webcake-storefront-mcp 1.1.0 → 1.1.2

package/dist/legal.js

@@ -55,7 +55,7 @@ handles, why, who receives it, and how long it is kept.</p>
   tokens are never written to disk by the connector. Access tokens expire automatically after ~1 hour, refresh
   tokens after ~30 days. A server restart clears all tokens.</li>
   <li><strong>Local CLI config (stdio mode).</strong> When you run <code>npx webcake-storefront-mcp login</code>,
-  your token and session ID are saved to a local SQLite file on <em>your own machine</em> (at
+  your token and session ID are saved to a local file on <em>your own machine</em> (at
   <code>~/.webcake-storefront-mcp.db</code> or similar). This file stays on your device and is not transmitted
   anywhere by the connector.</li>
   <li>The connector does <strong>not</strong> run an analytics database, does <strong>not</strong> sell or share

package/dist/persistence/postgres.js

@@ -0,0 +1,132 @@
+/**
+ * Lazy, shared Postgres pool used to PERSIST the OAuth 2.1 Authorization Server
+ * state (clients, pending auths, codes, access + refresh tokens) so tokens
+ * survive a `serve` restart and are shared across instances behind a load
+ * balancer — unlike the caches (Redis/disposable), OAuth state is durable.
+ *
+ * Returns null when no DATABASE_URL is configured OR `pg` isn't installed — the
+ * OAuth store then falls back to in-memory maps, so single-instance `serve`,
+ * stdio/`npx`, and the offline smoke gate keep working with ZERO infra.
+ *
+ * `pg` is an OPTIONAL, CJS dependency (see package.json), required via
+ * createRequire under ESM/Node16. The pool connects lazily per query.
+ *
+ * Configure with DATABASE_URL (or WEBCAKE_POSTGRES_URL), e.g.
+ * postgres://user:pw@host:5432/webcake_storefront
+ *
+ * KEY DIFFERENCE vs. landing-mcp: the credential is a PAIR (jwt + wsid), so
+ * oauth_codes / oauth_access_tokens / oauth_refresh_tokens carry two columns
+ * (`jwt text NOT NULL` and `wsid text`) instead of a single `ljwt` column.
+ */
+import { createRequire } from "node:module";
+const require = createRequire(import.meta.url);
+let cached; // undefined = not yet resolved
+function redactUrl(u) {
+    try {
+        const x = new URL(u);
+        if (x.password)
+            x.password = "***";
+        return x.toString();
+    }
+    catch {
+        return "postgres";
+    }
+}
+/**
+ * Returns the shared Postgres pool, or null if Postgres isn't configured/available.
+ * Memoized: resolves the pool (or its absence) exactly once per process.
+ */
+export function getPg() {
+    if (cached !== undefined)
+        return cached;
+    const url = process.env.DATABASE_URL || process.env.WEBCAKE_POSTGRES_URL;
+    if (!url)
+        return (cached = null);
+    try {
+        // eslint-disable-next-line @typescript-eslint/no-require-imports
+        const { Pool } = require("pg");
+        const pool = new Pool({
+            connectionString: url,
+            max: Number(process.env.WEBCAKE_PG_POOL_MAX) || 5,
+            // Managed Postgres (Supabase, Neon, …) often requires TLS; allow opting in
+            // without verifying the chain via WEBCAKE_PG_SSL=1.
+            ssl: /^(1|true|yes|on)$/i.test(process.env.WEBCAKE_PG_SSL ?? "")
+                ? { rejectUnauthorized: false }
+                : undefined,
+        });
+        pool.on("error", (e) => console.error("[pg] pool error:", e?.message ?? e));
+        console.error(`[pg] OAuth store backend: ${redactUrl(url)}`);
+        cached = pool;
+    }
+    catch (e) {
+        console.error("[pg] unavailable, using in-memory OAuth store:", e?.message ?? e);
+        cached = null;
+    }
+    return cached;
+}
+/**
+ * Create the OAuth tables if absent. Idempotent and memoized to a single
+ * in-flight promise per process, so concurrent callers share one round-trip. On
+ * any failure it logs and resolves false; the caller degrades to in-memory.
+ *
+ * Storefront schema: codes/tokens carry TWO credential columns:
+ *   jwt  text NOT NULL  — the user's WebCake JWT
+ *   wsid text           — the WebCake session/workspace ID (may be empty)
+ */
+let schemaReady;
+export function ensureOAuthSchema(pool) {
+    if (schemaReady)
+        return schemaReady;
+    schemaReady = (async () => {
+        try {
+            await pool.query(`
+        CREATE TABLE IF NOT EXISTS oauth_clients (
+          client_id     text PRIMARY KEY,
+          client_name   text,
+          redirect_uris jsonb NOT NULL,
+          created_at    bigint NOT NULL
+        );
+        CREATE TABLE IF NOT EXISTS oauth_pending (
+          state          text PRIMARY KEY,
+          client_id      text NOT NULL,
+          redirect_uri   text NOT NULL,
+          code_challenge text NOT NULL,
+          client_state   text,
+          scope          text,
+          expires_at     bigint NOT NULL
+        );
+        CREATE TABLE IF NOT EXISTS oauth_codes (
+          code           text PRIMARY KEY,
+          client_id      text NOT NULL,
+          redirect_uri   text NOT NULL,
+          code_challenge text NOT NULL,
+          scope          text,
+          jwt            text NOT NULL,
+          wsid           text,
+          expires_at     bigint NOT NULL
+        );
+        CREATE TABLE IF NOT EXISTS oauth_access_tokens (
+          token      text PRIMARY KEY,
+          jwt        text NOT NULL,
+          wsid       text,
+          scope      text,
+          expires_at bigint NOT NULL
+        );
+        CREATE TABLE IF NOT EXISTS oauth_refresh_tokens (
+          token      text PRIMARY KEY,
+          jwt        text NOT NULL,
+          wsid       text,
+          client_id  text NOT NULL,
+          scope      text,
+          expires_at bigint NOT NULL
+        );
+      `);
+            return true;
+        }
+        catch (e) {
+            console.error("[pg] OAuth schema init failed, using in-memory:", e?.message ?? e);
+            return false;
+        }
+    })();
+    return schemaReady;
+}

package/dist/persistence/redis.js

@@ -0,0 +1,66 @@
+/**
+ * Lazy, shared ioredis client used as a SHORT-TTL CACHE for OAuth access-token
+ * lookups (access_token → {jwt,wsid}). Returns null when no REDIS_URL is
+ * configured OR ioredis isn't installed — every caller then falls back to going
+ * directly to Postgres (or the in-memory map), so stdio/`npx` users and the
+ * offline `npm run smoke` gate keep working with ZERO infra.
+ *
+ * The cache is intentionally disposable: losing Redis (restart, eviction,
+ * expiry) just adds one Postgres round-trip per /mcp request — never a failure.
+ * We never block startup on the connection and tolerate command errors by
+ * degrading to the source-of-truth store on a per-call basis.
+ *
+ * ioredis is an OPTIONAL, CJS dependency (see package.json), so we require it via
+ * createRequire under ESM/Node16. `new Redis(url)` returns immediately and
+ * connects in the background; commands queue until the socket is up.
+ *
+ * Configure with REDIS_URL (or WEBCAKE_REDIS_URL), e.g. redis://default:pw@host:6379/0
+ */
+import { createRequire } from "node:module";
+const require = createRequire(import.meta.url);
+let cached; // undefined = not yet resolved
+function redactUrl(u) {
+    try {
+        const x = new URL(u);
+        if (x.password)
+            x.password = "***";
+        return x.toString();
+    }
+    catch {
+        return "redis";
+    }
+}
+/**
+ * Returns the shared Redis client, or null if Redis isn't configured/available.
+ * Memoized: resolves the connection (or its absence) exactly once per process.
+ */
+export function getRedis() {
+    if (cached !== undefined)
+        return cached;
+    const url = process.env.REDIS_URL || process.env.WEBCAKE_REDIS_URL;
+    if (!url)
+        return (cached = null);
+    try {
+        // eslint-disable-next-line @typescript-eslint/no-require-imports
+        const mod = require("ioredis");
+        const Redis = mod.default ?? mod;
+        const client = new Redis(url, {
+            maxRetriesPerRequest: 2,
+            enableOfflineQueue: true,
+            // Never let a connection blip crash the process — log and keep retrying.
+            retryStrategy: (times) => Math.min(times * 200, 3000),
+        });
+        client.on("error", (e) => console.error("[redis] error:", e?.message ?? e));
+        console.error(`[redis] OAuth token cache: ${redactUrl(url)}`);
+        cached = client;
+    }
+    catch (e) {
+        console.error("[redis] unavailable, using direct store lookups:", e?.message ?? e);
+        cached = null;
+    }
+    return cached;
+}
+/** True when a Redis cache backend is configured (used for log/diagnostics). */
+export function redisEnabled() {
+    return getRedis() !== null;
+}

package/dist/tools/context.js

@@ -1,6 +1,6 @@
 import { z } from "zod";
 import { getConfig, setConfig } from "../db.js";
-/** Read all saved credentials from SQLite for startup */
+/** Read all saved credentials from the local config file for startup */
 export function getSavedConfig() {
     return {
         token: getConfig("token") || "",
@@ -118,7 +118,7 @@ Get token and session_id from browser DevTools → Network tab → copy from any
                 api.baseUrl = oldBaseUrl;
             throw new Error("Authentication failed — credentials were NOT changed. Make sure token and session_id are both correct.");
         }
-        // Persist all to SQLite
+        // Persist all to the local config file
         if (token)
             setConfig("token", token);
         if (session_id)

package/dist/tools/images.js

@@ -606,7 +606,7 @@ If alt_path is omitted, it is auto-detected via the same probe used by list_imag
     }));
     // ── Alt cache tools ──
     server.tool("get_cached_image_alts", `Look up cached alt descriptions for image URLs. URLs are matched by normalized form (query string stripped, lowercase). Use BEFORE running read_image/OCR — skip already-described URLs.
-When MONGO_URI is set, misses are then checked against MongoDB and successful hits are backfilled into the local SQLite cache for fast re-lookup.`, {
+When MONGO_URI is set, misses are then checked against MongoDB and successful hits are backfilled into the local cache for fast re-lookup.`, {
         urls: z.array(z.string()).min(1).describe("Image URLs to look up"),
     }, ({ urls }) => handle(async () => {
         const hits = [];
@@ -693,7 +693,7 @@ When MONGO_URI is set, misses are then checked against MongoDB and successful hi
         return { total, count: rows.length, entries: rows };
     }));
     // ── Mongo sync (active when MONGO_URI is set) ──
-    server.tool("sync_image_alts_to_mongo", `Push local SQLite alt cache entries up to MongoDB. Bulk upsert keyed by url_key. Use when you want to back up local-only entries to the shared central store, or after a session of heavy AI describes.
+    server.tool("sync_image_alts_to_mongo", `Push local alt cache entries up to MongoDB. Bulk upsert keyed by url_key. Use when you want to back up local-only entries to the shared central store, or after a session of heavy AI describes.
 Requires MONGO_URI env var.`, {
         limit: z.number().default(1000).describe("Max entries to push per call"),
         offset: z.number().default(0).describe("Offset into local cache"),
@@ -706,7 +706,7 @@ Requires MONGO_URI env var.`, {
         const res = await mongoUpsertAlts(rows.map((r) => ({ url_key: r.url_key, url: r.url, alt: r.alt, source: r.source })));
         return { pushed: rows.length, ...res, total_local: countImageAlts() };
     }));
-    server.tool("sync_image_alts_from_mongo", `Pull MongoDB alt entries down into local SQLite cache. Useful when starting on a new machine/site to warm the local cache from the central store.
+    server.tool("sync_image_alts_from_mongo", `Pull MongoDB alt entries down into local cache. Useful when starting on a new machine/site to warm the local cache from the central store.
 Requires MONGO_URI env var.`, {
         limit: z.number().default(1000).describe("Max entries to pull"),
         offset: z.number().default(0).describe("Offset into Mongo collection"),