@sealab/mcp-server 1.0.1 → 1.0.3

package/dist/tools/orders.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.orderTools = void 0;
+exports.orderTools = exports.ArticleItemSchema = void 0;
 exports.getOrderBreakdown = getOrderBreakdown;
 exports.getPositionBreakdown = getPositionBreakdown;
 exports.createEditCart = createEditCart;
@@ -211,7 +211,7 @@ async function applySavedSettingToArticle(article) {
 async function applySavedSettingsToArticles(articles) {
     return Promise.all(articles.map(applySavedSettingToArticle));
 }
-const ArticleItemSchema = zod_1.z.object({
+exports.ArticleItemSchema = zod_1.z.object({
     serialNumber: zod_1.z.string(),
     positionName: zod_1.z.string().max(25).describe('Unique label for this cabinet within the order. Must be unique across ALL articles in the order. ' +
         'Derive from the cabinet display name: "Upper 1125" → "Upper", "Base Cabinet" → "Base". ' +
@@ -364,7 +364,7 @@ const SubmitCartAsVersionSchema = zod_1.z.object({
 });
 const AddArticlesToCartSchema = zod_1.z.object({
     tempOrderId: zod_1.z.string().describe('Saved cart reference ID — a plain numeric string returned by create_saved_cart or list_saved_carts (e.g. "901787"). Do NOT add any prefix such as "SavedCart_".'),
-    articles: flexArray(ArticleItemSchema).describe('Articles to add to the cart.'),
+    articles: flexArray(exports.ArticleItemSchema).describe('Articles to add to the cart.'),
 });
 const GetSavedCartSchema = zod_1.z.object({
     tempOrderId: zod_1.z.string().describe('Saved cart reference ID — a plain numeric string returned by create_saved_cart or list_saved_carts (e.g. "901787"). Do NOT add any prefix such as "SavedCart_".'),
@@ -411,7 +411,7 @@ const DeleteSavedCartArticlesSchema = zod_1.z.object({
     positionNames: flexArray(zod_1.z.string()).describe('Position names of the articles to delete.'),
 });
 const CreateOrderSchema = zod_1.z.object({
-    articles: flexArray(ArticleItemSchema).describe('Line items to order.'),
+    articles: flexArray(exports.ArticleItemSchema).describe('Line items to order.'),
     projectName: zod_1.z.string().describe('Project name for this order'),
     purchaseOrder: zod_1.z.string().describe('Purchase order number'),
     projectAddress: ProjectAddressSchema.optional().describe('Project address (where cabinets will be installed)'),

package/dist/tools/permissions.js

@@ -0,0 +1,180 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.permissionTools = void 0;
+exports.shareOrderAccess = shareOrderAccess;
+exports.updateOrderAccess = updateOrderAccess;
+exports.revokeOrderAccess = revokeOrderAccess;
+exports.listOrderAccess = listOrderAccess;
+const zod_1 = require("zod");
+const api_client_1 = require("../client/api-client");
+// ─── Schemas ─────────────────────────────────────────────────────────────────
+const ShareOrderSchema = zod_1.z.object({
+    orderId: zod_1.z.string().describe('The order ID to share access to.'),
+    grantedToEmail: zod_1.z.string().describe('Email address of the user to grant access to.'),
+    permissionType: zod_1.z.enum(['VIEW', 'EDIT', 'ADMIN']).default('VIEW').describe('Permission level to grant. VIEW = read-only (default), EDIT = can modify order options, ADMIN = full control.'),
+    hidePrice: zod_1.z.boolean().default(false).describe('Whether to hide pricing information from this user. Defaults to false.'),
+});
+const UpdateOrderAccessSchema = zod_1.z.object({
+    orderId: zod_1.z.string().describe('The order ID whose permission you want to update.'),
+    grantedToEmail: zod_1.z.string().describe('Email address of the user whose permission to update.'),
+    permissionType: zod_1.z.enum(['VIEW', 'EDIT', 'ADMIN']).describe('New permission level. VIEW = read-only, EDIT = can modify order options, ADMIN = full control.'),
+    hidePrice: zod_1.z.boolean().default(false).describe('Whether to hide pricing information from this user.'),
+});
+const RevokeOrderAccessSchema = zod_1.z.object({
+    orderId: zod_1.z.string().describe('The order ID to revoke access from.'),
+    email: zod_1.z.string().describe('Email address of the user whose access to revoke.'),
+});
+const ListOrderAccessSchema = zod_1.z.object({
+    orderId: zod_1.z.string().describe('The order ID to list shared access for.'),
+});
+// ─── Handlers ────────────────────────────────────────────────────────────────
+async function shareOrderAccess(input) {
+    try {
+        const { data } = await api_client_1.client.post(`/orders/${input.orderId}/permissions/grant`, {
+            grantedToEmail: input.grantedToEmail,
+            permissionType: input.permissionType,
+            hidePrice: input.hidePrice,
+        });
+        const priceNote = input.hidePrice ? ' Prices will be hidden from them.' : '';
+        return `Access granted. ${input.grantedToEmail} now has ${input.permissionType} access to order ${input.orderId}.${priceNote} They will receive an email notification.`;
+    }
+    catch (error) {
+        try {
+            (0, api_client_1.handleAxiosError)(error);
+        }
+        catch (e) {
+            return e.message;
+        }
+        return 'Unexpected error granting order access.';
+    }
+}
+async function updateOrderAccess(input) {
+    try {
+        await api_client_1.client.put(`/orders/${input.orderId}/permissions/update`, {
+            grantedToEmail: input.grantedToEmail,
+            permissionType: input.permissionType,
+            hidePrice: input.hidePrice,
+        });
+        const priceNote = input.hidePrice ? ' Prices are hidden from them.' : ' Prices are visible to them.';
+        return `Permission updated. ${input.grantedToEmail} now has ${input.permissionType} access to order ${input.orderId}.${priceNote}`;
+    }
+    catch (error) {
+        try {
+            (0, api_client_1.handleAxiosError)(error);
+        }
+        catch (e) {
+            return e.message;
+        }
+        return 'Unexpected error updating order access.';
+    }
+}
+async function revokeOrderAccess(input) {
+    try {
+        await api_client_1.client.delete(`/orders/${input.orderId}/permissions/revoke`, {
+            params: { email: input.email },
+        });
+        return `Access revoked. ${input.email} can no longer access order ${input.orderId}.`;
+    }
+    catch (error) {
+        try {
+            (0, api_client_1.handleAxiosError)(error);
+        }
+        catch (e) {
+            return e.message;
+        }
+        return 'Unexpected error revoking order access.';
+    }
+}
+async function listOrderAccess(input) {
+    try {
+        const { data } = await api_client_1.client.get(`/orders/${input.orderId}/permissions`);
+        if (!data || data.length === 0) {
+            return `No shared access on order ${input.orderId}. Only you can view it.`;
+        }
+        const lines = [`Shared access for order ${input.orderId}:\n`];
+        for (const p of data) {
+            const priceNote = p.hidePrice ? ' | Prices hidden' : '';
+            const grantedDate = p.grantedDate ? ` | Granted: ${p.grantedDate.split('T')[0]}` : '';
+            lines.push(`• ${p.grantedToEmail} — ${p.permissionType}${priceNote}${grantedDate}`);
+        }
+        return lines.join('\n');
+    }
+    catch (error) {
+        try {
+            (0, api_client_1.handleAxiosError)(error);
+        }
+        catch (e) {
+            return e.message;
+        }
+        return 'Unexpected error listing order access.';
+    }
+}
+// ─── Tool Definitions ─────────────────────────────────────────────────────────
+exports.permissionTools = [
+    {
+        name: 'share_order_access',
+        description: `Grant another user access to one of your orders.
+
+Use when the user says things like:
+- "Share order 12345 with someone@email.com"
+- "Give Jane access to my order"
+- "Let my contractor view this order without seeing prices"
+
+BEFORE calling, confirm with the user:
+- The order ID
+- The recipient's email address
+- Permission level: VIEW (read-only, default), EDIT (modify options), ADMIN (full control)
+- Whether to hide prices from the recipient (default: no)
+
+After granting:
+- The recipient receives an email notification
+- They log in to their Sealab account to view the shared order
+- You can update or revoke access at any time using the other permission tools
+
+Rules enforced by the system:
+- You can only share your own orders
+- Cannot share with yourself
+- Maximum 50 users per order`,
+        inputSchema: ShareOrderSchema,
+        handler: shareOrderAccess,
+    },
+    {
+        name: 'update_order_access',
+        description: `Update the permission level or price visibility for a user who already has access to one of your orders.
+
+Use when the user wants to:
+- Change someone's permission from VIEW to EDIT or ADMIN
+- Toggle whether prices are hidden for a specific user
+- Adjust existing shared access without revoking and re-granting
+
+Requires the order ID, the user's email, the new permission type, and the new hidePrice setting.`,
+        inputSchema: UpdateOrderAccessSchema,
+        handler: updateOrderAccess,
+    },
+    {
+        name: 'revoke_order_access',
+        description: `Revoke a user's access to one of your orders.
+
+Use when the user wants to:
+- Remove someone's access to an order
+- Revoke a collaborator or contractor's view of an order
+
+After revoking, the user immediately loses access. No email notification is sent on revocation.
+
+Requires the order ID and the email address of the user whose access to remove.`,
+        inputSchema: RevokeOrderAccessSchema,
+        handler: revokeOrderAccess,
+    },
+    {
+        name: 'list_order_access',
+        description: `List all users who currently have shared access to one of your orders.
+
+Returns each user's email, permission level (VIEW/EDIT/ADMIN), whether prices are hidden for them, and the date access was granted.
+
+Use when the user asks:
+- "Who has access to order 12345?"
+- "Show me who I've shared this order with"`,
+        inputSchema: ListOrderAccessSchema,
+        handler: listOrderAccess,
+    },
+];

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sealab/mcp-server",
-  "version": "1.0.1",
+  "version": "1.0.3",
   "description": "MCP server for the Sealab cabinetry catalog",
   "main": "dist/index.js",
   "bin": {
@@ -17,14 +17,16 @@
     "@modelcontextprotocol/sdk": "^1.0.0",
     "axios": "^1.6.0",
     "form-data": "^4.0.0",
+    "pngjs": "^7.0.0",
     "zod": "^3.22.0",
     "zod-to-json-schema": "^3.22.0"
   },
   "devDependencies": {
     "@types/node": "^20.0.0",
+    "@types/pngjs": "^6.0.5",
+    "ts-node": "^10.9.0",
     "typescript": "^5.3.0",
-    "vitest": "^1.0.0",
-    "ts-node": "^10.9.0"
+    "vitest": "^1.0.0"
   },
   "engines": {
     "node": ">=18"

package/src/client/api-client.ts

@@ -7,13 +7,21 @@ if (!API_KEY) {
   throw new Error('SEALAB_API_KEY environment variable is required');
 }
 
-export const client: AxiosInstance = axios.create({
-  baseURL: `${API_URL}/api/mcp/v1`,
-  headers: {
-    'X-API-Key': API_KEY,
-  },
-  timeout: 10000,
-});
+export const client: AxiosInstance = axios.create({
+  baseURL: `${API_URL}/api/mcp/v1`,
+  headers: {
+    'X-API-Key': API_KEY,
+  },
+  timeout: 10000,
+});
+
+export const aiDrawingClient: AxiosInstance = axios.create({
+  baseURL: `${API_URL}/api/ai-drawing/v1`,
+  headers: {
+    'X-API-Key': API_KEY,
+  },
+  timeout: 10000,
+});
 
 export class McpApiError extends Error {
   constructor(public readonly status: number, message: string) {

package/src/index.ts

@@ -10,8 +10,12 @@ import { configurationTools } from './tools/configuration';
 import { configurationInfoTools } from './tools/configuration-info';
 import { savedSettingsTools } from './tools/saved-settings';
 import { canvasTools } from './tools/canvas';
+import { permissionTools } from './tools/permissions';
+import { aiDrawingTools } from './tools/ai-drawing';
+import { aiDrawingOverlayTools } from './tools/ai-drawing-overlay';
+import { normalizeMcpJsonSchema } from './schema-normalizer';
 
-const allTools = [...catalogTools, ...orderTools, ...configurationTools, ...configurationInfoTools, ...savedSettingsTools, ...canvasTools];
+const allTools = [...catalogTools, ...orderTools, ...configurationTools, ...configurationInfoTools, ...savedSettingsTools, ...canvasTools, ...permissionTools, ...aiDrawingTools, ...aiDrawingOverlayTools];
 
 const server = new Server(
   { name: 'sealab', version: '1.0.0' },
@@ -22,7 +26,7 @@ server.setRequestHandler(ListToolsRequestSchema, async () => ({
   tools: allTools.map((t) => ({
     name: t.name,
     description: t.description,
-    inputSchema: zodToJsonSchema(t.inputSchema as any, { target: 'openApi3' }),
+    inputSchema: normalizeMcpJsonSchema(zodToJsonSchema(t.inputSchema as any, { target: 'openApi3' })),
   })),
 }));
 

package/src/schema-normalizer.test.ts

@@ -0,0 +1,107 @@
+import { describe, expect, it } from 'vitest';
+import { normalizeMcpJsonSchema } from './schema-normalizer';
+
+describe('normalizeMcpJsonSchema', () => {
+  it('converts OpenAPI boolean exclusiveMinimum into JSON Schema numeric exclusiveMinimum', () => {
+    expect(normalizeMcpJsonSchema({
+      type: 'number',
+      minimum: 0,
+      exclusiveMinimum: true,
+    })).toEqual({
+      type: 'number',
+      exclusiveMinimum: 0,
+    });
+  });
+
+  it('converts OpenAPI boolean exclusiveMaximum into JSON Schema numeric exclusiveMaximum', () => {
+    expect(normalizeMcpJsonSchema({
+      type: 'number',
+      maximum: 1000,
+      exclusiveMaximum: true,
+    })).toEqual({
+      type: 'number',
+      exclusiveMaximum: 1000,
+    });
+  });
+
+  it('removes false exclusive bounds without changing inclusive bounds', () => {
+    expect(normalizeMcpJsonSchema({
+      type: 'number',
+      minimum: 0,
+      maximum: 1000,
+      exclusiveMinimum: false,
+      exclusiveMaximum: false,
+    })).toEqual({
+      type: 'number',
+      minimum: 0,
+      maximum: 1000,
+    });
+  });
+
+  it('normalizes nested placement item schemas', () => {
+    const normalized = normalizeMcpJsonSchema({
+      type: 'object',
+      properties: {
+        placements: {
+          type: 'array',
+          items: {
+            type: 'object',
+            properties: {
+              height: {
+                type: 'number',
+                minimum: 0,
+                exclusiveMinimum: true,
+              },
+            },
+          },
+        },
+      },
+    }) as any;
+
+    expect(normalized.properties.placements.items.properties.height).toEqual({
+      type: 'number',
+      exclusiveMinimum: 0,
+    });
+  });
+
+  it('collapses homogeneous tuple items into a Gemini-compatible item schema', () => {
+    const normalized = normalizeMcpJsonSchema({
+      type: 'array',
+      minItems: 4,
+      maxItems: 4,
+      items: [
+        { type: 'number', minimum: 0, maximum: 1000 },
+        { $ref: '#/properties/proposals/items/properties/bbox/items/0' },
+        { $ref: '#/properties/proposals/items/properties/bbox/items/0' },
+        { $ref: '#/properties/proposals/items/properties/bbox/items/0' },
+      ],
+    }) as any;
+
+    expect(Array.isArray(normalized.items)).toBe(false);
+    expect(normalized).toEqual({
+      type: 'array',
+      minItems: 4,
+      maxItems: 4,
+      items: { type: 'number', minimum: 0, maximum: 1000 },
+    });
+  });
+
+  it('keeps heterogeneous tuple schemas valid by using anyOf item schemas', () => {
+    const normalized = normalizeMcpJsonSchema({
+      type: 'array',
+      minItems: 2,
+      maxItems: 2,
+      items: [
+        { type: 'number' },
+        { type: 'string' },
+      ],
+    }) as any;
+
+    expect(normalized.items).toEqual({
+      anyOf: [
+        { type: 'number' },
+        { type: 'string' },
+      ],
+    });
+  });
+});

package/src/schema-normalizer.ts

@@ -0,0 +1,86 @@
+type JsonObject = { [key: string]: unknown };
+
+function isJsonObject(value: unknown): value is JsonObject {
+  return typeof value === 'object' && value !== null && !Array.isArray(value);
+}
+
+function normalizeExclusiveBounds(schema: JsonObject): JsonObject {
+  const normalized = { ...schema };
+
+  if (normalized.exclusiveMinimum === true) {
+    if (typeof normalized.minimum === 'number') {
+      normalized.exclusiveMinimum = normalized.minimum;
+      delete normalized.minimum;
+    } else {
+      delete normalized.exclusiveMinimum;
+    }
+  } else if (normalized.exclusiveMinimum === false) {
+    delete normalized.exclusiveMinimum;
+  }
+
+  if (normalized.exclusiveMaximum === true) {
+    if (typeof normalized.maximum === 'number') {
+      normalized.exclusiveMaximum = normalized.maximum;
+      delete normalized.maximum;
+    } else {
+      delete normalized.exclusiveMaximum;
+    }
+  } else if (normalized.exclusiveMaximum === false) {
+    delete normalized.exclusiveMaximum;
+  }
+
+  return normalized;
+}
+
+function schemaSignature(schema: unknown): string {
+  if (Array.isArray(schema)) {
+    return `[${schema.map((item) => schemaSignature(item)).join(',')}]`;
+  }
+
+  if (!isJsonObject(schema)) {
+    return JSON.stringify(schema);
+  }
+
+  return `{${Object.keys(schema)
+    .sort()
+    .map((key) => `${JSON.stringify(key)}:${schemaSignature(schema[key])}`)
+    .join(',')}}`;
+}
+
+function isRefToFirstTupleItem(item: unknown): boolean {
+  return isJsonObject(item) && typeof item.$ref === 'string' && item.$ref.endsWith('/items/0');
+}
+
+function normalizeTupleItems(schema: JsonObject): JsonObject {
+  if (!Array.isArray(schema.items)) {
+    return schema;
+  }
+
+  const normalizedItems = schema.items.map((item) => normalizeMcpJsonSchema(item));
+  const firstItem = normalizedItems[0];
+  const allItemsMatchFirst = normalizedItems.every((item) => (
+    schemaSignature(item) === schemaSignature(firstItem) || isRefToFirstTupleItem(item)
+  ));
+
+  return {
+    ...schema,
+    items: allItemsMatchFirst ? firstItem : { anyOf: normalizedItems },
+  };
+}
+
+export function normalizeMcpJsonSchema(schema: unknown): unknown {
+  if (Array.isArray(schema)) {
+    return schema.map((item) => normalizeMcpJsonSchema(item));
+  }
+
+  if (!isJsonObject(schema)) {
+    return schema;
+  }
+
+  const normalized = normalizeTupleItems(normalizeExclusiveBounds(schema));
+  for (const [key, value] of Object.entries(normalized)) {
+    normalized[key] = normalizeMcpJsonSchema(value);
+  }
+
+  return normalized;
+}

package/src/tools/ai-drawing-overlay.test.ts

@@ -0,0 +1,9 @@
+import { describe, expect, it } from 'vitest';
+
+import { aiDrawingOverlayTools } from './ai-drawing-overlay';
+
+describe('aiDrawingOverlayTools', () => {
+  it('does not register overlay extraction or placement-candidate tools in the MCP surface', () => {
+    expect(aiDrawingOverlayTools).toEqual([]);
+  });
+});

package/src/tools/ai-drawing-overlay.ts

@@ -0,0 +1,8 @@
+import { z } from 'zod';
+
+export const aiDrawingOverlayTools: Array<{
+  name: string;
+  description: string;
+  inputSchema: z.ZodTypeAny;
+  handler: (input: unknown) => Promise<string>;
+}> = [];