E,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;~~AAexC~~,cAAM,oBAAqB,YAAW,2BAA2B;IAC/D,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAiD;IAEnE,SAAS,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,0BAA0B,GAAG,SAAS,CAAC;IAI5E,cAAc,CAClB,cAAc,EAAE,0BAA0B,GACzC,OAAO,CAAC,0BAA0B,CAAC;CAIvC;AAED~~;;;;;;;;;GASG~~;AACH,qBAAa,gBAAiB,YAAW,mBAAmB;IAC1D,QAAQ,CAAC,YAAY,uBAA8B;IACnD,OAAO,CAAC,QAAQ,CAAC,KAAK,CAA+B;IACrD,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAgC;IACvD,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAS;~~gBAE7B~~,kBAAkB,GAAE,MAAW;~~IAIrC~~,SAAS,CACb,MAAM,EAAE,0BAA0B,EAClC,MAAM,EAAE,mBAAmB,EAC3B,GAAG,EAAE,QAAQ,GACZ,OAAO,CAAC,IAAI,CAAC;~~IAyBV~~,6BAA6B,CACjC,OAAO,EAAE,0BAA0B,EACnC,iBAAiB,EAAE,MAAM,GACxB,OAAO,CAAC,MAAM,CAAC;IAQZ,yBAAyB,CAC7B,MAAM,EAAE,0BAA0B,EAClC,iBAAiB,EAAE,MAAM,EACzB,aAAa,CAAC,EAAE,MAAM,GACrB,OAAO,CAAC,WAAW,CAAC;~~IAwCjB~~,oBAAoB,CACxB,MAAM,EAAE,0BAA0B,EAClC,YAAY,EAAE,MAAM,EACpB,OAAO,CAAC,EAAE,MAAM,EAAE,EAClB,SAAS,CAAC,EAAE,GAAG,GACd,OAAO,CAAC,WAAW,CAAC;~~IA4BjB~~,iBAAiB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC;IAcnD,WAAW,CACf,OAAO,EAAE,0BAA0B,EACnC,OAAO,EAAE;QAAE,KAAK,EAAE,MAAM,CAAA;KAAE,GACzB,OAAO,CAAC,IAAI,CAAC;CAGjB"}
1	+ {"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EACV,mBAAmB,EACnB,mBAAmB,EACpB,MAAM,mDAAmD,CAAC;AAC3D,OAAO,KAAK,EAAE,2BAA2B,EAAE,MAAM,kDAAkD,CAAC;AACpG,OAAO,KAAK,EACV,0BAA0B,EAC1B,WAAW,EACZ,MAAM,0CAA0C,CAAC;AAClD,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,gDAAgD,CAAC;AAC/E,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AA4BxC,cAAM,oBAAqB,YAAW,2BAA2B;IAC/D,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAiD;IAEnE,SAAS,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,0BAA0B,GAAG,SAAS,CAAC;IAI5E,cAAc,CAClB,cAAc,EAAE,0BAA0B,GACzC,OAAO,CAAC,0BAA0B,CAAC;CAIvC;AAED;;;;;;;;GAQG;AACH,qBAAa,gBAAiB,YAAW,mBAAmB;IAC1D,QAAQ,CAAC,YAAY,uBAA8B;IACnD,OAAO,CAAC,QAAQ,CAAC,KAAK,CAA+B;IACrD,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAgC;IACvD,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAkC;IAC/D,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAS;IACzC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAS;gBAExB,UAAU,EAAE,MAAM,EAAE,kBAAkB,GAAE,MAAW;IAUzD,SAAS,CACb,MAAM,EAAE,0BAA0B,EAClC,MAAM,EAAE,mBAAmB,EAC3B,GAAG,EAAE,QAAQ,GACZ,OAAO,CAAC,IAAI,CAAC;IAqDhB;;;OAGG;IACG,kBAAkB,CACtB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,GAAG,EAAE,QAAQ,GACZ,OAAO,CAAC,IAAI,CAAC;IAmDV,6BAA6B,CACjC,OAAO,EAAE,0BAA0B,EACnC,iBAAiB,EAAE,MAAM,GACxB,OAAO,CAAC,MAAM,CAAC;IAQZ,yBAAyB,CAC7B,MAAM,EAAE,0BAA0B,EAClC,iBAAiB,EAAE,MAAM,EACzB,aAAa,CAAC,EAAE,MAAM,GACrB,OAAO,CAAC,WAAW,CAAC;IA6CjB,oBAAoB,CACxB,MAAM,EAAE,0BAA0B,EAClC,YAAY,EAAE,MAAM,EACpB,OAAO,CAAC,EAAE,MAAM,EAAE,EAClB,SAAS,CAAC,EAAE,GAAG,GACd,OAAO,CAAC,WAAW,CAAC;IA2BjB,iBAAiB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC;IAcnD,WAAW,CACf,OAAO,EAAE,0BAA0B,EACnC,OAAO,EAAE;QAAE,KAAK,EAAE,MAAM,CAAA;KAAE,GACzB,OAAO,CAAC,IAAI,CAAC;CAGjB"}

package/dist/auth.js CHANGED Viewed

@@ -1,4 +1,9 @@
-import { randomUUID } from "node:crypto";
+import { randomUUID, createHash, timingSafeEqual } from "node:crypto";
+function safeCompare(a, b) {
+    const hashA = createHash("sha256").update(a).digest();
+    const hashB = createHash("sha256").update(b).digest();
+    return timingSafeEqual(hashA, hashB);
+}
 class InMemoryClientsStore {
     clients = new Map();
     async getClient(clientId) {
@@ -10,40 +15,126 @@ class InMemoryClientsStore {
     }
 }
 /**
- * OAuth provider for MCP server authentication.
+ * Secure OAuth provider for MCP server authentication.
  *
- * Implements the MCP OAuth 2.1 + PKCE spec so that Claude.ai and other
- * remote MCP clients can authenticate against this server.
+ * When MCP_AUTH_SECRET is set, the authorize flow presents a login page
+ * requiring the secret before granting access. This prevents unauthorized
+ * clients from completing the OAuth flow even if they discover the server URL.
  *
- * The authorize flow auto-approves requests — since the server operator
- * deployed this themselves with their Syncro API key, any client that
- * can reach the server and complete the OAuth flow is authorized.
+ * Without MCP_AUTH_SECRET, the server refuses to start in auth mode.
  */
 export class McpOAuthProvider {
     clientsStore = new InMemoryClientsStore();
     codes = new Map();
     tokens = new Map();
+    pendingAuths = new Map();
     tokenLifetimeMs;
-    constructor(tokenLifetimeHours = 24) {
+    authSecret;
+    constructor(authSecret, tokenLifetimeHours = 24) {
+        if (!authSecret || authSecret.length < 8) {
+            throw new Error("MCP_AUTH_SECRET must be set and at least 8 characters for secure operation");
+        }
+        this.authSecret = authSecret;
         this.tokenLifetimeMs = tokenLifetimeHours * 60 * 60 * 1000;
     }
     async authorize(client, params, res) {
-        // Auto-approve: the server operator already authorized usage by deploying
-        // with their Syncro API key. Generate an auth code and redirect back.
-        const code = randomUUID();
-        this.codes.set(code, { client, params });
-        // Clean up expired codes (older than 10 minutes)
+        // Store the pending auth and show login page
+        const pendingId = randomUUID();
+        this.pendingAuths.set(pendingId, {
+            client,
+            params,
+            createdAt: Date.now(),
+        });
+        // Clean up expired pending auths (older than 10 minutes)
         const cutoff = Date.now() - 10 * 60 * 1000;
-        for (const [key, value] of this.codes) {
-            if (!this.tokens.has(key)) {
-                // We don't have a timestamp on codes, but they're short-lived
-                // and cleaned up when exchanged. This is best-effort cleanup.
-            }
+        for (const [key, value] of this.pendingAuths) {
+            if (value.createdAt < cutoff)
+                this.pendingAuths.delete(key);
+        }
+        // Serve a login page that requires the auth secret
+        res.setHeader("Content-Type", "text/html");
+        res.send(`<!DOCTYPE html>
+<html>
+<head>
+  <title>SyncroMSP MCP - Authorize</title>
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <style>
+    body { font-family: -apple-system, system-ui, sans-serif; display: flex; justify-content: center; align-items: center; min-height: 100vh; margin: 0; background: #0f172a; color: #e2e8f0; }
+    .card { background: #1e293b; padding: 2rem; border-radius: 12px; max-width: 400px; width: 90%; box-shadow: 0 4px 24px rgba(0,0,0,0.3); }
+    h1 { font-size: 1.25rem; margin: 0 0 0.5rem; color: #f8fafc; }
+    p { font-size: 0.875rem; color: #94a3b8; margin: 0 0 1.5rem; }
+    label { display: block; font-size: 0.875rem; margin-bottom: 0.5rem; color: #cbd5e1; }
+    input[type="password"] { width: 100%; padding: 0.75rem; border: 1px solid #334155; border-radius: 8px; background: #0f172a; color: #f8fafc; font-size: 1rem; box-sizing: border-box; }
+    input[type="password"]:focus { outline: none; border-color: #3b82f6; box-shadow: 0 0 0 3px rgba(59,130,246,0.2); }
+    button { width: 100%; padding: 0.75rem; background: #3b82f6; color: white; border: none; border-radius: 8px; font-size: 1rem; cursor: pointer; margin-top: 1rem; }
+    button:hover { background: #2563eb; }
+    .error { color: #f87171; font-size: 0.875rem; margin-top: 0.5rem; display: none; }
+    .client-info { font-size: 0.75rem; color: #64748b; margin-top: 1rem; padding-top: 1rem; border-top: 1px solid #334155; }
+  </style>
+</head>
+<body>
+  <div class="card">
+    <h1>SyncroMSP MCP Server</h1>
+    <p>Enter the server access key to authorize this connection.</p>
+    <form method="POST" action="/authorize/callback">
+      <input type="hidden" name="pending_id" value="${pendingId}">
+      <label for="secret">Access Key</label>
+      <input type="password" id="secret" name="secret" placeholder="Enter MCP_AUTH_SECRET" required autofocus>
+      <div class="error" id="error">Invalid access key. Please try again.</div>
+      <button type="submit">Authorize</button>
+    </form>
+    <div class="client-info">Client: ${client.client_name || client.client_id}</div>
+  </div>
+</body>
+</html>`);
+    }
+    /**
+     * Called from the /authorize/callback POST handler.
+     * Validates the secret and either redirects with an auth code or shows an error.
+     */
+    async handleAuthCallback(pendingId, secret, res) {
+        const pending = this.pendingAuths.get(pendingId);
+        if (!pending) {
+            res.status(400).send("Authorization request expired. Please try again.");
+            return;
+        }
+        // Timing-safe comparison of the secret
+        if (!safeCompare(secret, this.authSecret)) {
+            // Re-show the form with error
+            this.pendingAuths.delete(pendingId);
+            res.status(403).send(`<!DOCTYPE html>
+<html>
+<head>
+  <title>Access Denied</title>
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <style>
+    body { font-family: -apple-system, system-ui, sans-serif; display: flex; justify-content: center; align-items: center; min-height: 100vh; margin: 0; background: #0f172a; color: #e2e8f0; }
+    .card { background: #1e293b; padding: 2rem; border-radius: 12px; max-width: 400px; width: 90%; text-align: center; }
+    h1 { color: #f87171; font-size: 1.25rem; }
+    p { color: #94a3b8; }
+  </style>
+</head>
+<body>
+  <div class="card">
+    <h1>Access Denied</h1>
+    <p>Invalid access key. Connection rejected.</p>
+  </div>
+</body>
+</html>`);
+            return;
         }
-        const redirectUrl = new URL(params.redirectUri);
+        // Secret valid — issue auth code
+        this.pendingAuths.delete(pendingId);
+        const code = randomUUID();
+        this.codes.set(code, {
+            client: pending.client,
+            params: pending.params,
+            createdAt: Date.now(),
+        });
+        const redirectUrl = new URL(pending.params.redirectUri);
         redirectUrl.searchParams.set("code", code);
-        if (params.state !== undefined) {
-            redirectUrl.searchParams.set("state", params.state);
+        if (pending.params.state !== undefined) {
+            redirectUrl.searchParams.set("state", pending.params.state);
         }
         res.redirect(redirectUrl.toString());
     }
@@ -62,6 +153,11 @@ export class McpOAuthProvider {
         if (codeData.client.client_id !== client.client_id) {
             throw new Error("Authorization code was not issued to this client");
         }
+        // Auth codes expire after 10 minutes
+        if (Date.now() - codeData.createdAt > 10 * 60 * 1000) {
+            this.codes.delete(authorizationCode);
+            throw new Error("Authorization code expired");
+        }
         this.codes.delete(authorizationCode);
         const accessToken = randomUUID();
         const refreshToken = randomUUID();
@@ -72,7 +168,6 @@ export class McpOAuthProvider {
             expiresAt: Date.now() + this.tokenLifetimeMs,
             resource: codeData.params.resource,
         });
-        // Store refresh token with longer lifetime (30 days)
         this.tokens.set(refreshToken, {
             token: refreshToken,
             clientId: client.client_id,
@@ -96,7 +191,6 @@ export class McpOAuthProvider {
         if (tokenData.clientId !== client.client_id) {
             throw new Error("Refresh token was not issued to this client");
         }
-        // Issue new access token
         const newAccessToken = randomUUID();
         this.tokens.set(newAccessToken, {
             token: newAccessToken,

package/dist/auth.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"auth.js","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;~~AA0BzC~~,MAAM,oBAAoB;IACP,OAAO,GAAG,IAAI,GAAG,EAAsC,CAAC;IAEzE,KAAK,CAAC,SAAS,CAAC,QAAgB;QAC9B,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACpC,CAAC;IAED,KAAK,CAAC,cAAc,CAClB,cAA0C;QAE1C,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC;QAC3D,OAAO,cAAc,CAAC;IACxB,CAAC;CACF;AAED~~;;;;;;;;;GASG~~;AACH,MAAM,OAAO,gBAAgB;IAClB,YAAY,GAAG,IAAI,oBAAoB,EAAE,CAAC;IAClC,KAAK,GAAG,IAAI,GAAG,EAAoB,CAAC;IACpC,MAAM,GAAG,IAAI,GAAG,EAAqB,CAAC;IACtC,eAAe,CAAS;~~IAEzC~~,YAAY,qBAA6B,EAAE;~~QACzC~~,IAAI,CAAC,eAAe,GAAG,kBAAkB,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;IAC7D,CAAC;IAED,KAAK,CAAC,SAAS,CACb,MAAkC,EAClC,MAA2B,EAC3B,GAAa;QAEb,~~0EAA0E~~;~~QAC1E~~,~~sEAAsE;QACtE,~~MAAM,~~IAAI~~,GAAG,UAAU,EAAE,CAAC;~~QAE1B~~,IAAI,CAAC,~~KAAK~~,CAAC,GAAG,CAAC,~~IAAI~~,EAAE,~~EAAE~~,MAAM,EAAE,~~MAAM~~,EAAE,CAAC,CAAC;~~QAEzC~~,~~iDAAiD~~;~~QACjD~~,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;QAC3C,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;~~YACtC~~,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;~~gBAC1B~~,~~8DAA8D~~;~~gBAC9D~~,~~8DAA8D~~;~~YAChE~~,CAAC;~~QACH~~,CAAC;QAED,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;~~QAChD~~,WAAW,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QAC3C,IAAI,MAAM,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;~~YAC/B~~,WAAW,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;~~QACtD~~,CAAC;QAED,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC,QAAQ,EAAE,CAAC,CAAC;IACvC,CAAC;IAED,KAAK,CAAC,6BAA6B,CACjC,OAAmC,EACnC,iBAAyB;QAEzB,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;QACnD,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;QAChD,CAAC;QACD,OAAO,QAAQ,CAAC,MAAM,CAAC,aAAa,CAAC;IACvC,CAAC;IAED,KAAK,CAAC,yBAAyB,CAC7B,MAAkC,EAClC,iBAAyB,EACzB,aAAsB;QAEtB,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;QACnD,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;QAChD,CAAC;QACD,IAAI,QAAQ,CAAC,MAAM,CAAC,SAAS,KAAK,MAAM,CAAC,SAAS,EAAE,CAAC;YACnD,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;QACtE,CAAC;QAED,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC;QAErC,MAAM,WAAW,GAAG,UAAU,EAAE,CAAC;QACjC,MAAM,YAAY,GAAG,UAAU,EAAE,CAAC;QAElC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,WAAW,EAAE;YAC3B,KAAK,EAAE,WAAW;YAClB,QAAQ,EAAE,MAAM,CAAC,SAAS;YAC1B,MAAM,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,IAAI,EAAE;YACpC,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,eAAe;YAC5C,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC,QAAQ;SACnC,CAAC,CAAC;QAEH,~~qDAAqD;QACrD,~~IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,YAAY,EAAE;YAC5B,KAAK,EAAE,YAAY;YACnB,QAAQ,EAAE,MAAM,CAAC,SAAS;YAC1B,MAAM,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,IAAI,EAAE;YACpC,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI;YAChD,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC,QAAQ;SACnC,CAAC,CAAC;QAEH,OAAO;YACL,YAAY,EAAE,WAAW;YACzB,UAAU,EAAE,QAAQ;YACpB,UAAU,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC;YACnD,aAAa,EAAE,YAAY;YAC3B,KAAK,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC;SAChD,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,oBAAoB,CACxB,MAAkC,EAClC,YAAoB,EACpB,OAAkB,EAClB,SAAe;QAEf,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QAChD,IAAI,CAAC,SAAS,IAAI,SAAS,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;YACnD,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;QACtD,CAAC;QACD,IAAI,SAAS,CAAC,QAAQ,KAAK,MAAM,CAAC,SAAS,EAAE,CAAC;YAC5C,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;QACjE,CAAC;QAED,~~yBAAyB;QACzB,~~MAAM,cAAc,GAAG,UAAU,EAAE,CAAC;QACpC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,cAAc,EAAE;YAC9B,KAAK,EAAE,cAAc;YACrB,QAAQ,EAAE,MAAM,CAAC,SAAS;YAC1B,MAAM,EAAE,SAAS,CAAC,MAAM;YACxB,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,eAAe;YAC5C,QAAQ,EAAE,SAAS,CAAC,QAAQ;SAC7B,CAAC,CAAC;QAEH,OAAO;YACL,YAAY,EAAE,cAAc;YAC5B,UAAU,EAAE,QAAQ;YACpB,UAAU,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC;YACnD,aAAa,EAAE,YAAY;YAC3B,KAAK,EAAE,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;SAClC,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,KAAa;QACnC,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACzC,IAAI,CAAC,SAAS,IAAI,SAAS,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;YACnD,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;QAC9C,CAAC;QACD,OAAO;YACL,KAAK;YACL,QAAQ,EAAE,SAAS,CAAC,QAAQ;YAC5B,MAAM,EAAE,SAAS,CAAC,MAAM;YACxB,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,SAAS,GAAG,IAAI,CAAC;YACjD,QAAQ,EAAE,SAAS,CAAC,QAAQ;SAC7B,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,WAAW,CACf,OAAmC,EACnC,OAA0B;QAE1B,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IACpC,CAAC;CACF"}
1	+ {"version":3,"file":"auth.js","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAiCtE,SAAS,WAAW,CAAC,CAAS,EAAE,CAAS;IACvC,MAAM,KAAK,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;IACtD,MAAM,KAAK,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;IACtD,OAAO,eAAe,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;AACvC,CAAC;AAED,MAAM,oBAAoB;IACP,OAAO,GAAG,IAAI,GAAG,EAAsC,CAAC;IAEzE,KAAK,CAAC,SAAS,CAAC,QAAgB;QAC9B,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACpC,CAAC;IAED,KAAK,CAAC,cAAc,CAClB,cAA0C;QAE1C,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC;QAC3D,OAAO,cAAc,CAAC;IACxB,CAAC;CACF;AAED;;;;;;;;GAQG;AACH,MAAM,OAAO,gBAAgB;IAClB,YAAY,GAAG,IAAI,oBAAoB,EAAE,CAAC;IAClC,KAAK,GAAG,IAAI,GAAG,EAAoB,CAAC;IACpC,MAAM,GAAG,IAAI,GAAG,EAAqB,CAAC;IACtC,YAAY,GAAG,IAAI,GAAG,EAAuB,CAAC;IAC9C,eAAe,CAAS;IACxB,UAAU,CAAS;IAEpC,YAAY,UAAkB,EAAE,qBAA6B,EAAE;QAC7D,IAAI,CAAC,UAAU,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACzC,MAAM,IAAI,KAAK,CACb,4EAA4E,CAC7E,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,CAAC,eAAe,GAAG,kBAAkB,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;IAC7D,CAAC;IAED,KAAK,CAAC,SAAS,CACb,MAAkC,EAClC,MAA2B,EAC3B,GAAa;QAEb,6CAA6C;QAC7C,MAAM,SAAS,GAAG,UAAU,EAAE,CAAC;QAC/B,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,SAAS,EAAE;YAC/B,MAAM;YACN,MAAM;YACN,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;SACtB,CAAC,CAAC;QAEH,yDAAyD;QACzD,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;QAC3C,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YAC7C,IAAI,KAAK,CAAC,SAAS,GAAG,MAAM;gBAAE,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAC9D,CAAC;QAED,mDAAmD;QACnD,GAAG,CAAC,SAAS,CAAC,cAAc,EAAE,WAAW,CAAC,CAAC;QAC3C,GAAG,CAAC,IAAI,CAAC;;;;;;;;;;;;;;;;;;;;;;;;sDAwByC,SAAS;;;;;;uCAMxB,MAAM,CAAC,WAAW,IAAI,MAAM,CAAC,SAAS;;;QAGrE,CAAC,CAAC;IACR,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,kBAAkB,CACtB,SAAiB,EACjB,MAAc,EACd,GAAa;QAEb,MAAM,OAAO,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QACjD,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,kDAAkD,CAAC,CAAC;YACzE,OAAO;QACT,CAAC;QAED,uCAAuC;QACvC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;YAC1C,8BAA8B;YAC9B,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YACpC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;;;;;;;;;;;;;;;;;;QAkBnB,CAAC,CAAC;YACJ,OAAO;QACT,CAAC;QAED,iCAAiC;QACjC,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QACpC,MAAM,IAAI,GAAG,UAAU,EAAE,CAAC;QAC1B,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE;YACnB,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;SACtB,CAAC,CAAC;QAEH,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;QACxD,WAAW,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QAC3C,IAAI,OAAO,CAAC,MAAM,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;YACvC,WAAW,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAC9D,CAAC;QAED,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC,QAAQ,EAAE,CAAC,CAAC;IACvC,CAAC;IAED,KAAK,CAAC,6BAA6B,CACjC,OAAmC,EACnC,iBAAyB;QAEzB,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;QACnD,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;QAChD,CAAC;QACD,OAAO,QAAQ,CAAC,MAAM,CAAC,aAAa,CAAC;IACvC,CAAC;IAED,KAAK,CAAC,yBAAyB,CAC7B,MAAkC,EAClC,iBAAyB,EACzB,aAAsB;QAEtB,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;QACnD,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;QAChD,CAAC;QACD,IAAI,QAAQ,CAAC,MAAM,CAAC,SAAS,KAAK,MAAM,CAAC,SAAS,EAAE,CAAC;YACnD,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;QACtE,CAAC;QAED,qCAAqC;QACrC,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,CAAC,SAAS,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,CAAC;YACrD,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC;YACrC,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;QAChD,CAAC;QAED,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC;QAErC,MAAM,WAAW,GAAG,UAAU,EAAE,CAAC;QACjC,MAAM,YAAY,GAAG,UAAU,EAAE,CAAC;QAElC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,WAAW,EAAE;YAC3B,KAAK,EAAE,WAAW;YAClB,QAAQ,EAAE,MAAM,CAAC,SAAS;YAC1B,MAAM,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,IAAI,EAAE;YACpC,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,eAAe;YAC5C,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC,QAAQ;SACnC,CAAC,CAAC;QAEH,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,YAAY,EAAE;YAC5B,KAAK,EAAE,YAAY;YACnB,QAAQ,EAAE,MAAM,CAAC,SAAS;YAC1B,MAAM,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,IAAI,EAAE;YACpC,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI;YAChD,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC,QAAQ;SACnC,CAAC,CAAC;QAEH,OAAO;YACL,YAAY,EAAE,WAAW;YACzB,UAAU,EAAE,QAAQ;YACpB,UAAU,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC;YACnD,aAAa,EAAE,YAAY;YAC3B,KAAK,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC;SAChD,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,oBAAoB,CACxB,MAAkC,EAClC,YAAoB,EACpB,OAAkB,EAClB,SAAe;QAEf,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QAChD,IAAI,CAAC,SAAS,IAAI,SAAS,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;YACnD,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;QACtD,CAAC;QACD,IAAI,SAAS,CAAC,QAAQ,KAAK,MAAM,CAAC,SAAS,EAAE,CAAC;YAC5C,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;QACjE,CAAC;QAED,MAAM,cAAc,GAAG,UAAU,EAAE,CAAC;QACpC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,cAAc,EAAE;YAC9B,KAAK,EAAE,cAAc;YACrB,QAAQ,EAAE,MAAM,CAAC,SAAS;YAC1B,MAAM,EAAE,SAAS,CAAC,MAAM;YACxB,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,eAAe;YAC5C,QAAQ,EAAE,SAAS,CAAC,QAAQ;SAC7B,CAAC,CAAC;QAEH,OAAO;YACL,YAAY,EAAE,cAAc;YAC5B,UAAU,EAAE,QAAQ;YACpB,UAAU,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC;YACnD,aAAa,EAAE,YAAY;YAC3B,KAAK,EAAE,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;SAClC,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,KAAa;QACnC,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACzC,IAAI,CAAC,SAAS,IAAI,SAAS,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;YACnD,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;QAC9C,CAAC;QACD,OAAO;YACL,KAAK;YACL,QAAQ,EAAE,SAAS,CAAC,QAAQ;YAC5B,MAAM,EAAE,SAAS,CAAC,MAAM;YACxB,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,SAAS,GAAG,IAAI,CAAC;YACjD,QAAQ,EAAE,SAAS,CAAC,QAAQ;SAC7B,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,WAAW,CACf,OAAmC,EACnC,OAA0B;QAE1B,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IACpC,CAAC;CACF"}

package/dist/index.js CHANGED Viewed

@@ -28,65 +28,83 @@ if (transport === "http") {
     const { isInitializeRequest } = await import("@modelcontextprotocol/sdk/types.js");
     const port = parseInt(process.env.MCP_PORT || "8080", 10);
     const useAuth = process.env.MCP_AUTH !== "false";
+    const authSecret = process.env.MCP_AUTH_SECRET;
     const baseUrl = process.env.MCP_BASE_URL || `http://localhost:${port}`;
     const mcpServerUrl = new URL(baseUrl);
+    if (useAuth && !authSecret) {
+        console.error("ERROR: MCP_AUTH_SECRET is required when auth is enabled.\n" +
+            "  Set MCP_AUTH_SECRET to a strong secret (min 8 chars) in your environment.\n" +
+            "  Or set MCP_AUTH=false to disable auth (not recommended for public deployments).");
+        process.exit(1);
+    }
     const app = express();
     app.use(express.json());
+    app.use(express.urlencoded({ extended: false }));
     // Health check (always unauthenticated)
     app.get("/health", (_req, res) => {
         res.json({ status: "ok", transport: "http", auth: useAuth });
     });
     let authMiddleware;
-    if (useAuth) {
+    if (useAuth && authSecret) {
         const { McpOAuthProvider } = await import("./auth.js");
         const { mcpAuthRouter } = await import("@modelcontextprotocol/sdk/server/auth/router.js");
         const { requireBearerAuth } = await import("@modelcontextprotocol/sdk/server/auth/middleware/bearerAuth.js");
         const { getOAuthProtectedResourceMetadataUrl } = await import("@modelcontextprotocol/sdk/server/auth/router.js");
-        const oauthProvider = new McpOAuthProvider();
+        const oauthProvider = new McpOAuthProvider(authSecret);
         // Install OAuth routes (/.well-known/*, /authorize, /token, /register, /revoke)
         app.use(mcpAuthRouter({
             provider: oauthProvider,
             issuerUrl: mcpServerUrl,
             scopesSupported: ["mcp:tools"],
         }));
+        // Handle the auth secret validation callback
+        app.post("/authorize/callback", async (req, res) => {
+            const { pending_id, secret } = req.body;
+            if (!pending_id || !secret) {
+                res.status(400).send("Missing required fields");
+                return;
+            }
+            await oauthProvider.handleAuthCallback(pending_id, secret, res);
+        });
         authMiddleware = requireBearerAuth({
             verifier: oauthProvider,
             requiredScopes: [],
             resourceMetadataUrl: getOAuthProtectedResourceMetadataUrl(mcpServerUrl),
         });
-        console.error(`OAuth enabled. Issuer: ${mcpServerUrl}`);
+        console.error(`OAuth enabled with access key. Issuer: ${mcpServerUrl}`);
     }
     else {
-        console.error("Auth disabled (MCP_AUTH=false)");
+        console.error("Auth disabled (MCP_AUTH=false). WARNING: Server is unprotected.");
     }
-    // Session management
-    const transports = {};
+    // Session management — each session gets its own Server + Transport pair
+    // because the MCP SDK Server can only bind to one transport at a time
+    const sessions = {};
     const mcpHandler = async (req, res) => {
         const sessionId = req.headers["mcp-session-id"];
         try {
-            let sessionTransport;
-            if (sessionId && transports[sessionId]) {
-                sessionTransport = transports[sessionId];
+            if (sessionId && sessions[sessionId]) {
+                await sessions[sessionId].transport.handleRequest(req, res, req.body);
+                return;
             }
-            else if (!sessionId && isInitializeRequest(req.body)) {
-                sessionTransport = new StreamableHTTPServerTransport({
+            if (!sessionId && isInitializeRequest(req.body)) {
+                // Create a fresh Server + Transport for this session
+                const sessionServer = createServer(client, toolMode);
+                const sessionTransport = new StreamableHTTPServerTransport({
                     sessionIdGenerator: () => randomUUID(),
                     onsessioninitialized: (sid) => {
-                        transports[sid] = sessionTransport;
+                        sessions[sid] = { transport: sessionTransport, server: sessionServer };
                     },
                 });
                 sessionTransport.onclose = () => {
                     const sid = sessionTransport.sessionId;
                     if (sid)
-                        delete transports[sid];
+                        delete sessions[sid];
                 };
-                await mcpServer.connect(sessionTransport);
-            }
-            else {
-                res.status(400).json({ error: "Bad request: missing session ID or not an init request" });
+                await sessionServer.connect(sessionTransport);
+                await sessionTransport.handleRequest(req, res, req.body);
                 return;
             }
-            await sessionTransport.handleRequest(req, res, req.body);
+            res.status(400).json({ error: "Bad request: missing session ID or not an init request" });
         }
         catch (error) {
             console.error("MCP handler error:", error);
@@ -106,6 +124,13 @@ if (transport === "http") {
         app.get("/mcp", mcpHandler);
         app.delete("/mcp", mcpHandler);
     }
+    // Log active session count periodically
+    setInterval(() => {
+        const count = Object.keys(sessions).length;
+        if (count > 0) {
+            console.error(`Active MCP sessions: ${count}`);
+        }
+    }, 60000);
     app.listen(port, () => {
         console.error(`SyncroMSP MCP server listening on http://0.0.0.0:${port}`);
         console.error(`Health: http://0.0.0.0:${port}/health`);
@@ -115,8 +140,8 @@ if (transport === "http") {
         }
     });
     const shutdown = () => {
-        for (const t of Object.values(transports)) {
-            t.close();
+        for (const s of Object.values(sessions)) {
+            s.transport.close();
         }
         process.exit(0);
     };

package/dist/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAEA,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AACjF,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAClD,OAAO,EAAE,YAAY,EAAiB,MAAM,aAAa,CAAC;AAC1D,OAAO,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAE3D,uCAAuC;AACvC,eAAe,EAAE,CAAC;AAElB,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;AAC1C,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC;AAE/C,IAAI,CAAC,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;IAC1B,OAAO,CAAC,KAAK,CACX,2CAA2C;QACzC,kEAAkE;QAClE,8FAA8F,CACjG,CAAC;IACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC;AAED,2EAA2E;AAC3E,4EAA4E;AAC5E,iDAAiD;AACjD,6CAA6C;AAC7C,MAAM,QAAQ,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,aAAa,IAAI,MAAM,CAAa,CAAC;AAEnE,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAC;AAC1D,MAAM,SAAS,GAAG,YAAY,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;AAEjD,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,IAAI,OAAO,CAAC;AAEvD,IAAI,SAAS,KAAK,MAAM,EAAE,CAAC;IACzB,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,MAAM,MAAM,CAAC,SAAS,CAAC,CAAC;IACrD,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;IACnD,MAAM,EAAE,6BAA6B,EAAE,GAAG,MAAM,MAAM,CACpD,oDAAoD,CACrD,CAAC;IACF,MAAM,EAAE,mBAAmB,EAAE,GAAG,MAAM,MAAM,CAC1C,oCAAoC,CACrC,CAAC;IAEF,MAAM,IAAI,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,IAAI,MAAM,EAAE,EAAE,CAAC,CAAC;IAC1D,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,OAAO,CAAC;IACjD,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,oBAAoB,IAAI,EAAE,CAAC;IACvE,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC;IAEtC,MAAM,GAAG,GAAG,OAAO,EAAE,CAAC;IACtB,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;~~IAExB~~,wCAAwC;IACxC,GAAG,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;QAC/B,GAAG,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;IAC/D,CAAC,CAAC,CAAC;IAEH,IAAI,cAAqE,CAAC;IAE1E,IAAI,OAAO,EAAE,CAAC;~~QACZ~~,MAAM,EAAE,gBAAgB,EAAE,GAAG,MAAM,MAAM,CAAC,WAAW,CAAC,CAAC;QACvD,MAAM,EAAE,aAAa,EAAE,GAAG,MAAM,MAAM,CACpC,iDAAiD,CAClD,CAAC;QACF,MAAM,EAAE,iBAAiB,EAAE,GAAG,MAAM,MAAM,CACxC,gEAAgE,CACjE,CAAC;QACF,MAAM,EAAE,oCAAoC,EAAE,GAAG,MAAM,MAAM,CAC3D,iDAAiD,CAClD,CAAC;QAEF,MAAM,aAAa,GAAG,IAAI,gBAAgB,~~EAAE~~,CAAC;~~QAE7C~~,gFAAgF;QAChF,GAAG,CAAC,GAAG,CACL,aAAa,CAAC;YACZ,QAAQ,EAAE,aAAa;YACvB,SAAS,EAAE,YAAY;YACvB,eAAe,EAAE,CAAC,WAAW,CAAC;SAC/B,CAAC,CACH,CAAC;QAEF,cAAc,GAAG,iBAAiB,CAAC;YACjC,QAAQ,EAAE,aAAa;YACvB,cAAc,EAAE,EAAE;YAClB,mBAAmB,EAAE,oCAAoC,CAAC,YAAY,CAAC;SACxE,CAAC,CAAC;QAEH,OAAO,CAAC,KAAK,CAAC,~~0BAA0B~~,YAAY,EAAE,CAAC,CAAC;~~IAC1D~~,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,KAAK,CAAC,~~gCAAgC~~,CAAC,CAAC;~~IAClD~~,CAAC;IAED,~~qBAAqB~~;~~IACrB~~,MAAM,~~UAAU~~,~~GAAuE~~,EAAE,CAAC;~~IAE1F~~,MAAM,UAAU,GAAG,KAAK,EAAE,GAAQ,EAAE,GAAQ,EAAE,EAAE;QAC9C,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAAuB,CAAC;QAEtE,IAAI,CAAC;YACH,IAAI,~~gBAAoE~~,CAAC;~~YAEzE~~,~~IAAI~~,~~SAAS~~,~~IAAI~~,~~UAAU~~,CAAC,SAAS,CAAC,~~EAAE~~,CAAC~~;gBACvC~~,~~gBAAgB~~,GAAG,~~UAAU~~,CAAC,~~SAAS~~,CAAC,CAAC;~~YAC3C~~,CAAC;~~iBAAM~~,IAAI,CAAC,SAAS,IAAI,mBAAmB,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;~~gBACvD~~,gBAAgB,GAAG,IAAI,6BAA6B,CAAC;~~oBACnD~~,kBAAkB,EAAE,GAAG,EAAE,CAAC,UAAU,EAAE;oBACtC,oBAAoB,EAAE,CAAC,GAAG,EAAE,EAAE;wBAC5B,~~UAAU~~,CAAC,GAAG,CAAC,GAAG,gBAAgB,CAAC;~~oBACrC~~,CAAC;iBACF,CAAC,CAAC;gBACH,gBAAgB,CAAC,OAAO,GAAG,GAAG,EAAE;oBAC9B,MAAM,GAAG,GAAG,gBAAgB,CAAC,SAAS,CAAC;oBACvC,IAAI,GAAG;wBAAE,OAAO,~~UAAU~~,CAAC,GAAG,CAAC,CAAC;~~gBAClC~~,CAAC,CAAC;gBACF,MAAM,~~SAAS~~,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC;~~YAC5C~~,~~CAAC;iBAAM~~,~~CAAC;gBACN~~,~~GAAG,~~CAAC,~~MAAM~~,CAAC,GAAG,~~CAAC~~,~~CAAC~~,~~IAAI,CAAC,~~EAAE,~~KAAK~~,~~EAAE~~,~~wDAAwD~~,~~EAAE,~~CAAC,CAAC;~~gBAC1F~~,OAAO;YACT,CAAC;YAED,MAAM,~~gBAAgB~~,CAAC,~~aAAa~~,CAAC,~~GAAG,~~EAAE,~~GAAG~~,EAAE,~~GAAG~~,~~CAAC~~,~~IAAI,~~CAAC,CAAC;~~QAC3D~~,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,oBAAoB,EAAE,KAAK,CAAC,CAAC;YAC3C,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;gBACrB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,uBAAuB,EAAE,CAAC,CAAC;YAC3D,CAAC;QACH,CAAC;IACH,CAAC,CAAC;IAEF,2CAA2C;IAC3C,IAAI,cAAc,EAAE,CAAC;QACnB,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,cAAc,EAAE,UAAU,CAAC,CAAC;QAC7C,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,cAAc,EAAE,UAAU,CAAC,CAAC;QAC5C,GAAG,CAAC,MAAM,CAAC,MAAM,EAAE,cAAc,EAAE,UAAU,CAAC,CAAC;IACjD,CAAC;SAAM,CAAC;QACN,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;QAC7B,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;QAC5B,GAAG,CAAC,MAAM,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;IACjC,CAAC;IAED,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,GAAG,EAAE;QACpB,OAAO,CAAC,KAAK,CAAC,oDAAoD,IAAI,EAAE,CAAC,CAAC;QAC1E,OAAO,CAAC,KAAK,CAAC,0BAA0B,IAAI,SAAS,CAAC,CAAC;QACvD,OAAO,CAAC,KAAK,CAAC,QAAQ,OAAO,MAAM,CAAC,CAAC;QACrC,IAAI,OAAO,EAAE,CAAC;YACZ,OAAO,CAAC,KAAK,CAAC,mBAAmB,OAAO,yCAAyC,CAAC,CAAC;QACrF,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,MAAM,QAAQ,GAAG,GAAG,EAAE;QACpB,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,MAAM,CAAC,~~UAAU~~,CAAC,EAAE,CAAC;~~YAC1C~~,CAAC,CAAC,KAAK,EAAE,CAAC;~~QACZ~~,CAAC;QACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC;IACF,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAC/B,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;AAClC,CAAC;KAAM,CAAC;IACN,2BAA2B;IAC3B,MAAM,cAAc,GAAG,IAAI,oBAAoB,EAAE,CAAC;IAClD,MAAM,SAAS,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;IAExC,MAAM,QAAQ,GAAG,KAAK,IAAI,EAAE;QAC1B,MAAM,SAAS,CAAC,KAAK,EAAE,CAAC;QACxB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC;IACF,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAC/B,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;AAClC,CAAC"}
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAEA,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AACjF,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAClD,OAAO,EAAE,YAAY,EAAiB,MAAM,aAAa,CAAC;AAC1D,OAAO,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAE3D,uCAAuC;AACvC,eAAe,EAAE,CAAC;AAElB,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;AAC1C,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC;AAE/C,IAAI,CAAC,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;IAC1B,OAAO,CAAC,KAAK,CACX,2CAA2C;QACzC,kEAAkE;QAClE,8FAA8F,CACjG,CAAC;IACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC;AAED,2EAA2E;AAC3E,4EAA4E;AAC5E,iDAAiD;AACjD,6CAA6C;AAC7C,MAAM,QAAQ,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,aAAa,IAAI,MAAM,CAAa,CAAC;AAEnE,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAC;AAC1D,MAAM,SAAS,GAAG,YAAY,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;AAEjD,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,IAAI,OAAO,CAAC;AAEvD,IAAI,SAAS,KAAK,MAAM,EAAE,CAAC;IACzB,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,MAAM,MAAM,CAAC,SAAS,CAAC,CAAC;IACrD,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;IACnD,MAAM,EAAE,6BAA6B,EAAE,GAAG,MAAM,MAAM,CACpD,oDAAoD,CACrD,CAAC;IACF,MAAM,EAAE,mBAAmB,EAAE,GAAG,MAAM,MAAM,CAC1C,oCAAoC,CACrC,CAAC;IAEF,MAAM,IAAI,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,IAAI,MAAM,EAAE,EAAE,CAAC,CAAC;IAC1D,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,OAAO,CAAC;IACjD,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;IAC/C,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,oBAAoB,IAAI,EAAE,CAAC;IACvE,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC;IAEtC,IAAI,OAAO,IAAI,CAAC,UAAU,EAAE,CAAC;QAC3B,OAAO,CAAC,KAAK,CACX,4DAA4D;YAC1D,+EAA+E;YAC/E,mFAAmF,CACtF,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,GAAG,GAAG,OAAO,EAAE,CAAC;IACtB,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;IACxB,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC;IAEjD,wCAAwC;IACxC,GAAG,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;QAC/B,GAAG,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;IAC/D,CAAC,CAAC,CAAC;IAEH,IAAI,cAAqE,CAAC;IAE1E,IAAI,OAAO,IAAI,UAAU,EAAE,CAAC;QAC1B,MAAM,EAAE,gBAAgB,EAAE,GAAG,MAAM,MAAM,CAAC,WAAW,CAAC,CAAC;QACvD,MAAM,EAAE,aAAa,EAAE,GAAG,MAAM,MAAM,CACpC,iDAAiD,CAClD,CAAC;QACF,MAAM,EAAE,iBAAiB,EAAE,GAAG,MAAM,MAAM,CACxC,gEAAgE,CACjE,CAAC;QACF,MAAM,EAAE,oCAAoC,EAAE,GAAG,MAAM,MAAM,CAC3D,iDAAiD,CAClD,CAAC;QAEF,MAAM,aAAa,GAAG,IAAI,gBAAgB,CAAC,UAAU,CAAC,CAAC;QAEvD,gFAAgF;QAChF,GAAG,CAAC,GAAG,CACL,aAAa,CAAC;YACZ,QAAQ,EAAE,aAAa;YACvB,SAAS,EAAE,YAAY;YACvB,eAAe,EAAE,CAAC,WAAW,CAAC;SAC/B,CAAC,CACH,CAAC;QAEF,6CAA6C;QAC7C,GAAG,CAAC,IAAI,CAAC,qBAAqB,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;YACjD,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,GAAG,GAAG,CAAC,IAAI,CAAC;YACxC,IAAI,CAAC,UAAU,IAAI,CAAC,MAAM,EAAE,CAAC;gBAC3B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;gBAChD,OAAO;YACT,CAAC;YACD,MAAM,aAAa,CAAC,kBAAkB,CAAC,UAAU,EAAE,MAAM,EAAE,GAAG,CAAC,CAAC;QAClE,CAAC,CAAC,CAAC;QAEH,cAAc,GAAG,iBAAiB,CAAC;YACjC,QAAQ,EAAE,aAAa;YACvB,cAAc,EAAE,EAAE;YAClB,mBAAmB,EAAE,oCAAoC,CAAC,YAAY,CAAC;SACxE,CAAC,CAAC;QAEH,OAAO,CAAC,KAAK,CAAC,0CAA0C,YAAY,EAAE,CAAC,CAAC;IAC1E,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,KAAK,CAAC,iEAAiE,CAAC,CAAC;IACnF,CAAC;IAED,yEAAyE;IACzE,sEAAsE;IACtE,MAAM,QAAQ,GAGT,EAAE,CAAC;IAER,MAAM,UAAU,GAAG,KAAK,EAAE,GAAQ,EAAE,GAAQ,EAAE,EAAE;QAC9C,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAAuB,CAAC;QAEtE,IAAI,CAAC;YACH,IAAI,SAAS,IAAI,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;gBACrC,MAAM,QAAQ,CAAC,SAAS,CAAC,CAAC,SAAS,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;gBACtE,OAAO;YACT,CAAC;YAED,IAAI,CAAC,SAAS,IAAI,mBAAmB,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;gBAChD,qDAAqD;gBACrD,MAAM,aAAa,GAAG,YAAY,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;gBACrD,MAAM,gBAAgB,GAAG,IAAI,6BAA6B,CAAC;oBACzD,kBAAkB,EAAE,GAAG,EAAE,CAAC,UAAU,EAAE;oBACtC,oBAAoB,EAAE,CAAC,GAAG,EAAE,EAAE;wBAC5B,QAAQ,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,EAAE,gBAAgB,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC;oBACzE,CAAC;iBACF,CAAC,CAAC;gBACH,gBAAgB,CAAC,OAAO,GAAG,GAAG,EAAE;oBAC9B,MAAM,GAAG,GAAG,gBAAgB,CAAC,SAAS,CAAC;oBACvC,IAAI,GAAG;wBAAE,OAAO,QAAQ,CAAC,GAAG,CAAC,CAAC;gBAChC,CAAC,CAAC;gBACF,MAAM,aAAa,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC;gBAC9C,MAAM,gBAAgB,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;gBACzD,OAAO;YACT,CAAC;YAED,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,wDAAwD,EAAE,CAAC,CAAC;QAC5F,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,oBAAoB,EAAE,KAAK,CAAC,CAAC;YAC3C,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;gBACrB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,uBAAuB,EAAE,CAAC,CAAC;YAC3D,CAAC;QACH,CAAC;IACH,CAAC,CAAC;IAEF,2CAA2C;IAC3C,IAAI,cAAc,EAAE,CAAC;QACnB,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,cAAc,EAAE,UAAU,CAAC,CAAC;QAC7C,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,cAAc,EAAE,UAAU,CAAC,CAAC;QAC5C,GAAG,CAAC,MAAM,CAAC,MAAM,EAAE,cAAc,EAAE,UAAU,CAAC,CAAC;IACjD,CAAC;SAAM,CAAC;QACN,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;QAC7B,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;QAC5B,GAAG,CAAC,MAAM,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;IACjC,CAAC;IAED,wCAAwC;IACxC,WAAW,CAAC,GAAG,EAAE;QACf,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC;QAC3C,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;YACd,OAAO,CAAC,KAAK,CAAC,wBAAwB,KAAK,EAAE,CAAC,CAAC;QACjD,CAAC;IACH,CAAC,EAAE,KAAK,CAAC,CAAC;IAEV,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,GAAG,EAAE;QACpB,OAAO,CAAC,KAAK,CAAC,oDAAoD,IAAI,EAAE,CAAC,CAAC;QAC1E,OAAO,CAAC,KAAK,CAAC,0BAA0B,IAAI,SAAS,CAAC,CAAC;QACvD,OAAO,CAAC,KAAK,CAAC,QAAQ,OAAO,MAAM,CAAC,CAAC;QACrC,IAAI,OAAO,EAAE,CAAC;YACZ,OAAO,CAAC,KAAK,CAAC,mBAAmB,OAAO,yCAAyC,CAAC,CAAC;QACrF,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,MAAM,QAAQ,GAAG,GAAG,EAAE;QACpB,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;YACxC,CAAC,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC;QACtB,CAAC;QACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC;IACF,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAC/B,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;AAClC,CAAC;KAAM,CAAC;IACN,2BAA2B;IAC3B,MAAM,cAAc,GAAG,IAAI,oBAAoB,EAAE,CAAC;IAClD,MAAM,SAAS,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;IAExC,MAAM,QAAQ,GAAG,KAAK,IAAI,EAAE;QAC1B,MAAM,SAAS,CAAC,KAAK,EAAE,CAAC;QACxB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC;IACF,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAC/B,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;AAClC,CAAC"}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "syncromsp-mcp",
-  "version": "1.3.2",
+  "version": "1.4.1",
   "description": "MCP server for SyncroMSP — full API coverage for tickets, customers, assets, invoices, and 30+ resource types",
   "type": "module",
   "main": "dist/index.js",