drafted 1.7.24 → 1.7.26

package/mcp/server.mjs

@@ -108,6 +108,25 @@ export function runWithRequestState(initial, fn) {
   return requestState.run(merged, fn);
 }
 
+// Params that only work when the MCP runs on the user's machine (stdio).
+// Stripped from the advertised schema on remote transports.
+const LOCAL_ONLY_PARAMS = ['file_path'];
+
+// Remove sentences that reference local-file params from a tool description,
+// so remote-transport descriptions don't mention options that were stripped.
+function scrubLocalPathMentions(description) {
+  if (!description) return description;
+  return description
+    .split('\n')
+    .map((para) =>
+      para
+        .split(/(?<=\.)\s+/)
+        .filter((sentence) => !/\bfile_path\b/.test(sentence))
+        .join(' ')
+    )
+    .join('\n');
+}
+
 // ── MCP server factory ────────────────────────────────────────────
 // Streamable-HTTP requires a fresh McpServer per request — the SDK only
 // permits one transport connection per server instance, so a singleton
@@ -115,7 +134,17 @@ export function runWithRequestState(initial, fn) {
 // inside the factory so each HTTP request gets its own isolated server.
 // Stdio mode uses the `mcpServer` singleton (built once at module load).
 
-export function createMcpServer() {
+export function createMcpServer(transport) {
+// Remote transports (hosted HTTP MCP for claude.ai / ChatGPT) run on the
+// server, not the user's machine, so local-filesystem params like `file_path`
+// can't reach the user's files. Hide them from the advertised schema to avoid
+// confusing web users. The in-server route passes 'http' explicitly because
+// the server process has no --http argv to auto-detect. When called with no
+// argument (stdio singleton / standalone bootstrap), detect from argv — this
+// mirrors mcpMode(), which is defined later inside this factory and so is not
+// available as a default-parameter expression here.
+const mode = transport || (process.argv.includes('--http') ? 'http' : 'stdio');
+const isRemote = mode !== 'stdio';
 trackUmamiEvent(UMAMI_EVENTS.MCP_CONNECTED, { source: 'mcp' });
 const server = new McpServer({
   name: 'drafted',
@@ -249,6 +278,20 @@ function tool(name, descOrSchema, schemaOrHandler, handler) {
     inputSchema = descOrSchema;
     cb = schemaOrHandler;
   }
+  // On remote transports, drop local-filesystem params so web clients don't see
+  // options that can't work off their machine. Handlers fall back to
+  // base64/content/url when file_path is absent. Also scrub references to those
+  // params from the tool description and any sibling param descriptions, so the
+  // advertised schema has zero mentions of options the client can't use.
+  if (isRemote && inputSchema && typeof inputSchema === 'object') {
+    for (const k of LOCAL_ONLY_PARAMS) delete inputSchema[k];
+    for (const [k, field] of Object.entries(inputSchema)) {
+      if (field?.description && /\bfile_path\b/.test(field.description)) {
+        inputSchema[k] = field.describe(scrubLocalPathMentions(field.description));
+      }
+    }
+    description = scrubLocalPathMentions(description);
+  }
   const config = {
     title: ann.title,
     description,
@@ -571,34 +614,50 @@ function schedulePendingAuthPoll(delayMs = 2000) {
   if (typeof pendingAuthPollTimer.unref === 'function') pendingAuthPollTimer.unref();
 }
 
+// Cookie for normal tool operations. Deliberately uses ONLY this instance's
+// per-process session (getState().sessionId) and never the shared root login in
+// ~/.drafted/auth.json. The root is a *credential for minting child sessions*
+// (see cloneSession): every agent process on the machine reads the same root, so
+// operating on it directly is exactly what let one agent's get_org switch move
+// every other agent's active org. ensureSession() guarantees a per-instance
+// session before any operation runs.
 function getAuthHeaders() {
-  const sid = getState().sessionId || getBootstrapSessionId();
+  const sid = getState().sessionId;
   if (sid) return { Cookie: `gc_session=${sid}` };
   return {};
 }
 
+// Mint a fresh per-instance child session from the shared root login and bind it
+// to this process. The root session id (getBootstrapSessionId) is shared by every
+// agent on this machine via ~/.drafted/auth.json; the clone gives THIS process its
+// own server-side session so its active org/project stay isolated from other
+// agents. Returns true once a per-instance session is set.
 async function cloneSession() {
+  if (getState().sessionId) return true;
   const bootstrapId = getBootstrapSessionId();
-  if (!bootstrapId) return;
+  if (!bootstrapId) return false;
 
   try {
-    const url = `${getServerUrl()}/auth/session/clone`;
-    const res = await fetch(url, {
+    const res = await fetch(`${getServerUrl()}/auth/session/clone`, {
       method: 'POST',
       headers: { Cookie: `gc_session=${bootstrapId}` },
     });
-    if (!res.ok) return;
-    const data = await res.json();
-    if (data.sessionId) {
-      getState().sessionId = data.sessionId;
+    if (res.ok) {
+      const data = await res.json();
+      if (data.sessionId) {
+        getState().sessionId = data.sessionId;
+        return true;
+      }
     }
-  } catch { /* server may not be ready yet, will retry on first API call */ }
+  } catch { /* server may not be ready yet; caller retries on next API call */ }
+  return false;
 }
 
 async function ensureSession() {
   if (getState().sessionId) return;
-  await consumePendingDeviceCode();
-  if (getState().sessionId) return;
+  // A pending device-code login (from `auth get_link`) takes priority; consuming
+  // it mints this instance's own session. Otherwise clone the saved root login.
+  if (await consumePendingDeviceCode()) return;
   await cloneSession();
 }
 
@@ -1087,10 +1146,14 @@ async function consumePendingDeviceCode() {
     if (!res.ok) return false;
     const data = await res.json();
     if (data.status === 'approved' && data.sessionId) {
+      // data.sessionId is the shared ROOT login. Persist it as the machine-level
+      // credential, then mint our OWN per-instance child session from it (mirrors
+      // the `auth login` tool) so this process never operates on the shared root.
       persistAuthSession(data);
-      getState().sessionId = data.sessionId;
       clearPendingDeviceCode();
-      return true;
+      getState().sessionId = null;
+      await cloneSession();
+      return !!getState().sessionId;
     }
     if (data.status === 'expired') {
       clearPendingDeviceCode();
@@ -1425,6 +1488,7 @@ tool('screenshot', 'Render a PNG via headless browser. `scope=frame` captures a
         frameId = frame.id;
       }
       const url = `${getServerUrl()}/api/screenshot/${frameId}?width=${width}&height=${height}&fullPage=${fullPage}`;
+      await ensureSession();
       const res = await fetch(url, { headers: getAuthHeaders() });
       if (!res.ok) throw new Error(`Screenshot failed: ${res.status}`);
       const buffer = await res.arrayBuffer();
@@ -1443,6 +1507,7 @@ tool('screenshot', 'Render a PNG via headless browser. `scope=frame` captures a
         targetSlug = active.slug;
       }
       const url = `${getServerUrl()}/api/canvas-screenshot/${encodeURIComponent(targetSlug)}?layer=${encodeURIComponent(layer)}&width=${width}&height=${height}`;
+      await ensureSession();
       const res = await fetch(url, { headers: getAuthHeaders() });
       if (!res.ok) throw new Error(`Canvas screenshot failed: ${res.status} ${await res.text()}`);
       const buffer = await res.arrayBuffer();
@@ -1763,7 +1828,7 @@ tool('get_org', {
 
 // ── Filesystem tools (direct HTTP to /api/fs) ─────────────────────
 
-tool('frame', 'Frame CRUD in the ACTIVE PROJECT. Dispatch by `action`: read (by path, frame URL, or UUID), write (new frame or overwrite), Google Sheet actions (`get_sheet`, `read_sheet_values`, `write_sheet_values`, `append_sheet_rows`, `clear_sheet_range`, `update_sheet`), Google Doc actions (`get_doc`, `read_doc_content`, `write_doc_content`, `append_doc_content`, `clear_doc_content`, `update_doc`), Google Slide actions (`get_slide`, `read_slide_content`, `write_slide_content`, `append_slides`, `clear_slides`, `update_slide`), write_excalidraw (native editable Excalidraw diagram), edit (hashline ops), mv (rename/move), anchor (mark as required-read for the layer), search (match frame names). Use project(action="open") first. For listing use `ls`, for deletion use `rm`.\n\n**Google Workspace native content:** Create or attach Google Docs/Sheets/Slides with `frame(action="write", googleType=...)`. After creating, immediately populate the native file using the matching write action in the same tool — do NOT leave it empty and do NOT tell the user you cannot write to it. For Sheets: `write_sheet_values` or `append_sheet_rows` (pass `path` or `googleId` from the create response). For Docs: `write_doc_content`/`append_doc_content`. For Slides: `write_slide_content`/`append_slides`. Read with `read_sheet_values`/`read_doc_content`/`read_slide_content`. Do NOT use inline `frame.write(content)` or hashline `frame.edit` to populate Google Workspace frames.\n\n**Write — content, binary, or Google Workspace frame:** Provide exactly one of `content` (HTML/markdown/text), `file_path` (absolute local file), `base64` (base64-encoded binary with optional `content_type`), or `googleType` (`google-doc`, `google-sheet`, `google-slide`). Call get_org first; when `googleDrive.connected` is true, strongly prefer Google Workspace frames for docs, sheets, and slides in that org. For inline content, filename extension matters: use `.html` for complete HTML documents and `.md` for Markdown. Never place a full HTML document in a `.md` or extensionless frame. For a new Google file, pass `googleType` and optional `title`; for an existing Google file, pass `googleType` plus `url` or `googleId`. For binary frames (images, PDFs, videos), use `file_path` when the file is local to the MCP host, or `base64` when the caller already has binary bytes.\n\n**Write — dimensions:** By default, frames use the layer\'s default size (e.g. 1440×900 for designs, 1440×3000 for wireframes). Often too large for small content. Use `autoSize: true` to measure HTML content and size to fit, or pass explicit `width`/`height`.', {
+tool('frame', 'Frame CRUD in the ACTIVE PROJECT. Dispatch by `action`: read (by path, frame URL, or UUID), write (new frame or overwrite), Google Sheet actions (`get_sheet`, `read_sheet_values`, `write_sheet_values`, `append_sheet_rows`, `clear_sheet_range`, `update_sheet`), Google Doc actions (`get_doc`, `read_doc_content`, `write_doc_content`, `append_doc_content`, `clear_doc_content`, `update_doc`), Google Slide actions (`get_slide`, `read_slide_content`, `write_slide_content`, `append_slides`, `clear_slides`, `update_slide`), write_excalidraw (native editable Excalidraw diagram), edit (hashline ops), mv (rename/move), anchor (mark as required-read for the layer), search (match frame names). Use project(action="open") first. For listing use `ls`, for deletion use `rm`.\n\n**Google Workspace native content:** Create or attach Google Docs/Sheets/Slides with `frame(action="write", googleType=...)`. After creating, immediately populate the native file using the matching write action in the same tool — do NOT leave it empty and do NOT tell the user you cannot write to it. For Sheets: `write_sheet_values` or `append_sheet_rows` (pass `path` or `googleId` from the create response). For Docs: `write_doc_content`/`append_doc_content`. For Slides: `write_slide_content`/`append_slides`. Read with `read_sheet_values`/`read_doc_content`/`read_slide_content`. Do NOT use inline `frame.write(content)` or hashline `frame.edit` to populate Google Workspace frames.\n\n**Write — content, binary, or Google Workspace frame:** ' + (isRemote ? 'Provide exactly one of `content` (HTML/markdown/text), `base64` (base64-encoded binary with optional `content_type`), or `googleType` (`google-doc`, `google-sheet`, `google-slide`).' : 'Provide exactly one of `content` (HTML/markdown/text), `file_path` (absolute local file), `base64` (base64-encoded binary with optional `content_type`), or `googleType` (`google-doc`, `google-sheet`, `google-slide`).') + ' Call get_org first; when `googleDrive.connected` is true, strongly prefer Google Workspace frames for docs, sheets, and slides in that org. For inline content, filename extension matters: use `.html` for complete HTML documents and `.md` for Markdown. Never place a full HTML document in a `.md` or extensionless frame. For a new Google file, pass `googleType` and optional `title`; for an existing Google file, pass `googleType` plus `url` or `googleId`. ' + (isRemote ? 'For binary frames (images, PDFs, videos), pass `base64` with the binary bytes.' : 'For binary frames (images, PDFs, videos), use `file_path` when the file is local to the MCP host, or `base64` when the caller already has binary bytes.') + '\n\n**Write — dimensions:** By default, frames use the layer\'s default size (e.g. 1440×900 for designs, 1440×3000 for wireframes). Often too large for small content. Use `autoSize: true` to measure HTML content and size to fit, or pass explicit `width`/`height`.', {
   action: z.enum(['read', 'write', 'write_sheet_values', 'read_sheet_values', 'append_sheet_rows', 'clear_sheet_range', 'get_sheet', 'update_sheet', 'get_doc', 'read_doc_content', 'write_doc_content', 'append_doc_content', 'clear_doc_content', 'update_doc', 'get_slide', 'read_slide_content', 'write_slide_content', 'append_slides', 'clear_slides', 'update_slide', 'write_excalidraw', 'edit', 'mv', 'anchor', 'search', 'versions', 'read_version', 'restore_version']).describe('Operation to perform. Use native Doc/Slide actions for Google Docs/Slides; do not use inline write/edit for native Workspace content.'),
   path: z.string().optional().describe('[read] /{layer}/{lane}/{filename}, frame URL, or UUID. [write|edit|anchor] /{layer}/{lane}/{filename}.'),
   lines: z.string().optional().describe('[read] line range (e.g. "1-50"). Omit to read all.'),
@@ -2248,8 +2313,9 @@ tool('batch', 'Batch operations on the ACTIVE PROJECT. Response includes "projec
   operations: z.array(z.object({
     tool: z.enum(['write', 'rm', 'mv', 'edit', 'upload_asset']).describe('Tool to execute'),
     path: z.string().optional().describe('Path (for write, rm, edit)'),
-    content: z.string().optional().describe('Content (for write). Mutually exclusive with file_path.'),
-    file_path: z.string().optional().describe('Absolute path to a local file to upload (for write, upload_asset). Mutually exclusive with content.'),
+    content: z.string().optional().describe(`Content (for write).${isRemote ? '' : ' Mutually exclusive with file_path.'}`),
+    // file_path is local-only — omitted on remote transports (web MCP).
+    ...(isRemote ? {} : { file_path: z.string().optional().describe('Absolute path to a local file to upload (for write, upload_asset). Mutually exclusive with content.') }),
     color: z.string().optional().describe('CSS color for frame border (for write)'),
     from: z.string().optional().describe('Source path (for mv)'),
     to: z.string().optional().describe('Destination path (for mv)'),

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "drafted",
-  "version": "1.7.24",
+  "version": "1.7.26",
   "description": "Drafted — visual thinking surface for humans and AI agents. Renders HTML, markdown, images, and code as frames on a zoomable canvas, with MCP tools for AI agents and real-time sync for humans.",
   "type": "module",
   "files": [