@typeroll/mcp-server 0.12.0 → 0.13.0

package/README.md

@@ -96,11 +96,20 @@ the full reference + concrete operation recipes.
 - **Discovery** — `get_site`, `update_site` (name/slug/domain), `list_versions`,
   `read_site_settings`, `update_site_settings`.
 - **Pages** — list, read, batch-read, create, update (PATCH), replace
-  (PUT), batch-update, delete, clone, get-blocks, get-preview.
+  (PUT), batch-update, delete, clone, get-preview, `set_page_mode`
+  (flip between blocks/html), `convert_page_to_blocks`.
+- **Blocks (instances)** — `get_page_blocks`, `add_block`,
+  `update_block`, `move_block`, `remove_block`, `duplicate_block`,
+  `set_block_responsive`. All take a `target` (page, partial, page
+  template, or collection item-template), so one tool family edits
+  every block container.
 - **Global blocks (partials)** — list (summary mode by default), read,
   create free block, update, replace, delete, find-pages-using-block.
-- **Block types** — list, read, find-pages-using-block-type. Surface
-  for the future block editor.
+- **Block types** — list, read, create, update, delete,
+  find-pages-using-block-type, plus `.tcblocks` export/import. Custom
+  client-side JS (`script`) is honoured only when the site has enabled
+  "Allow AI to write block scripts" (a human-set portal setting) —
+  otherwise it's stripped with a warning.
 - **Collections + items** — create/update/delete the collection schema
   itself (incl. `route_template` for per-item URLs); list/read/batch-
   read/create/update/delete items.
@@ -115,7 +124,13 @@ the full reference + concrete operation recipes.
   vision model).
 - **Redirects** — list, create, delete. Plus automatic 301 on slug change.
 - **Forms** — list, read, create, update, delete, list submissions.
-- **Settings** — read + patch (scripts and custom CSS not exposed).
+  Read/create responses include `submit_token` + `submit_url` — a plain
+  `<form method="POST">` with a hidden `_token` input is a fully working
+  no-JS embed (the endpoint answers form posts with an HTML
+  confirmation page).
+- **Settings** — read + patch, including `scripts_head` /
+  `scripts_body_end` / `custom_css` (trusted because the caller holds an
+  API key; the in-portal chat AI does NOT get these).
 - **Search** — `search_pages` with substring or regex.
 - **Bulk** — `bulk_replace_text` with dry-run.
 - **Branches** — create, read, delete, merge. Branch deploys get their
@@ -138,17 +153,21 @@ The MCP server is purely an ergonomics layer on top of that.
 
 ## Security model
 
-- API keys are **site-scoped**. A key cannot read or write another site
-  in the same organization — server-side authoritative.
+- API keys are **site-scoped or org-scoped** (see "Key scopes" above) —
+  enforced server-side. A site-scoped key cannot touch any other site;
+  an org-scoped key reaches the org's own sites plus sites explicitly
+  shared into the org, with the share's permission level applied.
 - All write calls (`POST`, `PUT`, `PATCH`, `DELETE`) are **audit-logged**
   with the key prefix, IP, method, path, and status. Reads are not
   logged (cost vs. value).
 - **Rate limits**: 600 reads/min, 60 writes/min per key. 429 responses
   carry `Retry-After` headers.
 - **HTML sanitization** happens at save time on the server — `<script>`,
-  event handlers, and `javascript:` URLs are stripped. The customer's
-  `scripts_*` and `custom_css` settings are read-stripped and write-dropped
-  by the API.
+  event handlers, and `javascript:` URLs are stripped from page/partial
+  content (including `core/html` block output). The scriptable surfaces
+  (`scripts_*`, `custom_css`, block-type `script`) are deliberate
+  exceptions: the first are writable with an API key, and block-type
+  scripts additionally require the site's per-site opt-in.
 - Keys can be **revoked** at any time from the portal. Revocation takes
   effect on the next request (no in-flight requests get cancelled, but
   the next one returns 401).
@@ -158,7 +177,8 @@ The MCP server is purely an ergonomics layer on top of that.
 - Full end-to-end production setup recipe with troubleshooting:
   [docs/claude-code-mcp-setup.md](../../docs/claude-code-mcp-setup.md)
 - Agent operations briefing: [AGENTS.md](./AGENTS.md)
-- Boilerplate skills (migration, content, images, directory, redesign):
+- Boilerplate skills (site building, brand, forms, SEO, blog,
+  collections, migration, image generation, redesign, …):
   [skills/](./skills/)
 
 ## License

package/dist/index.js

@@ -15,22 +15,9 @@
 import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
 import { TyperollClient } from './client.js';
 import { runInstallSkillsCli } from './install-skills.js';
+import { resolveSiteId } from './resolve-site-id.js';
 import { buildServer } from './server.js';
 const VERSION = '0.7.12';
-async function resolveSiteId(client) {
-    const fromEnv = process.env.TYPEROLL_SITE_ID?.trim();
-    if (fromEnv)
-        return fromEnv;
-    const res = await client.rootGet('sites');
-    if (!res.sites || res.sites.length === 0) {
-        throw new Error('No sites returned for this API key. Check the key is valid.');
-    }
-    if (res.sites.length > 1) {
-        throw new Error(`This key authorises ${res.sites.length} sites; set TYPEROLL_SITE_ID to pick one. ` +
-            'Org-scoped keys span multiple sites — stdio currently binds to one at a time.');
-    }
-    return res.sites[0].id;
-}
 function bail(message) {
     console.error(`typeroll-mcp: ${message}`);
     process.exit(1);

package/dist/resolve-site-id.js

@@ -0,0 +1,29 @@
+// Discover which site a stdio invocation binds to.
+//
+// TYPEROLL_SITE_ID wins when set. Otherwise we ask GET /v1/sites: a
+// site-scoped key returns exactly one entry; an org-scoped key can return
+// many, in which case TYPEROLL_SITE_ID is required so this stdio invocation
+// maps onto one specific site.
+export async function resolveSiteId(client) {
+    const fromEnv = process.env.TYPEROLL_SITE_ID?.trim();
+    if (fromEnv)
+        return fromEnv;
+    const res = await client.rootGet('sites');
+    if (!res.sites || res.sites.length === 0) {
+        throw new Error('No sites returned for this API key. Check the key is valid.');
+    }
+    if (res.sites.length > 1) {
+        throw new Error(`This key authorises ${res.sites.length} sites; set TYPEROLL_SITE_ID to pick one. ` +
+            'Org-scoped keys span multiple sites — stdio currently binds to one at a time.');
+    }
+    // Defense in depth: portals before the /v1/sites org-key fix returned a
+    // single placeholder entry with an empty id for org-scoped keys. Binding
+    // to "" would make every subsequent call fail incomprehensibly — reject
+    // it with an actionable message instead.
+    const id = res.sites[0].id?.trim();
+    if (!id) {
+        throw new Error('The portal returned a site with an empty id (org-scoped key against an older portal). ' +
+            'Set TYPEROLL_SITE_ID to pick a site explicitly, or upgrade the portal.');
+    }
+    return id;
+}

package/dist/tools/settings.js

@@ -29,6 +29,7 @@ export const settingsTools = [
             tagline: z.string().optional(),
             logo: z.string().optional(),
             favicon: z.string().optional(),
+            apple_touch_icon: z.string().optional().describe('URL to a 180x180 PNG for iOS/Android home-screen bookmarks. Emitted as <link rel="apple-touch-icon">.'),
             default_seo_suffix: z.string().optional(),
             language: z.string().optional().describe('BCP-47 tag (e.g. "en", "sv", "en-GB"). Drives <html lang> on the rendered site.'),
             robots_txt: z.string().optional(),

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@typeroll/mcp-server",
-  "version": "0.12.0",
+  "version": "0.13.0",
   "description": "Model Context Protocol server for the Typeroll public API. Use with Claude Code or any MCP-compatible client to manage a Typeroll site.",
   "license": "MIT",
   "repository": {

package/skills/tr-brand.md

@@ -108,6 +108,24 @@ update_site_settings {
 
 Read back to confirm: `read_site_settings`.
 
+### Site icons — always propose them, never leave them empty
+
+Every site gets a favicon + apple touch icon as part of brand setup:
+
+1. **Brand assets exist** (favicon-*.png, app icon, symbol): upload the
+   right sizes via `upload_media_inline` (favicon: 32–64px PNG or SVG;
+   apple touch icon: 180×180 PNG) and set BOTH in one call:
+   `update_site_settings { "favicon": "<url>", "apple_touch_icon": "<url>" }`.
+2. **No icon assets:** derive a proposal instead of skipping — crop the
+   logo's symbol to a square and resize locally (`sips -z 180 180 in.png
+   --out icon-180.png` on macOS, or ImageMagick), or generate a simple
+   icon candidate with the imagegen lab (see `tr-imagegen`; respect the
+   style profile, no text). Upload, set, and tell the user it's a
+   proposal they can swap.
+
+A site shipping with the browser's default globe icon is a build gap —
+treat icons like the logo: part of done.
+
 ## Step 5 — Update partials to use the new palette
 
 Partials that hardcoded hex colors need updating. Fetch the header:

package/skills/tr-imagegen.md

@@ -135,7 +135,12 @@ connector in Claude Desktop, for editors who don't use Claude Code.)
 ## Pitfalls
 
 - **Never put text in generated images** (headlines, buttons) — text is
-  HTML's job; generated text renders as gibberish in non-English.
+  HTML's job; generated text renders as gibberish in non-English. And
+  models sneak text onto surfaces where it "feels natural" — jerseys,
+  signs, banners, packages — even when the prompt doesn't ask for any.
+  Forbid it explicitly in the prompt ("plain unmarked clothing, no
+  text, no letters, no numbers anywhere in the image") and make the
+  same rule part of every site's style profile.
 - **Don't commit `.env` or `images/lab/`** — both are gitignored by the
   kit convention; keep it that way.
 - **Cost discipline:** generation costs real money per image. Batch