Skip to content

fix MCP read tools: add storyboard + search endpoints, remove dead hub tool #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
esot321c merged 2 commits into from
Apr 25, 2026
Merged

fix MCP read tools: add storyboard + search endpoints, remove dead hub tool #1

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
189fd13
fix MCP read tools: add storyboard + search endpoints, remove dead en…
esot321c Apr 25, 2026
7e15d3e
fix: broken integration tests needed correct auth methods
esot321c Apr 25, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,4 +41,5 @@ data/
.DS_Store
*.pem

.claude/
.claude/
.vscode/
17 changes: 11 additions & 6 deletions apps/api/src/auth/auth.spec.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,8 @@ describe("Auth (integration)", () => {

const res = await request(app.getHttpServer())
.get("/v1/auth/me")
.set("Authorization", auth.authHeader)
.set("Cookie", auth.cookie)
.set("x-csrf-token", auth.csrfToken)
.expect(200);

expect(res.body).toMatchObject({
Expand All @@ -57,7 +58,7 @@ describe("Auth (integration)", () => {
it("returns 401 with invalid token", async () => {
await request(app.getHttpServer())
.get("/v1/auth/me")
.set("Authorization", "Bearer invalid-token")
.set("Cookie", "auth_token=invalid-token")
.expect(401);
});
});
Expand All @@ -72,7 +73,8 @@ describe("Auth (integration)", () => {

const res = await request(app.getHttpServer())
.get("/v1/auth/sessions")
.set("Authorization", auth.authHeader)
.set("Cookie", auth.cookie)
.set("x-csrf-token", auth.csrfToken)
.expect(200);

expect(res.body).toHaveLength(1);
Expand All @@ -90,7 +92,8 @@ describe("Auth (integration)", () => {

await request(app.getHttpServer())
.delete(`/v1/auth/sessions/${auth.session.id}`)
.set("Authorization", auth.authHeader)
.set("Cookie", auth.cookie)
.set("x-csrf-token", auth.csrfToken)
.expect(204);

// Session should now be invalid — subsequent requests should fail
Expand All @@ -110,7 +113,8 @@ describe("Auth (integration)", () => {

await request(app.getHttpServer())
.delete(`/v1/auth/sessions/${user1.session.id}`)
.set("Authorization", user2.authHeader)
.set("Cookie", user2.cookie)
.set("x-csrf-token", user2.csrfToken)
.expect(403);
});
});
Expand All @@ -125,7 +129,8 @@ describe("Auth (integration)", () => {

const res = await request(app.getHttpServer())
.post("/v1/auth/logout")
.set("Authorization", auth.authHeader)
.set("Cookie", auth.cookie)
.set("x-csrf-token", auth.csrfToken)
.expect(204);

// Cookie should be cleared
Expand Down
2 changes: 1 addition & 1 deletion apps/api/src/auth/strategies/jwt.strategy.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ export class JwtStrategy extends PassportStrategy(Strategy) {
) {
super({
jwtFromRequest: ExtractJwt.fromExtractors([
// Cookie auth only — Bearer is handled by ApiKeyAuthGuard
// Cookie auth only — Bearer is handled by ApiKeyAuthGuard for lrm_ keys
(request: Request) => request?.cookies?.["auth_token"] ?? null,
]),
ignoreExpiration: true, // We handle expiration via session validation
Expand Down
93 changes: 62 additions & 31 deletions apps/api/src/entities/entities.spec.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,8 @@ describe("Entities (integration)", () => {
let app: INestApplication;
let prisma: PrismaService;
let module: TestingModule;
let authHeader: string;
let authCookie: string;
let csrfToken: string;
let projectSlug: string;

beforeAll(async () => {
Expand All @@ -28,12 +29,14 @@ describe("Entities (integration)", () => {
beforeEach(async () => {
await cleanDatabase(prisma);
const auth = await createAuthenticatedUser(prisma, module);
authHeader = auth.authHeader;
authCookie = auth.cookie;
csrfToken = auth.csrfToken;

// Create a project for entity tests
const res = await request(app.getHttpServer())
.post("/v1/projects")
.set("Authorization", authHeader)
.set("Cookie", authCookie)
.set("x-csrf-token", csrfToken)
.send({ name: "Test World" });
projectSlug = res.body.slug;
});
Expand All @@ -48,7 +51,8 @@ describe("Entities (integration)", () => {
it("creates a CHARACTER entity", async () => {
const res = await request(app.getHttpServer())
.post(base())
.set("Authorization", authHeader)
.set("Cookie", authCookie)
.set("x-csrf-token", csrfToken)
.send({
type: "CHARACTER",
name: "Gandalf",
Expand All @@ -72,7 +76,8 @@ describe("Entities (integration)", () => {
it("creates a LOCATION entity", async () => {
const res = await request(app.getHttpServer())
.post(base())
.set("Authorization", authHeader)
.set("Cookie", authCookie)
.set("x-csrf-token", csrfToken)
.send({
type: "LOCATION",
name: "The Shire",
Expand All @@ -87,7 +92,8 @@ describe("Entities (integration)", () => {
it("creates an ORGANIZATION entity", async () => {
const res = await request(app.getHttpServer())
.post(base())
.set("Authorization", authHeader)
.set("Cookie", authCookie)
.set("x-csrf-token", csrfToken)
.send({
type: "ORGANIZATION",
name: "The Fellowship",
Expand All @@ -101,28 +107,32 @@ describe("Entities (integration)", () => {
it("rejects invalid entity type", async () => {
await request(app.getHttpServer())
.post(base())
.set("Authorization", authHeader)
.set("Cookie", authCookie)
.set("x-csrf-token", csrfToken)
.send({ type: "INVALID", name: "Bad Type" })
.expect(400);
});

it("rejects missing name", async () => {
await request(app.getHttpServer())
.post(base())
.set("Authorization", authHeader)
.set("Cookie", authCookie)
.set("x-csrf-token", csrfToken)
.send({ type: "CHARACTER" })
.expect(400);
});

it("generates unique slugs for duplicate names", async () => {
await request(app.getHttpServer())
.post(base())
.set("Authorization", authHeader)
.set("Cookie", authCookie)
.set("x-csrf-token", csrfToken)
.send({ type: "CHARACTER", name: "Aragorn" });

const res = await request(app.getHttpServer())
.post(base())
.set("Authorization", authHeader)
.set("Cookie", authCookie)
.set("x-csrf-token", csrfToken)
.send({ type: "CHARACTER", name: "Aragorn" })
.expect(201);

Expand All @@ -138,16 +148,19 @@ describe("Entities (integration)", () => {
it("lists all entities in a project", async () => {
await request(app.getHttpServer())
.post(base())
.set("Authorization", authHeader)
.set("Cookie", authCookie)
.set("x-csrf-token", csrfToken)
.send({ type: "CHARACTER", name: "Frodo" });
await request(app.getHttpServer())
.post(base())
.set("Authorization", authHeader)
.set("Cookie", authCookie)
.set("x-csrf-token", csrfToken)
.send({ type: "LOCATION", name: "Mordor" });

const res = await request(app.getHttpServer())
.get(base())
.set("Authorization", authHeader)
.set("Cookie", authCookie)
.set("x-csrf-token", csrfToken)
.expect(200);

expect(res.body).toHaveLength(2);
Expand All @@ -156,17 +169,20 @@ describe("Entities (integration)", () => {
it("filters by type", async () => {
await request(app.getHttpServer())
.post(base())
.set("Authorization", authHeader)
.set("Cookie", authCookie)
.set("x-csrf-token", csrfToken)
.send({ type: "CHARACTER", name: "Sam" });
await request(app.getHttpServer())
.post(base())
.set("Authorization", authHeader)
.set("Cookie", authCookie)
.set("x-csrf-token", csrfToken)
.send({ type: "LOCATION", name: "Rivendell" });

const res = await request(app.getHttpServer())
.get(base())
.query({ type: "CHARACTER" })
.set("Authorization", authHeader)
.set("Cookie", authCookie)
.set("x-csrf-token", csrfToken)
.expect(200);

expect(res.body).toHaveLength(1);
Expand All @@ -176,17 +192,20 @@ describe("Entities (integration)", () => {
it("searches by name", async () => {
await request(app.getHttpServer())
.post(base())
.set("Authorization", authHeader)
.set("Cookie", authCookie)
.set("x-csrf-token", csrfToken)
.send({ type: "CHARACTER", name: "Legolas" });
await request(app.getHttpServer())
.post(base())
.set("Authorization", authHeader)
.set("Cookie", authCookie)
.set("x-csrf-token", csrfToken)
.send({ type: "CHARACTER", name: "Gimli" });

const res = await request(app.getHttpServer())
.get(base())
.query({ q: "leg" })
.set("Authorization", authHeader)
.set("Cookie", authCookie)
.set("x-csrf-token", csrfToken)
.expect(200);

expect(res.body).toHaveLength(1);
Expand All @@ -198,12 +217,14 @@ describe("Entities (integration)", () => {
it("returns entity with hub data", async () => {
await request(app.getHttpServer())
.post(base())
.set("Authorization", authHeader)
.set("Cookie", authCookie)
.set("x-csrf-token", csrfToken)
.send({ type: "CHARACTER", name: "Boromir" });

const res = await request(app.getHttpServer())
.get(`${base()}/boromir`)
.set("Authorization", authHeader)
.set("Cookie", authCookie)
.set("x-csrf-token", csrfToken)
.expect(200);

expect(res.body.name).toBe("Boromir");
Expand All @@ -216,7 +237,8 @@ describe("Entities (integration)", () => {
it("returns 404 for non-existent entity", async () => {
await request(app.getHttpServer())
.get(`${base()}/nope`)
.set("Authorization", authHeader)
.set("Cookie", authCookie)
.set("x-csrf-token", csrfToken)
.expect(404);
});
});
Expand All @@ -229,12 +251,14 @@ describe("Entities (integration)", () => {
it("updates entity fields", async () => {
await request(app.getHttpServer())
.post(base())
.set("Authorization", authHeader)
.set("Cookie", authCookie)
.set("x-csrf-token", csrfToken)
.send({ type: "CHARACTER", name: "Pippin", summary: "A hobbit" });

const res = await request(app.getHttpServer())
.patch(`${base()}/pippin`)
.set("Authorization", authHeader)
.set("Cookie", authCookie)
.set("x-csrf-token", csrfToken)
.send({ summary: "A Took", description: "Peregrin Took" })
.expect(200);

Expand All @@ -245,12 +269,14 @@ describe("Entities (integration)", () => {
it("regenerates slug when name changes", async () => {
await request(app.getHttpServer())
.post(base())
.set("Authorization", authHeader)
.set("Cookie", authCookie)
.set("x-csrf-token", csrfToken)
.send({ type: "CHARACTER", name: "Strider" });

const res = await request(app.getHttpServer())
.patch(`${base()}/strider`)
.set("Authorization", authHeader)
.set("Cookie", authCookie)
.set("x-csrf-token", csrfToken)
.send({ name: "Aragorn" })
.expect(200);

Expand All @@ -260,12 +286,14 @@ describe("Entities (integration)", () => {
it("upserts extension fields", async () => {
await request(app.getHttpServer())
.post(base())
.set("Authorization", authHeader)
.set("Cookie", authCookie)
.set("x-csrf-token", csrfToken)
.send({ type: "CHARACTER", name: "Elrond" });

const res = await request(app.getHttpServer())
.patch(`${base()}/elrond`)
.set("Authorization", authHeader)
.set("Cookie", authCookie)
.set("x-csrf-token", csrfToken)
.send({ character: { species: "Elf", role: "Lord of Rivendell" } })
.expect(200);

Expand All @@ -281,17 +309,20 @@ describe("Entities (integration)", () => {
it("deletes an entity", async () => {
await request(app.getHttpServer())
.post(base())
.set("Authorization", authHeader)
.set("Cookie", authCookie)
.set("x-csrf-token", csrfToken)
.send({ type: "CHARACTER", name: "Saruman" });

await request(app.getHttpServer())
.delete(`${base()}/saruman`)
.set("Authorization", authHeader)
.set("Cookie", authCookie)
.set("x-csrf-token", csrfToken)
.expect(204);

await request(app.getHttpServer())
.get(`${base()}/saruman`)
.set("Authorization", authHeader)
.set("Cookie", authCookie)
.set("x-csrf-token", csrfToken)
.expect(404);
});
});
Expand Down
Loading
Loading