@brainerce/mcp-server 3.8.0 → 3.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/index.mjs CHANGED
@@ -1147,6 +1147,8 @@ const material = getProductMetafieldValue(product, 'material');
1147
1147
 
1148
1148
  **Metafield fields:** \`definitionName\` (display label), \`definitionKey\` (lookup key), \`value\`, \`type\` (IMAGE, GALLERY, URL, COLOR, BOOLEAN, DATE, DATETIME, TEXT, TEXTAREA, NUMBER, DIMENSION, WEIGHT, JSON)
1149
1149
 
1150
+ **Translations:** When the store has i18n enabled and \`client.setLocale()\` is active, both the \`definitionName\` (the merchant-authored label like "Warranty Info" / "\u05DE\u05D9\u05D3\u05E2 \u05D0\u05D7\u05E8\u05D9\u05D5\u05EA") **and** free-text \`value\` come back already translated. No per-call locale param needed.
1151
+
1150
1152
  ### Product Customization Fields (Customer Input)
1151
1153
 
1152
1154
  Some products allow customers to provide input at purchase time (e.g., text on a cake, upload a logo). Check \`product.customizationFields\` and render input fields accordingly.
@@ -1280,6 +1282,8 @@ await client.removeCoupon(cartId);
1280
1282
  const totals = getCartTotals(cart); // { subtotal, discount, shipping, total }
1281
1283
  \`\`\`
1282
1284
 
1285
+ > **Region-restricted coupons:** a coupon may carry \`regionIds\`. If the buyer's checkout region isn't in that list, \`applyCoupon\` / \`applyCheckoutCoupon\` reject the code even when everything else matches. Empty/omitted \`regionIds\` = valid in all regions.
1286
+
1283
1287
  **On the checkout page** (after checkout session exists \u2014 ALWAYS use this when checkoutId is available):
1284
1288
  \`\`\`typescript
1285
1289
  // Applies to cart AND updates checkout totals in one call
@@ -1607,6 +1611,8 @@ const groups: ModifierGroup[] = product.modifierGroups ?? [];
1607
1611
 
1608
1612
  **Money fields are strings.** \`priceDelta\` is \`"5.00"\` (or \`"-2.00"\` for downsell modifiers \u2014 see below). Use \`parseFloat()\` for display arithmetic; never compute the line total client-side \u2014 the server runs the free-allocation policy and returns the final \`unitPrice\` snapshot on the cart line.
1609
1613
 
1614
+ **Translations are automatic.** Both \`group.name\`/\`group.description\` and each \`modifier.name\`/\`modifier.description\` are overlay-resolved by the server on every read. Call \`client.setLocale('he')\` once and the modifier picker renders in Hebrew with no extra code (\`"\u05EA\u05D5\u05E1\u05E4\u05D5\u05EA"\` / \`"\u05D6\u05D9\u05EA\u05D9\u05DD"\`). See the \`i18n\` topic for the full multi-language flow.
1615
+
1610
1616
  ### Render: SINGLE \u2192 radio, MULTIPLE \u2192 checkbox
1611
1617
 
1612
1618
  Walk \`groups\` and pick the input type by \`selectionType\`. Sort modifiers by \`position\`.
@@ -2008,19 +2014,24 @@ window.location.href = authorizationUrl;
2008
2014
  \`\`\`typescript
2009
2015
  const params = new URLSearchParams(window.location.search);
2010
2016
  if (params.get('oauth_success') === 'true') {
2011
- const token = params.get('token');
2012
- if (token) {
2013
- client.setCustomerToken(token);
2014
- localStorage.setItem('customerToken', token);
2015
- // Optional: read customer_id, customer_email, is_new from params
2017
+ // Single-use auth_code is exchanged for the JWT via POST \u2014 keeps the JWT
2018
+ // out of the URL (browser history, CDN logs, Referer header).
2019
+ const code = params.get('auth_code');
2020
+ if (code) {
2021
+ const result = await client.exchangeOAuthCode(code);
2022
+ client.setCustomerToken(result.token);
2023
+ localStorage.setItem('customerToken', result.token);
2024
+ // Optional: result.customer, result.isNewCustomer, result.redirectUrl
2016
2025
  // Link guest cart: await client.linkCart(cartId);
2017
- window.location.href = '/account';
2026
+ window.location.href = result.redirectUrl || '/account';
2018
2027
  }
2019
2028
  } else if (params.get('oauth_error')) {
2020
2029
  // Show error: params.get('oauth_error')
2021
2030
  }
2022
2031
  \`\`\`
2023
2032
 
2033
+ > The legacy redirect format placed the JWT directly in the URL as \`?token=\`. That format is still emitted for backward compatibility, but it will be removed in the next major release \u2014 migrate to \`auth_code\` + \`exchangeOAuthCode()\` now.
2034
+
2024
2035
  ### Account Page (/account) \u2014 uses getMyProfile() and getMyOrders()
2025
2036
 
2026
2037
  \`\`\`typescript
@@ -2249,7 +2260,17 @@ overlay needed:
2249
2260
  - \`variants[].name\`
2250
2261
  - \`variant.attributes\` keys and values \u2014 \`getVariantOptions(variant)\` returns translated attribute names and option values automatically
2251
2262
  - \`productAttributeOptions[].attribute.name\`, \`attributeOption.name\`
2252
- - \`metafields[].value\`
2263
+ - \`metafields[].value\` (the free-text values customers submit)
2264
+ - \`metafields[].definition.name\`, \`metafields[].definition.description\` (the merchant-authored custom-field labels \u2014 "Warranty Info" / "\u05DE\u05D9\u05D3\u05E2 \u05D0\u05D7\u05E8\u05D9\u05D5\u05EA")
2265
+ - \`modifierGroups[].name\`, \`modifierGroups[].description\` (the group label shown on the PDP \u2014 e.g. "Toppings" / "\u05EA\u05D5\u05E1\u05E4\u05D5\u05EA")
2266
+ - \`modifierGroups[].modifiers[].name\`, \`modifierGroups[].modifiers[].description\` (each individual modifier \u2014 e.g. "Olives" / "\u05D6\u05D9\u05EA\u05D9\u05DD")
2267
+
2268
+ **Promotional surfaces:**
2269
+ - \`cart.bundles[].name\`, \`cart.bundles[].description\` (the bundle's own merchant-typed label, e.g. "Lunch Combo" / "\u05D0\u05E8\u05D5\u05D7\u05EA \u05E6\u05D4\u05E8\u05D9\u05D9\u05DD")
2270
+ - \`cart.bundles[].offeredProducts[].name\`, \`.slug\` (each product inside the bundle \u2014 fetched fresh from \`Product.translations\`)
2271
+ - \`checkout.bumps[].title\`, \`checkout.bumps[].description\` (the bump headline shown at checkout \u2014 falls back to the translated product name when merchant didn't override)
2272
+ - \`checkout.bumps[].bumpProduct.name\`, \`.slug\` (the underlying product)
2273
+ - Discount-rule names/descriptions (when surfaced as banner text via \`displayConfig\`)
2253
2274
 
2254
2275
  **Taxonomy (\`getCategories\`, \`getBrands\`, \`getTags\`):**
2255
2276
  - \`name\` on each item
@@ -2351,7 +2372,9 @@ const admin = new BrainerceClient({ apiKey: 'brainerce_...' });
2351
2372
 
2352
2373
  // Taxonomy: listCategories(), listBrands(), listTags(), listAttributes()
2353
2374
  // Shipping: listShippingZones(), createZoneShippingRate()
2354
- // Tax: getTaxRates(), createTaxRate()
2375
+ // Tax: getTaxRates(), createTaxRate() \u2014 a rate may target a tax class via taxClassId
2376
+ // Tax classes: getTaxClasses(), createTaxClass(), assignTaxClass(), mergeTaxClasses() (scope tax-classes:*)
2377
+ // Regions: getRegions(), createRegion(), setDefaultRegion(), updateRegionPaymentProviders() (scope regions:*)
2355
2378
  // Metafields: getMetafieldDefinitions(), setProductMetafield()
2356
2379
  // Team: getTeamMembers(), inviteTeamMember()
2357
2380
  // Email: getEmailTemplates(), createEmailTemplate()
@@ -2359,6 +2382,13 @@ const admin = new BrainerceClient({ apiKey: 'brainerce_...' });
2359
2382
  // OAuth: getOAuthProviders(), configureOAuthProvider()
2360
2383
  \`\`\`
2361
2384
 
2385
+ Store-level team management (\`inviteStoreMember\`, \`updateStoreMember\`) is the
2386
+ canonical replacement for the deprecated account-level helpers above. The
2387
+ invite accepts an optional \`salesChannelIds\` (vibe-coded \`connectionId\`s,
2388
+ \`vc_*\`) to restrict a member to specific channels \u2014 omit or pass \`[]\` for all
2389
+ channels. Use \`updateStoreMemberSalesChannels(storeId, memberId, { salesChannelIds })\`
2390
+ to change that scope later.
2391
+
2362
2392
  ### Per-Channel Publishing
2363
2393
 
2364
2394
  Categories, tags, brands, and metafield definitions are gated to specific
@@ -2390,7 +2420,70 @@ calls fail with \`404 Not Found\`.
2390
2420
 
2391
2421
  The vibe-coded read endpoints (used by storefront SDK calls in \`connectionId\`
2392
2422
  mode) automatically filter by these junction tables, so storefronts never see
2393
- entities that weren't published to their site.`;
2423
+ entities that weren't published to their site.
2424
+
2425
+ ### Tax classes (differential tax rates)
2426
+
2427
+ Charge different rates for different product types. A \`TaxRate\` may target a
2428
+ class via \`taxClassId\`; a rate with \`taxClassId: null\` is the **Standard
2429
+ fallback**. Checkout resolves each line's class **variant \u2192 product \u2192 category
2430
+ \u2192 store default \u2192 null**, then picks the matching rate (Standard if none).
2431
+ \`rate\` is a whole percentage (\`7.25\` = 7.25%). Requires the
2432
+ \`tax-classes:read\` / \`tax-classes:write\` scopes.
2433
+
2434
+ \`\`\`typescript
2435
+ const food = await admin.createTaxClass({ name: 'Food', slug: 'food' });
2436
+ await admin.assignTaxClass(food.id, { productIds: ['prod_1'], categoryIds: ['cat_food'] });
2437
+
2438
+ // class-specific rate \u2014 only food lines use it; everything else uses Standard
2439
+ await admin.createTaxRate({ name: 'VAT (Food)', rate: 0, country: 'GB', taxClassId: food.id });
2440
+
2441
+ // delete is blocked (409) while dependents exist \u2014 merge moves FKs then deletes:
2442
+ await admin.mergeTaxClasses(food.id, standardClassId);
2443
+ \`\`\`
2444
+
2445
+ Storefront (public, no apiKey \u2014 \`storeId\` mode): \`getStoreTaxClasses()\` lists
2446
+ the store's classes (storefront-safe fields only) for a transparency badge.
2447
+
2448
+ ### Regions (multi-currency / per-region providers)
2449
+
2450
+ A region binds countries \u2192 currency + tax-display mode + enabled payment
2451
+ providers. Manage them via the SDK (scopes \`regions:read\` / \`regions:write\`).
2452
+ \`detectRegion\` is a pure client-side helper to map a buyer's country to a
2453
+ region; pass the resolved \`regionId\` to \`createCheckout\` to associate the
2454
+ checkout with a region (recorded for reporting + provider scoping; currency
2455
+ follows the cart until FX price conversion lands).
2456
+
2457
+ \`\`\`typescript
2458
+ const eu = await admin.createRegion({
2459
+ name: 'EU', currency: 'EUR', countries: ['DE', 'FR'],
2460
+ taxInclusive: true, paymentProviderIds: ['app_inst_stripe'],
2461
+ });
2462
+ await admin.setDefaultRegion(eu.id);
2463
+
2464
+ const { data: regions } = await admin.getRegions();
2465
+ const region = admin.detectRegion('DE', regions); // \u2192 eu, else default, else null
2466
+ \`\`\`
2467
+
2468
+ Storefront (public, no apiKey \u2014 \`storeId\` mode): \`getStoreRegions()\` lists
2469
+ active regions, \`getStoreRegion(id)\` returns one region + its payment providers.
2470
+ Pair with \`detectRegion\` to pick the buyer's region for currency display.
2471
+
2472
+ \`\`\`typescript
2473
+ const store = new BrainerceClient({ storeId: 'store_123' });
2474
+ const { data: regions } = await store.getStoreRegions();
2475
+ const region = await store.getStoreRegion(regions[0].id);
2476
+ \`\`\`
2477
+
2478
+ A shipping zone can be limited to regions via \`regionIds\` \u2014 the zone is then
2479
+ only offered to checkouts that resolved to one of those regions. Empty/omitted =
2480
+ available for any region (default); each id must belong to the same store.
2481
+
2482
+ \`\`\`typescript
2483
+ await admin.createShippingZone({
2484
+ name: 'EU Express', countries: ['DE', 'FR', 'IT'], regionIds: [eu.id],
2485
+ });
2486
+ \`\`\``;
2394
2487
  }
2395
2488
  function getContactInquiriesSection() {
2396
2489
  return `## Contact Inquiries & Forms (optional)
@@ -3048,11 +3141,11 @@ interface Product {
3048
3141
  description?: string | null;
3049
3142
  descriptionFormat?: 'text' | 'html' | 'markdown' | null;
3050
3143
  sku: string;
3051
- basePrice: string; // Use parseFloat() for calculations
3052
- salePrice?: string | null;
3144
+ basePrice: string; // For VARIABLE products: MIN(variants.price). For SIMPLE: the parent price. parseFloat() for math.
3145
+ salePrice?: string | null; // For VARIABLE: MIN(variants.salePrice WHERE NOT NULL) \u2014 null iff no variant is on sale (WC is_on_sale() semantic). For SIMPLE: the parent sale price. Reliable "on sale?" check: product.salePrice !== null.
3053
3146
  costPrice?: string | null;
3054
- priceMin?: string | null; // Lowest variant price (VARIABLE products). Use for catalog/JSON-LD range display.
3055
- priceMax?: string | null; // Highest variant price (VARIABLE products).
3147
+ priceMin?: string | null; // Lowest variant price (VARIABLE products) \u2014 same as basePrice for VARIABLE, kept for back-compat and JSON-LD range display.
3148
+ priceMax?: string | null; // Highest variant price (VARIABLE products). Use with priceMin for "\u20AA49 \u2013 \u20AA199" range.
3056
3149
  priceVaries?: boolean; // true when variant prices differ \u2014 show "\u20AA49 \u2013 \u20AA199" range.
3057
3150
  status: string;
3058
3151
  type: 'SIMPLE' | 'VARIABLE';
@@ -3168,6 +3261,11 @@ interface ProductQueryParams {
3168
3261
  metafields?: Record<string, string | string[]>;
3169
3262
  sortBy?: 'name' | 'price' | 'createdAt';
3170
3263
  sortOrder?: 'asc' | 'desc';
3264
+ // PRD \xA722: resolve DISPLAY prices for this region. When set + valid, each
3265
+ // product/variant gains resolvedPrice/resolvedCurrency/priceSource (additive;
3266
+ // basePrice/salePrice untouched). Absent/invalid region \u2192 nothing attached.
3267
+ // Display-only. Ignored in vibe-coded (vc_*) mode (storefront/admin paths only).
3268
+ regionId?: string;
3171
3269
  }
3172
3270
 
3173
3271
  interface SearchSuggestions {
@@ -3293,6 +3391,7 @@ interface Checkout {
3293
3391
  status: CheckoutStatus;
3294
3392
  email?: string | null;
3295
3393
  customerId?: string | null;
3394
+ regionId?: string | null; // multi-region: recorded for reporting + provider scoping (currency follows the cart until FX lands)
3296
3395
  shippingAddress?: CheckoutAddress | null;
3297
3396
  billingAddress?: CheckoutAddress | null;
3298
3397
  shippingRateId?: string | null;
@@ -3369,6 +3468,7 @@ interface CreateCheckoutDto {
3369
3468
  cartId: string;
3370
3469
  customerId?: string;
3371
3470
  selectedItemIds?: string[]; // Partial checkout
3471
+ regionId?: string; // multi-region: associate the checkout with a region (must belong to the store; 400 if unknown)
3372
3472
  }
3373
3473
 
3374
3474
  // startGuestCheckout() return type \u2014 DISCRIMINATED UNION
@@ -3387,6 +3487,8 @@ interface TaxBreakdownItem {
3387
3487
  name: string;
3388
3488
  rate: number; // decimal: 0.17 = 17%
3389
3489
  amount: number;
3490
+ taxClassId?: string | null; // rate's tax class (null = Standard)
3491
+ taxClassSlug?: string | null; // class slug for attribution (null = Standard)
3390
3492
  }`;
3391
3493
  var ORDERS_TYPES = `// ---- Orders ----
3392
3494
 
@@ -3444,6 +3546,7 @@ interface OrderItem {
3444
3546
  // Snapshot of buyer-submitted customization values captured at checkout.
3445
3547
  // Keyed by metafield slug. \`value\` is string[] for MULTI_SELECT / GALLERY, string otherwise.
3446
3548
  customizations?: Record<string, { label: string; value: string | string[]; type: string }>;
3549
+ taxClassSlug?: string; // frozen slug of the line's resolved tax class (omitted = Standard fallback)
3447
3550
  }
3448
3551
 
3449
3552
  interface OrderCustomer {
@@ -3626,7 +3729,7 @@ function formatPrice(priceString: string | number | undefined | null, options?:
3626
3729
  function getProductPrice(product: Pick<Product, 'basePrice' | 'salePrice'>): number;
3627
3730
  function getProductPriceInfo(product: Pick<Product, 'basePrice' | 'salePrice' | 'discount' | 'priceMin' | 'priceVaries'>): {
3628
3731
  price: number; originalPrice: number; isOnSale: boolean; discountAmount: number; discountPercent: number;
3629
- }; // Falls back to priceMin when basePrice=0 (VARIABLE products)
3732
+ }; // For VARIABLE products, basePrice/salePrice are pre-aggregated (MIN of variants) \u2014 the helper just reads them. Use this whenever you need an "on sale?" badge or a "X% off" label.
3630
3733
  function getVariantPrice(variant: Pick<ProductVariant, 'price' | 'salePrice'>, productBasePrice: string): number;
3631
3734
 
3632
3735
  // Cart helpers
@@ -4159,6 +4262,95 @@ export interface Content<T extends ContentType = ContentType> extends ContentSum
4159
4262
  // stale-while-revalidate=60. Storefront changes propagate within ~5 min
4160
4263
  // of the merchant publishing. Do not add extra client-side caching
4161
4264
  // beyond Next.js's default fetch cache.`;
4265
+ var REGIONS_TYPES = `// ---- Regions & Tax Classes (Admin mode, apiKey) ----
4266
+ // storeId is derived from the API key \u2014 never pass it on admin calls.
4267
+
4268
+ // ---- Regions ---- (scopes: regions:read / regions:write)
4269
+ // A region binds countries \u2192 currency + tax-display mode + payment providers.
4270
+ interface Region {
4271
+ id: string;
4272
+ accountId: string;
4273
+ storeId: string;
4274
+ name: string;
4275
+ slug: string;
4276
+ currency: string; // ISO 4217, e.g. "EUR"
4277
+ countries: string[]; // ISO 3166-1 alpha-2, e.g. ["DE","FR"]
4278
+ taxInclusive: boolean; // show prices tax-inclusive in this region?
4279
+ automaticTaxes: boolean;
4280
+ isDefault: boolean; // fallback when buyer's country maps to no region
4281
+ isActive: boolean;
4282
+ paymentProviders?: RegionPaymentProvider[];
4283
+ createdAt: string;
4284
+ updatedAt: string;
4285
+ }
4286
+
4287
+ interface RegionPaymentProvider {
4288
+ id: string;
4289
+ regionId: string;
4290
+ appInstallationId: string;
4291
+ isEnabled: boolean;
4292
+ createdAt: string;
4293
+ }
4294
+
4295
+ interface CreateRegionDto {
4296
+ name: string;
4297
+ currency: string; // ISO 4217
4298
+ countries: string[]; // ISO 3166-1 alpha-2
4299
+ taxInclusive?: boolean;
4300
+ automaticTaxes?: boolean;
4301
+ isDefault?: boolean;
4302
+ paymentProviderIds?: string[]; // AppInstallation IDs to enable here
4303
+ }
4304
+ interface UpdateRegionDto extends Partial<CreateRegionDto> { isActive?: boolean }
4305
+
4306
+ // client.detectRegion(country, regions): Region | null \u2014 pure, no network.
4307
+ // \u2192 region whose countries includes the code, else the default region, else null.
4308
+ // Pass the resolved regionId to createCheckout to associate the checkout with a
4309
+ // region (recorded for reporting + provider scoping; currency follows the cart
4310
+ // until FX price conversion lands).
4311
+ //
4312
+ // Storefront (public, no apiKey \u2014 storeId mode):
4313
+ interface PublicRegion {
4314
+ id: string; name: string; slug: string; currency: string;
4315
+ countries: string[]; taxInclusive: boolean; isDefault: boolean;
4316
+ }
4317
+ interface PublicRegionDetail extends PublicRegion {
4318
+ paymentProviders: Array<{ id: string; appId: string; name: string | null }>;
4319
+ }
4320
+ // getStoreRegions(): { data: PublicRegion[] } \u2014 active regions, default first.
4321
+ // getStoreRegion(regionId): PublicRegionDetail \u2014 one region + its providers.
4322
+
4323
+ // ---- Tax Classes ---- (scopes: tax-classes:read / tax-classes:write)
4324
+ // Charge differential rates by product type. A TaxRate may target a class via
4325
+ // taxClassId; a rate with taxClassId=null is the Standard fallback. Per-line
4326
+ // resolution: variant \u2192 product \u2192 category \u2192 store default \u2192 null.
4327
+ interface TaxClass {
4328
+ id: string;
4329
+ accountId: string;
4330
+ storeId: string;
4331
+ name: string;
4332
+ slug: string; // kebab-case, unique per store
4333
+ description?: string | null;
4334
+ isDefault: boolean; // auto-applied to products without an explicit class
4335
+ createdAt: string;
4336
+ updatedAt: string;
4337
+ }
4338
+ interface CreateTaxClassDto { name: string; slug: string; description?: string; isDefault?: boolean }
4339
+ type UpdateTaxClassDto = Partial<CreateTaxClassDto>;
4340
+ // Bulk-assign a class to entities:
4341
+ interface AssignTaxClassDto { productIds?: string[]; variantIds?: string[]; categoryIds?: string[] }
4342
+
4343
+ // TaxRate / CreateTaxRateDto carry an optional taxClassId (null = Standard).
4344
+ // rate is a WHOLE PERCENTAGE (7.25 = 7.25%).
4345
+ //
4346
+ // SDK methods (admin):
4347
+ // Regions: getRegions(), getRegion(id), createRegion(dto), updateRegion(id, dto),
4348
+ // deleteRegion(id), setDefaultRegion(id), updateRegionPaymentProviders(id, ids),
4349
+ // addRegionCountries(id, codes), removeRegionCountry(id, code),
4350
+ // getRegionCompatibleProviders(id), detectRegion(country, regions)
4351
+ // Tax classes: getTaxClasses(), getTaxClass(id), createTaxClass(dto), updateTaxClass(id, dto),
4352
+ // deleteTaxClass(id), setDefaultTaxClass(id), assignTaxClass(id, dto),
4353
+ // mergeTaxClasses(id, targetId)`;
4162
4354
  var TYPES_BY_DOMAIN = {
4163
4355
  products: PRODUCTS_TYPES,
4164
4356
  cart: CART_TYPES,
@@ -4170,7 +4362,8 @@ var TYPES_BY_DOMAIN = {
4170
4362
  inquiries: INQUIRIES_TYPES,
4171
4363
  reviews: REVIEWS_TYPES,
4172
4364
  "modifier-groups": MODIFIER_GROUPS_TYPES,
4173
- content: CONTENT_TYPES
4365
+ content: CONTENT_TYPES,
4366
+ regions: REGIONS_TYPES
4174
4367
  };
4175
4368
  function getTypesByDomain(domain) {
4176
4369
  if (domain === "all") {
@@ -4201,10 +4394,12 @@ var GET_TYPE_DEFINITIONS_SCHEMA = {
4201
4394
  "helpers",
4202
4395
  "inquiries",
4203
4396
  "reviews",
4397
+ "modifier-groups",
4204
4398
  "content",
4399
+ "regions",
4205
4400
  "all"
4206
4401
  ]).describe(
4207
- 'The domain of types to retrieve. Use "helpers" for helper function signatures and common types like StoreInfo, PaginatedResponse. Use "content" for FAQ / Footer / Header / Announcement / RichText / Page.'
4402
+ 'The domain of types to retrieve. Use "helpers" for helper function signatures and common types like StoreInfo, PaginatedResponse. Use "content" for FAQ / Footer / Header / Announcement / RichText / Page. Use "regions" for Region / TaxClass admin types.'
4208
4403
  )
4209
4404
  };
4210
4405
  async function handleGetTypeDefinitions(args) {
@@ -5994,11 +6189,16 @@ Build both steps EVEN IF the store has no email provider configured today \u2014
5994
6189
  });
5995
6190
  window.location.href = authorizationUrl; // full-page redirect, NOT a popup
5996
6191
  \`\`\`
5997
- 3. **On the callback page** the URL contains \`token\` + \`oauth_success\` (or \`oauth_error\`) query params. Extract and apply the token:
6192
+ 3. **On the callback page** the URL contains \`auth_code\` + \`oauth_success\` (or \`oauth_error\`) query params. Exchange the single-use code for the JWT \u2014 never read the token from the URL:
5998
6193
  \`\`\`ts
5999
- const token = new URLSearchParams(location.search).get('token');
6000
- if (token) client.setCustomerToken(token); // then redirect to account
6194
+ const params = new URLSearchParams(location.search);
6195
+ const code = params.get('auth_code');
6196
+ if (code) {
6197
+ const result = await client.exchangeOAuthCode(code);
6198
+ client.setCustomerToken(result.token); // then redirect to account
6199
+ }
6001
6200
  \`\`\`
6201
+ The legacy \`?token=\` URL param is still emitted for backward compatibility but will be removed in the next major release \u2014 migrate to \`auth_code\` now.
6002
6202
  4. **On \`oauth_error\`:** redirect to login with an error message.
6003
6203
 
6004
6204
  Build the OAuth button region AND the callback handler even when no providers are configured. They auto-hide.`
@@ -6480,7 +6680,9 @@ function renderCapabilitiesSummary(caps) {
6480
6680
  );
6481
6681
  lines.push(`- Downloadable products: ${caps.features.hasDownloadableProducts ? "yes" : "no"}`);
6482
6682
  lines.push(`- Checkout custom fields: ${caps.features.hasCheckoutCustomFields ? "yes" : "no"}`);
6483
- lines.push(`- Content (FAQ/footer/header/announcements/pages): ${caps.features.hasContent ? "seeded" : "none \u2014 build chrome UI with fallbacks"}`);
6683
+ lines.push(
6684
+ `- Content (FAQ/footer/header/announcements/pages): ${caps.features.hasContent ? "seeded" : "none \u2014 build chrome UI with fallbacks"}`
6685
+ );
6484
6686
  lines.push(
6485
6687
  `- Email verification: ${caps.connection.requireEmailVerification ? "required" : "not required (still build the verify-email flow)"}`
6486
6688
  );
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@brainerce/mcp-server",
3
- "version": "3.8.0",
3
+ "version": "3.9.0",
4
4
  "description": "Framework-agnostic domain knowledge API for Brainerce. Provides SDK docs, types, business flows, critical rules, and store capabilities to AI tools like Lovable, Cursor, Bolt, v0, and Claude Code. Does NOT provide framework-specific boilerplate — clients build in whatever framework fits.",
5
5
  "bin": {
6
6
  "brainerce-mcp": "dist/bin/stdio.js"