@withpica/mcp-server 2.11.0 → 2.23.0

package/CHANGELOG.md

@@ -11,6 +11,645 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [2.23.0] - 2026-04-19
+
+### Added
+
+- **ADR-181 Phase 1: `pica_audit_list` ported from `@withpica/mcp-server-settings`
+  (ADR-154 F6).** Closes the one trailing-gap tool from the source-merge audit —
+  every other tool the three sub-servers exposed was already registered by
+  `mcp-server`'s superset. Registered in `lib/services/mcp-scopes.ts`
+  `ADMIN_ONLY_TOOLS` alongside the team / org-profile admin operations; the
+  `mcp_audit_log` read is org-scoped and matches the existing admin posture
+  for `pica_organisation_profile` / `pica_team_list`. Landed in `54ae935d9`
+  via PR #50.
+- **ADR-181 Phase 1: bundle-size CI gate per Decision 2.** New
+  `scripts/check-mcp-bundle.ts` walks `mcp-server/dist/`, sums byte size
+  (excluding source maps), and fails if total > 210 MB (70% × Vercel's
+  300 MB serverless-function cap). Runs on every push / PR that touches
+  `mcp-server/**`, `mcp-server-shared/**`, the script, or the workflow
+  itself (`.github/workflows/mcp-bundle-size.yml`). `package.json`
+  `prepublishOnly` invokes it locally so a bloated bundle can't ship out
+  of a developer machine. Current measurement on this branch:
+  0.79 MB / 210 MB limit (0.38% of cap). Landed in `558315069` via PR #50.
+
+## [2.22.0] - 2026-04-18
+
+### Added
+
+- **ADR-174 Phase 2 item 7 follow-up: `pica_projects_attach_works` (stdio).**
+  Closes the `work_ids` FIELD_NOT_WIRED gap on `pica_projects_create` /
+  `_update`. Pre-slice the MCP tools advertised `work_ids` but the admin
+  route silently dropped it — the route redirect message already pointed
+  agents at `POST /api/admin/projects/[id]/works`, but no MCP tool
+  exposed that path. The new tool accepts
+  `{ project_id, works: [{ work_id, project_day?, notes? }...] }` and
+  attaches each item via `ProjectsResource.attachWork` with per-item
+  result reporting (`attached[]`, `skipped[]` for already-linked,
+  `failed[]` for other errors). Registered in `lib/services/mcp-scopes.ts`
+  under `write:catalog`.
+
+### Changed
+
+- **ADR-174 Phase 2 item 22: `pica_publishers_create` reshaped.** Pre-slice
+  the schema exposed only `{ name, ipi }` (2 fields) and the SDK's
+  `PublishersResource.create` hit a 404 — the admin route did not exist.
+  The companion slice 1 commit added `POST /api/admin/publishers`;
+  this slice reshapes the tool to match. All 8 audit-row-22
+  Add-candidates surfaced (`legal_name`, `country`, `isni`,
+  `publisher_type`, `wikidata_id`, `parent_publisher_id`,
+  `founded_date`, `headquarters`) plus the explicit `ipi → ipi_number`
+  rename. `parent_publisher_id` description steers agents at
+  `pica_publishers_query` to resolve the parent UUID. Required fields:
+  `name`, `ipi_number`. The route is idempotent on `ipi_number` — a
+  duplicate IPI returns the existing row with `already_existed: true`
+  instead of failing.
+
+- **ADR-174 Phase 2 items 14+15: `pica_agreements_create` / `_update`
+  reshaped to consume `AGREEMENTS_WRITE_PROPERTIES` from
+  `@withpica/mcp-utils`.** Tool schemas now advertise all 13
+  Add-candidate columns from audit rows 14+15. Tool descriptions steer
+  agents toward `counterparty_org_id` (ADR-176 first-class-party) over
+  free-text `other_party_name` — use `pica_search_all` to resolve an
+  org name to an ID. `_update` description calls out that
+  counterparty_org_id changes require the linked-org check at the
+  route layer (orgLinkingService.areLinked). No tool signature change
+  otherwise; existing fields preserved.
+
+### Route-side companion (non-package, same slice)
+
+- `app/api/admin/agreements/route.ts` POST and
+  `app/api/admin/agreements/[id]/route.ts` PATCH — phantom/unknown key
+  rejection via `AGREEMENT_POST_ALLOWED_FIELDS` /
+  `AGREEMENT_PATCH_ALLOWED_FIELDS` /
+  `AGREEMENT_WRITE_PHANTOM_REDIRECTS` in
+  `lib/services/agreements-write-constants.ts`. Pre-slice both routes
+  spread `body` straight into the Supabase insert/update — effectively
+  a wide-open write surface. Also surfaces and fixes pre-existing dark
+  code in the PATCH test file (3 tests were sending `name` and `type`
+  — phantom field names that silently dropped against `title` and
+  `agreement_type`).
+
+- `app/api/admin/publishers/route.ts` POST (NEW) — publishers had no
+  admin route at all pre-slice, so `pica_publishers_create` and the
+  SDK's `PublishersResource.create` 404'd at runtime. Slice 1
+  (0ba4d400d) adds the route with phantom/unknown-field rejection via
+  `PUBLISHERS_POST_ALLOWED_FIELDS` / `PUBLISHERS_WRITE_PHANTOM_REDIRECTS`
+  in `lib/services/publishers-write-constants.ts`, idempotent
+  deduplication by `ipi_number`, FK pre-validation on
+  `parent_publisher_id`, and server-stamped provenance.
+
+- **ADR-174 Phase 2 item 21: `pica_multimedia_create` reshaped.** Added
+  15 real-column fields that were invisible to agents pre-ADR-174:
+  `credits`, `duration_seconds`, `collection_id`, `display_order`,
+  `is_featured`, `is_published`, `venue`, `event_name`,
+  `performance_date`, `setlist_position`, `sync_side`, and the external
+  identifier set (`spotify_url`, `spotify_track_uri`, `spotify_track_id`,
+  `youtube_url`, `youtube_video_id`, `soundcloud_url`, `thumbnail_url`).
+  Description now points agents at `POST /api/admin/multimedia/upload`
+  for file uploads and `pica_multimedia_link_youtube` for the YouTube
+  enrichment flow — the generic create surface is for external-URL
+  linking and performance-context metadata.
+
+### Route-side companion (non-package, same slice)
+
+- `app/api/admin/multimedia/route.ts` POST — phantom/unknown key guard
+  via `MULTIMEDIA_POST_ALLOWED_FIELDS` /
+  `MULTIMEDIA_POST_PHANTOM_REDIRECTS` in
+  `lib/services/multimedia-write-constants.ts`. Redirects upload-flow
+  columns (s3*key, file_name, …) to `/api/admin/multimedia/upload`,
+  enrichment columns (youtube_view_count, spotify_popularity) to their
+  respective cascades, and scanner columns (virus_scan*\*) to the
+  scanner flow. Also closes a latent privilege-escalation path: pre-slice
+  the route overwrote `body.user_id` with the authenticated session's
+  id, but a caller could still _attempt_ to pass `user_id` (silently
+  overwritten). The guard now 400s on `user_id` / `organisation_id`
+  injection attempts with a clear PHANTOM_FIELD message.
+
+- **ADR-174 Phase 2 item 13: `pica_sessions_create` reshaped.** Dropped
+  `additionalProperties: true` per Decision 2. Added 6 previously-missing
+  real columns from audit row 13 as explicit Zod properties:
+  `description`, `timezone`, `is_all_day`, `location_url`, `recording_id`,
+  `status` (enum: scheduled / in_progress / completed / cancelled), plus
+  the `metadata` jsonb bag and the `participants` relational array
+  (already handled by the service but undocumented in the tool surface).
+  `recurrence_rule` deferred — the service's `CreateSessionParams` type
+  needs to accept it first (tracked in the route-guard PHANTOM_REDIRECT
+  entry).
+
+### Route-side companion (non-package, same slice)
+
+- `app/api/admin/sessions/route.ts` POST now reads `body.status` and
+  `body.metadata` (pre-slice silently dropped) and 400s on phantom /
+  unknown keys via `SESSION_POST_ALLOWED_FIELDS` /
+  `SESSION_POST_PHANTOM_REDIRECTS` in
+  `lib/services/sessions-write-constants.ts`.
+
+- **ADR-174 Phase 2 item 20: `pica_share_links_create` reshaped to
+  consume `SHARE_LINKS_WRITE_PROPERTIES` from `@withpica/mcp-utils`.**
+  Tool schema now advertises all 13 add-candidate columns from audit
+  row 20 that were previously invisible to agents (access_type,
+  allowed_person_ids, allow_comments, allow_view_collaborators,
+  allow_view_financials, notify_on_access, watermark_audio,
+  sent_to_emails, playlist_name, allow_streaming, include_all_files,
+  included_file_ids, description). Executor widened to pass every
+  caller-provided property through to the SDK / admin route — the
+  route-layer allow-list (slice 1) rejects anything outside the
+  contract. `password` remains the canonical plain-text input; the
+  route hashes to `password_hash`.
+
+- **ADR-174 Phase 2 items 16+17: `pica_agreement_types_create` / `_update`
+  reshaped to consume `AGREEMENT_TYPES_WRITE_PROPERTIES` from
+  `@withpica/mcp-utils`.** Dropped the inlined property map in favour of
+  the shared module that documents per-branch applicability. Phantom
+  fields `title`, `description`, `points_percentage`, `recoupment_terms`,
+  `rights_assigned` removed from the schema (agents sending them now fail
+  fast at the admin route guard with a `PHANTOM_FIELD` redirect pointing
+  at the canonical column or resolution path). Tool descriptions updated
+  to truthfully list the required fields per branch (template needs
+  `name` + `category` + `templateText`; producer needs `producer_id` +
+  `royalty_points` + `deliverables` + `work_id`|`recording_id`;
+  work_for_hire needs `contractor_id` + `contractor_role` + `fee_amount`
+  - `services_description` + `work_id`|`recording_id`). Tool description
+    for `_update` now calls out that PATCH on producer_agreements and
+    work_for_hire_agreements is action-only — the generic update path has
+    no live field-update surface on those two branches until a follow-up
+    slice promotes the action-based PATCH handlers to accept field
+    updates.
+
+### Added
+
+- **ADR-179 Phase 1: `pica_resolve_work` (stdio).** Outcome-shaped
+  resolver that fans a work out across every eligible enrichment source
+  in one call. Replaces the five `pica_enrich_work_*` tools' role at
+  the agent layer. Returns `applied[]` / `proposals[]` / `errors[]` /
+  `recovery_hints[]`. `isError` is set only when every source that ran
+  errored — partial failure is a non-error receipt. Credit + billing
+  gates wire through the `external_resolver_call` action key.
+- **ADR-179 Phase 2: `pica_resolve_person` (stdio).** Person-side
+  resolver mirroring `pica_resolve_work`. Sources are narrower —
+  `isni` | `musicbrainz` — covering the identity-graph cascade rules
+  (ISNI→Wikidata and MBID→Wikidata crosswalks plus their downstream
+  awards / biography enrichment). Same output shape, same isError
+  semantics, same credit-gate action key as the work resolver.
+  Registered in `lib/services/mcp-scopes.ts` under `write:people` and
+  listed in the layered-discovery `enrichment` category so
+  `pica_discover` surfaces it above the deprecated
+  `pica_people_enrich_*` pair.
+
+### Deprecated
+
+- **`pica_enrich_work_mlc`, `pica_enrich_work_musicbrainz`,
+  `pica_enrich_work_discogs`, `pica_enrich_work_spotify`,
+  `pica_enrich_work_youtube`.** All five now return
+  `TOOL_DEPRECATED` (jsonrpc code -32070) with a suggested-call
+  payload pointing at `pica_resolve_work` with the correct `sources`
+  narrowing. Tool definitions stay registered so `tools/list` and
+  `pica_tool_details` can still surface them with a migration hint for
+  one minor version — removal scheduled for the next minor after
+  ADR-179 Phase 4's publish.
+- **`pica_people_enrich_isni`, `pica_people_enrich_musicbrainz`.**
+  Both now return `TOOL_DEPRECATED` (jsonrpc code -32070) with a
+  suggested-call payload pointing at
+  `pica_resolve_person(sources: ['isni' | 'musicbrainz'])`. Tool
+  definitions stay registered until the next minor; same one-minor-
+  version deprecation window as the work-side five.
+
+### Changed
+
+- `pica_tool_details` responses for the five deprecated work tools
+  now carry a `TOOL_DEPRECATED` entry in `recovery_hints` as the first
+  item. Existing `NO_MATCH` / `MISSING_INPUT` hints are kept behind
+  it — they are dead code today but stay in the registry until tool
+  removal so downstream consumers don't see a mid-version
+  disappearance.
+- Same treatment applied to the two deprecated person tools:
+  `pica_people_enrich_isni` and `pica_people_enrich_musicbrainz` each
+  get a `TOOL_DEPRECATED` recovery hint prepended to their existing
+  `NO_MATCH` entry.
+
+## [2.22.0] — 2026-04-16
+
+### Changed
+
+- **ADR-174 Phase 2 item 10 (recording_splits): reshape
+  `pica_recording_splits_create`.** Adopts the shared
+  `RECORDING_SPLITS_WRITE_PROPERTIES` from `@withpica/mcp-utils@1.4.0`,
+  dropping `additionalProperties: true` per Decision 2. All 9 audit-
+  Keep fields now enumerated as explicit Zod properties — no phantom
+  additions, no renames. Description-level hint on `role` replaced
+  with a proper `enum` array matching the route's validRoles allow-
+  list. Schema is now byte-identical to `@withpica/mcp-server-business`
+  (both consume the shared module) — pre-slice they were independent
+  byte-divergent-risk copies.
+
+### Route-side companion (non-package, same slice)
+
+- `app/api/admin/recordings/[id]/splits/route.ts` POST — UNKNOWN_FIELD
+  guard runs before the required-field check so misspelled keys fail
+  fast with the field name. See the slice commit.
+
+## [2.21.0] — 2026-04-16
+
+### Fixed
+
+- **ADR-174 Phase 2 item 24 (team): `pica_team_update_role` now actually
+  updates role.** Pre-ADR-174 the tool was named `_update_role` but its
+  Zod schema only accepted `permissions` — the `role` field was missing
+  entirely. The admin PATCH route at `/api/admin/team/[id]` hard-
+  destructured `{ permissions }` and silently dropped every other
+  field, so even if an agent hand-crafted a call with `role` the DB
+  write would not happen. Audit row 24 flagged this as "Add `role`, or
+  rename the tool." Fixed by adding `role: string` to the MCP Zod
+  schema, widening the route to build the update object from whichever
+  of `role` / `permissions` are provided, and making the old
+  "permissions required" check accept "at least one of role or
+  permissions." `id` stays required; `role` and `permissions` are now
+  both optional but at least one must be set.
+
+### Route-side companion (non-package, same slice)
+
+- `app/api/admin/team/[id]/route.ts` PATCH — phantom/unknown key
+  rejection via `TEAM_MEMBERSHIP_PATCH_ALLOWED_FIELDS` (allow-list of
+  `permissions` + `role`), error message updated from "permissions
+  required" to "at least one of permissions or role is required", and
+  "failed to update permissions" to "failed to update team membership"
+  (now-generic — it updates role too).
+
+## [2.20.0] — 2026-04-16
+
+### Changed
+
+- **ADR-174 Phase 2 item 7 (projects): reshape `pica_projects_create` /
+  `pica_projects_update` Zod schemas.** Exposed 9 Add-candidate fields
+  from audit row 18 that were already plumbed end-to-end through the
+  route and service but invisible to agents via tool discovery:
+  `start_date`, `end_date`, `location_name`, `location_address`,
+  `location_url`, `virtual_url`, `is_open`, `max_participants`, `status`
+  (enum: draft / scheduled / active / completed / cancelled). Also
+  surfaced the route-level `generate_invite_code` flag and the
+  freeform `metadata` jsonb object. Dropped `work_ids` from both
+  schemas — the pre-ADR-174 tool advertised `work_ids` but the admin
+  POST / PATCH routes never routed it to the `project_works` junction
+  (see commit `edf890a24` for the route-side FIELD_NOT_WIRED rejection
+  and redirect message pointing at
+  `POST /api/admin/projects/[id]/works`). The `project_type`
+  description replaces the pre-ADR-174 "album, ep, compilation, single,
+  mixtape" hint (none of which are valid backend values) with the
+  actual convention: writing_camp, recording_session, production,
+  mixing, mastering, retreat, other.
+
+### Route-side companion (non-package, same slice)
+
+- `app/api/admin/projects/route.ts` POST and
+  `app/api/admin/projects/[id]/route.ts` PATCH — phantom/unknown key
+  rejection with `FIELD_NOT_WIRED` redirect for `work_ids`. See commit
+  `edf890a24`.
+
+## [2.19.0] — 2026-04-16
+
+### Added
+
+- **ADR-178: `pica_enrichment_propose` stdio tool.** New agentic write
+  tool that files enrichment proposals sourced from open-web research
+  (Audiomack, Songdata, MusicBrainz page, label portals, artist bios,
+  etc.) rather than from PICA's structured cascade. Every proposed
+  field must cite at least one source URL — `sources[].fields` arrays
+  form the trust moat, and the server rejects uncited claims with
+  `code: MISSING_SOURCE`. Source type routes the proposal as
+  `source = 'agent_research'`, `rule_id = 'agent_research'` on the
+  existing `enrichment_proposals` table (no new queue, no new review
+  tools — reuses `pica_enrichment_proposals_list` / `_apply` /
+  `_reject` from `2.10.0`).
+
+  Tool description carries ADR-178 Decision 3 language verbatim: when
+  the user is in-session, the agent asks for approval directly and
+  calls `pica_enrichment_proposal_apply` after confirmation — the
+  dashboard card is the receipt, not the workflow. This shapes agent
+  behaviour in-context without needing a new code path for "in-
+  session approval".
+
+  Wrapped in `withBillingGate` and (via
+  `@withpica/mcp-utils@1.3.0`) `withCreditGate` under the new
+  `enrichment_propose` action key. Credit gating is telemetric only
+  while ADR-162 keeps the subscription gate on; the wrap is already
+  in place so re-enabling billing doesn't need a tool-surface change.
+
+### Fixed
+
+- **ADR-178 slice 1b regression caught in smoke test:** agent-research
+  proposals whose `proposed_fields` cite columns that don't exist on
+  the target table (tempo_bpm, musical_key, producers — the Heinzmann
+  transcript's fields, not columns on `works`) used to 500 with a
+  Postgres "column does not exist" error because the service built a
+  column-scoped `SELECT` from the proposed keys. Fix snapshots the
+  full live row and builds `current_fields` from the intersection of
+  proposed keys and actual columns. Unknown keys now land as pending
+  proposals with an empty baseline instead of crashing the request.
+  Apply path for unknown-column fields is a separate open question on
+  the ADR (see Open Question 5).
+
+## [2.18.0] — 2026-04-16
+
+### Changed
+
+- **ADR-174 Phase 2 item 6: reshape `pica_credits_update` Zod schema.**
+  Dropped phantom `publisher_name` and `publisher_ipi` properties —
+  `work_credits` has no columns for either. Agents now resolve a
+  publisher name or IPI to a UUID via `pica_publishers_query` (or
+  create one via `pica_publishers_create`) and pass the result as
+  `publisher_id`. Added three audit "Add candidate" columns to the
+  per-credit-object shape: `is_primary` (boolean), `notes` (string),
+  `attestation_status` (enum: pending / attested / disputed /
+  declined). `attested_at` / `attested_by` remain service-managed.
+  Description refresh calls out `credit_type` as the canonical column
+  name stored behind the `role` alias and `writer_split_percentage`
+  behind `splits`. No required-field change — `person_id`, `role`,
+  `splits` stay required.
+
+### Route-side companion (non-package, same slice)
+
+- `app/api/admin/works/[id]/credits/route.ts` POST — phantom/unknown
+  key rejection on each `credits[i]` element with field name + index
+  in the error payload, plus a mirror-fill step that normalises
+  `role` ↔ `credit_type` and `splits` ↔ `writer_split_percentage` so
+  callers sending either spelling flow through. See commit
+  `dbfb098ae` for the server-side guard.
+
+### Not covered by this slice
+
+- `work_collaborators` (publishing-side POST at
+  `app/api/admin/works/[id]/collaborators/route.ts`) was not in the
+  ADR-174 audit — the MCP tool's `updateCollaborators` SDK hop hits
+  that route for writer/composer/lyricist/arranger roles today and
+  inherits a separate column set. Tracked as a follow-up slice.
+
+## [2.17.0] — 2026-04-16
+
+### Changed
+
+- **ADR-174 Phase 2 item 5: reshape `pica_physical_assets_create` and
+  `pica_physical_assets_update` Zod schemas.** Adopted the shared
+  `PHYSICAL_ASSETS_WRITE_PROPERTIES` from `@withpica/mcp-utils@1.2.0`,
+  dropped `additionalProperties: true` on both tools, and moved 11
+  phantom top-level fields (`current_valuation`, `valuation_currency`,
+  `valuation_source`, `valuation_date`, `valuation_notes`,
+  `reverb_listing_url`, `ebay_item_url`, `insured`,
+  `insurance_provider`, `insurance_policy_number`, `insurance_coverage`)
+  off the top-level surface. Agents set these via
+  `external_references: { current_valuation: 1500, insurer: "ACME", ... }`
+  per the ADR-174 Open Decision 1 (2026-04-14) resolution. Two fields
+  were renamed at the jsonb layer: `insurance_provider → insurer`,
+  `insurance_coverage → insured_value`. `asset_type`, `condition`,
+  `acquisition_method`, `license_type`, and `status` gained proper
+  `enum` arrays matching the underlying `physical_assets_*_check` CHECK
+  constraints — pre-reshape they were loose strings with the enum
+  hinted in the description (so callers could pass `studio_equipment`
+  at the MCP layer and get a 500 from the CHECK constraint at the DB
+  layer).
+- **No description lie.** Both tool descriptions now explicitly name
+  `external_references` as the home for valuation/insurance/DSP URL
+  details rather than the pre-ADR-174 "tracks … valuation, photos,
+  insurance, and status" claim that the schema couldn't honour.
+
+### Route-side companion (non-package, same slice)
+
+- `app/api/admin/assets/route.ts` POST and
+  `app/api/admin/assets/[id]/route.ts` PATCH — phantom/unknown key
+  rejection with redirect messages (400 + `PHANTOM_FIELD` /
+  `UNKNOWN_FIELD` error codes). See commit `ced46b889` for the
+  server-side guard.
+
+## [2.16.0] — 2026-04-15
+
+### Added
+
+- **ADR-173: five release-track tools.** Closes the gap flagged by two
+  independent external MCP reviewers on 2026-04-14 ("release layer looks
+  shallow"). New tools on the stdio transport:
+  - `pica_releases_attach_track` — attach a recording and/or work at a
+    specific `(disc_number, track_number)`. Idempotent on position.
+    At least one of `recording_id` / `work_id` is required.
+  - `pica_releases_list_tracks` — list tracks in `(disc, track)` order
+    with inlined title/artist/ISRC/duration from the linked recording
+    and work.
+  - `pica_releases_detach_track` — soft-confirmation detach by position
+    (preview without `confirm:true`, delete with).
+  - `pica_releases_reorder_tracks` — transactional positional reorder
+    via the `reorder_release_tracks_atomic` Postgres RPC. Rejects
+    duplicate positions in the payload before any DB write.
+  - `pica_releases_attach_recording_with_work` — compound workflow that
+    auto-pulls the recording's linked work onto the new track row.
+
+### Changed
+
+- **`pica_works_inspect` and `pica_recordings_inspect` gain a `releases`
+  section.** Lazy (only fetched when requested). Returns every release
+  the entity appears on with its track position. Answers "which albums
+  is this master on?" in one call — previously unanswerable via MCP.
+
+### Fixed
+
+- **`pica_releases_list_tracks` 500 on every call.** Pre-merge E2E
+  caught two latent bugs in the `listTracks` service query: a missing
+  FK `release_tracks.recording_id → recordings(id)` (PostgREST could
+  not resolve the `recording:recordings(...)` embed) and a
+  `duration_seconds` column reference where the live column is
+  `duration_ms`. Fixed in migration
+  `20260415_01_adr173_fix_release_tracks_recording_fk.sql` +
+  a rename in `lib/services/releases.ts`. The migration also NULLs 85
+  orphan `recording_id` values on production left behind by the
+  2026-04-04 soundslikefez duplicate-works cleanup.
+
+### Note on version number
+
+This release would have been `2.15.0` per the original ADR-173
+implementation record, but `2.15.0` was taken on `develop` by the
+ADR-174 Phase 2 item 4 slice while the ADR-173 fix commits were in
+flight. Bumped to `2.16.0` to keep the published package timeline
+linear.
+
+## [2.15.0] — 2026-04-15
+
+### Changed
+
+- **ADR-174 Phase 2 item 4: `pica_people_create` / `pica_people_update`
+  schema reconciliation.** Introduced `PEOPLE_WRITE_PROPERTIES` as the
+  canonical source of truth for the people write surface — every
+  property maps to a real column on either `public.people` or
+  `public.person_enrichment`. `additionalProperties: true` is off;
+  unknown keys 400 at the HTTP layer (see develop commit
+  `fbea9e2a3`).
+- **Satellite-routing made explicit.** Eleven fields remain in the
+  schema but their descriptions now name `person_enrichment` as the
+  write target: external identifiers (`isni`, `musicbrainz_id`,
+  `wikidata_id`, `discogs_artist_id`, `deezer_artist_id`) and
+  biographical data (`date_of_birth`, `gender`, `nationality`,
+  `birth_place`, `instruments`, `career_start_year`). The service
+  fans these out through `syncPersonEnrichmentSatellite`. Correction
+  to the original audit (row 7) landed in ADR-174's Corrections
+  block: six of these fields were classified as "Remove — no column
+  on people", which missed the satellite hop. They are not phantom
+  writes, and subsequent slices must audit satellite write paths
+  before classifying any field as phantom.
+- **Twelve add-candidates surfaced** (audit row 7 "Missing writable
+  columns"): `middle_name`, `person_type`, `company`, `position`,
+  `territory`, `social_media`, `emails`, `pro_name`,
+  `pro_member_number`, `mcps_member_number`, `relationship_strength`,
+  `email_preferences`. All verified against `public.people` columns
+  2026-04-15 (project `fwgcmjhlwevdnxgqmkmh`).
+- **Deprecated duplicates rejected.** `type` (deprecated dup of
+  `person_type`) and `role` (deprecated singular of `roles`) are
+  now 400 PHANTOM_FIELD with a redirect message naming the canonical
+  column. Both DB columns still exist as unused dead space —
+  removing them is out of scope and scheduled for ADR-165-style
+  cleanup.
+- **Description lies removed.** The audit (row 8) flagged
+  `pica_people_update` description as "Additional fields are also
+  accepted" with no enumeration. That sentence is gone from both
+  `create` and `update` descriptions.
+
+### Breaking
+
+- Callers that were passing the deprecated `type` / `role`
+  duplicates now get a 400 with a redirect hint — previously the
+  keys were silently dropped by the ORM. Same failure-mode calculus
+  as the works / recordings slices — the writes were already
+  failing, now they fail visibly.
+- Callers that were passing arbitrary unlisted keys now get a 400 —
+  previously `additionalProperties: true` let them through and the
+  ORM dropped them silently. Zero rows observed in `people.metadata`
+  jsonb for any of the pre-existing phantom keys (verified during
+  ADR-174 Phase 1 2026-04-14).
+
+## [2.14.0] — 2026-04-14
+
+### Changed
+
+- **ADR-174 Phase 2: `pica_recordings_create` / `pica_recordings_update`
+  schema reconciliation.** Introduced `RECORDING_WRITE_PROPERTIES` as
+  the canonical source of truth for the recordings write surface —
+  every property maps to a real column on `public.recordings`. Added
+  thirteen fields the DB exposes that the tool was hiding:
+  `duration_ms`, `preview_url`, `album_art_url`, `spotify_url`,
+  `spotify_track_uri`, `spotify_track_id`, `youtube_video_id`,
+  `youtube_url`, `apple_music_url`, `deezer_track_id`,
+  `mlc_recording_id`, `mlc_song_code`, `isrc_prefix`. The
+  `version_type` field is now enum-restricted to the ADR-166 values
+  (`master`, `alternate_master`, `music_video`, `lyric_video`,
+  `live_performance`, `acoustic`, `remix`, `cover`, `alternate`),
+  matching the `recordings_version_type_check` DB constraint.
+- **`pica_recordings_create` default `version_type` changed from
+  `"original"` to `"master"`.** Pre-fix the executor defaulted to
+  `"original"`, which is not a valid version_type — every call without
+  an explicit type tripped the recording-type CHECK constraint and
+  surfaced as a 500 from the service. `"master"` is the DB-level
+  default and the canonical ADR-166 value.
+- **Title rename made explicit.** `recording_title` is the canonical
+  column on `public.recordings`. The tool keeps `title` as an input
+  alias for ergonomics; the schema now declares both fields with the
+  rename called out in their descriptions, instead of relying on
+  `additionalProperties: true` to hide the translation.
+- Tool descriptions now steer album metadata (`album_name`,
+  `album_release_date`, `upc`, `track_number`) to
+  `pica_releases_create/update`, ISWCs to `pica_works_create/update`,
+  and label metadata to `pica_releases_*.label_organization_id` via
+  `pica_labels_query`. `duration_seconds` is explicitly named as the
+  works convention; `recordings` carries `duration_ms`.
+
+### Removed
+
+- **ADR-174 Phase 2: seven phantom fields rejected on
+  `pica_recordings_create` / `pica_recordings_update`.** The Zod schema
+  no longer accepts them and `additionalProperties: true` is gone:
+  `album_name`, `album_release_date`, `upc`, `track_number`, `label`,
+  `duration_seconds`, `iswc` — none of these corresponded to columns on
+  `recordings`. The HTTP route at `POST/PATCH /api/admin/recordings[/id]`
+  now 400s on any of these keys with a redirect message naming the
+  correct tool (commit `cffa6f947`).
+
+## [2.13.1] — 2026-04-14
+
+### Changed
+
+- **ADR-174 Phase 2: `pica_works_bulk_update.updates` schema gated on
+  `WORK_WRITE_PROPERTIES`.** The bulk tool was the last write-path
+  surface that still accepted any key — `updates: { type: "object" }`
+  with no property list (audit row 25). Now validates against the same
+  canonical schema as `pica_works_update`: phantom keys (label, upc,
+  album_name, …) and arbitrary unlisted keys fail fast with a
+  descriptive `VALIDATION_ERROR` before the SDK is called. One bad key
+  invalidates the whole batch — no partial writes.
+
+## [2.13.0] — 2026-04-14
+
+### Changed
+
+- **ADR-174 Phase 2: `pica_works_create` / `pica_works_update` schema
+  reconciliation.** Introduced `WORK_WRITE_PROPERTIES` as the canonical
+  source of truth for the works write surface — every property maps to
+  a real column on `public.works`. Added five fields the DB exposes
+  that the tool was hiding: `tempo`, `key`, `display_artist`,
+  `published`, `tunecode`. Tool descriptions now steer album/release
+  metadata (`album_name`, `album_art_url`, `track_number`, `upc`,
+  `spotify_url`) to `pica_releases_create/update` and label metadata to
+  `pica_releases_*.label_organization_id` via `pica_labels_query`.
+
+### Removed
+
+- **ADR-174 Phase 2: seven phantom fields removed from
+  `pica_works_create` / `pica_works_update`.** `label`, `spotify_url`,
+  `album_name`, `album_release_date`, `album_art_url`, `track_number`,
+  `upc` — none of these corresponded to columns on `works`. The HTTP
+  route at `POST/PATCH /api/admin/works[/id]` now 400s on any of these
+  keys with a redirect message naming the correct tool (commit
+  `9d68b16b1`). Previously they routed silently into the
+  `work_album_metadata` / `work_spotify_data` satellites that ADR-165
+  marked as dead — a write succeeded but no reader could find the
+  value.
+- **ADR-174 Phase 2: `additionalProperties: true` removed from both
+  works write schemas.** The tool no longer silently accepts arbitrary
+  keys; unknown keys surface as validation errors. Description lies
+  about `available_for_licensing`, `vocal_type`, `energy`,
+  `danceability` also removed — those fields live on satellite tables
+  and are not exposed through MCP.
+
+## [2.12.0] — 2026-04-14
+
+### Added
+
+- **ADR-174 Phase 2: `pica_labels_query` tool** — read-only resolution of
+  label names to `organisations.id`. Returns label organisations
+  (`org_type='label'`) whose name or display_name matches the substring
+  query, for use as `releases.label_organization_id` via
+  `pica_releases_create` / `pica_releases_update`. `query` and `limit`
+  both optional; limit defaults to 50, max 100. Category: catalog.
+  Annotations: `readOnlyHint: true`.
+
+### Changed
+
+- **ADR-174 Phase 2: `pica_releases_create` / `pica_releases_update`
+  schema reconciliation.** Input schemas now expose the nine ADR-174
+  Decision 3 fields that `releases` actually stores:
+  `label_organization_id`, `distributor_organization_id`,
+  `pre_release_date`, `artwork_url`, `spotify_album_uri`, `spotify_url`,
+  `apple_music_url`, `other_urls`, `notes`. Tool descriptions now
+  direct agents to call `pica_labels_query` (new) or `pica_search_all`
+  to resolve a label/distributor name to an organisation ID before
+  writing.
+
+### Removed
+
+- **ADR-174 Phase 2: freetext `label` removed from
+  `pica_releases_create` / `pica_releases_update`.** The field never
+  corresponded to a real column on `releases` — the DB models labels
+  via `label_organization_id` FK. Agents must now resolve a label name
+  to an organisation ID (via `pica_labels_query`) instead of passing a
+  string. Pre-fix behaviour: tool schema accepted `label`, service
+  propagated it to the DB, the DB rejected it as `42703 column does not
+exist`, every call 500'd. No working integrations could have relied
+  on this — the change is strictly a fix, not a break.
+
 ## [2.11.0] — 2026-04-13
 
 ### Changed
@@ -31,7 +670,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
   `audit-credits`, `new-catalog-setup`, `register-my-works`,
   `prepare-for-sync`. Functionality folded into new skills —
   see design spec for mapping.
-
   - `workspace-autopilot` now routes through the full journey sequence
     (identity → catalog → audio → gaps → collaborators → ownership →
     notifications → exports) instead of the old 5-condition router.

package/dist/config.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAWA,MAAM,WAAW,YAAY;IAC3B,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,OAAO,CAAC;IACf,SAAS,EAAE,OAAO,CAAC;IACnB,eAAe,EAAE,MAAM,CAAC;IACxB,aAAa,EAAE,OAAO,CAAC;CACxB;AAED,wBAAgB,UAAU,IAAI,YAAY,CA8CzC;AAED,wBAAgB,cAAc,CAAC,MAAM,EAAE,YAAY,GAAG,IAAI,CAWzD"}
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAWA,MAAM,WAAW,YAAY;IAC3B,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,OAAO,CAAC;IACf,SAAS,EAAE,OAAO,CAAC;IACnB,eAAe,EAAE,MAAM,CAAC;IACxB,aAAa,EAAE,OAAO,CAAC;CACxB;AAED,wBAAgB,UAAU,IAAI,YAAY,CA+CzC;AAED,wBAAgB,cAAc,CAAC,MAAM,EAAE,YAAY,GAAG,IAAI,CAWzD"}

package/dist/config.js

@@ -35,8 +35,9 @@ export function loadConfig() {
         // in the MCP `initialize` handshake response under `serverInfo.version`,
         // which is what clients display in their connector UIs. Drift from
         // package.json was caught 2026-04-08 — banner read 2.5.0 long after
-        // npm was on 2.6.1.
-        version: "2.6.2",
+        // npm was on 2.6.1. Caught again 2026-04-19 during ADR-181 Phase 2 —
+        // banner read 2.6.2 long after npm was on 2.22.0; fixed here.
+        version: "2.23.0",
         debug,
         lobbyMode,
         credentialsPath,