@toolplex/client 0.1.37 → 0.1.39

package/dist/mcp-server/policy/serverPolicy.d.ts

@@ -18,10 +18,9 @@ export declare class ServerPolicy {
      */
     enforceAllowedServerPolicy(serverId: string): void;
     /**
-     * Validates that a server is not blocked before calling a tool on it.
-     * Also checks if desktop commander is enabled when calling tools on the desktop commander server.
+     * Validates that a server is allowed before calling a tool on it.
      *
-     * @throws Error if attempting to call a tool on a blocked server or if desktop commander is disabled
+     * @throws Error if attempting to call a tool on a blocked or disallowed server
      */
     enforceCallToolPolicy(serverId: string): void;
     /**

package/dist/mcp-server/policy/serverPolicy.js

@@ -37,23 +37,13 @@ export class ServerPolicy {
         }
     }
     /**
-     * Validates that a server is not blocked before calling a tool on it.
-     * Also checks if desktop commander is enabled when calling tools on the desktop commander server.
+     * Validates that a server is allowed before calling a tool on it.
      *
-     * @throws Error if attempting to call a tool on a blocked server or if desktop commander is disabled
+     * @throws Error if attempting to call a tool on a blocked or disallowed server
      */
     enforceCallToolPolicy(serverId) {
         this.enforceBlockedServerPolicy(serverId);
         this.enforceAllowedServerPolicy(serverId);
-        // Check if desktop commander is disabled and this is the desktop commander server
-        // Skip this check if the server is in the allowed list (admin explicitly approved it)
-        const allowedServers = this.clientContext.permissions.allowed_mcp_servers;
-        const isExplicitlyAllowed = allowedServers && allowedServers.includes(serverId);
-        if (!isExplicitlyAllowed &&
-            !this.clientContext.permissions.use_desktop_commander &&
-            serverId === this.clientContext.flags.desktop_commander_server_id) {
-            throw new Error("Desktop Commander is disabled for your account");
-        }
     }
     /**
      * Validates that a server can be used.

package/dist/server-manager/serverManager.js

@@ -50,6 +50,9 @@ function extractPrivateRegistryScope(args) {
  * - username: the scope without @ (e.g., "tp-user-abc123def45")
  * - password: the ToolPlex API key (tp_live_xxx or tp_test_xxx)
  *
+ * IMPORTANT: We also clear _authToken to override any expired tokens in the
+ * user's ~/.npmrc. This ensures our injected basic auth takes precedence.
+ *
  * @param scope - The scope without @ (e.g., "tp-user-abc123def45")
  * @param apiKey - The ToolPlex API key
  */
@@ -66,14 +69,24 @@ function getPrivateRegistryEnv(scope, apiKey) {
         // Set Basic auth for the registry
         // npm_config_//host/:_auth maps to //host/:_auth in .npmrc
         "npm_config_//registry.toolplex.ai/:_auth": auth,
+        // Clear any existing _authToken from user's ~/.npmrc to prevent expired tokens
+        // from taking precedence over our injected basic auth
+        "npm_config_//registry.toolplex.ai/:_authToken": "",
     };
 }
 /**
  * Get additional args to prepend for private registry packages.
  * Uses --registry flag which is more reliable than env vars with special chars.
+ *
+ * IMPORTANT: We use --userconfig=/dev/null to completely ignore the user's ~/.npmrc.
+ * This prevents expired tokens in ~/.npmrc from interfering with our injected basic auth.
  */
 function getPrivateRegistryArgs() {
-    return [`--registry=${PRIVATE_REGISTRY_URL}`];
+    return [
+        `--registry=${PRIVATE_REGISTRY_URL}`,
+        // Ignore user's ~/.npmrc to prevent expired _authToken from taking precedence
+        `--userconfig=/dev/null`,
+    ];
 }
 export class ServerManager {
     constructor() {

package/dist/src/mcp-server/policy/serverPolicy.js

@@ -37,23 +37,13 @@ export class ServerPolicy {
         }
     }
     /**
-     * Validates that a server is not blocked before calling a tool on it.
-     * Also checks if desktop commander is enabled when calling tools on the desktop commander server.
+     * Validates that a server is allowed before calling a tool on it.
      *
-     * @throws Error if attempting to call a tool on a blocked server or if desktop commander is disabled
+     * @throws Error if attempting to call a tool on a blocked or disallowed server
      */
     enforceCallToolPolicy(serverId) {
         this.enforceBlockedServerPolicy(serverId);
         this.enforceAllowedServerPolicy(serverId);
-        // Check if desktop commander is disabled and this is the desktop commander server
-        // Skip this check if the server is in the allowed list (admin explicitly approved it)
-        const allowedServers = this.clientContext.permissions.allowed_mcp_servers;
-        const isExplicitlyAllowed = allowedServers && allowedServers.includes(serverId);
-        if (!isExplicitlyAllowed &&
-            !this.clientContext.permissions.use_desktop_commander &&
-            serverId === this.clientContext.flags.desktop_commander_server_id) {
-            throw new Error("Desktop Commander is disabled for your account");
-        }
     }
     /**
      * Validates that a server can be used.

package/dist/version.d.ts

@@ -1 +1 @@
-export declare const version = "0.1.37";
+export declare const version = "0.1.39";

package/dist/version.js

@@ -1 +1 @@
-export const version = '0.1.37';
+export const version = '0.1.39';

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@toolplex/client",
-  "version": "0.1.37",
+  "version": "0.1.39",
   "author": "ToolPlex LLC",
   "license": "SEE LICENSE IN LICENSE",
   "description": "The official ToolPlex client for AI agent tool discovery and execution",