@seldonframe/mcp 1.27.5 → 1.27.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +3 -1
- package/src/welcome.js +2 -2
package/package.json
CHANGED
|
@@ -1,6 +1,8 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@seldonframe/mcp",
|
|
3
|
-
"version": "1.27.
|
|
3
|
+
"version": "1.27.7",
|
|
4
|
+
"description": "MCP server for SeldonFrame — AI-native Business OS platform. v1.27.7: AGENT INTELLIGENCE BASELINE (CRM-side; MCP package version bumped for SemVer hygiene). PROBLEM: real-world dogfood showed three baseline-intelligence failures every agent inherits regardless of blueprint quality. (a) Asked 'what date is this Friday?' — agent had no temporal grounding. The system prompt didn't tell it today's date or timezone, so 'this Friday', 'tomorrow', 'next week' couldn't be resolved. (b) Asked customer to re-confirm name + phone after find_my_existing_appointment matched the booking by email — the tool returned only the booking, not the linked contact, so the agent had to re-ask for info already on file. (c) End of turn asked 'what's the best email to reach you at?' even though the customer's email was the FIRST thing they typed three turns earlier — no_pii_leak validator over-fired (flagged the customer's own phone-number echo as a leak), runtime replaced with safe fallback that asks for email, infinite-loop UX. These are PLATFORM debt, not operator debt — operators shouldn't have to write 'agent should know what today is' in their FAQ. PHILOSOPHY (Karpathy / antifragile / thin-harness-fat-skill): every smart-by-default behavior belongs in the system-prompt composer (the FAT SKILL layer) or in tool data enrichment (the runtime data layer). Don't add tools, don't add validators, don't add wrappers. Add CONTEXT. As Claude gets better, richer context lifts more weight. WHAT SHIPS: (1) TEMPORAL GROUNDING. composeSystemPrompt accepts new {now, timezone} params. Runtime passes new Date() + organizations.timezone (the workspace's IANA timezone, defaulting to UTC). System prompt now starts with a '## Right now' section: 'Today is Thursday, May 7, 2026 (10:11 AM America/New_York). When the visitor says today / tomorrow / this Friday / next week, resolve them to a CONCRETE date using this anchor. Default to most natural interpretation: this Friday = next upcoming Friday; tomorrow = next calendar day; next week = same weekday 7 days out.' (2) BE-SMART-BY-DEFAULT BEHAVIORAL GUIDANCE. New '## Be smart by default' section in the composed prompt with 6 platform-owned rules: don't ask for info you already have; use linked-contact data when a tool returns it; echoing customer-provided data isn't a leak; default to optimistic interpretation; confirm before destructive actions; stay concise. Operator never authors these. As Claude gets better OR new failure modes surface, we expand THIS prose. Architecture stable. (3) find_my_existing_appointment NOW RETURNS LINKED CONTACT. The tool's return shape changes from Array<booking> to { appointments: Array<booking>, contact: { id, fullName, email, phone } | null }. Tool description updated to instruct the LLM to use the contact field instead of re-asking. The contact lookup is a JOIN on contacts.email matching the email argument; null when no contact record exists. (4) no_pii_leak VALIDATOR ACCEPTS conversationContext. ValidatorContext gains an optional conversationContext field — full conversation history's user messages + tool-result blobs concatenated. Runtime passes it on every validator run. The validator now treats this 'trusted source' as the allowlist for emails/phones — anything in the response that's NOT in the trusted set is flagged. Customer's own data echoed back, or contact's phone surfaced by find_my_existing_appointment then echoed in the response, are both fine — no false-positive leak flags. NO migrations (organizations.timezone column shipped earlier). NO new env vars. NO new MCP tool changes — but the underlying find_my_existing_appointment tool's return shape evolved. Backend redeploy required. EXPECTED IMPACT on the conversation that triggered this fix: agent resolves 'this Friday' to May 8 without asking; uses 'Maxime Houle (450-516-1803)' from the contact lookup without asking; doesn't ask for email a second time at end-of-conversation. Same blueprint, smarter agent.",
|
|
5
|
+
"description": "MCP server for SeldonFrame — AI-native Business OS platform. v1.27.6: IN-DASHBOARD LLM KEY UI (CRM-side; MCP package contents unchanged from 1.27.5 but version bumped for SemVer hygiene). PROBLEM: v1.27.5 added a clean pre-flight banner to the agent sandbox saying 'No Anthropic API key configured', but the only fix path it suggested was 'Configure a key from Claude Code: configure_llm_provider({ ... })'. SF clients had NO in-dashboard UI to add their LLM key — they had to leave the dashboard, open Claude Code, find the SeldonFrame MCP, call the tool. Friction. WHAT SHIPS: (1) NEW PAGE /settings/integrations/llm. Two cards (Anthropic + OpenAI), each shows: configured/not-configured pill, last-saved hint (sk-ant-...XXXX masked) + savedAt timestamp when present, password-input field for paste-and-replace, Save key button, Remove key button. Form-action server actions (saveLlmKeyAction, removeLlmKeyAction) live in lib/integrations/llm/actions.ts. Same encryption + storage path as the MCP configure_llm_provider tool — both write to organizations.integrations[provider].apiKey with the v1. prefix; the agent runtime decrypts uniformly via lib/ai/client.getAIClient regardless of source. (2) PROVIDER-SPECIFIC KEY-SHAPE VALIDATION. Anthropic keys must start with sk-ant-, OpenAI keys with sk-. Catches the most common paste mistakes (wrong provider for the field, leading whitespace, etc.) before encryption. (3) DEEP-LINK FROM SANDBOX BANNER. The /agents/[id]/test pre-flight 'No Anthropic API key configured' banner now includes an 'Add key' button linking directly to /settings/integrations/llm. Two-click fix from sandbox to working agent. (4) DISCOVERABILITY CARD on /settings/integrations index. New 'AI / LLM Providers' card at the top of the integrations list with 'Manage keys →' button. Operators browsing integrations naturally find the LLM section first. NO migrations, NO new env vars (ENCRYPTION_KEY already required). NO MCP tool changes — MCP configure_llm_provider keeps working in parallel; same column, same encryption. Backend redeploy required. EXPECTED IMPACT: SF clients hitting the 'No key' banner can now resolve in 2 clicks (button → paste → Save) instead of switching tools. The MCP path stays for Claude Code users; the dashboard path stays for browser users; both write to the same encrypted column.",
|
|
4
6
|
"description": "MCP server for SeldonFrame — AI-native Business OS platform. v1.27.5: SANDBOX DIAGNOSTIC UX (CRM-side; MCP package contents unchanged from 1.27.4 but version bumped for SemVer hygiene). PROBLEM: real-world dogfood showed that when an SF client tested their agent in /agents/[id]/test sandbox and the runtime errored (e.g. Anthropic credit balance too low), the sandbox surfaced the customer-facing fallback 'I'm having a hiccup. Can I have someone follow up with you? What's your email?' — which is intentionally vague for end customers but USELESS for the SF client trying to debug. Worse, it LOOPED: every subsequent turn re-fired the same fallback, asking for the email again. The real diagnostic ('Your credit balance is too low to access the Anthropic API') was buried in Vercel server logs only. WHAT SHIPS: (1) ANTHROPIC ERROR CLASSIFIER. New classifyAnthropicError() in runtime.ts maps raw Anthropic error strings to stable reason codes + operator-friendly hints: llm_credit_exhausted (→ 'Add credits at console.anthropic.com/settings/billing'), llm_invalid_key (→ 'Update via configure_llm_provider with a fresh sk-ant-... key'), llm_rate_limited (→ 'Wait ~60s or raise your tier'), llm_model_unavailable (→ 'Contact SF support'), llm_overloaded (→ 'Try again in a moment'), llm_timeout (→ 'Check outbound connectivity'), llm_error (→ generic). (2) TEST-MODE-AWARE FALLBACK. runtime.ts fallbackMessage now branches on conv.status: status='test' → returns the real diagnostic ('[runtime error: llm_credit_exhausted] Anthropic account has no credits left...'), status='active'/'live' → keeps the customer-facing 'hiccup' fallback. Same code path; different audience treatment. (3) PRE-FLIGHT DIAGNOSTIC BANNERS at /agents/[id]/test. Server component checks BEFORE rendering the chat: agent status (must be test or live), Anthropic key presence in organizations.integrations, daily token budget remaining. Each fail surfaces a colored banner with title + actionable message + (when applicable) a quick-link button to the right fix surface. Block-level fails (no key, budget exhausted, draft status) hide the chat entirely so the operator can't waste a turn discovering the issue. Warning-level (>80% budget) shows the chat with a non-blocking banner. (4) SANDBOX HALT-AND-RETRY. test-client.tsx now tracks halted state. When the runtime returns degraded=true (in non-streaming JSON branch) or sends an SSE 'done' event with degraded:true, the sandbox: tags the assistant message as degraded with a red border + 'Runtime error · <reason>' label; disables the input box ('Resolve the error above to continue'); shows a 'Reset & retry' button that clears the conversation and starts fresh. No more infinite-loop-of-hiccup-prompts. NO migrations, NO new env vars, NO MCP tool changes. Backend redeploy required (the runtime + server-component changes ship with the next Vercel deploy of main).",
|
|
5
7
|
"description": "MCP server for SeldonFrame — AI-native Business OS platform. v1.27.4: UNIFIED SIGN-OUT HOTFIX (CRM-side; MCP package contents unchanged from 1.27.3 but version bumped for SemVer hygiene). PROBLEM: dashboard-topbar 'Log out' called next-auth's signOut() which only clears the NextAuth session-token cookie. SF has THREE simultaneous auth sources since v1.25.0: NextAuth + operator-portal cookie (sf_operator_session) + admin-token Bearer header. Per v1.25.2 precedence, the operator portal cookie resolves FIRST in lib/auth/helpers.ts. So signing out via NextAuth left sf_operator_session intact → next request resolved as operator portal → user appears stuck in operator-portal mode (trimmed sidebar: Customers / Jobs / Booking only) and can't see the full admin dashboard with Agents / Pages / Email / etc. SYMPTOM: Acme AI agency operator builds an agent for Cypress Pine HVAC via Claude Code, opens https://app.seldonframe.com/dashboard, sees the operator-trimmed view (their agency dashboard hidden), clicks Log out → POST /api/auth/signout returns 200 + redirect /login → next request still resolves the same operator portal user via the surviving sf_operator_session cookie. Loop. Diagnostic logs showed 'userId: __sf_operator_portal__:fa5ba418-... ' even after the signout response. FIX: new lib/auth/actions.signOutAllSessionsAction server action that clears BOTH cookies in one call (operator portal first since it precedes NextAuth in resolution order, then NextAuth via signOut({redirect:false}), then redirect to /login). Admin-token doesn't need clearing — it's a stateless server-side credential, never stored in cookies. Wired into dashboard-topbar.tsx replacing the next-auth/react signOut() call with a form action — works without JavaScript, no client-side state to manage. NO migrations, NO new env vars. Backend redeploy required (the topbar component change ships with the next Vercel deploy of main).",
|
|
6
8
|
"description": "MCP server for SeldonFrame — AI-native Business OS platform. v1.27.3: MCP PARSE HOTFIX — v1.27.1 + v1.27.2 published broken to npm because welcome.js had a JS syntax error from a bad Edit. ROOT CAUSE: my v1.27.1 Edit replaced only the PREFIX of the FIRST_CALL_BANNER assignment ('export const FIRST_CALL_BANNER = `🚀 SeldonFrame v1.18.1 is connected.') instead of the full multi-line statement. The replacement template literal closed properly with `;` at its end, but the OLD content (everything after 'is connected.' from v1.18.1) remained as orphaned text → 'export const FIRST_CALL_BANNER = `<new>`; PREFERRED workspace creation: ... `;' which fails to parse with 'Unexpected identifier workspace' because PREFERRED workspace are two bare identifiers. tsc didn't run on this file (it's plain .js), and 'npm publish' has no syntax check by default, so the broken package shipped. v1.27.2's republish carried the same bug because my edits touched only the version string, not the surrounding broken syntax. SYMPTOM: Claude Code 'Failed to reconnect to seldonframe' — the npx-spawned MCP server crashes immediately at module load. v1.27.0 worked fine (its version was the last clean one before this regression), but v1.27.0's published code still references the broken backend ops, so it's not a fully usable fallback. FIX: rewrote the FIRST_CALL_BANNER as a single clean statement (consolidated the v1.27.x capability map content + the legacy workspace flow tail into one string, no orphan tail). VERIFIED with `node --input-type=module -e \"import('./welcome.js')\"` — file now parses, VERSION + WELCOME_MARKDOWN + FIRST_CALL_BANNER all loadable. PREVENTION: new npm script `check:syntax` runs `node --check` on each .js file in src/, wired into `prepublishOnly`. `node --check` is AST-parse-only (no execution, no import resolution needed) so it runs in <100ms and catches this entire bug class — including the version-bump-while-leaving-orphan-tail mistake — before npm publish can ship a broken tarball. Antifragile to future Edit-tool fumbles. NO tool descriptions changed, NO welcome.js capability map content changed (the v1.27.1 doc upgrade still applies as intended once Claude Code can actually reach the file). Republish only.",
|
package/src/welcome.js
CHANGED
|
@@ -8,7 +8,7 @@
|
|
|
8
8
|
// stripped. `create_full_workspace` is the only workspace-creation
|
|
9
9
|
// path mentioned anywhere in this briefing.
|
|
10
10
|
|
|
11
|
-
export const VERSION = "1.27.
|
|
11
|
+
export const VERSION = "1.27.7";
|
|
12
12
|
|
|
13
13
|
export const WELCOME_MARKDOWN = `# SeldonFrame — create a real Business OS in one conversation
|
|
14
14
|
|
|
@@ -402,4 +402,4 @@ admin dashboard. Pre-fills their email automatically.
|
|
|
402
402
|
<https://seldonframe.com> · **Discord:** <https://discord.gg/sbVUu976NW>
|
|
403
403
|
`;
|
|
404
404
|
|
|
405
|
-
export const FIRST_CALL_BANNER = `🚀 SeldonFrame v1.27.
|
|
405
|
+
export const FIRST_CALL_BANNER = `🚀 SeldonFrame v1.27.7 is connected. CAPABILITY MAP — pick the right primitive BEFORE exploring tools: (a) "build me a website" → WORKSPACE → create_workspace_v2 + block tools. (b) "add a chatbot to my website / landing page" → AGENT (web chat) → create_agent({archetype:"website-chatbot"}) → embed.js script. CRITICAL ANTI-PATTERN: chat widgets are NOT blocks. Don't search list_blocks for chat — chat agents are a separate primitive (v1.26+). (c) "auto-reply to inbound SMS/email" → CONVERSATION → send_conversation_turn (one-shot Soul-aware reply, not a website widget). (d) "add hero/services/faq/cta section" → BLOCK → get_block_skill + persist_block. (e) "send campaign email/sms" → MESSAGING. (f) CRM ops → list_contacts/create_deal/etc. CHATBOT CANONICAL FLOW (5 calls): configure_llm_provider (BYOK Anthropic, skip if already set) → create_agent (faq + pricing_facts + greeting) → publish_agent({status:"test"}) → operator sandbox-tests at /agents/[id]/test → publish_agent({status:"live"}) auto-runs 8-scenario eval gate (≥87.5% pass required). Observability tools after publish: list_agents, tail_agent_conversations, get_agent_conversation, get_agent_metrics, run_agent_evals, replay_conversation. Dashboard surfaces /agents, /agents/[id]/test, /agents/[id]/settings, /agents/[id]/evals, /agents/[id]/conversations let operators iterate without leaving the browser. WORKSPACE FLOW (legacy reference): create_workspace_v2 → IN PARALLEL for all 7 recommended_blocks (hero, services, about, faq, cta, booking, intake): get_block_skill + persist_block → complete_workspace_v2 → finalize_workspace({workspace_id, email}). Run blocks in PARALLEL (Promise.all) — sequential takes 60+ seconds. v1.10+ CUSTOMIZE: regenerate_block, upload_workspace_image (image_url preferred over base64). v1.11+ STRUCTURAL: get_landing_structure, move_section, delete_section. v1.12+ COMPOSITES: add_composite_section / update_composite_section — manifest ANY block from 12 low-level primitives. Skipping finalize_workspace leaves the operator with no admin login. Every URL is real. NEVER create local files.`;
|