@toolplex/client 0.1.35 → 0.1.37

package/dist/mcp-server/policy/serverPolicy.js

@@ -46,7 +46,11 @@ export class ServerPolicy {
         this.enforceBlockedServerPolicy(serverId);
         this.enforceAllowedServerPolicy(serverId);
         // Check if desktop commander is disabled and this is the desktop commander server
-        if (!this.clientContext.permissions.use_desktop_commander &&
+        // Skip this check if the server is in the allowed list (admin explicitly approved it)
+        const allowedServers = this.clientContext.permissions.allowed_mcp_servers;
+        const isExplicitlyAllowed = allowedServers && allowedServers.includes(serverId);
+        if (!isExplicitlyAllowed &&
+            !this.clientContext.permissions.use_desktop_commander &&
             serverId === this.clientContext.flags.desktop_commander_server_id) {
             throw new Error("Desktop Commander is disabled for your account");
         }

package/dist/mcp-server/toolHandlers/initHandler.js

@@ -172,6 +172,22 @@ export async function handleInitialize(params) {
                 .replace("{ALLOWED_MCP_SERVERS}", clientContext.permissions.allowed_mcp_servers.join(", ")),
         });
     }
+    // For org users with no tools approved yet, add explicit message
+    if (clientContext.isOrgUser && allSucceeded.length === 0) {
+        result.content.push({
+            type: "text",
+            text: "IMPORTANT: No tools have been approved for this organization yet. You cannot use any tools until an admin approves them. Do NOT hallucinate or make up tool capabilities - simply inform the user that no tools are currently available and they should contact their admin.",
+        });
+    }
+    // Add custom prompt / agent instructions for org users
+    if (clientContext.permissions.custom_prompt) {
+        result.content.push({
+            type: "text",
+            text: "ORGANIZATION INSTRUCTIONS:\n" +
+                "The following instructions have been set by your organization's administrator. Follow these guidelines:\n\n" +
+                clientContext.permissions.custom_prompt,
+        });
+    }
     result.content.push({
         type: "text",
         text: "Your Most Recently Used Playbooks:\n" +

package/dist/mcp-server/toolplexApi/service.d.ts

@@ -22,7 +22,7 @@ export declare class ToolplexApiService {
     }>): Promise<LogTelemetryBatchResponse>;
     lookupEntity(entityType: "server" | "playbook" | "feedback", entityId: string, includeReadme?: boolean): Promise<any>;
     search(query: string, expandedKeywords?: string[], filter?: string, size?: number, scope?: string): Promise<SearchResponse>;
-    createPlaybook(playbook_name: string, description: string, actions: Array<PlaybookAction>, domain?: string, keywords?: string[], requirements?: string[], privacy?: "public" | "private", sourcePlaybookId?: string, forkReason?: string): Promise<CreatePlaybookResponse>;
+    createPlaybook(playbook_name: string, description: string, actions: Array<PlaybookAction>, domain?: string, keywords?: string[], requirements?: string[], privacy?: "public" | "private" | "organization", sourcePlaybookId?: string, forkReason?: string): Promise<CreatePlaybookResponse>;
     logPlaybookUsage(playbookId: string, success: boolean, errorMessage?: string): Promise<LogPlaybookUsageResponse>;
     submitFeedback(targetType: "server" | "playbook", targetId: string, vote: "up" | "down", message?: string, securityAssessment?: SecurityAssessment): Promise<SubmitFeedbackResponse>;
     getFeedbackSummary(): Promise<FeedbackSummaryResponse>;

package/dist/mcp-server/toolplexApi/types.d.ts

@@ -5,6 +5,7 @@ export interface ClientPermissions {
     use_desktop_commander: boolean;
     enable_read_only_mode: boolean;
     allowed_mcp_servers?: string[];
+    custom_prompt?: string;
 }
 export interface ClientFlags {
     desktop_commander_server_id: string;
@@ -53,7 +54,7 @@ export interface CreatePlaybookRequest {
     domain?: string;
     keywords?: string[];
     requirements?: string[];
-    privacy?: "public" | "private";
+    privacy?: "public" | "private" | "organization";
     source_playbook_id?: string;
     fork_reason?: string;
 }

package/dist/shared/mcpServerTypes.d.ts

@@ -336,7 +336,7 @@ export declare const SavePlaybookParamsSchema: z.ZodObject<{
     domain: z.ZodOptional<z.ZodString>;
     keywords: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
     requirements: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
-    privacy: z.ZodOptional<z.ZodEnum<["public", "private"]>>;
+    privacy: z.ZodOptional<z.ZodEnum<["public", "private", "organization"]>>;
     source_playbook_id: z.ZodOptional<z.ZodString>;
     fork_reason: z.ZodOptional<z.ZodString>;
     validate_only: z.ZodOptional<z.ZodBoolean>;
@@ -354,7 +354,7 @@ export declare const SavePlaybookParamsSchema: z.ZodObject<{
     domain?: string | undefined;
     keywords?: string[] | undefined;
     requirements?: string[] | undefined;
-    privacy?: "public" | "private" | undefined;
+    privacy?: "public" | "private" | "organization" | undefined;
     source_playbook_id?: string | undefined;
     fork_reason?: string | undefined;
     validate_only?: boolean | undefined;
@@ -372,7 +372,7 @@ export declare const SavePlaybookParamsSchema: z.ZodObject<{
     domain?: string | undefined;
     keywords?: string[] | undefined;
     requirements?: string[] | undefined;
-    privacy?: "public" | "private" | undefined;
+    privacy?: "public" | "private" | "organization" | undefined;
     source_playbook_id?: string | undefined;
     fork_reason?: string | undefined;
     validate_only?: boolean | undefined;

package/dist/shared/mcpServerTypes.js

@@ -125,7 +125,7 @@ export const SavePlaybookParamsSchema = z.object({
     domain: z.string().optional(),
     keywords: z.array(z.string()).optional(),
     requirements: z.array(z.string()).optional(),
-    privacy: z.enum(["public", "private"]).optional(),
+    privacy: z.enum(["public", "private", "organization"]).optional(),
     source_playbook_id: z.string().optional(),
     fork_reason: z.string().optional(),
     // Internal parameter for validation-only mode (not exposed to agent in tool definition)

package/dist/src/mcp-server/policy/serverPolicy.js

@@ -46,7 +46,11 @@ export class ServerPolicy {
         this.enforceBlockedServerPolicy(serverId);
         this.enforceAllowedServerPolicy(serverId);
         // Check if desktop commander is disabled and this is the desktop commander server
-        if (!this.clientContext.permissions.use_desktop_commander &&
+        // Skip this check if the server is in the allowed list (admin explicitly approved it)
+        const allowedServers = this.clientContext.permissions.allowed_mcp_servers;
+        const isExplicitlyAllowed = allowedServers && allowedServers.includes(serverId);
+        if (!isExplicitlyAllowed &&
+            !this.clientContext.permissions.use_desktop_commander &&
             serverId === this.clientContext.flags.desktop_commander_server_id) {
             throw new Error("Desktop Commander is disabled for your account");
         }

package/dist/src/mcp-server/toolHandlers/initHandler.js

@@ -172,6 +172,22 @@ export async function handleInitialize(params) {
                 .replace("{ALLOWED_MCP_SERVERS}", clientContext.permissions.allowed_mcp_servers.join(", ")),
         });
     }
+    // For org users with no tools approved yet, add explicit message
+    if (clientContext.isOrgUser && allSucceeded.length === 0) {
+        result.content.push({
+            type: "text",
+            text: "IMPORTANT: No tools have been approved for this organization yet. You cannot use any tools until an admin approves them. Do NOT hallucinate or make up tool capabilities - simply inform the user that no tools are currently available and they should contact their admin.",
+        });
+    }
+    // Add custom prompt / agent instructions for org users
+    if (clientContext.permissions.custom_prompt) {
+        result.content.push({
+            type: "text",
+            text: "ORGANIZATION INSTRUCTIONS:\n" +
+                "The following instructions have been set by your organization's administrator. Follow these guidelines:\n\n" +
+                clientContext.permissions.custom_prompt,
+        });
+    }
     result.content.push({
         type: "text",
         text: "Your Most Recently Used Playbooks:\n" +

package/dist/src/shared/mcpServerTypes.js

@@ -125,7 +125,7 @@ export const SavePlaybookParamsSchema = z.object({
     domain: z.string().optional(),
     keywords: z.array(z.string()).optional(),
     requirements: z.array(z.string()).optional(),
-    privacy: z.enum(["public", "private"]).optional(),
+    privacy: z.enum(["public", "private", "organization"]).optional(),
     source_playbook_id: z.string().optional(),
     fork_reason: z.string().optional(),
     // Internal parameter for validation-only mode (not exposed to agent in tool definition)

package/dist/version.d.ts

@@ -1 +1 @@
-export declare const version = "0.1.35";
+export declare const version = "0.1.37";

package/dist/version.js

@@ -1 +1 @@
-export const version = '0.1.35';
+export const version = '0.1.37';

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@toolplex/client",
-  "version": "0.1.35",
+  "version": "0.1.37",
   "author": "ToolPlex LLC",
   "license": "SEE LICENSE IN LICENSE",
   "description": "The official ToolPlex client for AI agent tool discovery and execution",