@yawlabs/mcph 0.44.0 → 0.45.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/CHANGELOG.md +4 -0
  2. package/dist/index.js +16 -6
  3. package/package.json +1 -1
package/CHANGELOG.md CHANGED
@@ -2,6 +2,10 @@
2
2
 
3
3
  All notable changes to `@yawlabs/mcph` are documented here. This project uses [semantic versioning](https://semver.org) and a CI-gated release flow: pushing a `vX.Y.Z` tag triggers `.github/workflows/release.yml`, which publishes to npm.
4
4
 
5
+ ## 0.45.0 — 2026-04-18
6
+
7
+ - **Clearer 401/403 errors with token fingerprint + actionable fix link** — When the backend rejects a token (`HTTP 401` revoked/malformed, `HTTP 403` accepted but scope-denied), `fetchConfig` now throws an error that names the offending token by its fingerprint (e.g., `mcp_pat_…abcd`), explains what state the token is in, and points directly at the tokens page with a concrete re-install command. Prior wording was "Invalid MCPH_TOKEN — check your token at mcp.hosting" and "Access denied — your token may have expired" — both too vague to action without pinging support. New wording is structured as three lines: cause, fix URL, and the `mcph install … --token mcp_pat_...` re-install command. Messages surface verbatim through `mcph servers`, the top-level `mcph` runtime, and anywhere else `fetchConfig` is awaited, so every user-facing rejection reads the same way.
8
+
5
9
  ## 0.44.0 — 2026-04-18
6
10
 
7
11
  - **`mcph install --list` + `mcph install --all`** — Two new modes on the install subcommand. `--list` is read-only: it enumerates every client/scope combo for the current OS and shows whether an `mcp.hosting` entry is already wired up, plus a path-per-row and a one-line summary (`N/M client scopes have mcp.hosting configured on linux`). No token, no network, no writes — just a diagnostic view that mirrors the `doctor` CLIENTS section but without the rest of doctor's noise. `--all` walks `INSTALL_TARGETS`, picks the default scope per client (user where supported, else the first non-project-dir scope, else skipped unless `--project-dir` is passed), and calls `runInstall` in a loop — so `--dry-run`, `--force`, `--skip`, and `--token` all propagate as expected. Status is aggregated into a single summary line, and the process exit code is non-zero if any sub-install failed so CI can still gate on one-shot onboarding. Works around the main drop-off during setup ("which client am I supposed to pick?") by offering both the answer (`--list`) and the sledgehammer (`--all`) from the same subcommand.
package/dist/index.js CHANGED
@@ -464,12 +464,22 @@ async function fetchConfig(apiUrl6, token6, currentVersion) {
464
464
  if (res.statusCode === 401) {
465
465
  await res.body.text().catch(() => {
466
466
  });
467
- throw new ConfigError("Invalid MCPH_TOKEN \u2014 check your token at mcp.hosting", true);
467
+ throw new ConfigError(
468
+ `Token rejected (HTTP 401) \u2014 the token ${tokenFingerprint(token6)} is invalid or revoked.
469
+ Generate a new token at https://mcp.hosting/dashboard/settings/tokens,
470
+ then re-run \`mcph install <client> --token mcp_pat_...\` or set MCPH_TOKEN.`,
471
+ true
472
+ );
468
473
  }
469
474
  if (res.statusCode === 403) {
470
475
  await res.body.text().catch(() => {
471
476
  });
472
- throw new ConfigError("Access denied \u2014 your token may have expired", true);
477
+ throw new ConfigError(
478
+ `Access denied (HTTP 403) \u2014 the token ${tokenFingerprint(token6)} was accepted but lacks permission to read this account's servers.
479
+ The account may be suspended or the token scope reduced \u2014 check
480
+ https://mcp.hosting/dashboard/settings/tokens, or reach support@mcp.hosting.`,
481
+ true
482
+ );
473
483
  }
474
484
  if (res.statusCode !== 200) {
475
485
  const body = await res.body.text().catch(() => "");
@@ -1446,7 +1456,7 @@ function selectFlakyNamespaces(entries, limit) {
1446
1456
  }
1447
1457
 
1448
1458
  // src/doctor-cmd.ts
1449
- var VERSION = true ? "0.44.0" : "dev";
1459
+ var VERSION = true ? "0.45.0" : "dev";
1450
1460
  async function runDoctor(opts = {}) {
1451
1461
  if (opts.json) return runDoctorJson(opts);
1452
1462
  const lines = [];
@@ -4734,7 +4744,7 @@ function categorizeSpawnError(err) {
4734
4744
  }
4735
4745
  async function connectToUpstream(config, onDisconnect, onListChanged) {
4736
4746
  const client = new Client(
4737
- { name: "mcph", version: true ? "0.44.0" : "dev" },
4747
+ { name: "mcph", version: true ? "0.45.0" : "dev" },
4738
4748
  { capabilities: {} }
4739
4749
  );
4740
4750
  let transport;
@@ -5215,7 +5225,7 @@ var ConnectServer = class _ConnectServer {
5215
5225
  this.apiUrl = apiUrl6;
5216
5226
  this.token = token6;
5217
5227
  this.server = new Server(
5218
- { name: "mcph", version: true ? "0.44.0" : "dev" },
5228
+ { name: "mcph", version: true ? "0.45.0" : "dev" },
5219
5229
  {
5220
5230
  capabilities: {
5221
5231
  tools: { listChanged: true },
@@ -7491,7 +7501,7 @@ ${installBlock}
7491
7501
  );
7492
7502
  process.exit(0);
7493
7503
  } else if (subcommand === "--version" || subcommand === "-V") {
7494
- process.stdout.write(`mcph ${true ? "0.44.0" : "dev"}
7504
+ process.stdout.write(`mcph ${true ? "0.45.0" : "dev"}
7495
7505
  `);
7496
7506
  process.exit(0);
7497
7507
  } else if (subcommand && !subcommand.startsWith("-")) {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@yawlabs/mcph",
3
- "version": "0.44.0",
3
+ "version": "0.45.0",
4
4
  "description": "mcp.hosting — one install, all your MCP servers, managed from the cloud",
5
5
  "license": "UNLICENSED",
6
6
  "author": "Yaw Labs <contact@yaw.sh> (https://yaw.sh)",