@zeph-to/mcp-server 1.11.1 → 1.11.3

package/README.md

@@ -1,5 +1,10 @@
 # @zeph-to/mcp-server
 
+[![npm](https://img.shields.io/npm/v/@zeph-to/mcp-server.svg)](https://www.npmjs.com/package/@zeph-to/mcp-server)
+[![downloads](https://img.shields.io/npm/dm/@zeph-to/mcp-server.svg)](https://www.npmjs.com/package/@zeph-to/mcp-server)
+[![node](https://img.shields.io/node/v/@zeph-to/mcp-server.svg)](https://nodejs.org)
+[![license](https://img.shields.io/npm/l/@zeph-to/mcp-server.svg)](./LICENSE)
+
 Zeph MCP server for AI agents. Send notifications, copy to clipboard, request confirmations, and collect text input from users across their devices — all via the [Model Context Protocol](https://modelcontextprotocol.io).
 
 ## Setup
@@ -7,7 +12,7 @@ Zeph MCP server for AI agents. Send notifications, copy to clipboard, request co
 The easiest way to set up for all agents at once:
 
 ```bash
-npx @zeph-to/hook-sdk install
+npx @zeph-to/cli install
 ```
 
 This saves credentials to `~/.zeph/config.json` and configures your agents automatically. The MCP server reads from this file — no env vars needed.
@@ -54,7 +59,7 @@ Add to `~/.claude/settings.json`:
 | `ZEPH_BASE_URL` | No | API base URL (default: `https://api.zeph.to/v1`) |
 | `ZEPH_DISABLE_SESSION_CACHE` | No | Set to `1`/`true` to skip writing the session-id handoff file under `~/.cache/zeph/`. Useful for read-only filesystems, ephemeral CI runners, or sandboxed envs that audit filesystem writes. The plugin's stop hook still works without it (transcript-path UUID extraction is the primary path; the cache is a fallback for older Claude Code versions). |
 
-\* If env vars are not set, the server reads from `~/.zeph/config.json` (created by `npx @zeph-to/hook-sdk install`). Unresolved `${...}` interpolations are also treated as unset.
+\* If env vars are not set, the server reads from `~/.zeph/config.json` (created by `npx @zeph-to/cli install`). Unresolved `${...}` interpolations are also treated as unset.
 
 ## Tools
 

package/dist/api-client.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"api-client.d.ts","sourceRoot":"","sources":["../src/api-client.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AACnD,OAAO,KAAK,EAEV,YAAY,EACZ,mBAAmB,EACnB,iBAAiB,EACjB,eAAe,EACf,gBAAgB,EAChB,eAAe,EACf,gBAAgB,EAChB,qBAAqB,EACtB,MAAM,YAAY,CAAC;AAEpB,qBAAa,QAAS,SAAQ,KAAK;aAGf,IAAI,EAAE,MAAM;aACZ,MAAM,EAAE,MAAM;gBAF9B,OAAO,EAAE,MAAM,EACC,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,MAAM;CAKjC;AAKD,qBAAa,aAAa;IACxB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAS;IAChC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAS;gBAErB,MAAM,EAAE,eAAe;IAK7B,QAAQ,CAAC,MAAM,EAAE;QACrB,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,GAAG,CAAC,EAAE,MAAM,CAAC;QACb,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,cAAc,CAAC,EAAE,MAAM,CAAC;QACxB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,KAAK,CAAC,EAAE;YAAE,OAAO,EAAE,MAAM,CAAC;YAAC,QAAQ,EAAE,MAAM,CAAC;YAAC,QAAQ,EAAE,MAAM,CAAC;YAAC,QAAQ,EAAE,MAAM,CAAC;YAAC,EAAE,CAAC,EAAE,MAAM,CAAC;YAAC,YAAY,CAAC,EAAE,MAAM,CAAA;SAAE,EAAE,CAAC;QACxH,WAAW,CAAC,EAAE,OAAO,CAAC;QACtB,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,eAAe,CAAC,EAAE,MAAM,CAAC;KAC1B,GAAG,OAAO,CAAC,YAAY,CAAC;IAInB,WAAW,CACf,MAAM,EAAE,MAAM,EACd,MAAM,EAAE;QACN,KAAK,EAAE,MAAM,CAAC;QACd,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,OAAO,CAAC,EAAE;YAAE,EAAE,EAAE,MAAM,CAAC;YAAC,KAAK,EAAE,MAAM,CAAA;SAAE,EAAE,CAAC;QAC1C,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QACnC,QAAQ,CAAC,EAAE,SAAS,GAAG,aAAa,GAAG,OAAO,GAAG,OAAO,CAAC;QACzD,KAAK,CAAC,EAAE;YAAE,OAAO,EAAE,MAAM,CAAC;YAAC,QAAQ,EAAE,MAAM,CAAC;YAAC,QAAQ,EAAE,MAAM,CAAC;YAAC,QAAQ,EAAE,MAAM,CAAC;YAAC,EAAE,CAAC,EAAE,MAAM,CAAC;YAAC,YAAY,CAAC,EAAE,MAAM,CAAA;SAAE,EAAE,CAAC;QACxH,SAAS,CAAC,EAAE,MAAM,CAAC;KACpB,GACA,OAAO,CAAC,mBAAmB,CAAC;IAIzB,YAAY,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,CAAC;IAIzE,WAAW,IAAI,OAAO,CAAC,eAAe,CAAC;IAIvC,UAAU,CAAC,MAAM,CAAC,EAAE;QAAE,KAAK,CAAC,EAAE,MAAM,CAAC;QAAC,IAAI,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAQjF,WAAW,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC;IAIrD,gBAAgB,IAAI,OAAO,CAAC,eAAe,CAAC;IAI5C,YAAY,IAAI,OAAO,CAAC,gBAAgB,CAAC;IAIzC,aAAa,CAAC,MAAM,EAAE;QAC1B,QAAQ,EAAE,MAAM,CAAC;QACjB,QAAQ,EAAE,MAAM,CAAC;QACjB,QAAQ,EAAE,MAAM,CAAC;KAClB,GAAG,OAAO,CAAC,qBAAqB,CAAC;IAI5B,UAAU,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;YAc7E,OAAO;CAsCtB"}
+{"version":3,"file":"api-client.d.ts","sourceRoot":"","sources":["../src/api-client.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AACnD,OAAO,KAAK,EAEV,YAAY,EACZ,mBAAmB,EACnB,iBAAiB,EACjB,eAAe,EACf,gBAAgB,EAChB,eAAe,EACf,gBAAgB,EAChB,qBAAqB,EACtB,MAAM,YAAY,CAAC;AAEpB,qBAAa,QAAS,SAAQ,KAAK;aAGf,IAAI,EAAE,MAAM;aACZ,MAAM,EAAE,MAAM;gBAF9B,OAAO,EAAE,MAAM,EACC,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,MAAM;CAKjC;AAKD,qBAAa,aAAa;IACxB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAS;IAChC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAS;gBAErB,MAAM,EAAE,eAAe;IAK7B,QAAQ,CAAC,MAAM,EAAE;QACrB,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,GAAG,CAAC,EAAE,MAAM,CAAC;QACb,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,cAAc,CAAC,EAAE,MAAM,CAAC;QACxB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,KAAK,CAAC,EAAE;YAAE,OAAO,EAAE,MAAM,CAAC;YAAC,QAAQ,EAAE,MAAM,CAAC;YAAC,QAAQ,EAAE,MAAM,CAAC;YAAC,QAAQ,EAAE,MAAM,CAAC;YAAC,EAAE,CAAC,EAAE,MAAM,CAAC;YAAC,YAAY,CAAC,EAAE,MAAM,CAAA;SAAE,EAAE,CAAC;QACxH,WAAW,CAAC,EAAE,OAAO,CAAC;QACtB,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,eAAe,CAAC,EAAE,MAAM,CAAC;KAC1B,GAAG,OAAO,CAAC,YAAY,CAAC;IAInB,WAAW,CACf,MAAM,EAAE,MAAM,EACd,MAAM,EAAE;QACN,KAAK,EAAE,MAAM,CAAC;QACd,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,OAAO,CAAC,EAAE;YAAE,EAAE,EAAE,MAAM,CAAC;YAAC,KAAK,EAAE,MAAM,CAAA;SAAE,EAAE,CAAC;QAC1C,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QACnC,QAAQ,CAAC,EAAE,SAAS,GAAG,aAAa,GAAG,OAAO,GAAG,OAAO,CAAC;QACzD,KAAK,CAAC,EAAE;YAAE,OAAO,EAAE,MAAM,CAAC;YAAC,QAAQ,EAAE,MAAM,CAAC;YAAC,QAAQ,EAAE,MAAM,CAAC;YAAC,QAAQ,EAAE,MAAM,CAAC;YAAC,EAAE,CAAC,EAAE,MAAM,CAAC;YAAC,YAAY,CAAC,EAAE,MAAM,CAAA;SAAE,EAAE,CAAC;QACxH,SAAS,CAAC,EAAE,MAAM,CAAC;KACpB,GACA,OAAO,CAAC,mBAAmB,CAAC;IAIzB,YAAY,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,CAAC;IAIzE,WAAW,IAAI,OAAO,CAAC,eAAe,CAAC;IAIvC,UAAU,CAAC,MAAM,CAAC,EAAE;QAAE,KAAK,CAAC,EAAE,MAAM,CAAC;QAAC,IAAI,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAQjF,WAAW,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC;IAIrD,gBAAgB,IAAI,OAAO,CAAC,eAAe,CAAC;IAI5C,YAAY,IAAI,OAAO,CAAC,gBAAgB,CAAC;IAIzC,aAAa,CAAC,MAAM,EAAE;QAC1B,QAAQ,EAAE,MAAM,CAAC;QACjB,QAAQ,EAAE,MAAM,CAAC;QACjB,QAAQ,EAAE,MAAM,CAAC;KAClB,GAAG,OAAO,CAAC,qBAAqB,CAAC;IAI5B,UAAU,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;YAc7E,OAAO;CA0CtB"}

package/dist/api-client.js

@@ -91,12 +91,17 @@ class ZephApiClient {
             throw err;
         }
         if (!response.ok) {
+            // Read the body as text once, then try to parse it. A non-JSON
+            // error (HTML proxy page, gateway error) would otherwise be swallowed
+            // silently — surface a truncated snippet so failures are debuggable.
+            const raw = await response.text().catch(() => '');
             let errorBody = null;
             try {
-                errorBody = (await response.json());
+                errorBody = raw ? JSON.parse(raw) : null;
             }
             catch {
-                // Non-JSON error response (e.g., HTML error page)
+                if (raw)
+                    console.error(`[api] ${response.status} non-JSON body: ${raw.slice(0, 200)}`);
             }
             const message = errorBody?.error?.message ?? `Request failed with status ${response.status}`;
             const code = errorBody?.error?.code ?? 'UNKNOWN_ERROR';

package/dist/config.js

@@ -123,7 +123,7 @@ const loadConfig = () => {
     const fileConfig = loadFileConfig();
     const apiKey = resolvedEnv('ZEPH_API_KEY') ?? fileConfig.apiKey;
     if (!apiKey) {
-        throw new Error('ZEPH_API_KEY not found. Run "npx @zeph-to/hook-sdk install" or set ZEPH_API_KEY env var.');
+        throw new Error('ZEPH_API_KEY not found. Run "npx @zeph-to/cli install" or set ZEPH_API_KEY env var.');
     }
     const sessionId = resolvedEnv('ZEPH_SESSION_ID') ?? detectClaudeSessionId() ?? `sess_${(0, crypto_1.randomBytes)(12).toString('base64url')}`;
     const projectDir = process.env.CLAUDE_PROJECT_DIR ?? process.cwd();

package/dist/crypto.d.ts

@@ -27,13 +27,28 @@
  *   sensitive-but-not-secret.
  */
 /**
- * Initialize crypto: sync keys with server, then fallback to local/generate.
- * Server is source of truth for per-user key pair.
+ * Initialize crypto.
+ *
+ * The MCP server is a CONSUMER of encryption keys, not a generator. Keys
+ * are created in the Zeph app where the user explicitly opts in (Settings
+ * → Encryption). This function only imports keys that the server already
+ * has, and only when the server confirms encryption is enabled.
+ *
+ * Any other state — server says disabled, server has no keys, server is
+ * unreachable — leaves encryption OFF (cache empty, no fallback). A
+ * previous version generated and uploaded a fresh keypair on the "no keys
+ * anywhere" path; combined with a transient fetch failure, that silently
+ * turned encryption on without user consent and locked the account into
+ * an "encryption enabled" state on the server.
+ *
+ * Opt-out: `ZEPH_DISABLE_ENCRYPTION=1` forces crypto off regardless of
+ * server state — useful while cleaning up legacy state or for users who
+ * never want encryption.
+ *
  * Safe to call concurrently — deduplicates to single init.
- * Returns the exported public key (Base64 SPKI).
+ * Returns the exported public key when encryption is active, '' otherwise.
  *
- * NOTE: when `apiKey` is provided, `baseUrl` is required — otherwise a
- * caller in a dev environment would silently upload keys to prod.
+ * NOTE: when `apiKey` is provided, `baseUrl` is required.
  */
 export declare const initCrypto: (apiKey?: string, baseUrl?: string) => Promise<string>;
 export declare const getKeyPair: () => CryptoKeyPair | null;

package/dist/crypto.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"crypto.d.ts","sourceRoot":"","sources":["../src/crypto.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AA2JH;;;;;;;;GAQG;AACH,eAAO,MAAM,UAAU,GAAI,SAAS,MAAM,EAAE,UAAU,MAAM,KAAG,OAAO,CAAC,MAAM,CAyE5E,CAAC;AAqCF,eAAO,MAAM,UAAU,QAAO,aAAa,GAAG,IAAqB,CAAC;AACpE,eAAO,MAAM,YAAY,QAAO,MAAM,GAAG,IAA+B,CAAC;AAEzE;;GAEG;AACH,eAAO,MAAM,sBAAsB,GACjC,OAAO;IAAE,KAAK,CAAC,EAAE,MAAM,CAAC;IAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IAAC,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,KACrD,OAAO,CAAC;IACT,IAAI,EAAE,MAAM,CAAC;IACb,YAAY,EAAE,MAAM,CAAC;IACrB,eAAe,EAAE,MAAM,CAAC;IACxB,WAAW,EAAE,IAAI,CAAC;CACnB,CAaA,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,kBAAkB,GAC7B,SAAS,MAAM,KACd,OAAO,CAAC;IAAE,UAAU,EAAE,MAAM,CAAC;IAAC,EAAE,EAAE,MAAM,CAAC;IAAC,YAAY,EAAE,MAAM,CAAA;CAAE,CAQlE,CAAC"}
+{"version":3,"file":"crypto.d.ts","sourceRoot":"","sources":["../src/crypto.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AAoJH;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,eAAO,MAAM,UAAU,GAAI,SAAS,MAAM,EAAE,UAAU,MAAM,KAAG,OAAO,CAAC,MAAM,CAsE5E,CAAC;AA8BF,eAAO,MAAM,UAAU,QAAO,aAAa,GAAG,IAAqB,CAAC;AACpE,eAAO,MAAM,YAAY,QAAO,MAAM,GAAG,IAA+B,CAAC;AAEzE;;GAEG;AACH,eAAO,MAAM,sBAAsB,GACjC,OAAO;IAAE,KAAK,CAAC,EAAE,MAAM,CAAC;IAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IAAC,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,KACrD,OAAO,CAAC;IACT,IAAI,EAAE,MAAM,CAAC;IACb,YAAY,EAAE,MAAM,CAAC;IACrB,eAAe,EAAE,MAAM,CAAC;IACxB,WAAW,EAAE,IAAI,CAAC;CACnB,CAaA,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,kBAAkB,GAC7B,SAAS,MAAM,KACd,OAAO,CAAC;IAAE,UAAU,EAAE,MAAM,CAAC;IAAC,EAAE,EAAE,MAAM,CAAC;IAAC,YAAY,EAAE,MAAM,CAAA;CAAE,CAQlE,CAAC"}

package/dist/crypto.js

@@ -34,32 +34,17 @@ const fs_1 = require("fs");
 const os_1 = require("os");
 const path_1 = require("path");
 // ─── Base64 helpers ───
-const toBase64 = (buffer) => {
-    const bytes = new Uint8Array(buffer);
-    let binary = '';
-    for (let i = 0; i < bytes.length; i++) {
-        binary += String.fromCharCode(bytes[i]);
-    }
-    return btoa(binary);
-};
+const toBase64 = (buffer) => Buffer.from(buffer).toString('base64');
 const fromBase64 = (base64) => {
-    const binary = atob(base64);
-    const bytes = new Uint8Array(binary.length);
-    for (let i = 0; i < binary.length; i++) {
-        bytes[i] = binary.charCodeAt(i);
-    }
-    return bytes.buffer;
+    const buf = Buffer.from(base64, 'base64');
+    // Slice to the exact byte range — Buffer may share a larger pooled
+    // ArrayBuffer, so `.buffer` alone could expose unrelated memory.
+    return buf.buffer.slice(buf.byteOffset, buf.byteOffset + buf.byteLength);
 };
 // ─── ECDH key management ───
 const ECDH_PARAMS = { name: 'ECDH', namedCurve: 'P-256' };
-const generateKeyPair = async () => crypto.subtle.generateKey(ECDH_PARAMS, true, ['deriveKey', 'deriveBits']);
-const exportKeyPair = async (keyPair) => {
-    const [publicRaw, privateRaw] = await Promise.all([
-        crypto.subtle.exportKey('spki', keyPair.publicKey),
-        crypto.subtle.exportKey('pkcs8', keyPair.privateKey),
-    ]);
-    return { publicKey: toBase64(publicRaw), privateKey: toBase64(privateRaw) };
-};
+// generateKeyPair / exportKeyPair were removed in fix/no-auto-encryption.
+// This module imports keys only; it never creates or exports them.
 const importPublicKey = async (base64) => crypto.subtle.importKey('spki', fromBase64(base64), ECDH_PARAMS, true, []);
 const importPrivateKey = async (base64) => crypto.subtle.importKey('pkcs8', fromBase64(base64), ECDH_PARAMS, true, ['deriveKey', 'deriveBits']);
 const importKeyPair = async (exported) => {
@@ -117,80 +102,102 @@ const storeKeys = (exported) => {
     (0, fs_1.mkdirSync)(KEYS_DIR, { recursive: true, mode: 0o700 });
     (0, fs_1.writeFileSync)(KEYS_PATH, JSON.stringify(exported, null, 2), { mode: 0o600 });
 };
+const deleteStoredKeys = () => {
+    try {
+        (0, fs_1.unlinkSync)(KEYS_PATH);
+    }
+    catch { /* not present — fine */ }
+};
+const envIsTrue = (key) => {
+    const v = process.env[key];
+    return !!v && /^(1|true|yes|on)$/i.test(v.trim());
+};
 // ─── Cached state ───
 let cachedKeyPair = null;
 let cachedExportedPublicKey = null;
 let cachedOwnPublicKey = null;
 let initPromise = null;
 /**
- * Initialize crypto: sync keys with server, then fallback to local/generate.
- * Server is source of truth for per-user key pair.
+ * Initialize crypto.
+ *
+ * The MCP server is a CONSUMER of encryption keys, not a generator. Keys
+ * are created in the Zeph app where the user explicitly opts in (Settings
+ * → Encryption). This function only imports keys that the server already
+ * has, and only when the server confirms encryption is enabled.
+ *
+ * Any other state — server says disabled, server has no keys, server is
+ * unreachable — leaves encryption OFF (cache empty, no fallback). A
+ * previous version generated and uploaded a fresh keypair on the "no keys
+ * anywhere" path; combined with a transient fetch failure, that silently
+ * turned encryption on without user consent and locked the account into
+ * an "encryption enabled" state on the server.
+ *
+ * Opt-out: `ZEPH_DISABLE_ENCRYPTION=1` forces crypto off regardless of
+ * server state — useful while cleaning up legacy state or for users who
+ * never want encryption.
+ *
  * Safe to call concurrently — deduplicates to single init.
- * Returns the exported public key (Base64 SPKI).
+ * Returns the exported public key when encryption is active, '' otherwise.
  *
- * NOTE: when `apiKey` is provided, `baseUrl` is required — otherwise a
- * caller in a dev environment would silently upload keys to prod.
+ * NOTE: when `apiKey` is provided, `baseUrl` is required.
  */
 const initCrypto = (apiKey, baseUrl) => {
+    // Hard opt-out — skip everything, leave cache empty.
+    if (envIsTrue('ZEPH_DISABLE_ENCRYPTION')) {
+        cachedKeyPair = null;
+        cachedExportedPublicKey = null;
+        cachedOwnPublicKey = null;
+        return Promise.resolve('');
+    }
     if (apiKey && !baseUrl) {
         return Promise.reject(new Error('initCrypto: baseUrl is required when apiKey is provided. ' +
-            'Pass the resolved config.baseUrl to avoid silently syncing dev keys to prod.'));
+            'Pass the resolved config.baseUrl to avoid talking to the wrong environment.'));
     }
     if (initPromise)
         return initPromise;
-    // The check above guarantees baseUrl is defined when apiKey is — narrow once.
     const baseUrlRequired = apiKey ? baseUrl : baseUrl;
     initPromise = (async () => {
-        const stored = loadStoredKeys();
-        // Try server sync if API key available
         if (apiKey) {
             const serverResult = await fetchServerKeys(apiKey, baseUrlRequired);
-            // Server says encryption disabled — skip crypto init
-            if (serverResult && !serverResult.encryptionEnabled) {
+            // The only path that turns encryption ON: server confirms enabled AND
+            // hands us a real keypair. Everything else leaves the cache empty.
+            const haveServerKeys = !!serverResult && serverResult.encryptionEnabled && !!serverResult.keys;
+            if (!haveServerKeys) {
                 cachedKeyPair = null;
                 cachedExportedPublicKey = null;
                 cachedOwnPublicKey = null;
-                return '';
-            }
-            if (serverResult?.keys) {
-                if (!stored || stored.publicKey !== serverResult.keys.publicKey) {
-                    storeKeys(serverResult.keys);
+                // If the server is reachable and explicitly says encryption is off,
+                // drop any stale local cache so a future regression can't resurrect
+                // a keypair that the user already disabled.
+                if (serverResult && !serverResult.encryptionEnabled) {
+                    deleteStoredKeys();
                 }
-                cachedKeyPair = await importKeyPair(serverResult.keys);
-                cachedExportedPublicKey = serverResult.keys.publicKey;
-                cachedOwnPublicKey = cachedKeyPair.publicKey;
-                return serverResult.keys.publicKey;
+                return '';
             }
-            if (stored) {
-                await uploadServerKeys(stored, apiKey, baseUrlRequired);
-                cachedKeyPair = await importKeyPair(stored);
-                cachedExportedPublicKey = stored.publicKey;
-                cachedOwnPublicKey = cachedKeyPair.publicKey;
-                return stored.publicKey;
+            const keys = serverResult.keys;
+            const stored = loadStoredKeys();
+            if (!stored || stored.publicKey !== keys.publicKey) {
+                storeKeys(keys);
             }
-            const keyPair = await generateKeyPair();
-            const exported = await exportKeyPair(keyPair);
-            storeKeys(exported);
-            await uploadServerKeys(exported, apiKey, baseUrlRequired);
-            cachedKeyPair = keyPair;
-            cachedExportedPublicKey = exported.publicKey;
-            cachedOwnPublicKey = keyPair.publicKey;
-            return exported.publicKey;
-        }
-        // No API key — local-only mode
-        if (stored) {
-            cachedKeyPair = await importKeyPair(stored);
-            cachedExportedPublicKey = stored.publicKey;
+            cachedKeyPair = await importKeyPair(keys);
+            cachedExportedPublicKey = keys.publicKey;
             cachedOwnPublicKey = cachedKeyPair.publicKey;
-            return stored.publicKey;
+            return keys.publicKey;
         }
-        const keyPair = await generateKeyPair();
-        const exported = await exportKeyPair(keyPair);
-        storeKeys(exported);
-        cachedKeyPair = keyPair;
-        cachedExportedPublicKey = exported.publicKey;
-        cachedOwnPublicKey = keyPair.publicKey;
-        return exported.publicKey;
+        // Local-only mode (no apiKey): load stored keys if they exist; do NOT
+        // generate. Used by tests and offline / pre-provisioned setups where
+        // a keypair has been dropped into ~/.config/zeph/keys.json out-of-band.
+        const stored = loadStoredKeys();
+        if (!stored) {
+            cachedKeyPair = null;
+            cachedExportedPublicKey = null;
+            cachedOwnPublicKey = null;
+            return '';
+        }
+        cachedKeyPair = await importKeyPair(stored);
+        cachedExportedPublicKey = stored.publicKey;
+        cachedOwnPublicKey = cachedKeyPair.publicKey;
+        return stored.publicKey;
     })().catch((err) => {
         initPromise = null;
         throw err;
@@ -216,17 +223,9 @@ const fetchServerKeys = async (apiKey, baseUrl) => {
         return null;
     }
 };
-const uploadServerKeys = async (keys, apiKey, baseUrl) => {
-    try {
-        const url = `${baseUrl.replace(/\/$/, '')}/users/me/keys`;
-        await fetch(url, {
-            method: 'PUT',
-            headers: { 'X-API-Key': apiKey, 'Content-Type': 'application/json' },
-            body: JSON.stringify(keys),
-        });
-    }
-    catch { /* non-critical */ }
-};
+// uploadServerKeys was removed in fix/no-auto-encryption — the MCP server
+// must never write to /users/me/keys. Keys are created by the Zeph app
+// where the user explicitly opts in.
 const getKeyPair = () => cachedKeyPair;
 exports.getKeyPair = getKeyPair;
 const getPublicKey = () => cachedExportedPublicKey;

package/dist/poll.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"poll.d.ts","sourceRoot":"","sources":["../src/poll.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AACrD,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAEpD,MAAM,WAAW,WAAW;IAC1B,KAAK,CAAC,EAAE;QAAE,aAAa,CAAC,EAAE,MAAM,GAAG,MAAM,CAAA;KAAE,CAAC;IAE5C,gBAAgB,EAAE,CAAC,YAAY,EAAE,GAAG,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;CACxD;AAOD,eAAO,MAAM,eAAe,GAC1B,QAAQ,aAAa,EACrB,QAAQ,MAAM,EACd,SAAS,MAAM,EACf,gBAAgB,MAAM,EACtB,KAAK,WAAW,KACf,OAAO,CAAC,iBAAiB,GAAG,IAAI,CAwClC,CAAC"}
+{"version":3,"file":"poll.d.ts","sourceRoot":"","sources":["../src/poll.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AACrD,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAEpD,MAAM,WAAW,WAAW;IAC1B,KAAK,CAAC,EAAE;QAAE,aAAa,CAAC,EAAE,MAAM,GAAG,MAAM,CAAA;KAAE,CAAC;IAE5C,gBAAgB,EAAE,CAAC,YAAY,EAAE,GAAG,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;CACxD;AAOD,eAAO,MAAM,eAAe,GAC1B,QAAQ,aAAa,EACrB,QAAQ,MAAM,EACd,SAAS,MAAM,EACf,gBAAgB,MAAM,EACtB,KAAK,WAAW,KACf,OAAO,CAAC,iBAAiB,GAAG,IAAI,CA6ClC,CAAC"}

package/dist/poll.js

@@ -17,6 +17,11 @@ const pollForResponse = async (client, hookId, eventId, timeoutSeconds, ctx) =>
             throw new Error('User cancelled the request');
         if (event.data.status === 'timed_out')
             return null;
+        // Only 'pending' should keep us polling. Anything else is server
+        // contract drift — fail fast instead of spinning until the timeout.
+        if (event.data.status !== 'pending') {
+            throw new Error(`Unexpected hook event status: ${String(event.data.status)}`);
+        }
         // Throttled progress notification (every 5s)
         if (progressToken !== undefined) {
             const elapsed = Math.floor((Date.now() - startTime) / 1000);

package/dist/sanitize.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"sanitize.d.ts","sourceRoot":"","sources":["../src/sanitize.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAEH,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,SAAS,GAAG,WAAW,GAAG,QAAQ,CAAC;CAC5C;AAeD;;;GAGG;AACH,eAAO,MAAM,YAAY,GAAI,MAAM,MAAM,GAAG,SAAS,KAAG,MAAM,GAAG,SAIhE,CAAC;AASF;;;GAGG;AACH,eAAO,MAAM,cAAc,GAAI,MAAM,MAAM,GAAG,SAAS,KAAG,eAAe,EAAE,GAAG,SAgB7E,CAAC"}
+{"version":3,"file":"sanitize.d.ts","sourceRoot":"","sources":["../src/sanitize.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAEH,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,SAAS,GAAG,WAAW,GAAG,QAAQ,CAAC;CAC5C;AAeD;;;GAGG;AACH,eAAO,MAAM,YAAY,GAAI,MAAM,MAAM,GAAG,SAAS,KAAG,MAAM,GAAG,SAIhE,CAAC;AAkBF;;;GAGG;AACH,eAAO,MAAM,cAAc,GAAI,MAAM,MAAM,GAAG,SAAS,KAAG,eAAe,EAAE,GAAG,SAgB7E,CAAC"}

package/dist/sanitize.js

@@ -42,9 +42,17 @@ const sanitizeText = (text) => {
     return cut === -1 ? text : text.slice(0, cut).trimEnd();
 };
 exports.sanitizeText = sanitizeText;
+// Bounds mirror the zeph_ask contract (1–4 actions). Length caps on the
+// recovered strings keep a malformed/oversized leak from producing absurd
+// buttons; the real server enforces its own limits too.
 const isActionArray = (value) => Array.isArray(value) &&
     value.length > 0 &&
-    value.every((a) => a && typeof a.id === 'string' && typeof a.label === 'string');
+    value.length <= 4 &&
+    value.every((a) => a &&
+        typeof a.id === 'string' &&
+        a.id.length <= 50 &&
+        typeof a.label === 'string' &&
+        a.label.length <= 100);
 /**
  * Recover an `actions` array that leaked into the body of a malformed
  * zeph_ask call. Returns undefined when nothing parseable is found.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@zeph-to/mcp-server",
-  "version": "1.11.1",
+  "version": "1.11.3",
   "description": "Zeph MCP server — AI agent notifications, prompts, and input via MCP protocol",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
@@ -62,5 +62,9 @@
     "cursor",
     "gemini"
   ],
-  "license": "Apache-2.0"
+  "license": "Apache-2.0",
+  "publishConfig": {
+    "access": "public",
+    "registry": "https://registry.npmjs.org/"
+  }
 }