@insforge/mcp 1.2.8 → 1.2.10-dev.0

package/dist/{chunk-DZ5W3BSP.js → chunk-3HMBKVW5.js}

@@ -41,17 +41,40 @@ ${JSON.stringify(data, null, 2)}`;
 
 // src/shared/usage-tracker.ts
 import fetch from "node-fetch";
+var PLATFORM_API_BASE = "https://api.insforge.dev";
+function parseAppKey(apiBaseUrl) {
+  try {
+    const url = new URL(apiBaseUrl);
+    const match = url.hostname.match(/^([^.]+)\.[^.]+\.insforge\.app$/);
+    return match ? match[1] : null;
+  } catch {
+    return null;
+  }
+}
 var UsageTracker = class {
   apiBaseUrl;
   apiKey;
-  constructor(apiBaseUrl, apiKey) {
+  agentConnectedReported = false;
+  projectId;
+  accessToken;
+  isRemote;
+  constructor(apiBaseUrl, apiKey, options) {
     this.apiBaseUrl = apiBaseUrl;
     this.apiKey = apiKey;
+    this.projectId = options?.projectId;
+    this.accessToken = options?.accessToken;
+    this.isRemote = options?.isRemote ?? false;
   }
   async trackUsage(toolName, success = true) {
     if (!this.apiKey) {
       return;
     }
+    if (!this.agentConnectedReported) {
+      this.agentConnectedReported = true;
+      this.reportAgentConnected().catch((error) => {
+        console.error("Failed to report agent-connected:", error);
+      });
+    }
     try {
       const payload = {
         tool_name: toolName,
@@ -70,6 +93,27 @@ var UsageTracker = class {
       console.error("Failed to track usage:", error);
     }
   }
+  async reportAgentConnected() {
+    const body = {};
+    const headers = { "Content-Type": "application/json" };
+    if (this.isRemote && this.projectId && this.projectId !== "legacy") {
+      body.project_id = this.projectId;
+      if (this.accessToken) {
+        headers["Authorization"] = `Bearer ${this.accessToken}`;
+      }
+    } else {
+      const appKey = parseAppKey(this.apiBaseUrl);
+      if (!appKey) {
+        return;
+      }
+      body.app_key = appKey;
+    }
+    await fetch(`${PLATFORM_API_BASE}/tracking/v1/agent-connected`, {
+      method: "POST",
+      headers,
+      body: JSON.stringify(body)
+    });
+  }
 };
 
 // src/shared/tools/docs.ts
@@ -394,6 +438,12 @@ var storageBucketSchema = z5.object({
   public: z5.boolean(),
   createdAt: z5.string()
 });
+var storageConfigSchema = z5.object({
+  id: z5.string().uuid(),
+  maxFileSizeMb: z5.number().int().positive(),
+  createdAt: z5.string(),
+  updatedAt: z5.string()
+});
 
 // node_modules/@insforge/shared-schemas/dist/storage-api.schema.js
 import { z as z6 } from "zod";
@@ -440,6 +490,9 @@ var confirmUploadRequestSchema = z6.object({
   contentType: z6.string().optional(),
   etag: z6.string().optional()
 });
+var updateStorageConfigRequestSchema = z6.object({
+  maxFileSizeMb: z6.number().int().min(1, "Must be at least 1 MB").max(200, "Must be at most 200 MB")
+});
 
 // node_modules/@insforge/shared-schemas/dist/auth.schema.js
 import { z as z7 } from "zod";
@@ -497,6 +550,7 @@ var oAuthConfigSchema = z7.object({
   updatedAt: z7.string()
   // PostgreSQL timestamp
 });
+var allowedRedirectUrlsRegex = /^(?:(?:https?:\/\/)(?:(?:\*\.)?[^\s/:?#]+|\[[0-9A-Fa-f:.]+\])(?::\d+)?(?:\/[^\s]*)?|(?!(?:https?|javascript|data|file|vbscript):)[a-zA-Z][a-zA-Z0-9+.-]*:(?:\/\/[^\s/]+(?:\/[^\s]*)?|\/[^\s]*))$/i;
 var authConfigSchema = z7.object({
   id: z7.string().uuid(),
   requireEmailVerification: z7.boolean(),
@@ -507,12 +561,34 @@ var authConfigSchema = z7.object({
   requireSpecialChar: z7.boolean(),
   verifyEmailMethod: verificationMethodSchema,
   resetPasswordMethod: verificationMethodSchema,
-  signInRedirectTo: z7.union([z7.string().url(), z7.literal(""), z7.null()]).optional().transform((val) => val === "" ? null : val),
+  allowedRedirectUrls: z7.array(z7.string().regex(allowedRedirectUrlsRegex, { message: "Invalid URL or wildcard URL" })).optional().nullable(),
   createdAt: z7.string(),
   // PostgreSQL timestamp
   updatedAt: z7.string()
   // PostgreSQL timestamp
 });
+var smtpConfigSchema = z7.object({
+  id: z7.string().uuid(),
+  enabled: z7.boolean(),
+  host: z7.string(),
+  port: z7.number().int(),
+  username: z7.string(),
+  hasPassword: z7.boolean(),
+  // Never expose actual password
+  senderEmail: z7.string(),
+  senderName: z7.string(),
+  minIntervalSeconds: z7.number().int().min(0),
+  createdAt: z7.string(),
+  updatedAt: z7.string()
+});
+var emailTemplateSchema = z7.object({
+  id: z7.string().uuid(),
+  templateType: z7.string(),
+  subject: z7.string(),
+  bodyHtml: z7.string(),
+  createdAt: z7.string(),
+  updatedAt: z7.string()
+});
 var tokenPayloadSchema = z7.object({
   sub: userIdSchema,
   // Subject (user ID)
@@ -523,6 +599,16 @@ var tokenPayloadSchema = z7.object({
   exp: z7.number().optional()
   // Expiration
 });
+var customOAuthKeySchema = z7.string().min(1).max(64).regex(/^[a-z0-9_-]+$/, "Key must contain only lowercase letters, numbers, hyphens, and underscores");
+var customOAuthConfigSchema = z7.object({
+  id: z7.string().uuid(),
+  key: customOAuthKeySchema,
+  name: z7.string().min(1),
+  discoveryEndpoint: z7.string().url(),
+  clientId: z7.string().min(1),
+  createdAt: z7.string(),
+  updatedAt: z7.string()
+});
 
 // node_modules/@insforge/shared-schemas/dist/auth-api.schema.js
 import { z as z8 } from "zod";
@@ -530,19 +616,20 @@ var paginationSchema = z8.object({
   limit: z8.string().optional(),
   offset: z8.string().optional()
 });
-var authOptionsSchema = z8.object({
-  emailRedirectTo: z8.string().url().optional()
-}).optional();
 var createUserRequestSchema = z8.object({
   email: emailSchema,
   password: passwordSchema,
   name: nameSchema.optional(),
-  options: authOptionsSchema
+  redirectTo: z8.string().url().optional(),
+  autoConfirm: z8.boolean().optional()
 });
 var createSessionRequestSchema = z8.object({
   email: emailSchema,
   password: passwordSchema
 });
+var refreshSessionRequestSchema = z8.object({
+  refreshToken: z8.string().min(1, "refreshToken is required")
+});
 var exchangeAdminSessionRequestSchema = z8.object({
   code: z8.string()
 });
@@ -557,20 +644,19 @@ var updateProfileRequestSchema = z8.object({
 });
 var sendVerificationEmailRequestSchema = z8.object({
   email: emailSchema,
-  options: authOptionsSchema
+  redirectTo: z8.string().url().optional()
 });
 var verifyEmailRequestSchema = z8.object({
-  email: emailSchema.optional(),
-  otp: z8.string().min(1)
-}).refine((data) => data.email || data.otp, {
-  message: "Either email or otp must be provided"
+  email: emailSchema,
+  otp: z8.string().regex(/^\d{6}$/, "OTP code must be a 6-digit numeric code")
 });
 var sendResetPasswordEmailRequestSchema = z8.object({
-  email: emailSchema
+  email: emailSchema,
+  redirectTo: z8.string().url().optional()
 });
 var exchangeResetPasswordTokenRequestSchema = z8.object({
   email: emailSchema,
-  code: z8.string().min(1)
+  code: z8.string().regex(/^\d{6}$/, "Reset password code must be a 6-digit numeric code")
 });
 var resetPasswordRequestSchema = z8.object({
   newPassword: passwordSchema,
@@ -580,7 +666,6 @@ var createUserResponseSchema = z8.object({
   user: userSchema.optional(),
   accessToken: z8.string().nullable(),
   requireEmailVerification: z8.boolean().optional(),
-  redirectTo: z8.string().url().optional(),
   csrfToken: z8.string().nullable().optional(),
   refreshToken: z8.string().optional()
   // For mobile/desktop clients (no cookies)
@@ -588,7 +673,6 @@ var createUserResponseSchema = z8.object({
 var createSessionResponseSchema = z8.object({
   user: userSchema,
   accessToken: z8.string(),
-  redirectTo: z8.string().url().optional(),
   csrfToken: z8.string().nullable().optional(),
   refreshToken: z8.string().optional()
   // For mobile/desktop clients (no cookies)
@@ -596,7 +680,6 @@ var createSessionResponseSchema = z8.object({
 var verifyEmailResponseSchema = z8.object({
   user: userSchema,
   accessToken: z8.string(),
-  redirectTo: z8.string().url().optional(),
   csrfToken: z8.string().nullable().optional(),
   refreshToken: z8.string().optional()
   // For mobile/desktop clients (no cookies)
@@ -676,19 +759,49 @@ var updateAuthConfigRequestSchema = authConfigSchema.omit({
 }).partial();
 var getPublicAuthConfigResponseSchema = z8.object({
   oAuthProviders: z8.array(oAuthProvidersSchema),
+  customOAuthProviders: z8.array(customOAuthKeySchema),
   ...authConfigSchema.omit({
     id: true,
     updatedAt: true,
     createdAt: true,
-    signInRedirectTo: true
+    allowedRedirectUrls: true
   }).shape
 });
+var upsertSmtpConfigRequestSchema = z8.object({
+  enabled: z8.boolean(),
+  host: z8.string().min(1, "SMTP host is required"),
+  port: z8.union([z8.literal(25), z8.literal(465), z8.literal(587), z8.literal(2525)], {
+    errorMap: () => ({ message: "Port must be one of: 25, 465, 587, 2525" })
+  }),
+  username: z8.string().min(1, "SMTP username is required"),
+  password: z8.string().min(1, "SMTP password is required").optional(),
+  senderEmail: z8.string().email("Invalid sender email"),
+  senderName: z8.string().min(1, "Sender name is required"),
+  minIntervalSeconds: z8.number().int().min(0).default(60)
+});
+var updateEmailTemplateRequestSchema = z8.object({
+  subject: z8.string().min(1, "Subject is required"),
+  bodyHtml: z8.string().min(1, "Template body is required")
+});
+var listEmailTemplatesResponseSchema = z8.object({
+  data: z8.array(emailTemplateSchema)
+});
 var authErrorResponseSchema = z8.object({
   error: z8.string(),
   message: z8.string(),
   statusCode: z8.number().int(),
   nextActions: z8.string().optional()
 });
+var createCustomOAuthConfigRequestSchema = customOAuthConfigSchema.omit({ id: true, createdAt: true, updatedAt: true }).extend({
+  clientSecret: z8.string().min(1, "Client secret is required")
+});
+var updateCustomOAuthConfigRequestSchema = customOAuthConfigSchema.omit({ id: true, key: true, createdAt: true, updatedAt: true }).extend({
+  clientSecret: z8.string().min(1).optional()
+}).partial();
+var listCustomOAuthConfigsResponseSchema = z8.object({
+  data: z8.array(customOAuthConfigSchema),
+  count: z8.number()
+});
 
 // node_modules/@insforge/shared-schemas/dist/metadata.schema.js
 import { z as z11 } from "zod";
@@ -718,6 +831,9 @@ var realtimeMessageSchema = z9.object({
   whDeliveredCount: z9.number().int().min(0),
   createdAt: z9.string().datetime()
 });
+var realtimeConfigSchema = z9.object({
+  retentionDays: z9.number().int().positive().nullable()
+});
 var subscribeChannelPayloadSchema = z9.object({
   channel: z9.string().min(1)
   // The resolved channel instance, e.g., "order:123"
@@ -803,7 +919,8 @@ var messageStatsResponseSchema = z10.object({
   topEvents: z10.array(z10.object({
     eventName: z10.string(),
     count: z10.number().int().min(0)
-  }))
+  })),
+  retentionDays: realtimeConfigSchema.shape.retentionDays
 });
 var rlsPolicySchema = z10.object({
   policyName: z10.string(),
@@ -883,6 +1000,9 @@ var databasePasswordInfoSchema = z11.object({
 var apiKeyResponseSchema = z11.object({
   apiKey: z11.string()
 });
+var projectIdResponseSchema = z11.object({
+  projectId: z11.string().nullable()
+});
 
 // node_modules/@insforge/shared-schemas/dist/ai.schema.js
 import { z as z12 } from "zod";
@@ -975,12 +1095,42 @@ var contentSchema = z13.union([
   audioContentSchema,
   fileContentSchema
 ]);
+var toolFunctionSchema = z13.object({
+  name: z13.string(),
+  description: z13.string().optional(),
+  parameters: z13.record(z13.unknown()).optional()
+});
+var toolSchema = z13.object({
+  type: z13.literal("function"),
+  function: toolFunctionSchema
+});
+var toolChoiceSchema = z13.union([
+  z13.enum(["auto", "none", "required"]),
+  z13.object({
+    type: z13.literal("function"),
+    function: z13.object({ name: z13.string() })
+  })
+]);
+var toolCallSchema = z13.object({
+  id: z13.string(),
+  type: z13.literal("function"),
+  function: z13.object({
+    name: z13.string(),
+    arguments: z13.string()
+  })
+});
 var chatMessageSchema = z13.object({
-  role: z13.enum(["user", "assistant", "system"]),
+  role: z13.enum(["user", "assistant", "system", "tool"]),
   // New format: content can be string or array of content parts (OpenAI-compatible)
-  content: z13.union([z13.string(), z13.array(contentSchema)]),
+  content: z13.union([z13.string(), z13.array(contentSchema)]).nullable(),
   // Legacy format: separate images field (deprecated but supported for backward compatibility)
-  images: z13.array(z13.object({ url: z13.string() })).optional()
+  images: z13.array(z13.object({ url: z13.string() })).optional(),
+  // Tool calls made by the assistant
+  // eslint-disable-next-line @typescript-eslint/naming-convention
+  tool_calls: z13.array(toolCallSchema).optional(),
+  // Tool call ID for tool response messages
+  // eslint-disable-next-line @typescript-eslint/naming-convention
+  tool_call_id: z13.string().optional()
 });
 var webSearchPluginSchema = z13.object({
   enabled: z13.boolean(),
@@ -1020,7 +1170,13 @@ var chatCompletionRequestSchema = z13.object({
   fileParser: fileParserPluginSchema.optional(),
   // Thinking/Reasoning mode: Enable extended reasoning capabilities
   // Appends ":thinking" to the model ID for chain-of-thought reasoning
-  thinking: z13.boolean().optional()
+  thinking: z13.boolean().optional(),
+  // Tool calling: Define functions the AI can call
+  tools: z13.array(toolSchema).optional(),
+  // Tool choice: Control whether/which tool is called ('auto', 'none', 'required', or specific function)
+  toolChoice: toolChoiceSchema.optional(),
+  // Parallel tool calls: Allow the model to call multiple tools in parallel
+  parallelToolCalls: z13.boolean().optional()
 });
 var urlCitationAnnotationSchema = z13.object({
   type: z13.literal("url_citation"),
@@ -1046,6 +1202,9 @@ var fileAnnotationSchema = z13.object({
 var annotationSchema = z13.union([urlCitationAnnotationSchema, fileAnnotationSchema]);
 var chatCompletionResponseSchema = z13.object({
   text: z13.string(),
+  // Tool calls from the assistant (present when the model invokes tools)
+  // eslint-disable-next-line @typescript-eslint/naming-convention
+  tool_calls: z13.array(toolCallSchema).optional(),
   // Annotations from web search or file parsing (can be URL citations or file annotations)
   annotations: z13.array(annotationSchema).optional(),
   metadata: z13.object({
@@ -1135,6 +1294,15 @@ var getAIUsageSummaryRequestSchema = z13.object({
   startDate: z13.string().datetime().optional(),
   endDate: z13.string().datetime().optional()
 });
+var keySourceSchema = z13.enum(["byok", "cloud", "env", "unconfigured"]);
+var gatewayConfigResponseSchema = z13.object({
+  keySource: keySourceSchema,
+  hasByokKey: z13.boolean(),
+  maskedKey: z13.string().optional()
+});
+var setGatewayBYOKKeyRequestSchema = z13.object({
+  apiKey: z13.string().min(1, "API key is required")
+});
 
 // node_modules/@insforge/shared-schemas/dist/logs.schema.js
 import { z as z14 } from "zod";
@@ -1165,6 +1333,16 @@ var logStatsSchema = z14.object({
   count: z14.number(),
   lastActivity: z14.string()
 });
+var buildLogEntrySchema = z14.object({
+  level: z14.string(),
+  message: z14.string()
+});
+var getBuildLogsResponseSchema = z14.object({
+  deploymentId: z14.string(),
+  status: z14.enum(["pending", "success", "failed"]),
+  logs: z14.array(buildLogEntrySchema),
+  createdAt: z14.string()
+});
 
 // node_modules/@insforge/shared-schemas/dist/logs-api.schema.js
 import { z as z15 } from "zod";
@@ -1240,7 +1418,19 @@ var listFunctionsResponseSchema = z17.object({
   functions: z17.array(functionSchema),
   runtime: z17.object({
     status: z17.enum(["running", "unavailable"])
-  })
+  }),
+  deploymentUrl: z17.string().nullable().optional()
+});
+var deploymentResultSchema = z17.object({
+  id: z17.string(),
+  status: z17.enum(["success", "failed"]),
+  url: z17.string().nullable(),
+  buildLogs: z17.array(z17.string()).optional()
+});
+var functionResponseSchema = z17.object({
+  success: z17.boolean(),
+  function: functionSchema,
+  deployment: deploymentResultSchema.nullable().optional()
 });
 
 // node_modules/@insforge/shared-schemas/dist/cloud-events.schema.js
@@ -1280,6 +1470,9 @@ var showContactModalEventSchema = z18.object({
 var showConnectOverlayEventSchema = z18.object({
   type: z18.literal("SHOW_CONNECT_OVERLAY")
 });
+var showPlanModalEventSchema = z18.object({
+  type: z18.literal("SHOW_PLAN_MODAL")
+});
 var authorizationCodeEventSchema = z18.object({
   type: z18.literal("AUTHORIZATION_CODE"),
   code: z18.string()
@@ -1288,6 +1481,51 @@ var routeChangeEventSchema = z18.object({
   type: z18.literal("ROUTE_CHANGE"),
   path: z18.string()
 });
+var requestProjectInfoEventSchema = z18.object({
+  type: z18.literal("REQUEST_PROJECT_INFO")
+});
+var projectInfoEventSchema = z18.object({
+  type: z18.literal("PROJECT_INFO"),
+  name: z18.string(),
+  instanceType: z18.string(),
+  region: z18.string(),
+  latestVersion: z18.string().optional()
+});
+var requestInstanceInfoEventSchema = z18.object({
+  type: z18.literal("REQUEST_INSTANCE_INFO")
+});
+var instanceInfoEventSchema = z18.object({
+  type: z18.literal("INSTANCE_INFO"),
+  currentInstanceType: z18.string(),
+  planName: z18.string(),
+  computeCredits: z18.number(),
+  currentOrgComputeCost: z18.number(),
+  instanceTypes: z18.array(z18.object({
+    id: z18.string(),
+    name: z18.string(),
+    cpu: z18.string(),
+    ram: z18.string(),
+    pricePerHour: z18.number(),
+    pricePerMonth: z18.number()
+  })),
+  projects: z18.array(z18.object({
+    name: z18.string(),
+    instanceType: z18.string(),
+    monthlyCost: z18.number(),
+    isCurrent: z18.boolean(),
+    status: z18.string()
+  }))
+});
+var requestInstanceTypeChangeEventSchema = z18.object({
+  type: z18.literal("REQUEST_INSTANCE_TYPE_CHANGE"),
+  instanceType: z18.string()
+});
+var instanceTypeChangeResultEventSchema = z18.object({
+  type: z18.literal("INSTANCE_TYPE_CHANGE_RESULT"),
+  success: z18.boolean(),
+  instanceType: z18.string().optional(),
+  error: z18.string().optional()
+});
 var cloudEventSchema = z18.discriminatedUnion("type", [
   appRouteChangeEventSchema,
   authSuccessEventSchema,
@@ -1299,8 +1537,15 @@ var cloudEventSchema = z18.discriminatedUnion("type", [
   navigateToUsageSchema,
   showContactModalEventSchema,
   showConnectOverlayEventSchema,
+  showPlanModalEventSchema,
   authorizationCodeEventSchema,
-  routeChangeEventSchema
+  routeChangeEventSchema,
+  requestProjectInfoEventSchema,
+  projectInfoEventSchema,
+  requestInstanceInfoEventSchema,
+  instanceInfoEventSchema,
+  requestInstanceTypeChangeEventSchema,
+  instanceTypeChangeResultEventSchema
 ]);
 
 // node_modules/@insforge/shared-schemas/dist/docs.schema.js
@@ -1336,8 +1581,6 @@ var docTypeSchema = z19.enum([
   "storage-sdk",
   "functions-sdk",
   "ai-integration-sdk",
-  "auth-components-react",
-  "auth-components-nextjs",
   "real-time",
   "deployment"
 ]).describe(`
@@ -1347,8 +1590,6 @@ var docTypeSchema = z19.enum([
       "storage-sdk" (file storage),
       "functions-sdk" (edge functions),
       "auth-sdk" (direct SDK methods for custom auth flows),
-      "auth-components-react" (authentication components for React+Vite applications),
-      "auth-components-nextjs" (authentication components for Next.js applications),
       "ai-integration-sdk" (AI features),
       "real-time" (real-time pub/sub through WebSockets),
       "deployment" (deploy frontend applications via MCP tool)
@@ -1375,9 +1616,9 @@ var sendEmailResponseSchema = z20.object({});
 import { z as z21 } from "zod";
 var deploymentStatusSchema = z21.enum([
   "WAITING",
-  // Record created, waiting for client to upload zip to S3
+  // Record created, waiting for source zip upload or direct file registration/content
   "UPLOADING",
-  // Server is downloading from S3 and uploading to Vercel
+  // File uploads or Vercel deployment creation are in progress
   "QUEUED",
   // Vercel: deployment queued
   "BUILDING",
@@ -1414,11 +1655,47 @@ var envVarSchema = z22.object({
   key: z22.string(),
   value: z22.string()
 });
+var deploymentFilePathSchema = z22.string().min(1, "path is required").max(2048, "path is too long").refine((value) => !value.includes("\0"), "path cannot contain null bytes").refine((value) => !value.includes("\\"), "path must use forward slashes").refine((value) => !value.startsWith("/"), "path must be relative").refine((value) => value.split("/").every((part) => part !== "" && part !== "." && part !== ".."), "path cannot contain empty, current, or parent directory segments");
+var deploymentManifestFileEntrySchema = z22.object({
+  path: deploymentFilePathSchema,
+  sha: z22.string().regex(/^[a-f0-9]{40}$/i, "sha must be a SHA-1 hex digest"),
+  size: z22.number().int().nonnegative()
+});
+var deploymentManifestFileSchema = deploymentManifestFileEntrySchema.extend({
+  fileId: z22.string().uuid(),
+  uploadedAt: z22.string().datetime().nullable()
+});
 var createDeploymentResponseSchema = z22.object({
   id: z22.string().uuid(),
   uploadUrl: z22.string().url(),
   uploadFields: z22.record(z22.string())
-  // Required for S3 presigned POST (policy, signature, key, etc.)
+});
+var createDirectDeploymentResponseSchema = z22.object({
+  id: z22.string().uuid(),
+  status: deploymentSchema.shape.status
+});
+var createDeploymentManifestRequestSchema = z22.object({
+  files: z22.array(deploymentManifestFileEntrySchema).min(1)
+}).superRefine(({ files }, ctx) => {
+  const firstSeenByPath = /* @__PURE__ */ new Map();
+  files.forEach((file, index) => {
+    const existingIndex = firstSeenByPath.get(file.path);
+    if (existingIndex !== void 0) {
+      ctx.addIssue({
+        code: z22.ZodIssueCode.custom,
+        message: "duplicate file path",
+        path: ["files", index, "path"]
+      });
+      return;
+    }
+    firstSeenByPath.set(file.path, index);
+  });
+});
+var createDeploymentManifestResponseSchema = z22.object({
+  files: z22.array(deploymentManifestFileSchema)
+});
+var uploadDeploymentFileResponseSchema = deploymentManifestFileSchema.extend({
+  uploadedAt: z22.string().datetime()
 });
 var startDeploymentRequestSchema = z22.object({
   projectSettings: projectSettingsSchema.optional(),
@@ -1433,6 +1710,96 @@ var listDeploymentsResponseSchema = z22.object({
     total: z22.number()
   })
 });
+var deploymentEnvVarSchema = z22.object({
+  id: z22.string(),
+  // Vercel env var ID (needed for delete/get)
+  key: z22.string(),
+  type: z22.enum(["plain", "encrypted", "secret", "sensitive", "system"]),
+  updatedAt: z22.number().optional()
+  // Unix timestamp (milliseconds)
+});
+var deploymentEnvVarWithValueSchema = z22.object({
+  id: z22.string(),
+  key: z22.string(),
+  value: z22.string(),
+  type: z22.enum(["plain", "encrypted", "secret", "sensitive", "system"]),
+  updatedAt: z22.number().optional()
+});
+var listEnvVarsResponseSchema = z22.object({
+  envVars: z22.array(deploymentEnvVarSchema)
+});
+var getEnvVarResponseSchema = z22.object({
+  envVar: deploymentEnvVarWithValueSchema
+});
+var upsertEnvVarRequestSchema = z22.object({
+  key: z22.string().trim().min(1, "key is required"),
+  value: z22.string()
+});
+var upsertEnvVarsRequestSchema = z22.object({
+  envVars: z22.array(upsertEnvVarRequestSchema).min(1)
+}).superRefine(({ envVars }, ctx) => {
+  const firstSeenByKey = /* @__PURE__ */ new Map();
+  envVars.forEach((envVar, index) => {
+    const existingIndex = firstSeenByKey.get(envVar.key);
+    if (existingIndex !== void 0) {
+      ctx.addIssue({
+        code: z22.ZodIssueCode.custom,
+        message: "duplicate environment variable key",
+        path: ["envVars", index, "key"]
+      });
+      return;
+    }
+    firstSeenByKey.set(envVar.key, index);
+  });
+});
+var upsertEnvVarResponseSchema = z22.object({
+  success: z22.literal(true),
+  message: z22.string()
+});
+var upsertEnvVarsResponseSchema = z22.object({
+  success: z22.literal(true),
+  message: z22.string(),
+  count: z22.number().int().positive()
+});
+var deleteEnvVarResponseSchema = z22.object({
+  success: z22.literal(true),
+  message: z22.string()
+});
+var updateSlugRequestSchema = z22.object({
+  slug: z22.string().trim().min(3, "slug must be at least 3 characters").max(63, "slug must be at most 63 characters").regex(/^[a-z0-9]([a-z0-9-]*[a-z0-9])?$/, "slug must be lowercase alphanumeric with hyphens, not starting or ending with hyphen").nullable()
+});
+var updateSlugResponseSchema = z22.object({
+  success: z22.boolean(),
+  slug: z22.string().nullable(),
+  domain: z22.string().nullable()
+});
+var deploymentMetadataResponseSchema = z22.object({
+  currentDeploymentId: z22.string().uuid().nullable(),
+  defaultDomainUrl: z22.string().nullable(),
+  customDomainUrl: z22.string().nullable()
+});
+var domainVerificationRecordSchema = z22.object({
+  type: z22.string(),
+  domain: z22.string(),
+  value: z22.string()
+});
+var customDomainSchema = z22.object({
+  domain: z22.string(),
+  apexDomain: z22.string(),
+  verified: z22.boolean(),
+  misconfigured: z22.boolean(),
+  verification: z22.array(domainVerificationRecordSchema),
+  cnameTarget: z22.string().nullable(),
+  aRecordValue: z22.string().nullable()
+});
+var addCustomDomainRequestSchema = z22.object({
+  domain: z22.string().trim().min(1, "Domain is required").regex(/^(?:[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?\.)+[a-z]{2,}$/i, "Invalid domain format (e.g. myapp.com or www.myapp.com)").refine((domain) => !domain.toLowerCase().endsWith(".insforge.site"), {
+    message: "Domains ending with .insforge.site are reserved by InsForge"
+  })
+});
+var listCustomDomainsResponseSchema = z22.object({
+  domains: z22.array(customDomainSchema)
+});
 
 // node_modules/@insforge/shared-schemas/dist/schedules.schema.js
 import { z as z23 } from "zod";
@@ -2273,23 +2640,320 @@ function registerFunctionTools(ctx) {
 // src/shared/tools/deployment.ts
 import { z as z29 } from "zod";
 import fetch6 from "node-fetch";
+import { createHash } from "crypto";
 import { promises as fs3, createWriteStream, createReadStream } from "fs";
 import { tmpdir as tmpdir2 } from "os";
-import { join as join2 } from "path";
+import { join as join2, relative, sep } from "path";
 import archiver from "archiver";
 import FormData2 from "form-data";
-function isCreateDeploymentResponse(obj) {
-  if (typeof obj !== "object" || obj === null) {
-    return false;
+var DIRECT_DEPLOYMENT_MIN_VERSION = "2.0.5";
+var EXCLUDED_DEPLOYMENT_SEGMENTS = /* @__PURE__ */ new Set(["node_modules", ".git", ".next", "dist", "build", ".insforge"]);
+var DirectDeploymentUnsupportedError = class extends Error {
+  constructor() {
+    super("Direct deployment endpoints are not available on this backend");
+    this.name = "DirectDeploymentUnsupportedError";
   }
-  const value = obj;
-  const idOk = "id" in value && (typeof value.id === "string" || typeof value.id === "number");
-  const urlOk = "uploadUrl" in value && typeof value.uploadUrl === "string" && value.uploadUrl.length > 0;
-  const fieldsOk = "uploadFields" in value && typeof value.uploadFields === "object" && value.uploadFields !== null;
-  return idOk && urlOk && fieldsOk;
+};
+function isAbsoluteSourcePath(sourceDirectory) {
+  return sourceDirectory.startsWith("/") || /^[a-zA-Z]:[/\\]/.test(sourceDirectory);
+}
+function supportsDirectDeploymentVersion(backendVersion) {
+  const cleanVersion = backendVersion.replace(/^v/, "").split("-")[0];
+  const [major = 0, minor = 0, patch = 0] = cleanVersion.split(".").map(Number);
+  const [minMajor, minMinor, minPatch] = DIRECT_DEPLOYMENT_MIN_VERSION.split(".").map(Number);
+  if (major !== minMajor) return major > minMajor;
+  if (minor !== minMinor) return minor > minMinor;
+  return patch >= minPatch;
+}
+function shouldExcludeDeploymentPath(normalizedName) {
+  const segments = normalizedName.split("/");
+  if (segments.some((segment) => segment === ".env" || segment.startsWith(".env."))) {
+    return true;
+  }
+  if (segments.some((segment) => EXCLUDED_DEPLOYMENT_SEGMENTS.has(segment))) {
+    return true;
+  }
+  return normalizedName === ".DS_Store" || normalizedName.endsWith("/.DS_Store") || normalizedName.endsWith(".log");
+}
+function normalizeRelativePath(rootDirectory, absolutePath) {
+  return relative(rootDirectory, absolutePath).split(sep).join("/").replace(/\\/g, "/");
+}
+async function hashFile(filePath) {
+  const hash = createHash("sha1");
+  let size = 0;
+  for await (const chunk of createReadStream(filePath)) {
+    const buffer = Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk);
+    size += buffer.length;
+    hash.update(buffer);
+  }
+  return { sha: hash.digest("hex"), size };
+}
+function parseCreateDeploymentResponse(obj) {
+  const result = createDeploymentResponseSchema.safeParse(obj);
+  if (!result.success) {
+    throw new Error("Unexpected response format from deployments endpoint");
+  }
+  return result.data;
+}
+function parseCreateDirectDeploymentResponse(obj) {
+  const result = createDirectDeploymentResponseSchema.safeParse(obj);
+  if (!result.success) {
+    throw new Error("Unexpected response format from direct deployments endpoint");
+  }
+  return result.data;
+}
+function parseCreateDeploymentManifestResponse(obj) {
+  const result = createDeploymentManifestResponseSchema.safeParse(obj);
+  if (!result.success) {
+    throw new Error("Unexpected response format from deployment manifest endpoint");
+  }
+  return result.data;
+}
+async function collectDeploymentFiles(sourceDirectory) {
+  const files = [];
+  async function walk(currentDirectory) {
+    const entries = await fs3.readdir(currentDirectory, { withFileTypes: true });
+    entries.sort((a, b) => a.name.localeCompare(b.name));
+    for (const entry of entries) {
+      const absolutePath = join2(currentDirectory, entry.name);
+      const normalizedPath = normalizeRelativePath(sourceDirectory, absolutePath);
+      if (!normalizedPath || shouldExcludeDeploymentPath(normalizedPath)) {
+        continue;
+      }
+      if (entry.isDirectory()) {
+        await walk(absolutePath);
+        continue;
+      }
+      if (!entry.isFile()) {
+        continue;
+      }
+      const { sha, size } = await hashFile(absolutePath);
+      files.push({
+        absolutePath,
+        path: normalizedPath,
+        sha,
+        size
+      });
+    }
+  }
+  await walk(sourceDirectory);
+  return files;
+}
+function buildStartBody(input) {
+  const startBody = {};
+  if (input.projectSettings) startBody.projectSettings = input.projectSettings;
+  if (input.envVars) startBody.envVars = input.envVars;
+  if (input.meta) startBody.meta = input.meta;
+  return startBody;
+}
+async function createDirectDeploymentSession(API_BASE_URL, apiKey) {
+  const response = await fetch6(`${API_BASE_URL}/api/deployments/direct`, {
+    method: "POST",
+    headers: {
+      "x-api-key": apiKey,
+      "Content-Type": "application/json"
+    }
+  });
+  if (response.status === 404) {
+    throw new DirectDeploymentUnsupportedError();
+  }
+  const result = await handleApiResponse(response);
+  return parseCreateDirectDeploymentResponse(result);
+}
+async function createDeploymentManifest(API_BASE_URL, apiKey, deploymentId, files) {
+  const response = await fetch6(`${API_BASE_URL}/api/deployments/${encodeURIComponent(deploymentId)}/manifest`, {
+    method: "POST",
+    headers: {
+      "x-api-key": apiKey,
+      "Content-Type": "application/json"
+    },
+    body: JSON.stringify({ files })
+  });
+  if (response.status === 404) {
+    throw new DirectDeploymentUnsupportedError();
+  }
+  const result = await handleApiResponse(response);
+  return parseCreateDeploymentManifestResponse(result);
+}
+async function uploadDeploymentFileContent(API_BASE_URL, apiKey, deploymentId, file, localFile) {
+  const response = await fetch6(
+    `${API_BASE_URL}/api/deployments/${encodeURIComponent(deploymentId)}/files/${encodeURIComponent(file.fileId)}/content`,
+    {
+      method: "PUT",
+      headers: {
+        "x-api-key": apiKey,
+        "Content-Type": "application/octet-stream",
+        "Content-Length": String(localFile.size)
+      },
+      body: createReadStream(localFile.absolutePath)
+    }
+  );
+  if (response.status === 404) {
+    throw new DirectDeploymentUnsupportedError();
+  }
+  await handleApiResponse(response);
+}
+async function startDeployment(API_BASE_URL, apiKey, deploymentId, startBody) {
+  const response = await fetch6(`${API_BASE_URL}/api/deployments/${encodeURIComponent(deploymentId)}/start`, {
+    method: "POST",
+    headers: {
+      "x-api-key": apiKey,
+      "Content-Type": "application/json"
+    },
+    body: JSON.stringify(startBody)
+  });
+  return handleApiResponse(response);
+}
+async function deployDirect(API_BASE_URL, apiKey, sourceDirectory, startBody) {
+  const files = await collectDeploymentFiles(sourceDirectory);
+  if (files.length === 0) {
+    throw new Error("No deployable files found in source directory after applying exclusions.");
+  }
+  const createResult = await createDirectDeploymentSession(API_BASE_URL, apiKey);
+  const deploymentId = String(createResult.id);
+  const manifest = await createDeploymentManifest(
+    API_BASE_URL,
+    apiKey,
+    deploymentId,
+    files.map(({ path, sha, size }) => ({ path, sha, size }))
+  );
+  const localFilesByPath = new Map(files.map((file) => [file.path, file]));
+  for (const manifestFile of manifest.files) {
+    const localFile = localFilesByPath.get(manifestFile.path);
+    if (!localFile) {
+      throw new Error(`Manifest response included unknown file path: ${manifestFile.path}`);
+    }
+    await uploadDeploymentFileContent(API_BASE_URL, apiKey, deploymentId, manifestFile, localFile);
+  }
+  const startResult = await startDeployment(API_BASE_URL, apiKey, deploymentId, startBody);
+  return { deploymentId, fileCount: files.length, startResult };
+}
+function buildRemoteDirectUploadInstructions(API_BASE_URL, sourceDirectory, deploymentId) {
+  const escapedDir = shellEsc(sourceDirectory);
+  const apiBaseUrlJson = JSON.stringify(API_BASE_URL);
+  const deploymentIdJson = JSON.stringify(deploymentId);
+  return `Deployment prepared successfully using direct upload. Deployment ID: ${deploymentId}
+
+Please execute the following command locally from a shell that has INSFORGE_API_KEY set, then call the \`start-deployment\` tool with the deployment ID printed by the script.
+
+\`\`\`bash
+cd ${escapedDir}
+INSFORGE_API_KEY="\${INSFORGE_API_KEY:?Set INSFORGE_API_KEY to your InsForge API key}" node --input-type=module <<'NODE'
+const { createHash } = await import('node:crypto');
+const { createReadStream } = await import('node:fs');
+const fs = await import('node:fs/promises');
+const path = await import('node:path');
+
+const API_BASE_URL = ${apiBaseUrlJson};
+const API_KEY = process.env.INSFORGE_API_KEY;
+const deploymentId = ${deploymentIdJson};
+const EXCLUDED_SEGMENTS = new Set(['node_modules', '.git', '.next', 'dist', 'build', '.insforge']);
+
+function shouldExcludeDeploymentPath(normalizedName) {
+  const segments = normalizedName.split('/');
+  if (segments.some((segment) => segment === '.env' || segment.startsWith('.env.'))) return true;
+  if (segments.some((segment) => EXCLUDED_SEGMENTS.has(segment))) return true;
+  return normalizedName === '.DS_Store' || normalizedName.endsWith('/.DS_Store') || normalizedName.endsWith('.log');
+}
+
+async function readJsonResponse(response) {
+  const text = await response.text();
+  const data = text ? JSON.parse(text) : null;
+  if (!response.ok) {
+    throw new Error(data?.message || data?.error || \`Request failed with status \${response.status}\`);
+  }
+  return data;
+}
+
+async function api(pathname, init = {}) {
+  const headers = {
+    'x-api-key': API_KEY,
+    ...(init.headers || {}),
+  };
+  const response = await fetch(\`\${API_BASE_URL}\${pathname}\`, { ...init, headers });
+  return readJsonResponse(response);
+}
+
+async function hashFile(filePath) {
+  const hash = createHash('sha1');
+  let size = 0;
+  for await (const chunk of createReadStream(filePath)) {
+    size += chunk.length;
+    hash.update(chunk);
+  }
+  return { sha: hash.digest('hex'), size };
+}
+
+async function collectFiles(rootDirectory) {
+  const files = [];
+
+  async function walk(currentDirectory) {
+    const entries = await fs.readdir(currentDirectory, { withFileTypes: true });
+    entries.sort((a, b) => a.name.localeCompare(b.name));
+
+    for (const entry of entries) {
+      const absolutePath = path.join(currentDirectory, entry.name);
+      const normalizedPath = path.relative(rootDirectory, absolutePath).split(path.sep).join('/').replace(/\\\\/g, '/');
+
+      if (!normalizedPath || shouldExcludeDeploymentPath(normalizedPath)) continue;
+      if (entry.isDirectory()) {
+        await walk(absolutePath);
+        continue;
+      }
+      if (!entry.isFile()) continue;
+
+      const { sha, size } = await hashFile(absolutePath);
+      files.push({ absolutePath, path: normalizedPath, sha, size });
+    }
+  }
+
+  await walk(rootDirectory);
+  return files;
+}
+
+const rootDirectory = process.cwd();
+const localFiles = await collectFiles(rootDirectory);
+if (localFiles.length === 0) throw new Error('No deployable files found after applying exclusions.');
+
+const manifest = await api(\`/api/deployments/\${encodeURIComponent(deploymentId)}/manifest\`, {
+  method: 'POST',
+  headers: { 'Content-Type': 'application/json' },
+  body: JSON.stringify({
+    files: localFiles.map(({ path, sha, size }) => ({ path, sha, size })),
+  }),
+});
+
+const localFilesByPath = new Map(localFiles.map((file) => [file.path, file]));
+for (const remoteFile of manifest.files) {
+  const localFile = localFilesByPath.get(remoteFile.path);
+  if (!localFile) throw new Error(\`Manifest response included unknown path: \${remoteFile.path}\`);
+
+  const uploadResponse = await fetch(
+    \`\${API_BASE_URL}/api/deployments/\${encodeURIComponent(deploymentId)}/files/\${encodeURIComponent(remoteFile.fileId)}/content\`,
+    {
+      method: 'PUT',
+      headers: {
+        'x-api-key': API_KEY,
+        'Content-Type': 'application/octet-stream',
+        'Content-Length': String(localFile.size),
+      },
+      body: createReadStream(localFile.absolutePath),
+      duplex: 'half',
+    }
+  );
+  await readJsonResponse(uploadResponse);
+}
+
+console.log(\`Deployment files uploaded. Deployment ID: \${deploymentId}\`);
+console.log(\`Uploaded \${localFiles.length} files through the direct deployment proxy.\`);
+NODE
+\`\`\`
+
+After the script succeeds, call the \`start-deployment\` tool with the printed deployment ID.`;
 }
 function registerDeploymentTools(ctx) {
-  const { API_BASE_URL, isRemote, registerTool, withUsageTracking, getApiKey, addBackgroundContext } = ctx;
+  const { API_BASE_URL, backendVersion, isRemote, registerTool, withUsageTracking, getApiKey, addBackgroundContext } = ctx;
+  const supportsDirectDeployment = supportsDirectDeploymentVersion(backendVersion);
   registerTool(
     "get-container-logs",
     "Get latest logs from a specific container/service. Use this to help debug problems with your app.",
@@ -2329,14 +2993,13 @@ function registerDeploymentTools(ctx) {
   if (isRemote) {
     registerTool(
       "create-deployment",
-      "Prepare a deployment by creating a presigned upload URL. Returns shell commands for the agent to execute locally: zip the source directory and upload to cloud storage. After uploading, call the start-deployment tool to trigger the build.",
+      "Prepare a deployment upload. For backends v2.0.5 and newer, returns direct file upload commands. Older backends use the legacy zip upload flow. After uploading, call the start-deployment tool to trigger the build.",
       {
         sourceDirectory: z29.string().describe('Absolute path to the source directory containing files to deploy (e.g., /Users/name/project). Do not use relative paths like "."')
       },
       withUsageTracking("create-deployment", async ({ sourceDirectory }) => {
         try {
-          const isAbsolutePath = sourceDirectory.startsWith("/") || /^[a-zA-Z]:[/\\]/.test(sourceDirectory);
-          if (!isAbsolutePath) {
+          if (!isAbsoluteSourcePath(sourceDirectory)) {
             return {
               content: [{
                 type: "text",
@@ -2345,6 +3008,21 @@ function registerDeploymentTools(ctx) {
               isError: true
             };
           }
+          if (supportsDirectDeployment) {
+            try {
+              const createResult2 = await createDirectDeploymentSession(API_BASE_URL, getApiKey());
+              return {
+                content: [{
+                  type: "text",
+                  text: buildRemoteDirectUploadInstructions(API_BASE_URL, sourceDirectory, String(createResult2.id))
+                }]
+              };
+            } catch (error) {
+              if (!(error instanceof DirectDeploymentUnsupportedError)) {
+                throw error;
+              }
+            }
+          }
           const createResponse = await fetch6(`${API_BASE_URL}/api/deployments`, {
             method: "POST",
             headers: {
@@ -2352,10 +3030,7 @@ function registerDeploymentTools(ctx) {
               "Content-Type": "application/json"
             }
           });
-          const createResult = await handleApiResponse(createResponse);
-          if (!isCreateDeploymentResponse(createResult)) {
-            throw new Error("Unexpected response format from deployments endpoint");
-          }
+          const createResult = parseCreateDeploymentResponse(await handleApiResponse(createResponse));
           const { id: deploymentId, uploadUrl, uploadFields } = createResult;
           const esc = shellEsc;
           const curlFields = Object.entries(uploadFields).map(([key, value]) => `-F ${esc(`${key}=${value}`)}`).join(" \\\n  ");
@@ -2367,7 +3042,7 @@ Please execute the following commands locally, then call the \`start-deployment\
 
 ## Step 1: Zip the source directory
 \`\`\`bash
-cd ${escapedDir} && zip -r ${tmpZip} .   -x "node_modules/*" ".git/*" ".next/*" ".env" ".env.local" "dist/*" "build/*" ".DS_Store" "*.log"
+cd ${escapedDir} && zip -r ${tmpZip} .   -x "node_modules/*" ".git/*" ".next/*" ".env*" "dist/*" "build/*" ".insforge/*" ".DS_Store" "*.log"
 \`\`\`
 
 ## Step 2: Upload the zip file
@@ -2436,15 +3111,14 @@ Run each step in order. If any step fails, do not proceed to the next step.`;
   } else {
     registerTool(
       "create-deployment",
-      "Deploy source code from a directory. This tool zips files, uploads to cloud storage, and triggers deployment with optional environment variables and project settings.",
+      "Deploy source code from a directory. Uses direct file upload for backends v2.0.5 and newer, with legacy zip upload fallback for older projects.",
       {
         sourceDirectory: z29.string().describe('Absolute path to the source directory containing files to deploy (e.g., /Users/name/project or C:\\Users\\name\\project). Do not use relative paths like "."'),
         ...startDeploymentRequestSchema.shape
       },
       withUsageTracking("create-deployment", async ({ sourceDirectory, projectSettings, envVars, meta }) => {
         try {
-          const isAbsolutePath = sourceDirectory.startsWith("/") || /^[a-zA-Z]:[/\\]/.test(sourceDirectory);
-          if (!isAbsolutePath) {
+          if (!isAbsoluteSourcePath(sourceDirectory)) {
             return {
               content: [{
                 type: "text",
@@ -2474,6 +3148,26 @@ Run each step in order. If any step fails, do not proceed to the next step.`;
             };
           }
           const resolvedSourceDir = sourceDirectory;
+          const startBody = buildStartBody({ projectSettings, envVars, meta });
+          if (supportsDirectDeployment) {
+            try {
+              const { fileCount, startResult: startResult2 } = await deployDirect(API_BASE_URL, getApiKey(), resolvedSourceDir, startBody);
+              return await addBackgroundContext({
+                content: [{
+                  type: "text",
+                  text: formatSuccessMessage("Deployment started", startResult2) + `
+
+Uploaded ${fileCount} files through the direct deployment proxy.
+
+Note: You can check deployment status by querying the system.deployments table.`
+                }]
+              });
+            } catch (error) {
+              if (!(error instanceof DirectDeploymentUnsupportedError)) {
+                throw error;
+              }
+            }
+          }
           const createResponse = await fetch6(`${API_BASE_URL}/api/deployments`, {
             method: "POST",
             headers: {
@@ -2481,10 +3175,7 @@ Run each step in order. If any step fails, do not proceed to the next step.`;
               "Content-Type": "application/json"
             }
           });
-          const createResult = await handleApiResponse(createResponse);
-          if (!isCreateDeploymentResponse(createResult)) {
-            throw new Error("Unexpected response format from deployments endpoint");
-          }
+          const createResult = parseCreateDeploymentResponse(await handleApiResponse(createResponse));
           const { id: deploymentId, uploadUrl, uploadFields } = createResult;
           const tmpZipPath = join2(tmpdir2(), `insforge-deploy-${deploymentId}.zip`);
           try {
@@ -2494,15 +3185,9 @@ Run each step in order. If any step fails, do not proceed to the next step.`;
               output.on("close", resolve);
               output.on("error", reject);
               archive.on("error", reject);
-              const excludePatterns = ["node_modules", ".git", ".next", ".env", ".env.local", "dist", "build", ".DS_Store"];
               archive.directory(resolvedSourceDir, false, (entry) => {
                 const normalizedName = entry.name.replace(/\\/g, "/");
-                for (const pattern of excludePatterns) {
-                  if (normalizedName.startsWith(pattern + "/") || normalizedName === pattern || normalizedName.endsWith("/" + pattern) || normalizedName.includes("/" + pattern + "/")) {
-                    return false;
-                  }
-                }
-                if (normalizedName.endsWith(".log")) return false;
+                if (shouldExcludeDeploymentPath(normalizedName)) return false;
                 return entry;
               });
               archive.pipe(output);
@@ -2530,19 +3215,7 @@ Run each step in order. If any step fails, do not proceed to the next step.`;
           } finally {
             await fs3.rm(tmpZipPath, { force: true }).catch(() => void 0);
           }
-          const startBody = {};
-          if (projectSettings) startBody.projectSettings = projectSettings;
-          if (envVars) startBody.envVars = envVars;
-          if (meta) startBody.meta = meta;
-          const startResponse = await fetch6(`${API_BASE_URL}/api/deployments/${encodeURIComponent(deploymentId)}/start`, {
-            method: "POST",
-            headers: {
-              "x-api-key": getApiKey(),
-              "Content-Type": "application/json"
-            },
-            body: JSON.stringify(startBody)
-          });
-          const startResult = await handleApiResponse(startResponse);
+          const startResult = await startDeployment(API_BASE_URL, getApiKey(), deploymentId, startBody);
           return await addBackgroundContext({
             content: [{
               type: "text",
@@ -2628,7 +3301,11 @@ async function registerInsforgeTools(server, config = {}) {
   const GLOBAL_API_KEY = config.apiKey || process.env.API_KEY || "";
   const API_BASE_URL = config.apiBaseUrl || process.env.API_BASE_URL || "http://localhost:7130";
   const isRemote = config.mode === "remote";
-  const usageTracker = new UsageTracker(API_BASE_URL, GLOBAL_API_KEY);
+  const usageTracker = new UsageTracker(API_BASE_URL, GLOBAL_API_KEY, {
+    projectId: config.projectId,
+    accessToken: config.accessToken,
+    isRemote
+  });
   let backendVersion;
   try {
     backendVersion = await fetchBackendVersion(API_BASE_URL);
@@ -2711,6 +3388,7 @@ ${result.content}`
   };
   const ctx = {
     API_BASE_URL,
+    backendVersion,
     isRemote,
     registerTool,
     withUsageTracking,

package/dist/http-server.js

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
 import {
   registerInsforgeTools
-} from "./chunk-DZ5W3BSP.js";
+} from "./chunk-3HMBKVW5.js";
 
 // src/http/server.ts
 import "dotenv/config";
@@ -98,7 +98,9 @@ var SessionManager = class {
     const toolsConfig = await registerInsforgeTools(server, {
       apiKey: sessionData.apiKey,
       apiBaseUrl: sessionData.apiBaseUrl,
-      mode: "remote"
+      mode: "remote",
+      projectId: sessionData.projectId,
+      accessToken: sessionData.oauthTokenHash
     });
     await server.connect(transport);
     const fullSessionData = {
@@ -186,7 +188,9 @@ var SessionManager = class {
     await registerInsforgeTools(server, {
       apiKey: sessionData.apiKey,
       apiBaseUrl: sessionData.apiBaseUrl,
-      mode: "remote"
+      mode: "remote",
+      projectId: sessionData.projectId,
+      accessToken: sessionData.oauthTokenHash
     });
     await server.connect(transport);
     this.runtimeSessions.set(sessionId, { server, transport, transportType: "streamable" });
@@ -210,7 +214,9 @@ var SessionManager = class {
     const toolsConfig = await registerInsforgeTools(server, {
       apiKey: sessionData.apiKey,
       apiBaseUrl: sessionData.apiBaseUrl,
-      mode: "remote"
+      mode: "remote",
+      projectId: sessionData.projectId,
+      accessToken: sessionData.oauthTokenHash
     });
     await server.connect(transport);
     const fullSessionData = {

package/dist/index.js

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
 import {
   registerInsforgeTools
-} from "./chunk-DZ5W3BSP.js";
+} from "./chunk-3HMBKVW5.js";
 
 // src/stdio/index.ts
 import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@insforge/mcp",
-  "version": "1.2.8",
+  "version": "1.2.10-dev.0",
   "description": "MCP (Model Context Protocol) server for Insforge backend-as-a-service",
   "mcpName": "io.github.InsForge/insforge-mcp",
   "type": "module",
@@ -45,7 +45,7 @@
     "server.json"
   ],
   "dependencies": {
-    "@insforge/shared-schemas": "1.1.46",
+    "@insforge/shared-schemas": "1.1.48",
     "@modelcontextprotocol/sdk": "^1.27.1",
     "archiver": "^7.0.1",
     "commander": "^14.0.0",
@@ -61,6 +61,9 @@
     "brace-expansion": "^5.0.5",
     "glob": "^10.5.0",
     "minimatch": "^9.0.7",
+    "@hono/node-server": "^1.19.13",
+    "hono": "^4.12.12",
+    "lodash": "^4.18.0",
     "rollup": "^4.59.0"
   },
   "devDependencies": {
@@ -78,7 +81,7 @@
     "tsx": "^4.7.0",
     "typescript": "^5.3.3",
     "typescript-eslint": "^8.57.1",
-    "vite": "^8.0.3",
+    "vite": "^8.0.5",
     "vitest": "^4.1.0"
   }
 }