@scales-baby/nest-bridge 1.0.3 → 1.0.4

package/dist/crypto/contentSchema.js

@@ -113,6 +113,14 @@ const route = {
     clear: ["name", "city", "status", "date", "tags", "tagHashes"],
     blankWith: {},
 };
+// NOMAD RESPONSE / FOUNDER LEAD ----------------------------------------------
+// NOTE: these public research surveys are deliberately NOT in CONTENT_SCHEMA.
+// Their Mongoose models carry no `enc` scaffold; the server stores them
+// CLEARTEXT and serves them operator-only (GET is gated, POST is public). The
+// bridge therefore exposes them READ-ONLY as a straight pass-through (see
+// DataLayer.listReadonly / getReadonly) and never routes them through the
+// encrypt/decrypt path. Keeping them out of CONTENT_SCHEMA is what makes this
+// schema byte-identical with the Nest web app's contentSchema.ts.
 exports.CONTENT_SCHEMA = {
     person,
     task,

package/dist/data.js

@@ -22,6 +22,10 @@ const PATHS = {
     merchant: "/api/merchants",
     route: "/api/routes",
 };
+const READONLY_PATHS = {
+    nomad: "/api/nomad",
+    founder: "/api/founder",
+};
 class DataLayer {
     client;
     vault;
@@ -117,5 +121,23 @@ class DataLayer {
         await this.ensureUnlocked();
         return this.client.get("/api/digest");
     }
+    // --- READ-ONLY SURVEYS (cleartext pass-through) --------------------------
+    // List a survey collection. No decrypt: these docs are always cleartext.
+    async listReadonly(coll, query = {}) {
+        await this.ensureUnlocked();
+        const qs = Object.entries(query)
+            .filter(([, v]) => v !== undefined && v !== "")
+            .map(([k, v]) => `${encodeURIComponent(k)}=${encodeURIComponent(String(v))}`)
+            .join("&");
+        const base = READONLY_PATHS[coll];
+        const path = qs ? `${base}?${qs}` : base;
+        return (await this.client.get(path)) ?? [];
+    }
+    // Get one survey row by _id. There is no per-id REST route for surveys, so we
+    // fetch the (operator-scoped) list and find the row locally.
+    async getReadonly(coll, id) {
+        const rows = await this.listReadonly(coll);
+        return rows.find((r) => String(r._id) === id) ?? null;
+    }
 }
 exports.DataLayer = DataLayer;

package/dist/mcp.js

@@ -86,7 +86,7 @@ async function buildServer(ctx) {
     const { McpServer } = await loadSdk();
     const server = new McpServer({
         name: "nest-bridge",
-        version: "1.0.3",
+        version: "1.0.4",
     });
     // Descriptions are registered ONCE at startup, before the background unlock
     // finishes — so this note can't depend on the (not-yet-known) unlock state.
@@ -308,6 +308,145 @@ async function buildServer(ctx) {
         researchNotes: zod_1.z.string().optional(),
         tags: zod_1.z.array(zod_1.z.string()).optional(),
     }, "Update an event.");
+    // ---- MERCHANTS ----------------------------------------------------------
+    // Shared field shape (loose strings/enums, mirroring the person/company tools)
+    // matching lib/crmValidation MerchantCreate/PatchSchema. notes + the contact/
+    // owner free-text fields are encrypted; the rest is cleartext metadata.
+    const merchantBase = {
+        zone: zod_1.z.string().optional(),
+        address: zod_1.z.string().optional(),
+        type: zod_1.z
+            .string()
+            .optional()
+            .describe("fnb_cafe|fnb_restaurant|fnb_bar|retail|hotel|coworking|wellness|other"),
+        paymentRails: zod_1.z.array(zod_1.z.string()).optional(),
+        foreignCustomerMix: zod_1.z.string().optional().describe("low|medium|high|unknown"),
+        visitStatus: zod_1.z
+            .string()
+            .optional()
+            .describe("not_visited|visited_cold|visited_pitched|signage_placed|activated|declined"),
+        lastVisit: zod_1.z.string().optional().describe("ISO date"),
+        preloadedCardGiven: zod_1.z.boolean().optional(),
+        preloadedCardAmount: zod_1.z.number().optional(),
+        contactPerson: zod_1.z.string().optional(),
+        contactInfo: zod_1.z.string().optional(),
+        ambassador: zod_1.z.string().optional().describe("Person _id"),
+        notes: zod_1.z.string().optional(),
+        tags: zod_1.z.array(zod_1.z.string()).optional(),
+        source: zod_1.z.string().optional(),
+        qrInterested: zod_1.z.string().optional().describe("not_offered|yes|maybe|no"),
+        qrDeliveryStatus: zod_1.z.string().optional().describe("not_offered|pending|shipped|delivered"),
+        qrShippingContact: zod_1.z.string().optional(),
+        voiceMemoUrl: zod_1.z.string().optional(),
+        voiceMemoPath: zod_1.z.string().optional(),
+        intakeSubmittedAt: zod_1.z.string().optional().describe("ISO date"),
+        foreignPaymentIssues: zod_1.z.string().optional().describe("unknown|yes|sometimes|no"),
+        ownerName: zod_1.z.string().optional(),
+        paymentRanking: zod_1.z
+            .array(zod_1.z.object({ rail: zod_1.z.string(), rank: zod_1.z.number().int() }))
+            .optional(),
+        promptpayReasons: zod_1.z.array(zod_1.z.string()).optional(),
+        promptpayReasonOther: zod_1.z.string().optional(),
+        usdBalanceInterest: zod_1.z.string().optional(),
+        dailyVolume: zod_1.z.string().optional(),
+        foreignCustomerRegions: zod_1.z.array(zod_1.z.string()).optional(),
+        cryptoFamiliarity: zod_1.z.string().optional(),
+        customerCryptoAskFrequency: zod_1.z.string().optional(),
+        bestContactTime: zod_1.z.array(zod_1.z.string()).optional(),
+        yearsInBusiness: zod_1.z.string().optional(),
+        topPaymentMethod: zod_1.z.string().optional(),
+        ownerOrigin: zod_1.z.string().optional(),
+        foreignPaymentIssueTypes: zod_1.z.array(zod_1.z.string()).optional(),
+        customerForeignPayAsk: zod_1.z.string().optional(),
+        crossBorderPayOut: zod_1.z.string().optional(),
+    };
+    registerList("list_merchants", "merchant", "List merchants (cafe/shop field visits). Filter by status.");
+    registerGet("get_merchant", "merchant", "Get one merchant by id, with notes.");
+    registerSearch("search_merchants", "merchant", ["name", "city", "notes"], "Search merchants by name/city/notes.");
+    registerCreate("create_merchant", "merchant", {
+        name: zod_1.z.string().describe("Shop name"),
+        city: zod_1.z.string().describe("City"),
+        ...merchantBase,
+    }, "Create a merchant.");
+    registerUpdate("update_merchant", "merchant", {
+        name: zod_1.z.string().optional(),
+        city: zod_1.z.string().optional(),
+        ...merchantBase,
+    }, "Update a merchant (only the fields you pass change).");
+    // ---- ROUTES -------------------------------------------------------------
+    // Ordered walking/meeting routes. No encrypted fields today (stop notes live
+    // per-stop in cleartext); mirror lib/crmValidation RouteCreate/PatchSchema.
+    const routeStop = zod_1.z.object({
+        merchantId: zod_1.z.string().optional().describe("Merchant _id"),
+        name: zod_1.z.string().optional(),
+        address: zod_1.z.string().optional(),
+        googleMapsUrl: zod_1.z.string().optional(),
+        order: zod_1.z.number().int(),
+        walkingMinFromPrev: zod_1.z.number().optional(),
+        notes: zod_1.z.string().optional(),
+        visited: zod_1.z.boolean().optional(),
+        visitedAt: zod_1.z.string().optional().describe("ISO date"),
+    });
+    const routeBase = {
+        zone: zod_1.z.string().optional(),
+        session: zod_1.z.string().optional(),
+        date: zod_1.z.string().optional().describe("ISO date"),
+        ownerPersonId: zod_1.z.string().optional().describe("Person _id"),
+        status: zod_1.z.string().optional().describe("planned|in_progress|complete"),
+        stops: zod_1.z.array(routeStop).optional(),
+        isPublic: zod_1.z.boolean().optional(),
+        tags: zod_1.z.array(zod_1.z.string()).optional(),
+        source: zod_1.z.string().optional(),
+    };
+    registerList("list_routes", "route", "List routes. Filter by status.");
+    registerGet("get_route", "route", "Get one route by id, with its stops.");
+    registerSearch("search_routes", "route", ["name", "city"], "Search routes by name/city.");
+    registerCreate("create_route", "route", {
+        name: zod_1.z.string().describe("Route name"),
+        city: zod_1.z.string().describe("City"),
+        ...routeBase,
+    }, "Create a route.");
+    registerUpdate("update_route", "route", {
+        name: zod_1.z.string().optional(),
+        city: zod_1.z.string().optional(),
+        ...routeBase,
+    }, "Update a route (only the fields you pass change).");
+    // ---- SURVEYS (read-only) ------------------------------------------------
+    // Public research surveys (nomad travelers + company founders). READ-ONLY:
+    // submissions arrive via the public web forms, not the AI. These collections
+    // are stored CLEARTEXT server-side (operator-only GET), so the bridge serves
+    // them as a straight pass-through — no decrypt, no encrypted-vs-clear split.
+    function registerSurveyList(name, coll, desc) {
+        server.registerTool(name, {
+            description: desc,
+            inputSchema: { limit: zod_1.z.number().int().min(1).max(1000).optional() },
+        }, async (args) => {
+            try {
+                const rows = await ctx.data.listReadonly(coll, args);
+                return jsonResult({ count: rows.length, items: rows });
+            }
+            catch (e) {
+                return errResult(e);
+            }
+        });
+    }
+    function registerSurveyGet(name, coll, desc) {
+        server.registerTool(name, { description: desc, inputSchema: { id: zod_1.z.string().describe("The record's _id") } }, async (args) => {
+            try {
+                const row = await ctx.data.getReadonly(coll, args.id);
+                if (!row)
+                    return errResult(new Error("not_found"));
+                return jsonResult(row);
+            }
+            catch (e) {
+                return errResult(e);
+            }
+        });
+    }
+    registerSurveyList("list_nomad_responses", "nomad", "List nomad/traveler payment-research survey responses (newest first), with contact + free-text answer.");
+    registerSurveyGet("get_nomad_response", "nomad", "Get one nomad survey response by id, with contact + free-text answer.");
+    registerSurveyList("list_founder_leads", "founder", "List founder/company payroll-research survey leads (newest first), with contact + free-text answer.");
+    registerSurveyGet("get_founder_lead", "founder", "Get one founder survey lead by id, with contact + free-text answer.");
     // ---- DIGEST -------------------------------------------------------------
     server.registerTool("get_digest", {
         description: "Get the actionable digest (overdue/today/this-week follow-ups + open tasks)." +

package/manifest.json

@@ -2,7 +2,7 @@
   "manifest_version": "0.3",
   "name": "scales-nest",
   "display_name": "Nest by SCALES",
-  "version": "1.0.3",
+  "version": "1.0.4",
   "description": "Read and write your end-to-end-encrypted Nest through your own AI. Your encryption key is derived locally and never leaves your machine; Nest's servers only ever see ciphertext.",
   "long_description": "Nest is your encrypted second brain (people, companies, tasks, events). This connector runs a small MCP server on your own machine. It fetches your password-wrapped key from Nest, unwraps it locally, then decrypts on read and encrypts on write right here. The Nest server only ever stores ciphertext and never receives your password, your key, or your plaintext. Mint a scoped API key in Nest (Settings then Connect your AI), paste it plus your encryption password below, and your AI can read and (with a full-control key) write your Nest data.",
   "author": {
@@ -47,6 +47,20 @@
     { "name": "search_events", "description": "Search events." },
     { "name": "create_event", "description": "Create an event." },
     { "name": "update_event", "description": "Update an event." },
+    { "name": "list_merchants", "description": "List merchants (field visits), decrypted locally." },
+    { "name": "get_merchant", "description": "Get one merchant by id, decrypted locally." },
+    { "name": "search_merchants", "description": "Search merchants by name/city/notes." },
+    { "name": "create_merchant", "description": "Create a merchant; encrypted locally before it is stored." },
+    { "name": "update_merchant", "description": "Update a merchant; re-encrypted locally before it is stored." },
+    { "name": "list_routes", "description": "List walking/meeting routes." },
+    { "name": "get_route", "description": "Get one route by id, with its stops." },
+    { "name": "search_routes", "description": "Search routes by name/city." },
+    { "name": "create_route", "description": "Create a route." },
+    { "name": "update_route", "description": "Update a route." },
+    { "name": "list_nomad_responses", "description": "List nomad/traveler payment-research survey responses (read-only)." },
+    { "name": "get_nomad_response", "description": "Get one nomad survey response by id (read-only)." },
+    { "name": "list_founder_leads", "description": "List founder/company payroll-research survey leads (read-only)." },
+    { "name": "get_founder_lead", "description": "Get one founder survey lead by id (read-only)." },
     { "name": "get_digest", "description": "Get your follow-up digest (overdue and upcoming)." }
   ],
   "keywords": ["crm", "encrypted", "mcp", "nest", "scales", "second-brain"],

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@scales-baby/nest-bridge",
-  "version": "1.0.3",
+  "version": "1.0.4",
   "description": "Local MCP bridge for Nest. Read and write your end-to-end-encrypted Nest data through your own AI; the encryption key is derived locally from your password and never leaves your machine.",
   "license": "MIT",
   "author": "SCALES (https://nest.scales.baby)",