@dypai-ai/mcp 1.2.1 → 1.2.3

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@dypai-ai/mcp",
-  "version": "1.2.1",
+  "version": "1.2.3",
   "description": "DYPAI MCP Server — AI agent toolkit for building and deploying full-stack apps",
   "type": "module",
   "main": "src/index.js",

package/src/tools/proxy.js

@@ -129,6 +129,15 @@ export async function proxyToolCall(toolName, args) {
       if (typeof parsed === "string" && /^(Error:|Input validation error:|You don't have)/i.test(parsed)) {
         throw new Error(parsed)
       }
+      // Other remote errors come as a JSON object with success:false but no isError
+      // flag. The push pipeline was treating these as successes — promote them to
+      // throws here so the caller's try/catch sees them.
+      if (parsed && typeof parsed === "object" && !Array.isArray(parsed)) {
+        if (parsed.success === false || parsed.ok === false) {
+          const msg = parsed.error || parsed.message || parsed.detail || JSON.stringify(parsed).slice(0, 300)
+          throw new Error(typeof msg === "string" ? msg : JSON.stringify(msg))
+        }
+      }
       return parsed
     }
     return response.result

package/src/tools/scaffold.js

@@ -108,7 +108,19 @@ Or use "blank" for an empty starter project.`,
       template: template || "blank",
       engine_url: engineUrl,
       sdk_client: "src/lib/dypai.ts",
-      message: `Project created at ${directory} with ${created} files.${installed ? " Dependencies installed." : " Run 'npm install' to install dependencies."} SDK client ready at src/lib/dypai.ts — import { dypai } from './lib/dypai' to use.`,
+      // Critical: dypai_pull without an absolute out_dir can land in $HOME
+      // when the MCP process cwd isn't the workspace. Tell the agent exactly
+      // what to pass next so the backend materializes INSIDE this project.
+      next_step: {
+        action: "materialize_backend",
+        tool: "dypai_pull",
+        args: {
+          project_id,
+          out_dir: join(directory, "dypai"),
+        },
+        why: "Use the ABSOLUTE dypai/ path inside the project you just created. A relative './dypai' can resolve to the wrong folder (e.g. $HOME) when the MCP isn't running from your workspace.",
+      },
+      message: `Project created at ${directory} with ${created} files.${installed ? " Dependencies installed." : " Run 'npm install' to install dependencies."} SDK client ready at src/lib/dypai.ts — import { dypai } from './lib/dypai' to use. Next: call dypai_pull with out_dir="${join(directory, "dypai")}" to materialize the backend inside this project.`,
     }
   },
 }

package/src/tools/sync/path-resolver.js

@@ -0,0 +1,99 @@
+/**
+ * Workspace-aware path resolution for dypai/ folder.
+ *
+ * The MCP often runs from $HOME (default cwd when an IDE spawns it over stdio).
+ * A naive `resolvePath(cwd, "./dypai")` lands in `~/dypai/` — silently writing
+ * files where the user will never find them, OR silently reading from an empty
+ * folder so push reports "no_changes" and the agent thinks everything is fine.
+ *
+ * This helper centralizes the resolution + suspicious-path detection so pull
+ * AND push share the exact same logic. Hard-stop is the caller's responsibility.
+ */
+
+import { existsSync } from "fs"
+import { isAbsolute, dirname, join, resolve as resolvePath, sep, delimiter } from "path"
+import { homedir } from "os"
+
+/**
+ * Resolve a (possibly relative) dypai/ path. Walks several signals in order:
+ *   1. absolute → use as-is
+ *   2. env vars set by IDEs (CLAUDE_PROJECT_DIR, WORKSPACE_FOLDER_PATHS, etc.)
+ *   3. walk UP from cwd looking for project markers (.git, package.json, dypai/)
+ *   4. fall back to cwd (often $HOME — flagged as suspicious by the warning fn)
+ *
+ * Returns { path, source } so the caller can render a helpful trace.
+ */
+export function resolveOutDir(outDir) {
+  if (isAbsolute(outDir)) return { path: outDir, source: "absolute" }
+
+  const envCandidates = [
+    ["CLAUDE_PROJECT_DIR", process.env.CLAUDE_PROJECT_DIR],
+    ["DYPAI_WORKSPACE_ROOT", process.env.DYPAI_WORKSPACE_ROOT],
+    ["WORKSPACE_FOLDER_PATHS", process.env.WORKSPACE_FOLDER_PATHS?.split(delimiter)[0]],
+    ["PROJECT_ROOT", process.env.PROJECT_ROOT],
+  ]
+  for (const [name, val] of envCandidates) {
+    if (val && isAbsolute(val)) return { path: resolvePath(val, outDir), source: `env:${name}` }
+  }
+
+  let cursor = process.cwd()
+  for (let i = 0; i < 6; i++) {
+    if (existsSync(join(cursor, ".git")) ||
+        existsSync(join(cursor, "package.json")) ||
+        existsSync(join(cursor, "dypai"))) {
+      return { path: resolvePath(cursor, outDir), source: "project_marker" }
+    }
+    const parent = dirname(cursor)
+    if (parent === cursor) break
+    cursor = parent
+  }
+
+  return { path: resolvePath(process.cwd(), outDir), source: "cwd_fallback" }
+}
+
+/**
+ * Return a warning string when the resolved path looks suspicious.
+ * Specifically: cwd_fallback that landed inside $HOME at depth ≤ 2.
+ * Returns null when the path looks fine.
+ */
+export function suspiciousPathWarning(resolvedPath, source) {
+  if (source === "absolute") return null
+  const home = homedir()
+  if (source === "cwd_fallback" && resolvedPath.startsWith(home + sep)) {
+    const rel = resolvedPath.slice(home.length + 1)
+    if (!rel.includes(sep) || rel.split(sep).length <= 2) {
+      return (
+        `Output landed at ${resolvedPath}. The MCP process cwd is your home dir, not your project. ` +
+        `Re-run with an ABSOLUTE path (e.g. ${home}/path/to/your-project/dypai) ` +
+        `or set the CLAUDE_PROJECT_DIR env var on the MCP entry.`
+      )
+    }
+  }
+  return null
+}
+
+/**
+ * Convenience wrapper: resolve + suspicious check + structured error builder.
+ * Returns { ok: true, path, source } on success, or { ok: false, error } when
+ * the resolved path is suspicious. Pull/push pass the error response straight back.
+ */
+export function resolveAndGuard(outDir, { project_id, tool, arg_name = "out_dir" } = {}) {
+  const { path, source } = resolveOutDir(outDir)
+  const warning = suspiciousPathWarning(path, source)
+  if (!warning) return { ok: true, path, source }
+
+  return {
+    ok: false,
+    error: {
+      success: false,
+      error: "Resolved path looks wrong — aborting before reading/writing any files.",
+      resolved_to: path,
+      resolved_via: source,
+      explanation: warning,
+      fix:
+        `Call ${tool || "this tool"} again with an ABSOLUTE ${arg_name} pointing inside your project, e.g.\n` +
+        `  ${tool || "<tool>"}({ ${project_id ? `project_id: "${project_id}", ` : ""}${arg_name}: "/absolute/path/to/your-project/dypai" })\n` +
+        `If you just ran download_template, reuse the "directory" it returned and append "/dypai".`,
+    },
+  }
+}

package/src/tools/sync/push.js

@@ -61,26 +61,52 @@ function endpointPayload(row) {
   return p
 }
 
+/**
+ * Treat a remote tool response as a definite success only when it has at
+ * least one of the markers we expect from a real mutation. Anything else
+ * (empty object, error string masquerading as data, missing id) becomes
+ * an error so the push doesn't lie to the agent.
+ */
+function assertMutationOK(result, op, name) {
+  if (!result || typeof result !== "object") {
+    throw new Error(`${op} ${name}: empty response from remote (got ${JSON.stringify(result).slice(0, 120)})`)
+  }
+  if (result.error) {
+    throw new Error(`${op} ${name}: ${typeof result.error === "string" ? result.error : JSON.stringify(result.error)}`)
+  }
+  // Successful create returns { id, name } or { ok: true }; update/delete return
+  // { message } or { ok: true }. If none of these markers are present the call
+  // probably failed silently.
+  const hasMarker = result.id || result.ok === true || result.message || result.endpoint_id || result.success === true
+  if (!hasMarker) {
+    throw new Error(`${op} ${name}: response missing success markers — ${JSON.stringify(result).slice(0, 200)}`)
+  }
+  return result
+}
+
 async function applyCreate(canonicalRow, projectId) {
-  return proxyToolCall("create_endpoint", {
+  const res = await proxyToolCall("create_endpoint", {
     ...(projectId ? { project_id: projectId } : {}),
     ...endpointPayload(canonicalRow),
   })
+  return assertMutationOK(res, "create", canonicalRow.name)
 }
 
 async function applyUpdate(canonicalRow, endpointId, projectId) {
-  return proxyToolCall("update_endpoint", {
+  const res = await proxyToolCall("update_endpoint", {
     ...(projectId ? { project_id: projectId } : {}),
     endpoint_id: endpointId,
     updates: endpointPayload(canonicalRow),
   })
+  return assertMutationOK(res, "update", canonicalRow.name)
 }
 
 async function applyDelete(endpointId, projectId) {
-  return proxyToolCall("delete_endpoint", {
+  const res = await proxyToolCall("delete_endpoint", {
     ...(projectId ? { project_id: projectId } : {}),
     endpoint_id: endpointId,
   })
+  return assertMutationOK(res, "delete", endpointId)
 }
 
 // ─── Realtime policies sync ────────────────────────────────────────────────
@@ -358,6 +384,13 @@ export const dypaiPushTool = {
       errors.push({ op: "realtime", error: e.message })
     }
 
+    // Names of endpoints that actually changed this run — drives the follow-up
+    // suggestion so the agent knows what to test next.
+    const changedNames = [
+      ...applied.created,
+      ...applied.updated.map(u => u.name),
+    ]
+
     return {
       success: errors.length === 0,
       applied: true,
@@ -375,7 +408,7 @@ export const dypaiPushTool = {
       next_step: errors.length
         ? "Fix the offending YAMLs and push again."
         : changedNames.length
-          ? `Test changed endpoint(s) with test_workflow: ${changedNames.slice(0, 3).join(", ")}${changedNames.length > 3 ? "…" : ""}`
+          ? `Test changed endpoint(s) with dypai_test_endpoint: ${changedNames.slice(0, 3).join(", ")}${changedNames.length > 3 ? "…" : ""}`
           : undefined,
       hint: errors.some(e => /credential/i.test(e.error))
         ? "A referenced credential doesn't exist remotely. Create it in the dashboard (same name), then retry."