vibedsgn-mcp 1.2.0 → 1.2.1

package/dist/chunk-SL2UW535.js

@@ -0,0 +1,518 @@
+// src/server.ts
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
+
+// src/auth.ts
+function getAuthHeader() {
+  const apiKey = process.env.VIBEDSGN_API_KEY;
+  if (apiKey) return `Bearer ${apiKey}`;
+  const sessionToken = process.env.VIBEDSGN_SESSION_TOKEN;
+  if (sessionToken) return `Bearer ${sessionToken}`;
+  throw new Error(
+    "Missing authentication: set VIBEDSGN_API_KEY or VIBEDSGN_SESSION_TOKEN environment variable"
+  );
+}
+function getApiBase() {
+  return process.env.VIBEDSGN_API_URL ?? "https://vibedsgn.com";
+}
+
+// src/client.ts
+var VibedsgnApiError = class extends Error {
+  code;
+  status;
+  details;
+  constructor(code, status, message, details) {
+    super(message);
+    this.code = code;
+    this.status = status;
+    this.details = details;
+  }
+};
+var VibedsgnClient = class {
+  apiBase;
+  constructor() {
+    this.apiBase = getApiBase();
+  }
+  // Lazy auth: don't read the env var until a request actually needs it.
+  // This lets the MCP server start (and advertise its tools) even when the
+  // user hasn't configured VIBEDSGN_API_KEY yet — they'll get a structured
+  // UNAUTHORIZED error from the first authenticated tool call instead of a
+  // hard process exit at startup that looks like "MCP failed to connect".
+  get authHeader() {
+    try {
+      return getAuthHeader();
+    } catch (err) {
+      const message = err instanceof Error ? err.message : "Missing authentication";
+      throw new VibedsgnApiError("UNAUTHORIZED", 401, message);
+    }
+  }
+  async parseError(res) {
+    let body = null;
+    try {
+      body = await res.json();
+    } catch {
+      body = null;
+    }
+    if (body && typeof body === "object" && "error" in body && body.error && typeof body.error === "object") {
+      const err = body.error;
+      return new VibedsgnApiError(err.code ?? "INTERNAL", res.status, err.message ?? res.statusText, err.details);
+    }
+    const flatMsg = body && typeof body === "object" && "error" in body && typeof body.error === "string" ? body.error : res.statusText;
+    return new VibedsgnApiError("INTERNAL", res.status, flatMsg);
+  }
+  /**
+   * Verify the current API key and return the authenticated user.
+   * Useful for agents to fail fast with a clear message before doing real work.
+   */
+  async whoami() {
+    const res = await fetch(`${this.apiBase}/api/mcp/whoami`, {
+      method: "GET",
+      headers: { Authorization: this.authHeader }
+    });
+    if (!res.ok) throw await this.parseError(res);
+    const data = await res.json();
+    return data.user;
+  }
+  /**
+   * Upload a base64-encoded image to Vercel Blob via the MCP upload route.
+   * Returns the public blob URL.
+   */
+  async uploadBase64Image(base64, filename, contentType) {
+    const res = await fetch(`${this.apiBase}/api/mcp/upload-base64`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        Authorization: this.authHeader
+      },
+      body: JSON.stringify({
+        image: base64,
+        filename: filename ?? `mcp-upload-${Date.now()}.png`,
+        contentType: contentType ?? "image/png"
+      })
+    });
+    if (!res.ok) throw await this.parseError(res);
+    const data = await res.json();
+    return data.url;
+  }
+  /**
+   * Fetch a public image URL, base64-encode it, and upload via uploadBase64Image.
+   * Lets agents skip the encode-and-stream step when they already have a hosted image.
+   * Caps at 4MB to match the upload route's limit.
+   */
+  async uploadImageFromUrl(url, filename) {
+    const res = await fetch(url);
+    if (!res.ok) {
+      throw new VibedsgnApiError(
+        "UPLOAD_FETCH_FAILED",
+        res.status,
+        `Failed to fetch image from ${url}: ${res.status} ${res.statusText}`
+      );
+    }
+    const contentType = res.headers.get("content-type") ?? "image/png";
+    if (!contentType.startsWith("image/")) {
+      throw new VibedsgnApiError(
+        "UPLOAD_INVALID_TYPE",
+        400,
+        `URL did not return an image (content-type: ${contentType})`
+      );
+    }
+    const buffer = await res.arrayBuffer();
+    if (buffer.byteLength > 4 * 1024 * 1024) {
+      throw new VibedsgnApiError(
+        "UPLOAD_TOO_LARGE",
+        413,
+        `Image at ${url} is ${(buffer.byteLength / 1024 / 1024).toFixed(2)} MB (max 4 MB)`
+      );
+    }
+    const base64 = Buffer.from(buffer).toString("base64");
+    const ext = contentType.split("/")[1]?.split(";")[0] ?? "png";
+    return this.uploadBase64Image(base64, filename ?? `mcp-fetched-${Date.now()}.${ext}`, contentType);
+  }
+  /**
+   * Create and publish a vibe via the MCP vibes route.
+   * Publishes immediately, no draft step. Returns absolute URL.
+   */
+  async createVibe(params) {
+    const res = await fetch(`${this.apiBase}/api/mcp/vibes`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        Authorization: this.authHeader
+      },
+      body: JSON.stringify(params)
+    });
+    if (!res.ok) throw await this.parseError(res);
+    return res.json();
+  }
+  /**
+   * Delete a vibe owned by the authenticated user. Returns 404 if not found
+   * or owned by a different user (we don't distinguish, to avoid info leak).
+   */
+  async deleteVibe(id) {
+    const res = await fetch(`${this.apiBase}/api/mcp/vibes/${encodeURIComponent(id)}`, {
+      method: "DELETE",
+      headers: { Authorization: this.authHeader }
+    });
+    if (!res.ok) throw await this.parseError(res);
+    return res.json();
+  }
+  /**
+   * List available design tools, optionally filtered.
+   * - category: exact match on category slug
+   * - slug:     exact match on tool slug (case-insensitive)
+   * - q:        fuzzy substring match across name/slug/description
+   * Multiple filters combine with AND.
+   */
+  async listDesignTools(opts) {
+    const params = new URLSearchParams();
+    if (opts?.category) params.set("category", opts.category);
+    if (opts?.slug) params.set("slug", opts.slug);
+    if (opts?.q) params.set("q", opts.q);
+    const qs = params.toString();
+    const url = `${this.apiBase}/api/mcp/tools${qs ? `?${qs}` : ""}`;
+    const res = await fetch(url, {
+      method: "GET",
+      headers: { Authorization: this.authHeader }
+    });
+    if (!res.ok) throw await this.parseError(res);
+    const data = await res.json();
+    return data.tools;
+  }
+};
+
+// src/tools/whoami.ts
+import { z } from "zod";
+function registerWhoami(server, client) {
+  server.registerTool(
+    "whoami",
+    {
+      title: "Whoami",
+      description: "Verify the current API key and return the authenticated Vibedsgn user. Call this FIRST before doing any real work \u2014 it confirms the key is valid and tells you which account vibes will be posted under. Cheap (no DB writes), and lets you fail fast with a clear error if auth is misconfigured.",
+      inputSchema: z.object({}).shape
+    },
+    async () => {
+      try {
+        const user = await client.whoami();
+        return {
+          content: [
+            {
+              type: "text",
+              text: JSON.stringify({
+                success: true,
+                user: {
+                  id: user.id,
+                  name: user.name,
+                  handle: user.handle,
+                  image: user.image
+                }
+              })
+            }
+          ]
+        };
+      } catch (err) {
+        const apiErr = err instanceof VibedsgnApiError ? err : null;
+        const code = apiErr?.code ?? "INTERNAL";
+        const message = err instanceof Error ? err.message : "Unknown error";
+        console.error(`[vibedsgn-mcp] whoami error (${code}): ${message}`);
+        return {
+          content: [{ type: "text", text: JSON.stringify({ success: false, error: { code, message } }) }],
+          isError: true
+        };
+      }
+    }
+  );
+}
+
+// src/tools/list-design-tools.ts
+import { z as z2 } from "zod";
+var ListDesignToolsInputSchema = z2.object({
+  category: z2.string().optional().describe(
+    "Filter to a single tool category. Common values: 'ai-design', 'ai-agents', 'design-skills', 'ai-stack'."
+  ),
+  slug: z2.string().optional().describe("Look up a single tool by slug (case-insensitive). Use this when you already know the exact tool."),
+  q: z2.string().optional().describe(
+    "Fuzzy substring match across name, slug, and description. Use this when you have a hint like 'cursor', 'midjourney', or 'next.js'."
+  )
+});
+function registerListDesignTools(server, client) {
+  server.registerTool(
+    "list_design_tools",
+    {
+      title: "List Design Tools",
+      description: "List the design tool registry on Vibedsgn so you can pick a valid `primaryToolId` for `post_vibe`. Returns id, name, slug, category, and description for each tool. Always call this BEFORE `post_vibe` unless you already have a tool id from a previous call. Use the `q` filter when you know the tool name (e.g. `q: 'cursor'`), the `category` filter to browse a section, or `slug` for an exact lookup. If you're unsure, call without arguments to see all tools.",
+      inputSchema: ListDesignToolsInputSchema.shape
+    },
+    async (args) => {
+      try {
+        const tools = await client.listDesignTools({
+          category: args.category,
+          slug: args.slug,
+          q: args.q
+        });
+        return {
+          content: [
+            {
+              type: "text",
+              text: JSON.stringify({
+                success: true,
+                count: tools.length,
+                tools: tools.map((t) => ({
+                  id: t.id,
+                  name: t.name,
+                  slug: t.slug,
+                  category: t.category,
+                  description: t.description
+                }))
+              })
+            }
+          ]
+        };
+      } catch (err) {
+        const apiErr = err instanceof VibedsgnApiError ? err : null;
+        const code = apiErr?.code ?? "INTERNAL";
+        const message = err instanceof Error ? err.message : "Unknown error";
+        console.error(`[vibedsgn-mcp] list_design_tools error (${code}): ${message}`);
+        return {
+          content: [{ type: "text", text: JSON.stringify({ success: false, error: { code, message } }) }],
+          isError: true
+        };
+      }
+    }
+  );
+}
+
+// src/tools/post-vibe.ts
+import { z as z3 } from "zod";
+var AiStackSchema = z3.object({
+  codingAgents: z3.array(z3.string()).optional().default([]),
+  imageGen: z3.array(z3.string()).optional().default([]),
+  videoGen: z3.array(z3.string()).optional().default([]),
+  other: z3.array(z3.string()).optional().default([])
+}).optional().describe("AI tools used in the project. All inner arrays are optional \u2014 pass only what you used.");
+var DesignSystemSchema = z3.object({
+  colors: z3.array(z3.string()).optional().default([]),
+  typography: z3.string().optional().default("")
+}).optional().describe("Design system info. All fields optional.");
+var PostVibeInputSchema = z3.object({
+  title: z3.string().min(1).describe("Project name (required, max 200 chars)."),
+  // Image: must provide ONE of desktopImageUrl (preferred) or desktopImage (base64).
+  desktopImageUrl: z3.string().url().optional().describe(
+    "PREFERRED: a public URL to the desktop screenshot. The MCP server fetches it, base64-encodes, and uploads. Faster than sending base64 over stdio. Must be a publicly accessible image URL (https://...). Max 4MB."
+  ),
+  desktopImage: z3.string().optional().describe(
+    "FALLBACK: a base64-encoded desktop screenshot (max 4MB decoded). Use this only if you don't have a public URL for the image. Slower than `desktopImageUrl` because base64 doubles the payload size."
+  ),
+  primaryToolId: z3.string().min(1).describe("Tool ID from `list_design_tools`. Must match the `id` field exactly, not the slug or name."),
+  description: z3.string().optional().describe("Short project description (1-2 sentences ideal)."),
+  mobileImageUrl: z3.string().url().optional().describe("Optional public URL for the mobile screenshot."),
+  mobileImage: z3.string().optional().describe("Optional base64-encoded mobile screenshot. Prefer mobileImageUrl."),
+  tags: z3.array(z3.string()).optional().describe("Free-form curation tags (e.g. ['saas', 'dashboard', 'ai-tooling'])."),
+  systemPrompt: z3.string().optional().describe("The system/generation prompt used to build the design."),
+  processNotes: z3.string().optional().describe("Notes about the build process \u2014 what worked, what didn't."),
+  aiStack: AiStackSchema,
+  designSystem: DesignSystemSchema,
+  liveUrl: z3.string().url().optional().describe("Live URL of the project, if hosted somewhere."),
+  githubUrl: z3.string().url().optional().describe("GitHub repository URL, if open source."),
+  dryRun: z3.boolean().optional().default(false).describe(
+    "When true, validate inputs and return what would be published (slug, url, primary tool name) WITHOUT actually uploading the screenshot or creating the vibe. Use this to preview-confirm with the user before committing. Default false."
+  )
+}).refine(
+  (v) => Boolean(v.desktopImageUrl) || Boolean(v.desktopImage) || v.dryRun === true,
+  {
+    message: "Either `desktopImageUrl` (preferred) or `desktopImage` (base64) is required.",
+    path: ["desktopImageUrl"]
+  }
+);
+function registerPostVibe(server, client) {
+  server.registerTool(
+    "post_vibe",
+    {
+      title: "Post Vibe",
+      description: "Publish a design project to Vibedsgn. WORKFLOW: (1) Call `whoami` first to confirm the API key is valid. (2) Call `list_design_tools` (optionally with `q` or `category`) to pick a `primaryToolId`. (3) Call this tool with the title, primaryToolId, and EITHER `desktopImageUrl` (a public URL \u2014 preferred, faster) OR `desktopImage` (base64-encoded PNG, max 4MB). (4) Optional fields like `tags`, `description`, `aiStack`, `designSystem` improve discoverability but aren't required. (5) For preview-without-publish, set `dryRun: true` \u2014 returns the predicted slug and primary tool without uploading or creating anything. Returns the absolute URL of the published vibe and an `id` you can pass to `delete_vibe` if you need to clean up. Vibes are published immediately \u2014 there is no draft step.",
+      inputSchema: PostVibeInputSchema.shape
+    },
+    async (rawArgs) => {
+      try {
+        const args = PostVibeInputSchema.parse(rawArgs);
+        if (args.dryRun) {
+          console.error(`[vibedsgn-mcp] Dry-run post_vibe "${args.title}" \u2014 no upload, no DB write.`);
+          const placeholderImageUrl = args.desktopImageUrl ?? "dry-run://placeholder.png";
+          const dryResult = await client.createVibe({
+            title: args.title,
+            desktopImageUrl: placeholderImageUrl,
+            primaryToolId: args.primaryToolId,
+            description: args.description,
+            tags: args.tags,
+            systemPrompt: args.systemPrompt,
+            processNotes: args.processNotes,
+            aiStack: args.aiStack,
+            designSystem: args.designSystem,
+            liveUrl: args.liveUrl,
+            githubUrl: args.githubUrl,
+            dryRun: true
+          });
+          if (!("dryRun" in dryResult)) {
+            throw new Error("Expected dry-run response from backend, got a live create result.");
+          }
+          return {
+            content: [
+              {
+                type: "text",
+                text: JSON.stringify({
+                  success: true,
+                  dryRun: true,
+                  wouldCreate: dryResult.wouldCreate,
+                  message: "Dry run only \u2014 no vibe was created. Call again with dryRun: false to publish."
+                })
+              }
+            ]
+          };
+        }
+        let desktopImageUrl;
+        if (args.desktopImageUrl) {
+          console.error(`[vibedsgn-mcp] Fetching desktop image from URL: ${args.desktopImageUrl}`);
+          desktopImageUrl = await client.uploadImageFromUrl(
+            args.desktopImageUrl,
+            `${args.title.replace(/\s+/g, "-").toLowerCase()}-desktop.png`
+          );
+        } else if (args.desktopImage) {
+          console.error(`[vibedsgn-mcp] Uploading base64 desktop image (${args.desktopImage.length} chars)...`);
+          desktopImageUrl = await client.uploadBase64Image(
+            args.desktopImage,
+            `${args.title.replace(/\s+/g, "-").toLowerCase()}-desktop.png`
+          );
+        } else {
+          throw new Error("Either desktopImageUrl or desktopImage is required.");
+        }
+        let mobileImageUrl;
+        if (args.mobileImageUrl) {
+          console.error(`[vibedsgn-mcp] Fetching mobile image from URL...`);
+          mobileImageUrl = await client.uploadImageFromUrl(
+            args.mobileImageUrl,
+            `${args.title.replace(/\s+/g, "-").toLowerCase()}-mobile.png`
+          );
+        } else if (args.mobileImage) {
+          console.error(`[vibedsgn-mcp] Uploading base64 mobile image...`);
+          mobileImageUrl = await client.uploadBase64Image(
+            args.mobileImage,
+            `${args.title.replace(/\s+/g, "-").toLowerCase()}-mobile.png`
+          );
+        }
+        console.error(`[vibedsgn-mcp] Creating vibe "${args.title}"...`);
+        const result = await client.createVibe({
+          title: args.title,
+          desktopImageUrl,
+          primaryToolId: args.primaryToolId,
+          description: args.description,
+          mobileImageUrl,
+          tags: args.tags,
+          systemPrompt: args.systemPrompt,
+          processNotes: args.processNotes,
+          aiStack: args.aiStack,
+          designSystem: args.designSystem,
+          liveUrl: args.liveUrl,
+          githubUrl: args.githubUrl
+        });
+        if ("dryRun" in result) {
+          throw new Error("Unexpected dry-run response from backend on a live post_vibe call.");
+        }
+        console.error(`[vibedsgn-mcp] Vibe published: ${result.url}`);
+        return {
+          content: [
+            {
+              type: "text",
+              text: JSON.stringify({
+                success: true,
+                id: result.id,
+                slug: result.slug,
+                url: result.url,
+                // absolute URL — server guarantees full https://...
+                message: `Vibe "${args.title}" published. To remove it, call \`delete_vibe\` with id "${result.id}".`
+              })
+            }
+          ]
+        };
+      } catch (err) {
+        const apiErr = err instanceof VibedsgnApiError ? err : null;
+        const code = apiErr?.code ?? (err instanceof z3.ZodError ? "VALIDATION_ERROR" : "INTERNAL");
+        const message = err instanceof Error ? err.message : "Unknown error";
+        const details = apiErr?.details ?? (err instanceof z3.ZodError ? { issues: err.issues } : void 0);
+        console.error(`[vibedsgn-mcp] post_vibe error (${code}): ${message}`);
+        return {
+          content: [
+            {
+              type: "text",
+              text: JSON.stringify({ success: false, error: { code, message, details } })
+            }
+          ],
+          isError: true
+        };
+      }
+    }
+  );
+}
+
+// src/tools/delete-vibe.ts
+import { z as z4 } from "zod";
+var DeleteVibeInputSchema = z4.object({
+  id: z4.string().min(1).describe(
+    "The vibe id to delete (returned from `post_vibe`). You can ONLY delete vibes owned by the authenticated user \u2014 attempts to delete someone else's vibe return a not-found error."
+  )
+});
+function registerDeleteVibe(server, client) {
+  server.registerTool(
+    "delete_vibe",
+    {
+      title: "Delete Vibe",
+      description: "Permanently delete a vibe you own (cascades to likes, bookmarks, comments, and notifications). Use the `id` returned by `post_vibe`. If the vibe doesn't exist OR is owned by a different user, returns NOT_FOUND (we don't distinguish, to avoid leaking ownership). This is irreversible \u2014 there is no soft-delete or restore.",
+      inputSchema: DeleteVibeInputSchema.shape
+    },
+    async (args) => {
+      try {
+        const result = await client.deleteVibe(args.id);
+        return {
+          content: [
+            {
+              type: "text",
+              text: JSON.stringify({
+                success: true,
+                id: result.id,
+                message: `Vibe ${result.id} deleted.`
+              })
+            }
+          ]
+        };
+      } catch (err) {
+        const apiErr = err instanceof VibedsgnApiError ? err : null;
+        const code = apiErr?.code ?? "INTERNAL";
+        const message = err instanceof Error ? err.message : "Unknown error";
+        console.error(`[vibedsgn-mcp] delete_vibe error (${code}): ${message}`);
+        return {
+          content: [{ type: "text", text: JSON.stringify({ success: false, error: { code, message } }) }],
+          isError: true
+        };
+      }
+    }
+  );
+}
+
+// src/server.ts
+console.log = console.error;
+async function startServer() {
+  const server = new McpServer({
+    name: "vibedsgn-mcp",
+    version: "1.2.1"
+  });
+  const client = new VibedsgnClient();
+  registerWhoami(server, client);
+  registerListDesignTools(server, client);
+  registerPostVibe(server, client);
+  registerDeleteVibe(server, client);
+  const transport = new StdioServerTransport();
+  await server.connect(transport);
+  console.error("[vibedsgn-mcp] Server started on stdio transport (v1.2.1)");
+}
+
+export {
+  startServer
+};