@telvok/librarian-mcp 2.4.0 → 2.4.1

package/dist/tools/library-publish.d.ts

@@ -49,7 +49,7 @@ export declare const libraryPublishTool: {
                 type: string;
                 enum: string[];
             };
-            confirm_code: {
+            confirm: {
                 type: string;
                 description: string;
             };

package/dist/tools/library-publish.js

@@ -5,9 +5,6 @@
 // ============================================================================
 import * as fs from 'fs/promises';
 import * as path from 'path';
-import * as crypto from 'crypto';
-import { execSync } from 'child_process';
-import { platform } from 'os';
 import { glob } from 'glob';
 import matter from 'gray-matter';
 import { loadApiKey } from './auth.js';
@@ -67,7 +64,7 @@ If the user says "publish my entries" — call library_publish() with NO args to
             description: { type: 'string', description: 'Book description. Only provide after user writes or approves it.' },
             tags: { type: 'array', items: { type: 'string' }, description: 'Topic tags (max 10).' },
             license: { type: 'string', enum: ['open', 'open_attributed', 'personal'] },
-            confirm_code: { type: 'string', description: 'Confirmation code from the final summary. User must type this back.' },
+            confirm: { type: 'boolean', description: 'Set to true ONLY after showing the summary to the user and they say yes.' },
         },
         required: [],
     },
@@ -267,72 +264,25 @@ If the user says "publish my entries" — call library_publish() with NO args to
             wizardState.tags = input.tags;
             wizardState.license = input.license || 'personal';
             wizardState.step = 'confirm';
-            // Generate confirmation code
-            const confirmCode = crypto.randomBytes(3).toString('hex').toUpperCase(); // 6 chars
             const priceDisplay = wizardState.pricing.type === 'open'
                 ? 'Free (download)'
                 : `$${(wizardState.pricing.price_cents / 100).toFixed(2)}/${wizardState.pricing.type === 'subscription' ? 'mo' : 'once'}`;
-            // Try native dialog on macOS
-            let confirmMethod = 'code';
-            if (platform() === 'darwin') {
-                try {
-                    const dialogText = [
-                        `Publish "${wizardState.name}" to Telvok?`,
-                        ``,
-                        `${wizardState.selectedEntries.length} entries — ${priceDisplay}`,
-                        wizardState.description ? `"${wizardState.description}"` : '',
-                        ``,
-                        `This action publishes to the marketplace.`,
-                    ].filter(Boolean).join('\\n');
-                    const result = execSync(`osascript -e 'display dialog "${dialogText}" buttons {"Cancel", "Publish"} default button "Cancel" with title "Telvok Publish"'`, { encoding: 'utf-8', timeout: 120000 });
-                    if (result.includes('Publish')) {
-                        confirmMethod = 'dialog_confirmed';
-                    }
-                }
-                catch {
-                    // User clicked Cancel or osascript failed — fall through to code method
-                    confirmMethod = 'dialog_cancelled';
-                }
-            }
-            if (confirmMethod === 'dialog_confirmed') {
-                // User confirmed via native dialog — publish immediately
-                return await executePublish(wizardState);
-            }
-            if (confirmMethod === 'dialog_cancelled') {
-                wizardState = null;
-                return {
-                    success: false,
-                    message: 'Publish cancelled. Run library_publish() to start over.',
-                };
-            }
-            // Fallback: confirmation code
-            // Store the code in wizard state for validation
-            wizardState.confirm_code = confirmCode;
             return {
                 success: true,
                 step: 'confirm',
-                message: `📋 PUBLISH SUMMARY\n\n  Name: ${wizardState.name}\n  Entries: ${wizardState.selectedEntries.length}\n  Pricing: ${priceDisplay}${wizardState.description ? `\n  Description: ${wizardState.description}` : ''}${wizardState.tags?.length ? `\n  Tags: ${wizardState.tags.join(', ')}` : ''}\n\n🔑 Confirmation code: ${confirmCode}`,
-                ask_user: `To publish, the user must type back the code: ${confirmCode}`,
+                message: `📋 PUBLISH SUMMARY\n\n  Name: ${wizardState.name}\n  Entries: ${wizardState.selectedEntries.length}\n  Pricing: ${priceDisplay}${wizardState.description ? `\n  Description: ${wizardState.description}` : ''}${wizardState.tags?.length ? `\n  Tags: ${wizardState.tags.join(', ')}` : ''}`,
+                ask_user: 'Show this summary to the user. Ask: "Publish this? (yes/no)"',
             };
         }
         // ======================================================================
-        // STEP 5: Confirm with code → Publish
+        // STEP 5: User confirms → Publish
         // ======================================================================
         if (wizardState.step === 'confirm') {
-            const stored = wizardState.confirm_code;
-            if (!input.confirm_code) {
-                return {
-                    success: false,
-                    step: 'confirm',
-                    message: 'Confirmation code required. The user must type the code shown in the summary.',
-                    ask_user: 'Please type the confirmation code to publish.',
-                };
-            }
-            if (input.confirm_code.toUpperCase() !== stored?.toUpperCase()) {
+            if (!input.confirm) {
+                wizardState = null;
                 return {
                     success: false,
-                    step: 'confirm',
-                    message: `Wrong code. Expected: ${stored}. Got: ${input.confirm_code}. Try again or run library_publish() to start over.`,
+                    message: 'Publish cancelled. Run library_publish() to start over.',
                 };
             }
             return await executePublish(wizardState);

package/dist/tools/library-unpublish.d.ts

@@ -9,7 +9,7 @@ export declare const libraryUnpublishTool: {
                 type: string;
                 description: string;
             };
-            confirm_code: {
+            confirm: {
                 type: string;
                 description: string;
             };

package/dist/tools/library-unpublish.js

@@ -1,17 +1,18 @@
 // ============================================================================
 // Marketplace Unpublish Tool
-// Two-step: preview → osascript dialog / confirmation code → delete
+// Two-step: preview → user confirms → delete
 // ============================================================================
-import * as crypto from 'crypto';
-import { execSync } from 'child_process';
-import { platform } from 'os';
 import { loadApiKey } from './auth.js';
 const TELVOK_API_URL = process.env.TELVOK_API_URL || 'https://telvok.com';
+// ============================================================================
+// Pending State — preview stores slug, expires 5 min
+// ============================================================================
+let pendingSlug = null;
+let pendingCreated = 0;
 const EXPIRY_MS = 5 * 60 * 1000;
-let pending = null;
 function clearExpired() {
-    if (pending && Date.now() - pending.created > EXPIRY_MS) {
-        pending = null;
+    if (pendingSlug && Date.now() - pendingCreated > EXPIRY_MS) {
+        pendingSlug = null;
     }
 }
 // ============================================================================
@@ -25,19 +26,16 @@ export const libraryUnpublishTool = {
 TWO-STEP FLOW:
 
 Step 1: Call with just slug. Shows book details and what will be deleted.
-On macOS, a native confirmation dialog appears — the agent CANNOT bypass it.
-On other platforms, a confirmation code is returned that the user must type back.
+Step 2: Call again with slug + confirm: true ONLY after the user says yes.
 
-Step 2 (non-macOS only): Call again with slug + confirm_code from the user.
+DO NOT set confirm: true without the user explicitly saying yes.
+Show the preview and ask "Delete this book? (yes/no)" first.
 
 RESTRICTIONS:
 - Cannot unpublish books with active purchases
 - Deletion is PERMANENT — all entries are removed from marketplace
 
-Use my_books() first to see your published books and their slugs.
-
-DO NOT decide to unpublish without the user explicitly asking.
-Show the preview details and wait for user confirmation.`,
+Use my_books() first to see your published books and their slugs.`,
     inputSchema: {
         type: 'object',
         properties: {
@@ -45,15 +43,15 @@ Show the preview details and wait for user confirmation.`,
                 type: 'string',
                 description: 'Book slug (from my_books output)',
             },
-            confirm_code: {
-                type: 'string',
-                description: 'Confirmation code from preview. User must type this back. Only needed on non-macOS.',
+            confirm: {
+                type: 'boolean',
+                description: 'Set to true ONLY after showing preview to user and they say yes.',
             },
         },
         required: ['slug'],
     },
     async handler(args) {
-        const { slug, confirm_code } = (args || {});
+        const { slug, confirm } = (args || {});
         clearExpired();
         if (!slug || typeof slug !== 'string') {
             return { success: false, message: 'slug is required. Use my_books() to see your published books.' };
@@ -63,26 +61,20 @@ Show the preview details and wait for user confirmation.`,
             return { success: false, message: 'Not authenticated. Run auth({ action: "login" }) first.' };
         }
         // ========================================================================
-        // CONFIRM STEP — user typed back the code
+        // CONFIRM STEP — user said yes
         // ========================================================================
-        if (confirm_code) {
-            if (!pending || pending.slug !== slug) {
+        if (confirm) {
+            if (pendingSlug !== slug) {
                 return {
                     success: false,
                     message: 'No pending unpublish for this slug. Call library_unpublish({ slug }) first to preview.',
                 };
             }
-            if (confirm_code.toUpperCase() !== pending.confirmCode.toUpperCase()) {
-                return {
-                    success: false,
-                    message: `Wrong code. Expected: ${pending.confirmCode}. Got: ${confirm_code}. Try again.`,
-                };
-            }
-            pending = null;
+            pendingSlug = null;
             return await executeUnpublish(slug, apiKey);
         }
         // ========================================================================
-        // PREVIEW STEP — fetch book details, show confirmation
+        // PREVIEW STEP — fetch book details, show to user
         // ========================================================================
         const res = await fetch(`${TELVOK_API_URL}/api/my-books`, {
             headers: { 'Authorization': `Bearer ${apiKey}` },
@@ -101,38 +93,13 @@ Show the preview details and wait for user confirmation.`,
         const bookName = book.name || slug;
         const entriesCount = book.entries_count || book.entry_count || 0;
         const pricing = book.pricing_type || book.pricing || 'unknown';
-        // Try native dialog on macOS
-        if (platform() === 'darwin') {
-            try {
-                const dialogText = [
-                    `Permanently unpublish "${bookName}"?`,
-                    ``,
-                    `${entriesCount} entries — ${pricing}`,
-                    ``,
-                    `This removes the book from the marketplace.`,
-                    `This action cannot be undone.`,
-                ].join('\\n');
-                const result = execSync(`osascript -e 'display dialog "${dialogText}" buttons {"Cancel", "Delete"} default button "Cancel" with title "Telvok Unpublish" with icon caution'`, { encoding: 'utf-8', timeout: 120000 });
-                if (result.includes('Delete')) {
-                    return await executeUnpublish(slug, apiKey);
-                }
-            }
-            catch {
-                // User clicked Cancel or osascript failed
-                return {
-                    success: false,
-                    message: 'Unpublish cancelled.',
-                };
-            }
-        }
-        // Fallback: confirmation code
-        const confirmCode = crypto.randomBytes(3).toString('hex').toUpperCase();
-        pending = { slug, bookName, entriesCount, pricing, confirmCode, created: Date.now() };
+        pendingSlug = slug;
+        pendingCreated = Date.now();
         return {
             success: true,
             preview: true,
-            message: `⚠️ UNPUBLISH PREVIEW\n\n  Book: ${bookName}\n  Slug: ${slug}\n  Entries: ${entriesCount}\n  Pricing: ${pricing}\n\n  This action is PERMANENT.\n\n🔑 Confirmation code: ${confirmCode}`,
-            ask_user: `To delete this book from the marketplace, the user must type back the code: ${confirmCode}`,
+            message: `⚠️ UNPUBLISH PREVIEW\n\n  Book: ${bookName}\n  Slug: ${slug}\n  Entries: ${entriesCount}\n  Pricing: ${pricing}\n\n  This action is PERMANENT.`,
+            ask_user: 'Show this to the user. Ask: "Delete this book from the marketplace? (yes/no)"',
             book: { slug, name: bookName, entries_count: entriesCount, pricing },
         };
     },

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@telvok/librarian-mcp",
-  "version": "2.4.0",
+  "version": "2.4.1",
   "description": "Knowledge capture MCP server - remember what you learn with AI",
   "type": "module",
   "main": "dist/server.js",