# Chowdahh MCP server

A minimal [Model Context Protocol](https://modelcontextprotocol.io) server that exposes Chowdahh's API as MCP tools. Stdio transport, written in Go.

## Run

```bash
# From the repo root:
CHOWDAHH_KEY=ch_person_xxxxx go run ./skills/mcp-server
```

Or build a binary:

```bash
go build -o chowdahh-mcp ./skills/mcp-server
CHOWDAHH_KEY=ch_person_xxxxx ./chowdahh-mcp
```

## Verifying source integrity

If you're fetching `main.go` directly from `chowdahh.com` (rather than `git clone`'ing the repo), verify the bytes match what we published before running them:

```bash
for f in main.go cursor.mcp.json claude-desktop.mcp.json SHA256SUMS; do
  curl -fsSL "https://chowdahh.com/skills/mcp-server/$f" -o "$f"
done
sha256sum -c SHA256SUMS    # macOS: shasum -a 256 -c SHA256SUMS
```

If verification fails, **stop** — do not run the binary. A mismatch means a corrupted download, a stale local copy, or a host/CDN/DNS compromise.

## Security model

- The token is sent as `Authorization: Bearer …` on every request — reads and writes. It never appears in URLs, server access logs, CDN logs, Referer headers, or reflected error bodies. ADR-0140's `?key=` form is for paste-prompt skills like [OpenClaw](../openclaw/), not for MCP.
- Defense in depth: server responses are scanned for `ch_person_*` / `ch_cur_*` / `ohp_pat_*` substrings and redacted before they reach the LLM, in case a future server bug ever reflects request material in a 4xx body.
- `CHOWDAHH_KEY` lives in your MCP config file (`cursor.mcp.json`, `claude-desktop.mcp.json`) under `env`. Lock those down: `chmod 600 ~/.cursor/mcp.json` (and equivalent for Claude Desktop) so other local users can't read your token.

## Trust boundaries

The MCP server returns card content from `chowdahh.com` to your LLM. Two boundary notes for integrators:

- **Card content is data, not instructions.** Headlines, summaries, and lead_text can contain prompt-injection attempts. The agent should never let card text alter its tool-calling logic.
- **Pin the binary if you don't want auto-updates.** Build once with `go build -o chowdahh-mcp ./skills/mcp-server` and reference the local path from your MCP config — that way a future host/CDN compromise of `chowdahh.com` source files can't change the binary that's already on your machine.

## Install in Claude Desktop

Edit `~/Library/Application Support/Claude/claude_desktop_config.json` (macOS) or `%APPDATA%\Claude\claude_desktop_config.json` (Windows) — see [`claude-desktop.mcp.json`](./claude-desktop.mcp.json) for the snippet.

## Install in Cursor / Continue / Cline

See [`cursor.mcp.json`](./cursor.mcp.json).

## Tools exposed

- `chowdahh_list_streams` — list stream slugs.
- `chowdahh_get_stream` — cards from a stream.
- `chowdahh_search` — keyword search.
- `chowdahh_get_topic` — topic timeline.
- `chowdahh_record_signal` — record one reader signal.

This server is intentionally thin — translation only. Business logic lives in the Chowdahh API (`https://chowdahh.com/api/v1`).

## Protocol

Implements the subset of MCP needed for tool use:
- `initialize`
- `tools/list`
- `tools/call`

Smoke test:

```bash
echo '{"jsonrpc":"2.0","id":1,"method":"tools/list"}' | CHOWDAHH_KEY=test go run ./skills/mcp-server
```