npm - @josephyan/qingflow-app-user-mcp - Versions diffs - 0.2.0-beta.982 → 0.2.0-beta.983 - Mend

@josephyan/qingflow-app-user-mcp 0.2.0-beta.982 → 0.2.0-beta.983

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/README.md +2 -2
package/package.json +1 -1
package/pyproject.toml +1 -1
package/src/qingflow_mcp/__init__.py +1 -1
package/src/qingflow_mcp/builder_facade/service.py +100 -18
package/src/qingflow_mcp/cli/formatters.py +1 -0
package/src/qingflow_mcp/tools/ai_builder_tools.py +3 -1

package/README.md CHANGED Viewed

@@ -3,13 +3,13 @@
 Install:
 ```bash
-npm install @josephyan/qingflow-app-user-mcp@0.2.0-beta.982
+npm install @josephyan/qingflow-app-user-mcp@0.2.0-beta.983
 ```
 Run:
 ```bash
-npx -y -p @josephyan/qingflow-app-user-mcp@0.2.0-beta.982 qingflow-app-user-mcp
+npx -y -p @josephyan/qingflow-app-user-mcp@0.2.0-beta.983 qingflow-app-user-mcp
 ```
 Environment:

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@josephyan/qingflow-app-user-mcp",
-  "version": "0.2.0-beta.982",
+  "version": "0.2.0-beta.983",
   "description": "Operational end-user MCP for Qingflow records, tasks, comments, and directory workflows.",
   "license": "MIT",
   "type": "module",

package/pyproject.toml CHANGED Viewed

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 [project]
 name = "qingflow-mcp"
-version = "0.2.0b982"
+version = "0.2.0b983"
 description = "User-authenticated MCP server for Qingflow"
 readme = "README.md"
 license = "MIT"

package/src/qingflow_mcp/__init__.py CHANGED Viewed

@@ -5,7 +5,7 @@ from pathlib import Path
 __all__ = ["__version__"]
-_FALLBACK_VERSION = "0.2.0b982"
+_FALLBACK_VERSION = "0.2.0b983"
 def _resolve_local_pyproject_version() -> str | None:

package/src/qingflow_mcp/builder_facade/service.py CHANGED Viewed

@@ -2786,6 +2786,19 @@ class AiBuilderFacade:
             "can_copy_app": _coerce_optional_bool(base.get("copyAppStatus")),
         }
+    def _derive_can_edit_app_base(self, *, profile: str, permission_summary: JSONObject) -> bool:
+        if permission_summary.get("can_edit_app") is not True:
+            return False
+        tag_ids = _coerce_int_list(permission_summary.get("tag_ids"))
+        for tag_id in tag_ids:
+            try:
+                package_permission = self._read_package_permission_summary(profile=profile, tag_id=tag_id)
+            except (QingflowApiError, RuntimeError):
+                return False
+            if package_permission.get("can_edit_tag") is not True:
+                return False
+        return True
     def _read_portal_permission_summary(self, *, dash_key: str, portal_result: dict[str, Any]) -> JSONObject:
         tag_ids = _coerce_int_list(portal_result.get("tagIds"))
         if not tag_ids:
@@ -2999,7 +3012,7 @@ class AiBuilderFacade:
     def app_read_summary(self, *, profile: str, app_key: str) -> JSONObject:
         try:
-            state = self._load_base_schema_state(profile=profile, app_key=app_key)
+            base = self.apps.app_get_base(profile=profile, app_key=app_key, include_raw=True)
         except (QingflowApiError, RuntimeError) as error:
             api_error = _coerce_api_error(error)
             return _failed_from_api_error(
@@ -3009,26 +3022,55 @@ class AiBuilderFacade:
                 details={"app_key": app_key},
                 suggested_next_call={"tool_name": "app_resolve", "arguments": {"profile": profile, "app_key": app_key}},
             )
-        views, views_unavailable = self._load_views_result(profile=profile, app_key=app_key, tolerate_404=True)
-        workflow, workflow_unavailable = self._load_workflow_result(profile=profile, app_key=app_key, tolerate_404=True)
-        parsed = state["parsed"]
+        base_result = base.get("result") if isinstance(base.get("result"), dict) else {}
+        schema_unavailable = False
+        try:
+            schema_result, _schema_source = self._read_schema_with_fallback(profile=profile, app_key=app_key)
+            parsed = _parse_schema(schema_result)
+        except (QingflowApiError, RuntimeError) as error:
+            api_error = _coerce_api_error(error)
+            if api_error.http_status == 404 or _is_permission_restricted_api_error(api_error):
+                schema_unavailable = True
+                parsed = {"fields": [], "layout": {"sections": []}}
+            else:
+                return _failed_from_api_error(
+                    "APP_READ_FAILED",
+                    api_error,
+                    normalized_args={"app_key": app_key},
+                    details={"app_key": app_key},
+                    suggested_next_call={"tool_name": "app_resolve", "arguments": {"profile": profile, "app_key": app_key}},
+                )
+        views, views_unavailable = self._load_views_result(
+            profile=profile,
+            app_key=app_key,
+            tolerate_404=True,
+            tolerate_permission_restricted=True,
+        )
+        workflow, workflow_unavailable = self._load_workflow_result(
+            profile=profile,
+            app_key=app_key,
+            tolerate_404=True,
+            tolerate_permission_restricted=True,
+        )
         verification_hints = _build_verification_hints(
-            tag_ids=_coerce_int_list(state["base"].get("tagIds")),
+            tag_ids=_coerce_int_list(base_result.get("tagIds")),
             fields=parsed["fields"],
             layout=parsed["layout"],
             views=_summarize_views(views),
         )
+        if schema_unavailable:
+            verification_hints.append("schema_read_unavailable")
         if views_unavailable:
             verification_hints.append("views_read_unavailable")
         if workflow_unavailable:
             verification_hints.append("workflow_read_unavailable")
         response = AppReadSummaryResponse(
             app_key=app_key,
-            title=state["base"].get("formTitle"),
-            app_icon=str(state["base"].get("appIcon") or "").strip() or None,
-            visibility=_public_visibility_from_member_auth(state["base"].get("auth")),
-            tag_ids=_coerce_int_list(state["base"].get("tagIds")),
-            publish_status=state["base"].get("appPublishStatus"),
+            title=base_result.get("formTitle"),
+            app_icon=str(base_result.get("appIcon") or "").strip() or None,
+            visibility=_public_visibility_from_member_auth(base_result.get("auth")),
+            tag_ids=_coerce_int_list(base_result.get("tagIds")),
+            publish_status=base_result.get("appPublishStatus"),
             field_count=len(parsed["fields"]),
             layout_section_count=len(parsed["layout"].get("sections", [])),
             view_count=len(_summarize_views(views)),
@@ -3050,10 +3092,11 @@ class AiBuilderFacade:
             "warnings": _warnings_from_verification_hints(verification_hints),
             "verification": {
                 "app_exists": True,
+                "schema_read_unavailable": schema_unavailable,
                 "views_read_unavailable": views_unavailable,
                 "workflow_read_unavailable": workflow_unavailable,
             },
-            "verified": not views_unavailable and not workflow_unavailable,
+            "verified": not schema_unavailable and not views_unavailable and not workflow_unavailable,
             **response.model_dump(mode="json"),
         }
@@ -3066,8 +3109,9 @@ class AiBuilderFacade:
         permission_summary = self._read_app_permission_summary(profile=profile, app_key=app_key)
         result["message"] = "read app config summary"
         result["editability"] = {
+            "can_edit_app_base": self._derive_can_edit_app_base(profile=profile, permission_summary=permission_summary),
             "can_edit_form": permission_summary.get("can_edit_app"),
-            "can_edit_flow": permission_summary.get("can_edit_app"),
+            "can_edit_flow": permission_summary.get("can_manage_data"),
             "can_edit_views": permission_summary.get("can_manage_data"),
             "can_edit_charts": permission_summary.get("can_manage_data"),
         }
@@ -7444,17 +7488,35 @@ class AiBuilderFacade:
             sync_result = {**sync_result, "button_config_restored": True}
         return sync_result
-    def _load_views_result(self, *, profile: str, app_key: str, tolerate_404: bool) -> tuple[Any, bool]:
+    def _load_views_result(
+        self,
+        *,
+        profile: str,
+        app_key: str,
+        tolerate_404: bool,
+        tolerate_permission_restricted: bool = False,
+    ) -> tuple[Any, bool]:
         try:
             views = self.views.view_list_flat(profile=profile, app_key=app_key)
         except (QingflowApiError, RuntimeError) as error:
             api_error = _coerce_api_error(error)
-            if api_error.http_status == 404:
+            if api_error.http_status == 404 or (
+                tolerate_permission_restricted and _is_permission_restricted_api_error(api_error)
+            ):
                 try:
                     legacy_views = self.views.view_list(profile=profile, app_key=app_key)
                 except (QingflowApiError, RuntimeError) as legacy_error:
                     legacy_api_error = _coerce_api_error(legacy_error)
-                    if tolerate_404 and legacy_api_error.http_status == 404:
+                    if (
+                        tolerate_404
+                        and (
+                            legacy_api_error.http_status == 404
+                            or (
+                                tolerate_permission_restricted
+                                and _is_permission_restricted_api_error(legacy_api_error)
+                            )
+                        )
+                    ):
                         return [], True
                     raise
                 legacy_result = legacy_views.get("result")
@@ -7471,19 +7533,38 @@ class AiBuilderFacade:
             legacy_views = self.views.view_list(profile=profile, app_key=app_key)
         except (QingflowApiError, RuntimeError) as legacy_error:
             legacy_api_error = _coerce_api_error(legacy_error)
-            if tolerate_404 and legacy_api_error.http_status == 404:
+            if (
+                tolerate_404
+                and (
+                    legacy_api_error.http_status == 404
+                    or (
+                        tolerate_permission_restricted
+                        and _is_permission_restricted_api_error(legacy_api_error)
+                    )
+                )
+            ):
                 return normalized_views, False
             raise
         legacy_result = legacy_views.get("result")
         legacy_normalized = _normalize_view_collection(legacy_result)
         return legacy_normalized or normalized_views, False
-    def _load_workflow_result(self, *, profile: str, app_key: str, tolerate_404: bool) -> tuple[Any, bool]:
+    def _load_workflow_result(
+        self,
+        *,
+        profile: str,
+        app_key: str,
+        tolerate_404: bool,
+        tolerate_permission_restricted: bool = False,
+    ) -> tuple[Any, bool]:
         try:
             workflow = self.workflows.workflow_list_nodes(profile=profile, app_key=app_key)
         except (QingflowApiError, RuntimeError) as error:
             api_error = _coerce_api_error(error)
-            if tolerate_404 and api_error.http_status == 404:
+            if tolerate_404 and (
+                api_error.http_status == 404
+                or (tolerate_permission_restricted and _is_permission_restricted_api_error(api_error))
+            ):
                 return [], True
             raise
         return workflow.get("result"), False
@@ -12241,6 +12322,7 @@ def _warnings_from_verification_hints(hints: list[str]) -> list[dict[str, Any]]:
         "package attachment not verified": _warning("PACKAGE_ATTACHMENT_UNVERIFIED", "package attachment is not verified"),
         "layout has unplaced fields": _warning("LAYOUT_HAS_UNPLACED_FIELDS", "layout still contains unplaced fields"),
         "no public views detected": _warning("NO_PUBLIC_VIEWS", "no public views were detected"),
+        "schema_read_unavailable": _warning("SCHEMA_READ_UNAVAILABLE", "schema summary readback is unavailable"),
         "views_read_unavailable": _warning("VIEWS_READ_UNAVAILABLE", "views summary readback is unavailable"),
         "workflow_read_unavailable": _warning("WORKFLOW_READ_UNAVAILABLE", "workflow summary readback is unavailable"),
     }

package/src/qingflow_mcp/cli/formatters.py CHANGED Viewed

@@ -118,6 +118,7 @@ def _format_app_get(result: dict[str, Any]) -> str:
     if editability:
         lines.append(
             "Editability: "
+            f"app_base={editability.get('can_edit_app_base')} / "
             f"form={editability.get('can_edit_form')} / "
             f"flow={editability.get('can_edit_flow')} / "
             f"views={editability.get('can_edit_views')} / "

package/src/qingflow_mcp/tools/ai_builder_tools.py CHANGED Viewed

@@ -3058,7 +3058,9 @@ _BUILDER_TOOL_CONTRACTS: dict[str, JSONObject] = {
         "execution_notes": [
             "returns builder-side app configuration summary and editability",
             "use this as the default builder discovery read before fields/layout/views/flow/charts detail reads",
-            "editability reflects builder permissions, not end-user data visibility",
+            "editability is route-aware builder capability summary, not end-user data visibility",
+            "can_edit_app_base covers app base-info writes such as app_name, icon, and visibility",
+            "can_edit_form covers form/schema routes only and does not imply app base-info writes",
             "returns normalized app visibility when backend auth is readable",
         ],
         "minimal_example": {