@alpic-ai/api 1.127.1 → 1.129.0

package/dist/index.mjs

@@ -71,6 +71,327 @@ const auditReportWithScreenshotsSchema = auditReportSchema.extend({ widgetScreen
 	chatgpt: widgetScreenshotSchema.optional(),
 	claudeai: widgetScreenshotSchema.optional()
 }) });
+z.object({
+	id: z.string(),
+	createdAt: z.coerce.date(),
+	environmentId: z.string(),
+	content: z.string(),
+	source: z.enum(["model", "user"])
+});
+z.object({
+	content: z.string(),
+	source: z.enum(["model", "user"])
+});
+const toolDefinitionSchema = z.object({
+	name: z.string(),
+	title: z.string().optional().describe("Human-friendly name for the tool, used in the UI. If not provided, `name` will be used."),
+	description: z.string().optional(),
+	annotations: z.object({
+		readOnlyHint: z.boolean().optional(),
+		destructiveHint: z.boolean().optional(),
+		openWorldHint: z.boolean().optional(),
+		idempotentHint: z.boolean().optional()
+	}).optional()
+});
+const positiveTestCaseSchema = z.object({
+	scenario: z.string(),
+	userPrompt: z.string(),
+	toolTriggered: z.string().optional(),
+	expectedOutput: z.string().optional()
+}).partial().describe("Each case: Scenario, User prompt, Tool triggered, Expected output.");
+/** Accepts either a valid email or URL. */
+const supportChannelSchema = z.string().refine((value) => z.email().safeParse(value).success || z.url().safeParse(value).success, { error: "Must be a valid email or URL" });
+const chatgptCategorySchema = z.enum([
+	"BUSINESS",
+	"COLLABORATION",
+	"DESIGN",
+	"DEVELOPER_TOOLS",
+	"EDUCATION",
+	"ENTERTAINMENT",
+	"FINANCE",
+	"FOOD",
+	"LIFESTYLE",
+	"NEWS",
+	"PRODUCTIVITY",
+	"SHOPPING",
+	"TRAVEL"
+]);
+const chatgptAuthenticationSchema = z.enum(["No auth needed", "OAuth 2.0"]);
+const chatgptAllowedCountriesSchema = z.enum(["Allow all", "Restrict to specific countries"]);
+const negativeTestCaseSchema = z.object({
+	scenario: z.string(),
+	userPrompt: z.string()
+}).partial().describe("Each case: Scenario + User prompt (the app should NOT trigger).");
+const chatgptToolJustificationSchema = z.object({
+	toolName: z.string(),
+	readOnlyJustification: z.string(),
+	openWorldJustification: z.string(),
+	destructiveJustification: z.string()
+}).describe("Per-tool justification of each MCP annotation value (one sentence per hint).");
+const chatgptTranslationSchema = z.object({
+	locale: z.string(),
+	tagline: z.string().optional(),
+	description: z.string().optional()
+}).describe("Locale-scoped override for tagline + description. English (US) is the default.");
+/**
+* Field order mirrors the ChatGPT (OpenAI) submission spreadsheet, grouped by section.
+* When adding/removing/reordering fields, keep this in sync with the sheet.
+*/
+const chatgptSubmissionFormDataSchema = z.object({
+	logoLight: z.string().describe("Logo icon for light mode. Square PNG, no borders or rounded corners (clients apply circular cropping)."),
+	logoDark: z.string().describe("Logo icon for dark mode. Square PNG. Same specs as the light icon."),
+	appName: z.string().describe("The name users will see in ChatGPT and in the Apps Directory."),
+	tagline: z.string().max(30).describe("Plain-language phrase focused on function and user value. 30 chars max."),
+	description: z.string().describe("Clear, engaging description highlighting what the app does and why people will love it. Appears publicly on the directory page."),
+	category: chatgptCategorySchema.describe("Category from the OpenAI taxonomy."),
+	developerName: z.string().describe("Developer name shown publicly on the app's directory page."),
+	companyUrl: z.url().describe("Your company's main website URL."),
+	supportChannel: supportChannelSchema.describe("Customer support URL or email address."),
+	privacyPolicyUrl: z.url().describe("URL to your privacy policy."),
+	termsOfServiceUrl: z.url().describe("URL to the app's terms of service."),
+	demoRecordingUrl: z.url().describe("URL to a video demonstrating the app, recorded via OpenAI Developer Mode. Cover all main use cases on web, iOS, and Android."),
+	appCommerceAndPurchasing: z.boolean().describe("Checkbox: 'My app links or directs users out of ChatGPT to make purchases.' Defaults to false. Verify the app does not offer digital goods."),
+	serverUrl: z.url().describe("URL of the MCP server."),
+	authentication: chatgptAuthenticationSchema.describe("OAuth 2.0 or No auth. OAuth configuration is auto-discovered from the MCP server's metadata."),
+	tools: z.array(toolDefinitionSchema).describe("List of tools exposed by the MCP server (auto-populated from the production server's manifest)."),
+	toolJustifications: z.array(chatgptToolJustificationSchema).describe("Per-tool justification of `readOnlyHint`, `openWorldHint`, and `destructiveHint` annotation values."),
+	testCases: z.array(positiveTestCaseSchema).describe("At least 5 positive test cases. Each: Scenario, User prompt, Tool triggered, Expected output. Coverage over all major use cases."),
+	negativeTestCases: z.array(negativeTestCaseSchema).describe("3 negative test cases — prompts where the app should NOT trigger but the model might think it's relevant."),
+	screenshots: z.array(z.url()).describe("URLs of in-app screenshots. Widget apps must show the widget UI; non-widget apps show the model response. Min 1, max 4. First three are public."),
+	translations: z.array(chatgptTranslationSchema).describe("Per-locale translation of tagline + description. English (US) is the default."),
+	allowedCountries: chatgptAllowedCountriesSchema.describe("'Allow all' or restrict to a specific list. See OpenAI's supported countries list."),
+	releaseNotes: z.string().describe("Publicly displayed on the app details page.")
+});
+chatgptSubmissionFormDataSchema.pick({
+	appName: true,
+	developerName: true,
+	serverUrl: true,
+	tools: true,
+	authentication: true
+});
+chatgptSubmissionFormDataSchema.pick({
+	tagline: true,
+	description: true,
+	category: true,
+	testCases: true,
+	negativeTestCases: true,
+	toolJustifications: true
+});
+const claudeCategorySchema = z.enum([
+	"Business & Productivity",
+	"Communication",
+	"Data & Analytics",
+	"Development tools",
+	"Financial Services",
+	"Consumer Health",
+	"Health & Life Sciences",
+	"Media & Entertainment",
+	"Commerce & Shopping"
+]);
+z.enum([
+	"No auth needed",
+	"OAuth 2.0",
+	"Custom URL"
+]);
+const claudeMcpUrlTypeSchema = z.enum(["Universal URL", "Custom MCP URLs"]);
+z.enum(["Static OAuth Client", "Dynamic OAuth Client (DCR / CIMD)"]);
+const claudeReadWriteCapabilitiesSchema = z.enum([
+	"Read only",
+	"Write only",
+	"Read + write"
+]);
+const claudeTransportSchema = z.enum(["Streamable HTTP", "SSE"]);
+const claudeThirdPartySchema = z.enum([
+	"Web access (open web fetch / scraping / arbitrary URLs)",
+	"Third-party AI model integration",
+	"Third-party data retrieval (via workflow / aggregator)",
+	"Third-party data modification (via workflow / aggregator)",
+	"N/A"
+]);
+const claudeDataHandlingSchema = z.enum([
+	"Server only accesses data explicitly requested by user",
+	"No data is stored beyond session requirements",
+	"Data transmission is encrypted (HTTPS / TLS)",
+	"GDPR compliant (if applicable)"
+]);
+const claudeSponsoredContentSchema = z.enum([
+	"No, there is no sponsored content or advertisements",
+	"Yes, there are banner ads or other paid visual elements",
+	"Yes, returned content or ranking is impacted by sponsorship or ad placement"
+]);
+/**
+* Field order mirrors the Claude (Anthropic) submission spreadsheet, grouped by section.
+* When adding/removing/reordering fields, keep this in sync with the sheet.
+*/
+const claudeSubmissionFormDataSchema = z.object({
+	companyName: z.string().describe("Enter your company's legal name or the name under which your product is publicly known. This is used for internal tracking and may appear in directory listings."),
+	companyUrl: z.url().describe("Your company's main website URL, e.g. https://mycompany.com. Must be a valid URL with https://. This should be the root domain of the company behind this MCP server."),
+	primaryContactName: z.string().describe("Full name of the person Anthropic should contact about this submission. This person will receive review feedback, approval notices, and any follow-up questions."),
+	primaryContactEmail: z.email().describe("Business email for the primary contact. Must be a valid email address. Anthropic uses this to communicate about your submission status, required changes, and post-listing issues. Avoid using personal email addresses."),
+	primaryContactRole: z.string().optional().describe("The job title or role of the primary contact (e.g. 'CTO', 'Developer Relations Lead', 'Founder'). Optional but helps Anthropic route questions to the right person."),
+	anthropicPointOfContact: z.string().optional().describe("If you have a direct contact at Anthropic (e.g. from a partnership or sales conversation), enter their name here. This is optional but can greatly help expedite the review process. Leave blank if you don't have one."),
+	appName: z.string().describe(`The public display name for your connector as it will appear in the Connectors Directory.
+
+Rules:
+(1) Do NOT include the words 'MCP' or 'Server' — these are auto-rejected.
+(2) Use your brand/product name, e.g. 'Notion', 'Linear', 'Slack'.
+(3) You must own or have the right to use this brand name. For example, don't call it 'Google Drive Helper' if you're not Google.`),
+	mcpUrlType: claudeMcpUrlTypeSchema.describe(`Choose how your server URL works:
+• 'Universal URL': one single URL that all users connect to (most common). Example: https://mcp.myapp.com
+• 'Custom MCP URLs': each user gets their own unique URL (e.g. based on their workspace or instance). 
+If you choose this, you'll need to provide both a signup URL and a regex pattern that matches valid server URLs for your service.`),
+	serverUrl: z.url().describe(`If 'Universal URL': enter the full https:// URL where your MCP server is hosted and reachable. Example: https://mcp.myapp.com/
+If 'Custom MCP URLs': provide (1) the signup/onboarding URL where users create an account, and (2) a regex pattern that matches all valid server URLs for your service (e.g. https://[a-z0-9-]+\\.myapp\\.com/mcp). The server must be publicly accessible without VPN or whitelisting required.`),
+	tagline: z.string().max(55).describe(`A very short, punchy description shown below your server name in the directory listing. Max 55 characters including spaces.
+Think of it as a subtitle or elevator pitch fragment. Example: 'Manage tasks and projects in Linear' or 'Search and read your Notion workspace'. Avoid generic phrases like 'The best MCP server for...'`),
+	description: z.string().describe(`A 50–100 word description of what your MCP server does. This appears in the connector's detail page inside Claude. Write it from a user perspective: what can users do with this connector? What are the key features/tools? Avoid marketing fluff. Be specific. Example: 'Connect Claude to your Linear workspace. Create and update issues, search projects, manage teams, and track engineering cycles, all from within Claude.' Anthropic reviewers check this for accuracy against your actual tools.`),
+	testCases: z.array(positiveTestCaseSchema).describe(`Provide at least 3 concrete use cases, each with an example prompt a user could type to Claude. These are critical: Anthropic reviewers literally test your server using these prompts. Good examples are specific and demonstrate real value. 
+Best format: [Use case]: [exact prompt]"
+Example for a task manager:
+1. Create a task: 'Create a task called Review Q3 report, due Friday, assigned to Alice'
+2. Search tasks: 'Show me all open bugs in the Mobile project'
+3. Update status: 'Mark the Deploy v2.1 task as done'"`),
+	connectionRequirements: z.string().describe(`Describe any prerequisites a user must have before they can connect your server. Be exhaustive. Examples of things to mention:
+• Account type required (free vs paid plan)
+• Admin permissions or specific roles needed
+• Geographic restrictions (e.g. 'US only' or 'Not available in EU')
+• If users need to provide their own server URL or instance domain
+• Any setup steps needed before connecting (e.g. 'Enable API access in your account settings')
+If there are genuinely no special requirements, write exactly: 'No special requirements.'`),
+	readWriteCapabilities: claudeReadWriteCapabilitiesSchema.describe(`Select the option that best describes what your server can do:
+
+'Read Only': your tools only fetch/retrieve data (GET operations). Claude cannot modify anything via your server.
+'Write Only': your tools only create/update/delete data (rare).
+'Read + Write': your tools can both retrieve AND modify data (most common for full-featured connectors).
+
+Note: Anthropic rejects catch-all tools that accept both safe (GET) and unsafe (POST, PUT, DELETE) HTTP methods via a parameter e.g. a single api_request(method, endpoint) tool. Each tool should have a fixed, specific purpose. `),
+	isMcpApp: z.boolean().describe(`Select 'Yes' if your MCP server renders interactive UI elements (aka widgets or views) inside the Claude conversation.
+Select 'No' if your server only returns text/data responses.
+If 'Yes', you will also be required to provide screenshots of your UI (see Promotional Images section). MCP Apps are displayed with a special badge in the directory.`),
+	thirdPartyConnectionsAndWebAccess: z.array(claudeThirdPartySchema).describe(`Multi-select all that apply to your server's behavior:
+• 'Web access' — your server fetches arbitrary URLs, scrapes websites, or makes open-ended HTTP requests to the web (not just your own API).
+• 'Third-party AI model integration' — your server calls another AI model (e.g. OpenAI, Gemini, Cohere) as part of its processing.
+• 'Third-party data retrieval' — your server retrieves data via a workflow or aggregator platform (e.g. Zapier, Make, n8n) rather than calling your own API directly.
+• 'Third-party data modification' — your server modifies data via such a platform.
+• 'N/A' — your server only calls your own first-party API and does nothing else. Select this only if none of the above apply.`),
+	dataHandling: z.array(claudeDataHandlingSchema).describe(`Multi-select all data handling practices that accurately apply to your server. You must select at least 3. Key points:
+• 'Server only accesses data explicitly requested by user' — your server doesn't silently read unrelated user data.
+• 'No data is stored beyond session requirements' — you don't log or retain conversation data after the session.
+• 'Data transmission is encrypted (HTTPS/TLS)' — all data in transit is encrypted. This should always apply for remote servers.
+• 'GDPR compliant' — if you operate in the EU or serve EU users, check this only if you are genuinely compliant. Don't check it without having proper data processing agreements and procedures in place.
+Note: These are attestations — you are legally agreeing to these practices by submitting the form.`),
+	personalDataHealthAccess: z.boolean().describe(`Select 'Yes' ONLY if your connector gives users access to their own personal health information — such as medical records, lab results, diagnoses, prescriptions, wearable health metrics (heart rate, sleep data, etc.), or mental health data.
+Select 'No' for the vast majority of business/productivity/dev tools. When in doubt, select 'No'. This field triggers additional compliance review if 'Yes'.`),
+	categories: z.array(claudeCategorySchema).describe(`Select the category or categories that best describe your connector. This determines where it appears in the directory's browse experience. Choose the most specific fit:
+• Business & Productivity — project management, CRM, HR, office tools
+• Communication — email, chat, messaging, notifications
+• Data & Analytics — dashboards, reporting, databases, BI tools
+• Development tools — code repositories, CI/CD, issue trackers, monitoring
+• Financial Services — accounting, invoicing, fintech (note: financial transaction execution is not permitted)
+• Consumer Health — fitness, wellness, personal health tracking
+• Health & Life Sciences — clinical, pharma, medical professional tools
+• Media & Entertainment — content, publishing, streaming
+• Commerce & Shopping — e-commerce, inventory, orders
+Multiple categories are allowed if genuinely applicable.`),
+	sponsoredContentsOrAdvertisement: claudeSponsoredContentSchema.describe(`Be honest here — advertising is not permitted in the Connectors Directory per Anthropic's policy. Select the option that accurately describes your server:
+• 'No, there is no sponsored content or advertisements' — the results your server returns are not influenced by paid placement or sponsorship. This is what almost all connectors should select.
+• 'Yes, there are banner ads or other paid visual elements' — your UI includes visual ads. NOTE: this will likely lead to rejection, as Anthropic prohibits advertising in Claude.
+• 'Yes, the returned content or ranking of returned content is impacted by sponsorship or ad placement' — paid results affect what you return. NOTE: this also likely leads to rejection.
+If your server returns organic results from a platform that has ads in its own UI (but your API results are not affected by ads), select 'No'.`),
+	transportSupport: z.array(claudeTransportSchema).describe(`Select all transport protocols your server supports:
+• 'Streamable HTTP' — the modern, recommended transport. Anthropic strongly recommends implementing this. This is the future-proof option and should be your default.
+• 'SSE (Server-Sent Events)' — the older transport. SSE may be deprecated by Anthropic later in 2025/2026. If you currently only support SSE, you should plan to migrate to Streamable HTTP.
+If you support both, select both. If you're building from scratch, implement Streamable HTTP only.`),
+	serverDocumentationLink: z.url().describe(`A public URL pointing to documentation that helps users understand and use your connector. This is displayed in the Directory listing and must be publicly accessible without login. Minimum requirements for the docs page:
+• What the connector does and its key capabilities
+• How to connect/set it up (step by step)
+• What each tool does (or at least the main ones)
+• How to troubleshoot common issues
+• A support contact or channel
+Acceptable formats: a dedicated docs page, a help center article, a README on GitHub, or a blog post — as long as it's comprehensive. Note: Anthropic requires public documentation to be live by your publish date.`),
+	privacyPolicyUrl: z.url().describe(`URL to your privacy policy. This is mandatory and displayed in the directory listing. Missing or incomplete privacy policies result in immediate rejection. Your privacy policy must cover:
+• What data you collect (and how)
+• How you use the collected data
+• Where and how long you store it
+• Whether you share data with third parties (and who)
+• How users can contact you about data concerns
+The policy must be publicly accessible. If you don't have one yet, create one before submitting — there are free generators online, but make sure it accurately reflects your actual practices. If you're GDPR-compliant, your policy should reflect that.`),
+	supportChannel: supportChannelSchema.describe(`A URL or email address where users can get help with your connector. This is displayed in the Directory listing. Acceptable options:
+• Email address (e.g. support@myapp.com)
+• Link to a GitHub Issues page
+• Link to a help center or support article
+• Link to a Discord/Slack community
+• Link to your documentation's troubleshooting section
+Also uses this to notify you of security or compliance issues, so make sure it's actively monitored.`),
+	testingCredentials: z.string().describe(`Provide login credentials for a test account that Anthropic reviewers can use to verify your server works end-to-end. Critical requirements:
+• The account must have sample/demo data loaded — reviewers need to actually test your tools with real data.
+• No 2FA — reviewers can't receive SMS codes. Disable 2FA on this account.
+• If your service uses Google OAuth or another OAuth that requires email verification, use mcp-review@anthropic.com as the account email — Anthropic has access to this inbox.
+• Credentials must remain valid for at least 30 days from submission.
+• If your service requires API keys instead of a password, provide those.
+Format suggestion: Username/email: xxx | Password: xxx | Any other notes`),
+	tools: z.array(toolDefinitionSchema).describe(`A comma-separated list of all tools your MCP server exposes. Use the format: tool_name (Human-Readable Name). The tool_name is the internal identifier (snake_case, max 64 characters). The Human-Readable Name is what users see.
+Example: list_issues (List Issues), create_issue (Create Issue), update_issue (Update Issue), delete_issue (Delete Issue), search_issues (Search Issues)
+Reviewers test every single tool you list here — don't list tools that don't work. Also: do not have a single catch-all tool like api_request(method, endpoint) — Anthropic rejects these. Each action should be its own purpose-built tool.`),
+	toolTitlesAnnotationsConfirmed: z.boolean().describe(`This is a compliance confirmation — check both boxes only if you have actually implemented these in your server code:
+• 'I've specified user-friendly titles for all tools' — every tool has a 'title' annotation (a human-readable label, different from the tool name).
+• 'I've specified accurate tool annotations for all tools' — every tool has the correct annotation: readOnlyHint: true for read operations (search, get, list, fetch), OR destructiveHint: true for write operations (create, update, delete, send).
+This is the #1 reason submissions get rejected (30% of all rejections). Do not check these boxes without actually having implemented the annotations. See MCP spec for how to add them.`),
+	logoLight: z.string().describe(`Your connector's logo as displayed in the directory. Requirements:
+• Format: SVG only
+• Aspect ratio: square (1:1)
+• Should work on both light and dark backgrounds (or you can provide separate light/dark versions)
+• Provide via URL (Google Drive link is fine) or upload directly
+Tip: use a simple, recognizable icon — not a full wordmark. The logo appears at small sizes in the directory grid.`),
+	screenshots: z.array(z.url()).describe(`Screenshots or promotional images of your connector in action within Claude. Strongly recommended for all connectors, and required for MCP Apps (interactive UI). Guidelines:
+• 3–5 images is ideal
+• Minimum 1000px width, PNG format preferred
+• Crop to just the relevant part of the Claude interface (the tool response area)
+• Show your connector doing something impressive and useful — real data, real results
+• If you're an MCP App, include screenshots of your interactive UI elements
+• Videos are also welcome
+These images appear in your directory listing and are a key factor in driving user installs.`)
+});
+claudeSubmissionFormDataSchema.pick({
+	companyName: true,
+	appName: true,
+	mcpUrlType: true,
+	serverUrl: true,
+	tools: true,
+	readWriteCapabilities: true,
+	isMcpApp: true,
+	transportSupport: true,
+	primaryContactEmail: true,
+	primaryContactName: true
+});
+claudeSubmissionFormDataSchema.pick({
+	tagline: true,
+	description: true,
+	categories: true,
+	testCases: true
+});
+const submissionMetaFieldsSchema = z.object({
+	id: z.string(),
+	environmentId: z.string(),
+	createdAt: z.coerce.date(),
+	updatedAt: z.coerce.date()
+});
+const claudeSubmissionSchemaInternal = submissionMetaFieldsSchema.extend({
+	platform: z.literal("claudeai"),
+	formData: claudeSubmissionFormDataSchema.partial()
+});
+const chatgptSubmissionSchemaInternal = submissionMetaFieldsSchema.extend({
+	platform: z.literal("chatgpt"),
+	formData: chatgptSubmissionFormDataSchema.partial()
+});
+z.discriminatedUnion("platform", [claudeSubmissionSchemaInternal, chatgptSubmissionSchemaInternal]);
+z.union([claudeSubmissionFormDataSchema.partial(), chatgptSubmissionFormDataSchema.partial()]);
+const subscriptionPlanSchema = z.enum([
+	"pro",
+	"business",
+	"enterprise"
+]);
+z.object({ plan: subscriptionPlanSchema.nullable() });
 //#endregion
 //#region src/schemas.ts
 const RESERVED_KEYS = [

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@alpic-ai/api",
-  "version": "1.127.1",
+  "version": "1.129.0",
   "description": "Contract for the Alpic API",
   "type": "module",
   "main": "./dist/index.mjs",