@zeph-to/mcp-server 1.4.0 → 1.5.0

package/README.md

@@ -49,11 +49,11 @@ Add to `~/.claude/settings.json`:
 | Variable | Required | Description |
 |----------|----------|-------------|
 | `ZEPH_API_KEY` | Yes* | API key from Settings > API Keys |
-| `ZEPH_HOOK_ID` | No | Hook ID for interactive tools (`zeph_prompt`, `zeph_input`) |
-| `ZEPH_DEVICE_ID` | No | Target device ID. Omit to send to all devices |
+| `ZEPH_HOOK_ID` | No | Hook ID (optional — only needed for interactive tools like `zeph_ask`/`zeph_prompt`/`zeph_input`) |
+| `ZEPH_DEVICE_ID` | No | Target device ID (optional — only needed for interactive tools like `zeph_ask`/`zeph_prompt`/`zeph_input`). Omit to send to all devices |
 | `ZEPH_BASE_URL` | No | API base URL (default: `https://api.zeph.to/v1`) |
 
-\* All env vars fall back to `~/.zeph/config.json` if not set or if the value is an unresolved `${...}` interpolation.
+\* If env vars are not set, the server reads from `~/.zeph/config.json` (created by `npx @zeph-to/hook-sdk install`). Unresolved `${...}` interpolations are also treated as unset.
 
 ## Tools
 
@@ -145,6 +145,25 @@ fallback: "no"       (auto-select on timeout, optional)
 
 Returns: `{ actionId: "yes", timedOut: false }`
 
+### zeph_ask
+
+Ask the user a question with optional quick-reply buttons and a text input field. Combines prompt (buttons) and input (text) in a single notification. Blocks until response or timeout.
+
+Requires `ZEPH_HOOK_ID`.
+
+```
+title:       "What should we do?"
+body:        "3 tests failed in auth module"  (optional)
+actions:     [{ id: "fix", label: "Fix now", style: "primary" },
+              { id: "skip", label: "Skip", style: "secondary" }]  (optional, 1-4)
+placeholder: "Or type a custom response..."  (optional)
+inputType:   "text" | "multiline"  (default: text)
+timeout:     120    (seconds, default: 120, max: 600)
+fallback:    "skip" (auto-select on timeout, optional)
+```
+
+Returns: `{ actionId: "fix", timedOut: false }` or `{ value: "custom text", timedOut: false }`
+
 ### zeph_input
 
 Request free-form text input from the user. Blocks until response or timeout.

package/dist/crypto.d.ts

@@ -12,20 +12,6 @@
 export declare const initCrypto: (apiKey?: string, baseUrl?: string) => Promise<string>;
 export declare const getKeyPair: () => CryptoKeyPair | null;
 export declare const getPublicKey: () => string | null;
-/**
- * Encrypt push body for a recipient.
- * Returns fields ready to merge into the sendPush payload.
- */
-export declare const encryptPushBody: (input: {
-    title?: string;
-    body?: string;
-    url?: string;
-}, recipientPublicKeyRaw: string) => Promise<{
-    body: string;
-    encryptedKey: string;
-    senderPublicKey: string;
-    isEncrypted: true;
-}>;
 /**
  * Encrypt push body for self (all own devices).
  */
@@ -39,15 +25,6 @@ export declare const encryptPushBodyForSelf: (input: {
     senderPublicKey: string;
     isEncrypted: true;
 }>;
-/**
- * Encrypt file content for a recipient.
- * Returns encrypted buffer + key material for file attachment metadata.
- */
-export declare const encryptFileForRecipient: (content: string, recipientPublicKeyRaw: string) => Promise<{
-    ciphertext: Buffer;
-    iv: string;
-    encryptedKey: string;
-}>;
 /**
  * Encrypt file content for self (all own devices).
  */

package/dist/crypto.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"crypto.d.ts","sourceRoot":"","sources":["../src/crypto.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AA0JH;;;;;GAKG;AACH,eAAO,MAAM,UAAU,GAAI,SAAS,MAAM,EAAE,UAAU,MAAM,KAAG,OAAO,CAAC,MAAM,CAwD5E,CAAC;AA4BF,eAAO,MAAM,UAAU,QAAO,aAAa,GAAG,IAAqB,CAAC;AACpE,eAAO,MAAM,YAAY,QAAO,MAAM,GAAG,IAA+B,CAAC;AAEzE;;;GAGG;AACH,eAAO,MAAM,eAAe,GAC1B,OAAO;IAAE,KAAK,CAAC,EAAE,MAAM,CAAC;IAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IAAC,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,EACtD,uBAAuB,MAAM,KAC5B,OAAO,CAAC;IACT,IAAI,EAAE,MAAM,CAAC;IACb,YAAY,EAAE,MAAM,CAAC;IACrB,eAAe,EAAE,MAAM,CAAC;IACxB,WAAW,EAAE,IAAI,CAAC;CACnB,CAeA,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,sBAAsB,GACjC,OAAO;IAAE,KAAK,CAAC,EAAE,MAAM,CAAC;IAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IAAC,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,KACrD,OAAO,CAAC;IACT,IAAI,EAAE,MAAM,CAAC;IACb,YAAY,EAAE,MAAM,CAAC;IACrB,eAAe,EAAE,MAAM,CAAC;IACxB,WAAW,EAAE,IAAI,CAAC;CACnB,CAaA,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,uBAAuB,GAClC,SAAS,MAAM,EACf,uBAAuB,MAAM,KAC5B,OAAO,CAAC;IAAE,UAAU,EAAE,MAAM,CAAC;IAAC,EAAE,EAAE,MAAM,CAAC;IAAC,YAAY,EAAE,MAAM,CAAA;CAAE,CASlE,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,kBAAkB,GAC7B,SAAS,MAAM,KACd,OAAO,CAAC;IAAE,UAAU,EAAE,MAAM,CAAC;IAAC,EAAE,EAAE,MAAM,CAAC;IAAC,YAAY,EAAE,MAAM,CAAA;CAAE,CAQlE,CAAC"}
+{"version":3,"file":"crypto.d.ts","sourceRoot":"","sources":["../src/crypto.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AA0JH;;;;;GAKG;AACH,eAAO,MAAM,UAAU,GAAI,SAAS,MAAM,EAAE,UAAU,MAAM,KAAG,OAAO,CAAC,MAAM,CAiE5E,CAAC;AAqCF,eAAO,MAAM,UAAU,QAAO,aAAa,GAAG,IAAqB,CAAC;AACpE,eAAO,MAAM,YAAY,QAAO,MAAM,GAAG,IAA+B,CAAC;AAEzE;;GAEG;AACH,eAAO,MAAM,sBAAsB,GACjC,OAAO;IAAE,KAAK,CAAC,EAAE,MAAM,CAAC;IAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IAAC,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,KACrD,OAAO,CAAC;IACT,IAAI,EAAE,MAAM,CAAC;IACb,YAAY,EAAE,MAAM,CAAC;IACrB,eAAe,EAAE,MAAM,CAAC;IACxB,WAAW,EAAE,IAAI,CAAC;CACnB,CAaA,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,kBAAkB,GAC7B,SAAS,MAAM,KACd,OAAO,CAAC;IAAE,UAAU,EAAE,MAAM,CAAC;IAAC,EAAE,EAAE,MAAM,CAAC;IAAC,YAAY,EAAE,MAAM,CAAA;CAAE,CAQlE,CAAC"}

package/dist/crypto.js

@@ -5,7 +5,7 @@
  * Uses Web Crypto API (globalThis.crypto.subtle) — Node.js 18+.
  */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.encryptFileForSelf = exports.encryptFileForRecipient = exports.encryptPushBodyForSelf = exports.encryptPushBody = exports.getPublicKey = exports.getKeyPair = exports.initCrypto = void 0;
+exports.encryptFileForSelf = exports.encryptPushBodyForSelf = exports.getPublicKey = exports.getKeyPair = exports.initCrypto = void 0;
 /// <reference lib="dom" />
 const fs_1 = require("fs");
 const path_1 = require("path");
@@ -111,15 +111,22 @@ const initCrypto = (apiKey, baseUrl) => {
         const stored = loadStoredKeys();
         // Try server sync if API key available
         if (apiKey) {
-            const serverKeys = await fetchServerKeys(apiKey, baseUrl);
-            if (serverKeys) {
-                if (!stored || stored.publicKey !== serverKeys.publicKey) {
-                    storeKeys(serverKeys);
+            const serverResult = await fetchServerKeys(apiKey, baseUrl);
+            // Server says encryption disabled — skip crypto init
+            if (serverResult && !serverResult.encryptionEnabled) {
+                cachedKeyPair = null;
+                cachedExportedPublicKey = null;
+                cachedOwnPublicKey = null;
+                return '';
+            }
+            if (serverResult?.keys) {
+                if (!stored || stored.publicKey !== serverResult.keys.publicKey) {
+                    storeKeys(serverResult.keys);
                 }
-                cachedKeyPair = await importKeyPair(serverKeys);
-                cachedExportedPublicKey = serverKeys.publicKey;
+                cachedKeyPair = await importKeyPair(serverResult.keys);
+                cachedExportedPublicKey = serverResult.keys.publicKey;
                 cachedOwnPublicKey = cachedKeyPair.publicKey;
-                return serverKeys.publicKey;
+                return serverResult.keys.publicKey;
             }
             if (stored) {
                 await uploadServerKeys(stored, apiKey, baseUrl);
@@ -158,7 +165,6 @@ const initCrypto = (apiKey, baseUrl) => {
     return initPromise;
 };
 exports.initCrypto = initCrypto;
-// ─── Server key sync helpers ───
 const fetchServerKeys = async (apiKey, baseUrl) => {
     try {
         const url = `${(baseUrl ?? 'https://api.zeph.to/v1').replace(/\/$/, '')}/users/me/keys`;
@@ -167,7 +173,11 @@ const fetchServerKeys = async (apiKey, baseUrl) => {
             return null;
         const json = await res.json();
         const keys = json.data?.encryptionKeys;
-        return keys?.publicKey && keys?.privateKey ? keys : null;
+        const encryptionEnabled = json.data?.encryptionEnabled ?? (keys ? true : false);
+        return {
+            keys: keys?.publicKey && keys?.privateKey ? keys : null,
+            encryptionEnabled,
+        };
     }
     catch {
         return null;
@@ -188,23 +198,6 @@ const getKeyPair = () => cachedKeyPair;
 exports.getKeyPair = getKeyPair;
 const getPublicKey = () => cachedExportedPublicKey;
 exports.getPublicKey = getPublicKey;
-/**
- * Encrypt push body for a recipient.
- * Returns fields ready to merge into the sendPush payload.
- */
-const encryptPushBody = async (input, recipientPublicKeyRaw) => {
-    if (!cachedKeyPair || !cachedExportedPublicKey)
-        throw new Error('Crypto not initialized');
-    const recipientKey = await importPublicKey(recipientPublicKeyRaw);
-    const payload = await encrypt(JSON.stringify({ title: input.title, body: input.body, url: input.url }), cachedKeyPair.privateKey, recipientKey);
-    return {
-        body: JSON.stringify({ ciphertext: payload.ciphertext, iv: payload.iv }),
-        encryptedKey: JSON.stringify({ encryptedKey: payload.encryptedKey, keyIv: payload.keyIv }),
-        senderPublicKey: cachedExportedPublicKey,
-        isEncrypted: true,
-    };
-};
-exports.encryptPushBody = encryptPushBody;
 /**
  * Encrypt push body for self (all own devices).
  */
@@ -220,22 +213,6 @@ const encryptPushBodyForSelf = async (input) => {
     };
 };
 exports.encryptPushBodyForSelf = encryptPushBodyForSelf;
-/**
- * Encrypt file content for a recipient.
- * Returns encrypted buffer + key material for file attachment metadata.
- */
-const encryptFileForRecipient = async (content, recipientPublicKeyRaw) => {
-    if (!cachedKeyPair)
-        throw new Error('Crypto not initialized');
-    const recipientKey = await importPublicKey(recipientPublicKeyRaw);
-    const result = await encryptFileContent(content, cachedKeyPair.privateKey, recipientKey);
-    return {
-        ciphertext: result.ciphertext,
-        iv: result.iv,
-        encryptedKey: JSON.stringify({ encryptedKey: result.encryptedKey, keyIv: result.keyIv }),
-    };
-};
-exports.encryptFileForRecipient = encryptFileForRecipient;
 /**
  * Encrypt file content for self (all own devices).
  */

package/dist/tools/dismiss.js

@@ -31,7 +31,7 @@ const registerDismissAllTool = (server, client) => {
         description: 'Dismiss all push notifications at once. Clears the entire notification feed.',
         annotations: {
             readOnlyHint: false,
-            destructiveHint: false,
+            destructiveHint: true,
             idempotentHint: true,
             openWorldHint: true,
         },

package/dist/tools/list.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"list.d.ts","sourceRoot":"","sources":["../../src/tools/list.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACzE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAGtD,eAAO,MAAM,gBAAgB,GAAI,QAAQ,SAAS,EAAE,QAAQ,aAAa,SAwCxE,CAAC"}
+{"version":3,"file":"list.d.ts","sourceRoot":"","sources":["../../src/tools/list.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACzE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAGtD,eAAO,MAAM,gBAAgB,GAAI,QAAQ,SAAS,EAAE,QAAQ,aAAa,SAyCxE,CAAC"}

package/dist/tools/list.js

@@ -9,6 +9,7 @@ const registerListTool = (server, client) => {
         annotations: {
             readOnlyHint: true,
             destructiveHint: false,
+            idempotentHint: true,
             openWorldHint: true,
         },
         inputSchema: {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@zeph-to/mcp-server",
-  "version": "1.4.0",
+  "version": "1.5.0",
   "description": "Zeph MCP server — AI agent notifications, prompts, and input via MCP protocol",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",