zerno-mcp 0.1.1 → 0.1.2

package/README.md

@@ -7,7 +7,7 @@ Local stdio MCP server for ZERNO code-agent integrations.
 Recommended setup:
 
 ```bash
-npx -y zerno-mcp@0.1.1 setup
+npx -y zerno-mcp@0.1.2 setup
 ```
 
 The setup command opens ZERNO in the browser, lets the user choose a project,
@@ -16,7 +16,7 @@ creates the project-scoped MCP token, and writes local agent configs.
 Agent runtime:
 
 ```bash
-npx -y zerno-mcp@0.1.1
+npx -y zerno-mcp@0.1.2
 ```
 
 Required environment:

package/dist/index.js

@@ -22,7 +22,7 @@ if (process.argv[2] === "setup") {
     process.exit(0);
 }
 const client = await import("./zerno-client.js");
-const server = new Server({ name: "zerno-mcp", version: "0.1.1" }, { capabilities: { tools: {} } });
+const server = new Server({ name: "zerno-mcp", version: "0.1.2" }, { capabilities: { tools: {} } });
 function asRecord(value) {
     if (value && typeof value === "object") {
         return value;

package/dist/setup.js

@@ -1,12 +1,11 @@
 import { createServer } from "node:http";
 import { spawnSync } from "node:child_process";
+import { createHash, randomBytes } from "node:crypto";
 import { existsSync, mkdirSync, readFileSync, writeFileSync } from "node:fs";
-import { homedir, hostname, platform } from "node:os";
+import { homedir, platform } from "node:os";
 import { dirname, join } from "node:path";
-import { createInterface } from "node:readline/promises";
-import { stdin as input, stdout as output } from "node:process";
 const DEFAULT_API_URL = "https://zerno.one";
-const PACKAGE_SPEC = "zerno-mcp@0.1.1";
+const PACKAGE_SPEC = "zerno-mcp@0.1.2";
 const MANAGED_START = "# ZERNO MCP:START";
 const MANAGED_END = "# ZERNO MCP:END";
 function argValue(args, name) {
@@ -17,39 +16,44 @@ function argValue(args, name) {
     const idx = args.indexOf(name);
     return idx >= 0 ? args[idx + 1] : undefined;
 }
+function b64url(input) {
+    return input.toString("base64").replace(/=/g, "").replace(/\+/g, "-").replace(/\//g, "_");
+}
+function newOpaque(bytes = 32) {
+    return b64url(randomBytes(bytes));
+}
+function pkceChallenge(verifier) {
+    return b64url(createHash("sha256").update(verifier).digest());
+}
 function openBrowser(url) {
     const command = platform() === "darwin" ? "open" : platform() === "win32" ? "cmd" : "xdg-open";
     const args = platform() === "win32" ? ["/c", "start", "", url] : [url];
     spawnSync(command, args, { stdio: "ignore" });
 }
-function localCallback() {
+function callbackServer() {
     return new Promise((resolve, reject) => {
+        let done = () => { };
+        let fail = () => { };
+        const result = new Promise((ok, bad) => {
+            done = ok;
+            fail = bad;
+        });
         const server = createServer((req, res) => {
             const requestUrl = new URL(req.url || "/", "http://127.0.0.1");
-            if (!requestUrl.pathname.startsWith("/desktop-auth/callback")) {
+            if (!requestUrl.pathname.startsWith("/zerno-mcp/callback")) {
                 res.writeHead(404).end("Not found");
                 return;
             }
-            const desktopToken = requestUrl.searchParams.get("desktopToken") || "";
-            const apiBaseUrl = requestUrl.searchParams.get("apiBaseUrl") || undefined;
-            res
-                .writeHead(desktopToken ? 200 : 400, { "Content-Type": "text/html; charset=utf-8" })
-                .end(desktopToken
-                ? "<h1>ZERNO MCP connected</h1><p>You can close this tab and return to the terminal.</p>"
-                : "<h1>ZERNO MCP setup failed</h1><p>Missing login token.</p>");
+            const error = requestUrl.searchParams.get("error") || undefined;
+            const code = requestUrl.searchParams.get("code") || "";
+            const state = requestUrl.searchParams.get("state") || "";
+            const ok = Boolean(code) && !error;
+            res.writeHead(ok ? 200 : 400, { "Content-Type": "text/html; charset=utf-8" }).end(successHtml(ok, error));
             server.close();
-            if (desktopToken) {
-                tokenResolve({ desktopToken, apiBaseUrl });
-            }
-            else {
-                tokenReject(new Error("Browser callback did not include desktopToken"));
-            }
-        });
-        let tokenResolve = () => { };
-        let tokenReject = () => { };
-        const token = new Promise((ok, fail) => {
-            tokenResolve = ok;
-            tokenReject = fail;
+            if (ok)
+                done({ code, state });
+            else
+                fail(new Error(error || "OAuth callback did not include code"));
         });
         server.on("error", reject);
         server.listen(0, "127.0.0.1", () => {
@@ -58,18 +62,24 @@ function localCallback() {
                 reject(new Error("Failed to allocate local callback port"));
                 return;
             }
-            resolve({ url: `http://127.0.0.1:${address.port}/desktop-auth/callback`, token });
+            resolve({ redirectUri: `http://127.0.0.1:${address.port}/zerno-mcp/callback`, result });
         });
     });
 }
-async function apiRequest(apiUrl, path, token, init = {}) {
+function successHtml(ok, error) {
+    const title = ok ? "ZERNO MCP connected" : "ZERNO MCP setup failed";
+    const body = ok
+        ? "You can close this tab and return to the terminal."
+        : `Authorization failed: ${escapeHtml(error || "unknown error")}`;
+    return `<!doctype html><html><head><meta charset="utf-8"><meta name="viewport" content="width=device-width,initial-scale=1"><title>${title}</title><style>body{margin:0;min-height:100vh;display:grid;place-items:center;background:#111;color:#f5f5f5;font-family:ui-sans-serif,system-ui,-apple-system,BlinkMacSystemFont,"Segoe UI",sans-serif}.card{width:min(520px,calc(100vw - 32px));border:1px solid #333;border-radius:20px;background:#1b1b1b;padding:32px;box-shadow:0 20px 80px #0008}.mark{width:44px;height:44px;border-radius:14px;background:#9cff00;margin-bottom:20px}h1{font-size:28px;line-height:1.1;margin:0 0 12px}p{color:#bbb;font-size:15px;line-height:1.5;margin:0}</style></head><body><main class="card"><div class="mark"></div><h1>${title}</h1><p>${body}</p></main></body></html>`;
+}
+function escapeHtml(value) {
+    return value.replace(/[&<>"]/g, (ch) => ({ "&": "&amp;", "<": "&lt;", ">": "&gt;", '"': "&quot;" }[ch] || ch));
+}
+async function apiRequest(apiUrl, path, init = {}) {
     const response = await fetch(`${apiUrl.replace(/\/+$/, "")}${path}`, {
         ...init,
-        headers: {
-            "Content-Type": "application/json",
-            ...(token ? { Authorization: `Bearer ${token}` } : {}),
-            ...(init.headers || {}),
-        },
+        headers: { "Content-Type": "application/json", ...(init.headers || {}) },
     });
     if (!response.ok) {
         const body = await response.text().catch(() => "");
@@ -77,74 +87,53 @@ async function apiRequest(apiUrl, path, token, init = {}) {
     }
     return (await response.json());
 }
-async function browserLogin(apiUrl) {
-    const callback = await localCallback();
-    const query = new URLSearchParams({
-        redirectUri: callback.url,
-        deviceName: `${hostname()} zerno-mcp setup`,
-        platform: platform(),
-        deviceId: `${hostname()}-${platform()}`,
-    });
-    const authUrl = `${apiUrl.replace(/\/+$/, "")}/api/desktop/auth/browser/start?${query.toString()}`;
-    console.log("Opening ZERNO login in your browser...");
-    console.log(`If it does not open, paste this URL:\n${authUrl}\n`);
-    openBrowser(authUrl);
-    const browserToken = await callback.token;
-    const effectiveApiUrl = browserToken.apiBaseUrl || apiUrl;
-    const verified = await apiRequest(effectiveApiUrl, "/api/desktop/auth/verify-token", null, {
+async function oauthConnect(apiUrl) {
+    const callback = await callbackServer();
+    const registered = await apiRequest(apiUrl, "/oauth/register", {
         method: "POST",
         body: JSON.stringify({
-            token: browserToken.desktopToken,
-            deviceName: `${hostname()} zerno-mcp setup`,
-            platform: platform(),
-            deviceId: `${hostname()}-${platform()}`,
+            client_name: "ZERNO MCP CLI",
+            redirect_uris: [callback.redirectUri],
+            grant_types: ["authorization_code"],
+            response_types: ["code"],
+            token_endpoint_auth_method: "none",
+            scope: "mcp",
         }),
     });
-    return { apiUrl: effectiveApiUrl, accessToken: verified.accessToken, email: verified.user.email };
-}
-async function selectProject(apiUrl, accessToken, requestedProjectId) {
-    const data = await apiRequest(apiUrl, "/api/desktop/projects", accessToken);
-    if (data.projects.length === 0) {
-        throw new Error("No ZERNO projects found for this account.");
-    }
-    if (requestedProjectId) {
-        const match = data.projects.find((project) => project.id === requestedProjectId || project.slug === requestedProjectId);
-        if (!match)
-            throw new Error(`Project not found: ${requestedProjectId}`);
-        return match;
-    }
-    if (data.projects.length === 1) {
-        console.log(`Using project: ${data.projects[0].name}`);
-        return data.projects[0];
-    }
-    console.log("Choose ZERNO project:");
-    data.projects.forEach((project, index) => {
-        console.log(`${index + 1}. ${project.name}${project.slug ? ` (${project.slug})` : ""}`);
+    const verifier = newOpaque(48);
+    const state = newOpaque(24);
+    const params = new URLSearchParams({
+        response_type: "code",
+        client_id: registered.client_id,
+        redirect_uri: callback.redirectUri,
+        scope: "mcp",
+        state,
+        code_challenge: pkceChallenge(verifier),
+        code_challenge_method: "S256",
     });
-    const rl = createInterface({ input, output });
-    try {
-        for (;;) {
-            const answer = await rl.question("Project number: ");
-            const idx = Number(answer.trim());
-            if (Number.isInteger(idx) && idx >= 1 && idx <= data.projects.length) {
-                return data.projects[idx - 1];
-            }
-        }
-    }
-    finally {
-        rl.close();
-    }
-}
-async function createMcpToken(apiUrl, accessToken, projectId) {
-    const data = await apiRequest(apiUrl, `/api/desktop/projects/${projectId}/mcp-token`, accessToken, { method: "POST" });
-    return data.raw_token;
+    const authUrl = `${apiUrl.replace(/\/+$/, "")}/oauth/authorize?${params.toString()}`;
+    console.log("Opening ZERNO authorization in your browser...");
+    console.log(`If it does not open, paste this URL:\n${authUrl}\n`);
+    openBrowser(authUrl);
+    const result = await callback.result;
+    if (result.state !== state)
+        throw new Error("OAuth state mismatch");
+    const form = new URLSearchParams({
+        grant_type: "authorization_code",
+        code: result.code,
+        redirect_uri: callback.redirectUri,
+        client_id: registered.client_id,
+        code_verifier: verifier,
+    });
+    const token = await apiRequest(apiUrl, "/oauth/token", {
+        method: "POST",
+        headers: { "Content-Type": "application/x-www-form-urlencoded" },
+        body: form.toString(),
+    });
+    return { token: token.access_token, projectId: token.project_id };
 }
 function runtimeEnv(apiUrl, rawToken, projectId) {
-    return {
-        ZERNO_API_URL: apiUrl,
-        ZERNO_API_TOKEN: rawToken,
-        ZERNO_PROJECT_ID: projectId,
-    };
+    return { ZERNO_API_URL: apiUrl, ZERNO_API_TOKEN: rawToken, ZERNO_PROJECT_ID: projectId };
 }
 function writeJson(filePath, value) {
     mkdirSync(dirname(filePath), { recursive: true });
@@ -193,9 +182,7 @@ function writeCodex(env) {
     ].join("\n");
     const existing = existsSync(filePath) ? readFileSync(filePath, "utf8") : "";
     const pattern = new RegExp(`${MANAGED_START.replace(/[.*+?^${}()|[\]\\]/g, "\\$&")}[\\s\\S]*?${MANAGED_END.replace(/[.*+?^${}()|[\]\\]/g, "\\$&")}\\n?`, "m");
-    const next = pattern.test(existing)
-        ? existing.replace(pattern, managed)
-        : `${existing.trimEnd()}\n\n${managed}`;
+    const next = pattern.test(existing) ? existing.replace(pattern, managed) : `${existing.trimEnd()}\n\n${managed}`;
     mkdirSync(dirname(filePath), { recursive: true });
     writeFileSync(filePath, next, { mode: 0o600 });
     return filePath;
@@ -203,9 +190,7 @@ function writeCodex(env) {
 function writeClaude(env) {
     const filePath = claudeConfigPath();
     const cfg = readJson(filePath);
-    const servers = cfg.mcpServers && typeof cfg.mcpServers === "object"
-        ? cfg.mcpServers
-        : {};
+    const servers = cfg.mcpServers && typeof cfg.mcpServers === "object" ? cfg.mcpServers : {};
     servers.zerno = { command: "npx", args: ["-y", PACKAGE_SPEC], env };
     cfg.mcpServers = servers;
     writeJson(filePath, cfg);
@@ -215,42 +200,40 @@ function writeOpenCode(env) {
     const filePath = join(process.cwd(), "opencode.jsonc");
     const cfg = readJson(filePath);
     const mcp = cfg.mcp && typeof cfg.mcp === "object" ? cfg.mcp : {};
-    mcp.zerno = {
-        type: "local",
-        command: ["npx", "-y", PACKAGE_SPEC],
-        enabled: true,
-        environment: env,
-    };
+    mcp.zerno = { type: "local", command: ["npx", "-y", PACKAGE_SPEC], enabled: true, environment: env };
     cfg.mcp = mcp;
     writeJson(filePath, cfg);
     ensureGitignoreLine("opencode.jsonc");
     return filePath;
 }
+function writeClaudeCode(env) {
+    // Project-scoped Claude Code config: `<cwd>/.mcp.json`. Same shape as
+    // Claude Desktop's `claude_desktop_config.json` (mcpServers map).
+    const filePath = join(process.cwd(), ".mcp.json");
+    const cfg = readJson(filePath);
+    const servers = cfg.mcpServers && typeof cfg.mcpServers === "object" ? cfg.mcpServers : {};
+    servers.zerno = { command: "npx", args: ["-y", PACKAGE_SPEC], env };
+    cfg.mcpServers = servers;
+    writeJson(filePath, cfg);
+    ensureGitignoreLine(".mcp.json");
+    return filePath;
+}
 export async function runSetup(args) {
     if (args.includes("--help") || args.includes("-h")) {
         console.log([
-            "Usage: npx -y zerno-mcp@0.1.1 setup [--api-url https://zerno.one] [--project <id-or-slug>]",
+            "Usage: npx -y zerno-mcp@0.1.2 setup [--api-url https://zerno.one]",
             "",
-            "Opens browser login, creates a project-scoped MCP token, and writes local",
-            "Codex, Claude Desktop, and OpenCode MCP configs.",
+            "Opens the hosted ZERNO OAuth consent screen, lets the user choose a project,",
+            "and writes local Codex, Claude Desktop, and OpenCode MCP configs.",
         ].join("\n"));
         return;
     }
     const apiUrl = argValue(args, "--api-url") || DEFAULT_API_URL;
-    const projectArg = argValue(args, "--project");
-    const auth = await browserLogin(apiUrl);
-    console.log(`Logged in as ${auth.email}`);
-    const project = await selectProject(auth.apiUrl, auth.accessToken, projectArg);
-    const rawToken = await createMcpToken(auth.apiUrl, auth.accessToken, project.id);
-    const env = runtimeEnv(auth.apiUrl, rawToken, project.id);
-    const written = [
-        ["Codex", writeCodex(env)],
-        ["Claude Desktop", writeClaude(env)],
-        ["OpenCode", writeOpenCode(env)],
-    ];
-    console.log(`\nZERNO MCP is configured for project: ${project.name}`);
-    for (const [client, filePath] of written) {
+    const auth = await oauthConnect(apiUrl);
+    const env = runtimeEnv(apiUrl, auth.token, auth.projectId);
+    const written = [["Codex", writeCodex(env)], ["Claude Desktop", writeClaude(env)], ["OpenCode", writeOpenCode(env)]];
+    console.log("\nZERNO MCP is configured.");
+    for (const [client, filePath] of written)
         console.log(`- ${client}: ${filePath}`);
-    }
     console.log("\nRestart your agent so it reloads MCP servers.");
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "zerno-mcp",
-  "version": "0.1.1",
+  "version": "0.1.2",
   "description": "MCP server connecting OpenCode to ZERNO cloud product brain",
   "type": "module",
   "main": "dist/index.js",