@curenorway/kode-mcp 1.2.0 → 1.4.0

package/README.md

@@ -2,42 +2,52 @@
 
 MCP (Model Context Protocol) server that enables AI agents to manage Webflow scripts via Cure Kode CDN.
 
-## What is this?
+## Features
 
-This MCP server allows AI assistants like Claude to directly interact with Cure Kode:
-- List, create, update, and delete scripts
-- Deploy to staging and production
-- Check deployment status
-- Analyze web pages for script detection
+- **Script Management** - List, create, update, and delete scripts
+- **Deployment Control** - Deploy to staging, promote to production, rollback
+- **Page Context** - Cache and retrieve page structures for development
+- **Script Analysis** - Auto-analyze scripts for metadata (selectors, triggers, dependencies)
+- **Production Safety** - Explicit enable required, confirmation for promote
 
 ## Installation
 
 ### For Claude Code
 
-Add to your Claude Code configuration (`~/.claude/claude_code_config.json`):
+The easiest way is to run `kode init` in your project, which creates `.mcp.json`:
 
 ```json
 {
   "mcpServers": {
     "cure-kode": {
+      "type": "stdio",
       "command": "npx",
-      "args": ["@curenorway/kode-mcp"]
+      "args": ["-y", "@curenorway/kode-mcp"]
     }
   }
 }
 ```
 
-### For Cursor / Other IDEs
+Then restart Claude Code and approve the MCP when prompted.
 
-Refer to your IDE's MCP configuration documentation.
+### Manual Configuration
 
-## Configuration
+Add to your Claude Code configuration (`~/.claude/claude_code_config.json`):
 
-The MCP server needs to know which site to manage. Configure via:
+```json
+{
+  "mcpServers": {
+    "cure-kode": {
+      "command": "npx",
+      "args": ["-y", "@curenorway/kode-mcp"]
+    }
+  }
+}
+```
 
-### Option 1: Project Config (Recommended)
+## Configuration
 
-Run `kode init` in your project to create `.cure-kode/config.json`:
+The MCP server reads configuration from `.cure-kode/config.json` (created by `kode init`):
 
 ```json
 {
@@ -45,46 +55,151 @@ Run `kode init` in your project to create `.cure-kode/config.json`:
   "siteSlug": "my-site",
   "siteName": "My Site",
   "apiKey": "ck_...",
-  "scriptsDir": "kode",
+  "scriptsDir": ".cure-kode-scripts",
   "environment": "staging"
 }
 ```
 
-### Option 2: Environment Variables
-
+Or via environment variables:
 ```bash
 export CURE_KODE_API_KEY="ck_..."
 export CURE_KODE_SITE_ID="your-site-uuid"
-export CURE_KODE_API_URL="https://app.cure.no"  # optional
 ```
 
 ## Available Tools
 
+### Script Management
+
 | Tool | Description |
 |------|-------------|
 | `kode_list_scripts` | List all scripts for the site |
-| `kode_get_script` | Get script content by slug |
-| `kode_create_script` | Create a new script |
-| `kode_update_script` | Update script content |
+| `kode_get_script` | Get script by slug (supports `includeContent: false` for metadata only) |
+| `kode_create_script` | Create a new script entry (metadata only, no content) |
+| `kode_update_script` | Update script settings (autoLoad, scope, purpose) |
 | `kode_delete_script` | Delete a script |
-| `kode_deploy` | Deploy to staging/production |
-| `kode_promote` | Promote staging to production |
+| `kode_push` | Upload local files from `.cure-kode-scripts/` to server |
+
+### Deployment
+
+| Tool | Description |
+|------|-------------|
+| `kode_deploy` | Deploy to staging |
+| `kode_promote` | Promote staging to production (**requires `confirmed: true`**) |
+| `kode_rollback` | Rollback to previous deployment |
 | `kode_status` | Get deployment status |
-| `kode_fetch_html` | Analyze a webpage |
-| `kode_list_pages` | List page definitions |
+
+### Production Management
+
+| Tool | Description |
+|------|-------------|
+| `kode_production_enable` | Enable production environment |
+| `kode_production_disable` | Disable production environment |
+
+### Page & HTML Analysis
+
+| Tool | Description |
+|------|-------------|
+| `kode_fetch_html` | Fetch and parse HTML from URL |
+| `kode_fetch_html_smart` | Fetch with CMS truncation for smaller context |
+| `kode_list_pages` | List page definitions for the site |
+| `kode_assign_script_to_page` | Assign script to specific pages |
+| `kode_remove_script_from_page` | Remove script from page |
+
+### Page Context (for AI Development)
+
+| Tool | Description |
+|------|-------------|
+| `kode_refresh_page` | Fetch and cache page structure |
+| `kode_get_page_context` | Get cached page context (sections, forms, CTAs, selectors) |
+| `kode_list_pages_context` | List all cached page contexts |
+
+### Script Metadata
+
+| Tool | Description |
+|------|-------------|
+| `kode_analyze_script` | Analyze script and generate metadata |
+| `kode_get_script_metadata` | Get script metadata and AI summary |
+
+### Other
+
+| Tool | Description |
+|------|-------------|
 | `kode_site_info` | Get site info and CDN URL |
+| `kode_read_context` | Read AI context file |
+| `kode_update_context` | Update AI context file |
+
+## Important: Content Workflow
+
+**MCP is the control plane - never send script content through MCP tools.**
+
+The correct workflow:
+1. Write script file locally to `.cure-kode-scripts/script-name.js`
+2. Use `kode_push` to upload local files to server
+3. Use `kode_deploy` to deploy
+
+```
+AI writes file → kode_push → kode_deploy
+```
+
+**Do NOT** pass content to `kode_create_script` or `kode_update_script` - these only handle metadata.
+
+## Safety Features
+
+### Production Confirmation
+
+`kode_promote` requires explicit confirmation to prevent accidental production deployments:
+
+```typescript
+// This will fail:
+kode_promote()
+
+// This works:
+kode_promote({ confirmed: true })
+```
+
+### Production Disabled by Default
+
+New sites start with production disabled. Must explicitly enable:
+
+```typescript
+kode_production_enable()
+// Then can promote
+kode_promote({ confirmed: true })
+```
+
+## Example Usage
 
-## Example Prompts
+### Create and Deploy a Script
 
-Once configured, you can ask Claude:
+```
+1. "Create a new script called tracking.js"
+   → kode_create_script({ name: "tracking", slug: "tracking", type: "javascript" })
+
+2. Write the file locally
+   → Write to .cure-kode-scripts/tracking.js
+
+3. "Push the changes"
+   → kode_push()
+
+4. "Deploy to staging"
+   → kode_deploy()
+
+5. "Promote to production"
+   → kode_promote({ confirmed: true })
+```
+
+### Analyze a Page and Add Functionality
 
 ```
-"List all the scripts in Cure Kode"
-"Create a new tracking script that logs page views"
-"Update the init.js script to add error handling"
-"Deploy to staging"
-"What's the current deployment status?"
-"Analyze example.com to see what scripts are loaded"
+1. "Analyze the homepage"
+   → kode_fetch_html_smart({ url: "https://mysite.com" })
+   → kode_refresh_page({ url: "https://mysite.com" })
+
+2. "What sections are on this page?"
+   → kode_get_page_context({ url: "https://mysite.com" })
+
+3. "Add a script to animate the hero section"
+   → Create script, write file, push, deploy
 ```
 
 ## How It Works
@@ -92,88 +207,73 @@ Once configured, you can ask Claude:
 ```
 ┌─────────────────┐      ┌─────────────────┐      ┌─────────────────┐
 │   AI Agent      │ MCP  │  Kode MCP       │ REST │  Cure Kode API  │
-│  (Claude/etc)   │─────▶│  Server         │─────▶│  (Railway)      │
+│  (Claude/etc)   │─────▶│  Server         │─────▶│  (app.cure.no)  │
 └─────────────────┘      └─────────────────┘      └─────────────────┘
                                 │
                                 ▼
                          ┌─────────────────┐
                          │ Local Scripts   │
-                         │ (.cure-kode/)   │
+                         │(.cure-kode-scripts/)│
                          └─────────────────┘
 ```
 
-1. AI agent calls MCP tools (e.g., `kode_create_script`)
-2. MCP server reads config from `.cure-kode/config.json`
-3. MCP server calls Cure Kode REST API with API key
-4. Results returned to AI agent
-
 ## Security
 
 ### API Key Authentication
 
-- **SHA256 Hashed Storage**: API keys are hashed before storage on the server
+- **Hashed Storage**: API keys are SHA256/HMAC hashed before server storage
 - **Site-scoped**: Each API key is bound to a specific CDN site
-- **Permission-based**: Keys have granular permissions:
-  - `read` - List/view scripts and deployments
-  - `write` - Create and update scripts
-  - `deploy` - Deploy to staging/production
-  - `delete` - Delete scripts
+- **Permission-based**: Granular permissions (read, write, deploy, delete)
 - **Expiration**: Keys can have optional expiration dates
 
-### Local Security
+### CORS Security (v2.6)
 
-- API keys stored in `.cure-kode/config.json` (auto-gitignored)
-- Never commit API keys to version control
-- Keys prefixed with `ck_` for easy identification
+Script endpoints restrict CORS to configured domains:
+- Site's domain, staging_domain, production_domain
+- Webflow preview domains (*.webflow.io)
+- Localhost for development
+- **No wildcard CORS** on script endpoints
 
-### Network Security
+### SSRF Protection
 
-- All API calls use HTTPS
-- **SSRF Protection**: HTML fetch endpoints block:
-  - Private IP ranges (127.0.0.0/8, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16)
-  - Localhost and internal hostnames
-  - Cloud metadata endpoints (169.254.169.254)
-- Only HTTP/HTTPS protocols allowed
-
-### Best Practices
-
-- Generate separate API keys for different environments/developers
-- Use read-only keys when full access isn't needed
-- Rotate keys periodically
-- Revoke keys when team members leave
+HTML fetch endpoints block:
+- Private IP ranges (127.0.0.0/8, 10.0.0.0/8, etc.)
+- Cloud metadata endpoints (169.254.169.254)
+- Internal hostnames
 
 ## Troubleshooting
 
 ### "Cure Kode not configured"
 
-Either:
-1. Run `kode init` in your project directory
-2. Set `CURE_KODE_API_KEY` and `CURE_KODE_SITE_ID` environment variables
+Run `kode init` in your project directory to create configuration.
 
 ### "API key invalid"
 
-- Check your API key starts with `ck_`
-- Verify the key hasn't expired
-- Ensure the key has required permissions
+- Check key starts with `ck_`
+- Verify key hasn't expired
+- Ensure key has required permissions
 
-### Tools not appearing in Claude
+### "Production not enabled"
 
-- Restart Claude Code after configuration changes
-- Check the MCP server is running: `npx @curenorway/kode-mcp`
-- Verify config file syntax
+Use `kode_production_enable()` before promoting.
 
-## Development
+### "Promote requires confirmation"
 
-```bash
-# Install dependencies
-pnpm install
+Add `confirmed: true` parameter:
+```typescript
+kode_promote({ confirmed: true })
+```
 
-# Build
-pnpm build
+### Tools not appearing in Claude
 
-# Run locally
-node dist/index.js
-```
+1. Restart Claude Code after config changes
+2. Check `.mcp.json` syntax
+3. Verify MCP server runs: `npx @curenorway/kode-mcp`
+
+## Requirements
+
+- Node.js 18 or later
+- Cure Kode API key (from https://app.cure.no/tools/kode)
 
 ## License
 

package/dist/index.js

@@ -105,6 +105,25 @@ var KodeApiClient = class {
   async getDeploymentStatus(siteId) {
     return this.request(`/api/cdn/sites/${siteId}/deployments/status`);
   }
+  async rollback(siteId, environment = "staging") {
+    return this.request("/api/cdn/deploy/rollback", {
+      method: "POST",
+      body: JSON.stringify({
+        siteId,
+        environment
+      })
+    });
+  }
+  // v2.3: Production enabled toggle
+  async setProductionEnabled(siteId, enabled, productionDomain) {
+    return this.request(`/api/cdn/sites/${siteId}/production`, {
+      method: "POST",
+      body: JSON.stringify({
+        enabled,
+        productionDomain
+      })
+    });
+  }
   // HTML operations
   async fetchHtml(siteId, url) {
     return this.request("/api/cdn/fetch-html", {
@@ -121,6 +140,16 @@ var KodeApiClient = class {
       return false;
     }
   }
+  // Metadata operations
+  async analyzeScript(scriptId, options = {}) {
+    return this.request(`/api/cdn/scripts/${scriptId}/analyze`, {
+      method: "POST",
+      body: JSON.stringify(options)
+    });
+  }
+  async getScriptMetadata(scriptId) {
+    return this.request(`/api/cdn/scripts/${scriptId}/metadata`);
+  }
 };
 
 // src/config.ts
@@ -274,7 +303,7 @@ server.setRequestHandler(ListToolsRequestSchema, async () => {
       },
       {
         name: "kode_create_script",
-        description: "Create a new script on the Cure Kode CDN. The script will be available at the CDN URL after deployment. Global scripts auto-load by default; page-specific scripts do not.",
+        description: "Create a new script entry (metadata only). After creating, write the script file locally to .cure-kode-scripts/{name}.js and use kode_push to upload content. This keeps script content out of MCP context.",
         inputSchema: {
           type: "object",
           properties: {
@@ -287,10 +316,6 @@ server.setRequestHandler(ListToolsRequestSchema, async () => {
               enum: ["javascript", "css"],
               description: "Script type"
             },
-            content: {
-              type: "string",
-              description: "Script content (JavaScript or CSS code)"
-            },
             scope: {
               type: "string",
               enum: ["global", "page-specific"],
@@ -298,15 +323,37 @@ server.setRequestHandler(ListToolsRequestSchema, async () => {
             },
             autoLoad: {
               type: "boolean",
-              description: "Whether to auto-load the script. Default: true for global scripts, false for page-specific. Set to false for scripts you want to load manually via CK.loadScript()."
+              description: "Whether to auto-load the script. Default: true for global scripts, false for page-specific."
+            },
+            purpose: {
+              type: "string",
+              description: "Brief description of what the script does (for metadata)"
+            }
+          },
+          required: ["name", "type"]
+        }
+      },
+      {
+        name: "kode_push",
+        description: "Push local script files to Cure Kode. Reads files from .cure-kode-scripts/ folder and uploads to API. This is the proper way to sync code - never send script content through other MCP tools.",
+        inputSchema: {
+          type: "object",
+          properties: {
+            scriptSlug: {
+              type: "string",
+              description: 'Specific script slug to push (e.g., "map"). If omitted, pushes all changed scripts.'
+            },
+            force: {
+              type: "boolean",
+              description: "Force push even if content appears unchanged. Default: false"
             }
           },
-          required: ["name", "type", "content"]
+          required: []
         }
       },
       {
         name: "kode_update_script",
-        description: "Update an existing script's content or settings. This creates a new version of the script when content changes.",
+        description: "Update script settings (NOT content). For content changes, edit the local file in .cure-kode-scripts/ and use kode_push. This tool is for metadata, scope, and autoLoad changes only.",
         inputSchema: {
           type: "object",
           properties: {
@@ -314,10 +361,6 @@ server.setRequestHandler(ListToolsRequestSchema, async () => {
               type: "string",
               description: "Script slug or ID to update"
             },
-            content: {
-              type: "string",
-              description: "New script content"
-            },
             autoLoad: {
               type: "boolean",
               description: "Whether to auto-load the script. Set to true to load automatically, false for manual loading via CK.loadScript()."
@@ -327,9 +370,13 @@ server.setRequestHandler(ListToolsRequestSchema, async () => {
               enum: ["global", "page-specific"],
               description: "Change script scope. Note: changing to page-specific requires assigning to pages."
             },
-            changeSummary: {
+            purpose: {
               type: "string",
-              description: "Brief description of the changes (for version history)"
+              description: "Update the script purpose description (shown in Chrome Extension)"
+            },
+            regenerateSummary: {
+              type: "boolean",
+              description: "Re-analyze the script content and regenerate the AI summary. Useful after significant changes."
             }
           },
           required: ["slug"]
@@ -370,16 +417,59 @@ server.setRequestHandler(ListToolsRequestSchema, async () => {
       },
       {
         name: "kode_promote",
-        description: "Promote the latest staging deployment to production. Use this after testing on staging.",
+        description: "Promote the latest staging deployment to production. Use this after testing on staging. IMPORTANT: Requires confirmed=true to actually promote - this prevents accidental production deployments.",
         inputSchema: {
           type: "object",
-          properties: {},
+          properties: {
+            confirmed: {
+              type: "boolean",
+              description: "Safety confirmation. Must be set to true to proceed with production promotion. If false or missing, returns a preview of what would be promoted."
+            }
+          },
+          required: []
+        }
+      },
+      {
+        name: "kode_rollback",
+        description: "Rollback to the previous deployment. Copies the previous version back to the active environment. Use this if a deployment caused issues.",
+        inputSchema: {
+          type: "object",
+          properties: {
+            environment: {
+              type: "string",
+              enum: ["staging", "production"],
+              description: "Environment to rollback. Default: staging"
+            }
+          },
           required: []
         }
       },
       {
         name: "kode_status",
-        description: "Get the current deployment status for both staging and production environments.",
+        description: "Get the current deployment status including production enabled state, staging and production environments.",
+        inputSchema: {
+          type: "object",
+          properties: {},
+          required: []
+        }
+      },
+      {
+        name: "kode_production_enable",
+        description: "Enable production environment for this site. Required before promoting to production. Sites start in staging-only mode by default.",
+        inputSchema: {
+          type: "object",
+          properties: {
+            productionDomain: {
+              type: "string",
+              description: 'Production domain (e.g., "example.com"). Optional - can be set later.'
+            }
+          },
+          required: []
+        }
+      },
+      {
+        name: "kode_production_disable",
+        description: "Disable production environment for this site. Production requests will return an empty script. Useful during development when only staging should be active.",
         inputSchema: {
           type: "object",
           properties: {},
@@ -458,6 +548,38 @@ server.setRequestHandler(ListToolsRequestSchema, async () => {
           required: []
         }
       },
+      {
+        name: "kode_analyze_script",
+        description: "Analyze a script's content and auto-generate metadata. Detects DOM selectors, event triggers, dependencies (GSAP, Swiper, etc.), and behavior patterns. Optionally saves the analysis to the script.",
+        inputSchema: {
+          type: "object",
+          properties: {
+            slug: {
+              type: "string",
+              description: "Script slug or ID to analyze"
+            },
+            saveToScript: {
+              type: "boolean",
+              description: "Save the generated metadata to the script. Default: false (preview only)"
+            }
+          },
+          required: ["slug"]
+        }
+      },
+      {
+        name: "kode_get_script_metadata",
+        description: "Get the metadata for a script, including detected DOM targets, triggers, dependencies, and AI summary. Useful for Chrome Extension visibility.",
+        inputSchema: {
+          type: "object",
+          properties: {
+            slug: {
+              type: "string",
+              description: "Script slug or ID to get metadata for"
+            }
+          },
+          required: ["slug"]
+        }
+      },
       {
         name: "kode_read_context",
         description: "Read the project context file (.cure-kode/context.md). Contains current scripts, notes, and session history. ALWAYS call this before starting work on a Kode project.",
@@ -667,35 +789,155 @@ ${script.content}`
         };
       }
       case "kode_create_script": {
-        const { name: scriptName, type, content, scope, autoLoad } = args;
+        const { name: scriptName, type, scope, autoLoad, purpose } = args;
         const scriptScope = scope || "global";
         const script = await client.createScript(siteId, {
           name: scriptName,
           slug: scriptName,
           type,
-          content,
+          content: "",
+          // Empty - content comes from local files via kode_push
           scope: scriptScope,
-          autoLoad
-          // Let API handle default based on scope
+          autoLoad,
+          metadata: purpose ? { purpose } : void 0
         });
-        const autoLoadStatus = script.auto_load ? "will auto-load" : "manual load only (use CK.loadScript())";
+        const scriptsDir = getScriptsDir();
+        const ext = type === "javascript" ? "js" : "css";
+        const localPath = scriptsDir ? `${scriptsDir}/${scriptName}.${ext}` : `.cure-kode-scripts/${scriptName}.${ext}`;
+        let responseText = `Created script "${script.name}" (${script.type})`;
+        responseText += `
+Slug: ${script.slug}`;
+        responseText += `
+Scope: ${script.scope}`;
+        responseText += `
+Auto-load: ${script.auto_load ? "yes" : "no"}`;
+        if (purpose) responseText += `
+Purpose: ${purpose}`;
+        responseText += `
+
+Next steps:`;
+        responseText += `
+1. Create file: ${localPath}`;
+        responseText += `
+2. Write your ${type} code`;
+        responseText += `
+3. Run kode_push to upload content`;
+        responseText += `
+4. Run kode_deploy to make it live`;
         return {
           content: [
             {
               type: "text",
-              text: `Created script "${script.name}" (${script.type})
-Slug: ${script.slug}
-Scope: ${script.scope}
-Auto-load: ${autoLoadStatus}
-Version: ${script.current_version}
-
-Note: Run kode_deploy to make it live.`
+              text: responseText
             }
           ]
         };
       }
+      case "kode_push": {
+        const { scriptSlug, force } = args;
+        const scriptsDir = getScriptsDir();
+        if (!scriptsDir || !fs2.existsSync(scriptsDir)) {
+          return {
+            content: [{
+              type: "text",
+              text: 'No .cure-kode-scripts/ folder found. Run "kode init" first or create the folder manually.'
+            }],
+            isError: true
+          };
+        }
+        const remoteScripts = await client.listScripts(siteId);
+        const localFiles = fs2.readdirSync(scriptsDir).filter((f) => f.endsWith(".js") || f.endsWith(".css"));
+        if (scriptSlug) {
+          const ext = remoteScripts.find((s) => s.slug === scriptSlug)?.type === "css" ? "css" : "js";
+          const fileName = `${scriptSlug}.${ext}`;
+          const filePath = path2.join(scriptsDir, fileName);
+          if (!fs2.existsSync(filePath)) {
+            return {
+              content: [{
+                type: "text",
+                text: `File not found: ${filePath}
+
+Available files: ${localFiles.join(", ") || "(none)"}`
+              }],
+              isError: true
+            };
+          }
+          const content = fs2.readFileSync(filePath, "utf-8");
+          const remote = remoteScripts.find((s) => s.slug === scriptSlug);
+          if (!remote) {
+            return {
+              content: [{
+                type: "text",
+                text: `Script "${scriptSlug}" not found on server. Create it first with kode_create_script.`
+              }],
+              isError: true
+            };
+          }
+          if (!force && remote.content === content) {
+            return {
+              content: [{
+                type: "text",
+                text: `Script "${scriptSlug}" is already up to date (${content.length} chars). Use force: true to push anyway.`
+              }]
+            };
+          }
+          const updated = await client.updateScript(remote.id, {
+            content,
+            changeSummary: "Pushed via MCP"
+          });
+          return {
+            content: [{
+              type: "text",
+              text: `Pushed "${scriptSlug}": ${content.length} chars \u2192 v${updated.current_version}
+
+Run kode_deploy to make changes live.`
+            }]
+          };
+        }
+        const results = [];
+        let pushedCount = 0;
+        let skippedCount = 0;
+        for (const file of localFiles) {
+          const slug = file.replace(/\.(js|css)$/, "");
+          const filePath = path2.join(scriptsDir, file);
+          const content = fs2.readFileSync(filePath, "utf-8");
+          const remote = remoteScripts.find((s) => s.slug === slug);
+          if (!remote) {
+            results.push(`\u26A0\uFE0F ${slug}: not on server (create with kode_create_script first)`);
+            continue;
+          }
+          if (!force && remote.content === content) {
+            skippedCount++;
+            continue;
+          }
+          try {
+            const updated = await client.updateScript(remote.id, {
+              content,
+              changeSummary: "Pushed via MCP"
+            });
+            results.push(`\u2713 ${slug}: ${content.length} chars \u2192 v${updated.current_version}`);
+            pushedCount++;
+          } catch (err) {
+            results.push(`\u2717 ${slug}: ${err instanceof Error ? err.message : "failed"}`);
+          }
+        }
+        let responseText = `Push complete: ${pushedCount} updated, ${skippedCount} unchanged`;
+        if (results.length > 0) {
+          responseText += `
+
+${results.join("\n")}`;
+        }
+        if (pushedCount > 0) {
+          responseText += `
+
+Run kode_deploy to make changes live.`;
+        }
+        return {
+          content: [{ type: "text", text: responseText }]
+        };
+      }
       case "kode_update_script": {
-        const { slug, content, autoLoad, scope, changeSummary } = args;
+        const { slug, autoLoad, scope, purpose, regenerateSummary } = args;
         const scripts = await client.listScripts(siteId);
         const script = scripts.find((s) => s.slug === slug || s.id === slug);
         if (!script) {
@@ -704,24 +946,32 @@ Note: Run kode_deploy to make it live.`
             isError: true
           };
         }
-        const updateData = {};
-        if (content !== void 0) updateData.content = content;
+        const updateData = {
+          changeSummary: "Updated settings via MCP"
+        };
         if (autoLoad !== void 0) updateData.autoLoad = autoLoad;
         if (scope !== void 0) updateData.scope = scope;
-        updateData.changeSummary = changeSummary || "Updated via MCP";
+        if (purpose !== void 0) updateData.metadata = { purpose };
+        if (regenerateSummary !== void 0) updateData.regenerateSummary = regenerateSummary;
         const updated = await client.updateScript(script.id, updateData);
         const changes = [];
-        if (content !== void 0) changes.push(`content \u2192 v${updated.current_version}`);
-        if (autoLoad !== void 0) changes.push(`auto_load \u2192 ${autoLoad}`);
+        if (autoLoad !== void 0) changes.push(`autoLoad \u2192 ${autoLoad}`);
         if (scope !== void 0) changes.push(`scope \u2192 ${scope}`);
+        if (purpose !== void 0) changes.push(`purpose updated`);
+        if (regenerateSummary) changes.push("AI summary regenerated");
+        let responseText = `Updated script "${updated.name}"`;
+        if (changes.length > 0) {
+          responseText += `
+Changes: ${changes.join(", ")}`;
+        }
+        responseText += `
+
+To update content: edit local file and run kode_push`;
         return {
           content: [
             {
               type: "text",
-              text: `Updated script "${updated.name}"
-Changes: ${changes.join(", ")}
-
-Note: Run kode_deploy to make changes live.`
+              text: responseText
             }
           ]
         };
@@ -752,19 +1002,55 @@ Note: Run kode_deploy to make changes live.`
           environment: environment || "staging",
           notes: notes || "Deployed via MCP"
         });
+        let responseText = `Deployment ${deployment.version} to ${deployment.environment}: ${deployment.status}`;
+        responseText += `
+Started: ${deployment.started_at}`;
+        if (deployment.completed_at) {
+          responseText += `
+Completed: ${deployment.completed_at}`;
+        }
+        const scriptSizes = deployment.stats?.scriptSizes;
+        if (scriptSizes && scriptSizes.length > 0) {
+          responseText += `
+
+Scripts deployed (${scriptSizes.length}):`;
+          for (const s of scriptSizes) {
+            const flags = [
+              s.scope === "global" ? "G" : "P",
+              s.autoLoad ? "\u26A1" : "\u25CB"
+            ].join("");
+            responseText += `
+  ${s.slug} [${flags}]: ${s.contentSize} chars`;
+            if (s.contentSize === 0) {
+              responseText += " \u26A0\uFE0F EMPTY";
+            } else if (s.contentSize < 50 && s.scope === "global") {
+              responseText += " \u26A0\uFE0F very small";
+            }
+          }
+        }
         return {
           content: [
             {
               type: "text",
-              text: `Deployment ${deployment.version} to ${deployment.environment}: ${deployment.status}
-Started: ${deployment.started_at}${deployment.completed_at ? `
-Completed: ${deployment.completed_at}` : ""}`
+              text: responseText
             }
           ]
         };
       }
       case "kode_promote": {
+        const { confirmed } = args;
         const status = await client.getDeploymentStatus(siteId);
+        if (!status.productionEnabled) {
+          return {
+            content: [
+              {
+                type: "text",
+                text: "Cannot promote: Production is not enabled for this site.\n\nRun kode_production_enable first to activate the production environment."
+              }
+            ],
+            isError: true
+          };
+        }
         if (!status.canPromote) {
           return {
             content: [
@@ -776,23 +1062,109 @@ Completed: ${deployment.completed_at}` : ""}`
             isError: true
           };
         }
+        if (!confirmed) {
+          const stagingVersion = status.staging.lastSuccessful?.version || "unknown";
+          const productionVersion = status.production.lastSuccessful?.version || "(none)";
+          return {
+            content: [
+              {
+                type: "text",
+                text: `\u26A0\uFE0F PRODUCTION PROMOTION CONFIRMATION REQUIRED
+
+This will deploy to production:
+  Staging version: ${stagingVersion}
+  Current production: ${productionVersion}
+
+To proceed, call kode_promote with confirmed: true
+
+Note: Always test on staging first before promoting to production.`
+              }
+            ]
+          };
+        }
         const deployment = await client.promoteToProduction(siteId);
         return {
           content: [
             {
               type: "text",
-              text: `Promoted ${deployment.version} to production
+              text: `\u2705 Promoted ${deployment.version} to production
 Status: ${deployment.status}`
             }
           ]
         };
       }
+      case "kode_rollback": {
+        const { environment = "staging" } = args;
+        if (environment === "production") {
+          const status = await client.getDeploymentStatus(siteId);
+          if (!status.productionEnabled) {
+            return {
+              content: [
+                {
+                  type: "text",
+                  text: "Cannot rollback production: Production is not enabled for this site."
+                }
+              ],
+              isError: true
+            };
+          }
+        }
+        const result = await client.rollback(siteId, environment);
+        return {
+          content: [
+            {
+              type: "text",
+              text: `\u2705 Rolled back ${environment}
+
+From: ${result.rolledBackFrom.version}
+To: ${result.rolledBackTo.version}
+
+CDN URL: ${result.cdn_url}
+Duration: ${result.duration_ms}ms`
+            }
+          ]
+        };
+      }
+      case "kode_production_enable": {
+        const { productionDomain } = args;
+        const result = await client.setProductionEnabled(siteId, true, productionDomain);
+        let text = "Production environment enabled!\n\n";
+        if (result.productionDomain) {
+          text += `Domain: ${result.productionDomain}
+`;
+        }
+        text += "\nNext steps:\n";
+        text += "1. Deploy to staging: kode_deploy\n";
+        text += "2. Promote to production: kode_promote";
+        return {
+          content: [{ type: "text", text }]
+        };
+      }
+      case "kode_production_disable": {
+        await client.setProductionEnabled(siteId, false);
+        return {
+          content: [
+            {
+              type: "text",
+              text: "Production environment disabled.\n\nOnly staging is now active. Production domain requests will receive an empty script with a warning."
+            }
+          ]
+        };
+      }
       case "kode_status": {
         const status = await client.getDeploymentStatus(siteId);
         const config = getConfig();
         let text = `Site: ${config?.siteName || "Unknown"}
 
 `;
+        const productionEnabled = status.productionEnabled ?? false;
+        text += `PRODUCTION STATUS: ${productionEnabled ? "\u2713 Enabled" : "\u25CB Disabled (staging only)"}
+`;
+        if (productionEnabled && status.productionDomain) {
+          text += `  Domain: ${status.productionDomain}
+`;
+        }
+        text += "\n";
         text += `STAGING:
 `;
         if (status.staging.lastSuccessful) {
@@ -807,17 +1179,25 @@ Status: ${deployment.status}`
         text += `
 PRODUCTION:
 `;
-        if (status.production.lastSuccessful) {
+        if (!productionEnabled) {
+          text += `  (Disabled - use kode_production_enable to activate)
+`;
+        } else if (status.production.lastSuccessful) {
           text += `  Version: ${status.production.lastSuccessful.version}
 `;
           text += `  Deployed: ${status.production.lastSuccessful.completed_at}
 `;
         } else {
-          text += `  Not deployed
+          text += `  Enabled, not yet deployed
 `;
         }
-        text += `
+        if (productionEnabled) {
+          text += `
 Can promote staging to production: ${status.canPromote ? "Yes" : "No"}`;
+        } else {
+          text += `
+Enable production first (kode_production_enable) before promoting.`;
+        }
         return {
           content: [{ type: "text", text }]
         };
@@ -1002,6 +1382,184 @@ Embed code:
           content: [{ type: "text", text }]
         };
       }
+      case "kode_analyze_script": {
+        const { slug, saveToScript } = args;
+        const scripts = await client.listScripts(siteId);
+        const script = scripts.find((s) => s.slug === slug || s.id === slug);
+        if (!script) {
+          return {
+            content: [{ type: "text", text: `Script "${slug}" not found` }],
+            isError: true
+          };
+        }
+        try {
+          const result = await client.analyzeScript(script.id, { saveToScript });
+          let text = `Script Analysis: ${script.name}
+
+`;
+          text += `Purpose: ${result.metadata.purpose || "(not detected)"}
+
+`;
+          if (result.metadata.triggers.length > 0) {
+            text += `Triggers:
+`;
+            for (const t of result.metadata.triggers) {
+              text += `  - ${t.event}${t.selector ? ` on ${t.selector}` : ""}
+`;
+            }
+            text += "\n";
+          }
+          if (result.metadata.domTargets.length > 0) {
+            text += `DOM Targets:
+`;
+            for (const d of result.metadata.domTargets) {
+              text += `  - ${d.selector} (${d.action})
+`;
+            }
+            text += "\n";
+          }
+          if (result.metadata.dependencies.length > 0) {
+            text += `Dependencies:
+`;
+            for (const dep of result.metadata.dependencies) {
+              text += `  - ${dep.name}${dep.required ? " (required)" : ""}
+`;
+            }
+            text += "\n";
+          }
+          text += `Flags:
+`;
+          text += `  - Modifies DOM: ${result.metadata.modifiesDom ? "Yes" : "No"}
+`;
+          text += `  - Event listeners: ${result.metadata.addsEventListeners ? "Yes" : "No"}
+`;
+          if (result.metadata.usesExternalApis) text += `  - Uses external APIs: Yes
+`;
+          if (result.metadata.usesLocalStorage) text += `  - Uses localStorage: Yes
+`;
+          if (result.metadata.usesCookies) text += `  - Uses cookies: Yes
+`;
+          if (result.warnings.length > 0) {
+            text += `
+Warnings:
+`;
+            for (const w of result.warnings) {
+              text += `  \u26A0\uFE0F ${w}
+`;
+            }
+          }
+          if (result.suggestions.length > 0) {
+            text += `
+Suggestions:
+`;
+            for (const s of result.suggestions) {
+              text += `  \u{1F4A1} ${s}
+`;
+            }
+          }
+          if (saveToScript) {
+            text += `
+\u2713 Metadata saved to script. Run kode_deploy to update CDN.`;
+          } else {
+            text += `
+Use saveToScript: true to save this metadata to the script.`;
+          }
+          return {
+            content: [{ type: "text", text }]
+          };
+        } catch (error) {
+          const message = error instanceof Error ? error.message : "Unknown error";
+          return {
+            content: [{ type: "text", text: `Failed to analyze script: ${message}` }],
+            isError: true
+          };
+        }
+      }
+      case "kode_get_script_metadata": {
+        const { slug } = args;
+        const scripts = await client.listScripts(siteId);
+        const script = scripts.find((s) => s.slug === slug || s.id === slug);
+        if (!script) {
+          return {
+            content: [{ type: "text", text: `Script "${slug}" not found` }],
+            isError: true
+          };
+        }
+        try {
+          const result = await client.getScriptMetadata(script.id);
+          if (!result.metadata) {
+            return {
+              content: [{
+                type: "text",
+                text: `Script "${script.name}" has no metadata.
+
+Use kode_analyze_script to generate metadata, or provide metadata when creating/updating the script.`
+              }]
+            };
+          }
+          let text = `Metadata for: ${script.name}
+
+`;
+          if (result.metadata.purpose) {
+            text += `Purpose: ${result.metadata.purpose}
+
+`;
+          }
+          if (result.aiSummary) {
+            text += `AI Summary: ${result.aiSummary}
+
+`;
+          }
+          if (result.metadata.triggers.length > 0) {
+            text += `Triggers:
+`;
+            for (const t of result.metadata.triggers) {
+              text += `  - ${t.event}${t.selector ? ` on ${t.selector}` : ""}
+`;
+            }
+            text += "\n";
+          }
+          if (result.metadata.domTargets.length > 0) {
+            text += `DOM Targets:
+`;
+            for (const d of result.metadata.domTargets) {
+              text += `  - ${d.selector} (${d.action})
+`;
+            }
+            text += "\n";
+          }
+          if (result.metadata.dependencies.length > 0) {
+            text += `Dependencies:
+`;
+            for (const dep of result.metadata.dependencies) {
+              text += `  - ${dep.name}${dep.required ? " (required)" : ""}
+`;
+            }
+            text += "\n";
+          }
+          text += `Flags:
+`;
+          text += `  - AI Generated: ${result.aiGenerated ? "Yes" : "No"}
+`;
+          text += `  - Modifies DOM: ${result.metadata.modifiesDom ? "Yes" : "No"}
+`;
+          text += `  - Event listeners: ${result.metadata.addsEventListeners ? "Yes" : "No"}
+`;
+          if (result.lastAnalyzed) {
+            text += `
+Last analyzed: ${result.lastAnalyzed}`;
+          }
+          return {
+            content: [{ type: "text", text }]
+          };
+        } catch (error) {
+          const message = error instanceof Error ? error.message : "Unknown error";
+          return {
+            content: [{ type: "text", text: `Failed to get metadata: ${message}` }],
+            isError: true
+          };
+        }
+      }
       case "kode_read_context": {
         const contextPath = getContextPath();
         if (!contextPath) {

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@curenorway/kode-mcp",
-  "version": "1.2.0",
-  "description": "MCP server for Cure Kode - enables AI agents to manage Webflow scripts",
+  "version": "1.4.0",
+  "description": "MCP server for Cure Kode CDN - enables AI agents to manage, deploy, and analyze Webflow scripts",
   "type": "module",
   "bin": {
     "cure-kode-mcp": "./dist/index.js"