pulsemcp-cms-admin-mcp-server 0.9.17 → 0.9.26

package/build/shared/src/pulsemcp-admin-client/lib/set-known-missing-init-tools-list.js

@@ -0,0 +1,42 @@
+import { adminFetch } from './admin-fetch.js';
+export async function setKnownMissingInitToolsList(apiKey, baseUrl, id, knownMissingInitToolsList, knownMissingInitToolsListFilterTo) {
+    const url = new URL(`/api/mcp_servers/${id}/known_missing_init_tools_list`, baseUrl);
+    const body = {
+        known_missing_init_tools_list: knownMissingInitToolsList,
+    };
+    if (knownMissingInitToolsListFilterTo !== undefined) {
+        // null is sent as JSON null; the Rails controller treats nil/blank as "clear".
+        body.known_missing_init_tools_list_filter_to = knownMissingInitToolsListFilterTo;
+    }
+    const response = await adminFetch(url.toString(), {
+        method: 'POST',
+        headers: {
+            'X-API-Key': apiKey,
+            Accept: 'application/json',
+            'Content-Type': 'application/json',
+        },
+        body: JSON.stringify(body),
+    });
+    if (!response.ok) {
+        if (response.status === 401) {
+            throw new Error('Invalid API key');
+        }
+        if (response.status === 403) {
+            throw new Error('User lacks write privileges');
+        }
+        if (response.status === 404) {
+            throw new Error(`MCP server not found: ${id}`);
+        }
+        if (response.status === 400) {
+            const errBody = (await response.json().catch(() => ({})));
+            throw new Error(errBody.error ?? 'Bad request');
+        }
+        if (response.status === 422) {
+            const errBody = (await response.json().catch(() => ({})));
+            const detailStr = errBody.details?.length ? ` (${errBody.details.join(', ')})` : '';
+            throw new Error(`${errBody.error ?? 'Validation failed'}${detailStr}`);
+        }
+        throw new Error(`Failed to set known_missing_init_tools_list: ${response.status} ${response.statusText}`);
+    }
+    return (await response.json());
+}

package/build/shared/src/pulsemcp-admin-client/lib/unified-mcp-server-mapper.js

@@ -74,6 +74,9 @@ export function mapToUnifiedServer(impl) {
         downloads_estimate_total: mcpServer.downloads_estimate_total,
         // Internal notes
         internal_notes: impl.internal_notes,
+        // Owner tenant
+        owner_tenant_id: mcpServer.owner_tenant_id,
+        owner_tenant_slug: mcpServer.owner_tenant_slug,
         // Timestamps (use implementation timestamps as they're more relevant)
         created_at: impl.created_at,
         updated_at: impl.updated_at,

package/build/shared/src/pulsemcp-admin-client/lib/update-unified-mcp-server.js

@@ -54,6 +54,20 @@ export async function updateUnifiedMCPServer(apiKey, baseUrl, implementationId,
     // Date overrides
     if (params.created_on_override !== undefined)
         implParams.created_on_override = params.created_on_override;
+    // Owner tenant: route to slug or id depending on the value type.
+    // String → slug, number → id, null → clear (sent as empty owner_tenant_id).
+    if (params.owner_tenant !== undefined) {
+        if (typeof params.owner_tenant === 'string') {
+            implParams.owner_tenant_slug = params.owner_tenant;
+        }
+        else if (typeof params.owner_tenant === 'number') {
+            implParams.owner_tenant_id = params.owner_tenant;
+        }
+        else {
+            // null — clear the link
+            implParams.owner_tenant_id = null;
+        }
+    }
     // Tags
     if (params.tags !== undefined)
         implParams.tags = params.tags;

package/build/shared/src/pulsemcp-admin-client/pulsemcp-admin-client.integration-mock.js

@@ -1045,10 +1045,49 @@ export function createMockPulseMCPAdminClient(mockData) {
                 created_at: '2024-01-01T00:00:00Z',
             };
         },
+        async deleteTenant() {
+            return { success: true, message: 'Tenant deleted' };
+        },
+        async deleteApiKey() {
+            return { success: true, message: 'API key revoked' };
+        },
+        async listTenantServers() {
+            return {
+                data: [],
+                pagination: {
+                    current_page: 1,
+                    total_pages: 0,
+                    total_count: 0,
+                    has_next: false,
+                    limit: 30,
+                },
+            };
+        },
+        async bulkUpdateTenantServers(idOrSlug) {
+            return {
+                status: 'success',
+                tenant: { id: typeof idOrSlug === 'number' ? idOrSlug : 1, slug: String(idOrSlug) },
+                added: [],
+                removed: [],
+                restored: [],
+                skipped: [],
+                unresolved_identifiers: [],
+            };
+        },
         async recacheMCPServer(slug) {
             return {
                 message: `Cache successfully refreshed for ${slug}.`,
             };
         },
+        async setKnownMissingInitToolsList(id, knownMissingInitToolsList, knownMissingInitToolsListFilterTo) {
+            return {
+                id,
+                slug: `mock-server-${id}`,
+                known_missing_init_tools_list: knownMissingInitToolsList,
+                known_missing_init_tools_list_filter_to: knownMissingInitToolsListFilterTo === undefined
+                    ? null
+                    : (knownMissingInitToolsListFilterTo ?? null),
+            };
+        },
     };
 }

package/build/shared/src/server.js

@@ -72,8 +72,13 @@ import { getMozMetrics } from './pulsemcp-admin-client/lib/get-moz-metrics.js';
 import { getMozBacklinks } from './pulsemcp-admin-client/lib/get-moz-backlinks.js';
 import { getMozStoredMetrics } from './pulsemcp-admin-client/lib/get-moz-stored-metrics.js';
 import { recacheMCPServer } from './pulsemcp-admin-client/lib/recache-mcp-server.js';
+import { setKnownMissingInitToolsList } from './pulsemcp-admin-client/lib/set-known-missing-init-tools-list.js';
 import { createTenant } from './pulsemcp-admin-client/lib/create-tenant.js';
 import { createApiKey } from './pulsemcp-admin-client/lib/create-api-key.js';
+import { deleteTenant } from './pulsemcp-admin-client/lib/delete-tenant.js';
+import { deleteApiKey } from './pulsemcp-admin-client/lib/delete-api-key.js';
+import { listTenantServers } from './pulsemcp-admin-client/lib/list-tenant-servers.js';
+import { bulkUpdateTenantServers } from './pulsemcp-admin-client/lib/bulk-update-tenant-servers.js';
 // PulseMCP Admin API client implementation
 export class PulseMCPAdminClient {
     apiKey;
@@ -200,6 +205,18 @@ export class PulseMCPAdminClient {
     async createApiKey(params) {
         return createApiKey(this.apiKey, this.baseUrl, params);
     }
+    async deleteTenant(params) {
+        return deleteTenant(this.apiKey, this.baseUrl, params);
+    }
+    async deleteApiKey(id) {
+        return deleteApiKey(this.apiKey, this.baseUrl, id);
+    }
+    async listTenantServers(idOrSlug, params) {
+        return listTenantServers(this.apiKey, this.baseUrl, idOrSlug, params);
+    }
+    async bulkUpdateTenantServers(idOrSlug, params) {
+        return bulkUpdateTenantServers(this.apiKey, this.baseUrl, idOrSlug, params);
+    }
     // MCP JSON REST API methods
     async getMcpJsons(params) {
         return getMcpJsons(this.apiKey, this.baseUrl, params);
@@ -229,6 +246,9 @@ export class PulseMCPAdminClient {
     async recacheMCPServer(slug) {
         return recacheMCPServer(this.apiKey, this.baseUrl, slug);
     }
+    async setKnownMissingInitToolsList(id, knownMissingInitToolsList, knownMissingInitToolsListFilterTo) {
+        return setKnownMissingInitToolsList(this.apiKey, this.baseUrl, id, knownMissingInitToolsList, knownMissingInitToolsListFilterTo);
+    }
     // Redirect REST API methods
     async getRedirects(params) {
         return getRedirects(this.apiKey, this.baseUrl, params);

package/build/shared/src/tools/add-servers-to-tenant.js

@@ -0,0 +1,133 @@
+import { z } from 'zod';
+const PARAM_DESCRIPTIONS = {
+    tenant: 'Tenant ID (number) or slug (string) to add servers to.',
+    add_server_identifiers: 'Array of MCP server IDs (numbers) or slugs (strings) to add to the tenant\'s recommendation list. Servers without an unofficial mirror are silently skipped (returned in `skipped` with reason "no_unofficial_mirror"). Already-active associations are skipped (reason "already_active").',
+    remove_server_identifiers: 'Optional array of MCP server IDs or slugs to remove from the tenant in the same call. Touched associations are soft-deleted; untouched associations are hard-deleted.',
+    restore_association_ids: 'Optional array of TenantsMcpServer association IDs to restore from a soft-deleted state. Use list_tenant_servers with status="deleted" to find these IDs.',
+};
+const AddServersToTenantSchema = z
+    .object({
+    tenant: z.union([z.number(), z.string()]).describe(PARAM_DESCRIPTIONS.tenant),
+    add_server_identifiers: z
+        .array(z.union([z.number(), z.string()]))
+        .optional()
+        .describe(PARAM_DESCRIPTIONS.add_server_identifiers),
+    remove_server_identifiers: z
+        .array(z.union([z.number(), z.string()]))
+        .optional()
+        .describe(PARAM_DESCRIPTIONS.remove_server_identifiers),
+    restore_association_ids: z
+        .array(z.number())
+        .optional()
+        .describe(PARAM_DESCRIPTIONS.restore_association_ids),
+})
+    .refine((val) => (val.add_server_identifiers && val.add_server_identifiers.length > 0) ||
+    (val.remove_server_identifiers && val.remove_server_identifiers.length > 0) ||
+    (val.restore_association_ids && val.restore_association_ids.length > 0), {
+    message: 'Must provide at least one of add_server_identifiers, remove_server_identifiers, or restore_association_ids',
+});
+export function addServersToTenant(_server, clientFactory) {
+    return {
+        name: 'add_servers_to_tenant',
+        description: `Add MCP servers to a tenant's recommendation list. Optionally remove and restore associations in the same transactional call.
+
+Servers are added with server_json_selection: "unofficial" — they always pin to the unofficial mirror's server.json. A server without an unofficial mirror cannot be added and will be reported in "skipped" with reason "no_unofficial_mirror".
+
+This tool only changes the tenant's recommendation list (TenantsMcpServer rows). The underlying MCP server's public listing is NOT affected — public servers stay public and continue to appear in the public directory.
+
+The response includes:
+- added: servers newly attached to the tenant (outcome "created" or "restored_from_deleted")
+- removed: servers detached (outcome "hard_deleted" if untouched, "soft_deleted" if the row had been customized)
+- restored: associations restored from soft-deleted state via restore_association_ids
+- skipped: identifiers that resolved to a server but were skipped with a reason
+- unresolved_identifiers: identifiers that didn't match any existing MCP server
+
+Use cases:
+- Curate a tenant's recommended-servers list
+- Bulk-add servers by slug or ID in one call
+- Combine adds and removes atomically (e.g., swap one server for another)`,
+        inputSchema: {
+            type: 'object',
+            properties: {
+                tenant: {
+                    oneOf: [{ type: 'number' }, { type: 'string' }],
+                    description: PARAM_DESCRIPTIONS.tenant,
+                },
+                add_server_identifiers: {
+                    type: 'array',
+                    items: { oneOf: [{ type: 'number' }, { type: 'string' }] },
+                    description: PARAM_DESCRIPTIONS.add_server_identifiers,
+                },
+                remove_server_identifiers: {
+                    type: 'array',
+                    items: { oneOf: [{ type: 'number' }, { type: 'string' }] },
+                    description: PARAM_DESCRIPTIONS.remove_server_identifiers,
+                },
+                restore_association_ids: {
+                    type: 'array',
+                    items: { type: 'number' },
+                    description: PARAM_DESCRIPTIONS.restore_association_ids,
+                },
+            },
+            required: ['tenant'],
+        },
+        handler: async (args) => {
+            try {
+                const validatedArgs = AddServersToTenantSchema.parse(args);
+                const client = clientFactory();
+                const result = await client.bulkUpdateTenantServers(validatedArgs.tenant, {
+                    add_server_identifiers: validatedArgs.add_server_identifiers,
+                    remove_server_identifiers: validatedArgs.remove_server_identifiers,
+                    restore_association_ids: validatedArgs.restore_association_ids,
+                });
+                let content = `**Tenant servers updated** (tenant=${result.tenant.slug}, id=${result.tenant.id})\n\n`;
+                content += `- Added: ${result.added.length}\n`;
+                content += `- Removed: ${result.removed.length}\n`;
+                content += `- Restored: ${result.restored.length}\n`;
+                content += `- Skipped: ${result.skipped.length}\n`;
+                content += `- Unresolved identifiers: ${result.unresolved_identifiers.length}\n`;
+                if (result.added.length > 0) {
+                    content += `\n**Added:**\n`;
+                    for (const item of result.added) {
+                        content += `- ${item.mcp_server_slug} (server_id=${item.mcp_server_id}, association_id=${item.association_id}, outcome=${item.outcome})\n`;
+                    }
+                }
+                if (result.removed.length > 0) {
+                    content += `\n**Removed:**\n`;
+                    for (const item of result.removed) {
+                        const assocPart = item.association_id != null ? `, association_id=${item.association_id}` : '';
+                        content += `- ${item.mcp_server_slug} (server_id=${item.mcp_server_id}${assocPart}, outcome=${item.outcome})\n`;
+                    }
+                }
+                if (result.restored.length > 0) {
+                    content += `\n**Restored:**\n`;
+                    for (const item of result.restored) {
+                        content += `- ${item.mcp_server_slug} (server_id=${item.mcp_server_id}, association_id=${item.association_id})\n`;
+                    }
+                }
+                if (result.skipped.length > 0) {
+                    content += `\n**Skipped:**\n`;
+                    for (const item of result.skipped) {
+                        const label = item.mcp_server_slug || item.mcp_server_id || item.association_id;
+                        content += `- ${label} — reason: ${item.reason}\n`;
+                    }
+                }
+                if (result.unresolved_identifiers.length > 0) {
+                    content += `\n**Unresolved identifiers:** ${result.unresolved_identifiers.join(', ')}\n`;
+                }
+                return { content: [{ type: 'text', text: content }] };
+            }
+            catch (error) {
+                return {
+                    content: [
+                        {
+                            type: 'text',
+                            text: `Error updating tenant servers: ${error instanceof Error ? error.message : String(error)}`,
+                        },
+                    ],
+                    isError: true,
+                };
+            }
+        },
+    };
+}

package/build/shared/src/tools/delete-api-key.js

@@ -0,0 +1,119 @@
+import { z } from 'zod';
+import { requestConfirmation, createConfirmationSchema } from '@pulsemcp/mcp-elicitation';
+import { readCmsAdminElicitationConfig } from '../elicitation-config.js';
+const PARAM_DESCRIPTIONS = {
+    id: 'The numeric ID of the API key to revoke.',
+};
+const DeleteApiKeySchema = z.object({
+    id: z.number().int().positive().describe(PARAM_DESCRIPTIONS.id),
+});
+const TOOL_DESCRIPTION = `Permanently revoke (delete) an API key.
+
+**This is a destructive operation.** Revoking an API key immediately invalidates it; any clients still using the key will start receiving 401 Unauthorized. The deletion is idempotent — calling delete on a non-existent or already-deleted key returns success.
+
+By default, the request requires explicit user approval via MCP elicitation before being sent to the admin API.
+
+**Parameters:**
+- \`id\` (required): Numeric ID of the API key.
+
+**Returns:**
+- \`success\`: Boolean indicating whether the request succeeded.
+- \`message\`: Human-readable confirmation message.
+
+**Use cases:**
+- Revoke a leaked or compromised API key.
+- Roll a tenant's keys after a permission change.
+- Remove a deprecated key during cleanup.`;
+export function deleteApiKey(server, clientFactory) {
+    return {
+        name: 'delete_api_key',
+        description: TOOL_DESCRIPTION,
+        inputSchema: {
+            type: 'object',
+            properties: {
+                id: {
+                    type: 'number',
+                    description: PARAM_DESCRIPTIONS.id,
+                },
+            },
+            required: ['id'],
+        },
+        handler: async (args) => {
+            try {
+                const validatedArgs = DeleteApiKeySchema.parse(args);
+                const elicitConfig = readCmsAdminElicitationConfig();
+                if (elicitConfig.destructiveElicitationEnabled) {
+                    const lines = [
+                        'About to PERMANENTLY REVOKE an API key via the PulseMCP admin API:',
+                        `  API key ID: ${validatedArgs.id}`,
+                        '',
+                        'Any clients still using this key will start receiving 401 Unauthorized.',
+                        'This action cannot be undone.',
+                    ];
+                    const confirmation = await requestConfirmation({
+                        server,
+                        message: lines.join('\n') + '\n',
+                        requestedSchema: createConfirmationSchema('Revoke this API key?', 'Confirm that you want to permanently revoke this API key.'),
+                        meta: {
+                            'com.pulsemcp/tool-name': 'delete_api_key',
+                        },
+                    }, elicitConfig.base);
+                    if (confirmation.action !== 'accept') {
+                        if (confirmation.action === 'expired') {
+                            return {
+                                content: [
+                                    {
+                                        type: 'text',
+                                        text: 'API key revocation confirmation expired. Please try again.',
+                                    },
+                                ],
+                                isError: true,
+                            };
+                        }
+                        return {
+                            content: [
+                                {
+                                    type: 'text',
+                                    text: 'API key revocation was cancelled by the user.',
+                                },
+                            ],
+                        };
+                    }
+                    if (confirmation.content &&
+                        'confirm' in confirmation.content &&
+                        confirmation.content.confirm === false) {
+                        return {
+                            content: [
+                                {
+                                    type: 'text',
+                                    text: 'API key revocation was not confirmed.',
+                                },
+                            ],
+                        };
+                    }
+                }
+                const client = clientFactory();
+                const result = await client.deleteApiKey(validatedArgs.id);
+                return {
+                    content: [
+                        {
+                            type: 'text',
+                            text: `${result.success ? 'API key revoked.' : 'API key revocation failed.'} ${result.message}`,
+                        },
+                    ],
+                };
+            }
+            catch (error) {
+                return {
+                    content: [
+                        {
+                            type: 'text',
+                            text: `Error revoking API key: ${error instanceof Error ? error.message : String(error)}`,
+                        },
+                    ],
+                    isError: true,
+                };
+            }
+        },
+    };
+}

package/build/shared/src/tools/delete-tenant.js

@@ -0,0 +1,129 @@
+import { z } from 'zod';
+import { requestConfirmation, createConfirmationSchema } from '@pulsemcp/mcp-elicitation';
+import { readCmsAdminElicitationConfig } from '../elicitation-config.js';
+const PARAM_DESCRIPTIONS = {
+    id_or_slug: 'The ID (number) or slug (string) of the tenant to delete.',
+    force: 'When true, deletes the tenant and cascades to dependent records (API keys, enrichments, etc.). When false (default), the deletion will fail with a 422 if dependents exist.',
+};
+const DeleteTenantSchema = z.object({
+    id_or_slug: z.union([z.number(), z.string()]).describe(PARAM_DESCRIPTIONS.id_or_slug),
+    force: z.boolean().optional().describe(PARAM_DESCRIPTIONS.force),
+});
+const TOOL_DESCRIPTION = `Permanently delete a tenant from the PulseMCP admin API.
+
+**This is a destructive operation.** Deleting a tenant removes the tenant record and (with \`force: true\`) cascades to dependent records such as API keys and enrichments. By default, the request requires explicit user approval via MCP elicitation before being sent to the admin API.
+
+**Parameters:**
+- \`id_or_slug\` (required): Numeric ID or slug of the tenant.
+- \`force\` (optional, default false): Cascade-delete dependents. Without this, deleting a tenant that owns API keys or other resources returns 422.
+
+**Returns:**
+- \`success\`: Boolean indicating whether the tenant was deleted.
+- \`message\`: Human-readable confirmation message.
+
+**Use cases:**
+- Permanently remove a deprovisioned tenant.
+- Delete a test tenant created during onboarding/QA.
+- Cascading cleanup of a tenant and all of its API keys (\`force: true\`).`;
+export function deleteTenant(server, clientFactory) {
+    return {
+        name: 'delete_tenant',
+        description: TOOL_DESCRIPTION,
+        inputSchema: {
+            type: 'object',
+            properties: {
+                id_or_slug: {
+                    oneOf: [{ type: 'number' }, { type: 'string' }],
+                    description: PARAM_DESCRIPTIONS.id_or_slug,
+                },
+                force: {
+                    type: 'boolean',
+                    description: PARAM_DESCRIPTIONS.force,
+                },
+            },
+            required: ['id_or_slug'],
+        },
+        handler: async (args) => {
+            try {
+                const validatedArgs = DeleteTenantSchema.parse(args);
+                const elicitConfig = readCmsAdminElicitationConfig();
+                if (elicitConfig.destructiveElicitationEnabled) {
+                    const lines = [
+                        'About to PERMANENTLY DELETE a tenant via the PulseMCP admin API:',
+                        `  Tenant: ${validatedArgs.id_or_slug}`,
+                        `  Cascade dependents (force): ${validatedArgs.force ? 'yes' : 'no'}`,
+                        '',
+                        'This action cannot be undone.',
+                    ];
+                    const confirmation = await requestConfirmation({
+                        server,
+                        message: lines.join('\n') + '\n',
+                        requestedSchema: createConfirmationSchema('Delete this tenant?', 'Confirm that you want to permanently delete this tenant.'),
+                        meta: {
+                            'com.pulsemcp/tool-name': 'delete_tenant',
+                        },
+                    }, elicitConfig.base);
+                    if (confirmation.action !== 'accept') {
+                        if (confirmation.action === 'expired') {
+                            return {
+                                content: [
+                                    {
+                                        type: 'text',
+                                        text: 'Tenant deletion confirmation expired. Please try again.',
+                                    },
+                                ],
+                                isError: true,
+                            };
+                        }
+                        return {
+                            content: [
+                                {
+                                    type: 'text',
+                                    text: 'Tenant deletion was cancelled by the user.',
+                                },
+                            ],
+                        };
+                    }
+                    // Defense-in-depth: some MCP clients may return action='accept' without the
+                    // user actually checking the confirmation checkbox.
+                    if (confirmation.content &&
+                        'confirm' in confirmation.content &&
+                        confirmation.content.confirm === false) {
+                        return {
+                            content: [
+                                {
+                                    type: 'text',
+                                    text: 'Tenant deletion was not confirmed.',
+                                },
+                            ],
+                        };
+                    }
+                }
+                const client = clientFactory();
+                const result = await client.deleteTenant({
+                    id_or_slug: validatedArgs.id_or_slug,
+                    force: validatedArgs.force,
+                });
+                return {
+                    content: [
+                        {
+                            type: 'text',
+                            text: `${result.success ? 'Tenant deleted.' : 'Tenant deletion failed.'} ${result.message}`,
+                        },
+                    ],
+                };
+            }
+            catch (error) {
+                return {
+                    content: [
+                        {
+                            type: 'text',
+                            text: `Error deleting tenant: ${error instanceof Error ? error.message : String(error)}`,
+                        },
+                    ],
+                    isError: true,
+                };
+            }
+        },
+    };
+}

package/build/shared/src/tools/get-mcp-server.js

@@ -105,6 +105,16 @@ Example response:
                 if (server.verified_no_remote_canonicals !== undefined) {
                     content += `**Verified No Remote Canonicals:** ${server.verified_no_remote_canonicals ? 'Yes' : 'No'}\n`;
                 }
+                if (server.owner_tenant_slug || server.owner_tenant_id) {
+                    content += `**Owner Tenant:** ${server.owner_tenant_slug ?? '(no slug)'}`;
+                    if (server.owner_tenant_id) {
+                        content += ` (id: ${server.owner_tenant_id})`;
+                    }
+                    content += '\n';
+                }
+                else {
+                    content += `**Owner Tenant:** (none)\n`;
+                }
                 if (server.short_description) {
                     content += `\n**Short Description:**\n${server.short_description}\n`;
                 }
@@ -152,10 +162,11 @@ Example response:
                         content += `- **Status:** ${server.source_code.github_status}\n`;
                     }
                 }
-                // Canonical URLs
-                if (server.canonical_urls && server.canonical_urls.length > 0) {
-                    content += `\n## Canonical URLs\n`;
-                    for (const canonical of server.canonical_urls) {
+                // Canonical URLs — always rendered so callers can see the field is empty vs. missing
+                const canonicalUrls = server.canonical_urls ?? [];
+                if (canonicalUrls.length > 0) {
+                    content += `\n## Canonical URLs (${canonicalUrls.length})\n`;
+                    for (const canonical of canonicalUrls) {
                         content += `- **${canonical.scope}:** ${canonical.url}`;
                         if (canonical.note) {
                             content += ` (${canonical.note})`;
@@ -163,10 +174,14 @@ Example response:
                         content += '\n';
                     }
                 }
-                // Remote endpoints
-                if (server.remotes && server.remotes.length > 0) {
-                    content += `\n## Remote Endpoints (${server.remotes.length})\n`;
-                    for (const [idx, remote] of server.remotes.entries()) {
+                else {
+                    content += `\n## Canonical URLs\n(none)\n`;
+                }
+                // Remote endpoints — always rendered so callers can see the field is empty vs. missing
+                const remotes = server.remotes ?? [];
+                if (remotes.length > 0) {
+                    content += `\n## Remote Endpoints (${remotes.length})\n`;
+                    for (const [idx, remote] of remotes.entries()) {
                         content += `\n### ${idx + 1}. ${remote.display_name || 'Endpoint'}`;
                         if (remote.id) {
                             content += ` (ID: ${remote.id})`;
@@ -198,6 +213,9 @@ Example response:
                         }
                     }
                 }
+                else {
+                    content += `\n## Remote Endpoints\n(none)\n`;
+                }
                 // Tags
                 if (server.tags && server.tags.length > 0) {
                     content += `\n## Tags\n`;

package/build/shared/src/tools/list-mcp-servers.js

@@ -123,6 +123,9 @@ Use cases:
                     if (server.remotes && server.remotes.length > 0) {
                         content += `   Remote endpoints: ${server.remotes.length}\n`;
                     }
+                    if (server.owner_tenant_slug || server.owner_tenant_id) {
+                        content += `   Owner Tenant: ${server.owner_tenant_slug ?? `id ${server.owner_tenant_id}`}\n`;
+                    }
                     if (server.downloads_estimate_total) {
                         content += `   Downloads (total): ${server.downloads_estimate_total.toLocaleString()}\n`;
                     }