npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2025 – Pkg Stats / Ryan Hefner

@curenorway/kode-mcp

v1.4.0

Published

MCP server for Cure Kode CDN - enables AI agents to manage, deploy, and analyze Webflow scripts

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

cureharaldcureharald

Keywords

curekodemcpaiclaudewebflow

Readme

Cure Kode MCP Server

MCP (Model Context Protocol) server that enables AI agents to manage Webflow scripts via Cure Kode CDN.

Features

  • Script Management - List, create, update, and delete scripts
  • Deployment Control - Deploy to staging, promote to production, rollback
  • Page Context - Cache and retrieve page structures for development
  • Script Analysis - Auto-analyze scripts for metadata (selectors, triggers, dependencies)
  • Production Safety - Explicit enable required, confirmation for promote

Installation

For Claude Code

The easiest way is to run kode init in your project, which creates .mcp.json:

{
  "mcpServers": {
    "cure-kode": {
      "type": "stdio",
      "command": "npx",
      "args": ["-y", "@curenorway/kode-mcp"]
    }
  }
}

Then restart Claude Code and approve the MCP when prompted.

Manual Configuration

Add to your Claude Code configuration (~/.claude/claude_code_config.json):

{
  "mcpServers": {
    "cure-kode": {
      "command": "npx",
      "args": ["-y", "@curenorway/kode-mcp"]
    }
  }
}

Configuration

The MCP server reads configuration from .cure-kode/config.json (created by kode init):

{
  "siteId": "your-site-uuid",
  "siteSlug": "my-site",
  "siteName": "My Site",
  "apiKey": "ck_...",
  "scriptsDir": ".cure-kode-scripts",
  "environment": "staging"
}

Or via environment variables:

export CURE_KODE_API_KEY="ck_..."
export CURE_KODE_SITE_ID="your-site-uuid"

Available Tools

Script Management

| Tool | Description | |------|-------------| | kode_list_scripts | List all scripts for the site | | kode_get_script | Get script by slug (supports includeContent: false for metadata only) | | kode_create_script | Create a new script entry (metadata only, no content) | | kode_update_script | Update script settings (autoLoad, scope, purpose) | | kode_delete_script | Delete a script | | kode_push | Upload local files from .cure-kode-scripts/ to server |

Deployment

| Tool | Description | |------|-------------| | kode_deploy | Deploy to staging | | kode_promote | Promote staging to production (requires confirmed: true) | | kode_rollback | Rollback to previous deployment | | kode_status | Get deployment status |

Production Management

| Tool | Description | |------|-------------| | kode_production_enable | Enable production environment | | kode_production_disable | Disable production environment |

Page & HTML Analysis

| Tool | Description | |------|-------------| | kode_fetch_html | Fetch and parse HTML from URL | | kode_fetch_html_smart | Fetch with CMS truncation for smaller context | | kode_list_pages | List page definitions for the site | | kode_assign_script_to_page | Assign script to specific pages | | kode_remove_script_from_page | Remove script from page |

Page Context (for AI Development)

| Tool | Description | |------|-------------| | kode_refresh_page | Fetch and cache page structure | | kode_get_page_context | Get cached page context (sections, forms, CTAs, selectors) | | kode_list_pages_context | List all cached page contexts |

Script Metadata

| Tool | Description | |------|-------------| | kode_analyze_script | Analyze script and generate metadata | | kode_get_script_metadata | Get script metadata and AI summary |

Other

| Tool | Description | |------|-------------| | kode_site_info | Get site info and CDN URL | | kode_read_context | Read AI context file | | kode_update_context | Update AI context file |

Important: Content Workflow

MCP is the control plane - never send script content through MCP tools.

The correct workflow:

  1. Write script file locally to .cure-kode-scripts/script-name.js
  2. Use kode_push to upload local files to server
  3. Use kode_deploy to deploy
AI writes file → kode_push → kode_deploy

Do NOT pass content to kode_create_script or kode_update_script - these only handle metadata.

Safety Features

Production Confirmation

kode_promote requires explicit confirmation to prevent accidental production deployments:

// This will fail:
kode_promote()

// This works:
kode_promote({ confirmed: true })

Production Disabled by Default

New sites start with production disabled. Must explicitly enable:

kode_production_enable()
// Then can promote
kode_promote({ confirmed: true })

Example Usage

Create and Deploy a Script

1. "Create a new script called tracking.js"
   → kode_create_script({ name: "tracking", slug: "tracking", type: "javascript" })

2. Write the file locally
   → Write to .cure-kode-scripts/tracking.js

3. "Push the changes"
   → kode_push()

4. "Deploy to staging"
   → kode_deploy()

5. "Promote to production"
   → kode_promote({ confirmed: true })

Analyze a Page and Add Functionality

1. "Analyze the homepage"
   → kode_fetch_html_smart({ url: "https://mysite.com" })
   → kode_refresh_page({ url: "https://mysite.com" })

2. "What sections are on this page?"
   → kode_get_page_context({ url: "https://mysite.com" })

3. "Add a script to animate the hero section"
   → Create script, write file, push, deploy

How It Works

┌─────────────────┐      ┌─────────────────┐      ┌─────────────────┐
│   AI Agent      │ MCP  │  Kode MCP       │ REST │  Cure Kode API  │
│  (Claude/etc)   │─────▶│  Server         │─────▶│  (app.cure.no)  │
└─────────────────┘      └─────────────────┘      └─────────────────┘
                                │
                                ▼
                         ┌─────────────────┐
                         │ Local Scripts   │
                         │(.cure-kode-scripts/)│
                         └─────────────────┘

Security

API Key Authentication

  • Hashed Storage: API keys are SHA256/HMAC hashed before server storage
  • Site-scoped: Each API key is bound to a specific CDN site
  • Permission-based: Granular permissions (read, write, deploy, delete)
  • Expiration: Keys can have optional expiration dates

CORS Security (v2.6)

Script endpoints restrict CORS to configured domains:

  • Site's domain, staging_domain, production_domain
  • Webflow preview domains (*.webflow.io)
  • Localhost for development
  • No wildcard CORS on script endpoints

SSRF Protection

HTML fetch endpoints block:

  • Private IP ranges (127.0.0.0/8, 10.0.0.0/8, etc.)
  • Cloud metadata endpoints (169.254.169.254)
  • Internal hostnames

Troubleshooting

"Cure Kode not configured"

Run kode init in your project directory to create configuration.

"API key invalid"

  • Check key starts with ck_
  • Verify key hasn't expired
  • Ensure key has required permissions

"Production not enabled"

Use kode_production_enable() before promoting.

"Promote requires confirmation"

Add confirmed: true parameter:

kode_promote({ confirmed: true })

Tools not appearing in Claude

  1. Restart Claude Code after config changes
  2. Check .mcp.json syntax
  3. Verify MCP server runs: npx @curenorway/kode-mcp

Requirements

  • Node.js 18 or later
  • Cure Kode API key (from https://app.cure.no/tools/kode)

License

MIT