@wolpertingerlabs/drawlatch 1.0.0-alpha.4 → 1.0.0-alpha.5

package/dist/connections/{anthropic.json → ai/anthropic.json}

@@ -1,5 +1,7 @@
 {
   "name": "Anthropic API",
+  "stability": "beta",
+  "category": "ai",
   "description": "Anthropic Claude API — messages, models, and more. Auth is handled automatically via the ANTHROPIC_API_KEY environment variable. Uses x-api-key header (not Bearer token). The anthropic-version header is set to 2023-06-01.",
   "docsUrl": "https://docs.anthropic.com/en/api",
   "headers": {

package/dist/connections/{devin.json → ai/devin.json}

@@ -1,5 +1,7 @@
 {
   "name": "Devin API",
+  "stability": "dev",
+  "category": "ai",
   "description": "Devin AI API — sessions, knowledge, and machine management. Auth is handled automatically via the DEVIN_API_KEY environment variable.",
   "docsUrl": "https://docs.devin.ai/api-reference/overview",
   "headers": {

package/dist/connections/{google-ai.json → ai/google-ai.json}

@@ -1,5 +1,7 @@
 {
   "name": "Google AI (Gemini) API",
+  "stability": "stable",
+  "category": "ai",
   "description": "Google AI Gemini API — chat completions, embeddings, image generation, token counting, and more. Auth is handled automatically via the GOOGLE_AI_API_KEY environment variable. Uses x-goog-api-key header (not Bearer token). This is separate from the 'google' connection which covers Google Workspace APIs (Sheets, Drive, etc.).",
   "docsUrl": "https://ai.google.dev/api",
   "headers": {

package/dist/connections/{openai.json → ai/openai.json}

@@ -1,5 +1,7 @@
 {
   "name": "OpenAI API",
+  "stability": "beta",
+  "category": "ai",
   "description": "OpenAI API — chat completions, embeddings, images, audio, files, fine-tuning, and more. Auth is handled automatically via the OPENAI_API_KEY environment variable.",
   "docsUrl": "https://platform.openai.com/docs/api-reference",
   "openApiUrl": "https://raw.githubusercontent.com/openai/openai-openapi/master/openapi.yaml",

package/dist/connections/{openrouter.json → ai/openrouter.json}

@@ -1,5 +1,7 @@
 {
   "name": "OpenRouter API",
+  "stability": "stable",
+  "category": "ai",
   "description": "OpenRouter unified LLM API — chat completions, models, generation stats, and more. Auth is handled automatically via the OPENROUTER_API_KEY environment variable.",
   "docsUrl": "https://openrouter.ai/docs/api-reference",
   "openApiUrl": "https://openrouter.ai/openapi.json",

package/dist/connections/{github.json → developer-tools/github.json}

@@ -1,5 +1,7 @@
 {
   "name": "GitHub API",
+  "stability": "beta",
+  "category": "developer-tools",
   "description": "GitHub REST API — repositories, issues, pull requests, users, organizations, and more. Auth is handled automatically via the GITHUB_TOKEN environment variable. Includes a webhook ingestor for real-time events (push, pull_request, issues, etc.) — set GITHUB_WEBHOOK_SECRET and use poll_events to retrieve them.",
   "docsUrl": "https://docs.github.com/en/rest",
   "openApiUrl": "https://raw.githubusercontent.com/github/rest-api-description/main/descriptions/api.github.com/api.github.com.json",

package/dist/connections/{hex.json → developer-tools/hex.json}

@@ -1,5 +1,7 @@
 {
   "name": "Hex API",
+  "stability": "dev",
+  "category": "developer-tools",
   "description": "Hex API — projects, runs, users, groups, collections, and data connections. Auth is handled automatically via the HEX_TOKEN environment variable.",
   "docsUrl": "https://learn.hex.tech/docs/api/api-overview",
   "headers": {

package/dist/connections/{linear.json → developer-tools/linear.json}

@@ -1,5 +1,7 @@
 {
   "name": "Linear API",
+  "stability": "beta",
+  "category": "developer-tools",
   "description": "Linear GraphQL API — issues, projects, teams, cycles, and more. Auth is handled automatically via the LINEAR_API_KEY environment variable. All requests are GraphQL queries sent as POST to https://api.linear.app/graphql. Includes a poll ingestor that periodically fetches recently updated issues — use poll_events to retrieve them.",
   "docsUrl": "https://developers.linear.app/docs/graphql/working-with-the-graphql-api",
   "headers": {

package/dist/connections/{lichess.json → gaming/lichess.json}

@@ -1,5 +1,7 @@
 {
   "name": "Lichess API",
+  "stability": "stable",
+  "category": "gaming",
   "description": "Lichess Opening Explorer, Cloud Evaluation, and authenticated API — query master and rated game statistics by opening move sequence, get cached Stockfish engine evaluations by FEN position, and access authenticated endpoints (account info, game history, player-specific opening analysis, etc.). Set LICHESS_API_TOKEN to a personal access token for authenticated routes; public endpoints (Opening Explorer, Cloud Eval) work without it.",
   "docsUrl": "https://lichess.org/api",
   "headers": {

package/dist/connections/{discord-bot.json → messaging/discord-bot.json}

@@ -1,5 +1,7 @@
 {
   "name": "Discord Bot API",
+  "stability": "stable",
+  "category": "messaging",
   "description": "Discord Bot API (v10) — guilds, channels, messages, users, roles, and more. Auth is handled automatically via the DISCORD_BOT_TOKEN environment variable. Uses the 'Bot' authorization prefix. For OAuth2 user-scoped access, use the 'discord-oauth' connection instead. Includes a Gateway ingestor for real-time events (messages, reactions, etc.) — use poll_events to retrieve them.",
   "docsUrl": "https://discord.com/developers/docs/intro",
   "openApiUrl": "https://raw.githubusercontent.com/discord/discord-api-spec/main/specs/openapi.json",

package/dist/connections/{discord-oauth.json → messaging/discord-oauth.json}

@@ -1,5 +1,7 @@
 {
   "name": "Discord OAuth2 API",
+  "stability": "dev",
+  "category": "messaging",
   "description": "Discord OAuth2 API (v10) — user identity, guilds, connections, and other user-scoped data. Auth is handled automatically via the DISCORD_OAUTH_TOKEN environment variable (OAuth2 Bearer access token). Access is limited to the scopes the user authorized. For full bot access, use the 'discord-bot' connection instead.",
   "docsUrl": "https://discord.com/developers/docs/topics/oauth2",
   "openApiUrl": "https://raw.githubusercontent.com/discord/discord-api-spec/main/specs/openapi.json",

package/dist/connections/{slack.json → messaging/slack.json}

@@ -1,5 +1,7 @@
 {
   "name": "Slack API",
+  "stability": "stable",
+  "category": "messaging",
   "description": "Slack Web API — messages, channels, users, reactions, files, and more. Auth is handled automatically via the SLACK_BOT_TOKEN environment variable. Real-time events via Socket Mode require SLACK_APP_TOKEN.",
   "docsUrl": "https://docs.slack.dev/apis/web-api",
   "openApiUrl": "https://raw.githubusercontent.com/slackapi/slack-api-specs/master/web-api/slack_web_openapi_v2.json",

package/dist/connections/{telegram.json → messaging/telegram.json}

@@ -1,5 +1,7 @@
 {
   "name": "Telegram Bot API",
+  "stability": "beta",
+  "category": "messaging",
   "description": "Telegram Bot API — messages, chats, users, inline queries, payments, and more. Auth uses a bot token embedded in the URL path — include /bot${TELEGRAM_BOT_TOKEN}/ in your request URLs. The placeholder is resolved automatically from the route's secrets. Create a bot via @BotFather on Telegram to obtain a token. Includes a poll ingestor that fetches new updates via getUpdates — use poll_events to retrieve them.",
   "docsUrl": "https://core.telegram.org/bots/api",
   "headers": {

package/dist/connections/{google.json → productivity/google.json}

@@ -1,5 +1,7 @@
 {
   "name": "Google APIs",
+  "stability": "dev",
+  "category": "productivity",
   "description": "Google APIs — Sheets, Docs, Drive, Calendar, Gmail, and more. Auth is handled automatically via the GOOGLE_API_TOKEN environment variable (OAuth2 access token or service account token). Multiple Google API domains are allowlisted.",
   "docsUrl": "https://developers.google.com/apis-explorer",
   "headers": {

package/dist/connections/{notion.json → productivity/notion.json}

@@ -1,5 +1,7 @@
 {
   "name": "Notion API",
+  "stability": "beta",
+  "category": "productivity",
   "description": "Notion API — pages, databases, blocks, users, search, and more. Auth is handled automatically via the NOTION_API_KEY environment variable (internal integration token). The Notion-Version header is set to 2022-06-28. Includes a poll ingestor that periodically searches for recently edited pages — use poll_events to retrieve them.",
   "docsUrl": "https://developers.notion.com/reference",
   "headers": {

package/dist/connections/{stripe.json → productivity/stripe.json}

@@ -1,5 +1,7 @@
 {
   "name": "Stripe API",
+  "stability": "beta",
+  "category": "productivity",
   "description": "Stripe payments API — customers, charges, payment intents, subscriptions, invoices, and more. Auth is handled automatically via the STRIPE_SECRET_KEY environment variable. Includes a webhook ingestor for real-time events (payment_intent.succeeded, invoice.paid, etc.) — set STRIPE_WEBHOOK_SECRET and use poll_events to retrieve them. Note: Stripe uses application/x-www-form-urlencoded for request bodies, not JSON.",
   "docsUrl": "https://docs.stripe.com/api",
   "openApiUrl": "https://raw.githubusercontent.com/stripe/openapi/master/openapi/spec3.json",

package/dist/connections/{trello.json → productivity/trello.json}

@@ -1,5 +1,7 @@
 {
   "name": "Trello API",
+  "stability": "stable",
+  "category": "productivity",
   "description": "Trello boards, lists, and cards API. Authentication uses query parameters — include ?key=${TRELLO_API_KEY}&token=${TRELLO_TOKEN} in your request URLs. The placeholders are resolved automatically from the route's secrets. Includes a webhook ingestor for real-time events (card updates, list changes, board activity, etc.) — set TRELLO_API_SECRET and TRELLO_CALLBACK_URL, then use poll_events to retrieve them.",
   "docsUrl": "https://developer.atlassian.com/cloud/trello/rest/",
   "headers": {},

package/dist/connections/{bluesky.json → social-media/bluesky.json}

@@ -1,5 +1,7 @@
 {
   "name": "Bluesky API (AT Protocol)",
+  "stability": "beta",
+  "category": "social-media",
   "description": "Bluesky API via the AT Protocol — posts, feeds, profiles, notifications, social graph, and more. Auth is handled automatically via the BLUESKY_ACCESS_TOKEN environment variable (JWT Bearer token). Obtain a token by POSTing to com.atproto.server.createSession with your handle and an App Password. Tokens expire after ~2 hours — rotate externally using the refresh token. Both bsky.social (authenticated PDS) and public.api.bsky.app (public read-only API) are allowlisted. For self-hosted PDS instances, override with a custom connector. Includes a poll ingestor that fetches notifications — use poll_events to retrieve them.",
   "docsUrl": "https://docs.bsky.app/",
   "headers": {

package/dist/connections/{mastodon.json → social-media/mastodon.json}

@@ -1,5 +1,7 @@
 {
   "name": "Mastodon API",
+  "stability": "beta",
+  "category": "social-media",
   "description": "Mastodon API — statuses (toots), timelines, notifications, accounts, search, and more. Auth is handled automatically via the MASTODON_ACCESS_TOKEN environment variable (OAuth2 Bearer token from your instance's Development settings). This template targets mastodon.social — for other instances, override with a custom connector using the same auth pattern but different allowedEndpoints. Includes a poll ingestor that fetches the home timeline — use poll_events to retrieve them.",
   "docsUrl": "https://docs.joinmastodon.org/api/",
   "headers": {

package/dist/connections/{reddit.json → social-media/reddit.json}

@@ -1,5 +1,7 @@
 {
   "name": "Reddit API",
+  "stability": "beta",
+  "category": "social-media",
   "description": "Reddit API — subreddits, posts, comments, users, search, and more. Auth is handled automatically via the REDDIT_ACCESS_TOKEN environment variable (OAuth2 Bearer token). A User-Agent header is required by Reddit and set via REDDIT_USER_AGENT. Obtain an OAuth2 token by registering a 'script' app at https://www.reddit.com/prefs/apps and using the client credentials grant. Tokens expire after 1 hour — rotate externally. Includes a poll ingestor that fetches new posts from a configurable subreddit — set REDDIT_SUBREDDIT and use poll_events to retrieve them.",
   "docsUrl": "https://www.reddit.com/dev/api/",
   "headers": {

package/dist/connections/{twitch.json → social-media/twitch.json}

@@ -1,5 +1,7 @@
 {
   "name": "Twitch API",
+  "stability": "beta",
+  "category": "social-media",
   "description": "Twitch Helix API — streams, users, channels, clips, videos, chat, and more. Auth requires both a Bearer token and Client-Id header, handled automatically via TWITCH_ACCESS_TOKEN and TWITCH_CLIENT_ID environment variables. Register an application at https://dev.twitch.tv/console/apps to obtain credentials. Includes a poll ingestor that fetches followed live streams — set TWITCH_USER_ID and use poll_events to retrieve them.",
   "docsUrl": "https://dev.twitch.tv/docs/api/reference/",
   "headers": {

package/dist/connections/{x.json → social-media/x.json}

@@ -1,5 +1,7 @@
 {
   "name": "X (Twitter) API",
+  "stability": "beta",
+  "category": "social-media",
   "description": "X (formerly Twitter) API v2 — tweets, users, spaces, lists, and more. Auth is handled automatically via the X_BEARER_TOKEN environment variable (App-only Bearer token from the X Developer Portal). Both api.x.com and api.twitter.com domains are allowlisted. Includes a poll ingestor that searches recent tweets matching a configurable query — set X_SEARCH_QUERY and use poll_events to retrieve them.",
   "docsUrl": "https://developer.x.com/en/docs/x-api",
   "headers": {

package/dist/remote/server.js

@@ -253,6 +253,10 @@ const toolHandlers = {
                 info.docsUrl = route.docsUrl;
             if (route.openApiUrl)
                 info.openApiUrl = route.openApiUrl;
+            if (route.stability)
+                info.stability = route.stability;
+            if (route.category)
+                info.category = route.category;
             info.allowedEndpoints = route.allowedEndpoints;
             info.secretNames = Object.keys(route.secrets);
             info.autoHeaders = Object.keys(route.headers);

package/dist/shared/config.d.ts

@@ -30,6 +30,9 @@ export declare function getLocalKeysDir(): string;
 export declare function getRemoteKeysDir(): string;
 export declare function getPeerKeysDir(): string;
 export declare function getEnvFilePath(): string;
+/** Category grouping for built-in connection templates.
+ *  Matches the subdirectory name under src/connections/. */
+export type ConnectionCategory = 'ai' | 'developer-tools' | 'gaming' | 'messaging' | 'productivity' | 'social-media';
 /** MCP proxy (local) configuration */
 export interface ProxyConfig {
     /** Remote server URL */
@@ -64,6 +67,14 @@ export interface Route {
     /** URL to an OpenAPI / Swagger spec (JSON or YAML) for this route's API.
      *  Optional — provides more structured, agent-friendly documentation. */
     openApiUrl?: string;
+    /** Stability level of this connection: "stable", "beta", or "dev".
+     *  Defaults to "dev" if omitted. Helps agents and UIs communicate
+     *  whether a connection is production-ready, in testing, or experimental. */
+    stability?: 'stable' | 'beta' | 'dev';
+    /** Category grouping for this connection template (e.g., "ai", "messaging").
+     *  Matches the subdirectory under src/connections/. Only present on built-in
+     *  connection templates; custom connectors may omit it. */
+    category?: ConnectionCategory;
     /** Headers to inject automatically into outgoing requests for this route.
      *  These MUST NOT conflict with client-provided headers (request is rejected on conflict).
      *  Values may contain ${VAR} placeholders resolved against this route's secrets. */
@@ -106,6 +117,10 @@ export interface ResolvedRoute {
     docsUrl?: string;
     /** URL to an OpenAPI / Swagger spec for this route's API (carried from config) */
     openApiUrl?: string;
+    /** Stability level (carried from config) */
+    stability?: 'stable' | 'beta' | 'dev';
+    /** Category grouping (carried from config) */
+    category?: ConnectionCategory;
     headers: Record<string, string>;
     secrets: Record<string, string>;
     allowedEndpoints: string[];

package/dist/shared/config.js

@@ -263,6 +263,8 @@ export function resolveRoutes(routes, envOverrides) {
             ...(route.description !== undefined && { description: route.description }),
             ...(route.docsUrl !== undefined && { docsUrl: route.docsUrl }),
             ...(route.openApiUrl !== undefined && { openApiUrl: route.openApiUrl }),
+            ...(route.stability !== undefined && { stability: route.stability }),
+            ...(route.category !== undefined && { category: route.category }),
             headers: resolvedHeaders,
             secrets: resolvedSecrets,
             allowedEndpoints: route.allowedEndpoints,

package/dist/shared/connections.d.ts

@@ -2,13 +2,13 @@
  * Connection template loading.
  *
  * Connections are pre-built Route templates (JSON files) that ship with
- * the package in the connections/ directory. They provide ready-made
- * configurations for popular APIs (GitHub, Stripe, Trello, etc.).
+ * the package in the connections/ directory, organized into category
+ * subdirectories (ai/, messaging/, social-media/, etc.).
  *
  * At runtime, templates are loaded from disk relative to this module's
  * location, so they work from both src/ (dev via tsx) and dist/ (production).
  */
-import type { Route } from './config.js';
+import type { Route, ConnectionCategory } from './config.js';
 /** Metadata about a built-in connection template — used by UIs to render
  *  connection cards, form fields, and badges without parsing raw JSON. */
 export interface ConnectionTemplateInfo {
@@ -22,6 +22,10 @@ export interface ConnectionTemplateInfo {
     docsUrl?: string;
     /** URL to an OpenAPI / Swagger spec. */
     openApiUrl?: string;
+    /** Stability level: "stable", "beta", or "dev". */
+    stability: 'stable' | 'beta' | 'dev';
+    /** Category grouping (e.g., "ai", "messaging", "social-media"). */
+    category: ConnectionCategory;
     /** Secret names referenced in route headers — these are auto-injected
      *  into every request, so they must always be configured. */
     requiredSecrets: string[];
@@ -44,6 +48,8 @@ export interface ConnectionTemplateInfo {
     /** Allowlisted URL patterns (glob). */
     allowedEndpoints: string[];
 }
+/** Invalidate the cached index. Exported for testing only. */
+export declare function _resetConnectionIndex(): void;
 /**
  * Load a single connection template by name.
  *
@@ -56,8 +62,9 @@ export declare function loadConnection(name: string): Route;
 /**
  * List all available connection template names.
  *
- * Scans the connections directory for .json files and returns their
- * basenames (without extension), sorted alphabetically.
+ * Scans the connections directory (including category subdirectories) for
+ * .json files and returns their basenames (without extension), sorted
+ * alphabetically.
  */
 export declare function listAvailableConnections(): string[];
 /**

package/dist/shared/connections.js

@@ -2,8 +2,8 @@
  * Connection template loading.
  *
  * Connections are pre-built Route templates (JSON files) that ship with
- * the package in the connections/ directory. They provide ready-made
- * configurations for popular APIs (GitHub, Stripe, Trello, etc.).
+ * the package in the connections/ directory, organized into category
+ * subdirectories (ai/, messaging/, social-media/, etc.).
  *
  * At runtime, templates are loaded from disk relative to this module's
  * location, so they work from both src/ (dev via tsx) and dist/ (production).
@@ -13,6 +13,46 @@ import path from 'node:path';
 import { fileURLToPath } from 'node:url';
 /** Directory containing connection template JSON files. */
 const CONNECTIONS_DIR = path.join(path.dirname(fileURLToPath(import.meta.url)), '..', 'connections');
+// ── Lazy-cached alias→filepath index ──────────────────────────────────────
+/** Cached alias → absolute filepath index. Built lazily on first access.
+ *  Supports both flat files (connections/foo.json) and category
+ *  subdirectories (connections/ai/anthropic.json). */
+let connectionIndex = null;
+/** Build the alias→filepath index by scanning CONNECTIONS_DIR.
+ *  Files at the top level and files in one level of subdirectories are
+ *  both indexed. The alias is always the filename without .json. */
+function getConnectionIndex() {
+    if (connectionIndex)
+        return connectionIndex;
+    connectionIndex = new Map();
+    if (!fs.existsSync(CONNECTIONS_DIR))
+        return connectionIndex;
+    const entries = fs.readdirSync(CONNECTIONS_DIR, { withFileTypes: true });
+    for (const entry of entries) {
+        if (entry.isFile() && entry.name.endsWith('.json')) {
+            // Top-level JSON file (backward compat)
+            const alias = entry.name.replace(/\.json$/, '');
+            connectionIndex.set(alias, path.join(CONNECTIONS_DIR, entry.name));
+        }
+        else if (entry.isDirectory()) {
+            // Category subdirectory — scan one level deep
+            const subdir = path.join(CONNECTIONS_DIR, entry.name);
+            const subEntries = fs.readdirSync(subdir, 'utf-8');
+            for (const subFile of subEntries) {
+                if (subFile.endsWith('.json')) {
+                    const alias = subFile.replace(/\.json$/, '');
+                    connectionIndex.set(alias, path.join(subdir, subFile));
+                }
+            }
+        }
+    }
+    return connectionIndex;
+}
+/** Invalidate the cached index. Exported for testing only. */
+export function _resetConnectionIndex() {
+    connectionIndex = null;
+}
+// ── Public API ────────────────────────────────────────────────────────────
 /**
  * Load a single connection template by name.
  *
@@ -22,8 +62,9 @@ const CONNECTIONS_DIR = path.join(path.dirname(fileURLToPath(import.meta.url)),
  * @throws If the template file does not exist or contains invalid JSON.
  */
 export function loadConnection(name) {
-    const filePath = path.join(CONNECTIONS_DIR, `${name}.json`);
-    if (!fs.existsSync(filePath)) {
+    const index = getConnectionIndex();
+    const filePath = index.get(name);
+    if (!filePath) {
         const available = listAvailableConnections();
         throw new Error(`Unknown connection "${name}". Available connections: ${available.join(', ') || '(none)'}`);
     }
@@ -33,18 +74,13 @@ export function loadConnection(name) {
 /**
  * List all available connection template names.
  *
- * Scans the connections directory for .json files and returns their
- * basenames (without extension), sorted alphabetically.
+ * Scans the connections directory (including category subdirectories) for
+ * .json files and returns their basenames (without extension), sorted
+ * alphabetically.
  */
 export function listAvailableConnections() {
-    if (!fs.existsSync(CONNECTIONS_DIR)) {
-        return [];
-    }
-    return fs
-        .readdirSync(CONNECTIONS_DIR, 'utf-8')
-        .filter((f) => f.endsWith('.json'))
-        .map((f) => f.replace(/\.json$/, ''))
-        .sort();
+    const index = getConnectionIndex();
+    return [...index.keys()].sort();
 }
 // ── Template introspection ────────────────────────────────────────────────
 /** Extract ${VAR} placeholder names from a string. */
@@ -92,6 +128,8 @@ export function listConnectionTemplates() {
             ...(route.description !== undefined && { description: route.description }),
             ...(route.docsUrl !== undefined && { docsUrl: route.docsUrl }),
             ...(route.openApiUrl !== undefined && { openApiUrl: route.openApiUrl }),
+            stability: route.stability ?? 'dev',
+            category: route.category,
             requiredSecrets,
             optionalSecrets,
             hasIngestor: route.ingestor !== undefined,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@wolpertingerlabs/drawlatch",
-  "version": "1.0.0-alpha.4",
+  "version": "1.0.0-alpha.5",
   "description": "Encrypted MCP proxy with mutual authentication. Local MCP server forwards requests through an encrypted channel to a remote secrets-holding server.",
   "type": "module",
   "main": "./dist/mcp/server.js",