@zegazone_mcp/mcp 2.0.0

package/dist/server.js

@@ -0,0 +1,159 @@
+import { STATUS_CODES } from "node:http";
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+import { z } from "zod";
+import { callThirdParty, ensureDestructiveSafety, ensureIdempotency, ThirdPartyRequestError, } from "./api.js";
+import { OP_TOOL_MAP } from "./ops.js";
+import { formatToolDescription, THIRDPARTY_CALL_DESCRIPTION, } from "./tool-metadata.js";
+import { TYPED_TOOL_SCHEMAS } from "./tool-schemas.js";
+const GenericArgs = z.record(z.unknown()).optional();
+/**
+ * MCP clients often send op fields at the top level (`{ "name": "X" }`). A plain
+ * `z.object({ args: z.record(...) })` strips unknown keys, so the API saw `{}` and
+ * `collections.create` failed validation — unrelated to error stringification.
+ */
+function mergeNestedAndTopLevelArgs(parsed) {
+    const { args, ...top } = parsed;
+    const nested = typeof args === "object" && args !== null && !Array.isArray(args)
+        ? args
+        : {};
+    return { ...nested, ...top };
+}
+const thirdpartyCallInputSchema = z
+    .object({
+    op: z.string().min(1),
+    args: GenericArgs,
+})
+    .catchall(z.unknown());
+const explicitToolInputSchema = z
+    .object({
+    args: GenericArgs,
+})
+    .catchall(z.unknown());
+/** Never rely on the MCP SDK's `String(throwable)` for non-Error values (yields "[object Object]"). */
+function formatToolFailure(err) {
+    if (err instanceof ThirdPartyRequestError)
+        return err.message;
+    if (err instanceof Error)
+        return err.message;
+    if (err !== null && typeof err === "object") {
+        try {
+            return JSON.stringify(err, jsonSerializeReplacer, 2);
+        }
+        catch {
+            return Object.prototype.toString.call(err);
+        }
+    }
+    return String(err);
+}
+function jsonSerializeReplacer(_key, value) {
+    if (value instanceof Error) {
+        return { name: value.name, message: value.message };
+    }
+    return value;
+}
+/** Some hosts stringify the wrong field; never return the useless "[object Object]" string. */
+function coerceToolErrorText(err) {
+    let text = formatToolFailure(err);
+    if (typeof text !== "string") {
+        try {
+            text = JSON.stringify(text, jsonSerializeReplacer, 2);
+        }
+        catch {
+            text = "Unknown error (non-string tool message)";
+        }
+    }
+    if (text === "[object Object]" || text.trim() === "[object Object]") {
+        try {
+            text = JSON.stringify(err, jsonSerializeReplacer, 2);
+        }
+        catch {
+            text = "Unknown error (could not serialize)";
+        }
+    }
+    return text;
+}
+function toolErrorReturn(err) {
+    const text = coerceToolErrorText(err);
+    const structured = err instanceof ThirdPartyRequestError
+        ? {
+            httpStatus: err.payload.status,
+            httpStatusText: STATUS_CODES[err.payload.status] ?? "Unknown",
+            error: String(err.payload.error),
+            ...(err.payload.detail !== undefined ? { detail: String(err.payload.detail) } : {}),
+            ...(err.payload.field !== undefined ? { field: String(err.payload.field) } : {}),
+            ...(err.payload.need !== undefined
+                ? {
+                    need: Array.isArray(err.payload.need)
+                        ? err.payload.need.map(String)
+                        : [String(err.payload.need)],
+                }
+                : {}),
+        }
+        : {
+            httpStatus: 0,
+            httpStatusText: "Error",
+            error: "tool_execution_error",
+            detail: text,
+        };
+    return {
+        content: [{ type: "text", text }],
+        structuredContent: structured,
+        isError: true,
+    };
+}
+export function createServer(config) {
+    const server = new McpServer({
+        name: "zegazone-thirdparty-mcp",
+        version: "2.0.0",
+    });
+    server.registerTool("thirdparty_call", {
+        description: `[Meta] ${THIRDPARTY_CALL_DESCRIPTION}`,
+        inputSchema: thirdpartyCallInputSchema,
+    }, async (parsed) => {
+        try {
+            const { op, ...rest } = parsed;
+            const payload = mergeNestedAndTopLevelArgs(rest);
+            const withSafety = ensureDestructiveSafety(op, payload, config.defaultDryRun);
+            const withIdempotency = ensureIdempotency(op, withSafety);
+            const response = await callThirdParty(config, op, withIdempotency);
+            return {
+                content: [
+                    {
+                        type: "text",
+                        text: JSON.stringify(response, null, 2),
+                    },
+                ],
+            };
+        }
+        catch (err) {
+            return toolErrorReturn(err);
+        }
+    });
+    for (const [toolName, op] of Object.entries(OP_TOOL_MAP)) {
+        const description = formatToolDescription(toolName, op);
+        const typedSchema = TYPED_TOOL_SCHEMAS[toolName];
+        server.registerTool(toolName, {
+            description,
+            inputSchema: (typedSchema ?? explicitToolInputSchema),
+        }, async (parsed) => {
+            try {
+                const input = mergeNestedAndTopLevelArgs(parsed);
+                const withSafety = ensureDestructiveSafety(op, input, config.defaultDryRun);
+                const withIdempotency = ensureIdempotency(op, withSafety);
+                const response = await callThirdParty(config, op, withIdempotency);
+                return {
+                    content: [
+                        {
+                            type: "text",
+                            text: JSON.stringify(response, null, 2),
+                        },
+                    ],
+                };
+            }
+            catch (err) {
+                return toolErrorReturn(err);
+            }
+        });
+    }
+    return server;
+}

package/dist/token-provider.js

@@ -0,0 +1,93 @@
+import { readStoredCredentials, writeStoredCredentials } from "./token-store.js";
+import { refreshAndPersist } from "./oauth-client.js";
+const SKEW_MS = 120_000;
+export function createAccessTokenHandle(opts) {
+    let memAccess = null;
+    let memExpiresAtMs = 0;
+    let inFlight = null;
+    let refreshInFlight = null;
+    function accessStillValid(expiresAtMs) {
+        return Date.now() < expiresAtMs - SKEW_MS;
+    }
+    async function resolveFromRefresh(stored) {
+        const next = await refreshAndPersist({
+            apiBase: opts.apiBase,
+            credentialsPath: opts.credentialsPath,
+            previous: stored,
+            timeoutMs: opts.timeoutMs,
+            writeStoredCredentials,
+        });
+        memAccess = next.access_token ?? null;
+        memExpiresAtMs = next.access_expires_at_ms ?? 0;
+        if (!memAccess)
+            throw new Error("Refresh succeeded but access_token missing");
+        return memAccess;
+    }
+    async function compute() {
+        const stored = await readStoredCredentials(opts.credentialsPath);
+        if (stored?.refresh_token) {
+            // Prefer the on-disk access_token over the memory cache when the file holds a
+            // different value. The MCP process is long-lived (Claude Desktop keeps it for
+            // days), and the credentials file can change underneath us — for example after
+            // a fresh `oauth-pair`, after an out-of-band scope grant that rotated the
+            // refresh row, or after a server-side secret rotation. Without this, the
+            // running process keeps replaying a stale-but-clock-valid token until expiry.
+            if (stored.access_token &&
+                stored.access_expires_at_ms &&
+                accessStillValid(stored.access_expires_at_ms)) {
+                if (memAccess !== stored.access_token) {
+                    memAccess = stored.access_token;
+                    memExpiresAtMs = stored.access_expires_at_ms;
+                }
+                return memAccess;
+            }
+            // File's access_token is missing or expired; fall back to memory if still valid
+            // (rare — memory is normally seeded from this same file), otherwise refresh.
+            if (memAccess && accessStillValid(memExpiresAtMs))
+                return memAccess;
+            return resolveFromRefresh(stored);
+        }
+        if (opts.legacyAccessToken)
+            return opts.legacyAccessToken;
+        throw new Error(`No OAuth credentials. Run: npm run oauth-pair (writes ${opts.credentialsPath}) or set ZEGA_ACCESS_TOKEN.`);
+    }
+    async function computeForced() {
+        const stored = await readStoredCredentials(opts.credentialsPath);
+        if (!stored?.refresh_token) {
+            if (opts.legacyAccessToken) {
+                throw new Error("Static ZEGA_ACCESS_TOKEN was rejected (401) and there is no refresh_token to renew it. " +
+                    "Set a fresh ZEGA_ACCESS_TOKEN or run: npm run oauth-pair");
+            }
+            throw new Error(`No OAuth credentials to refresh. Run: npm run oauth-pair (writes ${opts.credentialsPath}).`);
+        }
+        return resolveFromRefresh(stored);
+    }
+    function invalidateMemory() {
+        memAccess = null;
+        memExpiresAtMs = 0;
+    }
+    async function getAccessToken() {
+        if (inFlight)
+            return inFlight;
+        const p = compute();
+        inFlight = p;
+        p.finally(() => {
+            if (inFlight === p)
+                inFlight = null;
+        });
+        return p;
+    }
+    async function forceRefreshAccessToken() {
+        invalidateMemory();
+        if (refreshInFlight)
+            return refreshInFlight;
+        const p = computeForced();
+        refreshInFlight = p;
+        p.finally(() => {
+            if (refreshInFlight === p)
+                refreshInFlight = null;
+        });
+        return p;
+    }
+    return { getAccessToken, forceRefreshAccessToken, invalidateMemory };
+}

package/dist/token-store.js

@@ -0,0 +1,48 @@
+import fs from "node:fs/promises";
+import path from "node:path";
+import os from "node:os";
+export function defaultCredentialsPath() {
+    const override = process.env.ZEGA_CREDENTIALS_PATH?.trim();
+    if (override)
+        return path.resolve(override);
+    return path.join(os.homedir(), ".zegazone-mcp", "credentials.json");
+}
+export async function readStoredCredentials(filePath) {
+    try {
+        const raw = await fs.readFile(filePath, "utf8");
+        const parsed = JSON.parse(raw);
+        if (!parsed || typeof parsed !== "object")
+            return null;
+        const o = parsed;
+        if (o.version !== 1)
+            return null;
+        const client_id = typeof o.client_id === "string" ? o.client_id : "";
+        const refresh_token = typeof o.refresh_token === "string" ? o.refresh_token : "";
+        if (!client_id || !refresh_token)
+            return null;
+        const access_token = typeof o.access_token === "string" ? o.access_token : undefined;
+        const access_expires_at_ms = typeof o.access_expires_at_ms === "number" && Number.isFinite(o.access_expires_at_ms)
+            ? o.access_expires_at_ms
+            : undefined;
+        return {
+            version: 1,
+            client_id,
+            refresh_token,
+            access_token,
+            access_expires_at_ms,
+        };
+    }
+    catch (e) {
+        const code = e.code;
+        if (code === "ENOENT")
+            return null;
+        throw e;
+    }
+}
+export async function writeStoredCredentials(filePath, data) {
+    await fs.mkdir(path.dirname(filePath), { recursive: true });
+    const tmp = `${filePath}.${process.pid}.tmp`;
+    const json = `${JSON.stringify(data, null, 2)}\n`;
+    await fs.writeFile(tmp, json, { encoding: "utf8", mode: 0o600 });
+    await fs.rename(tmp, filePath);
+}

package/dist/tool-metadata.js

@@ -0,0 +1,128 @@
+export const TOOL_CATEGORIES = {
+    ping: "Meta",
+    schema_get: "Meta",
+    operations_list: "Meta",
+    operation_describe: "Meta",
+    ui_state_get: "UI",
+    ui_state_set: "UI",
+    collections_list: "Collections",
+    collections_batch_get: "Collections",
+    collections_export: "Collections",
+    collections_create: "Collections",
+    collections_update: "Collections",
+    collections_delete: "Collections",
+    collections_restore: "Collections",
+    collections_reorder: "Collections",
+    collections_archive: "Collections",
+    collections_unarchive: "Collections",
+    collections_share_url: "Collections",
+    collections_publish: "Collections",
+    collections_unpublish: "Collections",
+    collections_like: "Social",
+    collections_unlike: "Social",
+    collections_liked_list: "Social",
+    collections_search: "Discovery",
+    collections_browse: "Discovery",
+    collections_stats_get: "Discovery",
+    aliases_list: "Social",
+    aliases_follow: "Social",
+    aliases_unfollow: "Social",
+    aliases_following_list: "Social",
+    profile_get: "Profile",
+    profile_update: "Profile",
+    collaborators_list: "Collaboration",
+    collaborators_invite: "Collaboration",
+    collaborators_revoke: "Collaboration",
+    collaborators_invites_list: "Collaboration",
+    collaborators_invites_received: "Collaboration",
+    collaborators_invite_accept: "Collaboration",
+    collaborators_invite_decline: "Collaboration",
+    media_list: "Media",
+    media_search: "Media",
+    media_batch_list: "Media",
+    media_download: "Media",
+    media_create: "Media",
+    media_update: "Media",
+    media_describe: "Media",
+    media_replace: "Media",
+    media_delete: "Media",
+    media_restore: "Media",
+    media_move: "Media",
+    media_copy: "Media",
+    media_reorder: "Media",
+    media_archive: "Media",
+    media_unarchive: "Media",
+    media_text_note_add: "Media",
+    media_text_note_get: "Media",
+    media_text_note_update: "Media",
+    media_text_note_delete: "Media",
+};
+/** When would I use this? — conversational descriptions for agents. */
+export const TOOL_DESCRIPTIONS = {
+    ping: "Use when you need to verify the API token is valid before doing anything else. Quick health check returning your user id and OAuth client id.",
+    schema_get: "Use when building or debugging integrations and you need the full machine-readable contract (all operations, fields, scopes). Prefer named MCP tools for day-to-day work.",
+    operations_list: "Use when you want a compact index of every API operation and its OAuth scope before choosing what to call. Helpful for planning multi-step agent workflows.",
+    operation_describe: "Use when you need the request/response field documentation for one specific operation name from operations_list.",
+    ui_state_get: "Use when you need to know which collection and media item are currently open in the user's Zegazone UI — keeps agent actions aligned with what they see.",
+    ui_state_set: "Use when the agent should drive the app: open a collection, select a media item, or sync the UI to match your workflow.",
+    collections_list: "Use when you need to see what collections the user owns — names, tags, sharing level, thumbnails — before uploading media, publishing, or inviting collaborators.",
+    collections_batch_get: "Use when you already have a list of collection ids and need full metadata for several at once without listing everything.",
+    collections_export: "Use when the user wants a portable dump of a collection (metadata and media references) for backup or migration.",
+    collections_create: "Use when starting a new collection from scratch. Set name, tags, NSFW flag, and optional parent for sub-collections.",
+    collections_update: "Use when renaming a collection, changing tags, cover image, share level, or description on an existing owned collection.",
+    collections_delete: "Use when permanently or soft-deleting a collection the user no longer wants. Requires explicit confirm or dry_run for safety.",
+    collections_restore: "Use when undoing a soft-delete on a collection that was archived to the trash.",
+    collections_reorder: "Use when the user wants a specific sidebar order for their owned collections.",
+    collections_archive: "Use to hide a collection from default lists without deleting it — good for seasonal or paused projects.",
+    collections_unarchive: "Use to bring an archived collection back into the normal library view.",
+    collections_share_url: "Use when you need the public link to share with someone else (https://www.zegazone.com/{handle}/{slug}). Only works for published collections.",
+    collections_publish: "Use when the user wants a collection on the public web with a custom slug.",
+    collections_unpublish: "Use when a collection should no longer be publicly reachable.",
+    collections_like: "Use when the user wants to bookmark or endorse a public collection they discovered.",
+    collections_unlike: "Use to remove a like from a collection.",
+    collections_liked_list: "Use when revisiting collections the user has liked or building a favorites list.",
+    collections_search: "Use when discovering public content by keyword (min 3 characters). Great for 'find collections about X'.",
+    collections_browse: "Use for feed-style discovery without a search query — own library, shared with me, public, following, or liked.",
+    collections_stats_get: "Use when reporting how popular a collection is (likes, views, unique viewers).",
+    aliases_list: "Use before publishing under a channel handle or explaining which identities the user can publish as.",
+    aliases_follow: "Use when subscribing to another creator's channel so their public collections appear in following feeds.",
+    aliases_unfollow: "Use when stopping updates from a channel.",
+    aliases_following_list: "Use to show who the user follows or to pick an unfollow target.",
+    profile_get: "Use at the start of a session to learn username, display name, follower counts, bio, and aliases — personalize responses accordingly.",
+    profile_update: "Use when the user asks to change how they appear on Zegazone (display name or bio). Requires profile:write.",
+    collaborators_list: "Use to see who already has access to a restricted/private collection.",
+    collaborators_invite: "Use when the owner wants someone else to add or edit media on a restricted/private collection. Requires the invitee's Zegazone username.",
+    collaborators_revoke: "Use to remove a collaborator or cancel a pending invite.",
+    collaborators_invites_list: "Use to see outstanding invites the user sent.",
+    collaborators_invites_received: "Use when the user asks what collections they were invited to.",
+    collaborators_invite_accept: "Use after the user confirms they want access to a shared collection.",
+    collaborators_invite_decline: "Use when refusing a collaboration invite.",
+    media_list: "Use to list media inside a collection — the main way to see what's already uploaded before adding more.",
+    media_search: "Use when filtering media within one or more collections by name, tag, or type.",
+    media_batch_list: "Use when you have many media ids and need rows for all of them in one call.",
+    media_download: "Use when you need a time-limited download URL for a media item's main file.",
+    media_create: "Use when adding new content to a collection from a URL (image, video, website, etc.). Requires viewer type.",
+    media_update: "Use when changing title, description, position, tags, thumbnails, or metadata on existing media.",
+    media_describe: "Use when you need the full picture of a media item: metadata, viewer type, and resolved URLs for main/thumbnail/screenshot assets.",
+    media_replace: "Use when swapping the main file of a media item while keeping the same row id.",
+    media_delete: "Use when removing media the user no longer wants. Supports dry_run and confirm.",
+    media_restore: "Use when recovering soft-deleted media.",
+    media_move: "Use when reorganizing — move items to another owned collection, optionally at a position.",
+    media_copy: "Use when duplicating an item into another collection without re-uploading.",
+    media_reorder: "Use when setting explicit play order inside a collection.",
+    media_archive: "Use to hide a media item without deleting it.",
+    media_unarchive: "Use to restore archived media to the active list.",
+    media_text_note_add: "Use when adding an inline text/markdown note as a media row.",
+    media_text_note_get: "Use when reading the body of a text note media item.",
+    media_text_note_update: "Use when editing note content or cover thumbnail.",
+    media_text_note_delete: "Use when removing a text note. Supports dry_run and confirm.",
+};
+export const THIRDPARTY_CALL_DESCRIPTION = "Use when an operation exists in operations_list but has no dedicated MCP tool yet, or you need to pass rare/experimental fields. " +
+    "Pass the `op` string plus operation fields at the top level or under `args` (both merge). " +
+    "Destructive ops default to dry_run unless you set confirm:true. " +
+    "Prefer named tools when available — they have clearer descriptions and the same API behavior.";
+export function formatToolDescription(toolName, op) {
+    const category = TOOL_CATEGORIES[toolName];
+    const when = TOOL_DESCRIPTIONS[toolName];
+    return `[${category}] ${when} (API op: ${op})`;
+}

package/dist/tool-schemas.js

@@ -0,0 +1,146 @@
+import { z } from "zod";
+const viewerEnum = z.enum([
+    "video",
+    "audio",
+    "image",
+    "pdf",
+    "microsoft",
+    "web",
+    "markdown",
+    "text",
+    "code",
+    "file",
+    "website",
+    "html",
+]);
+const shareAccessLevelEnum = z.enum(["private", "restricted", "registered", "public"]);
+const tagsSchema = z
+    .array(z.string().min(1))
+    .max(10)
+    .optional()
+    .describe("Highly encouraged for discovery and organization (max 10).");
+export const collectionsCreateSchema = z
+    .object({
+    args: z.record(z.unknown()).optional(),
+    name: z.string().min(1).describe("Collection display name."),
+    thumbnail_url: z
+        .string()
+        .url()
+        .optional()
+        .describe("Strongly recommended. Set a cover image URL to make the collection visually identifiable."),
+    description: z.string().max(4000).optional(),
+    is_nsfw: z.boolean().optional(),
+    share_access_level: shareAccessLevelEnum.optional(),
+    tags: tagsSchema,
+    searchable: z.boolean().optional().describe("When true, public collections may appear in search (default true)."),
+    share_allowed_usernames: z
+        .array(z.string().min(1))
+        .optional()
+        .describe("Usernames allowed when share_access_level is restricted."),
+    alias_id: z
+        .string()
+        .uuid()
+        .optional()
+        .describe("Profile alias UUID; sets created_with_username publish handle."),
+    playback_prefs: z.record(z.unknown()).optional().describe("JSON playback preferences."),
+    parent_collection_id: z.number().int().positive().optional(),
+    link_position: z.number().int().min(0).optional(),
+    link_description: z.string().max(4000).optional(),
+})
+    .catchall(z.unknown());
+export const collectionsUpdateSchema = z
+    .object({
+    args: z.record(z.unknown()).optional(),
+    collection_id: z.number().int().positive(),
+    name: z.string().min(1).optional(),
+    description: z.string().max(4000).nullable().optional(),
+    tags: tagsSchema,
+    thumbnail_url: z
+        .string()
+        .url()
+        .optional()
+        .describe("Strongly recommended. Set a cover image URL to make the collection visually identifiable."),
+    is_nsfw: z.boolean().optional(),
+    share_access_level: shareAccessLevelEnum.optional(),
+    position: z.number().int().min(0).optional(),
+    searchable: z.boolean().optional(),
+    share_allowed_usernames: z.array(z.string().min(1)).optional(),
+    alias_id: z.string().uuid().nullable().optional(),
+    playback_prefs: z.record(z.unknown()).nullable().optional(),
+})
+    .catchall(z.unknown());
+export const mediaCreateSchema = z
+    .object({
+    args: z.record(z.unknown()).optional(),
+    collection_id: z.number().int().positive(),
+    source_url: z.string().url(),
+    viewer: viewerEnum.describe("Hint for which viewer to use (required)."),
+    name: z.string().max(180).optional(),
+    description: z.string().max(4000).optional(),
+    position: z.number().int().min(0).optional(),
+    type: z.string().optional().describe("MIME type, e.g. image/jpeg"),
+    thumbnail_url: z
+        .string()
+        .url()
+        .optional()
+        .describe("Strongly recommended. Provide a thumbnail URL for visual identification in the carousel."),
+    tags: tagsSchema,
+    is_nsfw: z.boolean().optional(),
+    screenshot_url: z.string().url().optional(),
+    background_image_url: z.string().url().optional(),
+    locked_for_collaborators: z.boolean().optional(),
+    subcollection_collection_id: z.number().int().positive().nullable().optional(),
+})
+    .catchall(z.unknown());
+export const mediaUpdateSchema = z
+    .object({
+    args: z.record(z.unknown()).optional(),
+    media_id: z.number().int().positive(),
+    name: z.string().max(180).optional(),
+    description: z.string().max(4000).nullable().optional(),
+    position: z.number().int().min(0).optional(),
+    is_nsfw: z.boolean().optional(),
+    thumbnail_url: z
+        .string()
+        .url()
+        .nullable()
+        .optional()
+        .describe("Strongly recommended. Provide a thumbnail URL for visual identification in the carousel."),
+    viewer: viewerEnum.optional(),
+    type: z.string().optional(),
+    tags: tagsSchema,
+    text_note: z.string().max(524288).optional(),
+    display_mode: z.enum(["plain", "markdown", "code"]).optional(),
+    screenshot_url: z.string().url().nullable().optional(),
+    background_image_url: z.string().url().nullable().optional(),
+    locked_for_collaborators: z.boolean().optional(),
+    subcollection_collection_id: z.number().int().positive().nullable().optional(),
+})
+    .catchall(z.unknown());
+export const uiStateSetSchema = z
+    .object({
+    args: z.record(z.unknown()).optional(),
+    collection_id: z.number().int().positive().nullable().optional(),
+    media_id: z.number().int().positive().nullable().optional(),
+    source: z.enum(["agent", "user"]).optional(),
+    agent_id: z.string().nullable().optional(),
+    view_mode: z.enum(["carousel", "grid"]).nullable().optional(),
+    fullscreen: z.boolean().optional(),
+    collections_panel_open: z.boolean().optional(),
+    playback_position: z.number().min(0).nullable().optional(),
+})
+    .catchall(z.unknown());
+export const mediaDescribeSchema = z
+    .object({
+    args: z.record(z.unknown()).optional(),
+    media_id: z.number().int().positive(),
+})
+    .catchall(z.unknown());
+export const TYPED_TOOL_SCHEMAS = {
+    collections_create: collectionsCreateSchema,
+    collections_update: collectionsUpdateSchema,
+    media_create: mediaCreateSchema,
+    media_update: mediaUpdateSchema,
+    ui_state_set: uiStateSetSchema,
+    media_describe: mediaDescribeSchema,
+};

package/package.json

@@ -0,0 +1,37 @@
+{
+  "name": "@zegazone_mcp/mcp",
+  "version": "2.0.0",
+  "type": "module",
+  "description": "MCP server wrapper for Zegazone thirdparty-v1 API",
+  "publishConfig": {
+    "access": "public"
+  },
+  "bin": {
+    "zegazone-mcp": "dist/index.js"
+  },
+  "files": [
+    "dist/",
+    "README.md",
+    "scripts/oauth-pair.mjs"
+  ],
+  "scripts": {
+    "build": "tsc -p tsconfig.json && node scripts/add-shebang.mjs",
+    "start": "node dist/index.js",
+    "dev": "tsx src/index.ts",
+    "oauth-pair": "node scripts/oauth-pair.mjs",
+    "smoke": "node tests/smoke.mjs",
+    "smoke:full": "node tests/smoke-thirdparty-v1.mjs",
+    "test:error-format": "npm run build && node tests/error-format.mjs",
+    "test:token-provider": "npm run build && node tests/token-provider-file-priority.mjs",
+    "test": "npm run build && node tests/error-format.mjs && node tests/token-provider-file-priority.mjs"
+  },
+  "dependencies": {
+    "@modelcontextprotocol/sdk": "^1.12.0",
+    "zod": "^3.24.1"
+  },
+  "devDependencies": {
+    "@types/node": "^22.10.2",
+    "tsx": "^4.19.2",
+    "typescript": "^5.8.3"
+  }
+}