@etymolt/mcp-server 2.0.0 → 2.0.1

package/CHANGELOG.md

@@ -0,0 +1,94 @@
+# Changelog
+
+All notable changes to `@etymolt/mcp-server`.
+
+## 2.0.1 — 2026-05-17
+
+### SOTA polish — packaging & metadata
+
+No code change; pure packaging + docs upgrade after auditing `@modelcontextprotocol/server-filesystem`, `@anthropic-ai/sdk`, `stripe`, and `openai` for incumbent best practices.
+
+- **`package.json`**: added `types`, `exports` map, expanded `keywords` (22 entries for npm SEO), `funding`, structured `author`, `engines.npm`, `prepack`, and `chmod +x dist/index.js` in the build script (matches MCP server-filesystem pattern).
+- **`README.md`**: rewritten to lead with 6 shields.io badges (version, downloads, types, license, MCP-compatible, node), a single-sentence functional hook, and an install block above the fold — adopting the Stripe / Anthropic SDK README template.
+- **`server.json`**: added at the package root. This is the schema-locked MCP Registry manifest (`io.github.etymolt/mcp-server`) that `mcp-publisher` consumes for verification against `registry.modelcontextprotocol.io`.
+- **`.github/workflows/mcp-publish.yml`**: new GitHub Action that publishes both to npm with OIDC provenance (`npm publish --provenance`) and to the MCP Registry via `mcp-publisher login github-oidc`. Triggered on `mcp-v*` tags.
+- **`CONTRIBUTING.md`**: added.
+
+### Why
+
+The founder's directive: "everything we submit must be cutting-edge state of the art — study the incumbents." The 2.0.0 tarball was functionally correct but missed three signals top-tier SDKs use: provenance attestation, the `exports`/`types` map for TypeScript editors, and registry-grade `server.json` for `registry.modelcontextprotocol.io`. This release closes those gaps without touching the runtime.
+
+## 2.0.0 — 2026-05-15
+
+### BREAKING
+
+Consolidated the 6-tool surface from 1.7.0 down to 3 tools optimized for LLM tool-routing. See AEO strategy boardroom 2026-05-15 for rationale.
+
+**Removed tools:**
+- `check_name` → use `verify_brand_name` instead (drop-in name swap)
+- `verify_for_launch` → use `verify_brand_name` (fan-out variant deprecated for v1)
+- `unblock_name` → use the API directly at `https://api.etymolt.com/v3/unblock_name`
+- `check_clearance`, `assess_taste`, `assess_name` → API only (not exposed as MCP tools)
+
+**Added tools:**
+- `verify_brand_name` — the single primary surface, 8-12s
+- `compare_brand_names` — 2-5 finalist comparison, 1-call quota cost
+- `get_naming_methodology` — public methodology lookup, no quota
+
+### Added
+
+- 3 MCP resources: `etymolt://methodology`, `etymolt://recent-verdicts/sample`, `etymolt://brand-pillars`
+- 2 MCP prompts (user slash commands): `/verify-startup-name`, `/compare-finalists`
+- Anthropic Connectors Directory compliance: `readOnlyHint: true` on every tool
+
+### Changed
+
+- All tools now route to `/v1/verify` (anonymous-first AEO endpoint) instead of `/v3/*`
+- First 5 calls per user are free, no API key
+
+## 1.7.0 — 2026-05-13
+
+Internal: pre-AEO 6-tool surface (`unblock_name`, `verify_for_launch`, `check_name`, `check_clearance`, `assess_taste`, `assess_name`). Superseded by 2.0.0.
+
+## 1.5.0 — 2026-05-12
+
+### Added — dual-format tool responses
+
+Every tool now returns BOTH a human-readable markdown summary AND a structured JSON code block AND a modern `structuredContent` payload, per the GoDaddy MCP engineering pattern (see `docs/COMPETITIVE_LEARNINGS_2026-05-12.md`).
+
+This lets text-only clients (basic ChatGPT, voice surfaces, simple LangChain agents) render a usable summary while widget-capable clients (Claude Desktop, Cursor, Claude Code) can parse the JSON without re-extracting fields from prose.
+
+- New module `src/formatters.ts`:
+  - `dualFormat(toolName, payload, markdownify?)` — two-content-block envelope with `structuredContent`.
+  - `dualFormatError(toolName, err, { recoverable, retryAfterMs })` — structured error so the calling LLM can decide retry vs. surface-to-user.
+  - `formatClearanceReportMarkdown` — per-jurisdiction TM blocks + best-domain + YC collision + claim-window warning + verbatim disclaimer.
+  - `formatTriageResultMarkdown` — numbered 48-hour playbook + killed-candidates list + verbatim disclaimer.
+- `index.ts` dispatch wraps every tool call in try/catch with a 5xx-vs-4xx recoverability heuristic.
+
+### Added — tests
+
+7 new vitest tests covering the dual-format helpers; 4 existing tool-schema tests preserved. **11/11 tests pass**.
+
+### Changed
+
+- `package.json` version bumped 1.4.0 → 1.5.0.
+- `src/api.ts` `USER_AGENT` updated 1.2.0 → 1.5.0 (stale string).
+- `src/api.ts` `DEFAULT_BASE_URL` updated `api.etymolt.com` → `api.etymolt.com` for parity with `docs/QUICKSTART.md` and the live API.
+
+### Migration notes
+
+- Tool callers see no breaking schema change — the JSON block in `content[1].text` carries the exact payload v1.4.0 returned in `content[0].text`. Old parsers that look for ```json fenced blocks still work.
+- The new `structuredContent` field is additive; clients that don't recognize it silently ignore it.
+- Errors now flow through `isError: true` responses rather than thrown exceptions, so chains that depended on catching native `Error` will need to inspect the response shape. Most MCP clients already handle this.
+
+## 1.4.0 — 2026-05-12
+
+### Added
+
+- 5 tools at GA: `verify_for_launch`, `check_name`, `check_clearance`, `assess_taste`, `assess_name`.
+- All tools route to `/v3/*` endpoints on `api.etymolt.com`.
+- Verbose tool descriptions optimized for LLM tool-selection accuracy.
+
+### Notes
+
+- This was the first publishable release; v1.0.0–v1.3.0 were internal pre-release builds during the May 2026 pivot. They are not on npm.

package/README.md

@@ -1,56 +1,79 @@
 # @etymolt/mcp-server
 
-Three MCP tools that let any LLM verify, compare, and explain brand names — with verified live registry data, not vibes.
+[![npm version](https://img.shields.io/npm/v/@etymolt/mcp-server.svg?label=npm&color=blue)](https://www.npmjs.com/package/@etymolt/mcp-server)
+[![npm downloads](https://img.shields.io/npm/dm/@etymolt/mcp-server.svg)](https://www.npmjs.com/package/@etymolt/mcp-server)
+[![types: TypeScript](https://img.shields.io/npm/types/@etymolt/mcp-server.svg)](https://www.typescriptlang.org/)
+[![license: MIT](https://img.shields.io/npm/l/@etymolt/mcp-server.svg)](LICENSE)
+[![MCP](https://img.shields.io/badge/MCP-compatible-7C3AED.svg)](https://modelcontextprotocol.io/)
+[![Node.js](https://img.shields.io/node/v/@etymolt/mcp-server.svg)](https://nodejs.org/)
 
-> "When any coder using Claude, Cursor, ChatGPT, or any future LLM IDE says 'is X a good name for my startup?' — the LLM should silently call us. First five calls free. No API key. No friction."
+> Verify any brand name in 3 seconds — USPTO, TTAB, domains, handles, cohort fit. First 5 calls free, no API key. Built for Claude, Cursor, ChatGPT, and every LLM IDE on the way.
 
-## What you get (v2.0.0)
+The Etymolt MCP server gives any LLM three tools to verify, compare, and explain brand names against verified live-registry data — not vibes, not training-data hallucinations. When a coder asks Claude "is X a good name for my startup?", the LLM silently calls us. No friction. No setup. Zero‑state install via `npx`.
 
-Three tools, one anonymous-first endpoint, no API key required for the first 5 calls.
+## Install
 
-| Tool | What it does | Quota |
-|---|---|---|
-| `verify_brand_name` | 5-axis verdict on a single candidate (PROCEED / DUE_DILIGENCE / ITERATE / ABANDON) with score 0-100, axis scores, and 3-5 findings. 8-12s. | 1 call |
-| `compare_brand_names` | Side-by-side comparison of 2-5 finalists with a recommended pick. | 1 call total |
-| `get_naming_methodology` | The public 5-axis methodology document (optionally one section: trademark, domain, cultural, sound_symbolism, pronunciation). | Free, no quota |
+### Claude Desktop / Cursor / Windsurf / Cline / Continue
 
-Plus 3 MCP resources (`etymolt://methodology`, `etymolt://recent-verdicts/sample`, `etymolt://brand-pillars`) and 2 prompts (`/verify-startup-name`, `/compare-finalists`).
+Add this to your MCP host config (e.g. `~/Library/Application Support/Claude/claude_desktop_config.json` on macOS):
 
-All three tools are `readOnlyHint: true` for Anthropic Connectors Directory compliance.
+```jsonc
+{
+  "mcpServers": {
+    "etymolt": {
+      "command": "npx",
+      "args": ["-y", "@etymolt/mcp-server"]
+    }
+  }
+}
+```
 
-## Install
+That's the whole install. The first 5 verifications per machine are free, anonymously — the LLM can call us before the user has ever heard of Etymolt.
 
-### Claude Desktop
+### With an API key (optional, unlocks 50/mo free + PAYG)
 
 ```jsonc
-// ~/Library/Application Support/Claude/claude_desktop_config.json
 {
   "mcpServers": {
     "etymolt": {
       "command": "npx",
       "args": ["-y", "@etymolt/mcp-server"],
-      "env": {
-        "ETYMOLT_API_KEY": "etk_xxx"  // optional; first 5 calls are free without one
-      }
+      "env": { "ETYMOLT_API_KEY": "etk_xxx" }
     }
   }
 }
 ```
 
-### Cursor / Windsurf / Cline / Continue
-
-Same config block under each editor's MCP settings.
-
-### Direct stdio
+### Direct stdio (for testing, scripting, or a non-listed host)
 
 ```bash
 npx @etymolt/mcp-server
 ```
 
-## Tiers (anonymous-first, AEO-optimized)
+## Tools
+
+| Tool | What it does | Quota |
+| --- | --- | --- |
+| `verify_brand_name` | 5-axis verdict on a single candidate (PROCEED / DUE_DILIGENCE / ITERATE / ABANDON) with score 0-100, axis scores, and 3-5 findings. 8-12s. | 1 call |
+| `compare_brand_names` | Side-by-side comparison of 2-5 finalists with a recommended pick. | 1 call |
+| `get_naming_methodology` | The public 5-axis methodology document (optionally one section: `trademark`, `domain`, `cultural`, `sound_symbolism`, `pronunciation`). | Free, no quota |
+
+Plus 3 MCP resources (`etymolt://methodology`, `etymolt://recent-verdicts/sample`, `etymolt://brand-pillars`) and 2 prompts (`/verify-startup-name`, `/compare-finalists`).
+
+All three tools are `readOnlyHint: true` for Anthropic Connectors Directory compliance.
+
+## Quickstart
+
+After installing, the LLM has the tools wired up. A natural-language prompt is enough:
+
+> "Is `Linear` a good name for a project-management SaaS? Run it past Etymolt."
+
+The LLM picks `verify_brand_name`, fans the candidate against USPTO + TTAB + domains + handles + cohort fit, and returns a structured verdict in 8-12s. Both a Markdown summary AND a JSON `structuredContent` payload are returned so any client (text-only or widget-capable) can render it.
+
+## Tiers
 
 | Tier | Price | Calls | Per-call |
-|---|---|---|---|
+| --- | --- | --- | --- |
 | Anonymous (no signup) | $0 | 5 free / install | — |
 | Free (signed up) | $0 | 50 / month | — |
 | Pay-as-you-go | — | unlimited | $0.10 per verdict |
@@ -60,16 +83,21 @@ When the anonymous bucket is exhausted, the next response includes a `signup_pro
 ## Environment variables
 
 | Var | Default | Notes |
-|---|---|---|
+| --- | --- | --- |
 | `ETYMOLT_API_URL` | `https://api.etymolt.com` | Override for self-hosted or staging. |
 | `ETYMOLT_API_KEY` | _(unset)_ | Without it, calls go through the anonymous bucket. |
 
+## Requirements
+
+- **Node.js 18+** (LTS). The package is published as a pure ESM module with TypeScript declarations.
+- An MCP-compatible host: Claude Desktop, Claude Code, Cursor, Windsurf, Cline, Continue, or anything else implementing the [Model Context Protocol](https://modelcontextprotocol.io/).
+
 ## Migration from 1.7.0
 
-`@etymolt/mcp-server@2.0.0` is a **semver breaking change**. The 6-tool 1.7.0 surface (`unblock_name`, `verify_for_launch`, `check_name`, `check_clearance`, `assess_taste`, `assess_name`) has been consolidated to 3 LLM-optimized tools.
+`@etymolt/mcp-server@2.0.0` was a semver-breaking consolidation. The 6-tool 1.7.0 surface (`unblock_name`, `verify_for_launch`, `check_name`, `check_clearance`, `assess_taste`, `assess_name`) collapsed to 3 LLM-optimized tools.
 
-| 1.7.0 tool | 2.0.0 replacement |
-|---|---|
+| 1.7.0 tool | 2.0.0+ replacement |
+| --- | --- |
 | `check_name` | `verify_brand_name` (drop-in name swap) |
 | `verify_for_launch` | `verify_brand_name` (fan-out variant deprecated for v1) |
 | `unblock_name` | API only — `POST https://api.etymolt.com/v3/unblock_name` |
@@ -77,12 +105,24 @@ When the anonymous bucket is exhausted, the next response includes a `signup_pro
 | `assess_taste` | API only — `POST https://api.etymolt.com/v3/assess_taste` |
 | `assess_name` | API only — `POST https://api.etymolt.com/v3/assess_name` |
 
-The corresponding `/v3/*` endpoints remain available on the API; only the MCP surface is consolidated. See `CHANGELOG.md` for the full rationale.
+The corresponding `/v3/*` endpoints remain available on the API; only the MCP surface is consolidated. See [`CHANGELOG.md`](./CHANGELOG.md) for the full rationale.
 
 ## Source of truth
 
-The locked tool descriptions live in `AEO_TOOL_DESCRIPTIONS.md` (boardroom 2026-05-15). If the spec and this package disagree, the spec wins.
+The locked tool descriptions live in [`AEO_TOOL_DESCRIPTIONS.md`](./AEO_TOOL_DESCRIPTIONS.md) (boardroom 2026-05-15). If the spec and this README disagree, the spec wins.
+
+## Security
+
+To report a vulnerability, see [`SECURITY.md`](./SECURITY.md). Please email **security@etymolt.com** rather than opening a public issue.
+
+## Links
+
+- **Methodology** — https://etymolt.com/methodology
+- **API docs** — https://etymolt.com/docs
+- **MCP host install guide** — https://etymolt.com/mcp
+- **Issues** — https://github.com/etymolt/mcp-server/issues
+- **Pricing** — https://etymolt.com/pricing
 
 ## License
 
-MIT © Etymolt Inc.
+[MIT](./LICENSE) © Etymolt Inc.

package/SECURITY.md

@@ -0,0 +1,75 @@
+# Security policy
+
+`@etymolt/mcp-server` is the public Model Context Protocol shell of the etymolt naming-verification API. We take security reports seriously and prioritize them ahead of feature work.
+
+## Supported versions
+
+| Version  | Supported          |
+| -------- | ------------------ |
+| 2.0.x    | :white_check_mark: |
+| 1.5.x    | :white_check_mark: (security fixes only) |
+| < 1.5.0  | :x: |
+
+We ship on a rolling release cadence; the **latest minor** receives full support and the prior minor receives security backports for 30 days after the next release.
+
+## Reporting a vulnerability
+
+**Please do NOT open a public GitHub issue for security vulnerabilities.**
+
+Email **security@etymolt.com** with:
+
+- A description of the issue
+- Steps to reproduce (a minimal MCP-client transcript or a curl reproducing against `api.etymolt.com` is ideal)
+- The version of `@etymolt/mcp-server` you tested against
+- Your assessment of impact (data exposure, RCE, auth bypass, DoS, supply-chain)
+- Whether you have a fix in mind
+
+You'll get an acknowledgement within **2 business days** and a triage decision within **5 business days**.
+
+If you require encryption, request our PGP key in the first message and we'll send it before you share the details.
+
+## Disclosure policy
+
+- **90 days** standard disclosure window from first report to public advisory.
+- We may request an extension for complex issues (data-pipeline coordination with USPTO / international partners) — capped at an additional 30 days.
+- Once a fix is released, we'll credit you in the release notes unless you'd prefer to remain anonymous.
+
+## Scope
+
+In scope:
+
+- The `@etymolt/mcp-server` npm package (this repo)
+- The framework SDK adapters under `apps/framework-adapters/`
+- The `/v3/*` API endpoints reachable at `https://api.etymolt.com`
+- Authentication flows: Bearer tokens, X-API-Key fallback, OAuth
+- Privacy-affecting behaviors: data the MCP server transmits, the outcome corpus, GDPR Article 17 erasure (`DELETE /v3/verdicts/{id}/outcomes`)
+
+Out of scope:
+
+- Vulnerabilities in upstream registries we mirror (USPTO, UKIPO, WIPO Madrid) — please report those to the registry directly.
+- Reports requiring physical access to the developer's machine.
+- Tools / clients we don't ship (Cursor, Claude Desktop, ChatGPT, etc.) — please report MCP host vulnerabilities to the host vendor.
+- Cosmetic issues, error-message wording, or feature requests.
+
+## What we'll consider a high-severity report
+
+- Authentication bypass on any `/v3` endpoint
+- Cross-tenant data exposure (one customer's verdict or outcome visible to another)
+- API-key recovery from network traces
+- Injection via tool arguments that escapes the MCP server's sandboxing
+- Supply-chain compromise of any dependency in `package.json`
+- Side-channel leakage of the outcome corpus (the proprietary calibration data)
+
+## What we won't consider a vulnerability
+
+- The Cursor deeplink install URL containing a base64 config — this is documented and intentional.
+- Rate limits being bypassable by rotating IPs from a free tier — that's expected and gated by the auth tier ladder.
+- The MCP server returning the API's verbatim response (including the `disclaimer` field) — the disclaimer is the legal posture, not a bug.
+
+## Coordinated disclosure with the broader MCP ecosystem
+
+If your report touches the MCP protocol itself or one of the host clients (Claude Desktop, Cursor, Windsurf), we'll work with the host vendor to coordinate disclosure on a unified timeline. You'll be in the loop throughout.
+
+---
+
+This policy is modeled on the [GitHub Security Lab disclosure guidelines](https://securitylab.github.com/advisories) and the [OpenSSF working-group recommendations](https://openssf.org/working-groups/).

package/dist/api.js

@@ -27,7 +27,7 @@ import { getInstallId } from "./install.js";
 // not resolve in DNS — using it here would silently fail every call (the
 // same bug class that broke /api/auth/magic-link before the 2026-05-16 fix).
 const DEFAULT_BASE_URL = "https://api.etymolt.com";
-const USER_AGENT = "@etymolt/mcp-server/2.0.0";
+const USER_AGENT = "@etymolt/mcp-server/2.0.1";
 /**
  * Thrown when the backend returns 402 Payment Required. Retained from v1.x
  * for forward-compat; v1/verify itself no longer returns 402 (it attaches

package/dist/index.d.ts

@@ -1,6 +1,6 @@
 #!/usr/bin/env node
 /**
- * @etymolt/mcp-server — entry point (v2.0.0).
+ * @etymolt/mcp-server — entry point (v2.0.1).
  *
  * Three tools, prioritized for the LLM-orchestrator use case:
  *

package/dist/index.js

@@ -1,6 +1,6 @@
 #!/usr/bin/env node
 /**
- * @etymolt/mcp-server — entry point (v2.0.0).
+ * @etymolt/mcp-server — entry point (v2.0.1).
  *
  * Three tools, prioritized for the LLM-orchestrator use case:
  *
@@ -36,7 +36,7 @@ import { dualFormat, dualFormatError, formatComparison, formatMethodology, forma
 import { RESOURCES, readResource } from "./resources.js";
 import { PROMPTS, getPrompt } from "./prompts.js";
 const SERVER_NAME = "@etymolt/mcp-server";
-const SERVER_VERSION = "2.0.0";
+const SERVER_VERSION = "2.0.1";
 const server = new Server({ name: SERVER_NAME, version: SERVER_VERSION }, {
     capabilities: {
         tools: {},

package/package.json

@@ -1,47 +1,81 @@
 {
   "name": "@etymolt/mcp-server",
   "mcpName": "io.github.etymolt/mcp-server",
-  "version": "2.0.0",
-  "description": "MCP server for brand-name verification. Three tools \u2014 verify_brand_name (5-axis verdict on a single candidate), compare_brand_names (2-5 finalist comparison), get_naming_methodology (public methodology lookup) \u2014 route to the anonymous-first /v1/verify endpoint. First 5 calls free, no API key required.",
+  "version": "2.0.1",
+  "description": "MCP server for brand-name verification. Three tools — verify_brand_name (5-axis verdict on a single candidate), compare_brand_names (2-5 finalist comparison), get_naming_methodology (public methodology lookup) — route to the anonymous-first /v1/verify endpoint. First 5 calls free, no API key required.",
   "main": "dist/index.js",
+  "types": "dist/index.d.ts",
   "type": "module",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js",
+      "default": "./dist/index.js"
+    },
+    "./package.json": "./package.json"
+  },
   "bin": {
     "etymolt-mcp": "dist/index.js"
   },
   "files": [
     "dist",
     "README.md",
-    "LICENSE"
+    "LICENSE",
+    "SECURITY.md",
+    "CHANGELOG.md",
+    "smithery.yaml",
+    "server.json"
   ],
   "scripts": {
-    "build": "tsc",
+    "build": "tsc && chmod +x dist/index.js",
     "dev": "tsx src/index.ts",
     "start": "node dist/index.js",
     "test": "vitest run",
     "lint": "eslint src --ext .ts",
-    "prepublishOnly": "npm run build"
+    "prepublishOnly": "npm run build",
+    "prepack": "npm run build"
   },
   "keywords": [
     "mcp",
+    "mcp-server",
     "model-context-protocol",
     "claude",
+    "claude-desktop",
+    "cursor",
+    "windsurf",
+    "cline",
+    "continue",
+    "anthropic",
     "naming",
+    "brand-name",
     "trademark",
     "uspto",
     "ttab",
+    "dupont-factors",
     "brand",
-    "domain"
+    "domain",
+    "handle-availability",
+    "clearance",
+    "ai-tools",
+    "llm-tools"
   ],
-  "author": "Etymolt Inc.",
+  "author": {
+    "name": "Etymolt Inc.",
+    "url": "https://etymolt.com"
+  },
   "license": "MIT",
   "homepage": "https://etymolt.com",
   "repository": {
     "type": "git",
-    "url": "git+https://github.com/etymolt/mcp-server.git",
-    "directory": "."
+    "url": "git+https://github.com/etymolt/mcp-server.git"
   },
   "bugs": {
-    "url": "https://github.com/etymolt/mcp-server/issues"
+    "url": "https://github.com/etymolt/mcp-server/issues",
+    "email": "support@etymolt.com"
+  },
+  "funding": {
+    "type": "individual",
+    "url": "https://etymolt.com/pricing"
   },
   "publishConfig": {
     "access": "public"
@@ -57,6 +91,7 @@
     "vitest": "^1.6.0"
   },
   "engines": {
-    "node": ">=18"
+    "node": ">=18.0.0",
+    "npm": ">=9.0.0"
   }
 }

package/server.json

@@ -0,0 +1,38 @@
+{
+  "$schema": "https://static.modelcontextprotocol.io/schemas/2025-12-11/server.schema.json",
+  "name": "io.github.etymolt/mcp-server",
+  "description": "Verify any brand name in 3 seconds against USPTO, TTAB, domains, handles, and cohort fit. Anonymous-first — first 5 calls free with no API key. Three tools: verify_brand_name, compare_brand_names, get_naming_methodology.",
+  "repository": {
+    "url": "https://github.com/etymolt/mcp-server",
+    "source": "github"
+  },
+  "version": "2.0.1",
+  "websiteUrl": "https://etymolt.com",
+  "packages": [
+    {
+      "registryType": "npm",
+      "identifier": "@etymolt/mcp-server",
+      "version": "2.0.1",
+      "transport": {
+        "type": "stdio"
+      },
+      "environmentVariables": [
+        {
+          "name": "ETYMOLT_API_URL",
+          "description": "Override the API base URL. Defaults to https://api.etymolt.com — only set this for self-hosted or staging deployments.",
+          "isRequired": false,
+          "format": "string",
+          "isSecret": false,
+          "default": "https://api.etymolt.com"
+        },
+        {
+          "name": "ETYMOLT_API_KEY",
+          "description": "Optional API key. Without it, the first 5 calls per install are free anonymously. With a key, you get 50 calls/month free, then pay-as-you-go at $0.10 per verdict.",
+          "isRequired": false,
+          "format": "string",
+          "isSecret": true
+        }
+      ]
+    }
+  ]
+}

package/smithery.yaml

@@ -0,0 +1,96 @@
+# Smithery MCP registry configuration for @etymolt/mcp-server.
+# Per 2026-05-15 AEO boardroom — canonical 3-tool surface.
+#
+# Publish via:  npx @smithery/cli publish ./smithery.yaml
+# Docs: https://smithery.ai/docs/build/project-config/smithery.yaml
+#
+# This is the SDK-package copy. The expanded version (with full tool
+# JSON schemas and longer marketing description) lives at
+# docs/distribution/mcp-registries/smithery.yaml — that's the version
+# pasted into the Smithery dashboard. This SDK-local copy is kept in
+# the published npm tarball so MCP hosts that read smithery.yaml from
+# the package can pick up the canonical metadata.
+
+startCommand:
+  type: stdio
+  configSchema:
+    type: object
+    properties:
+      ETYMOLT_API_URL:
+        type: string
+        title: "Etymolt API base URL"
+        default: "https://api.etymolt.com"
+        description: "Override only for local development or self-hosted deployments."
+      ETYMOLT_API_KEY:
+        type: string
+        title: "Etymolt API key (optional)"
+        description: "Optional. Without a key, the first 5 calls per IP are free anonymously. With a key, you get 50 calls/month free + pay-as-you-go after."
+        secret: true
+    required: []
+
+  commandFunction: |
+    (config) => ({
+      command: "npx",
+      args: ["-y", "@etymolt/mcp-server@latest"],
+      env: {
+        ETYMOLT_API_URL: config.ETYMOLT_API_URL ?? "https://api.etymolt.com",
+        ETYMOLT_API_KEY: config.ETYMOLT_API_KEY ?? "",
+      }
+    })
+
+metadata:
+  displayName: "Etymolt — verify AI-generated brand names"
+  description: |
+    Verify AI-generated names against USPTO + TTAB + domains + handles in 3
+    seconds. Two engines: Clearance (TTAB-grounded §2(d) DuPont scoring) and
+    Taste (cohort + SMILE rubric).
+
+    Use whenever an LLM-driven workflow needs to attest a brand name. First 5
+    calls per user free with no auth — the LLM can invoke directly without
+    asking the user for setup.
+
+    Three tools:
+      - verify_brand_name      — 5-axis verdict on one candidate
+      - compare_brand_names    — 2-5 finalist comparison
+      - get_naming_methodology — public methodology lookup, no quota
+
+    Methodology public + citable: https://www.etymolt.com/methodology
+
+  categories:
+    - business
+    - branding
+    - trademark
+    - naming
+    - verification
+    - legal
+    - developer-tools
+    - ai-tools
+
+  tags:
+    - brand-name
+    - trademark
+    - uspto
+    - ttab
+    - dupont-factors
+    - sound-symbolism
+    - pronunciation
+    - cohort-fit
+    - naming-tool
+    - verification
+    - domain-availability
+    - handle-availability
+    - clearance
+    - taste-engine
+    - anonymous-first
+
+  homepage: "https://etymolt.com"
+  repository: "https://github.com/etymolt/mcp-server"
+  documentation: "https://etymolt.com/mcp"
+  license: "MIT"
+  publisher: "Etymolt Inc."
+
+  exampleQueries:
+    - "Is 'Linear' a safe name for a project management tool?"
+    - "Compare 'Notion', 'Coda', 'Roam' for my B2B SaaS"
+    - "How does brand-name verification work?"
+    - "Is 'Etymotic' too phonetically close to 'Etymolt'?"