mcp-prompt-optimizer 2.2.3 → 3.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +43 -0
- package/README.md +49 -6
- package/index.js +9 -7
- package/lib/api-key-manager.js +36 -57
- package/package.json +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -5,6 +5,49 @@ All notable changes to this project will be documented in this file.
|
|
|
5
5
|
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
|
|
6
6
|
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
|
7
7
|
|
|
8
|
+
## [3.0.1] - 2025-12-09
|
|
9
|
+
|
|
10
|
+
### Fixed
|
|
11
|
+
- 🔧 **Critical Endpoint Fix**: Corrected quota status endpoint from `/api/v1/api-keys/quota-status` to `/api/v1/mcp/quota-status` for proper API key authentication
|
|
12
|
+
- 📊 **Response Mapping**: Updated quota status response handling to support nested structure returned by MCP endpoint
|
|
13
|
+
- 🎯 **AG-UI Path**: Fixed AG-UI status endpoint path from `/api/v1/agui/status` to `/api/status` to match backend router mounting
|
|
14
|
+
- 🔐 **Authentication**: All quota operations now use API key authentication instead of JWT
|
|
15
|
+
|
|
16
|
+
### Technical
|
|
17
|
+
- 📋 **Backend Alignment**: Comprehensive endpoint verification against FastAPI Backend production-v2.2.0-stable
|
|
18
|
+
- 📝 **Documentation**: Added `ENDPOINT_VERIFICATION_REPORT.md` with complete endpoint mapping
|
|
19
|
+
- 🚨 **Critical Issue Identified**: Backend MCP router not mounted - requires backend team deployment before v3.0.1 functionality works
|
|
20
|
+
|
|
21
|
+
### Backend Dependencies
|
|
22
|
+
- ⚠️ **REQUIRED**: Backend must mount MCP router at `/api/v1` prefix for quota status to work
|
|
23
|
+
- ⚠️ **BLOCKER**: Package will fail quota checks until backend is updated
|
|
24
|
+
- 📞 **Action**: Coordinate with backend team before publishing to NPM
|
|
25
|
+
|
|
26
|
+
### Migration Notes
|
|
27
|
+
- This is a patch release fixing critical endpoint mismatches
|
|
28
|
+
- No breaking changes for users (transparent fixes)
|
|
29
|
+
- Package version changed from v3.0.0 to v3.0.1
|
|
30
|
+
|
|
31
|
+
## [3.0.0] - 2025-12-08
|
|
32
|
+
|
|
33
|
+
### Changed (Breaking)
|
|
34
|
+
- 🔐 **Security Hardening**: Development mode permanently disabled for production security
|
|
35
|
+
- ⏱️ **Cache Reduction**: API key cache reduced from 24 hours to 1 hour
|
|
36
|
+
- ⏱️ **Fallback Cache**: Fallback cache reduced from 7 days to 2 hours
|
|
37
|
+
- ❌ **Offline Mode**: Removed offline mode support
|
|
38
|
+
- ❌ **Mock Validation**: Removed development mode API key bypasses
|
|
39
|
+
|
|
40
|
+
### Security
|
|
41
|
+
- 🛡️ **All API keys** now require backend validation (no client-side bypasses)
|
|
42
|
+
- 🔒 **Environment variables** no longer enable development mode
|
|
43
|
+
- ✅ **Production-only**: Package now enforces backend connectivity
|
|
44
|
+
|
|
45
|
+
### Migration from v2.x
|
|
46
|
+
- All users must have valid API keys from https://promptoptimizer-blog.vercel.app/pricing
|
|
47
|
+
- `OPTIMIZER_DEV_MODE=true` no longer works (intentionally disabled)
|
|
48
|
+
- Offline usage no longer supported (requires active backend connection)
|
|
49
|
+
- Short-lived caching (1-2 hours) replaces long-term caching
|
|
50
|
+
|
|
8
51
|
## [1.5.0] - 2025-09-25
|
|
9
52
|
|
|
10
53
|
### Added
|
package/README.md
CHANGED
|
@@ -1,7 +1,9 @@
|
|
|
1
|
-
# MCP Prompt Optimizer
|
|
1
|
+
# MCP Prompt Optimizer v3.0.0
|
|
2
2
|
|
|
3
3
|
🚀 **Professional cloud-based MCP server** for AI-powered prompt optimization with intelligent context detection, template management, team collaboration, enterprise-grade features, and **optional personal model configuration**. Starting at $2.99/month.
|
|
4
4
|
|
|
5
|
+
⚠️ **v3.0.0 Breaking Changes:** API key is now REQUIRED for all operations. Development mode and offline mode have been removed for security.
|
|
6
|
+
|
|
5
7
|
## ✨ Key Features
|
|
6
8
|
|
|
7
9
|
🧠 **AI Context Detection** - Automatically detects and optimizes for image generation, LLM interaction, technical automation
|
|
@@ -14,14 +16,18 @@
|
|
|
14
16
|
|
|
15
17
|
## 🚀 Quick Start
|
|
16
18
|
|
|
17
|
-
**1.
|
|
19
|
+
**1. Get your API key (REQUIRED):**
|
|
20
|
+
|
|
21
|
+
⚠️ **Important:** An API key is REQUIRED to use this package. Choose your tier:
|
|
22
|
+
|
|
23
|
+
- **🆓 FREE Tier** (`sk-local-*`): 5 daily optimizations - Get started at [https://promptoptimizer-blog.vercel.app/pricing](https://promptoptimizer-blog.vercel.app/pricing)
|
|
24
|
+
- **⭐ Paid Tiers** (`sk-opt-*`, `sk-team-*`): More optimizations, team features, advanced capabilities
|
|
25
|
+
|
|
26
|
+
**2. Install the MCP server:**
|
|
18
27
|
```bash
|
|
19
28
|
npm install -g mcp-prompt-optimizer
|
|
20
29
|
```
|
|
21
30
|
|
|
22
|
-
**2. Get your API key:**
|
|
23
|
-
Visit [https://promptoptimizer-blog.vercel.app/pricing](https://promptoptimizer-blog.vercel.app/pricing) for your free tier (`sk-local-*` key, 5 optimizations per day)
|
|
24
|
-
|
|
25
31
|
**3. Configure Claude Desktop:**
|
|
26
32
|
Add to your `~/.claude/claude_desktop_config.json`:
|
|
27
33
|
```json
|
|
@@ -31,13 +37,15 @@ Add to your `~/.claude/claude_desktop_config.json`:
|
|
|
31
37
|
"command": "npx",
|
|
32
38
|
"args": ["mcp-prompt-optimizer"],
|
|
33
39
|
"env": {
|
|
34
|
-
"OPTIMIZER_API_KEY": "sk-local-your-key-here" // Use
|
|
40
|
+
"OPTIMIZER_API_KEY": "sk-local-your-key-here" // REQUIRED: Use your API key here
|
|
35
41
|
}
|
|
36
42
|
}
|
|
37
43
|
}
|
|
38
44
|
}
|
|
39
45
|
```
|
|
40
46
|
|
|
47
|
+
> **Note:** All API keys are validated against our backend server. Internet connection required (brief caching for reliability).
|
|
48
|
+
|
|
41
49
|
**4. Restart Claude Desktop** and start optimizing with AI context awareness!
|
|
42
50
|
|
|
43
51
|
**5. (Optional) Configure custom models** - See [Advanced Model Configuration](#-advanced-model-configuration-optional) below
|
|
@@ -469,6 +477,41 @@ mcp-prompt-optimizer version
|
|
|
469
477
|
4. **Configure** your MCP client with your API key
|
|
470
478
|
5. **Enjoy enhanced optimization** with your chosen models!
|
|
471
479
|
|
|
480
|
+
## 🔄 Migration to v3.0.0
|
|
481
|
+
|
|
482
|
+
### ⚠️ Breaking Changes from v2.x
|
|
483
|
+
|
|
484
|
+
**IMPORTANT:** v3.0.0 includes security enhancements that remove authentication bypasses.
|
|
485
|
+
|
|
486
|
+
**What Changed:**
|
|
487
|
+
- ❌ `OPTIMIZER_DEV_MODE=true` no longer works
|
|
488
|
+
- ❌ `NODE_ENV=development` no longer enables mock mode
|
|
489
|
+
- ❌ Offline mode has been removed
|
|
490
|
+
- ✅ All API keys must be validated against backend server
|
|
491
|
+
- ✅ Internet connection required (1-2 hour caching for reliability)
|
|
492
|
+
|
|
493
|
+
**Migration Steps:**
|
|
494
|
+
```bash
|
|
495
|
+
# 1. Ensure you have a valid API key
|
|
496
|
+
export OPTIMIZER_API_KEY="sk-opt-your-key-here"
|
|
497
|
+
|
|
498
|
+
# 2. Update to v3.0.0
|
|
499
|
+
npm update -g mcp-prompt-optimizer
|
|
500
|
+
|
|
501
|
+
# 3. Verify it works
|
|
502
|
+
mcp-prompt-optimizer --version # Should show 3.0.0
|
|
503
|
+
```
|
|
504
|
+
|
|
505
|
+
**For Developers:**
|
|
506
|
+
- Mock mode removed - use real test API keys from backend database
|
|
507
|
+
- Development keys (`sk-dev-*`) must be real keys, not mocked
|
|
508
|
+
- Offline testing no longer supported - backend connection required
|
|
509
|
+
|
|
510
|
+
**Cache Behavior:**
|
|
511
|
+
- Primary cache: 1 hour
|
|
512
|
+
- Network failure fallback: Up to 2 hours
|
|
513
|
+
- After 2 hours: Must reconnect to backend
|
|
514
|
+
|
|
472
515
|
## 📞 Support & Resources
|
|
473
516
|
|
|
474
517
|
- **📚 Documentation:** https://promptoptimizer-blog.vercel.app/docs
|
package/index.js
CHANGED
|
@@ -58,8 +58,8 @@ const ENDPOINTS = {
|
|
|
58
58
|
ANALYTICS_BAYESIAN_INSIGHTS:
|
|
59
59
|
'/api/v1/analytics/bayesian-insights',
|
|
60
60
|
|
|
61
|
-
/** AG‑UI status (GET) */
|
|
62
|
-
AGUI_STATUS: '/api/
|
|
61
|
+
/** AG‑UI status (GET) - mounted at /api not /api/v1/agui */
|
|
62
|
+
AGUI_STATUS: '/api/status',
|
|
63
63
|
};
|
|
64
64
|
|
|
65
65
|
class MCPPromptOptimizer {
|
|
@@ -78,7 +78,8 @@ class MCPPromptOptimizer {
|
|
|
78
78
|
|
|
79
79
|
this.backendUrl = process.env.OPTIMIZER_BACKEND_URL || 'https://p01--project-optimizer--fvmrdk8m9k9j.code.run';
|
|
80
80
|
this.apiKey = process.env.OPTIMIZER_API_KEY;
|
|
81
|
-
|
|
81
|
+
// SECURITY: Development mode removed - all environments require backend validation
|
|
82
|
+
this.developmentMode = false;
|
|
82
83
|
this.requestTimeout = parseInt(process.env.OPTIMIZER_REQUEST_TIMEOUT) || 30000;
|
|
83
84
|
|
|
84
85
|
// NEW: Feature flags aligned with backend
|
|
@@ -392,7 +393,7 @@ class MCPPromptOptimizer {
|
|
|
392
393
|
async handleOptimizePrompt(args) {
|
|
393
394
|
if (!args.prompt) throw new Error('Prompt is required');
|
|
394
395
|
|
|
395
|
-
const manager = new CloudApiKeyManager(this.apiKey
|
|
396
|
+
const manager = new CloudApiKeyManager(this.apiKey);
|
|
396
397
|
|
|
397
398
|
try {
|
|
398
399
|
const validation = await manager.validateApiKey();
|
|
@@ -457,7 +458,7 @@ class MCPPromptOptimizer {
|
|
|
457
458
|
}
|
|
458
459
|
|
|
459
460
|
async handleGetQuotaStatus() {
|
|
460
|
-
const manager = new CloudApiKeyManager(this.apiKey
|
|
461
|
+
const manager = new CloudApiKeyManager(this.apiKey);
|
|
461
462
|
const info = await manager.getApiKeyInfo();
|
|
462
463
|
return { content: [{ type: "text", text: this.formatQuotaStatus(info) }] };
|
|
463
464
|
}
|
|
@@ -602,7 +603,7 @@ class MCPPromptOptimizer {
|
|
|
602
603
|
};
|
|
603
604
|
|
|
604
605
|
try {
|
|
605
|
-
const manager = new CloudApiKeyManager(this.apiKey
|
|
606
|
+
const manager = new CloudApiKeyManager(this.apiKey);
|
|
606
607
|
const validation = await manager.validateApiKey();
|
|
607
608
|
|
|
608
609
|
if (validation.mock_mode || this.developmentMode) {
|
|
@@ -1018,7 +1019,8 @@ async function startValidatedMCPServer() {
|
|
|
1018
1019
|
process.exit(1);
|
|
1019
1020
|
}
|
|
1020
1021
|
|
|
1021
|
-
|
|
1022
|
+
// SECURITY: No development mode bypass - backend validation required
|
|
1023
|
+
const manager = new CloudApiKeyManager(apiKey);
|
|
1022
1024
|
console.log('🔧 Validating API key...\n');
|
|
1023
1025
|
const validation = await manager.validateAndPrepare();
|
|
1024
1026
|
|
package/lib/api-key-manager.js
CHANGED
|
@@ -18,11 +18,13 @@ class CloudApiKeyManager {
|
|
|
18
18
|
this.backendUrl = options.backendUrl || process.env.OPTIMIZER_BACKEND_URL || 'https://p01--project-optimizer--fvmrdk8m9k9j.code.run';
|
|
19
19
|
this.cacheFile = path.join(os.homedir(), '.mcp-cloud-api-cache.json');
|
|
20
20
|
this.healthFile = path.join(os.homedir(), '.mcp-cloud-health.json');
|
|
21
|
-
this.cacheExpiry = options.cacheExpiry ||
|
|
22
|
-
this.fallbackCacheExpiry = options.fallbackCacheExpiry ||
|
|
21
|
+
this.cacheExpiry = options.cacheExpiry || 1 * 60 * 60 * 1000; // 1 hour (reduced from 24)
|
|
22
|
+
this.fallbackCacheExpiry = options.fallbackCacheExpiry || 2 * 60 * 60 * 1000; // 2 hours (reduced from 7 days)
|
|
23
23
|
this.logPrefix = '[CloudApiKeyManager]';
|
|
24
|
-
|
|
25
|
-
this.
|
|
24
|
+
// SECURITY: Offline mode disabled in production for security
|
|
25
|
+
this.offlineMode = false;
|
|
26
|
+
// SECURITY: Development mode disabled - use separate dev builds
|
|
27
|
+
this.developmentMode = false;
|
|
26
28
|
this.maxRetries = options.maxRetries || 5; // Increased for production
|
|
27
29
|
this.baseRetryDelay = options.baseRetryDelay || 1000;
|
|
28
30
|
this.maxRetryDelay = options.maxRetryDelay || 30000;
|
|
@@ -196,12 +198,8 @@ class CloudApiKeyManager {
|
|
|
196
198
|
|
|
197
199
|
this.log(`API key format valid: ${formatCheck.keyType}`);
|
|
198
200
|
|
|
199
|
-
|
|
200
|
-
|
|
201
|
-
const mockValidation = this.generateMockValidation(formatCheck.keyType);
|
|
202
|
-
await this.cacheValidation(mockValidation);
|
|
203
|
-
return mockValidation;
|
|
204
|
-
}
|
|
201
|
+
// SECURITY: Mock validation removed - all keys must validate against backend
|
|
202
|
+
// Development/testing keys must be real keys in the database
|
|
205
203
|
|
|
206
204
|
try {
|
|
207
205
|
// Step 3: Backend validation with enhanced retry logic
|
|
@@ -229,24 +227,20 @@ class CloudApiKeyManager {
|
|
|
229
227
|
return cachedValidation.data;
|
|
230
228
|
}
|
|
231
229
|
|
|
232
|
-
//
|
|
230
|
+
// SECURITY: Limited fallback for brief network issues only (2 hours max)
|
|
233
231
|
if (cachedValidation && !this.isFallbackCacheExpired(cachedValidation)) {
|
|
234
|
-
this.log('Using
|
|
232
|
+
this.log('Using short-term fallback cache due to network issues', 'warn');
|
|
235
233
|
const fallbackData = cachedValidation.data;
|
|
236
234
|
fallbackData.fallback_mode = true;
|
|
237
235
|
fallbackData.network_issue = error.message;
|
|
236
|
+
fallbackData.expires_soon = true;
|
|
238
237
|
return fallbackData;
|
|
239
238
|
}
|
|
240
239
|
|
|
241
|
-
//
|
|
242
|
-
|
|
243
|
-
this.log('Offline mode: using cached validation despite expiry', 'warn');
|
|
244
|
-
const offlineData = cachedValidation.data;
|
|
245
|
-
offlineData.offline_mode = true;
|
|
246
|
-
return offlineData;
|
|
247
|
-
}
|
|
240
|
+
// SECURITY: Offline mode removed - backend validation required
|
|
241
|
+
// No cache fallback beyond 2 hours
|
|
248
242
|
|
|
249
|
-
throw new Error(`API key validation failed: ${error.message}
|
|
243
|
+
throw new Error(`API key validation failed: ${error.message}. Please check your internet connection.`);
|
|
250
244
|
}
|
|
251
245
|
}
|
|
252
246
|
|
|
@@ -305,8 +299,9 @@ class CloudApiKeyManager {
|
|
|
305
299
|
// ✅ FIXED: Correct API endpoint URL
|
|
306
300
|
async getQuotaStatus() {
|
|
307
301
|
try {
|
|
308
|
-
|
|
309
|
-
|
|
302
|
+
// FIXED: Use MCP quota-status endpoint (accepts API key auth)
|
|
303
|
+
const url = `${this.backendUrl}/api/v1/mcp/quota-status`;
|
|
304
|
+
|
|
310
305
|
const options = {
|
|
311
306
|
method: 'GET',
|
|
312
307
|
headers: {
|
|
@@ -321,16 +316,26 @@ class CloudApiKeyManager {
|
|
|
321
316
|
const client = this.backendUrl.startsWith('https://') ? https : http;
|
|
322
317
|
const req = client.request(url, options, (res) => {
|
|
323
318
|
let data = '';
|
|
324
|
-
|
|
319
|
+
|
|
325
320
|
res.on('data', (chunk) => {
|
|
326
321
|
data += chunk;
|
|
327
322
|
});
|
|
328
|
-
|
|
323
|
+
|
|
329
324
|
res.on('end', () => {
|
|
330
325
|
try {
|
|
331
326
|
if (res.statusCode === 200) {
|
|
332
|
-
const
|
|
333
|
-
|
|
327
|
+
const response = JSON.parse(data);
|
|
328
|
+
// FIXED: Map nested MCP response to flat format
|
|
329
|
+
resolve({
|
|
330
|
+
tier: response.tier,
|
|
331
|
+
unlimited: response.quota?.unlimited || false,
|
|
332
|
+
used: response.quota?.used || 0,
|
|
333
|
+
remaining: response.quota?.remaining || 0,
|
|
334
|
+
limit: response.quota?.limit,
|
|
335
|
+
usage_percentage: response.quota?.percentage || 0,
|
|
336
|
+
status: response.quota?.status || 'unknown',
|
|
337
|
+
features_available: response.features_available || {}
|
|
338
|
+
});
|
|
334
339
|
} else {
|
|
335
340
|
let errorMessage;
|
|
336
341
|
try {
|
|
@@ -520,41 +525,15 @@ class CloudApiKeyManager {
|
|
|
520
525
|
}
|
|
521
526
|
}
|
|
522
527
|
|
|
523
|
-
// Enhanced API key info with
|
|
528
|
+
// Enhanced API key info with backend validation
|
|
524
529
|
async getApiKeyInfo() {
|
|
525
530
|
const formatCheck = this.validateApiKeyFormat(this.apiKey);
|
|
526
|
-
|
|
527
|
-
|
|
528
|
-
return {
|
|
529
|
-
tier: 'testing',
|
|
530
|
-
features: {
|
|
531
|
-
optimization: true,
|
|
532
|
-
template_search: true,
|
|
533
|
-
template_auto_save: true,
|
|
534
|
-
optimization_insights: true,
|
|
535
|
-
bayesian_optimization: true,
|
|
536
|
-
agui_features: true
|
|
537
|
-
},
|
|
538
|
-
quota: {
|
|
539
|
-
unlimited: false,
|
|
540
|
-
used: Math.floor(Math.random() * 100),
|
|
541
|
-
limit: 1000,
|
|
542
|
-
remaining: 1000 - Math.floor(Math.random() * 100)
|
|
543
|
-
},
|
|
544
|
-
isValid: true,
|
|
545
|
-
keyType: formatCheck.keyType,
|
|
546
|
-
mode: {
|
|
547
|
-
mock: true,
|
|
548
|
-
fallback: false,
|
|
549
|
-
offline: false,
|
|
550
|
-
development: this.developmentMode
|
|
551
|
-
}
|
|
552
|
-
};
|
|
553
|
-
}
|
|
531
|
+
|
|
532
|
+
// SECURITY: Mock data removed - all keys must validate with backend
|
|
554
533
|
|
|
555
534
|
try {
|
|
556
|
-
//
|
|
557
|
-
const quotaStatusResponse = await this._makeBackendRequest('/api/v1/
|
|
535
|
+
// FIXED: Use MCP quota-status endpoint (accepts API key auth)
|
|
536
|
+
const quotaStatusResponse = await this._makeBackendRequest('/api/v1/mcp/quota-status', null, 'GET');
|
|
558
537
|
|
|
559
538
|
// The backend /mcp/quota-status endpoint returns a comprehensive object
|
|
560
539
|
// that includes tier, quota details, and features.
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "mcp-prompt-optimizer",
|
|
3
|
-
"version": "
|
|
3
|
+
"version": "3.0.1",
|
|
4
4
|
"description": "Professional cloud-based MCP server for AI-powered prompt optimization with intelligent context detection, Bayesian optimization, AG-UI real-time optimization, template auto-save, optimization insights, personal model configuration via WebUI, team collaboration, enterprise-grade features, production resilience, and startup validation. Universal compatibility with Claude Desktop, Cursor, Windsurf, and 17+ MCP clients.",
|
|
5
5
|
"main": "index.js",
|
|
6
6
|
"bin": {
|