@1llum1n4t1/cws-mcp 1.4.2

package/LICENSE

@@ -0,0 +1,22 @@
+MIT License
+
+Copyright (c) 2026 mikusnuz (original author)
+Copyright (c) 2026 1llum1n4t1s (fork)
+
+Permission is hereby granted, free of charge, to any person obtaining a
+copy of this software and associated documentation files (the "Software"),
+to deal in the Software without restriction, including without limitation
+the rights to use, copy, modify, merge, publish, distribute, sublicense,
+and/or sell copies of the Software, and to permit persons to whom the
+Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+DEALINGS IN THE SOFTWARE.

package/README.ko.md

@@ -0,0 +1,216 @@
+# @1llum1n4t1/cws-mcp
+
+[![npm version](https://img.shields.io/npm/v/@1llum1n4t1/cws-mcp)](https://www.npmjs.com/package/@1llum1n4t1/cws-mcp)
+
+[English](README.md)
+
+Chrome Web Store 확장 프로그램 관리를 위한 MCP 서버. Claude Code 또는 MCP 클라이언트에서 직접 크롬 확장 프로그램을 업로드, 퍼블리시, 관리할 수 있습니다.
+
+> [mikusnuz/cws-mcp](https://github.com/mikusnuz/cws-mcp)의 포크. Chrome Web Store **API V2**에 맞춰 서비스 계정 인증, 동작하는 OAuth 플로우(Google이 기존 `oob` 플로우를 제거함), 최신 MCP SDK로 갱신했습니다.
+
+## 이런 경우에 사용하세요
+
+- **"크롬 확장 프로그램 새 버전 업로드해줘"** — ZIP을 빌드하고 `upload` 도구로 초안 업데이트
+- **"확장 프로그램 Chrome Web Store에 퍼블리시해줘"** — `publish`로 리뷰 제출 및 배포
+- **"확장 프로그램 리뷰 상태 확인해줘"** — `status`로 리뷰 상태, 버전, 배포 비율 확인
+- **"확장 프로그램 메타데이터(설명, 스크린샷) 업데이트해줘"** — `update-metadata-ui`로 스토어 리스팅 수정
+- **"제출 대기 중인 거 취소해줘"** — `cancel`로 리뷰 중인 제출 철회
+- **"확장 프로그램 단계적 배포 설정해줘"** — `publish`로 단계적 배포 후 `deploy-percentage`로 비율 증가
+
+## 도구
+
+| 도구 | 설명 |
+|---|---|
+| `upload` | ZIP 파일을 Chrome Web Store에 업로드 (기존 항목 초안 업데이트) |
+| `publish` | 단계적 배포, 퍼블리시 유형, 리뷰 건너뛰기 옵션으로 확장 프로그램 퍼블리시 |
+| `status` | 리뷰 상태, 배포 비율, 버전 등 현재 상태 확인 |
+| `cancel` | 제출 대기 중인 항목 취소 |
+| `deploy-percentage` | 단계적 배포 비율 설정 (0-100, 현재 목표보다 높아야 함) |
+| `get` | DRAFT/PUBLISHED 리스팅 메타데이터 조회 (v1.1 API, 2026년 10월 지원 종료) |
+| `update-metadata` | v1.1 API로 리스팅 메타데이터 업데이트 (2026년 10월 지원 종료) |
+| `update-metadata-ui` | 대시보드 UI 자동화(Playwright)로 리스팅 메타데이터 업데이트 |
+
+## API 커버리지
+
+이 MCP 서버는 **모든 Chrome Web Store API v2 엔드포인트**를 지원합니다:
+
+| v2 엔드포인트 | MCP 도구 |
+|---|---|
+| `media.upload` | `upload` |
+| `publishers.items.publish` | `publish` |
+| `publishers.items.fetchStatus` | `status` |
+| `publishers.items.cancelSubmission` | `cancel` |
+| `publishers.items.setPublishedDeployPercentage` | `deploy-percentage` |
+
+추가로, 메타데이터 조작을 위한 v1.1 API 엔드포인트(`get`, `update-metadata`)가 제공되며, v1 지원 종료에 대비하여 대시보드 UI 자동화(`update-metadata-ui`)를 권장합니다.
+
+## 설정
+
+**서비스 계정**(권장, CI/CD에 적합) 또는 **OAuth2 refresh token** 중 하나로 인증합니다.
+
+### 방법 A — 서비스 계정 (권장)
+
+1. [Google Cloud Console](https://console.cloud.google.com/)에서 프로젝트를 생성/선택하고 **Chrome Web Store API**를 활성화합니다.
+2. **서비스 계정**을 만들고 **JSON 키**를 추가합니다 (키 → 키 추가 → 새 키 만들기 → JSON).
+3. [개발자 대시보드](https://chrome.google.com/webstore/devconsole) → **계정**에서 서비스 계정 이메일을 추가해 퍼블리셔 계정에 대한 API 접근 권한을 부여합니다.
+4. `CWS_SERVICE_ACCOUNT_KEY`에 JSON 키 **파일 경로**(또는 JSON 원문)를 설정합니다.
+
+자세한 내용은 [서비스 계정으로 Chrome Web Store API 사용하기](https://developer.chrome.com/docs/webstore/service-accounts)를 참고하세요.
+
+### 방법 B — OAuth2 Refresh Token
+
+1. [Google Cloud Console](https://console.cloud.google.com/)에서 프로젝트를 생성/선택하고 **Chrome Web Store API**를 활성화합니다.
+2. **데스크톱 앱** 유형의 **OAuth2 자격 증명**을 생성하고 **Client ID**와 **Client Secret**을 기록합니다.
+3. **loopback 리디렉션**으로 refresh token을 발급받습니다. (기존 `urn:ietf:wg:oauth:2.0:oob` 플로우는 2022년에 Google이 제거하여 더 이상 동작하지 않습니다 — 데스크톱 클라이언트는 이제 `http://localhost`를 사용합니다.)
+
+   ```bash
+   # 1. 브라우저에서 아래 URL을 열고 접근을 허용합니다:
+   #    https://accounts.google.com/o/oauth2/v2/auth?response_type=code&access_type=offline&prompt=consent&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fchromewebstore&client_id=YOUR_CLIENT_ID&redirect_uri=http://localhost:8080
+   #
+   # 2. 브라우저가 http://localhost:8080/?code=AUTH_CODE&... 로 리디렉션됩니다.
+   #    (서버 불필요 — 주소창에서 `code` 값을 복사하세요).
+   #
+   # 3. 코드를 refresh token으로 교환:
+   curl -X POST https://oauth2.googleapis.com/token \
+     -d "client_id=YOUR_CLIENT_ID" \
+     -d "client_secret=YOUR_CLIENT_SECRET" \
+     -d "code=YOUR_AUTH_CODE" \
+     -d "grant_type=authorization_code" \
+     -d "redirect_uri=http://localhost:8080"
+   ```
+
+   응답에 `refresh_token`이 포함됩니다. 데스크톱 앱 클라이언트는 `http://localhost[:PORT]` 또는 `http://127.0.0.1[:PORT]` 리디렉션을 허용합니다.
+
+### 3. MCP 설정
+
+Claude Code MCP 설정 (`~/.claude/settings.local.json`)에 추가합니다.
+
+**npm + 서비스 계정 (권장):**
+
+```json
+{
+  "mcpServers": {
+    "cws-mcp": {
+      "command": "npx",
+      "args": ["-y", "@1llum1n4t1/cws-mcp"],
+      "env": {
+        "CWS_SERVICE_ACCOUNT_KEY": "/path/to/service-account.json",
+        "CWS_PUBLISHER_ID": "me",
+        "CWS_ITEM_ID": "확장프로그램ID"
+      }
+    }
+  }
+}
+```
+
+**로컬 클론 + OAuth refresh token:**
+
+```json
+{
+  "mcpServers": {
+    "cws-mcp": {
+      "command": "node",
+      "args": ["/path/to/cws-mcp/dist/index.js"],
+      "env": {
+        "CWS_CLIENT_ID": "xxxxx.apps.googleusercontent.com",
+        "CWS_CLIENT_SECRET": "GOCSPX-xxxxx",
+        "CWS_REFRESH_TOKEN": "1//xxxxx",
+        "CWS_PUBLISHER_ID": "me",
+        "CWS_ITEM_ID": "확장프로그램ID"
+      }
+    }
+  }
+}
+```
+
+## 환경 변수
+
+**서비스 계정 키(인증 A)** 또는 **OAuth2 refresh token 3종(인증 B)** 중 하나를 제공하세요.
+
+| 변수 | 필수 | 설명 |
+|---|---|---|
+| `CWS_SERVICE_ACCOUNT_KEY` | 인증 A | 서비스 계정 JSON 키 파일 경로 또는 JSON 원문. 설정 시 OAuth보다 우선합니다. |
+| `CWS_CLIENT_ID` | 인증 B | Google OAuth2 Client ID |
+| `CWS_CLIENT_SECRET` | 인증 B | Google OAuth2 Client Secret |
+| `CWS_REFRESH_TOKEN` | 인증 B | OAuth2 Refresh Token |
+| `CWS_PUBLISHER_ID` | 아니오 | 퍼블리셔 ID (기본값: `me`) |
+| `CWS_ITEM_ID` | 아니오 | 기본 확장 프로그램 Item ID |
+| `CWS_DASHBOARD_PROFILE_DIR` | 아니오 | `update-metadata-ui`용 브라우저 프로필 경로 (기본값: `~/.cws-mcp-profile`) |
+
+## 사용 예시
+
+### 확장 프로그램 상태 확인
+```
+cws-mcp status 도구 사용
+```
+
+### 업로드 후 퍼블리시
+```
+1. cws-mcp upload (zipPath="/path/to/extension.zip")
+2. cws-mcp publish
+```
+
+### 단계적 배포로 퍼블리시
+```
+cws-mcp publish 사용:
+- publishType="STAGED_PUBLISH"
+- deployPercentage=10
+```
+
+### 리뷰 건너뛰기로 퍼블리시
+```
+cws-mcp publish에서 skipReview=true 사용
+```
+
+### 퍼블리시 없이 제목/설명 업데이트
+```
+cws-mcp update-metadata 사용:
+- title="Pexus"
+- summary="Official wallet for Plumise"
+- description="..."
+- category="productivity"
+- defaultLocale="en"
+```
+
+### 고급 메타데이터 업데이트
+```
+cws-mcp update-metadata에서 metadata 객체 전달:
+{
+  "homepageUrl": "https://plumise.com",
+  "supportUrl": "https://plug.plumise.com/docs"
+}
+```
+
+### API 반영이 안 되는 경우(UI 자동화)
+```
+cws-mcp update-metadata-ui 사용:
+- title
+- summary
+- description
+- category
+- homepageUrl
+- supportUrl
+```
+
+참고:
+- 이 도구는 Chrome Web Store 대시보드 UI를 자동 조작합니다.
+- 로그인 필요 시 `headless=false`로 1회 실행해 로그인하세요.
+- 브라우저 프로필 기본 경로: `~/.cws-mcp-profile` (`CWS_DASHBOARD_PROFILE_DIR`로 변경 가능)
+
+### 단계적 배포
+```
+1. cws-mcp publish
+2. cws-mcp deploy-percentage (percentage=10)
+3. cws-mcp deploy-percentage (percentage=50)
+4. cws-mcp deploy-percentage (percentage=100)
+```
+
+참고: `deploy-percentage`는 7일 활성 사용자 10,000명 이상인 확장 프로그램에서만 사용 가능합니다. 새 비율은 항상 현재 목표보다 높아야 합니다.
+
+## V1 API 지원 종료 안내
+
+`get`과 `update-metadata` 도구는 Chrome Web Store v1.1 API를 사용하며, **2026년 10월 15일 이후 지원이 종료**됩니다. v2 API에는 메타데이터 읽기/쓰기 엔드포인트가 없어 이 도구들이 브릿지 역할을 합니다. 장기적으로는 `update-metadata-ui` (Playwright 대시보드 자동화)를 대안으로 사용하세요.
+
+## 라이선스
+
+MIT

package/README.md

@@ -0,0 +1,217 @@
+# @1llum1n4t1/cws-mcp
+
+[![npm version](https://img.shields.io/npm/v/@1llum1n4t1/cws-mcp)](https://www.npmjs.com/package/@1llum1n4t1/cws-mcp)
+
+[한국어](README.ko.md)
+
+MCP server for Chrome Web Store extension management. Upload, publish, and manage Chrome extensions directly from Claude Code or any MCP client.
+
+> Fork of [mikusnuz/cws-mcp](https://github.com/mikusnuz/cws-mcp), updated for the Chrome Web Store **API V2**: service-account auth, a working OAuth flow (Google removed the old `oob` flow), and the latest MCP SDK.
+
+## When to Use
+
+Use this MCP when you need to:
+
+- **"Upload a new version of my Chrome extension"** — build your ZIP and use the `upload` tool to push it as a draft
+- **"Publish my extension to the Chrome Web Store"** — use `publish` to submit for review and go live
+- **"Check the review status of my extension"** — use `status` to see review state, version, and deploy percentage
+- **"Update my extension's metadata (description, screenshots)"** — use `update-metadata-ui` to change store listing details
+- **"Cancel a pending submission"** — use `cancel` to withdraw a submission under review
+- **"Set up staged rollout for my extension"** — use `publish` with staged rollout, then `deploy-percentage` to ramp up
+
+## Tools
+
+| Tool | Description |
+|---|---|
+| `upload` | Upload a ZIP file to Chrome Web Store (update existing item draft) |
+| `publish` | Publish an extension with optional staged rollout, publish type, and skip-review |
+| `status` | Fetch the current status including review state, deploy percentage, and version |
+| `cancel` | Cancel a pending submission |
+| `deploy-percentage` | Set staged rollout percentage (0-100, must exceed current target) |
+| `get` | Read draft/published listing metadata (v1.1 API, deprecated Oct 2026) |
+| `update-metadata` | Update listing metadata via v1.1 API (deprecated Oct 2026) |
+| `update-metadata-ui` | Update listing metadata via dashboard UI automation (Playwright) |
+
+## API Coverage
+
+This MCP server covers **all Chrome Web Store API v2 endpoints**:
+
+| v2 Endpoint | MCP Tool |
+|---|---|
+| `media.upload` | `upload` |
+| `publishers.items.publish` | `publish` |
+| `publishers.items.fetchStatus` | `status` |
+| `publishers.items.cancelSubmission` | `cancel` |
+| `publishers.items.setPublishedDeployPercentage` | `deploy-percentage` |
+
+Additionally, v1.1 API endpoints are available for metadata operations (`get`, `update-metadata`), with dashboard UI automation (`update-metadata-ui`) as the recommended alternative since v1 is deprecated.
+
+## Setup
+
+Authenticate with **either** a service account (recommended, ideal for CI/CD) **or** an OAuth2 refresh token.
+
+### Option A — Service Account (recommended)
+
+1. In the [Google Cloud Console](https://console.cloud.google.com/), create/select a project and enable the **Chrome Web Store API**.
+2. Create a **Service Account**, then add a **JSON key** (Keys → Add key → Create new key → JSON).
+3. In the [Developer Dashboard](https://chrome.google.com/webstore/devconsole) → **Account**, add the service account's email to grant it API access to your publisher account.
+4. Set `CWS_SERVICE_ACCOUNT_KEY` to the **path of the JSON key file** (or its raw JSON contents).
+
+See [Use a service account with the Chrome Web Store API](https://developer.chrome.com/docs/webstore/service-accounts) for details.
+
+### Option B — OAuth2 Refresh Token
+
+1. In the [Google Cloud Console](https://console.cloud.google.com/), create/select a project and enable the **Chrome Web Store API**.
+2. Create **OAuth2 credentials** of type **Desktop app**. Note the **Client ID** and **Client Secret**.
+3. Obtain a refresh token using a **loopback redirect**. (The old `urn:ietf:wg:oauth:2.0:oob` flow was removed by Google in 2022 and no longer works — desktop clients now use `http://localhost`.)
+
+   ```bash
+   # 1. Open this URL in a browser and grant access:
+   #    https://accounts.google.com/o/oauth2/v2/auth?response_type=code&access_type=offline&prompt=consent&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fchromewebstore&client_id=YOUR_CLIENT_ID&redirect_uri=http://localhost:8080
+   #
+   # 2. The browser is redirected to http://localhost:8080/?code=AUTH_CODE&...
+   #    (no server needed — just copy the `code` value from the address bar).
+   #
+   # 3. Exchange the code for a refresh token:
+   curl -X POST https://oauth2.googleapis.com/token \
+     -d "client_id=YOUR_CLIENT_ID" \
+     -d "client_secret=YOUR_CLIENT_SECRET" \
+     -d "code=YOUR_AUTH_CODE" \
+     -d "grant_type=authorization_code" \
+     -d "redirect_uri=http://localhost:8080"
+   ```
+
+   The response contains your `refresh_token`. Any `http://localhost[:PORT]` or `http://127.0.0.1[:PORT]` redirect is accepted for Desktop-app clients.
+
+### 3. Configure MCP
+
+Add to your Claude Code MCP settings (`~/.claude/settings.local.json`).
+
+**Via npm with a service account (recommended):**
+
+```json
+{
+  "mcpServers": {
+    "cws-mcp": {
+      "command": "npx",
+      "args": ["-y", "@1llum1n4t1/cws-mcp"],
+      "env": {
+        "CWS_SERVICE_ACCOUNT_KEY": "/path/to/service-account.json",
+        "CWS_PUBLISHER_ID": "me",
+        "CWS_ITEM_ID": "your-extension-id"
+      }
+    }
+  }
+}
+```
+
+**From a local clone with an OAuth refresh token:**
+
+```json
+{
+  "mcpServers": {
+    "cws-mcp": {
+      "command": "node",
+      "args": ["/path/to/cws-mcp/dist/index.js"],
+      "env": {
+        "CWS_CLIENT_ID": "xxxxx.apps.googleusercontent.com",
+        "CWS_CLIENT_SECRET": "GOCSPX-xxxxx",
+        "CWS_REFRESH_TOKEN": "1//xxxxx",
+        "CWS_PUBLISHER_ID": "me",
+        "CWS_ITEM_ID": "your-extension-id"
+      }
+    }
+  }
+}
+```
+
+## Environment Variables
+
+Provide **either** a service-account key (Auth A) **or** the OAuth2 refresh-token trio (Auth B).
+
+| Variable | Required | Description |
+|---|---|---|
+| `CWS_SERVICE_ACCOUNT_KEY` | Auth A | Path to a service-account JSON key file, or the raw JSON string. Takes precedence over OAuth when set. |
+| `CWS_CLIENT_ID` | Auth B | Google OAuth2 Client ID |
+| `CWS_CLIENT_SECRET` | Auth B | Google OAuth2 Client Secret |
+| `CWS_REFRESH_TOKEN` | Auth B | OAuth2 Refresh Token |
+| `CWS_PUBLISHER_ID` | No | Publisher ID (default: `me`) |
+| `CWS_ITEM_ID` | No | Default extension item ID |
+| `CWS_DASHBOARD_PROFILE_DIR` | No | Browser profile path for `update-metadata-ui` (default: `~/.cws-mcp-profile`) |
+
+## Usage Examples
+
+### Check extension status
+```
+Use the cws-mcp status tool
+```
+
+### Upload and publish
+```
+1. Use cws-mcp upload with zipPath="/path/to/extension.zip"
+2. Use cws-mcp publish
+```
+
+### Publish with staged rollout
+```
+Use cws-mcp publish with:
+- publishType="STAGED_PUBLISH"
+- deployPercentage=10
+```
+
+### Publish with skip-review
+```
+Use cws-mcp publish with skipReview=true
+```
+
+### Update listing title/description without publishing
+```
+Use cws-mcp update-metadata with:
+- title="Pexus"
+- summary="Official wallet for Plumise"
+- description="..."
+- category="productivity"
+- defaultLocale="en"
+```
+
+### Update advanced metadata fields
+```
+Use cws-mcp update-metadata with metadata={
+  "homepageUrl": "https://plumise.com",
+  "supportUrl": "https://plug.plumise.com/docs"
+}
+```
+
+### When API metadata updates don't reflect
+```
+Use cws-mcp update-metadata-ui with:
+- title
+- summary
+- description
+- category
+- homepageUrl
+- supportUrl
+```
+
+Notes:
+- This tool automates the Chrome Web Store dashboard UI.
+- First run with `headless=false` if login is required.
+- Browser profile path defaults to `~/.cws-mcp-profile` (override with `CWS_DASHBOARD_PROFILE_DIR`).
+
+### Staged rollout
+```
+1. Use cws-mcp publish
+2. Use cws-mcp deploy-percentage with percentage=10
+3. Use cws-mcp deploy-percentage with percentage=50
+4. Use cws-mcp deploy-percentage with percentage=100
+```
+
+Note: `deploy-percentage` is only available for extensions with 10,000+ seven-day active users. The new percentage must always be higher than the current target.
+
+## V1 API Deprecation
+
+The `get` and `update-metadata` tools use the Chrome Web Store v1.1 API, which is **deprecated and will be removed after October 15, 2026**. The v2 API does not provide metadata read/write endpoints, so these tools remain available as a bridge. Use `update-metadata-ui` (Playwright dashboard automation) as the long-term alternative.
+
+## License
+
+MIT

package/dist/index.d.ts

@@ -0,0 +1,3 @@
+#!/usr/bin/env node
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+export declare function createSandboxServer(): McpServer;

package/dist/index.js

@@ -0,0 +1,722 @@
+#!/usr/bin/env node
+import { McpServer, ResourceTemplate } from "@modelcontextprotocol/sdk/server/mcp.js";
+import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
+import { z } from "zod";
+import { readFileSync } from "node:fs";
+import { createSign } from "node:crypto";
+import { chromium } from "playwright";
+import { homedir } from "node:os";
+import { resolve, join, dirname } from "node:path";
+import { fileURLToPath } from "node:url";
+// ── Version ──
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = dirname(__filename);
+const pkg = JSON.parse(readFileSync(join(__dirname, "../package.json"), "utf-8"));
+const VERSION = pkg.version;
+// ── Config ──
+const CLIENT_ID = process.env.CWS_CLIENT_ID || "";
+const CLIENT_SECRET = process.env.CWS_CLIENT_SECRET || "";
+const REFRESH_TOKEN = process.env.CWS_REFRESH_TOKEN || "";
+const SERVICE_ACCOUNT_KEY = process.env.CWS_SERVICE_ACCOUNT_KEY || "";
+const PUBLISHER_ID = process.env.CWS_PUBLISHER_ID || "me";
+const DEFAULT_ITEM_ID = process.env.CWS_ITEM_ID || "";
+const API_BASE = "https://chromewebstore.googleapis.com";
+const UPLOAD_BASE = "https://chromewebstore.googleapis.com/upload/v2";
+const V1_BASE = "https://www.googleapis.com/chromewebstore/v1.1";
+const TOKEN_URL = "https://oauth2.googleapis.com/token";
+const SCOPE = "https://www.googleapis.com/auth/chromewebstore";
+/** Date after which Google removes the Chrome Web Store v1.1 API. */
+const V1_SUNSET = "2026-10-15";
+const DASHBOARD_PROFILE_DIR = process.env.CWS_DASHBOARD_PROFILE_DIR || resolve(homedir(), ".cws-mcp-profile");
+// ── Auth: OAuth2 refresh token & service account (JWT bearer) ──
+let cachedToken = null;
+/** Load a service account key from CWS_SERVICE_ACCOUNT_KEY (raw JSON or a file path). Returns null when not configured. */
+function loadServiceAccount() {
+    const value = SERVICE_ACCOUNT_KEY.trim();
+    if (!value)
+        return null;
+    let raw = value;
+    if (!raw.startsWith("{")) {
+        // Treat the value as a path to a JSON key file.
+        raw = readFileSync(resolve(raw), "utf-8");
+    }
+    let key;
+    try {
+        key = JSON.parse(raw);
+    }
+    catch {
+        throw new Error("CWS_SERVICE_ACCOUNT_KEY is neither valid JSON nor a readable JSON key file path.");
+    }
+    if (!key.client_email || !key.private_key) {
+        throw new Error("Invalid service account key: missing 'client_email' or 'private_key'.");
+    }
+    return { client_email: key.client_email, private_key: key.private_key };
+}
+function base64url(input) {
+    return Buffer.from(input).toString("base64url");
+}
+/** Mint an access token from a service account using the RS256 JWT-bearer grant. */
+async function fetchTokenViaServiceAccount(sa) {
+    const now = Math.floor(Date.now() / 1000);
+    const header = { alg: "RS256", typ: "JWT" };
+    const claims = {
+        iss: sa.client_email,
+        scope: SCOPE,
+        aud: TOKEN_URL,
+        iat: now,
+        exp: now + 3600,
+    };
+    const signingInput = `${base64url(JSON.stringify(header))}.${base64url(JSON.stringify(claims))}`;
+    const signature = createSign("RSA-SHA256").update(signingInput).sign(sa.private_key, "base64url");
+    const assertion = `${signingInput}.${signature}`;
+    const body = new URLSearchParams({
+        grant_type: "urn:ietf:params:oauth:grant-type:jwt-bearer",
+        assertion,
+    });
+    const res = await fetch(TOKEN_URL, {
+        method: "POST",
+        headers: { "Content-Type": "application/x-www-form-urlencoded" },
+        body: body.toString(),
+    });
+    if (!res.ok) {
+        throw new Error(`Service account token request failed (${res.status}): ${await res.text()}`);
+    }
+    return (await res.json());
+}
+/** Mint an access token from an OAuth2 refresh token. */
+async function fetchTokenViaRefreshToken() {
+    const body = new URLSearchParams({
+        client_id: CLIENT_ID,
+        client_secret: CLIENT_SECRET,
+        refresh_token: REFRESH_TOKEN,
+        grant_type: "refresh_token",
+    });
+    const res = await fetch(TOKEN_URL, {
+        method: "POST",
+        headers: { "Content-Type": "application/x-www-form-urlencoded" },
+        body: body.toString(),
+    });
+    if (!res.ok) {
+        throw new Error(`Token refresh failed (${res.status}): ${await res.text()}`);
+    }
+    return (await res.json());
+}
+/**
+ * Resolve an access token, preferring a service account when configured and
+ * falling back to the OAuth2 refresh-token flow. Tokens are cached until expiry.
+ */
+async function getAccessToken() {
+    if (cachedToken && Date.now() < cachedToken.expires_at - 60_000) {
+        return cachedToken.access_token;
+    }
+    const sa = loadServiceAccount();
+    let data;
+    if (sa) {
+        data = await fetchTokenViaServiceAccount(sa);
+    }
+    else if (CLIENT_ID && CLIENT_SECRET && REFRESH_TOKEN) {
+        data = await fetchTokenViaRefreshToken();
+    }
+    else {
+        throw new Error("Missing credentials. Set CWS_SERVICE_ACCOUNT_KEY (service account), " +
+            "or CWS_CLIENT_ID + CWS_CLIENT_SECRET + CWS_REFRESH_TOKEN (OAuth refresh token).");
+    }
+    cachedToken = {
+        access_token: data.access_token,
+        expires_at: Date.now() + data.expires_in * 1000,
+    };
+    return cachedToken.access_token;
+}
+// ── Helpers ──
+function errMsg(e) {
+    return e instanceof Error ? e.message : String(e);
+}
+function resolveItemId(itemId) {
+    const id = itemId || DEFAULT_ITEM_ID;
+    if (!id) {
+        throw new Error("No item ID provided. Pass itemId parameter or set CWS_ITEM_ID env var.");
+    }
+    return id;
+}
+function resolvePublisherId(publisherId) {
+    return publisherId || PUBLISHER_ID;
+}
+async function apiCall(url, options) {
+    const token = await getAccessToken();
+    const headers = {
+        Authorization: `Bearer ${token}`,
+        ...(options.headers || {}),
+    };
+    const res = await fetch(url, { ...options, headers });
+    const body = await res.text();
+    return { ok: res.ok, status: res.status, body };
+}
+/** Format an API response with structured error info when applicable. */
+function formatResponse(result) {
+    if (result.ok) {
+        return { content: [{ type: "text", text: result.body }], isError: false };
+    }
+    // Try to parse the error body for a more readable message.
+    let errorDetail = result.body;
+    try {
+        const parsed = JSON.parse(result.body);
+        if (parsed.error?.message) {
+            errorDetail = `${parsed.error.message} (code: ${parsed.error.code || result.status})`;
+        }
+    }
+    catch {
+        // Keep raw body
+    }
+    return {
+        content: [{ type: "text", text: `API Error (${result.status}): ${errorDetail}` }],
+        isError: true,
+    };
+}
+/** Append an extra note (e.g. deprecation warning) to a tool result. */
+function appendNote(result, note) {
+    return { ...result, content: [...result.content, { type: "text", text: note }] };
+}
+const V1_NOTE = `⚠️ This tool uses the Chrome Web Store v1.1 API, which Google will remove after ${V1_SUNSET}. ` +
+    `The v2 API has no metadata read/write endpoint — for store-listing changes, prefer the 'update-metadata-ui' tool.`;
+function toolError(e) {
+    return { content: [{ type: "text", text: `Error: ${errMsg(e)}` }], isError: true };
+}
+function escapeRegExp(value) {
+    return value.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+}
+async function fillTextFieldByLabel(page, labels, value) {
+    const parts = labels.map(escapeRegExp).join("|");
+    const regex = new RegExp(parts, "i");
+    const candidates = [
+        page.getByLabel(regex).first(),
+        page.getByRole("textbox", { name: regex }).first(),
+        page.getByPlaceholder(regex).first(),
+    ];
+    for (const locator of candidates) {
+        if ((await locator.count()) > 0) {
+            await locator.fill(value);
+            return;
+        }
+    }
+    const labelNode = page.getByText(regex).first();
+    if ((await labelNode.count()) > 0) {
+        const container = labelNode.locator("xpath=ancestor::*[self::div or self::section][1]");
+        const field = container.locator("textarea, input[type='text'], input:not([type])").first();
+        if ((await field.count()) > 0) {
+            await field.fill(value);
+            return;
+        }
+    }
+    throw new Error(`Unable to locate field by labels: ${labels.join(", ")}`);
+}
+async function uploadFileBySectionLabel(page, labels, filePath) {
+    const resolvedPath = resolve(filePath);
+    const parts = labels.map(escapeRegExp).join("|");
+    const regex = new RegExp(parts, "i");
+    const labelNode = page.getByText(regex).first();
+    if ((await labelNode.count()) > 0) {
+        const container = labelNode.locator("xpath=ancestor::*[self::div or self::section][1]");
+        const fileInput = container.locator("input[type='file']").first();
+        if ((await fileInput.count()) > 0) {
+            await fileInput.setInputFiles(resolvedPath);
+            await page.waitForTimeout(1200);
+            return;
+        }
+    }
+    const anyFileInput = page.locator("input[type='file']").first();
+    if ((await anyFileInput.count()) > 0) {
+        await anyFileInput.setInputFiles(resolvedPath);
+        await page.waitForTimeout(1200);
+        return;
+    }
+    throw new Error(`Unable to locate file input for labels: ${labels.join(", ")}`);
+}
+async function clickSaveButton(page) {
+    const roleCandidates = [
+        page.getByRole("button", { name: /save|저장|임시저장|save draft/i }).first(),
+        page.getByRole("button", { name: /submit for review|검토/i }).first(),
+    ];
+    for (const saveBtn of roleCandidates) {
+        if ((await saveBtn.count()) > 0) {
+            await saveBtn.click();
+            await page.waitForTimeout(2000);
+            return;
+        }
+    }
+    const textCandidates = [
+        page.locator("button:has-text('저장')").first(),
+        page.locator("button:has-text('임시저장')").first(),
+        page.locator("button:has-text('Save')").first(),
+    ];
+    for (const saveBtn of textCandidates) {
+        if ((await saveBtn.count()) > 0) {
+            await saveBtn.click();
+            await page.waitForTimeout(2000);
+            return;
+        }
+    }
+    if ((await page.getByText(/항목이 저장되었습니다|saved/i).count()) > 0) {
+        return;
+    }
+    if ((await page.getByText(/변경사항이 저장되지 않았|unsaved/i).count()) === 0) {
+        throw new Error("Save button not found on dashboard page.");
+    }
+}
+// ── Shared tool schemas (single source of truth for main server + sandbox) ──
+const itemIdSchema = z
+    .string()
+    .optional()
+    .describe("Extension item ID (defaults to CWS_ITEM_ID env var)");
+const publisherIdSchema = z
+    .string()
+    .optional()
+    .describe("Publisher ID (defaults to CWS_PUBLISHER_ID env var or 'me')");
+const schemas = {
+    upload: {
+        zipPath: z.string().describe("Absolute path to the ZIP file to upload"),
+        itemId: itemIdSchema,
+        publisherId: publisherIdSchema,
+    },
+    publish: {
+        itemId: itemIdSchema,
+        publisherId: publisherIdSchema,
+        publishType: z
+            .enum(["DEFAULT_PUBLISH", "STAGED_PUBLISH"])
+            .optional()
+            .describe("DEFAULT_PUBLISH: publishes immediately after approval. STAGED_PUBLISH: stages for manual publishing after approval. Defaults to DEFAULT_PUBLISH."),
+        deployPercentage: z
+            .number()
+            .int()
+            .min(0)
+            .max(100)
+            .optional()
+            .describe("Initial deploy percentage for staged rollout (0-100)."),
+        skipReview: z
+            .boolean()
+            .optional()
+            .describe("Attempt to skip review if the extension qualifies. Defaults to false."),
+        blockOnWarnings: z
+            .boolean()
+            .optional()
+            .describe("If true, the publish is blocked when the submission has warnings. Defaults to false."),
+    },
+    status: {
+        itemId: itemIdSchema,
+        publisherId: publisherIdSchema,
+    },
+    cancel: {
+        itemId: itemIdSchema,
+        publisherId: publisherIdSchema,
+    },
+    "deploy-percentage": {
+        percentage: z
+            .number()
+            .min(0)
+            .max(100)
+            .describe("Deploy percentage (0-100). Must be larger than the current target percentage."),
+        itemId: itemIdSchema,
+        publisherId: publisherIdSchema,
+    },
+    get: {
+        itemId: itemIdSchema,
+        projection: z
+            .enum(["DRAFT", "PUBLISHED"])
+            .optional()
+            .describe("Metadata projection to fetch (defaults to DRAFT)"),
+    },
+    "update-metadata": {
+        itemId: itemIdSchema,
+        title: z.string().optional().describe("Store listing title"),
+        summary: z.string().optional().describe("Store listing short summary"),
+        description: z.string().optional().describe("Store listing description"),
+        category: z.string().optional().describe("Category (e.g. 'productivity', 'developer_tools')"),
+        defaultLocale: z.string().optional().describe("Default locale (e.g. 'ko', 'en')"),
+        homepageUrl: z.string().optional().describe("Homepage URL"),
+        supportUrl: z.string().optional().describe("Support URL"),
+        metadata: z
+            .record(z.unknown())
+            .optional()
+            .describe("Raw metadata object forwarded as-is to the v1.1 API. Useful for fields not exposed as first-class params."),
+    },
+    "update-metadata-ui": {
+        itemId: itemIdSchema,
+        title: z.string().optional().describe("Store listing title"),
+        summary: z.string().optional().describe("Store listing short summary"),
+        description: z.string().optional().describe("Store listing long description"),
+        category: z.string().optional().describe("Category label as shown in dashboard UI"),
+        homepageUrl: z.string().optional().describe("Homepage URL"),
+        supportUrl: z.string().optional().describe("Support URL"),
+        storeIconPath: z.string().optional().describe("Absolute path to 128x128 store icon image"),
+        accountIndex: z
+            .number()
+            .int()
+            .min(0)
+            .max(9)
+            .optional()
+            .describe("Google account index in dashboard URL (default: 0)"),
+        headless: z.boolean().optional().describe("Run browser headless (default: false)"),
+    },
+};
+const descriptions = {
+    upload: "Upload a ZIP file to update an existing Chrome Web Store item draft. Note: Creating new items via API is not supported in v2 — use the Developer Dashboard to create new items.",
+    publish: "Publish an extension to Chrome Web Store. Supports immediate publish, staged publish, initial deploy percentage, block-on-warnings, and skip-review.",
+    status: "Fetch the current status of an extension on Chrome Web Store. Returns published/submitted revision status, deploy percentage, version, takedown/warning flags, and last upload state.",
+    cancel: "Cancel a pending submission on Chrome Web Store. Can be used to cancel an item currently in review.",
+    "deploy-percentage": "Set the published deploy percentage for staged rollout on Chrome Web Store. The new percentage must be higher than the current target. Only available for items with 10,000+ seven-day active users.",
+    get: `Get the current metadata of a Chrome Web Store item (v1.1 API). Returns title, description, category, and other listing fields. Note: the v1.1 API is deprecated and will be removed after ${V1_SUNSET}.`,
+    "update-metadata": `Update the store listing metadata of a Chrome Web Store item (v1.1 API). Supports common fields and a raw metadata payload. Note: the v1.1 API is deprecated and will be removed after ${V1_SUNSET}. Use 'update-metadata-ui' as the long-term alternative.`,
+    "update-metadata-ui": "Update listing metadata via Chrome Web Store dashboard UI automation (Playwright). Use this when API metadata updates are not reflected, or as the primary metadata update method since the v1.1 API is deprecated.",
+};
+// ── MCP Server ──
+const server = new McpServer({
+    name: "cws-mcp",
+    version: VERSION,
+});
+// ── upload ──
+server.registerTool("upload", { description: descriptions.upload, inputSchema: schemas.upload }, async ({ zipPath, itemId, publisherId }) => {
+    try {
+        const id = resolveItemId(itemId);
+        const pub = resolvePublisherId(publisherId);
+        const zipData = readFileSync(zipPath);
+        const url = `${UPLOAD_BASE}/publishers/${pub}/items/${id}:upload`;
+        const result = await apiCall(url, {
+            method: "POST",
+            headers: { "Content-Type": "application/zip" },
+            body: new Uint8Array(zipData),
+        });
+        return formatResponse(result);
+    }
+    catch (e) {
+        return toolError(e);
+    }
+});
+// ── publish ──
+server.registerTool("publish", { description: descriptions.publish, inputSchema: schemas.publish }, async ({ itemId, publisherId, publishType, deployPercentage, skipReview, blockOnWarnings }) => {
+    try {
+        const id = resolveItemId(itemId);
+        const pub = resolvePublisherId(publisherId);
+        const url = `${API_BASE}/v2/publishers/${pub}/items/${id}:publish`;
+        const body = {};
+        if (publishType)
+            body.publishType = publishType;
+        if (deployPercentage !== undefined)
+            body.deployInfos = [{ deployPercentage }];
+        if (skipReview !== undefined)
+            body.skipReview = skipReview;
+        if (blockOnWarnings !== undefined)
+            body.blockOnWarnings = blockOnWarnings;
+        const hasBody = Object.keys(body).length > 0;
+        const result = await apiCall(url, {
+            method: "POST",
+            ...(hasBody
+                ? { headers: { "Content-Type": "application/json" }, body: JSON.stringify(body) }
+                : {}),
+        });
+        return formatResponse(result);
+    }
+    catch (e) {
+        return toolError(e);
+    }
+});
+// ── status ──
+server.registerTool("status", { description: descriptions.status, inputSchema: schemas.status }, async ({ itemId, publisherId }) => {
+    try {
+        const id = resolveItemId(itemId);
+        const pub = resolvePublisherId(publisherId);
+        const url = `${API_BASE}/v2/publishers/${pub}/items/${id}:fetchStatus`;
+        const result = await apiCall(url, { method: "GET" });
+        return formatResponse(result);
+    }
+    catch (e) {
+        return toolError(e);
+    }
+});
+// ── cancel ──
+server.registerTool("cancel", { description: descriptions.cancel, inputSchema: schemas.cancel }, async ({ itemId, publisherId }) => {
+    try {
+        const id = resolveItemId(itemId);
+        const pub = resolvePublisherId(publisherId);
+        const url = `${API_BASE}/v2/publishers/${pub}/items/${id}:cancelSubmission`;
+        const result = await apiCall(url, { method: "POST" });
+        return formatResponse(result);
+    }
+    catch (e) {
+        return toolError(e);
+    }
+});
+// ── deploy-percentage ──
+server.registerTool("deploy-percentage", { description: descriptions["deploy-percentage"], inputSchema: schemas["deploy-percentage"] }, async ({ percentage, itemId, publisherId }) => {
+    try {
+        const id = resolveItemId(itemId);
+        const pub = resolvePublisherId(publisherId);
+        const url = `${API_BASE}/v2/publishers/${pub}/items/${id}:setPublishedDeployPercentage`;
+        const result = await apiCall(url, {
+            method: "POST",
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify({ deployPercentage: percentage }),
+        });
+        return formatResponse(result);
+    }
+    catch (e) {
+        return toolError(e);
+    }
+});
+// ── get (v1.1 — deprecated, sunset Oct 2026) ──
+server.registerTool("get", { description: descriptions.get, inputSchema: schemas.get }, async ({ itemId, projection }) => {
+    try {
+        const id = resolveItemId(itemId);
+        const p = projection || "DRAFT";
+        const url = `${V1_BASE}/items/${id}?projection=${encodeURIComponent(p)}`;
+        const result = await apiCall(url, { method: "GET" });
+        return appendNote(formatResponse(result), V1_NOTE);
+    }
+    catch (e) {
+        return toolError(e);
+    }
+});
+// ── update-metadata (v1.1 — deprecated, sunset Oct 2026) ──
+server.registerTool("update-metadata", { description: descriptions["update-metadata"], inputSchema: schemas["update-metadata"] }, async ({ itemId, title, summary, description, category, defaultLocale, homepageUrl, supportUrl, metadata }) => {
+    try {
+        const id = resolveItemId(itemId);
+        const url = `${V1_BASE}/items/${id}`;
+        const payload = { ...(metadata || {}) };
+        if (title !== undefined)
+            payload.title = title;
+        if (summary !== undefined)
+            payload.summary = summary;
+        if (description !== undefined)
+            payload.description = description;
+        if (category !== undefined)
+            payload.category = category;
+        if (defaultLocale !== undefined)
+            payload.defaultLocale = defaultLocale;
+        if (homepageUrl !== undefined)
+            payload.homepageUrl = homepageUrl;
+        if (supportUrl !== undefined)
+            payload.supportUrl = supportUrl;
+        if (Object.keys(payload).length === 0) {
+            throw new Error("No metadata fields provided.");
+        }
+        const result = await apiCall(url, {
+            method: "PUT",
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify(payload),
+        });
+        return appendNote(formatResponse(result), V1_NOTE);
+    }
+    catch (e) {
+        return toolError(e);
+    }
+});
+// ── update-metadata-ui (dashboard automation) ──
+server.registerTool("update-metadata-ui", { description: descriptions["update-metadata-ui"], inputSchema: schemas["update-metadata-ui"] }, async ({ itemId, title, summary, description, category, homepageUrl, supportUrl, storeIconPath, accountIndex, headless }) => {
+    try {
+        const id = resolveItemId(itemId);
+        const idx = accountIndex ?? 0;
+        const dashboardUrl = `https://chromewebstore.google.com/u/${idx}/dashboard/${id}/edit`;
+        const hasAnyField = [title, summary, description, category, homepageUrl, supportUrl, storeIconPath].some((v) => typeof v === "string" && v.trim().length > 0);
+        if (!hasAnyField) {
+            throw new Error("No fields provided for UI update.");
+        }
+        const context = await chromium.launchPersistentContext(DASHBOARD_PROFILE_DIR, {
+            channel: "chrome",
+            headless: headless ?? false,
+        });
+        try {
+            const page = context.pages()[0] || (await context.newPage());
+            await page.goto(dashboardUrl, { waitUntil: "domcontentloaded", timeout: 90_000 });
+            await page.waitForTimeout(2500);
+            if (page.url().includes("accounts.google.com")) {
+                throw new Error(`Not signed in to Chrome Web Store dashboard. Open once with headless=false and sign in. Profile dir: ${DASHBOARD_PROFILE_DIR}`);
+            }
+            if (title?.trim()) {
+                await fillTextFieldByLabel(page, ["Title", "제목", "Name", "이름"], title.trim());
+            }
+            if (summary?.trim()) {
+                await fillTextFieldByLabel(page, ["Summary", "Short description", "요약", "짧은 설명"], summary.trim());
+            }
+            if (description?.trim()) {
+                await fillTextFieldByLabel(page, ["Description", "설명"], description.trim());
+            }
+            if (homepageUrl?.trim()) {
+                await fillTextFieldByLabel(page, ["Homepage", "홈페이지"], homepageUrl.trim());
+            }
+            if (supportUrl?.trim()) {
+                await fillTextFieldByLabel(page, ["Support", "지원", "Help", "도움말"], supportUrl.trim());
+            }
+            if (storeIconPath?.trim()) {
+                await uploadFileBySectionLabel(page, ["Store icon", "스토어 아이콘", "아이콘", "Icon"], storeIconPath.trim());
+            }
+            if (category?.trim()) {
+                const categoryCombo = page.getByRole("combobox", { name: /category|카테고리/i }).first();
+                if ((await categoryCombo.count()) > 0) {
+                    await categoryCombo.click();
+                    const option = page.getByRole("option", { name: new RegExp(escapeRegExp(category), "i") }).first();
+                    if ((await option.count()) > 0) {
+                        await option.click();
+                    }
+                }
+            }
+            await clickSaveButton(page);
+            return {
+                content: [
+                    {
+                        type: "text",
+                        text: JSON.stringify({ ok: true, mode: "dashboard-ui", profileDir: DASHBOARD_PROFILE_DIR, url: page.url() }, null, 2),
+                    },
+                ],
+                isError: false,
+            };
+        }
+        finally {
+            await context.close();
+        }
+    }
+    catch (e) {
+        return toolError(e);
+    }
+});
+// ── Resources ──
+server.registerResource("extension-status", new ResourceTemplate("cws://extensions/{extensionId}", { list: undefined }), {
+    title: "Chrome Web Store extension status",
+    description: "Get the current status (v2) and store-listing metadata (v1.1, while available) of a Chrome Web Store extension by its item ID.",
+    mimeType: "application/json",
+}, async (uri, variables) => {
+    const extensionId = String(variables.extensionId);
+    try {
+        const pub = resolvePublisherId();
+        const token = await getAccessToken();
+        // v2 status — the canonical source, must succeed.
+        const statusRes = await fetch(`${API_BASE}/v2/publishers/${pub}/items/${extensionId}:fetchStatus`, {
+            headers: { Authorization: `Bearer ${token}` },
+        });
+        const statusText = await statusRes.text();
+        let statusData;
+        try {
+            statusData = JSON.parse(statusText);
+        }
+        catch {
+            statusData = { raw: statusText };
+        }
+        // v1.1 metadata — optional, gracefully degrades once the v1.1 API is sunset.
+        let metaData;
+        try {
+            const metaRes = await fetch(`${V1_BASE}/items/${extensionId}?projection=PUBLISHED`, {
+                headers: { Authorization: `Bearer ${token}` },
+            });
+            const metaText = await metaRes.text();
+            try {
+                metaData = JSON.parse(metaText);
+            }
+            catch {
+                metaData = { raw: metaText };
+            }
+        }
+        catch (e) {
+            metaData = {
+                unavailable: `v1.1 metadata fetch failed (the v1.1 API is deprecated after ${V1_SUNSET}): ${errMsg(e)}`,
+            };
+        }
+        const result = { extensionId, status: statusData, metadata: metaData };
+        return {
+            contents: [
+                { uri: uri.href, mimeType: "application/json", text: JSON.stringify(result, null, 2) },
+            ],
+        };
+    }
+    catch (e) {
+        return {
+            contents: [
+                { uri: uri.href, mimeType: "application/json", text: JSON.stringify({ extensionId, error: errMsg(e) }) },
+            ],
+        };
+    }
+});
+// ── Prompts ──
+server.registerPrompt("publish_extension", {
+    description: "Step-by-step guide for publishing or updating a Chrome extension on the Chrome Web Store. Walks through upload, metadata update, and publish steps.",
+    argsSchema: {
+        extensionId: z.string().describe("The Chrome Web Store extension item ID"),
+        zipPath: z.string().describe("Absolute path to the built extension ZIP file"),
+        version: z.string().optional().describe("New version string (e.g. '1.2.0') for context"),
+    },
+}, ({ extensionId, zipPath, version }) => ({
+    messages: [
+        {
+            role: "user",
+            content: {
+                type: "text",
+                text: `Please help me publish my Chrome extension to the Chrome Web Store.
+
+Extension ID: ${extensionId}
+ZIP file: ${zipPath}${version ? `\nNew version: ${version}` : ""}
+
+Follow these steps using the available cws-mcp tools:
+
+1. **Upload the ZIP** — Use the \`upload\` tool with zipPath="${zipPath}" and itemId="${extensionId}" to upload the new build as a draft.
+2. **Verify upload** — Use the \`status\` tool to confirm the upload succeeded and the item is in DRAFT state.
+3. **Check/update metadata** — Use the \`get\` tool (projection=DRAFT) to review current listing metadata. If anything needs updating (title, description, category), prefer \`update-metadata-ui\` (the v1.1-based \`update-metadata\` is deprecated and sunset ${V1_SUNSET}).
+4. **Publish** — Use the \`publish\` tool to submit the draft for review. Optionally use publishType="STAGED_PUBLISH" for staged rollout, or skipReview=true if eligible.
+5. **Confirm submission** — Use the \`status\` tool again to confirm the item entered the review queue.
+6. **Optional staged rollout** — After approval, use \`deploy-percentage\` to gradually roll out (e.g., 10%, 50%, 100%).
+
+Please start with step 1 now.`,
+            },
+        },
+    ],
+}));
+server.registerPrompt("check_status", {
+    description: "Check the review status and deployment percentage of a Chrome extension, and surface any actionable next steps.",
+    argsSchema: {
+        extensionId: z.string().describe("The Chrome Web Store extension item ID"),
+    },
+}, ({ extensionId }) => ({
+    messages: [
+        {
+            role: "user",
+            content: {
+                type: "text",
+                text: `Please check the current status of my Chrome extension.
+
+Extension ID: ${extensionId}
+
+Use the following cws-mcp tools to gather a full picture:
+
+1. **Fetch status** — Use the \`status\` tool with itemId="${extensionId}" to get the review status and any rejection reasons.
+2. **Fetch metadata** — Use the \`get\` tool with itemId="${extensionId}" and projection=PUBLISHED to see what is currently live (v1.1 API, sunset ${V1_SUNSET}).
+3. **Summarize** — Report:
+   - Current review state (e.g., IN_REVIEW, PUBLISHED, REJECTED, DRAFT)
+   - Deployed version and deploy percentage if in staged rollout
+   - Any rejection reason or action required
+   - Recommended next steps (e.g., fix policy violations, increase deploy-percentage, or no action needed)
+
+Please start with step 1 now.`,
+            },
+        },
+    ],
+}));
+// ── Start ──
+async function main() {
+    const transport = new StdioServerTransport();
+    await server.connect(transport);
+}
+main().catch((err) => {
+    process.stderr.write(`Fatal: ${errMsg(err)}\n`);
+    process.exit(1);
+});
+// ── Smithery Sandbox ──
+// Reuses the shared schemas/descriptions so tool definitions stay in one place.
+export function createSandboxServer() {
+    const sandbox = new McpServer({
+        name: "cws-mcp",
+        version: VERSION,
+    });
+    const noop = async () => ({
+        content: [{ type: "text", text: "sandbox" }],
+        isError: false,
+    });
+    for (const name of Object.keys(schemas)) {
+        sandbox.registerTool(name, { description: descriptions[name], inputSchema: schemas[name] }, noop);
+    }
+    return sandbox;
+}

package/package.json

@@ -0,0 +1,57 @@
+{
+  "name": "@1llum1n4t1/cws-mcp",
+  "version": "1.4.2",
+  "mcpName": "io.github.1llum1n4t1s/cws",
+  "description": "MCP server for Chrome Web Store extension management (V2 API)",
+  "type": "module",
+  "main": "dist/index.js",
+  "bin": {
+    "cws-mcp": "dist/index.js"
+  },
+  "files": [
+    "dist/**/*",
+    "LICENSE",
+    "README.md"
+  ],
+  "engines": {
+    "node": ">=20"
+  },
+  "scripts": {
+    "build": "tsc",
+    "start": "node dist/index.js",
+    "dev": "tsx src/index.ts"
+  },
+  "keywords": [
+    "mcp",
+    "chrome-web-store",
+    "chrome-extension",
+    "publish",
+    "model-context-protocol"
+  ],
+  "author": "1llum1n4t1s",
+  "contributors": [
+    "mikusnuz (original author of cws-mcp)"
+  ],
+  "license": "MIT",
+  "publishConfig": {
+    "access": "public"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/1llum1n4t1s/1llum1n4t1s.cws-mcp.git"
+  },
+  "homepage": "https://github.com/1llum1n4t1s/1llum1n4t1s.cws-mcp#readme",
+  "bugs": {
+    "url": "https://github.com/1llum1n4t1s/1llum1n4t1s.cws-mcp/issues"
+  },
+  "dependencies": {
+    "@modelcontextprotocol/sdk": "^1.29.0",
+    "playwright": "^1.60.0",
+    "zod": "^3.24.2"
+  },
+  "devDependencies": {
+    "@types/node": "^22.0.0",
+    "tsx": "^4.19.0",
+    "typescript": "^5.7.0"
+  }
+}