diff options
| author | Craig Jennings <c@cjennings.net> | 2026-05-06 23:11:15 -0500 |
|---|---|---|
| committer | Craig Jennings <c@cjennings.net> | 2026-05-06 23:11:15 -0500 |
| commit | 07c2c5ccf288e6ecc25808784ea407821df3d433 (patch) | |
| tree | 1d46d819e04320b81313219bd1642c464cefe690 /.gitignore | |
| parent | d81b23ad6b6e437dfe3c338a00a4be39bc555146 (diff) | |
| download | rulesets-07c2c5ccf288e6ecc25808784ea407821df3d433.tar.gz rulesets-07c2c5ccf288e6ecc25808784ea407821df3d433.zip | |
feat(mcp): add user-scope MCP install pipeline
I needed a single source of truth for MCP server registration so a fresh machine boots with the full set instead of being rebuilt by hand. install.py decrypts mcp/secrets.env.gpg, expands ${VAR} placeholders in mcp/servers.json, and runs claude mcp add --scope user for anything not already registered. Idempotent.
The encrypted bundle carries six values: the Google client id and secret, the Figma API key, the GCP OAuth keys JSON (base64), and the two @a-bonus/google-docs-mcp token caches (personal and work, base64). install.py writes the keys file and the two token files to the paths each package reads at startup, all mode 600.
Bundling the Google Docs tokens lets a new machine connect google-docs-personal and google-docs-work without the interactive OAuth flow. Without the cached token, the package falls back to a browser-redirect flow that Claude Code's stdio MCP loader can't drive, so it shows "Failed to connect" until the user runs the npx command manually.
Make target: install-mcp. Plaintext secrets and the decrypted keys file are gitignored.
Diffstat (limited to '.gitignore')
| -rw-r--r-- | .gitignore | 5 |
1 files changed, 5 insertions, 0 deletions
@@ -15,3 +15,8 @@ # Claude config — settings.local.json is per-machine, never commit .claude/settings.local.json + +# MCP plaintext secrets and decrypted-at-runtime credentials +# (only the .gpg counterpart is safe to commit) +mcp/secrets.env +mcp/gcp-oauth.keys.json |