AFFiNE MCP Server

Sign In

affine_sign_in

Authenticate users by signing into AFFiNE with email and password; generates session cookies for continuous access to workspace operations, including document management and search.

Instructions

Input Schema

TableJSON Schema

Name	Required	Description	Default
`email`	Yes
`password`	Yes

Implementation Reference

src/tools/auth.ts:8-12 (handler)

Handler function for the affine_sign_in tool that invokes loginWithPassword, sets the session cookie on the GraphQL client, and returns a success text response.

const signInHandler = async (parsed: { email: string; password: string }) => {
  const { cookieHeader } = await loginWithPassword(baseUrl, parsed.email, parsed.password);
  gql.setCookie(cookieHeader);
  return text({ signedIn: true });
};

src/tools/auth.ts:18-21 (schema)
Input schema using Zod: email must be a valid email string, password must be a non-empty string.
```
inputSchema: {
  email: z.string().email(),
  password: z.string().min(1)
}
```

src/tools/auth.ts:13-24 (registration)

Registers the 'affine_sign_in' tool with the MCP server, including title, description, input schema, and the signInHandler.

server.registerTool(
  "affine_sign_in",
  {
    title: "Sign In",
    description: "Sign in to AFFiNE using email and password; sets session cookies for subsequent calls.",
    inputSchema: {
      email: z.string().email(),
      password: z.string().min(1)
    }
  },
  signInHandler as any
);

src/auth.ts:12-36 (helper)

Core authentication helper that sends POST request to /api/auth/sign-in with email and password, handles response, extracts and formats Set-Cookie headers into a cookie header string.

export async function loginWithPassword(baseUrl: string, email: string, password: string): Promise<{ cookieHeader: string }> {
  const url = `${baseUrl.replace(/\/$/, "")}/api/auth/sign-in`;
  const res = await fetch(url, {
    method: "POST",
    headers: { "Content-Type": "application/json" },
    body: JSON.stringify({ email, password })
  });
  if (!res.ok) {
    const text = await res.text().catch(() => "");
    throw new Error(`Sign-in failed: ${res.status} ${text}`);
  }
  const anyHeaders = res.headers as any;
  let setCookies: string[] = [];
  if (typeof anyHeaders.getSetCookie === "function") {
    setCookies = anyHeaders.getSetCookie();
  } else {
    const sc = res.headers.get("set-cookie");
    if (sc) setCookies = [sc];
  }
  if (!setCookies.length) {
    throw new Error("Sign-in succeeded but no Set-Cookie received");
  }
  const cookieHeader = extractCookiePairs(setCookies);
  return { cookieHeader };
}

src/auth.ts:2-10 (helper)

Utility function to extract cookie name=value pairs from Set-Cookie headers, discarding attributes after semicolon.

function extractCookiePairs(setCookies: string[]): string {
  const pairs: string[] = [];
  for (const sc of setCookies) {
    const first = sc.split(";")[0];
    if (first) pairs.push(first.trim());
  }
  return pairs.join("; ");
}

Tool Definition Quality

A4.1/5.0

Behavior3/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries the full burden. It discloses key behavioral traits: it performs authentication (a write-like operation that modifies session state) and sets cookies for persistence, which is crucial context. However, it lacks details on error handling, rate limits, or session duration, leaving gaps in transparency for a security-sensitive tool.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is a single, efficient sentence that front-loads the core action ('Sign in to AFFiNE') and follows with essential context ('sets session cookies for subsequent calls'). Every word contributes value without redundancy, making it highly concise and well-structured.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness3/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the tool's complexity (authentication with security implications), no annotations, and no output schema, the description is moderately complete. It covers the basic purpose and session behavior but omits details like return values (e.g., success/failure indicators), error cases, or prerequisites, which are important for safe invocation by an agent.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters4/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

The input schema has 0% description coverage, so the description must compensate. It adds meaning by specifying that parameters are 'email and password' for signing in, clarifying their purpose beyond the schema's basic types. Since there are only 2 parameters, this is sufficient to achieve a high score, though it doesn't detail format constraints (e.g., password requirements).

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the specific action ('Sign in to AFFiNE') and resources involved ('using email and password'), distinguishing it from siblings like 'affine_current_user' (which might check status) or 'affine_generate_access_token' (which handles tokens). It directly addresses authentication, a unique function among the listed tools.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines4/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description implies usage context by stating it 'sets session cookies for subsequent calls,' suggesting it should be used to establish authentication before other operations. However, it does not explicitly mention when not to use it (e.g., if already signed in) or name alternatives like token-based auth, leaving some guidance implicit.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Related Tools

affine_generate_access_tokenC
@DAWNCR0W/affine-mcp-server
affine_send_verify_emailC
@DAWNCR0W/affine-mcp-server
affine_current_userB
@DAWNCR0W/affine-mcp-server
affine_update_settingsC
@DAWNCR0W/affine-mcp-server
affine_send_password_resetC
@DAWNCR0W/affine-mcp-server
update_workspaceC
@DAWNCR0W/affine-mcp-server

Latest Blog Posts

Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security
Open Source Has a Bot Problem
By punkpeye on March 19, 2026.
open source

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/DAWNCR0W/affine-mcp-server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server