From 814695eae81dd1c63d75cae87375e703bb388243 Mon Sep 17 00:00:00 2001 From: Craig Jennings Date: Thu, 28 May 2026 09:20:08 -0500 Subject: feat(mcp): add uninstall + --check + README section for MCP pipeline Three coupled additions close the MCP pipeline thread. mcp/install.py grew --uninstall and --check modes via argparse. The default install behavior is unchanged. --uninstall iterates over servers.json and runs `claude mcp remove -s user` for each, skipping anything not registered. Idempotent. --check is the dry-run drift report. For each server, classify as ok (in both servers.json and `claude mcp list`), MISSING (configured but not registered), or EXTRA (registered but not in servers.json). Exit non-zero only on MISSING since EXTRA entries are often deliberate (the claude.ai web servers register out-of-band). Smoke test against the live config: 9 ok, 0 missing, 3 EXTRA, exit 0. Two new Makefile targets: - make uninstall-mcp invokes the --uninstall mode. - make check-mcp invokes the --check mode. README.org gained an MCP section under Two install modes covering all three targets, the OAuth-token-on-disk story, and a pointer to mcp/README.org for the full pipeline. Closes TODO #7 (uninstall + --check) and TODO #8 (README MCP section). --- README.org | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) (limited to 'README.org') diff --git a/README.org b/README.org index 91e9804..067a2a1 100644 --- a/README.org +++ b/README.org @@ -49,6 +49,35 @@ What gets installed: The install is re-runnable. Running it again refreshes files in place; personal tweaks live in =.claude/settings.local.json= and are not touched. +** MCP servers (user scope) + +Registers MCP servers globally (=user= scope) so every Claude Code project +sees them. Reads structure from =mcp/servers.json= (placeholders =${VAR}=), +decrypts secrets from =mcp/secrets.env.gpg= via gpg-agent, expands the +placeholders, then registers anything not already present in +=claude mcp list=. Idempotent — re-running is safe. + +#+begin_src bash +make install-mcp # decrypt + register everything in servers.json +make uninstall-mcp # remove every server listed in servers.json +make check-mcp # dry-run drift report (no decryption, no writes) +#+end_src + +=check-mcp= classifies each server as =ok= (in both), =MISSING= (configured +but not registered — run =install-mcp=), or =EXTRA= (registered but not +configured — usually intentional manual additions like the claude.ai web +servers). Exit code is non-zero only on =MISSING=, since =EXTRA= entries +are often deliberate. + +What lands on disk during =install-mcp=: +- =mcp/gcp-oauth.keys.json= (mode 600) — extracted for google-calendar-mcp +- =~/.config/google-docs-mcp/{personal,work}/token.json= (mode 600) — + per-profile OAuth tokens for =@a-bonus/google-docs-mcp= + +Secrets never touch disk in plain form outside the OAuth artifacts above. +The =.gpg= file is the source of truth; rotate via =gpg --edit-key= and +re-encrypt. See [[file:mcp/README.org][mcp/README.org]] for the full pipeline. + * Available languages | Language | Path | Notes | -- cgit v1.2.3