@dypai-ai/mcp 1.5.13 → 1.5.15

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@dypai-ai/mcp",
-  "version": "1.5.13",
+  "version": "1.5.15",
   "description": "DYPAI MCP Server — AI agent toolkit for building and deploying full-stack apps",
   "type": "module",
   "main": "src/index.js",

package/src/index.js

@@ -153,7 +153,7 @@ This stores classification metadata only. It does not create users, roles, login
     },
   },
   { name: "list_ai_models", description: "List only the DYPAI Managed AI models that are active for a project. Returns the project-gated OpenRouter model catalog priced in AI Credits per 1M tokens, RPM limit, max output tokens, active/available counts, billing metadata, and the exact node parameters to use. Call this before creating or editing an AI Agent node with DYPAI Managed models. Agents must not invent or use inactive model ids. Use provider='openrouter' and do NOT set credential_id; DYPAI uses the platform OpenRouter key and deducts usage from the organization's AI Credits.", inputSchema: { type: "object", properties: { project_id: { type: "string", description: "Project UUID whose plan and Model Gateway settings determine the active Managed AI catalog." } }, required: ["project_id"] } },
-  { name: "create_project", description: "Create a new DYPAI project (free plan). Creates a full project with database, engine, GitHub repo, and frontend hosting. BLOCKS by default until provisioning finishes (~60s typical, 120s max) — when it returns, the project_id is ready to use with execute_sql, endpoint tools, etc. Pass wait_until_ready:false for batch flows.\n\nName collision: if another project in the same org already uses the name (case-insensitive), returns {error:'name_taken', existing_project_id, suggestions:[...]}. Pick a different name or use the existing project.\n\nProject limits are enforced by the DYPAI API at organization/workspace scope according to the workspace plan. If it returns {error:'project_limit_reached'}, do not retry create_project; show list_projects for that organization and ask the user to reuse, archive/pause, upgrade the workspace to Pro, or add capacity.\n\nIMPORTANT: before calling, check for a matching template with `search_project_templates`. Passing a `template_slug` drops in a ready-made schema + endpoints + UI that cover 70% of common app types. Use built-in bases when appropriate: `private-admin` for private internal tools, `user-accounts` for apps with signup/login users, `landing-admin` for public landing plus admin, and `blank` only when no base fits.", inputSchema: { type: "object", properties: { name: { type: "string", description: "Project name (e.g. 'My Veterinary App')" }, organization_id: { type: "string", description: "Optional. Uses default org if omitted." }, description: { type: "string" }, template_slug: { type: "string", description: "RECOMMENDED. Project template slug to start from (e.g. 'clinic', 'gym', 'private-admin', 'user-accounts', 'landing-admin', 'blank'). Always call search_project_templates first to find the best match." }, wait_until_ready: { type: "boolean", description: "If true (default), blocks until provisioning completes and the project is ready for all operations. If false, returns immediately with status='provisioning' — caller must poll get_project before using.", default: true } }, required: ["name"] } },
+  { name: "create_project", description: "Create a new DYPAI project (free plan). Creates a full project with database, engine, GitHub repo, and frontend hosting. BLOCKS by default until provisioning finishes (~60s typical, 120s max) — when it returns, the project_id is ready to use with execute_sql, endpoint tools, etc. Pass wait_until_ready:false for batch flows.\n\nName collision: if another project in the same org already uses the name (case-insensitive), returns {error:'name_taken', existing_project_id, suggestions:[...]}. Pick a different name or use the existing project.\n\nProject limits are enforced by the DYPAI API at organization/workspace scope according to the workspace plan. If it returns {error:'project_limit_reached'}, do not retry create_project; show list_projects for that organization and ask the user to reuse, archive/pause, upgrade the workspace to Pro, or add capacity.\n\nIMPORTANT: before calling, check for a matching Studio template with `search_project_templates`. Passing a `template_slug` can drop in ready-made UI, schema, endpoints, and agent instructions. Prefer Studio catalog slugs when the returned brief is a strong fit; legacy fallback bases (`private-admin`, `user-accounts`, `landing-admin`, `blank`) remain available when no catalog template fits.", inputSchema: { type: "object", properties: { name: { type: "string", description: "Project name (e.g. 'My Veterinary App')" }, organization_id: { type: "string", description: "Optional. Uses default org if omitted." }, description: { type: "string" }, template_slug: { type: "string", description: "RECOMMENDED. Template slug returned by search_project_templates. Use Studio catalog slugs when a strong template fits; legacy fallback bases remain supported when no catalog template fits." }, wait_until_ready: { type: "boolean", description: "If true (default), blocks until provisioning completes and the project is ready for all operations. If false, returns immediately with status='provisioning' — caller must poll get_project before using.", default: true } }, required: ["name"] } },
   { name: "get_app_credentials", description: "Lists available credentials in the current application. Returns API keys, anon key, service role key, and engine URL needed for SDK configuration.", inputSchema: { type: "object", properties: { project_id: { type: "string" } }, required: [] } },
 
   // ── Database ──────────────────────────────────────────────────────────────
@@ -496,7 +496,7 @@ endpoint YAML and \`dypai_push\`. This tool does NOT modify the definition.`,
   { name: "search_docs", description: "Search DYPAI documentation. Use this when unsure about SDK usage, auth patterns, workflow nodes, or platform features. Returns relevant documentation chunks.", inputSchema: { type: "object", properties: { query: { type: "string", description: "What you want to learn about" } }, required: ["query"] } },
   { name: "search_design_patterns", description: "Search compact DYPAI UI/design recipes. Use before designing substantial screens.", inputSchema: { type: "object", properties: { query: { type: "string", description: "Design need, with starter/domain/screen/style context when known." }, starter_slug: { type: "string", description: "Optional: private-admin, user-accounts, landing-admin, or blank." }, app_type: { type: "string", description: "Optional domain/app type." }, screen_type: { type: "string", description: "Optional screen/workflow." }, visual_style: { type: "string", description: "Optional style." }, category: { type: "string", description: "Optional category." }, limit: { type: "integer", default: 3, minimum: 1, maximum: 4 } }, required: ["query"] } },
   { name: "search_workflow_templates", description: "Search workflow templates by description. Returns ready-to-use workflow code for common patterns: CRUD operations, payment gateways, email sending, AI chatbots, data pipelines, etc.", inputSchema: { type: "object", properties: { query: { type: "string", description: "What the workflow should do (e.g. 'send email', 'stripe payment')" }, category: { type: "string", description: "Optional: AI, Database, Payments, Communication, Logic, Storage" } }, required: ["query"] } },
-  { name: "search_project_templates", description: "Search project starter templates by description. Returns template metadata and slugs for marketplace templates plus built-in bases: private-admin, user-accounts, landing-admin, and blank.", inputSchema: { type: "object", properties: { query: { type: "string", description: "What kind of project starter you need (e.g. 'gym app', 'private admin dashboard', 'user accounts portal', 'landing plus admin')" }, category: { type: "string", description: "Optional category filter" } }, required: ["query"] } },
+  { name: "search_project_templates", description: "Search DYPAI Studio project templates by description. Studio catalog results are the primary source and return compact template briefs plus selection_guidance: recommended_slug, confidence, fallback_slug, and agent_rule. Legacy fallback bases are returned only when no Studio template is a strong fit.", inputSchema: { type: "object", properties: { query: { type: "string", description: "What kind of project starter you need, in the user's language (e.g. 'app para barberia con reservas', 'private admin dashboard', 'landing plus admin')" }, category: { type: "string", description: "Optional category/type filter." }, limit: { type: "integer", default: 5, minimum: 1, maximum: 10 }, include_drafts: { type: "boolean", default: false, description: "Internal/local testing only. Include draft Studio catalog templates." } }, required: ["query"] } },
 ]
 
 // ── Server Instructions ──────────────────────────────────────────────────────
@@ -511,11 +511,11 @@ const SERVER_INSTRUCTIONS = `You are building full-stack applications on the DYP
 
 ## What NOT to do
 
-- ❌ *"Te propongo Next.js + TypeScript + Tailwind + Prisma + SQLite..."*
-- ❌ *"Podrías usar Supabase / Firebase / MongoDB / Vercel..."*
-- ❌ *"¿Qué base de datos prefieres, PostgreSQL o SQLite?"*
-- ❌ *"¿Prefieres Tailwind o CSS Modules?"*
-- ❌ Asking "which framework" unless the user explicitly says *"I want to compare platforms"* or *"what are my options"*.
+- Do not say: *"Te propongo Next.js + TypeScript + Tailwind + Prisma + SQLite..."*
+- Do not say: *"Podrías usar Supabase / Firebase / MongoDB / Vercel..."*
+- Do not ask: *"¿Qué base de datos prefieres, PostgreSQL o SQLite?"*
+- Do not ask: *"¿Prefieres Tailwind o CSS Modules?"*
+- Do not ask "which framework" unless the user explicitly says *"I want to compare platforms"* or *"what are my options"*.
 
 These are ALL dead signals: Next.js is already what DYPAI scaffolds. The DB is already PostgreSQL (via DYPAI engine). Auth is built in. Tailwind is already in the templates. Prisma / ORMs are not used — you write SQL directly in workflow endpoints.
 
@@ -524,19 +524,23 @@ These are ALL dead signals: Next.js is already what DYPAI scaffolds. The DB is a
 First reflex, always:
 
 1. **Acknowledge briefly** what they want to build (one short line, their language).
-2. **\`search_project_templates(query: "<keywords from their request>")\`** — keywords in their language. Templates cover common app types (gym, clinic, waitlist, saas dashboard, etc.).
-3. **Decide: marketplace template, built-in base, or blank.** Marketplace templates are only right when the match is OBVIOUS and STRONG:
-   - ✅ User says *"app para mi gimnasio"* + there's \`gym-manager\` (exact domain + feature overlap) → template.
-   - ❌ User says *"algo para gestionar reservas"* + there's \`gym-manager\` (soft match, many interpretations) → use a built-in base or **blank**. Don't assume they want the gym's specific schema (classes, memberships, check-ins) — they didn't ask for it.
-   - Built-in bases are safe defaults:
+2. **\`search_project_templates(query: "<keywords from their request>")\`** — keywords in their language. The Studio catalog returns compact briefs plus \`selection_guidance\`: recommended slug, confidence, fallback slug, and the rule for deciding.
+3. **Decide: Studio catalog template, legacy base, or blank.** Use \`selection_guidance\` explicitly:
+   - confidence "strong": use \`recommended_slug\` if it does not contradict the user's plan.
+   - confidence "medium": use it only if the user's answers confirm the same domain/workflow.
+   - confidence "weak": do not auto-use it; use \`fallback_slug\`.
+   - confidence "fallback": use \`recommended_slug\` unless the app plan clearly requires a different returned slug.
+   - Strong fit: user says *"app para barberia con reservas"* and the result includes a booking/barber vertical with matching routes/endpoints. Use that template and preserve what it already has.
+   - Strong fit: user asks for a broad business app and a matching vertical template says what to adapt and what not to rebuild. Use the template, then customize it.
+   - Weak fit: user says *"algo para gestionar reservas"* and only a very specific unrelated vertical matches softly. Use a safer legacy base or blank. Don't inherit domain-specific schema they did not ask for.
+   - Legacy bases are fallback defaults when no Studio catalog template fits:
      - private/internal/admin/dashboard/backoffice/business management → \`private-admin\`
      - end-user signup/login/customer/member portal/marketplace/SaaS accounts → \`user-accounts\`
      - public landing/marketing site plus private admin → \`landing-admin\`
      - no clear access pattern or explicitly custom/from scratch → \`blank\`
-   - ❌ User is a dev with a concrete spec (*"crea un proyecto con estas 3 tablas y estos endpoints"*) → usually **blank**, unless they explicitly want one of the built-in bases.
-   - ❌ No marketplace or built-in base fits → **blank**.
-4. **Call it** → \`create_project(name: "<their name>", template_slug: "<matched_slug>" | "private-admin" | "user-accounts" | "landing-admin" | "blank")\`.
-   If you went with a template, acknowledge in ONE line what's included so the user can push back: *"Lo arranco con la plantilla X, que trae socios, clases y pagos. ¿Te vale o prefieres algo más simple?"*
+   - Concrete spec: user is a dev with a concrete spec (*"crea un proyecto con estas 3 tablas y estos endpoints"*). Usually use **blank**, unless a Studio template exactly matches the requested product.
+4. **Call it** → \`create_project(name: "<their name>", template_slug: "<slug from search_project_templates>")\`.
+   If you went with a catalog template, use its \`agent_brief\`: preserve \`already_included\`, follow \`adaptation_steps\`, and do not rebuild \`do_not_rebuild\`.
    If you went blank, just say: *"Arranco un proyecto en blanco y lo construimos a medida."*
 5. **After \`create_project\`** → ask for an absolute workspace path, then \`dypai_pull\` + \`manage_frontend(sync)\` (see next section).
 
@@ -556,7 +560,7 @@ target workspace package.json and install them locally (never globally or in
 the MCP server). Then wire the kit into the app, apply SQL if needed, validate
 endpoints, and verify the frontend.
 
-**The template system exists to save time when the fit is obvious, not to force-match every request.** When in doubt → blank is always correct. Iterating up from blank is cheaper than deleting 80% of a mismatched template.
+**The template system exists to save time when the fit is obvious, not to force-match every request.** When in doubt → use the safest legacy base or blank. Iterating up from a smaller base is cheaper than deleting 80% of a mismatched template.
 
 ## The one legit follow-up question
 
@@ -1121,7 +1125,7 @@ async function handleRequest(msg) {
     return makeResponse(id, {
       protocolVersion: "2024-11-05",
       capabilities: { tools: {} },
-      serverInfo: { name: "dypai", version: "1.5.13" },
+      serverInfo: { name: "dypai", version: "1.5.14" },
       instructions: SERVER_INSTRUCTIONS,
     })
   }

package/src/tools/capability-kits.js

@@ -1,9 +1,14 @@
+import crypto from "crypto"
 import { existsSync, mkdirSync, readFileSync, readdirSync, writeFileSync, copyFileSync } from "fs"
+import { tmpdir } from "os"
 import { basename, delimiter, dirname, isAbsolute, join, relative, resolve, sep } from "path"
 import { fileURLToPath } from "url"
+import { proxyToolCall } from "./proxy.js"
 
 const __dirname = dirname(fileURLToPath(import.meta.url))
 const DEFAULT_LIMIT = 5
+const DEFAULT_R2_BUCKET = "organizations-storage"
+const DEFAULT_R2_PREFIX = "capability-kits"
 
 function readJson(path) {
   return JSON.parse(readFileSync(path, "utf8"))
@@ -46,10 +51,220 @@ function resolveKitsRoot(inputRoot) {
   if (fromThisFile) return join(fromThisFile, "dypai-capability-kits")
 
   throw new Error(
-    "Capability kit repo not found. Set DYPAI_CAPABILITY_KITS_ROOT to the local dypai-capability-kits directory.",
+    "Capability kit repo not found locally. Set DYPAI_CAPABILITY_KITS_ROOT for local authoring or configure R2 credentials for remote kit install.",
   )
 }
 
+function tryResolveKitsRoot(inputRoot) {
+  try {
+    return resolveKitsRoot(inputRoot)
+  } catch {
+    return null
+  }
+}
+
+function hasLocalKit(root, slug, version) {
+  return Boolean(root) && existsSync(join(root, "kits", slug, version, "kit.json"))
+}
+
+function sha256Buffer(buffer) {
+  return crypto.createHash("sha256").update(buffer).digest("hex")
+}
+
+function safeLogicalPath(path) {
+  if (typeof path !== "string" || !path.trim()) throw new Error("Remote kit file path is invalid")
+  const normalized = path.replace(/\\/g, "/").replace(/^\/+/, "")
+  if (!normalized || normalized.includes("..") || isAbsolute(normalized)) {
+    throw new Error(`Unsafe remote kit file path: ${path}`)
+  }
+  return normalized
+}
+
+function parseR2SourceUri(sourceUri, slug) {
+  if (typeof sourceUri !== "string" || !sourceUri.startsWith("r2://")) return null
+  const withoutScheme = sourceUri.slice("r2://".length)
+  const slash = withoutScheme.indexOf("/")
+  if (slash <= 0) throw new Error(`Invalid capability kit source_uri: ${sourceUri}`)
+  const bucket = withoutScheme.slice(0, slash)
+  const rootKey = withoutScheme.slice(slash + 1).replace(/^\/+|\/+$/g, "")
+  if (!rootKey || !rootKey.split("/").includes(slug)) {
+    throw new Error(`Capability kit source_uri does not look like a kit root for ${slug}: ${sourceUri}`)
+  }
+  return { bucket, rootKey }
+}
+
+function resolveRemoteKitLocation(slug, sourceUri) {
+  const parsed = parseR2SourceUri(sourceUri, slug)
+  if (parsed) return parsed
+  const bucket = process.env.CAPABILITY_KITS_R2_BUCKET
+    || process.env.DYPAI_CAPABILITY_KITS_R2_BUCKET
+    || process.env.CLOUDFLARE_R2_CAPABILITY_KITS_BUCKET
+    || DEFAULT_R2_BUCKET
+  const prefix = (process.env.CAPABILITY_KITS_R2_PREFIX || DEFAULT_R2_PREFIX).replace(/^\/+|\/+$/g, "")
+  return {
+    bucket,
+    rootKey: `${prefix}/${slug}`.replace(/^\/+|\/+$/g, "").replace(/\/+/g, "/"),
+  }
+}
+
+function resolveR2Config(slug, sourceUri) {
+  const endpoint = (process.env.CLOUDFLARE_R2_ENDPOINT_URL || "").replace(/\/$/, "")
+  const accessKeyId = process.env.CLOUDFLARE_R2_ACCESS_KEY_ID || ""
+  const secretAccessKey = process.env.CLOUDFLARE_R2_SECRET_ACCESS_KEY || ""
+  if (!endpoint || !accessKeyId || !secretAccessKey) {
+    throw new Error("Capability kit R2 storage is not configured. Set CLOUDFLARE_R2_ENDPOINT_URL, CLOUDFLARE_R2_ACCESS_KEY_ID, and CLOUDFLARE_R2_SECRET_ACCESS_KEY.")
+  }
+  return { endpoint, accessKeyId, secretAccessKey, ...resolveRemoteKitLocation(slug, sourceUri) }
+}
+
+function hmac(key, value, encoding) {
+  return crypto.createHmac("sha256", key).update(value).digest(encoding)
+}
+
+function sha256Hex(value) {
+  return crypto.createHash("sha256").update(value).digest("hex")
+}
+
+function encodeRfc3986(value) {
+  return encodeURIComponent(value).replace(/[!'()*]/g, (char) => `%${char.charCodeAt(0).toString(16).toUpperCase()}`)
+}
+
+function r2Url(config, key) {
+  const encodedKey = key.split("/").map(encodeRfc3986).join("/")
+  return new URL(`${config.endpoint}/${encodeRfc3986(config.bucket)}/${encodedKey}`)
+}
+
+function signingKey(secretAccessKey, dateStamp) {
+  const dateKey = hmac(`AWS4${secretAccessKey}`, dateStamp)
+  const dateRegionKey = hmac(dateKey, "auto")
+  const dateRegionServiceKey = hmac(dateRegionKey, "s3")
+  return hmac(dateRegionServiceKey, "aws4_request")
+}
+
+function signedR2Headers(config, method, url, payloadHash) {
+  const now = new Date()
+  const amzDate = now.toISOString().replace(/[:-]|\.\d{3}/g, "")
+  const dateStamp = amzDate.slice(0, 8)
+  const canonicalHeaders = [
+    `host:${url.host}`,
+    `x-amz-content-sha256:${payloadHash}`,
+    `x-amz-date:${amzDate}`,
+    "",
+  ].join("\n")
+  const signedHeaders = "host;x-amz-content-sha256;x-amz-date"
+  const canonicalRequest = [
+    method,
+    url.pathname,
+    url.searchParams.toString(),
+    canonicalHeaders,
+    signedHeaders,
+    payloadHash,
+  ].join("\n")
+  const credentialScope = `${dateStamp}/auto/s3/aws4_request`
+  const stringToSign = [
+    "AWS4-HMAC-SHA256",
+    amzDate,
+    credentialScope,
+    sha256Hex(canonicalRequest),
+  ].join("\n")
+  const signature = hmac(signingKey(config.secretAccessKey, dateStamp), stringToSign, "hex")
+
+  return {
+    Authorization: `AWS4-HMAC-SHA256 Credential=${config.accessKeyId}/${credentialScope}, SignedHeaders=${signedHeaders}, Signature=${signature}`,
+    "x-amz-content-sha256": payloadHash,
+    "x-amz-date": amzDate,
+  }
+}
+
+async function r2Get(config, key) {
+  const url = r2Url(config, key)
+  const response = await fetch(url, {
+    method: "GET",
+    headers: signedR2Headers(config, "GET", url, sha256Hex(Buffer.alloc(0))),
+  })
+  if (!response.ok) {
+    throw new Error(`R2 GET failed for ${key}: ${response.status} ${await response.text()}`)
+  }
+  return Buffer.from(await response.arrayBuffer())
+}
+
+function parseRemoteFilesManifest(value, slug, requestedVersion) {
+  const parsed = JSON.parse(value)
+  if (!isObject(parsed)) throw new Error("Remote kit manifest must be a JSON object")
+  if (parsed.slug && parsed.slug !== slug) throw new Error(`Remote kit manifest slug mismatch: expected ${slug}, got ${parsed.slug}`)
+  if (parsed.version && parsed.version !== requestedVersion) {
+    throw new Error(`Remote kit manifest version mismatch: expected ${requestedVersion}, got ${parsed.version}`)
+  }
+  if (!Array.isArray(parsed.files) || !parsed.files.length) {
+    throw new Error(`Remote kit manifest for ${slug} has no files`)
+  }
+  return parsed
+}
+
+function cachedRemoteKitComplete(kitDirPath, manifest) {
+  return (manifest.files || []).every((file) => {
+    try {
+      const rel = safeLogicalPath(file.path)
+      const path = join(kitDirPath, rel)
+      if (!existsSync(path)) return false
+      return file.sha256 ? sha256Buffer(readFileSync(path)) === file.sha256 : true
+    } catch {
+      return false
+    }
+  })
+}
+
+function remoteKitKey(config, logicalPath) {
+  return `${config.rootKey}/${logicalPath}`.replace(/\/+/g, "/").replace(/^\/+/, "")
+}
+
+async function downloadRemoteCapabilityKit(slug, version, sourceUri) {
+  const config = resolveR2Config(slug, sourceUri)
+  const manifestKey = remoteKitKey(config, "manifest.files.json")
+  const manifestText = (await r2Get(config, manifestKey)).toString("utf8")
+  const manifest = parseRemoteFilesManifest(manifestText, slug, version)
+  const contentHash = typeof manifest.contentHash === "string" && manifest.contentHash.trim()
+    ? manifest.contentHash.trim()
+    : sha256Buffer(Buffer.from(manifestText))
+  const cacheRoot = join(tmpdir(), "dypai-capability-kits", slug, contentHash)
+  const kitDirPath = join(cacheRoot, "kits", slug, version)
+  const localManifestPath = join(kitDirPath, "manifest.files.json")
+
+  if (existsSync(localManifestPath) && cachedRemoteKitComplete(kitDirPath, manifest)) {
+    return cacheRoot
+  }
+
+  mkdirSync(kitDirPath, { recursive: true })
+  for (const file of manifest.files || []) {
+    const rel = safeLogicalPath(file.path)
+    const buffer = await r2Get(config, remoteKitKey(config, rel))
+    if (file.sha256 && sha256Buffer(buffer) !== file.sha256) {
+      throw new Error(`Capability kit file hash mismatch for ${slug}/${rel}`)
+    }
+    const target = join(kitDirPath, rel)
+    mkdirSync(dirname(target), { recursive: true })
+    writeFileSync(target, buffer)
+  }
+  writeFileSync(localManifestPath, manifestText)
+  return cacheRoot
+}
+
+async function resolveKitsRootForKit({ kits_root, slug, version, source_uri }) {
+  const sourceMode = (process.env.DYPAI_CAPABILITY_KITS_SOURCE || "").toLowerCase()
+  const localRoot = sourceMode === "remote" ? null : tryResolveKitsRoot(kits_root)
+  if (hasLocalKit(localRoot, slug, version)) return { root: localRoot, source: "local_repo" }
+  const remoteRoot = await downloadRemoteCapabilityKit(slug, version, source_uri)
+  return { root: remoteRoot, source: "r2" }
+}
+
+function shouldSearchRemote(kitsRoot) {
+  const source = (process.env.DYPAI_CAPABILITY_KITS_SOURCE || "").toLowerCase()
+  if (source === "local") return false
+  if (source === "remote") return true
+  if (kitsRoot || process.env.DYPAI_CAPABILITY_KITS_ROOT) return false
+  return Boolean(process.env.DYPAI_TOKEN)
+}
+
 function resolveWorkspaceRoot(inputRoot) {
   if (inputRoot) {
     const root = resolve(inputRoot)
@@ -306,7 +521,7 @@ function writeTemplateFile({ sourceAbs, targetRel, workspaceRoot, manifest, nami
     if (overwrite === "fail") throw new Error(`Target already exists: ${targetRel}`)
     if (overwrite !== "replace" || !ownedTargets(record, manifest.slug, manifest.version).has(targetRel)) {
       skipped.push(targetRel)
-      return
+      return false
     }
   }
 
@@ -319,6 +534,7 @@ function writeTemplateFile({ sourceAbs, targetRel, workspaceRoot, manifest, nami
     copyFileSync(sourceAbs, targetAbs)
   }
   copied.push(targetRel)
+  return true
 }
 
 export const searchCapabilityKitsTool = {
@@ -330,11 +546,24 @@ export const searchCapabilityKitsTool = {
       query: { type: "string", description: "Feature need and app domain, e.g. booking calendar for hotel reservations." },
       limit: { type: "integer", default: DEFAULT_LIMIT, minimum: 1, maximum: 10 },
       filters: { type: "object", description: "Optional filters: category, maturity, app_type, screen_type, feature_tag, requires." },
-      kits_root: { type: "string", description: "Optional local path to dypai-capability-kits. Defaults to DYPAI_CAPABILITY_KITS_ROOT or sibling repo." },
+      kits_root: { type: "string", description: "Optional local path to dypai-capability-kits. When omitted, the tool may use the remote MCP registry so local behavior matches production." },
     },
     required: ["query"],
   },
   async execute({ query, limit = DEFAULT_LIMIT, filters = {}, kits_root }) {
+    if (shouldSearchRemote(kits_root)) {
+      try {
+        const remote = await proxyToolCall("search_capability_kits", { query, limit, filters })
+        if (isObject(remote)) {
+          return { ...remote, source: remote.source || "mcp_cloud" }
+        }
+        return remote
+      } catch (error) {
+        if (!tryResolveKitsRoot(kits_root)) throw error
+        process.stderr.write(`Capability kit remote search failed, falling back to local repo: ${error.message}\n`)
+      }
+    }
+
     const root = resolveKitsRoot(kits_root)
     const kits = listKits(root)
       .filter(({ manifest }) => matchesFilter(manifest, filters))
@@ -368,13 +597,13 @@ export const searchCapabilityKitsTool = {
   },
 }
 
-function inspectCapabilityKit({ slug, version = "1.0.0", kits_root }) {
-  const root = resolveKitsRoot(kits_root)
+async function inspectCapabilityKit({ slug, version = "1.0.0", kits_root, source_uri }) {
+  const { root, source } = await resolveKitsRootForKit({ kits_root, slug, version, source_uri })
   const { dir, manifest } = loadKit(root, slug, version)
   return {
     ok: true,
     operation: "inspect",
-    source: "local_repo",
+    source,
     kitsRoot: root,
     kit: manifest,
     assets: assetIndex(dir),
@@ -395,13 +624,20 @@ async function applyCapabilityKit({
   overwrite = "skip",
   workspace_root,
   kits_root,
+  source_uri,
 }) {
-  const root = resolveKitsRoot(kits_root)
+  const { root, source } = await resolveKitsRootForKit({ kits_root, slug, version, source_uri })
   const workspaceRoot = resolveWorkspaceRoot(workspace_root)
   const { dir, manifest } = loadKit(root, slug, version)
   const record = readInstallRecord(workspaceRoot)
   const previousEntries = (record.kits || []).filter((item) => item.slug === manifest.slug && item.version === manifest.version)
   const copied = []
+  const copiedByKind = {
+    frontend: [],
+    backend: [],
+    database: [],
+  }
+  const databaseTargetsBySource = new Map()
   const skipped = []
 
   const installFrontend = install.frontend !== false
@@ -416,7 +652,9 @@ async function applyCapabilityKit({
       if (target.frontendDir) {
         targetRel = join(target.frontendDir, stripFrontendPrefix(asset.source)).split(sep).join("/")
       }
-      writeTemplateFile({ sourceAbs, targetRel, workspaceRoot, manifest, naming, kind: "frontend", overwrite, record, copied, skipped })
+      if (writeTemplateFile({ sourceAbs, targetRel, workspaceRoot, manifest, naming, kind: "frontend", overwrite, record, copied, skipped })) {
+        copiedByKind.frontend.push(targetRel)
+      }
     }
   }
 
@@ -429,7 +667,9 @@ async function applyCapabilityKit({
       if (target.endpointDir) {
         targetRel = join(target.endpointDir, adaptTarget(asset.source.split("/").pop(), manifest, naming)).split(sep).join("/")
       }
-      writeTemplateFile({ sourceAbs, targetRel, workspaceRoot, manifest, naming, kind: "backend", overwrite, record, copied, skipped })
+      if (writeTemplateFile({ sourceAbs, targetRel, workspaceRoot, manifest, naming, kind: "backend", overwrite, record, copied, skipped })) {
+        copiedByKind.backend.push(targetRel)
+      }
     }
   }
 
@@ -443,7 +683,10 @@ async function applyCapabilityKit({
       if (target.databaseDir) {
         targetRel = join(target.databaseDir, source.split("/").pop()).split(sep).join("/")
       }
-      writeTemplateFile({ sourceAbs, targetRel, workspaceRoot, manifest, naming, kind: "database", overwrite, record, copied, skipped })
+      if (writeTemplateFile({ sourceAbs, targetRel, workspaceRoot, manifest, naming, kind: "database", overwrite, record, copied, skipped })) {
+        copiedByKind.database.push(targetRel)
+        databaseTargetsBySource.set(source, targetRel)
+      }
     }
   }
 
@@ -460,6 +703,14 @@ async function applyCapabilityKit({
   const databaseTables = normalizeList(manifest.databaseManifest?.tables).map((table) =>
     adaptTarget(table, manifest, naming),
   )
+  const schemaSource = installDatabase && isObject(manifest.databaseManifest) && typeof manifest.databaseManifest.schema === "string"
+    ? manifest.databaseManifest.schema
+    : ""
+  const seedSource = installDatabase && isObject(manifest.databaseManifest) && typeof manifest.databaseManifest.seed === "string"
+    ? manifest.databaseManifest.seed
+    : ""
+  const schemaFile = schemaSource ? databaseTargetsBySource.get(schemaSource) : undefined
+  const seedFile = seedSource ? databaseTargetsBySource.get(seedSource) : undefined
 
   const previousFiles = previousEntries.flatMap((item) => Array.isArray(item.files) ? item.files : [])
   const fileMap = new Map()
@@ -488,11 +739,15 @@ async function applyCapabilityKit({
   return {
     ok: true,
     operation: "apply",
+    source,
     slug: manifest.slug,
     version: manifest.version,
     workspaceRoot,
     installed: {
       files: copied,
+      frontendFiles: copiedByKind.frontend,
+      backendFiles: copiedByKind.backend,
+      databaseFiles: copiedByKind.database,
       skipped,
       recordFile: ".dypai/kits/installed.json",
     },
@@ -503,7 +758,12 @@ async function applyCapabilityKit({
     },
     database: {
       tables: databaseTables,
+      sqlFiles: copiedByKind.database,
+      schemaFile,
+      seedFile,
       requiresExecuteSql: Boolean(manifest.install?.requiresExecuteSql || databaseTables.length),
+      applyWith: "execute_sql",
+      schemaRefresh: "automatic_after_successful_ddl",
     },
     dependencies,
     nextSteps: [
@@ -511,7 +771,9 @@ async function applyCapabilityKit({
         ? [`Add any missing package dependencies to the target workspace package.json, then install them locally before building: ${dependencies.join(", ")}.`]
         : []),
       "Wire installed frontend components into the selected app page or route.",
-      ...(databaseTables.length ? ["Apply the installed schema SQL with execute_sql if the tables do not already exist."] : []),
+      ...(databaseTables.length ? [
+        `Before backend tests, ensure tables exist (${databaseTables.join(", ")}): read ${schemaFile || "the installed schema SQL"} and execute its safe CREATE/ALTER statements with execute_sql. Do not edit dypai/schema.sql; it refreshes automatically.`,
+      ] : []),
       ...(backendEndpoints.length ? ["Run backend validation and endpoint tests for installed/renamed endpoints."] : []),
       "Run frontend verification after wiring imports and data callbacks.",
     ],
@@ -527,6 +789,7 @@ export const manageCapabilityKitTool = {
       operation: { type: "string", enum: ["inspect", "apply"], description: "inspect returns manifest/assets. apply copies kit files into the workspace." },
       slug: { type: "string" },
       version: { type: "string", default: "1.0.0" },
+      source_uri: { type: "string", description: "Optional r2://... kit root from search results. Used when the kit is not available locally." },
       targetFeature: { type: "string", description: "Domain/feature being built, e.g. hotel reservations." },
       install: {
         type: "object",
@@ -555,7 +818,7 @@ export const manageCapabilityKitTool = {
       },
       overwrite: { type: "string", enum: ["skip", "fail", "replace"], default: "skip" },
       workspace_root: { type: "string", description: "Optional absolute path to the target app workspace." },
-      kits_root: { type: "string", description: "Optional local path to dypai-capability-kits." },
+      kits_root: { type: "string", description: "Optional local path to dypai-capability-kits. Pass this to force local authoring source; omit it to allow R2 fallback." },
     },
     required: ["operation", "slug"],
   },

package/src/tools/scaffold.js

@@ -19,9 +19,9 @@ Scaffolds a project directory with:
 - MCP config for your IDE
 - .env with engine URL
 
-Use search_project_templates first to find available templates, then pass the template slug here.
-Use "private-admin" for private internal tools, "user-accounts" for apps with signup/login users,
-"landing-admin" for public landing plus admin, or "blank" only when no base fits.`,
+Use search_project_templates first, then pass the returned template slug here.
+Prefer Studio catalog template slugs when a strong brief fits. Legacy fallback
+bases ("private-admin", "user-accounts", "landing-admin", "blank") remain available when no catalog template fits.`,
 
   inputSchema: {
     type: "object",
@@ -36,7 +36,7 @@ Use "private-admin" for private internal tools, "user-accounts" for apps with si
       },
       template: {
         type: "string",
-        description: 'Template slug (e.g. "clinic", "gym", "private-admin", "user-accounts", "landing-admin", "blank"). Use search_project_templates to find available templates.',
+        description: 'Template slug returned by search_project_templates. Studio catalog slugs are preferred; legacy fallback bases remain supported.',
         default: "blank",
       },
     },
@@ -60,7 +60,7 @@ Use "private-admin" for private internal tools, "user-accounts" for apps with si
     // Try to download template from API
     let files = []
     try {
-      const res = await api.get(`/api/engine/${project_id}/frontend/template?slug=${template}`)
+      const res = await api.get(`/api/engine/${project_id}/frontend/template?template=${encodeURIComponent(template)}`)
       if (res.files) files = res.files
     } catch {}