@aaronsb/google-workspace-mcp 2.0.0-alpha.4

package/build/factory/patches.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Patch registry — collects all per-service patches.
+ * Import this to get the complete patch map for the generator.
+ */
+import type { ServicePatch } from './types.js';
+export declare const patches: Record<string, ServicePatch>;

package/build/factory/patches.js

@@ -0,0 +1,13 @@
+/**
+ * Patch registry — collects all per-service patches.
+ * Import this to get the complete patch map for the generator.
+ */
+import { gmailPatch } from '../services/gmail/patch.js';
+import { calendarPatch } from '../services/calendar/patch.js';
+import { drivePatch } from '../services/drive/patch.js';
+export const patches = {
+    gmail: gmailPatch,
+    calendar: calendarPatch,
+    drive: drivePatch,
+};
+//# sourceMappingURL=patches.js.map

package/build/factory/patches.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"patches.js","sourceRoot":"","sources":["../../src/factory/patches.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,4BAA4B,CAAC;AACxD,OAAO,EAAE,aAAa,EAAE,MAAM,+BAA+B,CAAC;AAC9D,OAAO,EAAE,UAAU,EAAE,MAAM,4BAA4B,CAAC;AAGxD,MAAM,CAAC,MAAM,OAAO,GAAiC;IACnD,KAAK,EAAE,UAAU;IACjB,QAAQ,EAAE,aAAa;IACvB,KAAK,EAAE,UAAU;CAClB,CAAC"}

package/build/factory/registry.d.ts

@@ -0,0 +1,12 @@
+/**
+ * Shared factory registry — single instance of manifest + generated tools.
+ * Both handler.ts and tools.ts import from here instead of loading independently.
+ *
+ * This module uses import.meta.url (ESM only) to resolve manifest.yaml
+ * relative to the built output, which works when running via npx or mcpb
+ * where cwd is NOT the project root.
+ */
+import type { GeneratedTool } from './types.js';
+import type { Manifest } from './types.js';
+export declare const manifest: Manifest;
+export declare const generatedTools: GeneratedTool[];

package/build/factory/registry.js

@@ -0,0 +1,18 @@
+/**
+ * Shared factory registry — single instance of manifest + generated tools.
+ * Both handler.ts and tools.ts import from here instead of loading independently.
+ *
+ * This module uses import.meta.url (ESM only) to resolve manifest.yaml
+ * relative to the built output, which works when running via npx or mcpb
+ * where cwd is NOT the project root.
+ */
+import { dirname } from 'node:path';
+import { fileURLToPath } from 'node:url';
+import { setModuleDir, loadManifest, generateTools } from './generator.js';
+import { patches } from './patches.js';
+// Inject module directory so loadManifest can find manifest.yaml
+// relative to the built output (build/factory/registry.js → build/factory/manifest.yaml)
+setModuleDir(dirname(fileURLToPath(import.meta.url)));
+export const manifest = loadManifest();
+export const generatedTools = generateTools(manifest, patches);
+//# sourceMappingURL=registry.js.map

package/build/factory/registry.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"registry.js","sourceRoot":"","sources":["../../src/factory/registry.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAC3E,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AAIvC,iEAAiE;AACjE,yFAAyF;AACzF,YAAY,CAAC,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;AAEtD,MAAM,CAAC,MAAM,QAAQ,GAAa,YAAY,EAAE,CAAC;AACjD,MAAM,CAAC,MAAM,cAAc,GAAoB,aAAa,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC"}

package/build/factory/safety.d.ts

@@ -0,0 +1,68 @@
+/**
+ * Safety policies — interceptors for destructive or sensitive operations.
+ *
+ * These run as beforeExecute hooks in the factory pipeline, before any
+ * service-specific patches. They provide a cross-service safety layer
+ * that can:
+ *
+ * - Block operations entirely (throw)
+ * - Downgrade operations (send → draft)
+ * - Require confirmation context (params that prove intent)
+ * - Log/audit destructive actions
+ *
+ * Policies are composable — multiple can apply to the same operation.
+ * They're configured per-deployment, not per-service.
+ *
+ * Example use cases:
+ * - "Draft-only mode" — agents can read email but not send
+ * - "No-delete mode" — prevent permanent deletion across all services
+ * - "Audit mode" — log all write operations to stderr
+ */
+import type { PatchContext } from './types.js';
+/** Policy decision: what to do with an intercepted operation. */
+export type PolicyAction = 'allow' | 'block' | 'downgrade';
+/** Result of a policy check. */
+export interface PolicyResult {
+    action: PolicyAction;
+    reason?: string;
+    /** For 'downgrade': replacement args to use instead. */
+    replacementArgs?: string[];
+}
+/** A safety policy that evaluates an operation before execution. */
+export interface SafetyPolicy {
+    name: string;
+    description: string;
+    /** Which service.operation combinations this policy applies to. */
+    applies: (service: string, operation: string) => boolean;
+    /** Evaluate the operation and return a policy decision. */
+    evaluate: (args: string[], ctx: PatchContext, service: string) => PolicyResult;
+}
+/**
+ * Draft-only email policy — blocks send/reply/forward, allows everything else.
+ * Agents can read, search, triage, and label emails but cannot send on behalf of the user.
+ */
+export declare const draftOnlyEmail: SafetyPolicy;
+/**
+ * No-delete policy — blocks permanent deletion across all services.
+ * Trash is allowed (reversible), but delete is blocked (permanent).
+ */
+export declare const noDelete: SafetyPolicy;
+/**
+ * Read-only policy — blocks all write operations across all services.
+ * Only list, get, search, and read operations are allowed.
+ */
+export declare const readOnly: SafetyPolicy;
+/**
+ * Audit policy — allows everything but logs destructive operations to stderr.
+ * Useful for monitoring what an agent does without blocking it.
+ */
+export declare const auditLog: SafetyPolicy;
+/** Set the active safety policies. */
+export declare function configurePolicies(policies: SafetyPolicy[]): void;
+/** Get the active policies (defensive copy). */
+export declare function getActivePolicies(): SafetyPolicy[];
+/**
+ * Run all active policies against an operation.
+ * First block wins. Returns the most restrictive result.
+ */
+export declare function evaluatePolicies(args: string[], ctx: PatchContext, service: string): PolicyResult;

package/build/factory/safety.js

@@ -0,0 +1,157 @@
+/**
+ * Safety policies — interceptors for destructive or sensitive operations.
+ *
+ * These run as beforeExecute hooks in the factory pipeline, before any
+ * service-specific patches. They provide a cross-service safety layer
+ * that can:
+ *
+ * - Block operations entirely (throw)
+ * - Downgrade operations (send → draft)
+ * - Require confirmation context (params that prove intent)
+ * - Log/audit destructive actions
+ *
+ * Policies are composable — multiple can apply to the same operation.
+ * They're configured per-deployment, not per-service.
+ *
+ * Example use cases:
+ * - "Draft-only mode" — agents can read email but not send
+ * - "No-delete mode" — prevent permanent deletion across all services
+ * - "Audit mode" — log all write operations to stderr
+ */
+// ── Built-in policies ────────────────────────────────────────────────
+/**
+ * Draft-only email policy — blocks send/reply/forward, allows everything else.
+ * Agents can read, search, triage, and label emails but cannot send on behalf of the user.
+ */
+export const draftOnlyEmail = {
+    name: 'draft-only-email',
+    description: 'Block outbound email — agents can read but not send',
+    applies: (service) => service === 'gmail',
+    evaluate: (_args, ctx) => {
+        const blocked = ['send', 'reply', 'replyAll', 'forward'];
+        if (blocked.includes(ctx.operation)) {
+            return {
+                action: 'block',
+                reason: `Operation '${ctx.operation}' is blocked by draft-only email policy. ` +
+                    `The agent can read, search, and triage emails but cannot send on behalf of the user.`,
+            };
+        }
+        return { action: 'allow' };
+    },
+};
+/**
+ * No-delete policy — blocks permanent deletion across all services.
+ * Trash is allowed (reversible), but delete is blocked (permanent).
+ */
+export const noDelete = {
+    name: 'no-delete',
+    description: 'Block permanent deletion — trash is allowed, delete is not',
+    applies: () => true,
+    evaluate: (_args, ctx, service) => {
+        // Drive delete is permanent (no trash via this operation)
+        // Task/tasklist delete is permanent
+        // Calendar delete is permanent
+        const permanentDeletes = {
+            gmail: [], // 'trash' is reversible, which is fine
+            calendar: ['delete'],
+            drive: ['delete'],
+            tasks: ['delete', 'deleteTaskList'],
+            docs: [],
+            sheets: [],
+        };
+        const blocked = permanentDeletes[service] ?? [];
+        if (blocked.includes(ctx.operation)) {
+            return {
+                action: 'block',
+                reason: `Operation '${ctx.operation}' on ${service} is blocked by no-delete policy. ` +
+                    `This operation permanently destroys data. Use trash/archive instead where available.`,
+            };
+        }
+        return { action: 'allow' };
+    },
+};
+/**
+ * Classify an operation as read-only by name pattern.
+ * Uses prefix/name matching so new operations are automatically classified
+ * without maintaining a hardcoded list.
+ */
+function isReadOperation(operation) {
+    const op = operation.toLowerCase();
+    // Prefix patterns: get*, list*, search*
+    if (op.startsWith('get') || op.startsWith('list') || op.startsWith('search'))
+        return true;
+    // Exact read-only names
+    const readOps = ['read', 'triage', 'labels', 'threads', 'agenda', 'calendars', 'freebusy'];
+    return readOps.includes(op);
+}
+/**
+ * Read-only policy — blocks all write operations across all services.
+ * Only list, get, search, and read operations are allowed.
+ */
+export const readOnly = {
+    name: 'read-only',
+    description: 'Block all write operations — observation only',
+    applies: () => true,
+    evaluate: (_args, ctx) => {
+        if (!isReadOperation(ctx.operation)) {
+            return {
+                action: 'block',
+                reason: `Operation '${ctx.operation}' is blocked by read-only policy. ` +
+                    `Only search, list, read, and get operations are allowed.`,
+            };
+        }
+        return { action: 'allow' };
+    },
+};
+/**
+ * Audit policy — allows everything but logs destructive operations to stderr.
+ * Useful for monitoring what an agent does without blocking it.
+ */
+export const auditLog = {
+    name: 'audit-log',
+    description: 'Log all write operations to stderr — no blocking',
+    applies: () => true,
+    evaluate: (_args, ctx, service) => {
+        if (!isReadOperation(ctx.operation)) {
+            process.stderr.write(`[gws-mcp] AUDIT: ${service}.${ctx.operation} account=${ctx.account} ` +
+                `args=${JSON.stringify(ctx.params)}\n`);
+        }
+        return { action: 'allow' };
+    },
+};
+// ── Policy engine ────────────────────────────────────────────────────
+/** Active policies — configured at startup. */
+let activePolicies = [];
+/** Set the active safety policies. */
+export function configurePolicies(policies) {
+    activePolicies = policies;
+    if (policies.length > 0) {
+        process.stderr.write(`[gws-mcp] safety: ${policies.length} policy(ies) active: ` +
+            `${policies.map(p => p.name).join(', ')}\n`);
+    }
+}
+/** Get the active policies (defensive copy). */
+export function getActivePolicies() {
+    return [...activePolicies];
+}
+/**
+ * Run all active policies against an operation.
+ * First block wins. Returns the most restrictive result.
+ */
+export function evaluatePolicies(args, ctx, service) {
+    for (const policy of activePolicies) {
+        if (!policy.applies(service, ctx.operation))
+            continue;
+        const result = policy.evaluate(args, ctx, service);
+        if (result.action === 'block') {
+            process.stderr.write(`[gws-mcp] safety: BLOCKED ${service}.${ctx.operation} by ${policy.name}: ${result.reason}\n`);
+            return result;
+        }
+        if (result.action === 'downgrade' && result.replacementArgs) {
+            process.stderr.write(`[gws-mcp] safety: DOWNGRADED ${service}.${ctx.operation} by ${policy.name}: ${result.reason}\n`);
+            return result;
+        }
+    }
+    return { action: 'allow' };
+}
+//# sourceMappingURL=safety.js.map

package/build/factory/safety.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"safety.js","sourceRoot":"","sources":["../../src/factory/safety.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAyBH,wEAAwE;AAExE;;;GAGG;AACH,MAAM,CAAC,MAAM,cAAc,GAAiB;IAC1C,IAAI,EAAE,kBAAkB;IACxB,WAAW,EAAE,qDAAqD;IAClE,OAAO,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,KAAK,OAAO;IACzC,QAAQ,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE;QACvB,MAAM,OAAO,GAAG,CAAC,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,SAAS,CAAC,CAAC;QACzD,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;YACpC,OAAO;gBACL,MAAM,EAAE,OAAO;gBACf,MAAM,EAAE,cAAc,GAAG,CAAC,SAAS,2CAA2C;oBAC5E,sFAAsF;aACzF,CAAC;QACJ,CAAC;QACD,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;IAC7B,CAAC;CACF,CAAC;AAEF;;;GAGG;AACH,MAAM,CAAC,MAAM,QAAQ,GAAiB;IACpC,IAAI,EAAE,WAAW;IACjB,WAAW,EAAE,4DAA4D;IACzE,OAAO,EAAE,GAAG,EAAE,CAAC,IAAI;IACnB,QAAQ,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE,OAAO,EAAE,EAAE;QAChC,0DAA0D;QAC1D,oCAAoC;QACpC,+BAA+B;QAC/B,MAAM,gBAAgB,GAA6B;YACjD,KAAK,EAAE,EAAE,EAAW,uCAAuC;YAC3D,QAAQ,EAAE,CAAC,QAAQ,CAAC;YACpB,KAAK,EAAE,CAAC,QAAQ,CAAC;YACjB,KAAK,EAAE,CAAC,QAAQ,EAAE,gBAAgB,CAAC;YACnC,IAAI,EAAE,EAAE;YACR,MAAM,EAAE,EAAE;SACX,CAAC;QAEF,MAAM,OAAO,GAAG,gBAAgB,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;QAChD,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;YACpC,OAAO;gBACL,MAAM,EAAE,OAAO;gBACf,MAAM,EAAE,cAAc,GAAG,CAAC,SAAS,QAAQ,OAAO,mCAAmC;oBACnF,sFAAsF;aACzF,CAAC;QACJ,CAAC;QACD,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;IAC7B,CAAC;CACF,CAAC;AAEF;;;;GAIG;AACH,SAAS,eAAe,CAAC,SAAiB;IACxC,MAAM,EAAE,GAAG,SAAS,CAAC,WAAW,EAAE,CAAC;IACnC,wCAAwC;IACxC,IAAI,EAAE,CAAC,UAAU,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC;QAAE,OAAO,IAAI,CAAC;IAC1F,wBAAwB;IACxB,MAAM,OAAO,GAAG,CAAC,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,WAAW,EAAE,UAAU,CAAC,CAAC;IAC3F,OAAO,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;AAC9B,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,MAAM,QAAQ,GAAiB;IACpC,IAAI,EAAE,WAAW;IACjB,WAAW,EAAE,+CAA+C;IAC5D,OAAO,EAAE,GAAG,EAAE,CAAC,IAAI;IACnB,QAAQ,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE;QACvB,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;YACpC,OAAO;gBACL,MAAM,EAAE,OAAO;gBACf,MAAM,EAAE,cAAc,GAAG,CAAC,SAAS,oCAAoC;oBACrE,0DAA0D;aAC7D,CAAC;QACJ,CAAC;QACD,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;IAC7B,CAAC;CACF,CAAC;AAEF;;;GAGG;AACH,MAAM,CAAC,MAAM,QAAQ,GAAiB;IACpC,IAAI,EAAE,WAAW;IACjB,WAAW,EAAE,kDAAkD;IAC/D,OAAO,EAAE,GAAG,EAAE,CAAC,IAAI;IACnB,QAAQ,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE,OAAO,EAAE,EAAE;QAChC,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;YACpC,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,oBAAoB,OAAO,IAAI,GAAG,CAAC,SAAS,YAAY,GAAG,CAAC,OAAO,GAAG;gBACtE,QAAQ,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,CACvC,CAAC;QACJ,CAAC;QACD,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;IAC7B,CAAC;CACF,CAAC;AAEF,wEAAwE;AAExE,+CAA+C;AAC/C,IAAI,cAAc,GAAmB,EAAE,CAAC;AAExC,sCAAsC;AACtC,MAAM,UAAU,iBAAiB,CAAC,QAAwB;IACxD,cAAc,GAAG,QAAQ,CAAC;IAC1B,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,qBAAqB,QAAQ,CAAC,MAAM,uBAAuB;YAC3D,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAC5C,CAAC;IACJ,CAAC;AACH,CAAC;AAED,gDAAgD;AAChD,MAAM,UAAU,iBAAiB;IAC/B,OAAO,CAAC,GAAG,cAAc,CAAC,CAAC;AAC7B,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,gBAAgB,CAC9B,IAAc,EACd,GAAiB,EACjB,OAAe;IAEf,KAAK,MAAM,MAAM,IAAI,cAAc,EAAE,CAAC;QACpC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,OAAO,EAAE,GAAG,CAAC,SAAS,CAAC;YAAE,SAAS;QAEtD,MAAM,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;QACnD,IAAI,MAAM,CAAC,MAAM,KAAK,OAAO,EAAE,CAAC;YAC9B,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,6BAA6B,OAAO,IAAI,GAAG,CAAC,SAAS,OAAO,MAAM,CAAC,IAAI,KAAK,MAAM,CAAC,MAAM,IAAI,CAC9F,CAAC;YACF,OAAO,MAAM,CAAC;QAChB,CAAC;QACD,IAAI,MAAM,CAAC,MAAM,KAAK,WAAW,IAAI,MAAM,CAAC,eAAe,EAAE,CAAC;YAC5D,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,gCAAgC,OAAO,IAAI,GAAG,CAAC,SAAS,OAAO,MAAM,CAAC,IAAI,KAAK,MAAM,CAAC,MAAM,IAAI,CACjG,CAAC;YACF,OAAO,MAAM,CAAC;QAChB,CAAC;IACH,CAAC;IACD,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;AAC7B,CAAC"}

package/build/factory/types.d.ts

@@ -0,0 +1,102 @@
+/**
+ * Factory type system — defines the manifest schema, patch hooks,
+ * and generated tool shapes for the service factory (ADR-300).
+ */
+import type { HandlerResponse } from '../server/formatting/markdown.js';
+/** Parameter definition in the manifest. */
+export interface ParamDef {
+    type: 'string' | 'number' | 'boolean';
+    description: string;
+    required?: boolean;
+    default?: string | number | boolean;
+    max?: number;
+    /** Maps this param name to a different key in the gws --params JSON. */
+    maps_to?: string;
+    enum?: string[];
+}
+/** Hydration config — fetch detail for each item in a list result. */
+export interface HydrationDef {
+    /** gws resource path for the detail call (e.g. "users.messages.get"). */
+    resource: string;
+    /** Format parameter passed to the detail call. */
+    format?: string;
+    /** Headers to extract from payload (gmail-specific). */
+    headers?: string[];
+}
+/** A single operation within a service. */
+export interface OperationDef {
+    /** Categorizes the operation for default formatting. */
+    type: 'list' | 'detail' | 'action';
+    description: string;
+    /** gws resource path (e.g. "users.messages.list"). */
+    resource?: string;
+    /** gws helper shorthand (e.g. "+triage", "+send"). */
+    helper?: string;
+    /** Named parameters the caller can provide. */
+    params?: Record<string, ParamDef>;
+    /** Default values merged into the gws --params JSON. */
+    defaults?: Record<string, unknown>;
+    /** Post-fetch hydration (list operations only). */
+    hydration?: HydrationDef;
+    /** Fields to extract from the gws response for the result. */
+    fields?: string;
+    /** CLI-style args instead of --params JSON (for helpers). */
+    cli_args?: Record<string, string>;
+}
+/** A service declaration in the manifest. */
+export interface ServiceDef {
+    tool_name: string;
+    description: string;
+    /** Whether this service requires an email account param. */
+    requires_email: boolean;
+    /** The gws service name (e.g. "gmail", "calendar", "drive"). */
+    gws_service: string;
+    operations: Record<string, OperationDef>;
+}
+/** Top-level manifest shape. */
+export interface Manifest {
+    services: Record<string, ServiceDef>;
+}
+/** Context passed to patch hooks. */
+export interface PatchContext {
+    operation: string;
+    params: Record<string, unknown>;
+    account: string;
+}
+/** A patch hook that runs after arg construction, before gws execution. */
+export type BeforeExecuteHook = (args: string[], ctx: PatchContext) => Promise<string[]> | string[];
+/** A patch hook that runs after gws returns, before formatting. */
+export type AfterExecuteHook = (result: unknown, ctx: PatchContext) => Promise<unknown> | unknown;
+/** A formatter override for a specific operation type. */
+export type FormatHook = (data: unknown, ctx: PatchContext) => HandlerResponse;
+/** A next-steps override. */
+export type NextStepsHook = (operation: string, context: Record<string, string>) => string;
+/** Custom handler that completely replaces the factory for an operation. */
+export type CustomHandler = (params: Record<string, unknown>, account: string) => Promise<HandlerResponse>;
+/** Per-service patch — all hooks are optional. */
+export interface ServicePatch {
+    /** Hooks keyed by operation name. */
+    beforeExecute?: Record<string, BeforeExecuteHook>;
+    afterExecute?: Record<string, AfterExecuteHook>;
+    /** Override formatting for list/detail/action response types. */
+    formatList?: FormatHook;
+    formatDetail?: FormatHook;
+    formatAction?: FormatHook;
+    /** Override next-steps generation. */
+    nextSteps?: NextStepsHook;
+    /** Completely custom handlers for operations that don't fit the factory pattern. */
+    customHandlers?: Record<string, CustomHandler>;
+}
+/** The tool schema exposed to MCP clients. */
+export interface GeneratedToolSchema {
+    name: string;
+    description: string;
+    inputSchema: Record<string, unknown>;
+}
+/** A generated handler function. */
+export type GeneratedHandler = (params: Record<string, unknown>) => Promise<HandlerResponse>;
+/** Complete generated tool — schema + handler, ready to register. */
+export interface GeneratedTool {
+    schema: GeneratedToolSchema;
+    handler: GeneratedHandler;
+}

package/build/factory/types.js

@@ -0,0 +1,6 @@
+/**
+ * Factory type system — defines the manifest schema, patch hooks,
+ * and generated tool shapes for the service factory (ADR-300).
+ */
+export {};
+//# sourceMappingURL=types.js.map

package/build/factory/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/factory/types.ts"],"names":[],"mappings":"AAAA;;;GAGG"}

package/build/factory/yaml.d.ts

@@ -0,0 +1,2 @@
+/** Re-export yaml parse to keep the import path internal. */
+export { parse } from 'yaml';

package/build/factory/yaml.js

@@ -0,0 +1,3 @@
+/** Re-export yaml parse to keep the import path internal. */
+export { parse } from 'yaml';
+//# sourceMappingURL=yaml.js.map

package/build/factory/yaml.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"yaml.js","sourceRoot":"","sources":["../../src/factory/yaml.ts"],"names":[],"mappings":"AAAA,6DAA6D;AAC7D,OAAO,EAAE,KAAK,EAAE,MAAM,MAAM,CAAC"}

package/build/index.d.ts

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+export {};

package/build/index.js

@@ -0,0 +1,14 @@
+#!/usr/bin/env node
+import { startServer } from './server/server.js';
+// Prevent unhandled rejections from crashing the server
+process.on('unhandledRejection', (reason) => {
+    process.stderr.write(`[gws-mcp] unhandled rejection: ${reason}\n`);
+});
+process.on('uncaughtException', (err) => {
+    process.stderr.write(`[gws-mcp] uncaught exception: ${err.message}\n${err.stack}\n`);
+});
+startServer().catch((err) => {
+    process.stderr.write(`[gws-mcp] fatal: ${err.message}\n`);
+    process.exit(1);
+});
+//# sourceMappingURL=index.js.map

package/build/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAEjD,wDAAwD;AACxD,OAAO,CAAC,EAAE,CAAC,oBAAoB,EAAE,CAAC,MAAM,EAAE,EAAE;IAC1C,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,kCAAkC,MAAM,IAAI,CAAC,CAAC;AACrE,CAAC,CAAC,CAAC;AAEH,OAAO,CAAC,EAAE,CAAC,mBAAmB,EAAE,CAAC,GAAG,EAAE,EAAE;IACtC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,iCAAiC,GAAG,CAAC,OAAO,KAAK,GAAG,CAAC,KAAK,IAAI,CAAC,CAAC;AACvF,CAAC,CAAC,CAAC;AAEH,WAAW,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;IAC1B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,oBAAoB,GAAG,CAAC,OAAO,IAAI,CAAC,CAAC;IAC1D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}

package/build/server/formatting/markdown.d.ts

@@ -0,0 +1,21 @@
+/**
+ * Response formatters — shape raw gws JSON into token-efficient
+ * markdown for AI consumption.
+ *
+ * Design:
+ * - Lists are compact and scannable (pipe-delimited, IDs included)
+ * - Detail views are natural prose an agent can relay to a user
+ * - Each formatter returns { text, refs } where refs are the
+ *   structured values queue $N.field resolution needs
+ */
+/** Shared response shape — markdown text for agents, structured refs for queue $N.field. */
+export interface HandlerResponse {
+    text: string;
+    refs: Record<string, unknown>;
+}
+export declare function formatEmailList(data: unknown): HandlerResponse;
+export declare function formatEmailDetail(data: unknown): HandlerResponse;
+export declare function formatEventList(data: unknown): HandlerResponse;
+export declare function formatEventDetail(data: unknown): HandlerResponse;
+export declare function formatFileList(data: unknown): HandlerResponse;
+export declare function formatFileDetail(data: unknown): HandlerResponse;