@geometra/mcp 1.43.0 → 1.45.0

package/dist/server.js

@@ -3546,6 +3546,62 @@ function suggestRecovery(field, error) {
     }
     return undefined;
 }
+// Normalize a value for verifyFills comparison so caller-friendly inputs
+// match site-formatted readbacks. The legacy comparison was strict lowercase
+// only — which broke every form that auto-formats phone numbers, dates, or
+// currency fields. Greenhouse turns "+1-929-608-1737" into "(929) 608-1737";
+// Workday turns "$160000" into "$160,000.00"; Lever turns "2026-01-01" into
+// "01/01/2026". The lowercase comparator flagged all of these as mismatches
+// even though the field state was correct, forcing every caller to either
+// disable verifyFills or wrap it in defensive try/catch.
+//
+// The fix: detect phone-like and number-like values and compare on the
+// canonical digit sequence. Plain text and short strings still go through
+// the strict lowercase comparator so unrelated content can't accidentally
+// match (e.g. "1234 Main St" vs "12-34 Main").
+function looksLikePhoneNumber(value) {
+    // Heuristic: at least 7 digits, and after stripping whitespace + the
+    // common phone separator characters (+ - . ( ) space ext) only digits
+    // and a single optional leading + remain. Catches international and
+    // domestic formats without false-matching addresses or IDs.
+    const stripped = value.replace(/[\s().\-+x]|ext\.?/gi, '');
+    if (stripped.length < 7)
+        return false;
+    if (!/^\d+$/.test(stripped))
+        return false;
+    return /\d.*[\s().\-+]|^\+\d/.test(value) || /^\d{7,}$/.test(value);
+}
+function looksLikeFormattedNumber(value) {
+    // Catches "$160,000.00" / "1,000,000" / "1.5e6" style readbacks where the
+    // site adds thousands separators or currency prefixes. Requires at least
+    // one comma OR currency prefix to avoid matching plain text.
+    if (!/[$€£¥,]/.test(value))
+        return false;
+    return /\d/.test(value);
+}
+function digitSignature(value) {
+    return value.replace(/\D+/g, '');
+}
+function valuesEquivalent(expected, actual) {
+    if (expected.toLowerCase() === actual.toLowerCase())
+        return true;
+    // Both look like phones → compare digit signatures only
+    if (looksLikePhoneNumber(expected) && looksLikePhoneNumber(actual)) {
+        return digitSignature(expected) === digitSignature(actual);
+    }
+    // Both look like formatted numbers → compare digit signatures only
+    if (looksLikeFormattedNumber(expected) || looksLikeFormattedNumber(actual)) {
+        const eDigits = digitSignature(expected);
+        const aDigits = digitSignature(actual);
+        if (eDigits && aDigits && eDigits === aDigits)
+            return true;
+    }
+    // Whitespace normalization for everything else (handles "Charlie  Greenman"
+    // vs "Charlie Greenman" auto-collapsed by ATS forms)
+    const eNorm = expected.replace(/\s+/g, ' ').trim().toLowerCase();
+    const aNorm = actual.replace(/\s+/g, ' ').trim().toLowerCase();
+    return eNorm === aNorm;
+}
 function verifyFormFills(session, planned) {
     const a11y = sessionA11y(session);
     if (!a11y)
@@ -3566,7 +3622,7 @@ function verifyFormFills(session, planned) {
         if (!actual || !expected) {
             mismatches.push({ fieldLabel: label, expected, actual, ...(p.field.fieldId ? { fieldId: p.field.fieldId } : {}) });
         }
-        else if (actual.toLowerCase() !== expected.toLowerCase()) {
+        else if (!valuesEquivalent(expected, actual)) {
             mismatches.push({ fieldLabel: label, expected, actual, ...(p.field.fieldId ? { fieldId: p.field.fieldId } : {}) });
         }
         else {

package/dist/session.js

@@ -645,19 +645,46 @@ export function connect(url, opts) {
         let resolved = false;
         let lastMessageAt = Date.now();
         let heartbeatInterval = null;
+        let pendingPongBy = null;
+        // Heartbeat: send a real WS-level ping every 15s and only tear the socket
+        // down if the peer fails to respond to two consecutive pings (i.e. ~45s of
+        // true unresponsiveness). Previous versions used a dumb idle timer that
+        // closed the socket after 30s of no inbound frames — which killed sessions
+        // during normal form-submission flows where the DOM is legitimately idle
+        // for 20-30+ seconds while the backend processes (Greenhouse submit →
+        // security-code dialog is the canonical repro). A real ping/pong cycle
+        // distinguishes a silent-but-healthy session from a dead one.
         function startHeartbeat() {
             if (heartbeatInterval)
                 return;
             heartbeatInterval = setInterval(() => {
-                if (Date.now() - lastMessageAt > 30_000) {
+                // If we're waiting on a pong and it's overdue, the peer is dead.
+                if (pendingPongBy !== null && Date.now() > pendingPongBy) {
                     try {
                         ws.close();
                     }
                     catch { /* ignore */ }
+                    return;
+                }
+                // Only send a new ping if we haven't heard anything for a while,
+                // to avoid spamming a chatty session.
+                if (Date.now() - lastMessageAt > 10_000) {
+                    try {
+                        ws.ping();
+                        // Allow 30s for the pong before declaring the peer dead.
+                        pendingPongBy = Date.now() + 30_000;
+                    }
+                    catch {
+                        /* if ping throws, the socket is already gone — let 'close' handle */
+                    }
                 }
-            }, 30_000);
+            }, 15_000);
             heartbeatInterval.unref();
         }
+        ws.on('pong', () => {
+            lastMessageAt = Date.now();
+            pendingPongBy = null;
+        });
         const timeout = setTimeout(() => {
             if (!resolved) {
                 resolved = true;
@@ -1782,12 +1809,26 @@ function compactSchemaContext(context, label) {
     return Object.keys(out).length > 0 ? out : undefined;
 }
 function compactSchemaValue(value, inlineLimit = 80) {
-    const normalized = sanitizeInlineName(value, Math.max(120, inlineLimit + 32));
-    if (!normalized)
+    // Measure the length of the FULL whitespace-normalized value first, before
+    // any inline truncation. The previous implementation called sanitizeInlineName
+    // with max=120 and then read normalized.length, which capped reported length
+    // at 120 even when the actual filled content was 1000+ characters. That made
+    // form-required snapshots look like long-textarea fills had only landed
+    // ~120 chars, when in reality the field was correctly filled — agents then
+    // re-typed the same content thinking they had a partial fill, doubling the
+    // value or hitting the textarea length cap.
+    if (!value)
+        return {};
+    const fullNormalized = normalizeUiText(value);
+    if (!fullNormalized)
         return {};
-    return normalized.length <= inlineLimit
-        ? { value: normalized }
-        : { valueLength: normalized.length };
+    const fullLength = fullNormalized.length;
+    const inlineNormalized = sanitizeInlineName(value, Math.max(120, inlineLimit + 32));
+    if (!inlineNormalized)
+        return { valueLength: fullLength };
+    return fullLength <= inlineLimit
+        ? { value: inlineNormalized }
+        : { valueLength: fullLength };
 }
 function schemaOptionLabel(node) {
     return sanitizeFieldName(node.name, 80) ?? sanitizeInlineName(node.name, 80);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@geometra/mcp",
-  "version": "1.43.0",
+  "version": "1.45.0",
   "description": "MCP server for Geometra — interact with running Geometra apps via the geometry protocol, no browser needed",
   "license": "MIT",
   "type": "module",