@zeph-to/mcp-server 1.3.0 → 1.4.1

package/README.md

@@ -145,6 +145,25 @@ fallback: "no"       (auto-select on timeout, optional)
 
 Returns: `{ actionId: "yes", timedOut: false }`
 
+### zeph_ask
+
+Ask the user a question with optional quick-reply buttons and a text input field. Combines prompt (buttons) and input (text) in a single notification. Blocks until response or timeout.
+
+Requires `ZEPH_HOOK_ID`.
+
+```
+title:       "What should we do?"
+body:        "3 tests failed in auth module"  (optional)
+actions:     [{ id: "fix", label: "Fix now", style: "primary" },
+              { id: "skip", label: "Skip", style: "secondary" }]  (optional, 1-4)
+placeholder: "Or type a custom response..."  (optional)
+inputType:   "text" | "multiline"  (default: text)
+timeout:     120    (seconds, default: 120, max: 600)
+fallback:    "skip" (auto-select on timeout, optional)
+```
+
+Returns: `{ actionId: "fix", timedOut: false }` or `{ value: "custom text", timedOut: false }`
+
 ### zeph_input
 
 Request free-form text input from the user. Blocks until response or timeout.

package/dist/api-client.d.ts

@@ -39,7 +39,7 @@ export declare class ZephApiClient {
         timeout?: number;
         fallback?: string;
         metadata?: Record<string, unknown>;
-        hookType?: 'one-way' | 'interactive' | 'input';
+        hookType?: 'one-way' | 'interactive' | 'input' | 'combo';
     }): Promise<HookTriggerResponse>;
     getHookEvent(hookId: string, eventId: string): Promise<HookEventResponse>;
     listDevices(): Promise<DevicesResponse>;

package/dist/api-client.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"api-client.d.ts","sourceRoot":"","sources":["../src/api-client.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AACnD,OAAO,KAAK,EAEV,YAAY,EACZ,mBAAmB,EACnB,iBAAiB,EACjB,eAAe,EACf,gBAAgB,EAChB,eAAe,EACf,gBAAgB,EAChB,qBAAqB,EACtB,MAAM,YAAY,CAAC;AAEpB,qBAAa,QAAS,SAAQ,KAAK;aAGf,IAAI,EAAE,MAAM;aACZ,MAAM,EAAE,MAAM;gBAF9B,OAAO,EAAE,MAAM,EACC,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,MAAM;CAKjC;AAKD,qBAAa,aAAa;IACxB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAS;IAChC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAS;gBAErB,MAAM,EAAE,eAAe;IAK7B,QAAQ,CAAC,MAAM,EAAE;QACrB,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,GAAG,CAAC,EAAE,MAAM,CAAC;QACb,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,cAAc,CAAC,EAAE,MAAM,CAAC;QACxB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,KAAK,CAAC,EAAE;YAAE,OAAO,EAAE,MAAM,CAAC;YAAC,QAAQ,EAAE,MAAM,CAAC;YAAC,QAAQ,EAAE,MAAM,CAAC;YAAC,QAAQ,EAAE,MAAM,CAAC;YAAC,EAAE,CAAC,EAAE,MAAM,CAAC;YAAC,YAAY,CAAC,EAAE,MAAM,CAAA;SAAE,EAAE,CAAC;QACxH,WAAW,CAAC,EAAE,OAAO,CAAC;QACtB,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,eAAe,CAAC,EAAE,MAAM,CAAC;KAC1B,GAAG,OAAO,CAAC,YAAY,CAAC;IAInB,WAAW,CACf,MAAM,EAAE,MAAM,EACd,MAAM,EAAE;QACN,KAAK,EAAE,MAAM,CAAC;QACd,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,OAAO,CAAC,EAAE;YAAE,EAAE,EAAE,MAAM,CAAC;YAAC,KAAK,EAAE,MAAM,CAAA;SAAE,EAAE,CAAC;QAC1C,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QACnC,QAAQ,CAAC,EAAE,SAAS,GAAG,aAAa,GAAG,OAAO,CAAC;KAChD,GACA,OAAO,CAAC,mBAAmB,CAAC;IAIzB,YAAY,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,CAAC;IAIzE,WAAW,IAAI,OAAO,CAAC,eAAe,CAAC;IAIvC,UAAU,CAAC,MAAM,CAAC,EAAE;QAAE,KAAK,CAAC,EAAE,MAAM,CAAC;QAAC,IAAI,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAQjF,WAAW,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC;IAIrD,gBAAgB,IAAI,OAAO,CAAC,eAAe,CAAC;IAI5C,YAAY,IAAI,OAAO,CAAC,gBAAgB,CAAC;IAIzC,aAAa,CAAC,MAAM,EAAE;QAC1B,QAAQ,EAAE,MAAM,CAAC;QACjB,QAAQ,EAAE,MAAM,CAAC;QACjB,QAAQ,EAAE,MAAM,CAAC;KAClB,GAAG,OAAO,CAAC,qBAAqB,CAAC;IAI5B,UAAU,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;YAc7E,OAAO;CAsCtB"}
+{"version":3,"file":"api-client.d.ts","sourceRoot":"","sources":["../src/api-client.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AACnD,OAAO,KAAK,EAEV,YAAY,EACZ,mBAAmB,EACnB,iBAAiB,EACjB,eAAe,EACf,gBAAgB,EAChB,eAAe,EACf,gBAAgB,EAChB,qBAAqB,EACtB,MAAM,YAAY,CAAC;AAEpB,qBAAa,QAAS,SAAQ,KAAK;aAGf,IAAI,EAAE,MAAM;aACZ,MAAM,EAAE,MAAM;gBAF9B,OAAO,EAAE,MAAM,EACC,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,MAAM;CAKjC;AAKD,qBAAa,aAAa;IACxB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAS;IAChC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAS;gBAErB,MAAM,EAAE,eAAe;IAK7B,QAAQ,CAAC,MAAM,EAAE;QACrB,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,GAAG,CAAC,EAAE,MAAM,CAAC;QACb,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,cAAc,CAAC,EAAE,MAAM,CAAC;QACxB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,KAAK,CAAC,EAAE;YAAE,OAAO,EAAE,MAAM,CAAC;YAAC,QAAQ,EAAE,MAAM,CAAC;YAAC,QAAQ,EAAE,MAAM,CAAC;YAAC,QAAQ,EAAE,MAAM,CAAC;YAAC,EAAE,CAAC,EAAE,MAAM,CAAC;YAAC,YAAY,CAAC,EAAE,MAAM,CAAA;SAAE,EAAE,CAAC;QACxH,WAAW,CAAC,EAAE,OAAO,CAAC;QACtB,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,eAAe,CAAC,EAAE,MAAM,CAAC;KAC1B,GAAG,OAAO,CAAC,YAAY,CAAC;IAInB,WAAW,CACf,MAAM,EAAE,MAAM,EACd,MAAM,EAAE;QACN,KAAK,EAAE,MAAM,CAAC;QACd,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,OAAO,CAAC,EAAE;YAAE,EAAE,EAAE,MAAM,CAAC;YAAC,KAAK,EAAE,MAAM,CAAA;SAAE,EAAE,CAAC;QAC1C,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QACnC,QAAQ,CAAC,EAAE,SAAS,GAAG,aAAa,GAAG,OAAO,GAAG,OAAO,CAAC;KAC1D,GACA,OAAO,CAAC,mBAAmB,CAAC;IAIzB,YAAY,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,CAAC;IAIzE,WAAW,IAAI,OAAO,CAAC,eAAe,CAAC;IAIvC,UAAU,CAAC,MAAM,CAAC,EAAE;QAAE,KAAK,CAAC,EAAE,MAAM,CAAC;QAAC,IAAI,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAQjF,WAAW,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC;IAIrD,gBAAgB,IAAI,OAAO,CAAC,eAAe,CAAC;IAI5C,YAAY,IAAI,OAAO,CAAC,gBAAgB,CAAC;IAIzC,aAAa,CAAC,MAAM,EAAE;QAC1B,QAAQ,EAAE,MAAM,CAAC;QACjB,QAAQ,EAAE,MAAM,CAAC;QACjB,QAAQ,EAAE,MAAM,CAAC;KAClB,GAAG,OAAO,CAAC,qBAAqB,CAAC;IAI5B,UAAU,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;YAc7E,OAAO;CAsCtB"}

package/dist/crypto.d.ts

@@ -4,27 +4,14 @@
  * Uses Web Crypto API (globalThis.crypto.subtle) — Node.js 18+.
  */
 /**
- * Initialize crypto: load or generate ECDH key pair.
+ * Initialize crypto: sync keys with server, then fallback to local/generate.
+ * Server is source of truth for per-user key pair.
  * Safe to call concurrently — deduplicates to single init.
  * Returns the exported public key (Base64 SPKI).
  */
-export declare const initCrypto: () => Promise<string>;
+export declare const initCrypto: (apiKey?: string, baseUrl?: string) => Promise<string>;
 export declare const getKeyPair: () => CryptoKeyPair | null;
 export declare const getPublicKey: () => string | null;
-/**
- * Encrypt push body for a recipient.
- * Returns fields ready to merge into the sendPush payload.
- */
-export declare const encryptPushBody: (input: {
-    title?: string;
-    body?: string;
-    url?: string;
-}, recipientPublicKeyRaw: string) => Promise<{
-    body: string;
-    encryptedKey: string;
-    senderPublicKey: string;
-    isEncrypted: true;
-}>;
 /**
  * Encrypt push body for self (all own devices).
  */
@@ -38,15 +25,6 @@ export declare const encryptPushBodyForSelf: (input: {
     senderPublicKey: string;
     isEncrypted: true;
 }>;
-/**
- * Encrypt file content for a recipient.
- * Returns encrypted buffer + key material for file attachment metadata.
- */
-export declare const encryptFileForRecipient: (content: string, recipientPublicKeyRaw: string) => Promise<{
-    ciphertext: Buffer;
-    iv: string;
-    encryptedKey: string;
-}>;
 /**
  * Encrypt file content for self (all own devices).
  */

package/dist/crypto.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"crypto.d.ts","sourceRoot":"","sources":["../src/crypto.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AA0JH;;;;GAIG;AACH,eAAO,MAAM,UAAU,QAAO,OAAO,CAAC,MAAM,CAoB3C,CAAC;AAEF,eAAO,MAAM,UAAU,QAAO,aAAa,GAAG,IAAqB,CAAC;AACpE,eAAO,MAAM,YAAY,QAAO,MAAM,GAAG,IAA+B,CAAC;AAEzE;;;GAGG;AACH,eAAO,MAAM,eAAe,GAC1B,OAAO;IAAE,KAAK,CAAC,EAAE,MAAM,CAAC;IAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IAAC,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,EACtD,uBAAuB,MAAM,KAC5B,OAAO,CAAC;IACT,IAAI,EAAE,MAAM,CAAC;IACb,YAAY,EAAE,MAAM,CAAC;IACrB,eAAe,EAAE,MAAM,CAAC;IACxB,WAAW,EAAE,IAAI,CAAC;CACnB,CAeA,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,sBAAsB,GACjC,OAAO;IAAE,KAAK,CAAC,EAAE,MAAM,CAAC;IAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IAAC,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,KACrD,OAAO,CAAC;IACT,IAAI,EAAE,MAAM,CAAC;IACb,YAAY,EAAE,MAAM,CAAC;IACrB,eAAe,EAAE,MAAM,CAAC;IACxB,WAAW,EAAE,IAAI,CAAC;CACnB,CAaA,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,uBAAuB,GAClC,SAAS,MAAM,EACf,uBAAuB,MAAM,KAC5B,OAAO,CAAC;IAAE,UAAU,EAAE,MAAM,CAAC;IAAC,EAAE,EAAE,MAAM,CAAC;IAAC,YAAY,EAAE,MAAM,CAAA;CAAE,CASlE,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,kBAAkB,GAC7B,SAAS,MAAM,KACd,OAAO,CAAC;IAAE,UAAU,EAAE,MAAM,CAAC;IAAC,EAAE,EAAE,MAAM,CAAC;IAAC,YAAY,EAAE,MAAM,CAAA;CAAE,CAQlE,CAAC"}
+{"version":3,"file":"crypto.d.ts","sourceRoot":"","sources":["../src/crypto.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AA0JH;;;;;GAKG;AACH,eAAO,MAAM,UAAU,GAAI,SAAS,MAAM,EAAE,UAAU,MAAM,KAAG,OAAO,CAAC,MAAM,CAwD5E,CAAC;AA4BF,eAAO,MAAM,UAAU,QAAO,aAAa,GAAG,IAAqB,CAAC;AACpE,eAAO,MAAM,YAAY,QAAO,MAAM,GAAG,IAA+B,CAAC;AAEzE;;GAEG;AACH,eAAO,MAAM,sBAAsB,GACjC,OAAO;IAAE,KAAK,CAAC,EAAE,MAAM,CAAC;IAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IAAC,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,KACrD,OAAO,CAAC;IACT,IAAI,EAAE,MAAM,CAAC;IACb,YAAY,EAAE,MAAM,CAAC;IACrB,eAAe,EAAE,MAAM,CAAC;IACxB,WAAW,EAAE,IAAI,CAAC;CACnB,CAaA,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,kBAAkB,GAC7B,SAAS,MAAM,KACd,OAAO,CAAC;IAAE,UAAU,EAAE,MAAM,CAAC;IAAC,EAAE,EAAE,MAAM,CAAC;IAAC,YAAY,EAAE,MAAM,CAAA;CAAE,CAQlE,CAAC"}

package/dist/crypto.js

@@ -5,7 +5,7 @@
  * Uses Web Crypto API (globalThis.crypto.subtle) — Node.js 18+.
  */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.encryptFileForSelf = exports.encryptFileForRecipient = exports.encryptPushBodyForSelf = exports.encryptPushBody = exports.getPublicKey = exports.getKeyPair = exports.initCrypto = void 0;
+exports.encryptFileForSelf = exports.encryptPushBodyForSelf = exports.getPublicKey = exports.getKeyPair = exports.initCrypto = void 0;
 /// <reference lib="dom" />
 const fs_1 = require("fs");
 const path_1 = require("path");
@@ -90,7 +90,7 @@ const loadStoredKeys = () => {
     }
 };
 const storeKeys = (exported) => {
-    (0, fs_1.mkdirSync)(KEYS_DIR, { recursive: true });
+    (0, fs_1.mkdirSync)(KEYS_DIR, { recursive: true, mode: 0o700 });
     (0, fs_1.writeFileSync)(KEYS_PATH, JSON.stringify(exported, null, 2), { mode: 0o600 });
 };
 // ─── Cached state ───
@@ -99,15 +99,45 @@ let cachedExportedPublicKey = null;
 let cachedOwnPublicKey = null;
 let initPromise = null;
 /**
- * Initialize crypto: load or generate ECDH key pair.
+ * Initialize crypto: sync keys with server, then fallback to local/generate.
+ * Server is source of truth for per-user key pair.
  * Safe to call concurrently — deduplicates to single init.
  * Returns the exported public key (Base64 SPKI).
  */
-const initCrypto = () => {
+const initCrypto = (apiKey, baseUrl) => {
     if (initPromise)
         return initPromise;
     initPromise = (async () => {
         const stored = loadStoredKeys();
+        // Try server sync if API key available
+        if (apiKey) {
+            const serverKeys = await fetchServerKeys(apiKey, baseUrl);
+            if (serverKeys) {
+                if (!stored || stored.publicKey !== serverKeys.publicKey) {
+                    storeKeys(serverKeys);
+                }
+                cachedKeyPair = await importKeyPair(serverKeys);
+                cachedExportedPublicKey = serverKeys.publicKey;
+                cachedOwnPublicKey = cachedKeyPair.publicKey;
+                return serverKeys.publicKey;
+            }
+            if (stored) {
+                await uploadServerKeys(stored, apiKey, baseUrl);
+                cachedKeyPair = await importKeyPair(stored);
+                cachedExportedPublicKey = stored.publicKey;
+                cachedOwnPublicKey = cachedKeyPair.publicKey;
+                return stored.publicKey;
+            }
+            const keyPair = await generateKeyPair();
+            const exported = await exportKeyPair(keyPair);
+            storeKeys(exported);
+            await uploadServerKeys(exported, apiKey, baseUrl);
+            cachedKeyPair = keyPair;
+            cachedExportedPublicKey = exported.publicKey;
+            cachedOwnPublicKey = keyPair.publicKey;
+            return exported.publicKey;
+        }
+        // No API key — local-only mode
         if (stored) {
             cachedKeyPair = await importKeyPair(stored);
             cachedExportedPublicKey = stored.publicKey;
@@ -121,31 +151,43 @@ const initCrypto = () => {
         cachedExportedPublicKey = exported.publicKey;
         cachedOwnPublicKey = keyPair.publicKey;
         return exported.publicKey;
-    })();
+    })().catch((err) => {
+        initPromise = null;
+        throw err;
+    });
     return initPromise;
 };
 exports.initCrypto = initCrypto;
+// ─── Server key sync helpers ───
+const fetchServerKeys = async (apiKey, baseUrl) => {
+    try {
+        const url = `${(baseUrl ?? 'https://api.zeph.to/v1').replace(/\/$/, '')}/users/me/keys`;
+        const res = await fetch(url, { headers: { 'X-API-Key': apiKey } });
+        if (!res.ok)
+            return null;
+        const json = await res.json();
+        const keys = json.data?.encryptionKeys;
+        return keys?.publicKey && keys?.privateKey ? keys : null;
+    }
+    catch {
+        return null;
+    }
+};
+const uploadServerKeys = async (keys, apiKey, baseUrl) => {
+    try {
+        const url = `${(baseUrl ?? 'https://api.zeph.to/v1').replace(/\/$/, '')}/users/me/keys`;
+        await fetch(url, {
+            method: 'PUT',
+            headers: { 'X-API-Key': apiKey, 'Content-Type': 'application/json' },
+            body: JSON.stringify(keys),
+        });
+    }
+    catch { /* non-critical */ }
+};
 const getKeyPair = () => cachedKeyPair;
 exports.getKeyPair = getKeyPair;
 const getPublicKey = () => cachedExportedPublicKey;
 exports.getPublicKey = getPublicKey;
-/**
- * Encrypt push body for a recipient.
- * Returns fields ready to merge into the sendPush payload.
- */
-const encryptPushBody = async (input, recipientPublicKeyRaw) => {
-    if (!cachedKeyPair || !cachedExportedPublicKey)
-        throw new Error('Crypto not initialized');
-    const recipientKey = await importPublicKey(recipientPublicKeyRaw);
-    const payload = await encrypt(JSON.stringify({ title: input.title, body: input.body, url: input.url }), cachedKeyPair.privateKey, recipientKey);
-    return {
-        body: JSON.stringify({ ciphertext: payload.ciphertext, iv: payload.iv }),
-        encryptedKey: JSON.stringify({ encryptedKey: payload.encryptedKey, keyIv: payload.keyIv }),
-        senderPublicKey: cachedExportedPublicKey,
-        isEncrypted: true,
-    };
-};
-exports.encryptPushBody = encryptPushBody;
 /**
  * Encrypt push body for self (all own devices).
  */
@@ -161,22 +203,6 @@ const encryptPushBodyForSelf = async (input) => {
     };
 };
 exports.encryptPushBodyForSelf = encryptPushBodyForSelf;
-/**
- * Encrypt file content for a recipient.
- * Returns encrypted buffer + key material for file attachment metadata.
- */
-const encryptFileForRecipient = async (content, recipientPublicKeyRaw) => {
-    if (!cachedKeyPair)
-        throw new Error('Crypto not initialized');
-    const recipientKey = await importPublicKey(recipientPublicKeyRaw);
-    const result = await encryptFileContent(content, cachedKeyPair.privateKey, recipientKey);
-    return {
-        ciphertext: result.ciphertext,
-        iv: result.iv,
-        encryptedKey: JSON.stringify({ encryptedKey: result.encryptedKey, keyIv: result.keyIv }),
-    };
-};
-exports.encryptFileForRecipient = encryptFileForRecipient;
 /**
  * Encrypt file content for self (all own devices).
  */

package/dist/index.js

@@ -16,6 +16,7 @@ const list_js_1 = require("./tools/list.js");
 const dismiss_js_1 = require("./tools/dismiss.js");
 const broadcast_js_1 = require("./tools/broadcast.js");
 const file_js_1 = require("./tools/file.js");
+const ask_js_1 = require("./tools/ask.js");
 const devices_js_1 = require("./resources/devices.js");
 const channels_js_1 = require("./resources/channels.js");
 const getVersion = () => {
@@ -27,8 +28,7 @@ const getVersion = () => {
         return '0.0.0';
     }
 };
-const createServer = () => {
-    const config = (0, config_js_1.loadConfig)();
+const createServer = (config) => {
     const client = new api_client_js_1.ZephApiClient(config);
     const server = new mcp_js_1.McpServer({
         name: 'zeph',
@@ -47,6 +47,7 @@ const createServer = () => {
             '- zeph_file: Send a text file (logs, reports, code)',
             '- zeph_prompt: Ask user to choose from options (requires ZEPH_HOOK_ID)',
             '- zeph_input: Request text input from user (requires ZEPH_HOOK_ID)',
+            '- zeph_ask: Ask user with buttons + text input combined (requires ZEPH_HOOK_ID). Prefer this over zeph_prompt/zeph_input when you need both options and free-text.',
             '',
             'Resources:',
             '- zeph://devices: Check which devices are online',
@@ -62,20 +63,22 @@ const createServer = () => {
     (0, file_js_1.registerFileTool)(server, client, config);
     (0, prompt_js_1.registerPromptTool)(server, client, config);
     (0, input_js_1.registerInputTool)(server, client, config);
+    (0, ask_js_1.registerAskTool)(server, client, config);
     (0, devices_js_1.registerDevicesResource)(server, client);
     (0, channels_js_1.registerChannelsResource)(server, client);
     return server;
 };
 const main = async () => {
-    // Initialize E2E encryption keys (load or generate)
+    const config = (0, config_js_1.loadConfig)();
+    // Initialize E2E encryption keys (sync with server)
     try {
-        const publicKey = await (0, crypto_js_1.initCrypto)();
+        const publicKey = await (0, crypto_js_1.initCrypto)(config.apiKey, config.baseUrl);
         console.error(`[Crypto] E2E encryption ready (publicKey: ${publicKey.slice(0, 20)}...)`);
     }
     catch (err) {
         console.error('[Crypto] E2E encryption unavailable:', err);
     }
-    const server = createServer();
+    const server = createServer(config);
     const transport = new stdio_js_1.StdioServerTransport();
     await server.connect(transport);
     console.error('Zeph MCP Server running on stdio');

package/dist/tools/ask.d.ts

@@ -0,0 +1,5 @@
+import type { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
+import type { ZephApiClient } from '../api-client.js';
+import type { McpServerConfig } from '../config.js';
+export declare const registerAskTool: (server: McpServer, client: ZephApiClient, config: McpServerConfig) => void;
+//# sourceMappingURL=ask.d.ts.map

package/dist/tools/ask.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ask.d.ts","sourceRoot":"","sources":["../../src/tools/ask.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAEzE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAGtD,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AAEpD,eAAO,MAAM,eAAe,GAAI,QAAQ,SAAS,EAAE,QAAQ,aAAa,EAAE,QAAQ,eAAe,SA+EhG,CAAC"}

package/dist/tools/ask.js

@@ -0,0 +1,74 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.registerAskTool = void 0;
+const zod_1 = require("zod");
+const error_format_js_1 = require("../error-format.js");
+const poll_js_1 = require("../poll.js");
+const registerAskTool = (server, client, config) => {
+    server.registerTool('zeph_ask', {
+        description: 'Ask the user a question with optional quick-reply buttons and a text input field. Combines prompt (buttons) and input (text) in a single notification. The user can either tap a button or type a response. Blocks until the user responds or the timeout is reached. Requires ZEPH_HOOK_ID environment variable.',
+        annotations: {
+            readOnlyHint: false,
+            destructiveHint: false,
+            openWorldHint: true,
+        },
+        inputSchema: {
+            title: zod_1.z.string().describe('Question or request title'),
+            body: zod_1.z.string().optional().describe('Context or instructions'),
+            actions: zod_1.z
+                .array(zod_1.z.object({
+                id: zod_1.z.string().describe('Unique action identifier'),
+                label: zod_1.z.string().describe('Display label for the button'),
+                style: zod_1.z.enum(['primary', 'secondary', 'danger']).default('secondary')
+                    .describe('Button style (default: secondary)'),
+            }))
+                .min(1)
+                .max(4)
+                .optional()
+                .describe('Quick-reply buttons (1-4). Omit for text-only input'),
+            placeholder: zod_1.z.string().optional().describe('Input field placeholder hint'),
+            inputType: zod_1.z
+                .enum(['text', 'multiline'])
+                .default('text')
+                .describe('Input field type (default: text)'),
+            timeout: zod_1.z
+                .number()
+                .min(10)
+                .max(600)
+                .default(120)
+                .describe('Seconds to wait for response (default: 120)'),
+            fallback: zod_1.z
+                .string()
+                .optional()
+                .describe('Action ID to auto-select on timeout'),
+        },
+    }, async ({ title, body, actions, placeholder, inputType, timeout, fallback }, ctx) => {
+        if (!config.hookId)
+            return (0, error_format_js_1.hookNotConfiguredError)();
+        try {
+            const trigger = await client.triggerHook(config.hookId, {
+                title,
+                body,
+                actions,
+                timeout,
+                fallback,
+                hookType: 'combo',
+                metadata: { placeholder, inputType },
+            });
+            const event = await (0, poll_js_1.pollForResponse)(client, config.hookId, trigger.data.eventId, timeout, ctx);
+            if (!event) {
+                if (fallback)
+                    return (0, error_format_js_1.textResult)({ actionId: fallback, timedOut: true });
+                return (0, error_format_js_1.timeoutError)(timeout, 'Try again or use zeph_notify for one-way communication');
+            }
+            const response = event.data.response;
+            if (response?.actionId)
+                return (0, error_format_js_1.textResult)({ actionId: response.actionId, timedOut: false });
+            return (0, error_format_js_1.textResult)({ value: response?.value ?? '', timedOut: false });
+        }
+        catch (err) {
+            return (0, error_format_js_1.formatToolError)(err);
+        }
+    });
+};
+exports.registerAskTool = registerAskTool;

package/dist/tools/dismiss.js

@@ -31,7 +31,7 @@ const registerDismissAllTool = (server, client) => {
         description: 'Dismiss all push notifications at once. Clears the entire notification feed.',
         annotations: {
             readOnlyHint: false,
-            destructiveHint: false,
+            destructiveHint: true,
             idempotentHint: true,
             openWorldHint: true,
         },

package/dist/tools/list.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"list.d.ts","sourceRoot":"","sources":["../../src/tools/list.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACzE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAGtD,eAAO,MAAM,gBAAgB,GAAI,QAAQ,SAAS,EAAE,QAAQ,aAAa,SAwCxE,CAAC"}
+{"version":3,"file":"list.d.ts","sourceRoot":"","sources":["../../src/tools/list.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACzE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAGtD,eAAO,MAAM,gBAAgB,GAAI,QAAQ,SAAS,EAAE,QAAQ,aAAa,SAyCxE,CAAC"}

package/dist/tools/list.js

@@ -9,6 +9,7 @@ const registerListTool = (server, client) => {
         annotations: {
             readOnlyHint: true,
             destructiveHint: false,
+            idempotentHint: true,
             openWorldHint: true,
         },
         inputSchema: {

package/dist/tools/notify.js

@@ -4,7 +4,7 @@ exports.registerNotifyTool = void 0;
 const zod_1 = require("zod");
 const error_format_js_1 = require("../error-format.js");
 const crypto_js_1 = require("../crypto.js");
-const BODY_FILE_THRESHOLD = 0;
+const BODY_FILE_THRESHOLD = 512;
 const PREVIEW_LENGTH = 200;
 const inferMimeType = (fileName) => {
     const ext = fileName.split('.').pop()?.toLowerCase();
@@ -13,7 +13,7 @@ const inferMimeType = (fileName) => {
 };
 const registerNotifyTool = (server, client, config) => {
     server.registerTool('zeph_notify', {
-        description: 'Send a one-way push notification to the user\'s devices. Use this to inform the user about task completion, errors, or status updates. Long bodies (>1KB) are automatically uploaded as a file for full viewing.',
+        description: 'Send a one-way push notification to the user\'s devices. Use this to inform the user about task completion, errors, or status updates. Long bodies (>512B) are automatically uploaded as a file for full viewing.',
         annotations: {
             readOnlyHint: false,
             destructiveHint: false,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@zeph-to/mcp-server",
-  "version": "1.3.0",
+  "version": "1.4.1",
   "description": "Zeph MCP server — AI agent notifications, prompts, and input via MCP protocol",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",