@abraca/mcp 1.0.22 → 1.1.0

package/dist/abracadabra-mcp.esm.js

@@ -20001,7 +20001,7 @@ function registerTreeTools(mcp, server) {
 	mcp.tool("create_document", "Create a new document in the tree. Returns the new document ID.", {
 		parentId: z.string().optional().describe("Parent document ID. Omit for top-level pages. Use a document ID for nested/child pages."),
 		label: z.string().describe("Display name / title for the document."),
-		type: z.string().optional().describe("Page type — sets how this document renders. \"doc\" (rich text), \"kanban\" (columns → cards), \"table\" (columns → cells, positional rows), \"calendar\" (events with datetimeStart/End), \"timeline\" (epics → tasks with dateStart/End + taskProgress), \"checklist\" (tasks with checked/priority, unlimited nesting), \"outline\" (nested items, unlimited depth), \"gallery\" (image/media items), \"map\" (markers/lines with geoLat/geoLng), \"graph\" (knowledge graph nodes), \"dashboard\" (positioned widgets with deskX/deskY/deskMode), \"mindmap\" (connected nodes), \"spatial\" (3D objects with spShape/spX/spY/spZ), \"media\" (audio/video tracks), \"slides\" (slide deck), \"whiteboard\" (freeform canvas). Omit to inherit parent view. Only set on the parent page, NEVER on child items."),
+		type: z.string().optional().describe("Page type — sets how this document renders. \"doc\" (rich text), \"kanban\" (columns → cards), \"table\" (columns → rows with custom fields), \"calendar\" (events with datetimeStart/End), \"timeline\" (epics → tasks with dateStart/End + taskProgress), \"checklist\" (tasks with checked/priority, unlimited nesting), \"outline\" (nested items, unlimited depth), \"gallery\" (visual grid with covers/ratings), \"map\" (markers/lines with geoLat/geoLng), \"graph\" (force-directed knowledge graph), \"dashboard\" (positioned widgets with deskX/deskY/deskMode), \"spatial\" (3D scene with spShape/spX/spY/spZ), \"media\" (audio/video player with playlists), \"slides\" (presentation with transitions), \"chart\" (bar/line/donut/treemap from data points or aggregation), \"sheets\" (spreadsheet with formulas and formatting), \"overview\" (space home — activity and stats), \"call\" (video call room, no children). Omit to inherit parent view. Only set on the parent page, NEVER on child items."),
 		meta: z.record(z.unknown()).optional().describe("Initial metadata (PageMeta fields: color as hex string, icon as Lucide kebab-case name like \"star\"/\"code-2\"/\"users\" — never emoji, dateStart, dateEnd, priority 0-4, tags array, etc). Omit icon entirely to use page type default.")
 	}, async ({ parentId, label, type, meta }) => {
 		server.setAutoStatus("creating");
@@ -20159,7 +20159,7 @@ function registerTreeTools(mcp, server) {
 	});
 	mcp.tool("change_document_type", "Change the page type view of a document (data is preserved).", {
 		id: z.string().describe("Document ID."),
-		type: z.string().describe("New page type (e.g. \"doc\", \"kanban\", \"table\", \"calendar\", \"outline\", \"gallery\", \"slides\", \"timeline\", \"whiteboard\", \"map\", \"dashboard\", \"mindmap\", \"graph\").")
+		type: z.string().describe("New page type: \"doc\", \"kanban\", \"table\", \"calendar\", \"timeline\", \"checklist\", \"outline\", \"gallery\", \"map\", \"graph\", \"dashboard\", \"spatial\", \"media\", \"slides\", \"chart\", \"sheets\", \"overview\", \"call\".")
 	}, async ({ id, type }) => {
 		server.setAutoStatus("writing");
 		server.setActiveToolCall({
@@ -20526,7 +20526,14 @@ function parseBlocks(markdown) {
 				i++;
 			}
 			i++;
-			blocks.push({
+			if (lang === "svg" || lang.startsWith("svg ")) {
+				const svgTitle = lang === "svg" ? "" : lang.slice(4).trim();
+				blocks.push({
+					type: "svgEmbed",
+					svg: codeLines.join("\n"),
+					title: svgTitle
+				});
+			} else blocks.push({
 				type: "codeBlock",
 				lang,
 				code: codeLines.join("\n")
@@ -20865,6 +20872,7 @@ function blockElName(b) {
 		case "fieldGroup": return "fieldGroup";
 		case "image": return "image";
 		case "docEmbed": return "docEmbed";
+		case "svgEmbed": return "svgEmbed";
 	}
 }
 function fillBlock(el, block) {
@@ -21083,6 +21091,10 @@ function fillBlock(el, block) {
 		case "docEmbed":
 			el.setAttribute("docId", block.docId);
 			break;
+		case "svgEmbed":
+			el.setAttribute("svg", block.svg);
+			if (block.title) el.setAttribute("title", block.title);
+			break;
 	}
 }
 function populateYDocFromMarkdown(fragment, markdown, fallbackTitle = "Untitled") {
@@ -21132,6 +21144,7 @@ function populateYDocFromMarkdown(fragment, markdown, fallbackTitle = "Untitled"
 				case "fieldGroup": return new Y.XmlElement("fieldGroup");
 				case "image": return new Y.XmlElement("image");
 				case "docEmbed": return new Y.XmlElement("docEmbed");
+				case "svgEmbed": return new Y.XmlElement("svgEmbed");
 			}
 		});
 		fragment.insert(0, [
@@ -21207,6 +21220,12 @@ function serializeElement(el, indent = "") {
 			const docId = el.getAttribute("docId");
 			return docId ? `![[${docId}]]` : "";
 		}
+		case "svgEmbed": {
+			const svg = el.getAttribute("svg") || "";
+			const svgTitle = el.getAttribute("title") || "";
+			if (!svg) return "";
+			return `\`\`\`svg${svgTitle ? ` ${svgTitle}` : ""}\n${svg}\n\`\`\``;
+		}
 		case "image": {
 			const src = el.getAttribute("src") || "";
 			const alt = el.getAttribute("alt") || "";
@@ -21518,7 +21537,7 @@ function registerMetaTools(mcp, server) {
 	});
 	mcp.tool("update_metadata", "Update metadata fields on a document. Merges the provided fields into existing metadata.", {
 		docId: z.string().describe("Document ID."),
-		meta: z.record(z.unknown()).describe("Metadata fields to update (merged with existing). Universal keys: color (hex), icon (Lucide kebab-case — NEVER emoji), dateStart/dateEnd, datetimeStart/datetimeEnd, allDay, tags (string[]), checked (bool), priority (0=none,1=low,2=med,3=high,4=urgent), status, rating (0-5), url, email, phone, number, unit, subtitle, note, taskProgress (0-100), members ({id,label}[]), coverUploadId. Geo/Map: geoType (\"marker\"|\"line\"|\"measure\"), geoLat, geoLng, geoDescription. Spatial 3D: spShape (\"box\"|\"sphere\"|\"cylinder\"|\"cone\"|\"plane\"|\"torus\"|\"glb\"), spX/spY/spZ, spRX/spRY/spRZ, spSX/spSY/spSZ, spColor, spOpacity (0-100). Dashboard: deskX, deskY, deskZ, deskMode (\"icon\"|\"widget-sm\"|\"widget-lg\"). Renderer config (on the page doc itself): kanbanColumnWidth, galleryColumns, galleryAspect, calendarView, calendarWeekStart, tableMode, showRefEdges. Set a key to null to clear it.")
+		meta: z.record(z.unknown()).describe("Metadata fields to update (merged with existing). Universal keys: color (hex), icon (Lucide kebab-case — NEVER emoji), dateStart/dateEnd, datetimeStart/datetimeEnd, allDay, tags (string[]), checked (bool), priority (0=none,1=low,2=med,3=high,4=urgent), status, rating (0-5), url, email, phone, number, unit, subtitle, note, taskProgress (0-100), members ({id,label}[]), coverUploadId. Geo/Map: geoType (\"marker\"|\"line\"|\"measure\"), geoLat, geoLng, geoDescription. Spatial 3D: spShape (\"box\"|\"sphere\"|\"cylinder\"|\"cone\"|\"plane\"|\"torus\"|\"glb\"), spX/spY/spZ, spRX/spRY/spRZ, spSX/spSY/spSZ, spColor, spOpacity (0-100). Dashboard: deskX, deskY, deskZ, deskMode (\"icon\"|\"widget-sm\"|\"widget-lg\"). Slides: slidesTransition (\"none\"|\"fade\"|\"slide\"), slidesTheme (\"dark\"|\"light\"). Chart: chartType (\"bar\"|\"stacked bar\"|\"line\"|\"donut\"|\"treemap\"), chartMetric, chartColorScheme, chartLimit, chartShowLegend, chartShowValues. Sheets: sheetsDefaultColWidth, sheetsDefaultRowHeight, sheetsShowGridlines, sheetsFreezeRows, sheetsFreezeCols. Cell formatting: bold, italic, textColor, bgColor, align, formula. Renderer config (on the page doc itself): kanbanColumnWidth, galleryColumns, galleryAspect, galleryCardStyle, galleryShowLabels, gallerySortBy, calendarView, calendarWeekStart, calendarShowWeekNumbers, tableMode, tableSortDir, checklistFilter, checklistSort, mapShowLabels, spatialGridVisible, showRefEdges, mediaRepeat, mediaShuffle. Set a key to null to clear it.")
 	}, async ({ docId, meta }) => {
 		server.setAutoStatus("writing", docId);
 		server.setActiveToolCall({
@@ -21863,6 +21882,182 @@ function registerChannelTools(mcp, server) {
 	});
 }
 
+//#endregion
+//#region packages/mcp/src/utils/sanitizeSvg.ts
+/**
+* Lightweight SVG sanitizer for server-side use (no DOM dependency).
+* Strips dangerous elements and attributes from SVG markup using allowlists.
+*/
+const ALLOWED_ELEMENTS = new Set([
+	"svg",
+	"g",
+	"path",
+	"circle",
+	"ellipse",
+	"rect",
+	"line",
+	"polyline",
+	"polygon",
+	"text",
+	"tspan",
+	"textPath",
+	"defs",
+	"use",
+	"symbol",
+	"clipPath",
+	"mask",
+	"pattern",
+	"linearGradient",
+	"radialGradient",
+	"stop",
+	"marker",
+	"image",
+	"title",
+	"desc",
+	"metadata",
+	"animate",
+	"animateTransform",
+	"animateMotion",
+	"set",
+	"filter",
+	"feGaussianBlur",
+	"feOffset",
+	"feMerge",
+	"feMergeNode",
+	"feFlood",
+	"feComposite",
+	"feBlend",
+	"feColorMatrix",
+	"feComponentTransfer",
+	"feFuncR",
+	"feFuncG",
+	"feFuncB",
+	"feFuncA",
+	"feConvolveMatrix",
+	"feDiffuseLighting",
+	"feDisplacementMap",
+	"feDropShadow",
+	"feImage",
+	"feMorphology",
+	"fePointLight",
+	"feSpecularLighting",
+	"feSpotLight",
+	"feTile",
+	"feTurbulence"
+]);
+const FORBIDDEN_ELEMENTS = new Set([
+	"script",
+	"foreignObject",
+	"iframe",
+	"object",
+	"embed",
+	"applet"
+]);
+/** Matches event handler attributes: on* */
+const EVENT_HANDLER_RE = /\bon\w+\s*=/gi;
+/** Matches javascript: URLs in href/xlink:href */
+const JS_URL_RE = /(href\s*=\s*["'])\s*javascript:/gi;
+/** Matches a full element tag (opening or self-closing) */
+const TAG_RE = /<\/?([a-zA-Z][a-zA-Z0-9-]*)((?:\s[^>]*)?)>/g;
+/** Matches complete forbidden element blocks including content */
+function stripForbiddenBlocks(svg) {
+	for (const tag of FORBIDDEN_ELEMENTS) {
+		const blockRe = new RegExp(`<${tag}[\\s>][\\s\\S]*?</${tag}>`, "gi");
+		svg = svg.replace(blockRe, "");
+		const selfCloseRe = new RegExp(`<${tag}[\\s/][^>]*/?>`, "gi");
+		svg = svg.replace(selfCloseRe, "");
+	}
+	return svg;
+}
+/**
+* Sanitize SVG markup by removing dangerous elements and attributes.
+* Uses an allowlist approach — only known-safe SVG elements are kept.
+*/
+function sanitizeSvg(svg) {
+	if (!svg) return "";
+	let clean = stripForbiddenBlocks(svg);
+	clean = clean.replace(EVENT_HANDLER_RE, "");
+	clean = clean.replace(JS_URL_RE, "$1");
+	clean = clean.replace(TAG_RE, (match, tagName) => {
+		const lower = tagName.toLowerCase();
+		if (ALLOWED_ELEMENTS.has(lower) || ALLOWED_ELEMENTS.has(tagName)) return match;
+		return "";
+	});
+	return clean.trim();
+}
+
+//#endregion
+//#region packages/mcp/src/tools/svg.ts
+/**
+* SVG tools — insert SVG diagrams/images into documents via Y.js.
+*/
+/**
+* Find the insertion index after documentHeader and documentMeta elements.
+*/
+function findContentStart(fragment) {
+	let idx = 0;
+	for (let i = 0; i < fragment.length; i++) {
+		const child = fragment.get(i);
+		if (child instanceof Y.XmlElement) {
+			const name = child.nodeName;
+			if (name === "documentHeader" || name === "documentMeta") idx = i + 1;
+			else break;
+		}
+	}
+	return idx;
+}
+function registerSvgTools(mcp, server) {
+	mcp.tool("write_svg", "Insert an SVG diagram or image into a document. Creates an svgEmbed block node containing the SVG markup. Use this for diagrams, charts, flowcharts, illustrations, icons, or any visual content expressed as SVG. The SVG is sanitized server-side before writing.", {
+		docId: z.string().describe("Document ID to write SVG into."),
+		svg: z.string().describe("Raw SVG markup string (the full <svg>...</svg> element). Will be sanitized."),
+		title: z.string().optional().describe("Optional title/caption displayed above the SVG."),
+		position: z.enum(["append", "prepend"]).optional().describe("Where to insert the SVG block. \"append\" adds at the end (default), \"prepend\" adds at the start of content.")
+	}, async ({ docId, svg, title, position }) => {
+		try {
+			server.setAutoStatus("writing", docId);
+			server.setActiveToolCall({
+				name: "write_svg",
+				target: docId
+			});
+			const cleanSvg = sanitizeSvg(svg);
+			if (!cleanSvg) {
+				server.setActiveToolCall(null);
+				return {
+					content: [{
+						type: "text",
+						text: "Error: SVG markup was empty or entirely stripped by sanitizer."
+					}],
+					isError: true
+				};
+			}
+			const doc = (await server.getChildProvider(docId)).document;
+			const fragment = doc.getXmlFragment("default");
+			doc.transact(() => {
+				const el = new Y.XmlElement("svgEmbed");
+				el.setAttribute("svg", cleanSvg);
+				if (title) el.setAttribute("title", title);
+				const insertPos = position === "prepend" ? findContentStart(fragment) : fragment.length;
+				fragment.insert(insertPos, [el]);
+			});
+			server.setFocusedDoc(docId);
+			server.setActiveToolCall(null);
+			return { content: [{
+				type: "text",
+				text: `SVG inserted into document ${docId}${title ? ` ("${title}")` : ""}`
+			}] };
+		} catch (error) {
+			server.setActiveToolCall(null);
+			return {
+				content: [{
+					type: "text",
+					text: `Error writing SVG: ${error.message}`
+				}],
+				isError: true
+			};
+		}
+	});
+}
+
 //#endregion
 //#region packages/mcp/src/resources/agent-guide.ts
 const AGENT_GUIDE = `# Abracadabra AI Agent Guide
@@ -22655,6 +22850,7 @@ Read the resource at abracadabra://agent-guide for the complete guide covering p
 	registerFileTools(mcp, server);
 	registerAwarenessTools(mcp, server);
 	registerChannelTools(mcp, server);
+	registerSvgTools(mcp, server);
 	registerAgentGuide(mcp);
 	registerTreeResource(mcp, server);
 	registerServerInfoResource(mcp, server);