UNPKG

@maheidem/linkedin-mcp

Version:

Comprehensive LinkedIn API MCP server with automatic Claude configuration

690 lines (548 loc) 29.6 kB
# LinkedIn Optimizer MCP - Architecture Documentation > **Version**: 2.0.0 | **Total Lines**: ~400 TypeScript (main server) | **MCP Tools**: 5 Working --- ## Table of Contents 1. [Executive Summary](#1-executive-summary) 2. [Architecture Overview](#2-architecture-overview) 3. [Directory Structure](#3-directory-structure) 4. [MCP Tools Reference](#4-mcp-tools-reference) 5. [Design Patterns](#5-design-patterns) 6. [Security Architecture](#6-security-architecture) 7. [LinkedIn API Integration](#7-linkedin-api-integration) 8. [OAuth 2.0 + PKCE Flow](#8-oauth-20--pkce-flow) 9. [API Version Management](#9-api-version-management) 10. [Rate Limiting & Error Handling](#10-rate-limiting--error-handling) 11. [Testing Coverage](#11-testing-coverage) 12. [Code Quality Metrics](#12-code-quality-metrics) 13. [Gaps & Recommendations](#13-gaps--recommendations) --- ## 1. Executive Summary The **LinkedIn Optimizer MCP** (`@maheidem/linkedin-mcp`) is a production-ready Model Context Protocol server providing comprehensive LinkedIn API integration with Claude Desktop/Code. It features enterprise-grade token security, OAuth 2.0 with PKCE, and a modular architecture. ### Key Strengths | Area | Highlights | |------|------------| | **Security** | AES-256-GCM encryption, PBKDF2 key derivation (100k iterations), automatic token rotation | | **Architecture** | Clean separation of concerns across 7 modules | | **Testing** | 11 test files covering security, auth, API, and storage | | **Documentation** | Comprehensive JSDoc comments, README, CHANGELOG | ### Quality Scores | Category | Score | Assessment | |----------|-------|------------| | Security | 8.5/10 | Strong crypto, minor hardcoding issues | | Code Quality | 7.5/10 | Good architecture, type safety gaps | | Maintainability | 8/10 | Clear structure, good documentation | | Testing | 7/10 | Good unit tests, limited integration | | Documentation | 8/10 | Comprehensive, could add ADRs | **Overall Status**: Production-Ready --- ## 2. Architecture Overview ``` ┌─────────────────────────────────────────────────────┐ │ Claude Desktop/Code (User) │ └────────────────────┬────────────────────────────────┘ │ MCP Protocol (stdio) ┌────────────────────▼────────────────────────────────┐ │ linkedin-complete-mcp.ts (Main MCP Server) │ │ - 13 Tool definitions │ │ - Tool handlers/implementations │ └────────┬──────────────────────────────┬─────────────┘ │ │ ┌────────▼─────────────────┐ ┌────────▼──────────────┐ │ LinkedIn API Client │ │ Token/Security Mgmt │ │ - OAuth 2.0 with PKCE │ │ - Token Lifecycle │ │ - REST API endpoints │ │ - Key Management │ │ - Request handling │ │ - Encryption │ └────────┬─────────────────┘ └────────┬──────────────┘ │ │ ┌────────▼──────────────────────────────▼──────────────┐ │ Secure Storage Layer │ │ - File-based encrypted storage │ │ - Backup & integrity verification │ │ - Location: ~/.linkedin-mcp/tokens/ │ └──────────────────────────────────────────────────────┘ ``` ### Module Relationships ``` ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │ MCP Layer │────▶│ API Layer │────▶│ Auth Layer │ └──────────────┘ └──────────────┘ └──────────────┘ │ │ │ │ │ │ ▼ ▼ ▼ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │ Tools Layer │ │Security Layer│◀───▶│Storage Layer │ └──────────────┘ └──────────────┘ └──────────────┘ ``` --- ## 3. Directory Structure ``` linkedin-optimizer-mcp/ ├── src/ (23 TypeScript files, 11,554 lines) │ │ │ ├── api/ (7 files - LinkedIn API layer) │ │ ├── linkedin-client.ts (834 lines) - Main API client with sub-clients │ │ ├── linkedin-api-v2024.ts (783 lines) - Version-aware API implementation │ │ ├── linkedin-endpoints.ts (437 lines) - High-level endpoint wrappers │ │ ├── version-manager.ts (528 lines) - API version management │ │ ├── legacy-compatibility.ts (346 lines) - Backward compatibility layer │ │ ├── types.ts (101 lines) - Shared type definitions │ │ └── index.ts (114 lines) - Module exports │ │ │ ├── auth/ (1 file - OAuth implementation) │ │ └── pkce-oauth-manager.ts (466 lines) - RFC 7636 PKCE OAuth 2.0 │ │ │ ├── security/ (4 files - Token security) │ │ ├── token-lifecycle-manager.ts (675 lines) - Token lifecycle & rotation │ │ ├── integrated-token-security-manager.ts (705 lines) - Security orchestration │ │ ├── key-manager.ts (615 lines) - Key derivation & rotation │ │ └── secure-token-storage.ts (368 lines) - AES-256-GCM encryption │ │ │ ├── storage/ (2 files - Persistent storage) │ │ ├── file-based-secure-storage.ts (1,316 lines) - Encrypted file storage │ │ └── secure-storage-interface.ts (363 lines) - Storage abstraction │ │ │ ├── tools/ (2 files - Content tools) │ │ ├── generator.ts (120 lines) - Content generation │ │ └── analyzer.ts (299 lines) - Profile analysis │ │ │ ├── types/ (1 file - Type definitions) │ │ └── linkedin.d.ts (52 lines) │ │ │ ├── linkedin-complete-mcp.ts (1,165 lines) - Main MCP server │ ├── index.ts (302 lines) - Profile optimizer server │ ├── cli.ts (366 lines) - CLI installation tool │ ├── linkedin-api-mcp.ts (697 lines) - Alternative API server │ ├── linkedin-basic-mcp.ts (444 lines) - Basic server version │ └── linkedin-working-mcp.ts (458 lines) - Working implementation │ ├── tests/unit/ (11 test files) │ ├── token-lifecycle-manager.test.ts │ ├── key-manager.test.ts │ ├── secure-token-storage.test.ts │ ├── integrated-token-security-manager.test.ts │ ├── pkce-oauth-manager.test.ts │ ├── linkedin-endpoints.test.ts │ ├── version-manager.test.ts │ ├── legacy-compatibility.test.ts │ ├── cursor-pagination.test.ts │ ├── linkedin-api-v2024.test.ts │ └── file-based-secure-storage.test.ts │ ├── examples/ (8 demo files) ├── dist/ (Compiled output) ├── docs/ (Documentation) └── configs/ (Configuration files) ``` --- ## 4. MCP Tools Reference ### Overview The MCP server exposes **5 working tools** across 3 categories: > **Note**: The following endpoints were removed to keep the MCP lean and focused: > - **Read endpoints** (get_user_posts, get_feed, get_post_details, get_post_comments, get_user_activity): Require Marketing Developer Platform access > - **AI content generation** (create_optimized_post, analyze_profile_from_data, generate_optimized_content): Local AI generation is better handled by Claude directly ### 4.1 Authentication Tools | Tool | Description | Parameters | Status | |------|-------------|------------|--------| | `linkedin_get_auth_url` | Generate OAuth 2.0 authorization URL | `state` (optional) | ✅ Working | | `linkedin_exchange_code` | Exchange authorization code for access token | `code` (required) | ✅ Working | ### 4.2 User Profile Tools | Tool | Description | Parameters | Status | |------|-------------|------------|--------| | `linkedin_get_user_info` | Get authenticated user info via OpenID Connect | `accessToken` (required) | ✅ Working | ### 4.3 Post Creation Tools | Tool | Description | Parameters | Status | |------|-------------|------------|--------| | `linkedin_create_post` | Create and publish a LinkedIn post | `accessToken` (required), `text` (required), `visibility` (PUBLIC\|CONNECTIONS) | ✅ Working | | `linkedin_post_profile_update` | Create a post announcing profile updates | `accessToken` (required), `updateType` (new_role\|skill_certification\|achievement\|general_update), `details` (required) | ✅ Working | --- ## 5. Design Patterns ### 5.1 Patterns Implemented | Pattern | Implementation | Files | |---------|----------------|-------| | **Manager/Service** | Core domain abstractions with single responsibility | `TokenLifecycleManager`, `KeyManager`, `IntegratedTokenSecurityManager` | | **Event Emitter** | Async lifecycle event handling | All security managers extend `EventEmitter` | | **Factory** | Client instantiation encapsulation | `LinkedInAPIClient` | | **Adapter** | API version compatibility | `LegacyLinkedInClient` wraps new API | | **Strategy** | Multiple KDF algorithms | `KeyManager.deriveKey()` with PBKDF2/Scrypt/Argon2 | ### 5.2 Event-Driven Architecture The security layer uses an event-driven architecture for token lifecycle management: ```typescript // Token Lifecycle Events (token-lifecycle-manager.ts:15) enum TokenLifecycleEvent { CREATED, // New token issued VALIDATED, // Token verified valid EXPIRED, // Token expiration detected ROTATED, // Token automatically rotated REVOKED, // Token manually revoked RENEWED, // Expiration extended via refresh CLEANUP, // Cleanup operation completed WARNING // Expiration approaching } ``` ### 5.3 Layered Architecture ``` ┌─────────────────────────────────────────────────────────────────┐ │ Presentation Layer (MCP) │ │ linkedin-complete-mcp.ts - Tool definitions & handlers │ ├─────────────────────────────────────────────────────────────────┤ │ Business Logic Layer │ │ tools/generator.ts, tools/analyzer.ts - Content operations │ ├─────────────────────────────────────────────────────────────────┤ │ Service Layer (API + Security) │ │ api/*.ts - LinkedIn API integration │ │ security/*.ts - Token & key management │ ├─────────────────────────────────────────────────────────────────┤ │ Data Access Layer (Storage) │ │ storage/*.ts - Encrypted persistent storage │ └─────────────────────────────────────────────────────────────────┘ ``` --- ## 6. Security Architecture ### 6.1 Security Stack Overview ``` ┌─────────────────────────────────────────┐ │ IntegratedTokenSecurityManager │ │ - Orchestrates all security │ │ - Auto-rotation scheduling │ │ - Integrity verification │ └────────────────┬────────────────────────┘ │ ┌────────────┼────────────┐ │ │ │ ┌───▼────┐ ┌───▼────┐ ┌───▼────┐ │ Token │ │ Key │ │Secure │ │Lifecycle│ │Manager │ │Storage │ │Manager │ │ │ │ │ └───┬────┘ └───┬────┘ └───┬────┘ │ │ │ ┌───▼───────────▼───────────▼────┐ │ File-Based Secure Storage │ │ ~/.linkedin-mcp/tokens/ │ └────────────────────────────────┘ ``` ### 6.2 Encryption Specifications | Aspect | Implementation | Standard | |--------|----------------|----------| | **Encryption Algorithm** | AES-256-GCM | Authenticated encryption | | **Key Derivation** | PBKDF2 | 100,000 iterations | | **Alternative KDFs** | Scrypt, Argon2 | Fallback options | | **IV Length** | 128 bits (16 bytes) | NIST recommended | | **Authentication Tag** | 128 bits (16 bytes) | GCM standard | | **Salt Length** | 256 bits (32 bytes) | Strong entropy | ### 6.3 Token Lifecycle Management | Feature | Configuration | |---------|---------------| | **Auto-rotation (time)** | Every 24 hours | | **Auto-rotation (usage)** | After 1,000 uses | | **Token binding** | Client ID, User ID, Session, IP address | | **Expiration buffer** | 5 minutes before actual expiry | | **Cleanup interval** | Hourly | | **Max token age** | 7 days | | **Revocation list** | In-memory tracking | ### 6.4 Key Management ```typescript // Key Derivation Functions Supported (key-manager.ts) enum KeyDerivationFunction { PBKDF2, // Default - 100,000 iterations with SHA-256 SCRYPT, // Memory-hard function ARGON2 // Fallback to scrypt if unavailable } ``` **Key Features**: - Key versioning for safe rotation - Re-encryption of tokens during key rotation - Secure deletion with 3-pass overwrite - Key status tracking (active/deprecated/revoked) --- ## 7. LinkedIn API Integration ### 7.1 API Endpoints - Authentication | Endpoint | Method | Purpose | |----------|--------|---------| | `/oauth/v2/authorization` | GET | Generate authorization URL with PKCE | | `/oauth/v2/accessToken` | POST | Exchange code for access token | | `/oauth/v2/revoke` | POST | Revoke access token | ### 7.2 API Endpoints - User & Profile | Endpoint | Method | Purpose | File Reference | |----------|--------|---------|----------------| | `/v2/userinfo` | GET | OpenID Connect user info | `linkedin-complete-mcp.ts:534` | | `/rest/me` | GET | Current user profile (v2024) | `linkedin-endpoints.ts:128` | | `/v2/people/~` | GET | Profile by URL name (legacy) | `linkedin-client.ts:346` | | `/rest/connections` | GET | User connections | `linkedin-endpoints.ts:236` | ### 7.3 API Endpoints - Posts & Content | Endpoint | Method | Purpose | File Reference | |----------|--------|---------|----------------| | `/v2/ugcPosts` | POST | Create UGC post | `linkedin-complete-mcp.ts:596` | | `/rest/posts` | POST | Create post (v2024) | `linkedin-endpoints.ts:143` | | `/v2/shares` | GET | Get posts/shares | `linkedin-complete-mcp.ts:768` | | `/v2/shares/{id}` | GET | Get specific post | `linkedin-complete-mcp.ts:858` | | `/rest/images` | POST | Upload images | `linkedin-endpoints.ts:185` | ### 7.4 API Endpoints - Social Actions | Endpoint | Method | Purpose | File Reference | |----------|--------|---------|----------------| | `/v2/socialActions/{urn}/comments` | GET | Get post comments | `linkedin-complete-mcp.ts:908` | | `/v2/socialActions/likes` | POST | Like a post | `linkedin-client.ts:595` | | `/v2/socialActions/comments` | POST | Comment on post | `linkedin-client.ts:609` | | `/v2/socialActions/shares` | POST | Share content | `linkedin-client.ts:626` | ### 7.5 API Endpoints - Organizations | Endpoint | Method | Purpose | |----------|--------|---------| | `/rest/organizationAcls` | GET | Get managed organizations | | `/v2/organizations/{id}` | GET | Get company information | | `/v2/organizationalEntityFollowerStatistics` | GET | Get follower stats | | `/rest/analytics/shares` | GET | Get share analytics | ### 7.6 API Endpoints - Marketing | Endpoint | Method | Purpose | |----------|--------|---------| | `/rest/adCampaigns` | GET/POST/PUT | Campaign management | | `/rest/adAnalytics` | GET | Ad analytics | | `/rest/adTargetingFacets` | GET | Targeting options | ### 7.7 API Client Sub-Clients | Sub-Client | Methods | File Reference | |------------|---------|----------------| | `people` | `getProfile()`, `searchMembers()` | `linkedin-client.ts:343-376` | | `organizations` | `getCompany()`, `getFollowerStats()` | `linkedin-client.ts:378-402` | | `content` | `createPost()`, `getPosts()`, `updatePost()`, `deletePost()` | `linkedin-client.ts:404-589` | | `socialActions` | `like()`, `comment()`, `share()` | `linkedin-client.ts:592-640` | | `marketing` | `createCampaign()`, `getCampaigns()`, `getAnalytics()` | `linkedin-client.ts:642-705` | | `talent` | `postJob()`, `searchJobs()` | `linkedin-client.ts:708-736` | | `learning` | `getCourses()`, `getClassifications()` | `linkedin-client.ts:738-760` | | `messaging` | `sendMessage()`, `getConversations()` | `linkedin-client.ts:762-784` | | `events` | `createEvent()`, `getEvents()` | `linkedin-client.ts:786-808` | --- ## 8. OAuth 2.0 + PKCE Flow ### 8.1 Overview The MCP implements OAuth 2.0 with PKCE (Proof Key for Code Exchange) compliant with: - **RFC 7636** - PKCE for OAuth 2.0 - **RFC 9700** - OAuth 2.0 best practices (January 2025) ### 8.2 Authorization URL Structure ``` https://www.linkedin.com/oauth/v2/authorization ?response_type=code &client_id={clientId} &redirect_uri={redirectUri} &state={32-byte-cryptographically-secure-random} &scope=openid profile email w_member_social &code_challenge={SHA256(code_verifier) base64url-encoded} &code_challenge_method=S256 ``` ### 8.3 Token Exchange ```http POST /oauth/v2/accessToken HTTP/1.1 Host: www.linkedin.com Content-Type: application/x-www-form-urlencoded grant_type=authorization_code &code={authorization-code} &redirect_uri={redirectUri} &client_id={clientId} &code_verifier={original-code-verifier} ``` ### 8.4 Token Response ```typescript interface TokenResponse { access_token: string; token_type: 'Bearer'; expires_in: number; // ~5400 seconds (90 minutes) refresh_token?: string; scope?: string; id_token?: string; // For OpenID Connect created_at?: number; // Unix timestamp } ``` ### 8.5 Scopes Used | Scope | Purpose | |-------|---------| | `openid` | OpenID Connect authentication | | `profile` | User profile information | | `email` | Email address access | | `w_member_social` | Write member social content (post creation) | ### 8.6 PKCE Code Verifier ```typescript // Generated at pkce-oauth-manager.ts:79-100 // Length: 43-128 characters // Character set: [A-Z, a-z, 0-9, -, ., _, ~] // Entropy: 64 bytes from crypto.randomBytes() ``` --- ## 9. API Version Management ### 9.1 Supported Versions | Version | Release | Key Features | |---------|---------|--------------| | `v202401` | Jan 2024 | Cursor pagination, Video API, Batch operations | | `v202404` | Apr 2024 | Documents API, Enhanced targeting | | `v202407` | Jul 2024 | Community management, Webhooks | | `v202410` | Oct 2024 | Connected TV, Analytics v2 | | `v202411` | Nov 2024 | Buy Now CTA (latest) | ### 9.2 Feature Matrix | Feature | v202401 | v202404 | v202407 | v202410 | v202411 | |---------|:-------:|:-------:|:-------:|:-------:|:-------:| | Cursor Pagination | ✅ | ✅ | ✅ | ✅ | ✅ | | Documents API | ❌ | ✅ | ✅ | ✅ | ✅ | | Community Management | ❌ | ❌ | ✅ | ✅ | ✅ | | Connected TV | ❌ | ❌ | ❌ | ✅ | ✅ | | Buy Now CTA | ❌ | ❌ | ❌ | ❌ | ✅ | | Enhanced Targeting | ❌ | ✅ | ✅ | ✅ | ✅ | | Batch Operations | ✅ | ✅ | ✅ | ✅ | ✅ | | Webhooks | ❌ | ❌ | ✅ | ✅ | ✅ | | Analytics v2 | ❌ | ❌ | ❌ | ✅ | ✅ | | Video API | ✅ | ✅ | ✅ | ✅ | ✅ | ### 9.3 Version-Specific Endpoint Mappings | Operation | Legacy Endpoint | v2024+ Endpoint | |-----------|-----------------|-----------------| | Create Post | `/v2/ugcPosts` | `/rest/posts` | | Get Profile | `/v2/me` | `/rest/me` | | Get Analytics | `/organizationalEntityShareStatistics` | `/analytics/shares` | --- ## 10. Rate Limiting & Error Handling ### 10.1 Rate Limit Headers | Header | Purpose | |--------|---------| | `X-RateLimit-Limit` | Maximum requests allowed | | `X-RateLimit-Remaining` | Remaining requests in window | | `X-RateLimit-Reset` | Unix timestamp when limit resets | ### 10.2 Retry Strategy | Configuration | Value | |---------------|-------| | **Retry conditions** | HTTP 429, 500+ status codes | | **Backoff type** | Exponential | | **Max delay** | 30 seconds | | **Max retries** | 3 (configurable) | | **Default timeout** | 30 seconds | ### 10.3 Error Response Structure ```typescript interface LinkedInError { status: number; // HTTP status code code: string; // LinkedIn error code message: string; // Human-readable message requestId?: string; // For debugging with LinkedIn support details?: any; // Full error response body } ``` ### 10.4 Rate Limit Strategies | Strategy | Behavior | |----------|----------| | `throttle` | Wait until reset time, then retry | | `queue` | Queue request for later execution | | `reject` | Throw error immediately | --- ## 11. Testing Coverage ### 11.1 Test Files | Category | Test File | Coverage Area | |----------|-----------|---------------| | **Security** | `token-lifecycle-manager.test.ts` | Token creation, validation, rotation | | **Security** | `key-manager.test.ts` | Key derivation, rotation | | **Security** | `secure-token-storage.test.ts` | AES-256-GCM encryption | | **Security** | `integrated-token-security-manager.test.ts` | Security orchestration | | **Auth** | `pkce-oauth-manager.test.ts` | OAuth 2.0 + PKCE flow | | **API** | `linkedin-endpoints.test.ts` | Endpoint wrappers | | **API** | `version-manager.test.ts` | API version handling | | **API** | `legacy-compatibility.test.ts` | Backward compatibility | | **API** | `cursor-pagination.test.ts` | Pagination handling | | **API** | `linkedin-api-v2024.test.ts` | v2024 API client | | **Storage** | `file-based-secure-storage.test.ts` | File storage operations | ### 11.2 Test Configuration | Setting | Value | |---------|-------| | **Framework** | Jest with ts-jest | | **Timeout** | 30 seconds per test | | **Coverage** | Reports generated | | **Mocks** | In-memory storage implementations | --- ## 12. Code Quality Metrics ### 12.1 TypeScript Configuration | Setting | Value | Status | |---------|-------|--------| | `strict` | true | ✅ Enabled | | `noImplicitReturns` | true | ✅ Enabled | | `noFallthroughCasesInSwitch` | true | ✅ Enabled | | `target` | ES2022 | Modern Node.js | | `module` | CommonJS | npm compatible | ### 12.2 Code Statistics | Metric | Value | |--------|-------| | **Total source files** | 23 TypeScript files | | **Total lines of code** | 11,554 lines | | **JSDoc coverage** | ~90% | | **Error handling points** | 72+ locations | | **`any` type usage** | 157 instances (needs improvement) | ### 12.3 Quality Assessment | Area | Assessment | |------|------------| | **Type Safety** | Good overall, 157 `any` types to refine | | **Error Handling** | Comprehensive with proper propagation | | **Documentation** | Excellent JSDoc coverage | | **Code Organization** | Clean module separation | | **Dependency Management** | Well-structured, minimal dependencies | --- ## 13. Gaps & Recommendations ### 13.1 Critical Issues (High Priority) | Issue | Location | Recommendation | |-------|----------|----------------| | Hardcoded storage key | `key-manager.ts:555` | Move to environment variable | | Test passphrases | Multiple security files | Use environment variables | | 157 `any` types | Across codebase | Gradual type refinement | ### 13.2 Medium Priority Issues | Issue | Recommendation | |-------|----------------| | Scattered console.log | Implement structured logging (Winston/Pino) | | No client-side rate limiting | Add rate limiting with exponential backoff | | Generic error handling | Preserve error chains with `cause` field | | CLI input validation | Add Zod schema validation | ### 13.3 Low Priority (Quick Wins) | Issue | Recommendation | |-------|----------------| | Missing ADRs | Add architecture decision records | | Limited integration tests | Expand test coverage | | Type definition duplication | Centralize in types/ directory | ### 13.4 API Limitations (LinkedIn Platform) | Limitation | Reason | Scope Required | |------------|--------|----------------| | **Read own posts** | Marketing Developer Platform required | `r_member_social` | | **Read comments** | Marketing Developer Platform required | `r_member_social` | | **Read feed** | Special approval required | Various | | **Read activity** | Marketing Developer Platform required | `r_member_social` | | **Video Upload** | Not implemented | `w_member_social` | ### 13.5 API Coverage Summary (After Cleanup) | Category | Tools | Status | |----------|-------|--------| | Authentication | 2 | ✅ Complete (get_auth_url, exchange_code) | | User Profile | 1 | ✅ Complete (get_user_info) | | Post Creation | 2 | ✅ Complete (create_post, post_profile_update) | | **Read Operations** | 0 | ❌ Removed (require Marketing Developer Platform) | | **AI Generation** | 0 | ❌ Removed (better handled by Claude directly) | **Total Working Tools: 5** ### 13.6 Design Philosophy The MCP now follows a lean design philosophy: - **Core Focus**: Authentication and posting only - **No Duplication**: AI content generation is Claude's strength, not the MCP's - **Clean API Surface**: Only working endpoints exposed - **Minimal Dependencies**: Reduced code complexity (~400 lines vs ~1200 lines) --- ## Key Files Reference ### Entry Points | File | Purpose | |------|---------| | `src/linkedin-complete-mcp.ts:1` | Main MCP server | | `src/cli.ts:1` | CLI installation tool | | `src/index.ts:1` | Profile optimizer server | ### Security Layer | File | Purpose | |------|---------| | `src/security/integrated-token-security-manager.ts` | Security orchestration | | `src/security/token-lifecycle-manager.ts` | Token lifecycle management | | `src/security/key-manager.ts` | Key derivation & rotation | | `src/security/secure-token-storage.ts` | AES-256-GCM encryption | ### API Layer | File | Purpose | |------|---------| | `src/api/linkedin-client.ts` | Main API client with sub-clients | | `src/auth/pkce-oauth-manager.ts` | OAuth 2.0 + PKCE implementation | | `src/api/linkedin-endpoints.ts` | High-level endpoint wrappers | | `src/api/version-manager.ts` | API version management | ### Storage Layer | File | Purpose | |------|---------| | `src/storage/file-based-secure-storage.ts` | Encrypted file storage | | Storage location | `~/.linkedin-mcp/tokens/` | --- *Documentation generated: November 28, 2025* *Version: 2.0.0*