84 lines
2.8 KiB
TypeScript
84 lines
2.8 KiB
TypeScript
/**
|
|
* Starts the official Notion MCP server as a Streamable-HTTP sidecar for
|
|
* the triage agent (see `runtime.ts`). Run with `pnpm notion-mcp`.
|
|
*
|
|
* Why a launcher instead of a raw npm script: the Notion server takes its
|
|
* Notion integration secret via the `NOTION_TOKEN` env var and its HTTP
|
|
* transport bearer via `AUTH_TOKEN` (or `--auth-token`). We keep the
|
|
* example's env in a single `.env` (`NOTION_TOKEN` + `NOTION_MCP_AUTH_TOKEN`)
|
|
* and map it here, so this works identically on Windows/macOS/Linux without
|
|
* shell-specific env interpolation.
|
|
*/
|
|
import "dotenv/config";
|
|
import { spawn } from "node:child_process";
|
|
|
|
const authToken = process.env["NOTION_MCP_AUTH_TOKEN"];
|
|
const notionToken = process.env["NOTION_TOKEN"];
|
|
|
|
if (!authToken) {
|
|
console.error(
|
|
"[notion-mcp] NOTION_MCP_AUTH_TOKEN is required — it's the bearer the " +
|
|
"agent uses to reach this sidecar. Set it in .env (any strong string).",
|
|
);
|
|
process.exit(1);
|
|
}
|
|
if (!notionToken) {
|
|
console.error(
|
|
"[notion-mcp] NOTION_TOKEN is required — the Notion integration secret " +
|
|
"(ntn_...). Create one at notion.so → Settings → Connections.",
|
|
);
|
|
process.exit(1);
|
|
}
|
|
|
|
// Port the sidecar listens on. Must agree with NOTION_MCP_URL in runtime.ts
|
|
// (default http://127.0.0.1:3001/mcp).
|
|
const port = process.env["NOTION_MCP_PORT"] ?? "3001";
|
|
|
|
// Notion's REST API requires a `Notion-Version` header. Authenticate via
|
|
// OPENAPI_MCP_HEADERS (carrying BOTH Authorization and Notion-Version) rather
|
|
// than NOTION_TOKEN: when NOTION_TOKEN is set the server builds its own auth
|
|
// header and omits the version, so the API rejects every call with
|
|
// 400 `missing_version`. We deliberately do NOT pass NOTION_TOKEN below.
|
|
const notionVersion = process.env["NOTION_VERSION"] ?? "2022-06-28";
|
|
const openApiHeaders = JSON.stringify({
|
|
Authorization: `Bearer ${notionToken}`,
|
|
"Notion-Version": notionVersion,
|
|
});
|
|
|
|
// OPENAPI_MCP_HEADERS is the sole Notion auth source. NOTION_TOKEN must be
|
|
// absent from the child env (dotenv loaded it into process.env, so delete it
|
|
// after the spread) — if present, the server ignores OPENAPI_MCP_HEADERS and
|
|
// drops the Notion-Version header.
|
|
const childEnv = {
|
|
...process.env,
|
|
OPENAPI_MCP_HEADERS: openApiHeaders,
|
|
AUTH_TOKEN: authToken,
|
|
};
|
|
delete childEnv["NOTION_TOKEN"];
|
|
|
|
const child = spawn(
|
|
"npx",
|
|
[
|
|
"-y",
|
|
"@notionhq/notion-mcp-server",
|
|
"--transport",
|
|
"http",
|
|
"--port",
|
|
port,
|
|
"--auth-token",
|
|
authToken,
|
|
],
|
|
{
|
|
stdio: "inherit",
|
|
// shell:true so Windows resolves `npx` -> `npx.cmd`. Node refuses to
|
|
// spawn `.cmd`/`.bat` directly without a shell (CVE-2024-27980), which
|
|
// otherwise fails with `spawn EINVAL`.
|
|
shell: true,
|
|
env: childEnv,
|
|
},
|
|
);
|
|
|
|
child.on("exit", (code) => process.exit(code ?? 0));
|
|
process.on("SIGINT", () => child.kill("SIGINT"));
|
|
process.on("SIGTERM", () => child.kill("SIGTERM"));
|