@wcag-checkr/mcp 1.0.0-rc.340 → 1.0.0-rc.342

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@wcag-checkr/mcp",
-  "version": "1.0.0-rc.340",
+  "version": "1.0.0-rc.342",
   "private": false,
   "description": "Model Context Protocol server for wcagcheckr. Lets LLM-IDEs (Claude Code, Cursor, Continue, etc.) drive accessibility audits, verify forensic receipts, and look up tier features programmatically. Same audit engine as the Chrome extension and CI runner.",
   "license": "UNLICENSED",

package/wcagcheckr-mcp.mjs

@@ -163,6 +163,34 @@ async function auditUrl(args) {
       ],
     };
   }
+  // rc.342 — Per-feature tier gate. Hit the license validate endpoint
+  // directly to read the features blob; refuse if mcpServer is explicitly
+  // disabled. `features.mcpServer === undefined` falls through as permissive.
+  try {
+    const validateRes = await fetch(`${SERVER_BASE_URL}/v1/products/wcagcheckr/license/validate`, {
+      method: 'POST',
+      headers: { 'content-type': 'application/json' },
+      body: JSON.stringify({ token: licenseToken }),
+    });
+    if (validateRes.ok) {
+      const body = await validateRes.json();
+      if (body?.features && body.features.mcpServer === false) {
+        return {
+          isError: true,
+          content: [{
+            type: 'text',
+            text: 'wcagcheckr MCP server is not available on your current plan. Upgrade at https://wcagcheckr.com/pricing.',
+          }],
+        };
+      }
+    }
+    // Non-ok or parse failure: fall through. The CLI delegate will fail
+    // license validation itself if the token is bad; per-feature gating
+    // requires a successful validate, so a network glitch shouldn't lock
+    // out a paying customer.
+  } catch {
+    /* swallow — same fall-through rationale */
+  }
 
   return new Promise((resolveResult) => {
     const args = [