trapic-mcp 0.1.0 → 0.1.1

package/bin/trapic-mcp.mjs

@@ -379,9 +379,16 @@ async function cmdServeDev() {
 }
 
 async function cmdLogin() {
+  const useBrowser = process.argv.includes("--browser") || process.argv.includes("-b");
+
+  if (useBrowser) {
+    return cmdLoginBrowser();
+  }
+
   const rl = createInterface({ input: process.stdin, output: process.stdout });
 
   try {
+    console.log("Login with email/password. For GitHub/Google, use: trapic login --browser\n");
     const serverUrl =
       (await rl.question(`Server URL [${DEFAULT_URL}]: `)).trim() || DEFAULT_URL;
     const email = (await rl.question("Email: ")).trim();
@@ -483,6 +490,90 @@ async function cmdLogin() {
   }
 }
 
+async function cmdLoginBrowser() {
+  const { exec } = await import("child_process");
+
+  console.log("Opening browser to create an API token...\n");
+
+  const tokenUrl = "https://trapic.ai/tokens";
+  const openCmd = process.platform === "darwin" ? "open" : process.platform === "win32" ? "start" : "xdg-open";
+  exec(`${openCmd} ${tokenUrl}`);
+
+  console.log("1. Sign in with GitHub, Google, or email in the browser");
+  console.log("2. Create a new API token");
+  console.log("3. Copy the token and paste it below\n");
+
+  const rl = createInterface({ input: process.stdin, output: process.stdout });
+  const token = (await rl.question("Paste your API token (tr_...): ")).trim();
+  rl.close();
+
+  if (!token || !token.startsWith("tr_")) {
+    console.error("Error: Invalid token. Must start with tr_");
+    process.exit(1);
+  }
+
+  // Verify token
+  const res = await fetch("https://mcp.trapic.ai/auth/whoami", {
+    headers: { Authorization: `Bearer ${token}` },
+  });
+
+  if (!res.ok) {
+    console.error("Error: Token verification failed. Check your token and try again.");
+    process.exit(1);
+  }
+
+  const data = await res.json();
+  const mcpUrl = "https://mcp.trapic.ai/mcp";
+  await saveCredentials({ url: mcpUrl, token, email: data.user?.email || "" });
+  console.log(`\nLogged in as ${data.user?.email || "unknown"}`);
+  console.log(`Credentials saved to ${CRED_FILE}`);
+
+  // Configure Claude Code
+  const rl2 = createInterface({ input: process.stdin, output: process.stdout });
+  try {
+    const setupClaude = (
+      await rl2.question("\nConfigure for Claude Code? [Y/n]: ")
+    ).trim().toLowerCase();
+
+    if (setupClaude !== "n" && setupClaude !== "no") {
+      const scope = (
+        await rl2.question("Scope — global or project? [global]: ")
+      ).trim().toLowerCase();
+
+      const mcpEntry = {
+        command: "npx",
+        args: ["-y", "trapic-mcp"],
+        env: { TRAPIC_TOKEN: token },
+      };
+
+      if (scope === "project" || scope === "p") {
+        const projectDir = process.cwd();
+        const claudeDir = join(projectDir, ".claude");
+        const claudeJson = join(claudeDir, "mcp.json");
+        await mkdir(claudeDir, { recursive: true });
+        let existing = {};
+        try { existing = JSON.parse(await readFile(claudeJson, "utf-8")); } catch {}
+        existing.mcpServers = existing.mcpServers || {};
+        existing.mcpServers.trapic = mcpEntry;
+        await writeFile(claudeJson, JSON.stringify(existing, null, 2) + "\n");
+        console.log(`Saved to ${claudeJson}`);
+      } else {
+        const globalDir = join(homedir(), ".claude");
+        const globalJson = join(globalDir, "mcp.json");
+        await mkdir(globalDir, { recursive: true });
+        let existing = {};
+        try { existing = JSON.parse(await readFile(globalJson, "utf-8")); } catch {}
+        existing.mcpServers = existing.mcpServers || {};
+        existing.mcpServers.trapic = mcpEntry;
+        await writeFile(globalJson, JSON.stringify(existing, null, 2) + "\n");
+        console.log(`Saved to ${globalJson}`);
+      }
+    }
+  } finally {
+    rl2.close();
+  }
+}
+
 async function cmdLogout() {
   const config = await loadConfig();
   if (!config) {
@@ -879,6 +970,7 @@ switch (command) {
 Usage:
   trapic-mcp                     Start stdio proxy (for Claude Code)
   trapic-mcp login               Login with email/password
+  trapic-mcp login --browser     Login with GitHub/Google (opens browser)
   trapic-mcp logout              Revoke token and clear credentials
   trapic-mcp whoami              Show current user and token info
   trapic-mcp init                Manual setup with token (--global | --project)

package/dist/worker.js

@@ -110,7 +110,7 @@ function getCorsOrigin(request) {
 function isValidRedirectUri(uri) {
     try {
         const parsed = new URL(uri);
-        const allowed = ["localhost", "127.0.0.1", "trapic.ai"];
+        const allowed = ["localhost", "127.0.0.1", "trapic.ai", "claude.ai"];
         return allowed.some(h => parsed.hostname === h || parsed.hostname.endsWith("." + h));
     }
     catch {
@@ -249,8 +249,12 @@ export default {
     label { display: block; font-size: 0.8rem; color: #a3a3a3; margin-bottom: 0.25rem; }
     input[type="email"], input[type="password"] { width: 100%; padding: 0.6rem 0.75rem; background: #0a0a0a; border: 1px solid #333; border-radius: 8px; color: #e5e5e5; font-size: 0.9rem; margin-bottom: 1rem; outline: none; }
     input:focus { border-color: #525252; }
-    button { width: 100%; padding: 0.6rem; background: #fff; color: #000; border: none; border-radius: 9999px; font-size: 0.9rem; font-weight: 600; cursor: pointer; }
-    button:hover { opacity: 0.9; }
+    button, .oauth-btn { width: 100%; padding: 0.6rem; background: #fff; color: #000; border: none; border-radius: 9999px; font-size: 0.9rem; font-weight: 600; cursor: pointer; display: flex; align-items: center; justify-content: center; gap: 0.5rem; text-decoration: none; }
+    button:hover, .oauth-btn:hover { opacity: 0.9; }
+    .oauth-btn { background: #262626; color: #e5e5e5; border: 1px solid #333; margin-bottom: 0.5rem; }
+    .divider { display: flex; align-items: center; gap: 0.75rem; margin: 1.25rem 0; }
+    .divider::before, .divider::after { content: ''; flex: 1; height: 1px; background: #333; }
+    .divider span { font-size: 0.75rem; color: #525252; }
     .error { color: #ef4444; font-size: 0.8rem; margin-bottom: 1rem; }
   </style>
 </head>
@@ -259,6 +263,15 @@ export default {
     <div class="logo">Trapic</div>
     <div class="desc">Sign in to authorize access to your knowledge base</div>
     ${errorMsg ? `<div class="error">${escapeHtml(errorMsg)}</div>` : ""}
+    <a class="oauth-btn" href="${env.SUPABASE_URL}/auth/v1/authorize?provider=github&redirect_to=${encodeURIComponent(origin + '/oauth/callback-social?' + new URLSearchParams({ client_id: clientId, redirect_uri: redirectUri, state, code_challenge: codeChallenge, code_challenge_method: codeChallengeMethod }).toString())}">
+      <svg width="16" height="16" viewBox="0 0 24 24" fill="currentColor"><path d="M12 0C5.37 0 0 5.37 0 12c0 5.31 3.435 9.795 8.205 11.385.6.105.825-.255.825-.57 0-.285-.015-1.23-.015-2.235-3.015.555-3.795-.735-4.035-1.41-.135-.345-.72-1.41-1.23-1.695-.42-.225-1.02-.78-.015-.795.945-.015 1.62.87 1.845 1.23 1.08 1.815 2.805 1.305 3.495.99.105-.78.42-1.305.765-1.605-2.67-.3-5.46-1.335-5.46-5.925 0-1.305.465-2.385 1.23-3.225-.12-.3-.54-1.53.12-3.18 0 0 1.005-.315 3.3 1.23.96-.27 1.98-.405 3-.405s2.04.135 3 .405c2.295-1.56 3.3-1.23 3.3-1.23.66 1.65.24 2.88.12 3.18.765.84 1.23 1.905 1.23 3.225 0 4.605-2.805 5.625-5.475 5.925.435.375.81 1.095.81 2.22 0 1.605-.015 2.895-.015 3.3 0 .315.225.69.825.57A12.02 12.02 0 0024 12c0-6.63-5.37-12-12-12z"/></svg>
+      Continue with GitHub
+    </a>
+    <a class="oauth-btn" href="${env.SUPABASE_URL}/auth/v1/authorize?provider=google&redirect_to=${encodeURIComponent(origin + '/oauth/callback-social?' + new URLSearchParams({ client_id: clientId, redirect_uri: redirectUri, state, code_challenge: codeChallenge, code_challenge_method: codeChallengeMethod }).toString())}">
+      <svg width="16" height="16" viewBox="0 0 24 24"><path d="M22.56 12.25c0-.78-.07-1.53-.2-2.25H12v4.26h5.92a5.06 5.06 0 01-2.2 3.32v2.77h3.57c2.08-1.92 3.28-4.74 3.28-8.1z" fill="#4285F4"/><path d="M12 23c2.97 0 5.46-.98 7.28-2.66l-3.57-2.77c-.98.66-2.23 1.06-3.71 1.06-2.86 0-5.29-1.93-6.16-4.53H2.18v2.84C3.99 20.53 7.7 23 12 23z" fill="#34A853"/><path d="M5.84 14.09c-.22-.66-.35-1.36-.35-2.09s.13-1.43.35-2.09V7.07H2.18C1.43 8.55 1 10.22 1 12s.43 3.45 1.18 4.93l2.85-2.22.81-.62z" fill="#FBBC05"/><path d="M12 5.38c1.62 0 3.06.56 4.21 1.64l3.15-3.15C17.45 2.09 14.97 1 12 1 7.7 1 3.99 3.47 2.18 7.07l3.66 2.84c.87-2.6 3.3-4.53 6.16-4.53z" fill="#EA4335"/></svg>
+      Continue with Google
+    </a>
+    <div class="divider"><span>or</span></div>
     <form method="POST" action="/oauth/authorize">
       <input type="hidden" name="client_id" value="${escapeHtml(clientId)}" />
       <input type="hidden" name="redirect_uri" value="${escapeHtml(redirectUri)}" />
@@ -266,7 +279,7 @@ export default {
       <input type="hidden" name="code_challenge" value="${escapeHtml(codeChallenge)}" />
       <input type="hidden" name="code_challenge_method" value="${escapeHtml(codeChallengeMethod)}" />
       <label>Email</label>
-      <input type="email" name="email" required autocomplete="email" autofocus />
+      <input type="email" name="email" required autocomplete="email" />
       <label>Password</label>
       <input type="password" name="password" required autocomplete="current-password" />
       <button type="submit">Sign In</button>
@@ -283,6 +296,38 @@ export default {
                 },
             });
         }
+        // OAuth social callback — Supabase redirects here after GitHub/Google login
+        if (url.pathname === "/oauth/callback-social") {
+            const accessToken = url.hash ? new URLSearchParams(url.hash.slice(1)).get("access_token") : url.searchParams.get("access_token");
+            const clientId = url.searchParams.get("client_id") || "";
+            const redirectUri = url.searchParams.get("redirect_uri") || "";
+            const state = url.searchParams.get("state") || "";
+            const codeChallenge = url.searchParams.get("code_challenge") || "";
+            if (!redirectUri || !codeChallenge) {
+                return new Response("Missing OAuth parameters", { status: 400 });
+            }
+            // Get user from Supabase access token
+            const supabase = getSupabase();
+            const { data: { user: authUser }, error: authErr } = await supabase.auth.getUser(accessToken || "");
+            if (authErr || !authUser) {
+                // Redirect back to authorize with error
+                const backUrl = new URL(`${origin}/oauth/authorize`);
+                backUrl.searchParams.set("client_id", clientId);
+                backUrl.searchParams.set("redirect_uri", redirectUri);
+                backUrl.searchParams.set("state", state);
+                backUrl.searchParams.set("code_challenge", codeChallenge);
+                backUrl.searchParams.set("code_challenge_method", "S256");
+                backUrl.searchParams.set("error", "Social login failed. Please try again.");
+                return new Response(null, { status: 302, headers: { "Location": backUrl.toString() } });
+            }
+            // Generate signed auth code
+            const code = await createAuthCode(env, authUser.id, codeChallenge, redirectUri);
+            const redirectUrl = new URL(redirectUri);
+            redirectUrl.searchParams.set("code", code);
+            if (state)
+                redirectUrl.searchParams.set("state", state);
+            return new Response(null, { status: 302, headers: { "Location": redirectUrl.toString() } });
+        }
         // OAuth Authorize POST — validates credentials, issues auth code via 302 redirect
         if (url.pathname === "/oauth/authorize" && request.method === "POST") {
             // Parse form body (native form POST sends application/x-www-form-urlencoded)

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "trapic-mcp",
-  "version": "0.1.0",
+  "version": "0.1.1",
   "description": "AI knowledge management MCP server — automatically capture, search, and connect decisions, facts, and conventions across AI coding sessions",
   "type": "module",
   "main": "dist/index.js",