@yawlabs/mcph 0.47.3 → 0.47.5

package/dist/index.js

@@ -292,11 +292,11 @@ async function readConfigAt(path5, scope, warnings) {
       `${path5}: schema version ${version} is newer than this mcph (${CURRENT_SCHEMA_VERSION}); upgrade with \`npm i -g @yawlabs/mcph@latest\`. Loading best-effort.`
     );
   }
-  const token5 = typeof obj.token === "string" && obj.token.length > 0 ? obj.token : void 0;
+  const token6 = typeof obj.token === "string" && obj.token.length > 0 ? obj.token : void 0;
   const apiBase = typeof obj.apiBase === "string" && obj.apiBase.length > 0 ? obj.apiBase : void 0;
   const servers = Array.isArray(obj.servers) ? obj.servers.filter((v) => typeof v === "string") : void 0;
   const blocked = Array.isArray(obj.blocked) ? obj.blocked.filter((v) => typeof v === "string") : void 0;
-  if (token5) {
+  if (token6) {
     if (scope === "project") {
       warnings.push(
         `${path5}: 'token' should not appear in a project-shared file. Move it to ${CONFIG_DIRNAME}/${LOCAL_CONFIG_FILENAME} (gitignored) or ~/${CONFIG_DIRNAME}/${CONFIG_FILENAME}.`
@@ -304,7 +304,7 @@ async function readConfigAt(path5, scope, warnings) {
     }
     await checkPermissions(path5, warnings);
   }
-  return { path: path5, scope, version, token: token5, apiBase, servers, blocked };
+  return { path: path5, scope, version, token: token6, apiBase, servers, blocked };
 }
 async function checkPermissions(path5, warnings) {
   if (process.platform === "win32") return;
@@ -361,16 +361,16 @@ async function loadMcphConfig(opts = {}) {
   if (project) loadedFiles.push(project);
   const global = await readConfigAt(globalPath, "global", warnings);
   if (global) loadedFiles.push(global);
-  let token5 = null;
+  let token6 = null;
   let tokenSource = "missing";
   if (typeof env.MCPH_TOKEN === "string" && env.MCPH_TOKEN.length > 0) {
-    token5 = env.MCPH_TOKEN;
+    token6 = env.MCPH_TOKEN;
     tokenSource = "env";
   } else if (local?.token) {
-    token5 = local.token;
+    token6 = local.token;
     tokenSource = "local";
   } else if (global?.token) {
-    token5 = global.token;
+    token6 = global.token;
     tokenSource = "global";
   }
   let apiBase = DEFAULT_API_BASE;
@@ -389,7 +389,7 @@ async function loadMcphConfig(opts = {}) {
     apiBaseSource = "global";
   }
   return {
-    token: token5,
+    token: token6,
     tokenSource,
     apiBase,
     apiBaseSource,
@@ -400,10 +400,10 @@ async function loadMcphConfig(opts = {}) {
     warnings
   };
 }
-function tokenFingerprint(token5) {
-  if (!token5) return "(none)";
-  if (token5.length <= 8) return `***${token5.slice(-2)}`;
-  return `${token5.slice(0, 8)}\u2026${token5.slice(-4)}`;
+function tokenFingerprint(token6) {
+  if (!token6) return "(none)";
+  if (token6.length <= 8) return `***${token6.slice(-2)}`;
+  return `${token6.slice(0, 8)}\u2026${token6.slice(-4)}`;
 }
 function toProfile(config) {
   if (config.servers === void 0 && config.blocked === void 0) return null;
@@ -442,10 +442,10 @@ function profileAllows(profile, namespace) {
 
 // src/config.ts
 import { request } from "undici";
-async function fetchConfig(apiUrl5, token5, currentVersion) {
-  const url = `${apiUrl5.replace(/\/$/, "")}/api/connect/config`;
+async function fetchConfig(apiUrl6, token6, currentVersion) {
+  const url = `${apiUrl6.replace(/\/$/, "")}/api/connect/config`;
   const headers = {
-    Authorization: `Bearer ${token5}`,
+    Authorization: `Bearer ${token6}`,
     Accept: "application/json"
   };
   if (currentVersion) {
@@ -466,7 +466,7 @@ async function fetchConfig(apiUrl5, token5, currentVersion) {
     await res.body.text().catch(() => {
     });
     throw new ConfigError(
-      `Token rejected (HTTP 401) \u2014 the token ${tokenFingerprint(token5)} is invalid or revoked.
+      `Token rejected (HTTP 401) \u2014 the token ${tokenFingerprint(token6)} is invalid or revoked.
   Generate a new token at https://mcp.hosting/dashboard/settings/tokens,
   then re-run \`mcph install <client> --token mcp_pat_...\` or set MCPH_TOKEN.`,
       true
@@ -476,7 +476,7 @@ async function fetchConfig(apiUrl5, token5, currentVersion) {
     await res.body.text().catch(() => {
     });
     throw new ConfigError(
-      `Access denied (HTTP 403) \u2014 the token ${tokenFingerprint(token5)} was accepted but lacks permission to read this account's servers.
+      `Access denied (HTTP 403) \u2014 the token ${tokenFingerprint(token6)} was accepted but lacks permission to read this account's servers.
   The account may be suspended or the token scope reduced \u2014 check
   https://mcp.hosting/dashboard/settings/tokens, or reach support@mcp.hosting.`,
       true
@@ -900,12 +900,12 @@ async function runComplianceCommand(argv) {
     );
     return 1;
   }
-  const apiUrl5 = process.env.MCPH_URL ?? "https://mcp.hosting";
+  const apiUrl6 = process.env.MCPH_URL ?? "https://mcp.hosting";
   const report = await runTest(args);
   if (!report) return 1;
   printSummary(report);
   if (publish) {
-    const result = await publishReport(apiUrl5, report);
+    const result = await publishReport(apiUrl6, report);
     if (!result) return 1;
     process.stdout.write(`
 Published: ${result.reportUrl}
@@ -965,9 +965,9 @@ Target: ${url}
 `
   );
 }
-async function publishReport(apiUrl5, report) {
+async function publishReport(apiUrl6, report) {
   try {
-    const res = await request2(`${apiUrl5.replace(/\/$/, "")}/api/compliance/ext`, {
+    const res = await request2(`${apiUrl6.replace(/\/$/, "")}/api/compliance/ext`, {
       method: "POST",
       headers: { "Content-Type": "application/json" },
       body: JSON.stringify(report)
@@ -1650,7 +1650,7 @@ function selectFlakyNamespaces(entries, limit) {
 }
 
 // src/doctor-cmd.ts
-var VERSION = true ? "0.47.3" : "dev";
+var VERSION = true ? "0.47.5" : "dev";
 async function runDoctor(opts = {}) {
   if (opts.json) return runDoctorJson(opts);
   const lines = [];
@@ -2348,12 +2348,12 @@ ${USAGE}`);
   }
   log2(`Target: ${target.label} (${scope})`);
   log2(`File:   ${resolved.absolute}`);
-  let token5 = opts.token ?? null;
-  if (!token5) {
+  let token6 = opts.token ?? null;
+  if (!token6) {
     const cfg = await loadMcphConfig({ home: opts.home, cwd: process.cwd(), env: {} });
-    token5 = cfg.token;
+    token6 = cfg.token;
   }
-  if (!token5) {
+  if (!token6) {
     err(
       "\nmcph install: no token available.\n  Pass one with --token mcp_pat_\u2026, or run `mcph install` with --token once to seed ~/.mcph/config.json,\n  or create the token at https://mcp.hosting \u2192 Settings \u2192 API Tokens."
     );
@@ -2423,7 +2423,7 @@ ${USAGE}`);
   const writeMcphConfig = !opts.skipMcphConfig;
   const home = opts.home ?? homedir5();
   const mcphConfigPath = join5(home, CONFIG_DIRNAME, CONFIG_FILENAME);
-  const mcphConfigComposed = await composeMcphConfig(mcphConfigPath, token5);
+  const mcphConfigComposed = await composeMcphConfig(mcphConfigPath, token6);
   if (mcphConfigComposed.backupPath) {
     log2(
       `mcph install: existing ${mcphConfigPath} was malformed; original bytes backed up to ${mcphConfigComposed.backupPath} before overwriting.`
@@ -2579,7 +2579,7 @@ function mergeClientConfig(existing, containerPath, entry) {
   parent[leafKey] = container;
   return out;
 }
-async function composeMcphConfig(path5, token5) {
+async function composeMcphConfig(path5, token6) {
   let existing = {};
   let backupPath;
   if (existsSync2(path5)) {
@@ -2606,7 +2606,7 @@ async function composeMcphConfig(path5, token5) {
     }
   }
   const next = { version: CURRENT_SCHEMA_VERSION, ...existing };
-  next.token = token5;
+  next.token = token6;
   if (typeof next.version !== "number") next.version = CURRENT_SCHEMA_VERSION;
   return { json: `${JSON.stringify(next, null, 2)}
 `, backupPath };
@@ -2903,7 +2903,7 @@ import {
   ListToolsRequestSchema,
   ReadResourceRequestSchema
 } from "@modelcontextprotocol/sdk/types.js";
-import { request as request8 } from "undici";
+import { request as request9 } from "undici";
 
 // src/compliance.ts
 var GRADE_ORDER = {
@@ -3336,6 +3336,49 @@ function truncateForWarning(msg) {
   return clean.length > 120 ? `${clean.slice(0, 117)}...` : clean;
 }
 
+// src/heartbeat.ts
+import { request as request5 } from "undici";
+var HEARTBEAT_PATH = "/api/connect/heartbeat";
+var apiUrl3 = "";
+var token3 = "";
+function initHeartbeat(url, tok) {
+  apiUrl3 = url;
+  token3 = tok;
+}
+async function reportHeartbeat(clientName, clientVersion) {
+  if (!apiUrl3 || !token3) return;
+  try {
+    const res = await request5(`${apiUrl3.replace(/\/$/, "")}${HEARTBEAT_PATH}`, {
+      method: "POST",
+      headers: {
+        Authorization: `Bearer ${token3}`,
+        "Content-Type": "application/json"
+      },
+      body: JSON.stringify({
+        // Pass through whatever the AI client self-reported. Backend
+        // normalizes (fallback to 'unknown', length caps) — keep this
+        // side dumb so a backend tightening doesn't need a CLI roll.
+        clientName: clientName ?? null,
+        clientVersion: clientVersion ?? null
+      }),
+      headersTimeout: 1e4,
+      bodyTimeout: 1e4
+    });
+    await res.body.text().catch(() => {
+    });
+    if (res.statusCode >= 400 && res.statusCode !== 404) {
+      log("warn", "Heartbeat failed", { status: res.statusCode });
+    } else {
+      log("info", "Reported AI client connect to mcp.hosting", {
+        clientName: clientName ?? null,
+        clientVersion: clientVersion ?? null
+      });
+    }
+  } catch (err) {
+    log("warn", "Heartbeat error", { error: err?.message });
+  }
+}
+
 // src/idle-ttl.ts
 var ADAPTIVE_WINDOW_MS = 5 * 60 * 1e3;
 var ADAPTIVE_LOOKBACK = 20;
@@ -3944,9 +3987,9 @@ var PackDetector = class {
 
 // src/progress.ts
 function createProgressReporter(extra) {
-  const token5 = extra?._meta?.progressToken;
+  const token6 = extra?._meta?.progressToken;
   const send = extra?.sendNotification;
-  if (token5 === void 0 || token5 === null || !send) {
+  if (token6 === void 0 || token6 === null || !send) {
     return () => {
     };
   }
@@ -3954,7 +3997,7 @@ function createProgressReporter(extra) {
   return (message, progress, total) => {
     step += 1;
     const params = {
-      progressToken: token5,
+      progressToken: token6,
       progress: progress ?? step,
       message
     };
@@ -4408,26 +4451,26 @@ function rankServers(context, servers) {
 }
 
 // src/rerank.ts
-import { request as request5 } from "undici";
-var apiUrl3 = "";
-var token3 = "";
+import { request as request6 } from "undici";
+var apiUrl4 = "";
+var token4 = "";
 var RERANK_TIMEOUT_MS = 2e3;
 function initRerank(url, tok) {
-  apiUrl3 = url;
-  token3 = tok;
+  apiUrl4 = url;
+  token4 = tok;
 }
 async function rerank(intent, candidateIds, limit) {
-  if (!apiUrl3 || !token3) return null;
+  if (!apiUrl4 || !token4) return null;
   if (!intent?.trim()) return null;
   if (candidateIds !== void 0 && candidateIds.length === 0) return null;
   const payload = { intent: intent.trim() };
   if (candidateIds && candidateIds.length > 0) payload.candidateIds = candidateIds;
   if (typeof limit === "number" && limit > 0) payload.limit = limit;
   try {
-    const res = await request5(`${apiUrl3.replace(/\/$/, "")}/api/connect/rerank`, {
+    const res = await request6(`${apiUrl4.replace(/\/$/, "")}/api/connect/rerank`, {
       method: "POST",
       headers: {
-        Authorization: `Bearer ${token3}`,
+        Authorization: `Bearer ${token4}`,
         "Content-Type": "application/json"
       },
       body: JSON.stringify(payload),
@@ -4457,14 +4500,14 @@ async function rerank(intent, candidateIds, limit) {
 
 // src/runtime-detect.ts
 import { spawn as spawn2 } from "child_process";
-import { request as request6 } from "undici";
+import { request as request7 } from "undici";
 var PROBE_TIMEOUT_MS = 3e3;
 var RUNTIME_REPORT_PATH = "/api/connect/runtimes";
-var apiUrl4 = "";
-var token4 = "";
+var apiUrl5 = "";
+var token5 = "";
 function initRuntimeDetect(url, tok) {
-  apiUrl4 = url;
-  token4 = tok;
+  apiUrl5 = url;
+  token5 = tok;
 }
 var PROBES = {
   node: {
@@ -4576,7 +4619,7 @@ async function detectRuntimes() {
   return out;
 }
 async function reportRuntimes() {
-  if (!apiUrl4 || !token4) return;
+  if (!apiUrl5 || !token5) return;
   let runtimes;
   try {
     runtimes = await detectRuntimes();
@@ -4585,10 +4628,10 @@ async function reportRuntimes() {
     return;
   }
   try {
-    const res = await request6(`${apiUrl4.replace(/\/$/, "")}${RUNTIME_REPORT_PATH}`, {
+    const res = await request7(`${apiUrl5.replace(/\/$/, "")}${RUNTIME_REPORT_PATH}`, {
       method: "POST",
       headers: {
-        Authorization: `Bearer ${token4}`,
+        Authorization: `Bearer ${token5}`,
         "Content-Type": "application/json"
       },
       body: JSON.stringify({ runtimes }),
@@ -4745,7 +4788,7 @@ import { createWriteStream } from "fs";
 import fs from "fs/promises";
 import path4 from "path";
 import { pipeline } from "stream/promises";
-import { request as request7 } from "undici";
+import { request as request8 } from "undici";
 var UV_VERSION = "0.11.7";
 var RELEASE_BASE = `https://github.com/astral-sh/uv/releases/download/${UV_VERSION}`;
 function uvTarget() {
@@ -4822,7 +4865,7 @@ async function onPath(cmd) {
 async function fetchWithRedirects(url, maxHops = 5) {
   let current = url;
   for (let i = 0; i < maxHops; i++) {
-    const res = await request7(current, { method: "GET" });
+    const res = await request8(current, { method: "GET" });
     if (res.statusCode >= 300 && res.statusCode < 400) {
       const loc = res.headers.location;
       if (!loc) throw new Error(`Redirect without Location header from ${current}`);
@@ -4971,7 +5014,7 @@ function categorizeSpawnError(err) {
 }
 async function connectToUpstream(config, onDisconnect, onListChanged) {
   const client = new Client(
-    { name: "mcph", version: true ? "0.47.3" : "dev" },
+    { name: "mcph", version: true ? "0.47.5" : "dev" },
     { capabilities: {} }
   );
   let transport;
@@ -5275,11 +5318,11 @@ function computeToolOverlaps(connections) {
   return overlaps;
 }
 var ConnectServer = class _ConnectServer {
-  constructor(apiUrl5, token5) {
-    this.apiUrl = apiUrl5;
-    this.token = token5;
+  constructor(apiUrl6, token6) {
+    this.apiUrl = apiUrl6;
+    this.token = token6;
     this.server = new Server(
-      { name: "mcph", version: true ? "0.47.3" : "dev" },
+      { name: "mcph", version: true ? "0.47.5" : "dev" },
       {
         capabilities: {
           tools: { listChanged: true },
@@ -5420,23 +5463,23 @@ var ConnectServer = class _ConnectServer {
     this.server.setRequestHandler(ListToolsRequestSchema, async () => ({
       tools: buildToolList(this.connections, this.getDeferredServers(), this.toolFilters)
     }));
-    this.server.setRequestHandler(CallToolRequestSchema, async (request9, extra) => {
-      const { name, arguments: args } = request9.params;
+    this.server.setRequestHandler(CallToolRequestSchema, async (request10, extra) => {
+      const { name, arguments: args } = request10.params;
       return this.handleToolCall(name, args ?? {}, extra);
     });
     this.server.setRequestHandler(ListResourcesRequestSchema, async () => ({
       resources: buildResourceList(this.connections, this.getBuiltinResources())
     }));
-    this.server.setRequestHandler(ReadResourceRequestSchema, async (request9) => {
-      return routeResourceRead(request9.params.uri, this.resourceRoutes, this.connections, this.getBuiltinResourceMap());
+    this.server.setRequestHandler(ReadResourceRequestSchema, async (request10) => {
+      return routeResourceRead(request10.params.uri, this.resourceRoutes, this.connections, this.getBuiltinResourceMap());
     });
     this.server.setRequestHandler(ListPromptsRequestSchema, async () => ({
       prompts: buildPromptList(this.connections)
     }));
-    this.server.setRequestHandler(GetPromptRequestSchema, async (request9) => {
+    this.server.setRequestHandler(GetPromptRequestSchema, async (request10) => {
       return routePromptGet(
-        request9.params.name,
-        request9.params.arguments,
+        request10.params.name,
+        request10.params.arguments,
         this.promptRoutes,
         this.connections
       );
@@ -5541,10 +5584,17 @@ var ConnectServer = class _ConnectServer {
     initToolReport(this.apiUrl, this.token);
     initRerank(this.apiUrl, this.token);
     initRuntimeDetect(this.apiUrl, this.token);
+    initHeartbeat(this.apiUrl, this.token);
     reportRuntimes().catch((err) => log("warn", "reportRuntimes failed", { error: err?.message }));
     if (this.config?.servers.some((s) => s.command === "uv" || s.command === "uvx")) {
       ensureUv().catch((err) => log("warn", "uv prewarm failed", { error: err?.message }));
     }
+    this.server.oninitialized = () => {
+      const info = this.server.getClientVersion();
+      reportHeartbeat(info?.name, info?.version).catch(
+        (err) => log("warn", "reportHeartbeat failed", { error: err?.message })
+      );
+    };
     const transport = new StdioServerTransport();
     await this.server.connect(transport);
     this.startPolling();
@@ -6781,7 +6831,7 @@ ${activeCount} loaded in this session, ${totalTools} tools in context${tokenSumm
         nsToKeys.set(s.namespace, existing);
       }
       const collisions = [...nsToKeys.entries()].filter(([, keys]) => keys.length > 1);
-      const res = await request8(`${this.apiUrl.replace(/\/$/, "")}/api/connect/import`, {
+      const res = await request9(`${this.apiUrl.replace(/\/$/, "")}/api/connect/import`, {
         method: "POST",
         headers: {
           Authorization: `Bearer ${this.token}`,
@@ -6842,7 +6892,7 @@ Use mcp_connect_discover to see imported servers.`
     }
     const payload = built.payload;
     try {
-      const res = await request8(`${this.apiUrl.replace(/\/$/, "")}/api/connect/servers`, {
+      const res = await request9(`${this.apiUrl.replace(/\/$/, "")}/api/connect/servers`, {
         method: "POST",
         headers: {
           Authorization: `Bearer ${this.token}`,
@@ -7640,7 +7690,7 @@ Or re-run with --run to upgrade in place.`);
   return { exitCode: 3, lines };
 }
 function readCurrentVersion() {
-  return true ? "0.47.3" : "dev";
+  return true ? "0.47.5" : "dev";
 }
 
 // src/index.ts
@@ -7808,7 +7858,7 @@ if (subcommand === "compliance") {
 `);
   process.exit(0);
 } else if (subcommand === "--version" || subcommand === "-V") {
-  process.stdout.write(`mcph ${true ? "0.47.3" : "dev"}
+  process.stdout.write(`mcph ${true ? "0.47.5" : "dev"}
 `);
   process.exit(0);
 } else if (subcommand && !subcommand.startsWith("-")) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@yawlabs/mcph",
-  "version": "0.47.3",
+  "version": "0.47.5",
   "description": "mcp.hosting — one install, all your MCP servers, managed from the cloud",
   "license": "UNLICENSED",
   "author": "Yaw Labs <support@mcp.hosting> (https://mcp.hosting)",