@productmaker/mcp 0.1.6 → 0.2.0

package/README.md

@@ -45,7 +45,16 @@ Header: `Authorization: Bearer pm_live_...`
 
 Creative tools accept an `images` array of **1–5 photos of the same product**. The first entry is the hero; the rest are alternate angles. Don't mix different products in one call — that's a separate task each time.
 
-Each entry uses `{ "url": "https://..." }` (preferred — public HTTPS) or `{ "base64": "..." }` (only for local files <500 KB; clients truncate large arguments).
+Each entry has **exactly one** of:
+
+- `{ "url": "https://..." }` — public HTTPS URL (Shopify CDN, Cloudinary, etc.). Use this whenever the photo is already hosted.
+- `{ "path": "/Users/maria/Desktop/foto.jpg" }` — local filesystem path. The MCP process reads the file from disk and uploads its bytes. `~/` and `%USERPROFILE%` are expanded. **Only works with the local stdio MCP (npm).** The hosted `mcp.productmaker.app` endpoint rejects `path` because Cloud Run has no access to your filesystem.
+
+Mixed sources in the same call are fine: `[{ "path": "~/Desktop/hero.jpg" }, { "url": "https://..." }]`.
+
+### Breaking change in 0.2.0
+
+The `base64` field was removed. MCP JSON-RPC transports truncate large tool arguments (~1 MB) and host-attached chat images never reach the model as raw bytes — base64 in practice never worked. Use `path` (local MCP) or `url` (hosted MCP) instead.
 
 ## Downloading results
 

package/dist/http.js

@@ -38,14 +38,14 @@ var ApiClient = class {
       Authorization: `Bearer ${this.apiKey}`
     };
   }
-  async getJson(path) {
-    const res = await fetch(`${this.baseUrl}${path}`, {
+  async getJson(path2) {
+    const res = await fetch(`${this.baseUrl}${path2}`, {
       headers: this.authHeaders()
     });
     return this.parse(res);
   }
-  async postJson(path, body) {
-    const res = await fetch(`${this.baseUrl}${path}`, {
+  async postJson(path2, body) {
+    const res = await fetch(`${this.baseUrl}${path2}`, {
       method: "POST",
       headers: {
         ...this.authHeaders(),
@@ -55,8 +55,8 @@ var ApiClient = class {
     });
     return this.parse(res);
   }
-  async patchJson(path, body) {
-    const res = await fetch(`${this.baseUrl}${path}`, {
+  async patchJson(path2, body) {
+    const res = await fetch(`${this.baseUrl}${path2}`, {
       method: "PATCH",
       headers: {
         ...this.authHeaders(),
@@ -66,14 +66,14 @@ var ApiClient = class {
     });
     return this.parse(res);
   }
-  async deleteJson(path) {
-    const res = await fetch(`${this.baseUrl}${path}`, {
+  async deleteJson(path2) {
+    const res = await fetch(`${this.baseUrl}${path2}`, {
       method: "DELETE",
       headers: this.authHeaders()
     });
     return this.parse(res);
   }
-  async postMultipart(path, files, fields) {
+  async postMultipart(path2, files, fields) {
     const form = new FormData();
     for (const [name, value] of Object.entries(files)) {
       const parts = Array.isArray(value) ? value : [
@@ -91,7 +91,7 @@ var ApiClient = class {
     for (const [k, v] of Object.entries(fields)) {
       if (v !== void 0) form.append(k, v);
     }
-    const res = await fetch(`${this.baseUrl}${path}`, {
+    const res = await fetch(`${this.baseUrl}${path2}`, {
       method: "POST",
       headers: this.authHeaders(),
       body: form
@@ -113,19 +113,40 @@ var ApiClient = class {
 };
 
 // src/index.ts
-var MCP_VERSION = "0.1.0";
+var MCP_VERSION = "0.2.0";
 
 // src/tools/tasks.ts
 import { z as z2 } from "zod";
 
 // src/resolve-image.ts
 import { lookup as dnsLookup } from "dns/promises";
+import { promises as fs, createReadStream } from "fs";
+import * as path from "path";
+import * as os from "os";
 var MAX_BYTES = 20 * 1024 * 1024;
-var ALLOWED = /* @__PURE__ */ new Set([
-  "image/jpeg",
-  "image/png",
-  "image/webp"
-]);
+var IMAGE_FORMATS = [
+  {
+    mime: "image/jpeg",
+    exts: [
+      ".jpg",
+      ".jpeg"
+    ]
+  },
+  {
+    mime: "image/png",
+    exts: [
+      ".png"
+    ]
+  },
+  {
+    mime: "image/webp",
+    exts: [
+      ".webp"
+    ]
+  }
+];
+var ALLOWED_MIMES = new Set(IMAGE_FORMATS.map((f) => f.mime));
+var ALLOWED_EXTS = new Set(IMAGE_FORMATS.flatMap((f) => f.exts));
 var ResolveImageError = class extends Error {
   static {
     __name(this, "ResolveImageError");
@@ -192,69 +213,139 @@ async function assertHostResolvesPublic(hostname) {
   }
 }
 __name(assertHostResolvesPublic, "assertHostResolvesPublic");
-async function resolveImages(images) {
+function expandUserPath(raw) {
+  let s = raw.trim();
+  if (s === "~") return os.homedir();
+  if (s.startsWith("~/") || s.startsWith("~\\")) s = path.join(os.homedir(), s.slice(2));
+  s = s.replace(/^\$HOME(?=$|[/\\])/, os.homedir());
+  s = s.replace(/^%USERPROFILE%(?=$|[/\\])/i, os.homedir());
+  return s;
+}
+__name(expandUserPath, "expandUserPath");
+async function readFileWithCap(absPath, max) {
+  const chunks = [];
+  let total = 0;
+  let exceeded = false;
+  const stream = createReadStream(absPath);
+  try {
+    for await (const chunk of stream) {
+      total += chunk.length;
+      if (total > max) {
+        exceeded = true;
+        break;
+      }
+      chunks.push(chunk);
+    }
+  } catch (e) {
+    const code = e.code;
+    if (code === "ENOENT") throw new ResolveImageError("IMAGE_PATH_NOT_FOUND", "file disappeared during read");
+    if (code === "EACCES" || code === "EPERM") throw new ResolveImageError("IMAGE_PATH_NOT_READABLE", `cannot read file (${code})`);
+    throw new ResolveImageError("IMAGE_PATH_NOT_READABLE", e.message);
+  } finally {
+    if (!stream.destroyed) stream.destroy();
+  }
+  if (exceeded) throw new ResolveImageError("IMAGE_TOO_LARGE", `file exceeds ${max} bytes`);
+  return Buffer.concat(chunks, total);
+}
+__name(readFileWithCap, "readFileWithCap");
+async function resolvePath(rawPath) {
+  const expanded = expandUserPath(rawPath);
+  const abs = path.resolve(expanded);
+  const ext = path.extname(abs).toLowerCase();
+  if (!ALLOWED_EXTS.has(ext)) {
+    throw new ResolveImageError("IMAGE_TYPE_UNSUPPORTED", `path extension ${ext || "(none)"} is not in the image allowlist (.jpg .jpeg .png .webp)`);
+  }
+  let stat;
+  try {
+    stat = await fs.stat(abs);
+  } catch (e) {
+    const code = e.code;
+    if (code === "ENOENT") {
+      throw new ResolveImageError("IMAGE_PATH_NOT_FOUND", `no such file: ${abs}`);
+    }
+    if (code === "EACCES" || code === "EPERM") {
+      throw new ResolveImageError("IMAGE_PATH_NOT_READABLE", `cannot access ${abs} (${code})`);
+    }
+    throw new ResolveImageError("IMAGE_PATH_NOT_READABLE", `stat failed: ${e.message}`);
+  }
+  if (!stat.isFile()) {
+    throw new ResolveImageError("IMAGE_PATH_NOT_A_FILE", `${abs} is not a regular file`);
+  }
+  if (stat.size > MAX_BYTES) {
+    throw new ResolveImageError("IMAGE_TOO_LARGE", `${stat.size} bytes (cap ${MAX_BYTES})`);
+  }
+  const buf = await readFileWithCap(abs, MAX_BYTES);
+  const sniffed = sniffMime(buf);
+  if (!sniffed) {
+    throw new ResolveImageError("IMAGE_TYPE_UNSUPPORTED", `magic bytes do not match PNG/JPEG/WEBP for ${abs}`);
+  }
+  return {
+    buffer: buf,
+    mimetype: sniffed
+  };
+}
+__name(resolvePath, "resolvePath");
+async function resolveImageUrl(rawUrl) {
+  let u;
+  try {
+    u = new URL(rawUrl);
+  } catch {
+    throw new ResolveImageError("INVALID_INPUT", "imageUrl is not a valid URL");
+  }
+  if (u.protocol !== "https:") throw new ResolveImageError("INVALID_INPUT", "imageUrl must be HTTPS");
+  if (isPrivateHost(u.hostname)) throw new ResolveImageError("INVALID_INPUT", "imageUrl host not allowed");
+  await assertHostResolvesPublic(u.hostname);
+  let res;
+  try {
+    res = await fetch(rawUrl, {
+      signal: AbortSignal.timeout(3e4),
+      redirect: "error"
+    });
+  } catch (e) {
+    throw new ResolveImageError("IMAGE_DOWNLOAD_FAILED", e.message);
+  }
+  if (!res.ok) throw new ResolveImageError("IMAGE_DOWNLOAD_FAILED", `HTTP ${res.status}`);
+  const cl = res.headers.get("content-length");
+  if (cl && Number(cl) > MAX_BYTES) {
+    throw new ResolveImageError("IMAGE_TOO_LARGE", `content-length ${cl}`);
+  }
+  const ct = (res.headers.get("content-type") ?? "").split(";")[0]?.trim() ?? "";
+  if (!ALLOWED_MIMES.has(ct)) throw new ResolveImageError("IMAGE_TYPE_UNSUPPORTED", `content-type ${ct}`);
+  const buf = Buffer.from(await res.arrayBuffer());
+  if (buf.length > MAX_BYTES) throw new ResolveImageError("IMAGE_TOO_LARGE", `${buf.length} bytes`);
+  const sniffed = sniffMime(buf);
+  if (!sniffed || sniffed !== ct) {
+    throw new ResolveImageError("IMAGE_TYPE_UNSUPPORTED", `magic bytes (${sniffed ?? "unknown"}) do not match content-type (${ct})`);
+  }
+  return {
+    buffer: buf,
+    mimetype: sniffed
+  };
+}
+__name(resolveImageUrl, "resolveImageUrl");
+async function resolveImages(images, opts = {
+  transport: "http"
+}) {
   if (!images.length) throw new ResolveImageError("INVALID_INPUT", "images: at least one entry required");
   if (images.length > 5) throw new ResolveImageError("INVALID_INPUT", "images: max 5 per request");
-  return Promise.all(images.map((ref) => resolveImage({
-    imageUrl: ref.url,
-    imageBase64: ref.base64
-  })));
+  return Promise.all(images.map((ref) => resolveOne(ref, opts.transport)));
 }
 __name(resolveImages, "resolveImages");
-async function resolveImage(input) {
-  if (input.imageUrl && input.imageBase64) {
-    throw new ResolveImageError("INVALID_INPUT", "Provide only one of imageUrl or imageBase64");
+async function resolveOne(ref, transport) {
+  const hasUrl = Boolean(ref.url);
+  const hasPath = Boolean(ref.path);
+  if (hasUrl === hasPath) {
+    throw new ResolveImageError("INVALID_INPUT", "each image entry must have exactly one of `url` or `path`");
   }
-  if (input.imageUrl) {
-    let u;
-    try {
-      u = new URL(input.imageUrl);
-    } catch {
-      throw new ResolveImageError("INVALID_INPUT", "imageUrl is not a valid URL");
-    }
-    if (u.protocol !== "https:") throw new ResolveImageError("INVALID_INPUT", "imageUrl must be HTTPS");
-    if (isPrivateHost(u.hostname)) throw new ResolveImageError("INVALID_INPUT", "imageUrl host not allowed");
-    await assertHostResolvesPublic(u.hostname);
-    let res;
-    try {
-      res = await fetch(input.imageUrl, {
-        signal: AbortSignal.timeout(3e4),
-        redirect: "error"
-      });
-    } catch (e) {
-      throw new ResolveImageError("IMAGE_DOWNLOAD_FAILED", e.message);
-    }
-    if (!res.ok) throw new ResolveImageError("IMAGE_DOWNLOAD_FAILED", `HTTP ${res.status}`);
-    const cl = res.headers.get("content-length");
-    if (cl && Number(cl) > MAX_BYTES) {
-      throw new ResolveImageError("IMAGE_TOO_LARGE", `content-length ${cl}`);
-    }
-    const ct = (res.headers.get("content-type") ?? "").split(";")[0]?.trim() ?? "";
-    if (!ALLOWED.has(ct)) throw new ResolveImageError("IMAGE_TYPE_UNSUPPORTED", `content-type ${ct}`);
-    const buf = Buffer.from(await res.arrayBuffer());
-    if (buf.length > MAX_BYTES) throw new ResolveImageError("IMAGE_TOO_LARGE", `${buf.length} bytes`);
-    const sniffed = sniffMime(buf);
-    if (!sniffed || sniffed !== ct) {
-      throw new ResolveImageError("IMAGE_TYPE_UNSUPPORTED", `magic bytes (${sniffed ?? "unknown"}) do not match content-type (${ct})`);
+  if (hasPath) {
+    if (transport === "http") {
+      throw new ResolveImageError("PATH_NOT_SUPPORTED_IN_HTTP_MODE", "Local file paths are only available when running the MCP locally (npm). For the hosted endpoint at mcp.productmaker.app, pass a public HTTPS `url` instead, or ask the user to host the photo first.");
     }
-    return {
-      buffer: buf,
-      mimetype: sniffed
-    };
-  }
-  if (input.imageBase64) {
-    const buf = Buffer.from(input.imageBase64, "base64");
-    if (buf.length > MAX_BYTES) throw new ResolveImageError("IMAGE_TOO_LARGE", `${buf.length} bytes`);
-    const mime = sniffMime(buf);
-    if (!mime) throw new ResolveImageError("IMAGE_TYPE_UNSUPPORTED", "cannot detect image type");
-    return {
-      buffer: buf,
-      mimetype: mime
-    };
+    return resolvePath(ref.path);
   }
-  throw new ResolveImageError("INVALID_INPUT", "imageUrl or imageBase64 required");
+  return resolveImageUrl(ref.url);
 }
-__name(resolveImage, "resolveImage");
+__name(resolveOne, "resolveOne");
 
 // src/status-poller.ts
 var TERMINAL = /* @__PURE__ */ new Set([
@@ -282,14 +373,14 @@ async function pollStatus(fetcher, waitSeconds, signal, opts = {}) {
 }
 __name(pollStatus, "pollStatus");
 function sleep(ms, signal) {
-  return new Promise((resolve, reject) => {
+  return new Promise((resolve2, reject) => {
     const onAbort = /* @__PURE__ */ __name(() => {
       clearTimeout(t);
       reject(new Error("aborted"));
     }, "onAbort");
     const t = setTimeout(() => {
       signal?.removeEventListener("abort", onAbort);
-      resolve();
+      resolve2();
     }, ms);
     signal?.addEventListener("abort", onAbort, {
       once: true
@@ -308,6 +399,10 @@ var McpErrorCode = {
   IMAGE_DOWNLOAD_FAILED: "IMAGE_DOWNLOAD_FAILED",
   IMAGE_TOO_LARGE: "IMAGE_TOO_LARGE",
   IMAGE_TYPE_UNSUPPORTED: "IMAGE_TYPE_UNSUPPORTED",
+  IMAGE_PATH_NOT_FOUND: "IMAGE_PATH_NOT_FOUND",
+  IMAGE_PATH_NOT_READABLE: "IMAGE_PATH_NOT_READABLE",
+  IMAGE_PATH_NOT_A_FILE: "IMAGE_PATH_NOT_A_FILE",
+  PATH_NOT_SUPPORTED_IN_HTTP_MODE: "PATH_NOT_SUPPORTED_IN_HTTP_MODE",
   TASK_NOT_FOUND: "TASK_NOT_FOUND",
   TASK_NOT_READY: "TASK_NOT_READY",
   NO_SHOPIFY_SHOPS: "NO_SHOPIFY_SHOPS",
@@ -321,7 +416,11 @@ var McpErrorCode = {
 var INVALID_PARAM_CODES = /* @__PURE__ */ new Set([
   McpErrorCode.INVALID_INPUT,
   McpErrorCode.INVALID_API_KEY,
-  McpErrorCode.REVOKED_API_KEY
+  McpErrorCode.REVOKED_API_KEY,
+  McpErrorCode.IMAGE_PATH_NOT_FOUND,
+  McpErrorCode.IMAGE_PATH_NOT_READABLE,
+  McpErrorCode.IMAGE_PATH_NOT_A_FILE,
+  McpErrorCode.PATH_NOT_SUPPORTED_IN_HTTP_MODE
 ]);
 function mcp(code, message, extra = {}) {
   const errCode = INVALID_PARAM_CODES.has(code) ? ErrorCode.InvalidParams : ErrorCode.InternalError;
@@ -436,14 +535,13 @@ var ImageCreativeAspectRatioEnum = z.enum([
   "9:16",
   "16:9"
 ]);
-var ImageBase64 = z.string().max(75e5);
 var ImageRefSchema = z.object({
-  url: z.string().url().optional().describe("URL p\xFAblica HTTPS de la foto."),
-  base64: ImageBase64.optional().describe("Bytes de la foto en base64 (sin prefijo data:). \xDAsalo SOLO para archivos locales <500 KB.")
-}).refine((v) => Boolean(v.url) !== Boolean(v.base64), {
-  message: "each image entry must have exactly one of `url` or `base64`"
+  url: z.string().url().optional().describe('URL p\xFAblica HTTPS de la foto. Ej: una URL de Shopify CDN, Cloudinary, Imgur. \xDAsala cuando el usuario te diga "est\xE1 en X.com/foto.jpg" o cuando la foto ya est\xE9 hospedada.'),
+  path: z.string().min(1).optional().describe('Ruta del archivo en el computador del usuario. Ej: "/Users/maria/Desktop/foto.jpg", "~/Pictures/camiseta.png", "C:\\Users\\Maria\\Desktop\\foto.jpg". El MCP local la lee del disco y la sube. SOLO funciona cuando el MCP corre local (stdio). NO funciona en mcp.productmaker.app (HTTP) \u2014 ah\xED usa `url`.')
+}).refine((v) => Boolean(v.url) !== Boolean(v.path), {
+  message: "each image entry must have exactly one of `url` or `path`"
 });
-var ImagesInput = z.array(ImageRefSchema).min(1).max(5).describe("1 a 5 fotos del MISMO producto. La PRIMERA es la principal (hero); las dem\xE1s son \xE1ngulos adicionales. Cada entrada usa `url` (preferido \u2014 p\xFAblico HTTPS) o `base64` (solo para archivos locales <500 KB; clientes MCP truncan argumentos >1 MB). PREFIERE siempre `url` si el usuario te dio una. NO mezcles productos distintos en una sola llamada.");
+var ImagesInput = z.array(ImageRefSchema).min(1).max(5).describe('1 a 5 fotos del MISMO producto. La PRIMERA es la principal (hero); las dem\xE1s son \xE1ngulos adicionales. NO mezcles productos distintos en una sola llamada.\n\nCada entrada tiene EXACTAMENTE uno de:\n\u2022 `url` \u2014 URL p\xFAblica HTTPS (Shopify CDN, Cloudinary). Prefi\xE9rela si la foto ya est\xE1 hospedada.\n\u2022 `path` \u2014 Ruta del archivo en el computador del usuario (ej. "/Users/maria/Desktop/foto.jpg", "~/Downloads/camiseta.png"). \xDAsala cuando el usuario te dijo d\xF3nde guard\xF3 la foto. Solo MCP local \u2014 el cliente web rechaza paths.\n\nSi el usuario te peg\xF3 la foto en el chat pero no te dio ni URL ni ruta: PREG\xDANTALE d\xF3nde la tiene guardada (Escritorio, Descargas, etc.). Si el `path` falla con IMAGE_PATH_NOT_FOUND, prueba 1-2 ubicaciones obvias alternativas (~/Desktop, ~/Downloads) antes de molestar al usuario. Tras 3 intentos fallidos, p\xEDdele la ruta completa.');
 function asText(value) {
   return {
     content: [
@@ -468,7 +566,9 @@ function flatten(obj) {
 __name(flatten, "flatten");
 async function submitCreative(api, opts) {
   const { images, ...rest } = opts.input;
-  const resolved = await resolveImages(images);
+  const resolved = await resolveImages(images, {
+    transport: opts.transport
+  });
   const parts = resolved.map((img, i) => ({
     ...img,
     filename: `image-${i}.png`
@@ -726,10 +826,12 @@ var EditTaskDraftInput = z2.object({
     scriptNotes: z2.string().max(2e3).optional()
   })
 });
-function registerTaskTools(server, api, proxyBaseUrl = null) {
+function registerTaskTools(server, api, { proxyBaseUrl = null, transport = "http" } = {}) {
   server.tool("create_product_task", 'Crea una tarea de producto desde una o varias fotos. Por defecto genera los 3 outputs (landing + video + image creatives). Devuelve un taskId.\n\nINPUTS REQUERIDOS: images (1-5 fotos del MISMO producto; la primera es la hero), language, country.\n\nANTES de invocar, PREG\xDANTALE al usuario por price y offer si no los mencion\xF3 \u2014 son los inputs de mayor impacto en conversi\xF3n y nunca debes asumirlos. NO defaultes country/language desde el contexto del chat: preg\xFAntale expl\xEDcitamente, incluso si el usuario est\xE1 en LATAM. Si te dice "t\xFA elige" para price/offer, om\xEDtelos.\n\nSi el usuario tiene varias fotos del MISMO producto (frente, lateral, detalle, uso), incl\xFAyelas todas en images[] hasta 5. Si tiene fotos de productos DIFERENTES, son llamadas separadas (una tarea por producto).\n\nOTROS OPCIONALES (puedes invocar sin ellos y dejar que la IA elija defaults sensatos):\n- videoStyle, narrativeStyle, videoModel (enums \u2014 ver descripci\xF3n de cada campo)\n- multiAngleVideos (booleano)\n- outputs (subconjunto de {landing,video,image})\n- productUrl\n\nUsa SOLO valores declarados en los enums. Si el usuario pide algo no soportado (ej. "estilo anime"), p\xEDdele una opci\xF3n v\xE1lida.', CreateProductTaskInput.shape, async (input) => {
     try {
-      const imgs = await resolveImages(input.images);
+      const imgs = await resolveImages(input.images, {
+        transport
+      });
       const parts = imgs.map((img, i) => ({
         ...img,
         filename: `image-${i}.png`
@@ -798,8 +900,8 @@ function registerTaskTools(server, api, proxyBaseUrl = null) {
       if (input.limit != null) qs.set("limit", String(input.limit));
       if (input.offset != null) qs.set("offset", String(input.offset));
       if (input.search) qs.set("search", input.search);
-      const path = `/v1/tasks${qs.toString() ? "?" + qs.toString() : ""}`;
-      const r = await api.getJson(path);
+      const path2 = `/v1/tasks${qs.toString() ? "?" + qs.toString() : ""}`;
+      const r = await api.getJson(path2);
       return asText(r);
     } catch (e) {
       throw translateError(e);
@@ -888,13 +990,14 @@ var LandingInput = z3.object({
   paymentMethods: z3.string().optional().describe('Opcional. M\xE9todos de pago a mostrar (lista libre). Ej. "Tarjeta, PSE, Nequi, Contraentrega". Si se omite, la IA usa los m\xE1s comunes del pa\xEDs.'),
   isCombo: CreativeRefs.isCombo
 });
-function registerCreativeTools(server, api) {
+function registerCreativeTools(server, api, { transport = "http" } = {}) {
   server.tool("generate_video_creative", 'Genera UN video creativo independiente. Devuelve un taskId.\n\nREQUERIDOS: images (array de 1-5 fotos), title, primaryAngle, language, country, aspectRatio.\n\nANTES de invocar, PREG\xDANTALE al usuario por price y offer si no los mencion\xF3 \u2014 son los inputs de mayor impacto en conversi\xF3n y nunca debes asumirlos. NO defaultes country/language desde el contexto: preg\xFAntale expl\xEDcitamente. Si el usuario te dice "t\xFA elige" para price/offer, om\xEDtelos.\n\nOTROS OPCIONALES (puedes invocar sin ellos y dejar que la IA elija defaults sensatos): durationSeconds, narrativeStyle, videoStyle, videoModel, features, cta, scriptNotes.\n\nUsa SOLO valores declarados en los enums. Si el usuario pide algo no soportado, p\xEDdele una opci\xF3n v\xE1lida.', VideoInput.shape, async (input) => {
     try {
       return await submitCreative(api, {
         path: "/v1/creatives/videos",
         estimatedSeconds: 300,
-        input
+        input,
+        transport
       });
     } catch (e) {
       throw translateError(e);
@@ -905,7 +1008,8 @@ function registerCreativeTools(server, api) {
       return await submitCreative(api, {
         path: "/v1/creatives/images",
         estimatedSeconds: 60,
-        input
+        input,
+        transport
       });
     } catch (e) {
       throw translateError(e);
@@ -916,7 +1020,8 @@ function registerCreativeTools(server, api) {
       return await submitCreative(api, {
         path: "/v1/creatives/landing",
         estimatedSeconds: 60,
-        input
+        input,
+        transport
       });
     } catch (e) {
       throw translateError(e);
@@ -998,7 +1103,8 @@ function registerPublishTools(server, api) {
 __name(registerPublishTools, "registerPublishTools");
 
 // src/server.ts
-function createServer(apiKey, apiBaseUrl, proxyBaseUrl = null) {
+function createServer(opts) {
+  const { apiKey, apiBaseUrl, proxyBaseUrl = null, transport = "http" } = opts;
   const server = new McpServer({
     name: "productmaker",
     version: MCP_VERSION
@@ -1011,8 +1117,13 @@ function createServer(apiKey, apiBaseUrl, proxyBaseUrl = null) {
     }
   });
   const api = new ApiClient(apiBaseUrl, apiKey);
-  registerTaskTools(server, api, proxyBaseUrl);
-  registerCreativeTools(server, api);
+  registerTaskTools(server, api, {
+    proxyBaseUrl,
+    transport
+  });
+  registerCreativeTools(server, api, {
+    transport
+  });
   registerConnectionTools(server, api);
   registerPublishTools(server, api);
   return server;
@@ -1154,7 +1265,7 @@ function createApp(opts) {
     legacyHeaders: false
   }));
   app.use(express.json({
-    limit: "10mb"
+    limit: "1mb"
   }));
   app.get("/healthz", (_req, res) => {
     res.json({
@@ -1176,7 +1287,12 @@ function createApp(opts) {
       return;
     }
     try {
-      const server = createServer(apiKey, opts.apiBaseUrl, opts.proxyBaseUrl ?? null);
+      const server = createServer({
+        apiKey,
+        apiBaseUrl: opts.apiBaseUrl,
+        proxyBaseUrl: opts.proxyBaseUrl ?? null,
+        transport: "http"
+      });
       const transport = new StreamableHTTPServerTransport({
         sessionIdGenerator: void 0
       });

package/dist/stdio.js

@@ -35,14 +35,14 @@ var ApiClient = class {
       Authorization: `Bearer ${this.apiKey}`
     };
   }
-  async getJson(path) {
-    const res = await fetch(`${this.baseUrl}${path}`, {
+  async getJson(path2) {
+    const res = await fetch(`${this.baseUrl}${path2}`, {
       headers: this.authHeaders()
     });
     return this.parse(res);
   }
-  async postJson(path, body) {
-    const res = await fetch(`${this.baseUrl}${path}`, {
+  async postJson(path2, body) {
+    const res = await fetch(`${this.baseUrl}${path2}`, {
       method: "POST",
       headers: {
         ...this.authHeaders(),
@@ -52,8 +52,8 @@ var ApiClient = class {
     });
     return this.parse(res);
   }
-  async patchJson(path, body) {
-    const res = await fetch(`${this.baseUrl}${path}`, {
+  async patchJson(path2, body) {
+    const res = await fetch(`${this.baseUrl}${path2}`, {
       method: "PATCH",
       headers: {
         ...this.authHeaders(),
@@ -63,14 +63,14 @@ var ApiClient = class {
     });
     return this.parse(res);
   }
-  async deleteJson(path) {
-    const res = await fetch(`${this.baseUrl}${path}`, {
+  async deleteJson(path2) {
+    const res = await fetch(`${this.baseUrl}${path2}`, {
       method: "DELETE",
       headers: this.authHeaders()
     });
     return this.parse(res);
   }
-  async postMultipart(path, files, fields) {
+  async postMultipart(path2, files, fields) {
     const form = new FormData();
     for (const [name, value] of Object.entries(files)) {
       const parts = Array.isArray(value) ? value : [
@@ -88,7 +88,7 @@ var ApiClient = class {
     for (const [k, v] of Object.entries(fields)) {
       if (v !== void 0) form.append(k, v);
     }
-    const res = await fetch(`${this.baseUrl}${path}`, {
+    const res = await fetch(`${this.baseUrl}${path2}`, {
       method: "POST",
       headers: this.authHeaders(),
       body: form
@@ -110,19 +110,40 @@ var ApiClient = class {
 };
 
 // src/index.ts
-var MCP_VERSION = "0.1.0";
+var MCP_VERSION = "0.2.0";
 
 // src/tools/tasks.ts
 import { z as z2 } from "zod";
 
 // src/resolve-image.ts
 import { lookup as dnsLookup } from "dns/promises";
+import { promises as fs, createReadStream } from "fs";
+import * as path from "path";
+import * as os from "os";
 var MAX_BYTES = 20 * 1024 * 1024;
-var ALLOWED = /* @__PURE__ */ new Set([
-  "image/jpeg",
-  "image/png",
-  "image/webp"
-]);
+var IMAGE_FORMATS = [
+  {
+    mime: "image/jpeg",
+    exts: [
+      ".jpg",
+      ".jpeg"
+    ]
+  },
+  {
+    mime: "image/png",
+    exts: [
+      ".png"
+    ]
+  },
+  {
+    mime: "image/webp",
+    exts: [
+      ".webp"
+    ]
+  }
+];
+var ALLOWED_MIMES = new Set(IMAGE_FORMATS.map((f) => f.mime));
+var ALLOWED_EXTS = new Set(IMAGE_FORMATS.flatMap((f) => f.exts));
 var ResolveImageError = class extends Error {
   static {
     __name(this, "ResolveImageError");
@@ -189,69 +210,139 @@ async function assertHostResolvesPublic(hostname) {
   }
 }
 __name(assertHostResolvesPublic, "assertHostResolvesPublic");
-async function resolveImages(images) {
+function expandUserPath(raw) {
+  let s = raw.trim();
+  if (s === "~") return os.homedir();
+  if (s.startsWith("~/") || s.startsWith("~\\")) s = path.join(os.homedir(), s.slice(2));
+  s = s.replace(/^\$HOME(?=$|[/\\])/, os.homedir());
+  s = s.replace(/^%USERPROFILE%(?=$|[/\\])/i, os.homedir());
+  return s;
+}
+__name(expandUserPath, "expandUserPath");
+async function readFileWithCap(absPath, max) {
+  const chunks = [];
+  let total = 0;
+  let exceeded = false;
+  const stream = createReadStream(absPath);
+  try {
+    for await (const chunk of stream) {
+      total += chunk.length;
+      if (total > max) {
+        exceeded = true;
+        break;
+      }
+      chunks.push(chunk);
+    }
+  } catch (e) {
+    const code = e.code;
+    if (code === "ENOENT") throw new ResolveImageError("IMAGE_PATH_NOT_FOUND", "file disappeared during read");
+    if (code === "EACCES" || code === "EPERM") throw new ResolveImageError("IMAGE_PATH_NOT_READABLE", `cannot read file (${code})`);
+    throw new ResolveImageError("IMAGE_PATH_NOT_READABLE", e.message);
+  } finally {
+    if (!stream.destroyed) stream.destroy();
+  }
+  if (exceeded) throw new ResolveImageError("IMAGE_TOO_LARGE", `file exceeds ${max} bytes`);
+  return Buffer.concat(chunks, total);
+}
+__name(readFileWithCap, "readFileWithCap");
+async function resolvePath(rawPath) {
+  const expanded = expandUserPath(rawPath);
+  const abs = path.resolve(expanded);
+  const ext = path.extname(abs).toLowerCase();
+  if (!ALLOWED_EXTS.has(ext)) {
+    throw new ResolveImageError("IMAGE_TYPE_UNSUPPORTED", `path extension ${ext || "(none)"} is not in the image allowlist (.jpg .jpeg .png .webp)`);
+  }
+  let stat;
+  try {
+    stat = await fs.stat(abs);
+  } catch (e) {
+    const code = e.code;
+    if (code === "ENOENT") {
+      throw new ResolveImageError("IMAGE_PATH_NOT_FOUND", `no such file: ${abs}`);
+    }
+    if (code === "EACCES" || code === "EPERM") {
+      throw new ResolveImageError("IMAGE_PATH_NOT_READABLE", `cannot access ${abs} (${code})`);
+    }
+    throw new ResolveImageError("IMAGE_PATH_NOT_READABLE", `stat failed: ${e.message}`);
+  }
+  if (!stat.isFile()) {
+    throw new ResolveImageError("IMAGE_PATH_NOT_A_FILE", `${abs} is not a regular file`);
+  }
+  if (stat.size > MAX_BYTES) {
+    throw new ResolveImageError("IMAGE_TOO_LARGE", `${stat.size} bytes (cap ${MAX_BYTES})`);
+  }
+  const buf = await readFileWithCap(abs, MAX_BYTES);
+  const sniffed = sniffMime(buf);
+  if (!sniffed) {
+    throw new ResolveImageError("IMAGE_TYPE_UNSUPPORTED", `magic bytes do not match PNG/JPEG/WEBP for ${abs}`);
+  }
+  return {
+    buffer: buf,
+    mimetype: sniffed
+  };
+}
+__name(resolvePath, "resolvePath");
+async function resolveImageUrl(rawUrl) {
+  let u;
+  try {
+    u = new URL(rawUrl);
+  } catch {
+    throw new ResolveImageError("INVALID_INPUT", "imageUrl is not a valid URL");
+  }
+  if (u.protocol !== "https:") throw new ResolveImageError("INVALID_INPUT", "imageUrl must be HTTPS");
+  if (isPrivateHost(u.hostname)) throw new ResolveImageError("INVALID_INPUT", "imageUrl host not allowed");
+  await assertHostResolvesPublic(u.hostname);
+  let res;
+  try {
+    res = await fetch(rawUrl, {
+      signal: AbortSignal.timeout(3e4),
+      redirect: "error"
+    });
+  } catch (e) {
+    throw new ResolveImageError("IMAGE_DOWNLOAD_FAILED", e.message);
+  }
+  if (!res.ok) throw new ResolveImageError("IMAGE_DOWNLOAD_FAILED", `HTTP ${res.status}`);
+  const cl = res.headers.get("content-length");
+  if (cl && Number(cl) > MAX_BYTES) {
+    throw new ResolveImageError("IMAGE_TOO_LARGE", `content-length ${cl}`);
+  }
+  const ct = (res.headers.get("content-type") ?? "").split(";")[0]?.trim() ?? "";
+  if (!ALLOWED_MIMES.has(ct)) throw new ResolveImageError("IMAGE_TYPE_UNSUPPORTED", `content-type ${ct}`);
+  const buf = Buffer.from(await res.arrayBuffer());
+  if (buf.length > MAX_BYTES) throw new ResolveImageError("IMAGE_TOO_LARGE", `${buf.length} bytes`);
+  const sniffed = sniffMime(buf);
+  if (!sniffed || sniffed !== ct) {
+    throw new ResolveImageError("IMAGE_TYPE_UNSUPPORTED", `magic bytes (${sniffed ?? "unknown"}) do not match content-type (${ct})`);
+  }
+  return {
+    buffer: buf,
+    mimetype: sniffed
+  };
+}
+__name(resolveImageUrl, "resolveImageUrl");
+async function resolveImages(images, opts = {
+  transport: "http"
+}) {
   if (!images.length) throw new ResolveImageError("INVALID_INPUT", "images: at least one entry required");
   if (images.length > 5) throw new ResolveImageError("INVALID_INPUT", "images: max 5 per request");
-  return Promise.all(images.map((ref) => resolveImage({
-    imageUrl: ref.url,
-    imageBase64: ref.base64
-  })));
+  return Promise.all(images.map((ref) => resolveOne(ref, opts.transport)));
 }
 __name(resolveImages, "resolveImages");
-async function resolveImage(input) {
-  if (input.imageUrl && input.imageBase64) {
-    throw new ResolveImageError("INVALID_INPUT", "Provide only one of imageUrl or imageBase64");
+async function resolveOne(ref, transport) {
+  const hasUrl = Boolean(ref.url);
+  const hasPath = Boolean(ref.path);
+  if (hasUrl === hasPath) {
+    throw new ResolveImageError("INVALID_INPUT", "each image entry must have exactly one of `url` or `path`");
   }
-  if (input.imageUrl) {
-    let u;
-    try {
-      u = new URL(input.imageUrl);
-    } catch {
-      throw new ResolveImageError("INVALID_INPUT", "imageUrl is not a valid URL");
+  if (hasPath) {
+    if (transport === "http") {
+      throw new ResolveImageError("PATH_NOT_SUPPORTED_IN_HTTP_MODE", "Local file paths are only available when running the MCP locally (npm). For the hosted endpoint at mcp.productmaker.app, pass a public HTTPS `url` instead, or ask the user to host the photo first.");
     }
-    if (u.protocol !== "https:") throw new ResolveImageError("INVALID_INPUT", "imageUrl must be HTTPS");
-    if (isPrivateHost(u.hostname)) throw new ResolveImageError("INVALID_INPUT", "imageUrl host not allowed");
-    await assertHostResolvesPublic(u.hostname);
-    let res;
-    try {
-      res = await fetch(input.imageUrl, {
-        signal: AbortSignal.timeout(3e4),
-        redirect: "error"
-      });
-    } catch (e) {
-      throw new ResolveImageError("IMAGE_DOWNLOAD_FAILED", e.message);
-    }
-    if (!res.ok) throw new ResolveImageError("IMAGE_DOWNLOAD_FAILED", `HTTP ${res.status}`);
-    const cl = res.headers.get("content-length");
-    if (cl && Number(cl) > MAX_BYTES) {
-      throw new ResolveImageError("IMAGE_TOO_LARGE", `content-length ${cl}`);
-    }
-    const ct = (res.headers.get("content-type") ?? "").split(";")[0]?.trim() ?? "";
-    if (!ALLOWED.has(ct)) throw new ResolveImageError("IMAGE_TYPE_UNSUPPORTED", `content-type ${ct}`);
-    const buf = Buffer.from(await res.arrayBuffer());
-    if (buf.length > MAX_BYTES) throw new ResolveImageError("IMAGE_TOO_LARGE", `${buf.length} bytes`);
-    const sniffed = sniffMime(buf);
-    if (!sniffed || sniffed !== ct) {
-      throw new ResolveImageError("IMAGE_TYPE_UNSUPPORTED", `magic bytes (${sniffed ?? "unknown"}) do not match content-type (${ct})`);
-    }
-    return {
-      buffer: buf,
-      mimetype: sniffed
-    };
+    return resolvePath(ref.path);
   }
-  if (input.imageBase64) {
-    const buf = Buffer.from(input.imageBase64, "base64");
-    if (buf.length > MAX_BYTES) throw new ResolveImageError("IMAGE_TOO_LARGE", `${buf.length} bytes`);
-    const mime = sniffMime(buf);
-    if (!mime) throw new ResolveImageError("IMAGE_TYPE_UNSUPPORTED", "cannot detect image type");
-    return {
-      buffer: buf,
-      mimetype: mime
-    };
-  }
-  throw new ResolveImageError("INVALID_INPUT", "imageUrl or imageBase64 required");
+  return resolveImageUrl(ref.url);
 }
-__name(resolveImage, "resolveImage");
+__name(resolveOne, "resolveOne");
 
 // src/status-poller.ts
 var TERMINAL = /* @__PURE__ */ new Set([
@@ -279,14 +370,14 @@ async function pollStatus(fetcher, waitSeconds, signal, opts = {}) {
 }
 __name(pollStatus, "pollStatus");
 function sleep(ms, signal) {
-  return new Promise((resolve, reject) => {
+  return new Promise((resolve2, reject) => {
     const onAbort = /* @__PURE__ */ __name(() => {
       clearTimeout(t);
       reject(new Error("aborted"));
     }, "onAbort");
     const t = setTimeout(() => {
       signal?.removeEventListener("abort", onAbort);
-      resolve();
+      resolve2();
     }, ms);
     signal?.addEventListener("abort", onAbort, {
       once: true
@@ -305,6 +396,10 @@ var McpErrorCode = {
   IMAGE_DOWNLOAD_FAILED: "IMAGE_DOWNLOAD_FAILED",
   IMAGE_TOO_LARGE: "IMAGE_TOO_LARGE",
   IMAGE_TYPE_UNSUPPORTED: "IMAGE_TYPE_UNSUPPORTED",
+  IMAGE_PATH_NOT_FOUND: "IMAGE_PATH_NOT_FOUND",
+  IMAGE_PATH_NOT_READABLE: "IMAGE_PATH_NOT_READABLE",
+  IMAGE_PATH_NOT_A_FILE: "IMAGE_PATH_NOT_A_FILE",
+  PATH_NOT_SUPPORTED_IN_HTTP_MODE: "PATH_NOT_SUPPORTED_IN_HTTP_MODE",
   TASK_NOT_FOUND: "TASK_NOT_FOUND",
   TASK_NOT_READY: "TASK_NOT_READY",
   NO_SHOPIFY_SHOPS: "NO_SHOPIFY_SHOPS",
@@ -318,7 +413,11 @@ var McpErrorCode = {
 var INVALID_PARAM_CODES = /* @__PURE__ */ new Set([
   McpErrorCode.INVALID_INPUT,
   McpErrorCode.INVALID_API_KEY,
-  McpErrorCode.REVOKED_API_KEY
+  McpErrorCode.REVOKED_API_KEY,
+  McpErrorCode.IMAGE_PATH_NOT_FOUND,
+  McpErrorCode.IMAGE_PATH_NOT_READABLE,
+  McpErrorCode.IMAGE_PATH_NOT_A_FILE,
+  McpErrorCode.PATH_NOT_SUPPORTED_IN_HTTP_MODE
 ]);
 function mcp(code, message, extra = {}) {
   const errCode = INVALID_PARAM_CODES.has(code) ? ErrorCode.InvalidParams : ErrorCode.InternalError;
@@ -433,14 +532,13 @@ var ImageCreativeAspectRatioEnum = z.enum([
   "9:16",
   "16:9"
 ]);
-var ImageBase64 = z.string().max(75e5);
 var ImageRefSchema = z.object({
-  url: z.string().url().optional().describe("URL p\xFAblica HTTPS de la foto."),
-  base64: ImageBase64.optional().describe("Bytes de la foto en base64 (sin prefijo data:). \xDAsalo SOLO para archivos locales <500 KB.")
-}).refine((v) => Boolean(v.url) !== Boolean(v.base64), {
-  message: "each image entry must have exactly one of `url` or `base64`"
+  url: z.string().url().optional().describe('URL p\xFAblica HTTPS de la foto. Ej: una URL de Shopify CDN, Cloudinary, Imgur. \xDAsala cuando el usuario te diga "est\xE1 en X.com/foto.jpg" o cuando la foto ya est\xE9 hospedada.'),
+  path: z.string().min(1).optional().describe('Ruta del archivo en el computador del usuario. Ej: "/Users/maria/Desktop/foto.jpg", "~/Pictures/camiseta.png", "C:\\Users\\Maria\\Desktop\\foto.jpg". El MCP local la lee del disco y la sube. SOLO funciona cuando el MCP corre local (stdio). NO funciona en mcp.productmaker.app (HTTP) \u2014 ah\xED usa `url`.')
+}).refine((v) => Boolean(v.url) !== Boolean(v.path), {
+  message: "each image entry must have exactly one of `url` or `path`"
 });
-var ImagesInput = z.array(ImageRefSchema).min(1).max(5).describe("1 a 5 fotos del MISMO producto. La PRIMERA es la principal (hero); las dem\xE1s son \xE1ngulos adicionales. Cada entrada usa `url` (preferido \u2014 p\xFAblico HTTPS) o `base64` (solo para archivos locales <500 KB; clientes MCP truncan argumentos >1 MB). PREFIERE siempre `url` si el usuario te dio una. NO mezcles productos distintos en una sola llamada.");
+var ImagesInput = z.array(ImageRefSchema).min(1).max(5).describe('1 a 5 fotos del MISMO producto. La PRIMERA es la principal (hero); las dem\xE1s son \xE1ngulos adicionales. NO mezcles productos distintos en una sola llamada.\n\nCada entrada tiene EXACTAMENTE uno de:\n\u2022 `url` \u2014 URL p\xFAblica HTTPS (Shopify CDN, Cloudinary). Prefi\xE9rela si la foto ya est\xE1 hospedada.\n\u2022 `path` \u2014 Ruta del archivo en el computador del usuario (ej. "/Users/maria/Desktop/foto.jpg", "~/Downloads/camiseta.png"). \xDAsala cuando el usuario te dijo d\xF3nde guard\xF3 la foto. Solo MCP local \u2014 el cliente web rechaza paths.\n\nSi el usuario te peg\xF3 la foto en el chat pero no te dio ni URL ni ruta: PREG\xDANTALE d\xF3nde la tiene guardada (Escritorio, Descargas, etc.). Si el `path` falla con IMAGE_PATH_NOT_FOUND, prueba 1-2 ubicaciones obvias alternativas (~/Desktop, ~/Downloads) antes de molestar al usuario. Tras 3 intentos fallidos, p\xEDdele la ruta completa.');
 function asText(value) {
   return {
     content: [
@@ -465,7 +563,9 @@ function flatten(obj) {
 __name(flatten, "flatten");
 async function submitCreative(api, opts) {
   const { images, ...rest } = opts.input;
-  const resolved = await resolveImages(images);
+  const resolved = await resolveImages(images, {
+    transport: opts.transport
+  });
   const parts = resolved.map((img, i) => ({
     ...img,
     filename: `image-${i}.png`
@@ -682,10 +782,12 @@ var EditTaskDraftInput = z2.object({
     scriptNotes: z2.string().max(2e3).optional()
   })
 });
-function registerTaskTools(server, api, proxyBaseUrl = null) {
+function registerTaskTools(server, api, { proxyBaseUrl = null, transport = "http" } = {}) {
   server.tool("create_product_task", 'Crea una tarea de producto desde una o varias fotos. Por defecto genera los 3 outputs (landing + video + image creatives). Devuelve un taskId.\n\nINPUTS REQUERIDOS: images (1-5 fotos del MISMO producto; la primera es la hero), language, country.\n\nANTES de invocar, PREG\xDANTALE al usuario por price y offer si no los mencion\xF3 \u2014 son los inputs de mayor impacto en conversi\xF3n y nunca debes asumirlos. NO defaultes country/language desde el contexto del chat: preg\xFAntale expl\xEDcitamente, incluso si el usuario est\xE1 en LATAM. Si te dice "t\xFA elige" para price/offer, om\xEDtelos.\n\nSi el usuario tiene varias fotos del MISMO producto (frente, lateral, detalle, uso), incl\xFAyelas todas en images[] hasta 5. Si tiene fotos de productos DIFERENTES, son llamadas separadas (una tarea por producto).\n\nOTROS OPCIONALES (puedes invocar sin ellos y dejar que la IA elija defaults sensatos):\n- videoStyle, narrativeStyle, videoModel (enums \u2014 ver descripci\xF3n de cada campo)\n- multiAngleVideos (booleano)\n- outputs (subconjunto de {landing,video,image})\n- productUrl\n\nUsa SOLO valores declarados en los enums. Si el usuario pide algo no soportado (ej. "estilo anime"), p\xEDdele una opci\xF3n v\xE1lida.', CreateProductTaskInput.shape, async (input) => {
     try {
-      const imgs = await resolveImages(input.images);
+      const imgs = await resolveImages(input.images, {
+        transport
+      });
       const parts = imgs.map((img, i) => ({
         ...img,
         filename: `image-${i}.png`
@@ -754,8 +856,8 @@ function registerTaskTools(server, api, proxyBaseUrl = null) {
       if (input.limit != null) qs.set("limit", String(input.limit));
       if (input.offset != null) qs.set("offset", String(input.offset));
       if (input.search) qs.set("search", input.search);
-      const path = `/v1/tasks${qs.toString() ? "?" + qs.toString() : ""}`;
-      const r = await api.getJson(path);
+      const path2 = `/v1/tasks${qs.toString() ? "?" + qs.toString() : ""}`;
+      const r = await api.getJson(path2);
       return asText(r);
     } catch (e) {
       throw translateError(e);
@@ -844,13 +946,14 @@ var LandingInput = z3.object({
   paymentMethods: z3.string().optional().describe('Opcional. M\xE9todos de pago a mostrar (lista libre). Ej. "Tarjeta, PSE, Nequi, Contraentrega". Si se omite, la IA usa los m\xE1s comunes del pa\xEDs.'),
   isCombo: CreativeRefs.isCombo
 });
-function registerCreativeTools(server, api) {
+function registerCreativeTools(server, api, { transport = "http" } = {}) {
   server.tool("generate_video_creative", 'Genera UN video creativo independiente. Devuelve un taskId.\n\nREQUERIDOS: images (array de 1-5 fotos), title, primaryAngle, language, country, aspectRatio.\n\nANTES de invocar, PREG\xDANTALE al usuario por price y offer si no los mencion\xF3 \u2014 son los inputs de mayor impacto en conversi\xF3n y nunca debes asumirlos. NO defaultes country/language desde el contexto: preg\xFAntale expl\xEDcitamente. Si el usuario te dice "t\xFA elige" para price/offer, om\xEDtelos.\n\nOTROS OPCIONALES (puedes invocar sin ellos y dejar que la IA elija defaults sensatos): durationSeconds, narrativeStyle, videoStyle, videoModel, features, cta, scriptNotes.\n\nUsa SOLO valores declarados en los enums. Si el usuario pide algo no soportado, p\xEDdele una opci\xF3n v\xE1lida.', VideoInput.shape, async (input) => {
     try {
       return await submitCreative(api, {
         path: "/v1/creatives/videos",
         estimatedSeconds: 300,
-        input
+        input,
+        transport
       });
     } catch (e) {
       throw translateError(e);
@@ -861,7 +964,8 @@ function registerCreativeTools(server, api) {
       return await submitCreative(api, {
         path: "/v1/creatives/images",
         estimatedSeconds: 60,
-        input
+        input,
+        transport
       });
     } catch (e) {
       throw translateError(e);
@@ -872,7 +976,8 @@ function registerCreativeTools(server, api) {
       return await submitCreative(api, {
         path: "/v1/creatives/landing",
         estimatedSeconds: 60,
-        input
+        input,
+        transport
       });
     } catch (e) {
       throw translateError(e);
@@ -954,7 +1059,8 @@ function registerPublishTools(server, api) {
 __name(registerPublishTools, "registerPublishTools");
 
 // src/server.ts
-function createServer(apiKey, apiBaseUrl, proxyBaseUrl = null) {
+function createServer(opts) {
+  const { apiKey, apiBaseUrl, proxyBaseUrl = null, transport = "http" } = opts;
   const server = new McpServer({
     name: "productmaker",
     version: MCP_VERSION
@@ -967,8 +1073,13 @@ function createServer(apiKey, apiBaseUrl, proxyBaseUrl = null) {
     }
   });
   const api = new ApiClient(apiBaseUrl, apiKey);
-  registerTaskTools(server, api, proxyBaseUrl);
-  registerCreativeTools(server, api);
+  registerTaskTools(server, api, {
+    proxyBaseUrl,
+    transport
+  });
+  registerCreativeTools(server, api, {
+    transport
+  });
   registerConnectionTools(server, api);
   registerPublishTools(server, api);
   return server;
@@ -1010,7 +1121,11 @@ async function main() {
     console.error(e.message);
     process.exit(1);
   }
-  const server = createServer(apiKey, apiBaseUrl);
+  const server = createServer({
+    apiKey,
+    apiBaseUrl,
+    transport: "stdio"
+  });
   await server.connect(new StdioServerTransport());
 }
 __name(main, "main");

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@productmaker/mcp",
-  "version": "0.1.6",
+  "version": "0.2.0",
   "type": "module",
   "private": false,
   "bin": {