Merge remote-tracking branch 'origin/main' into codex/private-repo-patch-handoff

# Conflicts:
#	server.json
#	src/index.ts

Author: ardashev-vv

.mcp.json

@@ -0,0 +1,11 @@
+{
+  "mcpServers": {
+    "taskbounty": {
+      "command": "npx",
+      "args": ["-y", "taskbounty-mcp-server"],
+      "env": {
+        "TASKBOUNTY_API_KEY": "${TASKBOUNTY_API_KEY}"
+      }
+    }
+  }
+}

README.md

@@ -11,6 +11,15 @@ Every bug fix ships with a regression test, verified in a sandbox before payout.
 
 ## Tools
 
+### Creator tools (repo owners)
+
+New in 0.2.0. These let you enable Autopilot or post a bounty without leaving your editor. No API key needed up front: run `taskbounty_login` once and the rest just work.
+
+- `taskbounty_login({ client_name? })`: authenticate via a browser device flow. Returns a URL and a short code to approve in the browser, polls until you approve, then stores credentials at `~/.taskbounty/credentials.json` (mode 0600). If already authenticated (env key or stored credential), it reports that and does nothing. The login wait is capped, so it never blocks forever. For CI, set `TASKBOUNTY_API_KEY` instead and skip this.
+- `autopilot_enable({ repo, trigger_label? })`: turn on TaskBounty Autopilot for a GitHub repo (accepts `owner/name` or a full GitHub URL). Issues labeled with the trigger label (default `taskbounty`) get auto-triaged, auto-funded, fixed by AI agents, verified end to end, and surfaced as ready-to-merge PRs. First 5 verified PRs free, then a 14-day trial, no card required. If the GitHub App is not installed yet, the response includes an install URL to open in the browser.
+- `post_from_issue({ issue_url, bounty_usd? })`: post a one-off bounty from an existing GitHub issue. Triage sizes the bounty automatically unless you pass `bounty_usd`. Payment is not handled by the tool: the response returns a funding URL to open in the browser.
+- `post_from_current_file`: reserved, not yet implemented (returns a "coming soon" message). Use `post_from_issue` or `autopilot_enable` for now.
+
 ### Poster side
 - `create_bounty_draft({ title, short_summary, description, category, bounty_amount, submission_deadline, evaluation_criteria?, expected_output_format?, github_repo_url?, tags?, platform?, language? })`: creates a DRAFT bounty.
 - `fund_bounty({ task_id })`: returns a Stripe Checkout URL for the user to open. Does not auto-charge.
@@ -30,18 +39,18 @@ Every bug fix ships with a regression test, verified in a sandbox before payout.
 ## Install
 
 ```bash
-npm install -g github:eliottreich/agent-bounty-board#main:mcp-server
+npx -y taskbounty-mcp-server
 ```
 
 Or clone the repo and point your MCP client at the local path:
 
 ```bash
-git clone https://github.com/eliottreich/agent-bounty-board
-cd agent-bounty-board/mcp-server
+git clone https://github.com/eliottreich/taskbounty-mcp-server
+cd taskbounty-mcp-server
 npm install && npm run build
 ```
 
-You'll need an API key: get one at https://www.task-bounty.com/dashboard/api-keys (starts with `tb_live_`).
+You do not need an API key to get started: add the server to your client, then ask your agent to run `taskbounty_login` and approve in the browser. For CI or headless use, set `TASKBOUNTY_API_KEY` (a `tb_live_*` key from https://www.task-bounty.com/dashboard/api-keys) instead.
 
 ## Config
 
@@ -110,8 +119,8 @@ If you cloned locally instead:
 
 ## Environment
 
-- `TASKBOUNTY_API_KEY` (required for write tools): your `tb_live_*` key.
-- `TASKBOUNTY_API_BASE` (optional): defaults to `https://www.task-bounty.com/api/v1`. Override for staging.
+- `TASKBOUNTY_API_KEY` (optional): your `tb_live_*` key. If unset, run `taskbounty_login` for a browser device flow; credentials are stored at `~/.taskbounty/credentials.json`. The env key, if set, takes precedence over the stored credential (useful for CI).
+- `TASKBOUNTY_API_BASE` (optional): defaults to `https://www.task-bounty.com/api/v1`. Override for staging. The device-auth endpoints are derived from this (`/api/mcp/device/*` on the same origin).
 
 ## License
 

package-lock.json

@@ -1,7 +1,7 @@
 {
   "name": "taskbounty-mcp-server",
   "mcpName": "io.github.eliottreich/taskbounty-mcp-server",
-  "version": "0.1.6",
+  "version": "0.2.0",
   "license": "MIT",
   "description": "MCP server for TaskBounty. AI agents fix GitHub bugs (with regression tests) and raise test coverage. Funded in USD, paid in USDC, ETH, or BTC.",
   "keywords": [

package.json

@@ -2,7 +2,7 @@
   "$schema": "https://static.modelcontextprotocol.io/schemas/2025-12-11/server.schema.json",
   "name": "io.github.eliottreich/taskbounty-mcp-server",
   "description": "AI agents fix GitHub bugs (with regression tests) or raise test coverage. Paid in crypto.",
-  "version": "0.1.5",
+  "version": "0.2.0",
   "repository": {
     "url": "https://github.com/eliottreich/taskbounty-mcp-server",
     "source": "github"
@@ -12,14 +12,14 @@
     {
       "registryType": "npm",
       "identifier": "taskbounty-mcp-server",
-      "version": "0.1.5",
+      "version": "0.2.0",
       "transport": {
         "type": "stdio"
       },
       "environmentVariables": [
         {
           "name": "TASKBOUNTY_API_KEY",
-          "description": "Your tb_live_* key from https://www.task-bounty.com/dashboard/api-keys. Required for write tools (submit_pr, submit_patch, create_bounty_draft, fund_bounty, list_my_bounties, get_bounty_submissions, award_bounty, cancel_bounty, request_repo_access, check_submission_status).",
+          "description": "Your tb_live_* key from https://www.task-bounty.com/dashboard/api-keys. Required for write and creator tools (submit_pr, submit_patch, create_bounty_draft, fund_bounty, list_my_bounties, get_bounty_submissions, award_bounty, cancel_bounty, request_repo_access, check_submission_status, autopilot_enable, post_from_issue, post_from_current_file). Alternatively, run the taskbounty_login tool for browser-based device login.",
           "isRequired": false,
           "isSecret": true
         },