npm - @alpic-ai/api - Versions diffs - 1.128.0 → 1.129.1 - Mend

@alpic-ai/api 1.128.0 → 1.129.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/index.mjs +150 -30
package/package.json +1 -1

package/dist/index.mjs CHANGED Viewed

@@ -71,6 +71,16 @@ const auditReportWithScreenshotsSchema = auditReportSchema.extend({ widgetScreen
 	chatgpt: widgetScreenshotSchema.optional(),
 	claudeai: widgetScreenshotSchema.optional()
 }) });
+z.enum([
+	"ongoing",
+	"deployed",
+	"failed",
+	"canceled"
+]);
+z.object({
+	timestamp: z.coerce.date().optional(),
+	content: z.string().optional()
+});
 z.object({
 	id: z.string(),
 	createdAt: z.coerce.date(),
@@ -82,9 +92,17 @@ z.object({
 	content: z.string(),
 	source: z.enum(["model", "user"])
 });
+z.object({
+	id: z.string(),
+	teamId: z.string(),
+	email: z.string(),
+	expiresAt: z.coerce.date(),
+	createdAt: z.coerce.date(),
+	updatedAt: z.coerce.date()
+});
 const toolDefinitionSchema = z.object({
 	name: z.string(),
-	title: z.string().optional(),
+	title: z.string().optional().describe("Human-friendly name for the tool, used in the UI. If not provided, `name` will be used."),
 	description: z.string().optional(),
 	annotations: z.object({
 		readOnlyHint: z.boolean().optional(),
@@ -168,7 +186,15 @@ chatgptSubmissionFormDataSchema.pick({
 	serverUrl: true,
 	tools: true,
 	authentication: true
-}).partial();
+});
+chatgptSubmissionFormDataSchema.pick({
+	tagline: true,
+	description: true,
+	category: true,
+	testCases: true,
+	negativeTestCases: true,
+	toolJustifications: true
+});
 const claudeCategorySchema = z.enum([
 	"Business & Productivity",
 	"Communication",
@@ -228,34 +254,121 @@ Rules:
 (1) Do NOT include the words 'MCP' or 'Server' — these are auto-rejected.
 (2) Use your brand/product name, e.g. 'Notion', 'Linear', 'Slack'.
 (3) You must own or have the right to use this brand name. For example, don't call it 'Google Drive Helper' if you're not Google.`),
-	mcpUrlType: claudeMcpUrlTypeSchema.describe("Universal URL = one URL serves all users. Custom MCP URLs = signup URL + regex matching per-user URLs."),
-	serverUrl: z.url().describe("Production MCP server URL (https). Derived from the project's production environment by default."),
-	tagline: z.string().max(55).describe("Short blurb shown below the server name. 55 chars max."),
-	description: z.string().describe("50–100 words describing what the server does and its key capabilities. Lives on the directory listing."),
-	testCases: z.array(positiveTestCaseSchema).describe("At least 3 use cases with example prompts showing the value of the connector."),
-	connectionRequirements: z.string().describe(`Prerequisites before connecting:
-• Free/premium account
-• Admin seat
-• Geographic availability
-• Custom instance URL
+	mcpUrlType: claudeMcpUrlTypeSchema.describe(`Choose how your server URL works:
+• 'Universal URL': one single URL that all users connect to (most common). Example: https://mcp.myapp.com
+• 'Custom MCP URLs': each user gets their own unique URL (e.g. based on their workspace or instance).
+If you choose this, you'll need to provide both a signup URL and a regex pattern that matches valid server URLs for your service.`),
+	serverUrl: z.url().describe(`If 'Universal URL': enter the full https:// URL where your MCP server is hosted and reachable. Example: https://mcp.myapp.com/
+If 'Custom MCP URLs': provide (1) the signup/onboarding URL where users create an account, and (2) a regex pattern that matches all valid server URLs for your service (e.g. https://[a-z0-9-]+\\.myapp\\.com/mcp). The server must be publicly accessible without VPN or whitelisting required.`),
+	tagline: z.string().max(55).describe(`A very short, punchy description shown below your server name in the directory listing. Max 55 characters including spaces.
+Think of it as a subtitle or elevator pitch fragment. Example: 'Manage tasks and projects in Linear' or 'Search and read your Notion workspace'. Avoid generic phrases like 'The best MCP server for...'`),
+	description: z.string().describe(`A 50–100 word description of what your MCP server does. This appears in the connector's detail page inside Claude. Write it from a user perspective: what can users do with this connector? What are the key features/tools? Avoid marketing fluff. Be specific. Example: 'Connect Claude to your Linear workspace. Create and update issues, search projects, manage teams, and track engineering cycles, all from within Claude.' Anthropic reviewers check this for accuracy against your actual tools.`),
+	testCases: z.array(positiveTestCaseSchema).describe(`Provide at least 3 concrete use cases, each with an example prompt a user could type to Claude. These are critical: Anthropic reviewers literally test your server using these prompts. Good examples are specific and demonstrate real value.
+Best format: [Use case]: [exact prompt]"
+Example for a task manager:
+1. Create a task: 'Create a task called Review Q3 report, due Friday, assigned to Alice'
+2. Search tasks: 'Show me all open bugs in the Mobile project'
+3. Update status: 'Mark the Deploy v2.1 task as done'"`),
+	connectionRequirements: z.string().describe(`Describe any prerequisites a user must have before they can connect your server. Be exhaustive. Examples of things to mention:
+• Account type required (free vs paid plan)
+• Admin permissions or specific roles needed
+• Geographic restrictions (e.g. 'US only' or 'Not available in EU')
+• If users need to provide their own server URL or instance domain
+• Any setup steps needed before connecting (e.g. 'Enable API access in your account settings')
+If there are genuinely no special requirements, write exactly: 'No special requirements.'`),
+	readWriteCapabilities: claudeReadWriteCapabilitiesSchema.describe(`Select the option that best describes what your server can do:
-State 'No special requirements.' if none.`),
-	readWriteCapabilities: claudeReadWriteCapabilitiesSchema.describe("Inferred from the `readOnlyHint` annotations on the MCP tools."),
-	isMcpApp: z.boolean().describe("True if the server exposes interactive UI elements (widgets). Inferred from the MCP connection."),
-	thirdPartyConnectionsAndWebAccess: z.array(claudeThirdPartySchema).describe("Multi-select of what the server reaches out to (web, third-party AI, data aggregators)."),
-	dataHandling: z.array(claudeDataHandlingSchema).describe("Multi-select of data-handling practices that accurately describe the server. Cannot be inferred — user must self-declare."),
-	personalDataHealthAccess: z.boolean().describe("True only if the connector gives users access to their own personal health data (medical records, lab results, health metrics)."),
-	categories: z.array(claudeCategorySchema).describe("Multi-select of categories that best describe the server in the directory."),
-	sponsoredContentsOrAdvertisement: claudeSponsoredContentSchema.describe("Disclose paid promotion or sponsored content. Cannot be filled by Alpic — user must self-declare."),
-	transportSupport: z.array(claudeTransportSchema).describe("Multi-select of transport protocols the server supports. Anthropic recommends Streamable HTTP (SSE may be deprecated later this year)."),
-	serverDocumentationLink: z.url().describe("Public docs URL covering what the MCP does, setup, debugging, and self-serve support. The Alpic playground may be used."),
-	privacyPolicyUrl: z.url().describe("URL to your privacy policy. Mandatory and displayed alongside the directory listing."),
-	supportChannel: supportChannelSchema.describe("Link or email for user support (help center, GitHub issues, docs, support@…). Displayed alongside the directory listing."),
-	testingCredentials: z.string().describe("Credentials for reviewers to verify functionality. Required if the server uses OAuth. No 2FA. Use mcp-review@anthropic.com if an accessible email is needed."),
-	tools: z.array(toolDefinitionSchema).describe("List of tools exposed by the MCP server (auto-populated from the production server's manifest)."),
-	toolTitlesAnnotationsConfirmed: z.boolean().describe("Confirmation that all tools have user-friendly titles and accurate annotations (readOnlyHint, destructiveHint, …)."),
-	logoLight: z.string().describe("Server/app logo for light mode. Square 1:1 aspect ratio. SVG preferred for Claude."),
-	screenshots: z.array(z.url()).describe("URLs of screenshots of the connector on Claude.ai or promo material. 3–5 ideal. ≥1000px width preferred, PNG, cropped to the app response. Videos welcome.")
+'Read Only': your tools only fetch/retrieve data (GET operations). Claude cannot modify anything via your server.
+'Write Only': your tools only create/update/delete data (rare).
+'Read + Write': your tools can both retrieve AND modify data (most common for full-featured connectors).
+Note: Anthropic rejects catch-all tools that accept both safe (GET) and unsafe (POST, PUT, DELETE) HTTP methods via a parameter e.g. a single api_request(method, endpoint) tool. Each tool should have a fixed, specific purpose. `),
+	isMcpApp: z.boolean().describe(`Select 'Yes' if your MCP server renders interactive UI elements (aka widgets or views) inside the Claude conversation.
+Select 'No' if your server only returns text/data responses.
+If 'Yes', you will also be required to provide screenshots of your UI (see Promotional Images section). MCP Apps are displayed with a special badge in the directory.`),
+	thirdPartyConnectionsAndWebAccess: z.array(claudeThirdPartySchema).describe(`Multi-select all that apply to your server's behavior:
+• 'Web access' — your server fetches arbitrary URLs, scrapes websites, or makes open-ended HTTP requests to the web (not just your own API).
+• 'Third-party AI model integration' — your server calls another AI model (e.g. OpenAI, Gemini, Cohere) as part of its processing.
+• 'Third-party data retrieval' — your server retrieves data via a workflow or aggregator platform (e.g. Zapier, Make, n8n) rather than calling your own API directly.
+• 'Third-party data modification' — your server modifies data via such a platform.
+• 'N/A' — your server only calls your own first-party API and does nothing else. Select this only if none of the above apply.`),
+	dataHandling: z.array(claudeDataHandlingSchema).describe(`Multi-select all data handling practices that accurately apply to your server. You must select at least 3. Key points:
+• 'Server only accesses data explicitly requested by user' — your server doesn't silently read unrelated user data.
+• 'No data is stored beyond session requirements' — you don't log or retain conversation data after the session.
+• 'Data transmission is encrypted (HTTPS/TLS)' — all data in transit is encrypted. This should always apply for remote servers.
+• 'GDPR compliant' — if you operate in the EU or serve EU users, check this only if you are genuinely compliant. Don't check it without having proper data processing agreements and procedures in place.
+Note: These are attestations — you are legally agreeing to these practices by submitting the form.`),
+	personalDataHealthAccess: z.boolean().describe(`Select 'Yes' ONLY if your connector gives users access to their own personal health information — such as medical records, lab results, diagnoses, prescriptions, wearable health metrics (heart rate, sleep data, etc.), or mental health data.
+Select 'No' for the vast majority of business/productivity/dev tools. When in doubt, select 'No'. This field triggers additional compliance review if 'Yes'.`),
+	categories: z.array(claudeCategorySchema).describe(`Select the category or categories that best describe your connector. This determines where it appears in the directory's browse experience. Choose the most specific fit:
+• Business & Productivity — project management, CRM, HR, office tools
+• Communication — email, chat, messaging, notifications
+• Data & Analytics — dashboards, reporting, databases, BI tools
+• Development tools — code repositories, CI/CD, issue trackers, monitoring
+• Financial Services — accounting, invoicing, fintech (note: financial transaction execution is not permitted)
+• Consumer Health — fitness, wellness, personal health tracking
+• Health & Life Sciences — clinical, pharma, medical professional tools
+• Media & Entertainment — content, publishing, streaming
+• Commerce & Shopping — e-commerce, inventory, orders
+Multiple categories are allowed if genuinely applicable.`),
+	sponsoredContentsOrAdvertisement: claudeSponsoredContentSchema.describe(`Be honest here — advertising is not permitted in the Connectors Directory per Anthropic's policy. Select the option that accurately describes your server:
+• 'No, there is no sponsored content or advertisements' — the results your server returns are not influenced by paid placement or sponsorship. This is what almost all connectors should select.
+• 'Yes, there are banner ads or other paid visual elements' — your UI includes visual ads. NOTE: this will likely lead to rejection, as Anthropic prohibits advertising in Claude.
+• 'Yes, the returned content or ranking of returned content is impacted by sponsorship or ad placement' — paid results affect what you return. NOTE: this also likely leads to rejection.
+If your server returns organic results from a platform that has ads in its own UI (but your API results are not affected by ads), select 'No'.`),
+	transportSupport: z.array(claudeTransportSchema).describe(`Select all transport protocols your server supports:
+• 'Streamable HTTP' — the modern, recommended transport. Anthropic strongly recommends implementing this. This is the future-proof option and should be your default.
+• 'SSE (Server-Sent Events)' — the older transport. SSE may be deprecated by Anthropic later in 2025/2026. If you currently only support SSE, you should plan to migrate to Streamable HTTP.
+If you support both, select both. If you're building from scratch, implement Streamable HTTP only.`),
+	serverDocumentationLink: z.url().describe(`A public URL pointing to documentation that helps users understand and use your connector. This is displayed in the Directory listing and must be publicly accessible without login. Minimum requirements for the docs page:
+• What the connector does and its key capabilities
+• How to connect/set it up (step by step)
+• What each tool does (or at least the main ones)
+• How to troubleshoot common issues
+• A support contact or channel
+Acceptable formats: a dedicated docs page, a help center article, a README on GitHub, or a blog post — as long as it's comprehensive. Note: Anthropic requires public documentation to be live by your publish date.`),
+	privacyPolicyUrl: z.url().describe(`URL to your privacy policy. This is mandatory and displayed in the directory listing. Missing or incomplete privacy policies result in immediate rejection. Your privacy policy must cover:
+• What data you collect (and how)
+• How you use the collected data
+• Where and how long you store it
+• Whether you share data with third parties (and who)
+• How users can contact you about data concerns
+The policy must be publicly accessible. If you don't have one yet, create one before submitting — there are free generators online, but make sure it accurately reflects your actual practices. If you're GDPR-compliant, your policy should reflect that.`),
+	supportChannel: supportChannelSchema.describe(`A URL or email address where users can get help with your connector. This is displayed in the Directory listing. Acceptable options:
+• Email address (e.g. support@myapp.com)
+• Link to a GitHub Issues page
+• Link to a help center or support article
+• Link to a Discord/Slack community
+• Link to your documentation's troubleshooting section
+Also uses this to notify you of security or compliance issues, so make sure it's actively monitored.`),
+	testingCredentials: z.string().describe(`Provide login credentials for a test account that Anthropic reviewers can use to verify your server works end-to-end. Critical requirements:
+• The account must have sample/demo data loaded — reviewers need to actually test your tools with real data.
+• No 2FA — reviewers can't receive SMS codes. Disable 2FA on this account.
+• If your service uses Google OAuth or another OAuth that requires email verification, use mcp-review@anthropic.com as the account email — Anthropic has access to this inbox.
+• Credentials must remain valid for at least 30 days from submission.
+• If your service requires API keys instead of a password, provide those.
+Format suggestion: Username/email: xxx | Password: xxx | Any other notes`),
+	tools: z.array(toolDefinitionSchema).describe(`A comma-separated list of all tools your MCP server exposes. Use the format: tool_name (Human-Readable Name). The tool_name is the internal identifier (snake_case, max 64 characters). The Human-Readable Name is what users see.
+Example: list_issues (List Issues), create_issue (Create Issue), update_issue (Update Issue), delete_issue (Delete Issue), search_issues (Search Issues)
+Reviewers test every single tool you list here — don't list tools that don't work. Also: do not have a single catch-all tool like api_request(method, endpoint) — Anthropic rejects these. Each action should be its own purpose-built tool.`),
+	toolTitlesAnnotationsConfirmed: z.boolean().describe(`This is a compliance confirmation — check both boxes only if you have actually implemented these in your server code:
+• 'I've specified user-friendly titles for all tools' — every tool has a 'title' annotation (a human-readable label, different from the tool name).
+• 'I've specified accurate tool annotations for all tools' — every tool has the correct annotation: readOnlyHint: true for read operations (search, get, list, fetch), OR destructiveHint: true for write operations (create, update, delete, send).
+This is the #1 reason submissions get rejected (30% of all rejections). Do not check these boxes without actually having implemented the annotations. See MCP spec for how to add them.`),
+	logoLight: z.string().describe(`Your connector's logo as displayed in the directory. Requirements:
+• Format: SVG only
+• Aspect ratio: square (1:1)
+• Should work on both light and dark backgrounds (or you can provide separate light/dark versions)
+• Provide via URL (Google Drive link is fine) or upload directly
+Tip: use a simple, recognizable icon — not a full wordmark. The logo appears at small sizes in the directory grid.`),
+	screenshots: z.array(z.url()).describe(`Screenshots or promotional images of your connector in action within Claude. Strongly recommended for all connectors, and required for MCP Apps (interactive UI). Guidelines:
+• 3–5 images is ideal
+• Minimum 1000px width, PNG format preferred
+• Crop to just the relevant part of the Claude interface (the tool response area)
+• Show your connector doing something impressive and useful — real data, real results
+• If you're an MCP App, include screenshots of your interactive UI elements
+• Videos are also welcome
+These images appear in your directory listing and are a key factor in driving user installs.`)
 });
 claudeSubmissionFormDataSchema.pick({
 	companyName: true,
@@ -264,10 +377,17 @@ claudeSubmissionFormDataSchema.pick({
 	serverUrl: true,
 	tools: true,
 	readWriteCapabilities: true,
+	isMcpApp: true,
 	transportSupport: true,
 	primaryContactEmail: true,
 	primaryContactName: true
-}).partial();
+});
+claudeSubmissionFormDataSchema.pick({
+	tagline: true,
+	description: true,
+	categories: true,
+	testCases: true
+});
 const submissionMetaFieldsSchema = z.object({
 	id: z.string(),
 	environmentId: z.string(),

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@alpic-ai/api",
-  "version": "1.128.0",
+  "version": "1.129.1",
   "description": "Contract for the Alpic API",
   "type": "module",
   "main": "./dist/index.mjs",