@nullplatform/mcp 0.1.14 → 0.1.16

package/dist/tools/deploy.js

@@ -79,12 +79,54 @@ async function resolveRelease(context, applicationId, args) {
         return { release: releases[0], note: "" };
     return { out: fail(translate("deploy.nothing") + next(translate("deploy.nothingHint"))) };
 }
+/**
+ * Resolve which scope to deploy to. Mirrors requireApp's shape: returns the picked scope, or an
+ * `out` reply — pickScope's own ask/fail, except a brand-new app with NO scopes gets a "create a
+ * scope first" guide listing the available scope types (the literal next move).
+ */
+async function resolveDeployScope(context, app, scopeHint) {
+    const scopes = await listScopes(context.np, app.id);
+    const picked = pickScope(scopes, scopeHint);
+    if ("scope" in picked)
+        return { scope: picked.scope };
+    if (scopes.length === 0 && app.nrn) {
+        const scopeTypes = await listScopeTypes(context.np, app.nrn);
+        if (scopeTypes.length) {
+            const firstType = scopeTypes[0]?.type ?? scopeTypes[0]?.name ?? "";
+            const markdown = translate("deploy.noScopeTypes", {
+                types: scopeTypes.map((scopeType) => `**${scopeType.name}**`).join(", "),
+            }) + next(translate("deploy.createScopeHint", { type: firstType }));
+            return { out: fail(markdown, { scope_types: scopeTypes }) };
+        }
+    }
+    return { out: picked.out };
+}
+/**
+ * Resolve which asset to ship. An explicit `asset` wins; otherwise auto-pick by the scope's type.
+ * Mirrors requireApp's shape: returns the asset name (undefined when the build has none to name),
+ * or an `out` reply — the pick-asset panel when a multi-asset build can't be disambiguated.
+ */
+async function resolveDeployAsset(context, release, scope, assetHint) {
+    if (assetHint)
+        return { assetName: assetHint };
+    const buildId = release.build_id ?? (await getRelease(context.np, release.id).catch(() => release)).build_id;
+    if (!buildId)
+        return { assetName: undefined };
+    const assets = await listAssets(context.np, buildId);
+    const choice = pickAsset(assets, scope.type);
+    if ("ambiguous" in choice) {
+        return {
+            out: reply(`${translate("deploy.multiAsset", { build: buildId, scope: scope.name, type: scope.type ?? "?" })}\n\n${table([translate("header.asset"), translate("header.type"), translate("header.platform")], choice.ambiguous.map((asset) => [asset.name, asset.type, asset.platform ?? ""]))}${next(translate("deploy.assetHint", { name: choice.ambiguous[0]?.name ?? "" }))}`, { assets: choice.ambiguous }),
+        };
+    }
+    return { assetName: choice.name };
+}
 export const deployTool = defineTool({
     name: TOOL.applicationDeploymentCreate,
     title: "Deploy",
-    description: 'DEPLOY an application — provisions real infrastructure (starts a rollout), rendered as the live rollout panel. With no extra args it ships the latest code: picks the latest successful build, cuts the release for you (semver auto-bumped) if needed, and targets the app\'s only scope. Use it for "deploy", "ship it", "release to dev/prod". Narrow the target with `scope` (name or "environment=production"); pin an exact `release_id` or `version` (a known version rolls FORWARD or BACK to it); or cut from a specific `build_id`. For an app that splits traffic, FOLLOW with application_deployment_update to walk traffic to the new version; to undo, application_deployment_update action:"rollback". Convergent under retries: re-running returns the in-flight rollout for the same scope+release rather than creating a duplicate.',
+    description: 'DEPLOY an application — provisions real infrastructure (starts a rollout), rendered as the live rollout panel. With no extra args it ships the latest code: picks the latest successful build, cuts the release for you (semver auto-bumped) if needed, and targets the app\'s only scope. Use it for "deploy", "ship it", "release to dev/prod". Narrow the target with `scope` (name or "environment=production"); pin an exact `release_id` or `version` (a known version rolls FORWARD or BACK to it); or cut from a specific `build_id`. For an app that splits traffic, the rollout panel this renders OWNS the traffic walk — its slider + auto-advance ramp traffic, with finalize and rollback right there, so do NOT follow up with application_deployment_update to step it yourself (each model call stacks another rollout panel); the user drives it in the ONE panel. Call application_deployment_update directly only for one move the user explicitly names ("go straight to 100%", "roll back") with no panel open — it steers this same rollout. Convergent under retries: re-running returns the in-flight rollout for the same scope+release rather than creating a duplicate.',
     annotations: { destructiveHint: false, openWorldHint: true },
-    widget: "np-panel",
+    widget: "status",
     errorKey: "deploy.errorLabel",
     // The platform reports a missing/incompatible asset choice as a cross-app mismatch.
     onError: (message) => /different applications/i.test(message) ? fail(translate("deploy.rejected", { message })) : undefined,
@@ -111,39 +153,19 @@ export const deployTool = defineTool({
         if ("out" in resolved)
             return resolved.out;
         const app = resolved.app;
-        const scopes = await listScopes(context.np, app.id);
-        const picked = pickScope(scopes, args.scope);
-        if ("out" in picked) {
-            if (scopes.length === 0 && app.nrn) {
-                const scopeTypes = await listScopeTypes(context.np, app.nrn);
-                if (scopeTypes.length) {
-                    const firstType = scopeTypes[0]?.type ?? scopeTypes[0]?.name ?? "";
-                    const markdown = translate("deploy.noScopeTypes", {
-                        types: scopeTypes.map((scopeType) => `**${scopeType.name}**`).join(", "),
-                    }) + next(translate("deploy.createScopeHint", { type: firstType }));
-                    return fail(markdown, { scope_types: scopeTypes });
-                }
-            }
-            return picked.out;
-        }
-        const scope = picked.scope;
+        const scopeResult = await resolveDeployScope(context, app, args.scope);
+        if ("out" in scopeResult)
+            return scopeResult.out;
+        const scope = scopeResult.scope;
         const shipping = await resolveRelease(context, app.id, args);
         if ("out" in shipping)
             return shipping.out;
         const { release, note } = shipping;
         // Multi-asset builds must name the asset to ship; the platform's error otherwise is misleading.
-        let assetName = args.asset;
-        if (!assetName) {
-            const buildId = release.build_id ?? (await getRelease(context.np, release.id).catch(() => release)).build_id;
-            if (buildId) {
-                const assets = await listAssets(context.np, buildId);
-                const choice = pickAsset(assets, scope.type);
-                if ("ambiguous" in choice) {
-                    return reply(`${translate("deploy.multiAsset", { build: buildId, scope: scope.name, type: scope.type ?? "?" })}\n\n${table([translate("header.asset"), translate("header.type"), translate("header.platform")], choice.ambiguous.map((asset) => [asset.name, asset.type, asset.platform ?? ""]))}${next(translate("deploy.assetHint", { name: choice.ambiguous[0]?.name ?? "" }))}`, { assets: choice.ambiguous });
-                }
-                assetName = choice.name;
-            }
-        }
+        const assetResult = await resolveDeployAsset(context, release, scope, args.asset);
+        if ("out" in assetResult)
+            return assetResult.out;
+        const assetName = assetResult.assetName;
         const orgSlug = await context.org.organizationSlug();
         // Convergent under retries: if this exact release is already rolling out on this scope
         // (a non-terminal deployment), return that rollout instead of starting a second one.

package/dist/tools/deployments.js

@@ -13,7 +13,7 @@ import { appArg, offsetArg, pageOf, requireApp } from "./shared.js";
 export const deploymentsTool = defineTool({
     name: TOOL.applicationDeploymentList,
     title: "Deployments",
-    description: 'List ONE application\'s deployments across all its scopes, rendered as a PANEL — which release landed on which scope, the rollout status, and age (a deployment group landing one release on several scopes shows as one row). Use it for "deploy history", "what was deployed when", "find the active rollout". Does NOT deploy or change traffic (use application_deployment_create / application_deployment_update) and shows no logs/metrics. To find the newest deployment ACROSS apps, gather headlessly with entity_list (entity:"deployment") and compute it. Read-only.',
+    description: 'List ONE application\'s deployments across all its scopes, rendered as a PANEL for the user to SEE — which release landed on which scope, the rollout status, and age (a deployment group landing one release on several scopes shows as one row). Use it ONLY when the user asks to look at the deploy history ("show the deployments", "what was deployed when"). Does NOT deploy or change traffic (use application_deployment_create / application_deployment_update) and shows no logs/metrics. CRUCIAL — do NOT render this to QUERY: to FIND or IDENTIFY a deployment for your OWN next step — the previously deployed version to roll back to, the active rollout\'s id, the newest deployment across apps — read it HEADLESSLY with entity_list (entity:"deployment", parent_type:"scope") or entity_get, never this panel. Rendering it to read history is wasted: the rows ride in _meta and never reach your reasoning, so you would paint a panel, get nothing, and have to re-read headlessly anyway. Render this ONLY to show the user a list they asked to see. Read-only.',
     annotations: { readOnlyHint: true, openWorldHint: true },
     widget: "deployments",
     errorKey: "deploymentList.errorLabel",

package/dist/tools/entity-list.js

@@ -1,5 +1,5 @@
 import { z } from "zod";
-import { getApplication, getScope, listApprovals, listEntity, listLinks, listParameters, listServices, } from "../np/journey.js";
+import { getApplication, getScope, listApprovals, listEntity, listLinks, listParameters, listServices, listTemplates, } from "../np/journey.js";
 import { defineTool, fail, reply } from "../tool.js";
 import { TOOL } from "../tool-names.js";
 /**
@@ -22,8 +22,9 @@ const REST_ENTITIES = [
     "release",
     "deployment",
 ];
-/** NRN-addressed collections — listed by the parent's NRN (resolved from parent_id, or given as nrn). */
-const NRN_ENTITIES = ["parameter", "service", "link", "approval"];
+/** NRN-addressed collections — listed by the parent's NRN (resolved from parent_id, or given as nrn).
+ * `template` is scoped by a NAMESPACE's NRN (the scaffolding templates available to a new app there). */
+const NRN_ENTITIES = ["parameter", "service", "link", "approval", "template"];
 const ENTITIES = [...REST_ENTITIES, ...NRN_ENTITIES];
 /** The parents a collection can hang under — its id (REST) or its NRN (nrn-scoped) scopes the list. */
 const PARENTS = ["organization", "account", "namespace", "application", "scope"];
@@ -38,6 +39,11 @@ async function resolveNrn(context, args) {
         return (await getApplication(context.np, args.parent_id)).nrn;
     if (args.parent_type === "scope")
         return (await getScope(context.np, args.parent_id)).nrn;
+    if (args.parent_type === "namespace") {
+        // Templates hang off a namespace; resolve its NRN from the cached org skeleton (no extra fetch).
+        const skeleton = await context.org.getSkeleton();
+        return skeleton.namespaces.find((namespace) => namespace.id === args.parent_id)?.nrn;
+    }
     return undefined;
 }
 /** List an nrn-scoped resource via its existing typed function (a different addressing scheme to REST). */
@@ -51,6 +57,8 @@ async function listByNrn(context, entity, nrn) {
             return listLinks(context.np, nrn);
         case "approval":
             return listApprovals(context.bff, nrn);
+        case "template":
+            return listTemplates(context.np, nrn);
         default:
             return [];
     }
@@ -58,14 +66,14 @@ async function listByNrn(context, entity, nrn) {
 export const entityListTool = defineTool({
     name: TOOL.entityList,
     title: "List entities (data)",
-    description: 'List releases, builds, deployments, scopes, applications, namespaces, parameters, services, links or approvals as DATA — returns structuredContent and renders NO panel. THIS is the tool for AGGREGATING or COMPARING across many apps/scopes: "the latest release across all my apps", "which app has a failing build", "every scope on the newest build" — list each app\'s releases/builds with this (no panel per app), then compute the answer yourself. Prefer it over application_release_list/application_build_list/application_deployment_list whenever you are gathering to reason or to answer an aggregate — those panel reads are ONLY for showing ONE app\'s list to the user. Scoped to a parent: REST tree organization → account → namespace → application → {scope, build, release}; scope → deployment — pass `entity` plus the `parent_type`+`parent_id` it lives under (e.g. entity:"release" parent_type:"application" parent_id:123; listing `account` needs no parent). NRN-scoped resources (parameter, service, link, approval) live under an application or scope — pass parent_type:"application"|"scope" + parent_id (the NRN is resolved for you), or `nrn` directly. For one entity by id use entity_get.',
+    description: 'List releases, builds, deployments, scopes, applications, namespaces, parameters, services, links or approvals as DATA — returns structuredContent and renders NO panel. THIS is the tool for any DATA lookup you reason over — whether AGGREGATING across apps ("the latest release across all my apps", "which app has a failing build", "every scope on the newest build") OR reading ONE app\'s history to identify something for your next move ("the previously deployed version to roll back to", "the release behind the current deployment", "what version ran before this one", "find the active rollout"). List the app\'s deployments/releases/builds with this (NO panel), then compute the answer yourself. Prefer it over application_release_list/application_build_list/application_deployment_list/application_get WHENEVER you are gathering to reason — including a single app, not just aggregates — because those reads RENDER A PANEL the user didn\'t ask for; and the LIST panels (release/build/deployment) split their rows into _meta, so they would not even reach your reasoning. Those reads are ONLY for showing the user a list/status they asked to see. Scoped to a parent: REST tree organization → account → namespace → application → {scope, build, release}; scope → deployment — pass `entity` plus the `parent_type`+`parent_id` it lives under (e.g. entity:"release" parent_type:"application" parent_id:123; listing `account` needs no parent). NRN-scoped resources (parameter, service, link, approval) live under an application or scope — pass parent_type:"application"|"scope" + parent_id (the NRN is resolved for you), or `nrn` directly. `template` is scoped by a NAMESPACE: pass entity:"template" parent_type:"namespace" parent_id:<namespace_id> to list the scaffolding templates available for a new app there — do this to choose a template BEFORE opening the application_create form, so the form opens with it pre-selected (don\'t open the form blind to discover templates). For one entity by id use entity_get.',
     annotations: { readOnlyHint: true },
     // No widget on purpose: data-only navigation. See CLAUDE.md (the data-only read pattern).
     errorKey: "entityList.errorLabel",
     inputSchema: {
         entity: z
             .enum(ENTITIES)
-            .describe("Collection to list. REST tree: account, namespace, application, scope, build, release, deployment. NRN-scoped: parameter, service, link, approval."),
+            .describe("Collection to list. REST tree: account, namespace, application, scope, build, release, deployment. NRN-scoped: parameter, service, link, approval, template (template lists a namespace's scaffolding templates)."),
         parent_type: z
             .enum(PARENTS)
             .optional()
@@ -74,7 +82,7 @@ export const entityListTool = defineTool({
         nrn: z
             .string()
             .optional()
-            .describe("For nrn-scoped entities (parameter/service/link/approval): the scoping NRN directly, if you have it; otherwise pass parent_type + parent_id and it's resolved for you."),
+            .describe('For nrn-scoped entities (parameter/service/link/approval/template): the scoping NRN directly, if you have it; otherwise pass parent_type + parent_id (for template, parent_type:"namespace") and it\'s resolved for you.'),
         limit: z.number().optional().describe("Max rows (default 100) — REST collections only."),
     },
     async handler(args, context) {

package/dist/tools/logs.js

@@ -1,14 +1,27 @@
 import { z } from "zod";
 import { plural, translate } from "../i18n.js";
+import { log } from "../log.js";
 import { dashboardLink, linkLine, next } from "../md.js";
 import { listScopes, readLogs } from "../np/journey.js";
 import { defineTool, fail, reply } from "../tool.js";
 import { TOOL } from "../tool-names.js";
 import { appArg, chooseScope, requireApp } from "./shared.js";
+const parseMs = (value) => {
+    if (!value)
+        return 0;
+    const ms = new Date(value).getTime();
+    return Number.isNaN(ms) ? 0 : ms;
+};
+/** A log entry's timestamp as epoch ms, from the platform's `date` field (ISO-8601). The single time
+ *  source for BOTH ordering and the staleness check. Absent → 0 (sorts as oldest, adds no recency).
+ *  We never parse a time out of the message TEXT: the platform already resolves each line's time into
+ *  `date`; an app that logs structured JSON keeps its own `"time"` inside the message, which is the
+ *  app's payload to show verbatim, not ours to reinterpret. */
+const logTimeMs = (entry) => parseMs(entry.date);
 export const logsTool = defineTool({
     name: TOOL.applicationLogList,
     title: "Logs",
-    description: 'Read ONE application\'s recent logs (per scope), rendered as a logs PANEL — the latest lines, newest last. Use it for "why is it failing?", "show me the logs", "what errored". Logs are per-scope: omit `scope` to use the only one (or be asked which); page older lines with `page_token`; narrow the window with `start_time`/`end_time` (ISO-8601) or cap with `lines`. Does NOT return metrics or deploy status — use application_metric_list or application_get. Read-only.',
+    description: 'Read ONE application\'s recent logs (per scope), rendered as a logs PANEL — the latest lines, newest last. Use it for "why is it failing?", "show me the logs", "what errored", "show <app> logs". Pass `app` (name OR "#id") and this resolves the application ITSELF — call it DIRECTLY; do NOT call application_list (to find the app) or application_get (to look it up) first, that just renders panels the user didn\'t ask for. "show <app> logs" is ONE call: this tool with app:"<app>". Logs are per-scope: omit `scope` to use the only one (or be asked which). With no window the SERVER auto-widens 1m → 5m → 30m and returns the first window that has logs, then falls back to the LATEST available lines (any age) so a quiet/stopped app still shows its last logs (e.g. the crash) — it prefers recent activity but is NEVER empty, so you NEVER need to re-call with a wider window (don\'t widen client-side — one call is enough). To pin a specific range pass `start_time`/`end_time` (ISO-8601) or a bigger `lines` (an explicit window skips the auto-widen). Page older lines with `page_token`. Does NOT return metrics or deploy status — use application_metric_list or application_get. Read-only.',
     annotations: { readOnlyHint: true, openWorldHint: true },
     widget: "logs",
     errorKey: "logs.errorLabel",
@@ -46,14 +59,84 @@ export const logsTool = defineTool({
             return picked.out;
         const scope = picked.scope;
         const maxLines = args.lines ?? 50;
-        const page = await readLogs(context.np, {
-            application_id: app.id,
-            scope_id: scope.id,
-            next_page_token: args.page_token,
-            start_time: args.start_time,
-            end_time: args.end_time,
-        });
-        const entries = (page.results ?? []).slice(-maxLines);
+        // No explicit window → progressively WIDEN the lookback (1m → 5m → 30m → 6h → 24h → 7d), stopping
+        // at the first window that actually has logs. So "show logs" starts with recent activity instead
+        // of an empty last-minute view on a quiet app. The wider steps past 30m are NOT cosmetic: an app
+        // that last logged, say, 45m ago has its newest lines just OUTSIDE the 30m "live" window. Without
+        // a 6h step the widen would skip straight to the unfiltered fallback — and an unfiltered read can
+        // return an OLDER partition than the most-recent lines (observed live: 06-19 lines surfaced while
+        // the app's real 06-22 lines sat in the 30m→unfiltered gap). An explicit `start_time` filters
+        // server-side, so the 6h step returns those 06-22 lines; staleness still flags them as not-live.
+        // The live tail re-runs this each poll. An explicit window / `page_token` skips the widening (the
+        // user/model asked for a specific range; widen further yourself to diagnose an older failure).
+        const explicit = Boolean(args.start_time || args.end_time || args.page_token);
+        const minute = 60_000;
+        const hour = 60 * minute;
+        const since = (ageMs) => ({ start_time: new Date(Date.now() - ageMs).toISOString() });
+        const windows = explicit
+            ? [{ start_time: args.start_time, end_time: args.end_time, next_page_token: args.page_token }]
+            : [
+                since(minute),
+                since(5 * minute),
+                since(30 * minute),
+                since(6 * hour),
+                since(24 * hour),
+                since(7 * 24 * hour),
+                // Last resort: latest-available, ANY age — an app silent for >7d still shows its last lines
+                // (e.g. an old crash), NEVER an empty panel. The explicit windows above are what surface the
+                // REAL most-recent lines; an unfiltered read can return an older partition, so it's only the
+                // truly-ancient safety net, never the primary path.
+                {},
+            ];
+        let page = await readLogs(context.np, { application_id: app.id, scope_id: scope.id, ...windows[0] });
+        let usedWindow = 0;
+        log.debug({ logsTool: { app: app.id, scope: scope.id, window: windows[0], count: page.results?.length ?? 0 } }, "logs: window 0");
+        for (let attempt = 1; attempt < windows.length && !(page.results ?? []).length; attempt++) {
+            page = await readLogs(context.np, { application_id: app.id, scope_id: scope.id, ...windows[attempt] });
+            usedWindow = attempt;
+            log.debug({
+                logsTool: {
+                    app: app.id,
+                    scope: scope.id,
+                    window: windows[attempt],
+                    count: page.results?.length ?? 0,
+                },
+            }, `logs: window ${attempt}`);
+        }
+        // Sort oldest → newest by timestamp, THEN take the newest `maxLines` (kept oldest-first for the
+        // "newest last" display). The platform returns lines newest-first, so a naive slice(-maxLines)
+        // took the OLDEST lines — which is why a multi-day log set surfaced days-old lines under "live".
+        const ordered = (page.results ?? []).slice().sort((left, right) => logTimeMs(left) - logTimeMs(right));
+        const entries = ordered.slice(-maxLines);
+        // Staleness: with no explicit window the auto-widen tries 1m → 5m → 30m before the latest-available
+        // fallback. So if the NEWEST line we got is older than that widest live window (30m), the app has had
+        // no recent activity and these are last-gasp lines (e.g. a crash days ago). Flag it so the panel/text
+        // says "no recent activity, last logs from <time>" instead of presenting old lines as a live tail.
+        // An explicit window/page_token means the user asked for that range — old lines there aren't "stale".
+        const newestMs = entries.reduce((max, entry) => Math.max(max, logTimeMs(entry)), 0);
+        const stale = !explicit && newestMs > 0 && Date.now() - newestMs > 30 * 60_000;
+        const newestTs = newestMs > 0 ? new Date(newestMs).toISOString() : null;
+        // The trace that pins down a logs-fetch complaint: which window won, how the staleness verdict was
+        // reached, and a sample of the RAW entries — the `date` field each line carries (the platform's
+        // timestamp) plus a short message head, so a missing/odd `date` is visible in the trace.
+        log.debug({
+            logsTool: {
+                app: app.id,
+                scope: scope.name,
+                explicit,
+                usedWindow,
+                rawCount: page.results?.length ?? 0,
+                entryCount: entries.length,
+                newestTs,
+                stale,
+                nowIso: new Date().toISOString(),
+                ageMin: newestMs > 0 ? Math.round((Date.now() - newestMs) / 60_000) : null,
+                sample: (page.results ?? []).slice(0, 6).map((entry) => ({
+                    date: entry.date ?? null,
+                    msgHead: entry.message.slice(0, 80),
+                })),
+            },
+        }, "logs: resolved entries + staleness");
         const scopeSuffix = ` · ${scope.name}`;
         // The full scope list rides along so the widget can offer a scope switcher.
         const scopeList = scopes.map((candidate) => ({ name: candidate.name, status: candidate.status }));
@@ -64,24 +147,38 @@ export const logsTool = defineTool({
         }
         const body = entries
             .map((entry) => {
-            const timestamp = entry.datetime ?? entry.timestamp;
-            const prefix = timestamp
-                ? `${new Date(timestamp).toISOString().slice(5, 19).replace("T", " ")}  `
-                : "";
-            return `${prefix}${(entry.message ?? "").trimEnd()}`;
+            // Timestamp column comes from the `date` field; guard a bad value (the API could return an
+            // unparseable date) so the prefix is just dropped rather than throwing.
+            const ms = parseMs(entry.date);
+            const prefix = ms ? `${new Date(ms).toISOString().slice(5, 19).replace("T", " ")}  ` : "";
+            return `${prefix}${entry.message.trimEnd()}`;
         })
             .join("\n");
-        const markdown = `${plural(entries.length, "logs.lastLines.one", "logs.lastLines.many", { app: app.name, scope: scopeSuffix })}\n\n\`\`\`\n${body}\n\`\`\``;
+        const heading = stale
+            ? plural(entries.length, "logs.staleLines.one", "logs.staleLines.many", {
+                app: app.name,
+                scope: scopeSuffix,
+                time: (newestTs ?? "").slice(0, 16).replace("T", " "),
+            })
+            : plural(entries.length, "logs.lastLines.one", "logs.lastLines.many", {
+                app: app.name,
+                scope: scopeSuffix,
+            });
+        const markdown = `${heading}\n\n\`\`\`\n${body}\n\`\`\``;
         return reply(markdown, {
             count: entries.length,
+            stale,
+            newest_ts: newestTs,
             next_page_token: page.next_page_token ?? null,
             app: `#${app.id}`,
             app_name: app.name,
             scope: scope.name,
             scopes: scopeList,
+            // Two columns: the timestamp from the `date` field (null → the widget shows no timestamp cell,
+            // just the message), and the message verbatim. No parsing time out of the text.
             lines: entries.map((entry) => ({
-                ts: entry.datetime ?? entry.timestamp ?? null,
-                message: entry.message ?? "",
+                ts: entry.date ?? null,
+                message: entry.message,
             })),
         });
     },

package/dist/tools/overview.js

@@ -14,7 +14,7 @@ const MAX_APPS = 30;
 export const overviewTool = defineTool({
     name: TOOL.organizationGet,
     title: "Organization overview",
-    description: 'A cross-application health digest for the WHOLE org, rendered as a panel: what\'s mid-rollout right now, and which scopes\' last deployment failed or rolled back. Use it for org-wide questions that name no app — "is anything broken?", "what\'s deploying?", "any failed rollouts?". Scans up to the first ~30 applications (truncation is reported, never silent). Does NOT show one app\'s full detail (use application_get), nor logs/metrics; to find the latest release or build ACROSS apps, gather headlessly with entity_list and compute it — don\'t call this. Read-only.',
+    description: 'A cross-application health digest for the WHOLE org, rendered as a panel: what\'s mid-rollout right now, and which scopes\' last deployment failed or rolled back. Use it ONLY for org-wide HEALTH questions that name no app — "is anything broken?", "what\'s deploying?", "any failed rollouts?". Scans up to the first ~30 applications (truncation is reported, never silent). This is HEALTH only — do NOT call it to understand org STRUCTURE or to gather context for CREATING an app (where apps live, which accounts/namespaces exist, where to place a new one): navigate that headlessly with entity_list (account → namespace → application), which renders no panel. Also does NOT show one app\'s detail (use application_get) or logs/metrics, and for the latest release/build ACROSS apps use entity_list and compute it. Read-only.',
     annotations: { readOnlyHint: true, openWorldHint: true },
     widget: "overview",
     errorKey: "overview.errorLabel",

package/dist/tools/params.js

@@ -61,7 +61,13 @@ export const paramsTool = defineTool({
             resolvedScope = { id: picked.scope.id, name: picked.scope.name };
             readNrn = picked.scope.nrn;
         }
-        const parameters = await listParameters(context.np, readNrn, { offset: args.offset });
+        // A scope read interpolates so the platform resolves the EFFECTIVE value per parameter (scope
+        // value › most-specific dimension match › app default) — app-level/dimension values inherit
+        // down. Without it a scope NRN returns only values pinned at that exact scope (usually none).
+        const parameters = await listParameters(context.np, readNrn, {
+            offset: args.offset,
+            interpolate: Boolean(resolvedScope),
+        });
         if (parameters === undefined) {
             return reply(translate("params.unavailable") + linkLine(translate("params.viewInDashboard"), dashboard), { available: false, ...appRef });
         }

package/dist/tools/releases.js

@@ -12,7 +12,7 @@ import { appArg, offsetArg, pageOf, requireApp } from "./shared.js";
 export const releasesTool = defineTool({
     name: TOOL.applicationReleaseList,
     title: "Releases",
-    description: "List ONE application's releases as a PANEL for the user — semver, status (active/deprecated/unstable/failed), the build each pins, and age. Use to pick a release to deploy or promote, or to see what's shippable. Do NOT call this once per app to compare across apps (it renders a panel each time): for an AGGREGATE like 'the latest release across all my apps' use entity_list (entity:\"release\"), gather headlessly, and compute the answer.",
+    description: "List ONE application's releases as a PANEL for the user to SEE — semver, status (active/deprecated/unstable/failed), the build each pins, and age; each row carries a Deploy button. Use it ONLY when the user wants to look at what's shippable or click a release to deploy. CRUCIAL — do NOT render this to QUERY: to FIND or IDENTIFY a release for your OWN next step — the previous version to roll back to, the release behind the current deployment, the latest across apps — read it HEADLESSLY with entity_list (entity:\"release\") and compute the answer, never this panel. Rendering it to read history is wasted: the rows ride in _meta and never reach your reasoning, so you would paint a panel, get nothing, and re-read headlessly anyway. Render this ONLY to show the user a list they asked to see.",
     annotations: { readOnlyHint: true, openWorldHint: true },
     widget: "releases",
     errorKey: "releaseList.errorLabel",

package/dist/tools/set-params.js

@@ -5,6 +5,22 @@ import { listParameters, listScopes, setParameters } from "../np/journey.js";
 import { defineTool, errorMessage, fail, reply } from "../tool.js";
 import { TOOL } from "../tool-names.js";
 import { appArg, pickScope, requireApp } from "./shared.js";
+/** Honest upsert summary: "created N" / "updated N" / a mixed count — so a retry reads as "0 new". */
+function paramSummary(result, app, names) {
+    if (result.updated === 0) {
+        return plural(result.created, "setParams.created.one", "setParams.created.many", { app, names });
+    }
+    if (result.created === 0) {
+        return plural(result.updated, "setParams.updated.one", "setParams.updated.many", { app, names });
+    }
+    return translate("setParams.mixed", {
+        created: result.created,
+        updated: result.updated,
+        total: result.created + result.updated,
+        app,
+        names,
+    });
+}
 export const setParamsTool = defineTool({
     name: TOOL.applicationParameterCreate,
     title: "Set parameters",
@@ -72,24 +88,7 @@ export const setParamsTool = defineTool({
             const result = await setParameters(context.np, app.nrn, inputs);
             const names = args.params.map((param) => `\`${param.name}\``).join(", ");
             const total = result.created + result.updated;
-            // Honest about upsert: say how many were new vs changed so a retry reads as "0 new".
-            const summary = result.updated === 0
-                ? plural(result.created, "setParams.created.one", "setParams.created.many", {
-                    app: app.name,
-                    names,
-                })
-                : result.created === 0
-                    ? plural(result.updated, "setParams.updated.one", "setParams.updated.many", {
-                        app: app.name,
-                        names,
-                    })
-                    : translate("setParams.mixed", {
-                        created: result.created,
-                        updated: result.updated,
-                        total,
-                        app: app.name,
-                        names,
-                    });
+            const summary = paramSummary(result, app.name, names);
             // Mirror the params widget's shape so the SAME panel renders the resulting set (with its
             // scope picker + add affordance) after the write; the markdown stays the plain confirmation.
             const parameters = await listParameters(context.np, app.nrn).catch(() => undefined);

package/dist/tools/shared.js

@@ -124,6 +124,15 @@ export function resolveChoice(options, hint, settings = {}) {
  */
 export function matchScopes(scopes, wanted) {
     const query = wanted.trim().toLowerCase();
+    // "#<id>" — an exact, unambiguous scope id. This is the form widgets send from their scope picker
+    // (the option value is the numeric id) and a documented `scope` arg form. Matched FIRST so a numeric
+    // id never falls through to name/substring matching — which can't see `id` and would return nothing,
+    // failing the call before it ever reads parameters (the widget scope-resolve bug).
+    const byId = /^#(\d+)$/.exec(query);
+    if (byId) {
+        const id = Number(byId[1]);
+        return scopes.filter((scope) => scope.id === id);
+    }
     const keyValue = /^([a-z0-9_-]+)\s*=\s*(.+)$/.exec(query);
     if (keyValue?.[1] && keyValue[2] !== undefined) {
         const [, dimensionKey, dimensionValue] = keyValue;

package/dist/tools/status.js

@@ -1,7 +1,7 @@
 import { z } from "zod";
 import { dashboardLink } from "../md.js";
 import { pmap } from "../np/context.js";
-import { getDeployment, getScope, isDeploymentTerminal, listBuilds, listReleases, listScopeDeployments, listScopes, } from "../np/journey.js";
+import { getDeployment, getRelease, getScope, isDeploymentTerminal, listBuilds, listReleases, listScopeDeployments, listScopes, } from "../np/journey.js";
 import { renderRollout, renderStatus } from "../render.js";
 import { defineTool, reply } from "../tool.js";
 import { TOOL } from "../tool-names.js";
@@ -25,9 +25,9 @@ async function scopeViews(context, applicationId) {
     });
 }
 /**
- * Build an application's full status view (the np-panel overview payload). Exported so write
+ * Build an application's full status view (the app overview payload). Exported so write
  * tools that should hand off into the same live panel — e.g. create-scope, after provisioning a
- * new deploy target — can return this exact shape and let np-panel render the app + Deploy.
+ * new deploy target — can return this exact shape and let the status panel render the app + Deploy.
  */
 export async function buildAppStatus(context, app) {
     const [views, builds, releases, orgSlug] = await Promise.all([
@@ -41,9 +41,9 @@ export async function buildAppStatus(context, app) {
 export const statusTool = defineTool({
     name: TOOL.applicationGet,
     title: "Application status",
-    description: 'THE place to start for ONE application\'s live status — renders a status PANEL: each scope with what\'s live on it (release + traffic), the latest build, the latest release, and the single obvious next action. Use it for "what\'s the status of my app", "what\'s deployed where", "is it healthy" — a STATUS question. For a DIRECT action ("deploy", "send traffic", "show logs/metrics") reach for that action\'s own tool instead of starting here; only read status first when you genuinely need to see state before acting. Call with NO arguments inside a git repo to use the linked app; pass `app` (name or "#id") for a different one; pass `deployment:<id>` to watch one rollout\'s live detail. Does NOT return logs, metrics, parameters, or a build\'s assets — use application_log_list / application_metric_list / application_parameter_list / application_build_list for those. Do NOT loop this to WAIT for a build or deployment to finish: it repaints the whole panel every call (stacking duplicate panels) — poll headlessly with entity_get (entity:"build" or "deployment", id:<id>) instead, and show this panel once at the end.',
+    description: 'THE place to start for ONE application\'s live status — renders a status PANEL: each scope with what\'s live on it (release + traffic), the latest build, the latest release, and the single obvious next action. Use it for "what\'s the status of my app", "what\'s deployed where", "is it healthy" — a STATUS question. For a DIRECT action ("deploy", "roll back", "send traffic", "show logs/metrics") reach for that action\'s own tool — do NOT render this panel FIRST to "check current state" or "see what\'s live" before acting. When you need current state to DECIDE (which version is live, what the previous version is), read it HEADLESSLY with entity_get / entity_list and act on that; rendering this panel just to orient drops a status panel the user never asked for. Render it ONLY when the USER wants to SEE status. To LOOK UP a field for your OWN work — the repository_url to clone/edit, the app id, where it lives, its nrn — read it HEADLESSLY with entity_get (entity:"application", id:<id>); do NOT render this status panel just to grab a value. Call with NO arguments inside a git repo to use the linked app; pass `app` (name or "#id") for a different one; pass `deployment:<id>` to watch one rollout\'s live detail. Does NOT return logs, metrics, parameters, or a build\'s assets — use application_log_list / application_metric_list / application_parameter_list / application_build_list for those. Do NOT loop this to WAIT for a build or deployment to finish: it repaints the whole panel every call (stacking duplicate panels) — poll headlessly with entity_get (entity:"build" or "deployment", id:<id>) instead, and show this panel once at the end.',
     annotations: { readOnlyHint: true, openWorldHint: true },
-    widget: "np-panel",
+    widget: "status",
     errorKey: "status.errorLabel",
     inputSchema: {
         app: appArg,
@@ -52,13 +52,20 @@ export const statusTool = defineTool({
     async handler(args, context) {
         if (args.deployment) {
             const deployment = await getDeployment(context.np, args.deployment);
-            const [scope, orgSlug] = await Promise.all([
+            // Resolve the release too, so the rollout panel keeps showing its version on every live poll
+            // (this read is what the panel polls every 2.5s — without the release, release_semver goes null
+            // and the version disappears after the first refresh).
+            const [scope, release, orgSlug] = await Promise.all([
                 deployment.scope_id ? getScope(context.np, deployment.scope_id).catch(() => undefined) : undefined,
+                deployment.release_id
+                    ? getRelease(context.np, deployment.release_id).catch(() => undefined)
+                    : undefined,
                 context.org.organizationSlug(),
             ]);
             const { md, structured } = renderRollout({
                 deployment,
                 scope,
+                release,
                 dashboard: dashboardLink(orgSlug, scope?.nrn),
             });
             return reply(md, structured);

package/dist/tools/traffic.js

@@ -6,12 +6,43 @@ import { renderRollout } from "../render.js";
 import { defineTool, fail, reply } from "../tool.js";
 import { TOOL } from "../tool-names.js";
 import { appArg, delays, requireApp, sleep } from "./shared.js";
+/**
+ * Find which deployment to steer. An explicit `deployment_id` wins; otherwise resolve the app and
+ * fan out across its scopes for the single non-terminal rollout. Mirrors requireApp's shape:
+ * returns { deploymentId, scope } or an `out` reply — a `fail` when nothing is in flight, or the
+ * disambiguation table when several rollouts are active at once (pass deployment_id to pick one).
+ */
+async function resolveActiveRollout(context, args) {
+    if (args.deployment_id)
+        return { deploymentId: args.deployment_id };
+    const resolved = await requireApp(context, args);
+    if ("out" in resolved)
+        return { out: resolved.out };
+    const scopes = await listScopes(context.np, resolved.app.id);
+    const activeRollouts = [];
+    for (const candidate of scopes) {
+        const deployments = await listScopeDeployments(context.np, candidate.id, 3);
+        const active = deployments.find((deployment) => !isDeploymentTerminal(deployment.status));
+        if (active)
+            activeRollouts.push({ deploymentId: active.id, scope: candidate, status: active.status });
+    }
+    if (activeRollouts.length === 0) {
+        return { out: fail(translate("traffic.noActive", { app: resolved.app.name })) };
+    }
+    if (activeRollouts.length > 1) {
+        return {
+            out: reply(`${translate("traffic.several")}\n\n${table([translate("header.deployment"), translate("header.scope"), translate("header.status")], activeRollouts.map((rollout) => [`#${rollout.deploymentId}`, rollout.scope.name, rollout.status]))}`),
+        };
+    }
+    const only = activeRollouts[0]; // length === 1 checked above
+    return { deploymentId: only.deploymentId, scope: only.scope };
+}
 export const trafficTool = defineTool({
     name: TOOL.applicationDeploymentUpdate,
     title: "Update traffic",
-    description: 'Drive an IN-FLIGHT rollout — the step AFTER application_deployment_create. Call it DIRECTLY with `percent` (snaps to 0,1,5,10,25,50,75,90,95,99,100) to move traffic, action:"finalize" to retire the old version, or action:"rollback" to return traffic to the previous version (the safety hatch). You do NOT need to read status or look up a deployment id first — it finds the app\'s single active rollout automatically (pass `deployment_id` only when several are in flight at once). Use it for "send 25% traffic", "promote to 100%", "finalize", "roll back". Renders the live rollout panel. Does NOT create a deployment — use application_deployment_create first; this only steers one that already exists.',
+    description: 'Drive an IN-FLIGHT rollout, rendered as the live rollout PANEL — the SAME single panel application_deployment_create opens, where provisioning status, the traffic slider, auto-advance, finalize, rollback and live logs ALL live. Call it DIRECTLY with `percent` (snaps to 0,1,5,10,25,50,75,90,95,99,100) to move traffic, action:"finalize" to retire the old version, or action:"rollback" to return traffic to the previous version (the safety hatch). You do NOT need to read status or look up a deployment id first — it finds the app\'s single active rollout automatically (pass `deployment_id` only when several are in flight at once). Use it for "send 25% traffic", "promote to 100%", "finalize", "roll back". THE ROLLOUT IS ONE PANEL: if a rollout panel is already open (you just deployed), the user walks traffic, finalizes and rolls back IN it via its own controls — do NOT call this yourself to step 25 → 50 → 100 → finalize, because each model call stacks ANOTHER rollout panel. Call this directly ONLY for one move the user explicitly named with no panel open. Does NOT create a deployment — use application_deployment_create first; this only steers one that already exists.',
     annotations: { destructiveHint: true, openWorldHint: true },
-    widget: "np-panel",
+    widget: "status",
     errorKey: "traffic.errorLabel",
     inputSchema: {
         app: appArg,
@@ -23,30 +54,11 @@ export const trafficTool = defineTool({
         if (args.percent === undefined && !args.action) {
             return fail(translate("traffic.sayWhat"));
         }
-        let deploymentId = args.deployment_id;
-        let scope;
-        if (!deploymentId) {
-            const resolved = await requireApp(context, args);
-            if ("out" in resolved)
-                return resolved.out;
-            const scopes = await listScopes(context.np, resolved.app.id);
-            const activeRollouts = [];
-            for (const candidate of scopes) {
-                const deployments = await listScopeDeployments(context.np, candidate.id, 3);
-                const active = deployments.find((deployment) => !isDeploymentTerminal(deployment.status));
-                if (active)
-                    activeRollouts.push({ deploymentId: active.id, scope: candidate, status: active.status });
-            }
-            if (activeRollouts.length === 0) {
-                return fail(translate("traffic.noActive", { app: resolved.app.name }));
-            }
-            if (activeRollouts.length > 1) {
-                return reply(`${translate("traffic.several")}\n\n${table([translate("header.deployment"), translate("header.scope"), translate("header.status")], activeRollouts.map((rollout) => [`#${rollout.deploymentId}`, rollout.scope.name, rollout.status]))}`);
-            }
-            const only = activeRollouts[0]; // length === 1 checked above
-            deploymentId = only.deploymentId;
-            scope = only.scope;
-        }
+        const rollout = await resolveActiveRollout(context, args);
+        if ("out" in rollout)
+            return rollout.out;
+        const deploymentId = rollout.deploymentId;
+        let scope = rollout.scope;
         if (args.action === "finalize")
             await deploymentAction(context.np, deploymentId, "finalize");
         else if (args.action === "rollback")