@zeph-to/mcp-server 1.11.0 → 1.11.1

package/dist/poll.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"poll.d.ts","sourceRoot":"","sources":["../src/poll.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AACrD,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAEpD,MAAM,WAAW,WAAW;IAC1B,KAAK,CAAC,EAAE;QAAE,aAAa,CAAC,EAAE,MAAM,GAAG,MAAM,CAAA;KAAE,CAAC;IAE5C,gBAAgB,EAAE,CAAC,YAAY,EAAE,GAAG,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;CACxD;AAOD,eAAO,MAAM,eAAe,GAC1B,QAAQ,aAAa,EACrB,QAAQ,MAAM,EACd,SAAS,MAAM,EACf,gBAAgB,MAAM,EACtB,KAAK,WAAW,KACf,OAAO,CAAC,iBAAiB,GAAG,IAAI,CAsClC,CAAC"}
+{"version":3,"file":"poll.d.ts","sourceRoot":"","sources":["../src/poll.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AACrD,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAEpD,MAAM,WAAW,WAAW;IAC1B,KAAK,CAAC,EAAE;QAAE,aAAa,CAAC,EAAE,MAAM,GAAG,MAAM,CAAA;KAAE,CAAC;IAE5C,gBAAgB,EAAE,CAAC,YAAY,EAAE,GAAG,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;CACxD;AAOD,eAAO,MAAM,eAAe,GAC1B,QAAQ,aAAa,EACrB,QAAQ,MAAM,EACd,SAAS,MAAM,EACf,gBAAgB,MAAM,EACtB,KAAK,WAAW,KACf,OAAO,CAAC,iBAAiB,GAAG,IAAI,CAwClC,CAAC"}

package/dist/poll.js

@@ -33,8 +33,10 @@ const pollForResponse = async (client, hookId, eventId, timeoutSeconds, ctx) =>
                 });
             }
         }
-        // Adaptive interval: 2s for first 5 attempts, then 3s
-        const interval = attempt < 5 ? 2000 : 3000;
+        // Adaptive interval: poll every 1s while the user is likely still at
+        // their device (first ~60 attempts ≈ 1 min), then back off to 3s for
+        // long waits. The tight 1s window keeps post-tap detection snappy.
+        const interval = attempt < 60 ? 1000 : 3000;
         await sleep(interval);
         attempt++;
     }

package/dist/sanitize.d.ts

@@ -0,0 +1,34 @@
+/**
+ * Defensive cleanup for tool arguments.
+ *
+ * An agent occasionally emits a malformed tool call where a parameter's
+ * closing tag is wrong, so the serialized markup of the *following*
+ * parameters bleeds into an earlier string argument.
+ *
+ * Observed in the wild — a zeph_ask `body` arrived as:
+ *
+ *   "...Commit now or test first?</body>
+ *    <parameter name=\"actions\">[{\"id\":\"commit\",...}]"
+ *
+ * The actions JSON leaked into `body`, and `actions` itself arrived
+ * undefined — so the push showed the raw markup and no buttons.
+ *
+ * sanitizeText strips the leaked markup; recoverActions pulls the
+ * swallowed actions array back out so the call still works.
+ */
+export interface RecoveredAction {
+    id: string;
+    label: string;
+    style?: 'primary' | 'secondary' | 'danger';
+}
+/**
+ * Strip leaked tool-call markup from a free-text argument. Returns the
+ * text unchanged when no leak is detected.
+ */
+export declare const sanitizeText: (text: string | undefined) => string | undefined;
+/**
+ * Recover an `actions` array that leaked into the body of a malformed
+ * zeph_ask call. Returns undefined when nothing parseable is found.
+ */
+export declare const recoverActions: (text: string | undefined) => RecoveredAction[] | undefined;
+//# sourceMappingURL=sanitize.d.ts.map

package/dist/sanitize.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sanitize.d.ts","sourceRoot":"","sources":["../src/sanitize.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAEH,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,SAAS,GAAG,WAAW,GAAG,QAAQ,CAAC;CAC5C;AAeD;;;GAGG;AACH,eAAO,MAAM,YAAY,GAAI,MAAM,MAAM,GAAG,SAAS,KAAG,MAAM,GAAG,SAIhE,CAAC;AASF;;;GAGG;AACH,eAAO,MAAM,cAAc,GAAI,MAAM,MAAM,GAAG,SAAS,KAAG,eAAe,EAAE,GAAG,SAgB7E,CAAC"}

package/dist/sanitize.js

@@ -0,0 +1,71 @@
+"use strict";
+/**
+ * Defensive cleanup for tool arguments.
+ *
+ * An agent occasionally emits a malformed tool call where a parameter's
+ * closing tag is wrong, so the serialized markup of the *following*
+ * parameters bleeds into an earlier string argument.
+ *
+ * Observed in the wild — a zeph_ask `body` arrived as:
+ *
+ *   "...Commit now or test first?</body>
+ *    <parameter name=\"actions\">[{\"id\":\"commit\",...}]"
+ *
+ * The actions JSON leaked into `body`, and `actions` itself arrived
+ * undefined — so the push showed the raw markup and no buttons.
+ *
+ * sanitizeText strips the leaked markup; recoverActions pulls the
+ * swallowed actions array back out so the call still works.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.recoverActions = exports.sanitizeText = void 0;
+// Markers that should never appear in a real notification body — their
+// presence means tool-call markup has leaked in. Cut at the earliest one.
+const LEAK_MARKERS = ['</body>', '</parameter>', '<parameter name=', '<parameter '];
+const findLeakStart = (text) => {
+    let earliest = -1;
+    for (const marker of LEAK_MARKERS) {
+        const idx = text.indexOf(marker);
+        if (idx !== -1 && (earliest === -1 || idx < earliest))
+            earliest = idx;
+    }
+    return earliest;
+};
+/**
+ * Strip leaked tool-call markup from a free-text argument. Returns the
+ * text unchanged when no leak is detected.
+ */
+const sanitizeText = (text) => {
+    if (!text)
+        return text;
+    const cut = findLeakStart(text);
+    return cut === -1 ? text : text.slice(0, cut).trimEnd();
+};
+exports.sanitizeText = sanitizeText;
+const isActionArray = (value) => Array.isArray(value) &&
+    value.length > 0 &&
+    value.every((a) => a && typeof a.id === 'string' && typeof a.label === 'string');
+/**
+ * Recover an `actions` array that leaked into the body of a malformed
+ * zeph_ask call. Returns undefined when nothing parseable is found.
+ */
+const recoverActions = (text) => {
+    if (!text)
+        return undefined;
+    const marker = text.search(/<(?:antml:)?parameter name="actions">/);
+    if (marker === -1)
+        return undefined;
+    const after = text.slice(marker);
+    const start = after.indexOf('[');
+    const end = after.lastIndexOf(']');
+    if (start === -1 || end <= start)
+        return undefined;
+    try {
+        const parsed = JSON.parse(after.slice(start, end + 1));
+        return isActionArray(parsed) ? parsed : undefined;
+    }
+    catch {
+        return undefined;
+    }
+};
+exports.recoverActions = recoverActions;

package/dist/tools/ask.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"ask.d.ts","sourceRoot":"","sources":["../../src/tools/ask.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAEzE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAGtD,OAAO,EAAmB,KAAK,eAAe,EAAE,MAAM,cAAc,CAAC;AAuBrE,eAAO,MAAM,eAAe,GAAI,QAAQ,SAAS,EAAE,QAAQ,aAAa,EAAE,QAAQ,eAAe,SAwHhG,CAAC"}
+{"version":3,"file":"ask.d.ts","sourceRoot":"","sources":["../../src/tools/ask.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAEzE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAGtD,OAAO,EAAmB,KAAK,eAAe,EAAE,MAAM,cAAc,CAAC;AAwBrE,eAAO,MAAM,eAAe,GAAI,QAAQ,SAAS,EAAE,QAAQ,aAAa,EAAE,QAAQ,eAAe,SAgIhG,CAAC"}

package/dist/tools/ask.js

@@ -7,6 +7,7 @@ const poll_js_1 = require("../poll.js");
 const config_js_1 = require("../config.js");
 const crypto_js_1 = require("../crypto.js");
 const mime_js_1 = require("../mime.js");
+const sanitize_js_1 = require("../sanitize.js");
 // The device feed shows a short preview of the body. Anything longer than
 // this gets truncated there, so we attach the full text as a file — the
 // user can always open the complete content instead of squinting at a
@@ -63,16 +64,22 @@ const registerAskTool = (server, client, config) => {
             return (0, error_format_js_1.hookNotConfiguredError)();
         try {
             const pushTitle = (0, config_js_1.formatPushTitle)(config.projectName, title);
+            // Defend against malformed tool calls where the actions array leaked
+            // into the body (a mis-closed `body` parameter). Recover the actions
+            // from the raw body first, then strip the leaked markup. Without this
+            // the push arrives with no buttons and raw markup in the text.
+            const effectiveActions = actions && actions.length > 0 ? actions : (0, sanitize_js_1.recoverActions)(body);
+            const cleanBody = (0, sanitize_js_1.sanitizeText)(body);
             // Attach a file whenever the body would be clipped in the feed preview.
-            const exceedsPreview = !!body && body.length > PREVIEW_LENGTH;
-            let triggerBody = body;
+            const exceedsPreview = !!cleanBody && cleanBody.length > PREVIEW_LENGTH;
+            let triggerBody = cleanBody;
             let files;
-            if (exceedsPreview && body) {
+            if (exceedsPreview && cleanBody) {
                 const fileName = 'response.md';
                 const fileType = (0, mime_js_1.inferMimeType)(fileName);
                 const canEncrypt = !!(0, crypto_js_1.getKeyPair)() && !!(0, crypto_js_1.getPublicKey)();
                 // Self-contained Markdown so the file alone tells the whole story.
-                const fileMarkdown = buildAskMarkdown(title, body, actions);
+                const fileMarkdown = buildAskMarkdown(title, cleanBody, effectiveActions);
                 const fileBytes = new TextEncoder().encode(fileMarkdown).byteLength;
                 let uploadContent = fileMarkdown;
                 let uploadContentType = fileType;
@@ -92,13 +99,13 @@ const registerAskTool = (server, client, config) => {
                 }
                 const upload = await client.requestUpload({ fileName, fileType: uploadContentType, fileSize: typeof uploadContent === 'string' ? fileBytes : uploadContent.length });
                 await client.uploadToS3(upload.data.uploadUrl, uploadContent, uploadContentType);
-                triggerBody = body.slice(0, PREVIEW_LENGTH) + '...';
+                triggerBody = cleanBody.slice(0, PREVIEW_LENGTH) + '...';
                 files = [{ fileKey: upload.data.fileKey, fileName, fileSize: fileBytes, fileType, iv: fileIv, encryptedKey: fileEncryptedKey }];
             }
             const trigger = await client.triggerHook(config.hookId, {
                 title: pushTitle,
                 body: triggerBody,
-                actions,
+                actions: effectiveActions,
                 timeout,
                 fallback,
                 hookType: 'combo',

package/dist/tools/input.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"input.d.ts","sourceRoot":"","sources":["../../src/tools/input.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAEzE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAGtD,OAAO,EAAmB,KAAK,eAAe,EAAE,MAAM,cAAc,CAAC;AAErE,eAAO,MAAM,iBAAiB,GAAI,QAAQ,SAAS,EAAE,QAAQ,aAAa,EAAE,QAAQ,eAAe,SAwDlG,CAAC"}
+{"version":3,"file":"input.d.ts","sourceRoot":"","sources":["../../src/tools/input.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAEzE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAGtD,OAAO,EAAmB,KAAK,eAAe,EAAE,MAAM,cAAc,CAAC;AAGrE,eAAO,MAAM,iBAAiB,GAAI,QAAQ,SAAS,EAAE,QAAQ,aAAa,EAAE,QAAQ,eAAe,SAwDlG,CAAC"}

package/dist/tools/input.js

@@ -5,6 +5,7 @@ const zod_1 = require("zod");
 const error_format_js_1 = require("../error-format.js");
 const poll_js_1 = require("../poll.js");
 const config_js_1 = require("../config.js");
+const sanitize_js_1 = require("../sanitize.js");
 const registerInputTool = (server, client, config) => {
     server.registerTool('zeph_input', {
         description: 'Request text input from the user via push notification. The tool blocks until the user responds or the timeout is reached. Requires ZEPH_HOOK_ID environment variable.',
@@ -34,7 +35,7 @@ const registerInputTool = (server, client, config) => {
         try {
             const trigger = await client.triggerHook(config.hookId, {
                 title: (0, config_js_1.formatPushTitle)(config.projectName, title),
-                body,
+                body: (0, sanitize_js_1.sanitizeText)(body),
                 timeout,
                 hookType: 'input',
                 metadata: { placeholder, inputType },

package/dist/tools/notify.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"notify.d.ts","sourceRoot":"","sources":["../../src/tools/notify.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACzE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAEtD,OAAO,EAAmB,KAAK,eAAe,EAAE,MAAM,cAAc,CAAC;AAQrE,eAAO,MAAM,kBAAkB,GAAI,QAAQ,SAAS,EAAE,QAAQ,aAAa,EAAE,QAAQ,eAAe,SAiHnG,CAAC"}
+{"version":3,"file":"notify.d.ts","sourceRoot":"","sources":["../../src/tools/notify.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACzE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAEtD,OAAO,EAAmB,KAAK,eAAe,EAAE,MAAM,cAAc,CAAC;AASrE,eAAO,MAAM,kBAAkB,GAAI,QAAQ,SAAS,EAAE,QAAQ,aAAa,EAAE,QAAQ,eAAe,SAmHnG,CAAC"}

package/dist/tools/notify.js

@@ -6,6 +6,7 @@ const error_format_js_1 = require("../error-format.js");
 const config_js_1 = require("../config.js");
 const crypto_js_1 = require("../crypto.js");
 const mime_js_1 = require("../mime.js");
+const sanitize_js_1 = require("../sanitize.js");
 // The device feed shows a short preview of the body. Anything longer gets
 // truncated there, so we attach the full text as a file for full viewing.
 const PREVIEW_LENGTH = 200;
@@ -31,14 +32,16 @@ const registerNotifyTool = (server, client, config) => {
         try {
             const deviceId = targetDeviceId ?? config.deviceId;
             const pushTitle = (0, config_js_1.formatPushTitle)(config.projectName, title);
+            // Strip any tool-call markup that leaked into the body argument.
+            const cleanBody = (0, sanitize_js_1.sanitizeText)(body);
             // Attach a file whenever the body would be clipped in the feed preview.
-            const isLongBody = !!body && body.length > PREVIEW_LENGTH;
+            const isLongBody = !!cleanBody && cleanBody.length > PREVIEW_LENGTH;
             const canEncrypt = !!(0, crypto_js_1.getKeyPair)() && !!(0, crypto_js_1.getPublicKey)();
-            if (isLongBody && body) {
+            if (isLongBody && cleanBody) {
                 const fileName = 'response.md';
                 const fileType = (0, mime_js_1.inferMimeType)(fileName);
                 // Self-contained Markdown so the file alone carries the full text.
-                const fileMarkdown = `# ${title}\n\n${body}`;
+                const fileMarkdown = `# ${title}\n\n${cleanBody}`;
                 const fileBytes = new TextEncoder().encode(fileMarkdown).byteLength;
                 // Encrypt file content if keys available
                 let uploadContent = fileMarkdown;
@@ -59,7 +62,7 @@ const registerNotifyTool = (server, client, config) => {
                 }
                 const upload = await client.requestUpload({ fileName, fileType: uploadContentType, fileSize: typeof uploadContent === 'string' ? fileBytes : uploadContent.length });
                 await client.uploadToS3(upload.data.uploadUrl, uploadContent, uploadContentType);
-                const preview = body.slice(0, PREVIEW_LENGTH) + '...';
+                const preview = cleanBody.slice(0, PREVIEW_LENGTH) + '...';
                 // Encrypt push body (title/preview/url) if keys available
                 let pushPayload = {
                     title: pushTitle,
@@ -86,7 +89,7 @@ const registerNotifyTool = (server, client, config) => {
             // Short body — encrypt push only
             let pushPayload = {
                 title: pushTitle,
-                body,
+                body: cleanBody,
                 url,
                 type: 'hook',
                 priority,
@@ -95,7 +98,7 @@ const registerNotifyTool = (server, client, config) => {
             };
             if (canEncrypt) {
                 try {
-                    const enc = await (0, crypto_js_1.encryptPushBodyForSelf)({ title: pushTitle, body, url });
+                    const enc = await (0, crypto_js_1.encryptPushBodyForSelf)({ title: pushTitle, body: cleanBody, url });
                     pushPayload = { ...pushPayload, title: undefined, body: enc.body, isEncrypted: enc.isEncrypted, encryptedKey: enc.encryptedKey, senderPublicKey: enc.senderPublicKey };
                 }
                 catch (err) {

package/dist/tools/prompt.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"prompt.d.ts","sourceRoot":"","sources":["../../src/tools/prompt.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAEzE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAGtD,OAAO,EAAmB,KAAK,eAAe,EAAE,MAAM,cAAc,CAAC;AAErE,eAAO,MAAM,kBAAkB,GAAI,QAAQ,SAAS,EAAE,QAAQ,aAAa,EAAE,QAAQ,eAAe,SAuEnG,CAAC"}
+{"version":3,"file":"prompt.d.ts","sourceRoot":"","sources":["../../src/tools/prompt.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAEzE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAGtD,OAAO,EAAmB,KAAK,eAAe,EAAE,MAAM,cAAc,CAAC;AAGrE,eAAO,MAAM,kBAAkB,GAAI,QAAQ,SAAS,EAAE,QAAQ,aAAa,EAAE,QAAQ,eAAe,SAuEnG,CAAC"}

package/dist/tools/prompt.js

@@ -5,6 +5,7 @@ const zod_1 = require("zod");
 const error_format_js_1 = require("../error-format.js");
 const poll_js_1 = require("../poll.js");
 const config_js_1 = require("../config.js");
+const sanitize_js_1 = require("../sanitize.js");
 const registerPromptTool = (server, client, config) => {
     server.registerTool('zeph_prompt', {
         description: 'Ask the user to choose from predefined options via push notification. The tool blocks until the user responds or the timeout is reached. Requires ZEPH_HOOK_ID environment variable.',
@@ -43,7 +44,7 @@ const registerPromptTool = (server, client, config) => {
         try {
             const trigger = await client.triggerHook(config.hookId, {
                 title: (0, config_js_1.formatPushTitle)(config.projectName, title),
-                body,
+                body: (0, sanitize_js_1.sanitizeText)(body),
                 actions,
                 timeout,
                 fallback,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@zeph-to/mcp-server",
-  "version": "1.11.0",
+  "version": "1.11.1",
   "description": "Zeph MCP server — AI agent notifications, prompts, and input via MCP protocol",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",