/**
 * Curogram patient-messaging channel.
 *
 * v1 (messaging scope): served as Streamable HTTP from a single VM-hosted
 * bun process (port 18817, fronted by Tailscale funnel at /curogram).
 * Clients connect over HTTP with a bearer token instead of spawning a
 * local subprocess. The same per-host renderer fills in the bearer at
 * render time from the host's gitignored .env file; tests substitute a
 * redacted placeholder so goldens stay reproducible.
 *
 * Server-side auth: the supervisor process reads CUROGRAM_AGENT_USERNAME /
 * CUROGRAM_AGENT_PASSWORD from its own gitignored env file (NOT the
 * rendered .mcp.json) and logs in to Curogram to mint a cookie/XSRF
 * session. Those creds are never embedded in the client config -- only
 * MCP_BEARER_TOKEN is, exactly like the rippling channel.
 */

import type { ChannelDef } from "../types.ts";

export const curogram: ChannelDef = {
  name: "curogram",
  defaultLaunchStyle: "http",
  toolDirRel: "tools/curogram-mcp",
  entryFile: "server.ts",
  // See advancedmd.ts for rationale -- hard-coded claude-cloud URL so every
  // consuming host reaches the real server, not its own tailnet.
  httpUrl: () => "https://claude-cloud.tail053faf.ts.net/curogram/mcp",
  httpBearerEnvKey: "MCP_BEARER_TOKEN",
  env: [
    // Client-side env: the bearer token used to populate the
    // Authorization header at render time. Not embedded in the launched
    // process env -- it lives in the rendered headers block instead.
    { key: "MCP_BEARER_TOKEN", kind: "secret", required: true },
  ],
};
