k1nq/TREK
1
0
Fork 0
mirror of https://github.com/mauriceboe/TREK.git synced 2026-06-19 13:21:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

docs(mcp): update MCP.md and README for OAuth 2.1

Browse Source 
- Restructure MCP.md setup section: OAuth 2.1 as primary auth path
  (auto-flow via DCR/consent screen), static tokens demoted to
  deprecated Option B with callout
- Add Authentication section documenting three-tier auth model
  (trekoa_, trek_, JWT) with prefixes, TTLs, and deprecation status
- Add OAuth Scopes section: all 24 scopes across 13 groups, scope
  inheritance rules, always-available tools note
- Fix outdated Limitations values: 60→300 req/min, 5→20 sessions
- Add new limitation rows: OAuth scope enforcement, per-client rate
  limiting, addon toggle invalidation
- Add token_auth_notice prompt to Prompts table
- README: mention OAuth 2.1 in MCP features, add Granular Scopes
  bullet, update tech stack auth line
This commit is contained in:
jubnl
2026-04-11 14:34:51 +02:00
parent 7a22d742ab
commit 0efa316004
2 changed files with 118 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+3 -2
View File
@@ -77,7 +77,8 @@
- **Dashboard Widgets** — Currency converter and timezone clock, toggleable per user
### AI / MCP Integration
- **MCP Server** — Built-in [Model Context Protocol](MCP.md) server exposes 80+ tools and 27 resources so AI assistants (Claude, Cursor, etc.) can read and modify your trips
- **MCP Server** — Built-in [Model Context Protocol](MCP.md) server with OAuth 2.1 authentication exposes 80+ tools and 27 resources so AI assistants (Claude, Cursor, etc.) can read and modify your trips
- **Granular Scopes** — 24 OAuth scopes across 13 permission groups let you control exactly what data your AI client can access
- **Full Trip Automation** — AI can create trips, plan itineraries, build packing lists, manage budgets, send collab messages, mark countries visited, and more in a single conversation
- **Prompts** — Pre-built `trip-summary`, `packing-list`, and `budget-overview` prompts give AI clients instant structured context
- **Addon-Aware** — Atlas, Collab, and Vacay features are exposed automatically when those addons are enabled
@@ -97,7 +98,7 @@
- **PWA**: vite-plugin-pwa + Workbox
- **Real-Time**: WebSocket (`ws`)
- **State**: Zustand
- **Auth**: JWT + OIDC + TOTP (MFA)
- **Auth**: JWT + OAuth 2.1 + OIDC + TOTP (MFA)
- **Maps**: Leaflet + react-leaflet-cluster + Google Places API (optional)
- **Weather**: Open-Meteo API (free, no key required)
- **Icons**: lucide-react