@zeph-to/mcp-server 1.9.2 → 1.10.0

package/README.md

@@ -52,6 +52,7 @@ Add to `~/.claude/settings.json`:
 | `ZEPH_HOOK_ID` | No | Hook ID (optional — only needed for interactive tools like `zeph_ask`/`zeph_prompt`/`zeph_input`) |
 | `ZEPH_DEVICE_ID` | No | Target device ID (optional — only needed for interactive tools like `zeph_ask`/`zeph_prompt`/`zeph_input`). Omit to send to all devices |
 | `ZEPH_BASE_URL` | No | API base URL (default: `https://api.zeph.to/v1`) |
+| `ZEPH_DISABLE_SESSION_CACHE` | No | Set to `1`/`true` to skip writing the session-id handoff file under `~/.cache/zeph/`. Useful for read-only filesystems, ephemeral CI runners, or sandboxed envs that audit filesystem writes. The plugin's stop hook still works without it (transcript-path UUID extraction is the primary path; the cache is a fallback for older Claude Code versions). |
 
 \* If env vars are not set, the server reads from `~/.zeph/config.json` (created by `npx @zeph-to/hook-sdk install`). Unresolved `${...}` interpolations are also treated as unset.
 
@@ -266,9 +267,11 @@ The API key needs the following scopes:
 
 Create an API key with the **MCP** preset in Settings > API Keys for the correct permissions.
 
-## E2E Encryption
+## Encryption
 
-Push notifications are encrypted end-to-end by default (AES-256-GCM + ECDH P-256). Keys are synced with the server on startup. When encryption is disabled in the Zeph app, the server sends plaintext. No configuration needed — encryption is automatic.
+Push bodies are encrypted with AES-256-GCM. The wrapping key is derived via ECDH P-256 and synced across your own devices on first server startup so every device can read the same push. Toggle encryption in the Zeph app (Settings → Encryption); when disabled, the server sends plaintext. No configuration needed.
+
+**Threat model honesty:** keys are persisted on the Zeph backend to enable cross-device sync, so this is *device-shared* encryption — not true end-to-end. It protects push contents from passive network observers and from a leaked database snapshot taken without the key store, but it does **not** protect against the Zeph backend itself (it has the keys it serves to your devices). A true E2E mode (per-device keypairs, server stores only public keys, no key escrow) is on the roadmap.
 
 ## License
 

package/dist/config.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAOA,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAwCD,eAAO,MAAM,UAAU,QAAO,eA0B7B,CAAC"}
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAQA,MAAM,WAAW,eAAe;IAC5B,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;CACtB;AAgGD,eAAO,MAAM,UAAU,QAAO,eAqB7B,CAAC"}

package/dist/config.js

@@ -2,6 +2,7 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.loadConfig = void 0;
 const fs_1 = require("fs");
+const os_1 = require("os");
 const crypto_1 = require("crypto");
 const child_process_1 = require("child_process");
 const path_1 = require("path");
@@ -12,7 +13,7 @@ const resolvedEnv = (key) => {
 };
 const loadFileConfig = () => {
     try {
-        const configPath = (0, path_1.join)(process.env.HOME ?? '~', '.zeph', 'config.json');
+        const configPath = (0, path_1.join)((0, os_1.homedir)(), '.zeph', 'config.json');
         return JSON.parse((0, fs_1.readFileSync)(configPath, 'utf-8'));
     }
     catch {
@@ -24,18 +25,77 @@ const detectClaudeSessionId = () => {
     try {
         const projectDir = process.env.CLAUDE_PROJECT_DIR ?? process.cwd();
         const projectHash = projectDir.replace(/\//g, '-');
-        const sessionsDir = (0, path_1.join)(process.env.HOME ?? '~', '.claude', 'projects', projectHash);
-        const entries = (0, fs_1.readdirSync)(sessionsDir)
-            .filter((name) => /^[0-9a-f]{8}-/.test(name))
-            .filter((name) => (0, fs_1.statSync)((0, path_1.join)(sessionsDir, name)).isDirectory())
-            .map((name) => ({ name, mtime: (0, fs_1.statSync)((0, path_1.join)(sessionsDir, name)).mtimeMs }))
-            .sort((a, b) => b.mtime - a.mtime);
-        return entries[0]?.name;
+        const sessionsDir = (0, path_1.join)((0, os_1.homedir)(), '.claude', 'projects', projectHash);
+        let latest;
+        for (const name of (0, fs_1.readdirSync)(sessionsDir)) {
+            if (!/^[0-9a-f]{8}-[0-9a-f]{4}-/.test(name))
+                continue;
+            const fullPath = (0, path_1.join)(sessionsDir, name);
+            const stat = (0, fs_1.statSync)(fullPath);
+            if (!stat.isDirectory())
+                continue;
+            if (!latest || stat.mtimeMs > latest.mtime) {
+                latest = { name, mtime: stat.mtimeMs };
+            }
+        }
+        return latest?.name;
     }
     catch {
         return undefined;
     }
 };
+/**
+ * Truthy-env helper — accepts "1", "true", "yes", "on" (case-insensitive).
+ */
+const envIsTrue = (key) => {
+    const v = process.env[key];
+    if (!v)
+        return false;
+    return /^(1|true|yes|on)$/i.test(v.trim());
+};
+/**
+ * Write the resolved session id to a per-user cache file so shell hooks
+ * (e.g. plugin/hooks/zeph-stop.sh) can pick it up when their own transcript
+ * scrape misses. The previous location was /tmp/zeph-session-<hash>, which
+ * on multi-user machines exposed a symlink race — predictable filename,
+ * world-writable directory. Living under ~/.cache (or $XDG_CACHE_HOME)
+ * removes that — only the owning user can write there. The file is also
+ * opened with O_NOFOLLOW so a pre-existing symlink can never redirect us
+ * to /etc/passwd or similar.
+ *
+ * Users can opt out entirely by setting ZEPH_DISABLE_SESSION_CACHE=1.
+ * Useful for:
+ *   - Read-only filesystems (some container runtimes)
+ *   - CI runners where ~/.cache isn't persisted anyway, so the write is
+ *     pure overhead
+ *   - Sandboxed environments where extra filesystem writes trigger audit
+ *     noise
+ * The shell hook still works without the cache — it primarily extracts
+ * the session id from the transcript_path UUID; the cache is just a
+ * fallback for older Claude Code versions.
+ */
+const writeSessionCache = (sessionId, projectDir) => {
+    if (envIsTrue('ZEPH_DISABLE_SESSION_CACHE'))
+        return;
+    try {
+        const hash = (0, child_process_1.execFileSync)('cksum', { input: projectDir, encoding: 'utf-8' }).split(' ')[0];
+        const cacheDir = (0, path_1.join)(process.env.XDG_CACHE_HOME ?? (0, path_1.join)((0, os_1.homedir)(), '.cache'), 'zeph');
+        (0, fs_1.mkdirSync)(cacheDir, { recursive: true, mode: 0o700 });
+        const cachePath = (0, path_1.join)(cacheDir, `session-${hash}`);
+        const flags = fs_1.constants.O_WRONLY | fs_1.constants.O_CREAT | fs_1.constants.O_TRUNC | fs_1.constants.O_NOFOLLOW;
+        const fd = (0, fs_1.openSync)(cachePath, flags, 0o600);
+        try {
+            (0, fs_1.writeSync)(fd, sessionId);
+        }
+        finally {
+            (0, fs_1.closeSync)(fd);
+        }
+    }
+    catch {
+        /* best-effort — hook stop script also extracts session id from
+         * the transcript path, so failing here is non-fatal. */
+    }
+};
 const loadConfig = () => {
     const fileConfig = loadFileConfig();
     const apiKey = resolvedEnv('ZEPH_API_KEY') ?? fileConfig.apiKey;
@@ -43,13 +103,8 @@ const loadConfig = () => {
         throw new Error('ZEPH_API_KEY not found. Run "npx @zeph-to/hook-sdk install" or set ZEPH_API_KEY env var.');
     }
     const sessionId = resolvedEnv('ZEPH_SESSION_ID') ?? detectClaudeSessionId() ?? `sess_${(0, crypto_1.randomBytes)(12).toString('base64url')}`;
-    // Write sessionId to tmp file so shell hooks (zeph-stop.sh) can read it
-    try {
-        const projectDir = process.env.CLAUDE_PROJECT_DIR ?? process.cwd();
-        const hash = (0, child_process_1.execFileSync)('cksum', { input: projectDir, encoding: 'utf-8' }).split(' ')[0];
-        (0, fs_1.writeFileSync)(`/tmp/zeph-session-${hash}`, sessionId);
-    }
-    catch { /* best-effort */ }
+    const projectDir = process.env.CLAUDE_PROJECT_DIR ?? process.cwd();
+    writeSessionCache(sessionId, projectDir);
     return {
         apiKey,
         baseUrl: (resolvedEnv('ZEPH_BASE_URL') ?? fileConfig.baseUrl ?? DEFAULT_BASE_URL).replace(/\/$/, ''),

package/dist/crypto.d.ts

@@ -1,13 +1,39 @@
 /**
- * E2E encryption for MCP server — self-contained ECDH P-256 + AES-256-GCM
- * Mirrors @zeph/crypto API but bundled inline (no external dependency).
- * Uses Web Crypto API (globalThis.crypto.subtle) — Node.js 18+.
+ * Device-shared encryption for MCP server — self-contained ECDH P-256 +
+ * AES-256-GCM. Mirrors @zeph/crypto API but bundled inline (no external
+ * dependency). Uses Web Crypto API (globalThis.crypto.subtle) — Node.js 18+.
+ *
+ * Threat model honesty (do not call this "E2E" without a footnote):
+ *
+ *   The Zeph backend persists the per-user private key in plaintext so it
+ *   can be synced down to a fresh device (fetchServerKeys / uploadServerKeys
+ *   below). That means the backend can decrypt any push body — this is NOT
+ *   end-to-end in the standard sense. What it gives you is:
+ *     • Protection against passive network observers
+ *     • Protection against a leaked DB snapshot taken without the key store
+ *     • Cross-device readability (all your devices share one keypair)
+ *   What it does NOT give you:
+ *     • Protection against the Zeph backend itself
+ *     • Forward secrecy — encryptPushBodyForSelf / encryptFileForSelf do
+ *       ECDH(self, self), which collapses to a static derived key. A single
+ *       device compromise (since all your devices share the same keypair)
+ *       lets the attacker decrypt every past push for which they have the
+ *       ciphertext. The per-message AES key is random, but its wrap key is
+ *       static, so wrapped keys are decryptable forever.
+ *
+ *   True E2E would require a per-device keypair (server stores only public
+ *   keys; senders wrap the message key once per recipient device public
+ *   key). That refactor is on the roadmap; until then, treat push bodies as
+ *   sensitive-but-not-secret.
  */
 /**
  * Initialize crypto: sync keys with server, then fallback to local/generate.
  * Server is source of truth for per-user key pair.
  * Safe to call concurrently — deduplicates to single init.
  * Returns the exported public key (Base64 SPKI).
+ *
+ * NOTE: when `apiKey` is provided, `baseUrl` is required — otherwise a
+ * caller in a dev environment would silently upload keys to prod.
  */
 export declare const initCrypto: (apiKey?: string, baseUrl?: string) => Promise<string>;
 export declare const getKeyPair: () => CryptoKeyPair | null;

package/dist/crypto.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"crypto.d.ts","sourceRoot":"","sources":["../src/crypto.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AA0JH;;;;;GAKG;AACH,eAAO,MAAM,UAAU,GAAI,SAAS,MAAM,EAAE,UAAU,MAAM,KAAG,OAAO,CAAC,MAAM,CAiE5E,CAAC;AAqCF,eAAO,MAAM,UAAU,QAAO,aAAa,GAAG,IAAqB,CAAC;AACpE,eAAO,MAAM,YAAY,QAAO,MAAM,GAAG,IAA+B,CAAC;AAEzE;;GAEG;AACH,eAAO,MAAM,sBAAsB,GACjC,OAAO;IAAE,KAAK,CAAC,EAAE,MAAM,CAAC;IAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IAAC,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,KACrD,OAAO,CAAC;IACT,IAAI,EAAE,MAAM,CAAC;IACb,YAAY,EAAE,MAAM,CAAC;IACrB,eAAe,EAAE,MAAM,CAAC;IACxB,WAAW,EAAE,IAAI,CAAC;CACnB,CAaA,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,kBAAkB,GAC7B,SAAS,MAAM,KACd,OAAO,CAAC;IAAE,UAAU,EAAE,MAAM,CAAC;IAAC,EAAE,EAAE,MAAM,CAAC;IAAC,YAAY,EAAE,MAAM,CAAA;CAAE,CAQlE,CAAC"}
+{"version":3,"file":"crypto.d.ts","sourceRoot":"","sources":["../src/crypto.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AA2JH;;;;;;;;GAQG;AACH,eAAO,MAAM,UAAU,GAAI,SAAS,MAAM,EAAE,UAAU,MAAM,KAAG,OAAO,CAAC,MAAM,CAyE5E,CAAC;AAqCF,eAAO,MAAM,UAAU,QAAO,aAAa,GAAG,IAAqB,CAAC;AACpE,eAAO,MAAM,YAAY,QAAO,MAAM,GAAG,IAA+B,CAAC;AAEzE;;GAEG;AACH,eAAO,MAAM,sBAAsB,GACjC,OAAO;IAAE,KAAK,CAAC,EAAE,MAAM,CAAC;IAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IAAC,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,KACrD,OAAO,CAAC;IACT,IAAI,EAAE,MAAM,CAAC;IACb,YAAY,EAAE,MAAM,CAAC;IACrB,eAAe,EAAE,MAAM,CAAC;IACxB,WAAW,EAAE,IAAI,CAAC;CACnB,CAaA,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,kBAAkB,GAC7B,SAAS,MAAM,KACd,OAAO,CAAC;IAAE,UAAU,EAAE,MAAM,CAAC;IAAC,EAAE,EAAE,MAAM,CAAC;IAAC,YAAY,EAAE,MAAM,CAAA;CAAE,CAQlE,CAAC"}

package/dist/crypto.js

@@ -1,13 +1,37 @@
 "use strict";
 /**
- * E2E encryption for MCP server — self-contained ECDH P-256 + AES-256-GCM
- * Mirrors @zeph/crypto API but bundled inline (no external dependency).
- * Uses Web Crypto API (globalThis.crypto.subtle) — Node.js 18+.
+ * Device-shared encryption for MCP server — self-contained ECDH P-256 +
+ * AES-256-GCM. Mirrors @zeph/crypto API but bundled inline (no external
+ * dependency). Uses Web Crypto API (globalThis.crypto.subtle) — Node.js 18+.
+ *
+ * Threat model honesty (do not call this "E2E" without a footnote):
+ *
+ *   The Zeph backend persists the per-user private key in plaintext so it
+ *   can be synced down to a fresh device (fetchServerKeys / uploadServerKeys
+ *   below). That means the backend can decrypt any push body — this is NOT
+ *   end-to-end in the standard sense. What it gives you is:
+ *     • Protection against passive network observers
+ *     • Protection against a leaked DB snapshot taken without the key store
+ *     • Cross-device readability (all your devices share one keypair)
+ *   What it does NOT give you:
+ *     • Protection against the Zeph backend itself
+ *     • Forward secrecy — encryptPushBodyForSelf / encryptFileForSelf do
+ *       ECDH(self, self), which collapses to a static derived key. A single
+ *       device compromise (since all your devices share the same keypair)
+ *       lets the attacker decrypt every past push for which they have the
+ *       ciphertext. The per-message AES key is random, but its wrap key is
+ *       static, so wrapped keys are decryptable forever.
+ *
+ *   True E2E would require a per-device keypair (server stores only public
+ *   keys; senders wrap the message key once per recipient device public
+ *   key). That refactor is on the roadmap; until then, treat push bodies as
+ *   sensitive-but-not-secret.
  */
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.encryptFileForSelf = exports.encryptPushBodyForSelf = exports.getPublicKey = exports.getKeyPair = exports.initCrypto = void 0;
 /// <reference lib="dom" />
 const fs_1 = require("fs");
+const os_1 = require("os");
 const path_1 = require("path");
 // ─── Base64 helpers ───
 const toBase64 = (buffer) => {
@@ -79,7 +103,7 @@ const encryptFileContent = async (content, senderPrivateKey, recipientPublicKey)
     };
 };
 // ─── Key persistence (~/.config/zeph/keys.json) ───
-const KEYS_DIR = (0, path_1.join)(process.env.HOME ?? '~', '.config', 'zeph');
+const KEYS_DIR = (0, path_1.join)(process.env.XDG_CONFIG_HOME ?? (0, path_1.join)((0, os_1.homedir)(), '.config'), 'zeph');
 const KEYS_PATH = (0, path_1.join)(KEYS_DIR, 'keys.json');
 const loadStoredKeys = () => {
     try {
@@ -103,15 +127,24 @@ let initPromise = null;
  * Server is source of truth for per-user key pair.
  * Safe to call concurrently — deduplicates to single init.
  * Returns the exported public key (Base64 SPKI).
+ *
+ * NOTE: when `apiKey` is provided, `baseUrl` is required — otherwise a
+ * caller in a dev environment would silently upload keys to prod.
  */
 const initCrypto = (apiKey, baseUrl) => {
+    if (apiKey && !baseUrl) {
+        return Promise.reject(new Error('initCrypto: baseUrl is required when apiKey is provided. ' +
+            'Pass the resolved config.baseUrl to avoid silently syncing dev keys to prod.'));
+    }
     if (initPromise)
         return initPromise;
+    // The check above guarantees baseUrl is defined when apiKey is — narrow once.
+    const baseUrlRequired = apiKey ? baseUrl : baseUrl;
     initPromise = (async () => {
         const stored = loadStoredKeys();
         // Try server sync if API key available
         if (apiKey) {
-            const serverResult = await fetchServerKeys(apiKey, baseUrl);
+            const serverResult = await fetchServerKeys(apiKey, baseUrlRequired);
             // Server says encryption disabled — skip crypto init
             if (serverResult && !serverResult.encryptionEnabled) {
                 cachedKeyPair = null;
@@ -129,7 +162,7 @@ const initCrypto = (apiKey, baseUrl) => {
                 return serverResult.keys.publicKey;
             }
             if (stored) {
-                await uploadServerKeys(stored, apiKey, baseUrl);
+                await uploadServerKeys(stored, apiKey, baseUrlRequired);
                 cachedKeyPair = await importKeyPair(stored);
                 cachedExportedPublicKey = stored.publicKey;
                 cachedOwnPublicKey = cachedKeyPair.publicKey;
@@ -138,7 +171,7 @@ const initCrypto = (apiKey, baseUrl) => {
             const keyPair = await generateKeyPair();
             const exported = await exportKeyPair(keyPair);
             storeKeys(exported);
-            await uploadServerKeys(exported, apiKey, baseUrl);
+            await uploadServerKeys(exported, apiKey, baseUrlRequired);
             cachedKeyPair = keyPair;
             cachedExportedPublicKey = exported.publicKey;
             cachedOwnPublicKey = keyPair.publicKey;
@@ -167,7 +200,7 @@ const initCrypto = (apiKey, baseUrl) => {
 exports.initCrypto = initCrypto;
 const fetchServerKeys = async (apiKey, baseUrl) => {
     try {
-        const url = `${(baseUrl ?? 'https://api.zeph.to/v1').replace(/\/$/, '')}/users/me/keys`;
+        const url = `${baseUrl.replace(/\/$/, '')}/users/me/keys`;
         const res = await fetch(url, { headers: { 'X-API-Key': apiKey } });
         if (!res.ok)
             return null;
@@ -185,7 +218,7 @@ const fetchServerKeys = async (apiKey, baseUrl) => {
 };
 const uploadServerKeys = async (keys, apiKey, baseUrl) => {
     try {
-        const url = `${(baseUrl ?? 'https://api.zeph.to/v1').replace(/\/$/, '')}/users/me/keys`;
+        const url = `${baseUrl.replace(/\/$/, '')}/users/me/keys`;
         await fetch(url, {
             method: 'PUT',
             headers: { 'X-API-Key': apiKey, 'Content-Type': 'application/json' },

package/dist/mime.d.ts

@@ -0,0 +1,9 @@
+/**
+ * Shared MIME-type inference for file/notify/ask payloads.
+ *
+ * Kept in one place so different tools don't produce inconsistent types
+ * for the same extension (e.g. `.csv` ending up as text/plain in one
+ * code path and text/csv in another).
+ */
+export declare const inferMimeType: (fileName: string) => string;
+//# sourceMappingURL=mime.d.ts.map

package/dist/mime.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"mime.d.ts","sourceRoot":"","sources":["../src/mime.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAkBH,eAAO,MAAM,aAAa,GAAI,UAAU,MAAM,KAAG,MAGhD,CAAC"}

package/dist/mime.js

@@ -0,0 +1,30 @@
+"use strict";
+/**
+ * Shared MIME-type inference for file/notify/ask payloads.
+ *
+ * Kept in one place so different tools don't produce inconsistent types
+ * for the same extension (e.g. `.csv` ending up as text/plain in one
+ * code path and text/csv in another).
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.inferMimeType = void 0;
+const EXT_TO_MIME = {
+    txt: 'text/plain',
+    log: 'text/plain',
+    md: 'text/markdown',
+    json: 'application/json',
+    csv: 'text/csv',
+    html: 'text/html',
+    xml: 'text/xml',
+    yaml: 'text/yaml',
+    yml: 'text/yaml',
+    ts: 'text/typescript',
+    js: 'text/javascript',
+    py: 'text/x-python',
+    sh: 'text/x-shellscript',
+};
+const inferMimeType = (fileName) => {
+    const ext = fileName.split('.').pop()?.toLowerCase();
+    return EXT_TO_MIME[ext ?? ''] ?? 'text/plain';
+};
+exports.inferMimeType = inferMimeType;

package/dist/tools/ask.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"ask.d.ts","sourceRoot":"","sources":["../../src/tools/ask.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAEzE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAGtD,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AAYpD,eAAO,MAAM,eAAe,GAAI,QAAQ,SAAS,EAAE,QAAQ,aAAa,EAAE,QAAQ,eAAe,SAmHhG,CAAC"}
+{"version":3,"file":"ask.d.ts","sourceRoot":"","sources":["../../src/tools/ask.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAEzE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAGtD,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AAOpD,eAAO,MAAM,eAAe,GAAI,QAAQ,SAAS,EAAE,QAAQ,aAAa,EAAE,QAAQ,eAAe,SAmHhG,CAAC"}

package/dist/tools/ask.js

@@ -5,13 +5,9 @@ const zod_1 = require("zod");
 const error_format_js_1 = require("../error-format.js");
 const poll_js_1 = require("../poll.js");
 const crypto_js_1 = require("../crypto.js");
+const mime_js_1 = require("../mime.js");
 const BODY_FILE_THRESHOLD = 512;
 const PREVIEW_LENGTH = 200;
-const inferMimeType = (fileName) => {
-    const ext = fileName.split('.').pop()?.toLowerCase();
-    const map = { md: 'text/markdown', txt: 'text/plain', json: 'application/json' };
-    return map[ext ?? ''] ?? 'text/plain';
-};
 const registerAskTool = (server, client, config) => {
     server.registerTool('zeph_ask', {
         description: 'Ask the user a question with optional quick-reply buttons and a text input field. Combines prompt (buttons) and input (text) in a single notification. The user can either tap a button or type a response. Blocks until the user responds or the timeout is reached. Requires ZEPH_HOOK_ID environment variable.',
@@ -60,7 +56,7 @@ const registerAskTool = (server, client, config) => {
             let files;
             if (isLongBody && body) {
                 const fileName = 'response.md';
-                const fileType = inferMimeType(fileName);
+                const fileType = (0, mime_js_1.inferMimeType)(fileName);
                 const canEncrypt = !!(0, crypto_js_1.getKeyPair)() && !!(0, crypto_js_1.getPublicKey)();
                 let uploadContent = body;
                 let uploadContentType = fileType;

package/dist/tools/file.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"file.d.ts","sourceRoot":"","sources":["../../src/tools/file.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACzE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AACtD,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AAwBpD,eAAO,MAAM,gBAAgB,GAAI,QAAQ,SAAS,EAAE,QAAQ,aAAa,EAAE,QAAQ,eAAe,SA2EjG,CAAC"}
+{"version":3,"file":"file.d.ts","sourceRoot":"","sources":["../../src/tools/file.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACzE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AACtD,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AAKpD,eAAO,MAAM,gBAAgB,GAAI,QAAQ,SAAS,EAAE,QAAQ,aAAa,EAAE,QAAQ,eAAe,SA2EjG,CAAC"}

package/dist/tools/file.js

@@ -4,25 +4,7 @@ exports.registerFileTool = void 0;
 const zod_1 = require("zod");
 const error_format_js_1 = require("../error-format.js");
 const crypto_js_1 = require("../crypto.js");
-const inferMimeType = (fileName) => {
-    const ext = fileName.split('.').pop()?.toLowerCase();
-    const map = {
-        txt: 'text/plain',
-        json: 'application/json',
-        csv: 'text/csv',
-        md: 'text/markdown',
-        html: 'text/html',
-        xml: 'text/xml',
-        yaml: 'text/yaml',
-        yml: 'text/yaml',
-        log: 'text/plain',
-        ts: 'text/typescript',
-        js: 'text/javascript',
-        py: 'text/x-python',
-        sh: 'text/x-shellscript',
-    };
-    return map[ext ?? ''] ?? 'text/plain';
-};
+const mime_js_1 = require("../mime.js");
 const registerFileTool = (server, client, config) => {
     server.registerTool('zeph_file', {
         description: 'Send a text file to the user\'s device. The content is uploaded and delivered as a file push. Use for logs, reports, code snippets, or any text content.',
@@ -40,7 +22,7 @@ const registerFileTool = (server, client, config) => {
     }, async ({ fileName, content, title, targetDeviceId }) => {
         try {
             const canEncrypt = !!(0, crypto_js_1.getKeyPair)() && !!(0, crypto_js_1.getPublicKey)();
-            let fileType = inferMimeType(fileName);
+            let fileType = (0, mime_js_1.inferMimeType)(fileName);
             const originalSize = new TextEncoder().encode(content).byteLength;
             // Step 1: Optionally encrypt file content
             let uploadContent = content;
@@ -69,7 +51,7 @@ const registerFileTool = (server, client, config) => {
             let pushPayload = {
                 title: pushTitle,
                 type: 'file',
-                files: [{ fileKey: upload.data.fileKey, fileName, fileSize: originalSize, fileType: inferMimeType(fileName), iv: fileIv, encryptedKey: fileEncryptedKey }],
+                files: [{ fileKey: upload.data.fileKey, fileName, fileSize: originalSize, fileType: (0, mime_js_1.inferMimeType)(fileName), iv: fileIv, encryptedKey: fileEncryptedKey }],
                 targetDeviceId: targetDeviceId ?? config.deviceId,
                 sessionId: config.sessionId,
             };

package/dist/tools/notify.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"notify.d.ts","sourceRoot":"","sources":["../../src/tools/notify.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACzE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAEtD,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AAYpD,eAAO,MAAM,kBAAkB,GAAI,QAAQ,SAAS,EAAE,QAAQ,aAAa,EAAE,QAAQ,eAAe,SA6GnG,CAAC"}
+{"version":3,"file":"notify.d.ts","sourceRoot":"","sources":["../../src/tools/notify.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACzE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAEtD,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AAOpD,eAAO,MAAM,kBAAkB,GAAI,QAAQ,SAAS,EAAE,QAAQ,aAAa,EAAE,QAAQ,eAAe,SA6GnG,CAAC"}

package/dist/tools/notify.js

@@ -4,13 +4,9 @@ exports.registerNotifyTool = void 0;
 const zod_1 = require("zod");
 const error_format_js_1 = require("../error-format.js");
 const crypto_js_1 = require("../crypto.js");
+const mime_js_1 = require("../mime.js");
 const BODY_FILE_THRESHOLD = 512;
 const PREVIEW_LENGTH = 200;
-const inferMimeType = (fileName) => {
-    const ext = fileName.split('.').pop()?.toLowerCase();
-    const map = { md: 'text/markdown', txt: 'text/plain', json: 'application/json' };
-    return map[ext ?? ''] ?? 'text/plain';
-};
 const registerNotifyTool = (server, client, config) => {
     server.registerTool('zeph_notify', {
         description: 'Send a one-way push notification to the user\'s devices. Use this to inform the user about task completion, errors, or status updates. Long bodies (>512B) are automatically uploaded as a file for full viewing.',
@@ -37,7 +33,7 @@ const registerNotifyTool = (server, client, config) => {
             const canEncrypt = !!(0, crypto_js_1.getKeyPair)() && !!(0, crypto_js_1.getPublicKey)();
             if (isLongBody && body) {
                 const fileName = 'response.md';
-                const fileType = inferMimeType(fileName);
+                const fileType = (0, mime_js_1.inferMimeType)(fileName);
                 const fileSize = bodyBytes;
                 // Encrypt file content if keys available
                 let uploadContent = body;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@zeph-to/mcp-server",
-  "version": "1.9.2",
+  "version": "1.10.0",
   "description": "Zeph MCP server — AI agent notifications, prompts, and input via MCP protocol",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
@@ -8,7 +8,7 @@
     "zeph-mcp": "./dist/index.js"
   },
   "engines": {
-    "node": ">=18.0.0"
+    "node": ">=18.17.0"
   },
   "files": [
     "dist",