Improve local MCP auth flow, tool metadata, and sandbox validation#24
Improve local MCP auth flow, tool metadata, and sandbox validation#24vladimir-tikhonov-nutrient wants to merge 3 commits intomainfrom
Conversation
vladimir-tikhonov-nutrient
changed the title
vladimir-tikhonov-nutrient
force-pushed
the
fix/stdio-oauth-startup-cli-flags
branch
2 times, most recently
from
b82acfb to
0ebee4d
Compare
vladimir-tikhonov-nutrient
force-pushed
the
fix/stdio-oauth-startup-cli-flags
branch
from
0ebee4d to
d314c2a
Compare
| ### Example 1: HTML -> PDF -> signing | ||
|
|
||
| **User prompt:** `Convert /path/to/sandbox/invoice.html to PDF and save it as /path/to/sandbox/invoice.pdf. Then digitally sign /path/to/sandbox/invoice.pdf with a visible signature and save it as /path/to/sandbox/invoice-signed.pdf.` | ||
|
|
||
| **What happens:** The server uploads the HTML file to Nutrient, saves the generated PDF in the sandbox, then signs that PDF and writes the signed result back to the requested output path. | ||
|
|
||
| ### Example 2: OCR extraction | ||
|
|
||
| **User prompt:** `Run OCR on /path/to/sandbox/scanned-contract.pdf, return the extracted text, and save the OCR'd file as /path/to/sandbox/scanned-contract-ocr.pdf.` | ||
|
|
||
| **What happens:** The server sends the scanned PDF to Nutrient for OCR, returns the extracted text in Claude, and writes the OCR-processed file back to the sandbox for later use. | ||
|
|
||
| ### Example 3: Check credits -> process -> inspect output | ||
|
|
||
| **User prompt:** `Check my Nutrient credits, convert /path/to/sandbox/report.docx to PDF, save it as /path/to/sandbox/report.pdf, and then tell me where the output file was written.` | ||
|
|
||
| **What happens:** The server first performs a read-only account lookup, then converts the DOCX file to PDF, saves the result in the sandbox, and tells the user exactly where the output file was written. |
There was a problem hiding this comment.
Curious does all of these work out of the box or is Claude (where I assume you tested it) doing it's magic and iterating through multiple failed tries? IMHO, we should audit the AI agent's thinking output and make sure it's not doing hoops (like trying different approaches, failing, fixing it's error and iterating all over again until it works) at least for these showcase examples.
There was a problem hiding this comment.
All of those work pretty well. Claude (medium effort) tends to add an extra balance check before every request, even when you don’t ask it to, but otherwise it has never failed to call the right tool - everything works on the first try.
While testing, I used less explicit requests (like “hows my pdf thingy doing” or “convert that big word doc into pdf”), and it still correctly used the appropriate DWS tools (even when I didn’t mention MCP, Nutrient, or DWS)
package.json
Outdated
| "format": "prettier --write .", | ||
| "lint": "eslint .", | ||
| "mcpb:validate": "npx -y @anthropic-ai/mcpb validate manifest.json", | ||
| "mcpb:pack": "pnpm run build && node scripts/build-mcpb.mjs", |
There was a problem hiding this comment.
Archive Details
name: nutrient-dws-mcp-server
version: 0.0.5
filename: nutrient-dws-mcp-server-0.0.5.mcpb
package size: 4.0MB
unpacked size: 12.5MB
shasum: 4eba71d63d171b8c886222723b5e17b990b6c7cb
total files: 2786
ignored (.mcpbignore) files: 1297
Output: /Users/tomas/work/nutrient-dws-mcp-server/dist/nutrient-dws.mcpb
File: nutrient-dws.mcpb
Size: 4081.28 KB
WARNING: Not signed
Can we publish without signing? Would be definitely faster than looking into managing the certificates.
There was a problem hiding this comment.
I dunno honestly. Signing is not mentioned in any of the docs as a requirement. Will see what they say when we submit it
vladimir-tikhonov-nutrient
force-pushed
the
fix/stdio-oauth-startup-cli-flags
branch
from
63f362b to
01bff16
Compare
2 participants
Summary
Prepares the local MCP server for Anthropic directory submission (SERVER-2412, SERVER-2420).
Auth and safety fixes
Unknown CLI flags like
--sandbox-dirwere silently ignored, causing the server to fall back to unrestricted mode without any indication.parseSandboxPathnow rejects unrecognized flags at startup with a clear error.The stdio transport called
getToken()eagerly before accepting connections. In Claude Desktop this caused duplicate browser tabs (one per spawned process) and made the server invisible if the user skipped the OAuth prompt. Auth is now deferred to the first tool call that actually needs a Nutrient API token, and concurrent in-process requests share a single refresh or browser flow.Directory submission requirements
Every tool now carries the safety annotations required by Anthropic's directory review (
readOnlyHint,destructiveHint,title), with a regression test that fails if a tool is added without them.The README is restructured to match the submission checklist: Description, Features, Installation, Usage Examples (with expected behavior), Data Handling, Privacy Policy, and Support sections. A
manifest.jsonand MCPB packaging script are included for the local extension bundle format.Unrelated
Fixes a pre-existing lint error in the benchmark harness (
console→globalThis.console).