AI PC Assistant MCP Server

# 🤖 CHHOTU MCP SERVER - COMPLETE PROJECT EXPLANATION ## 1️⃣ WHAT IS MCP (MODEL CONTEXT PROTOCOL)? MCP is a protocol that lets LLMs (AI assistants) safely interact with your computer by calling specific "tools" you define. **Example:** ``` You: "Search for all TypeScript files in my project" ↓ Gemini: "I'll use the search_files tool" ↓ MCP Server: Searches your system locally ↓ Result: "Found 15 TypeScript files..." ``` **KEY:** The LLM never directly accesses your files. It only calls your tools, which run on YOUR machine. --- ## 2️⃣ PROJECT STRUCTURE - HOW IT'S ORGANIZED Your project has **4 main layers**: ### LAYER 1: CONFIG (src/config/) ``` Purpose: Secure licensing for Day-1 monetization Components: • license.ts - HMAC-SHA256 license validation • index.ts - Global configuration & setup DATA FLOW: Validates ~/.mcp-license file at startup ``` ### LAYER 2: CORE (src/core/) ``` Purpose: Actual computer operations Components: • fileSystem.ts - Read/write/delete files • search.ts - Search files by name or content • commands.ts - Execute allow-listed shell commands • apps.ts - Launch applications (Mac/Win/Linux) • clipboard.ts - Read/write clipboard • kv.ts - Local key-value JSON storage DATA FLOW: Direct access to OS (with safety checks) ``` ### LAYER 3: TOOLS (src/tools/) ``` Purpose: Define tools that LLMs can call Components: • fileTools.ts - 5 file system tools • searchTools.ts - 2 search tools • commandTools.ts - 2 command tools • systemTools.ts - 3 system tools • automationTools.ts - 3 automation tools • kvTools.ts - 5 key-value tools • index.ts - Registers all 20 tools DATA FLOW: Takes LLM input → calls core functions → returns responses ``` ### LAYER 4: UTILS (src/utils/) ``` Purpose: Shared utilities used by other layers Components: • platform.ts - Detect OS (macOS/Windows/Linux) • paths.ts - Safe path handling • errors.ts - Consistent error responses DATA FLOW: Helper functions used everywhere ``` --- ## 3️⃣ HOW IT WORKS - DATA FLOW EXAMPLE ### SCENARIO: You ask Gemini to "Read my package.json file" **Step 1:** You ask in Gemini CLI ``` You: "Read my package.json" ``` **Step 2:** Gemini decides to use a tool ``` Gemini: "I'll use read_file tool" Request: { tool: "read_file", arguments: { path: "/Users/debasishbiswal/Desktop/chhotu_sa_mcp_mvp/package.json" } } ``` **Step 3:** MCP Server receives request (running on your machine) ``` server.ts receives the request ↓ Calls src/tools/index.ts (tool registry) ↓ Routes to fileTools.readFileTool() ``` **Step 4:** readFileTool processes it ``` ✅ Validates the path is safe ✅ Calls src/core/fileSystem.ts → readFileContents() ✅ Reads the actual file content ✅ Returns JSON response ``` **Step 5:** Response sent back to Gemini ``` { success: true, content: "{ \"name\": \"chhotu-mcp-mvp\", ... }", size: 1024 } ``` **Step 6:** Gemini shows you the result ``` "Here's your package.json content: { \"name\": \"chhotu-mcp-mvp\", ... }" ``` **KEY POINT:** Your file never leaves your machine! - Gemini only receives the text response - Your file system stays on your computer - Gemini cannot access your files directly --- ## 4️⃣ THE 20 TOOLS - WHAT EACH DOES ### FILE SYSTEM (5 tools) **📁 list_files** - Input: `path`, `recursive` (optional) - Output: List of files with metadata (size, type, permissions) - Example: "Show me all files in my Desktop folder" **📖 read_file** - Input: `path` (file path) - Output: File contents as text - Example: "Read my config.json" **✍️ write_file** - Input: `path`, `content` - Output: Success/failure message - Example: "Create a new file called hello.txt with 'Hello World'" **🗑️ delete_file** - Input: `path`, `recursive` (for folders) - Output: Success/failure message - Example: "Delete the temp folder" **↔️ move_file** - Input: `sourcePath`, `destPath` - Output: Success/failure message - Example: "Rename index.ts to main.ts" ### SEARCH (2 tools) **🔍 search_files** - Input: `baseDir`, `query` (filename pattern), `maxResults` - Output: List of matching file paths - Example: "Find all .ts files in src/" **📝 search_content** - Input: `baseDir`, `query` (text to find), `maxResults` - Output: List of files containing the text - Example: "Find all files containing 'export function'" ### COMMANDS (2 tools) **💻 run_command** - Input: `command` (pre-approved only) - Output: stdout, stderr, exit code - Allowed commands: ls, find, grep, cat, echo, etc. (18 total) - Example: "List files with 'ls -la'" **📋 list_allowed_commands** - Input: none - Output: List of all allowed commands - Example: "What commands can I run?" ### SYSTEM (3 tools) **🚀 launch_app** - Input: `appName` - Output: Success message - Platform-aware (macOS: open, Windows: start, Linux: exec) - Example: "Launch VS Code" **📋 get_clipboard** - Input: none - Output: Current clipboard content - Example: "What's in my clipboard?" **📌 set_clipboard** - Input: `content` (text to copy) - Output: Success message - Example: "Copy this token to my clipboard: abc123xyz" ### AUTOMATION (3 tools) **📂 create_folder_structure** - Input: `basePath`, `structure` (nested JSON) - Output: Success message - Example: "Create a project folder with src/, public/, config/ folders" **🔄 bulk_rename** - Input: `directory`, `pattern` (what to rename), `replacement` (new name) - Output: List of renamed files - Example: "Rename all .js files to .ts" **🏠 cleanup_desktop** - Input: none - Output: Files organized into Documents/, Images/, Videos/, etc. - Example: "Clean up my desktop" ### LOCAL STORAGE (5 tools) **💾 kv_set** - Input: `key`, `value` - Output: Success message - Stores in `~/.mcp-kv/store.json` - Example: "Remember this API key: sk_live_abc123" **🔍 kv_get** - Input: `key` - Output: Value if found - Example: "What was my API key?" **❌ kv_delete** - Input: `key` - Output: Success message - Example: "Forget the API key" **📚 kv_list** - Input: none - Output: All stored keys - Example: "Show me what you remember" **🧹 kv_clear** - Input: none - Output: Success message - Example: "Forget everything you stored" --- ## 5️⃣ SECURITY FEATURES - HOW IT PROTECTS YOU ### 🔐 LICENSE VALIDATION - Checks `~/.mcp-license` file on startup - Uses HMAC-SHA256 tokens (can't be forged) - Expires after 90 days (demo) or custom period - Prevents unauthorized use ### ✅ COMMAND ALLOW-LIST - Only 18 pre-approved shell commands can run - Examples: `ls`, `grep`, `cat`, `find` - Prevents dangerous commands: `rm -rf /`, etc. - LLM cannot execute arbitrary code ### 🛡️ PATH SAFETY - Prevents directory traversal (`../../` escapes) - Validates all file paths before access - Checks file permissions - Prevents reading/writing outside allowed areas ### 📛 ERROR SANITIZATION - Hides sensitive system details in production - Shows helpful errors in development - Never exposes passwords, tokens, or system info ### 🖥️ PLATFORM-SPECIFIC - Uses macOS commands on Mac (`pbcopy`/`pbpaste`) - Uses Windows commands on Windows (PowerShell) - Uses Linux commands on Linux (`xclip`) - Prevents OS-specific vulnerabilities --- ## 6️⃣ STARTUP FLOW - WHAT HAPPENS WHEN YOU RUN `npm run dev` ``` npm run dev ↓ server.ts starts ↓ Step 1: Initialize Config • Reads ~/.mcp-license • Validates license token (HMAC-SHA256) • Checks expiration date ✅ License valid for: mcp-user ↓ Step 2: Register Tools • Loops through all 20 tools • Registers each with MCP SDK • Validates Zod schemas ✅ 15 tools registered (or 20 with duplicates) ↓ Step 3: Start Transports • STDIO transport (for Claude Desktop) ✅ STDIO MCP transport ready • HTTP transport (REST API) ✅ HTTP MCP available at http://127.0.0.1:3000/mcp • WebSocket transport (real-time) ✅ WebSocket MCP running at ws://127.0.0.1:4000 ↓ Server is now LIVE and waiting for requests! ``` --- ## 7️⃣ THREE CONNECTION METHODS Your MCP server can be connected to AI assistants in 3 ways: ### 1️⃣ STDIO (Standard Input/Output) ``` Claude Desktop ↓ pipes input/output npm run dev (stdin/stdout connection) ``` Used for: Claude Desktop, native MCP clients ### 2️⃣ HTTP REST API ``` Gemini CLI (or any HTTP client) ↓ HTTP POST requests localhost:3000/mcp (REST endpoint) ``` Used for: Web clients, CLI tools, any HTTP client ### 3️⃣ WebSocket ``` Web App / Real-time App ↓ WebSocket connection ws://localhost:4000 (Real-time bidirectional) ``` Used for: Web applications, real-time updates --- ## 8️⃣ FILE PERSISTENCE - WHERE DATA IS STORED ### License File ``` ~/.mcp-license Format: licensee:timestamp:signature (HMAC-SHA256) Example: mcp-user:1704067840:a3c5d8f... ``` ### KV Store (Local Database) ``` ~/.mcp-kv/store.json Format: JSON key-value pairs Example: { "api_key": "sk_live_abc123", "user_token": "token_xyz", "settings": "{\"theme\": \"dark\"}" } ``` ### Compiled Code ``` dist/ Format: JavaScript (compiled from TypeScript) This is what actually runs ``` ### Source Code ``` src/ Format: TypeScript (.ts files) Needs compilation before running ``` --- ## 9️⃣ KEY DEPENDENCIES ### @modelcontextprotocol/sdk (v1.23.0) - The MCP protocol implementation - Handles tool registration and schema validation - Manages STDIO, HTTP, WebSocket transports ### express (v4.18.2) - HTTP server for REST endpoint - Handles `localhost:3000/mcp` requests ### ws (v8.18.3) - WebSocket server - Handles real-time connections on `localhost:4000` ### zod (v3.25.76) - Schema validation for tool inputs - Type-safe input validation - Generates TypeScript types ### typescript (v5.9.3) - Compiles .ts files to .js - Type checking - Better IDE support --- ## 🔟 COMMON WORKFLOWS ### WORKFLOW 1: Organize Files ``` You: "Organize my Desktop by file type" → Gemini calls cleanup_desktop() → Tool moves files to Documents/, Images/, Videos/, etc. ✅ Desktop organized ``` ### WORKFLOW 2: Search and Read ``` You: "Find all TODO comments in my code" → Gemini calls search_content(baseDir="/project", query="TODO") → Returns list of files → Gemini calls read_file() on each → Shows you all TODOs ✅ All TODOs displayed ``` ### WORKFLOW 3: Batch Rename ``` You: "Rename all .jsx files to .tsx in my src folder" → Gemini calls bulk_rename(directory="/src", pattern=".jsx", replacement=".tsx") → Tool renames all files ✅ All files renamed ``` ### WORKFLOW 4: Store Sensitive Info ``` You: "Remember this API key" → Gemini calls kv_set("api_key", "sk_live_abc123") → Stored in ~/.mcp-kv/store.json (encrypted by OS) → Later: kv_get("api_key") retrieves it ✅ Safely stored locally ``` --- ## 1️⃣1️⃣ MONETIZATION - DAY 1 READY Your project is built for selling from Day 1: ### Demo License - Valid for 90 days - Created via: `npm run setup-license` - Stored at: `~/.mcp-license` - Generated using: `generateLicenseToken("licensee-name")` ### Selling Flow 1. Customer buys license 2. You run: `npm run setup-license` - Prompts: "Enter licensee name: [customer name]" 3. Gets token: `"customer-name:timestamp:signature"` 4. Customer saves to `~/.mcp-license` 5. Their MCP server validates on startup 6. ✅ Only they can use it (tied to license) ### In src/config/license.ts - `SHARED_SECRET` controls token signing - Customize for your business - Set `LICENSE_FILE` location per customer - Add expiration logic in `validateLicenseToken()` --- ## 1️⃣2️⃣ SUMMARY - WHAT YOU NOW HAVE ✅ **20 production-ready tools** that AI assistants can call ✅ **4-layer architecture** (Config → Core → Tools → Utils) ✅ **Full file system access** with safety checks ✅ **Cross-platform support** (Mac/Windows/Linux) ✅ **License validation** for monetization ✅ **Local data storage** (KV store) ✅ **Multiple connection methods** (STDIO/HTTP/WebSocket) ✅ **Complete TypeScript codebase** ✅ **Ready to deploy and distribute** ✅ **No data leaves your machine** --- ## Next Steps 1. **Test the tools** - Use Gemini CLI with the MCP connected 2. **Customize** - Add more tools by following the src/tools/ pattern 3. **Deploy** - Package and distribute to customers with license validation 4. **Monitor** - Check logs and metrics as users interact with tools