@aigentyc/mcp
v0.2.2
Published
Model Context Protocol server for aiGentyc — content & authoring tools for LLM agents
Maintainers
tycodevReadme
@aigentyc/mcp
Model Context Protocol server for aiGentyc — lets Claude Code, Cursor, Windsurf, and any other MCP-compatible agent drive the content/authoring side of your aiGentyc project (documents, crawling, data stores, custom tools, config, backups, …) without clicking through the dashboard.
Chat/search embedding is not part of this package — use the separate
aigentyc-chat-sdk (React) for user-facing chat.
Install
npx @aigentyc/mcp login \
--api-key tyco_pk_XXXX \
--project-id proj_XXXXlogin verifies the key against /api/auth/api-keys/verify and writes
~/.aigentyc/config.json with 0600 perms.
Dev-only flag: pass --allow-insecure to permit plaintext HTTP against
non-loopback hosts (e.g. a staging box without TLS). Never use this against
production — all real traffic must be HTTPS.
Then wire it into your agent:
Claude Desktop / Claude Code
~/Library/Application Support/Claude/claude_desktop_config.json (macOS):
{
"mcpServers": {
"aigentyc": {
"command": "npx",
"args": ["-y", "@aigentyc/mcp"]
}
}
}Cursor
Settings → MCP → add server:
{
"aigentyc": {
"command": "npx",
"args": ["-y", "@aigentyc/mcp"]
}
}Commands
aigentyc-mcp serve Run the stdio MCP server (default when invoked with no args)
aigentyc-mcp login Save + verify an API key profile
aigentyc-mcp logout Remove a profile
aigentyc-mcp doctor Verify config + dashboard reachabilityTools (86 total, 20 domains)
End-to-end coverage. Highlights:
aigentyc_get_started— call this first. Returns project status + a prioritised list of next steps the agent should walk the user through.- Embed the chat —
chat_widget_setup(paste snippet for existing app),chat_widget_scaffold(runsnpm create aigentyc-chat@latestfor a fresh starter),chat_widget_get_snippet(just the code). - Add content —
files_upload,documents_create_from_text,extract_from_urls,link_sources_create,data_stores_*. - Configure —
config_update(system prompt, model, …),personas_upsert,tools_create+flows_create(custom tool actions). - Operate —
backups_*,analytics_*,jobs_status/jobs_wait.
See llms.txt for the full tool inventory and recipes.
Vibe-coder one-shot
You: "Add my docs/ folder, set the system prompt, and scaffold a Next.js
chat app at ./my-app."
Claude: aigentyc_get_started → "kb empty, no system prompt"
files_upload({ paths: [...] })
config_update({ patch: { systemPrompt: "..." } })
chat_widget_scaffold({ destination: "./my-app", template: "next",
confirm: true })
→ ✓ done. cd my-app && npm install && npm run devSecurity
- API keys are project-scoped; a key for project A cannot read/write B.
~/.aigentyc/config.jsonis written0600. The server refuses to start with wider perms.- The HTTP client refuses plaintext HTTP to non-loopback hosts.
- Destructive operations (e.g.
documents_delete) requireconfirm: true. - Per-API-key rate limits: 300 reads/min, 60 writes/min (429 over limit).
- Every API-key-authed request is logged server-side
(
api_key_audit_logtable) withkeyId,projectId,route,method,status, andX-Request-Idfor tracing. files_uploadrefuses paths that escape$CWDor$HOME, rejects non-regular files, and caps batches at 50MB/file, 500MB total.extract_from_urlsprefilters RFC1918 / loopback / cloud-metadata URLs.
Publishing
cd mcp-server
npm run build
npm run smoke # stdio JSON-RPC smoke test
npm pack --dry-run # inspect what would ship
npm publish --access publicDeferred features
Tracked for v0.2+:
backups_download_all(ZIP) secret redaction for API-key callers. Current implementation redacts JSON downloads but not the archived ZIP. Session callers are unaffected. Recommendation: use session for now./api/extract/*dual-auth + binary-file uploads (PDF/DOC/DOCX). The extract proxy currently has no auth guard — not exposed to MCP.files_uploadis therefore restricted to UTF-8 text formats only.- Analytics sessions/comments write paths — MCP is read-only by design.
- Custom rate-limit overrides per-key — one limit for all keys today.