jujugrowth-mcp 1.3.0 → 1.4.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "jujugrowth-mcp",
-  "version": "1.3.0",
+  "version": "1.4.0",
   "description": "MCP server connecting your AI coding assistant (Claude, Cursor, Codex) to jujugrowth — pull your living marketing plan's dev tasks + recommendations and apply them in your repo.",
   "type": "module",
   "bin": {

package/server.mjs

@@ -180,6 +180,14 @@ const TOOLS = [
     inputSchema: { type: "object", properties: {}, additionalProperties: false },
     run: async () => call("GET", "/build-opportunities"),
   },
+  {
+    name: "get_build_resources",
+    operator: true,
+    description:
+      "OPERATOR TOKEN ONLY. The BUILD RESOURCE MANIFEST: how to reach every portfolio integration when building an asset — DOMAIN (Namecheap: register AND verify the domain), EMAIL (Resend), IMAGE_GEN (JUJU-PERFECT), GEO (jujuGEO), GEM (Google Merchant), METRICS (push into jujugrowth metric_facts), GA4, JG_HOOKS (GTM + monitoring beacon + partner contract), GITHUB, AWS — plus the cross-cutting requirements (design, security, compliance, backups, cost, born-safe) to bake in. SECURITY: it serves the spec + how-to + secret NAMES only, NEVER raw secret values; read each value at build time by its name from .env / Secrets Manager. Call this once before building. Returns 403 for non-admin tokens.",
+    inputSchema: { type: "object", properties: {}, additionalProperties: false },
+    run: async () => call("GET", "/build-resources"),
+  },
   {
     name: "get_opportunity_build_brief",
     operator: true,
@@ -193,11 +201,40 @@ const TOOLS = [
     },
     run: async (a) => call("GET", `/build-opportunities/${a.id}`),
   },
+  {
+    name: "submit_opportunity_plan",
+    operator: true,
+    description:
+      "OPERATOR TOKEN ONLY. PLAN FIRST — before building, submit your plan for the owner's review: what you'll build, the stack, pages/features, design direction, integrations (domain, GA4, JG hooks, partner API), and the cost shape. Pass the opportunity `id` and the `plan` (markdown). The owner reviews it in the Opportunity Explorer; poll get_opportunity_plan_status and build only once it's approved.",
+    inputSchema: {
+      type: "object",
+      properties: {
+        id: { type: "string", description: "the opportunity id" },
+        plan: { type: "string", description: "the build plan (markdown)" },
+      },
+      required: ["id", "plan"],
+      additionalProperties: false,
+    },
+    run: async (a) => call("POST", `/build-opportunities/${a.id}/plan`, { plan: a.plan }),
+  },
+  {
+    name: "get_opportunity_plan_status",
+    operator: true,
+    description:
+      "OPERATOR TOKEN ONLY. The owner's review decision on your submitted plan: 'submitted' (wait), 'approved' (BUILD it), or 'changes_requested' (revise per the feedback, then submit_opportunity_plan again). Pass the opportunity `id`.",
+    inputSchema: {
+      type: "object",
+      properties: { id: { type: "string", description: "the opportunity id" } },
+      required: ["id"],
+      additionalProperties: false,
+    },
+    run: async (a) => call("GET", `/build-opportunities/${a.id}/plan-status`),
+  },
   {
     name: "mark_opportunity_built",
     operator: true,
     description:
-      "OPERATOR TOKEN ONLY. Report an opportunity BUILT & live after you've deployed it. jujugrowth marks it launched, reconnects its tracking, and starts measuring its real outcome (and promoting it). Pass the opportunity `id`. Returns 403 for non-admin tokens.",
+      "OPERATOR TOKEN ONLY. Report an opportunity BUILT after you've actually built + DEPLOYED it live (not localhost). jujugrowth marks it 'built', awaiting the owner's go-live approval; once approved, JG reconnects its tracking + promotes it. Pass the opportunity `id`. Returns 403 for non-admin tokens.",
     inputSchema: {
       type: "object",
       properties: { id: { type: "string", description: "the opportunity id" } },
@@ -238,7 +275,8 @@ async function handle(msg) {
           "3) Before changing anything, VERIFY current-state claims against the actual code — they can be stale; skip what's already done.\n" +
           "4) Implement in the user's repo, scoped to wording/structure/SEO/tracking the plan asks for. Show a diff / open a PR for the user to review.\n" +
           "5) ALWAYS report completion once shipped, don't wait to be told: mark_recommendation_handled for a recommendation, or mark_plan_task_handled (with the task's action + a note) for a plan task — that's how the plan learns the work happened and marks the step done.\n" +
-          "Campaigns and ad budgets are NOT here — those are owner decisions the jujugrowth system runs itself. This server is bound to ONE site; never act on another.",
+          "Campaigns and ad budgets are NOT here — those are owner decisions the jujugrowth system runs itself. This server is bound to ONE site; never act on another.\n" +
+          "\nOPERATOR (admin token only) — the BUILD CHANNEL: list_build_opportunities → get_opportunity_build_brief → get_build_resources (the integration manifest: domain, EMAIL via Resend, image-gen, GEO/GEM, JG hooks, GA4, GitHub, AWS — secret NAMES only, never values) → submit_opportunity_plan (PLAN FIRST, owner approves) → build + DEPLOY live → mark_opportunity_built. You MUST register AND VERIFY the asset's domain (DNS propagation + TLS + Resend email-auth records) — a bought-but-unverified domain is NOT done. These operator tools are hidden from non-admin tokens.",
       },
     });
   }