npm - @customer-support-success/pylon-mcp-server - Versions diffs - 3.7.0 → 3.7.2 - Mend

@customer-support-success/pylon-mcp-server 3.7.0 → 3.7.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/.env.example +11 -1
package/CHANGELOG.md +43 -0
package/CLAUDE.md +1 -11
package/README.md +94 -47
package/dist/index.js +1 -1
package/package.json +1 -1
package/GCP_SETUP.md +0 -109
package/SECURITY_AUDIT_REPORT.md +0 -270
package/smithery.yaml +0 -17

package/.env.example CHANGED Viewed

@@ -7,4 +7,14 @@ PYLON_API_TOKEN=your_pylon_api_token_here
 # Cache TTL in milliseconds (optional)
 # Default: 30000 (30 seconds)
 # Set to 0 to disable caching
-# PYLON_CACHE_TTL=30000
+# PYLON_CACHE_TTL=30000
+# Maximum retry attempts for transient failures (optional)
+# Default: 3
+# Set to 0 to disable retries
+# Retries on: 429 (rate limit), 5xx (server error), network timeouts
+# PYLON_RETRY_MAX=3
+# Debug logging (optional)
+# Set to true to log request/response details and retry attempts to stderr
+# PYLON_DEBUG=true

package/CHANGELOG.md CHANGED Viewed

@@ -5,6 +5,49 @@ All notable changes to the Pylon MCP Server will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+## [3.7.2] - 2026-03-31
+### 🔧 CI
+- Aligned security.yml workflow to Node 22 (was Node 20, matching CI workflow)
+### 📦 Dependencies
+- Bumped path-to-regexp from 8.3.0 to 8.4.0
+- Bumped picomatch from 2.3.1 to 2.3.2
+- Bumped flatted from 3.3.3 to 3.4.2
+- Bumped hono from 4.12.3 to 4.12.7
+- Bumped express-rate-limit from 8.2.1 to 8.3.0
+- Bumped @hono/node-server from 1.19.9 to 1.19.10
+### 🔒 Security
+- Resolved npm audit vulnerability via dependency updates
+## [3.7.1] - 2026-02-27
+### Changed
+- **Documentation**: Comprehensive README and CLAUDE.md update
+  - Added 12 missing tools to Available Tools section (38 total now documented)
+  - Added retry logic documentation (`PYLON_RETRY_MAX`, `PYLON_DEBUG`, Retry Behavior section)
+  - Removed all Smithery references and deleted `smithery.yaml`
+  - Removed stale "NEW" markers from 7 tools
+  - Fixed workflow reference (`publish.yml` → `release.yml`)
+  - Rewrote Features section to cover all capabilities
+  - Expanded Example Tool Usage section
+### Removed
+- Deleted `GCP_SETUP.md` (outdated, referenced non-existent `publish.yml`)
+- Deleted `SECURITY_AUDIT_REPORT.md` (one-time pre-publication audit, no longer relevant)
+- Removed tracked `.DS_Store` and `.idea/` files (should never have been committed)
+### Fixed
+- Added `.DS_Store` to `.gitignore`
+- Added `PYLON_RETRY_MAX` and `PYLON_DEBUG` to `.env.example`
 ## [3.7.0] - 2026-02-27
 ### Added

package/CLAUDE.md CHANGED Viewed

@@ -13,13 +13,12 @@ This is an MCP (Model Context Protocol) server that provides comprehensive integ
 - **HTTP Client**: Axios for API communication
 - **Caching**: In-memory cache with configurable TTL (default 30s)
 - **Build System**: TypeScript compiler
-- **Deployment**: Smithery platform
+- **Deployment**: npm registry
 ## Key Files
 - `src/pylon-client.ts` - Pylon API client with authentication and all endpoint methods
 - `src/index.ts` - MCP server implementation with tool definitions and handlers
-- `smithery.yaml` - Smithery deployment configuration
 - `package.json` - Dependencies and build scripts
 ## API Coverage
@@ -132,12 +131,6 @@ To test the MCP server with a real client:
 - Use built `dist/index.js` as entrypoint
 - Can run with `npx pylon-mcp-server` after publishing to npm
-### Smithery Production
-- Uses `smithery.yaml` configuration
-- Automatic dependency installation and build
-- Environment variable configuration through Smithery UI
 ## Code Patterns
 ### Adding New API Endpoints
@@ -184,8 +177,6 @@ To test the MCP server with a real client:
    }
    ```
-5. **Update smithery.yaml** tools list
 ## Error Handling
 - All API calls are wrapped in try/catch
@@ -210,6 +201,5 @@ To test the MCP server with a real client:
 - Add response type validation
 - Implement proper TypeScript types for all API responses
-- Add retry logic for failed API calls
 - Implement rate limiting
 - Add comprehensive error codes mapping

package/README.md CHANGED Viewed

@@ -4,13 +4,22 @@ An MCP (Model Context Protocol) server for integrating with the Pylon API.
 ## Features
-This MCP server provides tools to interact with Pylon's API:
+This MCP server provides 38 tools for comprehensive Pylon API integration:
-- **User Management**: Get current user information
+- **User Management**: Get current user, list and search team members
 - **Contacts**: List, search, and create contacts
-- **Issues**: List, filter, and create issues
-- **Knowledge Base**: Access and create knowledge base articles
-- **Smart Caching**: Automatic caching of GET requests to minimize API usage
+- **Issues**: Full CRUD, search, filter, snooze, and delete issues
+- **Tags**: Get, create, add, and remove tags on issues
+- **External Issue Linking**: Link/unlink Linear, Jira, GitHub, Asana issues
+- **Issue Followers**: Get, add, and remove followers on issues
+- **Similar Issues**: Find similar issues by requestor, account, or globally
+- **Knowledge Base**: List knowledge bases and create articles
+- **Teams**: List, get details, and create teams
+- **Accounts**: List and get account details
+- **Attachments**: Get metadata and create from URL
+- **Ticket Forms**: List available submission forms
+- **Smart Caching**: Automatic caching of GET requests with configurable TTL
+- **Retry Logic**: Exponential backoff for transient failures (429, 5xx, timeouts)
 ## Setup
@@ -22,6 +31,14 @@ Set the following environment variables:
 - `PYLON_CACHE_TTL`: Cache time-to-live in milliseconds (optional, default: 30000)
   - Set to `0` to disable caching
   - Example: `PYLON_CACHE_TTL=60000` for 60-second cache
+- `PYLON_RETRY_MAX`: Maximum retry attempts for transient failures (optional, default: 3)
+  - Set to `0` to disable retries
+  - Retries on: 429 (rate limit), 5xx (server error), network timeouts
+  - Only retries idempotent requests (GET, HEAD, OPTIONS, PUT, DELETE)
+  - Uses exponential backoff with jitter
+  - Respects `Retry-After` header (capped at 30 seconds)
+- `PYLON_DEBUG`: Set to `true` to enable debug logging (optional)
+  - Logs request/response details and retry attempts to stderr
 ### HTTP Request Timeout
@@ -37,6 +54,15 @@ If you encounter timeout errors, check:
 2. Pylon API status
 3. Whether the operation is legitimately slow (e.g., large data queries)
+### Retry Behavior
+The client automatically retries transient API failures with exponential backoff:
+- **Retried errors**: HTTP 429 (rate limit), 5xx (server errors), network timeouts
+- **Not retried**: 4xx client errors (400, 401, 403, 404, 422), POST/PATCH requests
+- **Backoff**: `min(1000ms × 2^attempt + random jitter, 30s)`, respects `Retry-After` header
+- **Default**: 3 retry attempts. Set `PYLON_RETRY_MAX=0` to disable.
 ### Caching Behavior
 The server implements intelligent caching to reduce API calls:
@@ -77,7 +103,7 @@ Preferred: tag and let GitHub Actions publish via npm Trusted Publishing (OIDC)
 git tag vX.Y.Z && git push origin vX.Y.Z
 ```
-CI (`.github/workflows/publish.yml`) will build/test and publish to npmjs with `--provenance` via trusted publisher.
+CI (`.github/workflows/release.yml`) will build/test and publish to npmjs with `--provenance` via trusted publisher.
 Manual (maintainers only, if ever needed):
@@ -126,10 +152,13 @@ npm run test:coverage
 ### User Tools
 - `pylon_get_me`: Get current user information
+- `pylon_get_users`: Get all team members and support agents
+- `pylon_search_users`: Search for team members by name, email, or department
 ### Contact Tools
 - `pylon_get_contacts`: List contacts with optional search and limit
+- `pylon_search_contacts`: Search for contacts by name, email, or company
 - `pylon_create_contact`: Create a new contact
 ### Issue Tools
@@ -142,21 +171,21 @@ npm run test:coverage
 - `pylon_get_issue_with_messages`: Get a complete issue with all messages in one call
 - `pylon_get_issue_messages`: Get conversation history for an issue
 - `pylon_update_issue`: Update issue status, priority, assignee, or replace all tags
-- `pylon_add_tags`: **NEW** - Incrementally add tags to an issue (preserves existing tags, deduplicates)
-- `pylon_remove_tags`: **NEW** - Incrementally remove specific tags from an issue (leaves other tags intact)
+- `pylon_add_tags`: Incrementally add tags to an issue (preserves existing tags, deduplicates)
+- `pylon_remove_tags`: Incrementally remove specific tags from an issue (leaves other tags intact)
 - `pylon_snooze_issue`: Temporarily hide an issue until a future date
 - `pylon_delete_issue`: Permanently delete an issue (⚠️ destructive operation)
 ### External Issue Linking Tools
-- `pylon_link_external_issue`: **NEW** - Link an external issue (Linear, Jira, GitHub, Asana) to a Pylon issue
-- `pylon_unlink_external_issue`: **NEW** - Unlink an external issue from a Pylon issue
+- `pylon_link_external_issue`: Link an external issue (Linear, Jira, GitHub, Asana) to a Pylon issue
+- `pylon_unlink_external_issue`: Unlink an external issue from a Pylon issue
 ### Issue Followers Tools
-- `pylon_get_issue_followers`: **NEW** - Get the list of followers for an issue
-- `pylon_add_issue_followers`: **NEW** - Add users and/or contacts as followers to an issue
-- `pylon_remove_issue_followers`: **NEW** - Remove followers from an issue
+- `pylon_get_issue_followers`: Get the list of followers for an issue
+- `pylon_add_issue_followers`: Add users and/or contacts as followers to an issue
+- `pylon_remove_issue_followers`: Remove followers from an issue
 #### Searching by Custom Status
@@ -197,11 +226,37 @@ pylon_search_issues with:
 > **Note:** The Pylon API does not support creating messages programmatically. Messages can only be created through the Pylon web UI or original channels (Slack, email, etc.).
+### Similar Issues Tools
+- `pylon_find_similar_issues_for_requestor`: Find similar issues from the same contact
+- `pylon_find_similar_issues_for_account`: Find similar issues from the same account/company
+- `pylon_find_similar_issues_global`: Find similar issues across all users and companies
 ### Knowledge Base Tools
 - `pylon_get_knowledge_bases`: List all knowledge bases
 - `pylon_create_knowledge_base_article`: Create a new article in a knowledge base
+### Team Tools
+- `pylon_get_teams`: List all support teams
+- `pylon_get_team`: Get details of a specific team
+- `pylon_create_team`: Create a new support team
+### Account Tools
+- `pylon_get_accounts`: List all customer accounts
+- `pylon_get_account`: Get details of a specific account
+### Tag Tools
+- `pylon_get_tags`: Get all available tags
+- `pylon_create_tag`: Create a new tag
+### Ticket Form Tools
+- `pylon_get_ticket_forms`: Get all ticket submission forms
 ### Attachment Tools
 - `pylon_get_attachment`: Get attachment metadata (includes a downloadable URL)
@@ -238,13 +293,14 @@ Augment Code supports MCP servers through its Easy MCP feature in VS Code and Je
        "args": ["@customer-support-success/pylon-mcp-server"],
        "env": {
          "PYLON_API_TOKEN": "your_pylon_api_token_here",
-         "PYLON_CACHE_TTL": "30000"
+         "PYLON_CACHE_TTL": "30000",
+         "PYLON_RETRY_MAX": "3"
        }
      }
    }
    ```
-   > **Note**: `PYLON_CACHE_TTL` is optional and defaults to 30000ms (30 seconds). Set to `0` to disable caching.
+   > **Note**: `PYLON_RETRY_MAX` is optional and defaults to 3. Set to `0` to disable retries. `PYLON_CACHE_TTL` is optional and defaults to 30000ms (30 seconds). Set to `0` to disable caching.
    **Option B: Using local installation**
@@ -257,7 +313,8 @@ Augment Code supports MCP servers through its Easy MCP feature in VS Code and Je
        "args": ["/absolute/path/to/pylon-mcp-server/dist/index.js"],
        "env": {
          "PYLON_API_TOKEN": "your_pylon_api_token_here",
-         "PYLON_CACHE_TTL": "30000"
+         "PYLON_CACHE_TTL": "30000",
+         "PYLON_RETRY_MAX": "3"
        }
      }
    }
@@ -310,7 +367,8 @@ Add this to your Claude Desktop MCP settings (`~/Library/Application Support/Cla
       "args": ["@customer-support-success/pylon-mcp-server"],
       "env": {
         "PYLON_API_TOKEN": "your_pylon_api_token_here",
-        "PYLON_CACHE_TTL": "30000"
+        "PYLON_CACHE_TTL": "30000",
+        "PYLON_RETRY_MAX": "3"
       }
     }
   }
@@ -327,7 +385,8 @@ Add this to your Claude Desktop MCP settings (`~/Library/Application Support/Cla
       "args": ["/path/to/pylon-mcp-server/dist/index.js"],
       "env": {
         "PYLON_API_TOKEN": "your_pylon_api_token_here",
-        "PYLON_CACHE_TTL": "30000"
+        "PYLON_CACHE_TTL": "30000",
+        "PYLON_RETRY_MAX": "3"
       }
     }
   }
@@ -346,26 +405,6 @@ Use pylon_get_issues to show recent support tickets
 Search for contacts with pylon_search_contacts using "customer@example.com"
 ```
-### Running via Smithery
-1. **Deploy to Smithery**:
-   - Upload your project to Smithery
-   - Smithery will automatically use the `smithery.yaml` configuration
-   - Set the `PYLON_API_TOKEN` environment variable in Smithery's deployment settings
-2. **Configure in Claude Desktop**:
-```json
-{
-  "mcpServers": {
-    "pylon": {
-      "command": "npx",
-      "args": ["-y", "@smithery/pylon-mcp-server"]
-    }
-  }
-}
-```
 ### Example Tool Usage
 Once connected, you can use the available tools:
@@ -381,6 +420,20 @@ Once connected, you can use the available tools:
 "Get issue #123 with all messages" → uses pylon_get_issue_with_messages
 "Update issue status to resolved" → uses pylon_update_issue
+# Similar Issues
+"Find similar issues from this customer" → uses pylon_find_similar_issues_for_requestor
+"Check if this account has had similar problems" → uses pylon_find_similar_issues_for_account
+# Tags
+"Show all available tags" → uses pylon_get_tags
+"Add a tag to this issue" → uses pylon_add_tags
+# External Linking
+"Link this Linear ticket to the Pylon issue" → uses pylon_link_external_issue
+# Issue Followers
+"Add me as a follower on this issue" → uses pylon_add_issue_followers
 # Attachments
 "Create attachment from URL" → uses pylon_create_attachment_from_url
@@ -388,20 +441,14 @@ Once connected, you can use the available tools:
 "List all knowledge bases" → uses pylon_get_knowledge_bases
 "Create a new help article" → uses pylon_create_knowledge_base_article
+# Ticket Forms
+"Show available ticket forms" → uses pylon_get_ticket_forms
 # Team & Account Management
 "Show all teams" → uses pylon_get_teams
 "Get account details" → uses pylon_get_accounts
 ```
-## Deployment to Smithery
-This server is designed to be deployed to Smithery using the included `smithery.yaml` configuration. The deployment will automatically:
-- Install dependencies with `npm install && npm run build`
-- Configure the Node.js runtime with proper entrypoint
-- Expose all supported Pylon API tools
-- Require the `PYLON_API_TOKEN` environment variable
 ## API Reference
 For more information about the Pylon API, visit the [API reference](https://docs.usepylon.com/pylon-docs/developer/api/api-reference).

package/dist/index.js CHANGED Viewed

@@ -11,7 +11,7 @@ const pylonClient = createPylonClient(PYLON_API_TOKEN, PYLON_CACHE_TTL);
 // Create the McpServer instance (high-level API, replaces deprecated Server class)
 const mcpServer = new McpServer({
     name: 'pylon-mcp-server',
-    version: '3.7.0',
+    version: '3.7.1',
 });
 // Helper function to ensure pylonClient is initialized
 function ensurePylonClient() {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@customer-support-success/pylon-mcp-server",
-  "version": "3.7.0",
+  "version": "3.7.2",
   "description": "MCP server for Pylon API integration",
   "type": "module",
   "main": "dist/index.js",

package/GCP_SETUP.md DELETED Viewed

@@ -1,109 +0,0 @@
-# npm Public Publish Guide
-This document explains how the Pylon MCP Server is published to and used from the public npm registry using npm Trusted Publishing (OIDC).
-## What Was Set Up
-1. **npm Registry (public)**
-   - Registry: `https://registry.npmjs.org/`
-   - Package: `@customer-support-success/pylon-mcp-server`
-   - Access: public
-2. **Trusted Publisher**
-   - Provider: GitHub
-   - Repository: `mgmonteleone/pylon-mcp`
-   - Workflow: `.github/workflows/publish.yml`
-   - Branch: `main`
-## For Users: Installing and Using the Package
-### Using with npx (Recommended)
-```bash
-npx @customer-support-success/pylon-mcp-server
-```
-### Installing Globally
-```bash
-npm install -g @customer-support-success/pylon-mcp-server
-```
-### Using with Augment Code
-Add this to your Augment Code MCP configuration (npm public):
-```json
-{
-  "pylon": {
-    "command": "npx",
-    "args": ["@customer-support-success/pylon-mcp-server"],
-    "env": {
-      "PYLON_API_TOKEN": "your_pylon_api_token_here"
-    }
-  }
-}
-```
-### Using with Claude Desktop
-Add this to `~/Library/Application Support/Claude/claude_desktop_config.json`:
-```json
-{
-  "mcpServers": {
-    "pylon": {
-      "command": "npx",
-      "args": ["@customer-support-success/pylon-mcp-server"],
-      "env": {
-        "PYLON_API_TOKEN": "your_pylon_api_token_here"
-      }
-    }
-  }
-}
-```
-## For Maintainers: Publishing Updates
-### Prerequisites
-1. GCP authentication with publish permissions
-2. Local repository cloned and up to date
-### Publishing a New Version
-1. **Update the version** in `package.json`:
-   ```bash
-   npm version patch  # or minor, or major
-   ```
-2. **Publish (CI preferred via trusted publisher)**:
-   - Push a tag `vX.Y.Z` and let `.github/workflows/publish.yml` build/test/publish to npmjs with `--provenance`.
-   - Local/manual (maintainers only, if needed):
-     ```bash
-     npm run build
-     npm publish --access public
-     ```
-### Verifying the Publication
-```bash
-npm view @customer-support-success/pylon-mcp-server version
-```
-## Troubleshooting
-### Authentication Issues
-If npm publish fails locally, ensure you use the trusted publisher workflow or a granular access token with publish rights and 2FA bypass. For installs, no auth is required (public package).
-## Files Created/Modified
-None (documentation only).
-## Notes
-- Package is public on npm; no auth required for consumers.
-- Publishing is handled by GitHub Actions via npm Trusted Publishing (OIDC). Manual publishes should be rare.

package/SECURITY_AUDIT_REPORT.md DELETED Viewed

@@ -1,270 +0,0 @@
-# Security & Compliance Audit Report
-## Pylon MCP Server
-**Date:** December 4, 2025
-**Auditor:** Automated Security Analysis
-**Scope:** Pre-publication security, PII, and SOC-2 compliance review
-**Status:** ✅ **PASSED - SAFE FOR PUBLIC RELEASE**
----
-## Executive Summary
-The Pylon MCP Server codebase has been thoroughly analyzed for security vulnerabilities, personally identifiable information (PII), and SOC-2 compliance concerns. **The repository is safe to make public** with no critical issues found.
-### Key Findings:
-- ✅ **No hardcoded secrets or API keys**
-- ✅ **No PII in codebase or documentation**
-- ✅ **Zero npm dependency vulnerabilities**
-- ✅ **Proper secret management via environment variables**
-- ✅ **Comprehensive .gitignore protection**
-- ⚠️ **Minor:** .npmrc configuration warning (non-blocking)
----
-## Detailed Analysis
-### 1. Secrets & Credentials Scan ✅ PASS
-**Scope:** All source files, configuration files, and documentation
-**Findings:**
-- ✅ No hardcoded API keys, tokens, or passwords found
-- ✅ All sensitive values use environment variables (`PYLON_API_TOKEN`)
-- ✅ `.env.example` contains only placeholder values
-- ✅ `.npmrc` uses environment variable substitution (`${ARTIFACT_REGISTRY_TOKEN}`) for local/manual publishing; CI uses short-lived access tokens from `GCP_CREDENTIALS`
-- ✅ No secrets in git history
-**Files Reviewed:**
-- `src/index.ts` - Uses `process.env.PYLON_API_TOKEN`
-- `src/pylon-client.ts` - Accepts token via constructor parameter
-- `.env.example` - Contains only example placeholder
-- `.npmrc` - Uses `${ARTIFACT_REGISTRY_TOKEN}` variable
-- All configuration files
-**Recommendation:** ✅ No action required
----
-### 2. PII (Personally Identifiable Information) Scan ✅ PASS
-**Scope:** Documentation, comments, example data, and code
-**Findings:**
-- ✅ No real email addresses (only examples: `customer@example.com`, `your-email@example.com`)
-- ✅ No phone numbers
-- ✅ No physical addresses
-- ✅ No names of real individuals
-- ✅ All examples use generic placeholders
-**Files Reviewed:**
-- `README.md` - Only example emails found
-- `CLAUDE.md` - No PII
-- `GCP_SETUP.md` - Only placeholder emails
-- `src/` directory - No PII in code or comments
-**Recommendation:** ✅ No action required
----
-### 3. Dependency Vulnerability Scan ✅ PASS
-**Initial State:**
-- 9 vulnerabilities found (1 moderate, 4 high, 3 critical)
-- Issues in: `@modelcontextprotocol/sdk`, `axios`, `body-parser`, `form-data`, `js-yaml`, `uglify-js`, `build`
-**Actions Taken:**
-- Ran `npm audit fix` - Updated vulnerable packages
-- Removed accidental `build` dependency (source of most vulnerabilities)
-**Final State:**
-- ✅ **0 vulnerabilities**
-- All dependencies updated to secure versions
-- 109 packages audited
-**Current Dependencies:**
-```json
-{
-  "@modelcontextprotocol/sdk": "^1.0.0", // Updated to latest
-  "axios": "^1.6.0" // Updated to latest
-}
-```
-**Recommendation:** ✅ No action required. Continue monitoring with `npm audit` regularly.
----
-### 4. Secret Management & Access Control ✅ PASS
-**Environment Variables:**
-- `PYLON_API_TOKEN` - Required for Pylon API access
-- `NPM_TOKEN` - npm token used by CI for publishing to npmjs
-- `ARTIFACT_REGISTRY_TOKEN` - Local/manual publishing token (derived from `gcloud auth application-default print-access-token`)
-**Protection Mechanisms:**
-- ✅ `.gitignore` excludes all `.env*` files (except `.env.example`)
-- ✅ `.npmignore` excludes sensitive development files
-- ✅ No secrets in published npm package
-- ✅ Clear documentation on required environment variables
-**Recommendation:** ✅ No action required
----
-### 5. SOC-2 Compliance Considerations ✅ PASS
-**Data Handling:**
-- ✅ No data storage - server acts as API proxy only
-- ✅ No logging of sensitive information
-- ✅ Authentication tokens passed via environment variables
-- ✅ HTTPS-only communication with Pylon API (`https://api.usepylon.com`)
-**Access Control:**
-- ✅ API token required for all operations
-- ✅ No default credentials
-- ✅ Clear documentation on authentication requirements
-**Audit Trail:**
-- ✅ All API calls go through centralized `PylonClient` class
-- ✅ Error handling doesn't expose sensitive data
-- ✅ No client-side data caching
-**Recommendation:** ✅ Compliant for public release
----
-### 6. Code Quality & Security Best Practices ✅ PASS
-**TypeScript Usage:**
-- ✅ Strict type checking enabled
-- ✅ Proper interface definitions
-- ✅ No use of `any` type in critical paths
-**Error Handling:**
-- ✅ Try-catch blocks around all API calls
-- ✅ Errors don't expose internal details
-- ✅ Proper error messages for missing configuration
-**Input Validation:**
-- ✅ Required parameters validated before API calls
-- ✅ Type safety through TypeScript interfaces
-- ✅ MCP SDK handles input schema validation
-**Recommendation:** ✅ No action required
----
-## Minor Issues & Warnings
-### ⚠️ npm Configuration Warning (Non-blocking)
-- npm may warn about `always-auth` in `.npmrc` in future npm versions; current behavior is unaffected. If npm deprecates it, remove the `always-auth` line.
----
-## Files Safe for Public Release
-### ✅ Source Code
-- `src/index.ts`
-- `src/pylon-client.ts`
-### ✅ Configuration
-- `package.json`
-- `tsconfig.json`
-- `.gitignore`
-- `.npmignore`
-- `.env.example`
-### ✅ Documentation
-- `README.md`
-- `CLAUDE.md`
-- `GCP_SETUP.md`
-- `LICENSE`
-### ✅ Build Artifacts
-- `dist/` (generated, excluded from git)
-### ⚠️ Consider Excluding (Optional)
-- `.npmrc` - Contains GCP-specific registry config (consider making it local-only)
-- `publish.sh` - Publishing script (consider making it maintainer-only)
-- `.idea/` - IDE settings (already in .gitignore)
----
-## Recommendations for Public Repository
-### Before Making Public:
-1. ✅ **Remove GCP-specific files** (optional but recommended):
-   ```bash
-   git rm --cached .npmrc
-   git rm --cached publish.sh
-   ```
-2. ✅ **Add SECURITY.md** for responsible disclosure
-3. ✅ **Add CONTRIBUTING.md** for contribution guidelines
-4. ✅ **Consider adding GitHub Actions** for automated security scanning
-### After Making Public:
-1. Enable GitHub security features:
-   - Dependabot alerts
-   - Code scanning
-   - Secret scanning
-2. Set up automated npm audit in CI/CD
-3. Add security policy to README
----
-## Conclusion
-✅ **APPROVED FOR PUBLIC RELEASE**
-The Pylon MCP Server repository contains no sensitive information, PII, or security vulnerabilities. All secrets are properly managed through environment variables, and the codebase follows security best practices.
-**Risk Level:** LOW
-**Confidence:** HIGH
-**Recommendation:** Safe to make repository public immediately
----
-## Audit Checklist
-- [x] Source code scanned for hardcoded secrets
-- [x] Configuration files reviewed
-- [x] Documentation checked for PII
-- [x] Dependencies scanned for vulnerabilities
-- [x] Git history checked for leaked secrets
-- [x] Environment variable usage verified
-- [x] .gitignore coverage confirmed
-- [x] Error handling reviewed
-- [x] API communication security verified
-- [x] SOC-2 compliance considerations addressed
-**Audit Completed:** December 4, 2025

package/smithery.yaml DELETED Viewed

@@ -1,17 +0,0 @@
-# Smithery configuration file: https://smithery.ai/docs/config#smitheryyaml
-startCommand:
-  type: stdio
-  configSchema:
-    # JSON Schema defining the configuration options for the MCP.
-    type: object
-    required:
-      - pylonApiToken
-    properties:
-      pylonApiToken:
-        type: string
-        description: The API key for the Pylon MCP server.
-        secret: true
-        required: true
-  commandFunction: |-
-    config => ({ command: 'node', args: ['dist/index.js'], env: { PYLON_API_TOKEN: config.pylonApiToken } })