@geometra/mcp 1.44.0 → 1.46.0

package/dist/__tests__/values-equivalent.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/__tests__/values-equivalent.test.js

@@ -0,0 +1,52 @@
+import { describe, expect, it } from 'vitest';
+import { valuesEquivalent } from '../server.js';
+describe('valuesEquivalent', () => {
+    describe('plain strings', () => {
+        it('matches identical strings case-insensitively', () => {
+            expect(valuesEquivalent('Charlie', 'charlie')).toBe(true);
+        });
+        it('matches with whitespace collapse', () => {
+            expect(valuesEquivalent('Charlie  Greenman', 'Charlie Greenman')).toBe(true);
+        });
+        it('rejects unrelated strings', () => {
+            expect(valuesEquivalent('Charlie', 'Alice')).toBe(false);
+        });
+    });
+    describe('phone numbers', () => {
+        it('matches identical phone signatures', () => {
+            expect(valuesEquivalent('9296081737', '9296081737')).toBe(true);
+        });
+        // Bug surfaced by JobForge round-2 marathon — Cloudflare FDE NYC #312.
+        // Greenhouse formats `+1-929-608-1737` → `(929) 608-1737`. The expected
+        // side carries the country code; the actual readback drops it. The
+        // strict-equality digit comparison previously rejected this as a
+        // mismatch even though the underlying value is correct.
+        it('matches phone numbers when expected has country code and actual does not', () => {
+            expect(valuesEquivalent('+1-929-608-1737', '(929) 608-1737')).toBe(true);
+        });
+        it('matches phone numbers when actual has country code and expected does not', () => {
+            expect(valuesEquivalent('(929) 608-1737', '+1-929-608-1737')).toBe(true);
+        });
+        it('matches across many ATS auto-format variants', () => {
+            const expected = '+19296081737';
+            expect(valuesEquivalent(expected, '(929) 608-1737')).toBe(true);
+            expect(valuesEquivalent(expected, '929-608-1737')).toBe(true);
+            expect(valuesEquivalent(expected, '929.608.1737')).toBe(true);
+            expect(valuesEquivalent(expected, '929 608 1737')).toBe(true);
+            expect(valuesEquivalent(expected, '+1 (929) 608-1737')).toBe(true);
+        });
+        it('rejects two phone numbers that differ in the local 10 digits', () => {
+            expect(valuesEquivalent('+1-929-608-1737', '(415) 555-0123')).toBe(false);
+        });
+        it('rejects suffix-match below the 7-digit local minimum', () => {
+            // Pure 6-digit IDs must not match against a longer phone signature
+            // even if the IDs happen to be a digit-suffix.
+            expect(valuesEquivalent('19296081737', '081737')).toBe(false);
+        });
+    });
+    describe('formatted numbers', () => {
+        it('matches a salary across comma formatting', () => {
+            expect(valuesEquivalent('$160000', '$160,000')).toBe(true);
+        });
+    });
+});

package/dist/server.d.ts

@@ -21,5 +21,6 @@ interface NodeFilter {
     busy?: boolean;
 }
 export declare function createServer(): McpServer;
+export declare function valuesEquivalent(expected: string, actual: string): boolean;
 export declare function findNodes(node: A11yNode, filter: NodeFilter): A11yNode[];
 export {};

package/dist/server.js

@@ -2600,7 +2600,26 @@ function fieldStatePayload(session, fieldLabel) {
     };
 }
 function waitStatusPayload(wait) {
-    return wait ? { wait: wait.status } : {};
+    if (!wait)
+        return {};
+    const payload = { wait: wait.status };
+    // Surface navigation info from proxy click handlers so callers can tell
+    // when a click triggered a full-page nav (form submit → thank-you page).
+    // Without this, the proxy session may die on the next request and the
+    // caller would see session_not_found with no clue WHY. Bug surfaced by
+    // JobForge round-2 marathon — Cloudflare FDE NYC #312 and Airtable PM
+    // AI #94 both had Submit-clicks that navigated and tore down the proxy.
+    if (wait.result && typeof wait.result === 'object') {
+        const result = wait.result;
+        if (result.navigated === true) {
+            payload.navigated = true;
+            if (typeof result.pageUrl === 'string')
+                payload.pageUrl = result.pageUrl;
+            if (typeof result.urlBefore === 'string')
+                payload.urlBefore = result.urlBefore;
+        }
+    }
+    return payload;
 }
 function compactFilterPayload(filter) {
     return Object.fromEntries(Object.entries(filter).filter(([, value]) => value !== undefined));
@@ -3582,12 +3601,32 @@ function looksLikeFormattedNumber(value) {
 function digitSignature(value) {
     return value.replace(/\D+/g, '');
 }
-function valuesEquivalent(expected, actual) {
+export function valuesEquivalent(expected, actual) {
     if (expected.toLowerCase() === actual.toLowerCase())
         return true;
-    // Both look like phones → compare digit signatures only
+    // Both look like phones → compare digit signatures, but allow one to be
+    // a suffix of the other so that an explicit country code on the expected
+    // side ("+1-929-608-1737" → digits "19296081737") still matches an ATS
+    // readback that omits it ("(929) 608-1737" → digits "9296081737"). The
+    // suffix check is direction-agnostic — either side may carry the country
+    // code. Without this, Greenhouse/Workday/Lever auto-formatted phone
+    // fields false-flag as mismatched even though the value is correct.
+    // Bug surfaced by JobForge round-2 marathon — Cloudflare FDE NYC #312.
     if (looksLikePhoneNumber(expected) && looksLikePhoneNumber(actual)) {
-        return digitSignature(expected) === digitSignature(actual);
+        const eDigits = digitSignature(expected);
+        const aDigits = digitSignature(actual);
+        if (!eDigits || !aDigits)
+            return false;
+        if (eDigits === aDigits)
+            return true;
+        // Suffix tolerance for country-code drift — only accept if the longer
+        // signature ends with the shorter, AND the shorter is at least 7 digits
+        // (NANP local minimum) so we don't false-match on tiny extension ids.
+        const longer = eDigits.length >= aDigits.length ? eDigits : aDigits;
+        const shorter = eDigits.length >= aDigits.length ? aDigits : eDigits;
+        if (shorter.length >= 7 && longer.endsWith(shorter))
+            return true;
+        return false;
     }
     // Both look like formatted numbers → compare digit signatures only
     if (looksLikeFormattedNumber(expected) || looksLikeFormattedNumber(actual)) {

package/dist/session.js

@@ -645,19 +645,46 @@ export function connect(url, opts) {
         let resolved = false;
         let lastMessageAt = Date.now();
         let heartbeatInterval = null;
+        let pendingPongBy = null;
+        // Heartbeat: send a real WS-level ping every 15s and only tear the socket
+        // down if the peer fails to respond to two consecutive pings (i.e. ~45s of
+        // true unresponsiveness). Previous versions used a dumb idle timer that
+        // closed the socket after 30s of no inbound frames — which killed sessions
+        // during normal form-submission flows where the DOM is legitimately idle
+        // for 20-30+ seconds while the backend processes (Greenhouse submit →
+        // security-code dialog is the canonical repro). A real ping/pong cycle
+        // distinguishes a silent-but-healthy session from a dead one.
         function startHeartbeat() {
             if (heartbeatInterval)
                 return;
             heartbeatInterval = setInterval(() => {
-                if (Date.now() - lastMessageAt > 30_000) {
+                // If we're waiting on a pong and it's overdue, the peer is dead.
+                if (pendingPongBy !== null && Date.now() > pendingPongBy) {
                     try {
                         ws.close();
                     }
                     catch { /* ignore */ }
+                    return;
+                }
+                // Only send a new ping if we haven't heard anything for a while,
+                // to avoid spamming a chatty session.
+                if (Date.now() - lastMessageAt > 10_000) {
+                    try {
+                        ws.ping();
+                        // Allow 30s for the pong before declaring the peer dead.
+                        pendingPongBy = Date.now() + 30_000;
+                    }
+                    catch {
+                        /* if ping throws, the socket is already gone — let 'close' handle */
+                    }
                 }
-            }, 30_000);
+            }, 15_000);
             heartbeatInterval.unref();
         }
+        ws.on('pong', () => {
+            lastMessageAt = Date.now();
+            pendingPongBy = null;
+        });
         const timeout = setTimeout(() => {
             if (!resolved) {
                 resolved = true;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@geometra/mcp",
-  "version": "1.44.0",
+  "version": "1.46.0",
   "description": "MCP server for Geometra — interact with running Geometra apps via the geometry protocol, no browser needed",
   "license": "MIT",
   "type": "module",