This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
npm run build- Compile TypeScript to JavaScript and fix import pathsnpm run dev- Start development server with hot reload using tsxnpm start- Run the compiled server from dist/
npm test- Run all tests with Jestnpm run test:watch- Run tests in watch modenpm run test:coverage- Generate coverage report (95% threshold required)- Single test:
npm test -- tests/unit/path/to/specific.test.ts
npm run lint- Run ESLint on TypeScript filesnpm run lint:fix- Auto-fix ESLint issuesnpm run typecheck- Type check without emitting filesnpm run format- Format code with Prettiernpm run format:check- Check formatting without modifying files
This is a Model Context Protocol (MCP) server that provides comprehensive integration with the Productboard API through 49 specialized tools. The architecture follows a modular, permission-based design:
src/core/server.ts- Main MCP server implementation using@modelcontextprotocol/sdksrc/auth/manager.ts- Authentication manager supporting Bearer tokens and OAuth2src/auth/permission-discovery.ts- Dynamically discovers user permissions and registers tools accordinglysrc/tools/base.ts- Abstract base class for all tools with permission checkingsrc/api/client.ts- Productboard API client with rate limiting and retry logic
Tools are automatically discovered and registered based on user permissions:
- Server imports all tools from
@tools/index.js - Permission discovery service determines user's Productboard access level
- Only tools matching user permissions are registered
- Tools extend
BaseTooland implement permission metadata
src/core/- MCP server core functionality and protocol handlingsrc/auth/- Authentication, permissions, and credential managementsrc/api/- Productboard API client and error handlingsrc/tools/- 49 MCP tools organized by category (features, products, notes, etc.)src/middleware/- Rate limiting, caching, and validationsrc/utils/- Configuration, logging, and error utilities
- Permission-based tool access - Tools define required permissions and access levels
- Path aliases - Use
@auth/,@api/,@core/,@tools/,@middleware/,@utils/imports - ESM modules - Full ES modules with
.jsextensions in imports - Comprehensive error handling - Custom error types for different failure modes
- Structured logging - Uses Pino logger with configurable levels
- Unit tests -
tests/unit/with extensive mocking and 95% coverage requirement - Integration tests -
tests/integration/for tool registration and API interactions - E2E tests -
tests/e2e/for full MCP protocol testing - Test utilities -
tests/helpers/test-utils.tsprovides common mocking helpers
- Environment-based configuration via
.envfile - JSON schema validation in
config/schema.json - Support for both Bearer token and OAuth2 authentication
- OAuth2 scope configuration via
PRODUCTBOARD_OAUTH_SCOPESenvironment variable - Configurable rate limiting, caching, and logging levels
- All imports use
.jsextensions even for TypeScript files (ESM requirement) - Tools are filtered by user permissions - some may not be available with limited access
- The server validates Productboard API connection and credentials on startup
- Rate limiting prevents API abuse with configurable per-tool limits
- Caching improves performance for read operations
- OAuth2 tokens are automatically refreshed when expired
Tools are registered based on OAuth2 scopes requested during authorization:
- Configure scopes in
.env:PRODUCTBOARD_OAUTH_SCOPES=users:read product_hierarchy_data:read notes:create - Run OAuth2 setup:
npm run oauth2:setup - Server registers tools matching available permissions
- See oauth2-config.yml for complete scope definitions and role descriptions
Important: Scopes must match between your Productboard OAuth2 application and your .env configuration.