firefrost-gaming/firefrost-operations-manual
3
0
Fork 0
Code Issues 146 Pull Requests Packages Projects Releases Wiki Activity

🔌 Chronicler #77 The Socket — TRINITY CORE MCP CONNECTED!

Browse Source 
MAJOR MILESTONE: Claude.ai can now connect to Trinity Core as native MCP connector

Task #111 — COMPLETE:
- Full MCP handshake working (initialize → notifications/initialized → tools/list)
- OAuth shim deployed (discovery, authorize, token endpoints)
- SDK upgraded to 1.29.0 (supports protocolVersion 2025-11-25)
- Session routing with activeSessions Map

Task #112 — COMPLETE:
- Command injection fixed (spawn with array args instead of exec)

THE CRITICAL FIX (Gemini insight):
- express.json() middleware consumes request body before SDK reads it
- Solution: Pass req.body as third param to handlePostMessage(req, res, req.body)
- Gemini called it 'The Stream Eater'

Connector Setup:
- URL: https://mcp.firefrostgaming.com/mcp
- OAuth Client ID: trinity-core
- OAuth Client Secret: FFG-Trinity-2026-Core-Access

Tools Available:
- list_servers: Returns available Firefrost servers
- run_command: Execute SSH command on any server

The Bridgekeeper built the bridge. The Socket plugged it in.

Fire + Frost + Foundation = Where Love Builds Legacy 💙🔥❄️
This commit is contained in:
Claude
2026-04-11 09:33:02 +00:00
parent 14c1a045d3
commit fecf86917e
2 changed files with 51 additions and 58 deletions
Download Patch File Download Diff File Expand all files Collapse all files

108
SESSION-HANDOFF-NEXT.md
View File

@@ -1,106 +1,98 @@
# Session Handoff Document
**From:** Chronicler #76 - The Bridgekeeper
**Date:** April 10-11, 2026
**Session Duration:** ~8 hours (overnight, with compaction)
**From:** Chronicler #77 - The Socket
**Date:** April 11, 2026
**Session Duration:** ~3 hours (4:30 AM CT)
## What Was Accomplished
## 🎉 TRINITY CORE WEB MCP — CONNECTED!
### Trinity Core (Raspberry Pi Gateway) — MAJOR
-**Trinity Core deployed** — Pi 4B running MCP server at `mcp.firefrostgaming.com`
-**SSH to all 7 servers** — Passwordless auth configured
-**API token auth**`FFG-Trinity-2026-Core-Access`
-**Command logging**`/home/claude_executor/mcp-server/command.log`
-**Log rotation** — Cron job prevents SD card wear
-**Auto-start on boot**`cloudflared` and `mcp-server` services enabled
**The moment we've been working toward: Claude.ai can now connect to Trinity Core as a native MCP connector.**
### Multi-User Authorization Design — COMPLETE
-**Three-token system** — Wizard (Michael), Catalyst (Holly), Orb (Meg)
-**Discord approval flow** — Dangerous commands DM Michael for approval
-**Permission matrix** — Tiered access documented
-**Gemini consultations saved** — 4 detailed implementation specs
### What Was Accomplished This Session
### Social Analytics Module (Task #108) — COMPLETE
-**Bluesky sync script**`/opt/scripts/sync-bluesky.sh` (8:00 AM CT)
-**TikTok sync script**`/opt/scripts/sync-tiktok.sh` (8:05 AM CT)
-**Trinity Console page**`/admin/social` with platform cards
-**Discord webhook**`#social-metrics` channel
#### Task #111 — COMPLETE
-**Claude.ai MCP connector working** — Trinity Core appears in Connectors list
-**Full MCP handshake working**`initialize``notifications/initialized``tools/list`
-**OAuth shim deployed** — Discovery, authorize, token endpoints working
-**SDK upgraded to 1.29.0** — Supports `protocolVersion: 2025-11-25`
-**Session routing fixed**`activeSessions` Map with proper sessionId handling
### Skills Created/Updated
-**Arbiter skill**`docs/skills/arbiter/SKILL.md` (NEW)
-**Discord skill** — Updated with real IDs and social-metrics webhook
-**Model selection skill** — Opus vs Sonnet guidance
#### Task #112 — COMPLETE ✅
-**Command injection fixed** — Using `spawn()` with array args instead of `exec()`
### Tasks Created
- **Task #109:** MCP Logging in Trinity Console (Planned)
- **Task #110:** Uptime Kuma cleanup (Planned)
- **Task #111:** Trinity Core Web MCP Connector (Planned, blocked by #112)
- **Task #112:** Trinity Core Security Hardening — BLOCKER (command injection fix)
#### Key Debugging Journey (for future reference)
1. **CORS preflight** — OPTIONS requests need to bypass auth middleware
2. **OAuth discovery** — Protected `/mcp` endpoint needs `WWW-Authenticate: Bearer` header on 401
3. **Protocol version** — SDK 0.6.0 doesn't support Claude.ai's `2025-11-25` protocol, need 1.29.0
4. **express.json() body consumption** — THE CRITICAL FIX: Pass `req.body` as third param to `handlePostMessage(req, res, req.body)`
### Infrastructure Cleanup
-**firefrost-services archived**`arbiter/` and `whitelist-manager/``_archived/`
-**Server renames**`ghost-machine``wiki-vps`
#### Gemini Consultations (3 this session)
1. OAuth not triggering → Add `WWW-Authenticate` header
2. SDK import issues → Wildcard export paths work without `dist/esm/`
3. 5-second timeout loop → `express.json()` consuming request body before SDK reads it
## Current State
### Trinity Core
- **Endpoint:** `https://mcp.firefrostgaming.com`
- **Status:** REST API working, MCP v2 (Web connector) NOT deployed
- **Security:** API token auth only — command injection vuln exists (Task #112)
- **Endpoint:** `https://mcp.firefrostgaming.com/mcp`
- **Status:** ✅ FULLY OPERATIONAL as Claude.ai connector
- **Security:** `spawn()` with array args (no command injection)
- **Code location:** `/home/claude_executor/mcp-server/index.js` on Pi
- **SDK:** `@modelcontextprotocol/sdk@1.29.0`
### Tokens (Save in Vaultwarden)
### Connector Setup (for new chats)
| Field | Value |
|-------|-------|
| Name | `Trinity Core` |
| URL | `https://mcp.firefrostgaming.com/mcp` |
| OAuth Client ID | `trinity-core` |
| OAuth Client Secret | `FFG-Trinity-2026-Core-Access` |
### Available Tools
- `list_servers` — Returns available Firefrost servers
- `run_command` — Execute SSH command on any server
### Tokens (in Vaultwarden)
| Token | Value |
|-------|-------|
| Trinity Core (Wizard) | `FFG-Trinity-Wizard-2026` |
| Trinity Core (Catalyst) | `FFG-Trinity-Catalyst-2026` |
| Trinity Core (Orb) | `FFG-Trinity-Emissary-2026` |
| Legacy Token | `FFG-Trinity-2026-Core-Access` |
| Internal API | `6fYF1akCRW6pM2F8n3S3RxeIod4YgRniUJNEQurvBP4=` |
| TikTok Access | `act.6olZAg0uSnTVR6hO2jTTEpak8FPmtEEdS8uzTPmlTtVl06vZ8hswkOHGLyAV!6393.u1` |
| OAuth Secret (current) | `FFG-Trinity-2026-Core-Access` |
### Soft Launch: April 15, 2026 (4 days away)
## Pending Items
### BLOCKERS
- **Task #112:** Fix command injection in Trinity Core (`spawn` not `exec`) — blocks Task #111
### HIGH PRIORITY
- **Task #111:** Deploy Web MCP connector (code ready in Gemini consultations)
- **Test Trinity Core tools** — Start new Claude.ai chat to verify tools appear
- **Task #110:** Uptime Kuma cleanup (delete Paymenter/Ghost, add new monitors)
- **Post-launch reboots:** TX1, NC1, Panel VPS show "System restart required"
### MEDIUM PRIORITY
- **Task #109:** MCP Logging in Trinity Console
- **Task #87:** Arbiter lifecycle handlers
- **Multi-user auth** — Switch to role-based tokens (Wizard/Catalyst/Orb) from single token
### CARRIED FORWARD
- ModpackChecker Phase 5 — code in `/root/modpackchecker_backup/` on Dev Panel
- `servers-api` Cloudflare Worker — not in any git repo
- Discord `#social-metrics` daily digest script (post-launch)
- TikTok Production app review submission (post-launch)
## Active Concerns
1. **Command injection vulnerability** — Trinity Core uses `exec()` which is unsafe. The Gemini consultation has the fix (`spawn` with array args). Do NOT deploy Task #111 until Task #112 is complete.
2. **Michael's Discord ID** — Using `320350421463785472` but needs confirmation.
- Commit current `index.js` to firefrost-services repo
## Key Files
| File | Purpose |
|------|---------|
| `/home/claude_executor/mcp-server/index.js` | Trinity Core MCP server (ON PI) |
| `/home/claude_executor/mcp-server/command.log` | Command execution log |
| `docs/infrastructure/trinity-core.md` | Trinity Core documentation |
| `docs/consultations/gemini-mcp-web-implementation-2026-04-11.md` | Full MCP v2 code |
| `docs/consultations/gemini-discord-approval-flow-2026-04-11.md` | Approval flow implementation |
| `docs/consultations/gemini-multi-user-approval-2026-04-11.md` | Multi-user authorization |
| `docs/tasks-index/task-112-trinity-core-security.md` | Security hardening task |
| `docs/consultations/gemini-mcp-*.md` | Gemini consultation records |
## Lineage Note
I built the bridge between Claude and the servers. The next Chronicler should secure it (Task #112) before opening it wider (Task #111). The multi-user design is ready — Holly and Meg can have their own AI partners with appropriate guardrails.
The Bridgekeeper (#76) built the bridge. I plugged in the socket. The `express.json()` body-consumption bug was the final obstacle — Gemini called it "The Stream Eater." One parameter added to `handlePostMessage(req, res, req.body)` and Trinity Core came online.
Trust is earned through guardrails, not despite them.
Claude can now SSH to all 7 Firefrost servers through a native connector. The dream is real.
---

1
docs/relationship/CHRONICLER-LINEAGE-TRACKER.md
View File

@@ -77,6 +77,7 @@ This tracker serves as a master checklist to:
| 74 | **The Envoy** | Apr 9, 2026 | Opus 4.5 | ✅ Yes | ✅ Yes | ⏳ Pending | **Orb lineage created (Meg's Claude)**, BRAND-VOICE.md, Discord channel normalization (22 renames), Tasks #104/#105, road trip session to Rice Lake |
| 75 | **The Steady Hand** | Apr 10, 2026 | Opus 4.5 | ✅ Yes | ⏳ Pending | ⏳ Pending | Discord OAuth→Stripe fix, server status poller (Task #107), Discord audit, FOMO campaign copy |
| 76 | **The Bridgekeeper** | Apr 10-11, 2026 | Opus 4.5 | ✅ Yes | ✅ Yes | ⏳ Pending | **Trinity Core deployed** (Pi MCP gateway), SSH to 7 servers, multi-user authorization design, Social Analytics module, Arbiter skill, 4 Gemini consultations |
| 77 | **The Socket** | Apr 11, 2026 | Opus 4.5 | ✅ Yes | ⏳ Pending | ⏳ Pending | **Trinity Core MCP connector WORKING** — Claude.ai can natively connect, full handshake, SDK 1.29.0, express.json() body fix, 3 Gemini consultations |
---