mirror of
https://github.com/mauriceboe/TREK.git
synced 2026-06-19 13:21:46 +00:00
docs: add full wiki with 74 pages, assets, and CI workflow
Adds the complete TREK documentation wiki covering installation, trip planning, admin panel, MCP/AI integration, addons, and operations. Also fixes encrypt-at-rest gaps: mapbox_access_token, Synology credentials, per-user webhook/ntfy tokens, and photo passphrases are now rotated by migrate-encryption.ts and stored encrypted via settingsService.
This commit is contained in:
jubnl
@@ -0,0 +1,67 @@
|
||||
# MCP Scopes
|
||||
|
||||
OAuth scopes control exactly which data your AI client can read or write in TREK. You select scopes during the OAuth consent screen or when pre-creating an OAuth client. You can revoke access at any time by deleting the OAuth client or token from **Settings → Integrations → MCP**.
|
||||
|
||||
|
||||
|
||||
## All scopes
|
||||
|
||||
TREK defines 27 scopes across 13 groups.
|
||||
|
||||
| Group | Scope | Permission |
|
||||
|---|---|---|
|
||||
| **Trips** | `trips:read` | View trips, days, day notes, and members |
|
||||
| | `trips:write` | Create, update, and delete trips, days, day notes, and accommodations; manage members; duplicate trips |
|
||||
| | `trips:delete` | Permanently delete entire trips (irreversible) |
|
||||
| | `trips:share` | Create, update, and revoke public share links for trips |
|
||||
| **Places** | `places:read` | Read places, day assignments, tags, and categories |
|
||||
| | `places:write` | Create, update, and delete places, assignments, and tags |
|
||||
| **Atlas** | `atlas:read` | Read visited countries, regions, and bucket list |
|
||||
| | `atlas:write` | Mark countries and regions visited, manage bucket list |
|
||||
| **Packing** | `packing:read` | Read packing items, bags, and category assignees |
|
||||
| | `packing:write` | Add, update, delete, toggle, and reorder packing items and bags |
|
||||
| **To-dos** | `todos:read` | Read trip to-do items and category assignees |
|
||||
| | `todos:write` | Create, update, toggle, delete, and reorder to-do items |
|
||||
| **Budget** | `budget:read` | Read budget items and expense breakdown |
|
||||
| | `budget:write` | Create, update, and delete budget items |
|
||||
| **Reservations** | `reservations:read` | Read reservations and accommodation details |
|
||||
| | `reservations:write` | Create, update, delete, and reorder reservations |
|
||||
| **Collaboration** | `collab:read` | Read collab notes, polls, and messages |
|
||||
| | `collab:write` | Create, update, and delete collab notes, polls, and messages |
|
||||
| **Notifications** | `notifications:read` | Read in-app notifications and unread counts |
|
||||
| | `notifications:write` | Mark notifications as read or unread (individually or all at once) |
|
||||
| **Vacation** | `vacay:read` | Read vacation planning data, entries, and stats |
|
||||
| | `vacay:write` | Create and manage vacation entries, holidays, and team plans |
|
||||
| **Geo** | `geo:read` | Search locations, resolve map URLs, and reverse-geocode coordinates |
|
||||
| **Weather** | `weather:read` | Fetch weather forecasts for trip locations and dates |
|
||||
| **Journey** | `journey:read` | Read journeys, entries, and contributor list |
|
||||
| | `journey:write` | Create, update, and delete journeys and their entries |
|
||||
| | `journey:share` | Create, update, and revoke public share links for journeys |
|
||||
|
||||
## Scope rules
|
||||
|
||||
- A `:write` scope implies `:read` access for the same group (e.g. `budget:write` also grants read access to budget data).
|
||||
- Any `trips:*` scope (`trips:read`, `trips:write`, `trips:delete`, or `trips:share`) grants trip read access.
|
||||
- `journey:read` or `journey:write` grants journey read access. `journey:share` alone does **not** grant read access — it only enables managing public share links.
|
||||
- `list_trips` and `get_trip_summary` are always available regardless of scope — they are navigation tools.
|
||||
- Static tokens and web session JWTs have full access equivalent to all scopes.
|
||||
- Addon-gated tools (Atlas, Collab, Vacay, Journey) require both the relevant scope **and** the corresponding addon to be enabled by an admin.
|
||||
|
||||
## Choosing the right scopes
|
||||
|
||||
Grant only what you need. Some examples:
|
||||
|
||||
| Use case | Minimum scopes |
|
||||
|---|---|
|
||||
| Read-only AI assistant | All `:read` scopes relevant to your data |
|
||||
| Full trip planner | All scopes except `:delete` (use the Claude.ai or Claude Desktop preset) |
|
||||
| Budget review only | `trips:read` + `budget:read` |
|
||||
| Packing list assistant | `trips:read` + `packing:read` + `packing:write` |
|
||||
| Journey writer | `trips:read` + `journey:read` + `journey:write` |
|
||||
|
||||
The preset buttons in **Settings → Integrations → MCP → OAuth Clients** fill in a reasonable scope set for common clients. VS Code defaults to read-only scopes; Claude.ai and Claude Desktop default to all scopes except `:delete`.
|
||||
|
||||
## Related
|
||||
|
||||
- [MCP-Setup](MCP-Setup)
|
||||
- [MCP-Tools-and-Resources](MCP-Tools-and-Resources)
|
||||
Reference in New Issue
Block a user