npm - @dypai-ai/mcp - Versions diffs - 1.0.8 → 1.0.9 - Mend

@dypai-ai/mcp 1.0.8 → 1.0.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@dypai-ai/mcp",
-  "version": "1.0.8",
+  "version": "1.0.9",
   "description": "DYPAI MCP Server — AI agent toolkit for building and deploying full-stack apps",
   "type": "module",
   "main": "src/index.js",

package/src/auto-update.js ADDED Viewed

@@ -0,0 +1,198 @@
+/**
+ * Self-update for @dypai-ai/mcp.
+ *
+ * On startup, checks the npm registry for a newer version. If found, performs
+ * the appropriate update (clear npx cache or `npm install -g`) and exits with
+ * code 0 so the host (Cursor / Claude / Trae / VSCode) re-spawns the process
+ * with the freshly installed version.
+ *
+ * Throttled to one check every 6h to avoid hammering the registry.
+ *
+ * Disable with:  DYPAI_NO_AUTOUPDATE=1
+ */
+import { readFileSync, writeFileSync, existsSync, rmSync, readdirSync, statSync } from "node:fs";
+import { join, dirname } from "node:path";
+import { fileURLToPath } from "node:url";
+import { homedir, tmpdir } from "node:os";
+import { execSync } from "node:child_process";
+const __dirname = dirname(fileURLToPath(import.meta.url));
+const PKG_PATH = join(__dirname, "..", "package.json");
+const PKG_NAME = "@dypai-ai/mcp";
+const REGISTRY_URL = `https://registry.npmjs.org/${PKG_NAME}/latest`;
+const CHECK_TIMEOUT_MS = 2000;
+const THROTTLE_HOURS = 6;
+const STATE_FILE = join(tmpdir(), "dypai-mcp-update-state.json");
+function log(msg) {
+  // stderr — stdout is reserved for the MCP protocol
+  console.error(`[dypai-mcp:auto-update] ${msg}`);
+}
+function readState() {
+  try { return JSON.parse(readFileSync(STATE_FILE, "utf-8")); } catch { return {}; }
+}
+function writeState(state) {
+  try { writeFileSync(STATE_FILE, JSON.stringify(state)); } catch {}
+}
+function getCurrentVersion() {
+  try { return JSON.parse(readFileSync(PKG_PATH, "utf-8")).version; }
+  catch { return null; }
+}
+/** semver compare: returns 1 if a > b, -1 if a < b, 0 if equal. */
+function compareVersions(a, b) {
+  const pa = String(a).split(".").map((n) => parseInt(n, 10) || 0);
+  const pb = String(b).split(".").map((n) => parseInt(n, 10) || 0);
+  for (let i = 0; i < 3; i += 1) {
+    if ((pa[i] || 0) > (pb[i] || 0)) return 1;
+    if ((pa[i] || 0) < (pb[i] || 0)) return -1;
+  }
+  return 0;
+}
+async function fetchLatestManifest() {
+  const ctrl = new AbortController();
+  const timer = setTimeout(() => ctrl.abort(), CHECK_TIMEOUT_MS);
+  try {
+    const res = await fetch(REGISTRY_URL, { signal: ctrl.signal });
+    if (!res.ok) return null;
+    return await res.json();
+  } catch {
+    return null;
+  } finally {
+    clearTimeout(timer);
+  }
+}
+/**
+ * After npm publish there's a 30s–2min window where the registry knows the
+ * version but the tarball is not yet replicated across the CDN. If we clear
+ * the cache and exit during that window, the next spawn fails to download
+ * and the MCP becomes unusable.
+ *
+ * This does a HEAD on the tarball URL with a small timeout. Returns true only
+ * if the artifact is actually retrievable.
+ */
+async function isTarballReady(tarballUrl) {
+  if (!tarballUrl) return false;
+  const ctrl = new AbortController();
+  const timer = setTimeout(() => ctrl.abort(), CHECK_TIMEOUT_MS);
+  try {
+    const res = await fetch(tarballUrl, { method: "HEAD", signal: ctrl.signal });
+    return res.ok;
+  } catch {
+    return false;
+  } finally {
+    clearTimeout(timer);
+  }
+}
+/** Detect how this process is running so we know how to update. */
+function detectInstallMethod() {
+  const scriptPath = process.argv[1] || "";
+  if (scriptPath.includes("/_npx/")) return "npx";
+  if (scriptPath.includes("/node_modules/") && scriptPath.includes("/.bin/")) return "global";
+  // global installs typically resolve to /usr/local/lib/... on mac/linux or %APPDATA%/npm on windows
+  if (scriptPath.includes("/lib/node_modules/")) return "global";
+  if (scriptPath.match(/[\\/]npm[\\/]node_modules[\\/]/)) return "global";
+  return "unknown";
+}
+/** Wipe ONLY this package's cache from the user's npx cache directory. */
+function clearNpxCacheForPackage() {
+  const npxRoot = join(homedir(), ".npm", "_npx");
+  if (!existsSync(npxRoot)) return false;
+  let cleared = 0;
+  for (const dir of readdirSync(npxRoot)) {
+    const fullPath = join(npxRoot, dir);
+    try {
+      if (!statSync(fullPath).isDirectory()) continue;
+      const pkgManifest = join(fullPath, "node_modules", PKG_NAME, "package.json");
+      if (existsSync(pkgManifest)) {
+        rmSync(fullPath, { recursive: true, force: true });
+        cleared += 1;
+      }
+    } catch { /* ignore */ }
+  }
+  return cleared > 0;
+}
+function installGlobalLatest() {
+  try {
+    execSync(`npm install -g ${PKG_NAME}@latest`, {
+      stdio: "pipe",
+      timeout: 60_000,
+    });
+    return true;
+  } catch (e) {
+    log(`global install failed: ${e.message?.slice(0, 200)}`);
+    return false;
+  }
+}
+/**
+ * Main entry point — call once at startup.
+ * Returns quickly. Exits the process if an update was applied.
+ */
+export async function checkForUpdates({ force = false } = {}) {
+  if (process.env.DYPAI_NO_AUTOUPDATE === "1") return { skipped: "disabled" };
+  const current = getCurrentVersion();
+  if (!current) return { skipped: "no current version" };
+  // Throttle
+  if (!force) {
+    const state = readState();
+    if (state.lastCheckAt) {
+      const hoursAgo = (Date.now() - state.lastCheckAt) / 3_600_000;
+      if (hoursAgo < THROTTLE_HOURS) return { skipped: "throttled" };
+    }
+  }
+  const manifest = await fetchLatestManifest();
+  const latest = manifest?.version || null;
+  const tarballUrl = manifest?.dist?.tarball || null;
+  writeState({ lastCheckAt: Date.now(), lastSeenLatest: latest, current });
+  if (!latest) return { skipped: "registry unreachable" };
+  if (compareVersions(latest, current) <= 0) return { uptodate: true, current };
+  log(`update available: ${current} → ${latest}`);
+  // Critical safety: don't clear the cache until the new tarball is actually
+  // downloadable. Right after `npm publish` the version is visible in the
+  // registry metadata up to ~2 min before the tarball replicates to all CDNs.
+  // If we clear the cache + exit during that window, next spawn fails.
+  const ready = await isTarballReady(tarballUrl);
+  if (!ready) {
+    log(`new version ${latest} not yet downloadable from CDN; will retry later`);
+    return { skipped: "tarball not ready" };
+  }
+  const method = detectInstallMethod();
+  let updated = false;
+  if (method === "npx") {
+    log(`tarball verified — clearing npx cache so the next spawn pulls ${PKG_NAME}@${latest}`);
+    updated = clearNpxCacheForPackage();
+  } else if (method === "global") {
+    log(`tarball verified — running: npm install -g ${PKG_NAME}@latest`);
+    updated = installGlobalLatest();
+  } else {
+    log(`unknown install method (script=${process.argv[1] || "?"}); skipping self-update`);
+    return { skipped: "unknown install method" };
+  }
+  if (!updated) {
+    log("update step did not succeed; continuing with current version");
+    return { skipped: "update failed" };
+  }
+  log(`updated to ${latest}. Exiting so the IDE re-spawns the MCP with the new version.`);
+  process.exit(0);
+}

package/src/index.js CHANGED Viewed

@@ -20,6 +20,7 @@
  */
 import { createInterface } from "readline"
+import { checkForUpdates } from "./auto-update.js"
 import { deployTool } from "./tools/deploy.js"
 import { scaffoldTool } from "./tools/scaffold.js"
 import { addDomainTool, listDomainsTool, removeDomainTool } from "./tools/domains.js"
@@ -27,6 +28,13 @@ import { frontendStatusTool, buildStatusTool, listDeploymentsTool, getDeployment
 import { bulkUpsertTool } from "./tools/bulk-upsert.js"
 import { proxyToolCall } from "./tools/proxy.js"
+// ── Self-update ─────────────────────────────────────────────────────────────
+// Throttled (6h) check against the npm registry. If a newer version is
+// available, the update is performed and the process exits cleanly so the
+// IDE re-spawns it with the latest. Disable with DYPAI_NO_AUTOUPDATE=1.
+// Network failures are silently ignored — never blocks startup more than ~2s.
+await checkForUpdates().catch(() => {})
 // ── Local tools (filesystem access) ─────────────────────────────────────────
 const LOCAL_TOOLS = [