gcontext-mcp 0.1.1__tar.gz

gcontext_mcp-0.1.1/.env.example

@@ -0,0 +1,6 @@
+# Secret VALUES live here, on the client only. This file is gitignored as `.env`.
+# Copy to `.env` and fill in. Register the NAMES via the tool_register_secret tool;
+# never put values in the database.
+# STRIPE_KEY=sk_live_...
+# SUPABASE_URL=https://xxxx.supabase.co
+# SUPABASE_KEY=...

gcontext_mcp-0.1.1/.gitignore

@@ -0,0 +1,8 @@
+.env
+db.sqlite
+cloud.sqlite
+cloud_auth.sqlite
+workspaces/
+.venv/
+__pycache__/
+.pytest_cache/

gcontext_mcp-0.1.1/Dockerfile

@@ -0,0 +1,9 @@
+# gcontext CLOUD api (cloud_api.py). The connector (server.py) is NOT deployed — it runs
+# on each user's machine. Build context is apps/mcp-minimal (Coolify base_directory).
+FROM python:3.12-slim
+WORKDIR /app
+RUN pip install --no-cache-dir "psycopg[binary]>=3"
+COPY cloud_api.py .
+ENV HOST=0.0.0.0 PORT=8770
+EXPOSE 8770
+CMD ["python", "cloud_api.py"]

gcontext_mcp-0.1.1/Makefile

@@ -0,0 +1,48 @@
+# macOS ships GNU Make 3.81, which ignores .ONESHELL — so the `dev` recipe is one
+# shell line (\-joined) to keep the trap + background jobs in a single shell.
+SHELL := /bin/bash
+
+TOKEN      ?= devtoken
+CLOUD_PORT ?= 8770
+DASH_PORT  ?= 8765
+CLOUD_URL  := http://127.0.0.1:$(CLOUD_PORT)
+# cloud_api.py is Postgres-backed (Phase 3). `make pg` spins a throwaway local one.
+DATABASE_URL ?= postgres://postgres:pw@127.0.0.1:5432/gcontext
+
+.PHONY: dev cloud dashboard pg test help
+
+help:
+	@echo "make pg         - run a throwaway local Postgres in docker (port 5432)"
+	@echo "make dev        - run cloud API + dashboard together (dashboard is cloud-backed)"
+	@echo "make cloud      - run only the cloud API   ($(CLOUD_URL))  [needs DATABASE_URL]"
+	@echo "make dashboard  - run only the dashboard         (http://127.0.0.1:$(DASH_PORT))"
+	@echo "make test       - run the phase verify checks against DATABASE_URL"
+	@echo
+	@echo "To connect your AI client in cloud mode, set in its MCP config env:"
+	@echo "    GCONTEXT_API_URL=$(CLOUD_URL)   GCONTEXT_TOKEN=$(TOKEN)"
+
+# Throwaway local Postgres for dev/tests. Data is ephemeral.
+pg:
+	docker run -d --name gcontext-pg -e POSTGRES_PASSWORD=pw -e POSTGRES_DB=gcontext \
+		-p 5432:5432 postgres:16
+
+# One command to bring the whole local stack up. Ctrl-C stops both.
+dev:
+	@echo "cloud API -> $(CLOUD_URL)"
+	@echo "dashboard -> http://127.0.0.1:$(DASH_PORT)"
+	@echo "(Ctrl-C to stop both)"
+	@trap 'kill 0' EXIT; \
+	DATABASE_URL=$(DATABASE_URL) GCONTEXT_DEV_TOKEN=$(TOKEN) PORT=$(CLOUD_PORT) uv run cloud_api.py & \
+	sleep 1; \
+	GCONTEXT_API_URL=$(CLOUD_URL) GCONTEXT_TOKEN=$(TOKEN) uv run dashboard.py & \
+	wait
+
+cloud:
+	DATABASE_URL=$(DATABASE_URL) GCONTEXT_DEV_TOKEN=$(TOKEN) PORT=$(CLOUD_PORT) uv run cloud_api.py
+
+dashboard:
+	GCONTEXT_API_URL=$(CLOUD_URL) GCONTEXT_TOKEN=$(TOKEN) uv run dashboard.py
+
+test:
+	DATABASE_URL=$(DATABASE_URL) uv run test_phase1.py
+	DATABASE_URL=$(DATABASE_URL) uv run test_phase2.py

gcontext_mcp-0.1.1/PKG-INFO

@@ -0,0 +1,71 @@
+Metadata-Version: 2.4
+Name: gcontext-mcp
+Version: 0.1.1
+Summary: gcontext connector — local MCP bridge: cloud structure, local secret values
+Project-URL: Homepage, https://gcontext.ai
+License-Expression: MIT
+Requires-Python: >=3.11
+Requires-Dist: mcp<2,>=1
+Description-Content-Type: text/markdown
+
+# mcp-minimal
+
+A single local Python MCP server: a files/folders tree + a secret-name registry in
+SQLite, plus on-the-fly Python script execution with the local `.env` injected.
+Secret VALUES never leave this machine and never enter the database.
+
+## Setup
+
+```bash
+cd apps/mcp-minimal
+cp .env.example .env   # fill in your secret values
+```
+
+## Add to Claude Code
+
+```bash
+claude mcp add mcp-minimal -- uv run --directory /ABS/PATH/TO/apps/mcp-minimal python server.py
+```
+
+## Tools
+
+- `tool_list_dir(path="/")`, `tool_read_file(path)`, `tool_write_file(path, content)`,
+  `tool_create_folder(path)`, `tool_delete(path)`
+- `tool_list_secrets()`, `tool_register_secret(name, description)`, `tool_unregister_secret(name)`,
+  `tool_scaffold_env()`
+- `tool_run_script(code)` - runs `uv run --env-file .env python -c "<code>"`
+
+## The secret registry
+
+The registry holds secret NAMES + descriptions only — it is for **setup and
+verification**, not runtime. It does NOT gate `tool_run_script`, which injects the
+whole `.env` regardless of what's registered.
+
+1. `tool_register_secret(name, description)` - declare a required secret.
+2. `tool_scaffold_env()` - append blank `NAME=` lines to `.env` for any registered
+   secret not yet present, so the user just fills in the values.
+3. `tool_list_secrets()` - shows `present_locally` per name so you can confirm setup.
+
+## How it works
+
+1. Write a file describing a 3rd-party operation and which secret NAMES it needs;
+   declare those names with `tool_register_secret`.
+2. To act, read the file, generate Python, and call `tool_run_script`.
+3. Secret values resolve from the local `.env` at run time - never stored in the DB.
+
+## Security / trust model
+
+`tool_run_script` runs **arbitrary Python locally with your real `.env` injected** —
+there is no sandbox. It is exactly as trusted as whatever drives the server. Run it
+on your own machine only; never expose this server remotely.
+
+## Script contract
+
+- Read secrets via `os.environ["VAR"]` - never hardcode, never `load_dotenv`.
+- Use only registered names that show `present_locally: true`.
+- Exit codes: `0` OK, `2` missing secret (`KeyError`), `1` any other failure.
+
+## Config (env vars)
+
+- `MCP_MINIMAL_DB` - SQLite path (default `db.sqlite` next to `server.py`).
+- `MCP_MINIMAL_ENV_FILE` - secret-values file (default `.env` next to `server.py`).

gcontext_mcp-0.1.1/README.md

@@ -0,0 +1,61 @@
+# mcp-minimal
+
+A single local Python MCP server: a files/folders tree + a secret-name registry in
+SQLite, plus on-the-fly Python script execution with the local `.env` injected.
+Secret VALUES never leave this machine and never enter the database.
+
+## Setup
+
+```bash
+cd apps/mcp-minimal
+cp .env.example .env   # fill in your secret values
+```
+
+## Add to Claude Code
+
+```bash
+claude mcp add mcp-minimal -- uv run --directory /ABS/PATH/TO/apps/mcp-minimal python server.py
+```
+
+## Tools
+
+- `tool_list_dir(path="/")`, `tool_read_file(path)`, `tool_write_file(path, content)`,
+  `tool_create_folder(path)`, `tool_delete(path)`
+- `tool_list_secrets()`, `tool_register_secret(name, description)`, `tool_unregister_secret(name)`,
+  `tool_scaffold_env()`
+- `tool_run_script(code)` - runs `uv run --env-file .env python -c "<code>"`
+
+## The secret registry
+
+The registry holds secret NAMES + descriptions only — it is for **setup and
+verification**, not runtime. It does NOT gate `tool_run_script`, which injects the
+whole `.env` regardless of what's registered.
+
+1. `tool_register_secret(name, description)` - declare a required secret.
+2. `tool_scaffold_env()` - append blank `NAME=` lines to `.env` for any registered
+   secret not yet present, so the user just fills in the values.
+3. `tool_list_secrets()` - shows `present_locally` per name so you can confirm setup.
+
+## How it works
+
+1. Write a file describing a 3rd-party operation and which secret NAMES it needs;
+   declare those names with `tool_register_secret`.
+2. To act, read the file, generate Python, and call `tool_run_script`.
+3. Secret values resolve from the local `.env` at run time - never stored in the DB.
+
+## Security / trust model
+
+`tool_run_script` runs **arbitrary Python locally with your real `.env` injected** —
+there is no sandbox. It is exactly as trusted as whatever drives the server. Run it
+on your own machine only; never expose this server remotely.
+
+## Script contract
+
+- Read secrets via `os.environ["VAR"]` - never hardcode, never `load_dotenv`.
+- Use only registered names that show `present_locally: true`.
+- Exit codes: `0` OK, `2` missing secret (`KeyError`), `1` any other failure.
+
+## Config (env vars)
+
+- `MCP_MINIMAL_DB` - SQLite path (default `db.sqlite` next to `server.py`).
+- `MCP_MINIMAL_ENV_FILE` - secret-values file (default `.env` next to `server.py`).

gcontext_mcp-0.1.1/cloud_api.py

@@ -0,0 +1,350 @@
+"""gcontext CLOUD backend — Postgres-backed, hosted (Phase 3).
+
+Holds workspace STRUCTURE (files/folders/secret NAMES) in Postgres, guarded by tokens.
+The local gcontext connector talks to this over a single /rpc endpoint. Secret VALUES,
+the .env, and run_script NEVER touch this service — that is the whole privacy point.
+
+Accounts (Phase 2): POST /signup -> user + workspace + token; POST /login -> fresh token.
+Data (Phase 1): /rpc dispatches whitelisted STRUCTURE ops, scoped to the token's workspace.
+
+Tenant isolation is now a workspace_id column (Phase 1's per-file SQLite model doesn't
+map to a single shared Postgres). The token -> workspace_id is resolved server-side and
+injected as the first arg of every data fn, so a client cannot escape its own tenant.
+
+Env:
+  DATABASE_URL          required — postgres connection string
+  PORT                  default 8770
+  HOST                  default 127.0.0.1 (set 0.0.0.0 in the container)
+  GCONTEXT_DEV_TOKEN    optional — seeds a 'dev' workspace + token for local testing
+
+Run locally:  DATABASE_URL=postgres://... uv run cloud_api.py
+
+# ponytail: one psycopg connection per request (autocommit). Thread-safe and simple for
+# a low-traffic API; add psycopg_pool only if connection latency measurably bites.
+# ponytail: scrypt from hashlib (no argon2/bcrypt dep). Memory-hard, not weakened.
+"""
+import json, os, hashlib, secrets, datetime
+from http.server import BaseHTTPRequestHandler, ThreadingHTTPServer
+import psycopg
+
+
+def conn():
+    return psycopg.connect(os.environ["DATABASE_URL"], autocommit=True)
+
+def stamp():
+    return datetime.datetime.now(datetime.timezone.utc).isoformat()
+
+def norm(p):
+    parts = [x for x in p.split("/") if x]
+    return "/" + "/".join(parts)
+
+def parent(path):
+    parts = [x for x in path.split("/") if x]
+    return "/" + "/".join(parts[:-1])
+
+
+DDL = [
+    "create table if not exists workspaces("
+    "id text primary key, name text not null, created_at text not null)",
+    "create table if not exists tokens("
+    "token text primary key, workspace_id text not null)",
+    "create table if not exists users("
+    "id text primary key, email text unique not null, password_hash text not null,"
+    " workspace_id text not null, created_at text not null)",
+    "create table if not exists nodes("
+    "workspace_id text not null,"
+    "path text not null,"
+    "type text not null check(type in ('file','folder')),"
+    "content text not null default '',"
+    "updated_at text not null,"
+    "primary key (workspace_id, path))",
+    "create table if not exists secrets("
+    "workspace_id text not null,"
+    "name text not null,"
+    "description text not null default '',"
+    "present_locally boolean not null default false,"
+    "primary key (workspace_id, name))",
+]
+
+def init_db():
+    with conn() as c:
+        for stmt in DDL:
+            c.execute(stmt)
+
+
+# --- accounts ----------------------------------------------------------------
+def ensure_workspace(ws_id, name):
+    with conn() as c:
+        c.execute("insert into workspaces(id,name,created_at) values(%s,%s,%s) "
+                  "on conflict(id) do nothing", (ws_id, name, stamp()))
+
+def issue_token(token, ws_id):
+    with conn() as c:
+        c.execute("insert into tokens(token,workspace_id) values(%s,%s) "
+                  "on conflict(token) do nothing", (token, ws_id))
+
+def resolve(token):
+    with conn() as c:
+        row = c.execute("select workspace_id from tokens where token=%s", (token,)).fetchone()
+    return row[0] if row else None
+
+def hash_pw(pw):
+    salt = secrets.token_bytes(16)
+    h = hashlib.scrypt(pw.encode(), salt=salt, n=2**14, r=8, p=1)
+    return salt.hex() + "$" + h.hex()
+
+def verify_pw(pw, stored):
+    salt_hex, h_hex = stored.split("$", 1)
+    h = hashlib.scrypt(pw.encode(), salt=bytes.fromhex(salt_hex), n=2**14, r=8, p=1)
+    return secrets.compare_digest(h.hex(), h_hex)
+
+def signup(email, password):
+    email = (email or "").strip().lower()
+    if not email or not password:
+        raise ValueError("email and password required")
+    with conn() as c:
+        if c.execute("select 1 from users where email=%s", (email,)).fetchone():
+            raise ValueError("email already registered")
+        ws_id = secrets.token_hex(8)
+        token = secrets.token_urlsafe(32)
+        c.execute("insert into workspaces(id,name,created_at) values(%s,%s,%s)",
+                  (ws_id, email, stamp()))
+        c.execute("insert into tokens(token,workspace_id) values(%s,%s)", (token, ws_id))
+        c.execute("insert into users(id,email,password_hash,workspace_id,created_at) "
+                  "values(%s,%s,%s,%s,%s)",
+                  (secrets.token_hex(8), email, hash_pw(password), ws_id, stamp()))
+    return {"token": token, "workspace_id": ws_id}
+
+def login(email, password):
+    email = (email or "").strip().lower()
+    with conn() as c:
+        row = c.execute("select password_hash, workspace_id from users where email=%s",
+                        (email,)).fetchone()
+    if not row or not verify_pw(password, row[0]):
+        raise ValueError("bad credentials")
+    token = secrets.token_urlsafe(32)  # fresh token per login (multiple devices ok)
+    issue_token(token, row[1])
+    return {"token": token, "workspace_id": row[1]}
+
+
+# --- structure (workspace-scoped) -------------------------------------------
+def _ensure_parents(c, workspace_id, path, now):
+    parts = [x for x in path.split("/") if x]
+    for i in range(1, len(parts)):
+        anc = "/" + "/".join(parts[:i])
+        row = c.execute("select type from nodes where workspace_id=%s and path=%s",
+                        (workspace_id, anc)).fetchone()
+        if row is None:
+            c.execute("insert into nodes(workspace_id,path,type,content,updated_at) "
+                      "values(%s,%s,'folder','',%s)", (workspace_id, anc, now))
+        elif row[0] == "file":
+            raise ValueError(f"path is a file, cannot contain children: {anc}")
+
+def list_dir(workspace_id, path="/"):
+    path = norm(path)
+    with conn() as c:
+        if path != "/":
+            row = c.execute("select type from nodes where workspace_id=%s and path=%s",
+                            (workspace_id, path)).fetchone()
+            if row is None:
+                raise ValueError(f"no such folder: {path}")
+            if row[0] != "folder":
+                raise ValueError(f"path is a file: {path}")
+        rows = c.execute("select path,type from nodes where workspace_id=%s",
+                         (workspace_id,)).fetchall()
+    return [{"path": p, "type": t} for (p, t) in rows if parent(p) == path]
+
+def read_file(workspace_id, path):
+    path = norm(path)
+    with conn() as c:
+        row = c.execute("select type,content from nodes where workspace_id=%s and path=%s",
+                        (workspace_id, path)).fetchone()
+    if row is None:
+        raise ValueError(f"no such file: {path}")
+    if row[0] != "file":
+        raise ValueError(f"path is a folder: {path}")
+    return {"path": path, "content": row[1]}
+
+def write_file(workspace_id, path, content):
+    path = norm(path)
+    if path == "/":
+        raise ValueError("cannot write to root")
+    now = stamp()
+    with conn() as c:
+        existing = c.execute("select type from nodes where workspace_id=%s and path=%s",
+                             (workspace_id, path)).fetchone()
+        if existing and existing[0] == "folder":
+            raise ValueError(f"path is a folder: {path}")
+        _ensure_parents(c, workspace_id, path, now)
+        c.execute("insert into nodes(workspace_id,path,type,content,updated_at) "
+                  "values(%s,%s,'file',%s,%s) "
+                  "on conflict(workspace_id,path) do update set "
+                  "content=excluded.content, updated_at=excluded.updated_at",
+                  (workspace_id, path, content, now))
+    return {"path": path, "ok": True}
+
+def create_folder(workspace_id, path):
+    path = norm(path)
+    if path == "/":
+        return {"path": "/", "ok": True}
+    now = stamp()
+    with conn() as c:
+        existing = c.execute("select type from nodes where workspace_id=%s and path=%s",
+                             (workspace_id, path)).fetchone()
+        if existing:
+            if existing[0] == "file":
+                raise ValueError(f"path is a file: {path}")
+            return {"path": path, "ok": True}
+        _ensure_parents(c, workspace_id, path, now)
+        c.execute("insert into nodes(workspace_id,path,type,content,updated_at) "
+                  "values(%s,%s,'folder','',%s)", (workspace_id, path, now))
+    return {"path": path, "ok": True}
+
+def delete(workspace_id, path):
+    path = norm(path)
+    if path == "/":
+        raise ValueError("cannot delete root")
+    with conn() as c:
+        row = c.execute("select type from nodes where workspace_id=%s and path=%s",
+                        (workspace_id, path)).fetchone()
+        if row is None:
+            raise ValueError(f"no such path: {path}")
+        if row[0] == "folder":
+            c.execute("delete from nodes where workspace_id=%s and (path=%s or path like %s)",
+                      (workspace_id, path, path + "/%"))
+        else:
+            c.execute("delete from nodes where workspace_id=%s and path=%s", (workspace_id, path))
+    return {"path": path, "deleted": True}
+
+def all_files(workspace_id):
+    with conn() as c:
+        rows = c.execute("select path from nodes where workspace_id=%s and type='file' "
+                         "order by path", (workspace_id,)).fetchall()
+    return [p for (p,) in rows]
+
+def secret_names(workspace_id):
+    with conn() as c:
+        rows = c.execute("select name,description,present_locally from secrets "
+                         "where workspace_id=%s order by name", (workspace_id,)).fetchall()
+    return [{"name": n, "description": d, "present_locally": bool(p)} for (n, d, p) in rows]
+
+def register_secret(workspace_id, name, description=""):
+    with conn() as c:
+        c.execute("insert into secrets(workspace_id,name,description) values(%s,%s,%s) "
+                  "on conflict(workspace_id,name) do update set description=excluded.description",
+                  (workspace_id, name, description))
+    return {"name": name, "ok": True}
+
+def unregister_secret(workspace_id, name):
+    with conn() as c:
+        c.execute("delete from secrets where workspace_id=%s and name=%s", (workspace_id, name))
+    return {"name": name, "removed": True}
+
+def report_presence(workspace_id, present):
+    with conn() as c:
+        c.execute("update secrets set present_locally=false where workspace_id=%s", (workspace_id,))
+        for name in present:
+            c.execute("update secrets set present_locally=true where workspace_id=%s and name=%s",
+                      (workspace_id, name))
+    return {"ok": True, "present": present}
+
+def overview(workspace_id):
+    with conn() as c:
+        rows = c.execute("select path,type from nodes where workspace_id=%s order by path",
+                         (workspace_id,)).fetchall()
+        nsec = c.execute("select count(*) from secrets where workspace_id=%s",
+                         (workspace_id,)).fetchone()[0]
+    files = [p for p, t in rows if t == "file"]
+    folders = [p for p, t in rows if t == "folder"]
+    integrations = [p for p in folders if parent(p) == "/integrations"]
+    tree = "\n".join(
+        ("  " * (p.count("/") - 1)) + p.rsplit("/", 1)[-1] + ("/" if t == "folder" else "")
+        for p, t in rows
+    )
+    return {
+        "integrations": len(integrations),
+        "integration_names": [p.rsplit("/", 1)[-1] for p in integrations],
+        "folders": len(folders),
+        "files": len(files),
+        "secrets": nsec,
+        "tree": tree or "(empty)",
+    }
+
+
+# Whitelist = STRUCTURE only. run_script / scaffold_env / env_keys are deliberately
+# absent: execution and secret values stay on the user's machine.
+ALLOWED = {
+    fn.__name__: fn for fn in (
+        list_dir, read_file, write_file, create_folder, delete,
+        overview, secret_names, all_files, register_secret, unregister_secret,
+        report_presence,  # connector reports which secrets are set locally (booleans only)
+    )
+}
+
+
+class Handler(BaseHTTPRequestHandler):
+    def _send(self, code, payload):
+        data = json.dumps(payload).encode()
+        self.send_response(code)
+        self.send_header("Content-Type", "application/json")
+        self.send_header("Content-Length", str(len(data)))
+        self.end_headers()
+        self.wfile.write(data)
+
+    def _body(self):
+        n = int(self.headers.get("Content-Length") or 0)
+        return json.loads(self.rfile.read(n) or b"{}")
+
+    def do_POST(self):
+        # Account endpoints issue tokens; everything else is token-gated /rpc.
+        if self.path in ("/signup", "/login"):
+            fn = signup if self.path == "/signup" else login
+            try:
+                body = self._body()
+                return self._send(200, fn(body.get("email", ""), body.get("password", "")))
+            except ValueError as e:
+                return self._send(401 if self.path == "/login" else 400, {"error": str(e)})
+        if self.path != "/rpc":
+            return self._send(404, {"error": "not found"})
+        auth = self.headers.get("Authorization", "")
+        token = auth[len("Bearer "):] if auth.startswith("Bearer ") else ""
+        ws = resolve(token)
+        if not ws:
+            return self._send(401, {"error": "bad token"})
+        req = self._body()
+        fn = ALLOWED.get(req.get("fn"))
+        if not fn:
+            return self._send(400, {"error": f"not allowed: {req.get('fn')}"})
+        # workspace_id is injected from the resolved token; strip any client-sent value
+        # so args can never override which tenant is touched.
+        args = {k: v for k, v in (req.get("args") or {}).items() if k != "workspace_id"}
+        try:
+            self._send(200, {"result": fn(ws, **args)})
+        except ValueError as e:
+            self._send(200, {"error": str(e)})  # surfaced as ValueError on the client
+
+    def log_message(self, *a):  # quiet
+        pass
+
+    def do_GET(self):
+        # Liveness probe for Coolify health checks.
+        if self.path in ("/", "/health"):
+            return self._send(200, {"ok": True})
+        return self._send(404, {"error": "not found"})
+
+
+def main():
+    host = os.environ.get("HOST", "127.0.0.1")
+    port = int(os.environ.get("PORT", "8770"))
+    init_db()
+    dev_token = os.environ.get("GCONTEXT_DEV_TOKEN")
+    if dev_token:  # local dev convenience; production issues tokens via /signup
+        ensure_workspace("dev", "Dev Workspace")
+        issue_token(dev_token, "dev")
+    srv = ThreadingHTTPServer((host, port), Handler)
+    print(f"cloud api on http://{host}:{port}  (db: set, dev token: {bool(dev_token)})")
+    srv.serve_forever()
+
+
+if __name__ == "__main__":
+    main()