@capivv/mcp-server 0.5.26 → 0.5.39

package/dist/client.d.ts

@@ -1,5 +1,5 @@
 import type { Config } from './config.js';
-import type { App, Product, Entitlement, Offering, Rule, Experiment, ExperimentSummary, AnalyticsOverview, OnboardingResponse, ImportPreviewResponse, CreateAppRequest, CreateEntitlementRequest, CreateProductRequest, CreateOfferingRequest, CreateRuleRequest, ValidateRuleRequest, ValidateRuleResponse, WhoamiResponse, ApiKeyUsageResponse, Paywall, CreatePaywallRequest, UpdatePaywallRequest, PaywallStats, Promotion, CreatePromotionRequest, UpdatePromotionRequest, RescueFlow, CreateRescueFlowRequest, UpdateRescueFlowRequest, RescueStats, PricingStrategy, CreatePricingStrategyRequest, PricingPreviewResult, PricingRecomputeRequest, PricingRecomputeResult, PricingPushResult, PricingChangeRequest, SetCountryPriceOverrideRequest, ExperimentWithVariants, CreateExperimentRequest, UpdateExperimentRequest, UpdateAppRequest, UpdateEntitlementRequest, UpdateOfferingRequest, AutopilotRunResult, SyncSuggestion, SyncSuggestionsCount, TriggerSyncResult, IntegrationSummary, ConnectAppleIntegrationRequest, ConnectAppleIntegrationResult, ConnectGoogleIntegrationRequest, ConnectGoogleIntegrationResult, SetSubscriptionReviewScreenshotRequest, SetSubscriptionReviewScreenshotResult, SubscriptionStateInfo, TouchSubscriptionResult, ProbeSubmissionRequest, ProbeSubmissionResult, SetAppPrivacyUrlRequest, SetAppPrivacyUrlResult, SetIapReviewScreenshotRequest, SetIapReviewScreenshotResult, IapStateInfo, ListAppleSubscriptionsResult, ListAppleIapsResult, DeleteAppleResult, ListAppUsersResult, FindUserResult, GrantEntitlementRequest, GrantEntitlementResult, RevokeEntitlementRequest, SetAppleSubscriptionLevelRequest, SetAppleSubscriptionLevelResult, SetReviewScreenshotRequest, SetReviewScreenshotResult } from './types.js';
+import type { App, Product, Entitlement, Offering, Rule, Experiment, ExperimentSummary, AnalyticsOverview, OnboardingResponse, ImportPreviewResponse, CreateAppRequest, CreateEntitlementRequest, CreateProductRequest, CreateOfferingRequest, CreateRuleRequest, ValidateRuleRequest, ValidateRuleResponse, WhoamiResponse, ApiKeyUsageResponse, Paywall, CreatePaywallRequest, UpdatePaywallRequest, PaywallStats, Promotion, CreatePromotionRequest, UpdatePromotionRequest, RescueFlow, CreateRescueFlowRequest, UpdateRescueFlowRequest, RescueStats, PricingStrategy, CreatePricingStrategyRequest, PricingPreviewResult, PricingRecomputeRequest, PricingRecomputeResult, PricingPushResult, PricingChangeRequest, SetCountryPriceOverrideRequest, ExperimentWithVariants, CreateExperimentRequest, UpdateExperimentRequest, UpdateAppRequest, UpdateEntitlementRequest, UpdateOfferingRequest, AutopilotRunResult, SyncSuggestion, SyncSuggestionsCount, TriggerSyncResult, IntegrationSummary, ConnectAppleIntegrationRequest, ConnectAppleIntegrationResult, ConnectGoogleIntegrationRequest, ConnectGoogleIntegrationResult, SetSubscriptionReviewScreenshotRequest, SetSubscriptionReviewScreenshotResult, SubscriptionStateInfo, TouchSubscriptionResult, ProbeSubmissionRequest, ProbeSubmissionResult, SetAppPrivacyUrlRequest, SetAppPrivacyUrlResult, SetIapReviewScreenshotRequest, SetIapReviewScreenshotResult, IapStateInfo, ListAppleSubscriptionsResult, ListAppleIapsResult, DeleteAppleResult, ListAppUsersResult, FindUserResult, GrantEntitlementRequest, GrantEntitlementResult, RevokeEntitlementRequest, SetAppleSubscriptionLevelRequest, SetAppleSubscriptionLevelResult, SetReviewScreenshotRequest, SetReviewScreenshotResult, DeleteAppUserRequest, DeleteAppUserResult, AttachToReviewSubmissionRequest, AttachToReviewSubmissionResult, SetAppLegalUrlsRequest, SetAppLegalUrlsResult, DriftReportRequest, DriftReportResult, DebugAppleSyncRequest, DebugAppleSyncResult } from './types.js';
 export declare class ApiError extends Error {
     status: number;
     code: string;
@@ -35,7 +35,18 @@ export declare class CapivvClient {
     createProduct(data: CreateProductRequest): Promise<Product>;
     private patch;
     private delete;
-    updateProduct(id: string, data: Partial<Omit<CreateProductRequest, 'app_id'>>): Promise<Product>;
+    /**
+     * V0.5.34 — widened to allow `pricing_strategy_id` (issue #13 gap 1). The
+     * backend now binds the strategy to the product when this is set; pre-v0.5.34
+     * there was no API path to do it. `pricing_strategy_id` is intentionally
+     * not on CreateProductRequest because the field is only mutable post-create.
+     */
+    updateProduct(id: string, data: Partial<Omit<CreateProductRequest, 'app_id'>> & {
+        pricing_strategy_id?: string;
+        base_amount_cents?: number;
+        base_currency?: string;
+        base_country_code?: string;
+    }): Promise<Product>;
     deleteProduct(id: string): Promise<void>;
     deleteRule(id: string): Promise<void>;
     activateRule(id: string): Promise<Rule>;
@@ -65,6 +76,15 @@ export declare class CapivvClient {
     createExperiment(data: CreateExperimentRequest): Promise<ExperimentWithVariants>;
     getExperiment(id: string): Promise<ExperimentWithVariants>;
     updateExperiment(id: string, data: UpdateExperimentRequest): Promise<ExperimentWithVariants>;
+    /**
+     * V0.5.36 — patch a single variant's name / traffic_percent / config.
+     * Issue #15.
+     */
+    updateExperimentVariant(experimentId: string, variantId: string, data: {
+        name?: string;
+        traffic_percent?: number;
+        config?: Record<string, unknown>;
+    }): Promise<unknown>;
     startExperiment(id: string): Promise<ExperimentWithVariants>;
     stopExperiment(id: string): Promise<ExperimentWithVariants>;
     getApp(id: string): Promise<App>;
@@ -110,4 +130,9 @@ export declare class CapivvClient {
     }>;
     setAppleSubscriptionLevel(req: SetAppleSubscriptionLevelRequest): Promise<SetAppleSubscriptionLevelResult>;
     setReviewScreenshot(req: SetReviewScreenshotRequest): Promise<SetReviewScreenshotResult>;
+    deleteAppUser(req: DeleteAppUserRequest): Promise<DeleteAppUserResult>;
+    attachProductsToReviewSubmission(req: AttachToReviewSubmissionRequest): Promise<AttachToReviewSubmissionResult>;
+    setAppLegalUrls(req: SetAppLegalUrlsRequest): Promise<SetAppLegalUrlsResult>;
+    driftReport(req?: DriftReportRequest): Promise<DriftReportResult>;
+    debugAppleSync(req: DebugAppleSyncRequest): Promise<DebugAppleSyncResult>;
 }

package/dist/client.js

@@ -135,6 +135,12 @@ export class CapivvClient {
     delete(path) {
         return this.request('DELETE', path);
     }
+    /**
+     * V0.5.34 — widened to allow `pricing_strategy_id` (issue #13 gap 1). The
+     * backend now binds the strategy to the product when this is set; pre-v0.5.34
+     * there was no API path to do it. `pricing_strategy_id` is intentionally
+     * not on CreateProductRequest because the field is only mutable post-create.
+     */
     async updateProduct(id, data) {
         return this.patch(`/dashboard/products/${encodeURIComponent(id)}`, data);
     }
@@ -245,6 +251,13 @@ export class CapivvClient {
     async updateExperiment(id, data) {
         return this.patch(`/dashboard/experiments/${encodeURIComponent(id)}`, data);
     }
+    /**
+     * V0.5.36 — patch a single variant's name / traffic_percent / config.
+     * Issue #15.
+     */
+    async updateExperimentVariant(experimentId, variantId, data) {
+        return this.patch(`/dashboard/experiments/${encodeURIComponent(experimentId)}/variants/${encodeURIComponent(variantId)}`, data);
+    }
     async startExperiment(id) {
         return this.post(`/dashboard/experiments/${encodeURIComponent(id)}/start`);
     }
@@ -401,4 +414,22 @@ export class CapivvClient {
         const { external_id, ...body } = req;
         return this.post(`/dashboard/products/by-external-id/${encodeURIComponent(external_id)}/review-screenshot`, body);
     }
+    async deleteAppUser(req) {
+        const { user_id, ...body } = req;
+        return this.post(`/dashboard/users/${encodeURIComponent(user_id)}/delete`, body);
+    }
+    async attachProductsToReviewSubmission(req) {
+        const { app_id, ...body } = req;
+        return this.post(`/dashboard/apps/${encodeURIComponent(app_id)}/apple/attach-to-review-submission`, body);
+    }
+    async setAppLegalUrls(req) {
+        const { app_id, ...body } = req;
+        return this.post(`/dashboard/apps/${encodeURIComponent(app_id)}/legal-urls`, body);
+    }
+    async driftReport(req = {}) {
+        return this.post('/dashboard/drift-report', req);
+    }
+    async debugAppleSync(req) {
+        return this.post(`/dashboard/apps/${encodeURIComponent(req.app_id)}/apple/debug-sync`);
+    }
 }

package/dist/tools/attach-products-to-review-submission.d.ts

@@ -0,0 +1,3 @@
+import type { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
+import type { CapivvClient } from '../client.js';
+export declare function registerAttachProductsToReviewSubmissionTool(server: McpServer, client: CapivvClient): void;

package/dist/tools/attach-products-to-review-submission.js

@@ -0,0 +1,27 @@
+import { z } from 'zod';
+export function registerAttachProductsToReviewSubmissionTool(server, client) {
+    server.tool('capivv_attach_products_to_version', [
+        "Attach subscriptions and in-app purchases to an Apple App Store version submission so they ship with the app version's review.",
+        '',
+        "Apple requires the first IAPs / subs on a new app to be explicitly attached to the v1.0 version submission via App Store Connect's \"In-App Purchases and Subscriptions\" section. Without this attachment the version submits but the products aren't reviewed, and Apple rejects under guideline 2.1(b) — caught by Interrupt's v1.0 first rejection.",
+        '',
+        "This tool POSTs `/v1/reviewSubmissionItems` on Apple's side for each product. Capivv resolves the right relationship type per product (subscription vs in-app purchase) from its DB. Mix subs and IAPs freely in the same call — they all attach to the same submission.",
+        '',
+        "By default Capivv picks the latest `READY_FOR_REVIEW` review submission for the app (the one developers can still modify before submitting). Pass `apple_review_submission_id` to target a specific submission.",
+        '',
+        "Per-product errors don't abort the batch — each product reports success/failure independently. 409 from Apple (item already attached) is treated as success for retry idempotency.",
+    ].join(' '), {
+        app_id: z.string().describe('Capivv app UUID.'),
+        external_ids: z
+            .array(z.string())
+            .min(1)
+            .describe('List of Capivv product external_ids to attach. Mix subscriptions and IAPs freely. Each one Capivv resolves to the right Apple numeric id + relationship type.'),
+        apple_review_submission_id: z
+            .string()
+            .optional()
+            .describe("Override the auto-pick. Default: the app's latest READY_FOR_REVIEW submission."),
+    }, async (args) => {
+        const result = await client.attachProductsToReviewSubmission(args);
+        return { content: [{ type: 'text', text: JSON.stringify(result, null, 2) }] };
+    });
+}

package/dist/tools/debug-apple-sync.d.ts

@@ -0,0 +1,3 @@
+import type { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
+import type { CapivvClient } from '../client.js';
+export declare function registerDebugAppleSyncTool(server: McpServer, client: CapivvClient): void;

package/dist/tools/debug-apple-sync.js

@@ -0,0 +1,22 @@
+import { z } from 'zod';
+export function registerDebugAppleSyncTool(server, client) {
+    server.tool('capivv_debug_apple_sync', [
+        "Diagnostic tool that runs the **exact** three App Store Connect API calls Capivv's sync worker makes, and returns the raw HTTP status + response body for each. Use this when sync fails repeatedly and the normal error_message isn't actionable enough.",
+        '',
+        'Performs sequentially:',
+        "1. `GET /v1/apps?filter[bundleId]={bundle_id}` — resolve Capivv's app bundle_id to Apple's numeric app id",
+        '2. `GET /v1/apps/{apple_app_id}/inAppPurchasesV2?limit=100` — list IAPs',
+        '3. `GET /v1/apps/{apple_app_id}/subscriptionGroups?limit=100` — list subscription groups',
+        '',
+        'Each step reports `{ url, status, body }` — the body is Apple\'s actual response (success or error), preserved verbatim up to 8KB. If a step fails, paste the response output back into the GitHub issue and we can pinpoint exactly which Apple endpoint is rejecting and why.',
+        '',
+        'Filed against issue #3 (ASC sync 500s) after v0.5.25\'s error-surfacing fix didn\'t solve the root cause for the customer — this tool gives ground truth without needing to dig through prod server logs.',
+    ].join(' '), {
+        app_id: z
+            .string()
+            .describe('Capivv app UUID. Get this from capivv_list_apps. Used to look up bundle_id + the workspace\'s connected Apple credentials.'),
+    }, async (args) => {
+        const result = await client.debugAppleSync(args);
+        return { content: [{ type: 'text', text: JSON.stringify(result, null, 2) }] };
+    });
+}

package/dist/tools/delete-user.d.ts

@@ -0,0 +1,3 @@
+import type { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
+import type { CapivvClient } from '../client.js';
+export declare function registerDeleteUserTool(server: McpServer, client: CapivvClient): void;

package/dist/tools/delete-user.js

@@ -0,0 +1,27 @@
+import { z } from 'zod';
+export function registerDeleteUserTool(server, client) {
+    server.tool('capivv_delete_user', [
+        'Delete or anonymize a user from Capivv. Use for GDPR / CCPA right-to-erasure requests, customer-initiated account deletion (Apple 5.1.1(v)), or developer admin cleanup.',
+        '',
+        '**Default is anonymize, not hard delete.** Anonymize replaces `external_id` with `deleted-<uuid>` (still unique, no longer identifying), clears email, and empties attributes. Owned rows (entitlements, purchases) stay linked so Apple/Google server-to-server notifications for an active subscription still route correctly — they just point at an opaque row no longer tied to a real person. This is the recommended option for GDPR: the data is no longer identifying, which satisfies erasure.',
+        '',
+        '**Hard delete** (pass `hard_delete: true`) DROPs the row and cascade-deletes all owned data (entitlements, purchases, sessions, cancellation intents, experiment assignments). Analytics tables that reference the user (conversion funnel, paywall events, rescue events) keep aggregate rows with the user reference NULLed out. Use when the customer specifically asks for full deletion rather than anonymization.',
+        '',
+        "Logs the operation to the audit log with the supplied `reason` — required for GDPR compliance auditors (must be able to show evidence the erasure request was honoured). Returns a `completed_at` timestamp the caller can keep as a delete receipt.",
+        '',
+        'Idempotent: a second call on an already-deleted user returns `{ success: false }` without erroring.',
+    ].join(' '), {
+        user_id: z.string().describe('Capivv user UUID. Use capivv_find_user to resolve from email/external_id.'),
+        hard_delete: z
+            .boolean()
+            .optional()
+            .describe('Default false (anonymize). Set true for full DELETE + cascade. Prefer anonymize unless the customer specifically requires complete row removal.'),
+        reason: z
+            .string()
+            .optional()
+            .describe('Free-form audit reason ("customer_initiated", "gdpr_erasure", "ccpa_erasure", "developer_admin"). Recorded with the delete operation.'),
+    }, async (args) => {
+        const result = await client.deleteAppUser(args);
+        return { content: [{ type: 'text', text: JSON.stringify(result, null, 2) }] };
+    });
+}

package/dist/tools/drift-report.d.ts

@@ -0,0 +1,3 @@
+import type { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
+import type { CapivvClient } from '../client.js';
+export declare function registerDriftReportTool(server: McpServer, client: CapivvClient): void;

package/dist/tools/drift-report.js

@@ -0,0 +1,28 @@
+import { z } from 'zod';
+export function registerDriftReportTool(server, client) {
+    server.tool('capivv_drift_report', [
+        'Capture a snapshot of the current setup (counts of products / entitlements / offerings / paywalls + pending drift grouped by suggestion type) and diff it against the previous snapshot in the same scope. Returns deltas + a markdown report ready to paste into a GitHub issue, Slack message, or email digest.',
+        '',
+        'Use this on a weekly cadence (via your own cron / GitHub Action / Workflow) to track week-over-week changes in Capivv\'s view of your apps. The diff highlights:',
+        '- New drift items since last run (positive `pending_drift_delta`)',
+        '- Resolved drift since last run (negative `pending_drift_delta`)',
+        '- Per-type drift movement (`drift_by_type_delta`)',
+        '- Growth or removal of products / entitlements / offerings / paywalls',
+        '',
+        "First-run returns empty deltas and the markdown notes \"no week-over-week comparison yet\" — subsequent runs compare against the most recent prior snapshot in the same scope (`app_id` filter or tenant-wide).",
+        '',
+        "Set `save: false` for ad-hoc inspection without polluting the historical series; default true (the weekly-cron workflow needs the row persisted to compare against next week).",
+    ].join(' '), {
+        app_id: z
+            .string()
+            .optional()
+            .describe('Optional app filter. When omitted, snapshot + diff are tenant-wide. App-scoped and tenant-wide snapshots are stored in separate series — they do not interfere with each other.'),
+        save: z
+            .boolean()
+            .optional()
+            .describe('When false, compute snapshot + diff but do not persist. Default true (week-over-week needs the row saved).'),
+    }, async (args) => {
+        const result = await client.driftReport(args);
+        return { content: [{ type: 'text', text: JSON.stringify(result, null, 2) }] };
+    });
+}

package/dist/tools/index.js

@@ -47,6 +47,7 @@ import { registerApproveChangeRequestTool } from './approve-change-request.js';
 import { registerSetCountryPriceOverrideTool } from './set-country-price-override.js';
 import { registerCreateExperimentTool } from './create-experiment.js';
 import { registerUpdateExperimentTool } from './update-experiment.js';
+import { registerUpdateVariantTool } from './update-variant.js';
 import { registerStartExperimentTool } from './start-experiment.js';
 import { registerStopExperimentTool } from './stop-experiment.js';
 import { registerGetExperimentSummaryTool } from './get-experiment-summary.js';
@@ -86,6 +87,11 @@ import { registerListUsersTool } from './list-users.js';
 import { registerFindUserTool } from './find-user.js';
 import { registerSetAppleSubscriptionLevelTool } from './set-apple-subscription-level.js';
 import { registerSetReviewScreenshotTool } from './set-review-screenshot.js';
+import { registerDeleteUserTool } from './delete-user.js';
+import { registerAttachProductsToReviewSubmissionTool } from './attach-products-to-review-submission.js';
+import { registerSetAppLegalUrlsTool } from './set-app-legal-urls.js';
+import { registerDriftReportTool } from './drift-report.js';
+import { registerDebugAppleSyncTool } from './debug-apple-sync.js';
 import { registerListAppleSubscriptionsTool } from './list-apple-subscriptions.js';
 import { registerListAppleIapsTool } from './list-apple-iaps.js';
 import { registerDeleteAppleSubscriptionTool } from './delete-apple-subscription.js';
@@ -156,6 +162,7 @@ export function registerAllTools(server, client) {
     // Experiment writes (V8 Phase B.5)
     registerCreateExperimentTool(server, client);
     registerUpdateExperimentTool(server, client);
+    registerUpdateVariantTool(server, client);
     registerStartExperimentTool(server, client);
     registerStopExperimentTool(server, client);
     registerGetExperimentSummaryTool(server, client);
@@ -238,4 +245,24 @@ export function registerAllTools(server, client) {
     // (set_subscription_review_screenshot / set_iap_review_screenshot)
     // remain as escape hatches but their docstrings now redirect here.
     registerSetReviewScreenshotTool(server, client);
+    // V0.5.27:
+    // - capivv_delete_user (issue #9 — GDPR / CCPA right-to-erasure)
+    // - capivv_attach_products_to_version (issue #8 Gap 2 — Apple 2.1(b)
+    //   rejection prevention for first-version submissions with IAPs)
+    registerDeleteUserTool(server, client);
+    registerAttachProductsToReviewSubmissionTool(server, client);
+    // V0.5.28 — issue #6: App Store guideline 3.1.2(c) requires
+    // functional Terms + Privacy links on the paywall. Set the URLs
+    // once at the app level; the @capivv/capacitor-react `legalLinks`
+    // component renders them.
+    registerSetAppLegalUrlsTool(server, client);
+    // V0.5.29 — issue #5: weekly drift watch. Customers run this on
+    // their own cadence (cron / GitHub Action); Capivv stores the
+    // snapshot + returns the week-over-week diff.
+    registerDriftReportTool(server, client);
+    // V0.5.31 — issue #3 diagnostic: Apple sync still 500ing after
+    // v0.5.25's error-surfacing fix. This tool runs the exact three
+    // ASC calls the worker makes and returns raw response bodies so
+    // we can see Apple's actual error instead of guessing.
+    registerDebugAppleSyncTool(server, client);
 }

package/dist/tools/set-app-legal-urls.d.ts

@@ -0,0 +1,3 @@
+import type { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
+import type { CapivvClient } from '../client.js';
+export declare function registerSetAppLegalUrlsTool(server: McpServer, client: CapivvClient): void;

package/dist/tools/set-app-legal-urls.js

@@ -0,0 +1,36 @@
+import { z } from 'zod';
+export function registerSetAppLegalUrlsTool(server, client) {
+    server.tool('capivv_set_app_legal_urls', [
+        "Store the app's Privacy Policy + Terms of Use URLs at the Capivv app level. These power the `legalLinks` paywall component in @capivv/capacitor-react — the component reads URLs from the template props the caller passes, so the agent typically pipes these into the paywall template's legalLinks props on update_paywall.",
+        '',
+        "**Required by App Store guideline 3.1.2(c)**: every iOS app with auto-renewable subscriptions must display functional Terms + Privacy links on the paywall itself, not just static disclaimer text. Missing them = guaranteed App Review rejection (Interrupt v1.0 was rejected for exactly this).",
+        '',
+        "Both URLs must be HTTPS. Pass only the fields you want to change; omitting one leaves the existing value.",
+        '',
+        'Note: for the Apple App Store privacy field specifically (separate from the in-paywall legal links), use `capivv_set_app_privacy_url` which PATCHes Apple\'s appInfoLocalizations resource directly.',
+    ].join(' '), {
+        app_id: z.string().describe('Capivv app UUID.'),
+        privacy_policy_url: z
+            .string()
+            .optional()
+            .describe('HTTPS URL to the Privacy Policy page.'),
+        terms_policy_url: z
+            .string()
+            .optional()
+            .describe('HTTPS URL to the Terms of Use / EULA page.'),
+    }, async (args) => {
+        if (!args.privacy_policy_url && !args.terms_policy_url) {
+            return {
+                isError: true,
+                content: [
+                    {
+                        type: 'text',
+                        text: 'Provide at least one of privacy_policy_url or terms_policy_url.',
+                    },
+                ],
+            };
+        }
+        const result = await client.setAppLegalUrls(args);
+        return { content: [{ type: 'text', text: JSON.stringify(result, null, 2) }] };
+    });
+}

package/dist/tools/update-product.js

@@ -9,6 +9,36 @@ export function registerUpdateProductTool(server, client) {
             .array(z.string())
             .optional()
             .describe('New entitlement IDs (replaces existing)'),
+        // V0.5.34 — bind a product to a pricing strategy (issue #13 gap 1).
+        // Pre-v0.5.34 there was no API path to do this; capivv_create_product
+        // also does not expose the field. Pass a strategy uuid to bind. To
+        // unbind, contact support (separate followup; the repo's COALESCE
+        // currently can't represent the unset case).
+        pricing_strategy_id: z
+            .string()
+            .uuid()
+            .optional()
+            .describe('Bind this product to a pricing strategy. The strategy must already exist (see capivv_create_pricing_strategy). After binding, capivv_preview_pricing and capivv_recompute_prices use it automatically.'),
+        // V0.5.36 — base price for pricing-strategy computation (issue #13
+        // followup). Without these set, preview_pricing returns "Base amount
+        // must be positive, got 0" because strategies read their base from
+        // these fields, not from the connected store's tier.
+        base_amount_cents: z
+            .number()
+            .int()
+            .positive()
+            .optional()
+            .describe('Base price in cents (in base_currency). E.g. 999 = $9.99 USD. Required for pricing strategies to compute per-country tiers.'),
+        base_currency: z
+            .string()
+            .length(3)
+            .optional()
+            .describe('ISO 4217 base currency for base_amount_cents. E.g. "USD".'),
+        base_country_code: z
+            .string()
+            .length(2)
+            .optional()
+            .describe('ISO 3166-1 alpha-2 base country code. E.g. "US". Strategies use this as the reference territory when extrapolating to other countries.'),
     }, async ({ product_id, ...updates }) => {
         const product = await client.updateProduct(product_id, updates);
         return { content: [{ type: 'text', text: JSON.stringify(product, null, 2) }] };

package/dist/tools/update-variant.d.ts

@@ -0,0 +1,14 @@
+import type { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
+import type { CapivvClient } from '../client.js';
+/**
+ * V0.5.36 — issue #15. Patch a single variant's name / traffic_percent /
+ * config after the experiment was created. Pre-v0.5.36 variants were
+ * immutable post-create — customers had to encode placeholder→real
+ * mapping in the experiment description.
+ *
+ * `traffic_percent` changes are rejected by the backend when the
+ * experiment is already `running` (would skew the bucket distribution
+ * mid-flight). Stop or pause first if you need to re-weight a live
+ * experiment.
+ */
+export declare function registerUpdateVariantTool(server: McpServer, client: CapivvClient): void;

package/dist/tools/update-variant.js

@@ -0,0 +1,37 @@
+import { z } from 'zod';
+/**
+ * V0.5.36 — issue #15. Patch a single variant's name / traffic_percent /
+ * config after the experiment was created. Pre-v0.5.36 variants were
+ * immutable post-create — customers had to encode placeholder→real
+ * mapping in the experiment description.
+ *
+ * `traffic_percent` changes are rejected by the backend when the
+ * experiment is already `running` (would skew the bucket distribution
+ * mid-flight). Stop or pause first if you need to re-weight a live
+ * experiment.
+ */
+export function registerUpdateVariantTool(server, client) {
+    server.tool('capivv_update_variant', 'Rename a variant, change its traffic split, or update its config JSON. Use this when an experiment was created with placeholder variant names (e.g. control / variant_a) and you want to give them descriptive names that match your application code paths.', {
+        experiment_id: z.string().uuid().describe('Parent experiment id'),
+        variant_id: z.string().uuid().describe('Variant id to update'),
+        name: z
+            .string()
+            .min(1)
+            .optional()
+            .describe('New variant name. Always safe to change, even on a running experiment. Use names that match your app-side branching (e.g. annual_default, monthly_default).'),
+        traffic_percent: z
+            .number()
+            .int()
+            .min(0)
+            .max(100)
+            .optional()
+            .describe('New traffic share for this variant (0-100). The backend rejects this when the experiment is running to avoid skewing assignments mid-flight — stop or pause first.'),
+        config: z
+            .record(z.string(), z.unknown())
+            .optional()
+            .describe('New variant config JSON. Apps read this via Capivv.getVariantForExperiment to branch behavior. Server-side merge of this config into served paywall templates is tracked separately (capivv issue #16).'),
+    }, async ({ experiment_id, variant_id, ...updates }) => {
+        const updated = await client.updateExperimentVariant(experiment_id, variant_id, updates);
+        return { content: [{ type: 'text', text: JSON.stringify(updated, null, 2) }] };
+    });
+}

package/dist/types.d.ts

@@ -645,6 +645,13 @@ export interface ProbeSubmissionResult {
     apple_product_id: string;
     product_type: string;
     submission_status: SubmissionProbeResult;
+    /**
+     * V0.5.28 — non-fatal warnings the agent should surface to the
+     * customer (independent of submission_status). Today's checks:
+     * subscription probe + app missing privacy/terms URLs → 3.1.2(c)
+     * rejection risk.
+     */
+    warnings?: string[];
 }
 export interface SetAppPrivacyUrlRequest {
     app_id: string;
@@ -735,6 +742,101 @@ export interface SetAppleSubscriptionLevelResult {
     apple_subscription_id: string;
     level: number;
 }
+export interface DebugAppleSyncRequest {
+    app_id: string;
+}
+export interface DebugSyncStep {
+    url: string;
+    status: number;
+    body: string;
+}
+export interface DebugAppleSyncResult {
+    app_id: string;
+    bundle_id: string;
+    result: {
+        bundle_id: string;
+        apple_app_id: string | null;
+        resolve_app: DebugSyncStep;
+        list_iaps: DebugSyncStep | null;
+        list_subscription_groups: DebugSyncStep | null;
+    };
+}
+export interface DriftReportRequest {
+    app_id?: string;
+    /** Default true. Set false for ad-hoc inspection without persisting a row. */
+    save?: boolean;
+}
+export interface DriftSnapshotPayload {
+    products_count: number;
+    entitlements_count: number;
+    offerings_count: number;
+    paywalls_count: number;
+    pending_drift_count: number;
+    drift_by_type: Record<string, number>;
+}
+export interface DriftSnapshotPayloadWithMeta {
+    taken_at: string;
+    payload: DriftSnapshotPayload;
+}
+export interface DriftDiff {
+    products_delta: number;
+    entitlements_delta: number;
+    offerings_delta: number;
+    paywalls_delta: number;
+    pending_drift_delta: number;
+    drift_by_type_delta: Record<string, number>;
+}
+export interface DriftReportResult {
+    current: DriftSnapshotPayload;
+    previous: DriftSnapshotPayloadWithMeta | null;
+    diff: DriftDiff;
+    /** Markdown rendering suitable for pasting into a GitHub issue or Slack message. */
+    markdown: string;
+}
+export interface SetAppLegalUrlsRequest {
+    app_id: string;
+    privacy_policy_url?: string;
+    terms_policy_url?: string;
+}
+export interface SetAppLegalUrlsResult {
+    app_id: string;
+    privacy_policy_url: string | null;
+    terms_policy_url: string | null;
+}
+export interface AttachToReviewSubmissionRequest {
+    app_id: string;
+    external_ids: string[];
+    /** Optional override; default picks the latest READY_FOR_REVIEW submission. */
+    apple_review_submission_id?: string;
+}
+export interface AttachedProduct {
+    external_id: string;
+    apple_product_id: string;
+    kind: 'subscription' | 'in_app_purchase';
+}
+export interface AttachFailure {
+    external_id: string;
+    error: string;
+}
+export interface AttachToReviewSubmissionResult {
+    apple_review_submission_id: string;
+    submission_state: string;
+    attached: AttachedProduct[];
+    failed: AttachFailure[];
+}
+export interface DeleteAppUserRequest {
+    user_id: string;
+    /** Default false (anonymize in place). Set true for full row deletion + cascade. */
+    hard_delete?: boolean;
+    reason?: string;
+}
+export interface DeleteAppUserResult {
+    user_id: string;
+    mode: 'anonymized' | 'hard_deleted';
+    success: boolean;
+    completed_at: string;
+    reason: string;
+}
 export interface SetReviewScreenshotRequest {
     app_id: string;
     external_id: string;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@capivv/mcp-server",
-  "version": "0.5.26",
+  "version": "0.5.39",
   "description": "MCP server for managing Capivv subscription platform via AI assistants",
   "type": "module",
   "bin": {