npm - @launchframe/mcp - Versions diffs - 1.1.0 → 1.1.2 - Mend

@launchframe/mcp 1.1.0 → 1.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/content/content/auth/overview.md +3 -3
package/dist/content/content/variants/overview.md +1 -1
package/dist/tools/auth.js +3 -3
package/dist/tools/cli.js +46 -4
package/package.json +1 -1

package/dist/content/content/auth/overview.md CHANGED Viewed

@@ -15,14 +15,14 @@ All routes are protected by default via the global `BetterAuthGuard` (registered
 |------|-------------|
 | `business_user` | Default role for all registered users |
 | `superadmin` | Granted via admin panel; full access |
-| `regular_user` | B2B2C variant only — end-customer of the SaaS |
+| `customer` | B2B2C variant only — end-customer of the SaaS |
 ## Session Flow
 1. Request hits `BetterAuthGuard`
 2. Guard checks for `@AllowAnonymous` / `@OptionalAuth` metadata
 3. Calls `auth.api.getSession({ headers })` via Better Auth
-4. Rejects `regular_user` on non-`@CustomerPortal` routes
+4. Rejects `customer` on non-`@CustomerPortal` routes
 5. Attaches `request.session` and `request.user`
 ## Decorators
@@ -32,7 +32,7 @@ All routes are protected by default via the global `BetterAuthGuard` (registered
 | `@AllowAnonymous()` | Route is fully public — no auth check |
 | `@Public()` | Alias for `@AllowAnonymous()` |
 | `@OptionalAuth()` | Auth checked but not required; `request.user` may be undefined |
-| `@CustomerPortal()` | Allows `regular_user` role (B2B2C variant) |
+| `@CustomerPortal()` | Allows `customer` role (B2B2C variant) |
 | `@UserSession()` | Param decorator — injects the `User` from session |
 | `@Session()` | Param decorator — injects full `{ user, session }` object |

package/dist/content/content/variants/overview.md CHANGED Viewed

@@ -20,7 +20,7 @@ Extends Base by adding workspace/project isolation.
 ### B2B2C
 Extends Base by adding a separate customer-facing experience (end-users of your customers).
-- Adds `regular_user` role
+- Adds `customer` role
 - Adds `customers-portal` frontend service
 - Adds `@CustomerPortal()` route decorator for customer-only endpoints
 - B2B2C can also be combined with multi-tenancy

package/dist/tools/auth.js CHANGED Viewed

@@ -28,8 +28,8 @@ import { User } from '../users/user.entity';
 @OptionalAuth()
 @Get('route')
 handler(@UserSession() user?: User) { ... }`,
-            customer_portal: `// Accessible by regular_user role (B2B2C variant only)
-// Without this decorator, regular_user gets 401
+            customer_portal: `// Accessible by customer role (B2B2C variant only)
+// Without this decorator, customer gets 401
 import { CustomerPortal, UserSession } from '../auth/auth.decorator';
 import { User } from '../users/user.entity';
@@ -81,7 +81,7 @@ handler(@Session() session: { user: any; session: any }) {
 // Source: src/modules/auth/better-auth.guard.ts
 // Applied globally in app.module.ts as APP_GUARD.
 // Allows: business_user, superadmin
-// Blocks: unauthenticated, regular_user (unless @CustomerPortal())
+// Blocks: unauthenticated, customer (unless @CustomerPortal())
 // You never need to add this manually.`,
             credits: `// CreditsGuard — deducts credits per request based on @DeductCredits(n).
 // Source: src/modules/credits/guards/credits.guard.ts

package/dist/tools/cli.js CHANGED Viewed

@@ -1,5 +1,33 @@
 import { z } from 'zod';
 import { execSync } from 'child_process';
+/**
+ * Request human confirmation for a destructive action via MCP elicitation.
+ * Returns true if the user confirmed, false if declined/cancelled or if the
+ * client does not support elicitation (fails safe — aborts rather than proceeds).
+ */
+async function confirmDestructive(server, message) {
+    try {
+        const result = await server.server.elicitInput({
+            mode: 'form',
+            message,
+            requestedSchema: {
+                type: 'object',
+                properties: {
+                    confirmed: {
+                        type: 'boolean',
+                        title: 'Yes, proceed',
+                    },
+                },
+                required: ['confirmed'],
+            },
+        });
+        return result.action === 'accept' && result.content?.confirmed === true;
+    }
+    catch {
+        // Client does not support elicitation — fail safe
+        return false;
+    }
+}
 export function registerCliTools(server) {
     // ─── docker:* ────────────────────────────────────────────────────────────
     server.tool('cli_docker_up', 'Start Docker services for a LaunchFrame project. Always runs detached (background). Use cli_docker_logs to inspect output afterward.', {
@@ -54,10 +82,14 @@ export function registerCliTools(server) {
             return { content: [{ type: 'text', text: error.message }] };
         }
     });
-    server.tool('cli_docker_destroy', 'Destroy ALL Docker resources for a LaunchFrame project (containers, volumes, images, network). IRREVERSIBLE — all local data will be lost.', {
+    server.tool('cli_docker_destroy', 'Destroy ALL Docker resources for a LaunchFrame project (containers, volumes, images, network). IRREVERSIBLE — all local data including database volumes will be lost. Will prompt for confirmation before proceeding.', {
         projectPath: z.string().describe('Absolute path to the LaunchFrame project root'),
     }, async ({ projectPath }) => {
         try {
+            const confirmed = await confirmDestructive(server, '⚠️ This will permanently delete ALL Docker resources for this project: containers, volumes (including the local database), images, and the network. This cannot be undone. Proceed?');
+            if (!confirmed) {
+                return { content: [{ type: 'text', text: 'Aborted. No Docker resources were removed.' }] };
+            }
             const output = execSync('launchframe docker:destroy --force', { cwd: projectPath, encoding: 'utf8' });
             return { content: [{ type: 'text', text: output || 'All Docker resources destroyed.' }] };
         }
@@ -100,12 +132,18 @@ export function registerCliTools(server) {
             return { content: [{ type: 'text', text: error.message }] };
         }
     });
-    server.tool('cli_database_query', 'Execute a SQL query against the local (or remote) database and return results. Use for SELECT queries, schema inspection, or data checks. Not suitable for long-running interactive sessions.', {
+    server.tool('cli_database_query', 'Execute a SQL query against the local (or remote) database and return results. Use for SELECT queries, schema inspection, or data checks. When remote=true, will prompt for confirmation before touching production.', {
         projectPath: z.string().describe('Absolute path to the LaunchFrame project root'),
         sql: z.string().describe('SQL to execute (e.g., "SELECT * FROM users LIMIT 10;")'),
-        remote: z.boolean().optional().describe('If true, query the production database via SSH instead of local'),
+        remote: z.boolean().optional().describe('If true, query the production database via SSH instead of local. Requires confirmation.'),
     }, async ({ projectPath, sql, remote }) => {
         try {
+            if (remote) {
+                const confirmed = await confirmDestructive(server, `⚠️ This will execute SQL against the PRODUCTION database:\n\n${sql}\n\nProceed?`);
+                if (!confirmed) {
+                    return { content: [{ type: 'text', text: 'Aborted. Query not executed on production.' }] };
+                }
+            }
             const remoteFlag = remote ? ' --remote' : '';
             const output = execSync(`launchframe database:console${remoteFlag} --query ${JSON.stringify(sql)}`, { cwd: projectPath, encoding: 'utf8' });
             return { content: [{ type: 'text', text: output || '(no output)' }] };
@@ -186,10 +224,14 @@ export function registerCliTools(server) {
             return { content: [{ type: 'text', text: error.message }] };
         }
     });
-    server.tool('cli_deploy_sync_features', 'Sync subscription plan features from the local database to the production database. Requires both local and remote Docker stacks to be running.', {
+    server.tool('cli_deploy_sync_features', 'Sync subscription plan features from the local database to the production database. DESTRUCTIVE: truncates subscription_plan_features on production. Will prompt for confirmation before proceeding.', {
         projectPath: z.string().describe('Absolute path to the LaunchFrame project root'),
     }, async ({ projectPath }) => {
         try {
+            const confirmed = await confirmDestructive(server, '⚠️ This will TRUNCATE subscription_plan_features on the PRODUCTION database and replace with local data. Proceed?');
+            if (!confirmed) {
+                return { content: [{ type: 'text', text: 'Aborted. No changes made to production.' }] };
+            }
             const output = execSync('launchframe deploy:sync-features --yes', { cwd: projectPath, encoding: 'utf8' });
             return { content: [{ type: 'text', text: output || 'Features synced to production.' }] };
         }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@launchframe/mcp",
-  "version": "1.1.0",
+  "version": "1.1.2",
   "description": "LaunchFrame MCP Server — knowledge tools for AI agents building LaunchFrame projects",
   "bin": {
     "launchframe-mcp": "dist/index.js"