@dypai-ai/mcp 1.0.0

package/package.json

@@ -0,0 +1,19 @@
+{
+  "name": "@dypai-ai/mcp",
+  "version": "1.0.0",
+  "description": "DYPAI MCP Server — AI agent toolkit for building and deploying full-stack apps",
+  "type": "module",
+  "bin": {
+    "dypai-mcp": "src/index.mjs"
+  },
+  "files": [
+    "src/"
+  ],
+  "keywords": ["dypai", "mcp", "ai", "deploy", "backend", "database", "api", "cloudflare-pages"],
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/DYPAI-SOLUTIONS/dypai-mcp"
+  },
+  "homepage": "https://dypai.ai"
+}

package/src/api.mjs

@@ -0,0 +1,60 @@
+/**
+ * DYPAI API Client — HTTP client for the DYPAI control plane.
+ * All MCP tools that need backend data go through here.
+ */
+
+import https from "https"
+import http from "http"
+
+const DEFAULT_API_URL = "https://dyapi.dypai.dev"
+
+function getConfig() {
+  return {
+    token: process.env.DYPAI_TOKEN || "",
+    apiUrl: process.env.DYPAI_API_URL || DEFAULT_API_URL,
+  }
+}
+
+export function request(method, path, body) {
+  const { token, apiUrl } = getConfig()
+  const url = `${apiUrl}${path}`
+
+  return new Promise((resolve, reject) => {
+    const parsed = new URL(url)
+    const mod = parsed.protocol === "https:" ? https : http
+    const data = body ? JSON.stringify(body) : null
+    const headers = {
+      Authorization: `Bearer ${token}`,
+      "Content-Type": "application/json",
+    }
+    if (data) headers["Content-Length"] = Buffer.byteLength(data)
+
+    const req = mod.request({
+      hostname: parsed.hostname,
+      port: parsed.port,
+      path: parsed.pathname + (parsed.search || ""),
+      method,
+      headers,
+    }, (res) => {
+      let buf = ""
+      res.on("data", (c) => (buf += c))
+      res.on("end", () => {
+        if (res.statusCode >= 200 && res.statusCode < 300) {
+          try { resolve(JSON.parse(buf)) } catch { resolve(buf) }
+        } else {
+          reject(new Error(`HTTP ${res.statusCode}: ${buf.slice(0, 500)}`))
+        }
+      })
+    })
+    req.on("error", reject)
+    if (data) req.write(data)
+    req.end()
+  })
+}
+
+export const api = {
+  get: (path) => request("GET", path),
+  post: (path, body) => request("POST", path, body),
+  patch: (path, body) => request("PATCH", path, body),
+  delete: (path) => request("DELETE", path),
+}

package/src/index.mjs

@@ -0,0 +1,270 @@
+#!/usr/bin/env node
+
+/**
+ * @dypai-ai/mcp — Local MCP server for DYPAI.
+ *
+ * Runs as a stdio MCP server in the user's IDE.
+ * Local tools (deploy, scaffold) have filesystem access.
+ * Backend tools (SQL, endpoints, etc.) proxy to the remote MCP server.
+ *
+ * Config in IDE:
+ * {
+ *   "mcpServers": {
+ *     "dypai": {
+ *       "command": "npx",
+ *       "args": ["-y", "@dypai-ai/mcp@latest"],
+ *       "env": { "DYPAI_TOKEN": "xxx" }
+ *     }
+ *   }
+ * }
+ */
+
+import { createInterface } from "readline"
+import { deployTool } from "./tools/deploy.mjs"
+import { scaffoldTool } from "./tools/scaffold.mjs"
+import { addDomainTool, listDomainsTool, removeDomainTool } from "./tools/domains.mjs"
+import { frontendStatusTool, buildStatusTool, listDeploymentsTool, getDeploymentLogsTool } from "./tools/status.mjs"
+import { bulkUpsertTool } from "./tools/bulk-upsert.mjs"
+import { proxyToolCall } from "./tools/proxy.mjs"
+
+// ── Local tools (filesystem access) ─────────────────────────────────────────
+
+const LOCAL_TOOLS = [
+  // ── Frontend & Deploy ─────────────────────────────────────────────────────
+  deployTool,
+  scaffoldTool,
+  buildStatusTool,
+  listDeploymentsTool,
+  getDeploymentLogsTool,
+  // ── Domains ───────────────────────────────────────────────────────────────
+  addDomainTool,
+  listDomainsTool,
+  removeDomainTool,
+  // ── Data ──────────────────────────────────────────────────────────────────
+  bulkUpsertTool,
+]
+
+const localToolMap = new Map(LOCAL_TOOLS.map(t => [t.name, t]))
+
+// ── Remote tools (loaded from MCP server at startup) ────────────────────────
+
+// Fallback definitions in case remote MCP is unreachable
+const FALLBACK_REMOTE_TOOLS = [
+  { name: "list_projects", description: "List all your projects.", inputSchema: { type: "object", properties: {}, required: [] } },
+  { name: "get_project", description: "Get project details.", inputSchema: { type: "object", properties: { project_id: { type: "string" } }, required: ["project_id"] } },
+  { name: "create_project", description: "Create a new project (free plan).", inputSchema: { type: "object", properties: { name: { type: "string" } }, required: ["name"] } },
+  { name: "execute_sql", description: "Run SQL on the project's database.", inputSchema: { type: "object", properties: { project_id: { type: "string" }, sql: { type: "string" } }, required: ["sql"] } },
+  { name: "get_app_tables", description: "List database tables.", inputSchema: { type: "object", properties: { project_id: { type: "string" } }, required: [] } },
+  { name: "create_endpoint", description: "Create an API endpoint.", inputSchema: { type: "object", properties: { project_id: { type: "string" }, name: { type: "string" }, method: { type: "string" }, workflow_code: { type: "object" } }, required: ["name", "method", "workflow_code"] } },
+  { name: "update_endpoint", description: "Update an endpoint.", inputSchema: { type: "object", properties: { project_id: { type: "string" }, name: { type: "string" } }, required: ["name"] } },
+  { name: "delete_endpoint", description: "Delete an endpoint.", inputSchema: { type: "object", properties: { project_id: { type: "string" }, name: { type: "string" } }, required: ["name"] } },
+  { name: "search_endpoints", description: "Search endpoints.", inputSchema: { type: "object", properties: { project_id: { type: "string" } }, required: [] } },
+  { name: "test_workflow", description: "Test an endpoint.", inputSchema: { type: "object", properties: { project_id: { type: "string" }, endpoint_name: { type: "string" } }, required: ["endpoint_name"] } },
+  { name: "manage_users", description: "Manage auth users.", inputSchema: { type: "object", properties: { project_id: { type: "string" }, operation: { type: "string" } }, required: ["operation"] } },
+  { name: "manage_roles", description: "Manage roles.", inputSchema: { type: "object", properties: { project_id: { type: "string" }, operation: { type: "string" } }, required: ["operation"] } },
+  { name: "get_auth_users", description: "List users.", inputSchema: { type: "object", properties: { project_id: { type: "string" } }, required: [] } },
+  { name: "list_buckets", description: "List storage buckets.", inputSchema: { type: "object", properties: { project_id: { type: "string" } }, required: [] } },
+  { name: "search_docs", description: "Search documentation.", inputSchema: { type: "object", properties: { query: { type: "string" } }, required: ["query"] } },
+  { name: "search_templates", description: "Search workflow templates.", inputSchema: { type: "object", properties: { query: { type: "string" } }, required: ["query"] } },
+  { name: "search_nodes", description: "Search workflow nodes.", inputSchema: { type: "object", properties: { query: { type: "string" } }, required: ["query"] } },
+]
+
+// Descriptions match the remote MCP server (dypai-mcp) exactly
+const REMOTE_TOOLS = [
+  // ── Project ───────────────────────────────────────────────────────────────
+  { name: "list_projects", description: "Lists all projects you have access to across your organizations. Returns project id, name, description, organization, subscription plan, and status. Use this as the first step to discover which projects are available, then pass project_id to other tools.", inputSchema: { type: "object", properties: { organization_id: { type: "string", description: "Optional. Filter projects by organization UUID." } }, required: [] } },
+  { name: "get_project", description: "Gets detailed information about a specific project. Returns project name, description, organization, plan, status, engine URL, frontend slug, and timestamps.", inputSchema: { type: "object", properties: { project_id: { type: "string" } }, required: ["project_id"] } },
+  { name: "create_project", description: "Create a new DYPAI project (free plan). Creates a full project with database, API engine, GitHub repo, and frontend hosting. Provisioning takes ~1 minute.", inputSchema: { type: "object", properties: { name: { type: "string", description: "Project name (e.g. 'My Veterinary App')" }, organization_id: { type: "string", description: "Optional. Uses default org if omitted." }, description: { type: "string" }, template_slug: { type: "string", description: "Optional. Start from a template (e.g. 'clinic', 'gym'). Use search_templates to browse." } }, required: ["name"] } },
+  { name: "get_app_credentials", description: "Lists available credentials in the current application. Returns API keys, anon key, service role key, and engine URL needed for SDK configuration.", inputSchema: { type: "object", properties: { project_id: { type: "string" } }, required: [] } },
+
+  // ── Database ──────────────────────────────────────────────────────────────
+  { name: "execute_sql", description: "Executes any SQL query on the project database (PostgreSQL). Supports SELECT, INSERT, UPDATE, DELETE, CREATE TABLE, ALTER TABLE, DROP TABLE. Platform schemas (system, auth, storage) are read-only for security.", inputSchema: { type: "object", properties: { project_id: { type: "string" }, sql: { type: "string", description: "SQL query to execute" } }, required: ["sql"] } },
+  { name: "get_app_tables", description: "Query the project's database tables. Returns all tables with their columns, types, constraints, and indexes.", inputSchema: { type: "object", properties: { project_id: { type: "string" } }, required: [] } },
+
+  // ── API Endpoints ─────────────────────────────────────────────────────────
+  { name: "create_endpoint", description: "Creates an endpoint as a workflow (nodes + edges). The workflow defines what the endpoint does: database queries, HTTP calls, AI agents, logic, transformations, etc.", inputSchema: { type: "object", properties: { project_id: { type: "string" }, name: { type: "string", description: "URL-friendly name (e.g. 'get-products')" }, method: { type: "string", description: "GET, POST, PUT, DELETE, PATCH" }, description: { type: "string" }, workflow_code: { type: "object", description: "Workflow definition with nodes and edges" } }, required: ["name", "method", "workflow_code"] } },
+  { name: "update_endpoint", description: "Updates fields of an existing endpoint. Only fields in 'updates' are modified — everything else stays the same.", inputSchema: { type: "object", properties: { project_id: { type: "string" }, name: { type: "string" }, workflow_code: { type: "object" }, description: { type: "string" }, method: { type: "string" } }, required: ["name"] } },
+  { name: "delete_endpoint", description: "Permanently deletes an endpoint. Irreversible operation.", inputSchema: { type: "object", properties: { project_id: { type: "string" }, name: { type: "string" } }, required: ["name"] } },
+  { name: "search_endpoints", description: "Search endpoints or retrieve the full detail of one by ID. Returns name, method, description, group, workflow code.", inputSchema: { type: "object", properties: { project_id: { type: "string" }, query: { type: "string" }, endpoint_id: { type: "string" } }, required: [] } },
+  { name: "test_workflow", description: "Test an endpoint's workflow with sample input data. Returns the execution result including node outputs and errors. Great for debugging.", inputSchema: { type: "object", properties: { project_id: { type: "string" }, endpoint_name: { type: "string" }, input: { type: "object", description: "Test input data" }, method: { type: "string" } }, required: ["endpoint_name"] } },
+  { name: "edit_workflow", description: "Edit a workflow using find-and-replace on the JSON text. Best for quick fixes — SQL queries, parameters, strings. Works like a code editor. USE THIS FOR MOST EDITS instead of rewriting the entire workflow.", inputSchema: { type: "object", properties: { project_id: { type: "string" }, endpoint_id: { type: "string" }, old_string: { type: "string", description: "Text to find in the workflow JSON" }, new_string: { type: "string", description: "Replacement text" } }, required: ["endpoint_id", "old_string", "new_string"] } },
+  { name: "add_node", description: "Add a new node to an existing workflow and connect it. Specify the node type, parameters, and where to insert it.", inputSchema: { type: "object", properties: { project_id: { type: "string" }, endpoint_id: { type: "string" }, node_type: { type: "string" }, parameters: { type: "object" }, after_node: { type: "string", description: "ID of the node to insert after" } }, required: ["endpoint_id", "node_type"] } },
+  { name: "remove_node", description: "Remove a node from a workflow. By default, reconnects surrounding nodes to maintain the flow.", inputSchema: { type: "object", properties: { project_id: { type: "string" }, endpoint_id: { type: "string" }, node_id: { type: "string" } }, required: ["endpoint_id", "node_id"] } },
+  { name: "get_endpoint_versions", description: "List version history for an endpoint. Shows previous workflow snapshots that can be restored with rollback_endpoint.", inputSchema: { type: "object", properties: { project_id: { type: "string" }, endpoint_name: { type: "string" } }, required: ["endpoint_name"] } },
+  { name: "rollback_endpoint", description: "Rollback an endpoint's workflow to a previous version. Use get_endpoint_versions first to see available versions.", inputSchema: { type: "object", properties: { project_id: { type: "string" }, endpoint_name: { type: "string" }, version_id: { type: "string" } }, required: ["endpoint_name", "version_id"] } },
+  { name: "search_nodes", description: "Discover and query available nodes for building workflows. Shows what building blocks exist: HTTP requests, database, email, Stripe, Telegram, AI agent, etc.", inputSchema: { type: "object", properties: { query: { type: "string", description: "What you need (e.g. 'send email', 'stripe', 'database')" } }, required: ["query"] } },
+  { name: "manage_endpoint_groups", description: "Organize endpoints into groups (folders). Operations: create, list, update, delete.", inputSchema: { type: "object", properties: { project_id: { type: "string" }, operation: { type: "string", description: "create, list, update, delete" } }, required: ["operation"] } },
+
+  // ── Auth & Users ──────────────────────────────────────────────────────────
+  { name: "manage_users", description: "Manage authenticated users. Operations: create, delete, ban, unban, update_role, set_password.", inputSchema: { type: "object", properties: { project_id: { type: "string" }, operation: { type: "string", description: "create, delete, ban, unban, update_role, set_password" } }, required: ["operation"] } },
+  { name: "manage_roles", description: "Manage user roles. Operations: create, list, update, delete.", inputSchema: { type: "object", properties: { project_id: { type: "string" }, operation: { type: "string", description: "create, list, update, delete" } }, required: ["operation"] } },
+  { name: "get_auth_users", description: "List authenticated users with their email, role, status, and last login.", inputSchema: { type: "object", properties: { project_id: { type: "string" } }, required: [] } },
+
+  // ── Storage ───────────────────────────────────────────────────────────────
+  { name: "list_buckets", description: "Manage storage buckets for the project. List buckets with their configuration (public/private, file size limits, allowed MIME types).", inputSchema: { type: "object", properties: { project_id: { type: "string" } }, required: [] } },
+
+  // ── Knowledge ─────────────────────────────────────────────────────────────
+  { name: "search_docs", description: "Search DYPAI documentation. Use this when unsure about SDK usage, auth patterns, workflow nodes, or platform features. Returns relevant documentation chunks.", inputSchema: { type: "object", properties: { query: { type: "string", description: "What you want to learn about" } }, required: ["query"] } },
+  { name: "search_templates", description: "Search workflow templates by description. Returns ready-to-use workflow code for common patterns: CRUD operations, payment gateways, email sending, AI chatbots, data pipelines, etc.", inputSchema: { type: "object", properties: { query: { type: "string", description: "What the workflow should do (e.g. 'send email', 'stripe payment')" }, category: { type: "string", description: "Optional: AI, Database, Payments, Communication, Logic, Storage" } }, required: ["query"] } },
+]
+
+// ── Server Instructions ──────────────────────────────────────────────────────
+
+const SERVER_INSTRUCTIONS = `You are building full-stack applications on the DYPAI platform. You handle backend (endpoints, database, auth) AND frontend (SDK integration, UI code).
+
+## Getting Started
+1. Call list_projects() to find your project_id
+2. Use get_app_tables and search_endpoints to understand existing state
+3. BEFORE implementing any feature, call search_docs with the topic (e.g. "auth", "upload files", "real-time") to get the correct SDK patterns
+4. Build backend first (tables + endpoints), then frontend
+
+## Build Backend
+1. Create tables with execute_sql (check get_app_tables first to avoid duplicates)
+2. Create endpoints with create_endpoint using workflow_code
+3. Test with test_workflow immediately after creating/updating
+4. Use search_templates to find ready-made workflow patterns
+5. Use search_nodes to discover available node types
+6. Use search_docs when unsure about patterns
+
+## Build Frontend
+- SDK client is already configured at src/lib/dypai.ts — just import it:
+  import { dypai } from './lib/dypai'
+- API calls: dypai.api.get(name), dypai.api.post(name, body), dypai.api.put(), dypai.api.delete()
+- Auth: dypai.auth.signInWithPassword(), signUp(), signOut(), getSession()
+- Files: dypai.api.upload(name, file) — always upload from browser
+- Every method returns { data, error } — never throws
+- Do NOT call the API directly with fetch() — always use the SDK
+- Do NOT create auth endpoints — auth is built-in via SDK (dypai.auth.*)
+
+## Deploy Frontend
+- Use deploy_frontend tool with the project's source directory
+- Cloudflare Pages builds automatically (Vite, Next.js, Astro, etc.)
+- Site goes live at https://{slug}.dypai.app within ~1 minute
+- Check build progress with get_build_status
+- View build logs with get_deployment_logs if something fails
+
+## Import Data
+- Use bulk_upsert to import CSV or JSON files into database tables
+- Great for seeding initial data (products, categories, config)
+
+## Custom Domains
+- Use add_domain to connect a user's own domain
+- The user configures a CNAME record at their registrar
+- SSL is automatic via Cloudflare
+
+## Endpoint Rules
+- Auth modes: jwt (default, for users), api_key (server-to-server), public (read-only public data)
+- NEVER use public for endpoints that write data
+- Placeholders: \${input.<field>}, \${nodes.<node_id>.<field>}, \${current_user_id}
+- \${current_user_id} only works with jwt auth mode
+- Always test endpoints after creating them
+
+## Common Mistakes
+- Do NOT create auth endpoints — auth is built-in via SDK (dypai.auth.*)
+- Do NOT use fetch() directly — use the SDK (dypai.api.*)
+- Do NOT assume endpoints exist — check with search_endpoints first
+- Do NOT skip testing — always test_workflow after create/update
+`
+
+// ── MCP Protocol (JSON-RPC over stdio) ──────────────────────────────────────
+
+const allTools = [...LOCAL_TOOLS, ...REMOTE_TOOLS]
+
+function makeResponse(id, result) {
+  return JSON.stringify({ jsonrpc: "2.0", id, result })
+}
+
+function makeError(id, code, message) {
+  return JSON.stringify({ jsonrpc: "2.0", id, error: { code, message } })
+}
+
+async function handleRequest(msg) {
+  const { id, method, params } = msg
+
+  if (method === "initialize") {
+    return makeResponse(id, {
+      protocolVersion: "2024-11-05",
+      capabilities: { tools: {} },
+      serverInfo: { name: "dypai", version: "1.0.0" },
+      instructions: SERVER_INSTRUCTIONS,
+    })
+  }
+
+  if (method === "tools/list") {
+    return makeResponse(id, {
+      tools: allTools.map(t => ({
+        name: t.name,
+        description: t.description,
+        inputSchema: t.inputSchema,
+      })),
+    })
+  }
+
+  if (method === "tools/call") {
+    const { name, arguments: args } = params || {}
+
+    try {
+      let result
+
+      // Local tool — execute directly
+      if (localToolMap.has(name)) {
+        result = await localToolMap.get(name).execute(args || {})
+      }
+      // Remote tool — proxy to MCP server
+      else if (REMOTE_TOOLS.some(t => t.name === name)) {
+        result = await proxyToolCall(name, args || {})
+      }
+      else {
+        return makeError(id, -32601, `Unknown tool: ${name}`)
+      }
+
+      return makeResponse(id, {
+        content: [{ type: "text", text: typeof result === "string" ? result : JSON.stringify(result, null, 2) }],
+      })
+    } catch (e) {
+      return makeResponse(id, {
+        content: [{ type: "text", text: `Error: ${e.message}` }],
+        isError: true,
+      })
+    }
+  }
+
+  if (method === "notifications/initialized" || method === "notifications/cancelled") {
+    return null // notifications don't get responses
+  }
+
+  return makeError(id, -32601, `Method not found: ${method}`)
+}
+
+// ── Stdio Transport ─────────────────────────────────────────────────────────
+
+const rl = createInterface({ input: process.stdin })
+let buffer = ""
+
+process.stdin.on("data", (chunk) => {
+  buffer += chunk.toString()
+
+  // MCP uses newline-delimited JSON
+  let newlineIdx
+  while ((newlineIdx = buffer.indexOf("\n")) !== -1) {
+    const line = buffer.slice(0, newlineIdx).trim()
+    buffer = buffer.slice(newlineIdx + 1)
+
+    if (!line) continue
+
+    try {
+      const msg = JSON.parse(line)
+      handleRequest(msg).then((response) => {
+        if (response) {
+          process.stdout.write(response + "\n")
+        }
+      }).catch((e) => {
+        process.stderr.write(`MCP error: ${e.message}\n`)
+      })
+    } catch (e) {
+      process.stderr.write(`JSON parse error: ${e.message}\n`)
+    }
+  }
+})
+
+process.stderr.write("DYPAI MCP server started (stdio)\n")

package/src/tools/bulk-upsert.mjs

@@ -0,0 +1,155 @@
+/**
+ * bulk_upsert — Import data from a local CSV or JSON file into a database table.
+ *
+ * Reads the file from disk (like deploy_frontend), sends to the API.
+ * Supports upsert: if a row with the same unique key exists, it updates instead of inserting.
+ *
+ * Great for seeding initial data (products, categories, users, etc.).
+ */
+
+import { readFileSync, existsSync } from "fs"
+import { basename } from "path"
+import { proxyToolCall } from "./proxy.mjs"
+
+export const bulkUpsertTool = {
+  name: "bulk_upsert",
+  description: `Import data from a local CSV or JSON file into a database table.
+
+Reads the file from disk and bulk inserts/updates rows. Supports:
+- CSV files (comma-separated, with header row)
+- JSON files (array of objects)
+
+If upsert_key is provided, existing rows with matching key are updated instead of duplicated.
+NOTE: upsert_key requires a UNIQUE constraint on that column. Create one first with execute_sql if needed:
+  ALTER TABLE products ADD CONSTRAINT products_name_unique UNIQUE (name);
+
+Great for seeding initial data: products, categories, config, etc.`,
+
+  inputSchema: {
+    type: "object",
+    properties: {
+      project_id: {
+        type: "string",
+        description: "Project UUID.",
+      },
+      file_path: {
+        type: "string",
+        description: "Absolute path to CSV or JSON file (e.g. /Users/me/data/products.csv)",
+      },
+      table: {
+        type: "string",
+        description: "Target table name (e.g. 'products', 'categories')",
+      },
+      upsert_key: {
+        type: "string",
+        description: "Optional. Column name for upsert (e.g. 'email', 'slug'). If a row with this value exists, it updates instead of inserting.",
+      },
+    },
+    required: ["project_id", "file_path", "table"],
+  },
+
+  async execute({ project_id, file_path, table, upsert_key }) {
+    if (!existsSync(file_path)) {
+      return { error: `File not found: ${file_path}` }
+    }
+
+    const fileName = basename(file_path)
+    const ext = fileName.split(".").pop()?.toLowerCase()
+
+    if (!["csv", "json"].includes(ext)) {
+      return { error: "File must be .csv or .json" }
+    }
+
+    // Read and parse data
+    let rows
+    try {
+      const raw = readFileSync(file_path, "utf-8")
+
+      if (ext === "json") {
+        const parsed = JSON.parse(raw)
+        rows = Array.isArray(parsed) ? parsed : [parsed]
+      } else {
+        // Parse CSV
+        const lines = raw.trim().split("\n")
+        if (lines.length < 2) return { error: "CSV must have a header row and at least one data row" }
+
+        const headers = lines[0].split(",").map(h => h.trim().replace(/^"|"$/g, ""))
+        rows = lines.slice(1).map(line => {
+          const values = line.split(",").map(v => v.trim().replace(/^"|"$/g, ""))
+          const obj = {}
+          headers.forEach((h, i) => { obj[h] = values[i] || null })
+          return obj
+        })
+      }
+    } catch (e) {
+      return { error: `Failed to parse file: ${e.message}` }
+    }
+
+    if (!rows || !rows.length) {
+      return { error: "No data rows found in file" }
+    }
+
+    // Build SQL for bulk insert
+    const columns = Object.keys(rows[0])
+    const placeholders = rows.map((_, rowIdx) =>
+      `(${columns.map((_, colIdx) => `$${rowIdx * columns.length + colIdx + 1}`).join(", ")})`
+    ).join(",\n")
+
+    const values = rows.flatMap(row => columns.map(col => row[col]))
+
+    let sql
+    if (upsert_key && columns.includes(upsert_key)) {
+      const updateCols = columns.filter(c => c !== upsert_key).map(c => `${c} = EXCLUDED.${c}`).join(", ")
+      sql = `INSERT INTO ${table} (${columns.join(", ")}) VALUES ${placeholders} ON CONFLICT (${upsert_key}) DO UPDATE SET ${updateCols}`
+    } else {
+      sql = `INSERT INTO ${table} (${columns.join(", ")}) VALUES ${placeholders}`
+    }
+
+    // Execute via the MCP remote (execute_sql doesn't support parameterized, so we inline values)
+    // For safety, use individual INSERTs via execute_sql
+    let inserted = 0
+    let errors = []
+
+    // Batch in chunks of 50 rows
+    const BATCH_SIZE = 50
+    for (let i = 0; i < rows.length; i += BATCH_SIZE) {
+      const batch = rows.slice(i, i + BATCH_SIZE)
+      const batchCols = Object.keys(batch[0])
+      const batchValues = batch.map(row =>
+        `(${batchCols.map(col => {
+          const v = row[col]
+          if (v === null || v === undefined || v === "") return "NULL"
+          if (typeof v === "number" || !isNaN(Number(v))) return String(v)
+          return `'${String(v).replace(/'/g, "''")}'`
+        }).join(", ")})`
+      ).join(",\n")
+
+      let batchSql
+      if (upsert_key && batchCols.includes(upsert_key)) {
+        const updateCols = batchCols.filter(c => c !== upsert_key).map(c => `${c} = EXCLUDED.${c}`).join(", ")
+        batchSql = `INSERT INTO ${table} (${batchCols.join(", ")}) VALUES\n${batchValues}\nON CONFLICT (${upsert_key}) DO UPDATE SET ${updateCols}`
+      } else {
+        batchSql = `INSERT INTO ${table} (${batchCols.join(", ")}) VALUES\n${batchValues}`
+      }
+
+      try {
+        const result = await proxyToolCall("execute_sql", { project_id, sql: batchSql })
+        if (result?.error) throw new Error(result.error)
+        inserted += batch.length
+      } catch (e) {
+        errors.push(`Batch ${Math.floor(i / BATCH_SIZE) + 1}: ${e.message.slice(0, 100)}`)
+      }
+    }
+
+    return {
+      success: errors.length === 0,
+      table,
+      rows_total: rows.length,
+      rows_inserted: inserted,
+      rows_failed: rows.length - inserted,
+      upsert_key: upsert_key || null,
+      errors: errors.length > 0 ? errors : undefined,
+      message: `${inserted} of ${rows.length} rows imported into "${table}"${upsert_key ? ` (upsert on ${upsert_key})` : ""}.`,
+    }
+  },
+}

package/src/tools/deploy.mjs

@@ -0,0 +1,133 @@
+/**
+ * deploy_frontend — Reads source files from disk and deploys to DYPAI.
+ *
+ * This is the key tool that requires local filesystem access.
+ * The AI passes sourceDirectory, this tool reads all source files,
+ * sends them to the API, which commits to GitHub → CF Pages builds.
+ */
+
+import { readFileSync, readdirSync, statSync, existsSync } from "fs"
+import { join, relative } from "path"
+import { api } from "../api.mjs"
+
+const MAX_SOURCE_SIZE = 50 * 1024 * 1024
+const IGNORE_DIRS = new Set(["node_modules", "dist", "build", "out", ".git", ".next", ".cache", ".turbo", ".vercel", ".output", "coverage"])
+const SOURCE_EXTS = new Set([".ts", ".tsx", ".js", ".jsx", ".mjs", ".cjs", ".css", ".scss", ".less", ".html", ".json", ".toml", ".yaml", ".yml", ".md", ".mdx", ".txt", ".svg", ".ico", ".webmanifest"])
+const IMAGE_EXTS = new Set([".png", ".jpg", ".jpeg", ".gif", ".webp", ".avif", ".ico", ".svg"])
+const BLOCKED = new Set([".env", ".env.local", ".env.production", ".env.development", ".DS_Store", "Thumbs.db"])
+const MAX_IMAGE = 2 * 1024 * 1024
+
+function collectSource(dir) {
+  const files = []
+  let total = 0
+
+  function walk(d, rel) {
+    if (total > MAX_SOURCE_SIZE) return
+    for (const entry of readdirSync(d)) {
+      if (IGNORE_DIRS.has(entry)) continue
+      if (entry.startsWith(".") && statSync(join(d, entry)).isDirectory()) continue
+      if (BLOCKED.has(entry)) continue
+      const full = join(d, entry)
+      const path = rel ? `${rel}/${entry}` : entry
+      try {
+        const stat = statSync(full)
+        if (stat.isDirectory()) { walk(full, path); continue }
+        if (!stat.isFile()) continue
+        const ext = entry.includes(".") ? `.${entry.split(".").pop().toLowerCase()}` : ""
+        let ok = SOURCE_EXTS.has(ext)
+        if (!rel && /^(package\.json|package-lock\.json|bun\.lockb|vite\.config|tsconfig|tailwind\.config|postcss\.config|next\.config|astro\.config|nuxt\.config)/.test(entry)) ok = true
+        if (IMAGE_EXTS.has(ext) && stat.size <= MAX_IMAGE) ok = true
+        if (ok) {
+          const content = readFileSync(full)
+          if (total + content.length > MAX_SOURCE_SIZE) return
+          total += content.length
+          files.push({ path, content: content.toString("base64") })
+        }
+      } catch {}
+    }
+  }
+
+  walk(dir, "")
+  return { files, total }
+}
+
+function detectFramework(dir) {
+  const pkgPath = join(dir, "package.json")
+  if (!existsSync(pkgPath)) return null
+  try {
+    const pkg = JSON.parse(readFileSync(pkgPath, "utf-8"))
+    const deps = { ...pkg.dependencies, ...pkg.devDependencies }
+    if (deps["next"]) return "Next.js"
+    if (deps["astro"]) return "Astro"
+    if (deps["nuxt"]) return "Nuxt"
+    if (deps["@sveltejs/kit"]) return "SvelteKit"
+    if (deps["vite"]) return "Vite"
+    if (deps["react-scripts"]) return "Create React App"
+    if (deps["react"]) return "React"
+    return "Node.js"
+  } catch { return null }
+}
+
+export const deployTool = {
+  name: "deploy_frontend",
+  description: `Deploy frontend source code from a local directory.
+
+Reads all source files from the specified directory, uploads them to DYPAI,
+and Cloudflare Pages automatically builds and deploys the project.
+
+Supports: React, Vite, Next.js, Astro, SvelteKit, Nuxt, CRA, and more.
+The build runs in the cloud — no local Node.js or npm required.
+
+After deploying, the site is live at https://{slug}.dypai.app within ~1 minute.`,
+
+  inputSchema: {
+    type: "object",
+    properties: {
+      sourceDirectory: {
+        type: "string",
+        description: "Absolute path to the project source directory (e.g. /Users/me/my-app). Must contain a package.json.",
+      },
+      project_id: {
+        type: "string",
+        description: "Project UUID. Required.",
+      },
+    },
+    required: ["sourceDirectory", "project_id"],
+  },
+
+  async execute({ sourceDirectory, project_id }) {
+    if (!existsSync(sourceDirectory)) {
+      return { error: `Directory not found: ${sourceDirectory}` }
+    }
+
+    if (!existsSync(join(sourceDirectory, "package.json"))) {
+      return { error: `No package.json found in ${sourceDirectory}. Is this a frontend project?` }
+    }
+
+    const framework = detectFramework(sourceDirectory)
+    const { files, total } = collectSource(sourceDirectory)
+
+    if (!files.length) {
+      return { error: "No source files found." }
+    }
+
+    try {
+      const result = await api.post(
+        `/api/engine/${project_id}/frontend/deploy/source`,
+        { files }
+      )
+
+      return {
+        success: true,
+        url: result.url,
+        files_pushed: files.length,
+        size_bytes: total,
+        framework: framework,
+        build: "cloudflare_pages",
+        message: `Deployed ${files.length} files (${Math.round(total / 1024)} KB). ${framework || "Project"} building in the cloud. Live in ~1 minute at ${result.url}`,
+      }
+    } catch (e) {
+      return { error: `Deploy failed: ${e.message}` }
+    }
+  },
+}

package/src/tools/domains.mjs

@@ -0,0 +1,73 @@
+/**
+ * Domain management tools — add, list, remove custom domains.
+ */
+
+import { api } from "../api.mjs"
+
+export const addDomainTool = {
+  name: "add_domain",
+  description: `Add a custom domain to your project's frontend.
+
+Returns DNS instructions (CNAME record) that the user needs to configure
+at their domain registrar. SSL is automatic once DNS propagates.`,
+
+  inputSchema: {
+    type: "object",
+    properties: {
+      project_id: { type: "string", description: "Project UUID." },
+      domain: { type: "string", description: "Domain to add (e.g. www.example.com)" },
+    },
+    required: ["project_id", "domain"],
+  },
+
+  async execute({ project_id, domain }) {
+    try {
+      return await api.post(`/api/engine/${project_id}/frontend/domains`, { domain })
+    } catch (e) {
+      return { error: e.message }
+    }
+  },
+}
+
+export const listDomainsTool = {
+  name: "list_domains",
+  description: "List all custom domains configured for the project's frontend.",
+
+  inputSchema: {
+    type: "object",
+    properties: {
+      project_id: { type: "string", description: "Project UUID." },
+    },
+    required: ["project_id"],
+  },
+
+  async execute({ project_id }) {
+    try {
+      return await api.get(`/api/engine/${project_id}/frontend/domains`)
+    } catch (e) {
+      return { error: e.message }
+    }
+  },
+}
+
+export const removeDomainTool = {
+  name: "remove_domain",
+  description: "Remove a custom domain from the project's frontend.",
+
+  inputSchema: {
+    type: "object",
+    properties: {
+      project_id: { type: "string", description: "Project UUID." },
+      domain: { type: "string", description: "Domain to remove." },
+    },
+    required: ["project_id", "domain"],
+  },
+
+  async execute({ project_id, domain }) {
+    try {
+      return await api.delete(`/api/engine/${project_id}/frontend/domains/${domain}`)
+    } catch (e) {
+      return { error: e.message }
+    }
+  },
+}

package/src/tools/proxy.mjs

@@ -0,0 +1,134 @@
+/**
+ * Proxy to remote DYPAI MCP server.
+ *
+ * Connects to mcp.dypai.dev as an MCP client (HTTP streamable transport).
+ * Forwards tool calls and returns results.
+ *
+ * This preserves all the server-side logic (SQL validation, DB connections,
+ * security checks, tracking) without reimplementing it locally.
+ */
+
+import https from "https"
+import http from "http"
+
+const MCP_BASE = process.env.DYPAI_MCP_URL || "https://mcp.dypai.dev"
+const MCP_ENDPOINT = `${MCP_BASE}/mcp`
+
+let sessionId = null
+
+function mcpRequest(body) {
+  const token = process.env.DYPAI_TOKEN || ""
+
+  return new Promise((resolve, reject) => {
+    const parsed = new URL(MCP_ENDPOINT)
+    const mod = parsed.protocol === "https:" ? https : http
+    const data = JSON.stringify(body)
+
+    const headers = {
+      "Content-Type": "application/json",
+      "Content-Length": Buffer.byteLength(data),
+      Authorization: `Bearer ${token}`,
+      Accept: "application/json, text/event-stream",
+    }
+    if (sessionId) {
+      headers["Mcp-Session-Id"] = sessionId
+    }
+
+    const req = mod.request({
+      hostname: parsed.hostname,
+      port: parsed.port,
+      path: parsed.pathname,
+      method: "POST",
+      headers,
+    }, (res) => {
+      // Capture session ID from response
+      const newSession = res.headers["mcp-session-id"]
+      if (newSession) sessionId = newSession
+
+      let buf = ""
+      res.on("data", (c) => (buf += c))
+      res.on("end", () => {
+        if (res.statusCode >= 200 && res.statusCode < 300) {
+          // Handle SSE responses (text/event-stream)
+          if (buf.includes("data: ")) {
+            const lines = buf.split("\n").filter(l => l.startsWith("data: "))
+            const lastData = lines[lines.length - 1]
+            if (lastData) {
+              try {
+                resolve(JSON.parse(lastData.replace("data: ", "")))
+              } catch {
+                resolve({ result: buf })
+              }
+            } else {
+              resolve({ result: buf })
+            }
+          } else {
+            try { resolve(JSON.parse(buf)) } catch { resolve({ result: buf }) }
+          }
+        } else {
+          reject(new Error(`MCP remote error ${res.statusCode}: ${buf.slice(0, 300)}`))
+        }
+      })
+    })
+    req.on("error", reject)
+    req.write(data)
+    req.end()
+  })
+}
+
+async function ensureInitialized() {
+  if (sessionId) return
+  try {
+    await mcpRequest({
+      jsonrpc: "2.0",
+      id: "init-proxy",
+      method: "initialize",
+      params: {
+        protocolVersion: "2024-11-05",
+        capabilities: {},
+        clientInfo: { name: "dypai-mcp-local", version: "1.0.0" },
+      },
+    })
+    // Send initialized notification
+    await mcpRequest({
+      jsonrpc: "2.0",
+      method: "notifications/initialized",
+    })
+  } catch (e) {
+    // Non-fatal — some servers don't require init
+    process.stderr.write(`MCP proxy init warning: ${e.message}\n`)
+  }
+}
+
+export async function proxyToolCall(toolName, args) {
+  await ensureInitialized()
+
+  const response = await mcpRequest({
+    jsonrpc: "2.0",
+    id: `proxy-${Date.now()}`,
+    method: "tools/call",
+    params: {
+      name: toolName,
+      arguments: args || {},
+    },
+  })
+
+  // Extract result from JSON-RPC response
+  if (response.result) {
+    const content = response.result.content
+    if (Array.isArray(content) && content[0]?.text) {
+      try {
+        return JSON.parse(content[0].text)
+      } catch {
+        return content[0].text
+      }
+    }
+    return response.result
+  }
+
+  if (response.error) {
+    throw new Error(response.error.message || "Remote tool call failed")
+  }
+
+  return response
+}

package/src/tools/scaffold.mjs

@@ -0,0 +1,114 @@
+/**
+ * download_template — Creates a new project from a DYPAI template.
+ *
+ * Creates a new project directory on disk with
+ * SDK pre-configured, MCP ready, and .env set up.
+ */
+
+import { writeFileSync, mkdirSync, existsSync } from "fs"
+import { join } from "path"
+import { api } from "../api.mjs"
+
+export const scaffoldTool = {
+  name: "download_template",
+  description: `Create a new frontend project from a DYPAI template.
+
+Scaffolds a project directory with:
+- React + Vite + TypeScript
+- DYPAI SDK pre-configured
+- MCP config for your IDE
+- .env with engine URL
+
+Use search_templates first to find available templates, then pass the template slug here.
+Or use "blank" for an empty starter project.`,
+
+  inputSchema: {
+    type: "object",
+    properties: {
+      directory: {
+        type: "string",
+        description: "Absolute path where the project should be created (e.g. /Users/me/my-new-app)",
+      },
+      project_id: {
+        type: "string",
+        description: "Project UUID to connect the template to.",
+      },
+      template: {
+        type: "string",
+        description: 'Template slug (e.g. "clinic", "gym", "blank"). Use search_templates to find available templates.',
+        default: "blank",
+      },
+    },
+    required: ["directory", "project_id"],
+  },
+
+  async execute({ directory, project_id, template = "blank" }) {
+    if (existsSync(join(directory, "package.json"))) {
+      return { error: `Directory already has a package.json. Pick an empty directory or a new name.` }
+    }
+
+    const token = process.env.DYPAI_TOKEN || ""
+    const mcpUrl = process.env.DYPAI_MCP_URL || "https://mcp.dypai.dev/mcp"
+    const engineUrl = `https://${project_id}.dypai.dev`
+
+    // Try to download template from API
+    let files = []
+    try {
+      const res = await api.get(`/api/engine/${project_id}/frontend/template?slug=${template}`)
+      if (res.files) files = res.files
+    } catch {}
+
+    // Fallback: create basic Vite starter
+    if (!files.length) {
+      files = [
+        { path: "package.json", content: JSON.stringify({
+          name: directory.split("/").pop() || "my-app",
+          private: true, version: "0.0.1", type: "module",
+          scripts: { dev: "vite", build: "vite build", preview: "vite preview" },
+          dependencies: { "@dypai-ai/client-sdk": "latest", react: "^19.0.0", "react-dom": "^19.0.0" },
+          devDependencies: { "@vitejs/plugin-react": "^4.3.0", vite: "^6.0.0", typescript: "^5.6.0", "@types/react": "^19.0.0", "@types/react-dom": "^19.0.0" },
+        }, null, 2) },
+        { path: "vite.config.ts", content: `import { defineConfig } from 'vite'\nimport react from '@vitejs/plugin-react'\n\nexport default defineConfig({ plugins: [react()] })\n` },
+        { path: "tsconfig.json", content: JSON.stringify({ compilerOptions: { target: "ES2020", lib: ["ES2020","DOM","DOM.Iterable"], module: "ESNext", skipLibCheck: true, moduleResolution: "bundler", allowImportingTsExtensions: true, isolatedModules: true, noEmit: true, jsx: "react-jsx", strict: true }, include: ["src"] }, null, 2) },
+        { path: "index.html", content: `<!DOCTYPE html><html lang="en"><head><meta charset="UTF-8"/><meta name="viewport" content="width=device-width,initial-scale=1.0"/><title>My App</title></head><body><div id="root"></div><script type="module" src="/src/main.tsx"></script></body></html>` },
+        { path: "src/main.tsx", content: `import { StrictMode } from 'react'\nimport { createRoot } from 'react-dom/client'\nimport App from './App'\n\ncreateRoot(document.getElementById('root')!).render(<StrictMode><App /></StrictMode>)\n` },
+        { path: "src/App.tsx", content: `export default function App() {\n  return (\n    <div style={{ fontFamily: 'system-ui', maxWidth: 600, margin: '4rem auto', padding: '0 1rem' }}>\n      <h1>My DYPAI App</h1>\n      <p>Start building with your AI agent!</p>\n    </div>\n  )\n}\n` },
+      ]
+    }
+
+    // .env with engine URL
+    files.push({ path: ".env", content: `VITE_DYPAI_URL=${engineUrl}\nVITE_PROJECT_ID=${project_id}\n` })
+
+    // SDK client helper (lib/dypai.ts)
+    files.push({ path: "src/lib/dypai.ts", content: `import { createClient } from "@dypai-ai/client-sdk";\n\nexport const dypai = createClient(import.meta.env.VITE_DYPAI_URL);\n` })
+
+    // Write files to disk
+    let created = 0
+    for (const file of files) {
+      const fullPath = join(directory, file.path)
+      const dir = fullPath.substring(0, fullPath.lastIndexOf("/"))
+      mkdirSync(dir, { recursive: true })
+      writeFileSync(fullPath, file.content)
+      created++
+    }
+
+    // Try to run npm install (best-effort, works if Node is available)
+    let installed = false
+    try {
+      const { execSync } = await import("child_process")
+      execSync("npm install", { cwd: directory, stdio: "pipe", timeout: 60000 })
+      installed = true
+    } catch {}
+
+    return {
+      success: true,
+      directory,
+      files_created: created,
+      dependencies_installed: installed,
+      template: template || "blank",
+      engine_url: engineUrl,
+      sdk_client: "src/lib/dypai.ts",
+      message: `Project created at ${directory} with ${created} files.${installed ? " Dependencies installed." : " Run 'npm install' to install dependencies."} SDK client ready at src/lib/dypai.ts — import { dypai } from './lib/dypai' to use.`,
+    }
+  },
+}

package/src/tools/status.mjs

@@ -0,0 +1,94 @@
+/**
+ * Frontend status + build status tools.
+ */
+
+import { api } from "../api.mjs"
+
+export const listDeploymentsTool = {
+  name: "list_deployments",
+  description: `List deployment history for the project's frontend. Shows recent deploys with status, commit, duration, and URL.`,
+
+  inputSchema: {
+    type: "object",
+    properties: {
+      project_id: { type: "string", description: "Project UUID." },
+      limit: { type: "number", description: "Max deployments to return (default 10, max 20)." },
+    },
+    required: ["project_id"],
+  },
+
+  async execute({ project_id, limit }) {
+    try {
+      return await api.get(`/api/engine/${project_id}/frontend/deployments?limit=${limit || 10}`)
+    } catch (e) {
+      return { error: e.message }
+    }
+  },
+}
+
+export const getDeploymentLogsTool = {
+  name: "get_deployment_logs",
+  description: `Get build logs for a specific deployment. Use list_deployments first to get the deployment ID. Useful for debugging failed builds.`,
+
+  inputSchema: {
+    type: "object",
+    properties: {
+      project_id: { type: "string", description: "Project UUID." },
+      deployment_id: { type: "string", description: "Deployment UUID from list_deployments." },
+    },
+    required: ["project_id", "deployment_id"],
+  },
+
+  async execute({ project_id, deployment_id }) {
+    try {
+      return await api.get(`/api/engine/${project_id}/frontend/deployments/${deployment_id}/logs`)
+    } catch (e) {
+      return { error: e.message }
+    }
+  },
+}
+
+export const frontendStatusTool = {
+  name: "get_frontend_status",
+  description: "Get the current frontend deployment status — URL, status, last deploy time, size.",
+
+  inputSchema: {
+    type: "object",
+    properties: {
+      project_id: { type: "string", description: "Project UUID." },
+    },
+    required: ["project_id"],
+  },
+
+  async execute({ project_id }) {
+    try {
+      return await api.get(`/api/engine/${project_id}/frontend`)
+    } catch (e) {
+      return { error: e.message }
+    }
+  },
+}
+
+export const buildStatusTool = {
+  name: "get_build_status",
+  description: `Get the latest build status from Cloudflare Pages.
+
+Returns: status (queued/building/success/failure), current stage, progress %, URL.
+Useful to check if a deploy has finished building.`,
+
+  inputSchema: {
+    type: "object",
+    properties: {
+      project_id: { type: "string", description: "Project UUID." },
+    },
+    required: ["project_id"],
+  },
+
+  async execute({ project_id }) {
+    try {
+      return await api.get(`/api/engine/${project_id}/frontend/build-status`)
+    } catch (e) {
+      return { error: e.message }
+    }
+  },
+}