jujugrowth-mcp 1.2.0 → 1.3.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "jujugrowth-mcp",
-  "version": "1.2.0",
+  "version": "1.3.0",
   "description": "MCP server connecting your AI coding assistant (Claude, Cursor, Codex) to jujugrowth — pull your living marketing plan's dev tasks + recommendations and apply them in your repo.",
   "type": "module",
   "bin": {

package/server.mjs

@@ -37,6 +37,10 @@ async function call(method, path, body) {
 // site (serverInfo + a banner on every result) so a dev-AI with several
 // jujugrowth servers on one machine can never act on the wrong site.
 let SITE_LABEL = null; // e.g. "jujublocks.com"
+// #226 security (owner 2026-06-22: "only users I approve can use OR SEE the system-tools"). Operator (admin)
+// tokens unlock the SYSTEM tools (the opportunity build-channel, the capability-gap backlog); a customer token
+// never even SEES them (filtered from tools/list below). The control-API ALSO 403s the calls (defense in depth).
+let IS_OPERATOR = false;
 async function loadIdentity() {
   try {
     const me = await call("GET", "/whoami");
@@ -44,6 +48,11 @@ async function loadIdentity() {
   } catch {
     SITE_LABEL = null;
   }
+  try {
+    IS_OPERATOR = (await call("GET", "/is-operator")).operator === true;
+  } catch {
+    IS_OPERATOR = false;
+  }
 }
 const siteBanner = () =>
   SITE_LABEL
@@ -156,11 +165,47 @@ const TOOLS = [
   },
   {
     name: "list_capability_gaps",
+    operator: true,
     description:
       "ADMIN/OPERATOR TOKEN ONLY. The jujugrowth system's OWN dev backlog: platform rules it has LEARNED (from docs + real platform responses) but cannot yet check because no collector observes the property the rule needs. Each item names the generic tool to build — `subject.attribute` per platform — with an example rule. Build that collector in the jujugrowth repo (make it write the property as a flat dotted attribute key on the synced entity); the gap auto-resolves once the fact is observable. The list is generated from real learned rules, never a hardcoded checklist. Returns 403 for non-admin tokens.",
     inputSchema: { type: "object", properties: {}, additionalProperties: false },
     run: async () => call("GET", "/capability-gaps"),
   },
+  // ── #226 OPPORTUNITY BUILD-CHANNEL (OPERATOR/ADMIN TOKEN ONLY) ──────────────────────────────────────────────
+  {
+    name: "list_build_opportunities",
+    operator: true,
+    description:
+      "OPERATOR TOKEN ONLY. The owner's build worklist: APPROVED opportunities to turn into live assets (their own microSaaS, and where it fits, a partner API that also feeds jujugrowth). Returns each opportunity's id, name, summary and status. For each one, call get_opportunity_build_brief, build + DEPLOY the asset in your repo, then mark_opportunity_built. Returns 403 for non-admin tokens.",
+    inputSchema: { type: "object", properties: {}, additionalProperties: false },
+    run: async () => call("GET", "/build-opportunities"),
+  },
+  {
+    name: "get_opportunity_build_brief",
+    operator: true,
+    description:
+      "OPERATOR TOKEN ONLY. The FULL, self-contained build brief for ONE approved opportunity (id from list_build_opportunities): the scored dossier, the asset identity, the required JG runtime hooks, the marketing plan, the optional JG partner-API integration + a handoff prompt for jujugrowth's own dev-AI, the deploy path, and the definition of done — plus the structured dossier (per-dimension scores + evidence + promotability). Build it for real and DEPLOY it live (not localhost). Returns 403 for non-admin tokens.",
+    inputSchema: {
+      type: "object",
+      properties: { id: { type: "string", description: "the opportunity id" } },
+      required: ["id"],
+      additionalProperties: false,
+    },
+    run: async (a) => call("GET", `/build-opportunities/${a.id}`),
+  },
+  {
+    name: "mark_opportunity_built",
+    operator: true,
+    description:
+      "OPERATOR TOKEN ONLY. Report an opportunity BUILT & live after you've deployed it. jujugrowth marks it launched, reconnects its tracking, and starts measuring its real outcome (and promoting it). Pass the opportunity `id`. Returns 403 for non-admin tokens.",
+    inputSchema: {
+      type: "object",
+      properties: { id: { type: "string", description: "the opportunity id" } },
+      required: ["id"],
+      additionalProperties: false,
+    },
+    run: async (a) => call("POST", `/build-opportunities/${a.id}/built`),
+  },
 ];
 
 function send(msg) {
@@ -199,15 +244,15 @@ async function handle(msg) {
   }
   if (method === "notifications/initialized") return; // no response to notifications
   if (method === "tools/list") {
+    // #226 security: a non-operator token never even SEES the system tools (operator:true). The control-API
+    // also 403s the calls — this is the visibility half of "only users I approve can use OR SEE them".
     return send({
       jsonrpc: "2.0",
       id,
       result: {
-        tools: TOOLS.map(({ name, description, inputSchema }) => ({
-          name,
-          description,
-          inputSchema,
-        })),
+        tools: TOOLS.filter((t) => IS_OPERATOR || !t.operator).map(
+          ({ name, description, inputSchema }) => ({ name, description, inputSchema }),
+        ),
       },
     });
   }
@@ -215,6 +260,10 @@ async function handle(msg) {
     const tool = TOOLS.find((t) => t.name === params?.name);
     if (!tool)
       return send({ jsonrpc: "2.0", id, error: { code: -32601, message: "unknown tool" } });
+    // Defense in depth: refuse an operator tool for a non-operator token even if it was somehow invoked directly
+    // (the control-API is the authoritative 403; this avoids a pointless round-trip + leaking the tool exists).
+    if (tool.operator && !IS_OPERATOR)
+      return send({ jsonrpc: "2.0", id, error: { code: -32601, message: "unknown tool" } });
     try {
       if (!TOKEN)
         throw new Error("JUJUGROWTH_TOKEN not set — generate one in Settings → Developer");