- chat.ts: system prompt now includes step-by-step ChatGPT Custom GPT
setup (openapi.json import + OAuth), Claude/Cursor/Windsurf config,
and mortgage broker guidance — bot no longer incorrectly says ChatGPT
is unsupported
- smtp.ts: all sqcp_* accounts now route to mail.squaremcp.com (SQCP_SMTP_HOST)
instead of the fetcherpay server
- tools.ts: ACCOUNT_PARAM description now lists all 14 mailboxes including
the 7 squaremcp.com accounts so Claude picks the right one without guessing
- package.json: postinstall hook runs imapflow patch script after npm install
- hermes-k8s.yaml: updated image digest to current production build
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Add Slack as customer-facing messaging platform (client, 4 MCP tools, dashboard card)
- Add /api/chat endpoint powered by Claude Haiku with SquareMCP system prompt
- Add embeddable chat-widget.js injected into all 3 sites (docs, app, www)
- Add ANTHROPIC_API_KEY, serve product/ as static files
- Update Platform type to include slack
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Guards the browser OAuth popup flow used by claude.ai and ChatGPT:
- GET /login: return_to URL validation, XSS escaping, error display
- POST /login: first-party cookie properties (httpOnly/secure/lax/domain),
open redirect blocking, credential rejection paths
- GET /oauth/authorize: must redirect to /login (never app.squaremcp.com),
return_to encoding, valid session bypasses redirect
Also exports `app` from index.ts and guards main() with NODE_ENV !== 'test'
so the Express app can be imported by supertest without triggering DB init.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Add src/multitenancy/ with AES-256-GCM credential store, WhatsApp
webhook router (phone_number_id -> customerId), and per-customer
audit log (90-day Redis TTL)
- Add src/billing/ with plan definitions and meterMiddleware that
resolves API key -> Customer object with getCredential() closure
- Refactor all src/clients/* to accept optional customer param,
falling back to env vars for backward compat with single-user mode
- Thread customer through handleToolCall(name, args, customer?)
- Add customers table to MySQL schema initDatabase()
- Add /webhook/whatsapp (immediate 200 + async routing) and
/api/connect/* onboarding endpoints to index.ts
- Add Redis 7 to docker-compose.yml; add REDIS_URL and
CREDENTIAL_ENCRYPTION_KEY to hermes-k8s.yaml
- Add product/incubation/ with architecture write-up and PlantUML
diagrams (system architecture + 5 user flows)
- Extend OpenAPI spec in manifest.ts with all platform endpoints
Verification: 3 isolation tests (credential, webhook routing, audit
log) passed against live Redis. Deployed to hermes.squaremcp.com.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Replace FETCHERPAY with generic CUSTOM account examples
- Update README.md, .env.example, and DEPLOY.md with generic configurations
- Remove hardcoded IPs, email addresses, and domain names
- Update package.json description to be more generic
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
