@enfyra/mcp-server 0.0.98 → 0.0.100

package/README.md

@@ -189,7 +189,7 @@ The MCP server includes safety guards for LLM callers:
 - Relation tools reject physical FK/junction names.
 - Generated code should use relation property names such as `conversation`, `sender`, and `member` instead of physical FK fields such as `conversationId`, `senderId`, or `memberId`.
 - Custom route tools reject `mainTableId` unless the route is the canonical table route.
-- Platform operation tools such as `create_api_endpoint`, `set_route_public_methods`, `set_table_graphql`, `ensure_guard`, `ensure_field_permission`, `ensure_column_rule`, `ensure_websocket_event`, `ensure_flow_step`, and `ensure_menu_extension_page` resolve metadata ids and validate code before saving.
+- Platform operation tools such as `create_api_endpoint`, `publish_route_methods`, `add_route_methods`, `set_table_graphql`, `ensure_guard`, `ensure_field_permission`, `ensure_column_rule`, `ensure_websocket_event`, `ensure_script_flow_step`, `ensure_menu`, `ensure_page_extension`, `ensure_global_extension`, and `ensure_widget_extension` resolve metadata ids and validate code before saving.
 - Schema changes are serialized.
 - Destructive deletes return a preview before requiring `confirm=true`.
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@enfyra/mcp-server",
-  "version": "0.0.98",
+  "version": "0.0.100",
   "description": "MCP server for Enfyra - manage Enfyra instances from MCP-compatible coding tools",
   "type": "module",
   "license": "MIT",

package/src/lib/mcp-examples.js

@@ -996,13 +996,12 @@ ensure_route_access({
       },
       {
         name: 'Publish read-only route',
-        code: `set_route_public_methods({
+        code: `publish_route_methods({
   path: "/articles",
-  methods: ["GET"],
-  mode: "merge"
+  methods: ["GET"]
 })`,
         notes: [
-          'Use set_route_public_methods instead of raw enfyra_route updates; the tool resolves method ids and validates that GET is available.',
+          'Use publish_route_methods instead of raw enfyra_route updates; the tool resolves method ids and validates that GET is available.',
           'publicMethods controls anonymous route access. Route permissions are not for public access.',
           'Route permissions apply when the method is not public.',
         ],
@@ -1417,7 +1416,7 @@ update_method({
       },
       {
         name: 'Create menu then extension',
-        code: `create_menu({
+        code: `ensure_menu({
   label: "Reports",
   type: "Menu",
   path: "/reports",
@@ -1433,8 +1432,7 @@ update_method({
 })
 
 // Read the created menu id from the tool response, then:
-create_extension({
-  type: "page",
+ensure_page_extension({
   name: "ReportsPage",
   description: "Reports dashboard",
   menuId: "<created-menu-id>",
@@ -1445,7 +1443,7 @@ create_extension({
           'Menu provides navigation; extension provides content.',
           'Use enfyra_menu.label, not title.',
           'Sensitive admin menus should include a permission condition at creation time.',
-          'For page extensions, create the menu first and pass menuId to create_extension.',
+          'For page extensions, create the menu first with ensure_menu and pass its id to ensure_page_extension.',
           'Page extensions must register the app-shell PageHeader with usePageHeaderRegistry instead of rendering a custom top header.',
           'Use variant: "minimal" for operational pages unless a larger header is intentionally needed.',
           'Do not put ordinary KPI cards in PageHeader.stats; render metrics in the extension body.',
@@ -1488,8 +1486,7 @@ function openLatest() {
 </script>
 \`
 
-create_extension({
-  type: "widget",
+ensure_widget_extension({
   name: "ReportStatusWidget",
   description: "Report status summary cards",
   code: reportStatusWidgetCode,
@@ -1497,8 +1494,7 @@ create_extension({
 })
 
 // Read the created widget record id, then embed it from the page extension.
-create_extension({
-  type: "page",
+ensure_page_extension({
   name: "ReportsPage",
   menuId: "<reports-menu-id>",
   code: "<template><section class=\\"min-h-full w-full space-y-4\\"><Widget :id=\\"<report-status-widget-id>\\" :total=\\"totalReports\\" :rows=\\"reportRows\\" :open-details=\\"openReportDetails\\" @refresh=\\"refresh\\" /><Widget :id=\\"<report-table-widget-id>\\" :rows=\\"reportRows\\" @refresh=\\"refresh\\" /></section></template><script setup>const { registerPageHeader } = usePageHeaderRegistry(); registerPageHeader({ title: 'Reports', description: 'Operational report overview.', leadingIcon: 'lucide:bar-chart-3', gradient: 'cyan', variant: 'minimal' }); const totalReports = ref(0); const reportRows = ref([]); function refresh() {} function openReportDetails(row) { navigateTo('/data/report?filter=' + encodeURIComponent(JSON.stringify({ id: { _eq: row.id } }))) }</script>",
@@ -1574,8 +1570,7 @@ onUnmounted(() => {
 </script>
 \`
 
-create_extension({
-  type: "global",
+ensure_global_extension({
   name: "NotificationBellGlobal",
   description: "Registers the app-wide notification bell in the account panel",
   code: notificationBellCode,
@@ -1719,7 +1714,7 @@ registerHeaderActions([
       {
         name: 'Plan an admin dashboard as multiple pages',
         code: `// Recommended menu shape for an operations surface:
-create_menu({
+ensure_menu({
   type: "Dropdown Menu",
   label: "Operations",
   path: "/operations",

package/src/lib/mcp-instructions.js

@@ -29,7 +29,7 @@ export function buildMcpServerInstructions(apiBaseUrl) {
     '- Inspect narrowly. Use `inspect_table`, `inspect_route`, and `inspect_feature` for the table/route/feature being changed instead of loading broad metadata.',
     '- Load examples only when needed. Before generating schemas, app connection code, OAuth, Socket.IO, handlers/hooks, flows, files, guards, permissions, or extensions, call `get_enfyra_examples` with the matching category.',
     '- For server scripts, call `discover_script_contexts` before writing or reviewing handler/hook/flow/websocket/GraphQL logic.',
-    '- Prefer business operation tools over raw metadata CRUD for platform operations: `create_api_endpoint`, `ensure_route_methods`, `set_route_public_methods`, `set_table_graphql`, `ensure_guard`, `ensure_field_permission`, `ensure_column_rule`, `ensure_websocket_gateway`, `ensure_websocket_event`, `ensure_flow`, `ensure_flow_step`, and `ensure_menu_extension_page`.',
+    '- Prefer the most specific business operation tool over raw metadata CRUD: `create_api_endpoint`; route tools such as `add_route_methods`, `publish_route_methods`, and `unpublish_route_methods`; `set_table_graphql`; `ensure_guard`; permission/rule tools; websocket tools; flow tools such as `ensure_manual_flow`, `ensure_scheduled_flow`, and fixed-type flow step tools; and extension tools such as `ensure_menu`, `ensure_page_extension`, `ensure_global_extension`, and `ensure_widget_extension`.',
     '- Before saving standalone dynamic script or extension code, call `validate_dynamic_script` or `validate_extension_code` unless the chosen ensure/update tool already validates the code.',
     '- For existing script-backed records, use `trace_metadata_usage` then `get_script_source`; edit with `patch_script_source` or `update_script_source` so source is hash-checked and validated.',
     '- Validate behavior with `test_rest_endpoint`, `run_admin_test`, `test_flow_step`, or the route-specific tool before claiming a dynamic feature works.',

package/src/lib/platform-operation-tools.js

@@ -104,6 +104,66 @@ async function resolveRoute(apiUrl, { path, routeId }) {
   return { route, routes, path: route.path };
 }
 
+async function updateRouteMethods(apiUrl, { path, routeId, methods, mode, isEnabled }) {
+  const [{ route }, { methodMap, methodIdNameMap }] = await Promise.all([
+    resolveRoute(apiUrl, { path, routeId }),
+    getMethodContext(apiUrl),
+  ]);
+  const existingAvailable = methodNamesFromRecords(route.availableMethods, methodIdNameMap);
+  const existingPublic = methodNamesFromRecords(route.publicMethods, methodIdNameMap);
+  const finalAvailable = mergeMethods(existingAvailable, methods, mode);
+  const finalPublic = existingPublic.filter((method) => finalAvailable.includes(method));
+  const body = {
+    availableMethods: resolveMethodRefs(methodMap, finalAvailable),
+    publicMethods: resolveMethodRefs(methodMap, finalPublic),
+  };
+  if (isEnabled !== undefined) body.isEnabled = isEnabled;
+
+  const result = await fetchAPI(apiUrl, `/enfyra_route/${encodeURIComponent(String(getId(route)))}`, {
+    method: 'PATCH',
+    body: JSON.stringify(body),
+  });
+  const routeReload = await reloadRoutes(apiUrl);
+  return {
+    action: 'route_methods_updated',
+    route: { id: getId(route), path: route.path },
+    before: { availableMethods: existingAvailable, publicMethods: existingPublic },
+    after: { availableMethods: finalAvailable, publicMethods: finalPublic },
+    result,
+    routeReload,
+  };
+}
+
+async function updateRoutePublicMethods(apiUrl, { path, routeId, methods, mode }) {
+  const [{ route }, { methodMap, methodIdNameMap }] = await Promise.all([
+    resolveRoute(apiUrl, { path, routeId }),
+    getMethodContext(apiUrl),
+  ]);
+  const availableMethods = methodNamesFromRecords(route.availableMethods, methodIdNameMap);
+  const existingPublic = methodNamesFromRecords(route.publicMethods, methodIdNameMap);
+  const requestedMethods = uniqueMethodNames(methods);
+  const unavailable = requestedMethods.filter((method) => !availableMethods.includes(method));
+  if (unavailable.length > 0) {
+    throw new Error(`Cannot make unavailable route method(s) public: ${unavailable.join(', ')}. First call add_route_methods to add them to availableMethods.`);
+  }
+  const finalPublic = mergeMethods(existingPublic, requestedMethods, mode);
+  const result = await fetchAPI(apiUrl, `/enfyra_route/${encodeURIComponent(String(getId(route)))}`, {
+    method: 'PATCH',
+    body: JSON.stringify({ publicMethods: resolveMethodRefs(methodMap, finalPublic) }),
+  });
+  const routeReload = await reloadRoutes(apiUrl);
+  return {
+    action: 'route_public_methods_updated',
+    route: { id: getId(route), path: route.path },
+    availableMethods,
+    publicMethodsBefore: existingPublic,
+    publicMethodsAfter: finalPublic,
+    publicAccess: finalPublic.length > 0 ? 'Methods listed in publicMethods bypass auth/RoleGuard.' : 'No public methods remain on this route.',
+    result,
+    routeReload,
+  };
+}
+
 async function findHandler(apiUrl, routeId, methodId) {
   const filter = encodeURIComponent(JSON.stringify({
     route: { id: { _eq: routeId } },
@@ -148,6 +208,10 @@ async function reloadBestEffort(apiUrl, path) {
   }
 }
 
+function naturalPartialReload(reason) {
+  return { attempted: false, succeeded: true, reason };
+}
+
 async function validateDynamicScript(apiUrl, sourceCode, scriptLanguage = 'javascript') {
   const result = await fetchAPI(apiUrl, '/admin/script/validate', {
     method: 'POST',
@@ -249,11 +313,10 @@ function normalizeFlowStepBody(step, flowId) {
   const body = {
     key: step.key,
     type: step.type,
-    order: step.order ?? 0,
+    stepOrder: step.order ?? 0,
     config: step.config ?? {},
     timeout: step.timeout,
     isEnabled: step.isEnabled ?? true,
-    description: step.description,
     flow: { id: flowId },
   };
   if (step.sourceCode !== undefined) body.sourceCode = step.sourceCode;
@@ -261,6 +324,138 @@ function normalizeFlowStepBody(step, flowId) {
   return Object.fromEntries(Object.entries(body).filter(([, value]) => value !== undefined));
 }
 
+async function ensureMenu(apiUrl, {
+  label,
+  path,
+  icon,
+  type = 'Menu',
+  order = 0,
+  permission,
+  description,
+  isEnabled = true,
+}) {
+  const normalizedPath = path ? normalizeRestPath(path) : undefined;
+  const existing = normalizedPath
+    ? await findRecord(apiUrl, 'enfyra_menu', { path: { _eq: normalizedPath } }, 'id,_id,path,label')
+    : await findRecord(apiUrl, 'enfyra_menu', { label: { _eq: label } }, 'id,_id,path,label');
+  const operation = await createOrPatch(apiUrl, 'enfyra_menu', existing, {
+    label,
+    ...(normalizedPath ? { path: normalizedPath } : {}),
+    icon,
+    type,
+    order,
+    permission: parseJsonObjectArg('permission', permission, undefined),
+    description,
+    isEnabled,
+  });
+  return {
+    id: operation.id || getId(existing),
+    path: normalizedPath || existing?.path || null,
+    label,
+    action: operation.action,
+    operation,
+  };
+}
+
+async function ensureExtension(apiUrl, {
+  name,
+  type,
+  code,
+  menuId,
+  description,
+  isEnabled = true,
+  version = '1.0.0',
+}) {
+  if (type === 'page' && !menuId) {
+    throw new Error('menuId is required for page extensions. Use ensure_menu first, then ensure_page_extension.');
+  }
+  if (type !== 'page' && menuId) {
+    throw new Error('menuId is only valid for page extensions.');
+  }
+  const validation = await validateExtensionCode(apiUrl, code, name);
+  const existing = await findRecord(apiUrl, 'enfyra_extension', { name: { _eq: name } }, 'id,_id,name,menu.id,type');
+  const operation = await createOrPatch(apiUrl, 'enfyra_extension', existing, {
+    name,
+    type,
+    code,
+    ...(menuId ? { menu: { id: menuId } } : {}),
+    description,
+    isEnabled,
+    version,
+  });
+  return {
+    id: operation.id || getId(existing),
+    name,
+    type,
+    action: operation.action,
+    operation,
+    validation,
+  };
+}
+
+async function ensureFlow(apiUrl, {
+  name,
+  triggerType = 'manual',
+  triggerConfig,
+  timeout,
+  maxExecutions = 100,
+  isEnabled = true,
+  description,
+}) {
+  const existing = await findRecord(apiUrl, 'enfyra_flow', { name: { _eq: name } }, 'id,_id,name');
+  const operation = await createOrPatch(apiUrl, 'enfyra_flow', existing, {
+    name,
+    triggerType,
+    triggerConfig: parseJsonObjectArg('triggerConfig', triggerConfig, {}),
+    timeout,
+    maxExecutions,
+    isEnabled,
+    description,
+  });
+  const reload = naturalPartialReload('Flow metadata writes trigger the server partial reload contract; there is no dedicated flow reload endpoint.');
+  return { action: 'flow_ensured', flow: { id: operation.id, name }, operation, reload };
+}
+
+async function ensureFlowStep(apiUrl, {
+  flowName,
+  flowId,
+  key,
+  type,
+  order,
+  config,
+  sourceCode,
+  scriptLanguage,
+  timeout,
+  isEnabled,
+}) {
+  if (!flowName && !flowId) throw new Error('Provide flowName or flowId.');
+  if (flowName && flowId) throw new Error('Provide flowName or flowId, not both.');
+  const flow = flowId
+    ? await findRecord(apiUrl, 'enfyra_flow', { id: { _eq: flowId } }, 'id,_id,name')
+    : await findRecord(apiUrl, 'enfyra_flow', { name: { _eq: flowName } }, 'id,_id,name');
+  if (!flow) throw new Error(`Flow not found: ${flowId || flowName}`);
+  const parsedConfig = parseJsonObjectArg('config', config, {});
+  const validation = sourceCode && ['script', 'condition'].includes(type)
+    ? await validateDynamicScript(apiUrl, sourceCode, scriptLanguage)
+    : { validated: false, reason: 'no script validation required' };
+  const existing = await findRecord(apiUrl, 'enfyra_flow_step', {
+    flow: { id: { _eq: getId(flow) } },
+    key: { _eq: key },
+  }, 'id,_id,key,flow.id');
+  const operation = await createOrPatch(apiUrl, 'enfyra_flow_step', existing, normalizeFlowStepBody({
+    key,
+    type,
+    order,
+    config: parsedConfig,
+    sourceCode,
+    scriptLanguage,
+    timeout,
+    isEnabled,
+  }, getId(flow)));
+  const reload = naturalPartialReload('Flow step writes trigger the server partial reload contract; there is no dedicated flow reload endpoint.');
+  return { action: 'flow_step_ensured', flow: { id: getId(flow), name: flow.name }, step: { id: operation.id, key, type }, validation, operation, reload };
+}
+
 export function registerPlatformOperationTools(server, ENFYRA_API_URL) {
   server.tool(
     'validate_dynamic_script',
@@ -321,102 +516,105 @@ export function registerPlatformOperationTools(server, ENFYRA_API_URL) {
   );
 
   server.tool(
-    'ensure_route_methods',
-    [
-      'Business operation: set which HTTP methods a route supports.',
-      'Use this instead of raw enfyra_route CRUD when adding/removing availableMethods on an existing route.',
-      'It resolves method ids, preserves route metadata, patches availableMethods, and reloads routes.',
-    ].join(' '),
+    'add_route_methods',
+    'Business operation: add HTTP methods to an existing route.',
     {
       path: z.string().optional().describe('Route path, e.g. /sum. Use either path or routeId.'),
       routeId: z.union([z.string(), z.number()]).optional().describe('Route id. Use either path or routeId.'),
-      methods: z.array(z.string()).min(1).describe('HTTP method names to merge, replace, or remove.'),
-      mode: z.enum(['merge', 'replace', 'remove']).optional().default('merge').describe('merge adds methods; replace sets exactly these methods; remove deletes these methods.'),
+      methods: z.array(z.string()).min(1).describe('HTTP method names to add.'),
       isEnabled: z.boolean().optional().describe('Optionally enable/disable the route in the same safe patch.'),
     },
-    async ({ path, routeId, methods, mode, isEnabled }) => {
-      const [{ route }, { methodMap, methodIdNameMap }] = await Promise.all([
-        resolveRoute(ENFYRA_API_URL, { path, routeId }),
-        getMethodContext(ENFYRA_API_URL),
-      ]);
-      const existingAvailable = methodNamesFromRecords(route.availableMethods, methodIdNameMap);
-      const existingPublic = methodNamesFromRecords(route.publicMethods, methodIdNameMap);
-      const finalAvailable = mergeMethods(existingAvailable, methods, mode);
-      const finalPublic = existingPublic.filter((method) => finalAvailable.includes(method));
-      const body = {
-        availableMethods: resolveMethodRefs(methodMap, finalAvailable),
-        publicMethods: resolveMethodRefs(methodMap, finalPublic),
-      };
-      if (isEnabled !== undefined) body.isEnabled = isEnabled;
+    async ({ path, routeId, methods, isEnabled }) => jsonText(await updateRouteMethods(ENFYRA_API_URL, {
+      path,
+      routeId,
+      methods,
+      mode: 'merge',
+      isEnabled,
+    })),
+  );
 
-      const result = await fetchAPI(ENFYRA_API_URL, `/enfyra_route/${encodeURIComponent(String(getId(route)))}`, {
-        method: 'PATCH',
-        body: JSON.stringify(body),
-      });
-      const routeReload = await reloadRoutes(ENFYRA_API_URL);
-      return {
-        content: [{
-          type: 'text',
-          text: JSON.stringify({
-            action: 'route_methods_updated',
-            route: { id: getId(route), path: route.path },
-            before: { availableMethods: existingAvailable, publicMethods: existingPublic },
-            after: { availableMethods: finalAvailable, publicMethods: finalPublic },
-            result,
-            routeReload,
-          }, null, 2),
-        }],
-      };
+  server.tool(
+    'replace_route_methods',
+    'Business operation: replace an existing route availableMethods list exactly.',
+    {
+      path: z.string().optional().describe('Route path, e.g. /sum. Use either path or routeId.'),
+      routeId: z.union([z.string(), z.number()]).optional().describe('Route id. Use either path or routeId.'),
+      methods: z.array(z.string()).min(1).describe('Exact HTTP method names for availableMethods.'),
+      isEnabled: z.boolean().optional().describe('Optionally enable/disable the route in the same safe patch.'),
     },
+    async ({ path, routeId, methods, isEnabled }) => jsonText(await updateRouteMethods(ENFYRA_API_URL, {
+      path,
+      routeId,
+      methods,
+      mode: 'replace',
+      isEnabled,
+    })),
   );
 
   server.tool(
-    'set_route_public_methods',
-    [
-      'Business operation: publish or unpublish REST methods on a route.',
-      'Use this instead of raw enfyra_route CRUD when the user says a route/method should be public, anonymous, private, or not require login.',
-      'The tool only touches publicMethods, validates that requested methods are already available on the route, and reloads routes.',
-    ].join(' '),
+    'remove_route_methods',
+    'Business operation: remove HTTP methods from an existing route.',
     {
       path: z.string().optional().describe('Route path, e.g. /sum. Use either path or routeId.'),
       routeId: z.union([z.string(), z.number()]).optional().describe('Route id. Use either path or routeId.'),
-      methods: z.array(z.string()).min(1).describe('HTTP method names to publish, replace, or remove from publicMethods.'),
-      mode: z.enum(['merge', 'replace', 'remove']).optional().default('merge').describe('merge publishes methods; replace sets publicMethods exactly; remove makes these methods non-public.'),
+      methods: z.array(z.string()).min(1).describe('HTTP method names to remove.'),
+      isEnabled: z.boolean().optional().describe('Optionally enable/disable the route in the same safe patch.'),
     },
-    async ({ path, routeId, methods, mode }) => {
-      const [{ route }, { methodMap, methodIdNameMap }] = await Promise.all([
-        resolveRoute(ENFYRA_API_URL, { path, routeId }),
-        getMethodContext(ENFYRA_API_URL),
-      ]);
-      const availableMethods = methodNamesFromRecords(route.availableMethods, methodIdNameMap);
-      const existingPublic = methodNamesFromRecords(route.publicMethods, methodIdNameMap);
-      const requestedMethods = uniqueMethodNames(methods);
-      const unavailable = requestedMethods.filter((method) => !availableMethods.includes(method));
-      if (unavailable.length > 0) {
-        throw new Error(`Cannot make unavailable route method(s) public: ${unavailable.join(', ')}. First call ensure_route_methods to add them to availableMethods.`);
-      }
-      const finalPublic = mergeMethods(existingPublic, requestedMethods, mode);
-      const result = await fetchAPI(ENFYRA_API_URL, `/enfyra_route/${encodeURIComponent(String(getId(route)))}`, {
-        method: 'PATCH',
-        body: JSON.stringify({ publicMethods: resolveMethodRefs(methodMap, finalPublic) }),
-      });
-      const routeReload = await reloadRoutes(ENFYRA_API_URL);
-      return {
-        content: [{
-          type: 'text',
-          text: JSON.stringify({
-            action: 'route_public_methods_updated',
-            route: { id: getId(route), path: route.path },
-            availableMethods,
-            publicMethodsBefore: existingPublic,
-            publicMethodsAfter: finalPublic,
-            publicAccess: finalPublic.length > 0 ? 'Methods listed in publicMethods bypass auth/RoleGuard.' : 'No public methods remain on this route.',
-            result,
-            routeReload,
-          }, null, 2),
-        }],
-      };
+    async ({ path, routeId, methods, isEnabled }) => jsonText(await updateRouteMethods(ENFYRA_API_URL, {
+      path,
+      routeId,
+      methods,
+      mode: 'remove',
+      isEnabled,
+    })),
+  );
+
+  server.tool(
+    'publish_route_methods',
+    'Business operation: make existing route methods public/anonymous.',
+    {
+      path: z.string().optional().describe('Route path, e.g. /sum. Use either path or routeId.'),
+      routeId: z.union([z.string(), z.number()]).optional().describe('Route id. Use either path or routeId.'),
+      methods: z.array(z.string()).min(1).describe('HTTP method names to publish. They must already be available on the route.'),
     },
+    async ({ path, routeId, methods }) => jsonText(await updateRoutePublicMethods(ENFYRA_API_URL, {
+      path,
+      routeId,
+      methods,
+      mode: 'merge',
+    })),
+  );
+
+  server.tool(
+    'replace_public_route_methods',
+    'Business operation: replace a route publicMethods list exactly.',
+    {
+      path: z.string().optional().describe('Route path, e.g. /sum. Use either path or routeId.'),
+      routeId: z.union([z.string(), z.number()]).optional().describe('Route id. Use either path or routeId.'),
+      methods: z.array(z.string()).describe('Exact HTTP method names that should be public. Use an empty array to make all methods private.'),
+    },
+    async ({ path, routeId, methods }) => jsonText(await updateRoutePublicMethods(ENFYRA_API_URL, {
+      path,
+      routeId,
+      methods,
+      mode: 'replace',
+    })),
+  );
+
+  server.tool(
+    'unpublish_route_methods',
+    'Business operation: make specific public route methods private again.',
+    {
+      path: z.string().optional().describe('Route path, e.g. /sum. Use either path or routeId.'),
+      routeId: z.union([z.string(), z.number()]).optional().describe('Route id. Use either path or routeId.'),
+      methods: z.array(z.string()).min(1).describe('HTTP method names to remove from publicMethods.'),
+    },
+    async ({ path, routeId, methods }) => jsonText(await updateRoutePublicMethods(ENFYRA_API_URL, {
+      path,
+      routeId,
+      methods,
+      mode: 'remove',
+    })),
   );
 
   server.tool(
@@ -739,52 +937,52 @@ export function registerPlatformOperationTools(server, ENFYRA_API_URL) {
 
   server.tool(
     'ensure_websocket_gateway',
-    'Business operation: create or update an Enfyra Socket.IO gateway. Connection handler code is validated before save.',
+    'Business operation: create or update an Enfyra Socket.IO gateway. Connection handler sourceCode is validated before save.',
     {
       path: z.string().describe('Gateway namespace/path, e.g. /chat.'),
-      connectionHandlerScript: z.string().optional().describe('Optional connection handler dynamic script.'),
+      sourceCode: z.string().optional().describe('Optional connection handler dynamic script sourceCode.'),
       scriptLanguage: z.enum(['javascript', 'typescript']).optional().default('javascript').describe('Script language for connection handler.'),
       isEnabled: z.boolean().optional().default(true).describe('Enable gateway.'),
       description: z.string().optional().describe('Admin note.'),
     },
-    async ({ path, connectionHandlerScript, scriptLanguage, isEnabled, description }) => {
+    async ({ path, sourceCode, scriptLanguage, isEnabled, description }) => {
       const normalizedPath = normalizeRestPath(path);
-      const validation = connectionHandlerScript === undefined
-        ? { validated: false, reason: 'no connectionHandlerScript' }
-        : await validateDynamicScript(ENFYRA_API_URL, connectionHandlerScript, scriptLanguage);
+      const validation = sourceCode === undefined
+        ? { validated: false, reason: 'no sourceCode' }
+        : await validateDynamicScript(ENFYRA_API_URL, sourceCode, scriptLanguage);
       const existing = await findRecord(ENFYRA_API_URL, 'enfyra_websocket', { path: { _eq: normalizedPath } }, 'id,_id,path');
       const body = {
         path: normalizedPath,
         isEnabled,
         description,
-        ...(connectionHandlerScript !== undefined ? { connectionHandlerScript, scriptLanguage } : {}),
+        ...(sourceCode !== undefined ? { sourceCode, scriptLanguage } : {}),
       };
       const operation = await createOrPatch(ENFYRA_API_URL, 'enfyra_websocket', existing, body);
-      const reload = await reloadBestEffort(ENFYRA_API_URL, '/admin/reload/websockets');
+      const reload = naturalPartialReload('Websocket metadata writes trigger the server partial reload contract; there is no dedicated websocket reload endpoint.');
       return jsonText({ action: 'websocket_gateway_ensured', gateway: { id: operation.id, path: normalizedPath }, validation, operation, reload });
     },
   );
 
   server.tool(
     'ensure_websocket_event',
-    'Business operation: create or update one websocket event handler. It resolves gateway path/id and validates handlerScript before save.',
+    'Business operation: create or update one websocket event handler. It resolves gateway path/id and validates sourceCode before save.',
     {
       gatewayPath: z.string().optional().describe('Gateway path, e.g. /chat. Use gatewayPath or gatewayId.'),
       gatewayId: z.union([z.string(), z.number()]).optional().describe('Gateway id. Use gatewayPath or gatewayId.'),
       eventName: z.string().describe('Socket event name.'),
-      handlerScript: z.string().describe('Event handler dynamic script.'),
+      sourceCode: z.string().describe('Event handler dynamic script sourceCode.'),
       scriptLanguage: z.enum(['javascript', 'typescript']).optional().default('javascript').describe('Script language.'),
       isEnabled: z.boolean().optional().default(true).describe('Enable event.'),
       description: z.string().optional().describe('Admin note.'),
     },
-    async ({ gatewayPath, gatewayId, eventName, handlerScript, scriptLanguage, isEnabled, description }) => {
+    async ({ gatewayPath, gatewayId, eventName, sourceCode, scriptLanguage, isEnabled, description }) => {
       if (!gatewayPath && !gatewayId) throw new Error('Provide gatewayPath or gatewayId.');
       if (gatewayPath && gatewayId) throw new Error('Provide gatewayPath or gatewayId, not both.');
       const gateway = gatewayId
         ? await findRecord(ENFYRA_API_URL, 'enfyra_websocket', { id: { _eq: gatewayId } }, 'id,_id,path')
         : await findRecord(ENFYRA_API_URL, 'enfyra_websocket', { path: { _eq: normalizeRestPath(gatewayPath) } }, 'id,_id,path');
       if (!gateway) throw new Error(`Websocket gateway not found: ${gatewayId || gatewayPath}`);
-      const validation = await validateDynamicScript(ENFYRA_API_URL, handlerScript, scriptLanguage);
+      const validation = await validateDynamicScript(ENFYRA_API_URL, sourceCode, scriptLanguage);
       const existing = await findRecord(ENFYRA_API_URL, 'enfyra_websocket_event', {
         gateway: { id: { _eq: getId(gateway) } },
         eventName: { _eq: eventName },
@@ -792,132 +990,236 @@ export function registerPlatformOperationTools(server, ENFYRA_API_URL) {
       const operation = await createOrPatch(ENFYRA_API_URL, 'enfyra_websocket_event', existing, {
         gateway: { id: getId(gateway) },
         eventName,
-        handlerScript,
+        sourceCode,
         scriptLanguage,
         isEnabled,
         description,
       });
-      const reload = await reloadBestEffort(ENFYRA_API_URL, '/admin/reload/websockets');
+      const reload = naturalPartialReload('Websocket event writes trigger the server partial reload contract; there is no dedicated websocket reload endpoint.');
       return jsonText({ action: 'websocket_event_ensured', gateway: { id: getId(gateway), path: gateway.path }, eventName, validation, operation, reload });
     },
   );
 
   server.tool(
-    'ensure_flow',
-    'Business operation: create or update an Enfyra flow. maxExecutions defaults to 100 when omitted.',
+    'ensure_manual_flow',
+    'Business operation: create or update a manually triggered Enfyra flow. Use this when the flow is run by API, admin action, another flow, or hook.',
     {
       name: z.string().describe('Flow name. Existing flow with this name is updated.'),
-      trigger: z.string().optional().describe('Flow trigger type/key.'),
       timeout: z.number().int().positive().optional().describe('Flow timeout in ms.'),
       maxExecutions: z.number().int().positive().optional().default(100).describe('Execution history cap.'),
       isEnabled: z.boolean().optional().default(true).describe('Enable flow.'),
       description: z.string().optional().describe('Admin note.'),
     },
-    async ({ name, trigger, timeout, maxExecutions, isEnabled, description }) => {
-      const existing = await findRecord(ENFYRA_API_URL, 'enfyra_flow', { name: { _eq: name } }, 'id,_id,name');
-      const operation = await createOrPatch(ENFYRA_API_URL, 'enfyra_flow', existing, {
-        name,
-        trigger,
-        timeout,
-        maxExecutions,
-        isEnabled,
-        description,
-      });
-      const reload = await reloadBestEffort(ENFYRA_API_URL, '/admin/reload/flows');
-      return jsonText({ action: 'flow_ensured', flow: { id: operation.id, name }, operation, reload });
+    async ({ name, timeout, maxExecutions, isEnabled, description }) => jsonText(await ensureFlow(ENFYRA_API_URL, {
+      name,
+      triggerType: 'manual',
+      timeout,
+      maxExecutions,
+      isEnabled,
+      description,
+    })),
+  );
+
+  server.tool(
+    'ensure_scheduled_flow',
+    'Business operation: create or update a scheduled Enfyra flow. Use this only for cron/time-based flows.',
+    {
+      name: z.string().describe('Flow name. Existing flow with this name is updated.'),
+      triggerConfig: z.string().describe('Schedule config JSON object.'),
+      timeout: z.number().int().positive().optional().describe('Flow timeout in ms.'),
+      maxExecutions: z.number().int().positive().optional().default(100).describe('Execution history cap.'),
+      isEnabled: z.boolean().optional().default(true).describe('Enable flow.'),
+      description: z.string().optional().describe('Admin note.'),
     },
+    async ({ name, triggerConfig, timeout, maxExecutions, isEnabled, description }) => jsonText(await ensureFlow(ENFYRA_API_URL, {
+      name,
+      triggerType: 'schedule',
+      triggerConfig,
+      timeout,
+      maxExecutions,
+      isEnabled,
+      description,
+    })),
   );
 
   server.tool(
-    'ensure_flow_step',
-    'Business operation: create or update one flow step by flow+key. Script/condition sourceCode is validated before save.',
+    'ensure_script_flow_step',
+    'Business operation: create or update one script flow step. Use this for JavaScript/TypeScript flow logic instead of choosing type=script manually.',
     {
       flowName: z.string().optional().describe('Flow name. Use flowName or flowId.'),
       flowId: z.union([z.string(), z.number()]).optional().describe('Flow id. Use flowName or flowId.'),
       key: z.string().describe('Stable step key. Existing step with flow+key is updated.'),
-      type: z.string().describe('Step type, e.g. script, condition, query, http, sleep, trigger_flow.'),
-      order: z.number().optional().default(0).describe('Step order.'),
+      sourceCode: z.string().describe('Script sourceCode.'),
+      order: z.number().optional().default(0).describe('Step order. Saved as enfyra_flow_step.stepOrder.'),
       config: z.string().optional().describe('Step config JSON object.'),
-      sourceCode: z.string().optional().describe('Script/condition sourceCode.'),
       scriptLanguage: z.enum(['javascript', 'typescript']).optional().default('javascript').describe('Script language.'),
       timeout: z.number().int().positive().optional().describe('Step timeout in ms.'),
       isEnabled: z.boolean().optional().default(true).describe('Enable step.'),
+    },
+    async (input) => jsonText(await ensureFlowStep(ENFYRA_API_URL, {
+      ...input,
+      type: 'script',
+    })),
+  );
+
+  server.tool(
+    'ensure_condition_flow_step',
+    'Business operation: create or update one condition flow step. Use this for dynamic conditional branching instead of choosing type=condition manually.',
+    {
+      flowName: z.string().optional().describe('Flow name. Use flowName or flowId.'),
+      flowId: z.union([z.string(), z.number()]).optional().describe('Flow id. Use flowName or flowId.'),
+      key: z.string().describe('Stable step key. Existing step with flow+key is updated.'),
+      sourceCode: z.string().describe('Condition sourceCode.'),
+      order: z.number().optional().default(0).describe('Step order. Saved as enfyra_flow_step.stepOrder.'),
+      config: z.string().optional().describe('Step config JSON object.'),
+      scriptLanguage: z.enum(['javascript', 'typescript']).optional().default('javascript').describe('Script language.'),
+      timeout: z.number().int().positive().optional().describe('Step timeout in ms.'),
+      isEnabled: z.boolean().optional().default(true).describe('Enable step.'),
+    },
+    async (input) => jsonText(await ensureFlowStep(ENFYRA_API_URL, {
+      ...input,
+      type: 'condition',
+    })),
+  );
+
+  server.tool(
+    'ensure_query_flow_step',
+    'Business operation: create or update one query flow step. Use this for repository/query-style flow steps instead of choosing type=query manually.',
+    {
+      flowName: z.string().optional().describe('Flow name. Use flowName or flowId.'),
+      flowId: z.union([z.string(), z.number()]).optional().describe('Flow id. Use flowName or flowId.'),
+      key: z.string().describe('Stable step key. Existing step with flow+key is updated.'),
+      config: z.string().describe('Step config JSON object.'),
+      order: z.number().optional().default(0).describe('Step order. Saved as enfyra_flow_step.stepOrder.'),
+      timeout: z.number().int().positive().optional().describe('Step timeout in ms.'),
+      isEnabled: z.boolean().optional().default(true).describe('Enable step.'),
+    },
+    async (input) => jsonText(await ensureFlowStep(ENFYRA_API_URL, {
+      ...input,
+      type: 'query',
+    })),
+  );
+
+  server.tool(
+    'ensure_http_flow_step',
+    'Business operation: create or update one HTTP flow step. Use this for outbound HTTP calls instead of choosing type=http manually.',
+    {
+      flowName: z.string().optional().describe('Flow name. Use flowName or flowId.'),
+      flowId: z.union([z.string(), z.number()]).optional().describe('Flow id. Use flowName or flowId.'),
+      key: z.string().describe('Stable step key. Existing step with flow+key is updated.'),
+      config: z.string().describe('Step config JSON object.'),
+      order: z.number().optional().default(0).describe('Step order. Saved as enfyra_flow_step.stepOrder.'),
+      timeout: z.number().int().positive().optional().describe('Step timeout in ms.'),
+      isEnabled: z.boolean().optional().default(true).describe('Enable step.'),
+    },
+    async (input) => jsonText(await ensureFlowStep(ENFYRA_API_URL, {
+      ...input,
+      type: 'http',
+    })),
+  );
+
+  server.tool(
+    'ensure_sleep_flow_step',
+    'Business operation: create or update one sleep/wait flow step. Use this for delays instead of choosing type=sleep manually.',
+    {
+      flowName: z.string().optional().describe('Flow name. Use flowName or flowId.'),
+      flowId: z.union([z.string(), z.number()]).optional().describe('Flow id. Use flowName or flowId.'),
+      key: z.string().describe('Stable step key. Existing step with flow+key is updated.'),
+      config: z.string().describe('Step config JSON object.'),
+      order: z.number().optional().default(0).describe('Step order. Saved as enfyra_flow_step.stepOrder.'),
+      timeout: z.number().int().positive().optional().describe('Step timeout in ms.'),
+      isEnabled: z.boolean().optional().default(true).describe('Enable step.'),
+    },
+    async (input) => jsonText(await ensureFlowStep(ENFYRA_API_URL, {
+      ...input,
+      type: 'sleep',
+    })),
+  );
+
+  server.tool(
+    'ensure_trigger_flow_step',
+    'Business operation: create or update one child-flow trigger step. Use this for flow-to-flow orchestration instead of choosing type=trigger_flow manually.',
+    {
+      flowName: z.string().optional().describe('Flow name. Use flowName or flowId.'),
+      flowId: z.union([z.string(), z.number()]).optional().describe('Flow id. Use flowName or flowId.'),
+      key: z.string().describe('Stable step key. Existing step with flow+key is updated.'),
+      config: z.string().describe('Step config JSON object.'),
+      order: z.number().optional().default(0).describe('Step order. Saved as enfyra_flow_step.stepOrder.'),
+      timeout: z.number().int().positive().optional().describe('Step timeout in ms.'),
+      isEnabled: z.boolean().optional().default(true).describe('Enable step.'),
+    },
+    async (input) => jsonText(await ensureFlowStep(ENFYRA_API_URL, {
+      ...input,
+      type: 'trigger_flow',
+    })),
+  );
+
+  server.tool(
+    'ensure_menu',
+    'Business operation: create or update one admin menu item. Use this instead of raw enfyra_menu CRUD.',
+    {
+      label: z.string().describe('Menu label.'),
+      path: z.string().optional().describe('Admin app route path for leaf menu items, e.g. /reports.'),
+      icon: z.string().optional().describe('Menu icon name.'),
+      type: z.enum(['Menu', 'Dropdown Menu']).optional().default('Menu').describe('Menu type.'),
+      order: z.number().optional().default(0).describe('Display order.'),
+      permission: z.string().optional().describe('Menu permission JSON object.'),
       description: z.string().optional().describe('Admin note.'),
+      isEnabled: z.boolean().optional().default(true).describe('Enable menu.'),
     },
-    async ({ flowName, flowId, key, type, order, config, sourceCode, scriptLanguage, timeout, isEnabled, description }) => {
-      if (!flowName && !flowId) throw new Error('Provide flowName or flowId.');
-      if (flowName && flowId) throw new Error('Provide flowName or flowId, not both.');
-      const flow = flowId
-        ? await findRecord(ENFYRA_API_URL, 'enfyra_flow', { id: { _eq: flowId } }, 'id,_id,name')
-        : await findRecord(ENFYRA_API_URL, 'enfyra_flow', { name: { _eq: flowName } }, 'id,_id,name');
-      if (!flow) throw new Error(`Flow not found: ${flowId || flowName}`);
-      const parsedConfig = parseJsonObjectArg('config', config, {});
-      const validation = sourceCode && ['script', 'condition'].includes(type)
-        ? await validateDynamicScript(ENFYRA_API_URL, sourceCode, scriptLanguage)
-        : { validated: false, reason: 'no script validation required' };
-      const existing = await findRecord(ENFYRA_API_URL, 'enfyra_flow_step', {
-        flow: { id: { _eq: getId(flow) } },
-        key: { _eq: key },
-      }, 'id,_id,key,flow.id');
-      const operation = await createOrPatch(ENFYRA_API_URL, 'enfyra_flow_step', existing, normalizeFlowStepBody({
-        key,
-        type,
-        order,
-        config: parsedConfig,
-        sourceCode,
-        scriptLanguage,
-        timeout,
-        isEnabled,
-        description,
-      }, getId(flow)));
-      const reload = await reloadBestEffort(ENFYRA_API_URL, '/admin/reload/flows');
-      return jsonText({ action: 'flow_step_ensured', flow: { id: getId(flow), name: flow.name }, step: { id: operation.id, key, type }, validation, operation, reload });
+    async (input) => jsonText({
+      action: 'menu_ensured',
+      menu: await ensureMenu(ENFYRA_API_URL, input),
+    }),
+  );
+
+  server.tool(
+    'ensure_page_extension',
+    'Business operation: create or update one page extension attached to an existing menu. Validates extension code before save.',
+    {
+      name: z.string().describe('Extension unique name.'),
+      code: z.string().describe('Vue SFC extension code.'),
+      menuId: z.union([z.string(), z.number()]).describe('Existing menu id for this page extension.'),
+      description: z.string().optional().describe('Extension description.'),
+      isEnabled: z.boolean().optional().default(true).describe('Enable extension.'),
+      version: z.string().optional().default('1.0.0').describe('Extension version.'),
     },
+    async (input) => jsonText({
+      action: 'page_extension_ensured',
+      extension: await ensureExtension(ENFYRA_API_URL, { ...input, type: 'page' }),
+    }),
   );
 
   server.tool(
-    'ensure_menu_extension_page',
-    'Business operation: create or update a page extension and its menu item together. Extension code is validated before save.',
+    'ensure_global_extension',
+    'Business operation: create or update one global shell extension. Validates extension code before save and rejects menu coupling.',
     {
       name: z.string().describe('Extension unique name.'),
       code: z.string().describe('Vue SFC extension code.'),
-      menuLabel: z.string().describe('Menu label.'),
-      menuPath: z.string().describe('Admin app path, e.g. /reports.'),
-      icon: z.string().optional().describe('Menu icon name.'),
-      permission: z.string().optional().describe('Menu permission JSON object.'),
-      description: z.string().optional().describe('Description for menu/extension.'),
-      isEnabled: z.boolean().optional().default(true).describe('Enable menu and extension.'),
+      description: z.string().optional().describe('Extension description.'),
+      isEnabled: z.boolean().optional().default(true).describe('Enable extension.'),
       version: z.string().optional().default('1.0.0').describe('Extension version.'),
     },
-    async ({ name, code, menuLabel, menuPath, icon, permission, description, isEnabled, version }) => {
-      const validation = await validateExtensionCode(ENFYRA_API_URL, code, name);
-      const normalizedPath = normalizeRestPath(menuPath);
-      const existingMenu = await findRecord(ENFYRA_API_URL, 'enfyra_menu', { path: { _eq: normalizedPath } }, 'id,_id,path,label');
-      const menuOperation = await createOrPatch(ENFYRA_API_URL, 'enfyra_menu', existingMenu, {
-        label: menuLabel,
-        path: normalizedPath,
-        icon,
-        type: 'Menu',
-        permission: parseJsonObjectArg('permission', permission, undefined),
-        description,
-        isEnabled,
-      });
-      const existingExtension = await findRecord(ENFYRA_API_URL, 'enfyra_extension', { name: { _eq: name } }, 'id,_id,name,menu.id');
-      const extensionOperation = await createOrPatch(ENFYRA_API_URL, 'enfyra_extension', existingExtension, {
-        name,
-        type: 'page',
-        code,
-        menu: { id: menuOperation.id || getId(existingMenu) },
-        description,
-        isEnabled,
-        version,
-      });
-      return jsonText({
-        action: 'menu_extension_page_ensured',
-        menu: { id: menuOperation.id || getId(existingMenu), path: normalizedPath, action: menuOperation.action },
-        extension: { id: extensionOperation.id || getId(existingExtension), name, action: extensionOperation.action },
-        validation,
-      });
+    async (input) => jsonText({
+      action: 'global_extension_ensured',
+      extension: await ensureExtension(ENFYRA_API_URL, { ...input, type: 'global' }),
+    }),
+  );
+
+  server.tool(
+    'ensure_widget_extension',
+    'Business operation: create or update one widget extension. Validates extension code before save and rejects menu coupling.',
+    {
+      name: z.string().describe('Extension unique name.'),
+      code: z.string().describe('Vue SFC extension code.'),
+      description: z.string().optional().describe('Extension description.'),
+      isEnabled: z.boolean().optional().default(true).describe('Enable extension.'),
+      version: z.string().optional().default('1.0.0').describe('Extension version.'),
     },
+    async (input) => jsonText({
+      action: 'widget_extension_ensured',
+      extension: await ensureExtension(ENFYRA_API_URL, { ...input, type: 'widget' }),
+    }),
   );
+
 }

package/src/mcp-server-entry.mjs

@@ -3054,69 +3054,6 @@ server.tool(
   },
 );
 
-// ============================================================================
-// MENU & EXTENSION TOOLS
-// ============================================================================
-
-server.tool('create_menu', 'Create a menu item in the navigation. Use permission JSON for sensitive menu visibility; successful writes should trigger the app menu reload contract.', {
-  label: z.string().describe('Menu label'),
-  type: z.enum(['Menu', 'Dropdown Menu']).default('Menu').describe('Menu type: "Menu" for leaf items, "Dropdown Menu" for items with children'),
-  icon: z.string().optional().describe('Lucide icon name'),
-  path: z.string().optional().describe('App route path for a clickable menu item, e.g. "/reports".'),
-  externalUrl: z.string().optional().describe('External URL for a menu item when the backend supports external links.'),
-  order: z.number().optional().default(0).describe('Display order'),
-  isEnabled: z.boolean().optional().default(true).describe('Enable menu'),
-  description: z.string().optional().describe('Menu description'),
-  permission: z.string().optional().describe('Optional menu visibility permission JSON object string, e.g. {"or":[{"route":"/reports","methods":["GET"]}]}'),
-}, async (data) => {
-  const body = { ...data };
-  if (body.permission !== undefined) {
-    body.permission = parseJsonArg(body.permission);
-    if (!body.permission || typeof body.permission !== 'object' || Array.isArray(body.permission)) {
-      throw new Error('permission must be a JSON object string.');
-    }
-  }
-  if (body.path && !body.path.startsWith('/')) {
-    body.path = '/' + body.path;
-  }
-  const result = await fetchAPI(ENFYRA_API_URL, '/enfyra_menu', { method: 'POST', body: JSON.stringify(body) });
-  const created = firstDataRecord(result);
-  return { content: [{ type: 'text', text: `Menu created (ID: ${getId(created)}):\n${JSON.stringify(result, null, 2)}` }] };
-});
-
-server.tool(
-  'create_extension',
-  [
-    'Create an extension (Vue SFC page, widget, or global shell extension). Code must be Vue SFC: <template>...</template> + <script setup>...</script> — NO imports, use globals (ref, useToast, useApi, UButton, etc).',
-    'For type=page: create menu first (create_menu), get id, then pass menuId. For type=widget: no menu, embed via <Widget>. For type=global: no menu, the Enfyra admin UI mounts it invisibly at shell level for registries/realtime. Server auto-compiles and should emit realtime reload to open Enfyra admin tabs. See extension rules in MCP instructions.',
-  ].join(' '),
-  {
-    name: z.string().describe('Extension name (unique)'),
-    type: z.enum(['page', 'widget', 'global']).describe('Extension type: page = full page linked to menu; widget = embed via Widget component; global = shell-level lifecycle component'),
-    code: z.string().describe('Vue SFC string — <template> + <script setup>, NO import statements'),
-    menuId: z.string().optional().describe('Required for type=page — enfyra_menu id from create_menu. Omit for widget/global'),
-    isEnabled: z.boolean().optional().default(true).describe('Enable extension'),
-    description: z.string().optional().describe('Extension description'),
-    version: z.string().optional().default('1.0.0').describe('Extension version'),
-  },
-  async (data) => {
-    const body = { ...data };
-    if (body.type === 'page' && !body.menuId) {
-      throw new Error('menuId is required for type=page. Create or find a enfyra_menu record first.');
-    }
-    if (body.type !== 'page' && body.menuId) {
-      throw new Error('menuId is only valid for type=page. Omit menuId for widget/global extensions.');
-    }
-    if (body.menuId) {
-      body.menu = { id: body.menuId };
-      delete body.menuId;
-    }
-    const result = await fetchAPI(ENFYRA_API_URL, '/enfyra_extension', { method: 'POST', body: JSON.stringify(body) });
-    const created = firstDataRecord(result);
-    return { content: [{ type: 'text', text: `Extension created (ID: ${getId(created)}). Open Enfyra admin tabs should update through the realtime reload contract.\n${JSON.stringify(result, null, 2)}` }] };
-  },
-);
-
 // ============================================================================
 // MAIN
 // ============================================================================