feat: Update MCP integration to use passkey system instead of sessionId

CLAUDE_INTEGRATION_GUIDE.md

@@ -0,0 +1,362 @@
+# Claude Desktop Integration Guide - Passkey System
+
+## Overview
+Claude Desktop can now generate content and upload files directly to your ReubenOS on Hugging Face using the **passkey system** for secure storage!
+
+## 🔐 How It Works
+
+### **Two Storage Options:**
+
+1. **🔐 Secure Data (with Passkey)**
+   - Files are private and isolated by passkey
+   - Each passkey creates a separate secure folder
+   - Perfect for personal documents, code, quizzes
+
+2. **📢 Public Files**
+   - Files are publicly accessible to everyone
+   - No passkey required
+   - Great for sharing content
+
+## 🚀 Available MCP Tools
+
+### 1. **save_file**
+Save any file to ReubenOS (code, documents, data, etc.)
+
+**Examples:**
+
+```javascript
+// Save a Flutter app (secure)
+{
+  "fileName": "main.dart",
+  "content": "import 'package:flutter/material.dart'...",
+  "passkey": "my-secret-key"
+}
+
+// Save a public document
+{
+  "fileName": "tutorial.md",
+  "content": "# Flutter Tutorial\n...",
+  "isPublic": true
+}
+
+// Save a LaTeX document
+{
+  "fileName": "report.tex",
+  "content": "\\documentclass{article}...",
+  "passkey": "my-secret-key"
+}
+```
+
+### 2. **list_files**
+List all files in your storage
+
+**Examples:**
+
+```javascript
+// List your secure files
+{
+  "passkey": "my-secret-key"
+}
+
+// List public files
+{
+  "isPublic": true
+}
+```
+
+### 3. **delete_file**
+Delete a specific file
+
+**Examples:**
+
+```javascript
+// Delete from secure storage
+{
+  "fileName": "old_file.dart",
+  "passkey": "my-secret-key"
+}
+
+// Delete from public folder
+{
+  "fileName": "old_doc.md",
+  "isPublic": true
+}
+```
+
+### 4. **deploy_quiz**
+Deploy an interactive quiz to ReubenOS
+
+**Example:**
+
+```javascript
+{
+  "passkey": "my-secret-key",
+  "quizData": {
+    "title": "Flutter Basics Quiz",
+    "description": "Test your Flutter knowledge",
+    "timeLimit": 15,
+    "questions": [
+      {
+        "id": "q1",
+        "question": "What is a StatelessWidget?",
+        "type": "multiple-choice",
+        "options": [
+          "A widget that never changes",
+          "A widget with state",
+          "A button widget",
+          "A layout widget"
+        ],
+        "correctAnswer": 0,
+        "explanation": "StatelessWidget is immutable",
+        "points": 1
+      },
+      {
+        "id": "q2",
+        "question": "Flutter uses Dart language",
+        "type": "true-false",
+        "correctAnswer": true,
+        "points": 1
+      }
+    ]
+  }
+}
+```
+
+## 💬 How Claude Can Use This
+
+### **Conversation Examples:**
+
+**User:** "Create a Flutter counter app and save it to my ReubenOS"
+
+**Claude Response:**
+✅ I'll create a Flutter counter app and save it using your passkey.
+
+```dart
+import 'package:flutter/material.dart';
+
+void main() => runApp(CounterApp());
+
+class CounterApp extends StatefulWidget {
+  @override
+  _CounterAppState createState() => _CounterAppState();
+}
+
+class _CounterAppState extends State<CounterApp> {
+  int _counter = 0;
+
+  void _incrementCounter() {
+    setState(() {
+      _counter++;
+    });
+  }
+
+  @override
+  Widget build(BuildContext context) {
+    return MaterialApp(...);
+  }
+}
+```
+
+*[Uses MCP save_file tool]*
+
+✅ File saved successfully!
+📄 File: counter_app.dart
+📍 Location: 🔐 Secure Data (Key: your-passkey)
+
+---
+
+**User:** "Create a quiz about Python and deploy it"
+
+**Claude Response:**
+✅ I'll create a Python quiz and deploy it to your ReubenOS.
+
+*[Uses MCP deploy_quiz tool]*
+
+✅ Quiz deployed successfully!
+📝 Quiz: Python Fundamentals
+📊 Questions: 5
+⏱️ Time Limit: 10 min
+🎯 Total Points: 5
+📍 Location: 🔐 Secure (Key: your-passkey)
+
+🚀 Quiz is now available in Reuben OS Quiz App!
+
+---
+
+**User:** "Save this tutorial as a public file so others can see it"
+
+**Claude Response:**
+✅ I'll save this tutorial to the public folder.
+
+*[Uses MCP save_file with isPublic=true]*
+
+✅ File saved successfully!
+📄 File: flutter_tutorial.md
+📍 Location: 📢 Public Folder
+🌐 URL: https://mcp-1st-birthday-reuben-os.hf.space/data/public/flutter_tutorial.md
+
+## 🔑 Passkey Best Practices
+
+1. **Choose a Memorable Passkey**
+   - Use alphanumeric characters, hyphens, or underscores
+   - Minimum 4 characters
+   - Example: `my-flutter-projects`, `john-doe-123`
+
+2. **Organize by Project**
+   - Use different passkeys for different projects
+   - Example: `flutter-apps`, `latex-docs`, `quiz-bank`
+
+3. **Public vs Private**
+   - Use **public** for tutorials, examples, shared content
+   - Use **passkey** for personal work, drafts, private quizzes
+
+## 📂 Accessing Files in ReubenOS
+
+### **Via Web Interface:**
+
+1. Open https://mcp-1st-birthday-reuben-os.hf.space
+2. Click "File Manager" in the dock
+3. For **Secure Data**:
+   - Click "Secure Data" in sidebar
+   - Enter your passkey
+   - Your files appear!
+4. For **Public Files**:
+   - Click "Public Files" in sidebar
+   - All public files are visible
+
+### **Via Claude Desktop:**
+
+Use the `list_files` tool to see what's stored:
+
+```javascript
+// Your secure files
+{ "passkey": "your-passkey" }
+
+// Public files
+{ "isPublic": true }
+```
+
+## 🎯 Common Use Cases
+
+### **1. Flutter Development**
+```javascript
+// Save main.dart
+save_file({
+  fileName: "main.dart",
+  content: "...",
+  passkey: "flutter-project-1"
+})
+
+// Save widget file
+save_file({
+  fileName: "custom_widget.dart",
+  content: "...",
+  passkey: "flutter-project-1"
+})
+```
+
+### **2. LaTeX Documents**
+```javascript
+save_file({
+  fileName: "thesis.tex",
+  content: "\\documentclass{article}...",
+  passkey: "academic-work"
+})
+```
+
+### **3. Quiz Creation**
+```javascript
+deploy_quiz({
+  passkey: "teaching-materials",
+  quizData: {
+    title: "Week 1 Quiz",
+    questions: [...]
+  }
+})
+```
+
+### **4. Public Tutorials**
+```javascript
+save_file({
+  fileName: "react-guide.md",
+  content: "# React Guide...",
+  isPublic: true
+})
+```
+
+## 🔄 Workflow Example
+
+**Scenario:** Create a complete Flutter project
+
+1. **Claude creates main.dart:**
+   ```javascript
+   save_file({
+     fileName: "main.dart",
+     content: "...",
+     passkey: "my-flutter-app"
+   })
+   ```
+
+2. **Claude creates README:**
+   ```javascript
+   save_file({
+     fileName: "README.md",
+     content: "# My Flutter App...",
+     passkey: "my-flutter-app"
+   })
+   ```
+
+3. **Claude creates a quiz for testing:**
+   ```javascript
+   deploy_quiz({
+     passkey: "my-flutter-app",
+     quizData: {
+       title: "Flutter App Quiz",
+       questions: [...]
+     }
+   })
+   ```
+
+4. **User opens ReubenOS:**
+   - Opens File Manager → Secure Data
+   - Enters passkey: `my-flutter-app`
+   - Sees all 3 files!
+   - Opens Quiz App to take the quiz
+
+## 🌐 Direct URLs
+
+Files are accessible via:
+- **Public:** `https://mcp-1st-birthday-reuben-os.hf.space/data/public/{filename}`
+- **Secure:** Requires passkey authentication through the web interface
+
+## ⚙️ Configuration
+
+The MCP server is configured in:
+`~/Library/Application Support/Claude/claude_desktop_config.json`
+
+```json
+{
+  "mcpServers": {
+    "reubenos": {
+      "command": "node",
+      "args": ["/path/to/mcp-server.js"],
+      "env": {
+        "REUBENOS_URL": "https://mcp-1st-birthday-reuben-os.hf.space"
+      }
+    }
+  }
+}
+```
+
+## 🎉 Summary
+
+Claude can now:
+- ✅ Generate Flutter/Dart code and save it
+- ✅ Create LaTeX documents
+- ✅ Deploy interactive quizzes
+- ✅ Save any text-based files
+- ✅ Use passkeys for private storage
+- ✅ Share files publicly
+- ✅ List and manage files
+
+All files are **accessible immediately** in your ReubenOS web interface on Hugging Face! 🚀

mcp-server.js

@@ -1,5 +1,5 @@
 #!/usr/bin/env node
-// mcp-server.js - Simplified MCP Server for Reuben OS with Stateless Prefix Strategy
+// mcp-server.js - MCP Server for Reuben OS with Passkey System
 
 import { Server } from '@modelcontextprotocol/sdk/server/index.js';
 import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
@@ -17,8 +17,8 @@ class ReubenOSMCPServer {
     this.server = new Server(
       {
         name: 'reubenos-mcp-server',
-        version: '2.0.0',
-        description: 'Simplified MCP Server for Reuben OS with stateless prefix strategy',
+        version: '3.0.0',
+        description: 'MCP Server for Reuben OS with secure passkey-based file storage',
         icon: '🖥️',
       },
       {
@@ -42,94 +42,110 @@ class ReubenOSMCPServer {
     this.server.setRequestHandler(ListToolsRequestSchema, async () => ({
       tools: [
         {
-          name: 'manage_files',
-          description: 'Manage files in Reuben OS - save Flutter/Dart, LaTeX, text, or any code files. Requires sessionId.',
+          name: 'save_file',
+          description: 'Save a file to Reuben OS. Use your passkey for secure storage or save to public folder.',
           inputSchema: {
             type: 'object',
             properties: {
-              sessionId: {
+              fileName: {
                 type: 'string',
-                description: 'Session ID from Reuben OS (required) - get this from the UI',
+                description: 'File name (e.g., main.dart, document.tex, report.pdf, quiz.json)',
               },
-              action: {
+              content: {
+                type: 'string',
+                description: 'File content to save',
+              },
+              passkey: {
+                type: 'string',
+                description: 'Your passkey for secure storage (min 4 characters). Leave empty to save to public folder.',
+              },
+              isPublic: {
+                type: 'boolean',
+                description: 'Set to true to save to public folder (accessible to everyone). Default: false',
+              },
+            },
+            required: ['fileName', 'content'],
+          },
+        },
+        {
+          name: 'list_files',
+          description: 'List all files in your secure storage or public folder',
+          inputSchema: {
+            type: 'object',
+            properties: {
+              passkey: {
                 type: 'string',
-                enum: ['save', 'retrieve', 'delete', 'clear', 'save_public'],
-                description: 'Action to perform (use save_public to save to public folder)',
+                description: 'Your passkey to list secure files. Leave empty to list public files.',
               },
+              isPublic: {
+                type: 'boolean',
+                description: 'Set to true to list public files. Default: false',
+              },
+            },
+          },
+        },
+        {
+          name: 'delete_file',
+          description: 'Delete a specific file from your storage',
+          inputSchema: {
+            type: 'object',
+            properties: {
               fileName: {
                 type: 'string',
-                description: 'File name (required for save/delete). Examples: main.dart, document.tex, script.js',
+                description: 'Name of the file to delete',
               },
-              content: {
+              passkey: {
                 type: 'string',
-                description: 'File content (required for save action)',
+                description: 'Your passkey (required for secure files)',
+              },
+              isPublic: {
+                type: 'boolean',
+                description: 'Set to true if deleting from public folder. Default: false',
               },
             },
-            required: ['sessionId', 'action'],
+            required: ['fileName'],
           },
         },
         {
           name: 'deploy_quiz',
-          description: 'Deploy an interactive quiz to Reuben OS. The quiz will be shown in the Quiz App.',
+          description: 'Deploy an interactive quiz to Reuben OS Quiz App',
           inputSchema: {
             type: 'object',
             properties: {
-              sessionId: {
+              passkey: {
                 type: 'string',
-                description: 'Session ID from Reuben OS (required) - get this from the UI',
+                description: 'Your passkey for secure quiz storage',
+              },
+              isPublic: {
+                type: 'boolean',
+                description: 'Make quiz public (default: false)',
               },
               quizData: {
                 type: 'object',
-                description: 'Quiz data object',
+                description: 'Quiz configuration',
                 properties: {
-                  title: {
-                    type: 'string',
-                    description: 'Quiz title',
-                  },
-                  description: {
-                    type: 'string',
-                    description: 'Quiz description',
-                  },
-                  timeLimit: {
-                    type: 'number',
-                    description: 'Time limit in minutes (optional)',
-                  },
+                  title: { type: 'string', description: 'Quiz title' },
+                  description: { type: 'string', description: 'Quiz description' },
+                  timeLimit: { type: 'number', description: 'Time limit in minutes (optional)' },
                   questions: {
                     type: 'array',
-                    description: 'Array of quiz questions',
+                    description: 'Array of questions',
                     items: {
                       type: 'object',
                       properties: {
-                        id: {
-                          type: 'string',
-                          description: 'Unique question ID',
-                        },
-                        question: {
-                          type: 'string',
-                          description: 'The question text',
-                        },
+                        id: { type: 'string' },
+                        question: { type: 'string' },
                         type: {
                           type: 'string',
-                          enum: ['multiple-choice', 'true-false', 'short-answer'],
-                          description: 'Question type',
+                          enum: ['multiple-choice', 'true-false', 'short-answer']
                         },
                         options: {
                           type: 'array',
-                          description: 'Answer options (for multiple-choice)',
-                          items: { type: 'string' },
-                        },
-                        correctAnswer: {
-                          type: ['string', 'number', 'boolean'],
-                          description: 'Correct answer or index',
-                        },
-                        explanation: {
-                          type: 'string',
-                          description: 'Explanation (optional)',
-                        },
-                        points: {
-                          type: 'number',
-                          description: 'Points (default: 1)',
+                          items: { type: 'string' }
                         },
+                        correctAnswer: { type: ['string', 'number', 'boolean'] },
+                        explanation: { type: 'string' },
+                        points: { type: 'number' },
                       },
                       required: ['id', 'question', 'type', 'correctAnswer'],
                     },
@@ -138,7 +154,7 @@ class ReubenOSMCPServer {
                 required: ['title', 'questions'],
               },
             },
-            required: ['sessionId', 'quizData'],
+            required: ['quizData'],
           },
         },
       ],
@@ -149,8 +165,12 @@ class ReubenOSMCPServer {
 
       try {
         switch (name) {
-          case 'manage_files':
-            return await this.manageFiles(args);
+          case 'save_file':
+            return await this.saveFile(args);
+          case 'list_files':
+            return await this.listFiles(args);
+          case 'delete_file':
+            return await this.deleteFile(args);
           case 'deploy_quiz':
             return await this.deployQuiz(args);
           default:
@@ -169,262 +189,215 @@ class ReubenOSMCPServer {
     });
   }
 
-  async manageFiles(args) {
+  async saveFile(args) {
     try {
-      // Validate inputs based on action
-      if (args.action === 'save' && (!args.fileName || args.content === undefined)) {
+      const { fileName, content, passkey, isPublic = false } = args;
+
+      if (!fileName || content === undefined) {
+        return {
+          content: [{ type: 'text', text: '❌ fileName and content are required' }],
+        };
+      }
+
+      if (!isPublic && !passkey) {
+        return {
+          content: [{ type: 'text', text: '❌ Passkey is required for secure storage (or set isPublic=true)' }],
+        };
+      }
+
+      const response = await fetch(API_ENDPOINT, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({
+          passkey,
+          action: 'save_file',
+          fileName,
+          content,
+          isPublic,
+        }),
+      });
+
+      const data = await response.json();
+
+      if (response.ok && data.success) {
+        const location = isPublic ? '📢 Public Folder' : `🔐 Secure Data (Key: ${passkey})`;
+        const url = data.url ? `\n🌐 URL: ${data.url}` : '';
+
         return {
           content: [
             {
               type: 'text',
-              text: '❌ Save action requires fileName and content',
+              text: `✅ File saved successfully!\n\n📄 File: ${fileName}\n📍 Location: ${location}${url}\n\n✨ File is now available in Reuben OS!`,
             },
           ],
         };
+      } else {
+        return {
+          content: [{ type: 'text', text: `❌ Failed to save: ${data.error || 'Unknown error'}` }],
+        };
+      }
+    } catch (error) {
+      return {
+        content: [{ type: 'text', text: `❌ Error: ${error.message}` }],
+      };
+    }
+  }
+
+  async listFiles(args) {
+    try {
+      const { passkey, isPublic = false } = args;
+
+      if (!isPublic && !passkey) {
+        return {
+          content: [{ type: 'text', text: '❌ Passkey is required (or set isPublic=true)' }],
+        };
       }
 
-      if (args.action === 'delete' && !args.fileName) {
+      const url = new URL(API_ENDPOINT);
+      if (passkey) url.searchParams.set('passkey', passkey);
+      if (isPublic) url.searchParams.set('isPublic', 'true');
+
+      const response = await fetch(url, {
+        method: 'GET',
+        headers: { 'Content-Type': 'application/json' },
+      });
+
+      const data = await response.json();
+
+      if (response.ok && data.success) {
+        if (data.files.length === 0) {
+          return {
+            content: [{ type: 'text', text: `📁 No files found in ${data.location}` }],
+          };
+        }
+
+        const fileList = data.files
+          .map(f => `📄 ${f.name} (${(f.size / 1024).toFixed(2)} KB)${f.isQuiz ? ' [QUIZ]' : ''}`)
+          .join('\n');
+
         return {
           content: [
             {
               type: 'text',
-              text: '❌ Delete action requires fileName',
+              text: `📁 Files in ${data.location}:\n\n${fileList}\n\nTotal: ${data.count} file(s)`,
             },
           ],
         };
+      } else {
+        return {
+          content: [{ type: 'text', text: `❌ Failed: ${data.error || 'Unknown error'}` }],
+        };
       }
+    } catch (error) {
+      return {
+        content: [{ type: 'text', text: `❌ Error: ${error.message}` }],
+      };
+    }
+  }
 
-      // Handle different actions
-      switch (args.action) {
-        case 'save':
-        case 'save_public': {
-          const response = await fetch(API_ENDPOINT, {
-            method: 'POST',
-            headers: { 'Content-Type': 'application/json' },
-            body: JSON.stringify({
-              sessionId: args.sessionId,
-              action: args.action === 'save_public' ? 'save_public' : 'save_file',
-              fileName: args.fileName,
-              content: args.content,
-            }),
-          });
-
-          const data = await response.json();
-
-          if (response.ok && data.success) {
-            const location = args.action === 'save_public' ? '📢 Public Folder' : `🔑 Session: ${args.sessionId}`;
-            return {
-              content: [
-                {
-                  type: 'text',
-                  text: `✅ File saved successfully!\n\n📄 File: ${args.fileName}\n${location}\n\n✨ File is now available in Reuben OS${args.action === 'save_public' ? ' (publicly accessible)' : ''}`,
-                },
-              ],
-            };
-          } else {
-            return {
-              content: [
-                {
-                  type: 'text',
-                  text: `❌ Failed to save file: ${data.error || 'Unknown error'}`,
-                },
-              ],
-            };
-          }
-        }
-
-        case 'retrieve': {
-          const response = await fetch(`${API_ENDPOINT}?sessionId=${args.sessionId}`, {
-            method: 'GET',
-            headers: { 'Content-Type': 'application/json' },
-          });
-
-          const data = await response.json();
+  async deleteFile(args) {
+    try {
+      const { fileName, passkey, isPublic = false } = args;
 
-          if (response.ok && data.success) {
-            const fileList = data.files
-              .map(f => `📄 ${f.name} (${(f.size / 1024).toFixed(2)} KB)${f.isQuiz ? ' [QUIZ]' : ''}`)
-              .join('\n');
+      if (!fileName) {
+        return {
+          content: [{ type: 'text', text: '❌ fileName is required' }],
+        };
+      }
 
-            return {
-              content: [
-                {
-                  type: 'text',
-                  text: `📁 Files for session ${args.sessionId}:\n\n${fileList || 'No files found'}\n\nTotal: ${data.count} file(s)`,
-                },
-              ],
-            };
-          } else {
-            return {
-              content: [
-                {
-                  type: 'text',
-                  text: `❌ Failed to retrieve files: ${data.error || 'Unknown error'}`,
-                },
-              ],
-            };
-          }
-        }
+      if (!isPublic && !passkey) {
+        return {
+          content: [{ type: 'text', text: '❌ Passkey is required (or set isPublic=true)' }],
+        };
+      }
 
-        case 'delete': {
-          const response = await fetch(API_ENDPOINT, {
-            method: 'POST',
-            headers: { 'Content-Type': 'application/json' },
-            body: JSON.stringify({
-              sessionId: args.sessionId,
-              action: 'delete_file',
-              fileName: args.fileName,
-              content: '',
-            }),
-          });
-
-          const data = await response.json();
-
-          if (response.ok && data.success) {
-            return {
-              content: [
-                {
-                  type: 'text',
-                  text: `✅ File '${args.fileName}' deleted successfully from session ${args.sessionId}`,
-                },
-              ],
-            };
-          } else {
-            return {
-              content: [
-                {
-                  type: 'text',
-                  text: `❌ Failed to delete file: ${data.error || 'File not found'}`,
-                },
-              ],
-            };
-          }
-        }
+      const response = await fetch(API_ENDPOINT, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({
+          passkey,
+          action: 'delete_file',
+          fileName,
+          isPublic,
+          content: '', // Required by API but not used
+        }),
+      });
 
-        case 'clear': {
-          const response = await fetch(API_ENDPOINT, {
-            method: 'POST',
-            headers: { 'Content-Type': 'application/json' },
-            body: JSON.stringify({
-              sessionId: args.sessionId,
-              action: 'clear_session',
-              fileName: '',
-              content: '',
-            }),
-          });
-
-          const data = await response.json();
-
-          if (response.ok && data.success) {
-            return {
-              content: [
-                {
-                  type: 'text',
-                  text: `✅ All files cleared for session ${args.sessionId}\n\n🗑️ Deleted ${data.deletedCount || 0} file(s)`,
-                },
-              ],
-            };
-          } else {
-            return {
-              content: [
-                {
-                  type: 'text',
-                  text: `❌ Failed to clear session: ${data.error || 'Unknown error'}`,
-                },
-              ],
-            };
-          }
-        }
+      const data = await response.json();
 
-        default:
-          return {
-            content: [
-              {
-                type: 'text',
-                text: `❌ Unknown action: ${args.action}`,
-              },
-            ],
-          };
+      if (response.ok && data.success) {
+        return {
+          content: [{ type: 'text', text: `✅ File '${fileName}' deleted successfully` }],
+        };
+      } else {
+        return {
+          content: [{ type: 'text', text: `❌ Failed: ${data.error || 'File not found'}` }],
+        };
       }
     } catch (error) {
-      console.error('manage_files error:', error);
       return {
-        content: [
-          {
-            type: 'text',
-            text: `❌ Error: ${error.message}`,
-          },
-        ],
+        content: [{ type: 'text', text: `❌ Error: ${error.message}` }],
       };
     }
   }
 
   async deployQuiz(args) {
     try {
-      // Validate quiz data
-      if (!args.quizData.questions || args.quizData.questions.length === 0) {
+      const { quizData, passkey, isPublic = false } = args;
+
+      if (!quizData || !quizData.questions || quizData.questions.length === 0) {
         return {
-          content: [
-            {
-              type: 'text',
-              text: '❌ Quiz must have at least one question',
-            },
-          ],
+          content: [{ type: 'text', text: '❌ Quiz must have at least one question' }],
+        };
+      }
+
+      if (!isPublic && !passkey) {
+        return {
+          content: [{ type: 'text', text: '❌ Passkey is required (or set isPublic=true)' }],
         };
       }
 
-      // Add metadata to quiz
       const fullQuizData = {
-        ...args.quizData,
+        ...quizData,
         createdAt: new Date().toISOString(),
-        sessionId: args.sessionId,
+        passkey: passkey || 'public',
         version: '1.0',
       };
 
-      // Save quiz as quiz.json
       const response = await fetch(API_ENDPOINT, {
         method: 'POST',
         headers: { 'Content-Type': 'application/json' },
         body: JSON.stringify({
-          sessionId: args.sessionId,
+          passkey,
           action: 'deploy_quiz',
           fileName: 'quiz.json',
           content: JSON.stringify(fullQuizData, null, 2),
+          isPublic,
         }),
       });
 
       const data = await response.json();
 
       if (response.ok && data.success) {
-        const totalPoints = args.quizData.questions.reduce((sum, q) => sum + (q.points || 1), 0);
+        const totalPoints = quizData.questions.reduce((sum, q) => sum + (q.points || 1), 0);
+        const location = isPublic ? '📢 Public' : `🔐 Secure (Key: ${passkey})`;
 
         return {
           content: [
             {
               type: 'text',
-              text: `✅ Quiz deployed successfully!\n\n📝 Quiz: ${args.quizData.title}\n📊 Questions: ${args.quizData.questions.length}\n⏱️ Time Limit: ${args.quizData.timeLimit || 'No limit'} minutes\n🎯 Total Points: ${totalPoints}\n🔑 Session: ${args.sessionId}\n\n🚀 The quiz is now available in Reuben OS Quiz App!`,
+              text: `✅ Quiz deployed successfully!\n\n📝 Quiz: ${quizData.title}\n📊 Questions: ${quizData.questions.length}\n⏱️ Time Limit: ${quizData.timeLimit || 'No limit'} min\n🎯 Total Points: ${totalPoints}\n📍 Location: ${location}\n\n🚀 Quiz is now available in Reuben OS Quiz App!`,
             },
           ],
         };
       } else {
         return {
-          content: [
-            {
-              type: 'text',
-              text: `❌ Failed to deploy quiz: ${data.error || 'Unknown error'}`,
-            },
-          ],
+          content: [{ type: 'text', text: `❌ Failed: ${data.error || 'Unknown error'}` }],
         };
       }
     } catch (error) {
-      console.error('deploy_quiz error:', error);
       return {
-        content: [
-          {
-            type: 'text',
-            text: `❌ Error deploying quiz: ${error.message}`,
-          },
-        ],
+        content: [{ type: 'text', text: `❌ Error: ${error.message}` }],
       };
     }
   }
@@ -432,7 +405,7 @@ class ReubenOSMCPServer {
   async run() {
     const transport = new StdioServerTransport();
     await this.server.connect(transport);
-    console.error('ReubenOS MCP Server running...');
+    console.error('ReubenOS MCP Server running with passkey authentication...');
   }
 }
 

pages/api/mcp-handler.js

@@ -1,29 +1,25 @@
-// pages/api/mcp-handler.js
-import fs from 'fs/promises';
+// pages/api/mcp-handler.js - Updated for Passkey System
+import fs from 'fs/promises'
+import fssync from 'fs';
 import path from 'path';
 
+// Use /data for Hugging Face Spaces persistent storage
+const DATA_DIR = process.env.SPACE_ID ? '/data' : path.join(process.cwd(), 'public', 'data');
+const PUBLIC_DIR = path.join(DATA_DIR, 'public');
+
 // Ensure directories exist
 async function ensureDirectories() {
-  // Ensure /tmp directory exists
-  const tmpPath = '/tmp';
-  try {
-    await fs.access(tmpPath);
-  } catch {
-    await fs.mkdir(tmpPath, { recursive: true });
+  if (!fssync.existsSync(DATA_DIR)) {
+    await fs.mkdir(DATA_DIR, { recursive: true });
   }
-
-  // Ensure public uploads directory exists
-  const publicPath = path.join(process.cwd(), 'public', 'uploads');
-  try {
-    await fs.access(publicPath);
-  } catch {
-    await fs.mkdir(publicPath, { recursive: true });
+  if (!fssync.existsSync(PUBLIC_DIR)) {
+    await fs.mkdir(PUBLIC_DIR, { recursive: true });
   }
 }
 
-// Validate session ID format (alphanumeric and underscores only)
-function isValidSessionId(sessionId) {
-  return sessionId && /^[a-zA-Z0-9_-]+$/.test(sessionId);
+// Validate passkey format (alphanumeric and hyphens/underscores only)
+function isValidPasskey(passkey) {
+  return passkey && /^[a-zA-Z0-9_-]+$/.test(passkey) && passkey.length >= 4;
 }
 
 // Sanitize filename to prevent path traversal
@@ -31,8 +27,13 @@ function sanitizeFileName(fileName) {
   return fileName.replace(/[^a-zA-Z0-9._-]/g, '_');
 }
 
+// Sanitize passkey (used for directory names)
+function sanitizePasskey(passkey) {
+  return passkey.replace(/[^a-zA-Z0-9_-]/g, '');
+}
+
 export default async function handler(req, res) {
-  // Enable CORS for all origins (adjust as needed for production)
+  // Enable CORS
   res.setHeader('Access-Control-Allow-Origin', '*');
   res.setHeader('Access-Control-Allow-Methods', 'GET, POST, OPTIONS');
   res.setHeader('Access-Control-Allow-Headers', 'Content-Type');
@@ -45,14 +46,13 @@ export default async function handler(req, res) {
     await ensureDirectories();
 
     if (req.method === 'POST') {
-      // Handle file save/quiz deployment
-      const { sessionId, action, fileName, content } = req.body;
+      const { passkey, action, fileName, content, isPublic = false } = req.body;
 
-      // Validate session ID
-      if (!isValidSessionId(sessionId)) {
+      // Public files don't need passkey
+      if (!isPublic && !isValidPasskey(passkey)) {
         return res.status(400).json({
           success: false,
-          error: 'Invalid or missing sessionId'
+          error: 'Invalid or missing passkey (minimum 4 characters required)'
         });
       }
 
@@ -67,51 +67,56 @@ export default async function handler(req, res) {
       const sanitizedFileName = sanitizeFileName(fileName);
 
       try {
+        let targetDir;
+        let responseData = {};
+
+        if (isPublic) {
+          targetDir = PUBLIC_DIR;
+          responseData.isPublic = true;
+          responseData.location = 'Public Files';
+        } else {
+          const sanitizedKey = sanitizePasskey(passkey);
+          targetDir = path.join(DATA_DIR, sanitizedKey);
+
+          if (!fssync.existsSync(targetDir)) {
+            await fs.mkdir(targetDir, { recursive: true });
+          }
+
+          responseData.passkey = sanitizedKey;
+          responseData.location = 'Secure Data';
+        }
+
         // Handle different actions
         switch (action) {
           case 'save_file':
-          case 'deploy_quiz': {
-            // Save to /tmp with session prefix
-            const prefixedFileName = `${sessionId}_${sanitizedFileName}`;
-            const filePath = path.join('/tmp', prefixedFileName);
-
+          case 'deploy_quiz':
+          case 'save': {
+            const filePath = path.join(targetDir, sanitizedFileName);
             await fs.writeFile(filePath, content, 'utf8');
 
             return res.status(200).json({
               success: true,
-              message: `File saved successfully`,
-              fileName: sanitizedFileName,
-              prefixedFileName: prefixedFileName,
-              action: action
-            });
-          }
-
-          case 'save_public': {
-            // Save to public/uploads without session prefix
-            const publicPath = path.join(process.cwd(), 'public', 'uploads', sanitizedFileName);
-
-            await fs.writeFile(publicPath, content, 'utf8');
-
-            return res.status(200).json({
-              success: true,
-              message: `File saved to public folder`,
+              message: `File saved successfully to ${responseData.location}`,
               fileName: sanitizedFileName,
-              isPublic: true,
-              action: action
+              action: action,
+              ...responseData,
+              url: isPublic
+                ? `${process.env.SPACE_ID ? 'https://mcp-1st-birthday-reuben-os.hf.space' : 'http://localhost:3000'}/data/public/${sanitizedFileName}`
+                : null
             });
           }
 
-          case 'delete_file': {
-            // Delete specific file from /tmp
-            const prefixedFileName = `${sessionId}_${sanitizedFileName}`;
-            const filePath = path.join('/tmp', prefixedFileName);
+          case 'delete_file':
+          case 'delete': {
+            const filePath = path.join(targetDir, sanitizedFileName);
 
             try {
               await fs.unlink(filePath);
               return res.status(200).json({
                 success: true,
                 message: `File deleted successfully`,
-                fileName: sanitizedFileName
+                fileName: sanitizedFileName,
+                ...responseData
               });
             } catch (err) {
               return res.status(404).json({
@@ -122,19 +127,29 @@ export default async function handler(req, res) {
           }
 
           case 'clear_session':
-            // Clear all files for this session
-            const files = await fs.readdir('/tmp');
-            const sessionFiles = files.filter(f => f.startsWith(`${sessionId}_`));
+          case 'clear': {
+            if (isPublic) {
+              return res.status(400).json({
+                success: false,
+                error: 'Cannot clear public folder via this endpoint'
+              });
+            }
 
-            for (const file of sessionFiles) {
-              await fs.unlink(path.join('/tmp', file));
+            const files = await fs.readdir(targetDir);
+            let deletedCount = 0;
+
+            for (const file of files) {
+              await fs.unlink(path.join(targetDir, file));
+              deletedCount++;
             }
 
             return res.status(200).json({
               success: true,
-              message: `Cleared ${sessionFiles.length} files for session`,
-              deletedCount: sessionFiles.length
+              message: `Cleared ${deletedCount} files`,
+              deletedCount,
+              ...responseData
             });
+          }
 
           default:
             return res.status(400).json({
@@ -151,37 +166,51 @@ export default async function handler(req, res) {
       }
 
     } else if (req.method === 'GET') {
-      // Handle file retrieval
-      const { sessionId } = req.query;
+      const { passkey, isPublic } = req.query;
+
+      let targetDir;
+      let responseData = {};
+
+      if (isPublic === 'true') {
+        targetDir = PUBLIC_DIR;
+        responseData.isPublic = true;
+        responseData.location = 'Public Files';
+      } else {
+        if (!isValidPasskey(passkey)) {
+          return res.status(400).json({
+            success: false,
+            error: 'Invalid or missing passkey'
+          });
+        }
 
-      // Validate session ID
-      if (!isValidSessionId(sessionId)) {
-        return res.status(400).json({
-          success: false,
-          error: 'Invalid or missing sessionId'
-        });
+        const sanitizedKey = sanitizePasskey(passkey);
+        targetDir = path.join(DATA_DIR, sanitizedKey);
+
+        if (!fssync.existsSync(targetDir)) {
+          return res.status(200).json({
+            success: true,
+            passkey: sanitizedKey,
+            files: [],
+            count: 0,
+            message: 'No files found for this passkey'
+          });
+        }
+
+        responseData.passkey = sanitizedKey;
+        responseData.location = 'Secure Data';
       }
 
       try {
-        // Read all files from /tmp
-        const allFiles = await fs.readdir('/tmp');
+        const allFiles = await fs.readdir(targetDir);
 
-        // Filter files for this session
-        const sessionPrefix = `${sessionId}_`;
-        const sessionFiles = allFiles.filter(f => f.startsWith(sessionPrefix));
-
-        // Build file list with content
         const fileList = await Promise.all(
-          sessionFiles.map(async (file) => {
-            const filePath = path.join('/tmp', file);
+          allFiles.map(async (file) => {
+            const filePath = path.join(targetDir, file);
             const stats = await fs.stat(filePath);
 
-            // Strip session prefix from filename
-            const cleanFileName = file.substring(sessionPrefix.length);
-
-            // Read file content (with size limit to prevent memory issues)
+            // Read file content (with size limit)
             let content = null;
-            if (stats.size < 1024 * 1024) { // 1MB limit for content retrieval
+            if (stats.size < 1024 * 1024) { // 1MB limit
               try {
                 content = await fs.readFile(filePath, 'utf8');
               } catch (err) {
@@ -190,12 +219,12 @@ export default async function handler(req, res) {
             }
 
             return {
-              name: cleanFileName,
-              prefixedName: file,
+              name: file,
               size: stats.size,
               modified: stats.mtime,
-              isQuiz: cleanFileName === 'quiz.json',
-              content: content
+              isQuiz: file === 'quiz.json',
+              content: content,
+              extension: path.extname(file).substring(1)
             };
           })
         );
@@ -205,9 +234,9 @@ export default async function handler(req, res) {
 
         return res.status(200).json({
           success: true,
-          sessionId: sessionId,
           files: fileList,
-          count: fileList.length
+          count: fileList.length,
+          ...responseData
         });
 
       } catch (error) {