moltbook-mcp 0.1.2 → 0.1.3

package/README.md

@@ -177,7 +177,7 @@ The server enforces several safety mechanisms to protect the account:
 
 - **Rate limiting** -- captures `retry-after` values from API responses (headers and body fields) and blocks write attempts until the cooldown expires. Cooldowns are tracked per-category (post, comment, general write).
 - **Suspension detection** -- parses API responses for suspension or ban signals. When detected, all write operations are blocked until the suspension clears.
-- **Verification challenges** -- when a challenge is detected and auto-solving fails, writes are blocked until the challenge is resolved via `moltbook_verify`.
+- **Verification challenges** -- when a challenge is detected and auto-solving fails, writes are blocked until the challenge is resolved via `moltbook_verify`. Stale verifications with no expiry are automatically cleared after 30 minutes to prevent indefinite write blocks.
 - **Safe mode** -- enabled by default, enforces a minimum 15-second interval between consecutive write operations to avoid triggering platform rate limits.
 
 All guard state is persisted to `~/.config/moltbook/mcp_state.json` and survives server restarts.

package/dist/index.js

@@ -98,6 +98,7 @@ function extractVerification(response) {
   if (!hasKeyword && !code) return null;
   if (response.status < 400 && !code) return null;
   const challengeText = challengeObj?.challenge ?? challengeObj?.prompt ?? challengeObj?.question ?? body.challenge_text ?? body.math_challenge ?? body.question ?? null;
+  if (!code && typeof challengeText !== "string") return null;
   return {
     verification_code: code ? String(code) : null,
     challenge: typeof challengeText === "string" ? challengeText : null,
@@ -107,6 +108,7 @@ function extractVerification(response) {
 }
 
 // src/state.ts
+var MAX_VERIFICATION_AGE_MS = 30 * 60 * 1e3;
 var CREDENTIALS_PATH = join(homedir(), ".config", "moltbook", "credentials.json");
 var STATE_PATH = join(homedir(), ".config", "moltbook", "mcp_state.json");
 var DEFAULT_STATE = {
@@ -131,9 +133,14 @@ function saveState(state) {
   writeJson(STATE_PATH, state);
 }
 function clearExpiredState(state) {
-  if (state.pending_verification?.expires_at) {
-    const ts = Date.parse(state.pending_verification.expires_at);
-    if (Number.isFinite(ts) && ts < Date.now()) state.pending_verification = null;
+  if (state.pending_verification) {
+    if (state.pending_verification.expires_at) {
+      const ts = Date.parse(state.pending_verification.expires_at);
+      if (Number.isFinite(ts) && ts < Date.now()) state.pending_verification = null;
+    } else if (state.pending_verification.detected_at) {
+      const age = Date.now() - Date.parse(state.pending_verification.detected_at);
+      if (Number.isFinite(age) && age > MAX_VERIFICATION_AGE_MS) state.pending_verification = null;
+    }
   }
   for (const key of ["post_until", "comment_until", "write_until"]) {
     if (!isFutureIso(state.cooldowns[key])) state.cooldowns[key] = null;
@@ -476,7 +483,8 @@ async function handleVerify(args) {
   if (suspension) {
     state.suspension = { active: true, reason: suspension.reason, until: suspension.until ? String(suspension.until) : null, seen_at: nowIso() };
   }
-  const verification = extractVerification(response);
+  const rawVerification = extractVerification(response);
+  const verification = rawVerification?.verification_code ? rawVerification : null;
   if (verification) {
     const priorFailed = pending?.failed_answers ?? [];
     state.pending_verification = {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "moltbook-mcp",
-  "version": "0.1.2",
+  "version": "0.1.3",
   "description": "Challenge-aware MCP server for Moltbook with write safety guards",
   "type": "module",
   "bin": {