@cyanheads/mcp-ts-core 0.10.10 → 0.10.11
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/AGENTS.md +22 -10
- package/CLAUDE.md +22 -10
- package/README.md +1 -1
- package/biome.json +1 -1
- package/changelog/0.10.x/0.10.11.md +39 -0
- package/changelog/template.md +5 -3
- package/dist/core/app.js +3 -3
- package/dist/core/app.js.map +1 -1
- package/dist/logs/combined.log +8 -0
- package/dist/logs/error.log +4 -0
- package/dist/logs/interactions.log +0 -0
- package/dist/mcp-server/tools/utils/toolDefinition.d.ts +4 -3
- package/dist/mcp-server/tools/utils/toolDefinition.d.ts.map +1 -1
- package/dist/mcp-server/tools/utils/toolDefinition.js.map +1 -1
- package/package.json +18 -18
- package/scripts/build-changelog.ts +1 -1
- package/skills/api-utils/SKILL.md +1 -1
- package/skills/code-simplifier/SKILL.md +6 -6
- package/skills/design-mcp-server/SKILL.md +51 -15
- package/skills/git-wrapup/SKILL.md +12 -5
- package/skills/orchestrations/SKILL.md +2 -2
- package/skills/polish-docs-meta/SKILL.md +1 -1
- package/skills/release-and-publish/SKILL.md +3 -1
- package/templates/AGENTS.md +27 -21
- package/templates/CLAUDE.md +27 -21
- package/templates/changelog/template.md +5 -3
- package/templates/package.json +2 -2
package/templates/CLAUDE.md
CHANGED
|
@@ -182,12 +182,14 @@ Handlers receive a unified `ctx` object. Key properties:
|
|
|
182
182
|
| Property | Description |
|
|
183
183
|
|:---------|:------------|
|
|
184
184
|
| `ctx.log` | Request-scoped logger — `.debug()`, `.info()`, `.notice()`, `.warning()`, `.error()`. Auto-correlates requestId, traceId, tenantId. |
|
|
185
|
-
| `ctx.state` | Tenant-scoped KV — `.get(key)`, `.set(key, value, { ttl? })`, `.delete(key)`, `.list(prefix, { cursor, limit })`. Accepts any serializable value. |
|
|
185
|
+
| `ctx.state` | Tenant-scoped KV — `.get(key)`, `.set(key, value, { ttl? })`, `.delete(key)`, `.getMany(keys)`, `.list(prefix, { cursor, limit })`. Accepts any serializable value. |
|
|
186
186
|
| `ctx.elicit` | Ask user for structured input — form call `(message, schema)` or `.url(message, url)` for an external link. **Check for presence first:** `if (ctx.elicit) { ... }` |
|
|
187
|
+
| `ctx.enrich` | Success-path agent context (empty-result notices, query echo, pagination totals) — `ctx.enrich(...)` or `.notice()` / `.total()` / `.echo()` / `.truncated()`. Reaches `structuredContent` and `content[]`; lands only when the definition declares an `enrichment` block (no-op otherwise). |
|
|
188
|
+
| `ctx.content` | Non-text content blocks — `.image(data, mimeType)`, `.audio(data, mimeType)`, or `ctx.content(block)` for a raw block. Prepended to `content[]` after `format()`; never enters `structuredContent`. |
|
|
187
189
|
| `ctx.signal` | `AbortSignal` for cancellation. |
|
|
188
190
|
| `ctx.progress` | Task progress (present when `task: true`) — `.setTotal(n)`, `.increment()`, `.update(message)`. |
|
|
189
191
|
| `ctx.requestId` | Unique request ID. |
|
|
190
|
-
| `ctx.tenantId` | Tenant ID from JWT
|
|
192
|
+
| `ctx.tenantId` | Tenant ID from JWT; `'default'` for stdio or HTTP with auth off. |
|
|
191
193
|
|
|
192
194
|
---
|
|
193
195
|
|
|
@@ -195,7 +197,7 @@ Handlers receive a unified `ctx` object. Key properties:
|
|
|
195
197
|
|
|
196
198
|
Handlers throw — the framework catches, classifies, and formats.
|
|
197
199
|
|
|
198
|
-
**Recommended: typed error contract.** Declare `errors: [{ reason, code, when, recovery, retryable? }]` on `tool()` / `resource()` to receive `ctx.fail(reason, …)` typed against the reason union. TypeScript catches typos at compile time, `data.reason` is auto-populated for observability, linter enforces conformance against the handler body. `recovery` is required
|
|
200
|
+
**Recommended: typed error contract.** Declare `errors: [{ reason, code, when, recovery, retryable? }]` on `tool()` / `resource()` to receive `ctx.fail(reason, …)` typed against the reason union. TypeScript catches typos at compile time, `data.reason` is auto-populated for observability, linter enforces conformance against the handler body. `recovery` is required (≥ 5 words, lint-validated) — the single source of truth for the agent's next move. Pass `ctx.recoveryFor('reason')` as the throw's data to put it on the wire (`data.recovery.hint`, mirrored into `content[]` text); override with an explicit `{ recovery: { hint: '...' } }` when dynamic runtime context matters. Baseline codes (`InternalError`, `ServiceUnavailable`, `Timeout`, `ValidationError`, `SerializationError`) bubble freely and don't need declaring.
|
|
199
201
|
|
|
200
202
|
```ts
|
|
201
203
|
import { JsonRpcErrorCode } from '@cyanheads/mcp-ts-core/errors';
|
|
@@ -207,7 +209,7 @@ errors: [
|
|
|
207
209
|
],
|
|
208
210
|
async handler(input, ctx) {
|
|
209
211
|
const item = await db.find(input.id);
|
|
210
|
-
if (!item) throw ctx.fail('no_match', `No item ${input.id}
|
|
212
|
+
if (!item) throw ctx.fail('no_match', `No item ${input.id}`, ctx.recoveryFor('no_match'));
|
|
211
213
|
return item;
|
|
212
214
|
}
|
|
213
215
|
```
|
|
@@ -270,7 +272,7 @@ src/
|
|
|
270
272
|
|
|
271
273
|
## Skills
|
|
272
274
|
|
|
273
|
-
Skills are modular instructions in `skills/` at the project root. Read them directly when a task matches — e.g., `skills/add-tool/SKILL.md` when adding a tool.
|
|
275
|
+
Skills are modular instructions in `skills/` at the project root. Read them directly when a task matches — e.g., `skills/add-tool/SKILL.md` when adding a tool. `bun run list-skills` prints the full registry.
|
|
274
276
|
|
|
275
277
|
**Agent skill directory:** Copy skills into the directory your agent discovers (Claude Code: `.claude/skills/`, others: equivalent). Skills then load as context without referencing `skills/` paths. After framework updates, run the `maintenance` skill — Phase B re-syncs the agent directory.
|
|
276
278
|
|
|
@@ -290,7 +292,6 @@ Available skills:
|
|
|
290
292
|
| `tool-defs-analysis` | Read-only audit of MCP definition language across the surface — voice, leaks, defaults, recovery hints, output descriptions |
|
|
291
293
|
| `security-pass` | Audit server for MCP-flavored security gaps: output injection, scope blast radius, input sinks, tenant isolation |
|
|
292
294
|
| `code-simplifier` | Post-session cleanup against `git diff` — modernize syntax, consolidate duplication, align with the codebase |
|
|
293
|
-
| `devcheck` | Lint, format, typecheck, audit |
|
|
294
295
|
| `polish-docs-meta` | Finalize docs, README, metadata, and agent protocol for shipping |
|
|
295
296
|
| `git-wrapup` | Land working-tree changes as a versioned commit + annotated tag — version bump, changelog, verify, tag. Local only. |
|
|
296
297
|
| `release-and-publish` | Push + npm + MCP Registry + GH Release + Docker. Picks up from `git-wrapup` |
|
|
@@ -298,12 +299,14 @@ Available skills:
|
|
|
298
299
|
| `orchestrations` | Chain task skills into a gated multi-phase pipeline — build-out, QA-fix, update-ship — when you can spawn sub-agents |
|
|
299
300
|
| `report-issue-framework` | File a bug or feature request against `@cyanheads/mcp-ts-core` via `gh` CLI |
|
|
300
301
|
| `report-issue-local` | File a bug or feature request against this server's own repo via `gh` CLI |
|
|
302
|
+
| `techniques` | Catalog of response/data-shaping techniques — overflow handling, payload shaping, retrieval patterns |
|
|
301
303
|
| `api-auth` | Auth modes, scopes, JWT/OAuth |
|
|
302
304
|
| `api-canvas` | DataCanvas: register tabular data, run SQL, export, plus the `spillover()` helper for big result sets — Tier 3 opt-in |
|
|
303
305
|
| `api-config` | AppConfig, parseConfig, env vars |
|
|
304
306
|
| `api-context` | Context interface, logger, state, progress |
|
|
305
307
|
| `api-errors` | McpError, JsonRpcErrorCode, error patterns |
|
|
306
308
|
| `api-linter` | Definition linter rule catalog — invoked by `bun run lint:mcp` and `devcheck` |
|
|
309
|
+
| `api-mirror` | MirrorService: persistent self-refreshing local mirror (embedded SQLite + FTS5) of a bulk upstream dataset — Tier 3 opt-in |
|
|
307
310
|
| `api-services` | LLM, Speech, Graph services |
|
|
308
311
|
| `api-testing` | createMockContext, test patterns |
|
|
309
312
|
| `api-utils` | Formatting, parsing, security, pagination, scheduling, telemetry helpers |
|
|
@@ -322,20 +325,23 @@ When you complete a skill's checklist, check the boxes and add a completion time
|
|
|
322
325
|
|
|
323
326
|
| Command | Purpose |
|
|
324
327
|
|:--------|:--------|
|
|
325
|
-
| `
|
|
326
|
-
| `
|
|
327
|
-
| `
|
|
328
|
-
| `
|
|
328
|
+
| `bun run build` | Compile TypeScript |
|
|
329
|
+
| `bun run rebuild` | Clean + build |
|
|
330
|
+
| `bun run clean` | Remove build artifacts |
|
|
331
|
+
| `bun run devcheck` | Lint + format + typecheck + security + changelog sync |
|
|
329
332
|
| `bun run audit:refresh` | Delete `bun.lock`, reinstall, and re-run `bun audit`. Use when `devcheck` flags a transitive advisory — Bun's `update` is sticky on transitive resolutions, so the advisory may be a stale-lockfile false positive. If it survives the refresh, it's real. |
|
|
330
|
-
| `
|
|
331
|
-
| `
|
|
332
|
-
| `
|
|
333
|
-
| `
|
|
334
|
-
| `
|
|
335
|
-
| `
|
|
336
|
-
| `
|
|
337
|
-
| `
|
|
338
|
-
| `
|
|
333
|
+
| `bun run lint:mcp` | Run the MCP definition linter standalone (rule catalog: `api-linter` skill) |
|
|
334
|
+
| `bun run lint:packaging` | Packaging surface checks — `server.json`/`manifest.json` env-var parity (run by devcheck) |
|
|
335
|
+
| `bun run list-skills` | Print the skill registry |
|
|
336
|
+
| `bun run tree` | Generate directory structure doc |
|
|
337
|
+
| `bun run format` | Auto-fix formatting (safe fixes only) |
|
|
338
|
+
| `bun run format:unsafe` | Also apply Biome's unsafe autofixes — review the diff; they can change behavior |
|
|
339
|
+
| `bun run test` | Run tests (Vitest — use `bun run test`, not `bun test`) |
|
|
340
|
+
| `bun run start:stdio` | Production mode (stdio) |
|
|
341
|
+
| `bun run start:http` | Production mode (HTTP) |
|
|
342
|
+
| `bun run changelog:build` | Regenerate `CHANGELOG.md` from `changelog/*.md` |
|
|
343
|
+
| `bun run changelog:check` | Verify `CHANGELOG.md` is in sync (used by devcheck) |
|
|
344
|
+
| `bun run bundle` | Build, pack, and clean a `.mcpb` for one-click Claude Desktop install |
|
|
339
345
|
|
|
340
346
|
---
|
|
341
347
|
|
|
@@ -359,14 +365,14 @@ Each per-version file opens with YAML frontmatter:
|
|
|
359
365
|
---
|
|
360
366
|
summary: "One-line headline, ≤350 chars" # required — powers the rollup index
|
|
361
367
|
breaking: false # optional — true flags breaking changes
|
|
362
|
-
security: false # optional — true
|
|
368
|
+
security: false # optional — true ONLY for a source-code security fix, never a dependency CVE bump
|
|
363
369
|
---
|
|
364
370
|
|
|
365
371
|
# 0.1.0 — YYYY-MM-DD
|
|
366
372
|
...
|
|
367
373
|
```
|
|
368
374
|
|
|
369
|
-
`breaking: true` renders a `· ⚠️ Breaking` badge — use it when consumers must update code on upgrade (signature changes, removed APIs, config renames). `security: true` renders a `· 🛡️ Security` badge and pairs with a `## Security` body section. When both are set, badges render `· ⚠️ Breaking · 🛡️ Security`.
|
|
375
|
+
`breaking: true` renders a `· ⚠️ Breaking` badge — use it when consumers must update code on upgrade (signature changes, removed APIs, config renames). `security: true` renders a `· 🛡️ Security` badge and pairs with a `## Security` body section — set it only for a security fix in this server's *own source code*, never for a routine dependency or transitive CVE bump (record those under `## Dependencies`). When both are set, badges render `· ⚠️ Breaking · 🛡️ Security`.
|
|
370
376
|
|
|
371
377
|
`agent-notes` is an optional free-form field for maintenance agents processing the release downstream. Content here won't appear in the rendered CHANGELOG — it's consumed by agents running the `maintenance` skill. Use it for adoption instructions that don't fit the human-facing sections: new files to create, fields to populate, one-time migration steps. Omit entirely when there's nothing to say.
|
|
372
378
|
|
|
@@ -15,9 +15,11 @@ summary: ""
|
|
|
15
15
|
# usage. Flagged as `Breaking` in the rollup.
|
|
16
16
|
breaking: false
|
|
17
17
|
|
|
18
|
-
# Set `true`
|
|
19
|
-
#
|
|
20
|
-
#
|
|
18
|
+
# Set `true` ONLY for a security fix in THIS project's own source code — a
|
|
19
|
+
# vulnerability or hardening in code you ship. A dependency or transitive CVE
|
|
20
|
+
# bump is routine maintenance, NOT a security release: record it under
|
|
21
|
+
# `## Dependencies` (with the advisory ID) and leave this `false`. When true,
|
|
22
|
+
# pairs with the `## Security` section below and flags `Security` in the rollup.
|
|
21
23
|
security: false
|
|
22
24
|
|
|
23
25
|
# Optional free-form notes for maintenance agents processing this release.
|
package/templates/package.json
CHANGED