jujugrowth-mcp 1.2.0 → 1.4.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "jujugrowth-mcp",
-  "version": "1.2.0",
+  "version": "1.4.0",
   "description": "MCP server connecting your AI coding assistant (Claude, Cursor, Codex) to jujugrowth — pull your living marketing plan's dev tasks + recommendations and apply them in your repo.",
   "type": "module",
   "bin": {

package/server.mjs

@@ -37,6 +37,10 @@ async function call(method, path, body) {
 // site (serverInfo + a banner on every result) so a dev-AI with several
 // jujugrowth servers on one machine can never act on the wrong site.
 let SITE_LABEL = null; // e.g. "jujublocks.com"
+// #226 security (owner 2026-06-22: "only users I approve can use OR SEE the system-tools"). Operator (admin)
+// tokens unlock the SYSTEM tools (the opportunity build-channel, the capability-gap backlog); a customer token
+// never even SEES them (filtered from tools/list below). The control-API ALSO 403s the calls (defense in depth).
+let IS_OPERATOR = false;
 async function loadIdentity() {
   try {
     const me = await call("GET", "/whoami");
@@ -44,6 +48,11 @@ async function loadIdentity() {
   } catch {
     SITE_LABEL = null;
   }
+  try {
+    IS_OPERATOR = (await call("GET", "/is-operator")).operator === true;
+  } catch {
+    IS_OPERATOR = false;
+  }
 }
 const siteBanner = () =>
   SITE_LABEL
@@ -156,11 +165,84 @@ const TOOLS = [
   },
   {
     name: "list_capability_gaps",
+    operator: true,
     description:
       "ADMIN/OPERATOR TOKEN ONLY. The jujugrowth system's OWN dev backlog: platform rules it has LEARNED (from docs + real platform responses) but cannot yet check because no collector observes the property the rule needs. Each item names the generic tool to build — `subject.attribute` per platform — with an example rule. Build that collector in the jujugrowth repo (make it write the property as a flat dotted attribute key on the synced entity); the gap auto-resolves once the fact is observable. The list is generated from real learned rules, never a hardcoded checklist. Returns 403 for non-admin tokens.",
     inputSchema: { type: "object", properties: {}, additionalProperties: false },
     run: async () => call("GET", "/capability-gaps"),
   },
+  // ── #226 OPPORTUNITY BUILD-CHANNEL (OPERATOR/ADMIN TOKEN ONLY) ──────────────────────────────────────────────
+  {
+    name: "list_build_opportunities",
+    operator: true,
+    description:
+      "OPERATOR TOKEN ONLY. The owner's build worklist: APPROVED opportunities to turn into live assets (their own microSaaS, and where it fits, a partner API that also feeds jujugrowth). Returns each opportunity's id, name, summary and status. For each one, call get_opportunity_build_brief, build + DEPLOY the asset in your repo, then mark_opportunity_built. Returns 403 for non-admin tokens.",
+    inputSchema: { type: "object", properties: {}, additionalProperties: false },
+    run: async () => call("GET", "/build-opportunities"),
+  },
+  {
+    name: "get_build_resources",
+    operator: true,
+    description:
+      "OPERATOR TOKEN ONLY. The BUILD RESOURCE MANIFEST: how to reach every portfolio integration when building an asset — DOMAIN (Namecheap: register AND verify the domain), EMAIL (Resend), IMAGE_GEN (JUJU-PERFECT), GEO (jujuGEO), GEM (Google Merchant), METRICS (push into jujugrowth metric_facts), GA4, JG_HOOKS (GTM + monitoring beacon + partner contract), GITHUB, AWS — plus the cross-cutting requirements (design, security, compliance, backups, cost, born-safe) to bake in. SECURITY: it serves the spec + how-to + secret NAMES only, NEVER raw secret values; read each value at build time by its name from .env / Secrets Manager. Call this once before building. Returns 403 for non-admin tokens.",
+    inputSchema: { type: "object", properties: {}, additionalProperties: false },
+    run: async () => call("GET", "/build-resources"),
+  },
+  {
+    name: "get_opportunity_build_brief",
+    operator: true,
+    description:
+      "OPERATOR TOKEN ONLY. The FULL, self-contained build brief for ONE approved opportunity (id from list_build_opportunities): the scored dossier, the asset identity, the required JG runtime hooks, the marketing plan, the optional JG partner-API integration + a handoff prompt for jujugrowth's own dev-AI, the deploy path, and the definition of done — plus the structured dossier (per-dimension scores + evidence + promotability). Build it for real and DEPLOY it live (not localhost). Returns 403 for non-admin tokens.",
+    inputSchema: {
+      type: "object",
+      properties: { id: { type: "string", description: "the opportunity id" } },
+      required: ["id"],
+      additionalProperties: false,
+    },
+    run: async (a) => call("GET", `/build-opportunities/${a.id}`),
+  },
+  {
+    name: "submit_opportunity_plan",
+    operator: true,
+    description:
+      "OPERATOR TOKEN ONLY. PLAN FIRST — before building, submit your plan for the owner's review: what you'll build, the stack, pages/features, design direction, integrations (domain, GA4, JG hooks, partner API), and the cost shape. Pass the opportunity `id` and the `plan` (markdown). The owner reviews it in the Opportunity Explorer; poll get_opportunity_plan_status and build only once it's approved.",
+    inputSchema: {
+      type: "object",
+      properties: {
+        id: { type: "string", description: "the opportunity id" },
+        plan: { type: "string", description: "the build plan (markdown)" },
+      },
+      required: ["id", "plan"],
+      additionalProperties: false,
+    },
+    run: async (a) => call("POST", `/build-opportunities/${a.id}/plan`, { plan: a.plan }),
+  },
+  {
+    name: "get_opportunity_plan_status",
+    operator: true,
+    description:
+      "OPERATOR TOKEN ONLY. The owner's review decision on your submitted plan: 'submitted' (wait), 'approved' (BUILD it), or 'changes_requested' (revise per the feedback, then submit_opportunity_plan again). Pass the opportunity `id`.",
+    inputSchema: {
+      type: "object",
+      properties: { id: { type: "string", description: "the opportunity id" } },
+      required: ["id"],
+      additionalProperties: false,
+    },
+    run: async (a) => call("GET", `/build-opportunities/${a.id}/plan-status`),
+  },
+  {
+    name: "mark_opportunity_built",
+    operator: true,
+    description:
+      "OPERATOR TOKEN ONLY. Report an opportunity BUILT after you've actually built + DEPLOYED it live (not localhost). jujugrowth marks it 'built', awaiting the owner's go-live approval; once approved, JG reconnects its tracking + promotes it. Pass the opportunity `id`. Returns 403 for non-admin tokens.",
+    inputSchema: {
+      type: "object",
+      properties: { id: { type: "string", description: "the opportunity id" } },
+      required: ["id"],
+      additionalProperties: false,
+    },
+    run: async (a) => call("POST", `/build-opportunities/${a.id}/built`),
+  },
 ];
 
 function send(msg) {
@@ -193,21 +275,22 @@ async function handle(msg) {
           "3) Before changing anything, VERIFY current-state claims against the actual code — they can be stale; skip what's already done.\n" +
           "4) Implement in the user's repo, scoped to wording/structure/SEO/tracking the plan asks for. Show a diff / open a PR for the user to review.\n" +
           "5) ALWAYS report completion once shipped, don't wait to be told: mark_recommendation_handled for a recommendation, or mark_plan_task_handled (with the task's action + a note) for a plan task — that's how the plan learns the work happened and marks the step done.\n" +
-          "Campaigns and ad budgets are NOT here — those are owner decisions the jujugrowth system runs itself. This server is bound to ONE site; never act on another.",
+          "Campaigns and ad budgets are NOT here — those are owner decisions the jujugrowth system runs itself. This server is bound to ONE site; never act on another.\n" +
+          "\nOPERATOR (admin token only) — the BUILD CHANNEL: list_build_opportunities → get_opportunity_build_brief → get_build_resources (the integration manifest: domain, EMAIL via Resend, image-gen, GEO/GEM, JG hooks, GA4, GitHub, AWS — secret NAMES only, never values) → submit_opportunity_plan (PLAN FIRST, owner approves) → build + DEPLOY live → mark_opportunity_built. You MUST register AND VERIFY the asset's domain (DNS propagation + TLS + Resend email-auth records) — a bought-but-unverified domain is NOT done. These operator tools are hidden from non-admin tokens.",
       },
     });
   }
   if (method === "notifications/initialized") return; // no response to notifications
   if (method === "tools/list") {
+    // #226 security: a non-operator token never even SEES the system tools (operator:true). The control-API
+    // also 403s the calls — this is the visibility half of "only users I approve can use OR SEE them".
     return send({
       jsonrpc: "2.0",
       id,
       result: {
-        tools: TOOLS.map(({ name, description, inputSchema }) => ({
-          name,
-          description,
-          inputSchema,
-        })),
+        tools: TOOLS.filter((t) => IS_OPERATOR || !t.operator).map(
+          ({ name, description, inputSchema }) => ({ name, description, inputSchema }),
+        ),
       },
     });
   }
@@ -215,6 +298,10 @@ async function handle(msg) {
     const tool = TOOLS.find((t) => t.name === params?.name);
     if (!tool)
       return send({ jsonrpc: "2.0", id, error: { code: -32601, message: "unknown tool" } });
+    // Defense in depth: refuse an operator tool for a non-operator token even if it was somehow invoked directly
+    // (the control-API is the authoritative 403; this avoids a pointless round-trip + leaking the tool exists).
+    if (tool.operator && !IS_OPERATOR)
+      return send({ jsonrpc: "2.0", id, error: { code: -32601, message: "unknown tool" } });
     try {
       if (!TOKEN)
         throw new Error("JUJUGROWTH_TOKEN not set — generate one in Settings → Developer");