| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Three coupled additions close the MCP pipeline thread.
mcp/install.py grew --uninstall and --check modes via argparse. The
default install behavior is unchanged.
--uninstall iterates over servers.json and runs `claude mcp remove
<name> -s user` for each, skipping anything not registered. Idempotent.
--check is the dry-run drift report. For each server, classify as ok
(in both servers.json and `claude mcp list`), MISSING (configured but
not registered), or EXTRA (registered but not in servers.json). Exit
non-zero only on MISSING since EXTRA entries are often deliberate (the
claude.ai web servers register out-of-band). Smoke test against the
live config: 9 ok, 0 missing, 3 EXTRA, exit 0.
Two new Makefile targets:
- make uninstall-mcp invokes the --uninstall mode.
- make check-mcp invokes the --check mode.
README.org gained an MCP section under Two install modes covering all
three targets, the OAuth-token-on-disk story, and a pointer to
mcp/README.org for the full pipeline.
Closes TODO #7 (uninstall + --check) and TODO #8 (README MCP section).
|
| |
|
|
| |
mcp/ had install.py, servers.json, and the encrypted secrets bundle but no README, so the structure and the token-rotation flow were a re-discovery every few months. Added mcp/README.org covering the file layout (tracked vs gitignored), the secrets-bundle shape (plain ${VAR} secrets plus base64-bundled OAuth artifacts, AES256 symmetric encryption), the install flow (decrypt, materialize the OAuth keys and the Google Docs token caches at mode 600, expand placeholders, register the unregistered servers idempotently), the http/sse-vs-stdio transport split, the recovery steps when a Google refresh token is revoked, and how to add a server. Written against a read of the actual install.py and servers.json, not from memory.
|
| |
|
|
|
|
| |
Adds google-keep to mcp/servers.json using feuerdev/keep-mcp via uvx; env-var auth (GOOGLE_KEEP_EMAIL, GOOGLE_KEEP_MASTER_TOKEN) stored in mcp/secrets.env.gpg. Master token retrieved through Google's EmbeddedSetup browser flow plus gpsoauth.exchange_token, since password-based gpsoauth.perform_master_login is restricted now.
Invocation gotcha: keep-mcp declares an =mcp= entry-point script, but its dependency on the official =mcp= SDK ships a same-named script that wins resolution under uvx. The =uvx --from keep-mcp mcp= form from the README launches the SDK CLI instead of keep-mcp's server. Workaround: =uvx --from keep-mcp python -m server.cli= invokes keep-mcp's actual entry point directly, bypassing the collision.
|
| |
|
|
| |
The shebang was already there but the file mode was 644. The Makefile invokes via "python3 mcp/install.py" so it worked anyway, but the mode now matches the shebang.
|
|
|
I needed a single source of truth for MCP server registration so a fresh machine boots with the full set instead of being rebuilt by hand. install.py decrypts mcp/secrets.env.gpg, expands ${VAR} placeholders in mcp/servers.json, and runs claude mcp add --scope user for anything not already registered. Idempotent.
The encrypted bundle carries six values: the Google client id and secret, the Figma API key, the GCP OAuth keys JSON (base64), and the two @a-bonus/google-docs-mcp token caches (personal and work, base64). install.py writes the keys file and the two token files to the paths each package reads at startup, all mode 600.
Bundling the Google Docs tokens lets a new machine connect google-docs-personal and google-docs-work without the interactive OAuth flow. Without the cached token, the package falls back to a browser-redirect flow that Claude Code's stdio MCP loader can't drive, so it shows "Failed to connect" until the user runs the npx command manually.
Make target: install-mcp. Plaintext secrets and the decrypted keys file are gitignored.
|
