signupgenius-mcp 1.0.3 → 1.0.7

package/.claude-plugin/marketplace.json

@@ -0,0 +1,34 @@
+{
+  "$schema": "https://anthropic.com/claude-code/marketplace.schema.json",
+  "name": "signupgenius-mcp",
+  "owner": {
+    "name": "Chris Hall",
+    "email": "chris.c.hall@gmail.com"
+  },
+  "metadata": {
+    "description": "MCP server for SignUpGenius — read sign-ups, slot reports, and groups; add group members.",
+    "version": "1.0.7"
+  },
+  "plugins": [
+    {
+      "name": "signupgenius-mcp",
+      "displayName": "SignUpGenius",
+      "source": "./",
+      "description": "SignUpGenius MCP server for Claude — sign-ups, slot reports, and groups via natural language. Free or Pro accounts.",
+      "version": "1.0.7",
+      "author": {
+        "name": "Chris Hall"
+      },
+      "homepage": "https://github.com/chrischall/signupgenius-mcp",
+      "repository": "https://github.com/chrischall/signupgenius-mcp",
+      "license": "MIT",
+      "keywords": [
+        "signupgenius",
+        "signups",
+        "volunteers",
+        "mcp"
+      ],
+      "category": "productivity"
+    }
+  ]
+}

package/.claude-plugin/plugin.json

@@ -0,0 +1,19 @@
+{
+  "name": "signupgenius-mcp",
+  "displayName": "SignUpGenius",
+  "version": "1.0.7",
+  "description": "SignUpGenius MCP server for Claude — read sign-ups, slot reports, and groups; add group members. Three auth paths: Pro API key, email/password, or sign in via the fetchproxy browser extension.",
+  "author": {
+    "name": "Chris Hall",
+    "email": "chris.c.hall@gmail.com"
+  },
+  "homepage": "https://github.com/chrischall/signupgenius-mcp",
+  "repository": "https://github.com/chrischall/signupgenius-mcp",
+  "license": "MIT",
+  "keywords": [
+    "signupgenius",
+    "signups",
+    "volunteers",
+    "mcp"
+  ]
+}

package/README.md

@@ -88,3 +88,25 @@ Tests: vitest, 100% line/branch/function coverage. End-to-end tests against the
 - For testing the Pro v2/k surface without an account, SignUpGenius publishes a frozen demo key: `V0FzMkxZcmVOZlVnclZMVEl6dGhWQT09`.
 
 Developed and maintained by AI (Claude). Use at your own discretion.
+
+## Acknowledgement of Terms
+
+By using this MCP server, you acknowledge and agree to the following:
+
+**1. This server accesses your own SignUpGenius account.** Auth happens via your own credentials. It does not — and cannot — access anyone else's account or signups.
+
+**2. [SignUpGenius's Terms of Service](https://www.signupgenius.com/terms-of-service) govern your use of this server**, just as they govern your direct use of signupgenius.com. The clauses most relevant here:
+
+> Users may not bypass any robot exclusion headers or other measures we take to restrict access to the Services or use any software, technology, or device to scrape, spider, or crawl the Services.
+
+And: *"You are responsible for maintaining the confidentiality of your account user name and password… You agree to accept responsibility for any and all activities or actions that occur in connection with your User Credentials."*
+
+You are agreeing to those terms — read by the maintainer 2026-05-23 — every time you invoke a tool in this server. Notably, **SignUpGenius does offer an official API** for paid plans; where possible, prefer the official API over the endpoints this MCP exercises.
+
+**3. Personal, organizer/participant use only.** This project is not affiliated with, endorsed by, sponsored by, or in partnership with SignUpGenius, Inc. It is a personal automation tool for an authenticated user to manage their own signups and groups. Do not use it to scrape other organizers' signups, spam participants, or bulk-add fake group members.
+
+**4. Stability is not guaranteed.** This server may call internal endpoints that SignUpGenius can change without notice. If a tool here breaks, the canonical fix is to use the official API where available.
+
+**5. You accept full responsibility** for any consequences of using this server in connection with your SignUpGenius account — rate limiting, account warnings, suspension, or any enforcement action. Per the ToS, everything done under your credentials is attributed to you. If SignUpGenius objects to your use, stop using this server.
+
+This section is the maintainer's good-faith summary of the terms — it is not legal advice and does not modify or supersede SignUpGenius's actual ToS.

package/dist/bundle.js

@@ -7659,6 +7659,10 @@ var require_receiver = __commonJS({
        *     extensions
        * @param {Boolean} [options.isServer=false] Specifies whether to operate in
        *     client or server mode
+       * @param {Number} [options.maxBufferedChunks=0] The maximum number of
+       *     buffered data chunks
+       * @param {Number} [options.maxFragments=0] The maximum number of message
+       *     fragments
        * @param {Number} [options.maxPayload=0] The maximum allowed message length
        * @param {Boolean} [options.skipUTF8Validation=false] Specifies whether or
        *     not to skip UTF-8 validation for text and close messages
@@ -7669,6 +7673,8 @@ var require_receiver = __commonJS({
         this._binaryType = options.binaryType || BINARY_TYPES[0];
         this._extensions = options.extensions || {};
         this._isServer = !!options.isServer;
+        this._maxBufferedChunks = options.maxBufferedChunks | 0;
+        this._maxFragments = options.maxFragments | 0;
         this._maxPayload = options.maxPayload | 0;
         this._skipUTF8Validation = !!options.skipUTF8Validation;
         this[kWebSocket] = void 0;
@@ -7698,6 +7704,18 @@ var require_receiver = __commonJS({
        */
       _write(chunk, encoding, cb) {
         if (this._opcode === 8 && this._state == GET_INFO) return cb();
+        if (this._maxBufferedChunks > 0 && this._buffers.length >= this._maxBufferedChunks) {
+          cb(
+            this.createError(
+              RangeError,
+              "Too many buffered chunks",
+              false,
+              1008,
+              "WS_ERR_TOO_MANY_BUFFERED_PARTS"
+            )
+          );
+          return;
+        }
         this._bufferedBytes += chunk.length;
         this._buffers.push(chunk);
         this.startLoop(cb);
@@ -8027,6 +8045,17 @@ var require_receiver = __commonJS({
           return;
         }
         if (data.length) {
+          if (this._maxFragments > 0 && this._fragments.length >= this._maxFragments) {
+            const error51 = this.createError(
+              RangeError,
+              "Too many message fragments",
+              false,
+              1008,
+              "WS_ERR_TOO_MANY_BUFFERED_PARTS"
+            );
+            cb(error51);
+            return;
+          }
           this._messageLength = this._totalPayloadLength;
           this._fragments.push(data);
         }
@@ -8056,6 +8085,17 @@ var require_receiver = __commonJS({
               cb(error51);
               return;
             }
+            if (this._maxFragments > 0 && this._fragments.length >= this._maxFragments) {
+              const error51 = this.createError(
+                RangeError,
+                "Too many message fragments",
+                false,
+                1008,
+                "WS_ERR_TOO_MANY_BUFFERED_PARTS"
+              );
+              cb(error51);
+              return;
+            }
             this._fragments.push(buf);
           }
           this.dataMessage(cb);
@@ -9262,6 +9302,10 @@ var require_websocket = __commonJS({
        *     multiple times in the same tick
        * @param {Function} [options.generateMask] The function used to generate the
        *     masking key
+       * @param {Number} [options.maxBufferedChunks=0] The maximum number of
+       *     buffered data chunks
+       * @param {Number} [options.maxFragments=0] The maximum number of message
+       *     fragments
        * @param {Number} [options.maxPayload=0] The maximum allowed message size
        * @param {Boolean} [options.skipUTF8Validation=false] Specifies whether or
        *     not to skip UTF-8 validation for text and close messages
@@ -9273,6 +9317,8 @@ var require_websocket = __commonJS({
           binaryType: this.binaryType,
           extensions: this._extensions,
           isServer: this._isServer,
+          maxBufferedChunks: options.maxBufferedChunks,
+          maxFragments: options.maxFragments,
           maxPayload: options.maxPayload,
           skipUTF8Validation: options.skipUTF8Validation
         });
@@ -9572,6 +9618,8 @@ var require_websocket = __commonJS({
         autoPong: true,
         closeTimeout: CLOSE_TIMEOUT,
         protocolVersion: protocolVersions[1],
+        maxBufferedChunks: 1024 * 1024,
+        maxFragments: 128 * 1024,
         maxPayload: 100 * 1024 * 1024,
         skipUTF8Validation: false,
         perMessageDeflate: true,
@@ -9814,6 +9862,8 @@ var require_websocket = __commonJS({
         websocket.setSocket(socket, head, {
           allowSynchronousEvents: opts.allowSynchronousEvents,
           generateMask: opts.generateMask,
+          maxBufferedChunks: opts.maxBufferedChunks,
+          maxFragments: opts.maxFragments,
           maxPayload: opts.maxPayload,
           skipUTF8Validation: opts.skipUTF8Validation
         });
@@ -10156,6 +10206,10 @@ var require_websocket_server = __commonJS({
        *     called
        * @param {Function} [options.handleProtocols] A hook to handle protocols
        * @param {String} [options.host] The hostname where to bind the server
+       * @param {Number} [options.maxBufferedChunks=1048576] The maximum number of
+       *     buffered data chunks
+       * @param {Number} [options.maxFragments=131072] The maximum number of message
+       *     fragments
        * @param {Number} [options.maxPayload=104857600] The maximum allowed message
        *     size
        * @param {Boolean} [options.noServer=false] Enable no server mode
@@ -10177,6 +10231,8 @@ var require_websocket_server = __commonJS({
         options = {
           allowSynchronousEvents: true,
           autoPong: true,
+          maxBufferedChunks: 1024 * 1024,
+          maxFragments: 128 * 1024,
           maxPayload: 100 * 1024 * 1024,
           skipUTF8Validation: false,
           perMessageDeflate: false,
@@ -10456,6 +10512,8 @@ var require_websocket_server = __commonJS({
         socket.removeListener("error", socketOnError);
         ws.setSocket(socket, head, {
           allowSynchronousEvents: this.options.allowSynchronousEvents,
+          maxBufferedChunks: this.options.maxBufferedChunks,
+          maxFragments: this.options.maxFragments,
           maxPayload: this.options.maxPayload,
           skipUTF8Validation: this.options.skipUTF8Validation
         });
@@ -34582,6 +34640,7 @@ var StdioServerTransport = class {
 
 // node_modules/@fetchproxy/protocol/dist/frames.js
 var PROTOCOL_VERSION = 2;
+var HKDF_SESSION_INFO = "fetchproxy/1.0.0/session";
 var KNOWN_CAPABILITIES = /* @__PURE__ */ new Set([
   "fetch",
   "read_cookies",
@@ -34656,7 +34715,7 @@ var ProtocolError = class extends Error {
 var FORBIDDEN_KEYS = /* @__PURE__ */ new Set(["__proto__", "constructor", "prototype"]);
 var BASE64_RE = /^[A-Za-z0-9+/]*={0,2}$/;
 var SCOPE_KEY_RE = /^[A-Za-z0-9_.\-]{1,256}$/;
-var SCOPE_KEY_GLOB_RE = /^[A-Za-z0-9_.\-]{1,255}\*?$/;
+var SCOPE_KEY_GLOB_RE = /^[A-Za-z0-9_.\-]{1,256}\*?$/;
 var HEADER_NAME_RE = /^[A-Za-z0-9_\-]{1,128}$/;
 var HOSTNAME_RE = /^[a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?(\.[a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?)+$/i;
 function assertObject(x, label) {
@@ -34785,7 +34844,7 @@ function assertStoragePointersArray(value, label, declaredKeys) {
     if (entry.jsonPointer === void 0) {
       throw new ProtocolError(`${label}[${i}].jsonPointer: missing`);
     }
-    if (typeof entry.key !== "string" || !SCOPE_KEY_GLOB_RE.test(entry.key)) {
+    if (typeof entry.key !== "string" || !SCOPE_KEY_RE.test(entry.key)) {
       throw new ProtocolError(`${label}[${i}].key: invalid key ${JSON.stringify(entry.key)}`);
     }
     if (typeof entry.jsonPointer !== "string" || !isValidJsonPointer(entry.jsonPointer)) {
@@ -34884,6 +34943,8 @@ function validateFrame(raw) {
     return validateReady(raw);
   if (t === "frame")
     return validateEncrypted(raw);
+  if (t === "pair-pending")
+    return validatePairPending(raw);
   throw new ProtocolError(`unknown frame type: ${String(t)}`);
 }
 function validateHello(raw) {
@@ -34985,6 +35046,17 @@ function validateEncrypted(raw) {
   assertBase64(raw.ciphertext, "frame.ciphertext");
   return raw;
 }
+var PAIR_CODE_RE = /^\d{3}-\d{3}$/;
+function validatePairPending(raw) {
+  assertString(raw.mcpId, "pair-pending.mcpId");
+  if (!isValidMcpId(raw.mcpId))
+    throw new ProtocolError("pair-pending.mcpId: invalid format");
+  assertString(raw.pairCode, "pair-pending.pairCode");
+  if (!PAIR_CODE_RE.test(raw.pairCode)) {
+    throw new ProtocolError(`pair-pending.pairCode: must match XXX-XXX, got ${String(raw.pairCode)}`);
+  }
+  return { type: "pair-pending", mcpId: raw.mcpId, pairCode: raw.pairCode };
+}
 function validateInnerFrame(raw) {
   assertObject(raw, "inner");
   const t = raw.type;
@@ -35567,15 +35639,22 @@ async function startHost(opts) {
   let extensionWs = null;
   const peers = /* @__PURE__ */ new Map();
   const ownInnerListeners = [];
+  const disconnectListeners = [];
+  const pendingPairListeners = [];
   let ownSession = null;
+  let ownPendingPairCode = null;
   let resolveOwnSession;
   let rejectOwnSession;
-  const ownSessionReady = new Promise((resolve, reject) => {
-    resolveOwnSession = resolve;
-    rejectOwnSession = reject;
-  });
-  ownSessionReady.catch(() => {
-  });
+  let ownSessionReady;
+  function resetSessionPromise() {
+    ownSessionReady = new Promise((resolve, reject) => {
+      resolveOwnSession = resolve;
+      rejectOwnSession = reject;
+    });
+    ownSessionReady.catch(() => {
+    });
+  }
+  resetSessionPromise();
   let extensionHello = null;
   wss.on("connection", (ws) => {
     let identified = null;
@@ -35644,11 +35723,12 @@ async function startHost(opts) {
             }
             const extPub = fromB64(frame.extensionSessionPub);
             const shared = await ecdhX25519(opts.ownIdentity.x25519Priv, extPub);
-            const key = await hkdfSha256(shared, ownSessionNonce, enc2.encode("fetchproxy/0.1.0/session"), 32);
-            if (!ownSession) {
-              ownSession = new SessionState(key);
-              resolveOwnSession(ownSession);
-            }
+            const key = await hkdfSha256(shared, ownSessionNonce, enc2.encode(HKDF_SESSION_INFO), 32);
+            if (extensionWs !== ws)
+              return;
+            ownSession = new SessionState(key);
+            ownPendingPairCode = null;
+            resolveOwnSession(ownSession);
           } else {
             const slot = peers.get(frame.mcpId);
             if (slot)
@@ -35675,6 +35755,16 @@ async function startHost(opts) {
               extensionWs.send(JSON.stringify(frame));
           }
         }
+        if (frame.type === "pair-pending" && identified === "extension") {
+          if (frame.mcpId === opts.ownMcpId) {
+            ownPendingPairCode = frame.pairCode;
+            pendingPairListeners.forEach((cb) => cb(frame.pairCode));
+          } else {
+            const slot = peers.get(frame.mcpId);
+            if (slot)
+              slot.ws.send(JSON.stringify(frame));
+          }
+        }
       } catch (e) {
         console.error("[fetchproxy] host: message handler error:", e);
         try {
@@ -35690,6 +35780,9 @@ async function startHost(opts) {
         if (!ownSession) {
           rejectOwnSession(new Error("extension disconnected before ready"));
         }
+        ownSession = null;
+        resetSessionPromise();
+        disconnectListeners.forEach((cb) => cb());
       }
       if (identified === "peer" && peerMcpId)
         peers.delete(peerMcpId);
@@ -35714,7 +35807,14 @@ async function startHost(opts) {
     },
     onOwnInner: (cb) => {
       ownInnerListeners.push(cb);
-    }
+    },
+    onExtensionDisconnect: (cb) => {
+      disconnectListeners.push(cb);
+    },
+    onPendingPair: (cb) => {
+      pendingPairListeners.push(cb);
+    },
+    pendingPairCode: () => ownPendingPairCode
   };
 }
 
@@ -35744,36 +35844,57 @@ async function startPeer(opts) {
   const sessionNonce = fromB64(hello.sessionNonce);
   ws.send(JSON.stringify(hello));
   const innerListeners = [];
+  const renegotiateListeners = [];
+  const pendingPairListeners = [];
   let session = null;
+  let pendingPairCode = null;
+  let resolveFirstReady;
+  let rejectFirstReady;
   const sessionPromise = new Promise((resolve, reject) => {
-    const onMessage = async (data) => {
-      try {
-        const raw = JSON.parse(data.toString());
-        const frame = validateFrame(raw);
-        if (frame.type === "ready" && frame.mcpId === opts.mcpId) {
-          const extPub = fromB64(frame.extensionSessionPub);
-          const shared = await ecdhX25519(opts.identity.x25519Priv, extPub);
-          const sessionKey = await hkdfSha256(shared, sessionNonce, enc3.encode("fetchproxy/0.1.0/session"), 32);
-          session = new SessionState(sessionKey);
-          resolve(session);
-          return;
+    resolveFirstReady = resolve;
+    rejectFirstReady = reject;
+  });
+  const onMessage = async (data) => {
+    try {
+      const raw = JSON.parse(data.toString());
+      const frame = validateFrame(raw);
+      if (frame.type === "ready" && frame.mcpId === opts.mcpId) {
+        const extPub = fromB64(frame.extensionSessionPub);
+        const shared = await ecdhX25519(opts.identity.x25519Priv, extPub);
+        const sessionKey = await hkdfSha256(shared, sessionNonce, enc3.encode(HKDF_SESSION_INFO), 32);
+        const isRenegotiation = session !== null;
+        session = new SessionState(sessionKey);
+        pendingPairCode = null;
+        if (isRenegotiation) {
+          renegotiateListeners.forEach((cb) => cb());
+        } else {
+          resolveFirstReady(session);
         }
-        if (frame.type === "frame" && frame.mcpId === opts.mcpId) {
-          if (!session)
-            return;
-          if (!session.acceptInboundSeq(frame.seq))
-            return;
+        return;
+      }
+      if (frame.type === "pair-pending" && frame.mcpId === opts.mcpId) {
+        pendingPairCode = frame.pairCode;
+        pendingPairListeners.forEach((cb) => cb(frame.pairCode));
+        return;
+      }
+      if (frame.type === "frame" && frame.mcpId === opts.mcpId) {
+        if (!session)
+          return;
+        if (!session.acceptInboundSeq(frame.seq))
+          return;
+        try {
           const inner = await openEncryptedFrame(session.sessionKey, frame);
           innerListeners.forEach((cb) => cb(inner));
+        } catch {
         }
-      } catch (e) {
-        reject(e instanceof Error ? e : new Error(String(e)));
       }
-    };
-    ws.on("message", onMessage);
-    ws.once("close", () => {
-      reject(new Error("peer WS closed before ready"));
-    });
+    } catch (e) {
+      rejectFirstReady(e instanceof Error ? e : new Error(String(e)));
+    }
+  };
+  ws.on("message", onMessage);
+  ws.once("close", () => {
+    rejectFirstReady(new Error("peer WS closed before ready"));
   });
   sessionPromise.catch(() => {
   });
@@ -35781,13 +35902,21 @@ async function startPeer(opts) {
     ws,
     session: sessionPromise,
     sendInner: async (inner) => {
-      const s = await sessionPromise;
+      await sessionPromise;
+      const s = session;
       const sealed = await sealInnerFrame(s.sessionKey, opts.mcpId, s.nextOutboundSeq(), inner);
       ws.send(JSON.stringify(sealed));
     },
     onInner: (cb) => {
       innerListeners.push(cb);
     },
+    onRenegotiate: (cb) => {
+      renegotiateListeners.push(cb);
+    },
+    onPendingPair: (cb) => {
+      pendingPairListeners.push(cb);
+    },
+    pendingPairCode: () => pendingPairCode,
     close: () => ws.close()
   };
   return handle;
@@ -35844,6 +35973,32 @@ async function loadOrCreateIdentity(serverName, dir = defaultIdentityDir()) {
   return id;
 }
 
+// node_modules/@fetchproxy/server/dist/error-kind.js
+function classifyFetchError(error51) {
+  if (/Could not establish connection/i.test(error51) || /Receiving end does not exist/i.test(error51)) {
+    return "content_script_unreachable";
+  }
+  if (/^tab fetch failed:/.test(error51)) {
+    return "tab_fetch_failed";
+  }
+  if (/^fetch threw:/.test(error51)) {
+    return "tab_fetch_failed";
+  }
+  if (/^no tab matching /.test(error51)) {
+    return "no_tab";
+  }
+  if (/not in domains \[/.test(error51)) {
+    return "domain_denied";
+  }
+  if (/^capability .+ not granted/.test(error51)) {
+    return "capability_denied";
+  }
+  if (/^(request|response) body too large:/.test(error51)) {
+    return "body_too_large";
+  }
+  return "other";
+}
+
 // node_modules/@fetchproxy/server/dist/ws-server.js
 var FetchproxyProtocolError = class extends Error {
   constructor(message) {
@@ -35886,7 +36041,11 @@ function assertUrlInDomains(field, url2, domains) {
 }
 var DEFAULT_JSON_OK_STATUSES = [200, 201, 202, 204];
 var FetchproxyServer = class {
-  /** Set after `listen()` succeeds. Null while not listening. */
+  /**
+   * Bridge role. `null` until the first verb call (or an explicit
+   * `connect()`) — `listen()` no longer triggers the role election
+   * as of 0.5.3+. Reset to `null` on `close()`.
+   */
   role = null;
   opts;
   hostHandle = null;
@@ -35908,6 +36067,12 @@ var FetchproxyServer = class {
   pendingIdb = /* @__PURE__ */ new Map();
   mcpId = null;
   identity = null;
+  // 0.5.3+: in-flight role-election / handle-start promise. Set the
+  // first time a verb call runs `ensureConnected`, awaited by concurrent
+  // callers, cleared once the connection is up. Single source of truth
+  // for "we're connecting right now" so two parallel first-calls don't
+  // race the port bind.
+  connectingPromise = null;
   constructor(opts) {
     if (!Array.isArray(opts.domains) || opts.domains.length === 0) {
       throw new Error("FetchproxyServer: opts.domains must be a non-empty array of hostnames");
@@ -35959,23 +36124,87 @@ var FetchproxyServer = class {
     };
   }
   /**
-   * Start the WebSocket bridge. Loads the long-term identity keypair
-   * from disk (creating it on first call), elects the host-vs-peer
-   * role by attempting to bind the configured port, and stands up the
-   * matching handshake machinery. Idempotent only insofar as it leaves
-   * `role` non-null on success; calling `listen()` twice without an
-   * intervening `close()` is a programming error.
+   * Prepare the bridge for use. Loads the long-term identity keypair
+   * from disk (creating it on first call) and computes this instance's
+   * `mcpId`. Does NOT bind the bridge port or dial any WebSocket — the
+   * connection is established lazily on the first verb call (see
+   * `ensureConnected` / `getOrConnect`).
+   *
+   * Pre-0.5.3 behavior: `listen()` also did role election and started
+   * the host/peer immediately, which meant every configured-but-unused
+   * MCP claimed bridge resources at MCP-client boot. Several MCPs
+   * starting in parallel under Claude Desktop also produced noisy
+   * `ERR_CONNECTION_REFUSED` errors in the extension if it raced ahead
+   * of the first MCP's port bind. Deferring keeps boot quiet and
+   * leaves the port unowned until something actually needs it.
+   *
+   * Calling `listen()` twice without an intervening `close()` is a
+   * no-op (the second call's identity load is idempotent).
    */
   async listen() {
-    this.identity = await loadOrCreateIdentity(this.opts.serverName, this.opts.identityDir);
-    this.mcpId = generateMcpId(this.opts.serverName, this.opts.version);
+    if (!this.identity) {
+      this.identity = await loadOrCreateIdentity(this.opts.serverName, this.opts.identityDir);
+    }
+    if (!this.mcpId) {
+      this.mcpId = generateMcpId(this.opts.serverName, this.opts.version);
+    }
+  }
+  /**
+   * Force an eager bridge connection (role-election + host/peer handle
+   * start + listener wiring) without waiting for the first verb call.
+   * Useful for callers that want to surface the role / connection
+   * outcome at boot, or for tests whose harness dials a mock extension
+   * immediately after server construction. Production MCPs that just
+   * answer tool calls should NOT call this — the lazy connect via
+   * `ensureConnected` will do the right thing on first use, keeping
+   * boot cheap and avoiding port-bind contention for MCPs that never
+   * actually get invoked.
+   *
+   * Idempotent: a second call after the first has resolved is a no-op
+   * (the existing handle is reused). Throws if `listen()` was never
+   * called.
+   */
+  async connect() {
+    await this.ensureConnected();
+  }
+  /**
+   * Establish the bridge connection (role-election + host/peer handle
+   * start + listener wiring) the first time a verb is invoked.
+   * Idempotent after the connection is up; concurrent first-callers
+   * share the same in-flight promise so only one election happens.
+   *
+   * Throws if `listen()` was never called — the contract is that the
+   * MCP author still must wire `transport.start()` at boot to load
+   * identity / set mcpId, even though the WS doesn't open until a
+   * verb runs.
+   */
+  async ensureConnected() {
+    if (this.hostHandle || this.peerHandle)
+      return;
+    if (this.connectingPromise) {
+      await this.connectingPromise;
+      return;
+    }
+    if (!this.identity || !this.mcpId) {
+      throw new Error("FetchproxyServer: ensureConnected called before listen() \u2014 call listen() at MCP boot to load identity");
+    }
+    this.connectingPromise = this.doConnect();
+    try {
+      await this.connectingPromise;
+    } finally {
+      this.connectingPromise = null;
+    }
+  }
+  async doConnect() {
+    const identity = this.identity;
+    const mcpId = this.mcpId;
     const el = await electRole({ host: this.opts.host, port: this.opts.port });
     if (el.role === "host") {
       this.role = "host";
       this.hostHandle = await startHost({
         httpServer: el.server,
-        ownIdentity: this.identity,
-        ownMcpId: this.mcpId,
+        ownIdentity: identity,
+        ownMcpId: mcpId,
         ownServerName: this.opts.serverName,
         ownVersion: this.opts.version,
         ownDomains: this.opts.domains,
@@ -35990,13 +36219,17 @@ var FetchproxyServer = class {
         onPairCode: this.opts.onPairCode
       });
       this.hostHandle.onOwnInner((inner) => this.onInner(inner));
+      this.hostHandle.onExtensionDisconnect(() => this.rejectAllPending());
+      this.hostHandle.onPendingPair((code) => {
+        this.rejectAllPending(this.pairingErrorMessage(code));
+      });
     } else {
       this.role = "peer";
       this.peerHandle = await startPeer({
         host: this.opts.host,
         port: this.opts.port,
-        identity: this.identity,
-        mcpId: this.mcpId,
+        identity,
+        mcpId,
         serverName: this.opts.serverName,
         version: this.opts.version,
         domains: this.opts.domains,
@@ -36010,8 +36243,19 @@ var FetchproxyServer = class {
         sessionStoragePointers: this.opts.sessionStoragePointers
       });
       this.peerHandle.onInner((inner) => this.onInner(inner));
+      this.peerHandle.onRenegotiate(() => this.rejectAllPending());
+      this.peerHandle.onPendingPair((code) => {
+        this.rejectAllPending(this.pairingErrorMessage(code));
+      });
+      if (this.opts.onPairCode) {
+        const cb = this.opts.onPairCode;
+        this.peerHandle.onPendingPair((code) => cb(code));
+      }
     }
   }
+  pairingErrorMessage(code) {
+    return `fetchproxy: pairing required for ${this.opts.serverName} \u2014 open the fetchproxy extension popup in Chrome and approve the pair request. Verify the pair code matches: ${code}`;
+  }
   /**
    * Raw single-shot fetch through the bridge. Most callers should prefer
    * the verb shortcuts (`get` / `post` / `getJson` / `postJson` / `getHtml`)
@@ -36027,8 +36271,11 @@ var FetchproxyServer = class {
    * offline, etc.).
    */
   async fetch(init) {
-    if (!this.hostHandle && !this.peerHandle) {
-      throw new Error("FetchproxyServer.fetch called before listen() \u2014 not listening");
+    await this.ensureConnected();
+    const pendingCode = this.currentPendingPairCode();
+    if (pendingCode !== null) {
+      const error51 = this.pairingErrorMessage(pendingCode);
+      return { ok: false, error: error51, kind: classifyFetchError(error51) };
     }
     const id = this.nextRequestId++;
     const inner = { type: "request", id, op: "fetch", init };
@@ -36169,9 +36416,8 @@ var FetchproxyServer = class {
     if (!this.opts.capabilities.includes("read_cookies")) {
       throw new Error('FetchproxyServer.readCookies(): MCP did not declare "read_cookies" in capabilities \u2014 add it to FetchproxyServerOpts.capabilities to enable this verb');
     }
-    if (!this.hostHandle && !this.peerHandle) {
-      throw new Error("FetchproxyServer.readCookies called before listen() \u2014 not listening");
-    }
+    await this.ensureConnected();
+    this.throwIfPendingPair();
     if (opts.subdomain !== void 0)
       assertSubdomainLabel(opts.subdomain);
     const baseDomain = this.resolveBaseDomain(opts.domain);
@@ -36228,9 +36474,8 @@ var FetchproxyServer = class {
     if (!this.opts.capabilities.includes(op)) {
       throw new Error(`FetchproxyServer.${op === "read_local_storage" ? "readLocalStorage" : "readSessionStorage"}(): MCP did not declare ${JSON.stringify(op)} in capabilities`);
     }
-    if (!this.hostHandle && !this.peerHandle) {
-      throw new Error(`FetchproxyServer.${op} called before listen() \u2014 not listening`);
-    }
+    await this.ensureConnected();
+    this.throwIfPendingPair();
     if (!Array.isArray(opts.keys) || opts.keys.length === 0) {
       throw new Error(`FetchproxyServer.${op}: opts.keys must be a non-empty array`);
     }
@@ -36285,9 +36530,8 @@ var FetchproxyServer = class {
     if (!this.opts.capabilities.includes("capture_request_header")) {
       throw new Error('FetchproxyServer.captureRequestHeader(): MCP did not declare "capture_request_header" in capabilities');
     }
-    if (!this.hostHandle && !this.peerHandle) {
-      throw new Error("FetchproxyServer.captureRequestHeader called before listen() \u2014 not listening");
-    }
+    await this.ensureConnected();
+    this.throwIfPendingPair();
     const declared = this.opts.captureHeaders.find((d) => d.urlPattern === opts.urlPattern && d.headerName === opts.headerName);
     if (!declared) {
       throw new Error(`FetchproxyServer.captureRequestHeader: (urlPattern=${JSON.stringify(opts.urlPattern)}, headerName=${JSON.stringify(opts.headerName)}) not declared in captureHeaders`);
@@ -36328,9 +36572,8 @@ var FetchproxyServer = class {
     if (!this.opts.capabilities.includes("read_indexed_db")) {
       throw new Error('FetchproxyServer.readIndexedDb(): MCP did not declare "read_indexed_db" in capabilities');
     }
-    if (!this.hostHandle && !this.peerHandle) {
-      throw new Error("FetchproxyServer.readIndexedDb called before listen() \u2014 not listening");
-    }
+    await this.ensureConnected();
+    this.throwIfPendingPair();
     if (!Array.isArray(opts.keys) || opts.keys.length === 0) {
       throw new Error("FetchproxyServer.readIndexedDb: opts.keys must be a non-empty array");
     }
@@ -36408,10 +36651,11 @@ var FetchproxyServer = class {
         if (inner.op === void 0 || inner.op === "fetch") {
           fetchCb({ ok: true, status: inner.status, url: inner.url, body: inner.body });
         } else {
-          fetchCb({ ok: false, error: `unexpected ${inner.op} response on fetch awaiter` });
+          const error51 = `unexpected ${inner.op} response on fetch awaiter`;
+          fetchCb({ ok: false, error: error51, kind: classifyFetchError(error51) });
         }
       } else {
-        fetchCb({ ok: false, error: inner.error });
+        fetchCb({ ok: false, error: inner.error, kind: classifyFetchError(inner.error) });
       }
       return;
     }
@@ -36478,6 +36722,52 @@ var FetchproxyServer = class {
       }
     }
   }
+  rejectAllPending(reason = "extension disconnected") {
+    const err = new FetchproxyProtocolError(reason);
+    for (const cb of this.pending.values()) {
+      cb({ ok: false, error: err.message, kind: classifyFetchError(err.message) });
+    }
+    this.pending.clear();
+    for (const cb of this.pendingReadCookies.values()) {
+      cb({ ok: false, error: err.message });
+    }
+    this.pendingReadCookies.clear();
+    for (const { reject } of this.pendingStorage.values())
+      reject(err);
+    this.pendingStorage.clear();
+    for (const { reject } of this.pendingCapture.values())
+      reject(err);
+    this.pendingCapture.clear();
+    for (const { reject } of this.pendingIdb.values())
+      reject(err);
+    this.pendingIdb.clear();
+  }
+  /**
+   * 0.5.2+: read the current pair-pending pair code from whichever handle
+   * is active, returning null when none is pending. Public verbs call this
+   * at the top so that a tool invoked while the bridge is waiting on user
+   * approval fails fast with the actionable error rather than hanging on a
+   * sealed frame the extension will never process.
+   */
+  currentPendingPairCode() {
+    if (this.hostHandle)
+      return this.hostHandle.pendingPairCode();
+    if (this.peerHandle)
+      return this.peerHandle.pendingPairCode();
+    return null;
+  }
+  /**
+   * 0.5.2+: throw `FetchproxyProtocolError` with the actionable pair-code
+   * message if the bridge is waiting on user approval. Used by the verb
+   * methods (readCookies, readLocalStorage, etc.) that surface errors via
+   * thrown exceptions rather than `ok:false` discriminated unions.
+   */
+  throwIfPendingPair() {
+    const code = this.currentPendingPairCode();
+    if (code !== null) {
+      throw new FetchproxyProtocolError(this.pairingErrorMessage(code));
+    }
+  }
   /**
    * Shut down the bridge. Host: terminates the WebSocket server and any
    * still-attached extension/peer clients. Peer: closes the upstream
@@ -36485,6 +36775,10 @@ var FetchproxyServer = class {
    * twice in a row.
    */
   async close() {
+    this.rejectAllPending();
+    if (this.connectingPromise) {
+      await this.connectingPromise.catch(() => void 0);
+    }
     if (this.hostHandle)
       await this.hostHandle.close();
     if (this.peerHandle)
@@ -36492,6 +36786,7 @@ var FetchproxyServer = class {
     this.hostHandle = null;
     this.peerHandle = null;
     this.role = null;
+    this.connectingPromise = null;
   }
 };
 
@@ -36580,8 +36875,7 @@ async function bootstrap(opts) {
       for (const p of localStoragePointers) {
         pointers[p.outputKey] = { storageKey: p.storageKey, jsonPointer: p.jsonPointer };
       }
-      const stub = server2;
-      localStorage = await stub.readLocalStorage({
+      localStorage = await server2.readLocalStorage({
         keys: allKeys,
         ...storageDomainOpts,
         ...localStoragePointers.length > 0 ? { pointers } : {}
@@ -36594,8 +36888,7 @@ async function bootstrap(opts) {
       for (const p of sessionStoragePointers) {
         pointers[p.outputKey] = { storageKey: p.storageKey, jsonPointer: p.jsonPointer };
       }
-      const stub = server2;
-      sessionStorage = await stub.readSessionStorage({
+      sessionStorage = await server2.readSessionStorage({
         keys: allKeys,
         ...storageDomainOpts,
         ...sessionStoragePointers.length > 0 ? { pointers } : {}
@@ -36618,9 +36911,6 @@ async function bootstrap(opts) {
     }
     const indexedDbBucket = {};
     for (const d of indexedDb) {
-      if (!server2.readIndexedDb) {
-        throw new Error("bootstrap: server factory does not implement readIndexedDb (declared indexedDb but server stub omits it)");
-      }
       const values = await server2.readIndexedDb({
         database: d.database,
         store: d.store,
@@ -36733,7 +37023,7 @@ function loadAccount(env = process.env) {
 // package.json
 var package_default = {
   name: "signupgenius-mcp",
-  version: "1.0.3",
+  version: "1.0.7",
   mcpName: "io.github.chrischall/signupgenius-mcp",
   description: "SignUpGenius MCP server \u2014 read sign-ups, reports, and groups; add group members.",
   author: "Claude Code (AI) <https://www.anthropic.com/claude>",
@@ -36770,17 +37060,17 @@ var package_default = {
     "test:watch": "vitest"
   },
   dependencies: {
-    "@fetchproxy/bootstrap": "^0.4.2",
+    "@fetchproxy/bootstrap": "^0.6.0",
     "@modelcontextprotocol/sdk": "^1.29.0",
-    dotenv: "^17.4.0",
-    zod: "^4.3.6"
+    dotenv: "^17.4.2",
+    zod: "^4.4.3"
   },
   devDependencies: {
-    "@types/node": "^25.5.2",
-    "@vitest/coverage-v8": "^4.1.2",
+    "@types/node": "^25.9.1",
+    "@vitest/coverage-v8": "^4.1.7",
     esbuild: "^0.28.0",
-    typescript: "^6.0.2",
-    vitest: "^4.1.2"
+    typescript: "^6.0.3",
+    vitest: "^4.1.7"
   }
 };
 
@@ -37575,23 +37865,39 @@ function buildRsvpPayload(parts, info, input) {
   const adults = isNo ? 0 : input.adults ?? 1;
   const children = isNo ? 0 : input.children ?? 0;
   return {
-    type: "rsvp",
-    source: "main",
+    listid: info.id,
+    owner: info.owner,
     urlid: parts.urlid,
-    signupid: parts.signupid,
-    slotid: info.rsvpdetails.slotid,
-    rsvpresponse: letter,
-    rsvpadult: adults,
-    rsvpchildren: children,
+    title: info.title,
+    siid: "",
+    rsvpid: 0,
+    imid: 0,
+    usealternatename: false,
+    changemembermame: false,
+    displayfirstname: input.firstname,
+    displaylastname: input.lastname,
     firstname: input.firstname,
     lastname: input.lastname,
     email: input.email,
-    comment: input.comment ?? "",
+    optInStatus: false,
+    savecontactinfo: false,
+    rsvpresponse: letter,
+    rsvpadult: adults,
+    rsvpchildren: children,
+    rsvpitems: [],
+    rsvpcomments: input.comment ?? "",
+    type: "rsvp",
+    source: "main",
+    slotid: info.rsvpdetails.slotid,
     isLoggedin: true,
     payLater: false,
     customFields: []
   };
 }
+function isItemBasedRsvp(info) {
+  const items = info.rsvpdetails.rsvpitems;
+  return Array.isArray(items) && items.length > 0;
+}
 function registerRsvpTool(server2, client2) {
   if (client2.mode !== "session") return;
   server2.registerTool(
@@ -37615,6 +37921,12 @@ function registerRsvpTool(server2, client2) {
           `Sign-up ${parts.urlid} is not an RSVP-style sheet (useRSVP=${info.useRSVP}). This tool only handles Yes/No/Maybe responses. Slot-based sign-ups need a separate tool.`
         );
       }
+      if (isItemBasedRsvp(info)) {
+        const itemCount = info.rsvpdetails.rsvpitems.length;
+        throw new Error(
+          `Sign-up ${parts.urlid} is an item-based RSVP \u2014 guests must pick from ${itemCount} item slot(s) (e.g. "Yes, I'll bring lasagna"). This tool only handles the headcount-only RSVP variant. Use the SignUpGenius web UI for item-based responses until a dedicated tool ships.`
+        );
+      }
       const payload = buildRsvpPayload(parts, info, args);
       const result = await client2.request("", {
         legacyAction: "s.processSignUpFormHandler",
@@ -37632,7 +37944,7 @@ function registerRsvpTool(server2, client2) {
         response: args.response,
         adults: payload.rsvpadult,
         children: payload.rsvpchildren,
-        comment: payload.comment,
+        comment: payload.rsvpcomments,
         server: result.data
       });
     }
@@ -37662,7 +37974,7 @@ var client = new SignUpGeniusClient(account, {
   configError: configError ?? void 0,
   preloaded
 });
-var server = new McpServer({ name: "signupgenius", version: "1.0.3" });
+var server = new McpServer({ name: "signupgenius", version: "1.0.7" });
 registerUserTools(server, client);
 registerGroupTools(server, client);
 registerSignUpTools(server, client);

package/dist/index.js

@@ -43,7 +43,7 @@ const client = new SignUpGeniusClient(account, {
     configError: configError ?? undefined,
     preloaded,
 });
-const server = new McpServer({ name: 'signupgenius', version: '1.0.3' });
+const server = new McpServer({ name: 'signupgenius', version: '1.0.7' }); // x-release-please-version
 registerUserTools(server, client);
 registerGroupTools(server, client);
 registerSignUpTools(server, client);

package/dist/tools/rsvp.js

@@ -43,23 +43,46 @@ export function buildRsvpPayload(parts, info, input) {
     const adults = isNo ? 0 : input.adults ?? 1;
     const children = isNo ? 0 : input.children ?? 0;
     return {
-        type: 'rsvp',
-        source: 'main',
+        listid: info.id,
+        owner: info.owner,
         urlid: parts.urlid,
-        signupid: parts.signupid,
-        slotid: info.rsvpdetails.slotid,
-        rsvpresponse: letter,
-        rsvpadult: adults,
-        rsvpchildren: children,
+        title: info.title,
+        siid: '',
+        rsvpid: 0,
+        imid: 0,
+        usealternatename: false,
+        changemembermame: false,
+        displayfirstname: input.firstname,
+        displaylastname: input.lastname,
         firstname: input.firstname,
         lastname: input.lastname,
         email: input.email,
-        comment: input.comment ?? '',
+        optInStatus: false,
+        savecontactinfo: false,
+        rsvpresponse: letter,
+        rsvpadult: adults,
+        rsvpchildren: children,
+        rsvpitems: [],
+        rsvpcomments: input.comment ?? '',
+        type: 'rsvp',
+        source: 'main',
+        slotid: info.rsvpdetails.slotid,
         isLoggedin: true,
         payLater: false,
         customFields: [],
     };
 }
+/**
+ * True when `getSignupInfo` reports per-item slots on an RSVP-style sheet
+ * (e.g. "Yes, I'll bring lasagna"). Headcount-only RSVPs leave `rsvpitems`
+ * empty or unset. We only handle the headcount variant — the item variant
+ * needs a separate input surface (per-slot quantities + comments) that this
+ * tool doesn't expose.
+ */
+export function isItemBasedRsvp(info) {
+    const items = info.rsvpdetails.rsvpitems;
+    return Array.isArray(items) && items.length > 0;
+}
 export function registerRsvpTool(server, client) {
     // Key mode doesn't have the cookie/JWT surface this flow needs, and the
     // documented Pro API has no equivalent. Skip registration entirely so the
@@ -88,6 +111,15 @@ export function registerRsvpTool(server, client) {
             throw new Error(`Sign-up ${parts.urlid} is not an RSVP-style sheet (useRSVP=${info.useRSVP}). ` +
                 'This tool only handles Yes/No/Maybe responses. Slot-based sign-ups need a separate tool.');
         }
+        if (isItemBasedRsvp(info)) {
+            // Length is safe to read because isItemBasedRsvp confirmed the array.
+            const itemCount = info.rsvpdetails.rsvpitems.length;
+            throw new Error(`Sign-up ${parts.urlid} is an item-based RSVP — guests must pick from ` +
+                `${itemCount} item slot(s) ` +
+                "(e.g. \"Yes, I'll bring lasagna\"). This tool only handles the " +
+                'headcount-only RSVP variant. Use the SignUpGenius web UI for ' +
+                'item-based responses until a dedicated tool ships.');
+        }
         const payload = buildRsvpPayload(parts, info, args);
         const result = await client.request('', {
             legacyAction: 's.processSignUpFormHandler',
@@ -105,7 +137,7 @@ export function registerRsvpTool(server, client) {
             response: args.response,
             adults: payload.rsvpadult,
             children: payload.rsvpchildren,
-            comment: payload.comment,
+            comment: payload.rsvpcomments,
             server: result.data,
         });
     });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "signupgenius-mcp",
-  "version": "1.0.3",
+  "version": "1.0.7",
   "mcpName": "io.github.chrischall/signupgenius-mcp",
   "description": "SignUpGenius MCP server — read sign-ups, reports, and groups; add group members.",
   "author": "Claude Code (AI) <https://www.anthropic.com/claude>",
@@ -37,16 +37,16 @@
     "test:watch": "vitest"
   },
   "dependencies": {
-    "@fetchproxy/bootstrap": "^0.4.2",
+    "@fetchproxy/bootstrap": "^0.6.0",
     "@modelcontextprotocol/sdk": "^1.29.0",
-    "dotenv": "^17.4.0",
-    "zod": "^4.3.6"
+    "dotenv": "^17.4.2",
+    "zod": "^4.4.3"
   },
   "devDependencies": {
-    "@types/node": "^25.5.2",
-    "@vitest/coverage-v8": "^4.1.2",
+    "@types/node": "^25.9.1",
+    "@vitest/coverage-v8": "^4.1.7",
     "esbuild": "^0.28.0",
-    "typescript": "^6.0.2",
-    "vitest": "^4.1.2"
+    "typescript": "^6.0.3",
+    "vitest": "^4.1.7"
   }
 }

package/server.json

@@ -6,12 +6,12 @@
     "url": "https://github.com/chrischall/signupgenius-mcp",
     "source": "github"
   },
-  "version": "1.0.3",
+  "version": "1.0.7",
   "packages": [
     {
       "registryType": "npm",
       "identifier": "signupgenius-mcp",
-      "version": "1.0.3",
+      "version": "1.0.7",
       "transport": {
         "type": "stdio"
       },