@agent-native/core 0.20.9 → 0.22.0

package/dist/mcp/oauth-token.d.ts

@@ -0,0 +1,28 @@
+export declare const MCP_OAUTH_SCOPES: readonly ["mcp:read", "mcp:write", "mcp:apps"];
+export declare const MCP_OAUTH_DEFAULT_SCOPE: string;
+export interface McpOAuthAccessTokenClaims {
+    sub: string;
+    org_domain?: string;
+    scope: string;
+    client_id: string;
+    resource: string;
+    typ: "agent-native-mcp-oauth";
+}
+export declare function normalizeOAuthScope(input: unknown): string | null;
+export declare function scopeList(scope: string | undefined): string[];
+export declare function hasMcpOAuthScope(scopes: string[] | undefined, scope: (typeof MCP_OAUTH_SCOPES)[number]): boolean;
+export declare function signMcpOAuthAccessToken(params: {
+    ownerEmail: string;
+    orgDomain?: string | null;
+    clientId: string;
+    scope: string;
+    resource: string;
+    issuer: string;
+}): Promise<string>;
+export declare function verifyMcpOAuthAccessToken(token: string, resource: string | undefined): Promise<{
+    userEmail: string;
+    orgDomain?: string;
+    scopes: string[];
+    clientId: string;
+} | null>;
+//# sourceMappingURL=oauth-token.d.ts.map

package/dist/mcp/oauth-token.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth-token.d.ts","sourceRoot":"","sources":["../../src/mcp/oauth-token.ts"],"names":[],"mappings":"AAKA,eAAO,MAAM,gBAAgB,gDAAiD,CAAC;AAE/E,eAAO,MAAM,uBAAuB,QAA6B,CAAC;AAElE,MAAM,WAAW,yBAAyB;IACxC,GAAG,EAAE,MAAM,CAAC;IACZ,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,GAAG,EAAE,wBAAwB,CAAC;CAC/B;AAMD,wBAAgB,mBAAmB,CAAC,KAAK,EAAE,OAAO,GAAG,MAAM,GAAG,IAAI,CAYjE;AAED,wBAAgB,SAAS,CAAC,KAAK,EAAE,MAAM,GAAG,SAAS,GAAG,MAAM,EAAE,CAK7D;AAED,wBAAgB,gBAAgB,CAC9B,MAAM,EAAE,MAAM,EAAE,GAAG,SAAS,EAC5B,KAAK,EAAE,CAAC,OAAO,gBAAgB,CAAC,CAAC,MAAM,CAAC,GACvC,OAAO,CAGT;AAED,wBAAsB,uBAAuB,CAAC,MAAM,EAAE;IACpD,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;CAChB,GAAG,OAAO,CAAC,MAAM,CAAC,CAgBlB;AAED,wBAAsB,yBAAyB,CAC7C,KAAK,EAAE,MAAM,EACb,QAAQ,EAAE,MAAM,GAAG,SAAS,GAC3B,OAAO,CAAC;IACT,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;CAClB,GAAG,IAAI,CAAC,CA2BR"}

package/dist/mcp/oauth-token.js

@@ -0,0 +1,83 @@
+import * as jose from "jose";
+import { randomUUID } from "node:crypto";
+import { getAuthSecret } from "../server/better-auth-instance.js";
+import { MCP_OAUTH_ACCESS_TOKEN_TTL } from "./oauth-store.js";
+export const MCP_OAUTH_SCOPES = ["mcp:read", "mcp:write", "mcp:apps"];
+export const MCP_OAUTH_DEFAULT_SCOPE = MCP_OAUTH_SCOPES.join(" ");
+function signingSecret() {
+    return new TextEncoder().encode(process.env.A2A_SECRET || getAuthSecret());
+}
+export function normalizeOAuthScope(input) {
+    const requested = typeof input === "string"
+        ? input
+            .split(/\s+/)
+            .map((s) => s.trim())
+            .filter(Boolean)
+        : [];
+    const allowed = new Set(MCP_OAUTH_SCOPES);
+    if (requested.length === 0)
+        return MCP_OAUTH_DEFAULT_SCOPE;
+    const selected = requested.filter((scope) => allowed.has(scope));
+    return selected.length ? [...new Set(selected)].join(" ") : null;
+}
+export function scopeList(scope) {
+    return (scope ?? "")
+        .split(/\s+/)
+        .map((s) => s.trim())
+        .filter(Boolean);
+}
+export function hasMcpOAuthScope(scopes, scope) {
+    if (!scopes)
+        return true;
+    return scopes.includes(scope);
+}
+export async function signMcpOAuthAccessToken(params) {
+    return new jose.SignJWT({
+        typ: "agent-native-mcp-oauth",
+        sub: params.ownerEmail,
+        ...(params.orgDomain ? { org_domain: params.orgDomain } : {}),
+        scope: params.scope,
+        client_id: params.clientId,
+        resource: params.resource,
+    })
+        .setProtectedHeader({ alg: "HS256" })
+        .setIssuer(params.issuer)
+        .setAudience(params.resource)
+        .setJti(randomUUID())
+        .setIssuedAt()
+        .setExpirationTime(MCP_OAUTH_ACCESS_TOKEN_TTL)
+        .sign(signingSecret());
+}
+export async function verifyMcpOAuthAccessToken(token, resource) {
+    if (!resource)
+        return null;
+    try {
+        const { payload } = await jose.jwtVerify(token, signingSecret(), {
+            audience: resource,
+        });
+        if (payload.typ !== "agent-native-mcp-oauth")
+            return null;
+        if (payload.resource !== resource)
+            return null;
+        if (typeof payload.sub !== "string" || !payload.sub)
+            return null;
+        if (typeof payload.client_id !== "string" || !payload.client_id) {
+            return null;
+        }
+        const scope = typeof payload.scope === "string" ? payload.scope : "";
+        const scopes = scopeList(scope);
+        if (!scopes.some((s) => MCP_OAUTH_SCOPES.includes(s))) {
+            return null;
+        }
+        return {
+            userEmail: payload.sub,
+            orgDomain: typeof payload.org_domain === "string" ? payload.org_domain : undefined,
+            scopes,
+            clientId: payload.client_id,
+        };
+    }
+    catch {
+        return null;
+    }
+}
+//# sourceMappingURL=oauth-token.js.map

package/dist/mcp/oauth-token.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth-token.js","sourceRoot":"","sources":["../../src/mcp/oauth-token.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,aAAa,EAAE,MAAM,mCAAmC,CAAC;AAClE,OAAO,EAAE,0BAA0B,EAAE,MAAM,kBAAkB,CAAC;AAE9D,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,UAAU,EAAE,WAAW,EAAE,UAAU,CAAU,CAAC;AAE/E,MAAM,CAAC,MAAM,uBAAuB,GAAG,gBAAgB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAWlE,SAAS,aAAa;IACpB,OAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,aAAa,EAAE,CAAC,CAAC;AAC7E,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,KAAc;IAChD,MAAM,SAAS,GACb,OAAO,KAAK,KAAK,QAAQ;QACvB,CAAC,CAAC,KAAK;aACF,KAAK,CAAC,KAAK,CAAC;aACZ,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;aACpB,MAAM,CAAC,OAAO,CAAC;QACpB,CAAC,CAAC,EAAE,CAAC;IACT,MAAM,OAAO,GAAG,IAAI,GAAG,CAAS,gBAAgB,CAAC,CAAC;IAClD,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,uBAAuB,CAAC;IAC3D,MAAM,QAAQ,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC;IACjE,OAAO,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;AACnE,CAAC;AAED,MAAM,UAAU,SAAS,CAAC,KAAyB;IACjD,OAAO,CAAC,KAAK,IAAI,EAAE,CAAC;SACjB,KAAK,CAAC,KAAK,CAAC;SACZ,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;SACpB,MAAM,CAAC,OAAO,CAAC,CAAC;AACrB,CAAC;AAED,MAAM,UAAU,gBAAgB,CAC9B,MAA4B,EAC5B,KAAwC;IAExC,IAAI,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IACzB,OAAO,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AAChC,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAAC,MAO7C;IACC,OAAO,IAAI,IAAI,CAAC,OAAO,CAAC;QACtB,GAAG,EAAE,wBAAwB;QAC7B,GAAG,EAAE,MAAM,CAAC,UAAU;QACtB,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,MAAM,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC7D,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,SAAS,EAAE,MAAM,CAAC,QAAQ;QAC1B,QAAQ,EAAE,MAAM,CAAC,QAAQ;KAC1B,CAAC;SACC,kBAAkB,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC;SACpC,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC;SACxB,WAAW,CAAC,MAAM,CAAC,QAAQ,CAAC;SAC5B,MAAM,CAAC,UAAU,EAAE,CAAC;SACpB,WAAW,EAAE;SACb,iBAAiB,CAAC,0BAA0B,CAAC;SAC7C,IAAI,CAAC,aAAa,EAAE,CAAC,CAAC;AAC3B,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAC7C,KAAa,EACb,QAA4B;IAO5B,IAAI,CAAC,QAAQ;QAAE,OAAO,IAAI,CAAC;IAC3B,IAAI,CAAC;QACH,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,aAAa,EAAE,EAAE;YAC/D,QAAQ,EAAE,QAAQ;SACnB,CAAC,CAAC;QACH,IAAI,OAAO,CAAC,GAAG,KAAK,wBAAwB;YAAE,OAAO,IAAI,CAAC;QAC1D,IAAI,OAAO,CAAC,QAAQ,KAAK,QAAQ;YAAE,OAAO,IAAI,CAAC;QAC/C,IAAI,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,IAAI,CAAC,OAAO,CAAC,GAAG;YAAE,OAAO,IAAI,CAAC;QACjE,IAAI,OAAO,OAAO,CAAC,SAAS,KAAK,QAAQ,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC;YAChE,OAAO,IAAI,CAAC;QACd,CAAC;QACD,MAAM,KAAK,GAAG,OAAO,OAAO,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;QACrE,MAAM,MAAM,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;QAChC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAAQ,CAAC,CAAC,EAAE,CAAC;YAC7D,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO;YACL,SAAS,EAAE,OAAO,CAAC,GAAG;YACtB,SAAS,EACP,OAAO,OAAO,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS;YACzE,MAAM;YACN,QAAQ,EAAE,OAAO,CAAC,SAAS;SAC5B,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC","sourcesContent":["import * as jose from \"jose\";\nimport { randomUUID } from \"node:crypto\";\nimport { getAuthSecret } from \"../server/better-auth-instance.js\";\nimport { MCP_OAUTH_ACCESS_TOKEN_TTL } from \"./oauth-store.js\";\n\nexport const MCP_OAUTH_SCOPES = [\"mcp:read\", \"mcp:write\", \"mcp:apps\"] as const;\n\nexport const MCP_OAUTH_DEFAULT_SCOPE = MCP_OAUTH_SCOPES.join(\" \");\n\nexport interface McpOAuthAccessTokenClaims {\n  sub: string;\n  org_domain?: string;\n  scope: string;\n  client_id: string;\n  resource: string;\n  typ: \"agent-native-mcp-oauth\";\n}\n\nfunction signingSecret(): Uint8Array {\n  return new TextEncoder().encode(process.env.A2A_SECRET || getAuthSecret());\n}\n\nexport function normalizeOAuthScope(input: unknown): string | null {\n  const requested =\n    typeof input === \"string\"\n      ? input\n          .split(/\\s+/)\n          .map((s) => s.trim())\n          .filter(Boolean)\n      : [];\n  const allowed = new Set<string>(MCP_OAUTH_SCOPES);\n  if (requested.length === 0) return MCP_OAUTH_DEFAULT_SCOPE;\n  const selected = requested.filter((scope) => allowed.has(scope));\n  return selected.length ? [...new Set(selected)].join(\" \") : null;\n}\n\nexport function scopeList(scope: string | undefined): string[] {\n  return (scope ?? \"\")\n    .split(/\\s+/)\n    .map((s) => s.trim())\n    .filter(Boolean);\n}\n\nexport function hasMcpOAuthScope(\n  scopes: string[] | undefined,\n  scope: (typeof MCP_OAUTH_SCOPES)[number],\n): boolean {\n  if (!scopes) return true;\n  return scopes.includes(scope);\n}\n\nexport async function signMcpOAuthAccessToken(params: {\n  ownerEmail: string;\n  orgDomain?: string | null;\n  clientId: string;\n  scope: string;\n  resource: string;\n  issuer: string;\n}): Promise<string> {\n  return new jose.SignJWT({\n    typ: \"agent-native-mcp-oauth\",\n    sub: params.ownerEmail,\n    ...(params.orgDomain ? { org_domain: params.orgDomain } : {}),\n    scope: params.scope,\n    client_id: params.clientId,\n    resource: params.resource,\n  })\n    .setProtectedHeader({ alg: \"HS256\" })\n    .setIssuer(params.issuer)\n    .setAudience(params.resource)\n    .setJti(randomUUID())\n    .setIssuedAt()\n    .setExpirationTime(MCP_OAUTH_ACCESS_TOKEN_TTL)\n    .sign(signingSecret());\n}\n\nexport async function verifyMcpOAuthAccessToken(\n  token: string,\n  resource: string | undefined,\n): Promise<{\n  userEmail: string;\n  orgDomain?: string;\n  scopes: string[];\n  clientId: string;\n} | null> {\n  if (!resource) return null;\n  try {\n    const { payload } = await jose.jwtVerify(token, signingSecret(), {\n      audience: resource,\n    });\n    if (payload.typ !== \"agent-native-mcp-oauth\") return null;\n    if (payload.resource !== resource) return null;\n    if (typeof payload.sub !== \"string\" || !payload.sub) return null;\n    if (typeof payload.client_id !== \"string\" || !payload.client_id) {\n      return null;\n    }\n    const scope = typeof payload.scope === \"string\" ? payload.scope : \"\";\n    const scopes = scopeList(scope);\n    if (!scopes.some((s) => MCP_OAUTH_SCOPES.includes(s as any))) {\n      return null;\n    }\n    return {\n      userEmail: payload.sub,\n      orgDomain:\n        typeof payload.org_domain === \"string\" ? payload.org_domain : undefined,\n      scopes,\n      clientId: payload.client_id,\n    };\n  } catch {\n    return null;\n  }\n}\n"]}

package/dist/mcp/server.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/mcp/server.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,IAAI,CAAC;AAUlC,OAAO,EACL,yBAAyB,EACzB,UAAU,EACV,eAAe,EACf,sBAAsB,EACtB,kBAAkB,EAClB,KAAK,SAAS,EACd,KAAK,iBAAiB,EACtB,KAAK,cAAc,EACpB,MAAM,mBAAmB,CAAC;AAK3B,OAAO,EACL,yBAAyB,EACzB,UAAU,EACV,eAAe,EACf,sBAAsB,EACtB,kBAAkB,GACnB,CAAC;AACF,YAAY,EAAE,SAAS,EAAE,iBAAiB,EAAE,cAAc,EAAE,CAAC;AA2G7D;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AACH,wBAAsB,gBAAgB,CACpC,KAAK,EAAE,OAAO,EACd,MAAM,EAAE,SAAS,GAChB,OAAO,CAAC,QAAQ,GAAG,MAAM,GAAG;IAAE,KAAK,EAAE,MAAM,CAAA;CAAE,GAAG,SAAS,CAAC,CAyH5D;AAMD;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,QAAQ,CACtB,QAAQ,EAAE,GAAG,EACb,MAAM,EAAE,SAAS,EACjB,WAAW,SAAmB,GAC7B,IAAI,CAYN"}
+{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/mcp/server.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,IAAI,CAAC;AAWlC,OAAO,EACL,yBAAyB,EACzB,UAAU,EACV,eAAe,EACf,sBAAsB,EACtB,kBAAkB,EAClB,KAAK,SAAS,EACd,KAAK,iBAAiB,EACtB,KAAK,cAAc,EACpB,MAAM,mBAAmB,CAAC;AAM3B,OAAO,EACL,yBAAyB,EACzB,UAAU,EACV,eAAe,EACf,sBAAsB,EACtB,kBAAkB,GACnB,CAAC;AACF,YAAY,EAAE,SAAS,EAAE,iBAAiB,EAAE,cAAc,EAAE,CAAC;AA2G7D;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AACH,wBAAsB,gBAAgB,CACpC,KAAK,EAAE,OAAO,EACd,MAAM,EAAE,SAAS,GAChB,OAAO,CAAC,QAAQ,GAAG,MAAM,GAAG;IAAE,KAAK,EAAE,MAAM,CAAA;CAAE,GAAG,SAAS,CAAC,CA2H5D;AAMD;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,QAAQ,CACtB,QAAQ,EAAE,GAAG,EACb,MAAM,EAAE,SAAS,EACjB,WAAW,SAAmB,GAC7B,IAAI,CAYN"}

package/dist/mcp/server.js

@@ -1,8 +1,9 @@
 import { getH3App } from "../server/framework-request-handler.js";
-import { defineEventHandler, setResponseStatus, getMethod, getRequestHeader, } from "h3";
+import { defineEventHandler, setResponseStatus, setResponseHeader, getMethod, getRequestHeader, } from "h3";
 import { readBody } from "../server/h3-helpers.js";
 import { isLoopbackRequest } from "../server/auth.js";
 import { createMCPServerForRequest, verifyAuth, getAccessTokens, resolveOrgIdFromDomain, buildLinkArtifacts, } from "./build-server.js";
+import { buildMcpOAuthChallenge, getMcpOAuthResource } from "./oauth-route.js";
 // Re-export the shared MCP server builder + types so the stdio transport and
 // any (future) external importer of `@agent-native/core/mcp` keep resolving
 // against `./server.js` exactly as before this refactor.
@@ -146,11 +147,14 @@ export async function handleMcpRequest(event, config) {
     // `Host: localhost`). A deployed app missing A2A_SECRET / ACCESS_TOKEN
     // must fail closed rather than trust a spoofable owner-email header that
     // `fullSurface` would otherwise escalate to the full mutating surface.
+    const requestMeta = deriveRequestMeta(event);
     const authResult = await verifyAuth(authHeader, ownerEmailHeader, {
         allowDevOpen: isLoopbackRequest(event),
+        resourceUrl: getMcpOAuthResource(event),
     });
     if (!authResult.authed) {
         setResponseStatus(event, 401);
+        setResponseHeader(event, "WWW-Authenticate", buildMcpOAuthChallenge(event));
         return { error: "Unauthorized" };
     }
     // Stateless mode: only POST is meaningful
@@ -172,7 +176,6 @@ export async function handleMcpRequest(event, config) {
     // connected real caller (connect-minted token / `mcp install` /
     // ACCESS_TOKEN / production) gets the full action surface even in local
     // dev; unauthenticated dev probes stay sparse. See `external-agents` skill.
-    const requestMeta = deriveRequestMeta(event);
     const server = await createMCPServerForRequest(config, authResult.identity, {
         ...requestMeta,
         fullSurface: authResult.fullSurface === true,

package/dist/mcp/server.js.map

@@ -1 +1 @@
-{"version":3,"file":"server.js","sourceRoot":"","sources":["../../src/mcp/server.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,QAAQ,EAAE,MAAM,wCAAwC,CAAC;AAClE,OAAO,EACL,kBAAkB,EAClB,iBAAiB,EACjB,SAAS,EACT,gBAAgB,GACjB,MAAM,IAAI,CAAC;AACZ,OAAO,EAAE,QAAQ,EAAE,MAAM,yBAAyB,CAAC;AACnD,OAAO,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AACtD,OAAO,EACL,yBAAyB,EACzB,UAAU,EACV,eAAe,EACf,sBAAsB,EACtB,kBAAkB,GAInB,MAAM,mBAAmB,CAAC;AAE3B,6EAA6E;AAC7E,4EAA4E;AAC5E,yDAAyD;AACzD,OAAO,EACL,yBAAyB,EACzB,UAAU,EACV,eAAe,EACf,sBAAsB,EACtB,kBAAkB,GACnB,CAAC;AAGF,8EAA8E;AAC9E,+DAA+D;AAC/D,8EAA8E;AAE9E;;;;;;GAMG;AACH,SAAS,aAAa,CAAC,KAAc;IAInC,MAAM,CAAC,GAAG,KAAY,CAAC;IACvB,MAAM,OAAO,GAAG,CAAC,CAAC,IAAI,EAAE,GAAG,IAAI,CAAC,CAAC,GAAG,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,CAAC;IACzD,MAAM,OAAO,GAAG,CAAC,CAAC,IAAI,EAAE,GAAG,IAAI,CAAC,CAAC,GAAG,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,CAAC;IACzD,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC;AAC9B,CAAC;AAED;;;;;GAKG;AACH,SAAS,iBAAiB,CAAC,KAAc;IACvC,MAAM,cAAc,GAAG,gBAAgB,CAAC,KAAK,EAAE,mBAAmB,CAAC,CAAC;IACpE,MAAM,IAAI,GAAG,gBAAgB,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;IAC7C,MAAM,KAAK,GACT,cAAc,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE;QACrC,CAAC,IAAI,IAAI,gCAAgC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;IAC3E,MAAM,MAAM,GAAG,IAAI,CAAC,CAAC,CAAC,GAAG,KAAK,MAAM,IAAI,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;IACvD,MAAM,YAAY,GAAG,gBAAgB,CACnC,KAAK,EACL,4BAA4B,CAC7B,EAAE,WAAW,EAAE,CAAC;IACjB,MAAM,MAAM,GACV,YAAY,KAAK,SAAS;QAC1B,YAAY,KAAK,UAAU;QAC3B,YAAY,KAAK,SAAS;QACxB,CAAC,CAAE,YAAyC;QAC5C,CAAC,CAAC,SAAS,CAAC;IAChB,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;AAC5B,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,SAAS,eAAe,CAAC,KAAc,EAAE,MAAc;IACrD,MAAM,GAAG,GAAI,KAAa,CAAC,GAA0B,CAAC;IAEtD,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;IAC9B,IAAI,GAAG,EAAE,OAAO,IAAI,OAAO,GAAG,CAAC,OAAO,CAAC,OAAO,KAAK,UAAU,EAAE,CAAC;QAC9D,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAC;IAC/D,CAAC;SAAM,CAAC;QACN,MAAM,UAAU,GAAI,KAAa,CAAC,IAAI,EAAE,GAAG,EAAE,OAEhC,CAAC;QACd,IAAI,UAAU,EAAE,CAAC;YACf,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;gBACtD,IAAI,KAAK,IAAI,IAAI;oBAAE,SAAS;gBAC5B,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;YACpE,CAAC;QACH,CAAC;IACH,CAAC;IAED,2EAA2E;IAC3E,wEAAwE;IACxE,qEAAqE;IACrE,iEAAiE;IAEjE,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,WAAW,CAAC;IAChD,MAAM,cAAc,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC;IACxD,MAAM,KAAK,GACT,cAAc,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE;QACrC,CAAC,gCAAgC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;IACnE,IAAI,GAAG,GAAG,GAAG,KAAK,MAAM,IAAI,oBAAoB,CAAC;IACjD,IAAI,CAAC;QACH,IAAI,GAAG,EAAE,GAAG;YAAE,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;IAC5C,CAAC;IAAC,MAAM,CAAC;QACP,2BAA2B;IAC7B,CAAC;IAED,qEAAqE;IACrE,yEAAyE;IACzE,oDAAoD;IACpD,OAAO,IAAI,OAAO,CAAC,GAAG,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,CAAC;AAC/C,CAAC;AAED,8EAA8E;AAC9E,0DAA0D;AAC1D,8EAA8E;AAE9E;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,KAAc,EACd,MAAiB;IAEjB,MAAM,QAAQ,GAAG,KAAK,CAAC,GAAG,EAAE,QAAQ,IAAI,GAAG,CAAC;IAC5C,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IACjE,IAAI,OAAO,EAAE,CAAC;QACZ,yEAAyE;QACzE,uEAAuE;QACvE,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,MAAM,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;IAEhC,2EAA2E;IAC3E,uDAAuD;IACvD,+DAA+D;IAC/D,4EAA4E;IAC5E,iDAAiD;IACjD,MAAM,UAAU,GAAG,gBAAgB,CAAC,KAAK,EAAE,eAAe,CAAC,CAAC;IAC5D,MAAM,gBAAgB,GAAG,gBAAgB,CACvC,KAAK,EACL,4BAA4B,CAC7B,CAAC;IACF,oEAAoE;IACpE,4DAA4D;IAC5D,uEAAuE;IACvE,yEAAyE;IACzE,uEAAuE;IACvE,MAAM,UAAU,GAAG,MAAM,UAAU,CAAC,UAAU,EAAE,gBAAgB,EAAE;QAChE,YAAY,EAAE,iBAAiB,CAAC,KAAK,CAAC;KACvC,CAAC,CAAC;IACH,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,CAAC;QACvB,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QAC9B,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,CAAC;IACnC,CAAC;IAED,0CAA0C;IAC1C,IAAI,MAAM,KAAK,QAAQ,EAAE,CAAC;QACxB,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QAC9B,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,IAAI,MAAM,KAAK,MAAM,IAAI,MAAM,KAAK,KAAK,EAAE,CAAC;QAC1C,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QAC9B,OAAO,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC;IACzC,CAAC;IAED,0EAA0E;IAC1E,sEAAsE;IACtE,kCAAkC;IAClC,MAAM,IAAI,GAAG,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAEnE,yEAAyE;IACzE,qEAAqE;IACrE,qEAAqE;IACrE,gEAAgE;IAChE,wEAAwE;IACxE,4EAA4E;IAC5E,MAAM,WAAW,GAAG,iBAAiB,CAAC,KAAK,CAAC,CAAC;IAC7C,MAAM,MAAM,GAAG,MAAM,yBAAyB,CAAC,MAAM,EAAE,UAAU,CAAC,QAAQ,EAAE;QAC1E,GAAG,WAAW;QACd,WAAW,EAAE,UAAU,CAAC,WAAW,KAAK,IAAI;KAC7C,CAAC,CAAC;IAEH,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC;IAElD,IAAI,OAAO,IAAI,OAAO,EAAE,CAAC;QACvB,4EAA4E;QAC5E,MAAM,EAAE,6BAA6B,EAAE,GACrC,MAAM,MAAM,CAAC,oDAAoD,CAAC,CAAC;QACrE,MAAM,SAAS,GAAG,IAAI,6BAA6B,CAAC;YAClD,kBAAkB,EAAE,SAAS,EAAE,YAAY;SAC5C,CAAC,CAAC;QACH,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAChC,IAAI,CAAC;YACH,uEAAuE;YACvE,iEAAiE;YACjE,MAAM,SAAS,CAAC,aAAa,CAAC,OAAO,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC;QACxD,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,wEAAwE;YACxE,mEAAmE;YACnE,sEAAsE;YACtE,uEAAuE;YACvE,qEAAqE;YACrE,6DAA6D;YAC7D,IAAI,GAAG,EAAE,IAAI,KAAK,4BAA4B;gBAAE,MAAM,GAAG,CAAC;YAC1D,IAAI,OAAO,CAAC,GAAG,CAAC,KAAK;gBACnB,OAAO,CAAC,GAAG,CACT,2EAA2E,CAC5E,CAAC;QACN,CAAC;QACD,8CAA8C;QAC7C,KAAa,CAAC,QAAQ,GAAG,IAAI,CAAC;QAC/B,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,uEAAuE;IACvE,6EAA6E;IAC7E,EAAE;IACF,qEAAqE;IACrE,uEAAuE;IACvE,wEAAwE;IACxE,2EAA2E;IAC3E,yEAAyE;IACzE,4EAA4E;IAC5E,qEAAqE;IACrE,uEAAuE;IACvE,qBAAqB;IACrB,MAAM,EAAE,wCAAwC,EAAE,GAChD,MAAM,MAAM,CAAC,+DAA+D,CAAC,CAAC;IAChF,MAAM,SAAS,GAAG,IAAI,wCAAwC,CAAC;QAC7D,kBAAkB,EAAE,SAAS,EAAE,oCAAoC;KACpE,CAAC,CAAC;IACH,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAChC,MAAM,UAAU,GAAG,eAAe,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;IAClD,2EAA2E;IAC3E,2EAA2E;IAC3E,wEAAwE;IACxE,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,aAAa,CAC5C,UAAU,EACV,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,SAAS,CACrD,CAAC;IACF,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,8EAA8E;AAC9E,+DAA+D;AAC/D,8EAA8E;AAE9E;;;;;;;;;;;;;;GAcG;AACH,MAAM,UAAU,QAAQ,CACtB,QAAa,EACb,MAAiB,EACjB,WAAW,GAAG,gBAAgB;IAE9B,QAAQ,CAAC,QAAQ,CAAC,CAAC,GAAG,CACpB,GAAG,WAAW,MAAM,EACpB,kBAAkB,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE;QACjC,OAAO,gBAAgB,CAAC,KAAgB,EAAE,MAAM,CAAC,CAAC;IACpD,CAAC,CAAC,CACH,CAAC;IAEF,IAAI,OAAO,CAAC,GAAG,CAAC,KAAK;QACnB,OAAO,CAAC,GAAG,CACT,+BAA+B,WAAW,SAAS,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,SAAS,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,EAAE,GAAG,CACvI,CAAC;AACN,CAAC","sourcesContent":["import type { H3Event } from \"h3\";\nimport { getH3App } from \"../server/framework-request-handler.js\";\nimport {\n  defineEventHandler,\n  setResponseStatus,\n  getMethod,\n  getRequestHeader,\n} from \"h3\";\nimport { readBody } from \"../server/h3-helpers.js\";\nimport { isLoopbackRequest } from \"../server/auth.js\";\nimport {\n  createMCPServerForRequest,\n  verifyAuth,\n  getAccessTokens,\n  resolveOrgIdFromDomain,\n  buildLinkArtifacts,\n  type MCPConfig,\n  type MCPCallerIdentity,\n  type MCPRequestMeta,\n} from \"./build-server.js\";\n\n// Re-export the shared MCP server builder + types so the stdio transport and\n// any (future) external importer of `@agent-native/core/mcp` keep resolving\n// against `./server.js` exactly as before this refactor.\nexport {\n  createMCPServerForRequest,\n  verifyAuth,\n  getAccessTokens,\n  resolveOrgIdFromDomain,\n  buildLinkArtifacts,\n};\nexport type { MCPConfig, MCPCallerIdentity, MCPRequestMeta };\n\n// ---------------------------------------------------------------------------\n// Runtime detection — Node fast-path vs. web-standard fallback\n// ---------------------------------------------------------------------------\n\n/**\n * Resolve the underlying Node `http` req/res pair if (and only if) we're\n * running on a real Node HTTP server (local dev, `node` Nitro preset). On the\n * web-standard runtime (Nitro 3 / Netlify web runtime, Cloudflare, Deno, Bun)\n * BOTH of these are undefined — that's the signal to take the web fallback\n * instead of returning 501.\n */\nfunction getNodeReqRes(event: H3Event): {\n  nodeReq: any | undefined;\n  nodeRes: any | undefined;\n} {\n  const e = event as any;\n  const nodeReq = e.node?.req ?? e.req?.runtime?.node?.req;\n  const nodeRes = e.node?.res ?? e.req?.runtime?.node?.res;\n  return { nodeReq, nodeRes };\n}\n\n/**\n * Derive the request origin + the markdown deep-link target from the inbound\n * headers. Identical logic for both the Node and web paths so the absolute\n * deep-link URLs in tool results are computed the same way regardless of\n * runtime.\n */\nfunction deriveRequestMeta(event: H3Event): MCPRequestMeta {\n  const forwardedProto = getRequestHeader(event, \"x-forwarded-proto\");\n  const host = getRequestHeader(event, \"host\");\n  const proto =\n    forwardedProto?.split(\",\")[0]?.trim() ||\n    (host && /^(localhost|127\\.0\\.0\\.1)(:|$)/.test(host) ? \"http\" : \"https\");\n  const origin = host ? `${proto}://${host}` : undefined;\n  const targetHeader = getRequestHeader(\n    event,\n    \"x-agent-native-open-target\",\n  )?.toLowerCase();\n  const target =\n    targetHeader === \"desktop\" ||\n    targetHeader === \"terminal\" ||\n    targetHeader === \"browser\"\n      ? (targetHeader as MCPRequestMeta[\"target\"])\n      : undefined;\n  return { origin, target };\n}\n\n/**\n * Reconstruct a Web Standard `Request` for the web-standard MCP transport.\n *\n * On the web runtime h3 v2 exposes the real web `Request` as `event.req`; we\n * prefer it (its `method` / `headers` are exactly what the client sent). But\n * the framework middleware rewrites `event.req.url` when it strips a mount\n * prefix, and the transport reads `req.method` + `req.headers` (never the\n * body — we pass that via `parsedBody`), so we always synthesize a clean\n * `Request` with the verified method + a fresh `Headers` copy. The URL is\n * cosmetic for the SDK (it only does `new URL(req.url)` for `requestInfo`),\n * so a best-effort absolute URL derived from the inbound host is sufficient\n * and never throws.\n */\nfunction buildWebRequest(event: H3Event, method: string): Request {\n  const src = (event as any).req as Request | undefined;\n\n  const headers = new Headers();\n  if (src?.headers && typeof src.headers.forEach === \"function\") {\n    src.headers.forEach((value, key) => headers.set(key, value));\n  } else {\n    const rawHeaders = (event as any).node?.req?.headers as\n      | Record<string, string | string[] | undefined>\n      | undefined;\n    if (rawHeaders) {\n      for (const [key, value] of Object.entries(rawHeaders)) {\n        if (value == null) continue;\n        headers.set(key, Array.isArray(value) ? value.join(\", \") : value);\n      }\n    }\n  }\n\n  // The SDK requires Accept + Content-Type to advertise both JSON and SSE on\n  // a POST. Real MCP clients (Claude Code, `agent-native connect`) always\n  // send these; we never inject/alter them — if they're absent the SDK\n  // returns its spec-mandated 406/415, identical to the Node path.\n\n  const host = headers.get(\"host\") || \"localhost\";\n  const forwardedProto = headers.get(\"x-forwarded-proto\");\n  const proto =\n    forwardedProto?.split(\",\")[0]?.trim() ||\n    (/^(localhost|127\\.0\\.0\\.1)(:|$)/.test(host) ? \"http\" : \"https\");\n  let url = `${proto}://${host}/_agent-native/mcp`;\n  try {\n    if (src?.url) url = new URL(src.url).href;\n  } catch {\n    // keep the synthesized URL\n  }\n\n  // No body here on purpose: the JSON-RPC payload is forwarded via the\n  // transport's `parsedBody` option (the same mechanism the Node transport\n  // uses), so the request stream is never read twice.\n  return new Request(url, { method, headers });\n}\n\n// ---------------------------------------------------------------------------\n// handleMcpRequest — runtime-agnostic MCP request handler\n// ---------------------------------------------------------------------------\n\n/**\n * Handle a single `{routePrefix}/mcp` request on either runtime.\n *\n * - **Node fast-path** (real Node HTTP server): unchanged — delegate to the\n *   SDK's `StreamableHTTPServerTransport.handleRequest(nodeReq, nodeRes,\n *   body)`, which writes directly to the Node response (full protocol incl.\n *   SSE).\n * - **Web-standard fallback** (Nitro 3 / Netlify web runtime, Cloudflare,\n *   Deno, Bun — where there is no Node req/res): build the SAME MCP `Server`\n *   from the SAME config + identity, drive it through the SDK's\n *   `WebStandardStreamableHTTPServerTransport` (which the Node transport is\n *   itself just a thin wrapper around), and return the resulting Web\n *   `Response` as a normal h3 return value.\n *\n * Auth, the `runWithRequestContext` identity wrap, the deep-link `_meta` /\n * markdown append, `requestMeta` origin/target derivation and the stateless\n * semantics are IDENTICAL on both paths because both build the same server\n * via `createMCPServerForRequest` and both transports funnel into the same\n * `WebStandardStreamableHTTPServerTransport.handleRequest(webRequest, {\n * parsedBody })` with the same options.\n *\n * Returns:\n *   - `undefined` when the request targets a sub-route (so management/status\n *     routes mounted under `/_agent-native/mcp/*` handle it themselves) — the\n *     h3 mount falls through to the next handler.\n *   - a Web `Response` (web fallback) or a string/object (Node path /\n *     auth-error path) otherwise. The Node path also sets `_handled` so h3\n *     doesn't double-write.\n */\nexport async function handleMcpRequest(\n  event: H3Event,\n  config: MCPConfig,\n): Promise<Response | string | { error: string } | undefined> {\n  const pathname = event.url?.pathname || \"/\";\n  const subpath = pathname.replace(/^\\/+/, \"\").replace(/\\/+$/, \"\");\n  if (subpath) {\n    // Let management/status routes mounted under /_agent-native/mcp/* handle\n    // their own requests instead of treating them as MCP protocol traffic.\n    return undefined;\n  }\n\n  const method = getMethod(event);\n\n  // Auth check — extracts the caller's identity from the JWT (`sub`), or, on\n  // the static-token / dev-open path, from the forwarded\n  // `X-Agent-Native-Owner-Email` hint the stdio proxy sends (the\n  // `agent-native mcp install` flow). Without this the install flow would run\n  // every tool unscoped (userEmail === undefined).\n  const authHeader = getRequestHeader(event, \"authorization\");\n  const ownerEmailHeader = getRequestHeader(\n    event,\n    \"x-agent-native-owner-email\",\n  );\n  // Gate header-only dev-open on the REAL socket peer, never a parsed\n  // `Host` header (client-controlled — an attacker could send\n  // `Host: localhost`). A deployed app missing A2A_SECRET / ACCESS_TOKEN\n  // must fail closed rather than trust a spoofable owner-email header that\n  // `fullSurface` would otherwise escalate to the full mutating surface.\n  const authResult = await verifyAuth(authHeader, ownerEmailHeader, {\n    allowDevOpen: isLoopbackRequest(event),\n  });\n  if (!authResult.authed) {\n    setResponseStatus(event, 401);\n    return { error: \"Unauthorized\" };\n  }\n\n  // Stateless mode: only POST is meaningful\n  if (method === \"DELETE\") {\n    setResponseStatus(event, 204);\n    return \"\";\n  }\n\n  if (method !== \"POST\" && method !== \"GET\") {\n    setResponseStatus(event, 405);\n    return { error: \"Method not allowed\" };\n  }\n\n  // Read body for POST (GET has no body). Read it via the h3 helper exactly\n  // once; both transports accept it as a pre-parsed body so the request\n  // stream is never consumed twice.\n  const body = method === \"POST\" ? await readBody(event) : undefined;\n\n  // Per-request stateless transport + server. Both runtimes build the SAME\n  // server from the SAME config + verified identity + request meta, so\n  // tools/list, tools/call, and the deep-link `_meta` are identical. A\n  // connected real caller (connect-minted token / `mcp install` /\n  // ACCESS_TOKEN / production) gets the full action surface even in local\n  // dev; unauthenticated dev probes stay sparse. See `external-agents` skill.\n  const requestMeta = deriveRequestMeta(event);\n  const server = await createMCPServerForRequest(config, authResult.identity, {\n    ...requestMeta,\n    fullSurface: authResult.fullSurface === true,\n  });\n\n  const { nodeReq, nodeRes } = getNodeReqRes(event);\n\n  if (nodeReq && nodeRes) {\n    // ---- Node fast-path (UNCHANGED behavior) --------------------------------\n    const { StreamableHTTPServerTransport } =\n      await import(\"@modelcontextprotocol/sdk/server/streamableHttp.js\");\n    const transport = new StreamableHTTPServerTransport({\n      sessionIdGenerator: undefined, // stateless\n    });\n    await server.connect(transport);\n    try {\n      // The SDK transport writes directly to the Node response. Node-only by\n      // construction; we only reach here when real Node req/res exist.\n      await transport.handleRequest(nodeReq, nodeRes, body);\n    } catch (err: any) {\n      // The SDK transport writes directly to the Node response. If the socket\n      // is already closed/ended (client disconnected, or the host stream\n      // layer also flushed), Node throws ERR_STREAM_WRITE_AFTER_END *after*\n      // the MCP payload was already delivered correctly. Swallow that benign\n      // post-flush write so an external agent disconnecting mid-stream can\n      // never take down the server process; rethrow anything else.\n      if (err?.code !== \"ERR_STREAM_WRITE_AFTER_END\") throw err;\n      if (process.env.DEBUG)\n        console.log(\n          \"[mcp] ignored post-flush ERR_STREAM_WRITE_AFTER_END (client disconnected)\",\n        );\n    }\n    // Prevent H3 from double-writing the response\n    (event as any)._handled = true;\n    return undefined;\n  }\n\n  // ---- Web-standard fallback (Nitro 3 / Netlify web runtime, CF, Deno,\n  // Bun) ---------------------------------------------------------------------\n  //\n  // `StreamableHTTPServerTransport` is itself just a thin wrapper that\n  // converts the Node req/res to a web Request/Response and delegates to\n  // `WebStandardStreamableHTTPServerTransport.handleRequest(webRequest, {\n  // parsedBody })`. Using the web transport directly with the SAME options +\n  // the same pre-read `parsedBody` produces byte-identical protocol output\n  // (including the deep-link `_meta` built inside createMCPServerForRequest),\n  // and works on every web runtime because it returns a Web `Response`\n  // (JSON for request/response, or an SSE `ReadableStream` body which h3\n  // streams natively).\n  const { WebStandardStreamableHTTPServerTransport } =\n    await import(\"@modelcontextprotocol/sdk/server/webStandardStreamableHttp.js\");\n  const transport = new WebStandardStreamableHTTPServerTransport({\n    sessionIdGenerator: undefined, // stateless — same as the Node path\n  });\n  await server.connect(transport);\n  const webRequest = buildWebRequest(event, method);\n  // `parsedBody: undefined` would make the SDK try to read `req.json()`; our\n  // synthesized request has no body, so only pass the option for POST (where\n  // we actually have a parsed body). For GET the transport reads no body.\n  const response = await transport.handleRequest(\n    webRequest,\n    method === \"POST\" ? { parsedBody: body } : undefined,\n  );\n  return response;\n}\n\n// ---------------------------------------------------------------------------\n// mountMCP — register MCP Streamable HTTP endpoint on H3/Nitro\n// ---------------------------------------------------------------------------\n\n/**\n * Mount an MCP remote server on an H3/Nitro app.\n *\n * Endpoint: `{routePrefix}/mcp` (default `/_agent-native/mcp`)\n *\n * Uses stateless Streamable HTTP transport — no in-memory sessions,\n * compatible with serverless deployments. Runtime-agnostic: a real Node\n * server uses the SDK's Node transport; the web-standard runtime (Nitro 3 /\n * Netlify web runtime, Cloudflare, Deno, Bun) uses the SDK's web-standard\n * transport. Both build the same server and produce identical JSON-RPC\n * output.\n *\n * Auth: Bearer token matching ACCESS_TOKEN/ACCESS_TOKENS or JWT via A2A_SECRET.\n * No auth required when neither is configured (dev mode).\n */\nexport function mountMCP(\n  nitroApp: any,\n  config: MCPConfig,\n  routePrefix = \"/_agent-native\",\n): void {\n  getH3App(nitroApp).use(\n    `${routePrefix}/mcp`,\n    defineEventHandler(async (event) => {\n      return handleMcpRequest(event as H3Event, config);\n    }),\n  );\n\n  if (process.env.DEBUG)\n    console.log(\n      `[mcp] Mounted MCP server at ${routePrefix}/mcp (${Object.keys(config.actions).length} tools${config.askAgent ? \" + ask-agent\" : \"\"})`,\n    );\n}\n"]}
+{"version":3,"file":"server.js","sourceRoot":"","sources":["../../src/mcp/server.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,QAAQ,EAAE,MAAM,wCAAwC,CAAC;AAClE,OAAO,EACL,kBAAkB,EAClB,iBAAiB,EACjB,iBAAiB,EACjB,SAAS,EACT,gBAAgB,GACjB,MAAM,IAAI,CAAC;AACZ,OAAO,EAAE,QAAQ,EAAE,MAAM,yBAAyB,CAAC;AACnD,OAAO,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AACtD,OAAO,EACL,yBAAyB,EACzB,UAAU,EACV,eAAe,EACf,sBAAsB,EACtB,kBAAkB,GAInB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAE,sBAAsB,EAAE,mBAAmB,EAAE,MAAM,kBAAkB,CAAC;AAE/E,6EAA6E;AAC7E,4EAA4E;AAC5E,yDAAyD;AACzD,OAAO,EACL,yBAAyB,EACzB,UAAU,EACV,eAAe,EACf,sBAAsB,EACtB,kBAAkB,GACnB,CAAC;AAGF,8EAA8E;AAC9E,+DAA+D;AAC/D,8EAA8E;AAE9E;;;;;;GAMG;AACH,SAAS,aAAa,CAAC,KAAc;IAInC,MAAM,CAAC,GAAG,KAAY,CAAC;IACvB,MAAM,OAAO,GAAG,CAAC,CAAC,IAAI,EAAE,GAAG,IAAI,CAAC,CAAC,GAAG,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,CAAC;IACzD,MAAM,OAAO,GAAG,CAAC,CAAC,IAAI,EAAE,GAAG,IAAI,CAAC,CAAC,GAAG,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,CAAC;IACzD,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC;AAC9B,CAAC;AAED;;;;;GAKG;AACH,SAAS,iBAAiB,CAAC,KAAc;IACvC,MAAM,cAAc,GAAG,gBAAgB,CAAC,KAAK,EAAE,mBAAmB,CAAC,CAAC;IACpE,MAAM,IAAI,GAAG,gBAAgB,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;IAC7C,MAAM,KAAK,GACT,cAAc,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE;QACrC,CAAC,IAAI,IAAI,gCAAgC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;IAC3E,MAAM,MAAM,GAAG,IAAI,CAAC,CAAC,CAAC,GAAG,KAAK,MAAM,IAAI,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;IACvD,MAAM,YAAY,GAAG,gBAAgB,CACnC,KAAK,EACL,4BAA4B,CAC7B,EAAE,WAAW,EAAE,CAAC;IACjB,MAAM,MAAM,GACV,YAAY,KAAK,SAAS;QAC1B,YAAY,KAAK,UAAU;QAC3B,YAAY,KAAK,SAAS;QACxB,CAAC,CAAE,YAAyC;QAC5C,CAAC,CAAC,SAAS,CAAC;IAChB,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;AAC5B,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,SAAS,eAAe,CAAC,KAAc,EAAE,MAAc;IACrD,MAAM,GAAG,GAAI,KAAa,CAAC,GAA0B,CAAC;IAEtD,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;IAC9B,IAAI,GAAG,EAAE,OAAO,IAAI,OAAO,GAAG,CAAC,OAAO,CAAC,OAAO,KAAK,UAAU,EAAE,CAAC;QAC9D,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAC;IAC/D,CAAC;SAAM,CAAC;QACN,MAAM,UAAU,GAAI,KAAa,CAAC,IAAI,EAAE,GAAG,EAAE,OAEhC,CAAC;QACd,IAAI,UAAU,EAAE,CAAC;YACf,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;gBACtD,IAAI,KAAK,IAAI,IAAI;oBAAE,SAAS;gBAC5B,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;YACpE,CAAC;QACH,CAAC;IACH,CAAC;IAED,2EAA2E;IAC3E,wEAAwE;IACxE,qEAAqE;IACrE,iEAAiE;IAEjE,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,WAAW,CAAC;IAChD,MAAM,cAAc,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC;IACxD,MAAM,KAAK,GACT,cAAc,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE;QACrC,CAAC,gCAAgC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;IACnE,IAAI,GAAG,GAAG,GAAG,KAAK,MAAM,IAAI,oBAAoB,CAAC;IACjD,IAAI,CAAC;QACH,IAAI,GAAG,EAAE,GAAG;YAAE,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;IAC5C,CAAC;IAAC,MAAM,CAAC;QACP,2BAA2B;IAC7B,CAAC;IAED,qEAAqE;IACrE,yEAAyE;IACzE,oDAAoD;IACpD,OAAO,IAAI,OAAO,CAAC,GAAG,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,CAAC;AAC/C,CAAC;AAED,8EAA8E;AAC9E,0DAA0D;AAC1D,8EAA8E;AAE9E;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,KAAc,EACd,MAAiB;IAEjB,MAAM,QAAQ,GAAG,KAAK,CAAC,GAAG,EAAE,QAAQ,IAAI,GAAG,CAAC;IAC5C,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IACjE,IAAI,OAAO,EAAE,CAAC;QACZ,yEAAyE;QACzE,uEAAuE;QACvE,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,MAAM,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;IAEhC,2EAA2E;IAC3E,uDAAuD;IACvD,+DAA+D;IAC/D,4EAA4E;IAC5E,iDAAiD;IACjD,MAAM,UAAU,GAAG,gBAAgB,CAAC,KAAK,EAAE,eAAe,CAAC,CAAC;IAC5D,MAAM,gBAAgB,GAAG,gBAAgB,CACvC,KAAK,EACL,4BAA4B,CAC7B,CAAC;IACF,oEAAoE;IACpE,4DAA4D;IAC5D,uEAAuE;IACvE,yEAAyE;IACzE,uEAAuE;IACvE,MAAM,WAAW,GAAG,iBAAiB,CAAC,KAAK,CAAC,CAAC;IAC7C,MAAM,UAAU,GAAG,MAAM,UAAU,CAAC,UAAU,EAAE,gBAAgB,EAAE;QAChE,YAAY,EAAE,iBAAiB,CAAC,KAAK,CAAC;QACtC,WAAW,EAAE,mBAAmB,CAAC,KAAK,CAAC;KACxC,CAAC,CAAC;IACH,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,CAAC;QACvB,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QAC9B,iBAAiB,CAAC,KAAK,EAAE,kBAAkB,EAAE,sBAAsB,CAAC,KAAK,CAAC,CAAC,CAAC;QAC5E,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,CAAC;IACnC,CAAC;IAED,0CAA0C;IAC1C,IAAI,MAAM,KAAK,QAAQ,EAAE,CAAC;QACxB,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QAC9B,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,IAAI,MAAM,KAAK,MAAM,IAAI,MAAM,KAAK,KAAK,EAAE,CAAC;QAC1C,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QAC9B,OAAO,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC;IACzC,CAAC;IAED,0EAA0E;IAC1E,sEAAsE;IACtE,kCAAkC;IAClC,MAAM,IAAI,GAAG,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAEnE,yEAAyE;IACzE,qEAAqE;IACrE,qEAAqE;IACrE,gEAAgE;IAChE,wEAAwE;IACxE,4EAA4E;IAC5E,MAAM,MAAM,GAAG,MAAM,yBAAyB,CAAC,MAAM,EAAE,UAAU,CAAC,QAAQ,EAAE;QAC1E,GAAG,WAAW;QACd,WAAW,EAAE,UAAU,CAAC,WAAW,KAAK,IAAI;KAC7C,CAAC,CAAC;IAEH,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC;IAElD,IAAI,OAAO,IAAI,OAAO,EAAE,CAAC;QACvB,4EAA4E;QAC5E,MAAM,EAAE,6BAA6B,EAAE,GACrC,MAAM,MAAM,CAAC,oDAAoD,CAAC,CAAC;QACrE,MAAM,SAAS,GAAG,IAAI,6BAA6B,CAAC;YAClD,kBAAkB,EAAE,SAAS,EAAE,YAAY;SAC5C,CAAC,CAAC;QACH,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAChC,IAAI,CAAC;YACH,uEAAuE;YACvE,iEAAiE;YACjE,MAAM,SAAS,CAAC,aAAa,CAAC,OAAO,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC;QACxD,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,wEAAwE;YACxE,mEAAmE;YACnE,sEAAsE;YACtE,uEAAuE;YACvE,qEAAqE;YACrE,6DAA6D;YAC7D,IAAI,GAAG,EAAE,IAAI,KAAK,4BAA4B;gBAAE,MAAM,GAAG,CAAC;YAC1D,IAAI,OAAO,CAAC,GAAG,CAAC,KAAK;gBACnB,OAAO,CAAC,GAAG,CACT,2EAA2E,CAC5E,CAAC;QACN,CAAC;QACD,8CAA8C;QAC7C,KAAa,CAAC,QAAQ,GAAG,IAAI,CAAC;QAC/B,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,uEAAuE;IACvE,6EAA6E;IAC7E,EAAE;IACF,qEAAqE;IACrE,uEAAuE;IACvE,wEAAwE;IACxE,2EAA2E;IAC3E,yEAAyE;IACzE,4EAA4E;IAC5E,qEAAqE;IACrE,uEAAuE;IACvE,qBAAqB;IACrB,MAAM,EAAE,wCAAwC,EAAE,GAChD,MAAM,MAAM,CAAC,+DAA+D,CAAC,CAAC;IAChF,MAAM,SAAS,GAAG,IAAI,wCAAwC,CAAC;QAC7D,kBAAkB,EAAE,SAAS,EAAE,oCAAoC;KACpE,CAAC,CAAC;IACH,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAChC,MAAM,UAAU,GAAG,eAAe,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;IAClD,2EAA2E;IAC3E,2EAA2E;IAC3E,wEAAwE;IACxE,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,aAAa,CAC5C,UAAU,EACV,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,SAAS,CACrD,CAAC;IACF,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,8EAA8E;AAC9E,+DAA+D;AAC/D,8EAA8E;AAE9E;;;;;;;;;;;;;;GAcG;AACH,MAAM,UAAU,QAAQ,CACtB,QAAa,EACb,MAAiB,EACjB,WAAW,GAAG,gBAAgB;IAE9B,QAAQ,CAAC,QAAQ,CAAC,CAAC,GAAG,CACpB,GAAG,WAAW,MAAM,EACpB,kBAAkB,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE;QACjC,OAAO,gBAAgB,CAAC,KAAgB,EAAE,MAAM,CAAC,CAAC;IACpD,CAAC,CAAC,CACH,CAAC;IAEF,IAAI,OAAO,CAAC,GAAG,CAAC,KAAK;QACnB,OAAO,CAAC,GAAG,CACT,+BAA+B,WAAW,SAAS,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,SAAS,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,EAAE,GAAG,CACvI,CAAC;AACN,CAAC","sourcesContent":["import type { H3Event } from \"h3\";\nimport { getH3App } from \"../server/framework-request-handler.js\";\nimport {\n  defineEventHandler,\n  setResponseStatus,\n  setResponseHeader,\n  getMethod,\n  getRequestHeader,\n} from \"h3\";\nimport { readBody } from \"../server/h3-helpers.js\";\nimport { isLoopbackRequest } from \"../server/auth.js\";\nimport {\n  createMCPServerForRequest,\n  verifyAuth,\n  getAccessTokens,\n  resolveOrgIdFromDomain,\n  buildLinkArtifacts,\n  type MCPConfig,\n  type MCPCallerIdentity,\n  type MCPRequestMeta,\n} from \"./build-server.js\";\nimport { buildMcpOAuthChallenge, getMcpOAuthResource } from \"./oauth-route.js\";\n\n// Re-export the shared MCP server builder + types so the stdio transport and\n// any (future) external importer of `@agent-native/core/mcp` keep resolving\n// against `./server.js` exactly as before this refactor.\nexport {\n  createMCPServerForRequest,\n  verifyAuth,\n  getAccessTokens,\n  resolveOrgIdFromDomain,\n  buildLinkArtifacts,\n};\nexport type { MCPConfig, MCPCallerIdentity, MCPRequestMeta };\n\n// ---------------------------------------------------------------------------\n// Runtime detection — Node fast-path vs. web-standard fallback\n// ---------------------------------------------------------------------------\n\n/**\n * Resolve the underlying Node `http` req/res pair if (and only if) we're\n * running on a real Node HTTP server (local dev, `node` Nitro preset). On the\n * web-standard runtime (Nitro 3 / Netlify web runtime, Cloudflare, Deno, Bun)\n * BOTH of these are undefined — that's the signal to take the web fallback\n * instead of returning 501.\n */\nfunction getNodeReqRes(event: H3Event): {\n  nodeReq: any | undefined;\n  nodeRes: any | undefined;\n} {\n  const e = event as any;\n  const nodeReq = e.node?.req ?? e.req?.runtime?.node?.req;\n  const nodeRes = e.node?.res ?? e.req?.runtime?.node?.res;\n  return { nodeReq, nodeRes };\n}\n\n/**\n * Derive the request origin + the markdown deep-link target from the inbound\n * headers. Identical logic for both the Node and web paths so the absolute\n * deep-link URLs in tool results are computed the same way regardless of\n * runtime.\n */\nfunction deriveRequestMeta(event: H3Event): MCPRequestMeta {\n  const forwardedProto = getRequestHeader(event, \"x-forwarded-proto\");\n  const host = getRequestHeader(event, \"host\");\n  const proto =\n    forwardedProto?.split(\",\")[0]?.trim() ||\n    (host && /^(localhost|127\\.0\\.0\\.1)(:|$)/.test(host) ? \"http\" : \"https\");\n  const origin = host ? `${proto}://${host}` : undefined;\n  const targetHeader = getRequestHeader(\n    event,\n    \"x-agent-native-open-target\",\n  )?.toLowerCase();\n  const target =\n    targetHeader === \"desktop\" ||\n    targetHeader === \"terminal\" ||\n    targetHeader === \"browser\"\n      ? (targetHeader as MCPRequestMeta[\"target\"])\n      : undefined;\n  return { origin, target };\n}\n\n/**\n * Reconstruct a Web Standard `Request` for the web-standard MCP transport.\n *\n * On the web runtime h3 v2 exposes the real web `Request` as `event.req`; we\n * prefer it (its `method` / `headers` are exactly what the client sent). But\n * the framework middleware rewrites `event.req.url` when it strips a mount\n * prefix, and the transport reads `req.method` + `req.headers` (never the\n * body — we pass that via `parsedBody`), so we always synthesize a clean\n * `Request` with the verified method + a fresh `Headers` copy. The URL is\n * cosmetic for the SDK (it only does `new URL(req.url)` for `requestInfo`),\n * so a best-effort absolute URL derived from the inbound host is sufficient\n * and never throws.\n */\nfunction buildWebRequest(event: H3Event, method: string): Request {\n  const src = (event as any).req as Request | undefined;\n\n  const headers = new Headers();\n  if (src?.headers && typeof src.headers.forEach === \"function\") {\n    src.headers.forEach((value, key) => headers.set(key, value));\n  } else {\n    const rawHeaders = (event as any).node?.req?.headers as\n      | Record<string, string | string[] | undefined>\n      | undefined;\n    if (rawHeaders) {\n      for (const [key, value] of Object.entries(rawHeaders)) {\n        if (value == null) continue;\n        headers.set(key, Array.isArray(value) ? value.join(\", \") : value);\n      }\n    }\n  }\n\n  // The SDK requires Accept + Content-Type to advertise both JSON and SSE on\n  // a POST. Real MCP clients (Claude Code, `agent-native connect`) always\n  // send these; we never inject/alter them — if they're absent the SDK\n  // returns its spec-mandated 406/415, identical to the Node path.\n\n  const host = headers.get(\"host\") || \"localhost\";\n  const forwardedProto = headers.get(\"x-forwarded-proto\");\n  const proto =\n    forwardedProto?.split(\",\")[0]?.trim() ||\n    (/^(localhost|127\\.0\\.0\\.1)(:|$)/.test(host) ? \"http\" : \"https\");\n  let url = `${proto}://${host}/_agent-native/mcp`;\n  try {\n    if (src?.url) url = new URL(src.url).href;\n  } catch {\n    // keep the synthesized URL\n  }\n\n  // No body here on purpose: the JSON-RPC payload is forwarded via the\n  // transport's `parsedBody` option (the same mechanism the Node transport\n  // uses), so the request stream is never read twice.\n  return new Request(url, { method, headers });\n}\n\n// ---------------------------------------------------------------------------\n// handleMcpRequest — runtime-agnostic MCP request handler\n// ---------------------------------------------------------------------------\n\n/**\n * Handle a single `{routePrefix}/mcp` request on either runtime.\n *\n * - **Node fast-path** (real Node HTTP server): unchanged — delegate to the\n *   SDK's `StreamableHTTPServerTransport.handleRequest(nodeReq, nodeRes,\n *   body)`, which writes directly to the Node response (full protocol incl.\n *   SSE).\n * - **Web-standard fallback** (Nitro 3 / Netlify web runtime, Cloudflare,\n *   Deno, Bun — where there is no Node req/res): build the SAME MCP `Server`\n *   from the SAME config + identity, drive it through the SDK's\n *   `WebStandardStreamableHTTPServerTransport` (which the Node transport is\n *   itself just a thin wrapper around), and return the resulting Web\n *   `Response` as a normal h3 return value.\n *\n * Auth, the `runWithRequestContext` identity wrap, the deep-link `_meta` /\n * markdown append, `requestMeta` origin/target derivation and the stateless\n * semantics are IDENTICAL on both paths because both build the same server\n * via `createMCPServerForRequest` and both transports funnel into the same\n * `WebStandardStreamableHTTPServerTransport.handleRequest(webRequest, {\n * parsedBody })` with the same options.\n *\n * Returns:\n *   - `undefined` when the request targets a sub-route (so management/status\n *     routes mounted under `/_agent-native/mcp/*` handle it themselves) — the\n *     h3 mount falls through to the next handler.\n *   - a Web `Response` (web fallback) or a string/object (Node path /\n *     auth-error path) otherwise. The Node path also sets `_handled` so h3\n *     doesn't double-write.\n */\nexport async function handleMcpRequest(\n  event: H3Event,\n  config: MCPConfig,\n): Promise<Response | string | { error: string } | undefined> {\n  const pathname = event.url?.pathname || \"/\";\n  const subpath = pathname.replace(/^\\/+/, \"\").replace(/\\/+$/, \"\");\n  if (subpath) {\n    // Let management/status routes mounted under /_agent-native/mcp/* handle\n    // their own requests instead of treating them as MCP protocol traffic.\n    return undefined;\n  }\n\n  const method = getMethod(event);\n\n  // Auth check — extracts the caller's identity from the JWT (`sub`), or, on\n  // the static-token / dev-open path, from the forwarded\n  // `X-Agent-Native-Owner-Email` hint the stdio proxy sends (the\n  // `agent-native mcp install` flow). Without this the install flow would run\n  // every tool unscoped (userEmail === undefined).\n  const authHeader = getRequestHeader(event, \"authorization\");\n  const ownerEmailHeader = getRequestHeader(\n    event,\n    \"x-agent-native-owner-email\",\n  );\n  // Gate header-only dev-open on the REAL socket peer, never a parsed\n  // `Host` header (client-controlled — an attacker could send\n  // `Host: localhost`). A deployed app missing A2A_SECRET / ACCESS_TOKEN\n  // must fail closed rather than trust a spoofable owner-email header that\n  // `fullSurface` would otherwise escalate to the full mutating surface.\n  const requestMeta = deriveRequestMeta(event);\n  const authResult = await verifyAuth(authHeader, ownerEmailHeader, {\n    allowDevOpen: isLoopbackRequest(event),\n    resourceUrl: getMcpOAuthResource(event),\n  });\n  if (!authResult.authed) {\n    setResponseStatus(event, 401);\n    setResponseHeader(event, \"WWW-Authenticate\", buildMcpOAuthChallenge(event));\n    return { error: \"Unauthorized\" };\n  }\n\n  // Stateless mode: only POST is meaningful\n  if (method === \"DELETE\") {\n    setResponseStatus(event, 204);\n    return \"\";\n  }\n\n  if (method !== \"POST\" && method !== \"GET\") {\n    setResponseStatus(event, 405);\n    return { error: \"Method not allowed\" };\n  }\n\n  // Read body for POST (GET has no body). Read it via the h3 helper exactly\n  // once; both transports accept it as a pre-parsed body so the request\n  // stream is never consumed twice.\n  const body = method === \"POST\" ? await readBody(event) : undefined;\n\n  // Per-request stateless transport + server. Both runtimes build the SAME\n  // server from the SAME config + verified identity + request meta, so\n  // tools/list, tools/call, and the deep-link `_meta` are identical. A\n  // connected real caller (connect-minted token / `mcp install` /\n  // ACCESS_TOKEN / production) gets the full action surface even in local\n  // dev; unauthenticated dev probes stay sparse. See `external-agents` skill.\n  const server = await createMCPServerForRequest(config, authResult.identity, {\n    ...requestMeta,\n    fullSurface: authResult.fullSurface === true,\n  });\n\n  const { nodeReq, nodeRes } = getNodeReqRes(event);\n\n  if (nodeReq && nodeRes) {\n    // ---- Node fast-path (UNCHANGED behavior) --------------------------------\n    const { StreamableHTTPServerTransport } =\n      await import(\"@modelcontextprotocol/sdk/server/streamableHttp.js\");\n    const transport = new StreamableHTTPServerTransport({\n      sessionIdGenerator: undefined, // stateless\n    });\n    await server.connect(transport);\n    try {\n      // The SDK transport writes directly to the Node response. Node-only by\n      // construction; we only reach here when real Node req/res exist.\n      await transport.handleRequest(nodeReq, nodeRes, body);\n    } catch (err: any) {\n      // The SDK transport writes directly to the Node response. If the socket\n      // is already closed/ended (client disconnected, or the host stream\n      // layer also flushed), Node throws ERR_STREAM_WRITE_AFTER_END *after*\n      // the MCP payload was already delivered correctly. Swallow that benign\n      // post-flush write so an external agent disconnecting mid-stream can\n      // never take down the server process; rethrow anything else.\n      if (err?.code !== \"ERR_STREAM_WRITE_AFTER_END\") throw err;\n      if (process.env.DEBUG)\n        console.log(\n          \"[mcp] ignored post-flush ERR_STREAM_WRITE_AFTER_END (client disconnected)\",\n        );\n    }\n    // Prevent H3 from double-writing the response\n    (event as any)._handled = true;\n    return undefined;\n  }\n\n  // ---- Web-standard fallback (Nitro 3 / Netlify web runtime, CF, Deno,\n  // Bun) ---------------------------------------------------------------------\n  //\n  // `StreamableHTTPServerTransport` is itself just a thin wrapper that\n  // converts the Node req/res to a web Request/Response and delegates to\n  // `WebStandardStreamableHTTPServerTransport.handleRequest(webRequest, {\n  // parsedBody })`. Using the web transport directly with the SAME options +\n  // the same pre-read `parsedBody` produces byte-identical protocol output\n  // (including the deep-link `_meta` built inside createMCPServerForRequest),\n  // and works on every web runtime because it returns a Web `Response`\n  // (JSON for request/response, or an SSE `ReadableStream` body which h3\n  // streams natively).\n  const { WebStandardStreamableHTTPServerTransport } =\n    await import(\"@modelcontextprotocol/sdk/server/webStandardStreamableHttp.js\");\n  const transport = new WebStandardStreamableHTTPServerTransport({\n    sessionIdGenerator: undefined, // stateless — same as the Node path\n  });\n  await server.connect(transport);\n  const webRequest = buildWebRequest(event, method);\n  // `parsedBody: undefined` would make the SDK try to read `req.json()`; our\n  // synthesized request has no body, so only pass the option for POST (where\n  // we actually have a parsed body). For GET the transport reads no body.\n  const response = await transport.handleRequest(\n    webRequest,\n    method === \"POST\" ? { parsedBody: body } : undefined,\n  );\n  return response;\n}\n\n// ---------------------------------------------------------------------------\n// mountMCP — register MCP Streamable HTTP endpoint on H3/Nitro\n// ---------------------------------------------------------------------------\n\n/**\n * Mount an MCP remote server on an H3/Nitro app.\n *\n * Endpoint: `{routePrefix}/mcp` (default `/_agent-native/mcp`)\n *\n * Uses stateless Streamable HTTP transport — no in-memory sessions,\n * compatible with serverless deployments. Runtime-agnostic: a real Node\n * server uses the SDK's Node transport; the web-standard runtime (Nitro 3 /\n * Netlify web runtime, Cloudflare, Deno, Bun) uses the SDK's web-standard\n * transport. Both build the same server and produce identical JSON-RPC\n * output.\n *\n * Auth: Bearer token matching ACCESS_TOKEN/ACCESS_TOKENS or JWT via A2A_SECRET.\n * No auth required when neither is configured (dev mode).\n */\nexport function mountMCP(\n  nitroApp: any,\n  config: MCPConfig,\n  routePrefix = \"/_agent-native\",\n): void {\n  getH3App(nitroApp).use(\n    `${routePrefix}/mcp`,\n    defineEventHandler(async (event) => {\n      return handleMcpRequest(event as H3Event, config);\n    }),\n  );\n\n  if (process.env.DEBUG)\n    console.log(\n      `[mcp] Mounted MCP server at ${routePrefix}/mcp (${Object.keys(config.actions).length} tools${config.askAgent ? \" + ask-agent\" : \"\"})`,\n    );\n}\n"]}

package/dist/mcp/stdio.d.ts

@@ -8,8 +8,8 @@
  *   - **proxy (default)** — connect an MCP `Client` over
  *     `StreamableHTTPClientTransport` to the *already-running* local app's
  *     `http://127.0.0.1:<port>/_agent-native/mcp`, and run a stdio `Server`
- *     that forwards `tools/list` + `tools/call` to it. The live app is the
- *     single source of truth: HMR'd actions, the real registry, correct
+ *     that forwards tools and optional MCP App resources to it. The live app
+ *     is the single source of truth: HMR'd actions, the real registry, correct
  *     per-request deep links, and tenant scoping all come for free. If the
  *     app isn't running, we wait briefly for it (the workspace gateway boots
  *     it lazily on first request).

package/dist/mcp/stdio.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"stdio.d.ts","sourceRoot":"","sources":["../../src/mcp/stdio.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AAIH,MAAM,WAAW,kBAAkB;IACjC,yEAAyE;IACzE,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,0EAA0E;IAC1E,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,qEAAqE;IACrE,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,qDAAqD;IACrD,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,qCAAqC;IACrC,GAAG,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC;IACxB,sEAAsE;IACtE,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAqMD;;;GAGG;AACH,wBAAsB,WAAW,CAC/B,IAAI,GAAE,kBAAuB,GAC5B,OAAO,CAAC,IAAI,CAAC,CAef"}
+{"version":3,"file":"stdio.d.ts","sourceRoot":"","sources":["../../src/mcp/stdio.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AAKH,MAAM,WAAW,kBAAkB;IACjC,yEAAyE;IACzE,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,0EAA0E;IAC1E,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,qEAAqE;IACrE,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,qDAAqD;IACrD,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,qCAAqC;IACrC,GAAG,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC;IACxB,sEAAsE;IACtE,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAwOD;;;GAGG;AACH,wBAAsB,WAAW,CAC/B,IAAI,GAAE,kBAAuB,GAC5B,OAAO,CAAC,IAAI,CAAC,CAef"}

package/dist/mcp/stdio.js

@@ -8,8 +8,8 @@
  *   - **proxy (default)** — connect an MCP `Client` over
  *     `StreamableHTTPClientTransport` to the *already-running* local app's
  *     `http://127.0.0.1:<port>/_agent-native/mcp`, and run a stdio `Server`
- *     that forwards `tools/list` + `tools/call` to it. The live app is the
- *     single source of truth: HMR'd actions, the real registry, correct
+ *     that forwards tools and optional MCP App resources to it. The live app
+ *     is the single source of truth: HMR'd actions, the real registry, correct
  *     per-request deep links, and tenant scoping all come for free. If the
  *     app isn't running, we wait briefly for it (the workspace gateway boots
  *     it lazily on first request).
@@ -61,10 +61,10 @@ async function probeOrigin(origin, timeoutMs = 800) {
 /**
  * Proxy mode: stdio Server ⇄ HTTP Client to the running app.
  *
- * We register the standard `tools/list` and `tools/call` handlers on the
- * stdio server and forward them verbatim to the upstream HTTP MCP server via
- * the SDK `Client`. The upstream owns tool definitions, results, and the
- * appended deep-link block / `_meta`, so nothing is duplicated here.
+ * We register the standard handlers on the stdio server and forward them
+ * verbatim to the upstream HTTP MCP server via the SDK `Client`. The upstream
+ * owns tool definitions, results, MCP App resources, and the appended
+ * deep-link block / `_meta`, so nothing is duplicated here.
  */
 async function runProxy(opts) {
     const { origin, appId } = await resolveLocalAppOrigin({
@@ -96,7 +96,7 @@ async function runProxy(opts) {
     const { StreamableHTTPClientTransport } = await import("@modelcontextprotocol/sdk/client/streamableHttp.js");
     const { Server } = await import("@modelcontextprotocol/sdk/server/index.js");
     const { StdioServerTransport } = await import("@modelcontextprotocol/sdk/server/stdio.js");
-    const { ListToolsRequestSchema, CallToolRequestSchema } = await import("@modelcontextprotocol/sdk/types.js");
+    const { ListToolsRequestSchema, CallToolRequestSchema, ListResourcesRequestSchema, ReadResourceRequestSchema, ListResourceTemplatesRequestSchema, } = await import("@modelcontextprotocol/sdk/types.js");
     // --- Upstream HTTP client -------------------------------------------------
     const clientTransport = new StreamableHTTPClientTransport(new URL(target), {
         requestInit: { headers: authHeaders(env) },
@@ -105,7 +105,14 @@ async function runProxy(opts) {
     await client.connect(clientTransport);
     log(`Proxying stdio ⇄ ${target} (app: ${appId})`);
     // --- Downstream stdio server ---------------------------------------------
-    const server = new Server({ name: `agent-native-${appId}`, version: "1.0.0" }, { capabilities: { tools: {} } });
+    const upstreamCapabilities = client.getServerCapabilities();
+    const capabilities = { tools: {} };
+    if (upstreamCapabilities?.resources)
+        capabilities.resources = {};
+    if (upstreamCapabilities?.extensions) {
+        capabilities.extensions = upstreamCapabilities.extensions;
+    }
+    const server = new Server({ name: `agent-native-${appId}`, version: "1.0.0" }, { capabilities });
     server.setRequestHandler(ListToolsRequestSchema, async (request) => {
         return client.listTools(request.params);
     });
@@ -113,6 +120,17 @@ async function runProxy(opts) {
         // Forward the call verbatim; the upstream appends the deep-link block.
         return client.callTool(request.params);
     });
+    if (upstreamCapabilities?.resources) {
+        server.setRequestHandler(ListResourcesRequestSchema, async (request) => {
+            return client.listResources(request.params);
+        });
+        server.setRequestHandler(ListResourceTemplatesRequestSchema, async (request) => {
+            return client.listResourceTemplates(request.params);
+        });
+        server.setRequestHandler(ReadResourceRequestSchema, async (request) => {
+            return client.readResource(request.params);
+        });
+    }
     const stdioTransport = new StdioServerTransport();
     await server.connect(stdioTransport);
     // Keep the proxy alive until the client/transport closes.

package/dist/mcp/stdio.js.map

@@ -1 +1 @@
-{"version":3,"file":"stdio.js","sourceRoot":"","sources":["../../src/mcp/stdio.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AAEH,OAAO,EAAE,qBAAqB,EAAE,MAAM,wBAAwB,CAAC;AAiB/D,MAAM,WAAW,GAAG,oBAAoB,CAAC;AAEzC,SAAS,GAAG,CAAC,GAAW;IACtB,wEAAwE;IACxE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC;AACzC,CAAC;AAED;;;;;;GAMG;AACH,SAAS,WAAW,CAAC,GAAsB;IACzC,MAAM,OAAO,GAA2B,EAAE,CAAC;IAC3C,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,IAAI,GAAG,CAAC,sBAAsB,CAAC;IAC7D,IAAI,KAAK;QAAE,OAAO,CAAC,eAAe,CAAC,GAAG,UAAU,KAAK,EAAE,CAAC;IACxD,MAAM,KAAK,GAAG,GAAG,CAAC,wBAAwB,CAAC;IAC3C,IAAI,KAAK;QAAE,OAAO,CAAC,4BAA4B,CAAC,GAAG,KAAK,CAAC;IACzD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,KAAK,UAAU,WAAW,CAAC,MAAc,EAAE,SAAS,GAAG,GAAG;IACxD,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,MAAM,GAAG,WAAW,EAAE,EAAE;YACjD,MAAM,EAAE,KAAK;YACb,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,SAAS,CAAC;SACvC,CAAC,CAAC;QACH,+DAA+D;QAC/D,OAAO,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC;IACxB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;;;;;;GAOG;AACH,KAAK,UAAU,QAAQ,CAAC,IAAwB;IAC9C,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,qBAAqB,CAAC;QACpD,GAAG,EAAE,IAAI,CAAC,GAAG;QACb,GAAG,EAAE,IAAI,CAAC,GAAG;QACb,KAAK,EAAE,IAAI,CAAC,KAAK;QACjB,IAAI,EAAE,IAAI,CAAC,IAAI;KAChB,CAAC,CAAC;IACH,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,CAAC;IACpC,MAAM,MAAM,GAAG,GAAG,MAAM,GAAG,WAAW,EAAE,CAAC;IAEzC,2EAA2E;IAC3E,2EAA2E;IAC3E,iEAAiE;IACjE,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,YAAY,IAAI,MAAM,CAAC,CAAC;IAC5D,IAAI,EAAE,GAAG,MAAM,WAAW,CAAC,MAAM,CAAC,CAAC;IACnC,IAAI,CAAC,EAAE,EAAE,CAAC;QACR,GAAG,CAAC,eAAe,KAAK,OAAO,MAAM,IAAI,CAAC,CAAC;QAC3C,OAAO,CAAC,EAAE,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,EAAE,CAAC;YACpC,MAAM,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;YAC7C,EAAE,GAAG,MAAM,WAAW,CAAC,MAAM,CAAC,CAAC;QACjC,CAAC;IACH,CAAC;IACD,IAAI,CAAC,EAAE,EAAE,CAAC;QACR,MAAM,IAAI,KAAK,CACb,0CAA0C,MAAM,kBAAkB;YAChE,mEAAmE;YACnE,wEAAwE,CAC3E,CAAC;IACJ,CAAC;IAED,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,2CAA2C,CAAC,CAAC;IAC7E,MAAM,EAAE,6BAA6B,EAAE,GACrC,MAAM,MAAM,CAAC,oDAAoD,CAAC,CAAC;IACrE,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,2CAA2C,CAAC,CAAC;IAC7E,MAAM,EAAE,oBAAoB,EAAE,GAC5B,MAAM,MAAM,CAAC,2CAA2C,CAAC,CAAC;IAC5D,MAAM,EAAE,sBAAsB,EAAE,qBAAqB,EAAE,GACrD,MAAM,MAAM,CAAC,oCAAoC,CAAC,CAAC;IAErD,6EAA6E;IAC7E,MAAM,eAAe,GAAG,IAAI,6BAA6B,CAAC,IAAI,GAAG,CAAC,MAAM,CAAC,EAAE;QACzE,WAAW,EAAE,EAAE,OAAO,EAAE,WAAW,CAAC,GAAG,CAAC,EAAE;KAC3C,CAAC,CAAC;IACH,MAAM,MAAM,GAAG,IAAI,MAAM,CACvB,EAAE,IAAI,EAAE,wBAAwB,EAAE,OAAO,EAAE,OAAO,EAAE,EACpD,EAAE,YAAY,EAAE,EAAE,EAAE,CACrB,CAAC;IACF,MAAM,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;IACtC,GAAG,CAAC,oBAAoB,MAAM,UAAU,KAAK,GAAG,CAAC,CAAC;IAElD,4EAA4E;IAC5E,MAAM,MAAM,GAAG,IAAI,MAAM,CACvB,EAAE,IAAI,EAAE,gBAAgB,KAAK,EAAE,EAAE,OAAO,EAAE,OAAO,EAAE,EACnD,EAAE,YAAY,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE,CAChC,CAAC;IAEF,MAAM,CAAC,iBAAiB,CAAC,sBAAsB,EAAE,KAAK,EAAE,OAAY,EAAE,EAAE;QACtE,OAAO,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IAC1C,CAAC,CAAC,CAAC;IAEH,MAAM,CAAC,iBAAiB,CAAC,qBAAqB,EAAE,KAAK,EAAE,OAAY,EAAE,EAAE;QACrE,uEAAuE;QACvE,OAAO,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IACzC,CAAC,CAAC,CAAC;IAEH,MAAM,cAAc,GAAG,IAAI,oBAAoB,EAAE,CAAC;IAClD,MAAM,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;IAErC,0DAA0D;IAC1D,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,EAAE;QAClC,MAAM,IAAI,GAAG,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC;QAC7B,cAAc,CAAC,OAAO,GAAG,IAAI,CAAC;QAC9B,eAAe,CAAC,OAAO,GAAG,IAAI,CAAC;QAC/B,OAAO,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;QAC7B,OAAO,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;IAChC,CAAC,CAAC,CAAC;IAEH,IAAI,CAAC;QACH,MAAM,MAAM,CAAC,KAAK,EAAE,CAAC;IACvB,CAAC;IAAC,MAAM,CAAC;QACP,cAAc;IAChB,CAAC;AACH,CAAC;AAED;;;;;;;GAOG;AACH,KAAK,UAAU,aAAa,CAAC,IAAwB;IACnD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;IACtC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,CAAC;IAEpC,MAAM,EAAE,qBAAqB,EAAE,GAAG,MAAM,MAAM,CAAC,wBAAwB,CAAC,CAAC;IACzE,IAAI,KAAK,GAAG,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC;IAChC,IAAI,MAA0B,CAAC;IAC/B,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,qBAAqB,CAAC;YAC3C,GAAG;YACH,GAAG;YACH,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,IAAI,EAAE,IAAI,CAAC,IAAI;SAChB,CAAC,CAAC;QACH,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC;QACvB,wEAAwE;QACxE,oEAAoE;QACpE,MAAM,GAAG,QAAQ,CAAC,MAAM,CAAC;IAC3B,CAAC;IAAC,MAAM,CAAC;QACP,6DAA6D;IAC/D,CAAC;IAED,MAAM,EAAE,mBAAmB,EAAE,GAAG,MAAM,MAAM,CAAC,+BAA+B,CAAC,CAAC;IAC9E,MAAM,EAAE,yBAAyB,EAAE,GAAG,MAAM,MAAM,CAAC,mBAAmB,CAAC,CAAC;IACxE,MAAM,EAAE,oBAAoB,EAAE,GAC5B,MAAM,MAAM,CAAC,2CAA2C,CAAC,CAAC;IAE5D,MAAM,OAAO,GAAG,MAAM,mBAAmB,CAAC,GAAG,CAAC,CAAC;IAC/C,GAAG,CACD,0BAA0B,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,MAAM,iBAAiB,GAAG,EAAE,CAC5E,CAAC;IAEF,MAAM,MAAM,GAAG,MAAM,yBAAyB,CAC5C;QACE,IAAI,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC;QACpD,KAAK;QACL,WAAW,EAAE,gBAAgB,KAAK,uBAAuB;QACzD,OAAO;QACP,uEAAuE;QACvE,gEAAgE;QAChE,kEAAkE;KACnE;IACD,yEAAyE;IACzE,gEAAgE;IAChE,SAAS,EACT,EAAE,MAAM,EAAE,CACX,CAAC;IAEF,MAAM,SAAS,GAAG,IAAI,oBAAoB,EAAE,CAAC;IAC7C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAEhC,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,EAAE;QAClC,MAAM,IAAI,GAAG,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC;QAC7B,SAAS,CAAC,OAAO,GAAG,IAAI,CAAC;QACzB,OAAO,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;QAC7B,OAAO,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;IAChC,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,OAA2B,EAAE;IAE7B,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;QACpB,MAAM,aAAa,CAAC,IAAI,CAAC,CAAC;QAC1B,OAAO;IACT,CAAC;IACD,IAAI,CAAC;QACH,MAAM,QAAQ,CAAC,IAAI,CAAC,CAAC;IACvB,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAClB,mEAAmE;QACnE,qEAAqE;QACrE,qEAAqE;QACrE,2CAA2C;QAC3C,GAAG,CAAC,sBAAsB,GAAG,EAAE,OAAO,IAAI,GAAG,EAAE,CAAC,CAAC;QACjD,MAAM,GAAG,CAAC;IACZ,CAAC;AACH,CAAC","sourcesContent":["/**\n * MCP **stdio** transport for the `agent-native mcp serve` command.\n *\n * This is the binary external coding agents (Claude Code, Claude Cowork,\n * Codex) actually launch — they speak MCP over a child process's stdio, not\n * HTTP. We expose the agent-native app's MCP surface over stdio in two modes:\n *\n *   - **proxy (default)** — connect an MCP `Client` over\n *     `StreamableHTTPClientTransport` to the *already-running* local app's\n *     `http://127.0.0.1:<port>/_agent-native/mcp`, and run a stdio `Server`\n *     that forwards `tools/list` + `tools/call` to it. The live app is the\n *     single source of truth: HMR'd actions, the real registry, correct\n *     per-request deep links, and tenant scoping all come for free. If the\n *     app isn't running, we wait briefly for it (the workspace gateway boots\n *     it lazily on first request).\n *\n *   - **standalone (`--standalone`)** — no running server, no HMR. Build the\n *     MCP server in-process from `autoDiscoverActions(cwd)` +\n *     `createMCPServerForRequest`, connected straight to a\n *     `StdioServerTransport`. Useful in CI / when nothing is serving.\n *\n * Node-only: imports `node:*` and the SDK stdio/http transports. Never part\n * of the serverless bundle.\n */\n\nimport { resolveLocalAppOrigin } from \"./workspace-resolve.js\";\n\nexport interface RunMCPStdioOptions {\n  /** App id to bridge to (workspace). Optional in a single-app project. */\n  appId?: string;\n  /** Explicit port of the running app's dev server. Overrides discovery. */\n  port?: number;\n  /** Skip the HTTP proxy and build the server in-process from disk. */\n  standalone?: boolean;\n  /** Working directory (defaults to process.cwd()). */\n  cwd?: string;\n  /** Env (defaults to process.env). */\n  env?: NodeJS.ProcessEnv;\n  /** Max ms to wait for the running app before failing (proxy mode). */\n  waitForAppMs?: number;\n}\n\nconst MCP_SUBPATH = \"/_agent-native/mcp\";\n\nfunction log(msg: string): void {\n  // stderr only — stdout is the MCP protocol channel and must stay clean.\n  process.stderr.write(`[mcp] ${msg}\\n`);\n}\n\n/**\n * Owner identity the installer wrote into the client config's env. Passed\n * through to the HTTP MCP endpoint as a JWT/identity bearer (when present)\n * so tool runs stay tenant-scoped. For local dev with a static ACCESS_TOKEN\n * the email is informational; for hosted JWT auth the token already carries\n * `sub`, so we only add an `X-Agent-Native-Owner-Email` hint header.\n */\nfunction authHeaders(env: NodeJS.ProcessEnv): Record<string, string> {\n  const headers: Record<string, string> = {};\n  const token = env.ACCESS_TOKEN || env.AGENT_NATIVE_MCP_TOKEN;\n  if (token) headers[\"Authorization\"] = `Bearer ${token}`;\n  const owner = env.AGENT_NATIVE_OWNER_EMAIL;\n  if (owner) headers[\"X-Agent-Native-Owner-Email\"] = owner;\n  return headers;\n}\n\nasync function probeOrigin(origin: string, timeoutMs = 800): Promise<boolean> {\n  try {\n    const res = await fetch(`${origin}${MCP_SUBPATH}`, {\n      method: \"GET\",\n      signal: AbortSignal.timeout(timeoutMs),\n    });\n    // Any HTTP response (even 401/405/406) means the server is up.\n    return res.status > 0;\n  } catch {\n    return false;\n  }\n}\n\n/**\n * Proxy mode: stdio Server ⇄ HTTP Client to the running app.\n *\n * We register the standard `tools/list` and `tools/call` handlers on the\n * stdio server and forward them verbatim to the upstream HTTP MCP server via\n * the SDK `Client`. The upstream owns tool definitions, results, and the\n * appended deep-link block / `_meta`, so nothing is duplicated here.\n */\nasync function runProxy(opts: RunMCPStdioOptions): Promise<void> {\n  const { origin, appId } = await resolveLocalAppOrigin({\n    cwd: opts.cwd,\n    env: opts.env,\n    appId: opts.appId,\n    port: opts.port,\n  });\n  const env = opts.env ?? process.env;\n  const target = `${origin}${MCP_SUBPATH}`;\n\n  // Wait for the app to come up. The workspace gateway lazily boots an app's\n  // dev server on first request, so a fresh `mcp serve` may briefly race the\n  // boot. Hit the gateway path too so the lazy start is triggered.\n  const deadline = Date.now() + (opts.waitForAppMs ?? 60_000);\n  let up = await probeOrigin(origin);\n  if (!up) {\n    log(`Waiting for ${appId} at ${origin} …`);\n    while (!up && Date.now() < deadline) {\n      await new Promise((r) => setTimeout(r, 750));\n      up = await probeOrigin(origin);\n    }\n  }\n  if (!up) {\n    throw new Error(\n      `Timed out waiting for the local app at ${origin}. Start it with ` +\n        `\\`agent-native dev\\` (or \\`agent-native workspace-dev\\`), or run ` +\n        `\\`agent-native mcp serve --standalone\\` to build the server from disk.`,\n    );\n  }\n\n  const { Client } = await import(\"@modelcontextprotocol/sdk/client/index.js\");\n  const { StreamableHTTPClientTransport } =\n    await import(\"@modelcontextprotocol/sdk/client/streamableHttp.js\");\n  const { Server } = await import(\"@modelcontextprotocol/sdk/server/index.js\");\n  const { StdioServerTransport } =\n    await import(\"@modelcontextprotocol/sdk/server/stdio.js\");\n  const { ListToolsRequestSchema, CallToolRequestSchema } =\n    await import(\"@modelcontextprotocol/sdk/types.js\");\n\n  // --- Upstream HTTP client -------------------------------------------------\n  const clientTransport = new StreamableHTTPClientTransport(new URL(target), {\n    requestInit: { headers: authHeaders(env) },\n  });\n  const client = new Client(\n    { name: \"agent-native-mcp-proxy\", version: \"1.0.0\" },\n    { capabilities: {} },\n  );\n  await client.connect(clientTransport);\n  log(`Proxying stdio ⇄ ${target} (app: ${appId})`);\n\n  // --- Downstream stdio server ---------------------------------------------\n  const server = new Server(\n    { name: `agent-native-${appId}`, version: \"1.0.0\" },\n    { capabilities: { tools: {} } },\n  );\n\n  server.setRequestHandler(ListToolsRequestSchema, async (request: any) => {\n    return client.listTools(request.params);\n  });\n\n  server.setRequestHandler(CallToolRequestSchema, async (request: any) => {\n    // Forward the call verbatim; the upstream appends the deep-link block.\n    return client.callTool(request.params);\n  });\n\n  const stdioTransport = new StdioServerTransport();\n  await server.connect(stdioTransport);\n\n  // Keep the proxy alive until the client/transport closes.\n  await new Promise<void>((resolve) => {\n    const done = () => resolve();\n    stdioTransport.onclose = done;\n    clientTransport.onclose = done;\n    process.once(\"SIGINT\", done);\n    process.once(\"SIGTERM\", done);\n  });\n\n  try {\n    await client.close();\n  } catch {\n    // best-effort\n  }\n}\n\n/**\n * Standalone mode: build the MCP server in-process from disk.\n *\n * No running server, no HMR — actions are discovered via\n * `autoDiscoverActions(cwd)` and the shared `createMCPServerForRequest`\n * builder is reused so behavior (tools, deep links, builtin cross-app tools)\n * matches the HTTP mount exactly.\n */\nasync function runStandalone(opts: RunMCPStdioOptions): Promise<void> {\n  const cwd = opts.cwd ?? process.cwd();\n  const env = opts.env ?? process.env;\n\n  const { resolveLocalAppOrigin } = await import(\"./workspace-resolve.js\");\n  let appId = opts.appId ?? \"app\";\n  let origin: string | undefined;\n  try {\n    const resolved = await resolveLocalAppOrigin({\n      cwd,\n      env,\n      appId: opts.appId,\n      port: opts.port,\n    });\n    appId = resolved.appId;\n    // Origin is best-effort here (server may not be running) — still useful\n    // so a `link` builder's relative deep link becomes an absolute URL.\n    origin = resolved.origin;\n  } catch {\n    // No workspace / can't resolve — fall back to a bare app id.\n  }\n\n  const { autoDiscoverActions } = await import(\"../server/action-discovery.js\");\n  const { createMCPServerForRequest } = await import(\"./build-server.js\");\n  const { StdioServerTransport } =\n    await import(\"@modelcontextprotocol/sdk/server/stdio.js\");\n\n  const actions = await autoDiscoverActions(cwd);\n  log(\n    `Standalone: discovered ${Object.keys(actions).length} action(s) in ${cwd}`,\n  );\n\n  const server = await createMCPServerForRequest(\n    {\n      name: appId.charAt(0).toUpperCase() + appId.slice(1),\n      appId,\n      description: `Agent-native ${appId} app (standalone MCP)`,\n      actions,\n      // No askAgent in standalone — there is no running engine/runtime here.\n      // builtin cross-app tools stay on so `list_apps` / `open_app` /\n      // `create_workspace_app` / `list_templates` still work from disk.\n    },\n    // No verified identity in standalone (no inbound auth header). Runs with\n    // platform-default scope, same as a tokenless local HTTP mount.\n    undefined,\n    { origin },\n  );\n\n  const transport = new StdioServerTransport();\n  await server.connect(transport);\n\n  await new Promise<void>((resolve) => {\n    const done = () => resolve();\n    transport.onclose = done;\n    process.once(\"SIGINT\", done);\n    process.once(\"SIGTERM\", done);\n  });\n}\n\n/**\n * Entry point for `agent-native mcp serve`. Defaults to proxy mode; pass\n * `standalone: true` to build the server from disk with no running app.\n */\nexport async function runMCPStdio(\n  opts: RunMCPStdioOptions = {},\n): Promise<void> {\n  if (opts.standalone) {\n    await runStandalone(opts);\n    return;\n  }\n  try {\n    await runProxy(opts);\n  } catch (err: any) {\n    // Proxy couldn't reach a running app — surface a clear, actionable\n    // message on stderr. We do NOT silently fall back to standalone: the\n    // caller asked for the live registry; auto-falling-back would hide a\n    // broken dev server and serve stale tools.\n    log(`Proxy mode failed: ${err?.message ?? err}`);\n    throw err;\n  }\n}\n"]}
+{"version":3,"file":"stdio.js","sourceRoot":"","sources":["../../src/mcp/stdio.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AAEH,OAAO,EAAE,qBAAqB,EAAE,MAAM,wBAAwB,CAAC;AAkB/D,MAAM,WAAW,GAAG,oBAAoB,CAAC;AAEzC,SAAS,GAAG,CAAC,GAAW;IACtB,wEAAwE;IACxE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC;AACzC,CAAC;AAED;;;;;;GAMG;AACH,SAAS,WAAW,CAAC,GAAsB;IACzC,MAAM,OAAO,GAA2B,EAAE,CAAC;IAC3C,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,IAAI,GAAG,CAAC,sBAAsB,CAAC;IAC7D,IAAI,KAAK;QAAE,OAAO,CAAC,eAAe,CAAC,GAAG,UAAU,KAAK,EAAE,CAAC;IACxD,MAAM,KAAK,GAAG,GAAG,CAAC,wBAAwB,CAAC;IAC3C,IAAI,KAAK;QAAE,OAAO,CAAC,4BAA4B,CAAC,GAAG,KAAK,CAAC;IACzD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,KAAK,UAAU,WAAW,CAAC,MAAc,EAAE,SAAS,GAAG,GAAG;IACxD,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,MAAM,GAAG,WAAW,EAAE,EAAE;YACjD,MAAM,EAAE,KAAK;YACb,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,SAAS,CAAC;SACvC,CAAC,CAAC;QACH,+DAA+D;QAC/D,OAAO,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC;IACxB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;;;;;;GAOG;AACH,KAAK,UAAU,QAAQ,CAAC,IAAwB;IAC9C,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,qBAAqB,CAAC;QACpD,GAAG,EAAE,IAAI,CAAC,GAAG;QACb,GAAG,EAAE,IAAI,CAAC,GAAG;QACb,KAAK,EAAE,IAAI,CAAC,KAAK;QACjB,IAAI,EAAE,IAAI,CAAC,IAAI;KAChB,CAAC,CAAC;IACH,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,CAAC;IACpC,MAAM,MAAM,GAAG,GAAG,MAAM,GAAG,WAAW,EAAE,CAAC;IAEzC,2EAA2E;IAC3E,2EAA2E;IAC3E,iEAAiE;IACjE,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,YAAY,IAAI,MAAM,CAAC,CAAC;IAC5D,IAAI,EAAE,GAAG,MAAM,WAAW,CAAC,MAAM,CAAC,CAAC;IACnC,IAAI,CAAC,EAAE,EAAE,CAAC;QACR,GAAG,CAAC,eAAe,KAAK,OAAO,MAAM,IAAI,CAAC,CAAC;QAC3C,OAAO,CAAC,EAAE,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,EAAE,CAAC;YACpC,MAAM,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;YAC7C,EAAE,GAAG,MAAM,WAAW,CAAC,MAAM,CAAC,CAAC;QACjC,CAAC;IACH,CAAC;IACD,IAAI,CAAC,EAAE,EAAE,CAAC;QACR,MAAM,IAAI,KAAK,CACb,0CAA0C,MAAM,kBAAkB;YAChE,mEAAmE;YACnE,wEAAwE,CAC3E,CAAC;IACJ,CAAC;IAED,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,2CAA2C,CAAC,CAAC;IAC7E,MAAM,EAAE,6BAA6B,EAAE,GACrC,MAAM,MAAM,CAAC,oDAAoD,CAAC,CAAC;IACrE,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,2CAA2C,CAAC,CAAC;IAC7E,MAAM,EAAE,oBAAoB,EAAE,GAC5B,MAAM,MAAM,CAAC,2CAA2C,CAAC,CAAC;IAC5D,MAAM,EACJ,sBAAsB,EACtB,qBAAqB,EACrB,0BAA0B,EAC1B,yBAAyB,EACzB,kCAAkC,GACnC,GAAG,MAAM,MAAM,CAAC,oCAAoC,CAAC,CAAC;IAEvD,6EAA6E;IAC7E,MAAM,eAAe,GAAG,IAAI,6BAA6B,CAAC,IAAI,GAAG,CAAC,MAAM,CAAC,EAAE;QACzE,WAAW,EAAE,EAAE,OAAO,EAAE,WAAW,CAAC,GAAG,CAAC,EAAE;KAC3C,CAAC,CAAC;IACH,MAAM,MAAM,GAAG,IAAI,MAAM,CACvB,EAAE,IAAI,EAAE,wBAAwB,EAAE,OAAO,EAAE,OAAO,EAAE,EACpD,EAAE,YAAY,EAAE,EAAE,EAAE,CACrB,CAAC;IACF,MAAM,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;IACtC,GAAG,CAAC,oBAAoB,MAAM,UAAU,KAAK,GAAG,CAAC,CAAC;IAElD,4EAA4E;IAC5E,MAAM,oBAAoB,GAAG,MAAM,CAAC,qBAAqB,EAAE,CAAC;IAC5D,MAAM,YAAY,GAAuB,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;IACvD,IAAI,oBAAoB,EAAE,SAAS;QAAE,YAAY,CAAC,SAAS,GAAG,EAAE,CAAC;IACjE,IAAI,oBAAoB,EAAE,UAAU,EAAE,CAAC;QACrC,YAAY,CAAC,UAAU,GAAG,oBAAoB,CAAC,UAAU,CAAC;IAC5D,CAAC;IAED,MAAM,MAAM,GAAG,IAAI,MAAM,CACvB,EAAE,IAAI,EAAE,gBAAgB,KAAK,EAAE,EAAE,OAAO,EAAE,OAAO,EAAE,EACnD,EAAE,YAAY,EAAE,CACjB,CAAC;IAEF,MAAM,CAAC,iBAAiB,CAAC,sBAAsB,EAAE,KAAK,EAAE,OAAY,EAAE,EAAE;QACtE,OAAO,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IAC1C,CAAC,CAAC,CAAC;IAEH,MAAM,CAAC,iBAAiB,CAAC,qBAAqB,EAAE,KAAK,EAAE,OAAY,EAAE,EAAE;QACrE,uEAAuE;QACvE,OAAO,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IACzC,CAAC,CAAC,CAAC;IAEH,IAAI,oBAAoB,EAAE,SAAS,EAAE,CAAC;QACpC,MAAM,CAAC,iBAAiB,CACtB,0BAA0B,EAC1B,KAAK,EAAE,OAAY,EAAE,EAAE;YACrB,OAAO,MAAM,CAAC,aAAa,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC9C,CAAC,CACF,CAAC;QAEF,MAAM,CAAC,iBAAiB,CACtB,kCAAkC,EAClC,KAAK,EAAE,OAAY,EAAE,EAAE;YACrB,OAAO,MAAM,CAAC,qBAAqB,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QACtD,CAAC,CACF,CAAC;QAEF,MAAM,CAAC,iBAAiB,CACtB,yBAAyB,EACzB,KAAK,EAAE,OAAY,EAAE,EAAE;YACrB,OAAO,MAAM,CAAC,YAAY,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC7C,CAAC,CACF,CAAC;IACJ,CAAC;IAED,MAAM,cAAc,GAAG,IAAI,oBAAoB,EAAE,CAAC;IAClD,MAAM,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;IAErC,0DAA0D;IAC1D,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,EAAE;QAClC,MAAM,IAAI,GAAG,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC;QAC7B,cAAc,CAAC,OAAO,GAAG,IAAI,CAAC;QAC9B,eAAe,CAAC,OAAO,GAAG,IAAI,CAAC;QAC/B,OAAO,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;QAC7B,OAAO,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;IAChC,CAAC,CAAC,CAAC;IAEH,IAAI,CAAC;QACH,MAAM,MAAM,CAAC,KAAK,EAAE,CAAC;IACvB,CAAC;IAAC,MAAM,CAAC;QACP,cAAc;IAChB,CAAC;AACH,CAAC;AAED;;;;;;;GAOG;AACH,KAAK,UAAU,aAAa,CAAC,IAAwB;IACnD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;IACtC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,CAAC;IAEpC,MAAM,EAAE,qBAAqB,EAAE,GAAG,MAAM,MAAM,CAAC,wBAAwB,CAAC,CAAC;IACzE,IAAI,KAAK,GAAG,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC;IAChC,IAAI,MAA0B,CAAC;IAC/B,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,qBAAqB,CAAC;YAC3C,GAAG;YACH,GAAG;YACH,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,IAAI,EAAE,IAAI,CAAC,IAAI;SAChB,CAAC,CAAC;QACH,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC;QACvB,wEAAwE;QACxE,oEAAoE;QACpE,MAAM,GAAG,QAAQ,CAAC,MAAM,CAAC;IAC3B,CAAC;IAAC,MAAM,CAAC;QACP,6DAA6D;IAC/D,CAAC;IAED,MAAM,EAAE,mBAAmB,EAAE,GAAG,MAAM,MAAM,CAAC,+BAA+B,CAAC,CAAC;IAC9E,MAAM,EAAE,yBAAyB,EAAE,GAAG,MAAM,MAAM,CAAC,mBAAmB,CAAC,CAAC;IACxE,MAAM,EAAE,oBAAoB,EAAE,GAC5B,MAAM,MAAM,CAAC,2CAA2C,CAAC,CAAC;IAE5D,MAAM,OAAO,GAAG,MAAM,mBAAmB,CAAC,GAAG,CAAC,CAAC;IAC/C,GAAG,CACD,0BAA0B,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,MAAM,iBAAiB,GAAG,EAAE,CAC5E,CAAC;IAEF,MAAM,MAAM,GAAG,MAAM,yBAAyB,CAC5C;QACE,IAAI,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC;QACpD,KAAK;QACL,WAAW,EAAE,gBAAgB,KAAK,uBAAuB;QACzD,OAAO;QACP,uEAAuE;QACvE,gEAAgE;QAChE,kEAAkE;KACnE;IACD,yEAAyE;IACzE,gEAAgE;IAChE,SAAS,EACT,EAAE,MAAM,EAAE,CACX,CAAC;IAEF,MAAM,SAAS,GAAG,IAAI,oBAAoB,EAAE,CAAC;IAC7C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAEhC,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,EAAE;QAClC,MAAM,IAAI,GAAG,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC;QAC7B,SAAS,CAAC,OAAO,GAAG,IAAI,CAAC;QACzB,OAAO,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;QAC7B,OAAO,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;IAChC,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,OAA2B,EAAE;IAE7B,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;QACpB,MAAM,aAAa,CAAC,IAAI,CAAC,CAAC;QAC1B,OAAO;IACT,CAAC;IACD,IAAI,CAAC;QACH,MAAM,QAAQ,CAAC,IAAI,CAAC,CAAC;IACvB,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAClB,mEAAmE;QACnE,qEAAqE;QACrE,qEAAqE;QACrE,2CAA2C;QAC3C,GAAG,CAAC,sBAAsB,GAAG,EAAE,OAAO,IAAI,GAAG,EAAE,CAAC,CAAC;QACjD,MAAM,GAAG,CAAC;IACZ,CAAC;AACH,CAAC","sourcesContent":["/**\n * MCP **stdio** transport for the `agent-native mcp serve` command.\n *\n * This is the binary external coding agents (Claude Code, Claude Cowork,\n * Codex) actually launch — they speak MCP over a child process's stdio, not\n * HTTP. We expose the agent-native app's MCP surface over stdio in two modes:\n *\n *   - **proxy (default)** — connect an MCP `Client` over\n *     `StreamableHTTPClientTransport` to the *already-running* local app's\n *     `http://127.0.0.1:<port>/_agent-native/mcp`, and run a stdio `Server`\n *     that forwards tools and optional MCP App resources to it. The live app\n *     is the single source of truth: HMR'd actions, the real registry, correct\n *     per-request deep links, and tenant scoping all come for free. If the\n *     app isn't running, we wait briefly for it (the workspace gateway boots\n *     it lazily on first request).\n *\n *   - **standalone (`--standalone`)** — no running server, no HMR. Build the\n *     MCP server in-process from `autoDiscoverActions(cwd)` +\n *     `createMCPServerForRequest`, connected straight to a\n *     `StdioServerTransport`. Useful in CI / when nothing is serving.\n *\n * Node-only: imports `node:*` and the SDK stdio/http transports. Never part\n * of the serverless bundle.\n */\n\nimport { resolveLocalAppOrigin } from \"./workspace-resolve.js\";\nimport type { ServerCapabilities } from \"@modelcontextprotocol/sdk/types.js\";\n\nexport interface RunMCPStdioOptions {\n  /** App id to bridge to (workspace). Optional in a single-app project. */\n  appId?: string;\n  /** Explicit port of the running app's dev server. Overrides discovery. */\n  port?: number;\n  /** Skip the HTTP proxy and build the server in-process from disk. */\n  standalone?: boolean;\n  /** Working directory (defaults to process.cwd()). */\n  cwd?: string;\n  /** Env (defaults to process.env). */\n  env?: NodeJS.ProcessEnv;\n  /** Max ms to wait for the running app before failing (proxy mode). */\n  waitForAppMs?: number;\n}\n\nconst MCP_SUBPATH = \"/_agent-native/mcp\";\n\nfunction log(msg: string): void {\n  // stderr only — stdout is the MCP protocol channel and must stay clean.\n  process.stderr.write(`[mcp] ${msg}\\n`);\n}\n\n/**\n * Owner identity the installer wrote into the client config's env. Passed\n * through to the HTTP MCP endpoint as a JWT/identity bearer (when present)\n * so tool runs stay tenant-scoped. For local dev with a static ACCESS_TOKEN\n * the email is informational; for hosted JWT auth the token already carries\n * `sub`, so we only add an `X-Agent-Native-Owner-Email` hint header.\n */\nfunction authHeaders(env: NodeJS.ProcessEnv): Record<string, string> {\n  const headers: Record<string, string> = {};\n  const token = env.ACCESS_TOKEN || env.AGENT_NATIVE_MCP_TOKEN;\n  if (token) headers[\"Authorization\"] = `Bearer ${token}`;\n  const owner = env.AGENT_NATIVE_OWNER_EMAIL;\n  if (owner) headers[\"X-Agent-Native-Owner-Email\"] = owner;\n  return headers;\n}\n\nasync function probeOrigin(origin: string, timeoutMs = 800): Promise<boolean> {\n  try {\n    const res = await fetch(`${origin}${MCP_SUBPATH}`, {\n      method: \"GET\",\n      signal: AbortSignal.timeout(timeoutMs),\n    });\n    // Any HTTP response (even 401/405/406) means the server is up.\n    return res.status > 0;\n  } catch {\n    return false;\n  }\n}\n\n/**\n * Proxy mode: stdio Server ⇄ HTTP Client to the running app.\n *\n * We register the standard handlers on the stdio server and forward them\n * verbatim to the upstream HTTP MCP server via the SDK `Client`. The upstream\n * owns tool definitions, results, MCP App resources, and the appended\n * deep-link block / `_meta`, so nothing is duplicated here.\n */\nasync function runProxy(opts: RunMCPStdioOptions): Promise<void> {\n  const { origin, appId } = await resolveLocalAppOrigin({\n    cwd: opts.cwd,\n    env: opts.env,\n    appId: opts.appId,\n    port: opts.port,\n  });\n  const env = opts.env ?? process.env;\n  const target = `${origin}${MCP_SUBPATH}`;\n\n  // Wait for the app to come up. The workspace gateway lazily boots an app's\n  // dev server on first request, so a fresh `mcp serve` may briefly race the\n  // boot. Hit the gateway path too so the lazy start is triggered.\n  const deadline = Date.now() + (opts.waitForAppMs ?? 60_000);\n  let up = await probeOrigin(origin);\n  if (!up) {\n    log(`Waiting for ${appId} at ${origin} …`);\n    while (!up && Date.now() < deadline) {\n      await new Promise((r) => setTimeout(r, 750));\n      up = await probeOrigin(origin);\n    }\n  }\n  if (!up) {\n    throw new Error(\n      `Timed out waiting for the local app at ${origin}. Start it with ` +\n        `\\`agent-native dev\\` (or \\`agent-native workspace-dev\\`), or run ` +\n        `\\`agent-native mcp serve --standalone\\` to build the server from disk.`,\n    );\n  }\n\n  const { Client } = await import(\"@modelcontextprotocol/sdk/client/index.js\");\n  const { StreamableHTTPClientTransport } =\n    await import(\"@modelcontextprotocol/sdk/client/streamableHttp.js\");\n  const { Server } = await import(\"@modelcontextprotocol/sdk/server/index.js\");\n  const { StdioServerTransport } =\n    await import(\"@modelcontextprotocol/sdk/server/stdio.js\");\n  const {\n    ListToolsRequestSchema,\n    CallToolRequestSchema,\n    ListResourcesRequestSchema,\n    ReadResourceRequestSchema,\n    ListResourceTemplatesRequestSchema,\n  } = await import(\"@modelcontextprotocol/sdk/types.js\");\n\n  // --- Upstream HTTP client -------------------------------------------------\n  const clientTransport = new StreamableHTTPClientTransport(new URL(target), {\n    requestInit: { headers: authHeaders(env) },\n  });\n  const client = new Client(\n    { name: \"agent-native-mcp-proxy\", version: \"1.0.0\" },\n    { capabilities: {} },\n  );\n  await client.connect(clientTransport);\n  log(`Proxying stdio ⇄ ${target} (app: ${appId})`);\n\n  // --- Downstream stdio server ---------------------------------------------\n  const upstreamCapabilities = client.getServerCapabilities();\n  const capabilities: ServerCapabilities = { tools: {} };\n  if (upstreamCapabilities?.resources) capabilities.resources = {};\n  if (upstreamCapabilities?.extensions) {\n    capabilities.extensions = upstreamCapabilities.extensions;\n  }\n\n  const server = new Server(\n    { name: `agent-native-${appId}`, version: \"1.0.0\" },\n    { capabilities },\n  );\n\n  server.setRequestHandler(ListToolsRequestSchema, async (request: any) => {\n    return client.listTools(request.params);\n  });\n\n  server.setRequestHandler(CallToolRequestSchema, async (request: any) => {\n    // Forward the call verbatim; the upstream appends the deep-link block.\n    return client.callTool(request.params);\n  });\n\n  if (upstreamCapabilities?.resources) {\n    server.setRequestHandler(\n      ListResourcesRequestSchema,\n      async (request: any) => {\n        return client.listResources(request.params);\n      },\n    );\n\n    server.setRequestHandler(\n      ListResourceTemplatesRequestSchema,\n      async (request: any) => {\n        return client.listResourceTemplates(request.params);\n      },\n    );\n\n    server.setRequestHandler(\n      ReadResourceRequestSchema,\n      async (request: any) => {\n        return client.readResource(request.params);\n      },\n    );\n  }\n\n  const stdioTransport = new StdioServerTransport();\n  await server.connect(stdioTransport);\n\n  // Keep the proxy alive until the client/transport closes.\n  await new Promise<void>((resolve) => {\n    const done = () => resolve();\n    stdioTransport.onclose = done;\n    clientTransport.onclose = done;\n    process.once(\"SIGINT\", done);\n    process.once(\"SIGTERM\", done);\n  });\n\n  try {\n    await client.close();\n  } catch {\n    // best-effort\n  }\n}\n\n/**\n * Standalone mode: build the MCP server in-process from disk.\n *\n * No running server, no HMR — actions are discovered via\n * `autoDiscoverActions(cwd)` and the shared `createMCPServerForRequest`\n * builder is reused so behavior (tools, deep links, builtin cross-app tools)\n * matches the HTTP mount exactly.\n */\nasync function runStandalone(opts: RunMCPStdioOptions): Promise<void> {\n  const cwd = opts.cwd ?? process.cwd();\n  const env = opts.env ?? process.env;\n\n  const { resolveLocalAppOrigin } = await import(\"./workspace-resolve.js\");\n  let appId = opts.appId ?? \"app\";\n  let origin: string | undefined;\n  try {\n    const resolved = await resolveLocalAppOrigin({\n      cwd,\n      env,\n      appId: opts.appId,\n      port: opts.port,\n    });\n    appId = resolved.appId;\n    // Origin is best-effort here (server may not be running) — still useful\n    // so a `link` builder's relative deep link becomes an absolute URL.\n    origin = resolved.origin;\n  } catch {\n    // No workspace / can't resolve — fall back to a bare app id.\n  }\n\n  const { autoDiscoverActions } = await import(\"../server/action-discovery.js\");\n  const { createMCPServerForRequest } = await import(\"./build-server.js\");\n  const { StdioServerTransport } =\n    await import(\"@modelcontextprotocol/sdk/server/stdio.js\");\n\n  const actions = await autoDiscoverActions(cwd);\n  log(\n    `Standalone: discovered ${Object.keys(actions).length} action(s) in ${cwd}`,\n  );\n\n  const server = await createMCPServerForRequest(\n    {\n      name: appId.charAt(0).toUpperCase() + appId.slice(1),\n      appId,\n      description: `Agent-native ${appId} app (standalone MCP)`,\n      actions,\n      // No askAgent in standalone — there is no running engine/runtime here.\n      // builtin cross-app tools stay on so `list_apps` / `open_app` /\n      // `create_workspace_app` / `list_templates` still work from disk.\n    },\n    // No verified identity in standalone (no inbound auth header). Runs with\n    // platform-default scope, same as a tokenless local HTTP mount.\n    undefined,\n    { origin },\n  );\n\n  const transport = new StdioServerTransport();\n  await server.connect(transport);\n\n  await new Promise<void>((resolve) => {\n    const done = () => resolve();\n    transport.onclose = done;\n    process.once(\"SIGINT\", done);\n    process.once(\"SIGTERM\", done);\n  });\n}\n\n/**\n * Entry point for `agent-native mcp serve`. Defaults to proxy mode; pass\n * `standalone: true` to build the server from disk with no running app.\n */\nexport async function runMCPStdio(\n  opts: RunMCPStdioOptions = {},\n): Promise<void> {\n  if (opts.standalone) {\n    await runStandalone(opts);\n    return;\n  }\n  try {\n    await runProxy(opts);\n  } catch (err: any) {\n    // Proxy couldn't reach a running app — surface a clear, actionable\n    // message on stderr. We do NOT silently fall back to standalone: the\n    // caller asked for the live registry; auto-falling-back would hide a\n    // broken dev server and serve stale tools.\n    log(`Proxy mode failed: ${err?.message ?? err}`);\n    throw err;\n  }\n}\n"]}

package/dist/mcp-client/app-result.d.ts

@@ -0,0 +1,40 @@
+import type { McpTool } from "./manager.js";
+export declare const MCP_ACTION_RESULT_MARKER: "__agentNativeMcpToolResult";
+export interface AgentMcpAppResourceContent {
+    uri: string;
+    mimeType?: string;
+    text?: string;
+    blob?: string;
+    _meta?: Record<string, unknown>;
+}
+export interface AgentMcpAppPayload {
+    serverId: string;
+    toolName: string;
+    originalToolName: string;
+    resourceUri: string;
+    toolInput: Record<string, unknown>;
+    toolResult: Record<string, unknown>;
+    tool?: {
+        name: string;
+        title?: string;
+        description?: string;
+        inputSchema?: Record<string, unknown>;
+        outputSchema?: Record<string, unknown>;
+        annotations?: Record<string, unknown>;
+        _meta?: Record<string, unknown>;
+    };
+    resource?: AgentMcpAppResourceContent;
+}
+export interface McpActionResult {
+    [MCP_ACTION_RESULT_MARKER]: true;
+    text: string;
+    raw: unknown;
+    serverId: string;
+    toolName: string;
+    originalToolName: string;
+    input: Record<string, unknown>;
+    mcpApp?: AgentMcpAppPayload;
+}
+export declare function isMcpActionResult(value: unknown): value is McpActionResult;
+export declare function toolForMcpAppPayload(tool: McpTool): AgentMcpAppPayload["tool"];
+//# sourceMappingURL=app-result.d.ts.map

package/dist/mcp-client/app-result.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"app-result.d.ts","sourceRoot":"","sources":["../../src/mcp-client/app-result.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AAE5C,eAAO,MAAM,wBAAwB,EAAG,4BAAqC,CAAC;AAE9E,MAAM,WAAW,0BAA0B;IACzC,GAAG,EAAE,MAAM,CAAC;IACZ,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACjC;AAED,MAAM,WAAW,kBAAkB;IACjC,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,gBAAgB,EAAE,MAAM,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACnC,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACpC,IAAI,CAAC,EAAE;QACL,IAAI,EAAE,MAAM,CAAC;QACb,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QACtC,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QACvC,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QACtC,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;KACjC,CAAC;IACF,QAAQ,CAAC,EAAE,0BAA0B,CAAC;CACvC;AAED,MAAM,WAAW,eAAe;IAC9B,CAAC,wBAAwB,CAAC,EAAE,IAAI,CAAC;IACjC,IAAI,EAAE,MAAM,CAAC;IACb,GAAG,EAAE,OAAO,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,gBAAgB,EAAE,MAAM,CAAC;IACzB,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC/B,MAAM,CAAC,EAAE,kBAAkB,CAAC;CAC7B;AAED,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,OAAO,GAAG,KAAK,IAAI,eAAe,CAO1E;AAED,wBAAgB,oBAAoB,CAClC,IAAI,EAAE,OAAO,GACZ,kBAAkB,CAAC,MAAM,CAAC,CAU5B"}

package/dist/mcp-client/app-result.js

@@ -0,0 +1,19 @@
+export const MCP_ACTION_RESULT_MARKER = "__agentNativeMcpToolResult";
+export function isMcpActionResult(value) {
+    return (!!value &&
+        typeof value === "object" &&
+        value[MCP_ACTION_RESULT_MARKER] === true &&
+        typeof value.text === "string");
+}
+export function toolForMcpAppPayload(tool) {
+    return {
+        name: tool.originalName,
+        ...(tool.title ? { title: tool.title } : {}),
+        description: tool.description,
+        inputSchema: tool.inputSchema,
+        ...(tool.outputSchema ? { outputSchema: tool.outputSchema } : {}),
+        ...(tool.annotations ? { annotations: tool.annotations } : {}),
+        ...(tool._meta ? { _meta: tool._meta } : {}),
+    };
+}
+//# sourceMappingURL=app-result.js.map

package/dist/mcp-client/app-result.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"app-result.js","sourceRoot":"","sources":["../../src/mcp-client/app-result.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,wBAAwB,GAAG,4BAAqC,CAAC;AAwC9E,MAAM,UAAU,iBAAiB,CAAC,KAAc;IAC9C,OAAO,CACL,CAAC,CAAC,KAAK;QACP,OAAO,KAAK,KAAK,QAAQ;QACxB,KAAiC,CAAC,wBAAwB,CAAC,KAAK,IAAI;QACrE,OAAQ,KAAiC,CAAC,IAAI,KAAK,QAAQ,CAC5D,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,oBAAoB,CAClC,IAAa;IAEb,OAAO;QACL,IAAI,EAAE,IAAI,CAAC,YAAY;QACvB,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC5C,WAAW,EAAE,IAAI,CAAC,WAAW;QAC7B,WAAW,EAAE,IAAI,CAAC,WAAW;QAC7B,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,EAAE,YAAY,EAAE,IAAI,CAAC,YAAY,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACjE,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC9D,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAC7C,CAAC;AACJ,CAAC","sourcesContent":["import type { McpTool } from \"./manager.js\";\n\nexport const MCP_ACTION_RESULT_MARKER = \"__agentNativeMcpToolResult\" as const;\n\nexport interface AgentMcpAppResourceContent {\n  uri: string;\n  mimeType?: string;\n  text?: string;\n  blob?: string;\n  _meta?: Record<string, unknown>;\n}\n\nexport interface AgentMcpAppPayload {\n  serverId: string;\n  toolName: string;\n  originalToolName: string;\n  resourceUri: string;\n  toolInput: Record<string, unknown>;\n  toolResult: Record<string, unknown>;\n  tool?: {\n    name: string;\n    title?: string;\n    description?: string;\n    inputSchema?: Record<string, unknown>;\n    outputSchema?: Record<string, unknown>;\n    annotations?: Record<string, unknown>;\n    _meta?: Record<string, unknown>;\n  };\n  resource?: AgentMcpAppResourceContent;\n}\n\nexport interface McpActionResult {\n  [MCP_ACTION_RESULT_MARKER]: true;\n  text: string;\n  raw: unknown;\n  serverId: string;\n  toolName: string;\n  originalToolName: string;\n  input: Record<string, unknown>;\n  mcpApp?: AgentMcpAppPayload;\n}\n\nexport function isMcpActionResult(value: unknown): value is McpActionResult {\n  return (\n    !!value &&\n    typeof value === \"object\" &&\n    (value as Record<string, unknown>)[MCP_ACTION_RESULT_MARKER] === true &&\n    typeof (value as Record<string, unknown>).text === \"string\"\n  );\n}\n\nexport function toolForMcpAppPayload(\n  tool: McpTool,\n): AgentMcpAppPayload[\"tool\"] {\n  return {\n    name: tool.originalName,\n    ...(tool.title ? { title: tool.title } : {}),\n    description: tool.description,\n    inputSchema: tool.inputSchema,\n    ...(tool.outputSchema ? { outputSchema: tool.outputSchema } : {}),\n    ...(tool.annotations ? { annotations: tool.annotations } : {}),\n    ...(tool._meta ? { _meta: tool._meta } : {}),\n  };\n}\n"]}

package/dist/mcp-client/index.d.ts

@@ -5,7 +5,7 @@
  * to the agent-chat tool-use loop.
  */
 export { loadMcpConfig, autoDetectMcpConfig, type McpConfig, type McpServerConfig, } from "./config.js";
-export { McpClientManager, parseMcpToolName, MCP_TOOL_PREFIX, type McpTool, type McpClientManagerOptions, } from "./manager.js";
+export { McpClientManager, buildMcpToolName, parseMcpToolName, MCP_TOOL_PREFIX, type McpTool, type McpClientManagerOptions, } from "./manager.js";
 export { listRemoteServers, addRemoteServer, removeRemoteServer, validateRemoteUrl, normalizeServerName, mergedConfigKey, parseMergedKey, hashEmail, toHttpServerConfig, toHttpServerConfigAsync, materializeHeaders, type RemoteMcpScope, type StoredRemoteMcpServer, } from "./remote-store.js";
 export { BUILTIN_MCP_CAPABILITIES, getBuiltinMcpCapability, isBuiltinMcpCapabilityAvailable, normalizeBuiltinMcpCapabilityIds, toBuiltinMcpServerConfig, type BuiltinMcpCapability, type BuiltinMcpCapabilityId, } from "./builtin-capabilities.js";
 export { builtinMcpCapabilitiesSettingsKey, listEnabledBuiltinMcpCapabilities, setEnabledBuiltinMcpCapabilities, setBuiltinMcpCapabilityEnabled, type StoredBuiltinMcpCapabilities, } from "./builtin-store.js";
@@ -13,13 +13,14 @@ export { mountMcpServersRoutes, buildMergedConfig, builtinMergedConfigKey, type
 export { mountMcpHubRoutes, listHubServers, getHubStatus, isHubServeEnabled, isHubConsumeEnabled, type HubServerRecord, type HubServersResponse, } from "./hub-routes.js";
 export { fetchHubServers } from "./hub-client.js";
 export { isMcpToolAllowedForRequest } from "./visibility.js";
+export { MCP_ACTION_RESULT_MARKER, isMcpActionResult, type AgentMcpAppPayload, type AgentMcpAppResourceContent, type McpActionResult, } from "./app-result.js";
 /**
  * Convert MCP tools into `ActionEntry` values suitable for registration in
  * the agent's action registry. Each tool is marked `http: false` so it's
  * never auto-mounted as an HTTP endpoint — MCP tools are agent-only.
  */
 import type { ActionEntry } from "../agent/production-agent.js";
-import type { McpClientManager } from "./manager.js";
+import type { McpClientManager, McpTool } from "./manager.js";
 export declare function mcpToolsToActionEntries(manager: McpClientManager): Record<string, ActionEntry>;
 /**
  * Mutate a target action dict in place so it matches the current MCP tool set:
@@ -31,4 +32,6 @@ export declare function mcpToolsToActionEntries(manager: McpClientManager): Reco
  * registries in sync after `McpClientManager.reconfigure()` runs.
  */
 export declare function syncMcpActionEntries(manager: McpClientManager, target: Record<string, ActionEntry>): void;
+export declare function isVisibleToMcpApp(tool: McpTool): boolean;
+export declare function flattenMcpToolResult(result: unknown): string;
 //# sourceMappingURL=index.d.ts.map

package/dist/mcp-client/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/mcp-client/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EACL,aAAa,EACb,mBAAmB,EACnB,KAAK,SAAS,EACd,KAAK,eAAe,GACrB,MAAM,aAAa,CAAC;AAErB,OAAO,EACL,gBAAgB,EAChB,gBAAgB,EAChB,eAAe,EACf,KAAK,OAAO,EACZ,KAAK,uBAAuB,GAC7B,MAAM,cAAc,CAAC;AAEtB,OAAO,EACL,iBAAiB,EACjB,eAAe,EACf,kBAAkB,EAClB,iBAAiB,EACjB,mBAAmB,EACnB,eAAe,EACf,cAAc,EACd,SAAS,EACT,kBAAkB,EAClB,uBAAuB,EACvB,kBAAkB,EAClB,KAAK,cAAc,EACnB,KAAK,qBAAqB,GAC3B,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EACL,wBAAwB,EACxB,uBAAuB,EACvB,+BAA+B,EAC/B,gCAAgC,EAChC,wBAAwB,EACxB,KAAK,oBAAoB,EACzB,KAAK,sBAAsB,GAC5B,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EACL,iCAAiC,EACjC,iCAAiC,EACjC,gCAAgC,EAChC,8BAA8B,EAC9B,KAAK,4BAA4B,GAClC,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EACL,qBAAqB,EACrB,iBAAiB,EACjB,sBAAsB,EACtB,KAAK,uBAAuB,GAC7B,MAAM,aAAa,CAAC;AAErB,OAAO,EACL,iBAAiB,EACjB,cAAc,EACd,YAAY,EACZ,iBAAiB,EACjB,mBAAmB,EACnB,KAAK,eAAe,EACpB,KAAK,kBAAkB,GACxB,MAAM,iBAAiB,CAAC;AAEzB,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAElD,OAAO,EAAE,0BAA0B,EAAE,MAAM,iBAAiB,CAAC;AAG7D;;;;GAIG;AACH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,8BAA8B,CAAC;AAChE,OAAO,KAAK,EAAE,gBAAgB,EAAW,MAAM,cAAc,CAAC;AAE9D,wBAAgB,uBAAuB,CACrC,OAAO,EAAE,gBAAgB,GACxB,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,CAM7B;AAED;;;;;;;;GAQG;AACH,wBAAgB,oBAAoB,CAClC,OAAO,EAAE,gBAAgB,EACzB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,GAClC,IAAI,CAaN"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/mcp-client/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EACL,aAAa,EACb,mBAAmB,EACnB,KAAK,SAAS,EACd,KAAK,eAAe,GACrB,MAAM,aAAa,CAAC;AAErB,OAAO,EACL,gBAAgB,EAChB,gBAAgB,EAChB,gBAAgB,EAChB,eAAe,EACf,KAAK,OAAO,EACZ,KAAK,uBAAuB,GAC7B,MAAM,cAAc,CAAC;AAEtB,OAAO,EACL,iBAAiB,EACjB,eAAe,EACf,kBAAkB,EAClB,iBAAiB,EACjB,mBAAmB,EACnB,eAAe,EACf,cAAc,EACd,SAAS,EACT,kBAAkB,EAClB,uBAAuB,EACvB,kBAAkB,EAClB,KAAK,cAAc,EACnB,KAAK,qBAAqB,GAC3B,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EACL,wBAAwB,EACxB,uBAAuB,EACvB,+BAA+B,EAC/B,gCAAgC,EAChC,wBAAwB,EACxB,KAAK,oBAAoB,EACzB,KAAK,sBAAsB,GAC5B,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EACL,iCAAiC,EACjC,iCAAiC,EACjC,gCAAgC,EAChC,8BAA8B,EAC9B,KAAK,4BAA4B,GAClC,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EACL,qBAAqB,EACrB,iBAAiB,EACjB,sBAAsB,EACtB,KAAK,uBAAuB,GAC7B,MAAM,aAAa,CAAC;AAErB,OAAO,EACL,iBAAiB,EACjB,cAAc,EACd,YAAY,EACZ,iBAAiB,EACjB,mBAAmB,EACnB,KAAK,eAAe,EACpB,KAAK,kBAAkB,GACxB,MAAM,iBAAiB,CAAC;AAEzB,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAElD,OAAO,EAAE,0BAA0B,EAAE,MAAM,iBAAiB,CAAC;AAE7D,OAAO,EACL,wBAAwB,EACxB,iBAAiB,EACjB,KAAK,kBAAkB,EACvB,KAAK,0BAA0B,EAC/B,KAAK,eAAe,GACrB,MAAM,iBAAiB,CAAC;AAezB;;;;GAIG;AACH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,8BAA8B,CAAC;AAChE,OAAO,KAAK,EAAE,gBAAgB,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AAE9D,wBAAgB,uBAAuB,CACrC,OAAO,EAAE,gBAAgB,GACxB,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,CAM7B;AAED;;;;;;;;GAQG;AACH,wBAAgB,oBAAoB,CAClC,OAAO,EAAE,gBAAgB,EACzB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,GAClC,IAAI,CAaN;AA6CD,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,OAAO,GAAG,OAAO,CAMxD;AAED,wBAAgB,oBAAoB,CAAC,MAAM,EAAE,OAAO,GAAG,MAAM,CAiB5D"}