yuukiii/hermes-mcp
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

feat(saas): SquareMCP v2 — multi-tenant MCP platform complete

Browse Source 
Steps 0–10 of the v2 plan, 194 tests passing.

Core infrastructure
- Shared Redis client (src/redis.ts); all four Redis consumers migrated
- Vitest test harness with vitest.config.ts and npm test/test:watch scripts

Billing & invoicing (Steps 1–2)
- Monthly invoice generation with idempotency (MySQL uq_customer_period unique key)
- Cron job with Redis distributed lock (Lua compare-delete, 1-hr TTL)
- Invoice emailer via nodemailer (FETCHERPAY SMTP)
- Billing middleware: checkLimit gate in handleToolCall; platform attribution fix

Email multi-tenancy (Step 3)
- EmailCtx = Account | EmailCredentials; imap.ts + smtp.ts accept both
- resolveEmailCtx helper in tools.ts; all email tools use customer credentials

Analytics + platform health (Steps 4–5)
- Chart.js bar charts for platform breakdown and daily activity
- Token expiry check in getCredential with dynamic import refresh
- platform-health.ts: per-platform health probe with 10-min Redis cache
- GET /api/health/platforms; "Token expired" amber badge in dashboard

Tool schema filtering (Step 6)
- stripAccountParam deep-clones tool schemas; multi-tenant sessions never
  see the internal account enum

OAuth hardening (Step 7)
- Atomic auth code consumption: UPDATE SET used=TRUE, check affectedRows
- customer_id threaded through oauth_auth_codes → oauth_tokens
- getTokenCustomer(); requireAuth resolves req.customer from Bearer token
- Consent page requires authenticated session; redirect_uri validated
  against registered URIs; http://localhost:* loopback wildcard

DCR browser flow (Step 8)
- ensureOAuthAppRegistered() upserts pre-registered SquareMCP OAuth app
  on startup with redirect URIs for mcp-callback, localhost:*, claude-desktop,
  opencode
- GET /oauth/connect-mcp → server-side redirect (client_id off frontend)
- GET /oauth/mcp-callback → exchanges code, renders config snippet page
  with copy buttons for Claude Desktop and Codex CLI

Webhooks (Step 9)
- webhook_url + webhook_secret columns on customers
- deliverWebhook(): HMAC-SHA256 signing, 3× exponential retry (1s/4s/16s),
  Redis DLQ with 7-day TTL on total failure
- isValidWebhookUrl(): SSRF protection (blocks RFC-1918, localhost, .local)
- POST /api/webhooks/config (secret returned once), GET, DELETE
- GET /api/admin/webhooks/dlq/:customerId
- WhatsApp POST route uses express.raw() for raw body preservation
- Dashboard Webhooks tab with secret-once display and copy button

Developer docs (Step 10)
- docs/ static HTML site (GitHub Pages, no build pipeline)
- index.html: landing page with client + platform overview
- getting-started.html: tabbed MCP config for Claude Desktop, Codex CLI, opencode
- platforms.html: LinkedIn, TikTok, WhatsApp, Instagram, Twitter, Telegram guides
- agent-tutorial.html: complete Node.js agent (Anthropic SDK + MCP SDK),
  LinkedIn posting loop, extensions for multi-platform + inbound webhook reaction

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Garfield
2026-05-13 23:43:35 -04:00
parent d4bc899b31
commit 61dab40585
38 changed files with 5042 additions and 238 deletions
Download Patch File Download Diff File Expand all files Collapse all files

117
src/imap.ts
View File

@@ -1,6 +1,8 @@
import { ImapFlow } from 'imapflow';
import type { EmailCredentials } from './multitenancy/credential-store.js';
export type Account = 'yahoo' | 'fetcherpay' | 'garfield' | 'sales' | 'leads' | 'founder' | 'gmail';
export type EmailCtx = Account | EmailCredentials;
const FETCHERPAY_IMAP_HOST = process.env['FETCHERPAY_IMAP_HOST'] ?? 'mail.fetcherpay.com';
const FETCHERPAY_IMAP_PORT = parseInt(process.env['FETCHERPAY_IMAP_PORT'] ?? '30993');
@@ -15,41 +17,26 @@ function fetcherpayImapConfig(user: string, pass: string) {
};
}
function getConfig(account: Account = 'yahoo') {
function getEnvConfig(account: Account = 'yahoo') {
switch (account) {
case 'fetcherpay':
return fetcherpayImapConfig(
process.env['FETCHERPAY_EMAIL'] as string,
process.env['FETCHERPAY_PASSWORD'] as string,
);
return fetcherpayImapConfig(process.env['FETCHERPAY_EMAIL']!, process.env['FETCHERPAY_PASSWORD']!);
case 'garfield':
return fetcherpayImapConfig(
process.env['GARFIELD_EMAIL'] as string,
process.env['GARFIELD_PASSWORD'] as string,
);
return fetcherpayImapConfig(process.env['GARFIELD_EMAIL']!, process.env['GARFIELD_PASSWORD']!);
case 'sales':
return fetcherpayImapConfig(
process.env['SALES_EMAIL'] as string,
process.env['SALES_PASSWORD'] as string,
);
return fetcherpayImapConfig(process.env['SALES_EMAIL']!, process.env['SALES_PASSWORD']!);
case 'leads':
return fetcherpayImapConfig(
process.env['LEADS_EMAIL'] as string,
process.env['LEADS_PASSWORD'] as string,
);
return fetcherpayImapConfig(process.env['LEADS_EMAIL']!, process.env['LEADS_PASSWORD']!);
case 'founder':
return fetcherpayImapConfig(
process.env['FOUNDER_EMAIL'] as string,
process.env['FOUNDER_PASSWORD'] as string,
);
return fetcherpayImapConfig(process.env['FOUNDER_EMAIL']!, process.env['FOUNDER_PASSWORD']!);
case 'gmail':
return {
host: 'imap.gmail.com',
port: 993,
secure: true,
auth: {
user: process.env['GMAIL_EMAIL'] as string,
pass: process.env['GMAIL_APP_PASSWORD'] as string,
user: process.env['GMAIL_EMAIL']!,
pass: process.env['GMAIL_APP_PASSWORD']!,
},
};
default:
@@ -58,15 +45,33 @@ function getConfig(account: Account = 'yahoo') {
port: 993,
secure: true,
auth: {
user: process.env['YAHOO_EMAIL'] as string,
pass: process.env['YAHOO_APP_PASSWORD'] as string,
user: process.env['YAHOO_EMAIL']!,
pass: process.env['YAHOO_APP_PASSWORD']!,
},
};
}
}
async function withClient<T>(account: Account, fn: (client: ImapFlow) => Promise<T>): Promise<T> {
const client = new ImapFlow(getConfig(account));
function resolveImapConfig(ctx: EmailCtx) {
if (typeof ctx === 'object') {
return {
host: ctx.host,
port: ctx.port,
secure: ctx.port === 993,
auth: { user: ctx.user, pass: ctx.password },
tls: { rejectUnauthorized: false },
};
}
return getEnvConfig(ctx);
}
function isGmail(ctx: EmailCtx): boolean {
if (typeof ctx === 'string') return ctx === 'gmail';
return ctx.host === 'imap.gmail.com';
}
async function withClient<T>(ctx: EmailCtx, fn: (client: ImapFlow) => Promise<T>): Promise<T> {
const client = new ImapFlow(resolveImapConfig(ctx));
await client.connect();
try {
return await fn(client);
@@ -101,7 +106,6 @@ function parseSearchCriteria(query: string): object {
const trimmed = query.trim();
if (!trimmed) return { all: true };
// Parse quoted and unquoted tokens like from:x, subject:y, to:z
const tokens: { key: string; value: string }[] = [];
const regex = /(\w+):("([^"]*)"|([^\s]+))/g;
let m: RegExpExecArray | null;
@@ -123,15 +127,9 @@ function parseSearchCriteria(query: string): object {
const parts: object[] = [];
for (const t of tokens) {
switch (t.key) {
case 'from':
parts.push({ from: t.value });
break;
case 'subject':
parts.push({ subject: t.value });
break;
case 'to':
parts.push({ to: t.value });
break;
case 'from': parts.push({ from: t.value }); break;
case 'subject': parts.push({ subject: t.value }); break;
case 'to': parts.push({ to: t.value }); break;
case 'after':
case 'since': {
const d = new Date(t.value);
@@ -159,11 +157,11 @@ async function searchInFolder(
folder: string,
query: string,
maxResults: number,
account: Account
ctx: EmailCtx
): Promise<MessageSummary[]> {
await client.mailboxOpen(folder);
const criteria = account === 'gmail'
const criteria = isGmail(ctx)
? { gmailraw: query }
: parseSearchCriteria(query);
@@ -200,28 +198,25 @@ async function searchInFolder(
export async function searchMessages(
query: string,
maxResults = 20,
account: Account = 'yahoo',
ctx: EmailCtx = 'yahoo',
folder?: string
): Promise<MessageSummary[]> {
return withClient(account, async (client) => {
return withClient(ctx, async (client) => {
const foldersToSearch: string[] = [];
if (folder) {
foldersToSearch.push(folder);
} else if (account === 'gmail') {
foldersToSearch.push('INBOX');
} else {
foldersToSearch.push('INBOX');
}
for (const f of foldersToSearch) {
const results = await searchInFolder(client, f, query, maxResults, account);
const results = await searchInFolder(client, f, query, maxResults, ctx);
if (results.length > 0) return results;
}
// Fallback for Gmail: search All Mail if INBOX was empty
if (account === 'gmail' && !folder) {
const allMailResults = await searchInFolder(client, '[Gmail]/All Mail', query, maxResults, account);
if (isGmail(ctx) && !folder) {
const allMailResults = await searchInFolder(client, '[Gmail]/All Mail', query, maxResults, ctx);
if (allMailResults.length > 0) return allMailResults;
}
@@ -229,11 +224,10 @@ export async function searchMessages(
});
}
export async function readMessage(uid: number, account: Account = 'yahoo', folder = 'INBOX'): Promise<FullMessage> {
return withClient(account, async (client) => {
console.log(`[imap] readMessage uid=${uid} account=${account} folder=${folder}`);
export async function readMessage(uid: number, ctx: EmailCtx = 'yahoo', folder = 'INBOX'): Promise<FullMessage> {
return withClient(ctx, async (client) => {
console.log(`[imap] readMessage uid=${uid} folder=${folder}`);
await client.mailboxOpen(folder);
console.log(`[imap] mailbox opened, fetching uid=${uid}`);
let result: FullMessage | null = null;
@@ -243,7 +237,6 @@ export async function readMessage(uid: number, account: Account = 'yahoo', folde
bodyParts: ['TEXT'],
}, { uid: true })) {
const env = msg.envelope;
console.log(`[imap] got msg uid=${msg.uid} subject="${env?.subject}"`);
const bpKeys = msg.bodyParts ? [...msg.bodyParts.keys()] : [];
console.log(`[imap] bodyParts keys:`, JSON.stringify(bpKeys));
@@ -252,10 +245,8 @@ export async function readMessage(uid: number, account: Account = 'yahoo', folde
msg.bodyParts?.get('text') ??
msg.bodyParts?.get('TEXT') ??
msg.bodyParts?.get('1');
console.log(`[imap] textBuf length=${textBuf ? textBuf.length : 'null'}`);
const rawBody = textBuf ? textBuf.toString('utf-8') : '';
const body = rawBody
.replace(/<style[^>]*>[\s\S]*?<\/style>/gi, '')
.replace(/<script[^>]*>[\s\S]*?<\/script>/gi, '')
@@ -264,8 +255,6 @@ export async function readMessage(uid: number, account: Account = 'yahoo', folde
.trim()
.slice(0, 10000);
console.log(`[imap] body length after strip=${body.length}`);
result = {
uid: msg.uid,
messageId: env?.messageId ?? '',
@@ -282,17 +271,17 @@ export async function readMessage(uid: number, account: Account = 'yahoo', folde
if (!result) throw new Error(`Message UID ${uid} not found`);
// Mark as seen AFTER the fetch loop fully completes — calling messageFlagsAdd
// inside the for-await loop deadlocks because the FETCH command is still active.
console.log(`[imap] marking uid=${uid} as seen`);
await client.messageFlagsAdd([uid], ['\\Seen'], { uid: true });
console.log(`[imap] readMessage done uid=${uid}`);
return result;
});
}
export async function getProfile(account: Account = 'yahoo'): Promise<{ email: string; name: string; account: string }> {
export async function getProfile(ctx: EmailCtx = 'yahoo'): Promise<{ email: string; name: string; account: string }> {
if (typeof ctx === 'object') {
return { email: ctx.user, name: ctx.user.split('@')[0], account: 'custom' };
}
const emailMap: Record<Account, string> = {
yahoo: process.env['YAHOO_EMAIL'] ?? '',
fetcherpay: process.env['FETCHERPAY_EMAIL'] ?? '',
@@ -302,12 +291,12 @@ export async function getProfile(account: Account = 'yahoo'): Promise<{ email: s
founder: process.env['FOUNDER_EMAIL'] ?? '',
gmail: process.env['GMAIL_EMAIL'] ?? '',
};
const email = emailMap[account] ?? '';
return { email, name: email.split('@')[0], account };
const email = emailMap[ctx] ?? '';
return { email, name: email.split('@')[0], account: ctx };
}
export async function listFolders(account: Account = 'yahoo'): Promise<string[]> {
return withClient(account, async (client) => {
export async function listFolders(ctx: EmailCtx = 'yahoo'): Promise<string[]> {
return withClient(ctx, async (client) => {
const mailboxes = await client.list();
return mailboxes.map((m) => m.path);
});