@capivv/mcp-server 0.5.9 → 0.5.11

package/dist/client.d.ts

@@ -1,5 +1,5 @@
 import type { Config } from './config.js';
-import type { App, Product, Entitlement, Offering, Rule, Experiment, ExperimentSummary, AnalyticsOverview, OnboardingResponse, ImportPreviewResponse, CreateAppRequest, CreateEntitlementRequest, CreateProductRequest, CreateOfferingRequest, CreateRuleRequest, ValidateRuleRequest, ValidateRuleResponse, WhoamiResponse, ApiKeyUsageResponse, Paywall, CreatePaywallRequest, UpdatePaywallRequest, PaywallStats, Promotion, CreatePromotionRequest, UpdatePromotionRequest, RescueFlow, CreateRescueFlowRequest, UpdateRescueFlowRequest, RescueStats, PricingStrategy, CreatePricingStrategyRequest, PricingPreviewResult, PricingRecomputeRequest, PricingRecomputeResult, PricingPushResult, PricingChangeRequest, SetCountryPriceOverrideRequest, ExperimentWithVariants, CreateExperimentRequest, UpdateExperimentRequest, UpdateAppRequest, UpdateEntitlementRequest, UpdateOfferingRequest, AutopilotRunResult, SyncSuggestion, SyncSuggestionsCount, TriggerSyncResult, IntegrationSummary, ConnectAppleIntegrationRequest, ConnectAppleIntegrationResult, ConnectGoogleIntegrationRequest, ConnectGoogleIntegrationResult, SetSubscriptionReviewScreenshotRequest, SetSubscriptionReviewScreenshotResult, SubscriptionStateInfo, TouchSubscriptionResult } from './types.js';
+import type { App, Product, Entitlement, Offering, Rule, Experiment, ExperimentSummary, AnalyticsOverview, OnboardingResponse, ImportPreviewResponse, CreateAppRequest, CreateEntitlementRequest, CreateProductRequest, CreateOfferingRequest, CreateRuleRequest, ValidateRuleRequest, ValidateRuleResponse, WhoamiResponse, ApiKeyUsageResponse, Paywall, CreatePaywallRequest, UpdatePaywallRequest, PaywallStats, Promotion, CreatePromotionRequest, UpdatePromotionRequest, RescueFlow, CreateRescueFlowRequest, UpdateRescueFlowRequest, RescueStats, PricingStrategy, CreatePricingStrategyRequest, PricingPreviewResult, PricingRecomputeRequest, PricingRecomputeResult, PricingPushResult, PricingChangeRequest, SetCountryPriceOverrideRequest, ExperimentWithVariants, CreateExperimentRequest, UpdateExperimentRequest, UpdateAppRequest, UpdateEntitlementRequest, UpdateOfferingRequest, AutopilotRunResult, SyncSuggestion, SyncSuggestionsCount, TriggerSyncResult, IntegrationSummary, ConnectAppleIntegrationRequest, ConnectAppleIntegrationResult, ConnectGoogleIntegrationRequest, ConnectGoogleIntegrationResult, SetSubscriptionReviewScreenshotRequest, SetSubscriptionReviewScreenshotResult, SubscriptionStateInfo, TouchSubscriptionResult, ProbeSubmissionRequest, ProbeSubmissionResult, SetAppPrivacyUrlRequest, SetAppPrivacyUrlResult, SetIapReviewScreenshotRequest, SetIapReviewScreenshotResult, IapStateInfo } from './types.js';
 export declare class ApiError extends Error {
     status: number;
     code: string;
@@ -94,4 +94,8 @@ export declare class CapivvClient {
     setSubscriptionReviewScreenshot(data: SetSubscriptionReviewScreenshotRequest): Promise<SetSubscriptionReviewScreenshotResult>;
     getSubscriptionState(appleSubscriptionId: string): Promise<SubscriptionStateInfo>;
     touchSubscription(appleSubscriptionId: string): Promise<TouchSubscriptionResult>;
+    probeAppleSubmission(req: ProbeSubmissionRequest): Promise<ProbeSubmissionResult>;
+    setAppPrivacyUrl(req: SetAppPrivacyUrlRequest): Promise<SetAppPrivacyUrlResult>;
+    setIapReviewScreenshot(req: SetIapReviewScreenshotRequest): Promise<SetIapReviewScreenshotResult>;
+    getIapState(appleIapId: string): Promise<IapStateInfo>;
 }

package/dist/client.js

@@ -350,4 +350,19 @@ export class CapivvClient {
     async touchSubscription(appleSubscriptionId) {
         return this.post(`/dashboard/subscriptions/${encodeURIComponent(appleSubscriptionId)}/touch`);
     }
+    // ---- V0.5.10 — Submission probe / privacy URL / IAP screenshot ----
+    async probeAppleSubmission(req) {
+        return this.post(`/dashboard/store/apple/${encodeURIComponent(req.product_type)}/${encodeURIComponent(req.apple_product_id)}/probe-submission`);
+    }
+    async setAppPrivacyUrl(req) {
+        const { app_id, ...body } = req;
+        return this.post(`/dashboard/apps/${encodeURIComponent(app_id)}/privacy-policy-url`, body);
+    }
+    async setIapReviewScreenshot(req) {
+        const { apple_iap_id, ...body } = req;
+        return this.post(`/dashboard/iap/${encodeURIComponent(apple_iap_id)}/review-screenshot`, body);
+    }
+    async getIapState(appleIapId) {
+        return this.get(`/dashboard/iap/${encodeURIComponent(appleIapId)}/state`);
+    }
 }

package/dist/tools/get-iap-state.d.ts

@@ -0,0 +1,3 @@
+import type { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
+import type { CapivvClient } from '../client.js';
+export declare function registerGetIapStateTool(server: McpServer, client: CapivvClient): void;

package/dist/tools/get-iap-state.js

@@ -0,0 +1,17 @@
+import { z } from 'zod';
+export function registerGetIapStateTool(server, client) {
+    server.tool('capivv_get_iap_state', [
+        "Read an Apple in-app purchase's lifecycle state from App Store Connect. Mirror of capivv_get_subscription_state for IAPs (consumable / non-consumable).",
+        '',
+        'Returns the IAP\'s current `state` (MISSING_METADATA, READY_TO_SUBMIT, WAITING_FOR_REVIEW, IN_REVIEW, APPROVED, etc.), the productId, name, and whether it\'s CONSUMABLE or NON_CONSUMABLE. Useful after capivv_create_product / capivv_set_iap_review_screenshot to confirm the IAP is no longer stuck in MISSING_METADATA.',
+        '',
+        'Get `apple_iap_id` from the `store_create.store_product_id` field of capivv_create_product or from App Store Connect.',
+    ].join(' '), {
+        apple_iap_id: z
+            .string()
+            .describe('Apple in-app purchase ID (e.g. "6765812345") — NOT the Capivv product UUID.'),
+    }, async ({ apple_iap_id }) => {
+        const result = await client.getIapState(apple_iap_id);
+        return { content: [{ type: 'text', text: JSON.stringify(result, null, 2) }] };
+    });
+}

package/dist/tools/index.js

@@ -75,6 +75,10 @@ import { registerDisconnectIntegrationTool } from './disconnect-integration.js';
 import { registerSetSubscriptionReviewScreenshotTool } from './set-subscription-review-screenshot.js';
 import { registerGetSubscriptionStateTool } from './get-subscription-state.js';
 import { registerTouchSubscriptionTool } from './touch-subscription.js';
+import { registerProbeSubmissionTool } from './probe-submission.js';
+import { registerSetAppPrivacyUrlTool } from './set-app-privacy-url.js';
+import { registerSetIapReviewScreenshotTool } from './set-iap-review-screenshot.js';
+import { registerGetIapStateTool } from './get-iap-state.js';
 export function registerAllTools(server, client) {
     // Identity — call this first to verify which workspace you're connected to
     registerWhoamiTool(server, client);
@@ -185,4 +189,16 @@ export function registerAllTools(server, client) {
     // MISSING_METADATA after a successful create.)
     registerGetSubscriptionStateTool(server, client);
     registerTouchSubscriptionTool(server, client);
+    // V0.5.10 — diagnostic + app-info + IAP screenshot tools.
+    // - Submission probe surfaces Apple's exact "what's still missing"
+    //   diagnostics so the agent stops surfacing misleading "Permission
+    //   denied" errors.
+    // - App privacy URL fixes ENTITY_ERROR.APP_MISSING_PRIVACY_POLICY_URL
+    //   without sending the user to ASC.
+    // - IAP review screenshot mirrors the subscription helper for IAPs.
+    registerProbeSubmissionTool(server, client);
+    registerSetAppPrivacyUrlTool(server, client);
+    registerSetIapReviewScreenshotTool(server, client);
+    // V0.5.11 — IAP state probe (mirror of get_subscription_state).
+    registerGetIapStateTool(server, client);
 }

package/dist/tools/probe-submission.d.ts

@@ -0,0 +1,3 @@
+import type { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
+import type { CapivvClient } from '../client.js';
+export declare function registerProbeSubmissionTool(server: McpServer, client: CapivvClient): void;

package/dist/tools/probe-submission.js

@@ -0,0 +1,32 @@
+import { z } from 'zod';
+export function registerProbeSubmissionTool(server, client) {
+    server.tool('capivv_probe_submission', [
+        'Probe an Apple subscription or in-app purchase for what is still gating App Store submission.',
+        '',
+        "Apple's `*Submissions` endpoint reliably returns 409 on a brand-new product with an `errors` body that says exactly what's missing. This tool POSTs to `/v1/subscriptionSubmissions` (or `/v1/inAppPurchaseSubmissions`) and returns a structured result:",
+        '- `ready`: submission accepted (rare on first probe; means metadata is complete).',
+        '- `missing_pricing_data` with a `territories` list: re-run pricing for those territories.',
+        '- `missing_privacy_policy_url`: call `capivv_set_app_privacy_url` to fix.',
+        '- `awaiting_first_app_version`: Apple policy — first sub/IAP on a new app must ship with the first version. Not an error from your side.',
+        '- `other` with `code` + `detail`: surface verbatim to the customer.',
+        '',
+        'Get `apple_product_id` from the `store_create.store_product_id` field of capivv_create_product, or from App Store Connect.',
+    ].join(' '), {
+        apple_product_id: z
+            .string()
+            .describe('Apple product ID (e.g. "6764778053") — NOT the Capivv product UUID.'),
+        product_type: z
+            .enum(['subscription', 'iap'])
+            .describe('"subscription" for auto-renewing subscriptions; "iap" for consumables and non-consumables.'),
+    }, async (args) => {
+        const result = await client.probeAppleSubmission(args);
+        return {
+            content: [
+                {
+                    type: 'text',
+                    text: JSON.stringify(result, null, 2),
+                },
+            ],
+        };
+    });
+}

package/dist/tools/set-app-privacy-url.d.ts

@@ -0,0 +1,3 @@
+import type { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
+import type { CapivvClient } from '../client.js';
+export declare function registerSetAppPrivacyUrlTool(server: McpServer, client: CapivvClient): void;

package/dist/tools/set-app-privacy-url.js

@@ -0,0 +1,25 @@
+import { z } from 'zod';
+export function registerSetAppPrivacyUrlTool(server, client) {
+    server.tool('capivv_set_app_privacy_url', [
+        "Set the App Store Connect app's privacy policy URL on its in-progress en-US localization.",
+        '',
+        'Call this when `capivv_probe_submission` returns `missing_privacy_policy_url`. The backend resolves the app via Capivv `app_id` → bundle id → ASC app, then PATCHes `appInfoLocalizations.privacyPolicyUrl` on the editable appInfo (states: PREPARE_FOR_SUBMISSION, REJECTED, METADATA_REJECTED, DEVELOPER_REJECTED).',
+        '',
+        'URL must be HTTPS.',
+    ].join(' '), {
+        app_id: z.string().describe('Capivv app UUID.'),
+        privacy_policy_url: z
+            .string()
+            .describe('HTTPS URL pointing at the privacy policy.'),
+    }, async (args) => {
+        const result = await client.setAppPrivacyUrl(args);
+        return {
+            content: [
+                {
+                    type: 'text',
+                    text: JSON.stringify(result, null, 2),
+                },
+            ],
+        };
+    });
+}

package/dist/tools/set-iap-review-screenshot.d.ts

@@ -0,0 +1,3 @@
+import type { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
+import type { CapivvClient } from '../client.js';
+export declare function registerSetIapReviewScreenshotTool(server: McpServer, client: CapivvClient): void;

package/dist/tools/set-iap-review-screenshot.js

@@ -0,0 +1,47 @@
+import { z } from 'zod';
+export function registerSetIapReviewScreenshotTool(server, client) {
+    server.tool('capivv_set_iap_review_screenshot', [
+        'Upload the App Store review screenshot for an in-app purchase (consumable or non-consumable). Mirrors capivv_set_subscription_review_screenshot but uses the IAP endpoint.',
+        '',
+        'Apple expects 640x920 (or larger) PNG / JPEG. Provide either `image_url` (Capivv backend fetches it via HTTPS) or `image_base64` (raw bytes inline). The backend handles the 3-step Apple flow: reserve → PUT bytes to S3 → PATCH uploaded=true with MD5.',
+        '',
+        'Get `apple_iap_id` from the `store_create.store_product_id` field of capivv_create_product (when the product type is consumable or non_consumable), or from App Store Connect.',
+    ].join(' '), {
+        apple_iap_id: z
+            .string()
+            .describe('Apple in-app purchase ID (e.g. "6765812345") — NOT the Capivv product UUID.'),
+        image_url: z
+            .string()
+            .optional()
+            .describe('Public HTTPS URL of the screenshot. Mutually exclusive with image_base64.'),
+        image_base64: z
+            .string()
+            .optional()
+            .describe('Base64-encoded raw image bytes. Use for non-HTTPS sources. Mutually exclusive with image_url.'),
+        file_name: z
+            .string()
+            .optional()
+            .describe('Filename Apple stores on the screenshot resource. Defaults to "screenshot.png".'),
+    }, async (args) => {
+        if (!args.image_url && !args.image_base64) {
+            return {
+                isError: true,
+                content: [
+                    {
+                        type: 'text',
+                        text: 'Provide either image_url (HTTPS) or image_base64 (raw bytes).',
+                    },
+                ],
+            };
+        }
+        const result = await client.setIapReviewScreenshot(args);
+        return {
+            content: [
+                {
+                    type: 'text',
+                    text: JSON.stringify(result, null, 2),
+                },
+            ],
+        };
+    });
+}

package/dist/tools/touch-subscription.js

@@ -1,11 +1,11 @@
 import { z } from 'zod';
 export function registerTouchSubscriptionTool(server, client) {
     server.tool('capivv_touch_subscription', [
-        'BEST-EFFORT workaround for Apple\'s modern-vs-legacy view divergence.',
+        'Nudge Apple to recompute the subscription\'s state after the screenshot has uploaded.',
         '',
-        'After capivv_create_product creates the subscription via Apple\'s /v1/subscriptions endpoint, a legacy /v1/inAppPurchases mirror is also created with its own state machine. The legacy record can stay at WAITING_FOR_SCREENSHOT (which keeps the modern view at MISSING_METADATA) even after the screenshot uploads cleanly, because Apple\'s state recompute pipeline still reads from the legacy view and the modern API doesn\'t reliably trigger that recompute.',
+        'After capivv_create_product creates the subscription via Apple\'s /v1/subscriptions endpoint, a legacy /v1/inAppPurchases mirror is also created with its own state machine. The legacy record can stay at WAITING_FOR_SCREENSHOT (which keeps the modern view at MISSING_METADATA) until something writes to the modern resource. This tool does a no-op PATCH on the subscription (re-set name to its current value), which mirrors clicking "Save" in App Store Connect\'s web UI and reliably triggers the recompute.',
         '',
-        'This tool does a no-op PATCH on the subscription (re-set name to its current value), which mirrors what clicking "Save" in App Store Connect\'s web UI appears to trigger. Whether it actually fires the recompute hasn\'t been confirmed in every state — call capivv_get_subscription_state 30-60 seconds afterwards to check. If state still doesn\'t progress, fall back to manual ASC web UI Save.',
+        'Call capivv_get_subscription_state 30-60 seconds afterwards to confirm the state has progressed.',
     ].join(' '), {
         apple_subscription_id: z
             .string()

package/dist/types.d.ts

@@ -600,3 +600,63 @@ export interface TouchSubscriptionResult {
     touched: boolean;
     next_action: string;
 }
+/**
+ * Result of POSTing a `*Submissions` record to App Store Connect. Apple
+ * reliably 409s on a brand-new product with an `errors` array describing
+ * exactly what's still missing — so we map known codes to actionable
+ * variants. The backend returns this discriminated union as JSON.
+ */
+export type SubmissionProbeResult = {
+    status: 'ready';
+} | {
+    status: 'missing_pricing_data';
+    territories: string[];
+} | {
+    status: 'missing_privacy_policy_url';
+} | {
+    status: 'awaiting_first_app_version';
+} | {
+    status: 'other';
+    code: string;
+    detail: string;
+};
+export interface ProbeSubmissionRequest {
+    apple_product_id: string;
+    /** "subscription" or "iap". */
+    product_type: 'subscription' | 'iap';
+}
+export interface ProbeSubmissionResult {
+    apple_product_id: string;
+    product_type: string;
+    submission_status: SubmissionProbeResult;
+}
+export interface SetAppPrivacyUrlRequest {
+    app_id: string;
+    privacy_policy_url: string;
+}
+export interface SetAppPrivacyUrlResult {
+    app_id: string;
+    bundle_id: string;
+    privacy_policy_url: string;
+    localization_id: string;
+    app_store_state: string;
+}
+export interface SetIapReviewScreenshotRequest {
+    apple_iap_id: string;
+    image_url?: string;
+    image_base64?: string;
+    file_name?: string;
+}
+export interface SetIapReviewScreenshotResult {
+    apple_iap_id: string;
+    screenshot_id: string;
+    bytes_uploaded: number;
+}
+export interface IapStateInfo {
+    apple_iap_id: string;
+    product_id: string;
+    name: string | null;
+    state: string | null;
+    /** "CONSUMABLE" / "NON_CONSUMABLE". */
+    in_app_purchase_type: string | null;
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@capivv/mcp-server",
-  "version": "0.5.9",
+  "version": "0.5.11",
   "description": "MCP server for managing Capivv subscription platform via AI assistants",
   "type": "module",
   "bin": {