npm - @agent-native/core - Versions diffs - 0.49.22 → 0.49.23 - Mend

@agent-native/core 0.49.22 → 0.49.23

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (71) hide show

package/dist/agent/production-agent.d.ts +1 -0
package/dist/agent/production-agent.d.ts.map +1 -1
package/dist/agent/production-agent.js +15 -0
package/dist/agent/production-agent.js.map +1 -1
package/dist/agent/tool-search.d.ts.map +1 -1
package/dist/agent/tool-search.js +32 -7
package/dist/agent/tool-search.js.map +1 -1
package/dist/cli/connect.d.ts +2 -3
package/dist/cli/connect.d.ts.map +1 -1
package/dist/cli/connect.js +60 -37
package/dist/cli/connect.js.map +1 -1
package/dist/cli/pr-visual-recap-workflow.d.ts +5 -7
package/dist/cli/pr-visual-recap-workflow.d.ts.map +1 -1
package/dist/cli/pr-visual-recap-workflow.js +5 -7
package/dist/cli/pr-visual-recap-workflow.js.map +1 -1
package/dist/cli/recap.d.ts +44 -52
package/dist/cli/recap.d.ts.map +1 -1
package/dist/cli/recap.js +420 -414
package/dist/cli/recap.js.map +1 -1
package/dist/client/AssistantChat.d.ts +6 -3
package/dist/client/AssistantChat.d.ts.map +1 -1
package/dist/client/AssistantChat.js +1 -1
package/dist/client/AssistantChat.js.map +1 -1
package/dist/client/MultiTabAssistantChat.d.ts.map +1 -1
package/dist/client/MultiTabAssistantChat.js +23 -3
package/dist/client/MultiTabAssistantChat.js.map +1 -1
package/dist/client/agent-chat.d.ts +8 -0
package/dist/client/agent-chat.d.ts.map +1 -1
package/dist/client/agent-chat.js +24 -1
package/dist/client/agent-chat.js.map +1 -1
package/dist/client/blocks/library/AnnotatedCodeBlock.d.ts.map +1 -1
package/dist/client/blocks/library/AnnotatedCodeBlock.js +4 -1
package/dist/client/blocks/library/AnnotatedCodeBlock.js.map +1 -1
package/dist/client/blocks/library/DiffBlock.d.ts.map +1 -1
package/dist/client/blocks/library/DiffBlock.js +20 -7
package/dist/client/blocks/library/DiffBlock.js.map +1 -1
package/dist/client/blocks/library/annotation-rail.js +5 -5
package/dist/client/blocks/library/annotation-rail.js.map +1 -1
package/dist/client/composer/TiptapComposer.d.ts.map +1 -1
package/dist/client/composer/TiptapComposer.js +15 -2
package/dist/client/composer/TiptapComposer.js.map +1 -1
package/dist/coding-tools/run-code.d.ts.map +1 -1
package/dist/coding-tools/run-code.js +69 -17
package/dist/coding-tools/run-code.js.map +1 -1
package/dist/integrations/plugin.d.ts.map +1 -1
package/dist/integrations/plugin.js +2 -0
package/dist/integrations/plugin.js.map +1 -1
package/dist/mcp/build-server.d.ts +12 -10
package/dist/mcp/build-server.d.ts.map +1 -1
package/dist/mcp/build-server.js +53 -89
package/dist/mcp/build-server.js.map +1 -1
package/dist/mcp/connect-route.d.ts.map +1 -1
package/dist/mcp/connect-route.js +5 -4
package/dist/mcp/connect-route.js.map +1 -1
package/dist/mcp/oauth-token.d.ts +6 -5
package/dist/mcp/oauth-token.d.ts.map +1 -1
package/dist/mcp/oauth-token.js.map +1 -1
package/dist/mcp/stdio.d.ts.map +1 -1
package/dist/mcp/stdio.js +9 -2
package/dist/mcp/stdio.js.map +1 -1
package/dist/provider-api/staging.d.ts.map +1 -1
package/dist/provider-api/staging.js +6 -4
package/dist/provider-api/staging.js.map +1 -1
package/dist/server/agent-chat-plugin.d.ts +10 -7
package/dist/server/agent-chat-plugin.d.ts.map +1 -1
package/dist/server/agent-chat-plugin.js.map +1 -1
package/docs/content/actions.md +1 -1
package/docs/content/external-agents.md +53 -40
package/docs/content/mcp-protocol.md +16 -11
package/docs/content/pr-visual-recap.md +1 -1
package/package.json +1 -1

package/dist/mcp/build-server.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"build-server.d.ts","sourceRoot":"","sources":["../../src/mcp/build-server.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,8BAA8B,CAAC;AAsChE,MAAM,WAAW,SAAS;IACxB,wCAAwC;IACxC,IAAI,EAAE,MAAM,CAAC;IACb,8EAA8E;IAC9E,KAAK,CAAC,EAAE,MAAM,CAAC;IACf;;;;;;;OAOG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,sBAAsB;IACtB,WAAW,EAAE,MAAM,CAAC;IACpB,6EAA6E;IAC7E,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,oEAAoE;IACpE,KAAK,CAAC,EAAE,KAAK,CAAC;QACZ,GAAG,EAAE,MAAM,CAAC;QACZ,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;QACjB,KAAK,CAAC,EAAE,OAAO,GAAG,MAAM,CAAC;KAC1B,CAAC,CAAC;IACH,uCAAuC;IACvC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,mDAAmD;IACnD,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;IACrC;;;;;;;;;;;OAWG;IACH,iBAAiB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;IAChD,qEAAqE;IACrE,QAAQ,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;IAChD;;;;;;OAMG;IACH,oBAAoB,CAAC,EAAE,OAAO,CAAC;IAC/B~~;;;;;;;;;;;;;;;;;;;;;OAqBG~~;IACH,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;CAC7B;AAED;;;;;;;GAOG;AACH,MAAM,WAAW,iBAAiB;IAChC,SAAS,EAAE,MAAM,GAAG,SAAS,CAAC;IAC9B,KAAK,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAC3B,SAAS,EAAE,MAAM,GAAG,SAAS,CAAC;IAC9B,gEAAgE;IAChE,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,gEAAgE;IAChE,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED;;;kEAGkE;AAClE,MAAM,WAAW,cAAc;IAC7B,+DAA+D;IAC/D,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,iEAAiE;IACjE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,yEAAyE;IACzE,MAAM,CAAC,EAAE,SAAS,GAAG,SAAS,GAAG,UAAU,CAAC;IAC5C;;;;OAIG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,uEAAuE;IACvE,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,6EAA6E;IAC7E,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB;;;;;;;OAOG;IACH,WAAW,CAAC,EAAE,OAAO,CAAC;CACvB;~~AAwbD~~;;;;GAIG;AACH,wBAAgB,kBAAkB,CAChC,KAAK,EAAE,WAAW,EAClB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EACzB,MAAM,EAAE,GAAG,EACX,IAAI,EAAE,cAAc,GAAG,SAAS,GAC/B;IACD,KAAK,CAAC,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC;IACvC,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACjC,CAyBA;AAyeD;;;;;;;GAOG;AACH,wBAAsB,yBAAyB,CAC7C,MAAM,EAAE,SAAS,EACjB,QAAQ,EAAE,iBAAiB,GAAG,SAAS,EACvC,WAAW,CAAC,EAAE,cAAc;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;~~IAqd7B~~;AAOD,wBAAgB,eAAe,IAAI,MAAM,EAAE,CAc1C;AAyCD,wBAAgB,cAAc,CAC5B,UAAU,EAAE,MAAM,GAAG,SAAS,GAC7B,MAAM,GAAG,SAAS,CAIpB;AAwED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAsB,UAAU,CAC9B,UAAU,EAAE,MAAM,GAAG,SAAS,EAC9B,gBAAgB,CAAC,EAAE,MAAM,GAAG,SAAS,EACrC,OAAO,GAAE;IAAE,YAAY,CAAC,EAAE,OAAO,CAAC;IAAC,WAAW,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAA;CAAO,GACxE,OAAO,CAAC;IACT,MAAM,EAAE,OAAO,CAAC;IAChB,QAAQ,CAAC,EAAE,iBAAiB,CAAC;IAC7B;;;;;;OAMG;IACH,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB;;;;;;OAMG;IACH,WAAW,CAAC,EAAE,OAAO,CAAC;CACvB,CAAC,CAyID;AAED,wBAAsB,sBAAsB,CAC1C,SAAS,EAAE,MAAM,GAAG,SAAS,GAC5B,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CAS7B"}
1	+ {"version":3,"file":"build-server.d.ts","sourceRoot":"","sources":["../../src/mcp/build-server.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,8BAA8B,CAAC;AAsChE,MAAM,WAAW,SAAS;IACxB,wCAAwC;IACxC,IAAI,EAAE,MAAM,CAAC;IACb,8EAA8E;IAC9E,KAAK,CAAC,EAAE,MAAM,CAAC;IACf;;;;;;;OAOG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,sBAAsB;IACtB,WAAW,EAAE,MAAM,CAAC;IACpB,6EAA6E;IAC7E,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,oEAAoE;IACpE,KAAK,CAAC,EAAE,KAAK,CAAC;QACZ,GAAG,EAAE,MAAM,CAAC;QACZ,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;QACjB,KAAK,CAAC,EAAE,OAAO,GAAG,MAAM,CAAC;KAC1B,CAAC,CAAC;IACH,uCAAuC;IACvC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,mDAAmD;IACnD,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;IACrC;;;;;;;;;;;OAWG;IACH,iBAAiB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;IAChD,qEAAqE;IACrE,QAAQ,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;IAChD;;;;;;OAMG;IACH,oBAAoB,CAAC,EAAE,OAAO,CAAC;IAC/B;;;;;;;;;;;;;;;;;;;;;;;OAuBG;IACH,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;CAC7B;AAED;;;;;;;GAOG;AACH,MAAM,WAAW,iBAAiB;IAChC,SAAS,EAAE,MAAM,GAAG,SAAS,CAAC;IAC9B,KAAK,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAC3B,SAAS,EAAE,MAAM,GAAG,SAAS,CAAC;IAC9B,gEAAgE;IAChE,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,gEAAgE;IAChE,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED;;;kEAGkE;AAClE,MAAM,WAAW,cAAc;IAC7B,+DAA+D;IAC/D,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,iEAAiE;IACjE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,yEAAyE;IACzE,MAAM,CAAC,EAAE,SAAS,GAAG,SAAS,GAAG,UAAU,CAAC;IAC5C;;;;OAIG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,uEAAuE;IACvE,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,6EAA6E;IAC7E,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB;;;;;;;OAOG;IACH,WAAW,CAAC,EAAE,OAAO,CAAC;CACvB;AA4YD;;;;GAIG;AACH,wBAAgB,kBAAkB,CAChC,KAAK,EAAE,WAAW,EAClB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EACzB,MAAM,EAAE,GAAG,EACX,IAAI,EAAE,cAAc,GAAG,SAAS,GAC/B;IACD,KAAK,CAAC,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC;IACvC,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACjC,CAyBA;AAyeD;;;;;;;GAOG;AACH,wBAAsB,yBAAyB,CAC7C,MAAM,EAAE,SAAS,EACjB,QAAQ,EAAE,iBAAiB,GAAG,SAAS,EACvC,WAAW,CAAC,EAAE,cAAc;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IA0d7B;AAOD,wBAAgB,eAAe,IAAI,MAAM,EAAE,CAc1C;AAyCD,wBAAgB,cAAc,CAC5B,UAAU,EAAE,MAAM,GAAG,SAAS,GAC7B,MAAM,GAAG,SAAS,CAIpB;AAwED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAsB,UAAU,CAC9B,UAAU,EAAE,MAAM,GAAG,SAAS,EAC9B,gBAAgB,CAAC,EAAE,MAAM,GAAG,SAAS,EACrC,OAAO,GAAE;IAAE,YAAY,CAAC,EAAE,OAAO,CAAC;IAAC,WAAW,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAA;CAAO,GACxE,OAAO,CAAC;IACT,MAAM,EAAE,OAAO,CAAC;IAChB,QAAQ,CAAC,EAAE,iBAAiB,CAAC;IAC7B;;;;;;OAMG;IACH,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB;;;;;;OAMG;IACH,WAAW,CAAC,EAAE,OAAO,CAAC;CACvB,CAAC,CAyID;AAED,wBAAsB,sBAAsB,CAC1C,SAAS,EAAE,MAAM,GAAG,SAAS,GAC5B,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CAS7B"}

package/dist/mcp/build-server.js CHANGED Viewed

@@ -39,6 +39,10 @@ const COMPACT_MCP_APP_CATALOG_BUILTINS = new Set([
     "open_app",
     "ask_app",
     "create_embed_session",
+    // `tool-search` MUST stay in every compact/connector surface: it is how a
+    // compacted client discovers and loads any action on demand, which is what
+    // makes "small catalog by default" safe instead of limiting.
+    "tool-search",
 ]);
 function isActionAdvertisedInCompactMcpAppCatalog(name, entry, config) {
     if (COMPACT_MCP_APP_CATALOG_BUILTINS.has(name))
@@ -52,71 +56,38 @@ function isActionAdvertisedInCompactMcpAppCatalog(name, entry, config) {
     }
     return false;
 }
-const MCP_APP_OAUTH_CLIENT_RE = /\b(chatgpt|openai|claude|anthropic)\b/i;
-const NON_APP_OAUTH_CLIENT_RE = /\b(code|cli|cursor|codex|goose|postman|mcpjam|inspector)\b/i;
-const MCP_APP_OAUTH_REDIRECT_HOST_RE = /(^|\.)((chatgpt|openai)\.com|claude\.ai|anthropic\.com)$/i;
-const FULL_CATALOG_CLIENT_RE = /\b(agent-native-mcp-(proxy|stdio|standalone)|code|cli|cursor|codex|goose|postman|mcpjam|inspector)\b/i;
-async function isKnownMcpAppOAuthClient(identity) {
-    const clientId = identity?.oauthClientId?.trim();
-    if (!clientId)
-        return false;
-    function isKnownAppClientName(value) {
-        if (!value)
-            return false;
-        return (MCP_APP_OAUTH_CLIENT_RE.test(value) &&
-            !NON_APP_OAUTH_CLIENT_RE.test(value));
-    }
-    function isKnownNonAppClientName(value) {
-        return Boolean(value && NON_APP_OAUTH_CLIENT_RE.test(value));
-    }
-    function isKnownMcpAppRedirectUri(uri) {
-        try {
-            const url = new URL(uri);
-            return (url.protocol === "https:" &&
-                MCP_APP_OAUTH_REDIRECT_HOST_RE.test(url.hostname));
-        }
-        catch {
-            return false;
-        }
-    }
-    if (isKnownAppClientName(clientId))
-        return true;
-    if (isKnownNonAppClientName(clientId))
-        return false;
-    try {
-        const { getOAuthClient } = await import("./oauth-store.js");
-        const client = await getOAuthClient(clientId);
-        // If the token carries an OAuth client id but its registration is missing,
-        // keep the model on the compact MCP Apps surface instead of exposing every
-        // private action/schema.
-        if (!client)
-            return true;
-        if (isKnownAppClientName(client.clientName))
-            return true;
-        if (isKnownNonAppClientName(client.clientName))
-            return false;
-        if (client.redirectUris.some(isKnownMcpAppRedirectUri))
-            return true;
-        // Most OAuth hosts are UI-oriented MCP clients. Preserve the full catalog
-        // only for known code/CLI clients so unknown browser hosts cannot trigger
-        // massive resources/list payloads.
-        return true;
-    }
-    catch {
-        // On metadata lookup errors, fail compact instead of falling back to the
-        // full action surface; ChatGPT/Claude old tokens otherwise get huge lists.
-        return true;
-    }
-}
 function explicitlyRequestsFullMcpCatalog(requestMeta) {
+    // Full catalog is a deliberate, rare opt-in — NEVER a default, and NEVER
+    // inferred from the client name / user-agent. It is reached only by an
+    // explicit deployment env or a token minted with
+    // `agent-native connect --full-catalog` (which embeds `catalog_scope: "full"`,
+    // surfaced here as requestMeta.fullCatalog). Dumping ~105 tool schemas
+    // (100k+ tokens) into a context window just because a client called itself
+    // "code"/"cursor"/"codex" was a recurring footgun. Everything else gets the
+    // connector/compact catalog plus `tool-search`, which keeps every tool
+    // reachable on demand.
     if (process.env.AGENT_NATIVE_MCP_FULL_CATALOG === "1")
         return true;
-    if (requestMeta?.fullCatalog === true)
-        return true;
-    if (requestMeta?.clientHint) {
-        return FULL_CATALOG_CLIENT_RE.test(requestMeta.clientHint);
-    }
-    return FULL_CATALOG_CLIENT_RE.test(requestMeta?.clientName ?? "");
+    return requestMeta?.fullCatalog === true;
+}
+const warnedFullCatalogKeys = new Set();
+/**
+ * Loud, deduped warning emitted whenever the full MCP catalog is actually
+ * served. Full catalog is a deliberate, rare opt-in (env or a `--full-catalog`
+ * token claim); logging it makes an accidental ~100k-token tool dump visible
+ * instead of silent, so a regression can't quietly reintroduce the footgun.
+ */
+function warnFullCatalogServed(toolCount) {
+    const source = process.env.AGENT_NATIVE_MCP_FULL_CATALOG === "1"
+        ? "AGENT_NATIVE_MCP_FULL_CATALOG=1"
+        : "a token minted with --full-catalog (catalog_scope:full)";
+    const key = `${source}:${toolCount}`;
+    if (warnedFullCatalogKeys.has(key))
+        return;
+    warnedFullCatalogKeys.add(key);
+    console.warn(`[agent-native] Serving the FULL MCP tool catalog (${toolCount} tools) via ${source}. ` +
+        `This is a large context payload meant to be a rare, explicit opt-in — most ` +
+        `clients should use the default compact/connector catalog + tool-search instead.`);
 }
 /**
  * Returns true when the given action name is in the template's connector
@@ -132,18 +103,6 @@ function isActionInConnectorCatalog(name, config) {
         return false;
     return config.connectorCatalog.includes(name);
 }
-function shouldUseCompactMcpCatalogByDefault(identity, requestMeta) {
-    if (explicitlyRequestsFullMcpCatalog(requestMeta))
-        return false;
-    // OAuth callers are classified through `isKnownMcpAppOAuthClient`: unknown
-    // OAuth clients compact by default, while known code/CLI clients stay full.
-    if (identity?.oauthClientId)
-        return false;
-    // A real authenticated remote HTTP caller with no OAuth client metadata is
-    // usually a chat-host static-token connector. Keep it on the app-facing
-    // verbs so a host cannot dump every action schema into a giant tool card.
-    return requestMeta?.fullSurface === true;
-}
 function metadataObject(value) {
     return value && typeof value === "object" && !Array.isArray(value)
         ? value
@@ -844,25 +803,27 @@ export async function createMCPServerForRequest(config, identity, requestMeta) {
         : config.actions;
     const actions = mergeBuiltinTools(config, baseActions, requestMeta);
     const visibleActions = Object.fromEntries(Object.entries(actions).filter(([, entry]) => isActionVisibleForOAuthScope(entry, effectiveIdentity?.oauthScopes)));
-    const compactMcpAppCatalog = explicitlyRequestsFullMcpCatalog(requestMeta)
-        ? false
-        : (Array.isArray(effectiveIdentity?.oauthScopes) &&
-            hasMcpOAuthScope(effectiveIdentity.oauthScopes, "mcp:apps")) ||
-            (await isKnownMcpAppOAuthClient(effectiveIdentity)) ||
-            shouldUseCompactMcpCatalogByDefault(effectiveIdentity, requestMeta);
+    const fullCatalogRequested = explicitlyRequestsFullMcpCatalog(requestMeta);
+    // Compact/connector is the DEFAULT for every caller — hosted connectors,
+    // code clients (Claude Code / Cursor / Codex), and the local CLI alike. The
+    // full ~105-tool catalog is served only on the explicit opt-in above, so a
+    // host can never dump every action schema into one giant tool card. The
+    // `mcp:apps` scope still lands on this compact MCP-Apps surface; with no
+    // opt-in, everyone else does too.
+    const compactMcpAppCatalog = !fullCatalogRequested;
     const advertisedActionsBeforeConnector = compactMcpAppCatalog
         ? Object.fromEntries(Object.entries(visibleActions).filter(([name, entry]) => isActionAdvertisedInCompactMcpAppCatalog(name, entry, config)))
         : visibleActions;
-    // Connector-catalog tier: on hosted multi-tenant deployments (signalled by
-    // AGENT_NATIVE_CONNECTOR_CATALOG=1) restrict external callers to the
-    // template-declared allow-list unless the token was minted with
-    // --full-catalog (catalog_scope: "full"). This prevents the ~105-tool full
-    // catalog from bloating every external agent's context window and removes
-    // db-exec / seed-* / extension / browser-session footguns.
-    const connectorCatalogActive = process.env.AGENT_NATIVE_CONNECTOR_CATALOG === "1" &&
-        Array.isArray(config.connectorCatalog) &&
+    // Connector-catalog tier: when a template declares a connector allow-list,
+    // serve exactly that curated surface (+ cross-app builtins + tool-search) to
+    // external callers unless they explicitly opted into the full catalog. This
+    // is active by default whenever a catalog is declared — no env flag required —
+    // so the ~105-tool full catalog can never leak just because a deployment
+    // forgot to set one. It also keeps db-exec / seed-* / extension /
+    // browser-session footguns off the external surface.
+    const connectorCatalogActive = Array.isArray(config.connectorCatalog) &&
         config.connectorCatalog.length > 0 &&
-        !explicitlyRequestsFullMcpCatalog(requestMeta);
+        !fullCatalogRequested;
     // When the connector catalog is active, filter directly from visibleActions
     // rather than advertisedActionsBeforeConnector. This ensures the connector
     // tier is an independent, template-declared surface that doesn't accidentally
@@ -871,6 +832,9 @@ export async function createMCPServerForRequest(config, identity, requestMeta) {
     const advertisedActions = connectorCatalogActive
         ? Object.fromEntries(Object.entries(visibleActions).filter(([name]) => isActionInConnectorCatalog(name, config)))
         : advertisedActionsBeforeConnector;
+    if (fullCatalogRequested) {
+        warnFullCatalogServed(Object.keys(advertisedActions).length);
+    }
     const supportsMcpApps = compactMcpAppCatalog ||
         Object.values(advertisedActions).some((entry) => Boolean(entry.mcpApp?.resource));
     const server = new Server(mcpServerInfo(config, requestMeta), {