systematics-mcp 1.0.0

package/README.md

@@ -0,0 +1,69 @@
+# systematics-mcp
+
+Claude Code MCP server for the [Systematics](https://app.dovito.com) platform by Dovito Business Solutions. Connects Claude Code to your Systematics account for managing businesses, projects, tasks, proposals, conversations, and more through natural language.
+
+## Quick Start
+
+### 1. Add to Claude Code
+
+Add this to your `~/.claude/settings.json`:
+
+```json
+{
+  "mcpServers": {
+    "systematics": {
+      "command": "npx",
+      "args": ["-y", "systematics-mcp"]
+    }
+  }
+}
+```
+
+### 2. Authenticate
+
+Start a Claude Code session. The first time you use a Systematics tool, your browser will open to sign in. Click **Authorize Claude Code** and you're connected. Your token is saved locally at `~/.systematics/token` and reused automatically for 90 days.
+
+That's it. No API keys, no repo access, no manual setup.
+
+## How It Works
+
+- You sign in with your normal Systematics account (Google or email)
+- Claude Code gets the same permissions as your account
+- Clients see only their business data
+- Staff see what their role allows
+- Admins get full access
+
+## Available Tools
+
+| Category | Tools |
+|----------|-------|
+| Businesses | list, get, create, update |
+| Projects | list, get, create, update |
+| Tasks | list, list by project, create, update, delete |
+| Catalog | list, create, update |
+| Users | list (with filters) |
+| Proposals | list, create |
+| Conversations | list, read messages, create, send message |
+| Deliverables | list, create, update |
+| Pipeline | list applications |
+
+## Token Management
+
+- View and revoke tokens at **Settings > API Tokens** in the web app
+- Tokens expire after 90 days
+- Maximum 10 tokens per user
+- To re-authenticate, delete `~/.systematics/token` and restart Claude Code
+
+## Environment Variables (Optional)
+
+| Variable | Default | Description |
+|----------|---------|-------------|
+| `SYSTEMATICS_TOKEN` | - | Skip browser auth by providing a token directly |
+| `DOVITO_APP_URL` | `https://app.dovito.com` | Custom app URL (for self-hosted instances) |
+
+## Security
+
+- Tokens are hashed before storage in the database
+- Token file is stored with `0o600` permissions (owner-only)
+- Auth callback uses POST (token never appears in URLs or browser history)
+- All API calls go through the same validation and rate limiting as the web UI

package/dist/api-client.d.ts

@@ -0,0 +1,14 @@
+/**
+ * HTTP client for app.dovito.com API routes.
+ * Authenticates via Bearer token (personal access token or legacy MCP_API_KEY).
+ */
+export declare class ApiClient {
+    private baseUrl;
+    private token;
+    constructor(baseUrl: string, token: string);
+    private request;
+    get<T>(path: string): Promise<T>;
+    post<T>(path: string, body: unknown): Promise<T>;
+    patch<T>(path: string, body: unknown): Promise<T>;
+    delete<T>(path: string): Promise<T>;
+}

package/dist/api-client.js

@@ -0,0 +1,53 @@
+/**
+ * HTTP client for app.dovito.com API routes.
+ * Authenticates via Bearer token (personal access token or legacy MCP_API_KEY).
+ */
+export class ApiClient {
+    baseUrl;
+    token;
+    constructor(baseUrl, token) {
+        this.baseUrl = baseUrl.replace(/\/$/, "");
+        this.token = token;
+    }
+    async request(method, path, body) {
+        const url = `${this.baseUrl}${path}`;
+        const headers = {
+            Authorization: `Bearer ${this.token}`,
+            "Content-Type": "application/json",
+        };
+        const res = await fetch(url, {
+            method,
+            headers,
+            body: body ? JSON.stringify(body) : undefined,
+        });
+        if (!res.ok) {
+            const text = await res.text();
+            let msg;
+            try {
+                msg = JSON.parse(text).message || text;
+            }
+            catch {
+                msg = text;
+            }
+            // Truncate error message to avoid leaking internal details
+            const safeMsg = msg.length > 500 ? msg.slice(0, 500) + "..." : msg;
+            throw new Error(`API ${method} ${path} returned ${res.status}: ${safeMsg}`);
+        }
+        const text = await res.text();
+        if (!text)
+            return undefined;
+        return JSON.parse(text);
+    }
+    get(path) {
+        return this.request("GET", path);
+    }
+    post(path, body) {
+        return this.request("POST", path, body);
+    }
+    patch(path, body) {
+        return this.request("PATCH", path, body);
+    }
+    delete(path) {
+        return this.request("DELETE", path);
+    }
+}

package/dist/auth.d.ts

@@ -0,0 +1,13 @@
+/**
+ * Get the stored personal access token, or null if not found/expired.
+ */
+export declare function getStoredToken(): string | null;
+/**
+ * Run the browser-based authentication flow:
+ * 1. Start a temporary local HTTP server
+ * 2. Open the browser to the auth page with a callback URL
+ * 3. User signs in on the web
+ * 4. App redirects back to the local server with the token
+ * 5. Save the token and return it
+ */
+export declare function authenticateViaBrowser(appUrl: string): Promise<string>;

package/dist/auth.js

@@ -0,0 +1,141 @@
+import { createServer } from "http";
+import { readFileSync, writeFileSync, mkdirSync, existsSync } from "fs";
+import { join } from "path";
+import { homedir } from "os";
+import { execFile } from "child_process";
+const CONFIG_DIR = join(homedir(), ".systematics");
+const TOKEN_FILE = join(CONFIG_DIR, "token");
+/**
+ * Get the stored personal access token, or null if not found/expired.
+ */
+export function getStoredToken() {
+    try {
+        if (!existsSync(TOKEN_FILE))
+            return null;
+        const content = readFileSync(TOKEN_FILE, "utf-8").trim();
+        if (!content.startsWith("pat_"))
+            return null;
+        return content;
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Save a token to the local config directory.
+ */
+function saveToken(token) {
+    mkdirSync(CONFIG_DIR, { recursive: true, mode: 0o700 });
+    writeFileSync(TOKEN_FILE, token, { mode: 0o600 });
+}
+/**
+ * Open a URL in the default browser (cross-platform).
+ */
+function openBrowser(url) {
+    if (process.platform === "darwin") {
+        execFile("open", [url]);
+    }
+    else if (process.platform === "win32") {
+        execFile("cmd", ["/c", "start", "", url]);
+    }
+    else {
+        execFile("xdg-open", [url]);
+    }
+}
+/**
+ * Run the browser-based authentication flow:
+ * 1. Start a temporary local HTTP server
+ * 2. Open the browser to the auth page with a callback URL
+ * 3. User signs in on the web
+ * 4. App redirects back to the local server with the token
+ * 5. Save the token and return it
+ */
+export async function authenticateViaBrowser(appUrl) {
+    return new Promise((resolve, reject) => {
+        const server = createServer(async (req, res) => {
+            const url = new URL(req.url || "/", `http://localhost`);
+            // CORS headers for the POST from the auth page
+            res.setHeader("Access-Control-Allow-Origin", "*");
+            res.setHeader("Access-Control-Allow-Methods", "GET, POST, OPTIONS");
+            res.setHeader("Access-Control-Allow-Headers", "Content-Type");
+            if (req.method === "OPTIONS") {
+                res.writeHead(204);
+                res.end();
+                return;
+            }
+            if (url.pathname === "/callback") {
+                let token = null;
+                // Prefer POST body (token not exposed in URL/history)
+                if (req.method === "POST") {
+                    const chunks = [];
+                    for await (const chunk of req)
+                        chunks.push(Buffer.from(chunk));
+                    try {
+                        const body = JSON.parse(Buffer.concat(chunks).toString());
+                        token = body.token || null;
+                    }
+                    catch { /* fall through */ }
+                }
+                // Fallback: GET with query param
+                if (!token) {
+                    token = url.searchParams.get("token");
+                }
+                if (token && token.startsWith("pat_")) {
+                    saveToken(token);
+                    // Send a success page that auto-closes
+                    res.writeHead(200, { "Content-Type": "text/html" });
+                    res.end(`<!DOCTYPE html>
+<html>
+<head><title>Authenticated</title>
+<style>
+  body { font-family: -apple-system, system-ui, sans-serif; display: flex; align-items: center; justify-content: center; height: 100vh; margin: 0; background: #FAFAF9; }
+  .card { text-align: center; padding: 3rem; background: white; border-radius: 12px; border: 1px solid #E8E5E0; max-width: 400px; }
+  h1 { font-size: 1.5rem; margin: 1rem 0 0.5rem; color: #1A1A1A; }
+  p { color: #5C5650; font-size: 0.9rem; }
+  .check { width: 48px; height: 48px; border-radius: 50%; background: #16A34A20; display: inline-flex; align-items: center; justify-content: center; }
+  .check svg { width: 24px; height: 24px; color: #16A34A; }
+</style>
+</head>
+<body>
+  <div class="card">
+    <div class="check"><svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2.5" stroke-linecap="round" stroke-linejoin="round"><path d="M20 6L9 17l-5-5"/></svg></div>
+    <h1>Connected to Systematics</h1>
+    <p>You can close this tab and return to Claude Code.</p>
+  </div>
+</body>
+</html>`);
+                    server.close();
+                    resolve(token);
+                }
+                else {
+                    res.writeHead(400, { "Content-Type": "text/html" });
+                    res.end("<h1>Authentication failed</h1><p>No valid token received.</p>");
+                    server.close();
+                    reject(new Error("No valid token received"));
+                }
+                return;
+            }
+            res.writeHead(404);
+            res.end();
+        });
+        // Listen on a random available port
+        server.listen(0, "127.0.0.1", () => {
+            const addr = server.address();
+            if (!addr || typeof addr === "string") {
+                reject(new Error("Failed to start callback server"));
+                return;
+            }
+            const callbackUrl = `http://127.0.0.1:${addr.port}/callback`;
+            const authUrl = `${appUrl}/auth/mcp?callback=${encodeURIComponent(callbackUrl)}`;
+            // Write to stderr so Claude Code can show it (stdout is MCP protocol)
+            process.stderr.write(`\nOpening browser to authenticate with Systematics...\n`);
+            process.stderr.write(`If the browser doesn't open, visit: ${authUrl}\n\n`);
+            openBrowser(authUrl);
+        });
+        // Timeout after 5 minutes
+        setTimeout(() => {
+            server.close();
+            reject(new Error("Authentication timed out after 5 minutes"));
+        }, 5 * 60 * 1000);
+    });
+}

package/dist/index.d.ts

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+export {};

package/dist/index.js

@@ -0,0 +1,291 @@
+#!/usr/bin/env node
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
+import { z } from "zod";
+import { ApiClient } from "./api-client.js";
+import { getStoredToken, authenticateViaBrowser } from "./auth.js";
+// Validate DOVITO_APP_URL against allowed hostnames to prevent SSRF
+const rawUrl = process.env.DOVITO_APP_URL || "https://app.dovito.com";
+const parsedUrl = new URL(rawUrl);
+const ALLOWED_HOSTS = ["app.dovito.com", "localhost", "127.0.0.1"];
+if (!ALLOWED_HOSTS.includes(parsedUrl.hostname)) {
+    process.stderr.write(`DOVITO_APP_URL hostname "${parsedUrl.hostname}" is not in the allowlist: ${ALLOWED_HOSTS.join(", ")}\n`);
+    process.exit(1);
+}
+const BASE_URL = parsedUrl.origin;
+// Resolve token: env var > stored token > browser auth flow
+async function resolveToken() {
+    // 1. Explicit env var (highest priority)
+    const envToken = process.env.SYSTEMATICS_TOKEN || process.env.MCP_API_KEY;
+    if (envToken)
+        return envToken;
+    // 2. Previously stored token from browser auth
+    const stored = getStoredToken();
+    if (stored)
+        return stored;
+    // 3. Run browser auth flow
+    return authenticateViaBrowser(BASE_URL);
+}
+const token = await resolveToken();
+const api = new ApiClient(BASE_URL, token);
+const server = new McpServer({
+    name: "dovito",
+    version: "1.0.0",
+});
+// ── Businesses ─────────────────────────────────────────────────────────────
+server.tool("list_businesses", "List all businesses (clients) in the Dovito portal", {}, async () => {
+    const data = await api.get("/api/businesses");
+    return { content: [{ type: "text", text: JSON.stringify(data, null, 2) }] };
+});
+server.tool("get_business", "Get a single business by ID", { businessId: z.string().describe("Business UUID") }, async ({ businessId }) => {
+    const data = await api.get(`/api/businesses/${businessId}`);
+    return { content: [{ type: "text", text: JSON.stringify(data, null, 2) }] };
+});
+server.tool("create_business", "Create a new business (client company)", {
+    name: z.string().describe("Business name (required)"),
+    industry: z.string().optional().describe("Industry"),
+    description: z.string().optional().describe("Description"),
+    website: z.string().optional().describe("Website URL"),
+    phone: z.string().optional().describe("Phone number"),
+    address: z.string().optional().describe("Address"),
+    status: z.enum(["pending", "approved", "active"]).optional(),
+    ownerUserId: z.string().optional().describe("User ID of the business owner, or 'none'"),
+}, async (params) => {
+    const data = await api.post("/api/businesses", params);
+    return { content: [{ type: "text", text: JSON.stringify(data, null, 2) }] };
+});
+server.tool("update_business", "Update an existing business", {
+    businessId: z.string().describe("Business UUID"),
+    name: z.string().optional(),
+    legalName: z.string().nullable().optional(),
+    website: z.string().nullable().optional(),
+    industry: z.string().nullable().optional(),
+    description: z.string().nullable().optional(),
+    phone: z.string().nullable().optional(),
+    address: z.string().nullable().optional(),
+    status: z.enum(["pending", "approved", "active"]).optional(),
+    assignedAmId: z.string().nullable().optional().describe("Account manager user ID"),
+}, async ({ businessId, ...updates }) => {
+    const data = await api.patch(`/api/businesses/${businessId}`, updates);
+    return { content: [{ type: "text", text: JSON.stringify(data, null, 2) }] };
+});
+// ── Projects ───────────────────────────────────────────────────────────────
+server.tool("list_projects", "List all projects across businesses", {}, async () => {
+    const data = await api.get("/api/projects");
+    return { content: [{ type: "text", text: JSON.stringify(data, null, 2) }] };
+});
+server.tool("get_project", "Get a single project by ID", { projectId: z.string().describe("Project UUID") }, async ({ projectId }) => {
+    const data = await api.get(`/api/projects/${projectId}`);
+    return { content: [{ type: "text", text: JSON.stringify(data, null, 2) }] };
+});
+server.tool("create_project", "Create a new project under a business", {
+    name: z.string().describe("Project name"),
+    businessId: z.string().describe("Business UUID"),
+    description: z.string().optional(),
+    status: z.enum(["planning", "in_progress", "on_hold", "completed", "cancelled"]).optional(),
+    serviceType: z.string().optional(),
+    phaseName: z.string().optional(),
+    contractValue: z.number().optional().describe("Value in cents"),
+    startDate: z.string().optional().describe("ISO date"),
+    estimatedEndDate: z.string().optional().describe("ISO date"),
+}, async (params) => {
+    const data = await api.post("/api/projects", params);
+    return { content: [{ type: "text", text: JSON.stringify(data, null, 2) }] };
+});
+server.tool("update_project", "Update an existing project", {
+    projectId: z.string().describe("Project UUID"),
+    name: z.string().optional(),
+    description: z.string().optional(),
+    status: z.enum(["planning", "in_progress", "on_hold", "completed", "cancelled"]).optional(),
+    progress: z.number().min(0).max(100).optional(),
+    contractValue: z.number().optional().describe("Value in cents"),
+    startDate: z.string().optional().describe("ISO date"),
+    estimatedEndDate: z.string().optional().describe("ISO date"),
+}, async ({ projectId, ...updates }) => {
+    const data = await api.patch(`/api/projects/${projectId}`, updates);
+    return { content: [{ type: "text", text: JSON.stringify(data, null, 2) }] };
+});
+// ── Tasks ──────────────────────────────────────────────────────────────────
+server.tool("list_tasks", "List all tasks, optionally filtered by business", {
+    businessId: z.string().optional().describe("Filter by business UUID"),
+}, async ({ businessId }) => {
+    const params = new URLSearchParams();
+    if (businessId)
+        params.set("businessId", businessId);
+    const query = params.toString() ? `?${params}` : "";
+    const data = await api.get(`/api/tasks${query}`);
+    return { content: [{ type: "text", text: JSON.stringify(data, null, 2) }] };
+});
+server.tool("list_project_tasks", "List tasks for a specific project", { projectId: z.string().describe("Project UUID") }, async ({ projectId }) => {
+    const data = await api.get(`/api/projects/${projectId}/tasks`);
+    return { content: [{ type: "text", text: JSON.stringify(data, null, 2) }] };
+});
+server.tool("create_task", "Create a task under a project", {
+    projectId: z.string().describe("Project UUID"),
+    title: z.string().describe("Task title (1-255 chars)"),
+    description: z.string().optional(),
+    type: z.enum(["general", "resource_request", "proposal_signing", "deliverable_review", "onboarding"]).optional(),
+    assignedToId: z.string().optional().describe("User UUID to assign to"),
+    startDate: z.string().optional().describe("ISO date"),
+    dueDate: z.string().optional().describe("ISO date"),
+}, async ({ projectId, ...body }) => {
+    const data = await api.post(`/api/projects/${projectId}/tasks`, body);
+    return { content: [{ type: "text", text: JSON.stringify(data, null, 2) }] };
+});
+server.tool("update_task", "Update an existing task", {
+    projectId: z.string().describe("Project UUID"),
+    taskId: z.string().describe("Task UUID"),
+    title: z.string().optional(),
+    description: z.string().optional(),
+    status: z.enum(["pending", "in_progress", "done", "completed", "cancelled"]).optional(),
+    type: z.enum(["general", "resource_request", "proposal_signing", "deliverable_review", "onboarding"]).optional(),
+    assignedToId: z.string().optional(),
+    startDate: z.string().optional().describe("ISO date"),
+    dueDate: z.string().optional().describe("ISO date"),
+}, async ({ projectId, taskId, ...updates }) => {
+    const data = await api.patch(`/api/projects/${projectId}/tasks/${taskId}`, updates);
+    return { content: [{ type: "text", text: JSON.stringify(data, null, 2) }] };
+});
+server.tool("delete_task", "Delete a task (set confirm=true to proceed)", {
+    projectId: z.string().describe("Project UUID"),
+    taskId: z.string().describe("Task UUID"),
+    confirm: z.literal(true).describe("Must be true to confirm deletion"),
+}, async ({ projectId, taskId }) => {
+    await api.delete(`/api/projects/${projectId}/tasks/${taskId}`);
+    return { content: [{ type: "text", text: "Task deleted." }] };
+});
+// ── Catalog ────────────────────────────────────────────────────────────────
+server.tool("list_catalog_items", "List all items in the line item catalog", { all: z.boolean().optional().describe("Include inactive items") }, async ({ all }) => {
+    const query = all ? "?all=true" : "";
+    const data = await api.get(`/api/catalog${query}`);
+    return { content: [{ type: "text", text: JSON.stringify(data, null, 2) }] };
+});
+server.tool("create_catalog_item", "Add an item to the line item catalog", {
+    name: z.string().describe("Item name"),
+    description: z.string().optional(),
+    costCode: z.string().optional().describe("Cost code e.g. SVC-001"),
+    category: z.enum(["service", "product", "digital", "physical"]).optional(),
+    unitAmount: z.number().int().min(0).describe("Price in cents"),
+    unit: z.string().optional().describe("hour, each, month, project, per seat, quarterly, annual"),
+}, async (params) => {
+    const data = await api.post("/api/catalog", params);
+    return { content: [{ type: "text", text: JSON.stringify(data, null, 2) }] };
+});
+server.tool("update_catalog_item", "Update a catalog item", {
+    itemId: z.string().describe("Catalog item UUID"),
+    name: z.string().optional(),
+    description: z.string().optional(),
+    costCode: z.string().optional(),
+    category: z.enum(["service", "product", "digital", "physical"]).optional(),
+    unitAmount: z.number().int().min(0).optional(),
+    unit: z.string().optional(),
+    isActive: z.boolean().optional(),
+}, async ({ itemId, ...updates }) => {
+    const data = await api.patch(`/api/catalog/${itemId}`, updates);
+    return { content: [{ type: "text", text: JSON.stringify(data, null, 2) }] };
+});
+// ── Users ──────────────────────────────────────────────────────────────────
+server.tool("list_users", "List all users in the portal", {
+    businessId: z.string().optional().describe("Filter by business UUID"),
+    includeStaff: z.boolean().optional().describe("Include staff/admin users"),
+}, async ({ businessId, includeStaff }) => {
+    const params = new URLSearchParams();
+    if (businessId)
+        params.set("businessId", businessId);
+    if (includeStaff)
+        params.set("includeStaff", "true");
+    const query = params.toString() ? `?${params}` : "";
+    const data = await api.get(`/api/admin/users${query}`);
+    return { content: [{ type: "text", text: JSON.stringify(data, null, 2) }] };
+});
+// ── Proposals ──────────────────────────────────────────────────────────────
+server.tool("list_proposals", "List proposals for a project", { projectId: z.string().describe("Project UUID") }, async ({ projectId }) => {
+    const data = await api.get(`/api/projects/${projectId}/proposals`);
+    return { content: [{ type: "text", text: JSON.stringify(data, null, 2) }] };
+});
+server.tool("create_proposal", "Create a proposal (quote) for a project", {
+    projectId: z.string().describe("Project UUID"),
+    title: z.string().describe("Proposal title (1-200 chars)"),
+    description: z.string().optional().describe("Description (max 2000 chars)"),
+    lineItems: z.array(z.object({
+        description: z.string(),
+        quantity: z.number().int().min(1),
+        unitAmount: z.number().int().min(0).describe("Amount in cents"),
+    })).describe("Line items for the proposal"),
+    expiresAt: z.string().optional().describe("ISO date for expiration"),
+}, async ({ projectId, ...body }) => {
+    const data = await api.post(`/api/projects/${projectId}/proposals`, body);
+    return { content: [{ type: "text", text: JSON.stringify(data, null, 2) }] };
+});
+// ── Conversations & Messages ───────────────────────────────────────────────
+server.tool("list_conversations", "List all conversations (message threads) for the service account", {}, async () => {
+    const data = await api.get("/api/messages");
+    return { content: [{ type: "text", text: JSON.stringify(data, null, 2) }] };
+});
+server.tool("get_conversation_messages", "Get messages in a conversation thread", {
+    conversationId: z.string().describe("Conversation UUID"),
+    cursor: z.string().optional().describe("Pagination cursor (message ID)"),
+}, async ({ conversationId, cursor }) => {
+    const params = new URLSearchParams();
+    if (cursor)
+        params.set("cursor", cursor);
+    const query = params.toString() ? `?${params}` : "";
+    const data = await api.get(`/api/messages/${conversationId}${query}`);
+    return { content: [{ type: "text", text: JSON.stringify(data, null, 2) }] };
+});
+server.tool("create_conversation", "Create a new conversation (DM, group, project, or business thread)", {
+    type: z.enum(["direct", "group", "project", "business"]).describe("Conversation type"),
+    participantIds: z.array(z.string()).optional().describe("User UUIDs to include"),
+    name: z.string().optional().describe("Group conversation name"),
+    projectId: z.string().optional().describe("Project UUID (for project type)"),
+    businessId: z.string().optional().describe("Business UUID (for business type)"),
+}, async (params) => {
+    const data = await api.post("/api/conversations", params);
+    return { content: [{ type: "text", text: JSON.stringify(data, null, 2) }] };
+});
+server.tool("send_message", "Send a message in a conversation", {
+    conversationId: z.string().describe("Conversation UUID"),
+    content: z.string().describe("Message content (1-10000 chars)"),
+    parentMessageId: z.string().optional().describe("Reply to a specific message"),
+}, async ({ conversationId, ...body }) => {
+    const data = await api.post(`/api/messages/${conversationId}`, body);
+    return { content: [{ type: "text", text: JSON.stringify(data, null, 2) }] };
+});
+// ── Deliverables ───────────────────────────────────────────────────────────
+server.tool("list_deliverables", "List deliverables for a project", { projectId: z.string().describe("Project UUID") }, async ({ projectId }) => {
+    const data = await api.get(`/api/projects/${projectId}/deliverables`);
+    return { content: [{ type: "text", text: JSON.stringify(data, null, 2) }] };
+});
+server.tool("create_deliverable", "Create a deliverable under a project", {
+    projectId: z.string().describe("Project UUID"),
+    title: z.string().describe("Deliverable title"),
+    description: z.string().optional(),
+    status: z.enum(["pending", "in_progress", "completed"]).optional(),
+}, async ({ projectId, ...body }) => {
+    const data = await api.post(`/api/projects/${projectId}/deliverables`, body);
+    return { content: [{ type: "text", text: JSON.stringify(data, null, 2) }] };
+});
+server.tool("update_deliverable", "Update a deliverable", {
+    projectId: z.string().describe("Project UUID"),
+    deliverableId: z.string().describe("Deliverable UUID"),
+    title: z.string().optional(),
+    description: z.string().optional(),
+    status: z.enum(["pending", "in_progress", "completed"]).optional(),
+}, async ({ projectId, deliverableId, ...updates }) => {
+    const data = await api.patch(`/api/projects/${projectId}/deliverables/${deliverableId}`, updates);
+    return { content: [{ type: "text", text: JSON.stringify(data, null, 2) }] };
+});
+// ── Applications (Pipeline) ───────────────────────────────────────────────
+server.tool("list_applications", "List all applications in the pipeline", {}, async () => {
+    const data = await api.get("/api/admin/applications");
+    return { content: [{ type: "text", text: JSON.stringify(data, null, 2) }] };
+});
+// ── Start server ───────────────────────────────────────────────────────────
+async function main() {
+    const transport = new StdioServerTransport();
+    await server.connect(transport);
+}
+main().catch((err) => {
+    console.error("Fatal:", err);
+    process.exit(1);
+});

package/package.json

@@ -0,0 +1,37 @@
+{
+  "name": "systematics-mcp",
+  "version": "1.0.0",
+  "type": "module",
+  "description": "Claude Code MCP server for the Systematics platform by Dovito Business Solutions",
+  "bin": {
+    "systematics-mcp": "dist/index.js"
+  },
+  "main": "dist/index.js",
+  "scripts": {
+    "build": "tsc",
+    "prepublishOnly": "npm run build",
+    "start": "node dist/index.js",
+    "dev": "tsx src/index.ts"
+  },
+  "dependencies": {
+    "@modelcontextprotocol/sdk": "^1.12.1"
+  },
+  "devDependencies": {
+    "tsx": "^4.20.5",
+    "typescript": "^5.6.3",
+    "@types/node": "^20.16.11"
+  },
+  "files": [
+    "dist/**/*",
+    "README.md"
+  ],
+  "keywords": ["mcp", "claude", "claude-code", "systematics", "dovito", "model-context-protocol"],
+  "author": "Dovito Business Solutions",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/dovito-dev/app.dovito.com.git",
+    "directory": "mcp-server"
+  },
+  "homepage": "https://app.dovito.com"
+}