diff options
| author | Craig Jennings <c@cjennings.net> | 2026-05-28 09:20:08 -0500 |
|---|---|---|
| committer | Craig Jennings <c@cjennings.net> | 2026-05-28 09:20:08 -0500 |
| commit | 814695eae81dd1c63d75cae87375e703bb388243 (patch) | |
| tree | ebdb631f5d4a93cabe92fbb99c1362876fc32fca /README.org | |
| parent | 5c0c7a6f213609f5be8258f07b763201ad182876 (diff) | |
| download | rulesets-814695eae81dd1c63d75cae87375e703bb388243.tar.gz rulesets-814695eae81dd1c63d75cae87375e703bb388243.zip | |
feat(mcp): add uninstall + --check + README section for MCP pipeline
Three coupled additions close the MCP pipeline thread.
mcp/install.py grew --uninstall and --check modes via argparse. The
default install behavior is unchanged.
--uninstall iterates over servers.json and runs `claude mcp remove
<name> -s user` for each, skipping anything not registered. Idempotent.
--check is the dry-run drift report. For each server, classify as ok
(in both servers.json and `claude mcp list`), MISSING (configured but
not registered), or EXTRA (registered but not in servers.json). Exit
non-zero only on MISSING since EXTRA entries are often deliberate (the
claude.ai web servers register out-of-band). Smoke test against the
live config: 9 ok, 0 missing, 3 EXTRA, exit 0.
Two new Makefile targets:
- make uninstall-mcp invokes the --uninstall mode.
- make check-mcp invokes the --check mode.
README.org gained an MCP section under Two install modes covering all
three targets, the OAuth-token-on-disk story, and a pointer to
mcp/README.org for the full pipeline.
Closes TODO #7 (uninstall + --check) and TODO #8 (README MCP section).
Diffstat (limited to 'README.org')
| -rw-r--r-- | README.org | 29 |
1 files changed, 29 insertions, 0 deletions
@@ -49,6 +49,35 @@ What gets installed: The install is re-runnable. Running it again refreshes files in place; personal tweaks live in =.claude/settings.local.json= and are not touched. +** MCP servers (user scope) + +Registers MCP servers globally (=user= scope) so every Claude Code project +sees them. Reads structure from =mcp/servers.json= (placeholders =${VAR}=), +decrypts secrets from =mcp/secrets.env.gpg= via gpg-agent, expands the +placeholders, then registers anything not already present in +=claude mcp list=. Idempotent — re-running is safe. + +#+begin_src bash +make install-mcp # decrypt + register everything in servers.json +make uninstall-mcp # remove every server listed in servers.json +make check-mcp # dry-run drift report (no decryption, no writes) +#+end_src + +=check-mcp= classifies each server as =ok= (in both), =MISSING= (configured +but not registered — run =install-mcp=), or =EXTRA= (registered but not +configured — usually intentional manual additions like the claude.ai web +servers). Exit code is non-zero only on =MISSING=, since =EXTRA= entries +are often deliberate. + +What lands on disk during =install-mcp=: +- =mcp/gcp-oauth.keys.json= (mode 600) — extracted for google-calendar-mcp +- =~/.config/google-docs-mcp/{personal,work}/token.json= (mode 600) — + per-profile OAuth tokens for =@a-bonus/google-docs-mcp= + +Secrets never touch disk in plain form outside the OAuth artifacts above. +The =.gpg= file is the source of truth; rotate via =gpg --edit-key= and +re-encrypt. See [[file:mcp/README.org][mcp/README.org]] for the full pipeline. + * Available languages | Language | Path | Notes | |