@stackwright-pro/mcp 0.2.0-alpha.60 → 0.2.0-alpha.66

package/dist/server.js

@@ -1702,6 +1702,14 @@ function handleSavePhaseAnswers(input) {
     let answers;
     if (input.questions && input.questions.length > 0) {
       answers = answersToManifestFormat(input.rawAnswers, input.questions);
+      if (Object.keys(answers).length === 0 && input.rawAnswers.length > 0) {
+        answers = Object.fromEntries(
+          input.rawAnswers.map((a) => [
+            a.question_header,
+            a.selected_options.length > 1 ? a.selected_options : a.selected_options[0] ?? ""
+          ])
+        );
+      }
     } else {
       answers = Object.fromEntries(
         input.rawAnswers.map((a) => [a.question_header, a.selected_options[0] ?? ""])
@@ -2285,12 +2293,13 @@ var PHASE_DEPENDENCIES = {
   // workflow states as trigger sources. Produces OpenAPI specs consumed
   // by pages and dashboard for typed data wiring.
   services: ["api", "workflow"],
-  // pages/dashboard: now also depend on services for typed endpoint wiring
-  // via the OpenAPI specs that services produces.
-  // 'api' is still transitive through 'data'; auth removed — page-otter has
-  // graceful fallback and reads role names from workflow artifacts instead
-  pages: ["designer", "theme", "data", "services"],
-  dashboard: ["designer", "theme", "data", "services"],
+  // pages/dashboard: depend on services for typed endpoint wiring (OpenAPI
+  // specs) and on geo so the specialist prompt includes geo-manifest.json
+  // — page/dashboard otters see which page slugs are already claimed and
+  // won't attempt to overwrite them (swp-73c). 'api' is still transitive
+  // through 'data'; auth removed — page-otter has graceful fallback.
+  pages: ["designer", "theme", "data", "services", "geo"],
+  dashboard: ["designer", "theme", "data", "services", "geo"],
   // auth is the penultimate phase — runs after all content-producing phases
   // so it can read pages, dashboard, workflow, and geo artifacts for route
   // protection and RBAC wiring. Skipped upstream phases still satisfy deps
@@ -3032,13 +3041,19 @@ var PHASE_ARTIFACT_SCHEMA = {
     null,
     2
   ),
+  // type: 'pki' = CAC/DoD certificate auth | 'oidc' = enterprise SSO
+  // For dev-only mock auth: use type: 'oidc' with devOnly: true (Zod strips devOnly — it's a convention only)
   auth: JSON.stringify(
     {
       version: "1.0",
       generatedBy: "stackwright-pro-auth-otter",
       authConfig: {
-        method: "<cac|oidc|oauth2|none>",
-        provider: "<azure-ad|okta|ping|cognito \u2014 if OIDC, else null>",
+        type: "<pki|oidc>",
+        // OIDC-only fields (omit for pki):
+        provider: "<azure_ad|okta|cognito|auth0|authentik|keycloak|custom>",
+        discoveryUrl: "<IdP OIDC discovery URL>",
+        clientId: "<OIDC client ID>",
+        clientSecret: "<OIDC client secret>",
         rbacRoles: ["ADMIN", "ANALYST"],
         rbacDefaultRole: "ANALYST",
         protectedRoutes: ["/dashboard/:path*", "/procurement/:path*"],
@@ -3341,6 +3356,16 @@ var OTTER_WRITE_ALLOWLISTS = {
       prefix: ".env",
       suffix: "",
       description: "Dotenv files (.env, .env.local, .env.production, etc.)"
+    },
+    {
+      prefix: "lib/mock-auth",
+      suffix: ".ts",
+      description: "Mock auth module (DEV_ONLY_MODE role updates)"
+    },
+    {
+      prefix: "package.json",
+      suffix: ".json",
+      description: "Project package.json (DEV_ONLY_MODE script cleanup)"
     }
   ],
   "stackwright-pro-data-otter": [
@@ -3379,6 +3404,16 @@ var OTTER_WRITE_ALLOWLISTS = {
     { prefix: "pages/", suffix: "/content.yml", description: "Landing page content" },
     { prefix: "pages/", suffix: "/content.yaml", description: "Landing page content" },
     { prefix: ".stackwright/artifacts/", suffix: ".json", description: "Polish artifact" }
+  ],
+  "stackwright-services-otter": [
+    { prefix: ".stackwright/artifacts/", suffix: ".json", description: "Services config artifact" },
+    { prefix: "services/", suffix: ".ts", description: "Service implementation files" },
+    { prefix: "services/", suffix: ".yaml", description: "Service flow definitions" },
+    { prefix: "services/", suffix: ".yml", description: "Service flow definitions" },
+    { prefix: "lib/seeds/", suffix: ".ts", description: "Seed data files" },
+    { prefix: "specs/", suffix: ".json", description: "Generated OpenAPI specs" },
+    { prefix: "specs/", suffix: ".yaml", description: "Generated OpenAPI specs" },
+    { prefix: "stackwright-generated/", suffix: ".json", description: "Services manifest" }
   ]
 };
 var PROTECTED_PATH_PREFIXES = [
@@ -3388,7 +3423,9 @@ var PROTECTED_PATH_PREFIXES = [
   ".stackwright/artifacts/signatures.json",
   // artifact signature manifest
   ".stackwright/questions/",
-  ".stackwright/answers/"
+  ".stackwright/answers/",
+  ".stackwright/page-registry.json"
+  // page ownership — managed by safe_write internally
 ];
 var MAX_SAFE_WRITE_BYTES_JSON = 512 * 1024;
 var MAX_SAFE_WRITE_BYTES_YAML = 256 * 1024;
@@ -3402,6 +3439,58 @@ function getMaxBytesForPath(filePath) {
     return { limit: MAX_SAFE_WRITE_BYTES_ENV, label: "env" };
   return { limit: MAX_SAFE_WRITE_BYTES_DEFAULT, label: "default" };
 }
+var PAGE_REGISTRY_FILE = ".stackwright/page-registry.json";
+function extractPageSlug(filePath) {
+  const match = (0, import_path6.normalize)(filePath).match(/^pages\/(.+?)\/content\.ya?ml$/);
+  return match?.[1] ?? null;
+}
+function extractContentTypes(yamlContent) {
+  const typePattern = /^\s*-?\s*type:\s*(\S+)/gm;
+  const types = [];
+  let m;
+  while ((m = typePattern.exec(yamlContent)) !== null) {
+    const typeName = m[1];
+    if (typeName && !types.includes(typeName)) {
+      types.push(typeName);
+    }
+  }
+  return types.length > 0 ? types : ["unknown"];
+}
+function readPageRegistry(cwd) {
+  const regPath = (0, import_path6.join)(cwd, PAGE_REGISTRY_FILE);
+  if (!(0, import_fs6.existsSync)(regPath)) return {};
+  try {
+    const stat = (0, import_fs6.lstatSync)(regPath);
+    if (stat.isSymbolicLink()) return {};
+    return JSON.parse((0, import_fs6.readFileSync)(regPath, "utf-8"));
+  } catch {
+    return {};
+  }
+}
+function writePageRegistry(cwd, registry) {
+  const dir = (0, import_path6.join)(cwd, ".stackwright");
+  (0, import_fs6.mkdirSync)(dir, { recursive: true });
+  const regPath = (0, import_path6.join)(cwd, PAGE_REGISTRY_FILE);
+  if ((0, import_fs6.existsSync)(regPath)) {
+    const stat = (0, import_fs6.lstatSync)(regPath);
+    if (stat.isSymbolicLink()) {
+      throw new Error("Refusing to write page registry through symlink");
+    }
+  }
+  (0, import_fs6.writeFileSync)(regPath, JSON.stringify(registry, null, 2) + "\n", { encoding: "utf-8" });
+}
+function checkPageOwnership(cwd, slug, callerOtter) {
+  const registry = readPageRegistry(cwd);
+  const existing = registry[slug];
+  if (!existing || existing.claimedBy === callerOtter) {
+    return { allowed: true };
+  }
+  return {
+    allowed: false,
+    owner: existing.claimedBy,
+    contentTypes: existing.contentTypes
+  };
+}
 function checkPathAllowed(callerOtter, filePath) {
   const normalized = (0, import_path6.normalize)(filePath);
   if (normalized.includes("..")) {
@@ -3443,6 +3532,16 @@ function checkPathAllowed(callerOtter, filePath) {
           continue;
         }
       }
+      if (rule.prefix === "lib/mock-auth" && rule.suffix === ".ts") {
+        if (normalized !== "lib/mock-auth.ts") {
+          continue;
+        }
+      }
+      if (rule.prefix === "package.json" && rule.suffix === ".json") {
+        if (normalized !== "package.json") {
+          continue;
+        }
+      }
       return { allowed: true, rule: rule.description };
     }
   }
@@ -3568,11 +3667,38 @@ function handleSafeWrite(input) {
     };
     return { text: JSON.stringify(result), isError: true };
   }
+  const pageSlug = extractPageSlug(normalized);
+  if (pageSlug) {
+    const ownership = checkPageOwnership(cwd, pageSlug, callerOtter);
+    if (!ownership.allowed) {
+      const result = {
+        success: false,
+        error: `Page slug "${pageSlug}" is already claimed by ${ownership.owner} (content types: ${ownership.contentTypes.join(", ")}). Use a different slug or coordinate with the owning otter.`,
+        callerOtter,
+        attemptedPath: filePath,
+        allowedPaths: []
+      };
+      return { text: JSON.stringify(result), isError: true };
+    }
+  }
   try {
     if (createDirectories) {
       (0, import_fs6.mkdirSync)((0, import_path6.dirname)(fullPath), { recursive: true });
     }
     (0, import_fs6.writeFileSync)(fullPath, content, { encoding: "utf-8" });
+    if (pageSlug) {
+      try {
+        const registry = readPageRegistry(cwd);
+        registry[pageSlug] = {
+          slug: pageSlug,
+          claimedBy: callerOtter,
+          contentTypes: extractContentTypes(content),
+          writtenAt: (/* @__PURE__ */ new Date()).toISOString()
+        };
+        writePageRegistry(cwd, registry);
+      } catch {
+      }
+    }
     const result = {
       success: true,
       path: normalized,
@@ -3839,10 +3965,232 @@ ${routeLines}
 ${auditSection}
 `;
 }
+function generateDevOnlyMiddlewareContent(method, params, roles, defaultRole, hierarchy, auditEnabled, auditRetentionDays, protectedRoutes) {
+  const rbacBlock = `  rbac: {
+    roles: ${JSON.stringify(roles)},
+    defaultRole: '${defaultRole}',
+    hierarchy: ${JSON.stringify(hierarchy, null, 4)},
+  },`;
+  const auditBlock = `  audit: {
+    enabled: ${auditEnabled},
+    retentionDays: ${auditRetentionDays},
+  },`;
+  const routesBlock = `  protectedRoutes: ${JSON.stringify(protectedRoutes)},`;
+  const configBlock = `export const config = {
+  matcher: ${JSON.stringify(protectedRoutes)},
+};`;
+  const devHeader = [
+    "// middleware.ts \u2014 generated by @stackwright-pro/auth-nextjs (dev-only mock)",
+    "//   DEV ONLY \u2014 uses mock authentication from lib/mock-auth.ts",
+    "// Do NOT deploy to production.",
+    "import { createProMiddleware } from '@stackwright-pro/auth-nextjs';",
+    "import { mockAuthProvider } from './lib/mock-auth';"
+  ].join("\n");
+  if (method === "cac") {
+    const caBundle = params.cacCaBundle ?? "./certs/dod-ca-bundle.pem";
+    const edipiLookup = params.cacEdipiLookup ?? "./config/edipi-lookup.json";
+    const ocspEndpoint = params.cacOcspEndpoint ?? "https://ocsp.disa.mil";
+    const certHeader = params.cacCertHeader ?? "X-SSL-Client-Cert";
+    return `${devHeader}
+
+export const middleware = createProMiddleware({
+  method: 'cac',
+  cac: {
+    caBundle: '${caBundle}',
+    edipiLookup: '${edipiLookup}',
+    ocspEndpoint: '${ocspEndpoint}',
+    certHeader: '${certHeader}',
+    provider: mockAuthProvider,
+  },
+${rbacBlock}
+${auditBlock}
+${routesBlock}
+});
+
+${configBlock}
+`;
+  }
+  if (method === "oidc") {
+    const scopes2 = params.oidcScopes ?? "openid profile email";
+    const roleClaim = params.oidcRoleClaim ?? "roles";
+    return `${devHeader}
+
+export const middleware = createProMiddleware({
+  method: 'oidc',
+  oidc: {
+    discoveryUrl: 'https://dev-mock-oidc/.well-known/openid-configuration',
+    clientId: 'dev-mock-client',
+    clientSecret: 'dev-mock-secret',
+    scopes: '${scopes2}',
+    roleClaim: '${roleClaim}',
+    provider: mockAuthProvider,
+  },
+${rbacBlock}
+${auditBlock}
+${routesBlock}
+});
+
+${configBlock}
+`;
+  }
+  const scopes = params.oauth2Scopes ?? "read write";
+  return `${devHeader}
+
+export const middleware = createProMiddleware({
+  method: 'oauth2',
+  oauth2: {
+    authorizationUrl: 'https://dev-mock-oauth2/authorize',
+    tokenUrl: 'https://dev-mock-oauth2/token',
+    clientId: 'dev-mock-client',
+    clientSecret: 'dev-mock-secret',
+    scopes: '${scopes}',
+    provider: mockAuthProvider,
+  },
+${rbacBlock}
+${auditBlock}
+${routesBlock}
+});
+
+${configBlock}
+`;
+}
+function generateDevOnlyYamlBlock(method, params, roles, defaultRole, hierarchy, auditEnabled, auditRetentionDays, protectedRoutes) {
+  const rbacSection = `  rbac:
+    roles:
+${rolesToYaml(roles, "      ")}
+    defaultRole: ${defaultRole}
+    hierarchy:
+${hierarchyToYaml(hierarchy, "      ")}`;
+  const auditSection = `  audit:
+    enabled: ${auditEnabled}
+    retentionDays: ${auditRetentionDays}`;
+  const routeLines = protectedRoutes.map((r) => `    - pattern: ${r}
+      requiredRole: ${defaultRole}`).join("\n");
+  const providerLine = params.provider ? `  provider: ${params.provider}
+` : "";
+  if (method === "cac") {
+    const caBundle = params.cacCaBundle ?? "./certs/dod-ca-bundle.pem";
+    const edipiLookup = params.cacEdipiLookup ?? "./config/edipi-lookup.json";
+    const ocspEndpoint = params.cacOcspEndpoint ?? "https://ocsp.disa.mil";
+    const certHeader = params.cacCertHeader ?? "X-SSL-Client-Cert";
+    return `auth:
+  method: cac
+  devOnly: true
+${providerLine}  middleware: ./middleware.ts
+  cac:
+    caBundle: ${caBundle}
+    edipiLookup: ${edipiLookup}
+    ocspEndpoint: ${ocspEndpoint}
+    certHeader: ${certHeader}
+${rbacSection}
+  protectedRoutes:
+${routeLines}
+${auditSection}
+`;
+  }
+  if (method === "oidc") {
+    const scopes2 = params.oidcScopes ?? "openid profile email";
+    const roleClaim = params.oidcRoleClaim ?? "roles";
+    return `auth:
+  method: oidc
+  devOnly: true
+${providerLine}  middleware: ./middleware.ts
+  oidc:
+    discoveryUrl: https://dev-mock-oidc/.well-known/openid-configuration
+    clientId: dev-mock-client
+    clientSecret: dev-mock-secret
+    scopes: ${scopes2}
+    roleClaim: ${roleClaim}
+${rbacSection}
+  protectedRoutes:
+${routeLines}
+${auditSection}
+`;
+  }
+  const scopes = params.oauth2Scopes ?? "read write";
+  return `auth:
+  method: oauth2
+  devOnly: true
+${providerLine}  middleware: ./middleware.ts
+  oauth2:
+    authorizationUrl: https://dev-mock-oauth2/authorize
+    tokenUrl: https://dev-mock-oauth2/token
+    clientId: dev-mock-client
+    clientSecret: dev-mock-secret
+    scopes: ${scopes}
+${rbacSection}
+  protectedRoutes:
+${routeLines}
+${auditSection}
+`;
+}
+function deriveDevKey(roleName) {
+  const segment = roleName.split("_")[0];
+  return (segment ?? roleName).toLowerCase();
+}
+function generateMockAuthContent(roles, mockUsers) {
+  const entries = [];
+  const scriptLines = [];
+  for (let i = 0; i < roles.length; i++) {
+    const role = roles[i];
+    const devKey = deriveDevKey(role);
+    const persona = mockUsers?.[i];
+    const name = persona?.name ?? `Dev ${role}`;
+    const email = persona?.email ?? `dev-${devKey}@example.mil`;
+    const edipi = String(i + 1).padStart(10, "0");
+    entries.push(`  ${devKey}: {
+    id: 'mock-${devKey}-${String(i + 1).padStart(3, "0")}',
+    name: '${name}',
+    email: '${email}',
+    roles: ['${role}'],
+    edipi: '${edipi}',
+  }`);
+    scriptLines.push(` *   pnpm dev:${devKey}   \u2014 ${name}`);
+  }
+  return `/**
+ * Mock authentication for development mode.
+ *
+ * DEV_ONLY_MODE \u2014 no real auth provider. Select a persona via MOCK_USER env var
+ * or use the convenience scripts in package.json:
+${scriptLines.join("\n")}
+ */
+
+export const MOCK_USERS = {
+${entries.join(",\n")}
+} as const;
+
+export type MockRole = keyof typeof MOCK_USERS;
+
+export function getMockUser(role?: string) {
+  const key = (role ?? process.env.MOCK_USER) as MockRole | undefined;
+  if (!key) return null;
+  return MOCK_USERS[key] ?? null;
+}
+
+export function mockAuthProvider() {
+  return getMockUser();
+}
+`;
+}
+function updatePackageJsonScripts(existingJson, roles, mockUsers) {
+  const pkg = JSON.parse(existingJson);
+  const scripts = pkg.scripts ?? {};
+  delete scripts["dev:admin"];
+  delete scripts["dev:analyst"];
+  delete scripts["dev:viewer"];
+  for (let i = 0; i < roles.length; i++) {
+    const devKey = deriveDevKey(roles[i]);
+    scripts[`dev:${devKey}`] = `MOCK_USER=${devKey} next dev`;
+  }
+  pkg.scripts = scripts;
+  return JSON.stringify(pkg, null, 2) + "\n";
+}
 async function configureAuthHandler(params, cwd) {
   const {
     method,
     provider,
+    devOnly = false,
+    mockUsers,
     rbacRoles = ["SUPER_ADMIN", "ADMIN", "ANALYST"],
     auditEnabled = true,
     auditRetentionDays = 90,
@@ -3872,7 +4220,16 @@ async function configureAuthHandler(params, cwd) {
   }
   const filesWritten = [];
   try {
-    const middlewareContent = generateMiddlewareContent(
+    const middlewareContent = devOnly ? generateDevOnlyMiddlewareContent(
+      method,
+      params,
+      roles,
+      defaultRole,
+      hierarchy,
+      auditEnabled,
+      auditRetentionDays,
+      protectedRoutes
+    ) : generateMiddlewareContent(
       method,
       params,
       roles,
@@ -3896,30 +4253,87 @@ async function configureAuthHandler(params, cwd) {
       isError: true
     };
   }
-  try {
-    const envBlock = generateEnvBlock(method, params);
-    const envPath = (0, import_path7.join)(cwd, ".env.example");
-    if ((0, import_fs7.existsSync)(envPath)) {
-      const existing = (0, import_fs7.readFileSync)(envPath, "utf8");
-      (0, import_fs7.writeFileSync)(envPath, existing.trimEnd() + "\n\n" + envBlock, "utf8");
-    } else {
-      (0, import_fs7.writeFileSync)(envPath, envBlock, "utf8");
+  if (!devOnly) {
+    try {
+      const envBlock = generateEnvBlock(method, params);
+      const envPath = (0, import_path7.join)(cwd, ".env.example");
+      if ((0, import_fs7.existsSync)(envPath)) {
+        const existing = (0, import_fs7.readFileSync)(envPath, "utf8");
+        (0, import_fs7.writeFileSync)(envPath, existing.trimEnd() + "\n\n" + envBlock, "utf8");
+      } else {
+        (0, import_fs7.writeFileSync)(envPath, envBlock, "utf8");
+      }
+      filesWritten.push(".env.example");
+    } catch (err) {
+      const msg = err instanceof Error ? err.message : String(err);
+      return {
+        content: [
+          {
+            type: "text",
+            text: JSON.stringify({ success: false, error: `Failed writing .env.example: ${msg}` })
+          }
+        ],
+        isError: true
+      };
+    }
+  }
+  if (devOnly) {
+    try {
+      const mockAuthDir = (0, import_path7.join)(cwd, "lib");
+      (0, import_fs7.mkdirSync)(mockAuthDir, { recursive: true });
+      const mockAuthContent = generateMockAuthContent(roles, mockUsers);
+      (0, import_fs7.writeFileSync)((0, import_path7.join)(mockAuthDir, "mock-auth.ts"), mockAuthContent, "utf8");
+      filesWritten.push("lib/mock-auth.ts");
+    } catch (err) {
+      const msg = err instanceof Error ? err.message : String(err);
+      return {
+        content: [
+          {
+            type: "text",
+            text: JSON.stringify({
+              success: false,
+              error: `Failed writing lib/mock-auth.ts: ${msg}`
+            })
+          }
+        ],
+        isError: true
+      };
+    }
+    try {
+      const pkgPath = (0, import_path7.join)(cwd, "package.json");
+      if ((0, import_fs7.existsSync)(pkgPath)) {
+        const existingPkg = (0, import_fs7.readFileSync)(pkgPath, "utf8");
+        const updatedPkg = updatePackageJsonScripts(existingPkg, roles, mockUsers);
+        (0, import_fs7.writeFileSync)(pkgPath, updatedPkg, "utf8");
+        filesWritten.push("package.json");
+      }
+    } catch (err) {
+      const msg = err instanceof Error ? err.message : String(err);
+      return {
+        content: [
+          {
+            type: "text",
+            text: JSON.stringify({
+              success: false,
+              error: `Failed updating package.json: ${msg}`
+            })
+          }
+        ],
+        isError: true
+      };
     }
-    filesWritten.push(".env.example");
-  } catch (err) {
-    const msg = err instanceof Error ? err.message : String(err);
-    return {
-      content: [
-        {
-          type: "text",
-          text: JSON.stringify({ success: false, error: `Failed writing .env.example: ${msg}` })
-        }
-      ],
-      isError: true
-    };
   }
   try {
-    const authYaml = generateYamlBlock(
+    const authYaml = devOnly ? generateDevOnlyYamlBlock(
+      method,
+      params,
+      roles,
+      defaultRole,
+      hierarchy,
+      auditEnabled,
+      auditRetentionDays,
+      protectedRoutes
+    ) : generateYamlBlock(
       method,
       params,
       roles,
@@ -4001,7 +4415,9 @@ function registerAuthTools(server2) {
       // Routes
       protectedRoutes: jsonCoerce(import_zod13.z.array(import_zod13.z.string()).optional()),
       // Injection for tests
-      _cwd: import_zod13.z.string().optional()
+      _cwd: import_zod13.z.string().optional(),
+      devOnly: boolCoerce(import_zod13.z.boolean().optional()),
+      mockUsers: jsonCoerce(import_zod13.z.array(import_zod13.z.object({ name: import_zod13.z.string(), email: import_zod13.z.string() })).optional())
     },
     async (params) => {
       const cwd = params._cwd ?? process.cwd();
@@ -4021,15 +4437,15 @@ var _checksums = /* @__PURE__ */ new Map([
   ],
   [
     "stackwright-pro-auth-otter.json",
-    "bf0e66e35d15ba818ba6ff1a007df34975565bacbb35cc0c80151fb1da13e573"
+    "4bf6beba7150d08c74c5f6fbbeb20e988aba52a2029ff2892615e71f6ab12ed1"
   ],
   [
     "stackwright-pro-dashboard-otter.json",
-    "f5a83b74ad7c44edc6f39b45a568fa122d82aa4788f741ce14614da56d4e29a4"
+    "9c319d311801730e8dc9bc142eebb8fc5a7f48da48fa0b8d8c3b7431652447be"
   ],
   [
     "stackwright-pro-data-otter.json",
-    "c406e1c775bcb1f2b038b40a92d9bd23172b40d774fc0fa50bad4c9714f53445"
+    "4d9369277685a4acc484116920c9622ad8a1838012a493fcfe42a6ae5abe53cf"
   ],
   [
     "stackwright-pro-designer-otter.json",
@@ -4037,23 +4453,23 @@ var _checksums = /* @__PURE__ */ new Map([
   ],
   [
     "stackwright-pro-domain-expert-otter.json",
-    "bfe5c167d73fef3f2ef280fff56dcb552073c218e1394a43ecf983a03169ed55"
+    "6055a2efc78f54a8393f628839e2a2563bf0c6de3ad32de00c82779a53381efd"
   ],
   [
     "stackwright-pro-foreman-otter.json",
-    "a3a4c6b3dde05d8bed213759b1b6644d345b3107b73624ff5654d30b98297649"
+    "ab38ef53b95ec610a38b2866d78a135cbec16d257a9b35d7e46e2fee2d4de235"
   ],
   [
     "stackwright-pro-geo-otter.json",
-    "6eb7ecf97254dbd79c09ad24348bf16001423cce9585c14bef81afd67b7b901b"
+    "9e09aaf2bb10197c6d1c05d0fd5f5f9380acc0cb697a410fcae839ffba648561"
   ],
   [
     "stackwright-pro-page-otter.json",
-    "9a5672f0758c81539337d86955e2892cd412547b4f111c2aa098eed1e62d7626"
+    "532bb7e9a25a5c832edd1ff1ea0886dd4453905d86e6f9331eb957ae5e121833"
   ],
   [
     "stackwright-pro-polish-otter.json",
-    "d31116995fdb417798af6056efd03bb1c71e0891371aba1774d283c03c9d77e8"
+    "8f284d4d6a204137cd786824fc584d5bddac1bc757204769b99ca5412cf2cea2"
   ],
   [
     "stackwright-pro-theme-otter.json",
@@ -4065,7 +4481,7 @@ var _checksums = /* @__PURE__ */ new Map([
   ],
   [
     "stackwright-services-otter.json",
-    "2a99df3e50415d027c0bc2a57f509882928bb1ae516e61dda667641ce1652ac3"
+    "4893a596d187110124f78336ee91184a51b3c8d980c455382fe481adb9b487b5"
   ]
 ]);
 Object.freeze(_checksums);
@@ -4798,7 +5214,7 @@ var package_default = {
     "test:coverage": "vitest run --coverage"
   },
   name: "@stackwright-pro/mcp",
-  version: "0.2.0-alpha.60",
+  version: "0.2.0-alpha.61",
   description: "MCP tools for Stackwright Pro - Data Explorer, Security, ISR, and Dashboard generation",
   license: "SEE LICENSE IN LICENSE",
   main: "./dist/server.js",
@@ -4854,6 +5270,15 @@ registerDomainTools(server);
 registerTypeSchemasTool(server);
 async function main() {
   const transport = new import_stdio.StdioServerTransport();
+  try {
+    const servicesRegisterPkg = "@stackwright-services/mcp/register";
+    const mod = await import(servicesRegisterPkg);
+    if (typeof mod.registerServicesTools === "function") {
+      mod.registerServicesTools(server);
+      console.error("Stackwright Services tools registered on pro MCP");
+    }
+  } catch {
+  }
   await server.connect(transport);
   console.error("Stackwright Pro MCP server running on stdio");
 }