| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
mcp/ had install.py, servers.json, and the encrypted secrets bundle but no README, so the structure and the token-rotation flow were a re-discovery every few months. Added mcp/README.org covering the file layout (tracked vs gitignored), the secrets-bundle shape (plain ${VAR} secrets plus base64-bundled OAuth artifacts, AES256 symmetric encryption), the install flow (decrypt, materialize the OAuth keys and the Google Docs token caches at mode 600, expand placeholders, register the unregistered servers idempotently), the http/sse-vs-stdio transport split, the recovery steps when a Google refresh token is revoked, and how to add a server. Written against a read of the actual install.py and servers.json, not from memory.
|
| |
|
|
|
|
| |
Adds google-keep to mcp/servers.json using feuerdev/keep-mcp via uvx; env-var auth (GOOGLE_KEEP_EMAIL, GOOGLE_KEEP_MASTER_TOKEN) stored in mcp/secrets.env.gpg. Master token retrieved through Google's EmbeddedSetup browser flow plus gpsoauth.exchange_token, since password-based gpsoauth.perform_master_login is restricted now.
Invocation gotcha: keep-mcp declares an =mcp= entry-point script, but its dependency on the official =mcp= SDK ships a same-named script that wins resolution under uvx. The =uvx --from keep-mcp mcp= form from the README launches the SDK CLI instead of keep-mcp's server. Workaround: =uvx --from keep-mcp python -m server.cli= invokes keep-mcp's actual entry point directly, bypassing the collision.
|
| |
|
|
| |
The shebang was already there but the file mode was 644. The Makefile invokes via "python3 mcp/install.py" so it worked anyway, but the mode now matches the shebang.
|
|
|
I needed a single source of truth for MCP server registration so a fresh machine boots with the full set instead of being rebuilt by hand. install.py decrypts mcp/secrets.env.gpg, expands ${VAR} placeholders in mcp/servers.json, and runs claude mcp add --scope user for anything not already registered. Idempotent.
The encrypted bundle carries six values: the Google client id and secret, the Figma API key, the GCP OAuth keys JSON (base64), and the two @a-bonus/google-docs-mcp token caches (personal and work, base64). install.py writes the keys file and the two token files to the paths each package reads at startup, all mode 600.
Bundling the Google Docs tokens lets a new machine connect google-docs-personal and google-docs-work without the interactive OAuth flow. Without the cached token, the package falls back to a browser-redirect flow that Claude Code's stdio MCP loader can't drive, so it shows "Failed to connect" until the user runs the npx command manually.
Make target: install-mcp. Plaintext secrets and the decrypted keys file are gitignored.
|
