@01.software/cli 0.9.0 → 0.10.1

package/dist/mcp/{chunk-GJOQ4SE2.js → chunk-2ECTVUKU.js}

@@ -88,6 +88,382 @@ var MCP_CONSOLE_SERVICE_AUDIENCE = "https://api.01.software/internal/mcp";
 var MCP_CONSOLE_SERVICE_SCOPE = "console:mcp_proxy";
 var MCP_SERVICE_TOKEN_LIFETIME_SECONDS = 60;
 
+// ../../packages/contracts/src/tenant/index.ts
+import { z } from "zod";
+var tenantFieldConfigStateSchema = z.object({
+  hiddenFields: z.array(z.string()),
+  isHidden: z.boolean()
+}).strict();
+var tenantContextQuerySchema = z.object({
+  counts: z.literal("true").optional()
+}).strict();
+var tenantContextToolInputSchema = z.object({
+  includeCounts: z.boolean().optional().default(false).describe(
+    "Include per-collection document counts and config status (bypasses cache, slower)"
+  )
+}).strict();
+var tenantContextResponseSchema = z.object({
+  tenant: z.object({
+    id: z.string(),
+    name: z.string(),
+    plan: z.string(),
+    planSource: z.string().optional(),
+    authoritative: z.boolean().optional(),
+    capabilityVersion: z.string().optional()
+  }).strict(),
+  features: z.array(z.string()),
+  collections: z.object({
+    active: z.array(z.string()),
+    inactive: z.array(z.string())
+  }).strict(),
+  fieldConfigs: z.record(z.string(), tenantFieldConfigStateSchema),
+  counts: z.record(z.string(), z.number()).optional(),
+  config: z.object({
+    webhookConfigured: z.boolean()
+  }).strict().optional()
+}).strict();
+var tenantFeatureProgressFeatureSchema = z.enum(["ecommerce"]);
+var tenantFeatureProgressInputSchema = z.object({
+  feature: tenantFeatureProgressFeatureSchema.describe(
+    "Feature to inspect for tenant implementation readiness"
+  ),
+  includeEvidence: z.boolean().optional().default(false).describe("Include sanitized counts and static surface evidence")
+}).strict();
+var tenantFeatureProgressStatusSchema = z.enum([
+  "ready",
+  "attention",
+  "blocked"
+]);
+var tenantFeatureProgressItemStateSchema = z.enum([
+  "complete",
+  "incomplete",
+  "blocked",
+  "attention",
+  "optional",
+  "unknown",
+  "manual",
+  "not-applicable"
+]);
+var tenantFeatureProgressSeveritySchema = z.enum([
+  "required",
+  "recommended",
+  "optional"
+]);
+var tenantFeatureProgressEvidenceValueSchema = z.union([
+  z.string(),
+  z.number(),
+  z.boolean(),
+  z.null()
+]);
+var tenantFeatureProgressItemSchema = z.object({
+  id: z.string(),
+  title: z.string(),
+  state: tenantFeatureProgressItemStateSchema,
+  severity: tenantFeatureProgressSeveritySchema,
+  summary: z.string(),
+  evidence: z.record(z.string(), tenantFeatureProgressEvidenceValueSchema).optional()
+}).strict();
+var tenantFeatureProgressGroupSchema = z.object({
+  id: z.string(),
+  title: z.string(),
+  summary: z.string().optional(),
+  items: z.array(tenantFeatureProgressItemSchema)
+}).strict();
+var tenantFeatureProgressResponseSchema = z.object({
+  schemaVersion: z.literal(1),
+  feature: tenantFeatureProgressFeatureSchema,
+  status: tenantFeatureProgressStatusSchema,
+  generatedAt: z.string(),
+  tenant: z.object({
+    id: z.string(),
+    name: z.string(),
+    plan: z.string()
+  }).strict(),
+  capability: z.object({
+    effectiveFeatures: z.array(z.string()),
+    planBlocked: z.array(z.string()),
+    closureAdded: z.array(z.string())
+  }).strict(),
+  summary: z.object({
+    complete: z.number().int().nonnegative(),
+    total: z.number().int().nonnegative(),
+    blocking: z.number().int().nonnegative(),
+    manual: z.number().int().nonnegative(),
+    unknown: z.number().int().nonnegative()
+  }).strict(),
+  groups: z.array(tenantFeatureProgressGroupSchema)
+}).strict();
+var COLLECTION_SCHEMA_CONTRACT_VERSION = 1;
+var collectionSchemaEndpointParamsSchema = z.object({
+  collectionSlug: z.string().min(1, "collectionSlug is required")
+}).strict();
+function createCollectionSchemaToolInputSchema(collections) {
+  return z.object({
+    collection: z.enum(collections).describe("Collection name (required)")
+  }).strict();
+}
+var collectionFieldOptionSchema = z.object({
+  label: z.string(),
+  value: z.string()
+}).strict();
+var collectionFieldSchema = z.lazy(
+  () => z.object({
+    name: z.string(),
+    path: z.string(),
+    type: z.string(),
+    required: z.literal(true).optional(),
+    unique: z.literal(true).optional(),
+    hasMany: z.literal(true).optional(),
+    relationTo: z.union([z.string(), z.array(z.string())]).optional(),
+    options: z.array(collectionFieldOptionSchema).optional(),
+    hidden: z.literal(true).optional(),
+    systemManaged: z.literal(true).optional(),
+    writable: z.boolean().optional(),
+    fields: z.array(collectionFieldSchema).optional()
+  }).strict()
+);
+var collectionSchemaResponseSchema = z.object({
+  contractVersion: z.literal(COLLECTION_SCHEMA_CONTRACT_VERSION),
+  mode: z.literal("effective"),
+  collection: z.object({
+    slug: z.string(),
+    timestamps: z.boolean(),
+    alwaysActive: z.boolean(),
+    feature: z.string().nullable(),
+    systemFields: z.array(z.string()),
+    visibility: z.object({
+      collectionHidden: z.boolean(),
+      hiddenFields: z.array(z.string())
+    }).strict(),
+    fields: z.array(collectionFieldSchema)
+  }).strict()
+}).strict();
+
+// ../../packages/contracts/src/ecommerce/index.ts
+import { z as z2 } from "zod";
+var transactionStatusSchema = z2.enum([
+  "pending",
+  "paid",
+  "failed",
+  "canceled"
+]);
+var updateTransactionSchema = z2.object({
+  pgPaymentId: z2.string().min(1, "pgPaymentId is required").describe("PG payment ID (required)"),
+  status: transactionStatusSchema.describe(
+    "New transaction status (required)"
+  ),
+  paymentMethod: z2.string().optional().describe("Payment method (optional)"),
+  receiptUrl: z2.string().optional().describe("Receipt URL (optional)"),
+  paymentKey: z2.string().min(1).optional().describe("Provider payment key for verified paid confirmation"),
+  amount: z2.number().int().positive().optional().describe("Provider-confirmed amount for verified paid confirmation")
+}).strict();
+var UpdateTransactionSchema = updateTransactionSchema;
+var providerSlugSchema = z2.string().trim().regex(/^[a-z0-9][a-z0-9_-]{0,63}$/, "pgProvider must be lowercase slug");
+var confirmPaymentSchema = z2.object({
+  orderNumber: z2.string().min(1).optional(),
+  pgPaymentId: z2.string().min(1, "pgPaymentId is required").describe("Provider payment identifier stored on the transaction"),
+  pgProvider: providerSlugSchema.describe(
+    "Payment provider slug, e.g. toss, portone, stripe"
+  ),
+  pgOrderId: z2.string().min(1).optional(),
+  amount: z2.number().int().nonnegative("amount must be non-negative").describe("Provider-confirmed amount in minor units"),
+  currency: z2.string().min(1).optional(),
+  paymentMethod: z2.string().optional(),
+  receiptUrl: z2.string().url().optional(),
+  approvedAt: z2.string().optional(),
+  providerStatus: z2.string().optional(),
+  providerEventId: z2.string().min(1).optional(),
+  confirmationSource: z2.enum([
+    "provider_webhook",
+    "provider_lookup",
+    "provider_api_confirm",
+    "manual_server"
+  ]).optional(),
+  metadata: z2.record(z2.string(), z2.unknown()).optional()
+}).strict();
+var returnReasonSchema = z2.enum([
+  "change_of_mind",
+  "defective",
+  "wrong_delivery",
+  "damaged",
+  "other"
+]);
+var restockActionSchema = z2.enum(["return_to_stock", "discard"]);
+var returnWithRefundItemSchema = z2.object({
+  orderItem: z2.union([z2.string(), z2.number()]).transform(String),
+  quantity: z2.number().int().positive("quantity must be a positive integer"),
+  restockAction: restockActionSchema.default("return_to_stock")
+}).strict();
+var returnWithRefundSchema = z2.object({
+  orderNumber: z2.string().min(1, "orderNumber is required").describe("Order number (required)"),
+  reason: returnReasonSchema.optional().describe("Return reason (optional)"),
+  reasonDetail: z2.string().optional().describe("Detailed reason text (optional)"),
+  returnItems: z2.array(returnWithRefundItemSchema).min(1, "At least one return item is required").max(100, "Too many return items").describe("Array of products to return (required)"),
+  refundAmount: z2.number().min(0, "refundAmount must be non-negative").describe("Refund amount (required, min 0)"),
+  pgPaymentId: z2.string().min(1, "pgPaymentId is required").describe("PG payment ID for refund (required)"),
+  paymentKey: z2.string().min(1).optional().describe("Provider payment key for verified refund"),
+  refundReceiptUrl: z2.string().optional().describe("Refund receipt URL (optional)")
+}).strict();
+var ReturnWithRefundSchema = returnWithRefundSchema;
+
+// ../../packages/contracts/src/mcp/index.ts
+var MCP_TOOL_CONTRACT = {
+  "query-collection": {
+    consoleRole: "tenant-viewer",
+    oauthScope: "mcp:read",
+    readOnly: true
+  },
+  "get-collection-by-id": {
+    consoleRole: "tenant-viewer",
+    oauthScope: "mcp:read",
+    readOnly: true
+  },
+  "get-order": {
+    consoleRole: "tenant-viewer",
+    oauthScope: "mcp:read",
+    readOnly: true
+  },
+  "stock-check": {
+    consoleRole: "tenant-viewer",
+    oauthScope: "mcp:read",
+    readOnly: true
+  },
+  "validate-discount": {
+    consoleRole: "tenant-viewer",
+    oauthScope: "mcp:read",
+    readOnly: true
+  },
+  "calculate-shipping": {
+    consoleRole: "tenant-viewer",
+    oauthScope: "mcp:read",
+    readOnly: true
+  },
+  "get-collection-schema": {
+    consoleRole: "tenant-viewer",
+    oauthScope: "mcp:read",
+    readOnly: true
+  },
+  "list-configurable-fields": {
+    consoleRole: "tenant-viewer",
+    oauthScope: "mcp:read",
+    readOnly: true
+  },
+  "get-tenant-context": {
+    consoleRole: "tenant-viewer",
+    oauthScope: "mcp:read",
+    readOnly: true
+  },
+  "check-feature-progress": {
+    consoleRole: "tenant-viewer",
+    oauthScope: "mcp:read",
+    readOnly: true
+  },
+  "add-cart-item": {
+    consoleRole: "tenant-editor",
+    oauthScope: "mcp:write",
+    readOnly: false
+  },
+  "update-cart-item": {
+    consoleRole: "tenant-editor",
+    oauthScope: "mcp:write",
+    readOnly: false
+  },
+  "remove-cart-item": {
+    consoleRole: "tenant-editor",
+    oauthScope: "mcp:write",
+    readOnly: false
+  },
+  "clear-cart": {
+    consoleRole: "tenant-editor",
+    oauthScope: "mcp:write",
+    readOnly: false
+  },
+  "apply-discount": {
+    consoleRole: "tenant-editor",
+    oauthScope: "mcp:write",
+    readOnly: false
+  },
+  "remove-discount": {
+    consoleRole: "tenant-editor",
+    oauthScope: "mcp:write",
+    readOnly: false
+  },
+  checkout: {
+    consoleRole: "tenant-admin",
+    oauthScope: "mcp:write",
+    readOnly: false
+  },
+  "create-order": {
+    consoleRole: "tenant-admin",
+    oauthScope: "mcp:write",
+    readOnly: false
+  },
+  "update-order": {
+    consoleRole: "tenant-admin",
+    oauthScope: "mcp:write",
+    readOnly: false
+  },
+  "create-fulfillment": {
+    consoleRole: "tenant-admin",
+    oauthScope: "mcp:write",
+    readOnly: false
+  },
+  "update-fulfillment": {
+    consoleRole: "tenant-admin",
+    oauthScope: "mcp:write",
+    readOnly: false
+  },
+  "create-return": {
+    consoleRole: "tenant-admin",
+    oauthScope: "mcp:write",
+    readOnly: false
+  },
+  "update-return": {
+    consoleRole: "tenant-admin",
+    oauthScope: "mcp:write",
+    readOnly: false
+  },
+  "return-with-refund": {
+    consoleRole: "tenant-admin",
+    oauthScope: "mcp:write",
+    readOnly: false
+  },
+  "update-transaction": {
+    consoleRole: "tenant-admin",
+    oauthScope: "mcp:write",
+    readOnly: false
+  },
+  "update-field-config": {
+    consoleRole: "tenant-admin",
+    oauthScope: "mcp:write",
+    readOnly: false
+  },
+  "sdk-get-recipe": {
+    consoleRole: "tenant-viewer",
+    oauthScope: "mcp:read",
+    readOnly: true
+  },
+  "sdk-search-docs": {
+    consoleRole: "tenant-viewer",
+    oauthScope: "mcp:read",
+    readOnly: true
+  },
+  "sdk-get-auth-setup": {
+    consoleRole: "tenant-viewer",
+    oauthScope: "mcp:read",
+    readOnly: true
+  },
+  "sdk-get-collection-pattern": {
+    consoleRole: "tenant-viewer",
+    oauthScope: "mcp:read",
+    readOnly: true
+  }
+};
+var MCP_TOOL_NAMES = Object.keys(MCP_TOOL_CONTRACT);
+function isMcpToolName(toolName) {
+  return Object.prototype.hasOwnProperty.call(MCP_TOOL_CONTRACT, toolName);
+}
+
 // src/tool-policy.ts
 var READ_ONLY_ANNOTATION = {
   readOnly: true,
@@ -187,6 +563,13 @@ var TOOL_POLICY_MANIFEST = {
     consoleSurface: "GET /api/tenants/context",
     annotationPolicy: READ_ONLY_ANNOTATION
   },
+  "check-feature-progress": {
+    category: "read-only-tenant",
+    oauthScope: MCP_SCOPES.read,
+    consoleRole: "tenant-viewer",
+    consoleSurface: "GET /api/tenants/feature-progress",
+    annotationPolicy: READ_ONLY_ANNOTATION
+  },
   // ── Cart mutations (mcp:write, tenant-editor) ──
   "add-cart-item": {
     category: "mutation-cart",
@@ -236,7 +619,7 @@ var TOOL_POLICY_MANIFEST = {
     exemptionReason: REASON_CART_EPHEMERAL
   },
   // ── Order mutations (mcp:write, tenant-admin) ──
-  "checkout": {
+  checkout: {
     category: "mutation-order",
     oauthScope: MCP_SCOPES.write,
     consoleRole: "tenant-admin",
@@ -344,14 +727,14 @@ var TOOL_POLICY_MANIFEST = {
   }
 };
 function evaluateToolPolicy(toolName, scopes) {
-  const entry = TOOL_POLICY_MANIFEST[toolName];
-  if (!entry) {
+  if (!isMcpToolName(toolName)) {
     return {
       allowed: false,
       reason: "tool_policy_missing",
       message: `No tool-policy entry for ${toolName}`
     };
   }
+  const entry = TOOL_POLICY_MANIFEST[toolName];
   if (!scopes.includes(entry.oauthScope)) {
     return {
       allowed: false,
@@ -362,17 +745,12 @@ function evaluateToolPolicy(toolName, scopes) {
   return { allowed: true, entry };
 }
 
-// src/tools/query-collection.ts
-import { z } from "zod";
+// src/lib/mcp-telemetry.ts
+import { AsyncLocalStorage as AsyncLocalStorage2 } from "async_hooks";
+import { randomUUID as randomUUID2 } from "crypto";
 
-// src/lib/client.ts
-import {
-  CollectionClient,
-  CommunityClient,
-  ModerationApi,
-  ServerCommerceClient,
-  createServerClient
-} from "@01.software/sdk";
+// src/lib/console-api.ts
+import { createHash } from "crypto";
 
 // src/service-auth.ts
 import { createPrivateKey, randomUUID, sign as signBytes } from "crypto";
@@ -501,43 +879,209 @@ function signMcpServiceToken(context) {
   return `${signingInput}.${signature.toString("base64url")}`;
 }
 
-// src/lib/client.ts
+// src/lib/console-api.ts
+var BASE_URL = process.env.SOFTWARE_API_URL || "http://localhost:3000";
+var TIMEOUT_MS = 5e3;
 var MISSING_HTTP_AUTH_CONTEXT_ERROR = "MCP HTTP requests require a validated OAuth tenant context before tool execution.";
-function getClient() {
+function resolveAuthHeaderContext() {
   const oauthContext = tenantAuthContext();
   if (oauthContext) {
-    const serviceToken = signMcpServiceToken(oauthContext);
-    const client = {
-      lastRequestId: null,
-      commerce: void 0,
-      collections: void 0,
-      community: void 0
-    };
-    const onRequestId = (id) => {
-      client.lastRequestId = id;
+    return {
+      apiKey: signMcpServiceToken(oauthContext),
+      mode: "oauth"
     };
-    client.commerce = new ServerCommerceClient({
-      secretKey: serviceToken,
-      onRequestId
-    });
-    client.collections = new CollectionClient(
-      "",
-      serviceToken,
-      void 0,
-      void 0,
-      onRequestId
+  }
+  if (hasRequestContext()) throw new Error(MISSING_HTTP_AUTH_CONTEXT_ERROR);
+  return {
+    apiKey: process.env.SOFTWARE_SECRET_KEY,
+    mode: "stdio",
+    publishableKey: process.env.SOFTWARE_PUBLISHABLE_KEY ?? process.env.NEXT_PUBLIC_SOFTWARE_PUBLISHABLE_KEY
+  };
+}
+function resolveApiKey() {
+  const { apiKey } = resolveAuthHeaderContext();
+  if (!apiKey || typeof apiKey !== "string") {
+    throw new Error(
+      "Authentication required. Set SOFTWARE_SECRET_KEY for stdio transport."
     );
-    const community = new CommunityClient({ secretKey: serviceToken });
-    const moderation = new ModerationApi({ secretKey: serviceToken, onRequestId });
-    client.community = Object.assign(community, {
-      moderation: {
-        banCustomer: moderation.banCustomer.bind(moderation),
-        unbanCustomer: moderation.unbanCustomer.bind(moderation)
-      }
+  }
+  return apiKey;
+}
+function buildAuthHeaders(apiKey) {
+  const { mode, publishableKey } = resolveAuthHeaderContext();
+  const headers = {
+    Authorization: `Bearer ${apiKey}`
+  };
+  if (mode === "stdio" && publishableKey) {
+    headers["X-Publishable-Key"] = publishableKey;
+  }
+  return headers;
+}
+function extractErrorMessage(body) {
+  if (!body || typeof body !== "object") return void 0;
+  const b = body;
+  if (typeof b.error === "string") return b.error;
+  if (Array.isArray(b.errors) && b.errors[0]?.message) {
+    return String(b.errors[0].message);
+  }
+  if (typeof b.message === "string") return b.message;
+  return void 0;
+}
+async function consoleGet(path, apiKey) {
+  const authHeaders = buildAuthHeaders(apiKey);
+  const controller = new AbortController();
+  const timeoutId = setTimeout(() => controller.abort(), TIMEOUT_MS);
+  try {
+    const res = await fetch(`${BASE_URL}${path}`, {
+      headers: authHeaders,
+      signal: controller.signal
     });
-    return client;
+    if (!res.ok) {
+      const body = await res.json().catch(() => ({}));
+      const msg = extractErrorMessage(body);
+      throw new Error(msg || `Console GET ${path} failed: ${res.status}`);
+    }
+    return res.json();
+  } finally {
+    clearTimeout(timeoutId);
   }
-  if (hasRequestContext()) throw new Error(MISSING_HTTP_AUTH_CONTEXT_ERROR);
+}
+async function consolePost(path, body, apiKey) {
+  const authHeaders = buildAuthHeaders(apiKey);
+  const controller = new AbortController();
+  const timeoutId = setTimeout(() => controller.abort(), TIMEOUT_MS);
+  try {
+    const res = await fetch(`${BASE_URL}${path}`, {
+      method: "POST",
+      headers: { ...authHeaders, "Content-Type": "application/json" },
+      body: JSON.stringify(body),
+      signal: controller.signal
+    });
+    if (!res.ok) {
+      const errBody = await res.json().catch(() => ({}));
+      const msg = extractErrorMessage(errBody);
+      throw new Error(msg || `Console POST ${path} failed: ${res.status}`);
+    }
+    return res.json();
+  } finally {
+    clearTimeout(timeoutId);
+  }
+}
+async function consolePostTelemetry(path, body, apiKey) {
+  const authHeaders = buildAuthHeaders(apiKey);
+  const controller = new AbortController();
+  const timeoutId = setTimeout(() => controller.abort(), TIMEOUT_MS);
+  try {
+    const res = await fetch(`${BASE_URL}${path}`, {
+      method: "POST",
+      headers: { ...authHeaders, "Content-Type": "application/json" },
+      body: JSON.stringify(body),
+      signal: controller.signal
+    });
+    if (!res.ok) {
+      const errBody = await res.json().catch(() => ({}));
+      const msg = extractErrorMessage(errBody);
+      throw new Error(msg || `Console POST ${path} failed: ${res.status}`);
+    }
+  } finally {
+    clearTimeout(timeoutId);
+  }
+}
+
+// src/lib/mcp-telemetry.ts
+var TELEMETRY_ENDPOINT = "/api/tenants/mcp-telemetry";
+var FLUSH_TIMEOUT_MS = 1500;
+var telemetryContext = new AsyncLocalStorage2();
+function createMcpTelemetrySummary(transport) {
+  return {
+    sessionId: randomUUID2(),
+    startedAtMs: Date.now(),
+    successfulWriteCount: 0,
+    toolCallCount: 0,
+    toolCounts: /* @__PURE__ */ new Map(),
+    transport
+  };
+}
+function currentMcpTelemetrySummary() {
+  return telemetryContext.getStore();
+}
+function runWithMcpTelemetry(summary, fn) {
+  return telemetryContext.run(summary, fn);
+}
+function recordMcpToolResult(params) {
+  if (!isMcpToolName(params.toolName)) return;
+  const toolName = params.toolName;
+  params.summary.toolCallCount += 1;
+  params.summary.toolCounts.set(
+    toolName,
+    (params.summary.toolCounts.get(toolName) ?? 0) + 1
+  );
+  if (!MCP_TOOL_CONTRACT[toolName].readOnly && toolResultSucceeded(params.resultText)) {
+    params.summary.successfulWriteCount += 1;
+  }
+}
+function toMcpTelemetryBody(summary) {
+  if (summary.toolCallCount <= 0) return null;
+  const durationMs = summary.transport === "http" ? Math.max(0, summary.durationMs ?? Date.now() - summary.startedAtMs) : void 0;
+  return {
+    converted: summary.successfulWriteCount > 0,
+    ...durationMs !== void 0 ? { durationMs } : {},
+    sessionId: summary.sessionId,
+    successfulWriteCount: summary.successfulWriteCount,
+    toolCallCount: summary.toolCallCount,
+    toolCounts: Object.fromEntries(summary.toolCounts),
+    transport: summary.transport
+  };
+}
+async function flushMcpTelemetrySummary(summary) {
+  const body = toMcpTelemetryBody(summary);
+  if (!body) return;
+  await swallow(
+    withTimeout(async () => {
+      const apiKey = resolveApiKey();
+      await consolePostTelemetry(TELEMETRY_ENDPOINT, body, apiKey);
+    }, FLUSH_TIMEOUT_MS)
+  );
+}
+function toolResultSucceeded(resultText) {
+  if (!resultText) return false;
+  try {
+    const parsed = JSON.parse(resultText);
+    return parsed.success === true;
+  } catch {
+    return false;
+  }
+}
+async function withTimeout(fn, timeoutMs) {
+  let timer;
+  await Promise.race([
+    fn(),
+    new Promise((resolve) => {
+      timer = setTimeout(resolve, timeoutMs);
+    })
+  ]);
+  if (timer) clearTimeout(timer);
+}
+async function swallow(promise) {
+  try {
+    await promise;
+  } catch {
+  }
+}
+
+// src/tools/query-collection.ts
+import { z as z3 } from "zod";
+
+// src/lib/client.ts
+import { createServerClient } from "@01.software/sdk";
+var MISSING_HTTP_AUTH_CONTEXT_ERROR2 = "MCP HTTP requests require a validated OAuth tenant context before tool execution.";
+var HTTP_OAUTH_SDK_CLIENT_ERROR = "MCP HTTP OAuth requests cannot use SDK-backed tools. Use reviewed Console service endpoints for OAuth transport.";
+function getClient() {
+  const oauthContext = tenantAuthContext();
+  if (oauthContext) {
+    throw new Error(HTTP_OAUTH_SDK_CLIENT_ERROR);
+  }
+  if (hasRequestContext()) throw new Error(MISSING_HTTP_AUTH_CONTEXT_ERROR2);
   const secretKey = process.env.SOFTWARE_SECRET_KEY;
   const publishableKey = process.env.SOFTWARE_PUBLISHABLE_KEY || process.env.NEXT_PUBLIC_SOFTWARE_PUBLISHABLE_KEY;
   if (!secretKey) {
@@ -560,15 +1104,18 @@ function getClient() {
 }
 
 // src/tools/query-collection.ts
-import { COLLECTIONS } from "@01.software/sdk";
+import { SERVER_COLLECTIONS } from "@01.software/sdk";
 var schema = {
-  collection: z.enum(COLLECTIONS).describe("Collection name (required)"),
-  where: z.string().optional().describe(
+  collection: z3.enum(SERVER_COLLECTIONS).describe("Collection name (required)"),
+  where: z3.string().optional().describe(
     `Filter conditions (JSON string, optional). Pass the Payload query condition object as a JSON string. Example: '{"title":{"equals":"Product name"}}'`
   ),
-  limit: z.number().min(1).max(100).default(10).describe("Maximum number of items to return (1-100, default: 10)."),
-  page: z.number().optional().describe("Page number (optional). Starts from 1. Used for pagination."),
-  sort: z.string().regex(/^-?[a-zA-Z0-9_.]+$/, 'Sort must be a field name, optionally prefixed with "-" for descending').optional().describe(
+  limit: z3.number().min(1).max(100).default(10).describe("Maximum number of items to return (1-100, default: 10)."),
+  page: z3.number().optional().describe("Page number (optional). Starts from 1. Used for pagination."),
+  sort: z3.string().regex(
+    /^-?[a-zA-Z0-9_.]+$/,
+    'Sort must be a field name, optionally prefixed with "-" for descending'
+  ).optional().describe(
     'Sort field (optional). Use "fieldName" for ascending or "-fieldName" for descending. Example: "createdAt" or "-createdAt"'
   )
 };
@@ -622,11 +1169,11 @@ async function queryCollection({
 }
 
 // src/tools/get-collection-by-id.ts
-import { z as z2 } from "zod";
-import { COLLECTIONS as COLLECTIONS2 } from "@01.software/sdk";
+import { z as z4 } from "zod";
+import { SERVER_COLLECTIONS as SERVER_COLLECTIONS2 } from "@01.software/sdk";
 var schema2 = {
-  collection: z2.enum(COLLECTIONS2).describe("Collection name (required)"),
-  id: z2.string().min(1).describe("Item ID (required)")
+  collection: z4.enum(SERVER_COLLECTIONS2).describe("Collection name (required)"),
+  id: z4.string().min(1).describe("Item ID (required)")
 };
 var metadata2 = {
   name: "get-collection-by-id",
@@ -652,9 +1199,9 @@ async function getCollectionById({
 }
 
 // src/tools/get-order.ts
-import { z as z3 } from "zod";
+import { z as z5 } from "zod";
 var schema3 = {
-  orderNumber: z3.string().min(1).describe("Order number to look up (required)")
+  orderNumber: z5.string().min(1).describe("Order number to look up (required)")
 };
 var metadata3 = {
   name: "get-order",
@@ -684,24 +1231,24 @@ async function getOrder({
 }
 
 // src/tools/create-order.ts
-import { z as z4 } from "zod";
+import { z as z6 } from "zod";
 var schema4 = {
-  pgPaymentId: z4.string().optional().describe("PG payment ID (optional \u2014 omit for free orders)"),
-  orderNumber: z4.string().min(1).describe("Unique order number (required)"),
-  customerSnapshot: z4.object({
-    name: z4.string().optional().describe("Customer name"),
-    email: z4.string().describe("Customer email (required)"),
-    phone: z4.string().optional().describe("Customer phone")
+  pgPaymentId: z6.string().optional().describe("PG payment ID (optional \u2014 omit for free orders)"),
+  orderNumber: z6.string().min(1).describe("Unique order number (required)"),
+  customerSnapshot: z6.object({
+    name: z6.string().optional().describe("Customer name"),
+    email: z6.string().describe("Customer email (required)"),
+    phone: z6.string().optional().describe("Customer phone")
   }).describe("Customer snapshot at time of order (required)"),
-  shippingAddress: z4.record(z4.string(), z4.unknown()).describe(
+  shippingAddress: z6.record(z6.string(), z6.unknown()).describe(
     "Shipping address object (required). Fields: postalCode, address1, address2, deliveryMessage, recipientName, phone"
   ),
-  orderItems: z4.array(z4.record(z4.string(), z4.unknown())).describe(
+  orderItems: z6.array(z6.record(z6.string(), z6.unknown())).describe(
     "Array of order item objects (required). Each: { product, variant, option, quantity, unitPrice?, totalPrice? }"
   ),
-  totalAmount: z4.number().nonnegative().describe("Total order amount (required, min 0)"),
-  shippingAmount: z4.number().nonnegative().optional().describe("Shipping amount (optional, default 0)"),
-  discountCode: z4.string().optional().describe("Discount code to apply (optional)")
+  totalAmount: z6.number().nonnegative().describe("Total order amount (required, min 0)"),
+  shippingAmount: z6.number().nonnegative().optional().describe("Shipping amount (optional, default 0)"),
+  discountCode: z6.string().optional().describe("Discount code to apply (optional)")
 };
 var metadata4 = {
   name: "create-order",
@@ -726,10 +1273,10 @@ async function createOrder(params) {
 }
 
 // src/tools/update-order.ts
-import { z as z5 } from "zod";
+import { z as z7 } from "zod";
 var schema5 = {
-  orderNumber: z5.string().min(1).describe("Order number (required)"),
-  status: z5.enum([
+  orderNumber: z7.string().min(1).describe("Order number (required)"),
+  status: z7.enum([
     "pending",
     "paid",
     "failed",
@@ -766,15 +1313,15 @@ async function updateOrder({
 }
 
 // src/tools/checkout.ts
-import { z as z6 } from "zod";
+import { z as z8 } from "zod";
 var schema6 = {
-  cartId: z6.string().min(1).describe("Cart ID to convert to order (required)"),
-  pgPaymentId: z6.string().optional().describe("PG payment ID (optional \u2014 omit for free orders)"),
-  orderNumber: z6.string().min(1).describe("Unique order number (required)"),
-  customerSnapshot: z6.record(z6.string(), z6.unknown()).describe(
+  cartId: z8.string().min(1).describe("Cart ID to convert to order (required)"),
+  pgPaymentId: z8.string().optional().describe("PG payment ID (optional \u2014 omit for free orders)"),
+  orderNumber: z8.string().min(1).describe("Unique order number (required)"),
+  customerSnapshot: z8.record(z8.string(), z8.unknown()).describe(
     "Customer snapshot object (required). Fields: { name?, email, phone? }"
   ),
-  discountCode: z6.string().optional().describe("Discount code to apply (optional)")
+  discountCode: z8.string().optional().describe("Discount code to apply (optional)")
 };
 var metadata6 = {
   name: "checkout",
@@ -799,17 +1346,17 @@ async function checkout(params) {
 }
 
 // src/tools/create-fulfillment.ts
-import { z as z7 } from "zod";
+import { z as z9 } from "zod";
 var schema7 = {
-  orderNumber: z7.string().min(1).describe("Order number (required)"),
-  carrier: z7.string().optional().describe("Shipping carrier name (optional)"),
-  trackingNumber: z7.string().optional().describe(
+  orderNumber: z9.string().min(1).describe("Order number (required)"),
+  carrier: z9.string().optional().describe("Shipping carrier name (optional)"),
+  trackingNumber: z9.string().optional().describe(
     'Tracking number (optional). Setting carrier + tracking triggers "shipped" status'
   ),
-  items: z7.array(
-    z7.object({
-      orderItem: z7.string().min(1).describe("Order item ID"),
-      quantity: z7.number().int().positive().describe("Quantity to fulfill")
+  items: z9.array(
+    z9.object({
+      orderItem: z9.string().min(1).describe("Order item ID"),
+      quantity: z9.number().int().positive().describe("Quantity to fulfill")
     })
   ).describe("Array of items to fulfill (required)")
 };
@@ -844,16 +1391,16 @@ async function createFulfillment({
 }
 
 // src/tools/update-fulfillment.ts
-import { z as z8 } from "zod";
+import { z as z10 } from "zod";
 var schema8 = {
-  fulfillmentId: z8.string().min(1).describe("Fulfillment ID (required)"),
-  status: z8.enum(["packed", "shipped", "delivered", "failed"]).describe(
+  fulfillmentId: z10.string().min(1).describe("Fulfillment ID (required)"),
+  status: z10.enum(["packed", "shipped", "delivered", "failed"]).describe(
     "New fulfillment status (required). FSM: pending\u2192packed/shipped/failed, packed\u2192shipped/failed, shipped\u2192delivered/failed"
   ),
-  carrier: z8.string().optional().describe(
+  carrier: z10.string().optional().describe(
     "Shipping carrier (optional, changeable only in pending/packed status)"
   ),
-  trackingNumber: z8.string().optional().describe(
+  trackingNumber: z10.string().optional().describe(
     "Tracking number (optional, changeable only in pending/packed status)"
   )
 };
@@ -887,131 +1434,6 @@ async function updateFulfillment({
   }
 }
 
-// ../../packages/contracts/src/tenant/index.ts
-import { z as z9 } from "zod";
-var tenantFieldConfigStateSchema = z9.object({
-  hiddenFields: z9.array(z9.string()),
-  isHidden: z9.boolean()
-}).strict();
-var tenantContextQuerySchema = z9.object({
-  counts: z9.literal("true").optional()
-}).strict();
-var tenantContextToolInputSchema = z9.object({
-  includeCounts: z9.boolean().optional().default(false).describe(
-    "Include per-collection document counts and config status (bypasses cache, slower)"
-  )
-}).strict();
-var tenantContextResponseSchema = z9.object({
-  tenant: z9.object({
-    id: z9.string(),
-    name: z9.string(),
-    plan: z9.string(),
-    planSource: z9.string().optional(),
-    authoritative: z9.boolean().optional(),
-    capabilityVersion: z9.string().optional(),
-    isDevMode: z9.boolean()
-  }).strict(),
-  features: z9.array(z9.string()),
-  collections: z9.object({
-    active: z9.array(z9.string()),
-    inactive: z9.array(z9.string())
-  }).strict(),
-  fieldConfigs: z9.record(z9.string(), tenantFieldConfigStateSchema),
-  counts: z9.record(z9.string(), z9.number()).optional(),
-  config: z9.object({
-    webhookConfigured: z9.boolean()
-  }).strict().optional()
-}).strict();
-var COLLECTION_SCHEMA_CONTRACT_VERSION = 1;
-var collectionSchemaEndpointParamsSchema = z9.object({
-  collectionSlug: z9.string().min(1, "collectionSlug is required")
-}).strict();
-function createCollectionSchemaToolInputSchema(collections) {
-  return z9.object({
-    collection: z9.enum(collections).describe("Collection name (required)")
-  }).strict();
-}
-var collectionFieldOptionSchema = z9.object({
-  label: z9.string(),
-  value: z9.string()
-}).strict();
-var collectionFieldSchema = z9.lazy(
-  () => z9.object({
-    name: z9.string(),
-    path: z9.string(),
-    type: z9.string(),
-    required: z9.literal(true).optional(),
-    unique: z9.literal(true).optional(),
-    hasMany: z9.literal(true).optional(),
-    relationTo: z9.union([z9.string(), z9.array(z9.string())]).optional(),
-    options: z9.array(collectionFieldOptionSchema).optional(),
-    hidden: z9.literal(true).optional(),
-    systemManaged: z9.literal(true).optional(),
-    writable: z9.boolean().optional(),
-    fields: z9.array(collectionFieldSchema).optional()
-  }).strict()
-);
-var collectionSchemaResponseSchema = z9.object({
-  contractVersion: z9.literal(COLLECTION_SCHEMA_CONTRACT_VERSION),
-  mode: z9.literal("effective"),
-  collection: z9.object({
-    slug: z9.string(),
-    timestamps: z9.boolean(),
-    alwaysActive: z9.boolean(),
-    feature: z9.string().nullable(),
-    systemFields: z9.array(z9.string()),
-    visibility: z9.object({
-      collectionHidden: z9.boolean(),
-      hiddenFields: z9.array(z9.string())
-    }).strict(),
-    fields: z9.array(collectionFieldSchema)
-  }).strict()
-}).strict();
-
-// ../../packages/contracts/src/ecommerce/index.ts
-import { z as z10 } from "zod";
-var transactionStatusSchema = z10.enum([
-  "pending",
-  "paid",
-  "failed",
-  "canceled"
-]);
-var updateTransactionSchema = z10.object({
-  pgPaymentId: z10.string().min(1, "pgPaymentId is required").describe("PG payment ID (required)"),
-  status: transactionStatusSchema.describe(
-    "New transaction status (required)"
-  ),
-  paymentMethod: z10.string().optional().describe("Payment method (optional)"),
-  receiptUrl: z10.string().optional().describe("Receipt URL (optional)"),
-  paymentKey: z10.string().min(1).optional().describe("Provider payment key for verified paid confirmation"),
-  amount: z10.number().int().positive().optional().describe("Provider-confirmed amount for verified paid confirmation")
-}).strict();
-var UpdateTransactionSchema = updateTransactionSchema;
-var returnReasonSchema = z10.enum([
-  "change_of_mind",
-  "defective",
-  "wrong_delivery",
-  "damaged",
-  "other"
-]);
-var restockActionSchema = z10.enum(["return_to_stock", "discard"]);
-var returnWithRefundItemSchema = z10.object({
-  orderItem: z10.union([z10.string(), z10.number()]).transform(String),
-  quantity: z10.number().int().positive("quantity must be a positive integer"),
-  restockAction: restockActionSchema.default("return_to_stock")
-}).strict();
-var returnWithRefundSchema = z10.object({
-  orderNumber: z10.string().min(1, "orderNumber is required").describe("Order number (required)"),
-  reason: returnReasonSchema.optional().describe("Return reason (optional)"),
-  reasonDetail: z10.string().optional().describe("Detailed reason text (optional)"),
-  returnItems: z10.array(returnWithRefundItemSchema).min(1, "At least one return item is required").max(100, "Too many return items").describe("Array of products to return (required)"),
-  refundAmount: z10.number().min(0, "refundAmount must be non-negative").describe("Refund amount (required, min 0)"),
-  pgPaymentId: z10.string().min(1, "pgPaymentId is required").describe("PG payment ID for refund (required)"),
-  paymentKey: z10.string().min(1).optional().describe("Provider payment key for verified refund"),
-  refundReceiptUrl: z10.string().optional().describe("Refund receipt URL (optional)")
-}).strict();
-var ReturnWithRefundSchema = returnWithRefundSchema;
-
 // src/tools/update-transaction.ts
 var schema9 = UpdateTransactionSchema.shape;
 var metadata9 = {
@@ -1404,143 +1826,53 @@ async function calculateShipping({
   try {
     const client = getClient();
     const result = await client.commerce.shipping.calculate({
-      shippingPolicyId,
-      orderAmount,
-      postalCode
-    });
-    return toolSuccess({ data: result });
-  } catch (error) {
-    return toolError(error);
-  }
-}
-
-// src/tools/stock-check.ts
-import { z as z21 } from "zod";
-var schema21 = {
-  items: z21.array(
-    z21.object({
-      variantId: z21.string().describe("Product variant ID"),
-      quantity: z21.number().int().positive().describe("Requested quantity")
-    })
-  ).describe(
-    "Array of items to check stock for (required, max 100). Each: { variantId, quantity }"
-  )
-};
-var metadata21 = {
-  name: "stock-check",
-  description: "Batch check product option stock availability. Returns per-item availability and an allAvailable flag.",
-  annotations: {
-    title: "Check stock availability",
-    readOnlyHint: true,
-    destructiveHint: false,
-    idempotentHint: true
-  }
-};
-async function stockCheck({
-  items
-}) {
-  try {
-    const client = getClient();
-    const result = await client.commerce.product.stockCheck({ items });
-    return toolSuccess({ data: result });
-  } catch (error) {
-    return toolError(error);
-  }
-}
-
-// src/tools/get-collection-schema.ts
-import { COLLECTIONS as COLLECTIONS3 } from "@01.software/sdk";
-
-// src/lib/console-api.ts
-import { createHash } from "crypto";
-var BASE_URL = process.env.SOFTWARE_API_URL || "http://localhost:3000";
-var TIMEOUT_MS = 5e3;
-var MISSING_HTTP_AUTH_CONTEXT_ERROR2 = "MCP HTTP requests require a validated OAuth tenant context before tool execution.";
-function resolveAuthHeaderContext() {
-  const oauthContext = tenantAuthContext();
-  if (oauthContext) {
-    return {
-      apiKey: signMcpServiceToken(oauthContext),
-      mode: "oauth"
-    };
-  }
-  if (hasRequestContext()) throw new Error(MISSING_HTTP_AUTH_CONTEXT_ERROR2);
-  return {
-    apiKey: process.env.SOFTWARE_SECRET_KEY,
-    mode: "stdio",
-    publishableKey: process.env.SOFTWARE_PUBLISHABLE_KEY ?? process.env.NEXT_PUBLIC_SOFTWARE_PUBLISHABLE_KEY
-  };
-}
-function resolveApiKey() {
-  const { apiKey } = resolveAuthHeaderContext();
-  if (!apiKey || typeof apiKey !== "string") {
-    throw new Error(
-      "Authentication required. Set SOFTWARE_SECRET_KEY for stdio transport."
-    );
-  }
-  return apiKey;
-}
-function buildAuthHeaders(apiKey) {
-  const { mode, publishableKey } = resolveAuthHeaderContext();
-  const headers = {
-    Authorization: `Bearer ${apiKey}`
-  };
-  if (mode === "stdio" && publishableKey) {
-    headers["X-Publishable-Key"] = publishableKey;
-  }
-  return headers;
-}
-function extractErrorMessage(body) {
-  if (!body || typeof body !== "object") return void 0;
-  const b = body;
-  if (typeof b.error === "string") return b.error;
-  if (Array.isArray(b.errors) && b.errors[0]?.message) {
-    return String(b.errors[0].message);
-  }
-  if (typeof b.message === "string") return b.message;
-  return void 0;
-}
-async function consoleGet(path, apiKey) {
-  const authHeaders = buildAuthHeaders(apiKey);
-  const controller = new AbortController();
-  const timeoutId = setTimeout(() => controller.abort(), TIMEOUT_MS);
-  try {
-    const res = await fetch(`${BASE_URL}${path}`, {
-      headers: authHeaders,
-      signal: controller.signal
+      shippingPolicyId,
+      orderAmount,
+      postalCode
     });
-    if (!res.ok) {
-      const body = await res.json().catch(() => ({}));
-      const msg = extractErrorMessage(body);
-      throw new Error(msg || `Console GET ${path} failed: ${res.status}`);
-    }
-    return res.json();
-  } finally {
-    clearTimeout(timeoutId);
+    return toolSuccess({ data: result });
+  } catch (error) {
+    return toolError(error);
   }
 }
-async function consolePost(path, body, apiKey) {
-  const authHeaders = buildAuthHeaders(apiKey);
-  const controller = new AbortController();
-  const timeoutId = setTimeout(() => controller.abort(), TIMEOUT_MS);
+
+// src/tools/stock-check.ts
+import { z as z21 } from "zod";
+var schema21 = {
+  items: z21.array(
+    z21.object({
+      variantId: z21.string().describe("Product variant ID"),
+      quantity: z21.number().int().positive().describe("Requested quantity")
+    })
+  ).describe(
+    "Array of items to check stock for (required, max 100). Each: { variantId, quantity }"
+  )
+};
+var metadata21 = {
+  name: "stock-check",
+  description: "Batch check product option stock availability. Returns per-item availability and an allAvailable flag.",
+  annotations: {
+    title: "Check stock availability",
+    readOnlyHint: true,
+    destructiveHint: false,
+    idempotentHint: true
+  }
+};
+async function stockCheck({
+  items
+}) {
   try {
-    const res = await fetch(`${BASE_URL}${path}`, {
-      method: "POST",
-      headers: { ...authHeaders, "Content-Type": "application/json" },
-      body: JSON.stringify(body),
-      signal: controller.signal
-    });
-    if (!res.ok) {
-      const errBody = await res.json().catch(() => ({}));
-      const msg = extractErrorMessage(errBody);
-      throw new Error(msg || `Console POST ${path} failed: ${res.status}`);
-    }
-    return res.json();
-  } finally {
-    clearTimeout(timeoutId);
+    const client = getClient();
+    const result = await client.commerce.product.stockCheck({ items });
+    return toolSuccess({ data: result });
+  } catch (error) {
+    return toolError(error);
   }
 }
 
+// src/tools/get-collection-schema.ts
+import { SERVER_COLLECTIONS as SERVER_COLLECTIONS3 } from "@01.software/sdk";
+
 // src/lib/collection-schema.ts
 async function getCollectionSchema(collection) {
   const apiKey = resolveApiKey();
@@ -1552,7 +1884,7 @@ async function getCollectionSchema(collection) {
 }
 
 // src/tools/get-collection-schema.ts
-var schema22 = createCollectionSchemaToolInputSchema(COLLECTIONS3).shape;
+var schema22 = createCollectionSchemaToolInputSchema(SERVER_COLLECTIONS3).shape;
 var metadata22 = {
   name: "get-collection-schema",
   description: "Get the authoritative tenant-aware collection schema from console. Use this before create/update to understand writable fields, hidden fields, required metadata, and collection-level visibility.",
@@ -1581,6 +1913,11 @@ async function getCollectionSchemaTool({
 function getTenantContextPath(includeCounts) {
   return includeCounts ? "/api/tenants/context?counts=true" : "/api/tenants/context";
 }
+function getTenantFeatureProgressPath(feature, includeEvidence) {
+  const search = new URLSearchParams({ feature });
+  if (includeEvidence) search.set("includeEvidence", "true");
+  return `/api/tenants/feature-progress?${search.toString()}`;
+}
 async function getTenantContext(includeCounts = false) {
   const apiKey = resolveApiKey();
   const data = await consoleGet(
@@ -1589,6 +1926,14 @@ async function getTenantContext(includeCounts = false) {
   );
   return tenantContextResponseSchema.parse(data);
 }
+async function getTenantFeatureProgress(feature, includeEvidence = false) {
+  const apiKey = resolveApiKey();
+  const data = await consoleGet(
+    getTenantFeatureProgressPath(feature, includeEvidence),
+    apiKey
+  );
+  return tenantFeatureProgressResponseSchema.parse(data);
+}
 
 // src/tools/get-tenant-context.ts
 var schema23 = tenantContextToolInputSchema.shape;
@@ -1668,6 +2013,30 @@ async function handler({
   }
 }
 
+// src/tools/check-feature-progress.ts
+var schema24 = tenantFeatureProgressInputSchema.shape;
+var metadata24 = {
+  name: "check-feature-progress",
+  description: "Check tenant implementation progress for a supported feature. Start with feature=ecommerce to inspect catalog, cart, checkout, payment result, webhook, and operations readiness without mutating tenant data.",
+  annotations: {
+    title: "Check Feature Progress",
+    readOnlyHint: true,
+    destructiveHint: false,
+    idempotentHint: true
+  }
+};
+async function handler2({
+  feature,
+  includeEvidence
+}) {
+  try {
+    const progress = await getTenantFeatureProgress(feature, includeEvidence);
+    return toolSuccess({ progress });
+  } catch (error) {
+    return toolError(error);
+  }
+}
+
 // src/tools/list-configurable-fields.ts
 import { z as z22 } from "zod";
 
@@ -1692,12 +2061,12 @@ function invalidateFieldConfigCache() {
 }
 
 // src/tools/list-configurable-fields.ts
-var schema24 = {
+var schema25 = {
   collection: z22.string().optional().describe(
     "Filter by collection slug (optional \u2014 returns all if omitted). Use this filter to reduce response size when you know which collection to check."
   )
 };
-var metadata24 = {
+var metadata25 = {
   name: "list-configurable-fields",
   description: "List all configurable fields for tenant collections with current visibility state. Shows which fields can be shown/hidden and their current status. Returns all collections including inactive features \u2014 cross-reference with get-tenant-context for active features. Response includes ~300 fields across 47 collections \u2014 use collection filter when possible.",
   annotations: {
@@ -1729,7 +2098,7 @@ async function listConfigurableFields(params) {
 
 // src/tools/update-field-config.ts
 import { z as z23 } from "zod";
-var schema25 = {
+var schema26 = {
   collection: z23.string().min(1).describe("Collection slug (required)"),
   hiddenFields: z23.array(z23.string().min(1).max(200)).max(300).describe(
     "Fields to hide (required). This is a FULL REPLACE \u2014 fields NOT in this list will be shown. Pass [] to show all fields. Use list-configurable-fields first to see available field paths."
@@ -1738,7 +2107,7 @@ var schema25 = {
     "Hide the entire collection from Admin Panel (optional). When true, individual hiddenFields are irrelevant."
   )
 };
-var metadata25 = {
+var metadata26 = {
   name: "update-field-config",
   description: "Update field visibility configuration for a tenant collection. Hidden fields are removed from the Admin Panel UI. IMPORTANT: hiddenFields is a full replace, not a merge. Always call list-configurable-fields first to see current state.",
   annotations: {
@@ -2198,7 +2567,7 @@ function getRecipe(goal, runtime = "both") {
 }
 
 // src/tools/sdk-get-recipe.ts
-var schema26 = {
+var schema27 = {
   goal: z24.enum([
     "fetch-list",
     "fetch-by-id",
@@ -2215,7 +2584,7 @@ var schema26 = {
   collection: z24.string().optional().describe("Specific collection name if applicable"),
   includeExample: z24.boolean().default(true).describe("Whether to include a full code example")
 };
-var metadata26 = {
+var metadata27 = {
   name: "sdk-get-recipe",
   description: "Get a complete SDK code recipe for a specific task. Returns recommended approach, code example, and related documentation links. Use this FIRST when the user asks how to do something with the SDK.",
   annotations: {
@@ -2225,7 +2594,7 @@ var metadata26 = {
     idempotentHint: true
   }
 };
-function handler2({
+function handler3({
   goal,
   runtime,
   collection,
@@ -2272,7 +2641,7 @@ var docIndex = [
   {
     title: "Browser Client vs Server Client",
     keywords: ["browser", "server", "publishable key", "secret key", "createClient", "createServerClient", "NEXT_PUBLIC_SOFTWARE_PUBLISHABLE_KEY", "SOFTWARE_PUBLISHABLE_KEY", "SOFTWARE_SECRET_KEY", "pk01_", "sk01_", "pat01_", "read-only", "full crud"],
-    summary: "createClient() for browser with publishableKey (read-only pk01_), createServerClient() for server with SOFTWARE_SECRET_KEY (usually sk01_, sometimes pat01_ in browser-auth-scoped flows). Never expose SECRET_KEY to the browser.",
+    summary: "createClient() for browser with publishableKey (read-only pk01_), createServerClient() for server with matching SOFTWARE_PUBLISHABLE_KEY + SOFTWARE_SECRET_KEY (usually sk01_, sometimes pat01_ in scoped flows). Never expose SECRET_KEY to the browser.",
     resourceUri: "docs://sdk/getting-started"
   },
   // Query Builder
@@ -2433,11 +2802,11 @@ function searchDocs(query, limit = 5) {
 }
 
 // src/tools/sdk-search-docs.ts
-var schema27 = {
+var schema28 = {
   query: z25.string().min(2).describe('Search keyword or phrase (e.g. "infinite scroll", "webhook", "customer login")'),
   limit: z25.number().min(1).max(10).default(5).describe("Maximum results to return (1-10, default: 5)")
 };
-var metadata27 = {
+var metadata28 = {
   name: "sdk-search-docs",
   description: "Search SDK documentation by keyword. Returns matching topics with summaries and resource links. Use when looking for specific SDK features or patterns.",
   annotations: {
@@ -2447,7 +2816,7 @@ var metadata27 = {
     idempotentHint: true
   }
 };
-function handler3({
+function handler4({
   query,
   limit
 }) {
@@ -2473,7 +2842,7 @@ function handler3({
 
 // src/tools/sdk-get-auth-setup.ts
 import { z as z26 } from "zod";
-var schema28 = {
+var schema29 = {
   scenario: z26.enum([
     "browser-client",
     "server-client",
@@ -2483,7 +2852,7 @@ var schema28 = {
     "webhook-verification"
   ]).describe("Authentication scenario")
 };
-var metadata28 = {
+var metadata29 = {
   name: "sdk-get-auth-setup",
   description: "Get the current authentication setup for a specific scenario. Returns env var names, code snippets, and security notes.",
   annotations: {
@@ -2622,7 +2991,7 @@ export async function POST(request: Request) {
     ]
   }
 };
-function handler4({
+function handler5({
   scenario
 }) {
   try {
@@ -2638,13 +3007,13 @@ function handler4({
 
 // src/tools/sdk-get-collection-pattern.ts
 import { z as z27 } from "zod";
-import { COLLECTIONS as COLLECTIONS4 } from "@01.software/sdk";
-var schema29 = {
-  collection: z27.enum(COLLECTIONS4).describe("Collection name"),
+import { COLLECTIONS, SERVER_COLLECTIONS as SERVER_COLLECTIONS4 } from "@01.software/sdk";
+var schema30 = {
+  collection: z27.enum(SERVER_COLLECTIONS4).describe("Collection name"),
   operation: z27.enum(["read", "write", "full-crud"]).default("read").describe("What operations are needed"),
   surface: z27.enum(["query-builder", "react-query", "server-api"]).default("query-builder").describe("Preferred API surface")
 };
-var metadata29 = {
+var metadata30 = {
   name: "sdk-get-collection-pattern",
   description: "Get the recommended CRUD pattern for a specific collection. Returns code examples for the chosen API surface and operation type.",
   annotations: {
@@ -2655,7 +3024,15 @@ var metadata29 = {
   }
 };
 function generatePattern(collection, operation, surface) {
+  const isPublicCollection = COLLECTIONS.includes(
+    collection
+  );
   if (surface === "react-query") {
+    if (!isPublicCollection) {
+      throw new Error(
+        `${collection} is server-only. Use surface="server-api" with createServerClient().`
+      );
+    }
     const parts2 = [];
     if (operation === "read") {
       parts2.push(
@@ -2767,17 +3144,29 @@ function generatePattern(collection, operation, surface) {
   }
   const parts = [];
   if (operation === "read" || operation === "full-crud") {
-    parts.push(
-      `// Read with any client (Client or ServerClient)`,
-      `const result = await client.collections.from('${collection}').find({`,
-      `  where: { status: { equals: 'published' } },`,
-      `  limit: 10,`,
-      `  sort: '-createdAt'`,
-      `})`,
-      ``,
-      `const item = await client.collections.from('${collection}').findById(id)`,
-      `const { totalDocs } = await client.collections.from('${collection}').count()`
-    );
+    if (isPublicCollection) {
+      parts.push(
+        `// Read with any client (Client or ServerClient)`,
+        `const result = await client.collections.from('${collection}').find({`,
+        `  where: { status: { equals: 'published' } },`,
+        `  limit: 10,`,
+        `  sort: '-createdAt'`,
+        `})`,
+        ``,
+        `const item = await client.collections.from('${collection}').findById(id)`,
+        `const { totalDocs } = await client.collections.from('${collection}').count()`
+      );
+    } else {
+      parts.push(
+        `// Server-only collection: use ServerClient`,
+        `const result = await serverClient.collections.from('${collection}').find({`,
+        `  limit: 10,`,
+        `  sort: '-createdAt'`,
+        `})`,
+        ``,
+        `const item = await serverClient.collections.from('${collection}').findById(id)`
+      );
+    }
   }
   if (operation === "write" || operation === "full-crud") {
     parts.push(
@@ -2792,11 +3181,12 @@ function generatePattern(collection, operation, surface) {
     code: parts.join("\n"),
     notes: [
       "Query Builder works with both Client and ServerClient for reads",
+      !isPublicCollection ? "This collection is server-only" : "",
       operation !== "read" ? "Write operations require ServerClient" : ""
     ].filter(Boolean)
   };
 }
-function handler5({
+function handler6({
   collection,
   operation,
   surface
@@ -2825,13 +3215,13 @@ function handler5({
 
 // src/prompts/sdk-usage-guide.ts
 import { z as z28 } from "zod";
-var schema30 = {
+var schema31 = {
   goal: z28.string().describe('What the user wants to accomplish (e.g., "query product list", "create order")'),
   runtime: z28.enum(["browser", "server"]).optional().describe("Target runtime: browser (React/Next.js client) or server (Node.js)"),
   surface: z28.enum(["query-builder", "react-query", "customer-api", "server-api"]).optional().describe("Preferred API surface"),
   collection: z28.string().optional().describe("Specific collection if relevant")
 };
-var metadata30 = {
+var metadata31 = {
   name: "sdk-usage-guide",
   title: "SDK Usage Guide",
   description: "Provides guidance on how to perform a specific task using the 01.software SDK",
@@ -2969,13 +3359,13 @@ You can perform the "${goal}" task by following the patterns above.`;
 
 // src/prompts/collection-query-help.ts
 import { z as z29 } from "zod";
-import { COLLECTIONS as COLLECTIONS5 } from "@01.software/sdk";
-var schema31 = {
-  collection: z29.enum(COLLECTIONS5).describe("Collection name"),
+import { COLLECTIONS as COLLECTIONS2, SERVER_COLLECTIONS as SERVER_COLLECTIONS5 } from "@01.software/sdk";
+var schema32 = {
+  collection: z29.enum(SERVER_COLLECTIONS5).describe("Collection name"),
   operation: z29.enum(["find", "create", "update", "delete"]).describe("Operation to perform (find, create, update, delete)"),
   filters: z29.string().optional().describe("Filter conditions (JSON string, optional)")
 };
-var metadata31 = {
+var metadata32 = {
   name: "collection-query-help",
   title: "Collection Query Help",
   description: "Provides guidance on how to write queries for a specific collection",
@@ -2992,6 +3382,11 @@ Filter conditions:
 \`\`\`json
 ${filters}
 \`\`\`` : "";
+  const isPublicCollection = COLLECTIONS2.includes(
+    collection
+  );
+  const readClientName = isPublicCollection ? "client" : "serverClient";
+  const readClientNote = isPublicCollection ? "Client or ServerClient" : "ServerClient only";
   return `How to perform "${operation}" operation on "${collection}" collection:${filterExample}
 
 ## Collection: ${collection}
@@ -3002,26 +3397,26 @@ ${filters}
 \`\`\`typescript
 import { createClient, createServerClient } from '@01.software/sdk'
 
-// Client (read-only)
+// Client (read-only public collections)
 const client = createClient({
   publishableKey: process.env.NEXT_PUBLIC_SOFTWARE_PUBLISHABLE_KEY!
 })
 
-// Server client (full CRUD)
+// Server client (server/public collections, full CRUD)
 const serverClient = createServerClient({
   publishableKey: process.env.SOFTWARE_PUBLISHABLE_KEY!,
   secretKey: process.env.SOFTWARE_SECRET_KEY!
 })
 
-${operation === "find" ? `// Query ${collection} collection with Query Builder
+${operation === "find" ? `// Query ${collection} collection with Query Builder (${readClientNote})
 // find() returns PayloadFindResponse with docs array and pagination
-const result = await client.collections.from('${collection}').find(${filters ? `{
+const result = await ${readClientName}.collections.from('${collection}').find(${filters ? `{
   where: ${filters}
 }` : ""})
 // result.docs - array of items
 // result.totalDocs, result.page, result.totalPages, result.hasNextPage, ...
 
-// Using React Hook
+${isPublicCollection ? `// Using React Hook
 const { data, isLoading, error } = client.query.useQuery({
   collection: '${collection}',
   options: { limit: 10 }
@@ -3031,19 +3426,19 @@ const { data, isLoading, error } = client.query.useQuery({
 const { data } = client.query.useSuspenseQuery({
   collection: '${collection}',
   options: { limit: 10 }
-})` : operation === "create" ? `// Create ${collection} item (ServerClient only)
+})` : `// React hooks are browser/public only and do not support '${collection}'.`}` : operation === "create" ? `// Create ${collection} item (ServerClient only)
 // create() returns PayloadMutationResponse with doc and message
-const result = await serverClient.from('${collection}').create({
+const result = await serverClient.collections.from('${collection}').create({
   // Enter fields
 })
 // result.doc - created item, result.message` : operation === "update" ? `// Update ${collection} item (ServerClient only)
 // update() returns PayloadMutationResponse with doc and message
-const result = await serverClient.from('${collection}').update(id, {
+const result = await serverClient.collections.from('${collection}').update(id, {
   // Fields to update
 })
 // result.doc - updated item, result.message` : `// Delete ${collection} item (ServerClient only)
 // remove() returns the deleted document directly
-await serverClient.from('${collection}').remove(id)`}
+await serverClient.collections.from('${collection}').remove(id)`}
 \`\`\`
 
 ### Useful Tips
@@ -3051,7 +3446,7 @@ await serverClient.from('${collection}').remove(id)`}
 ${operation === "find" ? `- Use \`where\` option for filtering (Payload query syntax)
 - Use \`limit\` and \`page\` for pagination
 - Use \`sort\` for sorting (prefix with "-" for descending)
-- React Query hooks: useQuery, useSuspenseQuery, useInfiniteQuery
+- ${isPublicCollection ? "React Query hooks: useQuery, useSuspenseQuery, useInfiniteQuery" : "React Query hooks are browser/public only; use ServerClient for this collection"}
 - Cache utilities: invalidateQueries, prefetchQuery, getQueryData, setQueryData` : operation === "create" ? `- Requires ServerClient with secretKey
 - Check required fields
 - TypeScript recommended for type safety` : operation === "update" ? `- Requires ServerClient with secretKey
@@ -3063,7 +3458,7 @@ ${operation === "find" ? `- Use \`where\` option for filtering (Payload query sy
 
 // src/prompts/order-flow-guide.ts
 import { z as z30 } from "zod";
-var schema32 = {
+var schema33 = {
   scenario: z30.enum([
     "simple-order",
     "cart-checkout",
@@ -3071,7 +3466,7 @@ var schema32 = {
     "fulfillment-tracking"
   ]).describe("Order flow scenario")
 };
-var metadata32 = {
+var metadata33 = {
   name: "order-flow-guide",
   title: "Order Flow Guide",
   description: "Provides step-by-step guidance for ecommerce order flows including creation, checkout, returns, and fulfillment.",
@@ -3257,7 +3652,7 @@ ${SCENARIOS[scenario] || "Unknown scenario."}
 
 // src/prompts/feature-setup-guide.ts
 import { z as z31 } from "zod";
-var schema33 = {
+var schema34 = {
   feature: z31.enum([
     "ecommerce",
     "customers",
@@ -3273,10 +3668,10 @@ var schema33 = {
     "community"
   ]).describe("Feature to get setup guide for")
 };
-var metadata33 = {
+var metadata34 = {
   name: "feature-setup-guide",
   title: "Feature Setup Guide",
-  description: "Setup checklist and remediation guide for a tenant feature. Load before using get-tenant-context to diagnose setup gaps.",
+  description: "Setup checklist and remediation guide for a tenant feature. Load with check-feature-progress and get-tenant-context to diagnose setup gaps.",
   role: "assistant"
 };
 var FEATURES = {
@@ -3287,7 +3682,7 @@ var FEATURES = {
 ### Required Collections (count > 0)
 
 1. **products** \u2014 Create via Console UI or SDK \`client.collections.from('products').create({ ... })\`
-   - Minimum fields: \`{ title, slug, status: 'published', _status: 'published' }\`
+   - Minimum fields: \`{ title, slug, status: 'published' }\`
 
 2. **product-variants** \u2014 At least 1 sellable variant per product
    - Minimum fields: \`{ product, title, price, stock }\`
@@ -3306,6 +3701,7 @@ product-options, product-option-values, product-categories, product-tags, produc
 ### Config
 
 - **Webhook URL** must be configured in tenant settings for payment gateway callbacks
+- Use \`check-feature-progress\` for the tenant-aware ecommerce progress check
 - Use \`get-tenant-context\` to check current webhook configuration`,
   customers: `## Customers Setup Guide
 
@@ -3320,7 +3716,8 @@ customer-addresses
 
 ### Optional Collections
 
-customer-groups \u2014 Create via Console UI or SDK \`client.collections.from('customer-groups').create({ title })\`
+- customer-groups \u2014 Console/server-scoped segmentation for VIP coupons and campaigns. Use \`createServerClient().collections.from('customer-groups')\`.
+- customer-profile-lists \u2014 Public profile display/ranking lists for storefronts. Browser reads may use \`client.collections.from('customer-profile-lists')\`.
 
 ### Config
 
@@ -3331,10 +3728,10 @@ customer-groups \u2014 Create via Console UI or SDK \`client.collections.from('c
 ### Required Collections (count > 0)
 
 1. **articles** \u2014 At least 1 article
-   - Minimum fields: \`{ title, slug }\`
+   - Minimum fields: \`{ title, slug, status: 'published' }\`
 
 2. **article-authors** \u2014 At least 1 author
-   - Minimum fields: \`{ title, slug }\`
+   - Minimum fields: \`{ title, slug, status: 'published' }\`
    - Link authors to articles via the \`authors\` relationship field
 
 ### Optional Collections
@@ -3349,7 +3746,7 @@ article-categories, article-tags`,
 
 2. **document-types** \u2014 At least 1 type
    - Minimum fields: \`{ title, slug }\`
-   - Link document type via \`documentType\` relationship field
+   - Link document type via \`type\` relationship field
 
 ### Optional Collections
 
@@ -3359,10 +3756,10 @@ document-categories`,
 ### Required Collections (count > 0)
 
 1. **playlists** \u2014 At least 1 playlist
-   - Minimum fields: \`{ title, slug, status: 'published', _status: 'published' }\`
+   - Minimum fields: \`{ title, slug, status: 'published' }\`
 
 2. **tracks** \u2014 At least 1 track
-   - Minimum fields: \`{ title, sourceUrl, status: 'published', _status: 'published' }\`
+   - Minimum fields: \`{ title, sourceUrl, status: 'published' }\`
 
 3. **playlists.tracks** \u2014 Link at least 1 track from a playlist
    - Minimum fields: \`{ tracks: [trackId] }\`
@@ -3375,11 +3772,11 @@ playlist-categories, playlist-tags, track-categories, track-tags, track-assets`,
 ### Required Collections (count > 0)
 
 1. **galleries** \u2014 At least 1 gallery
-   - Minimum fields: \`{ title, slug, status: 'published', _status: 'published' }\`
+   - Minimum fields: \`{ title, slug, status: 'published' }\`
 
 2. **gallery-items** \u2014 At least 1 item per gallery
    - References \`images\` collection (non-upload)
-   - Minimum fields: \`{ gallery, image, _status: 'published' }\`
+   - Minimum fields: \`{ gallery, image, status: 'published' }\`
 
 ### Optional Collections
 
@@ -3389,7 +3786,7 @@ gallery-categories, gallery-tags`,
 ### Required Collections (count > 0)
 
 1. **links** \u2014 At least 1 link
-   - Minimum fields: \`{ title, slug, url, status: 'published', _status: 'published' }\`
+   - Minimum fields: \`{ title, slug, url, status: 'published' }\`
 
 ### Optional Collections
 
@@ -3461,32 +3858,36 @@ comments, reactions, bookmarks, reports, community-bans
 
 ### Optional Collections
 
-post-categories`
+post-categories, customer-profile-lists`
 };
-function featureSetupGuide({ feature }) {
+function featureSetupGuide({
+  feature
+}) {
   return `# Feature Setup Guide: ${feature}
 
 ${FEATURES[feature] || "Unknown feature."}
 
 ## Related MCP Tools
+- \`check-feature-progress\` \u2014 run the tenant-aware ecommerce implementation progress check
 - \`get-tenant-context\` \u2014 check current collection counts and feature status
 - \`query-collection\` \u2014 verify existing documents in a collection
 - \`get-collection-schema\` \u2014 inspect tenant-aware fields before creating data via SDK or Console UI`;
 }
 
 // src/resources/(config)/app.ts
-var metadata34 = {
+var metadata35 = {
   name: "app-config",
   title: "Application Config",
   description: "01.software SDK and MCP server configuration information"
 };
-function handler6() {
+function handler7() {
   return `# 01.software MCP Server Configuration
 
 ## Server Info
 - **Name**: 01.software MCP Server
 - **Version**: 0.1.0
-- **Transport**: HTTP (Streamable)
+- **Hosted transport**: HTTP (Streamable)
+- **Local transport**: stdio through \`npx @01.software/cli mcp\`
 
 ## Authentication
 
@@ -3497,48 +3898,16 @@ HTTP MCP uses OAuth discovery and Authorization Code + PKCE.
 url = "https://mcp.01.software/mcp"
 \`\`\`
 
-## Available Tools (29)
-
-> Generic write tools (create/update/delete/update-many/delete-many) are intentionally absent. Use the dedicated workflow tools below or the SDK (\`client.collections.from(slug).create()\` / \`update()\` / \`remove()\` / \`updateMany()\` / \`removeMany()\`) for stateful mutations.
-
-### Generic Read (2)
-- \`query-collection\` - Query collection with filters, pagination, sorting
-- \`get-collection-by-id\` - Get single item by ID
-
-### Orders (7)
-- \`create-order\` - Create a new order with products and shipping
-- \`get-order\` - Get order details by order number
-- \`update-order\` - Update order status
-- \`checkout\` - Convert cart to order
-- \`create-fulfillment\` - Create fulfillment for order items
-- \`update-fulfillment\` - Update fulfillment status, carrier, and tracking
-- \`update-transaction\` - Update transaction status
+## Hosted HTTP OAuth Tools (9)
 
-### Returns (3)
-- \`create-return\` - Create a return request
-- \`update-return\` - Update return status
-- \`return-with-refund\` - Process return with refund atomically
-
-### Cart (6)
-- \`add-cart-item\` - Add item to cart
-- \`update-cart-item\` - Update cart item quantity
-- \`remove-cart-item\` - Remove item from cart
-- \`apply-discount\` - Apply discount code to cart
-- \`remove-discount\` - Remove discount from cart
-- \`clear-cart\` - Remove all items from cart
-
-### Validation (2)
-- \`validate-discount\` - Validate discount code
-- \`calculate-shipping\` - Calculate shipping fee
-
-### Product (1)
-- \`stock-check\` - Check product option stock availability
+The hosted HTTP MCP endpoint at https://mcp.01.software/mcp exposes only these OAuth-safe tools:
 
 ### Schema (1)
 - \`get-collection-schema\` - Get authoritative tenant-aware collection schema
 
-### Tenant Context (1)
+### Tenant Context (2)
 - \`get-tenant-context\` - Get tenant features, active collections, and field config
+- \`check-feature-progress\` - Check ecommerce implementation progress without mutating tenant data
 
 ### Field Config (2)
 - \`list-configurable-fields\` - List configurable fields and current hidden state
@@ -3550,6 +3919,16 @@ url = "https://mcp.01.software/mcp"
 - \`sdk-get-auth-setup\` - Get framework-specific auth setup guidance
 - \`sdk-get-collection-pattern\` - Get collection-specific usage patterns
 
+## Local CLI Stdio Surface (30)
+
+For trusted local server-key workflows, start the stdio server:
+
+\`\`\`bash
+npx @01.software/cli mcp
+\`\`\`
+
+Local stdio can expose generic read, order, return, cart, validation, stock, schema, tenant context, feature progress, field config, and guidance tools. Generic collection write tools (create/update/delete/update-many/delete-many) are intentionally absent on every transport; use the SDK server client for generic writes.
+
 ## Rate Limits
 
 Rate limits depend on your tenant plan:
@@ -3561,8 +3940,8 @@ Rate limits depend on your tenant plan:
 }
 
 // src/resources/(collections)/schema.ts
-import { COLLECTIONS as COLLECTIONS6 } from "@01.software/sdk";
-var metadata35 = {
+import { COLLECTIONS as COLLECTIONS3 } from "@01.software/sdk";
+var metadata36 = {
   name: "collections-schema",
   title: "Collection Schema Info",
   description: "Available collections and their schema information"
@@ -3590,13 +3969,18 @@ var COLLECTIONS_BY_CATEGORY = {
   Customers: [
     "customers",
     "customer-profiles",
-    "customer-addresses",
-    "customer-groups"
+    "customer-profile-lists",
+    "customer-addresses"
   ],
   Carts: ["carts", "cart-items"],
   "Discounts & Promotions": ["discounts", "promotions"],
   Documents: ["documents", "document-categories", "document-types"],
-  Articles: ["articles", "article-authors", "article-categories", "article-tags"],
+  Articles: [
+    "articles",
+    "article-authors",
+    "article-categories",
+    "article-tags"
+  ],
   Community: [
     "posts",
     "comments",
@@ -3615,7 +3999,12 @@ var COLLECTIONS_BY_CATEGORY = {
     "track-categories",
     "track-tags"
   ],
-  Galleries: ["galleries", "gallery-items", "gallery-categories", "gallery-tags"],
+  Galleries: [
+    "galleries",
+    "gallery-items",
+    "gallery-categories",
+    "gallery-tags"
+  ],
   Links: ["links", "link-categories", "link-tags"],
   Canvas: [
     "canvases",
@@ -3638,9 +4027,9 @@ var COLLECTIONS_BY_CATEGORY = {
     "event-tags"
   ]
 };
-function handler7() {
+function handler8() {
   const categoryDocs = Object.entries(COLLECTIONS_BY_CATEGORY).map(([category, collections]) => {
-    const collectionList = collections.filter((c) => COLLECTIONS6.includes(c)).map((c) => `- **${c}**`).join("\n");
+    const collectionList = collections.filter((c) => COLLECTIONS3.includes(c)).map((c) => `- **${c}**`).join("\n");
     return `## ${category}
 ${collectionList}`;
   }).join("\n\n");
@@ -3661,8 +4050,9 @@ Each collection supports the following operations:
 - \`updateMany(where, data)\` - Bulk update items matching filter
 - \`removeMany(where)\` - Bulk delete items matching filter
 
-Draft-enabled public collections expose only \`_status: 'published'\` rows to
-publishable-key reads unless server-side access explicitly includes drafts.
+Status-managed public collections expose only \`status: 'published'\` rows to
+publishable-key reads unless server-side access explicitly includes
+unpublished statuses.
 
 ## Query Examples
 
@@ -3685,16 +4075,16 @@ publishable-key reads unless server-side access explicitly includes drafts.
 }
 \`\`\`
 
-Total available collections: ${COLLECTIONS6.length}`;
+Total available collections: ${COLLECTIONS3.length}`;
 }
 
 // src/resources/(docs)/getting-started.ts
-var metadata36 = {
+var metadata37 = {
   name: "docs-getting-started",
   title: "Getting Started",
   description: "01.software SDK getting started guide"
 };
-function handler8() {
+function handler9() {
   return `# Getting Started
 
 A guide to getting started with the 01.software SDK.
@@ -3728,18 +4118,18 @@ const result = await client.collections.from('products').find({
 
 ## Next Steps
 
-- [Quick Start](/docs/getting-started/quick-start) - Get started in 5 minutes
-- [Configuration](/docs/getting-started/configuration) - Detailed configuration options
-- [API Reference](/docs/api) - Full API documentation`;
+- [SDK Guide](/developers/sdk) - Install and query workspace content
+- [Authentication & Keys](/developers/authentication) - Choose the right key for each surface
+- [API](/developers/api) - Use the HTTP API when SDKs are not a fit`;
 }
 
 // src/resources/(docs)/guides.ts
-var metadata37 = {
+var metadata38 = {
   name: "docs-guides",
   title: "Guides",
   description: "01.software SDK usage guides"
 };
-function handler9() {
+function handler10() {
   return `# Guides
 
 Comprehensive guides to master the 01.software SDK.
@@ -3941,16 +4331,16 @@ Payload query syntax operators:
 
 For ecommerce collections, \`products.listing.*\` is the browse/search projection. Authoritative sellable price and stock remain on \`product-variants\`.
 
-For more detailed guides, see the [Guides page](/docs/guides).`;
+For more implementation guidance, see the [SDK Guide](/developers/sdk).`;
 }
 
 // src/resources/(docs)/api.ts
-var metadata38 = {
+var metadata39 = {
   name: "docs-api",
   title: "API Reference",
   description: "01.software SDK API reference documentation"
 };
-function handler10() {
+function handler11() {
   return `# API Reference
 
 Comprehensive documentation for all methods and types in the 01.software SDK.
@@ -4227,16 +4617,16 @@ client.customer.isAuthenticated()  // Check auth status
 client.customer.logout()           // Clear token
 \`\`\`
 
-For more details, see the [full API documentation](/docs/api).`;
+For more details, see the [API documentation](/developers/api).`;
 }
 
 // src/resources/(docs)/query-builder.ts
-var metadata39 = {
+var metadata40 = {
   name: "docs-query-builder",
   title: "Query Builder",
   description: "01.software SDK Query Builder API reference (client.collections.from)"
 };
-function handler11() {
+function handler12() {
   return `# Query Builder API
 
 The Query Builder provides a fluent interface for querying collections via \`client.collections.from(collection)\`.
@@ -4425,12 +4815,12 @@ console.log(result.hasNextPage) // true
 }
 
 // src/resources/(docs)/react-query.ts
-var metadata40 = {
+var metadata41 = {
   name: "docs-react-query",
   title: "React Query Hooks",
   description: "01.software SDK React Query hooks reference (client.query)"
 };
-function handler12() {
+function handler13() {
   return `# React Query Hooks
 
 React Query hooks are available on the browser-side \`Client\` via \`client.query\`. They provide automatic caching, background refetching, and cache invalidation.
@@ -4673,12 +5063,12 @@ export function ProductList() {
 }
 
 // src/resources/(docs)/server-api.ts
-var metadata41 = {
+var metadata42 = {
   name: "docs-server-api",
   title: "Server-side API",
   description: "01.software SDK server-side API reference (client.commerce) for orders, fulfillments, returns, carts, and validation"
 };
-function handler13() {
+function handler14() {
   return `# Server-side API
 
 Server-side operations are available via \`client.commerce\` on \`ServerClient\`. Use \`createServerClient\` with both \`publishableKey\` and \`secretKey\`.
@@ -4935,12 +5325,12 @@ const result = await client.commerce.shipping.calculate({
 }
 
 // src/resources/(docs)/customer-auth.ts
-var metadata42 = {
+var metadata43 = {
   name: "docs-customer-auth",
   title: "Customer Auth API",
   description: "01.software SDK Customer Auth API reference (client.customer)"
 };
-function handler14() {
+function handler15() {
   return `# Customer Auth API
 
 Customer authentication and profile management is available via \`client.customer\` on the browser-side \`Client\`.
@@ -5113,12 +5503,12 @@ async function loadProfile() {
 }
 
 // src/resources/(docs)/browser-vs-server.ts
-var metadata43 = {
+var metadata44 = {
   name: "docs-browser-vs-server",
   title: "Client vs ServerClient",
   description: "When to use Client (createClient) vs ServerClient (createServerClient) in the 01.software SDK"
 };
-function handler15() {
+function handler16() {
   return `# Client vs ServerClient
 
 The SDK provides two client types for different execution environments.
@@ -5272,12 +5662,12 @@ export function ProductList() {
 }
 
 // src/resources/(docs)/file-upload.ts
-var metadata44 = {
+var metadata45 = {
   name: "docs-file-upload",
   title: "File Upload",
   description: "01.software SDK file upload patterns using the images collection"
 };
-function handler16() {
+function handler17() {
   return `# File Upload
 
 Upload files using the \`images\` collection (tenant-scoped, unified image store) or \`system-media\` (global, non-tenant).
@@ -5423,12 +5813,12 @@ The platform stores files in Cloudflare R2 and serves via CDN (\`cdn.01.software
 }
 
 // src/resources/(docs)/webhook.ts
-var metadata45 = {
+var metadata46 = {
   name: "docs-webhook",
   title: "Webhooks",
   description: "01.software SDK webhook verification and event handling"
 };
-function handler17() {
+function handler18() {
   return `# Webhooks
 
 The platform dispatches HMAC-SHA256 signed webhook events to your registered URLs. Tenant developers own routing inside their webhook handler.
@@ -5538,7 +5928,7 @@ Configure webhook URLs in the 01.software console under Tenant Settings > Webhoo
 
 // src/server.ts
 var REGISTERED_TOOLS_BY_SERVER = /* @__PURE__ */ new WeakMap();
-function registerTool(server, schema34, meta, handler18) {
+function registerTool(server, schema35, meta, handler19) {
   let registered = REGISTERED_TOOLS_BY_SERVER.get(server);
   if (!registered) {
     registered = /* @__PURE__ */ new Set();
@@ -5549,7 +5939,7 @@ function registerTool(server, schema34, meta, handler18) {
     meta.name,
     {
       description: meta.description,
-      inputSchema: schema34,
+      inputSchema: schema35,
       annotations: meta.annotations
     },
     // eslint-disable-next-line @typescript-eslint/no-explicit-any
@@ -5573,31 +5963,48 @@ function registerTool(server, schema34, meta, handler18) {
           };
         }
       }
-      const result = await handler18(params);
-      return { content: [{ type: "text", text: result }] };
+      const activeSummary = currentMcpTelemetrySummary();
+      const ownSummary = activeSummary || hasRequestContext() ? null : createMcpTelemetrySummary("stdio");
+      const summary = activeSummary ?? ownSummary;
+      let result = null;
+      try {
+        result = await handler19(params);
+        return { content: [{ type: "text", text: result }] };
+      } finally {
+        if (summary) {
+          recordMcpToolResult({
+            resultText: result,
+            summary,
+            toolName: meta.name
+          });
+        }
+        if (ownSummary) {
+          void flushMcpTelemetrySummary(ownSummary);
+        }
+      }
     }
   );
 }
-function registerPrompt(server, schema34, meta, handler18) {
+function registerPrompt(server, schema35, meta, handler19) {
   server.registerPrompt(
     meta.name,
     {
       title: meta.title,
       description: meta.description,
-      argsSchema: schema34
+      argsSchema: schema35
     },
     // eslint-disable-next-line @typescript-eslint/no-explicit-any
     (params) => ({
       messages: [
         {
           role: meta.role ?? "assistant",
-          content: { type: "text", text: handler18(params) }
+          content: { type: "text", text: handler19(params) }
         }
       ]
     })
   );
 }
-function registerStaticResource(server, uri, meta, handler18) {
+function registerStaticResource(server, uri, meta, handler19) {
   server.registerResource(
     meta.name,
     uri,
@@ -5607,7 +6014,7 @@ function registerStaticResource(server, uri, meta, handler18) {
       mimeType: meta.mimeType ?? "text/plain"
     },
     async (url) => ({
-      contents: [{ uri: url.href, text: handler18() }]
+      contents: [{ uri: url.href, text: handler19() }]
     })
   );
 }
@@ -5618,52 +6025,238 @@ function createServer(options = {}) {
     version: "0.1.0"
   });
   if (toolSurface === "full") {
-    registerTool(server, schema, metadata, queryCollection);
-    registerTool(server, schema2, metadata2, getCollectionById);
+    registerTool(
+      server,
+      schema,
+      metadata,
+      queryCollection
+    );
+    registerTool(
+      server,
+      schema2,
+      metadata2,
+      getCollectionById
+    );
     registerTool(server, schema3, metadata3, getOrder);
     registerTool(server, schema4, metadata4, createOrder);
     registerTool(server, schema5, metadata5, updateOrder);
     registerTool(server, schema6, metadata6, checkout);
-    registerTool(server, schema7, metadata7, createFulfillment);
-    registerTool(server, schema8, metadata8, updateFulfillment);
-    registerTool(server, schema9, metadata9, updateTransaction);
-    registerTool(server, schema10, metadata10, createReturn);
-    registerTool(server, schema11, metadata11, updateReturn);
-    registerTool(server, schema12, metadata12, returnWithRefund);
+    registerTool(
+      server,
+      schema7,
+      metadata7,
+      createFulfillment
+    );
+    registerTool(
+      server,
+      schema8,
+      metadata8,
+      updateFulfillment
+    );
+    registerTool(
+      server,
+      schema9,
+      metadata9,
+      updateTransaction
+    );
+    registerTool(
+      server,
+      schema10,
+      metadata10,
+      createReturn
+    );
+    registerTool(
+      server,
+      schema11,
+      metadata11,
+      updateReturn
+    );
+    registerTool(
+      server,
+      schema12,
+      metadata12,
+      returnWithRefund
+    );
     registerTool(server, schema13, metadata13, addCartItem);
-    registerTool(server, schema14, metadata14, updateCartItem);
-    registerTool(server, schema15, metadata15, removeCartItem);
-    registerTool(server, schema16, metadata16, applyDiscount);
-    registerTool(server, schema17, metadata17, removeDiscount);
+    registerTool(
+      server,
+      schema14,
+      metadata14,
+      updateCartItem
+    );
+    registerTool(
+      server,
+      schema15,
+      metadata15,
+      removeCartItem
+    );
+    registerTool(
+      server,
+      schema16,
+      metadata16,
+      applyDiscount
+    );
+    registerTool(
+      server,
+      schema17,
+      metadata17,
+      removeDiscount
+    );
     registerTool(server, schema18, metadata18, clearCart);
-    registerTool(server, schema19, metadata19, validateDiscount);
-    registerTool(server, schema20, metadata20, calculateShipping);
+    registerTool(
+      server,
+      schema19,
+      metadata19,
+      validateDiscount
+    );
+    registerTool(
+      server,
+      schema20,
+      metadata20,
+      calculateShipping
+    );
     registerTool(server, schema21, metadata21, stockCheck);
   }
-  registerTool(server, schema22, metadata22, getCollectionSchemaTool);
-  registerTool(server, schema23, metadata23, handler);
-  registerTool(server, schema24, metadata24, listConfigurableFields);
-  registerTool(server, schema25, metadata25, updateFieldConfig);
-  registerTool(server, schema26, metadata26, handler2);
-  registerTool(server, schema27, metadata27, handler3);
-  registerTool(server, schema28, metadata28, handler4);
-  registerTool(server, schema29, metadata29, handler5);
-  registerPrompt(server, schema30, metadata30, sdkUsageGuide);
-  registerPrompt(server, schema31, metadata31, collectionQueryHelp);
-  registerPrompt(server, schema32, metadata32, orderFlowGuide);
-  registerPrompt(server, schema33, metadata33, featureSetupGuide);
-  registerStaticResource(server, "config://app", metadata34, handler6);
-  registerStaticResource(server, "collections://schema", metadata35, handler7);
-  registerStaticResource(server, "docs://sdk/getting-started", metadata36, handler8);
-  registerStaticResource(server, "docs://sdk/guides", metadata37, handler9);
-  registerStaticResource(server, "docs://sdk/api", metadata38, handler10);
-  registerStaticResource(server, "docs://sdk/query-builder", metadata39, handler11);
-  registerStaticResource(server, "docs://sdk/react-query", metadata40, handler12);
-  registerStaticResource(server, "docs://sdk/server-api", metadata41, handler13);
-  registerStaticResource(server, "docs://sdk/customer-auth", metadata42, handler14);
-  registerStaticResource(server, "docs://sdk/browser-vs-server", metadata43, handler15);
-  registerStaticResource(server, "docs://sdk/file-upload", metadata44, handler16);
-  registerStaticResource(server, "docs://sdk/webhook", metadata45, handler17);
+  registerTool(
+    server,
+    schema22,
+    metadata22,
+    getCollectionSchemaTool
+  );
+  registerTool(
+    server,
+    schema23,
+    metadata23,
+    handler
+  );
+  registerTool(
+    server,
+    schema24,
+    metadata24,
+    handler2
+  );
+  registerTool(
+    server,
+    schema25,
+    metadata25,
+    listConfigurableFields
+  );
+  registerTool(
+    server,
+    schema26,
+    metadata26,
+    updateFieldConfig
+  );
+  registerTool(
+    server,
+    schema27,
+    metadata27,
+    handler3
+  );
+  registerTool(
+    server,
+    schema28,
+    metadata28,
+    handler4
+  );
+  registerTool(
+    server,
+    schema29,
+    metadata29,
+    handler5
+  );
+  registerTool(
+    server,
+    schema30,
+    metadata30,
+    handler6
+  );
+  registerPrompt(
+    server,
+    schema31,
+    metadata31,
+    sdkUsageGuide
+  );
+  registerPrompt(
+    server,
+    schema32,
+    metadata32,
+    collectionQueryHelp
+  );
+  registerPrompt(
+    server,
+    schema33,
+    metadata33,
+    orderFlowGuide
+  );
+  registerPrompt(
+    server,
+    schema34,
+    metadata34,
+    featureSetupGuide
+  );
+  registerStaticResource(
+    server,
+    "config://app",
+    metadata35,
+    handler7
+  );
+  registerStaticResource(
+    server,
+    "collections://schema",
+    metadata36,
+    handler8
+  );
+  registerStaticResource(
+    server,
+    "docs://sdk/getting-started",
+    metadata37,
+    handler9
+  );
+  registerStaticResource(server, "docs://sdk/guides", metadata38, handler10);
+  registerStaticResource(server, "docs://sdk/api", metadata39, handler11);
+  registerStaticResource(
+    server,
+    "docs://sdk/query-builder",
+    metadata40,
+    handler12
+  );
+  registerStaticResource(
+    server,
+    "docs://sdk/react-query",
+    metadata41,
+    handler13
+  );
+  registerStaticResource(
+    server,
+    "docs://sdk/server-api",
+    metadata42,
+    handler14
+  );
+  registerStaticResource(
+    server,
+    "docs://sdk/customer-auth",
+    metadata43,
+    handler15
+  );
+  registerStaticResource(
+    server,
+    "docs://sdk/browser-vs-server",
+    metadata44,
+    handler16
+  );
+  registerStaticResource(
+    server,
+    "docs://sdk/file-upload",
+    metadata45,
+    handler17
+  );
+  registerStaticResource(
+    server,
+    "docs://sdk/webhook",
+    metadata46,
+    handler18
+  );
   return server;
 }
 
@@ -5676,6 +6269,9 @@ export {
   MCP_SCOPES,
   requestContext,
   mcpServicePublicJwks,
+  createMcpTelemetrySummary,
+  runWithMcpTelemetry,
+  flushMcpTelemetrySummary,
   createServer
 };
-//# sourceMappingURL=chunk-GJOQ4SE2.js.map
+//# sourceMappingURL=chunk-2ECTVUKU.js.map