@utilix-tech/mcp 0.4.0 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/CHANGELOG.md ADDED
@@ -0,0 +1,19 @@
1
+ # Changelog
2
+
3
+ Full release notes for all Utilix surfaces (browser tools, REST API, SDKs, MCP server) live at [utilix.tech/changelog](https://utilix.tech/changelog). This file tracks just this package.
4
+
5
+ ## 0.4.1
6
+ - Bumped the `@utilix-tech/sdk` dependency from `^0.2.0` to `^0.3.0` to match the SDK version actually in use, closing a gap where a future tool addition could have silently pinned to a stale SDK release.
7
+ - Corrected repository/bug tracker links.
8
+
9
+ ## 0.4.0
10
+ - Added `detect_passive_voice` and `read_image_info`, bringing the total to 97 tools.
11
+
12
+ ## 0.3.1
13
+ - Fixed a duplicate tool registration (`diff_json` was registered twice, silently shadowing the richer variant). Renamed the shadowed tool to `diff_json_detailed`.
14
+
15
+ ## 0.3.0
16
+ - Expanded to 95+ tools.
17
+
18
+ ## 0.1.0
19
+ - Initial release.
package/LICENSE ADDED
@@ -0,0 +1,21 @@
1
+ MIT License
2
+
3
+ Copyright (c) 2026 Utilix
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in all
13
+ copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21
+ SOFTWARE.
package/README.md CHANGED
@@ -1,6 +1,6 @@
1
1
  # @utilix-tech/mcp
2
2
 
3
- MCP server exposing 97 developer utility tools to Claude, Cursor, VS Code Copilot, and any [Model Context Protocol](https://modelcontextprotocol.io) compatible AI assistant.
3
+ MCP server exposing 99 developer utility tools to Claude, Cursor, VS Code Copilot, and any [Model Context Protocol](https://modelcontextprotocol.io) compatible AI assistant.
4
4
 
5
5
  No API key required. All tools run locally. Requires Node.js 18 or later.
6
6
 
@@ -150,13 +150,14 @@ claude mcp add utilix -- npx -y @utilix-tech/mcp
150
150
  | `convert_bytes` | Convert between B, KB, MB, GB, TB, KiB, MiB, GiB, TiB |
151
151
  | `px_to_units` | Convert pixels to rem, em, pt, and vw |
152
152
 
153
- ### API / Network (4 tools)
153
+ ### API / Network (5 tools)
154
154
  | Tool | Description |
155
155
  |------|-------------|
156
- | `decode_jwt` | Decode a JWT header, payload, and expiry |
156
+ | `decode_jwt` | Decode a JWT: header, payload, and expiry |
157
157
  | `build_curl` | Build a cURL command from method, URL, headers, and body |
158
158
  | `curl_to_code` | Convert a cURL command to fetch, axios, Python, Go, PHP, or Ruby |
159
159
  | `cors_headers` | Generate CORS response headers for a configuration |
160
+ | `parse_har` | Parse a DevTools .har network export into requests and summary stats |
160
161
 
161
162
  ### Color (4 tools)
162
163
  | Tool | Description |
@@ -177,13 +178,14 @@ claude mcp add utilix -- npx -y @utilix-tech/mcp
177
178
  | `parse_env` | Parse a .env file and return all key-value pairs |
178
179
  | `parse_docker_image` | Parse a Docker image reference into its components |
179
180
 
180
- ### Data (4 tools)
181
+ ### Data (5 tools)
181
182
  | Tool | Description |
182
183
  |------|-------------|
183
184
  | `validate_yaml` | Validate YAML syntax |
184
185
  | `toml_to_json` | Convert TOML to JSON |
185
186
  | `xml_to_json` | Convert XML to JSON |
186
187
  | `parse_csv` | Parse a CSV string and return the data as JSON |
188
+ | `format_ndjson` | Validate and pretty-print newline-delimited JSON (NDJSON) |
187
189
 
188
190
  ### CSS (2 tools)
189
191
  | Tool | Description |
@@ -230,7 +232,7 @@ claude mcp add utilix -- npx -y @utilix-tech/mcp
230
232
  ### Image (1 tool)
231
233
  | Tool | Description |
232
234
  |------|-------------|
233
- | `read_image_info` | Read format, dimensions, bit depth, and alpha channel from image bytes no decoding required. Supports PNG, JPEG, GIF, WebP, BMP |
235
+ | `read_image_info` | Read format, dimensions, bit depth, and alpha channel from image bytes: no decoding required. Supports PNG, JPEG, GIF, WebP, BMP |
234
236
 
235
237
  ## Requirements
236
238
 
@@ -238,12 +240,12 @@ claude mcp add utilix -- npx -y @utilix-tech/mcp
238
240
 
239
241
  ## Publishing (maintainers)
240
242
 
241
- CI publishes automatically via npm Trusted Publishing (OIDC) on every push to `main` that bumps `version`. Requires npm **>=11.5.1** older versions (e.g. the npm bundled with Node 20) sign provenance but skip the OIDC auth exchange, so `npm publish` fails with a 404 as if unauthenticated.
243
+ CI publishes automatically via npm Trusted Publishing (OIDC) on every push to `main` that bumps `version`. Requires npm **>=11.5.1**: older versions (e.g. the npm bundled with Node 20) sign provenance but skip the OIDC auth exchange, so `npm publish` fails with a 404 as if unauthenticated.
242
244
 
243
245
  ## Links
244
246
 
245
- - [Utilix web app](https://utilix.tech) use these tools in the browser
246
- - [API Playground](https://utilix.tech/api) try 10 endpoints live, no signup required
247
- - [REST API docs](https://utilix.tech/docs#rest-api) 100+ endpoints at `api.utilix.tech/v1` (1,000 req/day free)
248
- - [Node.js SDK](https://www.npmjs.com/package/@utilix-tech/sdk) use in your Node.js projects
249
- - [Python SDK](https://pypi.org/project/utilix-sdk/) use in your Python projects
247
+ - [Utilix web app](https://utilix.tech): use these tools in the browser
248
+ - [API Playground](https://utilix.tech/api): try 10 endpoints live, no signup required
249
+ - [REST API docs](https://utilix.tech/docs#rest-api): 100+ endpoints at `api.utilix.tech/v1` (1,000 req/day free)
250
+ - [Node.js SDK](https://www.npmjs.com/package/@utilix-tech/sdk): use in your Node.js projects
251
+ - [Python SDK](https://pypi.org/project/utilix-sdk/): use in your Python projects
package/SECURITY.md ADDED
@@ -0,0 +1,16 @@
1
+ # Security Policy
2
+
3
+ ## Reporting a Vulnerability
4
+
5
+ If you discover a security vulnerability in this package, please report it privately rather than opening a public issue.
6
+
7
+ Email **hello@utilix.tech** with the subject line "Security report" and include:
8
+ - A description of the vulnerability and its potential impact
9
+ - Steps to reproduce, if possible
10
+ - Any suggested fix
11
+
12
+ We aim to acknowledge reports within 3 business days. Please give us a reasonable window to release a fix before disclosing publicly.
13
+
14
+ ## Supported Versions
15
+
16
+ Only the latest published version of `@utilix-tech/mcp` receives security fixes. We recommend always running the latest release (the package is invoked via `npx`, which always fetches the latest version by default).
package/dist/index.js CHANGED
@@ -393,7 +393,7 @@ server.tool(
393
393
  },
394
394
  async ({ password, hash }) => {
395
395
  const valid = await verifyPassword(password, hash);
396
- return text(valid ? "Valid \u2014 password matches hash." : "Invalid \u2014 password does not match hash.");
396
+ return text(valid ? "Valid: password matches hash." : "Invalid: password does not match hash.");
397
397
  }
398
398
  );
399
399
  server.tool(
@@ -1033,7 +1033,7 @@ server.tool(
1033
1033
  "Estimate the token count and API cost for a text string across popular LLMs (GPT-4o, Claude, Gemini, etc.).",
1034
1034
  {
1035
1035
  text: z.string().describe("Text to estimate tokens for"),
1036
- model: z.string().optional().describe("Model slug (e.g. gpt-4o, claude-sonnet-4) \u2014 omit for all models"),
1036
+ model: z.string().optional().describe("Model slug (e.g. gpt-4o, claude-sonnet-4): omit for all models"),
1037
1037
  output_tokens: z.number().int().min(0).optional().describe("Expected output tokens (defaults to same as input)")
1038
1038
  },
1039
1039
  async ({ text: text2, model, output_tokens }) => {
@@ -1113,7 +1113,7 @@ server.tool("extract_keywords", "Extract top keywords using TF-IDF scoring.", {
1113
1113
  server.tool("validate_json_schema", "Validate JSON data against a JSON Schema (Draft-07).", { data: z.unknown(), schema: z.record(z.unknown()) }, async ({ data, schema }) => {
1114
1114
  return { content: [{ type: "text", text: JSON.stringify(validateJsonSchema(data, schema), null, 2) }] };
1115
1115
  });
1116
- server.tool("diff_json_detailed", "Diff two JSON objects (parsed values, not strings) \u2014 returns a flat list of every path with its op (added/removed/changed/unchanged), plus counts.", { a: z.unknown(), b: z.unknown() }, async ({ a, b }) => {
1116
+ server.tool("diff_json_detailed", "Diff two JSON objects (parsed values, not strings): returns a flat list of every path with its op (added/removed/changed/unchanged), plus counts.", { a: z.unknown(), b: z.unknown() }, async ({ a, b }) => {
1117
1117
  return { content: [{ type: "text", text: JSON.stringify(diffJsonDetailed(a, b), null, 2) }] };
1118
1118
  });
1119
1119
  server.tool("extract_tables", "Extract HTML tables into JSON arrays with headers and rows.", { html: z.string() }, async ({ html }) => {
@@ -1140,7 +1140,7 @@ server.tool("score_relevance", "Score a passage relevance to a query (0-1 score
1140
1140
  server.tool("expand_query", "Expand a search query with synonyms and stemmed variants for better retrieval.", { query: z.string(), max_synonyms: z.number().int().min(1).max(5).default(2) }, async ({ query, max_synonyms }) => {
1141
1141
  return { content: [{ type: "text", text: JSON.stringify(expandQuery(query, max_synonyms), null, 2) }] };
1142
1142
  });
1143
- server.tool("summarize_for_llm", "Extractive summarization \u2014 pick key sentences to fit a token budget.", { text: z.string(), max_tokens: z.number().int().min(10).default(200), strategy: z.enum(["extractive", "first", "last"]).default("extractive") }, async ({ text: text2, max_tokens, strategy }) => {
1143
+ server.tool("summarize_for_llm", "Extractive summarization: pick key sentences to fit a token budget.", { text: z.string(), max_tokens: z.number().int().min(10).default(200), strategy: z.enum(["extractive", "first", "last"]).default("extractive") }, async ({ text: text2, max_tokens, strategy }) => {
1144
1144
  return { content: [{ type: "text", text: JSON.stringify(summarizeForLlm(text2, max_tokens, strategy), null, 2) }] };
1145
1145
  });
1146
1146
  var _BE_VERBS = /* @__PURE__ */ new Set(["am", "is", "are", "was", "were", "be", "been", "being"]);
@@ -1389,14 +1389,112 @@ function _readImageInfo(bytes) {
1389
1389
  }
1390
1390
  return { error: "No SOF marker found in JPEG (file may be corrupt)" };
1391
1391
  }
1392
- return { error: "Unrecognized image format \u2014 supported: PNG, JPEG, GIF, WebP, BMP" };
1392
+ return { error: "Unrecognized image format. Supported formats: PNG, JPEG, GIF, WebP, BMP" };
1393
1393
  }
1394
1394
  server.tool("detect_passive_voice", 'Heuristically flag sentences containing passive-voice constructions, e.g. "was written", "were approved by the team".', { text: z.string() }, async ({ text: text2 }) => {
1395
1395
  return { content: [{ type: "text", text: JSON.stringify(_detectPassiveVoice(text2), null, 2) }] };
1396
1396
  });
1397
- server.tool("read_image_info", "Read image format, dimensions, and color info directly from file bytes \u2014 no decoding required. Supports PNG, JPEG, GIF, WebP, BMP.", { image_base64: z.string().describe("Base64-encoded image bytes, optionally prefixed with a data: URL scheme") }, async ({ image_base64 }) => {
1397
+ server.tool("read_image_info", "Read image format, dimensions, and color info directly from file bytes: no decoding required. Supports PNG, JPEG, GIF, WebP, BMP.", { image_base64: z.string().describe("Base64-encoded image bytes, optionally prefixed with a data: URL scheme") }, async ({ image_base64 }) => {
1398
1398
  const bytes = new Uint8Array(Buffer.from(image_base64.replace(/^data:.*;base64,/, ""), "base64"));
1399
1399
  return { content: [{ type: "text", text: JSON.stringify(_readImageInfo(bytes), null, 2) }] };
1400
1400
  });
1401
+ function _parseHar(input) {
1402
+ if (!input || !input.trim()) return { error: "Input is empty" };
1403
+ let data;
1404
+ try {
1405
+ data = JSON.parse(input);
1406
+ } catch (e) {
1407
+ return { error: `Invalid JSON: ${e instanceof Error ? e.message : String(e)}` };
1408
+ }
1409
+ if (typeof data !== "object" || data === null || !("log" in data)) {
1410
+ return { error: 'Not a valid HAR file: missing "log" property' };
1411
+ }
1412
+ const log = data.log;
1413
+ if (typeof log !== "object" || log === null || !Array.isArray(log.entries)) {
1414
+ return { error: 'Not a valid HAR file: "log.entries" must be an array' };
1415
+ }
1416
+ const logObj = log;
1417
+ const entries = [];
1418
+ const methods = {};
1419
+ const statusCodes = {};
1420
+ let totalSize = 0;
1421
+ let totalTime = 0;
1422
+ let failedRequests = 0;
1423
+ for (const raw of logObj.entries) {
1424
+ if (typeof raw !== "object" || raw === null) continue;
1425
+ const e = raw;
1426
+ const request = e.request ?? {};
1427
+ const response = e.response ?? {};
1428
+ const content = response.content ?? {};
1429
+ const method = typeof request.method === "string" ? request.method : "GET";
1430
+ const url = typeof request.url === "string" ? request.url : "";
1431
+ const status = typeof response.status === "number" ? response.status : 0;
1432
+ const statusText = typeof response.statusText === "string" ? response.statusText : "";
1433
+ const httpVersion = typeof response.httpVersion === "string" ? response.httpVersion : "";
1434
+ const mimeType = typeof content.mimeType === "string" ? content.mimeType : "";
1435
+ const size = typeof content.size === "number" && content.size > 0 ? content.size : 0;
1436
+ const time = typeof e.time === "number" ? e.time : 0;
1437
+ const startedDateTime = typeof e.startedDateTime === "string" ? e.startedDateTime : "";
1438
+ entries.push({ method, url, status, statusText, httpVersion, mimeType, size, time, startedDateTime });
1439
+ methods[method] = (methods[method] ?? 0) + 1;
1440
+ if (status > 0) statusCodes[String(status)] = (statusCodes[String(status)] ?? 0) + 1;
1441
+ totalSize += size;
1442
+ totalTime += time;
1443
+ if (status === 0 || status >= 400) failedRequests++;
1444
+ }
1445
+ const totalRequests = entries.length;
1446
+ const avgTime = totalRequests > 0 ? Math.round(totalTime / totalRequests * 100) / 100 : 0;
1447
+ const creator = logObj.creator ?? {};
1448
+ return {
1449
+ version: typeof logObj.version === "string" ? logObj.version : "",
1450
+ creator: { name: typeof creator.name === "string" ? creator.name : "", version: typeof creator.version === "string" ? creator.version : "" },
1451
+ entries,
1452
+ summary: { totalRequests, totalSize, totalTime, avgTime, failedRequests, methods, statusCodes }
1453
+ };
1454
+ }
1455
+ function _validateNdjson(input) {
1456
+ const rawLines = input.split("\n");
1457
+ const lines = [];
1458
+ let validCount = 0;
1459
+ rawLines.forEach((raw, idx) => {
1460
+ if (raw.trim() === "") return;
1461
+ const lineNum = idx + 1;
1462
+ try {
1463
+ JSON.parse(raw);
1464
+ lines.push({ line: lineNum, raw, valid: true });
1465
+ validCount++;
1466
+ } catch (e) {
1467
+ lines.push({ line: lineNum, raw, valid: false, error: e instanceof Error ? e.message : String(e) });
1468
+ }
1469
+ });
1470
+ return { valid: lines.length > 0 && validCount === lines.length, totalLines: lines.length, validLines: validCount, invalidLines: lines.length - validCount, lines };
1471
+ }
1472
+ server.tool(
1473
+ "parse_har",
1474
+ "Parse a browser DevTools .har network export into a readable list of requests (method, URL, status, size, timing) plus aggregate summary stats.",
1475
+ { har: z.string().describe("Raw HAR file contents (JSON)") },
1476
+ async ({ har }) => {
1477
+ const result = _parseHar(har);
1478
+ if ("error" in result) return errText(result);
1479
+ return text(JSON.stringify(result, null, 2));
1480
+ }
1481
+ );
1482
+ server.tool(
1483
+ "format_ndjson",
1484
+ "Validate newline-delimited JSON (NDJSON/JSON Lines), report per-line errors, and pretty-print each valid line.",
1485
+ {
1486
+ input: z.string().describe("NDJSON content: one JSON value per line"),
1487
+ indent: z.number().int().default(2).describe("Spaces per indent level")
1488
+ },
1489
+ async ({ input, indent }) => {
1490
+ const validation = _validateNdjson(input);
1491
+ if (!validation.valid) {
1492
+ const firstError = validation.lines.find((l) => !l.valid);
1493
+ return errText({ error: firstError ? `Line ${firstError.line}: ${firstError.error}` : "Invalid NDJSON" });
1494
+ }
1495
+ const formatted = validation.lines.map((l) => JSON.stringify(JSON.parse(l.raw), null, indent)).join("\n");
1496
+ return text(formatted);
1497
+ }
1498
+ );
1401
1499
  var transport = new StdioServerTransport();
1402
1500
  await server.connect(transport);
package/package.json CHANGED
@@ -1,10 +1,17 @@
1
1
  {
2
2
  "name": "@utilix-tech/mcp",
3
- "version": "0.4.0",
4
- "description": "MCP server exposing 97 Utilix developer tools to Claude, Cursor, VS Code Copilot, and any MCP-compatible AI assistant.",
3
+ "version": "0.5.0",
4
+ "description": "MCP server exposing 99 Utilix developer tools to Claude, Cursor, VS Code Copilot, and any MCP-compatible AI assistant.",
5
5
  "author": "Utilix <hello@utilix.tech>",
6
6
  "license": "MIT",
7
- "homepage": "https://utilix.tech/docs",
7
+ "homepage": "https://utilix.tech/mcp",
8
+ "repository": {
9
+ "type": "git",
10
+ "url": "https://github.com/utilix-tech/utilix-mcp.git"
11
+ },
12
+ "bugs": {
13
+ "url": "https://github.com/utilix-tech/utilix-mcp/issues"
14
+ },
8
15
  "keywords": [
9
16
  "mcp",
10
17
  "model-context-protocol",
@@ -16,7 +23,10 @@
16
23
  "json",
17
24
  "encoding",
18
25
  "hashing",
19
- "utilix"
26
+ "utilix",
27
+ "ai-agent",
28
+ "llm-tools",
29
+ "stdio"
20
30
  ],
21
31
  "engines": {
22
32
  "node": ">=18"
@@ -29,7 +39,10 @@
29
39
  "files": [
30
40
  "dist",
31
41
  "smithery.yaml",
32
- "README.md"
42
+ "README.md",
43
+ "LICENSE",
44
+ "CHANGELOG.md",
45
+ "SECURITY.md"
33
46
  ],
34
47
  "scripts": {
35
48
  "build": "tsup && chmod +x dist/index.js",
@@ -40,7 +53,7 @@
40
53
  },
41
54
  "dependencies": {
42
55
  "@modelcontextprotocol/sdk": "^1.12.0",
43
- "@utilix-tech/sdk": "^0.2.0",
56
+ "@utilix-tech/sdk": "^0.3.0",
44
57
  "zod": "^3.23.0"
45
58
  },
46
59
  "devDependencies": {
package/smithery.yaml CHANGED
@@ -1,5 +1,5 @@
1
1
  name: utilix
2
- description: 70 developer utility tools for Claude, Cursor, VS Code, Windsurf, and any MCP-compatible AI assistant. Covers JSON, hashing, encoding, JWT, UUID, cron, color, SQL, regex, CSS, QR codes, and more. All tools run locally no API key required.
2
+ description: 70 developer utility tools for Claude, Cursor, VS Code, Windsurf, and any MCP-compatible AI assistant. Covers JSON, hashing, encoding, JWT, UUID, cron, color, SQL, regex, CSS, QR codes, and more. All tools run locally: no API key required.
3
3
  homepage: https://utilix.tech/mcp
4
4
  license: MIT
5
5
  repository: https://github.com/utilix-tech/utilix-mcp