logodev-mcp 1.0.0__tar.gz

logodev_mcp-1.0.0/.copier-answers.yml

@@ -0,0 +1,13 @@
+# Changes here will be overwritten by `copier update`.
+_commit: v2.5.3
+_src_path: gh:pvliesdonk/fastmcp-server-template
+docker_registry: ghcr.io/pvliesdonk
+domain_description: Look up company logos and brand data via the logo.dev API.
+enable_authorization: false
+env_prefix: LOGODEV_MCP
+github_org: pvliesdonk
+human_name: Logo.dev MCP
+include_mcp_apps_scaffold: false
+project_name: logodev-mcp
+pypi_name: logodev-mcp
+python_module: logodev_mcp

logodev_mcp-1.0.0/.env.example

@@ -0,0 +1,30 @@
+# Logo.dev MCP environment variables (copy to .env and fill in).
+
+# --- Server ---
+# LOGODEV_MCP_TRANSPORT=stdio   # stdio | http | sse
+# LOGODEV_MCP_HOST=127.0.0.1
+# LOGODEV_MCP_PORT=8000
+# LOGODEV_MCP_HTTP_PATH=/mcp
+# LOGODEV_MCP_BASE_URL=https://mcp.example.com
+
+# --- Authentication (pick one flavor) ---
+# LOGODEV_MCP_BEARER_TOKEN=<secret>
+
+# LOGODEV_MCP_BEARER_TOKENS_FILE=/etc/logodev-mcp/tokens.toml   # mapped per-token subjects (overrides BEARER_TOKEN)
+
+# LOGODEV_MCP_OIDC_CONFIG_URL=https://auth.example.com/.well-known/openid-configuration
+# LOGODEV_MCP_OIDC_CLIENT_ID=<client-id>
+# LOGODEV_MCP_OIDC_CLIENT_SECRET=<client-secret>
+# LOGODEV_MCP_OIDC_AUDIENCE=
+# LOGODEV_MCP_OIDC_REQUIRED_SCOPES=openid
+# LOGODEV_MCP_OIDC_JWT_SIGNING_KEY=<hex-string>
+
+# --- Remote debugger (development only — image must be built with --build-arg DEBUG=true) ---
+# LOGODEV_MCP_DEBUG_PORT=5678
+# LOGODEV_MCP_DEBUG_WAIT=false   # set true to block startup until the IDE attaches
+
+# --- Domain (populate from your ProjectConfig) ---
+# logo.dev publishable key (pk_…) — enables the get_logo tool
+# LOGODEV_MCP_PUBLISHABLE_KEY=pk_live_xxx
+# logo.dev secret key (sk_…) — enables search_brands / describe_company / get_brand
+# LOGODEV_MCP_SECRET_KEY=sk_live_xxx

logodev_mcp-1.0.0/.gemini/config.yaml

@@ -0,0 +1,18 @@
+# Gemini Code Assist — repo review config
+# Reference: https://developers.google.com/gemini-code-assist/docs/customize-repo-review
+#
+# gemini-code-assist is a merge gate, not a pair reviewer. Local review (two
+# subagent code-reviewers with different prompt templates) runs before any
+# push; by the time the PR opens we expect the hosted bot to have nothing to
+# flag. These settings narrow the bot's scope so it fires on flip-to-ready
+# (not on every draft push) and only surfaces real issues.
+
+code_review:
+  disable: false
+  comment_severity_threshold: HIGH
+  max_review_comments: 20
+  pull_request_opened:
+    help: false
+    summary: false
+    code_review: true
+    include_drafts: false

logodev_mcp-1.0.0/.gitattributes

@@ -0,0 +1,3 @@
+# Generated by scripts/vendor_spa.py — do not edit directly.
+# Edit static/app.src.html instead and re-run the vendor script.
+src/logodev_mcp/static/app.html linguist-generated=true

logodev_mcp-1.0.0/.github/codeql/codeql-config.yml

@@ -0,0 +1,7 @@
+name: "CodeQL config"
+
+query-filters:
+  - exclude:
+      id: py/clear-text-storage-of-sensitive-information
+      paths:
+        - src/logodev_mcp/git.py

logodev_mcp-1.0.0/.github/dependabot.yml

@@ -0,0 +1,15 @@
+version: 2
+updates:
+  - package-ecosystem: pip
+    directory: "/"
+    schedule:
+      interval: weekly
+    labels:
+      - dependencies
+
+  - package-ecosystem: github-actions
+    directory: "/"
+    schedule:
+      interval: weekly
+    labels:
+      - dependencies

logodev_mcp-1.0.0/.github/workflows/ci.yml

@@ -0,0 +1,332 @@
+name: CI
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+  workflow_dispatch:
+
+jobs:
+  lint:
+    name: Lint
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    steps:
+      - uses: actions/checkout@v7
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@v8.2.0
+        with:
+          version: "latest"
+
+      - name: Cache Python interpreter
+        uses: actions/cache@v5
+        with:
+          path: ~/.local/share/uv/python
+          key: uv-python-3.12-${{ runner.os }}
+
+      - name: Set up Python
+        run: uv python install 3.12
+
+      - name: Install dependencies
+        run: uv sync --all-extras --all-groups
+
+      - name: Run ruff check
+        run: uv run ruff check src/ tests/
+
+      - name: Run ruff format check
+        run: uv run ruff format --check src/ tests/
+
+  typecheck:
+    name: Type Check
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    steps:
+      - uses: actions/checkout@v7
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@v8.2.0
+        with:
+          version: "latest"
+
+      - name: Cache Python interpreter
+        uses: actions/cache@v5
+        with:
+          path: ~/.local/share/uv/python
+          key: uv-python-3.12-${{ runner.os }}
+
+      - name: Set up Python
+        run: uv python install 3.12
+
+      - name: Install dependencies
+        run: uv sync --all-extras --all-groups
+
+      - name: Run mypy
+        run: uv run mypy src/ tests/
+
+  test:
+    name: Test (Python ${{ matrix.python-version }})
+    runs-on: ubuntu-latest
+    # Prevent a stalled `uv python install` from blocking the PR for hours.
+    # 20 min covers the full test matrix with headroom; cold interpreter
+    # downloads from python-build-standalone are the most likely stall source.
+    timeout-minutes: 20
+    continue-on-error: ${{ matrix.experimental || false }}
+    permissions:
+      contents: read
+      statuses: write
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - python-version: "3.11"
+            experimental: false
+          - python-version: "3.12"
+            experimental: false
+          - python-version: "3.13"
+            experimental: false
+          - python-version: "3.14"
+            experimental: true
+    steps:
+      - uses: actions/checkout@v7
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@v8.2.0
+        with:
+          version: "latest"
+
+      - name: Cache Python interpreter
+        uses: actions/cache@v5
+        with:
+          # `uv python install` writes to UV_PYTHON_INSTALL_DIR, which is
+          # separate from the uv package cache and not covered by setup-uv's
+          # enable-cache. Caching by version + OS avoids re-downloading the
+          # python-build-standalone tarball on every run.
+          path: ~/.local/share/uv/python
+          key: uv-python-${{ matrix.python-version }}-${{ runner.os }}
+
+      - name: Set up Python ${{ matrix.python-version }}
+        run: uv python install ${{ matrix.python-version }}
+
+      - name: Install dependencies
+        run: uv sync --all-extras --all-groups
+
+      - name: Run tests with coverage
+        run: uv run pytest --cov --cov-report=xml
+
+      - name: Upload coverage to Codecov
+        if: matrix.python-version == '3.13'
+        uses: codecov/codecov-action@v6
+        with:
+          files: ./coverage.xml
+          fail_ci_if_error: false
+          override_pr: ${{ github.event.pull_request.number }}
+        env:
+          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
+
+      - name: Fetch base branch for diff-cover
+        if: matrix.python-version == '3.13' && github.event_name == 'pull_request'
+        run: git fetch origin ${{ github.base_ref }} --depth=50
+
+      - name: Check patch coverage
+        id: diffcover
+        if: matrix.python-version == '3.13' && github.event_name == 'pull_request'
+        env:
+          BASE_REF: ${{ github.base_ref }}
+        run: |
+          # Check if PR has Python source changes
+          HAS_PY=$(git diff --name-only "origin/${BASE_REF}...HEAD" | grep -c '\.py$' || true)
+          if [ "$HAS_PY" -eq 0 ]; then
+            echo "state=success" >> "$GITHUB_OUTPUT"
+            echo "description=Coverage not affected" >> "$GITHUB_OUTPUT"
+            echo "No Python source changes — skipping diff-cover"
+          else
+            OUTPUT=$(uv run diff-cover coverage.xml --compare-branch="origin/${BASE_REF}" --fail-under=80 2>&1) && RC=0 || RC=$?
+            echo "$OUTPUT"
+            TOTAL=$(echo "$OUTPUT" | grep -oP 'Total:\s+\K[\d.]+' || true)
+            if [ -z "$TOTAL" ] && [ "$RC" -ne 0 ]; then
+              echo "state=error" >> "$GITHUB_OUTPUT"
+              echo "description=diff-cover failed to compute patch coverage" >> "$GITHUB_OUTPUT"
+            elif [ -z "$TOTAL" ]; then
+              echo "state=success" >> "$GITHUB_OUTPUT"
+              echo "description=No coverable lines in diff" >> "$GITHUB_OUTPUT"
+            elif [ "$RC" -eq 0 ]; then
+              echo "state=success" >> "$GITHUB_OUTPUT"
+              echo "description=Patch coverage: ${TOTAL}%" >> "$GITHUB_OUTPUT"
+            else
+              echo "state=failure" >> "$GITHUB_OUTPUT"
+              echo "description=Patch coverage: ${TOTAL}% (minimum 80%)" >> "$GITHUB_OUTPUT"
+            fi
+          fi
+
+      - name: Save patch coverage result
+        if: matrix.python-version == '3.13' && github.event_name == 'pull_request'
+        env:
+          PATCH_STATE: ${{ steps.diffcover.outputs.state || 'error' }}
+          PATCH_DESC: ${{ steps.diffcover.outputs.description || 'diff-cover step did not run' }}
+        run: |
+          jq -n --arg state "$PATCH_STATE" --arg description "$PATCH_DESC" \
+            '{"state":$state,"description":$description}' > patch-coverage.json
+
+      - name: Upload patch coverage artifact
+        if: matrix.python-version == '3.13' && github.event_name == 'pull_request'
+        uses: actions/upload-artifact@v7
+        with:
+          name: patch-coverage
+          path: patch-coverage.json
+          retention-days: 1
+
+      - name: Post codecov/patch status
+        # Fork PRs: GITHUB_TOKEN is read-only for pull_request events from forks regardless
+        # of the permissions block — GitHub security restriction. continue-on-error prevents
+        # the job from failing; coverage-status.yml posts the status via workflow_run instead.
+        if: matrix.python-version == '3.13' && github.event_name == 'pull_request' && always()
+        continue-on-error: true
+        uses: actions/github-script@v9
+        env:
+          PATCH_STATE: ${{ steps.diffcover.outputs.state }}
+          PATCH_DESC: ${{ steps.diffcover.outputs.description }}
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            const state = process.env.PATCH_STATE || 'error';
+            const description = process.env.PATCH_DESC || 'diff-cover step did not run';
+            const headSha = context.payload.pull_request.head.sha;
+            core.info(`Posting codecov/patch: ${state} — ${description} to ${headSha}`);
+            await github.rest.repos.createCommitStatus({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              sha: headSha,
+              state,
+              context: 'codecov/patch',
+              description,
+              target_url: 'https://app.codecov.io/gh/pvliesdonk/logodev-mcp',
+            });
+
+  audit:
+    name: Dependency Audit
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    permissions:
+      contents: read
+    steps:
+      - uses: actions/checkout@v7
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@v8.2.0
+        with:
+          version: "latest"
+
+      - name: Cache Python interpreter
+        uses: actions/cache@v5
+        with:
+          path: ~/.local/share/uv/python
+          key: uv-python-3.12-${{ runner.os }}
+
+      - name: Set up Python
+        run: uv python install 3.12
+
+      - name: Export dependency list (excluding local project)
+        # `dev` is uv's only auto-activated default group, so --no-default-groups
+        # excludes it; `docs` is non-default and never exported unless explicitly
+        # requested via --group/--all-groups (neither passed here). Net effect:
+        # only runtime + user-defined extras land in the audit input — avoids
+        # spurious CVE reports against tooling (pip-audit's own `pip` dep, etc.)
+        # that does not run in production.
+        run: uv export --all-extras --no-default-groups --frozen --no-emit-project --no-hashes -o ${{ runner.temp }}/requirements.txt
+
+      - name: Run pip-audit
+        run: |
+          uvx pip-audit --strict --progress-spinner off \
+            --ignore-vuln CVE-2026-42561 \
+            -r ${{ runner.temp }}/requirements.txt
+          # CVE-2026-42561: python-multipart <0.0.27, pulled in transitively by
+          # fastmcp/starlette. Ignored until the upstream pin chain propagates
+          # the fix to 0.0.27. Remove once `uv lock` resolves >=0.0.27.
+
+  secrets:
+    name: Secret Detection
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - uses: actions/checkout@v7
+        with:
+          fetch-depth: 0
+
+      - name: Run gitleaks
+        uses: gitleaks/gitleaks-action@ff98106e4c7b2bc287b24eaf42907196329070c7  # v2
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+  vale:
+    name: Docs Prose (Vale)
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      # vale-cli/vale-action posts findings as PR annotations via reviewdog.
+      # The default reporter (`github-pr-annotations`) uses the GitHub Checks
+      # API — `checks: write` is sufficient. If a downstream switches the
+      # reporter to `github-pr-review` (inline PR review comments), they
+      # need to add `pull-requests: write` here too.
+      checks: write
+    steps:
+      - uses: actions/checkout@v7
+
+      - name: Cache Vale style packages
+        # Cache only the downloaded pack directories — NOT .vale/styles/config/.
+        # The config/ subtree (accept.txt vocabulary) is tracked by git and must
+        # stay authoritative from checkout. Caching the whole .vale/styles tree
+        # would let restore-keys overwrite a newly-added vocab term with the
+        # stale snapshot on the exact PR that adds the term.
+        # Pack list mirrors the Packages = line in .vale.ini; if you add or
+        # remove a pack, update both. Bump the v1- prefix to evict all cached
+        # packs if Vale changes pack format backward-incompatibly.
+        uses: actions/cache@v5
+        with:
+          path: |
+            .vale/styles/Google
+            .vale/styles/proselint
+            .vale/styles/write-good
+            .vale/styles/ai-tells
+          key: vale-styles-v1-${{ hashFiles('.vale.ini') }}
+          # Warm-start fallback: restores the most recent pack snapshot when
+          # .vale.ini changes (e.g. URL bump). vale sync then only re-fetches
+          # the changed pack rather than re-downloading all four.
+          restore-keys: vale-styles-v1-
+
+      - name: Run Vale
+        # SHA pin matches the gitleaks-action pattern earlier in this file.
+        # The current release is named "v2.1.2" in the GitHub UI but the
+        # underlying git tag is `2.1.2` (no `v` prefix) — pinning to the
+        # SHA sidesteps that mismatch and provides supply-chain hygiene.
+        uses: vale-cli/vale-action@85f9f7f2c5f449ac0ae5b66662961bae3f77ca6a  # v2.1.2
+        with:
+          # Pin Vale CLI version explicitly. Bump in lockstep with the
+          # pre-commit hook `rev:` in .pre-commit-config.yaml — template-ci
+          # asserts the two stay synchronized.
+          version: "3.14.2"
+          files: docs
+          # Working specs follow internal conventions, not user-facing prose
+          # style — exclude from linting. NO inner single quotes around the
+          # glob value: vale-action splits `vale_flags` on whitespace and
+          # passes argv elements directly (no shell), so literal quotes here
+          # would be passed through to Vale, the glob would match no files,
+          # and CI would silently exit 0. Verified empirically.
+          vale_flags: "--glob=!docs/superpowers/**"
+          # Failure gating is controlled by MinAlertLevel = error in
+          # .vale.ini (governs both what Vale prints AND its exit code)
+          # combined with fail_on_error below — only error-severity
+          # findings fail CI; warnings and suggestions surface as advisory
+          # annotations. (The action also accepts a `level:` input, but at
+          # the pinned SHA that input is declared but never read — the
+          # reviewdog level is derived from Vale's exit code and
+          # fail_on_error. Setting it here would be a no-op.)
+          fail_on_error: true
+          # filter_mode defaults to `added` — only findings on lines this PR
+          # adds or modifies fail the build. Pre-existing prose debt isn't a
+          # blocker for new contributions; downstream's own untouched docs
+          # don't gate PRs that don't touch them. To enforce repo-wide
+          # cleanliness, set this to `nofilter`.
+          filter_mode: added

logodev_mcp-1.0.0/.github/workflows/claude-code-review.yml

@@ -0,0 +1,58 @@
+name: Claude Code Review
+
+on:
+  pull_request:
+    types: [opened, synchronize, ready_for_review, reopened]
+    # Optional: Only run on specific file changes
+    # paths:
+    #   - "src/**/*.ts"
+    #   - "src/**/*.tsx"
+    #   - "src/**/*.js"
+    #   - "src/**/*.jsx"
+
+jobs:
+  claude-review:
+    # Skip PRs from forks: GitHub does not expose repository secrets
+    # (including CLAUDE_CODE_OAUTH_TOKEN) to workflows running in fork-PR
+    # context, regardless of maintainer approval. Running anyway produces
+    # a hard-failing check on every external contribution. Maintainers who
+    # want a bot review on a fork PR can push the contributor's branch to
+    # this repo under a topic name and the workflow will run.
+    if: github.event.pull_request.head.repo.full_name == github.repository
+
+    # Optional: Filter by PR author
+    # if: |
+    #   github.event.pull_request.user.login == 'external-contributor' ||
+    #   github.event.pull_request.user.login == 'new-developer' ||
+    #   github.event.pull_request.author_association == 'FIRST_TIME_CONTRIBUTOR'
+
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: write  # Required so the review action can post inline comments
+      issues: read
+      id-token: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v7
+        with:
+          fetch-depth: 1
+
+      - name: Run Claude Code Review
+        id: claude-review
+        uses: anthropics/claude-code-action@v1
+        with:
+          claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
+          plugin_marketplaces: 'https://github.com/anthropics/claude-code.git'
+          plugins: 'code-review@claude-code-plugins'
+          # `--comment` tells the plugin to actually post (without it, the plugin
+          # runs the full review and stops silently — burning ~$3/PR for no output).
+          prompt: '/code-review:code-review --comment ${{ github.repository }}/pull/${{ github.event.pull_request.number }}'
+          # Surface progress so a silent failure is visible: a sticky tracking
+          # comment updates during the run, and the Claude Code Report appears
+          # in the job's GitHub Step Summary.
+          track_progress: true
+          display_report: true
+          # See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md
+          # or https://code.claude.com/docs/en/cli-reference for available options

logodev_mcp-1.0.0/.github/workflows/claude.yml

@@ -0,0 +1,55 @@
+name: Claude Code
+
+on:
+  issue_comment:
+    types: [created]
+  pull_request_review_comment:
+    types: [created]
+  issues:
+    types: [opened, assigned]
+  pull_request_review:
+    types: [submitted]
+
+jobs:
+  claude:
+    # Trigger only on @claude mentions, AND on the two PR-context events
+    # (`pull_request_review*`) only when the PR head is in this repo. Those
+    # events run in PR context for fork PRs, where GitHub withholds repository
+    # secrets (incl. CLAUDE_CODE_OAUTH_TOKEN) and the action would auth-fail.
+    # `issues` and `issue_comment` always run in base-repo context, so secrets
+    # are available — no fork check needed there.
+    if: |
+      (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) ||
+      (github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude'))) ||
+      (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude') && github.event.pull_request.head.repo.full_name == github.repository) ||
+      (github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude') && github.event.pull_request.head.repo.full_name == github.repository)
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: read
+      issues: read
+      id-token: write
+      actions: read # Required for Claude to read CI results on PRs
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v7
+        with:
+          fetch-depth: 1
+
+      - name: Run Claude Code
+        id: claude
+        uses: anthropics/claude-code-action@v1
+        with:
+          claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
+
+          # This is an optional setting that allows Claude to read CI results on PRs
+          additional_permissions: |
+            actions: read
+
+          # Optional: Give a custom prompt to Claude. If this is not specified, Claude will perform the instructions specified in the comment that tagged it.
+          # prompt: 'Update the pull request description to include a summary of changes.'
+
+          # Optional: Add claude_args to customize behavior and configuration
+          # See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md
+          # or https://code.claude.com/docs/en/cli-reference for available options
+          # claude_args: '--allowed-tools Bash(gh pr *)'

logodev_mcp-1.0.0/.github/workflows/codeql.yml

@@ -0,0 +1,31 @@
+name: CodeQL
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+  schedule:
+    - cron: "0 6 * * 1"  # Weekly on Monday at 06:00 UTC
+
+permissions:
+  actions: read
+  contents: read
+  security-events: write
+
+jobs:
+  analyze:
+    name: CodeQL Analysis
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v7
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v4
+        with:
+          languages: python
+          queries: security-extended
+          config-file: .github/codeql/codeql-config.yml
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v4