@spacelr/mcp 0.0.12 → 0.1.0

package/dist/index.mjs

@@ -597,6 +597,53 @@ function registerAuthTools(server, api) {
       }
     }
   );
+  server.registerTool(
+    "auth_verify_two_factor",
+    {
+      description: "Complete a two-factor authentication login. Call this after auth_login returns twoFactorRequired: true. Note: device trust is not persisted in MCP sessions \u2014 2FA will be required on every login. WARNING: token and code are visible in the conversation.",
+      inputSchema: {
+        token: z.string().min(1),
+        code: z.string().trim().regex(/^\d{6}$/, "Must be a 6-digit numeric code")
+      }
+    },
+    async ({ token, code }) => {
+      try {
+        const result = await api.post("/auth/verify-two-factor", { body: { token, code } });
+        return {
+          content: [{ type: "text", text: JSON.stringify(redactTokens(result), null, 2) }]
+        };
+      } catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        return {
+          content: [{ type: "text", text: `Two-factor verification failed: ${message}` }],
+          isError: true
+        };
+      }
+    }
+  );
+  server.registerTool(
+    "auth_resend_two_factor_code",
+    {
+      description: "Resend the two-factor authentication code. Rate-limited to 3 requests per minute. Requires the twoFactorToken from auth_login. WARNING: the token is sensitive and will be visible in the conversation.",
+      inputSchema: {
+        token: z.string().min(1)
+      }
+    },
+    async ({ token }) => {
+      try {
+        const result = await api.post("/auth/resend-two-factor-code", { body: { token } });
+        return {
+          content: [{ type: "text", text: JSON.stringify(redactTokens(result), null, 2) }]
+        };
+      } catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        return {
+          content: [{ type: "text", text: `Failed to resend two-factor code: ${message}` }],
+          isError: true
+        };
+      }
+    }
+  );
 }
 
 // libs/mcp-server/src/tools/projects.ts
@@ -1178,6 +1225,88 @@ function registerDatabaseTools(server, api) {
       }
     }
   );
+  server.registerTool(
+    "database_collections_update_metadata",
+    {
+      description: "Update a collection's realtime delivery mode, stream retention, write rate-limit override, or search filter requirements. `realtimeMode: 'stream'` switches the collection to Redis Streams for durable event replay (needed for chat, notifications, activity feeds). `realtimeMode: 'pubsub'` (default) is fire-and-forget, used for dashboards and list views. Exactly one of `streamRetention.maxLen` (approx. entry count) or `streamRetention.maxAgeMs` (retention age in ms) may be set. `writeThrottle` overrides the default per-collection write rate limit (10 writes / 10 s) \u2014 set `enabled: false` to disable entirely (e.g. audit logs), or override `limit` / `windowMs`. `searchConfig.requireFilter` declares top-level filter keys that callers MUST include in every `collection.search()` call to prevent unindexable full-scan regex queries \u2014 affects ALL callers immediately (no deprecation window). Response may include `warnings[]` if the project exceeds the 50-collection soft cap.",
+      inputSchema: {
+        projectId: z4.string(),
+        name: z4.string(),
+        realtimeMode: z4.enum(["pubsub", "stream"]).optional(),
+        streamRetention: z4.object({
+          maxLen: z4.number().int().min(1).optional(),
+          maxAgeMs: z4.number().int().min(1e3).optional()
+        }).refine(
+          (r) => !(r.maxLen !== void 0 && r.maxAgeMs !== void 0),
+          { message: "Set at most one of maxLen or maxAgeMs" }
+        ).optional(),
+        writeThrottle: z4.object({
+          enabled: z4.boolean().optional().describe("When false, skip write throttling entirely for this collection"),
+          limit: z4.number().int().min(1).max(1e4).optional().describe("Max writes per window (1..10000)"),
+          windowMs: z4.number().int().min(1e3).max(36e5).optional().describe("Window duration in ms (1000..3_600_000 = 1s to 1h)")
+        }).refine(
+          (t) => t.enabled !== void 0 || t.limit !== void 0 || t.windowMs !== void 0,
+          { message: "writeThrottle must set at least one of enabled, limit, or windowMs" }
+        ).optional(),
+        searchConfig: z4.object({
+          requireFilter: z4.array(
+            z4.string().regex(/^[a-zA-Z0-9_]+$/, "Top-level field names only (no dots, alphanumeric + underscore)").max(64).refine(
+              (k) => !["__proto__", "constructor", "prototype"].includes(k),
+              { message: "Reserved JS object keys (__proto__, constructor, prototype) are not allowed" }
+            )
+          ).min(1).max(10).optional().describe(
+            "Top-level filter keys required on every search() call. Empty array rejected \u2014 to CLEAR an existing requirement, pass `searchConfig: {}` (an empty object). Omitting `searchConfig` entirely is a no-op (no change). Duplicate keys are deduplicated server-side, but you should send a deduplicated list."
+          )
+          // `searchConfig.fields` is intentionally NOT exposed here. The
+          // backend DTO accepts it but treats it as "Reserved: future
+          // allow-list of searchable fields. Stored but not enforced.".
+          // Surfacing it via MCP would let callers persist values that
+          // have no observable effect today and may take on different
+          // semantics when enforcement ships. Add back once the feature
+          // is live.
+        }).strict().optional()
+      }
+    },
+    async ({ projectId, name, realtimeMode, streamRetention, writeThrottle, searchConfig }) => {
+      try {
+        const body = {};
+        if (realtimeMode !== void 0) body.realtimeMode = realtimeMode;
+        if (streamRetention !== void 0) body.streamRetention = streamRetention;
+        if (writeThrottle !== void 0) body.writeThrottle = writeThrottle;
+        if (searchConfig !== void 0) {
+          const normalized = {};
+          if (searchConfig.requireFilter !== void 0) {
+            normalized.requireFilter = Array.from(new Set(searchConfig.requireFilter));
+          }
+          body.searchConfig = normalized;
+        }
+        if (Object.keys(body).length === 0) {
+          return {
+            content: [
+              {
+                type: "text",
+                text: "At least one of realtimeMode, streamRetention, writeThrottle, or searchConfig must be provided"
+              }
+            ],
+            isError: true
+          };
+        }
+        const result = await api.patch(
+          `/databases/${encodeURIComponent(projectId)}/collections/${encodeURIComponent(name)}`,
+          { body }
+        );
+        return {
+          content: [{ type: "text", text: JSON.stringify(result, null, 2) }]
+        };
+      } catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        return {
+          content: [{ type: "text", text: `Failed to update collection metadata: ${message}` }],
+          isError: true
+        };
+      }
+    }
+  );
   server.registerTool(
     "database_collections_delete",
     {
@@ -1592,6 +1721,9 @@ function registerDatabaseTools(server, api) {
 }
 
 // libs/mcp-server/src/tools/hosting.ts
+import { readdir, readFile } from "fs/promises";
+import { lstatSync } from "fs";
+import { join as join2, relative, resolve, sep } from "path";
 import { z as z5 } from "zod";
 
 // libs/mcp-server/src/zip.ts
@@ -1607,17 +1739,29 @@ var ZipBuilder = class {
    * @param content - UTF-8 text content of the file
    */
   addFile(name, content) {
+    this.addFileBuffer(name, Buffer.from(content, "utf-8"));
+  }
+  /**
+   * Add a binary file to the archive.
+   *
+   * @param name - File path inside the ZIP (e.g. "images/logo.png")
+   * @param content - Raw file content as a Buffer
+   */
+  addFileBuffer(name, content) {
     const nameBuffer = Buffer.from(name, "utf-8");
-    const contentBuffer = Buffer.from(content, "utf-8");
-    const compressed = deflateRawSync(contentBuffer, { level: 9 });
-    const crc32 = computeCrc32(contentBuffer);
+    const compressed = deflateRawSync(content, { level: 9 });
+    const crc32 = computeCrc32(content);
     this.files.push({
       name: nameBuffer,
-      content: contentBuffer,
+      content,
       compressed,
       crc32
     });
   }
+  /** Number of files added to the archive. */
+  get fileCount() {
+    return this.files.length;
+  }
   /** Generate the complete ZIP archive as a Buffer. */
   toBuffer() {
     const localHeaders = [];
@@ -1691,6 +1835,17 @@ function computeCrc32(data) {
 }
 
 // libs/mcp-server/src/tools/hosting.ts
+async function walkDir(dir, base, zip) {
+  for (const entry of await readdir(dir, { withFileTypes: true })) {
+    const fullPath = join2(dir, entry.name);
+    if (entry.isSymbolicLink()) continue;
+    if (entry.isDirectory()) {
+      await walkDir(fullPath, base, zip);
+    } else {
+      zip.addFileBuffer(relative(base, fullPath).replace(/\\/g, "/"), await readFile(fullPath));
+    }
+  }
+}
 function registerHostingTools(server, api) {
   server.registerTool(
     "hosting_deployments_list",
@@ -2106,6 +2261,73 @@ function registerHostingTools(server, api) {
       }
     }
   );
+  server.registerTool(
+    "hosting_deployments_upload_directory",
+    {
+      description: "Upload a local directory as a ZIP archive to an existing deployment. Supports binary files (images, fonts, compiled assets). Use this instead of hosting_deployments_upload when deploying a built frontend from the local filesystem.\n\nTypical workflow:\n  1. hosting_deployments_create              \u2192 get deploymentId\n  2. hosting_deployments_upload_directory    \u2192 upload ./dist or any local folder\n  3. hosting_deployments_activate            \u2192 make the deployment live",
+      inputSchema: {
+        projectId: z5.string().describe("Project ID"),
+        deploymentId: z5.string().describe("Deployment ID (from hosting_deployments_create)"),
+        directoryPath: z5.string().describe('Absolute or relative path to the local directory to upload (e.g. "./dist")')
+      }
+    },
+    async ({ projectId, deploymentId, directoryPath }) => {
+      try {
+        const absDir = resolve(directoryPath);
+        const cwd = process.cwd();
+        if (absDir !== cwd && !absDir.startsWith(cwd + sep)) {
+          return {
+            content: [{ type: "text", text: `directoryPath must be within the current working directory (${cwd})` }],
+            isError: true
+          };
+        }
+        const stat = lstatSync(absDir, { throwIfNoEntry: false });
+        if (!stat) {
+          return {
+            content: [{ type: "text", text: `Directory not found: ${absDir}` }],
+            isError: true
+          };
+        }
+        if (!stat.isDirectory()) {
+          return {
+            content: [{ type: "text", text: `Path is not a directory: ${absDir}` }],
+            isError: true
+          };
+        }
+        const zip = new ZipBuilder();
+        await walkDir(absDir, absDir, zip);
+        if (zip.fileCount === 0) {
+          return {
+            content: [{ type: "text", text: `Directory is empty: ${absDir}` }],
+            isError: true
+          };
+        }
+        const zipBuffer = zip.toBuffer();
+        const result = await api.uploadFile(
+          `/hosting/projects/${encodeURIComponent(projectId)}/deployments/${encodeURIComponent(deploymentId)}/upload`,
+          zipBuffer,
+          "site.zip"
+        );
+        const response = {
+          success: true,
+          directoryPath: absDir,
+          bundleSizeBytes: zipBuffer.length
+        };
+        if (result && typeof result === "object") {
+          Object.assign(response, result);
+        }
+        return {
+          content: [{ type: "text", text: JSON.stringify(response, null, 2) }]
+        };
+      } catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        return {
+          content: [{ type: "text", text: `Directory upload failed: ${message}` }],
+          isError: true
+        };
+      }
+    }
+  );
 }
 
 // libs/mcp-server/src/tools/storage.ts