@hapticpaper/mcp-server 1.0.8 → 1.0.10

package/dist/client/hapticPaperClient.js

@@ -0,0 +1,107 @@
+import axios from 'axios';
+export class HapticPaperClient {
+    client;
+    tokenProvider;
+    constructor(config) {
+        this.client = axios.create({
+            baseURL: config.baseUrl,
+            headers: {
+                'Content-Type': 'application/json',
+            },
+        });
+        this.tokenProvider = config.tokenProvider;
+        // Request interceptor to add auth token
+        this.client.interceptors.request.use(async (config) => {
+            if (this.tokenProvider) {
+                const token = await this.tokenProvider();
+                if (token) {
+                    config.headers.Authorization = `Bearer ${token}`;
+                }
+            }
+            return config;
+        });
+    }
+    async authHeaders(accessToken) {
+        if (accessToken) {
+            return { Authorization: `Bearer ${accessToken}` };
+        }
+        if (!this.tokenProvider) {
+            return {};
+        }
+        const token = await this.tokenProvider();
+        return token ? { Authorization: `Bearer ${token}` } : {};
+    }
+    // Account Methods
+    async getAccount(accessToken) {
+        const response = await this.client.get('/gpt/account', { headers: await this.authHeaders(accessToken) });
+        return response.data;
+    }
+    // Task Methods
+    async createTask(data, accessToken) {
+        const response = await this.client.post('/gpt/tasks', data, { headers: await this.authHeaders(accessToken) });
+        return response.data;
+    }
+    async getTask(taskId, accessToken) {
+        const response = await this.client.get(`/gpt/tasks/${taskId}`, { headers: await this.authHeaders(accessToken) });
+        return response.data;
+    }
+    async listTasks(params, accessToken) {
+        const response = await this.client.get('/gpt/tasks', { params, headers: await this.authHeaders(accessToken) });
+        return response.data;
+    }
+    async cancelTask(taskId, reason, accessToken) {
+        const response = await this.client.post(`/gpt/tasks/${taskId}/cancel`, { reason }, { headers: await this.authHeaders(accessToken) });
+        return response.data;
+    }
+    // Worker Methods
+    async searchWorkers(params, accessToken) {
+        const response = await this.client.post('/gpt/workers/search', params, { headers: await this.authHeaders(accessToken) });
+        return response.data;
+    }
+    async getWorkerProfile(workerId, accessToken) {
+        // This endpoint might not exist in gptRoutes yet, assuming it maps to backend logic
+        // If not in GPT routes, we might need to add it or use a different route
+        // For now assuming it exists based on plan
+        const response = await this.client.get(`/gpt/workers/${workerId}`, { headers: await this.authHeaders(accessToken) });
+        return response.data;
+    }
+    // Estimate Methods
+    async getEstimate(params, accessToken) {
+        const response = await this.client.post('/gpt/estimate', params, { headers: await this.authHeaders(accessToken) });
+        return response.data;
+    }
+    async getSkillCategories() {
+        // Placeholder or real endpoint
+        return [
+            {
+                name: "Delivery",
+                description: "Physical delivery of items",
+                examples: ["Food delivery", "Package courier"],
+                priceRange: { min: 15, max: 50 }
+            },
+            {
+                name: "General Help",
+                description: "Moving, cleaning, organizing",
+                examples: ["Help moving boxes", "Garage cleanup"],
+                priceRange: { min: 30, max: 100 }
+            }
+        ];
+    }
+    // Qualification Methods
+    async discoverEarningOpportunity(params) {
+        const response = await this.client.post('/gpt/qualification/discover', params);
+        return response.data;
+    }
+    async continueQualification(sessionId, userResponse) {
+        const response = await this.client.post(`/gpt/qualification/${sessionId}/respond`, { userResponse });
+        return response.data;
+    }
+    async getQualificationStatus(sessionId) {
+        const response = await this.client.get(`/gpt/qualification/${sessionId}`);
+        return response.data;
+    }
+    async completeQualification(sessionId) {
+        const response = await this.client.post(`/gpt/qualification/${sessionId}/complete`, {});
+        return response.data;
+    }
+}

package/dist/constants/widget.js

@@ -0,0 +1,10 @@
+// Canonical widget URI used in tool `openai/outputTemplate`.
+export const HAPTICPAPER_WIDGET_URI = 'ui://widget/hapticpaper.html';
+// Legacy widget URI kept for backward compatibility with clients that cache the widget URI.
+export const HIREHUMAN_WIDGET_URI = 'ui://widget/hirehuman.html';
+export const CANONICAL_WIDGET_RESOURCES = [
+    { name: 'hapticpaper-widget', uri: HAPTICPAPER_WIDGET_URI },
+];
+export const LEGACY_WIDGET_RESOURCES = [
+    { name: 'hirehuman-widget', uri: HIREHUMAN_WIDGET_URI },
+];

package/dist/index.js

@@ -11,7 +11,8 @@ import crypto from 'node:crypto';
 import fs from 'node:fs';
 import path from 'node:path';
 import jwt from 'jsonwebtoken';
-import { HireHumanClient } from "./client/hireHumanClient.js";
+import { HapticPaperClient } from "./client/hapticPaperClient.js";
+import { CANONICAL_WIDGET_RESOURCES, LEGACY_WIDGET_RESOURCES } from "./constants/widget.js";
 import { registerAllTools } from "./tools/index.js";
 import { registerAllResources } from "./resources/index.js";
 import { TokenManager, MCPOAuthHandler } from "./auth/oauth.js";
@@ -25,8 +26,8 @@ async function main() {
         console.error('Starting Authentication Flow...');
         const auth = new MCPOAuthHandler({
             clientId: 'mcp-client', // Matches seedMcpClient.ts
-            authorizationUrl: process.env.AUTH_URL || 'https://hapticpaper.com/oauth/authorize',
-            tokenUrl: process.env.TOKEN_URL || 'https://hapticpaper.com/api/v1/oauth/token',
+            authorizationUrl: process.env.AUTH_URL || 'https://hh.hapticpaper.com/oauth/authorize',
+            tokenUrl: process.env.TOKEN_URL || 'https://hh.hapticpaper.com/api/v1/oauth/token',
             redirectUri: 'http://localhost:8765/callback',
             scopes: ['tasks:read', 'tasks:write', 'workers:read']
         });
@@ -49,17 +50,21 @@ async function main() {
             return;
         }
         const widgetJs = fs.readFileSync(widgetBundlePath, 'utf8');
-        server.registerResource('hirehuman-widget', 'ui://widget/hirehuman.html', {}, async () => ({
-            contents: [
-                {
-                    uri: 'ui://widget/hirehuman.html',
-                    mimeType: 'text/html+skybridge',
-                    text: `
-<div id="hirehuman-root"></div>
+        const widgetMeta = {
+            'openai/widgetPrefersBorder': true,
+            'openai/widgetDomain': 'https://chatgpt.com',
+            'openai/widgetDescription': 'Shows interactive task and worker results for Haptic-Paper tools.',
+            'openai/widgetCSP': {
+                connect_domains: ['https://chatgpt.com'],
+                resource_domains: ['https://*.oaistatic.com'],
+            },
+        };
+        const html = `
+<div id="hapticpaper-root"></div>
 <style>
   :root { color-scheme: light dark; }
   body { margin: 0; font-family: ui-sans-serif, system-ui, -apple-system, Segoe UI, Roboto, Helvetica, Arial; }
-  #hirehuman-root { padding: 12px; }
+  #hapticpaper-root { padding: 12px; }
   .hh-title { font-size: 14px; font-weight: 600; margin-bottom: 8px; }
   .hh-muted { opacity: 0.7; font-size: 12px; }
   .hh-card { border: 1px solid rgba(127,127,127,0.25); border-radius: 12px; padding: 10px; margin: 8px 0; }
@@ -72,23 +77,30 @@ async function main() {
 <script type="module">
 ${widgetJs}
 </script>
-                        `.trim(),
-                    _meta: {
-                        'openai/widgetPrefersBorder': true,
-                        'openai/widgetDomain': 'https://chatgpt.com',
-                        'openai/widgetDescription': 'Shows interactive task and worker results for Hire-a-Human tools.',
-                        'openai/widgetCSP': {
-                            connect_domains: ['https://chatgpt.com'],
-                            resource_domains: ['https://*.oaistatic.com'],
-                        },
+                        `.trim();
+        const registerWidgetResource = (name, uri) => {
+            server.registerResource(name, uri, {}, async () => ({
+                contents: [
+                    {
+                        uri,
+                        mimeType: 'text/html+skybridge',
+                        text: html,
+                        _meta: widgetMeta,
                     },
-                },
-            ],
-        }));
+                ],
+            }));
+        };
+        for (const { name, uri } of CANONICAL_WIDGET_RESOURCES) {
+            registerWidgetResource(name, uri);
+        }
+        // Some clients cache the widget URI from the tool definitions; serving both keeps older installs working.
+        for (const { name, uri } of LEGACY_WIDGET_RESOURCES) {
+            registerWidgetResource(name, uri);
+        }
     }
     function createMcpServer(client) {
         const server = new McpServer({
-            name: "hire-a-human",
+            name: "haptic-paper",
             version: "1.0.0"
         });
         registerWidgetTemplate(server);
@@ -96,13 +108,14 @@ ${widgetJs}
         registerAllResources(server, client);
         return server;
     }
+    const transportType = process.env.MCP_TRANSPORT || 'stdio';
     // Helper to run interactive OAuth flow
     const runOAuthFlow = async () => {
         console.error('No valid token found. Starting authentication...');
         const auth = new MCPOAuthHandler({
             clientId: 'mcp-client',
-            authorizationUrl: process.env.AUTH_URL || 'https://hapticpaper.com/oauth/authorize',
-            tokenUrl: process.env.TOKEN_URL || 'https://hapticpaper.com/api/v1/oauth/token',
+            authorizationUrl: process.env.AUTH_URL || 'https://hh.hapticpaper.com/oauth/authorize',
+            tokenUrl: process.env.TOKEN_URL || 'https://hh.hapticpaper.com/api/v1/oauth/token',
             redirectUri: 'http://localhost:8765/callback',
             scopes: ['tasks:read', 'tasks:write', 'workers:read']
         });
@@ -112,9 +125,9 @@ ${widgetJs}
         return tokens.access_token;
     };
     // Initialize Client with auto-auth tokenProvider
-    const client = new HireHumanClient({
-        baseUrl: process.env.API_URL || 'https://hapticpaper.com/api/v1',
-        tokenProvider: async () => {
+    const client = new HapticPaperClient({
+        baseUrl: process.env.API_URL || 'https://hh.hapticpaper.com/api/v1',
+        tokenProvider: transportType === 'http' ? undefined : async () => {
             // 1. Check for API key (CI/headless mode)
             const apiKey = process.env.HAPTIC_API_KEY;
             if (apiKey) {
@@ -135,8 +148,8 @@ ${widgetJs}
         }
     });
     // Transport
-    const transportType = process.env.MCP_TRANSPORT || 'stdio';
     if (transportType === 'http') {
+        console.error('[MCP] MCP_TRANSPORT=http: interactive OAuth is disabled; clients must send Authorization: Bearer <token>');
         const host = process.env.HOST || '127.0.0.1';
         const port = Number(process.env.PORT || 3001);
         const app = createMcpExpressApp({
@@ -154,20 +167,79 @@ ${widgetJs}
         const backendBaseUrl = process.env.BACKEND_PUBLIC_URL || process.env.API_URL?.replace(/\/api\/v1\/?$/, '') || 'http://localhost:3000';
         const backendOAuthBase = `${backendBaseUrl}/api/v1/oauth`;
         const scopesSupported = ['tasks:read', 'tasks:write', 'workers:read'];
-        // RFC 8414: OAuth Authorization Server Metadata
-        // MCP spec says this MUST be at {authorization_base_url}/.well-known/oauth-authorization-server
-        app.get('/.well-known/oauth-authorization-server', (_req, res) => {
-            res.json({
-                issuer: mcpOrigin,
+        const getConfiguredPublicOrigin = () => {
+            const configured = process.env.MCP_PUBLIC_URL;
+            if (!configured)
+                return undefined;
+            try {
+                const url = new URL(configured);
+                if (url.pathname !== '/' || url.search || url.hash) {
+                    console.error(`[MCP] MCP_PUBLIC_URL must be an origin without path, query, or fragment; falling back to request-derived origin. (received=${configured})`);
+                    return undefined;
+                }
+                return url.origin;
+            }
+            catch {
+                console.error(`[MCP] Invalid MCP_PUBLIC_URL; falling back to request-derived origin. (received=${configured})`);
+                return undefined;
+            }
+        };
+        const configuredPublicOrigin = getConfiguredPublicOrigin();
+        const getForwarded = (value) => {
+            const raw = Array.isArray(value) ? value[0] : value;
+            if (typeof raw !== 'string')
+                return undefined;
+            // Use the first forwarded value (client-facing) when multiple proxies append values.
+            const part = raw.split(',')[0]?.trim();
+            return part || undefined;
+        };
+        const getIssuerForMetadata = (req) => {
+            if (configuredPublicOrigin)
+                return configuredPublicOrigin;
+            if (!req)
+                return mcpOrigin;
+            const proto = getForwarded(req.headers['x-forwarded-proto']);
+            const host = getForwarded(req.headers['x-forwarded-host']) || getForwarded(req.headers.host);
+            const safeProto = proto === 'http' || proto === 'https' ? proto : undefined;
+            const safeHost = host && !/[\s/\\@]/.test(host) ? host : undefined;
+            if (safeProto && safeHost) {
+                return `${safeProto}://${safeHost}`;
+            }
+            return mcpOrigin;
+        };
+        // Some clients validate this strictly; prefer a stable configured origin when possible.
+        const issuer = getIssuerForMetadata();
+        // Prevent caching of auth discovery documents. In some deployments, `issuer` may differ
+        // between local dev and proxy setups; stale caches can cause confusing auth failures.
+        app.use('/.well-known', (_req, res, next) => {
+            res.set('Cache-Control', 'no-store');
+            next();
+        });
+        const buildDiscoveryMetadata = (req) => {
+            const issuer = getIssuerForMetadata(req);
+            const metadata = {
+                issuer,
                 authorization_endpoint: `${backendOAuthBase}/authorize`,
                 token_endpoint: `${backendOAuthBase}/token`,
-                registration_endpoint: `${mcpOrigin}/register`,
+                registration_endpoint: `${issuer}/register`,
                 response_types_supported: ['code'],
                 grant_types_supported: ['authorization_code', 'refresh_token'],
                 token_endpoint_auth_methods_supported: ['client_secret_post', 'client_secret_basic', 'none'],
                 code_challenge_methods_supported: ['S256', 'plain'],
                 scopes_supported: scopesSupported,
-            });
+            };
+            return Object.freeze(metadata);
+        };
+        // RFC 8414: OAuth Authorization Server Metadata
+        // MCP spec says this MUST be at {authorization_base_url}/.well-known/oauth-authorization-server
+        app.get('/.well-known/oauth-authorization-server', (req, res) => {
+            res.json(buildDiscoveryMetadata(req));
+        });
+        // Some clients look for OIDC discovery even when only OAuth is required.
+        // This is not a full OpenID Provider implementation; it only advertises the
+        // OAuth endpoints and PKCE capability needed for authorization-code flows.
+        app.get('/.well-known/openid-configuration', (req, res) => {
+            res.json(buildDiscoveryMetadata(req));
         });
         // RFC 7591: Dynamic Client Registration
         // Proxy to backend
@@ -186,13 +258,13 @@ ${widgetJs}
                 res.status(500).json({ error: 'Registration failed' });
             }
         });
-        // For legacy/SDK compatibility
-        const issuer = mcpOrigin;
+        // For legacy/SDK compatibility, we use the best known stable issuer at startup.
+        // When behind proxies, prefer the `/.well-known/*` endpoints for per-request issuer.
         const oauthMetadata = {
             issuer,
             authorization_endpoint: `${backendOAuthBase}/authorize`,
             token_endpoint: `${backendOAuthBase}/token`,
-            registration_endpoint: `${mcpOrigin}/register`,
+            registration_endpoint: `${issuer}/register`,
             response_types_supported: ['code'],
             grant_types_supported: ['authorization_code', 'refresh_token'],
             token_endpoint_auth_methods_supported: ['client_secret_post', 'client_secret_basic', 'none'],
@@ -204,12 +276,14 @@ ${widgetJs}
         // (including VS Code and ChatGPT) can start the OAuth handshake.
         const protectedResourceMetadataUrl = getOAuthProtectedResourceMetadataUrl(resourceServerUrl);
         const protectedResourceMetadataPath = new URL(protectedResourceMetadataUrl).pathname;
-        app.get(protectedResourceMetadataPath, (_req, res) => {
+        app.get(protectedResourceMetadataPath, (req, res) => {
+            const issuer = getIssuerForMetadata(req);
+            res.set('Cache-Control', 'no-store');
             res.json({
                 resource: resourceServerUrl.toString(),
                 authorization_servers: [issuer],
                 scopes_supported: scopesSupported,
-                resource_name: 'Hire-a-Human MCP',
+                resource_name: 'Haptic-Paper MCP',
             });
         });
         if (shouldAdvertiseAuthMetadata) {
@@ -218,12 +292,12 @@ ${widgetJs}
                 oauthMetadata,
                 resourceServerUrl,
                 scopesSupported,
-                resourceName: 'Hire-a-Human MCP',
+                resourceName: 'Haptic-Paper MCP',
             }));
         }
         else if (!authMetadataDisabled) {
             console.error(`[MCP] Auth metadata not advertised because URLs are not HTTPS. ` +
-                `Set RESOURCE_SERVER_URL and AUTHORIZATION_SERVER_ISSUER to https://... (recommended for ChatGPT Connectors), ` +
+                `Set RESOURCE_SERVER_URL to https://... (recommended for ChatGPT Connectors), ` +
                 `or set MCP_AUTH_METADATA_DISABLED=true for local dev. ` +
                 `(issuer=${issuer}, resourceServerUrl=${resourceServerUrl.toString()})`);
         }
@@ -258,18 +332,40 @@ ${widgetJs}
             resourceMetadataUrl: protectedResourceMetadataUrl,
         });
         const transports = {};
+        const allowUnauthenticatedDiscovery = String(process.env.MCP_ALLOW_UNAUTHENTICATED_DISCOVERY || '').toLowerCase() === 'true';
+        const discoveryMethods = ['tools/list', 'resources/list', 'prompts/list'];
+        // Allowlist for JSON-RPC notifications that are safe to accept unauthenticated.
+        const unauthenticatedNotificationMethods = ['notifications/initialized'];
         const shouldRequireAuth = (req) => {
             // Only POST requests perform JSON-RPC actions. GET/DELETE are session transport mechanics.
             if (req.method !== 'POST')
                 return false;
-            // Allow unauthenticated initialize + listing so clients can discover tools/resources.
+            // Allow unauthenticated initialize so the session can be created.
+            // Everything else should require auth so clients (VS Code / ChatGPT) trigger the OAuth handshake
+            // before listing tools or invoking them.
             const body = req.body;
+            // Security hardening: batched JSON-RPC requests must always be authenticated to avoid
+            // mixing allowed + disallowed methods in a single batch and bypassing auth.
+            if (Array.isArray(body))
+                return true;
             if (isInitializeRequest(body))
                 return false;
-            const method = body?.method;
-            if (method === 'tools/list' || method === 'resources/list' || method === 'prompts/list')
+            const isObject = body !== null && typeof body === 'object' && !Array.isArray(body);
+            const obj = isObject ? body : null;
+            const method = typeof obj?.method === 'string' ? obj.method : undefined;
+            const hasOwnId = isObject && Object.prototype.hasOwnProperty.call(body, 'id');
+            const idValue = hasOwnId ? obj?.['id'] : undefined;
+            const isJsonRpcNotification = isObject && !hasOwnId;
+            const isNullIdNotification = isObject && hasOwnId && idValue === null;
+            if ((isJsonRpcNotification || isNullIdNotification) &&
+                method &&
+                unauthenticatedNotificationMethods.includes(method)) {
                 return false;
-            // Require OAuth for tool calls and everything else.
+            }
+            if (allowUnauthenticatedDiscovery) {
+                if (method && discoveryMethods.includes(method))
+                    return false;
+            }
             return true;
         };
         app.use('/mcp', (req, res, next) => {
@@ -325,6 +421,8 @@ ${widgetJs}
         app.listen(port, host, () => {
             console.error(`MCP Server listening on http://${host}:${port}/mcp`);
             console.error(`OAuth resource metadata: ${getOAuthProtectedResourceMetadataUrl(resourceServerUrl)}`);
+            console.error(`[MCP] Discovery auth: ${allowUnauthenticatedDiscovery ? 'unauthenticated allowed' : 'auth required'} ` +
+                `for ${discoveryMethods.join(', ')}${allowUnauthenticatedDiscovery ? '' : ' (set MCP_ALLOW_UNAUTHENTICATED_DISCOVERY=true to allow)'}`);
         });
     }
     else {

package/dist/resources/index.js

@@ -15,7 +15,7 @@ const templates = [
         typicalDuration: "3-5 hours"
     }
 ];
-export function registerAllResources(server, _client) {
+export function registerAllResources(server, client) {
     server.registerResource('task-templates', TEMPLATES_URI, {
         title: 'Task Templates',
         description: 'List of common task templates with pricing guidance',

package/dist/tools/account.js

@@ -1,6 +1,6 @@
 import { z } from "zod";
 import { requireScopes } from "../auth/access.js";
-const OUTPUT_TEMPLATE = 'ui://widget/hirehuman.html';
+import { HAPTICPAPER_WIDGET_URI } from "../constants/widget.js";
 function oauthSecuritySchemes(scopes) {
     return [
         {
@@ -11,7 +11,7 @@ function oauthSecuritySchemes(scopes) {
 }
 function toolDescriptorMeta(invoking, invoked, scopes) {
     return {
-        'openai/outputTemplate': OUTPUT_TEMPLATE,
+        'openai/outputTemplate': HAPTICPAPER_WIDGET_URI,
         'openai/toolInvocation/invoking': invoking,
         'openai/toolInvocation/invoked': invoked,
         'openai/widgetAccessible': true,
@@ -42,14 +42,14 @@ export function registerAccountTools(server, client) {
                     account: {
                         displayName: account.displayName,
                         email: account.email,
-                        balanceDollars: account.balanceDollars,
+                        balanceCredits: account.balanceCredits,
                         hasPaymentMethod: account.hasPaymentMethod,
                     },
                 },
                 content: [
                     {
                         type: 'text',
-                        text: `Welcome, ${account.displayName}! Your Haptic Paper balance is $${account.balanceDollars.toFixed(2)}.${account.hasPaymentMethod ? '' : ' Add a payment method to create paid tasks.'}`,
+                        text: `Welcome, ${account.displayName}! Your Haptic Paper balance is ${account.balanceCredits} credits.${account.hasPaymentMethod ? '' : ' Add a payment method to create paid tasks.'}`,
                     },
                 ],
                 _meta: {

package/dist/tools/estimates.js

@@ -1,7 +1,7 @@
 import { z } from "zod";
 import { requireScopes } from "../auth/access.js";
+import { HAPTICPAPER_WIDGET_URI } from "../constants/widget.js";
 import crypto from 'node:crypto';
-const OUTPUT_TEMPLATE = 'ui://widget/hirehuman.html';
 function stableSessionId(prefix, value) {
     const raw = value ?? 'unknown';
     const hash = crypto.createHash('sha256').update(raw).digest('hex').slice(0, 16);
@@ -17,7 +17,7 @@ function oauthSecuritySchemes(scopes) {
 }
 function toolDescriptorMeta(invoking, invoked, scopes) {
     return {
-        'openai/outputTemplate': OUTPUT_TEMPLATE,
+        'openai/outputTemplate': HAPTICPAPER_WIDGET_URI,
         'openai/toolInvocation/invoking': invoking,
         'openai/toolInvocation/invoked': invoked,
         'openai/widgetAccessible': true,

package/dist/tools/qualification.js

@@ -1,6 +1,6 @@
 import { z } from "zod";
+import { HAPTICPAPER_WIDGET_URI } from "../constants/widget.js";
 import crypto from 'node:crypto';
-const OUTPUT_TEMPLATE = 'ui://widget/hirehuman.html';
 function stableSessionId(prefix, value) {
     const raw = value ?? 'unknown';
     const hash = crypto.createHash('sha256').update(raw).digest('hex').slice(0, 16);
@@ -8,7 +8,7 @@ function stableSessionId(prefix, value) {
 }
 function toolDescriptorMeta(invoking, invoked, scopes = []) {
     return {
-        'openai/outputTemplate': OUTPUT_TEMPLATE,
+        'openai/outputTemplate': HAPTICPAPER_WIDGET_URI,
         'openai/toolInvocation/invoking': invoking,
         'openai/toolInvocation/invoked': invoked,
         'openai/widgetAccessible': true,

package/dist/tools/tasks.js

@@ -1,7 +1,7 @@
 import { z } from "zod";
 import { requireScopes } from "../auth/access.js";
+import { HAPTICPAPER_WIDGET_URI } from "../constants/widget.js";
 import crypto from 'node:crypto';
-const OUTPUT_TEMPLATE = 'ui://widget/hirehuman.html';
 function stableSessionId(prefix, value) {
     const raw = value ?? 'unknown';
     const hash = crypto.createHash('sha256').update(raw).digest('hex').slice(0, 16);
@@ -17,7 +17,7 @@ function oauthSecuritySchemes(scopes) {
 }
 function toolDescriptorMeta(invoking, invoked, scopes) {
     return {
-        'openai/outputTemplate': OUTPUT_TEMPLATE,
+        'openai/outputTemplate': HAPTICPAPER_WIDGET_URI,
         'openai/toolInvocation/invoking': invoking,
         'openai/toolInvocation/invoked': invoked,
         'openai/widgetAccessible': true,

package/dist/tools/workers.js

@@ -1,7 +1,7 @@
 import { z } from "zod";
 import { requireScopes } from "../auth/access.js";
+import { HAPTICPAPER_WIDGET_URI } from "../constants/widget.js";
 import crypto from 'node:crypto';
-const OUTPUT_TEMPLATE = 'ui://widget/hirehuman.html';
 function stableSessionId(prefix, value) {
     const raw = value ?? 'unknown';
     const hash = crypto.createHash('sha256').update(raw).digest('hex').slice(0, 16);
@@ -17,7 +17,7 @@ function oauthSecuritySchemes(scopes) {
 }
 function toolDescriptorMeta(invoking, invoked, scopes) {
     return {
-        'openai/outputTemplate': OUTPUT_TEMPLATE,
+        'openai/outputTemplate': HAPTICPAPER_WIDGET_URI,
         'openai/toolInvocation/invoking': invoking,
         'openai/toolInvocation/invoked': invoked,
         'openai/widgetAccessible': true,

package/gemini-extension.json

@@ -1,7 +1,7 @@
 {
   "name": "hapticpaper",
   "description": "Connect your account to create human tasks from agentic pipelines.",
-  "version": "1.0.7",
+  "version": "1.0.9",
   "contextFileName": "HAPTICPAPER.md",
   "mcpServers": {
     "hapticpaper": {

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@hapticpaper/mcp-server",
   "mcpName": "com.hapticpaper/mcp",
-  "version": "1.0.8",
+  "version": "1.0.10",
   "description": "Official MCP Server for Haptic Paper - Connect your account to create human tasks from agentic pipelines.",
   "type": "module",
   "main": "dist/index.js",

package/server.json

@@ -2,16 +2,20 @@
   "$schema": "https://static.modelcontextprotocol.io/schemas/2025-12-11/server.schema.json",
   "name": "com.hapticpaper/mcp",
   "title": "Haptic Paper",
-  "description": "Connect your AI to human workers. When AI needs help, Haptic Paper makes it happen - from data labeling to physical tasks.",
+  "description": "Connect your AI to human workers. Get paid to help AI.",
   "icons": [
     {
       "mimeType": "image/png",
-      "sizes": ["32x32"],
+      "sizes": [
+        "32x32"
+      ],
       "src": "https://hapticpaper.com/favicon-32x32.png"
     },
     {
       "mimeType": "image/png",
-      "sizes": ["192x192"],
+      "sizes": [
+        "192x192"
+      ],
       "src": "https://hapticpaper.com/android-chrome-192x192.png"
     }
   ],
@@ -21,7 +25,7 @@
     "subfolder": "packages/mcp-server"
   },
   "websiteUrl": "https://hapticpaper.com/developer",
-  "version": "1.0.8",
+  "version": "1.0.10",
   "remotes": [
     {
       "type": "streamable-http",
@@ -33,7 +37,7 @@
       "registryType": "npm",
       "registryBaseUrl": "https://registry.npmjs.org",
       "identifier": "@hapticpaper/mcp-server",
-      "version": "1.0.8",
+      "version": "1.0.10",
       "transport": {
         "type": "stdio"
       },