@agent-vm/mcp-portal 0.0.76 → 0.0.78
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/bin/mcp-portal.js +5 -5
- package/dist/bin/mcp-portal.js.map +1 -1
- package/dist/cli/index.d.ts +3 -3
- package/dist/cli/index.d.ts.map +1 -1
- package/dist/cli/index.js +1 -1
- package/dist/core/index.d.ts +2 -2
- package/dist/core/index.js +4 -4
- package/dist/index.d.ts +39 -2
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +3 -3
- package/dist/mcp-proxy/index.d.ts +2 -2
- package/dist/mcp-proxy/index.js +1 -1
- package/dist/{portal-core-BPSvDGvi.js → portal-core-B5cRpZMG.js} +26 -17
- package/dist/portal-core-B5cRpZMG.js.map +1 -0
- package/dist/{portal-core-CZQI7Ob6.d.ts → portal-core-Ckq-Mrzb.d.ts} +19 -2
- package/dist/portal-core-Ckq-Mrzb.d.ts.map +1 -0
- package/dist/{portal-session-DG2CUjIo.d.ts → portal-session-5ksK1G9Z.d.ts} +19 -4
- package/dist/portal-session-5ksK1G9Z.d.ts.map +1 -0
- package/dist/{portal-tools-DKci1szO.js → portal-tools-DA7j2pyv.js} +25 -8
- package/dist/portal-tools-DA7j2pyv.js.map +1 -0
- package/dist/{resolve-agent-identity-FQL02YdW.d.ts → resolve-agent-identity-C9Jc2NhJ.d.ts} +3 -3
- package/dist/{resolve-agent-identity-FQL02YdW.d.ts.map → resolve-agent-identity-C9Jc2NhJ.d.ts.map} +1 -1
- package/dist/{resolve-agent-identity-DnC_Pmnh.js → resolve-agent-identity-ZMMY2Wqm.js} +3 -3
- package/dist/{resolve-agent-identity-DnC_Pmnh.js.map → resolve-agent-identity-ZMMY2Wqm.js.map} +1 -1
- package/dist/{serve-command-CV1s-Eln.js → serve-command-Dz6nvnzQ.js} +8 -8
- package/dist/serve-command-Dz6nvnzQ.js.map +1 -0
- package/dist/{upstream-mcp-client-runtime-DbPkS6Rk.js → upstream-mcp-client-runtime-Be_cw6pV.js} +64 -15
- package/dist/upstream-mcp-client-runtime-Be_cw6pV.js.map +1 -0
- package/dist/upstream-response-middleware-1MZnAD9C.d.ts.map +1 -1
- package/dist/{upstream-response-middleware-BjUWZ2G8.js → upstream-response-middleware-Cd1MxA6A.js} +57 -3
- package/dist/upstream-response-middleware-Cd1MxA6A.js.map +1 -0
- package/package.json +3 -3
- package/dist/portal-core-BPSvDGvi.js.map +0 -1
- package/dist/portal-core-CZQI7Ob6.d.ts.map +0 -1
- package/dist/portal-session-DG2CUjIo.d.ts.map +0 -1
- package/dist/portal-tools-DKci1szO.js.map +0 -1
- package/dist/serve-command-CV1s-Eln.js.map +0 -1
- package/dist/upstream-mcp-client-runtime-DbPkS6Rk.js.map +0 -1
- package/dist/upstream-response-middleware-BjUWZ2G8.js.map +0 -1
package/dist/bin/mcp-portal.js
CHANGED
|
@@ -1,11 +1,11 @@
|
|
|
1
1
|
#!/usr/bin/env node
|
|
2
2
|
import { a as portalToolRecordSchema } from "../zod-schema-loader-yNekKNpm.js";
|
|
3
|
-
import { t as createUpstreamMcpClientRuntime } from "../upstream-mcp-client-runtime-
|
|
4
|
-
import { i as resolveUpstreamServers, n as createPortalCore } from "../portal-core-
|
|
3
|
+
import { t as createUpstreamMcpClientRuntime } from "../upstream-mcp-client-runtime-Be_cw6pV.js";
|
|
4
|
+
import { i as resolveUpstreamServers, n as createPortalCore } from "../portal-core-B5cRpZMG.js";
|
|
5
5
|
import { t as generateTypescriptCatalogArtifact } from "../typescript-artifact-BVLt3Ifd.js";
|
|
6
6
|
import { n as deriveAgentBearerToken, r as formatMasterKeyFingerprint, t as decodePortalMasterKey } from "../agent-bearer-token-DCtpDPCZ.js";
|
|
7
|
-
import { i as resolveAgentHmacKeys, n as createPortalApprovalVerifier, t as createPortalAgentRuntimeRecords } from "../resolve-agent-identity-
|
|
8
|
-
import { c as resolveSecretValue, i as deriveApprovalHmacKeysFromMasterKey, n as buildProfilePolicyMaps, o as parsePortalServerCliArgs, r as createServeSecretResolver, s as startPortalServer } from "../serve-command-
|
|
7
|
+
import { i as resolveAgentHmacKeys, n as createPortalApprovalVerifier, t as createPortalAgentRuntimeRecords } from "../resolve-agent-identity-ZMMY2Wqm.js";
|
|
8
|
+
import { c as resolveSecretValue, i as deriveApprovalHmacKeysFromMasterKey, n as buildProfilePolicyMaps, o as parsePortalServerCliArgs, r as createServeSecretResolver, s as startPortalServer } from "../serve-command-Dz6nvnzQ.js";
|
|
9
9
|
import { t as parseHmacKeysFromEnv } from "../hmac-env-B4shpRRB.js";
|
|
10
10
|
import { z } from "zod";
|
|
11
11
|
import { loadMcpConfig, loadMcpPortalConfig } from "@agent-vm/config-contracts";
|
|
@@ -213,7 +213,7 @@ async function runCallCommand(args, runtimeProps) {
|
|
|
213
213
|
accessPolicy: {
|
|
214
214
|
defaultPolicy: "deny-all",
|
|
215
215
|
enabledNamespacesByAgent: profilePolicyMaps.enabledNamespacesByAgent,
|
|
216
|
-
|
|
216
|
+
enabledToolsByNamespaceByAgent: profilePolicyMaps.enabledToolsByNamespaceByAgent,
|
|
217
217
|
hiddenToolsByAgent: profilePolicyMaps.hiddenToolsByAgent
|
|
218
218
|
},
|
|
219
219
|
approval: (calls, scope, approvalToken) => verifyApproval(calls, scope.agentId, approvalToken),
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"mcp-portal.js","names":[],"sources":["../../src/bin/mcp-portal.ts"],"sourcesContent":["#!/usr/bin/env node\n\nimport { mkdir, readFile, writeFile } from 'node:fs/promises';\nimport { basename, join } from 'node:path';\n\nimport {\n\tloadMcpConfig,\n\tloadMcpPortalConfig,\n\ttype McpPortalConfig,\n\ttype SecretValue,\n} from '@agent-vm/config-contracts';\nimport type { SecretResolver } from '@agent-vm/secret-management';\nimport { z } from 'zod';\n\nimport { portalToolRecordSchema, type PortalToolRecord } from '../catalog-types.js';\nimport {\n\tbuildProfilePolicyMaps,\n\tcreateServeSecretResolver,\n\tderiveApprovalHmacKeysFromMasterKey,\n\tparsePortalServerCliArgs,\n\tstartPortalServer,\n} from '../cli/serve-command.js';\nimport {\n\tcreatePortalCore,\n\ttype PortalCoreEvent,\n\ttype PortalCoreToolName,\n} from '../core/portal-core.js';\nimport { resolveUpstreamServers } from '../core/provider-runtime.js';\nimport {\n\tcreatePortalAgentRuntimeRecords,\n\tcreatePortalApprovalVerifier,\n\tresolveAgentHmacKeys,\n} from '../mcp-proxy/resolve-agent-identity.js';\nimport {\n\tdecodePortalMasterKey,\n\tderiveAgentBearerToken,\n\tformatMasterKeyFingerprint,\n} from '../portal-auth/agent-bearer-token.js';\nimport { parseHmacKeysFromEnv } from '../portal-auth/hmac-env.js';\nimport { generateTypescriptCatalogArtifact } from '../portal-config/typescript-artifact.js';\nimport { createUpstreamMcpClientRuntime } from '../upstream-mcp-client-runtime.js';\nimport { resolveSecretValue } from './secret-value-resolver.js';\n\nconst catalogFileSchema = z\n\t.object({\n\t\ttools: z.array(portalToolRecordSchema),\n\t})\n\t.strict();\n\nexport interface PortalCatalogFile {\n\treadonly tools: readonly PortalToolRecord[];\n}\n\nexport interface AgentVmMcpPortalRuntimeProps {\n\treadonly env?: Readonly<Record<string, string | undefined>>;\n\treadonly secretResolver?: SecretResolver;\n}\n\nasync function readCatalogFile(catalogPath: string): Promise<PortalCatalogFile> {\n\tconst rawCatalog = await readFile(catalogPath, 'utf-8');\n\tconst parsedJson = JSON.parse(rawCatalog) as unknown;\n\treturn catalogFileSchema.parse(parsedJson);\n}\n\nfunction parseOutputDirectory(args: readonly string[]): string | null {\n\tconst outputFlagIndex = args.indexOf('--out');\n\tif (outputFlagIndex === -1) {\n\t\treturn null;\n\t}\n\n\treturn args[outputFlagIndex + 1] ?? null;\n}\n\nfunction printUsage(): void {\n\tprocess.stderr.write('Usage: mcp-portal validate <catalog.json>\\n');\n\tprocess.stderr.write('Usage: mcp-portal generate-helper <catalog.json> --out <directory>\\n');\n\tprocess.stderr.write(\n\t\t'Usage: mcp-portal mcp-proxy serve --config-dir <directory> [--port <port>]\\n',\n\t);\n\tprocess.stderr.write(\n\t\t'Usage: mcp-portal call --config-dir <directory> --agent <agent-id> --input <request.json> [--tool <portal-tool-name>]\\n',\n\t);\n\tprocess.stderr.write(\n\t\t'Usage: mcp-portal mcp-proxy print-client-config --config-dir <directory> --agent <agent-id> --master-key-fingerprint <sha256:...> [--proxy-url <url>]\\n',\n\t);\n}\n\nfunction readFlag(args: readonly string[], name: string): string | null {\n\tconst index = args.indexOf(name);\n\tif (index === -1) {\n\t\treturn null;\n\t}\n\treturn args[index + 1] ?? null;\n}\n\nfunction normalizeCredentialProxyUrl(value: string): string {\n\tconst url = new URL(value);\n\tif (url.protocol !== 'http:' && url.protocol !== 'https:') {\n\t\tthrow new Error(`Invalid --proxy-url protocol \"${url.protocol}\". Expected http or https.`);\n\t}\n\treturn url.toString();\n}\n\ntype RequiredPortalRuntimeProps = Required<Pick<AgentVmMcpPortalRuntimeProps, 'env'>> &\n\tPick<AgentVmMcpPortalRuntimeProps, 'secretResolver'>;\n\nasync function createCliSecretResolver(props: RequiredPortalRuntimeProps): Promise<SecretResolver> {\n\treturn props.secretResolver ?? (await createServeSecretResolver(props.env));\n}\n\ninterface McpPortalClientConfigServer {\n\treadonly headers: Readonly<Record<string, string>>;\n\treadonly type: 'streamable-http';\n\treadonly url: string;\n}\n\ninterface McpPortalClientConfig {\n\treadonly agentId: string;\n\treadonly authorizationHeaderName: string;\n\treadonly authorizationHeaderValue: string;\n\treadonly kind: 'mcp-portal-client-config';\n\treadonly masterKeyFingerprint: string;\n\treadonly mcpServers: Readonly<Record<string, McpPortalClientConfigServer>>;\n\treadonly proxyUrl: string;\n\treadonly schemaVersion: 1;\n}\n\nfunction serverNameForClientConfig(agentId: string): string {\n\treturn `mcp-portal-${agentId.replaceAll(/[^A-Za-z0-9_-]/gu, '-')}`;\n}\n\nfunction printCredentialMaterialWarning(): void {\n\tprocess.stderr.write(\n\t\t[\n\t\t\t'WARNING: MCP Portal client config is bearer credential material.',\n\t\t\t'WARNING: Treat stdout like an API token. Do not paste it into logs, commits, or chat.',\n\t\t\t'WARNING: The token is per-agent and remains valid until credentialVersion or masterKey rotation.',\n\t\t\t'',\n\t\t].join('\\n'),\n\t);\n}\n\nfunction printDisabledCredentialWriter(): number {\n\tprocess.stderr.write(\n\t\t[\n\t\t\t'mcp-portal: mcp-proxy write-credential is disabled because it persists bearer credentials.',\n\t\t\t'Use mcp-portal mcp-proxy print-client-config and decide explicitly where stdout is stored.',\n\t\t\t'',\n\t\t].join('\\n'),\n\t);\n\treturn 1;\n}\n\nasync function printClientConfig(\n\targs: readonly string[],\n\truntimeProps: RequiredPortalRuntimeProps,\n): Promise<number> {\n\tconst configDir = readFlag(args, '--config-dir');\n\tconst agentId = readFlag(args, '--agent');\n\tconst expectedFingerprint = readFlag(args, '--master-key-fingerprint');\n\tconst proxyUrlOverride = readFlag(args, '--proxy-url');\n\tif (configDir === null || agentId === null || expectedFingerprint === null) {\n\t\tprintUsage();\n\t\treturn 1;\n\t}\n\tconst portalConfig = await loadMcpPortalConfig(join(configDir, 'mcp-portal.config.jsonc'));\n\tif (portalConfig.externalAuth === undefined) {\n\t\tthrow new Error('print-client-config requires externalAuth.masterKey.');\n\t}\n\tif (portalConfig.mcpProxy === undefined && proxyUrlOverride === null) {\n\t\tthrow new Error('print-client-config requires mcpProxy server settings or --proxy-url.');\n\t}\n\tif (portalConfig.agents[agentId] === undefined) {\n\t\tthrow new Error(`Unknown MCP Portal agent \"${agentId}\".`);\n\t}\n\tconst secretResolver = await createCliSecretResolver(runtimeProps);\n\tconst masterKey = decodePortalMasterKey(\n\t\tawait resolveSecretValue(portalConfig.externalAuth.masterKey, {\n\t\t\tenv: runtimeProps.env,\n\t\t\tsecretResolver,\n\t\t}),\n\t);\n\tconst actualFingerprint = formatMasterKeyFingerprint(masterKey);\n\tif (actualFingerprint !== expectedFingerprint) {\n\t\tthrow new Error(\n\t\t\t`Master-key fingerprint mismatch. Expected ${expectedFingerprint}; resolved ${actualFingerprint}.`,\n\t\t);\n\t}\n\tconst agentConfig = portalConfig.agents[agentId];\n\tconst bearer = deriveAgentBearerToken({\n\t\tagentId,\n\t\tcredentialVersion: agentConfig.credentialVersion,\n\t\tmasterKey,\n\t});\n\tconst proxyUrl =\n\t\tproxyUrlOverride === null\n\t\t\t? credentialProxyUrlFromConfig(requireCredentialMcpProxy(portalConfig.mcpProxy), agentId)\n\t\t\t: normalizeCredentialProxyUrl(proxyUrlOverride);\n\tconst authorizationHeaderName = portalConfig.mcpProxy?.auth.headerName ?? 'authorization';\n\tconst authorizationHeaderValue = `Bearer ${bearer}`;\n\tconst clientConfig = {\n\t\tagentId,\n\t\tauthorizationHeaderName,\n\t\tauthorizationHeaderValue,\n\t\tkind: 'mcp-portal-client-config',\n\t\tmasterKeyFingerprint: actualFingerprint,\n\t\tmcpServers: {\n\t\t\t[serverNameForClientConfig(agentId)]: {\n\t\t\t\theaders: { [authorizationHeaderName]: authorizationHeaderValue },\n\t\t\t\ttype: 'streamable-http',\n\t\t\t\turl: proxyUrl,\n\t\t\t},\n\t\t},\n\t\tproxyUrl,\n\t\tschemaVersion: 1,\n\t} satisfies McpPortalClientConfig;\n\tprintCredentialMaterialWarning();\n\tprocess.stdout.write(`${JSON.stringify(clientConfig, null, '\\t')}\\n`);\n\treturn 0;\n}\n\nfunction requireCredentialMcpProxy(\n\tmcpProxy: McpPortalConfig['mcpProxy'],\n): NonNullable<McpPortalConfig['mcpProxy']> {\n\tif (mcpProxy === undefined) {\n\t\tthrow new Error('print-client-config requires mcpProxy server settings or --proxy-url.');\n\t}\n\treturn mcpProxy;\n}\n\nfunction credentialProxyUrlFromConfig(\n\tmcpProxy: NonNullable<McpPortalConfig['mcpProxy']>,\n\tagentId: string,\n): string {\n\tconst host = mcpProxy.server.host.includes(':')\n\t\t? `[${mcpProxy.server.host.replace(/^\\[|\\]$/gu, '')}]`\n\t\t: mcpProxy.server.host;\n\treturn `http://${host}:${String(mcpProxy.server.port)}/agents/${encodeURIComponent(agentId)}/mcp`;\n}\n\nconst portalCoreToolNames = new Set<string>([\n\t'mcp_portal_list',\n\t'mcp_portal_search',\n\t'mcp_portal_describe',\n\t'mcp_portal_call',\n]);\n\ntype PortalShutdownSignal = 'SIGINT' | 'SIGTERM';\ninterface PortalSignalTarget {\n\treadonly off: (signal: PortalShutdownSignal, listener: () => void) => void;\n\treadonly once: (signal: PortalShutdownSignal, listener: () => void) => void;\n}\n\nexport interface RunningPortalServer {\n\treadonly close: () => Promise<void>;\n}\n\nfunction waitForPortalShutdownSignal(\n\tsignalTarget: PortalSignalTarget = process,\n): Promise<PortalShutdownSignal> {\n\tconst signals = ['SIGINT', 'SIGTERM'] satisfies readonly PortalShutdownSignal[];\n\treturn new Promise((resolve) => {\n\t\tconst listeners = new Map<PortalShutdownSignal, () => void>();\n\t\tfor (const signal of signals) {\n\t\t\tconst listener = (): void => {\n\t\t\t\tfor (const [registeredSignal, registeredListener] of listeners) {\n\t\t\t\t\tsignalTarget.off(registeredSignal, registeredListener);\n\t\t\t\t}\n\t\t\t\tresolve(signal);\n\t\t\t};\n\t\t\tlisteners.set(signal, listener);\n\t\t\tsignalTarget.once(signal, listener);\n\t\t}\n\t});\n}\n\nexport async function waitUntilPortalServerShutdown(props: {\n\treadonly server: RunningPortalServer;\n\treadonly signalTarget?: PortalSignalTarget;\n}): Promise<void> {\n\ttry {\n\t\tawait waitForPortalShutdownSignal(props.signalTarget);\n\t} finally {\n\t\tawait props.server.close();\n\t}\n}\n\nfunction isPortalCoreToolName(value: string): value is PortalCoreToolName {\n\treturn portalCoreToolNames.has(value);\n}\n\nfunction parsePortalCoreToolName(value: string | null): PortalCoreToolName {\n\tconst toolName = value ?? 'mcp_portal_call';\n\tif (!isPortalCoreToolName(toolName)) {\n\t\tthrow new Error(`Unknown MCP Portal tool \"${toolName}\".`);\n\t}\n\treturn toolName;\n}\n\nfunction writePortalCoreEventToStderr(event: PortalCoreEvent): void {\n\tif (event.kind === 'progress' && event.message !== undefined) {\n\t\tprocess.stderr.write(`${event.message}\\n`);\n\t\treturn;\n\t}\n\tif (event.kind === 'partial_content') {\n\t\tconst message =\n\t\t\tevent.content.type === 'text' ? event.content.text : JSON.stringify(event.content.value);\n\t\tprocess.stderr.write(`${message}\\n`);\n\t\treturn;\n\t}\n\tif (event.kind === 'upstream_notification') {\n\t\tprocess.stderr.write(`upstream notification ${event.method}\\n`);\n\t}\n}\n\nasync function resolveCliApprovalHmacKeys(props: {\n\treadonly agentIds: readonly string[];\n\treadonly env: Readonly<Record<string, string | undefined>>;\n\treadonly portalConfig: Awaited<ReturnType<typeof loadMcpPortalConfig>>;\n\treadonly resolveSecret: (secret: SecretValue) => Promise<string>;\n}): Promise<ReadonlyMap<string, Buffer>> {\n\tif (props.portalConfig.externalAuth !== undefined) {\n\t\tconst masterKey = decodePortalMasterKey(\n\t\t\tawait props.resolveSecret(props.portalConfig.externalAuth.masterKey),\n\t\t);\n\t\treturn deriveApprovalHmacKeysFromMasterKey({ agentIds: props.agentIds, masterKey });\n\t}\n\treturn await resolveAgentHmacKeys({\n\t\tagents: props.portalConfig.agents,\n\t\tenvKeys: parseHmacKeysFromEnv(props.env),\n\t\tresolveSecret: props.resolveSecret,\n\t});\n}\n\nasync function runCallCommand(\n\targs: readonly string[],\n\truntimeProps: RequiredPortalRuntimeProps,\n): Promise<number> {\n\tconst configDir = readFlag(args, '--config-dir');\n\tconst agentId = readFlag(args, '--agent');\n\tconst inputPath = readFlag(args, '--input');\n\tif (configDir === null || agentId === null || inputPath === null) {\n\t\tprintUsage();\n\t\treturn 1;\n\t}\n\tconst toolName = parsePortalCoreToolName(readFlag(args, '--tool'));\n\tconst input = JSON.parse(await readFile(inputPath, 'utf8')) as unknown;\n\tconst secretResolver = await createCliSecretResolver(runtimeProps);\n\tconst resolveSecret = (secret: SecretValue): Promise<string> =>\n\t\tresolveSecretValue(secret, { env: runtimeProps.env, secretResolver });\n\tconst [mcpConfig, portalConfig] = await Promise.all([\n\t\tloadMcpConfig(join(configDir, 'mcp.config.jsonc')),\n\t\tloadMcpPortalConfig(join(configDir, 'mcp-portal.config.jsonc')),\n\t]);\n\tif (portalConfig.agents[agentId] === undefined) {\n\t\tthrow new Error(`Unknown MCP Portal agent \"${agentId}\".`);\n\t}\n\tconst hmacKeys = await resolveCliApprovalHmacKeys({\n\t\tagentIds: Object.keys(portalConfig.agents),\n\t\tenv: runtimeProps.env,\n\t\tportalConfig,\n\t\tresolveSecret,\n\t});\n\tconst agentRecords = createPortalAgentRuntimeRecords({ hmacKeys, portalConfig });\n\tconst verifyApproval = createPortalApprovalVerifier({ records: agentRecords });\n\tconst upstreamServers = await resolveUpstreamServers({ config: mcpConfig, resolveSecret });\n\tconst upstreamRuntime = createUpstreamMcpClientRuntime({ servers: upstreamServers });\n\tconst profilePolicyMaps = buildProfilePolicyMaps(portalConfig);\n\tconst core = createPortalCore({\n\t\taccessPolicy: {\n\t\t\tdefaultPolicy: 'deny-all',\n\t\t\tenabledNamespacesByAgent: profilePolicyMaps.enabledNamespacesByAgent,\n\t\t\tenabledToolsByAgent: profilePolicyMaps.enabledToolsByAgent,\n\t\t\thiddenToolsByAgent: profilePolicyMaps.hiddenToolsByAgent,\n\t\t},\n\t\tapproval: (calls, scope, approvalToken) => verifyApproval(calls, scope.agentId, approvalToken),\n\t\tcatalogTtlMs: profilePolicyMaps.cacheTtlMs,\n\t\truntime: {\n\t\t\t...upstreamRuntime,\n\t\t\tcallUpstreamTool: upstreamRuntime.callTool,\n\t\t},\n\t\tupstreamNamespaces: upstreamServers.map((server) => server.namespace),\n\t});\n\ttry {\n\t\tconst scope = core.createAgentScope({\n\t\t\tagentId,\n\t\t\tagentScopeId: agentId,\n\t\t\tsource: 'cli-operator',\n\t\t});\n\t\tconst result = await core.collectPortalCoreResult(core.callStream({ input, scope, toolName }), {\n\t\t\tonEvent: writePortalCoreEventToStderr,\n\t\t});\n\t\tprocess.stdout.write(`${JSON.stringify(result, null, '\\t')}\\n`);\n\t\treturn 0;\n\t} finally {\n\t\tawait core.close();\n\t}\n}\n\nexport async function runMcpPortal(\n\targs: readonly string[],\n\tprops: AgentVmMcpPortalRuntimeProps = {},\n): Promise<number> {\n\tconst [command, catalogPath, ...restArgs] = args;\n\tconst runtimeProps = {\n\t\tenv: props.env ?? process.env,\n\t\t...(props.secretResolver !== undefined ? { secretResolver: props.secretResolver } : {}),\n\t};\n\tif (!command) {\n\t\tprintUsage();\n\t\treturn 1;\n\t}\n\n\ttry {\n\t\tif (command === 'mcp-proxy') {\n\t\t\tconst [mcpProxyCommand, ...mcpProxyArgs] = args.slice(1);\n\t\t\tif (mcpProxyCommand === 'serve') {\n\t\t\t\tconst injectedSecretResolver = runtimeProps.secretResolver;\n\t\t\t\tconst server = await startPortalServer({\n\t\t\t\t\targs: parsePortalServerCliArgs(mcpProxyArgs),\n\t\t\t\t\tenv: runtimeProps.env,\n\t\t\t\t\t...(injectedSecretResolver !== undefined\n\t\t\t\t\t\t? {\n\t\t\t\t\t\t\t\tresolveSecret: (secret) =>\n\t\t\t\t\t\t\t\t\tresolveSecretValue(secret, {\n\t\t\t\t\t\t\t\t\t\tenv: runtimeProps.env,\n\t\t\t\t\t\t\t\t\t\tsecretResolver: injectedSecretResolver,\n\t\t\t\t\t\t\t\t\t}),\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t: {}),\n\t\t\t\t});\n\t\t\t\tawait waitUntilPortalServerShutdown({ server });\n\t\t\t\treturn 0;\n\t\t\t}\n\t\t\tif (mcpProxyCommand === 'write-credential') {\n\t\t\t\treturn printDisabledCredentialWriter();\n\t\t\t}\n\t\t\tif (mcpProxyCommand === 'print-client-config') {\n\t\t\t\treturn await printClientConfig(mcpProxyArgs, runtimeProps);\n\t\t\t}\n\t\t\tprintUsage();\n\t\t\treturn 1;\n\t\t}\n\t\tif (command === 'serve') {\n\t\t\tprintUsage();\n\t\t\treturn 1;\n\t\t}\n\t\tif (command === 'write-credential') {\n\t\t\tprintUsage();\n\t\t\treturn 1;\n\t\t}\n\t\tif (command === 'call') {\n\t\t\treturn await runCallCommand(args.slice(1), runtimeProps);\n\t\t}\n\t\tif (!catalogPath) {\n\t\t\tprintUsage();\n\t\t\treturn 1;\n\t\t}\n\t\tconst catalog = await readCatalogFile(catalogPath);\n\t\tswitch (command) {\n\t\t\tcase 'validate':\n\t\t\t\treturn 0;\n\t\t\tcase 'generate-helper': {\n\t\t\t\tconst outputDirectory = parseOutputDirectory(restArgs);\n\t\t\t\tif (!outputDirectory) {\n\t\t\t\t\tprintUsage();\n\t\t\t\t\treturn 1;\n\t\t\t\t}\n\n\t\t\t\tawait mkdir(outputDirectory, { recursive: true });\n\t\t\t\tawait writeFile(join(outputDirectory, 'catalog.json'), JSON.stringify(catalog, null, '\\t'));\n\t\t\t\tawait writeFile(\n\t\t\t\t\tjoin(outputDirectory, 'catalog.ts'),\n\t\t\t\t\tgenerateTypescriptCatalogArtifact(catalog),\n\t\t\t\t);\n\t\t\t\treturn 0;\n\t\t\t}\n\t\t\tdefault:\n\t\t\t\tprintUsage();\n\t\t\t\treturn 1;\n\t\t}\n\t} catch (error) {\n\t\tprocess.stderr.write(`${error instanceof Error ? error.message : String(error)}\\n`);\n\t\treturn 1;\n\t}\n}\n\n/*\n * Command-shape note: top-level `serve` and credential commands are\n * intentionally rejected. The public CLI shape is `mcp-portal mcp-proxy ...`\n * so the command mirrors the library adapter boundary.\n */\n\nexport function shouldRunMcpPortalEntrypoint(argvPath: string | undefined): boolean {\n\tconst entrypointName = argvPath === undefined ? undefined : basename(argvPath);\n\treturn (\n\t\tentrypointName === 'mcp-portal' ||\n\t\tentrypointName === 'mcp-portal.js' ||\n\t\tentrypointName === 'mcp-portal.ts'\n\t);\n}\n\nif (shouldRunMcpPortalEntrypoint(process.argv[1])) {\n\tprocess.exitCode = await runMcpPortal(process.argv.slice(2));\n}\n"],"mappings":";;;;;;;;;;;;;;AA2CA,MAAM,oBAAoB,EACxB,OAAO,EACP,OAAO,EAAE,MAAM,uBAAuB,EACtC,CAAC,CACD,QAAQ;AAWV,eAAe,gBAAgB,aAAiD;CAC/E,MAAM,aAAa,MAAM,SAAS,aAAa,QAAQ;CACvD,MAAM,aAAa,KAAK,MAAM,WAAW;CACzC,OAAO,kBAAkB,MAAM,WAAW;;AAG3C,SAAS,qBAAqB,MAAwC;CACrE,MAAM,kBAAkB,KAAK,QAAQ,QAAQ;CAC7C,IAAI,oBAAoB,IACvB,OAAO;CAGR,OAAO,KAAK,kBAAkB,MAAM;;AAGrC,SAAS,aAAmB;CAC3B,QAAQ,OAAO,MAAM,8CAA8C;CACnE,QAAQ,OAAO,MAAM,uEAAuE;CAC5F,QAAQ,OAAO,MACd,+EACA;CACD,QAAQ,OAAO,MACd,0HACA;CACD,QAAQ,OAAO,MACd,0JACA;;AAGF,SAAS,SAAS,MAAyB,MAA6B;CACvE,MAAM,QAAQ,KAAK,QAAQ,KAAK;CAChC,IAAI,UAAU,IACb,OAAO;CAER,OAAO,KAAK,QAAQ,MAAM;;AAG3B,SAAS,4BAA4B,OAAuB;CAC3D,MAAM,MAAM,IAAI,IAAI,MAAM;CAC1B,IAAI,IAAI,aAAa,WAAW,IAAI,aAAa,UAChD,MAAM,IAAI,MAAM,iCAAiC,IAAI,SAAS,4BAA4B;CAE3F,OAAO,IAAI,UAAU;;AAMtB,eAAe,wBAAwB,OAA4D;CAClG,OAAO,MAAM,kBAAmB,MAAM,0BAA0B,MAAM,IAAI;;AAoB3E,SAAS,0BAA0B,SAAyB;CAC3D,OAAO,cAAc,QAAQ,WAAW,oBAAoB,IAAI;;AAGjE,SAAS,iCAAuC;CAC/C,QAAQ,OAAO,MACd;EACC;EACA;EACA;EACA;EACA,CAAC,KAAK,KAAK,CACZ;;AAGF,SAAS,gCAAwC;CAChD,QAAQ,OAAO,MACd;EACC;EACA;EACA;EACA,CAAC,KAAK,KAAK,CACZ;CACD,OAAO;;AAGR,eAAe,kBACd,MACA,cACkB;CAClB,MAAM,YAAY,SAAS,MAAM,eAAe;CAChD,MAAM,UAAU,SAAS,MAAM,UAAU;CACzC,MAAM,sBAAsB,SAAS,MAAM,2BAA2B;CACtE,MAAM,mBAAmB,SAAS,MAAM,cAAc;CACtD,IAAI,cAAc,QAAQ,YAAY,QAAQ,wBAAwB,MAAM;EAC3E,YAAY;EACZ,OAAO;;CAER,MAAM,eAAe,MAAM,oBAAoB,KAAK,WAAW,0BAA0B,CAAC;CAC1F,IAAI,aAAa,iBAAiB,KAAA,GACjC,MAAM,IAAI,MAAM,uDAAuD;CAExE,IAAI,aAAa,aAAa,KAAA,KAAa,qBAAqB,MAC/D,MAAM,IAAI,MAAM,wEAAwE;CAEzF,IAAI,aAAa,OAAO,aAAa,KAAA,GACpC,MAAM,IAAI,MAAM,6BAA6B,QAAQ,IAAI;CAE1D,MAAM,iBAAiB,MAAM,wBAAwB,aAAa;CAClE,MAAM,YAAY,sBACjB,MAAM,mBAAmB,aAAa,aAAa,WAAW;EAC7D,KAAK,aAAa;EAClB;EACA,CAAC,CACF;CACD,MAAM,oBAAoB,2BAA2B,UAAU;CAC/D,IAAI,sBAAsB,qBACzB,MAAM,IAAI,MACT,6CAA6C,oBAAoB,aAAa,kBAAkB,GAChG;CAEF,MAAM,cAAc,aAAa,OAAO;CACxC,MAAM,SAAS,uBAAuB;EACrC;EACA,mBAAmB,YAAY;EAC/B;EACA,CAAC;CACF,MAAM,WACL,qBAAqB,OAClB,6BAA6B,0BAA0B,aAAa,SAAS,EAAE,QAAQ,GACvF,4BAA4B,iBAAiB;CACjD,MAAM,0BAA0B,aAAa,UAAU,KAAK,cAAc;CAC1E,MAAM,2BAA2B,UAAU;CAC3C,MAAM,eAAe;EACpB;EACA;EACA;EACA,MAAM;EACN,sBAAsB;EACtB,YAAY,GACV,0BAA0B,QAAQ,GAAG;GACrC,SAAS,GAAG,0BAA0B,0BAA0B;GAChE,MAAM;GACN,KAAK;GACL,EACD;EACD;EACA,eAAe;EACf;CACD,gCAAgC;CAChC,QAAQ,OAAO,MAAM,GAAG,KAAK,UAAU,cAAc,MAAM,IAAK,CAAC,IAAI;CACrE,OAAO;;AAGR,SAAS,0BACR,UAC2C;CAC3C,IAAI,aAAa,KAAA,GAChB,MAAM,IAAI,MAAM,wEAAwE;CAEzF,OAAO;;AAGR,SAAS,6BACR,UACA,SACS;CAIT,OAAO,UAHM,SAAS,OAAO,KAAK,SAAS,IAAI,GAC5C,IAAI,SAAS,OAAO,KAAK,QAAQ,aAAa,GAAG,CAAC,KAClD,SAAS,OAAO,KACG,GAAG,OAAO,SAAS,OAAO,KAAK,CAAC,UAAU,mBAAmB,QAAQ,CAAC;;AAG7F,MAAM,sBAAsB,IAAI,IAAY;CAC3C;CACA;CACA;CACA;CACA,CAAC;AAYF,SAAS,4BACR,eAAmC,SACH;CAChC,MAAM,UAAU,CAAC,UAAU,UAAU;CACrC,OAAO,IAAI,SAAS,YAAY;EAC/B,MAAM,4BAAY,IAAI,KAAuC;EAC7D,KAAK,MAAM,UAAU,SAAS;GAC7B,MAAM,iBAAuB;IAC5B,KAAK,MAAM,CAAC,kBAAkB,uBAAuB,WACpD,aAAa,IAAI,kBAAkB,mBAAmB;IAEvD,QAAQ,OAAO;;GAEhB,UAAU,IAAI,QAAQ,SAAS;GAC/B,aAAa,KAAK,QAAQ,SAAS;;GAEnC;;AAGH,eAAsB,8BAA8B,OAGlC;CACjB,IAAI;EACH,MAAM,4BAA4B,MAAM,aAAa;WAC5C;EACT,MAAM,MAAM,OAAO,OAAO;;;AAI5B,SAAS,qBAAqB,OAA4C;CACzE,OAAO,oBAAoB,IAAI,MAAM;;AAGtC,SAAS,wBAAwB,OAA0C;CAC1E,MAAM,WAAW,SAAS;CAC1B,IAAI,CAAC,qBAAqB,SAAS,EAClC,MAAM,IAAI,MAAM,4BAA4B,SAAS,IAAI;CAE1D,OAAO;;AAGR,SAAS,6BAA6B,OAA8B;CACnE,IAAI,MAAM,SAAS,cAAc,MAAM,YAAY,KAAA,GAAW;EAC7D,QAAQ,OAAO,MAAM,GAAG,MAAM,QAAQ,IAAI;EAC1C;;CAED,IAAI,MAAM,SAAS,mBAAmB;EACrC,MAAM,UACL,MAAM,QAAQ,SAAS,SAAS,MAAM,QAAQ,OAAO,KAAK,UAAU,MAAM,QAAQ,MAAM;EACzF,QAAQ,OAAO,MAAM,GAAG,QAAQ,IAAI;EACpC;;CAED,IAAI,MAAM,SAAS,yBAClB,QAAQ,OAAO,MAAM,yBAAyB,MAAM,OAAO,IAAI;;AAIjE,eAAe,2BAA2B,OAKD;CACxC,IAAI,MAAM,aAAa,iBAAiB,KAAA,GAAW;EAClD,MAAM,YAAY,sBACjB,MAAM,MAAM,cAAc,MAAM,aAAa,aAAa,UAAU,CACpE;EACD,OAAO,oCAAoC;GAAE,UAAU,MAAM;GAAU;GAAW,CAAC;;CAEpF,OAAO,MAAM,qBAAqB;EACjC,QAAQ,MAAM,aAAa;EAC3B,SAAS,qBAAqB,MAAM,IAAI;EACxC,eAAe,MAAM;EACrB,CAAC;;AAGH,eAAe,eACd,MACA,cACkB;CAClB,MAAM,YAAY,SAAS,MAAM,eAAe;CAChD,MAAM,UAAU,SAAS,MAAM,UAAU;CACzC,MAAM,YAAY,SAAS,MAAM,UAAU;CAC3C,IAAI,cAAc,QAAQ,YAAY,QAAQ,cAAc,MAAM;EACjE,YAAY;EACZ,OAAO;;CAER,MAAM,WAAW,wBAAwB,SAAS,MAAM,SAAS,CAAC;CAClE,MAAM,QAAQ,KAAK,MAAM,MAAM,SAAS,WAAW,OAAO,CAAC;CAC3D,MAAM,iBAAiB,MAAM,wBAAwB,aAAa;CAClE,MAAM,iBAAiB,WACtB,mBAAmB,QAAQ;EAAE,KAAK,aAAa;EAAK;EAAgB,CAAC;CACtE,MAAM,CAAC,WAAW,gBAAgB,MAAM,QAAQ,IAAI,CACnD,cAAc,KAAK,WAAW,mBAAmB,CAAC,EAClD,oBAAoB,KAAK,WAAW,0BAA0B,CAAC,CAC/D,CAAC;CACF,IAAI,aAAa,OAAO,aAAa,KAAA,GACpC,MAAM,IAAI,MAAM,6BAA6B,QAAQ,IAAI;CAS1D,MAAM,iBAAiB,6BAA6B,EAAE,SADjC,gCAAgC;EAAE,UAAA,MANhC,2BAA2B;GACjD,UAAU,OAAO,KAAK,aAAa,OAAO;GAC1C,KAAK,aAAa;GAClB;GACA;GACA,CAAC;EAC+D;EAAc,CACJ,EAAE,CAAC;CAC9E,MAAM,kBAAkB,MAAM,uBAAuB;EAAE,QAAQ;EAAW;EAAe,CAAC;CAC1F,MAAM,kBAAkB,+BAA+B,EAAE,SAAS,iBAAiB,CAAC;CACpF,MAAM,oBAAoB,uBAAuB,aAAa;CAC9D,MAAM,OAAO,iBAAiB;EAC7B,cAAc;GACb,eAAe;GACf,0BAA0B,kBAAkB;GAC5C,qBAAqB,kBAAkB;GACvC,oBAAoB,kBAAkB;GACtC;EACD,WAAW,OAAO,OAAO,kBAAkB,eAAe,OAAO,MAAM,SAAS,cAAc;EAC9F,cAAc,kBAAkB;EAChC,SAAS;GACR,GAAG;GACH,kBAAkB,gBAAgB;GAClC;EACD,oBAAoB,gBAAgB,KAAK,WAAW,OAAO,UAAU;EACrE,CAAC;CACF,IAAI;EACH,MAAM,QAAQ,KAAK,iBAAiB;GACnC;GACA,cAAc;GACd,QAAQ;GACR,CAAC;EACF,MAAM,SAAS,MAAM,KAAK,wBAAwB,KAAK,WAAW;GAAE;GAAO;GAAO;GAAU,CAAC,EAAE,EAC9F,SAAS,8BACT,CAAC;EACF,QAAQ,OAAO,MAAM,GAAG,KAAK,UAAU,QAAQ,MAAM,IAAK,CAAC,IAAI;EAC/D,OAAO;WACE;EACT,MAAM,KAAK,OAAO;;;AAIpB,eAAsB,aACrB,MACA,QAAsC,EAAE,EACtB;CAClB,MAAM,CAAC,SAAS,aAAa,GAAG,YAAY;CAC5C,MAAM,eAAe;EACpB,KAAK,MAAM,OAAO,QAAQ;EAC1B,GAAI,MAAM,mBAAmB,KAAA,IAAY,EAAE,gBAAgB,MAAM,gBAAgB,GAAG,EAAE;EACtF;CACD,IAAI,CAAC,SAAS;EACb,YAAY;EACZ,OAAO;;CAGR,IAAI;EACH,IAAI,YAAY,aAAa;GAC5B,MAAM,CAAC,iBAAiB,GAAG,gBAAgB,KAAK,MAAM,EAAE;GACxD,IAAI,oBAAoB,SAAS;IAChC,MAAM,yBAAyB,aAAa;IAc5C,MAAM,8BAA8B,EAAE,QAAA,MAbjB,kBAAkB;KACtC,MAAM,yBAAyB,aAAa;KAC5C,KAAK,aAAa;KAClB,GAAI,2BAA2B,KAAA,IAC5B,EACA,gBAAgB,WACf,mBAAmB,QAAQ;MAC1B,KAAK,aAAa;MAClB,gBAAgB;MAChB,CAAC,EACH,GACA,EAAE;KACL,CAAC,EAC4C,CAAC;IAC/C,OAAO;;GAER,IAAI,oBAAoB,oBACvB,OAAO,+BAA+B;GAEvC,IAAI,oBAAoB,uBACvB,OAAO,MAAM,kBAAkB,cAAc,aAAa;GAE3D,YAAY;GACZ,OAAO;;EAER,IAAI,YAAY,SAAS;GACxB,YAAY;GACZ,OAAO;;EAER,IAAI,YAAY,oBAAoB;GACnC,YAAY;GACZ,OAAO;;EAER,IAAI,YAAY,QACf,OAAO,MAAM,eAAe,KAAK,MAAM,EAAE,EAAE,aAAa;EAEzD,IAAI,CAAC,aAAa;GACjB,YAAY;GACZ,OAAO;;EAER,MAAM,UAAU,MAAM,gBAAgB,YAAY;EAClD,QAAQ,SAAR;GACC,KAAK,YACJ,OAAO;GACR,KAAK,mBAAmB;IACvB,MAAM,kBAAkB,qBAAqB,SAAS;IACtD,IAAI,CAAC,iBAAiB;KACrB,YAAY;KACZ,OAAO;;IAGR,MAAM,MAAM,iBAAiB,EAAE,WAAW,MAAM,CAAC;IACjD,MAAM,UAAU,KAAK,iBAAiB,eAAe,EAAE,KAAK,UAAU,SAAS,MAAM,IAAK,CAAC;IAC3F,MAAM,UACL,KAAK,iBAAiB,aAAa,EACnC,kCAAkC,QAAQ,CAC1C;IACD,OAAO;;GAER;IACC,YAAY;IACZ,OAAO;;UAED,OAAO;EACf,QAAQ,OAAO,MAAM,GAAG,iBAAiB,QAAQ,MAAM,UAAU,OAAO,MAAM,CAAC,IAAI;EACnF,OAAO;;;AAUT,SAAgB,6BAA6B,UAAuC;CACnF,MAAM,iBAAiB,aAAa,KAAA,IAAY,KAAA,IAAY,SAAS,SAAS;CAC9E,OACC,mBAAmB,gBACnB,mBAAmB,mBACnB,mBAAmB;;AAIrB,IAAI,6BAA6B,QAAQ,KAAK,GAAG,EAChD,QAAQ,WAAW,MAAM,aAAa,QAAQ,KAAK,MAAM,EAAE,CAAC"}
|
|
1
|
+
{"version":3,"file":"mcp-portal.js","names":[],"sources":["../../src/bin/mcp-portal.ts"],"sourcesContent":["#!/usr/bin/env node\n\nimport { mkdir, readFile, writeFile } from 'node:fs/promises';\nimport { basename, join } from 'node:path';\n\nimport {\n\tloadMcpConfig,\n\tloadMcpPortalConfig,\n\ttype McpPortalConfig,\n\ttype SecretValue,\n} from '@agent-vm/config-contracts';\nimport type { SecretResolver } from '@agent-vm/secret-management';\nimport { z } from 'zod';\n\nimport { portalToolRecordSchema, type PortalToolRecord } from '../catalog-types.js';\nimport {\n\tbuildProfilePolicyMaps,\n\tcreateServeSecretResolver,\n\tderiveApprovalHmacKeysFromMasterKey,\n\tparsePortalServerCliArgs,\n\tstartPortalServer,\n} from '../cli/serve-command.js';\nimport {\n\tcreatePortalCore,\n\ttype PortalCoreEvent,\n\ttype PortalCoreToolName,\n} from '../core/portal-core.js';\nimport { resolveUpstreamServers } from '../core/provider-runtime.js';\nimport {\n\tcreatePortalAgentRuntimeRecords,\n\tcreatePortalApprovalVerifier,\n\tresolveAgentHmacKeys,\n} from '../mcp-proxy/resolve-agent-identity.js';\nimport {\n\tdecodePortalMasterKey,\n\tderiveAgentBearerToken,\n\tformatMasterKeyFingerprint,\n} from '../portal-auth/agent-bearer-token.js';\nimport { parseHmacKeysFromEnv } from '../portal-auth/hmac-env.js';\nimport { generateTypescriptCatalogArtifact } from '../portal-config/typescript-artifact.js';\nimport { createUpstreamMcpClientRuntime } from '../upstream-mcp-client-runtime.js';\nimport { resolveSecretValue } from './secret-value-resolver.js';\n\nconst catalogFileSchema = z\n\t.object({\n\t\ttools: z.array(portalToolRecordSchema),\n\t})\n\t.strict();\n\nexport interface PortalCatalogFile {\n\treadonly tools: readonly PortalToolRecord[];\n}\n\nexport interface AgentVmMcpPortalRuntimeProps {\n\treadonly env?: Readonly<Record<string, string | undefined>>;\n\treadonly secretResolver?: SecretResolver;\n}\n\nasync function readCatalogFile(catalogPath: string): Promise<PortalCatalogFile> {\n\tconst rawCatalog = await readFile(catalogPath, 'utf-8');\n\tconst parsedJson = JSON.parse(rawCatalog) as unknown;\n\treturn catalogFileSchema.parse(parsedJson);\n}\n\nfunction parseOutputDirectory(args: readonly string[]): string | null {\n\tconst outputFlagIndex = args.indexOf('--out');\n\tif (outputFlagIndex === -1) {\n\t\treturn null;\n\t}\n\n\treturn args[outputFlagIndex + 1] ?? null;\n}\n\nfunction printUsage(): void {\n\tprocess.stderr.write('Usage: mcp-portal validate <catalog.json>\\n');\n\tprocess.stderr.write('Usage: mcp-portal generate-helper <catalog.json> --out <directory>\\n');\n\tprocess.stderr.write(\n\t\t'Usage: mcp-portal mcp-proxy serve --config-dir <directory> [--port <port>]\\n',\n\t);\n\tprocess.stderr.write(\n\t\t'Usage: mcp-portal call --config-dir <directory> --agent <agent-id> --input <request.json> [--tool <portal-tool-name>]\\n',\n\t);\n\tprocess.stderr.write(\n\t\t'Usage: mcp-portal mcp-proxy print-client-config --config-dir <directory> --agent <agent-id> --master-key-fingerprint <sha256:...> [--proxy-url <url>]\\n',\n\t);\n}\n\nfunction readFlag(args: readonly string[], name: string): string | null {\n\tconst index = args.indexOf(name);\n\tif (index === -1) {\n\t\treturn null;\n\t}\n\treturn args[index + 1] ?? null;\n}\n\nfunction normalizeCredentialProxyUrl(value: string): string {\n\tconst url = new URL(value);\n\tif (url.protocol !== 'http:' && url.protocol !== 'https:') {\n\t\tthrow new Error(`Invalid --proxy-url protocol \"${url.protocol}\". Expected http or https.`);\n\t}\n\treturn url.toString();\n}\n\ntype RequiredPortalRuntimeProps = Required<Pick<AgentVmMcpPortalRuntimeProps, 'env'>> &\n\tPick<AgentVmMcpPortalRuntimeProps, 'secretResolver'>;\n\nasync function createCliSecretResolver(props: RequiredPortalRuntimeProps): Promise<SecretResolver> {\n\treturn props.secretResolver ?? (await createServeSecretResolver(props.env));\n}\n\ninterface McpPortalClientConfigServer {\n\treadonly headers: Readonly<Record<string, string>>;\n\treadonly type: 'streamable-http';\n\treadonly url: string;\n}\n\ninterface McpPortalClientConfig {\n\treadonly agentId: string;\n\treadonly authorizationHeaderName: string;\n\treadonly authorizationHeaderValue: string;\n\treadonly kind: 'mcp-portal-client-config';\n\treadonly masterKeyFingerprint: string;\n\treadonly mcpServers: Readonly<Record<string, McpPortalClientConfigServer>>;\n\treadonly proxyUrl: string;\n\treadonly schemaVersion: 1;\n}\n\nfunction serverNameForClientConfig(agentId: string): string {\n\treturn `mcp-portal-${agentId.replaceAll(/[^A-Za-z0-9_-]/gu, '-')}`;\n}\n\nfunction printCredentialMaterialWarning(): void {\n\tprocess.stderr.write(\n\t\t[\n\t\t\t'WARNING: MCP Portal client config is bearer credential material.',\n\t\t\t'WARNING: Treat stdout like an API token. Do not paste it into logs, commits, or chat.',\n\t\t\t'WARNING: The token is per-agent and remains valid until credentialVersion or masterKey rotation.',\n\t\t\t'',\n\t\t].join('\\n'),\n\t);\n}\n\nfunction printDisabledCredentialWriter(): number {\n\tprocess.stderr.write(\n\t\t[\n\t\t\t'mcp-portal: mcp-proxy write-credential is disabled because it persists bearer credentials.',\n\t\t\t'Use mcp-portal mcp-proxy print-client-config and decide explicitly where stdout is stored.',\n\t\t\t'',\n\t\t].join('\\n'),\n\t);\n\treturn 1;\n}\n\nasync function printClientConfig(\n\targs: readonly string[],\n\truntimeProps: RequiredPortalRuntimeProps,\n): Promise<number> {\n\tconst configDir = readFlag(args, '--config-dir');\n\tconst agentId = readFlag(args, '--agent');\n\tconst expectedFingerprint = readFlag(args, '--master-key-fingerprint');\n\tconst proxyUrlOverride = readFlag(args, '--proxy-url');\n\tif (configDir === null || agentId === null || expectedFingerprint === null) {\n\t\tprintUsage();\n\t\treturn 1;\n\t}\n\tconst portalConfig = await loadMcpPortalConfig(join(configDir, 'mcp-portal.config.jsonc'));\n\tif (portalConfig.externalAuth === undefined) {\n\t\tthrow new Error('print-client-config requires externalAuth.masterKey.');\n\t}\n\tif (portalConfig.mcpProxy === undefined && proxyUrlOverride === null) {\n\t\tthrow new Error('print-client-config requires mcpProxy server settings or --proxy-url.');\n\t}\n\tif (portalConfig.agents[agentId] === undefined) {\n\t\tthrow new Error(`Unknown MCP Portal agent \"${agentId}\".`);\n\t}\n\tconst secretResolver = await createCliSecretResolver(runtimeProps);\n\tconst masterKey = decodePortalMasterKey(\n\t\tawait resolveSecretValue(portalConfig.externalAuth.masterKey, {\n\t\t\tenv: runtimeProps.env,\n\t\t\tsecretResolver,\n\t\t}),\n\t);\n\tconst actualFingerprint = formatMasterKeyFingerprint(masterKey);\n\tif (actualFingerprint !== expectedFingerprint) {\n\t\tthrow new Error(\n\t\t\t`Master-key fingerprint mismatch. Expected ${expectedFingerprint}; resolved ${actualFingerprint}.`,\n\t\t);\n\t}\n\tconst agentConfig = portalConfig.agents[agentId];\n\tconst bearer = deriveAgentBearerToken({\n\t\tagentId,\n\t\tcredentialVersion: agentConfig.credentialVersion,\n\t\tmasterKey,\n\t});\n\tconst proxyUrl =\n\t\tproxyUrlOverride === null\n\t\t\t? credentialProxyUrlFromConfig(requireCredentialMcpProxy(portalConfig.mcpProxy), agentId)\n\t\t\t: normalizeCredentialProxyUrl(proxyUrlOverride);\n\tconst authorizationHeaderName = portalConfig.mcpProxy?.auth.headerName ?? 'authorization';\n\tconst authorizationHeaderValue = `Bearer ${bearer}`;\n\tconst clientConfig = {\n\t\tagentId,\n\t\tauthorizationHeaderName,\n\t\tauthorizationHeaderValue,\n\t\tkind: 'mcp-portal-client-config',\n\t\tmasterKeyFingerprint: actualFingerprint,\n\t\tmcpServers: {\n\t\t\t[serverNameForClientConfig(agentId)]: {\n\t\t\t\theaders: { [authorizationHeaderName]: authorizationHeaderValue },\n\t\t\t\ttype: 'streamable-http',\n\t\t\t\turl: proxyUrl,\n\t\t\t},\n\t\t},\n\t\tproxyUrl,\n\t\tschemaVersion: 1,\n\t} satisfies McpPortalClientConfig;\n\tprintCredentialMaterialWarning();\n\tprocess.stdout.write(`${JSON.stringify(clientConfig, null, '\\t')}\\n`);\n\treturn 0;\n}\n\nfunction requireCredentialMcpProxy(\n\tmcpProxy: McpPortalConfig['mcpProxy'],\n): NonNullable<McpPortalConfig['mcpProxy']> {\n\tif (mcpProxy === undefined) {\n\t\tthrow new Error('print-client-config requires mcpProxy server settings or --proxy-url.');\n\t}\n\treturn mcpProxy;\n}\n\nfunction credentialProxyUrlFromConfig(\n\tmcpProxy: NonNullable<McpPortalConfig['mcpProxy']>,\n\tagentId: string,\n): string {\n\tconst host = mcpProxy.server.host.includes(':')\n\t\t? `[${mcpProxy.server.host.replace(/^\\[|\\]$/gu, '')}]`\n\t\t: mcpProxy.server.host;\n\treturn `http://${host}:${String(mcpProxy.server.port)}/agents/${encodeURIComponent(agentId)}/mcp`;\n}\n\nconst portalCoreToolNames = new Set<string>([\n\t'mcp_portal_list',\n\t'mcp_portal_search',\n\t'mcp_portal_describe',\n\t'mcp_portal_call',\n]);\n\ntype PortalShutdownSignal = 'SIGINT' | 'SIGTERM';\ninterface PortalSignalTarget {\n\treadonly off: (signal: PortalShutdownSignal, listener: () => void) => void;\n\treadonly once: (signal: PortalShutdownSignal, listener: () => void) => void;\n}\n\nexport interface RunningPortalServer {\n\treadonly close: () => Promise<void>;\n}\n\nfunction waitForPortalShutdownSignal(\n\tsignalTarget: PortalSignalTarget = process,\n): Promise<PortalShutdownSignal> {\n\tconst signals = ['SIGINT', 'SIGTERM'] satisfies readonly PortalShutdownSignal[];\n\treturn new Promise((resolve) => {\n\t\tconst listeners = new Map<PortalShutdownSignal, () => void>();\n\t\tfor (const signal of signals) {\n\t\t\tconst listener = (): void => {\n\t\t\t\tfor (const [registeredSignal, registeredListener] of listeners) {\n\t\t\t\t\tsignalTarget.off(registeredSignal, registeredListener);\n\t\t\t\t}\n\t\t\t\tresolve(signal);\n\t\t\t};\n\t\t\tlisteners.set(signal, listener);\n\t\t\tsignalTarget.once(signal, listener);\n\t\t}\n\t});\n}\n\nexport async function waitUntilPortalServerShutdown(props: {\n\treadonly server: RunningPortalServer;\n\treadonly signalTarget?: PortalSignalTarget;\n}): Promise<void> {\n\ttry {\n\t\tawait waitForPortalShutdownSignal(props.signalTarget);\n\t} finally {\n\t\tawait props.server.close();\n\t}\n}\n\nfunction isPortalCoreToolName(value: string): value is PortalCoreToolName {\n\treturn portalCoreToolNames.has(value);\n}\n\nfunction parsePortalCoreToolName(value: string | null): PortalCoreToolName {\n\tconst toolName = value ?? 'mcp_portal_call';\n\tif (!isPortalCoreToolName(toolName)) {\n\t\tthrow new Error(`Unknown MCP Portal tool \"${toolName}\".`);\n\t}\n\treturn toolName;\n}\n\nfunction writePortalCoreEventToStderr(event: PortalCoreEvent): void {\n\tif (event.kind === 'progress' && event.message !== undefined) {\n\t\tprocess.stderr.write(`${event.message}\\n`);\n\t\treturn;\n\t}\n\tif (event.kind === 'partial_content') {\n\t\tconst message =\n\t\t\tevent.content.type === 'text' ? event.content.text : JSON.stringify(event.content.value);\n\t\tprocess.stderr.write(`${message}\\n`);\n\t\treturn;\n\t}\n\tif (event.kind === 'upstream_notification') {\n\t\tprocess.stderr.write(`upstream notification ${event.method}\\n`);\n\t}\n}\n\nasync function resolveCliApprovalHmacKeys(props: {\n\treadonly agentIds: readonly string[];\n\treadonly env: Readonly<Record<string, string | undefined>>;\n\treadonly portalConfig: Awaited<ReturnType<typeof loadMcpPortalConfig>>;\n\treadonly resolveSecret: (secret: SecretValue) => Promise<string>;\n}): Promise<ReadonlyMap<string, Buffer>> {\n\tif (props.portalConfig.externalAuth !== undefined) {\n\t\tconst masterKey = decodePortalMasterKey(\n\t\t\tawait props.resolveSecret(props.portalConfig.externalAuth.masterKey),\n\t\t);\n\t\treturn deriveApprovalHmacKeysFromMasterKey({ agentIds: props.agentIds, masterKey });\n\t}\n\treturn await resolveAgentHmacKeys({\n\t\tagents: props.portalConfig.agents,\n\t\tenvKeys: parseHmacKeysFromEnv(props.env),\n\t\tresolveSecret: props.resolveSecret,\n\t});\n}\n\nasync function runCallCommand(\n\targs: readonly string[],\n\truntimeProps: RequiredPortalRuntimeProps,\n): Promise<number> {\n\tconst configDir = readFlag(args, '--config-dir');\n\tconst agentId = readFlag(args, '--agent');\n\tconst inputPath = readFlag(args, '--input');\n\tif (configDir === null || agentId === null || inputPath === null) {\n\t\tprintUsage();\n\t\treturn 1;\n\t}\n\tconst toolName = parsePortalCoreToolName(readFlag(args, '--tool'));\n\tconst input = JSON.parse(await readFile(inputPath, 'utf8')) as unknown;\n\tconst secretResolver = await createCliSecretResolver(runtimeProps);\n\tconst resolveSecret = (secret: SecretValue): Promise<string> =>\n\t\tresolveSecretValue(secret, { env: runtimeProps.env, secretResolver });\n\tconst [mcpConfig, portalConfig] = await Promise.all([\n\t\tloadMcpConfig(join(configDir, 'mcp.config.jsonc')),\n\t\tloadMcpPortalConfig(join(configDir, 'mcp-portal.config.jsonc')),\n\t]);\n\tif (portalConfig.agents[agentId] === undefined) {\n\t\tthrow new Error(`Unknown MCP Portal agent \"${agentId}\".`);\n\t}\n\tconst hmacKeys = await resolveCliApprovalHmacKeys({\n\t\tagentIds: Object.keys(portalConfig.agents),\n\t\tenv: runtimeProps.env,\n\t\tportalConfig,\n\t\tresolveSecret,\n\t});\n\tconst agentRecords = createPortalAgentRuntimeRecords({ hmacKeys, portalConfig });\n\tconst verifyApproval = createPortalApprovalVerifier({ records: agentRecords });\n\tconst upstreamServers = await resolveUpstreamServers({ config: mcpConfig, resolveSecret });\n\tconst upstreamRuntime = createUpstreamMcpClientRuntime({ servers: upstreamServers });\n\tconst profilePolicyMaps = buildProfilePolicyMaps(portalConfig);\n\tconst core = createPortalCore({\n\t\taccessPolicy: {\n\t\t\tdefaultPolicy: 'deny-all',\n\t\t\tenabledNamespacesByAgent: profilePolicyMaps.enabledNamespacesByAgent,\n\t\t\tenabledToolsByNamespaceByAgent: profilePolicyMaps.enabledToolsByNamespaceByAgent,\n\t\t\thiddenToolsByAgent: profilePolicyMaps.hiddenToolsByAgent,\n\t\t},\n\t\tapproval: (calls, scope, approvalToken) => verifyApproval(calls, scope.agentId, approvalToken),\n\t\tcatalogTtlMs: profilePolicyMaps.cacheTtlMs,\n\t\truntime: {\n\t\t\t...upstreamRuntime,\n\t\t\tcallUpstreamTool: upstreamRuntime.callTool,\n\t\t},\n\t\tupstreamNamespaces: upstreamServers.map((server) => server.namespace),\n\t});\n\ttry {\n\t\tconst scope = core.createAgentScope({\n\t\t\tagentId,\n\t\t\tagentScopeId: agentId,\n\t\t\tsource: 'cli-operator',\n\t\t});\n\t\tconst result = await core.collectPortalCoreResult(core.callStream({ input, scope, toolName }), {\n\t\t\tonEvent: writePortalCoreEventToStderr,\n\t\t});\n\t\tprocess.stdout.write(`${JSON.stringify(result, null, '\\t')}\\n`);\n\t\treturn 0;\n\t} finally {\n\t\tawait core.close();\n\t}\n}\n\nexport async function runMcpPortal(\n\targs: readonly string[],\n\tprops: AgentVmMcpPortalRuntimeProps = {},\n): Promise<number> {\n\tconst [command, catalogPath, ...restArgs] = args;\n\tconst runtimeProps = {\n\t\tenv: props.env ?? process.env,\n\t\t...(props.secretResolver !== undefined ? { secretResolver: props.secretResolver } : {}),\n\t};\n\tif (!command) {\n\t\tprintUsage();\n\t\treturn 1;\n\t}\n\n\ttry {\n\t\tif (command === 'mcp-proxy') {\n\t\t\tconst [mcpProxyCommand, ...mcpProxyArgs] = args.slice(1);\n\t\t\tif (mcpProxyCommand === 'serve') {\n\t\t\t\tconst injectedSecretResolver = runtimeProps.secretResolver;\n\t\t\t\tconst server = await startPortalServer({\n\t\t\t\t\targs: parsePortalServerCliArgs(mcpProxyArgs),\n\t\t\t\t\tenv: runtimeProps.env,\n\t\t\t\t\t...(injectedSecretResolver !== undefined\n\t\t\t\t\t\t? {\n\t\t\t\t\t\t\t\tresolveSecret: (secret) =>\n\t\t\t\t\t\t\t\t\tresolveSecretValue(secret, {\n\t\t\t\t\t\t\t\t\t\tenv: runtimeProps.env,\n\t\t\t\t\t\t\t\t\t\tsecretResolver: injectedSecretResolver,\n\t\t\t\t\t\t\t\t\t}),\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t: {}),\n\t\t\t\t});\n\t\t\t\tawait waitUntilPortalServerShutdown({ server });\n\t\t\t\treturn 0;\n\t\t\t}\n\t\t\tif (mcpProxyCommand === 'write-credential') {\n\t\t\t\treturn printDisabledCredentialWriter();\n\t\t\t}\n\t\t\tif (mcpProxyCommand === 'print-client-config') {\n\t\t\t\treturn await printClientConfig(mcpProxyArgs, runtimeProps);\n\t\t\t}\n\t\t\tprintUsage();\n\t\t\treturn 1;\n\t\t}\n\t\tif (command === 'serve') {\n\t\t\tprintUsage();\n\t\t\treturn 1;\n\t\t}\n\t\tif (command === 'write-credential') {\n\t\t\tprintUsage();\n\t\t\treturn 1;\n\t\t}\n\t\tif (command === 'call') {\n\t\t\treturn await runCallCommand(args.slice(1), runtimeProps);\n\t\t}\n\t\tif (!catalogPath) {\n\t\t\tprintUsage();\n\t\t\treturn 1;\n\t\t}\n\t\tconst catalog = await readCatalogFile(catalogPath);\n\t\tswitch (command) {\n\t\t\tcase 'validate':\n\t\t\t\treturn 0;\n\t\t\tcase 'generate-helper': {\n\t\t\t\tconst outputDirectory = parseOutputDirectory(restArgs);\n\t\t\t\tif (!outputDirectory) {\n\t\t\t\t\tprintUsage();\n\t\t\t\t\treturn 1;\n\t\t\t\t}\n\n\t\t\t\tawait mkdir(outputDirectory, { recursive: true });\n\t\t\t\tawait writeFile(join(outputDirectory, 'catalog.json'), JSON.stringify(catalog, null, '\\t'));\n\t\t\t\tawait writeFile(\n\t\t\t\t\tjoin(outputDirectory, 'catalog.ts'),\n\t\t\t\t\tgenerateTypescriptCatalogArtifact(catalog),\n\t\t\t\t);\n\t\t\t\treturn 0;\n\t\t\t}\n\t\t\tdefault:\n\t\t\t\tprintUsage();\n\t\t\t\treturn 1;\n\t\t}\n\t} catch (error) {\n\t\tprocess.stderr.write(`${error instanceof Error ? error.message : String(error)}\\n`);\n\t\treturn 1;\n\t}\n}\n\n/*\n * Command-shape note: top-level `serve` and credential commands are\n * intentionally rejected. The public CLI shape is `mcp-portal mcp-proxy ...`\n * so the command mirrors the library adapter boundary.\n */\n\nexport function shouldRunMcpPortalEntrypoint(argvPath: string | undefined): boolean {\n\tconst entrypointName = argvPath === undefined ? undefined : basename(argvPath);\n\treturn (\n\t\tentrypointName === 'mcp-portal' ||\n\t\tentrypointName === 'mcp-portal.js' ||\n\t\tentrypointName === 'mcp-portal.ts'\n\t);\n}\n\nif (shouldRunMcpPortalEntrypoint(process.argv[1])) {\n\tprocess.exitCode = await runMcpPortal(process.argv.slice(2));\n}\n"],"mappings":";;;;;;;;;;;;;;AA2CA,MAAM,oBAAoB,EACxB,OAAO,EACP,OAAO,EAAE,MAAM,uBAAuB,EACtC,CAAC,CACD,QAAQ;AAWV,eAAe,gBAAgB,aAAiD;CAC/E,MAAM,aAAa,MAAM,SAAS,aAAa,QAAQ;CACvD,MAAM,aAAa,KAAK,MAAM,WAAW;CACzC,OAAO,kBAAkB,MAAM,WAAW;;AAG3C,SAAS,qBAAqB,MAAwC;CACrE,MAAM,kBAAkB,KAAK,QAAQ,QAAQ;CAC7C,IAAI,oBAAoB,IACvB,OAAO;CAGR,OAAO,KAAK,kBAAkB,MAAM;;AAGrC,SAAS,aAAmB;CAC3B,QAAQ,OAAO,MAAM,8CAA8C;CACnE,QAAQ,OAAO,MAAM,uEAAuE;CAC5F,QAAQ,OAAO,MACd,+EACA;CACD,QAAQ,OAAO,MACd,0HACA;CACD,QAAQ,OAAO,MACd,0JACA;;AAGF,SAAS,SAAS,MAAyB,MAA6B;CACvE,MAAM,QAAQ,KAAK,QAAQ,KAAK;CAChC,IAAI,UAAU,IACb,OAAO;CAER,OAAO,KAAK,QAAQ,MAAM;;AAG3B,SAAS,4BAA4B,OAAuB;CAC3D,MAAM,MAAM,IAAI,IAAI,MAAM;CAC1B,IAAI,IAAI,aAAa,WAAW,IAAI,aAAa,UAChD,MAAM,IAAI,MAAM,iCAAiC,IAAI,SAAS,4BAA4B;CAE3F,OAAO,IAAI,UAAU;;AAMtB,eAAe,wBAAwB,OAA4D;CAClG,OAAO,MAAM,kBAAmB,MAAM,0BAA0B,MAAM,IAAI;;AAoB3E,SAAS,0BAA0B,SAAyB;CAC3D,OAAO,cAAc,QAAQ,WAAW,oBAAoB,IAAI;;AAGjE,SAAS,iCAAuC;CAC/C,QAAQ,OAAO,MACd;EACC;EACA;EACA;EACA;EACA,CAAC,KAAK,KAAK,CACZ;;AAGF,SAAS,gCAAwC;CAChD,QAAQ,OAAO,MACd;EACC;EACA;EACA;EACA,CAAC,KAAK,KAAK,CACZ;CACD,OAAO;;AAGR,eAAe,kBACd,MACA,cACkB;CAClB,MAAM,YAAY,SAAS,MAAM,eAAe;CAChD,MAAM,UAAU,SAAS,MAAM,UAAU;CACzC,MAAM,sBAAsB,SAAS,MAAM,2BAA2B;CACtE,MAAM,mBAAmB,SAAS,MAAM,cAAc;CACtD,IAAI,cAAc,QAAQ,YAAY,QAAQ,wBAAwB,MAAM;EAC3E,YAAY;EACZ,OAAO;;CAER,MAAM,eAAe,MAAM,oBAAoB,KAAK,WAAW,0BAA0B,CAAC;CAC1F,IAAI,aAAa,iBAAiB,KAAA,GACjC,MAAM,IAAI,MAAM,uDAAuD;CAExE,IAAI,aAAa,aAAa,KAAA,KAAa,qBAAqB,MAC/D,MAAM,IAAI,MAAM,wEAAwE;CAEzF,IAAI,aAAa,OAAO,aAAa,KAAA,GACpC,MAAM,IAAI,MAAM,6BAA6B,QAAQ,IAAI;CAE1D,MAAM,iBAAiB,MAAM,wBAAwB,aAAa;CAClE,MAAM,YAAY,sBACjB,MAAM,mBAAmB,aAAa,aAAa,WAAW;EAC7D,KAAK,aAAa;EAClB;EACA,CAAC,CACF;CACD,MAAM,oBAAoB,2BAA2B,UAAU;CAC/D,IAAI,sBAAsB,qBACzB,MAAM,IAAI,MACT,6CAA6C,oBAAoB,aAAa,kBAAkB,GAChG;CAEF,MAAM,cAAc,aAAa,OAAO;CACxC,MAAM,SAAS,uBAAuB;EACrC;EACA,mBAAmB,YAAY;EAC/B;EACA,CAAC;CACF,MAAM,WACL,qBAAqB,OAClB,6BAA6B,0BAA0B,aAAa,SAAS,EAAE,QAAQ,GACvF,4BAA4B,iBAAiB;CACjD,MAAM,0BAA0B,aAAa,UAAU,KAAK,cAAc;CAC1E,MAAM,2BAA2B,UAAU;CAC3C,MAAM,eAAe;EACpB;EACA;EACA;EACA,MAAM;EACN,sBAAsB;EACtB,YAAY,GACV,0BAA0B,QAAQ,GAAG;GACrC,SAAS,GAAG,0BAA0B,0BAA0B;GAChE,MAAM;GACN,KAAK;GACL,EACD;EACD;EACA,eAAe;EACf;CACD,gCAAgC;CAChC,QAAQ,OAAO,MAAM,GAAG,KAAK,UAAU,cAAc,MAAM,IAAK,CAAC,IAAI;CACrE,OAAO;;AAGR,SAAS,0BACR,UAC2C;CAC3C,IAAI,aAAa,KAAA,GAChB,MAAM,IAAI,MAAM,wEAAwE;CAEzF,OAAO;;AAGR,SAAS,6BACR,UACA,SACS;CAIT,OAAO,UAHM,SAAS,OAAO,KAAK,SAAS,IAAI,GAC5C,IAAI,SAAS,OAAO,KAAK,QAAQ,aAAa,GAAG,CAAC,KAClD,SAAS,OAAO,KACG,GAAG,OAAO,SAAS,OAAO,KAAK,CAAC,UAAU,mBAAmB,QAAQ,CAAC;;AAG7F,MAAM,sBAAsB,IAAI,IAAY;CAC3C;CACA;CACA;CACA;CACA,CAAC;AAYF,SAAS,4BACR,eAAmC,SACH;CAChC,MAAM,UAAU,CAAC,UAAU,UAAU;CACrC,OAAO,IAAI,SAAS,YAAY;EAC/B,MAAM,4BAAY,IAAI,KAAuC;EAC7D,KAAK,MAAM,UAAU,SAAS;GAC7B,MAAM,iBAAuB;IAC5B,KAAK,MAAM,CAAC,kBAAkB,uBAAuB,WACpD,aAAa,IAAI,kBAAkB,mBAAmB;IAEvD,QAAQ,OAAO;;GAEhB,UAAU,IAAI,QAAQ,SAAS;GAC/B,aAAa,KAAK,QAAQ,SAAS;;GAEnC;;AAGH,eAAsB,8BAA8B,OAGlC;CACjB,IAAI;EACH,MAAM,4BAA4B,MAAM,aAAa;WAC5C;EACT,MAAM,MAAM,OAAO,OAAO;;;AAI5B,SAAS,qBAAqB,OAA4C;CACzE,OAAO,oBAAoB,IAAI,MAAM;;AAGtC,SAAS,wBAAwB,OAA0C;CAC1E,MAAM,WAAW,SAAS;CAC1B,IAAI,CAAC,qBAAqB,SAAS,EAClC,MAAM,IAAI,MAAM,4BAA4B,SAAS,IAAI;CAE1D,OAAO;;AAGR,SAAS,6BAA6B,OAA8B;CACnE,IAAI,MAAM,SAAS,cAAc,MAAM,YAAY,KAAA,GAAW;EAC7D,QAAQ,OAAO,MAAM,GAAG,MAAM,QAAQ,IAAI;EAC1C;;CAED,IAAI,MAAM,SAAS,mBAAmB;EACrC,MAAM,UACL,MAAM,QAAQ,SAAS,SAAS,MAAM,QAAQ,OAAO,KAAK,UAAU,MAAM,QAAQ,MAAM;EACzF,QAAQ,OAAO,MAAM,GAAG,QAAQ,IAAI;EACpC;;CAED,IAAI,MAAM,SAAS,yBAClB,QAAQ,OAAO,MAAM,yBAAyB,MAAM,OAAO,IAAI;;AAIjE,eAAe,2BAA2B,OAKD;CACxC,IAAI,MAAM,aAAa,iBAAiB,KAAA,GAAW;EAClD,MAAM,YAAY,sBACjB,MAAM,MAAM,cAAc,MAAM,aAAa,aAAa,UAAU,CACpE;EACD,OAAO,oCAAoC;GAAE,UAAU,MAAM;GAAU;GAAW,CAAC;;CAEpF,OAAO,MAAM,qBAAqB;EACjC,QAAQ,MAAM,aAAa;EAC3B,SAAS,qBAAqB,MAAM,IAAI;EACxC,eAAe,MAAM;EACrB,CAAC;;AAGH,eAAe,eACd,MACA,cACkB;CAClB,MAAM,YAAY,SAAS,MAAM,eAAe;CAChD,MAAM,UAAU,SAAS,MAAM,UAAU;CACzC,MAAM,YAAY,SAAS,MAAM,UAAU;CAC3C,IAAI,cAAc,QAAQ,YAAY,QAAQ,cAAc,MAAM;EACjE,YAAY;EACZ,OAAO;;CAER,MAAM,WAAW,wBAAwB,SAAS,MAAM,SAAS,CAAC;CAClE,MAAM,QAAQ,KAAK,MAAM,MAAM,SAAS,WAAW,OAAO,CAAC;CAC3D,MAAM,iBAAiB,MAAM,wBAAwB,aAAa;CAClE,MAAM,iBAAiB,WACtB,mBAAmB,QAAQ;EAAE,KAAK,aAAa;EAAK;EAAgB,CAAC;CACtE,MAAM,CAAC,WAAW,gBAAgB,MAAM,QAAQ,IAAI,CACnD,cAAc,KAAK,WAAW,mBAAmB,CAAC,EAClD,oBAAoB,KAAK,WAAW,0BAA0B,CAAC,CAC/D,CAAC;CACF,IAAI,aAAa,OAAO,aAAa,KAAA,GACpC,MAAM,IAAI,MAAM,6BAA6B,QAAQ,IAAI;CAS1D,MAAM,iBAAiB,6BAA6B,EAAE,SADjC,gCAAgC;EAAE,UAAA,MANhC,2BAA2B;GACjD,UAAU,OAAO,KAAK,aAAa,OAAO;GAC1C,KAAK,aAAa;GAClB;GACA;GACA,CAAC;EAC+D;EAAc,CACJ,EAAE,CAAC;CAC9E,MAAM,kBAAkB,MAAM,uBAAuB;EAAE,QAAQ;EAAW;EAAe,CAAC;CAC1F,MAAM,kBAAkB,+BAA+B,EAAE,SAAS,iBAAiB,CAAC;CACpF,MAAM,oBAAoB,uBAAuB,aAAa;CAC9D,MAAM,OAAO,iBAAiB;EAC7B,cAAc;GACb,eAAe;GACf,0BAA0B,kBAAkB;GAC5C,gCAAgC,kBAAkB;GAClD,oBAAoB,kBAAkB;GACtC;EACD,WAAW,OAAO,OAAO,kBAAkB,eAAe,OAAO,MAAM,SAAS,cAAc;EAC9F,cAAc,kBAAkB;EAChC,SAAS;GACR,GAAG;GACH,kBAAkB,gBAAgB;GAClC;EACD,oBAAoB,gBAAgB,KAAK,WAAW,OAAO,UAAU;EACrE,CAAC;CACF,IAAI;EACH,MAAM,QAAQ,KAAK,iBAAiB;GACnC;GACA,cAAc;GACd,QAAQ;GACR,CAAC;EACF,MAAM,SAAS,MAAM,KAAK,wBAAwB,KAAK,WAAW;GAAE;GAAO;GAAO;GAAU,CAAC,EAAE,EAC9F,SAAS,8BACT,CAAC;EACF,QAAQ,OAAO,MAAM,GAAG,KAAK,UAAU,QAAQ,MAAM,IAAK,CAAC,IAAI;EAC/D,OAAO;WACE;EACT,MAAM,KAAK,OAAO;;;AAIpB,eAAsB,aACrB,MACA,QAAsC,EAAE,EACtB;CAClB,MAAM,CAAC,SAAS,aAAa,GAAG,YAAY;CAC5C,MAAM,eAAe;EACpB,KAAK,MAAM,OAAO,QAAQ;EAC1B,GAAI,MAAM,mBAAmB,KAAA,IAAY,EAAE,gBAAgB,MAAM,gBAAgB,GAAG,EAAE;EACtF;CACD,IAAI,CAAC,SAAS;EACb,YAAY;EACZ,OAAO;;CAGR,IAAI;EACH,IAAI,YAAY,aAAa;GAC5B,MAAM,CAAC,iBAAiB,GAAG,gBAAgB,KAAK,MAAM,EAAE;GACxD,IAAI,oBAAoB,SAAS;IAChC,MAAM,yBAAyB,aAAa;IAc5C,MAAM,8BAA8B,EAAE,QAAA,MAbjB,kBAAkB;KACtC,MAAM,yBAAyB,aAAa;KAC5C,KAAK,aAAa;KAClB,GAAI,2BAA2B,KAAA,IAC5B,EACA,gBAAgB,WACf,mBAAmB,QAAQ;MAC1B,KAAK,aAAa;MAClB,gBAAgB;MAChB,CAAC,EACH,GACA,EAAE;KACL,CAAC,EAC4C,CAAC;IAC/C,OAAO;;GAER,IAAI,oBAAoB,oBACvB,OAAO,+BAA+B;GAEvC,IAAI,oBAAoB,uBACvB,OAAO,MAAM,kBAAkB,cAAc,aAAa;GAE3D,YAAY;GACZ,OAAO;;EAER,IAAI,YAAY,SAAS;GACxB,YAAY;GACZ,OAAO;;EAER,IAAI,YAAY,oBAAoB;GACnC,YAAY;GACZ,OAAO;;EAER,IAAI,YAAY,QACf,OAAO,MAAM,eAAe,KAAK,MAAM,EAAE,EAAE,aAAa;EAEzD,IAAI,CAAC,aAAa;GACjB,YAAY;GACZ,OAAO;;EAER,MAAM,UAAU,MAAM,gBAAgB,YAAY;EAClD,QAAQ,SAAR;GACC,KAAK,YACJ,OAAO;GACR,KAAK,mBAAmB;IACvB,MAAM,kBAAkB,qBAAqB,SAAS;IACtD,IAAI,CAAC,iBAAiB;KACrB,YAAY;KACZ,OAAO;;IAGR,MAAM,MAAM,iBAAiB,EAAE,WAAW,MAAM,CAAC;IACjD,MAAM,UAAU,KAAK,iBAAiB,eAAe,EAAE,KAAK,UAAU,SAAS,MAAM,IAAK,CAAC;IAC3F,MAAM,UACL,KAAK,iBAAiB,aAAa,EACnC,kCAAkC,QAAQ,CAC1C;IACD,OAAO;;GAER;IACC,YAAY;IACZ,OAAO;;UAED,OAAO;EACf,QAAQ,OAAO,MAAM,GAAG,iBAAiB,QAAQ,MAAM,UAAU,OAAO,MAAM,CAAC,IAAI;EACnF,OAAO;;;AAUT,SAAgB,6BAA6B,UAAuC;CACnF,MAAM,iBAAiB,aAAa,KAAA,IAAY,KAAA,IAAY,SAAS,SAAS;CAC9E,OACC,mBAAmB,gBACnB,mBAAmB,mBACnB,mBAAmB;;AAIrB,IAAI,6BAA6B,QAAQ,KAAK,GAAG,EAChD,QAAQ,WAAW,MAAM,aAAa,QAAQ,KAAK,MAAM,EAAE,CAAC"}
|
package/dist/cli/index.d.ts
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import {
|
|
2
|
-
import { f as PortalHttpAuditEvent, n as PortalApprovalAuditEvent } from "../resolve-agent-identity-
|
|
1
|
+
import { L as PortalToolSelector } from "../portal-session-5ksK1G9Z.js";
|
|
2
|
+
import { f as PortalHttpAuditEvent, n as PortalApprovalAuditEvent } from "../resolve-agent-identity-C9Jc2NhJ.js";
|
|
3
3
|
import { McpPortalAgentConfig, McpPortalConfig, SecretValue } from "@agent-vm/config-contracts";
|
|
4
4
|
import { SecretResolver, createSecretResolver, resolveServiceAccountToken } from "@agent-vm/secret-management";
|
|
5
5
|
import { serve } from "@hono/node-server";
|
|
@@ -69,7 +69,7 @@ interface CreateServeSecretResolverDependencies {
|
|
|
69
69
|
declare function createServeSecretResolver(env: Readonly<Record<string, string | undefined>>, dependencies?: CreateServeSecretResolverDependencies): Promise<SecretResolver>;
|
|
70
70
|
interface ProfilePolicyMaps {
|
|
71
71
|
readonly enabledNamespacesByAgent: Readonly<Record<string, readonly string[]>>;
|
|
72
|
-
readonly
|
|
72
|
+
readonly enabledToolsByNamespaceByAgent: Readonly<Record<string, Readonly<Record<string, readonly string[]>>>>;
|
|
73
73
|
readonly hiddenToolsByAgent: Readonly<Record<string, readonly PortalToolSelector[]>>;
|
|
74
74
|
}
|
|
75
75
|
declare function parsePortalServerCliArgs(argv: readonly string[]): PortalServerCliArgs;
|
package/dist/cli/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","names":[],"sources":["../../src/cli/serve-command.ts"],"mappings":";;;;;;;KAuCK,mBAAA,UAA6B,KAAA;AAAA,KAEtB,oBAAA;EAAA,SAEA,KAAA;EAAA,SACA,KAAA;EAAA,SACA,OAAA;EAAA,SACA,KAAA;AAAA;EAAA,SAGA,OAAA;EAAA,SACA,aAAA;EAAA,SACA,QAAA,EAAU,oBAAA;EAAA,SACV,KAAA;EAAA,SACA,KAAA;EAAA,SACA,MAAA,GAAS,oBAAA;EAAA,SACT,MAAA;AAAA;EAAA,SAGA,OAAA;EAAA,SACA,aAAA;EAAA,SACA,KAAA;EAAA,SACA,KAAA;EAAA,SACA,OAAA;EAAA,SACA,MAAA;AAAA;EAAA,SAGA,OAAA;EAAA,SACA,QAAA,EAAU,wBAAA;EAAA,SACV,KAAA;EAAA,SACA,KAAA;EAAA,SACA,MAAA,GAAS,wBAAA;EAAA,SACT,MAAA;EAAA,SACA,cAAA;AAAA;EAAA,SAGA,OAAA;EAAA,SACA,KAAA;EAAA,SACA,KAAA;EAAA,SACA,OAAA;EAAA,SACA,MAAA;AAAA;EAAA,SAGA,YAAA;EAAA,SACA,KAAA;EAAA,SACA,KAAA;EAAA,SACA,OAAA;EAAA,SACA,SAAA;AAAA;AAAA,UAGK,kBAAA;EAAA,SACP,GAAA,GAAM,KAAA,EAAO,oBAAA;AAAA;AAAA,UAGN,mBAAA;EAAA,SACP,cAAA;EAAA,SACA,SAAA;EAAA,SACA,IAAA;AAAA;AAAA,UAGO,sBAAA;EAAA,SACP,IAAA,EAAM,mBAAA;EAAA,SACN,GAAA,EAAK,QAAA,CAAS,MAAA;EAAA,SACd,MAAA,GAAS,kBAAA;EAAA,SACT,aAAA,IAAiB,MAAA,EAAQ,WAAA,KAAgB,OAAA;EAAA,SACzC,OAAA,GAAU,mBAAA;AAAA;AAAA,UAGH,qCAAA;EAAA,SACP,+BAAA,UAAyC,oBAAA;EAAA,SACzC,0BAAA,UAAoC,0BAAA;AAAA;AAAA,iBAgFxB,yBAAA,CACrB,GAAA,EAAK,QAAA,CAAS,MAAA,+BACd,YAAA,GAAc,qCAAA,GACZ,OAAA,CAAQ,cAAA;AAAA,UAkBM,iBAAA;EAAA,SACP,wBAAA,EAA0B,QAAA,CAAS,MAAA;EAAA,SACnC,
|
|
1
|
+
{"version":3,"file":"index.d.ts","names":[],"sources":["../../src/cli/serve-command.ts"],"mappings":";;;;;;;KAuCK,mBAAA,UAA6B,KAAA;AAAA,KAEtB,oBAAA;EAAA,SAEA,KAAA;EAAA,SACA,KAAA;EAAA,SACA,OAAA;EAAA,SACA,KAAA;AAAA;EAAA,SAGA,OAAA;EAAA,SACA,aAAA;EAAA,SACA,QAAA,EAAU,oBAAA;EAAA,SACV,KAAA;EAAA,SACA,KAAA;EAAA,SACA,MAAA,GAAS,oBAAA;EAAA,SACT,MAAA;AAAA;EAAA,SAGA,OAAA;EAAA,SACA,aAAA;EAAA,SACA,KAAA;EAAA,SACA,KAAA;EAAA,SACA,OAAA;EAAA,SACA,MAAA;AAAA;EAAA,SAGA,OAAA;EAAA,SACA,QAAA,EAAU,wBAAA;EAAA,SACV,KAAA;EAAA,SACA,KAAA;EAAA,SACA,MAAA,GAAS,wBAAA;EAAA,SACT,MAAA;EAAA,SACA,cAAA;AAAA;EAAA,SAGA,OAAA;EAAA,SACA,KAAA;EAAA,SACA,KAAA;EAAA,SACA,OAAA;EAAA,SACA,MAAA;AAAA;EAAA,SAGA,YAAA;EAAA,SACA,KAAA;EAAA,SACA,KAAA;EAAA,SACA,OAAA;EAAA,SACA,SAAA;AAAA;AAAA,UAGK,kBAAA;EAAA,SACP,GAAA,GAAM,KAAA,EAAO,oBAAA;AAAA;AAAA,UAGN,mBAAA;EAAA,SACP,cAAA;EAAA,SACA,SAAA;EAAA,SACA,IAAA;AAAA;AAAA,UAGO,sBAAA;EAAA,SACP,IAAA,EAAM,mBAAA;EAAA,SACN,GAAA,EAAK,QAAA,CAAS,MAAA;EAAA,SACd,MAAA,GAAS,kBAAA;EAAA,SACT,aAAA,IAAiB,MAAA,EAAQ,WAAA,KAAgB,OAAA;EAAA,SACzC,OAAA,GAAU,mBAAA;AAAA;AAAA,UAGH,qCAAA;EAAA,SACP,+BAAA,UAAyC,oBAAA;EAAA,SACzC,0BAAA,UAAoC,0BAAA;AAAA;AAAA,iBAgFxB,yBAAA,CACrB,GAAA,EAAK,QAAA,CAAS,MAAA,+BACd,YAAA,GAAc,qCAAA,GACZ,OAAA,CAAQ,cAAA;AAAA,UAkBM,iBAAA;EAAA,SACP,wBAAA,EAA0B,QAAA,CAAS,MAAA;EAAA,SACnC,8BAAA,EAAgC,QAAA,CACxC,MAAA,SAAe,QAAA,CAAS,MAAA;EAAA,SAEhB,kBAAA,EAAoB,QAAA,CAAS,MAAA,kBAAwB,kBAAA;AAAA;AAAA,iBAc/C,wBAAA,CAAyB,IAAA,sBAA0B,mBAAA;AAAA,iBAuBnD,mBAAA,CACf,MAAA,EAAQ,QAAA,CAAS,MAAA,SAAe,oBAAA,IAChC,SAAA,sBACE,QAAA,CAAS,MAAA,SAAe,oBAAA;AAAA,UAsBV,YAAA;EAAA,SACP,OAAA,EAAS,OAAA;EAAA,SACT,MAAA,GAAS,KAAA,EAAO,KAAA;EAAA,SAChB,OAAA,GAAU,IAAA;AAAA;AAAA,iBAmCJ,uBAAA,CAAwB,KAAA;EAAA,SAC9B,KAAA,EAAO,KAAA;EAAA,SACP,WAAA;EAAA,SACA,aAAA,EAAe,YAAA;EAAA,SACf,MAAA,EAAQ,kBAAA;AAAA;AAAA,iBAiCF,sBAAA,CACf,YAAA,EAAc,eAAA,GACZ,iBAAA;EAAA,SAA+B,UAAA;AAAA;AAAA,iBAkDlB,mCAAA,CAAoC,KAAA;EAAA,SAC1C,QAAA;EAAA,SACA,SAAA,EAAW,MAAA;AAAA,IACjB,WAAA,SAAoB,MAAA;AAAA,iBAoBF,iBAAA,CACrB,KAAA,EAAO,sBAAA,GACL,OAAA;EAAA,SAAmB,KAAA,QAAa,OAAA;EAAA,SAAwB,IAAA;AAAA"}
|
package/dist/cli/index.js
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
import { a as handlePortalServerError, i as deriveApprovalHmacKeysFromMasterKey, n as buildProfilePolicyMaps, o as parsePortalServerCliArgs, r as createServeSecretResolver, s as startPortalServer, t as applyAgentOverrides } from "../serve-command-
|
|
1
|
+
import { a as handlePortalServerError, i as deriveApprovalHmacKeysFromMasterKey, n as buildProfilePolicyMaps, o as parsePortalServerCliArgs, r as createServeSecretResolver, s as startPortalServer, t as applyAgentOverrides } from "../serve-command-Dz6nvnzQ.js";
|
|
2
2
|
export { applyAgentOverrides, buildProfilePolicyMaps, createServeSecretResolver, deriveApprovalHmacKeysFromMasterKey, handlePortalServerError, parsePortalServerCliArgs, startPortalServer };
|
package/dist/core/index.d.ts
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { n as PortalToolRecord, s as JsonObject } from "../catalog-types-BVuB4Ynx.js";
|
|
2
|
-
import {
|
|
3
|
-
import { A as PortalToolSuccess, C as PortalCallUpstreamTool, D as PortalToolResult, E as PortalToolHandlers, M as createPortalToolHandlers, N as portalToolInputSchemas, O as PortalToolResultMap, S as PortalBatchResult, T as PortalToolHandlerCall, _ as createPortalCore, a as PortalCore, b as PortalBatchDiagnostic, c as PortalCoreEvent, d as PortalCoreResult, f as PortalCoreRuntime, g as collectPortalCoreResult, h as PortalCoreToolName, i as PortalAuditEvent, j as PortalUpstreamEvent, k as PortalToolRuntime, l as PortalCoreItemError, m as PortalCoreToolDescriptor, n as PortalAgentScope, o as PortalCoreCollectOptions, p as PortalCoreStreamCall, r as PortalApprovalEvaluator, s as PortalCoreContentBlock, t as CreatePortalCoreProps, u as PortalCoreItemResult, v as listPortalCoreToolDescriptors, w as PortalToolFailure, x as PortalBatchError, y as PortalApprovalCall } from "../portal-core-
|
|
2
|
+
import { L as PortalToolSelector } from "../portal-session-5ksK1G9Z.js";
|
|
3
|
+
import { A as PortalToolSuccess, C as PortalCallUpstreamTool, D as PortalToolResult, E as PortalToolHandlers, M as createPortalToolHandlers, N as portalToolInputSchemas, O as PortalToolResultMap, S as PortalBatchResult, T as PortalToolHandlerCall, _ as createPortalCore, a as PortalCore, b as PortalBatchDiagnostic, c as PortalCoreEvent, d as PortalCoreResult, f as PortalCoreRuntime, g as collectPortalCoreResult, h as PortalCoreToolName, i as PortalAuditEvent, j as PortalUpstreamEvent, k as PortalToolRuntime, l as PortalCoreItemError, m as PortalCoreToolDescriptor, n as PortalAgentScope, o as PortalCoreCollectOptions, p as PortalCoreStreamCall, r as PortalApprovalEvaluator, s as PortalCoreContentBlock, t as CreatePortalCoreProps, u as PortalCoreItemResult, v as listPortalCoreToolDescriptors, w as PortalToolFailure, x as PortalBatchError, y as PortalApprovalCall } from "../portal-core-Ckq-Mrzb.js";
|
|
4
4
|
import { S as createUpstreamMcpClientRuntime, r as redactCredentialText, u as NormalizedUpstreamMcpServer } from "../upstream-response-middleware-1MZnAD9C.js";
|
|
5
5
|
import { McpConfig, SecretValue } from "@agent-vm/config-contracts";
|
|
6
6
|
|
package/dist/core/index.js
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import { n as redactCredentialText } from "../upstream-response-middleware-
|
|
2
|
-
import { t as createUpstreamMcpClientRuntime } from "../upstream-mcp-client-runtime-
|
|
3
|
-
import { i as resolveUpstreamServers, n as createPortalCore, r as listPortalCoreToolDescriptors, t as collectPortalCoreResult } from "../portal-core-
|
|
4
|
-
import { n as portalToolInputSchemas, r as validatePortalToolArguments, t as createPortalToolHandlers } from "../portal-tools-
|
|
1
|
+
import { n as redactCredentialText } from "../upstream-response-middleware-Cd1MxA6A.js";
|
|
2
|
+
import { t as createUpstreamMcpClientRuntime } from "../upstream-mcp-client-runtime-Be_cw6pV.js";
|
|
3
|
+
import { i as resolveUpstreamServers, n as createPortalCore, r as listPortalCoreToolDescriptors, t as collectPortalCoreResult } from "../portal-core-B5cRpZMG.js";
|
|
4
|
+
import { n as portalToolInputSchemas, r as validatePortalToolArguments, t as createPortalToolHandlers } from "../portal-tools-DA7j2pyv.js";
|
|
5
5
|
export { collectPortalCoreResult, createPortalCore, createPortalToolHandlers, createUpstreamMcpClientRuntime, listPortalCoreToolDescriptors, portalToolInputSchemas, redactCredentialText, resolveUpstreamServers, validatePortalToolArguments };
|
package/dist/index.d.ts
CHANGED
|
@@ -1,5 +1,42 @@
|
|
|
1
1
|
import { a as safeToolMetadataSchema, c as JsonPrimitive, d as isJsonObject, f as jsonObjectSchema, i as portalToolRecordSchema, l as JsonValue, n as PortalToolRecord, o as JsonArray, p as jsonValueSchema, r as portalToolAnnotationsSchema, s as JsonObject, t as PortalToolAnnotations, u as assertJsonObject } from "./catalog-types-BVuB4Ynx.js";
|
|
2
|
-
import { A as
|
|
2
|
+
import { A as ToolRef, B as portalAgentScopeKey, C as ToolGraph, D as ToolRelationshipType, E as ToolRelationshipEndpoint, F as PortalAgentScopeSource, I as PortalDefaultPolicy, L as PortalToolSelector, M as encodeToolRef, N as PortalAccessPolicyConfig, O as buildToolGraph, P as PortalAgentIdentity, R as ResolvedPortalAccessPolicy, S as SkillGraphInput, T as ToolRelationship, V as resolvePortalAccessPolicy, _ as ToolSchemaSummary, a as PortalSessionManagerOptions, b as summarizeJsonSchema, c as SearchIndex, d as ToolRelationshipHint, f as ToolSearchResult, g as ToolSchemaHintNext, h as ToolSchemaHint, i as PortalSessionManager, j as decodeToolRef, k as ToolIdentity, l as SearchQuery, m as ToolSafetySummary, n as PortalDiscoveryFailure, o as PortalSessionRuntime, p as createSearchIndex, r as PortalSession, s as createPortalSessionManager, t as PortalCatalogSnapshot, u as SearchResultSet, v as ToolSummary, w as ToolGraphInput, x as ScopedSkillGraphEntry, y as createToolSummary, z as createPortalAgentIdentity } from "./portal-session-5ksK1G9Z.js";
|
|
3
3
|
import { S as createUpstreamMcpClientRuntime, _ as UpstreamMcpProgress, a as redactThrownError, b as UpstreamToolCall, c as toRedactedJsonValue, d as RemoteUpstreamMcpServer, f as StdioUpstreamMcpServer, g as UpstreamMcpCloseErrorContext, h as UpstreamMcpClientRuntime, i as redactExactCredentialText, l as ListToolsCall, m as UpstreamMcpClientLike, n as isCredentialConfigKey, o as redactUpstreamCatalogValue, p as UpstreamListToolsResult, r as redactCredentialText, s as redactUpstreamResponse, t as RedactionOptions, u as NormalizedUpstreamMcpServer, v as UpstreamMcpRuntimeOptions, x as UpstreamToolEvent, y as UpstreamMcpTransportKind } from "./upstream-response-middleware-1MZnAD9C.js";
|
|
4
4
|
import { a as SchemaValidationUnavailableError, i as PortalValidationResult, n as InputValidationError, o as buildZodValidatorFromJsonSchema, r as InputValidationIssue, t as BuiltZodValidator } from "./zod-schema-loader-DLGQpYFD.js";
|
|
5
|
-
|
|
5
|
+
|
|
6
|
+
//#region src/upstream-mcp-errors.d.ts
|
|
7
|
+
type UpstreamMcpFailurePhase = 'call_tool' | 'connect' | 'list_tools';
|
|
8
|
+
type UpstreamMcpTransportSummary = {
|
|
9
|
+
readonly argCount: number;
|
|
10
|
+
readonly command: string;
|
|
11
|
+
readonly cwd?: string;
|
|
12
|
+
readonly kind: 'stdio';
|
|
13
|
+
} | {
|
|
14
|
+
readonly kind: Exclude<UpstreamMcpTransportKind, 'auto-http' | 'stdio'>;
|
|
15
|
+
readonly url: string;
|
|
16
|
+
};
|
|
17
|
+
interface UpstreamMcpFailureDetails {
|
|
18
|
+
readonly attemptTransport?: Exclude<UpstreamMcpTransportKind, 'auto-http'>;
|
|
19
|
+
readonly causeMessage: string;
|
|
20
|
+
readonly elapsedMs: number;
|
|
21
|
+
readonly hint?: string;
|
|
22
|
+
readonly kind: 'upstream_mcp_failed';
|
|
23
|
+
readonly namespace: string;
|
|
24
|
+
readonly operation: string;
|
|
25
|
+
readonly phase: UpstreamMcpFailurePhase;
|
|
26
|
+
readonly timeoutMs?: number;
|
|
27
|
+
readonly toolName?: string;
|
|
28
|
+
readonly transport: UpstreamMcpTransportSummary;
|
|
29
|
+
}
|
|
30
|
+
declare class UpstreamMcpError extends Error {
|
|
31
|
+
readonly details: UpstreamMcpFailureDetails;
|
|
32
|
+
constructor(details: UpstreamMcpFailureDetails);
|
|
33
|
+
}
|
|
34
|
+
declare function messageFromUnknownError(error: unknown): string;
|
|
35
|
+
declare function isUpstreamMcpError(error: unknown): error is UpstreamMcpError;
|
|
36
|
+
declare function transportSummaryFromServer(server: NormalizedUpstreamMcpServer, attemptTransport?: Exclude<UpstreamMcpTransportKind, 'auto-http'>): UpstreamMcpTransportSummary;
|
|
37
|
+
declare function createUpstreamMcpError(details: Omit<UpstreamMcpFailureDetails, 'hint' | 'kind'>): UpstreamMcpError;
|
|
38
|
+
declare function upstreamMcpFailureDetailsFromUnknown(error: unknown): UpstreamMcpFailureDetails | null;
|
|
39
|
+
declare function formatUpstreamMcpFailureMessage(details: UpstreamMcpFailureDetails): string;
|
|
40
|
+
//#endregion
|
|
41
|
+
export { BuiltZodValidator, InputValidationError, InputValidationIssue, JsonArray, JsonObject, JsonPrimitive, JsonValue, ListToolsCall, NormalizedUpstreamMcpServer, PortalAccessPolicyConfig, PortalAgentIdentity, PortalAgentScopeSource, PortalCatalogSnapshot, PortalDefaultPolicy, PortalDiscoveryFailure, PortalSession, PortalSessionManager, PortalSessionManagerOptions, PortalSessionRuntime, PortalToolAnnotations, PortalToolRecord, PortalToolSelector, PortalValidationResult, RedactionOptions, RemoteUpstreamMcpServer, ResolvedPortalAccessPolicy, SchemaValidationUnavailableError, ScopedSkillGraphEntry, SearchIndex, SearchQuery, SearchResultSet, SkillGraphInput, StdioUpstreamMcpServer, ToolGraph, ToolGraphInput, ToolIdentity, ToolRef, ToolRelationship, ToolRelationshipEndpoint, ToolRelationshipHint, ToolRelationshipType, ToolSafetySummary, ToolSchemaHint, ToolSchemaHintNext, ToolSchemaSummary, ToolSearchResult, ToolSummary, UpstreamListToolsResult, UpstreamMcpClientLike, UpstreamMcpClientRuntime, UpstreamMcpCloseErrorContext, UpstreamMcpError, UpstreamMcpFailureDetails, UpstreamMcpFailurePhase, UpstreamMcpProgress, UpstreamMcpRuntimeOptions, UpstreamMcpTransportKind, UpstreamMcpTransportSummary, UpstreamToolCall, UpstreamToolEvent, assertJsonObject, buildToolGraph, buildZodValidatorFromJsonSchema, createPortalAgentIdentity, createPortalSessionManager, createSearchIndex, createToolSummary, createUpstreamMcpClientRuntime, createUpstreamMcpError, decodeToolRef, encodeToolRef, formatUpstreamMcpFailureMessage, isCredentialConfigKey, isJsonObject, isUpstreamMcpError, jsonObjectSchema, jsonValueSchema, messageFromUnknownError, portalAgentScopeKey, portalToolAnnotationsSchema, portalToolRecordSchema, redactCredentialText, redactExactCredentialText, redactThrownError, redactUpstreamCatalogValue, redactUpstreamResponse, resolvePortalAccessPolicy, safeToolMetadataSchema, summarizeJsonSchema, toRedactedJsonValue, transportSummaryFromServer, upstreamMcpFailureDetailsFromUnknown };
|
|
42
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","names":[],"sources":["../src/upstream-mcp-errors.ts"],"mappings":";;;;;;KAKY,uBAAA;AAAA,KAEA,2BAAA;EAAA,SAEA,QAAA;EAAA,SACA,OAAA;EAAA,SACA,GAAA;EAAA,SACA,IAAA;AAAA;EAAA,SAGA,IAAA,EAAM,OAAA,CAAQ,wBAAA;EAAA,SACd,GAAA;AAAA;AAAA,UAGK,yBAAA;EAAA,SACP,gBAAA,GAAmB,OAAA,CAAQ,wBAAA;EAAA,SAC3B,YAAA;EAAA,SACA,SAAA;EAAA,SACA,IAAA;EAAA,SACA,IAAA;EAAA,SACA,SAAA;EAAA,SACA,SAAA;EAAA,SACA,KAAA,EAAO,uBAAA;EAAA,SACP,SAAA;EAAA,SACA,QAAA;EAAA,SACA,SAAA,EAAW,2BAAA;AAAA;AAAA,cAGR,gBAAA,SAAyB,KAAA;EAAA,SAC5B,OAAA,EAAS,yBAAA;cAEN,OAAA,EAAS,yBAAA;AAAA;AAAA,iBAON,uBAAA,CAAwB,KAAA;AAAA,iBAUxB,kBAAA,CAAmB,KAAA,YAAiB,KAAA,IAAS,gBAAA;AAAA,iBAI7C,0BAAA,CACf,MAAA,EAAQ,2BAAA,EACR,gBAAA,GAAmB,OAAA,CAAQ,wBAAA,iBACzB,2BAAA;AAAA,iBAkCa,sBAAA,CACf,OAAA,EAAS,IAAA,CAAK,yBAAA,qBACZ,gBAAA;AAAA,iBASa,oCAAA,CACf,KAAA,YACE,yBAAA;AAAA,iBAIa,+BAAA,CAAgC,OAAA,EAAS,yBAAA"}
|
package/dist/index.js
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
1
|
import { a as portalToolRecordSchema, c as isJsonObject, i as portalToolAnnotationsSchema, l as jsonObjectSchema, n as decodeToolRef, o as safeToolMetadataSchema, r as encodeToolRef, s as assertJsonObject, t as buildZodValidatorFromJsonSchema, u as jsonValueSchema } from "./zod-schema-loader-yNekKNpm.js";
|
|
2
|
-
import { a as redactUpstreamCatalogValue, c as
|
|
3
|
-
import { i as createSearchIndex, n as createPortalSessionManager, r as buildToolGraph, t as createUpstreamMcpClientRuntime } from "./upstream-mcp-client-runtime-
|
|
4
|
-
export { assertJsonObject, buildToolGraph, buildZodValidatorFromJsonSchema, createPortalAgentIdentity, createPortalSessionManager, createSearchIndex, createToolSummary, createUpstreamMcpClientRuntime, decodeToolRef, encodeToolRef, isCredentialConfigKey, isJsonObject, jsonObjectSchema, jsonValueSchema, portalAgentScopeKey, portalToolAnnotationsSchema, portalToolRecordSchema, redactCredentialText, redactExactCredentialText, redactThrownError, redactUpstreamCatalogValue, redactUpstreamResponse, resolvePortalAccessPolicy, safeToolMetadataSchema, summarizeJsonSchema, toRedactedJsonValue };
|
|
2
|
+
import { _ as createPortalAgentIdentity, a as redactUpstreamCatalogValue, c as UpstreamMcpError, d as isUpstreamMcpError, f as messageFromUnknownError, g as summarizeJsonSchema, h as createToolSummary, i as redactThrownError, l as createUpstreamMcpError, m as upstreamMcpFailureDetailsFromUnknown, n as redactCredentialText, o as redactUpstreamResponse, p as transportSummaryFromServer, r as redactExactCredentialText, s as toRedactedJsonValue, t as isCredentialConfigKey, u as formatUpstreamMcpFailureMessage, v as portalAgentScopeKey, y as resolvePortalAccessPolicy } from "./upstream-response-middleware-Cd1MxA6A.js";
|
|
3
|
+
import { i as createSearchIndex, n as createPortalSessionManager, r as buildToolGraph, t as createUpstreamMcpClientRuntime } from "./upstream-mcp-client-runtime-Be_cw6pV.js";
|
|
4
|
+
export { UpstreamMcpError, assertJsonObject, buildToolGraph, buildZodValidatorFromJsonSchema, createPortalAgentIdentity, createPortalSessionManager, createSearchIndex, createToolSummary, createUpstreamMcpClientRuntime, createUpstreamMcpError, decodeToolRef, encodeToolRef, formatUpstreamMcpFailureMessage, isCredentialConfigKey, isJsonObject, isUpstreamMcpError, jsonObjectSchema, jsonValueSchema, messageFromUnknownError, portalAgentScopeKey, portalToolAnnotationsSchema, portalToolRecordSchema, redactCredentialText, redactExactCredentialText, redactThrownError, redactUpstreamCatalogValue, redactUpstreamResponse, resolvePortalAccessPolicy, safeToolMetadataSchema, summarizeJsonSchema, toRedactedJsonValue, transportSummaryFromServer, upstreamMcpFailureDetailsFromUnknown };
|
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import { a as PortalCore, c as PortalCoreEvent, m as PortalCoreToolDescriptor, n as PortalAgentScope } from "../portal-core-
|
|
2
|
-
import { a as createPortalApprovalVerifier, c as PortalAgentBearerAuth, d as PortalHttpAppOptions, f as PortalHttpAuditEvent, i as createPortalAgentRuntimeRecords, l as PortalHttpAgentIdentity, n as PortalApprovalAuditEvent, o as createPortalHttpAgentResolver, p as createPortalHttpApp, r as ResolveAgentHmacKeysProps, s as resolveAgentHmacKeys, t as PortalAgentRuntimeRecord, u as PortalHttpApp } from "../resolve-agent-identity-
|
|
1
|
+
import { a as PortalCore, c as PortalCoreEvent, m as PortalCoreToolDescriptor, n as PortalAgentScope } from "../portal-core-Ckq-Mrzb.js";
|
|
2
|
+
import { a as createPortalApprovalVerifier, c as PortalAgentBearerAuth, d as PortalHttpAppOptions, f as PortalHttpAuditEvent, i as createPortalAgentRuntimeRecords, l as PortalHttpAgentIdentity, n as PortalApprovalAuditEvent, o as createPortalHttpAgentResolver, p as createPortalHttpApp, r as ResolveAgentHmacKeysProps, s as resolveAgentHmacKeys, t as PortalAgentRuntimeRecord, u as PortalHttpApp } from "../resolve-agent-identity-C9Jc2NhJ.js";
|
|
3
3
|
import { Tool } from "@modelcontextprotocol/sdk/types.js";
|
|
4
4
|
import { Server } from "@modelcontextprotocol/sdk/server/index.js";
|
|
5
5
|
|
package/dist/mcp-proxy/index.js
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
import { a as createPortalHttpApp, c as listPortalMcpTools, i as resolveAgentHmacKeys, l as portalMcpToolNames, n as createPortalApprovalVerifier, o as createPortalMcpServer, r as createPortalHttpAgentResolver, s as emitMcpProgress, t as createPortalAgentRuntimeRecords } from "../resolve-agent-identity-
|
|
1
|
+
import { a as createPortalHttpApp, c as listPortalMcpTools, i as resolveAgentHmacKeys, l as portalMcpToolNames, n as createPortalApprovalVerifier, o as createPortalMcpServer, r as createPortalHttpAgentResolver, s as emitMcpProgress, t as createPortalAgentRuntimeRecords } from "../resolve-agent-identity-ZMMY2Wqm.js";
|
|
2
2
|
export { createPortalAgentRuntimeRecords, createPortalApprovalVerifier, createPortalHttpAgentResolver, createPortalHttpApp, createPortalMcpServer, emitMcpProgress, listPortalMcpTools, portalMcpToolNames, resolveAgentHmacKeys };
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import { l as jsonObjectSchema } from "./zod-schema-loader-yNekKNpm.js";
|
|
2
|
-
import {
|
|
3
|
-
import { n as createPortalSessionManager } from "./upstream-mcp-client-runtime-
|
|
4
|
-
import { n as portalToolInputSchemas, t as createPortalToolHandlers } from "./portal-tools-
|
|
2
|
+
import { _ as createPortalAgentIdentity, y as resolvePortalAccessPolicy } from "./upstream-response-middleware-Cd1MxA6A.js";
|
|
3
|
+
import { n as createPortalSessionManager } from "./upstream-mcp-client-runtime-Be_cw6pV.js";
|
|
4
|
+
import { n as portalToolInputSchemas, t as createPortalToolHandlers } from "./portal-tools-DA7j2pyv.js";
|
|
5
5
|
import { z } from "zod";
|
|
6
6
|
import { mcpConfigToResolvedProviders } from "@agent-vm/config-contracts";
|
|
7
7
|
//#region src/core/provider-runtime.ts
|
|
@@ -43,11 +43,7 @@ const portalCallInputSchema = z.object({
|
|
|
43
43
|
portalApprovalToken: z.string().min(1).optional()
|
|
44
44
|
}).strict();
|
|
45
45
|
function diagnosticsToAuditEvents(diagnostics) {
|
|
46
|
-
return diagnostics.map((diagnostic) => ({
|
|
47
|
-
kind: diagnostic.kind,
|
|
48
|
-
message: diagnostic.message,
|
|
49
|
-
...diagnostic.namespace !== void 0 ? { namespace: diagnostic.namespace } : {}
|
|
50
|
-
}));
|
|
46
|
+
return diagnostics.map((diagnostic) => ({ ...diagnostic }));
|
|
51
47
|
}
|
|
52
48
|
function isUnknownRecord(value) {
|
|
53
49
|
return typeof value === "object" && value !== null && !Array.isArray(value);
|
|
@@ -104,11 +100,13 @@ function itemErrorFromPortalResult(result) {
|
|
|
104
100
|
const kind = errorRecord.kind;
|
|
105
101
|
const namespace = errorRecord.namespace;
|
|
106
102
|
const toolName = errorRecord.toolName;
|
|
103
|
+
const upstream = errorRecord.upstream;
|
|
107
104
|
return {
|
|
108
105
|
code: typeof kind === "string" ? kind : "portal_item_failed",
|
|
109
106
|
message: messageFromUnknown(result.error),
|
|
110
107
|
...typeof namespace === "string" ? { namespace } : {},
|
|
111
|
-
...typeof toolName === "string" ? { toolName } : {}
|
|
108
|
+
...typeof toolName === "string" ? { toolName } : {},
|
|
109
|
+
...upstream === void 0 ? {} : { upstream }
|
|
112
110
|
};
|
|
113
111
|
}
|
|
114
112
|
function itemResultFromPortalToolResult(requestId, result) {
|
|
@@ -146,28 +144,39 @@ function batchItemsToCoreResult(props) {
|
|
|
146
144
|
};
|
|
147
145
|
}
|
|
148
146
|
function namespaceDescription(namespaces) {
|
|
149
|
-
return namespaces.length === 0 ? "No upstream MCP namespaces are authorized for this agent scope." : `
|
|
147
|
+
return namespaces.length === 0 ? "No upstream MCP namespaces are authorized for this agent scope." : `Allowed namespaces for this agent: ${namespaces.join(", ")}.`;
|
|
148
|
+
}
|
|
149
|
+
function cloneJsonObject(value) {
|
|
150
|
+
return structuredClone(value);
|
|
151
|
+
}
|
|
152
|
+
function withListNamespaceSchemaDescription(inputSchema, namespaces) {
|
|
153
|
+
const clonedSchema = cloneJsonObject(inputSchema);
|
|
154
|
+
const requests = isUnknownRecord(clonedSchema.properties) ? clonedSchema.properties.requests : void 0;
|
|
155
|
+
const requestItems = isUnknownRecord(requests) ? requests.items : void 0;
|
|
156
|
+
const requestProperties = isUnknownRecord(requestItems) ? requestItems.properties : void 0;
|
|
157
|
+
const namespaceProperty = isUnknownRecord(requestProperties) ? requestProperties.namespaces : void 0;
|
|
158
|
+
if (isUnknownRecord(namespaceProperty)) namespaceProperty.description = namespaces.length === 0 ? "Optional namespace filter. No upstream MCP namespaces are authorized for this agent. Omit to list all currently discovered authorized namespaces." : `Optional namespace filter. Allowed namespaces for this agent: ${namespaces.join(", ")}. Omit to list all currently discovered authorized namespaces.`;
|
|
159
|
+
return clonedSchema;
|
|
150
160
|
}
|
|
151
161
|
function listPortalCoreToolDescriptors(namespaces = []) {
|
|
152
|
-
const scopeDescription = namespaceDescription(namespaces);
|
|
153
162
|
return [
|
|
154
163
|
{
|
|
155
|
-
description: `List authorized MCP namespaces and compact tool summaries. ${
|
|
156
|
-
inputSchema: portalToolInputSchemas.mcp_portal_list,
|
|
164
|
+
description: `List authorized MCP namespaces and compact tool summaries. ${namespaceDescription(namespaces)}`,
|
|
165
|
+
inputSchema: withListNamespaceSchemaDescription(portalToolInputSchemas.mcp_portal_list, namespaces),
|
|
157
166
|
name: "mcp_portal_list"
|
|
158
167
|
},
|
|
159
168
|
{
|
|
160
|
-
description:
|
|
169
|
+
description: "Search the caller scoped MCP Portal index.",
|
|
161
170
|
inputSchema: portalToolInputSchemas.mcp_portal_search,
|
|
162
171
|
name: "mcp_portal_search"
|
|
163
172
|
},
|
|
164
173
|
{
|
|
165
|
-
description:
|
|
174
|
+
description: "Describe exact MCP tool schemas and optional TypeScript/Zod helpers.",
|
|
166
175
|
inputSchema: portalToolInputSchemas.mcp_portal_describe,
|
|
167
176
|
name: "mcp_portal_describe"
|
|
168
177
|
},
|
|
169
178
|
{
|
|
170
|
-
description:
|
|
179
|
+
description: "Validate and call an authorized upstream MCP tool by namespace and toolName.",
|
|
171
180
|
inputSchema: portalToolInputSchemas.mcp_portal_call,
|
|
172
181
|
name: "mcp_portal_call"
|
|
173
182
|
}
|
|
@@ -413,4 +422,4 @@ function createPortalCore(props) {
|
|
|
413
422
|
//#endregion
|
|
414
423
|
export { resolveUpstreamServers as i, createPortalCore as n, listPortalCoreToolDescriptors as r, collectPortalCoreResult as t };
|
|
415
424
|
|
|
416
|
-
//# sourceMappingURL=portal-core-
|
|
425
|
+
//# sourceMappingURL=portal-core-B5cRpZMG.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"portal-core-B5cRpZMG.js","names":[],"sources":["../src/core/provider-runtime.ts","../src/core/portal-core.ts"],"sourcesContent":["import {\n\tmcpConfigToResolvedProviders,\n\ttype McpConfig,\n\ttype ResolvedMcpProvider,\n\ttype SecretValue,\n} from '@agent-vm/config-contracts';\n\nimport type { NormalizedUpstreamMcpServer } from '../upstream-mcp-client-runtime.js';\n\nexport interface ResolveUpstreamServersProps {\n\treadonly config: McpConfig;\n\treadonly resolveSecret: (secret: SecretValue) => Promise<string>;\n}\n\nasync function resolveProviderSecretRecord(\n\tsecrets: Readonly<Record<string, SecretValue>>,\n\tresolveSecret: (secret: SecretValue) => Promise<string>,\n): Promise<Readonly<Record<string, string>>> {\n\tconst resolvedEntries = await Promise.all(\n\t\tObject.entries(secrets).map(\n\t\t\tasync ([name, secret]) => [name, await resolveSecret(secret)] as const,\n\t\t),\n\t);\n\treturn Object.fromEntries(resolvedEntries);\n}\n\nasync function resolveUpstreamServer(\n\tprovider: ResolvedMcpProvider,\n\tresolveSecret: (secret: SecretValue) => Promise<string>,\n): Promise<NormalizedUpstreamMcpServer> {\n\tif (provider.transport === 'stdio') {\n\t\treturn {\n\t\t\targs: provider.args,\n\t\t\tcommand: provider.command,\n\t\t\t...(provider.cwd === undefined ? {} : { cwd: provider.cwd }),\n\t\t\tenv: await resolveProviderSecretRecord(provider.env, resolveSecret),\n\t\t\tnamespace: provider.namespace,\n\t\t\ttransport: 'stdio',\n\t\t};\n\t}\n\n\treturn {\n\t\theaders: await resolveProviderSecretRecord(provider.headers, resolveSecret),\n\t\tnamespace: provider.namespace,\n\t\ttransport: provider.transport,\n\t\turl: provider.url,\n\t};\n}\n\nexport async function resolveUpstreamServers(\n\tprops: ResolveUpstreamServersProps,\n): Promise<readonly NormalizedUpstreamMcpServer[]> {\n\treturn await Promise.all(\n\t\tmcpConfigToResolvedProviders(props.config).map(async (provider) =>\n\t\t\tresolveUpstreamServer(provider, props.resolveSecret),\n\t\t),\n\t);\n}\n","import type { Tool } from '@modelcontextprotocol/sdk/types.js';\nimport { z } from 'zod';\n\nimport { jsonObjectSchema } from '../json-schema.js';\nimport {\n\tcreatePortalAgentIdentity,\n\tresolvePortalAccessPolicy,\n\ttype PortalAccessPolicyConfig,\n\ttype PortalAgentIdentity,\n\ttype PortalAgentScopeSource,\n} from '../portal-access-policy.js';\nimport {\n\tcreatePortalSessionManager,\n\ttype PortalSessionManager,\n\ttype PortalSessionRuntime,\n} from '../portal-session.js';\nimport type { SkillGraphInput } from '../tool-graph.js';\nimport {\n\tcreatePortalToolHandlers,\n\tportalToolInputSchemas,\n\ttype PortalApprovalCall,\n\ttype PortalBatchDiagnostic,\n\ttype PortalBatchResult,\n\ttype PortalToolResult,\n\ttype PortalToolRuntime,\n} from './portal-tools.js';\n\nexport type PortalAgentScope = PortalAgentIdentity;\n\nexport type PortalCoreToolName =\n\t| 'mcp_portal_list'\n\t| 'mcp_portal_search'\n\t| 'mcp_portal_describe'\n\t| 'mcp_portal_call';\n\nexport interface PortalAuditEvent {\n\treadonly causeMessage?: string;\n\treadonly elapsedMs?: number;\n\treadonly hint?: string;\n\treadonly kind: string;\n\treadonly message: string;\n\treadonly namespace?: string;\n\treadonly operation?: string;\n\treadonly phase?: string;\n\treadonly timeoutMs?: number;\n\treadonly toolName?: string;\n\treadonly transport?: unknown;\n}\n\nexport interface PortalCoreResult {\n\treadonly auditEvents?: readonly PortalAuditEvent[];\n\treadonly content: readonly PortalCoreContentBlock[];\n\treadonly items: readonly PortalCoreItemResult[];\n\treadonly structuredContent?: unknown;\n}\n\nexport type PortalCoreItemResult =\n\t| {\n\t\t\treadonly content: readonly PortalCoreContentBlock[];\n\t\t\treadonly requestId: string;\n\t\t\treadonly status: 'success';\n\t\t\treadonly structuredContent?: unknown;\n\t }\n\t| {\n\t\t\treadonly error: PortalCoreItemError;\n\t\t\treadonly requestId: string;\n\t\t\treadonly status: 'failed';\n\t };\n\nexport interface PortalCoreItemError {\n\treadonly code: string;\n\treadonly message: string;\n\treadonly namespace?: string;\n\treadonly toolName?: string;\n\treadonly upstream?: unknown;\n}\n\nexport type PortalCoreContentBlock =\n\t| { readonly text: string; readonly type: 'text' }\n\t| { readonly type: 'json'; readonly value: unknown };\n\nexport type PortalCoreEvent =\n\t| {\n\t\t\treadonly kind: 'started';\n\t\t\treadonly toolName: PortalCoreToolName;\n\t }\n\t| {\n\t\t\treadonly kind: 'item_started';\n\t\t\treadonly namespace?: string;\n\t\t\treadonly requestId: string;\n\t\t\treadonly toolName?: string;\n\t }\n\t| {\n\t\t\treadonly kind: 'progress';\n\t\t\treadonly message?: string;\n\t\t\treadonly progress?: number;\n\t\t\treadonly requestId?: string;\n\t\t\treadonly total?: number;\n\t }\n\t| {\n\t\t\treadonly kind: 'upstream_notification';\n\t\t\treadonly method: string;\n\t\t\treadonly params: unknown;\n\t\t\treadonly requestId?: string;\n\t }\n\t| {\n\t\t\treadonly content: PortalCoreContentBlock;\n\t\t\treadonly kind: 'partial_content';\n\t\t\treadonly requestId?: string;\n\t }\n\t| {\n\t\t\treadonly kind: 'item_completed';\n\t\t\treadonly requestId: string;\n\t\t\treadonly result: Extract<PortalCoreItemResult, { readonly status: 'success' }>;\n\t }\n\t| {\n\t\t\treadonly error: PortalCoreItemError;\n\t\t\treadonly kind: 'item_failed';\n\t\t\treadonly requestId: string;\n\t }\n\t| {\n\t\t\treadonly kind: 'completed';\n\t\t\treadonly result: PortalCoreResult;\n\t }\n\t| {\n\t\t\treadonly error: unknown;\n\t\t\treadonly kind: 'failed';\n\t };\n\nexport interface PortalCoreStreamCall {\n\treadonly input: unknown;\n\treadonly scope: PortalAgentScope;\n\treadonly signal?: AbortSignal;\n\treadonly toolName: PortalCoreToolName;\n}\n\nconst maxQueuedPortalCoreEvents = 1_024;\nconst maxPortalCoreEventBytes = 256 * 1_024;\n\nexport interface PortalCoreCollectOptions {\n\treadonly onEvent?: (event: PortalCoreEvent) => Promise<void> | void;\n}\n\nexport interface PortalCoreRuntime extends PortalSessionRuntime {\n\treadonly callUpstreamTool: PortalToolRuntime['callUpstreamTool'];\n}\n\nexport type PortalApprovalEvaluator = NonNullable<PortalToolRuntime['approval']>;\n\ninterface CreatePortalCoreBaseProps {\n\treadonly accessPolicy: PortalAccessPolicyConfig;\n\treadonly catalogTtlMs: number;\n\treadonly runtime: PortalCoreRuntime;\n\treadonly skills?: readonly SkillGraphInput[];\n\treadonly upstreamNamespaces: readonly string[];\n}\n\nexport type CreatePortalCoreProps =\n\t| (CreatePortalCoreBaseProps & {\n\t\t\treadonly approval: PortalApprovalEvaluator;\n\t\t\treadonly approvalTrustBoundary?: never;\n\t })\n\t| (CreatePortalCoreBaseProps & {\n\t\t\treadonly approval?: never;\n\t\t\treadonly approvalTrustBoundary: 'openclaw-before-tool-call-hook';\n\t });\n\nexport interface PortalCore {\n\treadonly approval: {\n\t\treadonly evaluateCalls: (\n\t\t\tcalls: readonly PortalApprovalCall[],\n\t\t\tscope: PortalAgentScope,\n\t\t\tapprovalToken: string | undefined,\n\t\t) => ReturnType<PortalApprovalEvaluator>;\n\t};\n\treadonly callStream: (call: PortalCoreStreamCall) => AsyncIterable<PortalCoreEvent>;\n\treadonly close: () => Promise<void>;\n\treadonly collectPortalCoreResult: typeof collectPortalCoreResult;\n\treadonly createAgentScope: (input: {\n\t\treadonly agentId: string;\n\t\treadonly agentScopeId: string;\n\t\treadonly authSubject?: string;\n\t\treadonly sessionId?: string;\n\t\treadonly sessionKey?: string;\n\t\treadonly source: PortalAgentScopeSource;\n\t}) => PortalAgentScope;\n\treadonly describeTools: (scope: PortalAgentScope) => readonly PortalCoreToolDescriptor[];\n\treadonly invalidateAgentScope: (agentScopeId: string) => Promise<void>;\n\treadonly invalidateSession: (scope: PortalAgentScope) => Promise<void>;\n\treadonly upstreamNamespaces: readonly string[];\n}\n\nexport interface PortalCoreToolDescriptor {\n\treadonly description: string;\n\treadonly inputSchema: Tool['inputSchema'];\n\treadonly name: PortalCoreToolName;\n}\n\nconst portalCallRequestSchema = z\n\t.object({\n\t\targuments: jsonObjectSchema,\n\t\tid: z.string().min(1),\n\t\tnamespace: z.string().min(1),\n\t\ttoolName: z.string().min(1),\n\t})\n\t.strict();\nconst portalCallInputSchema = z\n\t.object({\n\t\tcalls: z.array(portalCallRequestSchema).min(1),\n\t\tportalApprovalToken: z.string().min(1).optional(),\n\t})\n\t.strict();\n\nfunction diagnosticsToAuditEvents(\n\tdiagnostics: readonly PortalBatchDiagnostic[],\n): readonly PortalAuditEvent[] {\n\treturn diagnostics.map((diagnostic) => ({ ...diagnostic }));\n}\n\nfunction isUnknownRecord(value: unknown): value is Record<string, unknown> {\n\treturn typeof value === 'object' && value !== null && !Array.isArray(value);\n}\n\nfunction errorRecordFromUnknown(error: unknown): Record<string, unknown> {\n\treturn isUnknownRecord(error) ? error : {};\n}\n\nfunction messageFromUnknown(error: unknown): string {\n\tif (error instanceof Error) {\n\t\treturn error.message;\n\t}\n\tconst record = errorRecordFromUnknown(error);\n\tconst message = record.message;\n\treturn typeof message === 'string' ? message : String(error);\n}\n\nfunction errorFromAbortSignal(signal: AbortSignal): Error {\n\tconst reason: unknown = signal.reason;\n\treturn reason instanceof Error ? reason : new Error('MCP Portal core stream aborted.');\n}\n\nfunction throwIfAborted(signal: AbortSignal | undefined): void {\n\tif (signal?.aborted) {\n\t\tthrow errorFromAbortSignal(signal);\n\t}\n}\n\nfunction assertPortalCoreEventSize(event: PortalCoreEvent): void {\n\tconst serialized = JSON.stringify(event);\n\tif (serialized === undefined) {\n\t\treturn;\n\t}\n\tconst byteLength = Buffer.byteLength(serialized, 'utf8');\n\tif (byteLength > maxPortalCoreEventBytes) {\n\t\tthrow new Error(\n\t\t\t`MCP Portal core event exceeded ${String(maxPortalCoreEventBytes)} bytes (${String(byteLength)} bytes).`,\n\t\t);\n\t}\n}\n\nfunction waitForQueuedCoreEvent(props: {\n\treadonly setNotifyQueuedEvent: (notify: (() => void) | undefined) => void;\n\treadonly signal?: AbortSignal;\n}): Promise<void> {\n\tif (props.signal === undefined) {\n\t\treturn new Promise<void>((resolve) => {\n\t\t\tprops.setNotifyQueuedEvent(resolve);\n\t\t});\n\t}\n\tconst signal = props.signal;\n\treturn new Promise<void>((resolve, reject) => {\n\t\tlet settled = false;\n\t\tconst settle = (complete: () => void): void => {\n\t\t\tif (settled) {\n\t\t\t\treturn;\n\t\t\t}\n\t\t\tsettled = true;\n\t\t\tsignal.removeEventListener('abort', onAbort);\n\t\t\tprops.setNotifyQueuedEvent(undefined);\n\t\t\tcomplete();\n\t\t};\n\t\tconst onNotify = (): void => {\n\t\t\tsettle(resolve);\n\t\t};\n\t\tconst onAbort = (): void => {\n\t\t\tsettle(() => reject(errorFromAbortSignal(signal)));\n\t\t};\n\t\tprops.setNotifyQueuedEvent(onNotify);\n\t\tsignal.addEventListener('abort', onAbort, { once: true });\n\t\tif (signal.aborted) {\n\t\t\tonAbort();\n\t\t}\n\t});\n}\n\nfunction itemErrorFromPortalResult(result: PortalToolResult): PortalCoreItemError {\n\tif (result.ok) {\n\t\tthrow new Error('Cannot convert successful portal result into an item error.');\n\t}\n\tconst errorRecord = errorRecordFromUnknown(result.error);\n\tconst kind = errorRecord.kind;\n\tconst namespace = errorRecord.namespace;\n\tconst toolName = errorRecord.toolName;\n\tconst upstream = errorRecord.upstream;\n\n\treturn {\n\t\tcode: typeof kind === 'string' ? kind : 'portal_item_failed',\n\t\tmessage: messageFromUnknown(result.error),\n\t\t...(typeof namespace === 'string' ? { namespace } : {}),\n\t\t...(typeof toolName === 'string' ? { toolName } : {}),\n\t\t...(upstream === undefined ? {} : { upstream }),\n\t};\n}\n\nfunction itemResultFromPortalToolResult(\n\trequestId: string,\n\tresult: PortalToolResult,\n): PortalCoreItemResult {\n\tif (!result.ok) {\n\t\treturn {\n\t\t\terror: itemErrorFromPortalResult(result),\n\t\t\trequestId,\n\t\t\tstatus: 'failed',\n\t\t};\n\t}\n\n\treturn {\n\t\tcontent: [{ type: 'json', value: result.output }],\n\t\trequestId,\n\t\tstatus: 'success',\n\t\tstructuredContent: result.output,\n\t};\n}\n\nfunction scalarBatchResultToCoreResult(batchResult: PortalBatchResult): PortalCoreResult {\n\treturn {\n\t\tauditEvents: diagnosticsToAuditEvents(batchResult.diagnostics),\n\t\tcontent: [{ type: 'json', value: batchResult }],\n\t\titems: [],\n\t\tstructuredContent: batchResult,\n\t};\n}\n\nfunction batchItemsToCoreResult(props: {\n\treadonly diagnostics: readonly PortalBatchDiagnostic[];\n\treadonly items: readonly PortalCoreItemResult[];\n}): PortalCoreResult {\n\treturn {\n\t\tauditEvents: diagnosticsToAuditEvents(props.diagnostics),\n\t\tcontent: [],\n\t\titems: props.items,\n\t};\n}\n\nfunction namespaceDescription(namespaces: readonly string[]): string {\n\treturn namespaces.length === 0\n\t\t? 'No upstream MCP namespaces are authorized for this agent scope.'\n\t\t: `Allowed namespaces for this agent: ${namespaces.join(', ')}.`;\n}\n\nfunction cloneJsonObject<TValue>(value: TValue): TValue {\n\treturn structuredClone(value);\n}\n\nfunction withListNamespaceSchemaDescription(\n\tinputSchema: Tool['inputSchema'],\n\tnamespaces: readonly string[],\n): Tool['inputSchema'] {\n\tconst clonedSchema = cloneJsonObject(inputSchema);\n\tconst requests = isUnknownRecord(clonedSchema.properties)\n\t\t? clonedSchema.properties.requests\n\t\t: undefined;\n\tconst requestItems = isUnknownRecord(requests) ? requests.items : undefined;\n\tconst requestProperties = isUnknownRecord(requestItems) ? requestItems.properties : undefined;\n\tconst namespaceProperty = isUnknownRecord(requestProperties)\n\t\t? requestProperties.namespaces\n\t\t: undefined;\n\tif (isUnknownRecord(namespaceProperty)) {\n\t\tnamespaceProperty.description =\n\t\t\tnamespaces.length === 0\n\t\t\t\t? 'Optional namespace filter. No upstream MCP namespaces are authorized for this agent. Omit to list all currently discovered authorized namespaces.'\n\t\t\t\t: `Optional namespace filter. Allowed namespaces for this agent: ${namespaces.join(', ')}. Omit to list all currently discovered authorized namespaces.`;\n\t}\n\treturn clonedSchema;\n}\n\nexport function listPortalCoreToolDescriptors(\n\tnamespaces: readonly string[] = [],\n): readonly PortalCoreToolDescriptor[] {\n\tconst scopeDescription = namespaceDescription(namespaces);\n\treturn [\n\t\t{\n\t\t\tdescription: `List authorized MCP namespaces and compact tool summaries. ${scopeDescription}`,\n\t\t\tinputSchema: withListNamespaceSchemaDescription(\n\t\t\t\tportalToolInputSchemas.mcp_portal_list,\n\t\t\t\tnamespaces,\n\t\t\t),\n\t\t\tname: 'mcp_portal_list',\n\t\t},\n\t\t{\n\t\t\tdescription: 'Search the caller scoped MCP Portal index.',\n\t\t\tinputSchema: portalToolInputSchemas.mcp_portal_search,\n\t\t\tname: 'mcp_portal_search',\n\t\t},\n\t\t{\n\t\t\tdescription: 'Describe exact MCP tool schemas and optional TypeScript/Zod helpers.',\n\t\t\tinputSchema: portalToolInputSchemas.mcp_portal_describe,\n\t\t\tname: 'mcp_portal_describe',\n\t\t},\n\t\t{\n\t\t\tdescription: 'Validate and call an authorized upstream MCP tool by namespace and toolName.',\n\t\t\tinputSchema: portalToolInputSchemas.mcp_portal_call,\n\t\t\tname: 'mcp_portal_call',\n\t\t},\n\t];\n}\n\nexport async function collectPortalCoreResult(\n\tevents: AsyncIterable<PortalCoreEvent>,\n\toptions: PortalCoreCollectOptions = {},\n): Promise<PortalCoreResult> {\n\tlet result: PortalCoreResult | undefined;\n\tfor await (const event of events) {\n\t\tawait options.onEvent?.(event);\n\t\tif (event.kind === 'completed') {\n\t\t\tresult = event.result;\n\t\t}\n\t\tif (event.kind === 'failed') {\n\t\t\tthrow event.error;\n\t\t}\n\t}\n\tif (result === undefined) {\n\t\tthrow new Error('MCP Portal core stream ended without a completed event.');\n\t}\n\treturn result;\n}\n\nasync function* scalarToolStream(props: {\n\treadonly input: unknown;\n\treadonly scope: PortalAgentScope;\n\treadonly signal?: AbortSignal;\n\treadonly sessionManager: PortalSessionManager;\n\treadonly toolName: Exclude<PortalCoreToolName, 'mcp_portal_call'>;\n\treadonly toolRuntime: PortalToolRuntime;\n}): AsyncIterable<PortalCoreEvent> {\n\tconst handlers = createPortalToolHandlers(props.toolRuntime);\n\tconst handler =\n\t\tprops.toolName === 'mcp_portal_list'\n\t\t\t? handlers.list\n\t\t\t: props.toolName === 'mcp_portal_search'\n\t\t\t\t? handlers.search\n\t\t\t\t: handlers.describe;\n\tthrowIfAborted(props.signal);\n\tconst batchResult = await handler({ identity: props.scope, input: props.input });\n\tthrowIfAborted(props.signal);\n\tyield { kind: 'completed', result: scalarBatchResultToCoreResult(batchResult) };\n}\n\nasync function* callToolStream(props: {\n\treadonly input: unknown;\n\treadonly scope: PortalAgentScope;\n\treadonly signal?: AbortSignal;\n\treadonly toolRuntime: PortalToolRuntime;\n}): AsyncIterable<PortalCoreEvent> {\n\tconst parsedInput = portalCallInputSchema.safeParse(props.input);\n\tconst queuedEvents: PortalCoreEvent[] = [];\n\tlet notifyQueuedEvent: (() => void) | undefined;\n\tlet executionDone = false;\n\tconst pushEvent = (event: PortalCoreEvent): void => {\n\t\tassertPortalCoreEventSize(event);\n\t\tif (queuedEvents.length >= maxQueuedPortalCoreEvents) {\n\t\t\tthrow new Error(`MCP Portal core event queue exceeded ${maxQueuedPortalCoreEvents} events.`);\n\t\t}\n\t\tqueuedEvents.push(event);\n\t\tnotifyQueuedEvent?.();\n\t\tnotifyQueuedEvent = undefined;\n\t};\n\tconst streamingToolRuntime: PortalToolRuntime = {\n\t\t...props.toolRuntime,\n\t\tcallUpstreamTool: async (call) => {\n\t\t\tthrowIfAborted(props.signal);\n\t\t\tpushEvent({\n\t\t\t\tkind: 'item_started',\n\t\t\t\tnamespace: call.namespace,\n\t\t\t\trequestId: call.requestId,\n\t\t\t\ttoolName: call.toolName,\n\t\t\t});\n\t\t\tpushEvent({\n\t\t\t\tkind: 'progress',\n\t\t\t\tmessage: `Calling upstream MCP tool ${call.namespace}.${call.toolName}.`,\n\t\t\t\trequestId: call.requestId,\n\t\t\t});\n\t\t\treturn await props.toolRuntime.callUpstreamTool({\n\t\t\t\t...call,\n\t\t\t\t...(props.signal !== undefined ? { signal: props.signal } : {}),\n\t\t\t\tonEvent: (event) => {\n\t\t\t\t\tif (event.kind === 'progress') {\n\t\t\t\t\t\tpushEvent({\n\t\t\t\t\t\t\tkind: 'progress',\n\t\t\t\t\t\t\t...(event.message !== undefined ? { message: event.message } : {}),\n\t\t\t\t\t\t\t...(event.progress !== undefined ? { progress: event.progress } : {}),\n\t\t\t\t\t\t\trequestId: call.requestId,\n\t\t\t\t\t\t\t...(event.total !== undefined ? { total: event.total } : {}),\n\t\t\t\t\t\t});\n\t\t\t\t\t\treturn;\n\t\t\t\t\t}\n\t\t\t\t\tif (event.kind === 'partial_content') {\n\t\t\t\t\t\tpushEvent({\n\t\t\t\t\t\t\tcontent: event.content,\n\t\t\t\t\t\t\tkind: 'partial_content',\n\t\t\t\t\t\t\trequestId: call.requestId,\n\t\t\t\t\t\t});\n\t\t\t\t\t\treturn;\n\t\t\t\t\t}\n\t\t\t\t\tpushEvent({\n\t\t\t\t\t\tkind: 'upstream_notification',\n\t\t\t\t\t\tmethod: event.method,\n\t\t\t\t\t\tparams: event.params,\n\t\t\t\t\t\trequestId: call.requestId,\n\t\t\t\t\t});\n\t\t\t\t},\n\t\t\t});\n\t\t},\n\t};\n\tconst handlers = createPortalToolHandlers(streamingToolRuntime);\n\tif (!parsedInput.success) {\n\t\tconst batchResult = await handlers.call({ identity: props.scope, input: props.input });\n\t\tyield { kind: 'completed', result: scalarBatchResultToCoreResult(batchResult) };\n\t\treturn;\n\t}\n\n\tconst itemResults: PortalCoreItemResult[] = [];\n\tconst batchResultPromise = handlers\n\t\t.call({\n\t\t\tidentity: props.scope,\n\t\t\tinput: props.input,\n\t\t})\n\t\t.finally(() => {\n\t\t\texecutionDone = true;\n\t\t\tnotifyQueuedEvent?.();\n\t\t\tnotifyQueuedEvent = undefined;\n\t\t});\n\tconst hasPendingExecutionEvents = (): boolean => !executionDone || queuedEvents.length > 0;\n\twhile (hasPendingExecutionEvents()) {\n\t\tconst event = queuedEvents.shift();\n\t\tif (event !== undefined) {\n\t\t\tyield event;\n\t\t\tcontinue;\n\t\t}\n\t\tthrowIfAborted(props.signal);\n\t\t// Streaming consumes events as they arrive; there is no parallel work to collect here.\n\t\t// eslint-disable-next-line no-await-in-loop\n\t\tawait waitForQueuedCoreEvent({\n\t\t\tsetNotifyQueuedEvent: (notify) => {\n\t\t\t\tnotifyQueuedEvent = notify;\n\t\t\t},\n\t\t\t...(props.signal !== undefined ? { signal: props.signal } : {}),\n\t\t});\n\t}\n\tconst batchResult = await batchResultPromise;\n\tthrowIfAborted(props.signal);\n\tif (batchResult.errors.length > 0) {\n\t\tyield { kind: 'completed', result: scalarBatchResultToCoreResult(batchResult) };\n\t\treturn;\n\t}\n\tfor (const request of parsedInput.data.calls) {\n\t\tconst portalResult = batchResult.results[request.id];\n\t\tconst itemResult =\n\t\t\tportalResult === undefined\n\t\t\t\t? ({\n\t\t\t\t\t\terror: {\n\t\t\t\t\t\t\tcode: 'portal_item_missing',\n\t\t\t\t\t\t\tmessage: `MCP Portal did not return a result for request \"${request.id}\".`,\n\t\t\t\t\t\t\tnamespace: request.namespace,\n\t\t\t\t\t\t\ttoolName: request.toolName,\n\t\t\t\t\t\t},\n\t\t\t\t\t\trequestId: request.id,\n\t\t\t\t\t\tstatus: 'failed',\n\t\t\t\t\t} satisfies PortalCoreItemResult)\n\t\t\t\t: itemResultFromPortalToolResult(request.id, portalResult);\n\t\titemResults.push(itemResult);\n\t\tif (itemResult.status === 'success') {\n\t\t\tyield { kind: 'item_completed', requestId: request.id, result: itemResult };\n\t\t} else {\n\t\t\tyield { error: itemResult.error, kind: 'item_failed', requestId: request.id };\n\t\t}\n\t}\n\n\tyield {\n\t\tkind: 'completed',\n\t\tresult: batchItemsToCoreResult({ diagnostics: batchResult.diagnostics, items: itemResults }),\n\t};\n}\n\nexport function createPortalCore(props: CreatePortalCoreProps): PortalCore {\n\tconst sessionManager = createPortalSessionManager({\n\t\taccessPolicy: props.accessPolicy,\n\t\tcatalogTtlMs: props.catalogTtlMs,\n\t\truntime: props.runtime,\n\t\t...(props.skills !== undefined ? { skills: props.skills } : {}),\n\t\tupstreamNamespaces: props.upstreamNamespaces,\n\t});\n\tconst createdAgentScopeIds = new Set<string>();\n\tconst approval: PortalApprovalEvaluator =\n\t\tprops.approval ??\n\t\t(() => {\n\t\t\tif (props.approvalTrustBoundary === 'openclaw-before-tool-call-hook') {\n\t\t\t\treturn { kind: 'allow' };\n\t\t\t}\n\t\t\tthrow new Error('MCP Portal approval evaluation is not configured.');\n\t\t});\n\tconst toolRuntime: PortalToolRuntime = {\n\t\tapproval,\n\t\tcallUpstreamTool: props.runtime.callUpstreamTool,\n\t\tgetSession: sessionManager.getSession,\n\t};\n\n\tasync function* callStream(call: PortalCoreStreamCall): AsyncIterable<PortalCoreEvent> {\n\t\ttry {\n\t\t\tthrowIfAborted(call.signal);\n\t\t\tyield { kind: 'started', toolName: call.toolName };\n\t\t\tthrowIfAborted(call.signal);\n\t\t\tif (call.toolName === 'mcp_portal_call') {\n\t\t\t\tyield* callToolStream({\n\t\t\t\t\tinput: call.input,\n\t\t\t\t\tscope: call.scope,\n\t\t\t\t\t...(call.signal !== undefined ? { signal: call.signal } : {}),\n\t\t\t\t\ttoolRuntime,\n\t\t\t\t});\n\t\t\t\treturn;\n\t\t\t}\n\t\t\tyield* scalarToolStream({\n\t\t\t\tinput: call.input,\n\t\t\t\tscope: call.scope,\n\t\t\t\t...(call.signal !== undefined ? { signal: call.signal } : {}),\n\t\t\t\tsessionManager,\n\t\t\t\ttoolName: call.toolName,\n\t\t\t\ttoolRuntime,\n\t\t\t});\n\t\t} catch (error) {\n\t\t\tyield { error, kind: 'failed' };\n\t\t}\n\t}\n\n\treturn {\n\t\tapproval: {\n\t\t\tevaluateCalls: (calls, scope, approvalToken) => approval(calls, scope, approvalToken),\n\t\t},\n\t\tcallStream,\n\t\tclose: async () => {\n\t\t\tawait Promise.all(\n\t\t\t\t[...createdAgentScopeIds].map((agentScopeId) =>\n\t\t\t\t\tsessionManager.invalidateAgentScope(agentScopeId),\n\t\t\t\t),\n\t\t\t);\n\t\t},\n\t\tcollectPortalCoreResult,\n\t\tcreateAgentScope: (input) => {\n\t\t\tconst scope = createPortalAgentIdentity(input);\n\t\t\tcreatedAgentScopeIds.add(scope.agentScopeId);\n\t\t\treturn scope;\n\t\t},\n\t\tdescribeTools: (scope) => {\n\t\t\tconst policy = resolvePortalAccessPolicy({\n\t\t\t\tconfig: props.accessPolicy,\n\t\t\t\tidentity: scope,\n\t\t\t\tupstreamNamespaces: props.upstreamNamespaces,\n\t\t\t});\n\t\t\treturn listPortalCoreToolDescriptors(policy.allowedNamespaces);\n\t\t},\n\t\tinvalidateAgentScope: async (agentScopeId) => {\n\t\t\tcreatedAgentScopeIds.delete(agentScopeId);\n\t\t\tawait sessionManager.invalidateAgentScope(agentScopeId);\n\t\t},\n\t\tinvalidateSession: async (scope) => {\n\t\t\tawait sessionManager.invalidateSession(scope);\n\t\t},\n\t\tupstreamNamespaces: props.upstreamNamespaces,\n\t};\n}\n"],"mappings":";;;;;;;AAcA,eAAe,4BACd,SACA,eAC4C;CAC5C,MAAM,kBAAkB,MAAM,QAAQ,IACrC,OAAO,QAAQ,QAAQ,CAAC,IACvB,OAAO,CAAC,MAAM,YAAY,CAAC,MAAM,MAAM,cAAc,OAAO,CAAC,CAC7D,CACD;CACD,OAAO,OAAO,YAAY,gBAAgB;;AAG3C,eAAe,sBACd,UACA,eACuC;CACvC,IAAI,SAAS,cAAc,SAC1B,OAAO;EACN,MAAM,SAAS;EACf,SAAS,SAAS;EAClB,GAAI,SAAS,QAAQ,KAAA,IAAY,EAAE,GAAG,EAAE,KAAK,SAAS,KAAK;EAC3D,KAAK,MAAM,4BAA4B,SAAS,KAAK,cAAc;EACnE,WAAW,SAAS;EACpB,WAAW;EACX;CAGF,OAAO;EACN,SAAS,MAAM,4BAA4B,SAAS,SAAS,cAAc;EAC3E,WAAW,SAAS;EACpB,WAAW,SAAS;EACpB,KAAK,SAAS;EACd;;AAGF,eAAsB,uBACrB,OACkD;CAClD,OAAO,MAAM,QAAQ,IACpB,6BAA6B,MAAM,OAAO,CAAC,IAAI,OAAO,aACrD,sBAAsB,UAAU,MAAM,cAAc,CACpD,CACD;;;;ACgFF,MAAM,4BAA4B;AAClC,MAAM,0BAA0B,MAAM;AA6DtC,MAAM,0BAA0B,EAC9B,OAAO;CACP,WAAW;CACX,IAAI,EAAE,QAAQ,CAAC,IAAI,EAAE;CACrB,WAAW,EAAE,QAAQ,CAAC,IAAI,EAAE;CAC5B,UAAU,EAAE,QAAQ,CAAC,IAAI,EAAE;CAC3B,CAAC,CACD,QAAQ;AACV,MAAM,wBAAwB,EAC5B,OAAO;CACP,OAAO,EAAE,MAAM,wBAAwB,CAAC,IAAI,EAAE;CAC9C,qBAAqB,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,UAAU;CACjD,CAAC,CACD,QAAQ;AAEV,SAAS,yBACR,aAC8B;CAC9B,OAAO,YAAY,KAAK,gBAAgB,EAAE,GAAG,YAAY,EAAE;;AAG5D,SAAS,gBAAgB,OAAkD;CAC1E,OAAO,OAAO,UAAU,YAAY,UAAU,QAAQ,CAAC,MAAM,QAAQ,MAAM;;AAG5E,SAAS,uBAAuB,OAAyC;CACxE,OAAO,gBAAgB,MAAM,GAAG,QAAQ,EAAE;;AAG3C,SAAS,mBAAmB,OAAwB;CACnD,IAAI,iBAAiB,OACpB,OAAO,MAAM;CAGd,MAAM,UADS,uBAAuB,MAChB,CAAC;CACvB,OAAO,OAAO,YAAY,WAAW,UAAU,OAAO,MAAM;;AAG7D,SAAS,qBAAqB,QAA4B;CACzD,MAAM,SAAkB,OAAO;CAC/B,OAAO,kBAAkB,QAAQ,yBAAS,IAAI,MAAM,kCAAkC;;AAGvF,SAAS,eAAe,QAAuC;CAC9D,IAAI,QAAQ,SACX,MAAM,qBAAqB,OAAO;;AAIpC,SAAS,0BAA0B,OAA8B;CAChE,MAAM,aAAa,KAAK,UAAU,MAAM;CACxC,IAAI,eAAe,KAAA,GAClB;CAED,MAAM,aAAa,OAAO,WAAW,YAAY,OAAO;CACxD,IAAI,aAAa,yBAChB,MAAM,IAAI,MACT,kCAAkC,OAAO,wBAAwB,CAAC,UAAU,OAAO,WAAW,CAAC,UAC/F;;AAIH,SAAS,uBAAuB,OAGd;CACjB,IAAI,MAAM,WAAW,KAAA,GACpB,OAAO,IAAI,SAAe,YAAY;EACrC,MAAM,qBAAqB,QAAQ;GAClC;CAEH,MAAM,SAAS,MAAM;CACrB,OAAO,IAAI,SAAe,SAAS,WAAW;EAC7C,IAAI,UAAU;EACd,MAAM,UAAU,aAA+B;GAC9C,IAAI,SACH;GAED,UAAU;GACV,OAAO,oBAAoB,SAAS,QAAQ;GAC5C,MAAM,qBAAqB,KAAA,EAAU;GACrC,UAAU;;EAEX,MAAM,iBAAuB;GAC5B,OAAO,QAAQ;;EAEhB,MAAM,gBAAsB;GAC3B,aAAa,OAAO,qBAAqB,OAAO,CAAC,CAAC;;EAEnD,MAAM,qBAAqB,SAAS;EACpC,OAAO,iBAAiB,SAAS,SAAS,EAAE,MAAM,MAAM,CAAC;EACzD,IAAI,OAAO,SACV,SAAS;GAET;;AAGH,SAAS,0BAA0B,QAA+C;CACjF,IAAI,OAAO,IACV,MAAM,IAAI,MAAM,8DAA8D;CAE/E,MAAM,cAAc,uBAAuB,OAAO,MAAM;CACxD,MAAM,OAAO,YAAY;CACzB,MAAM,YAAY,YAAY;CAC9B,MAAM,WAAW,YAAY;CAC7B,MAAM,WAAW,YAAY;CAE7B,OAAO;EACN,MAAM,OAAO,SAAS,WAAW,OAAO;EACxC,SAAS,mBAAmB,OAAO,MAAM;EACzC,GAAI,OAAO,cAAc,WAAW,EAAE,WAAW,GAAG,EAAE;EACtD,GAAI,OAAO,aAAa,WAAW,EAAE,UAAU,GAAG,EAAE;EACpD,GAAI,aAAa,KAAA,IAAY,EAAE,GAAG,EAAE,UAAU;EAC9C;;AAGF,SAAS,+BACR,WACA,QACuB;CACvB,IAAI,CAAC,OAAO,IACX,OAAO;EACN,OAAO,0BAA0B,OAAO;EACxC;EACA,QAAQ;EACR;CAGF,OAAO;EACN,SAAS,CAAC;GAAE,MAAM;GAAQ,OAAO,OAAO;GAAQ,CAAC;EACjD;EACA,QAAQ;EACR,mBAAmB,OAAO;EAC1B;;AAGF,SAAS,8BAA8B,aAAkD;CACxF,OAAO;EACN,aAAa,yBAAyB,YAAY,YAAY;EAC9D,SAAS,CAAC;GAAE,MAAM;GAAQ,OAAO;GAAa,CAAC;EAC/C,OAAO,EAAE;EACT,mBAAmB;EACnB;;AAGF,SAAS,uBAAuB,OAGX;CACpB,OAAO;EACN,aAAa,yBAAyB,MAAM,YAAY;EACxD,SAAS,EAAE;EACX,OAAO,MAAM;EACb;;AAGF,SAAS,qBAAqB,YAAuC;CACpE,OAAO,WAAW,WAAW,IAC1B,oEACA,sCAAsC,WAAW,KAAK,KAAK,CAAC;;AAGhE,SAAS,gBAAwB,OAAuB;CACvD,OAAO,gBAAgB,MAAM;;AAG9B,SAAS,mCACR,aACA,YACsB;CACtB,MAAM,eAAe,gBAAgB,YAAY;CACjD,MAAM,WAAW,gBAAgB,aAAa,WAAW,GACtD,aAAa,WAAW,WACxB,KAAA;CACH,MAAM,eAAe,gBAAgB,SAAS,GAAG,SAAS,QAAQ,KAAA;CAClE,MAAM,oBAAoB,gBAAgB,aAAa,GAAG,aAAa,aAAa,KAAA;CACpF,MAAM,oBAAoB,gBAAgB,kBAAkB,GACzD,kBAAkB,aAClB,KAAA;CACH,IAAI,gBAAgB,kBAAkB,EACrC,kBAAkB,cACjB,WAAW,WAAW,IACnB,sJACA,iEAAiE,WAAW,KAAK,KAAK,CAAC;CAE5F,OAAO;;AAGR,SAAgB,8BACf,aAAgC,EAAE,EACI;CAEtC,OAAO;EACN;GACC,aAAa,8DAHU,qBAAqB,WAG+C;GAC3F,aAAa,mCACZ,uBAAuB,iBACvB,WACA;GACD,MAAM;GACN;EACD;GACC,aAAa;GACb,aAAa,uBAAuB;GACpC,MAAM;GACN;EACD;GACC,aAAa;GACb,aAAa,uBAAuB;GACpC,MAAM;GACN;EACD;GACC,aAAa;GACb,aAAa,uBAAuB;GACpC,MAAM;GACN;EACD;;AAGF,eAAsB,wBACrB,QACA,UAAoC,EAAE,EACV;CAC5B,IAAI;CACJ,WAAW,MAAM,SAAS,QAAQ;EACjC,MAAM,QAAQ,UAAU,MAAM;EAC9B,IAAI,MAAM,SAAS,aAClB,SAAS,MAAM;EAEhB,IAAI,MAAM,SAAS,UAClB,MAAM,MAAM;;CAGd,IAAI,WAAW,KAAA,GACd,MAAM,IAAI,MAAM,0DAA0D;CAE3E,OAAO;;AAGR,gBAAgB,iBAAiB,OAOE;CAClC,MAAM,WAAW,yBAAyB,MAAM,YAAY;CAC5D,MAAM,UACL,MAAM,aAAa,oBAChB,SAAS,OACT,MAAM,aAAa,sBAClB,SAAS,SACT,SAAS;CACd,eAAe,MAAM,OAAO;CAC5B,MAAM,cAAc,MAAM,QAAQ;EAAE,UAAU,MAAM;EAAO,OAAO,MAAM;EAAO,CAAC;CAChF,eAAe,MAAM,OAAO;CAC5B,MAAM;EAAE,MAAM;EAAa,QAAQ,8BAA8B,YAAY;EAAE;;AAGhF,gBAAgB,eAAe,OAKI;CAClC,MAAM,cAAc,sBAAsB,UAAU,MAAM,MAAM;CAChE,MAAM,eAAkC,EAAE;CAC1C,IAAI;CACJ,IAAI,gBAAgB;CACpB,MAAM,aAAa,UAAiC;EACnD,0BAA0B,MAAM;EAChC,IAAI,aAAa,UAAU,2BAC1B,MAAM,IAAI,MAAM,wCAAwC,0BAA0B,UAAU;EAE7F,aAAa,KAAK,MAAM;EACxB,qBAAqB;EACrB,oBAAoB,KAAA;;CAiDrB,MAAM,WAAW,yBAAyB;EA9CzC,GAAG,MAAM;EACT,kBAAkB,OAAO,SAAS;GACjC,eAAe,MAAM,OAAO;GAC5B,UAAU;IACT,MAAM;IACN,WAAW,KAAK;IAChB,WAAW,KAAK;IAChB,UAAU,KAAK;IACf,CAAC;GACF,UAAU;IACT,MAAM;IACN,SAAS,6BAA6B,KAAK,UAAU,GAAG,KAAK,SAAS;IACtE,WAAW,KAAK;IAChB,CAAC;GACF,OAAO,MAAM,MAAM,YAAY,iBAAiB;IAC/C,GAAG;IACH,GAAI,MAAM,WAAW,KAAA,IAAY,EAAE,QAAQ,MAAM,QAAQ,GAAG,EAAE;IAC9D,UAAU,UAAU;KACnB,IAAI,MAAM,SAAS,YAAY;MAC9B,UAAU;OACT,MAAM;OACN,GAAI,MAAM,YAAY,KAAA,IAAY,EAAE,SAAS,MAAM,SAAS,GAAG,EAAE;OACjE,GAAI,MAAM,aAAa,KAAA,IAAY,EAAE,UAAU,MAAM,UAAU,GAAG,EAAE;OACpE,WAAW,KAAK;OAChB,GAAI,MAAM,UAAU,KAAA,IAAY,EAAE,OAAO,MAAM,OAAO,GAAG,EAAE;OAC3D,CAAC;MACF;;KAED,IAAI,MAAM,SAAS,mBAAmB;MACrC,UAAU;OACT,SAAS,MAAM;OACf,MAAM;OACN,WAAW,KAAK;OAChB,CAAC;MACF;;KAED,UAAU;MACT,MAAM;MACN,QAAQ,MAAM;MACd,QAAQ,MAAM;MACd,WAAW,KAAK;MAChB,CAAC;;IAEH,CAAC;;EAG0D,CAAC;CAC/D,IAAI,CAAC,YAAY,SAAS;EAEzB,MAAM;GAAE,MAAM;GAAa,QAAQ,8BAA8B,MADvC,SAAS,KAAK;IAAE,UAAU,MAAM;IAAO,OAAO,MAAM;IAAO,CAAC,CACT;GAAE;EAC/E;;CAGD,MAAM,cAAsC,EAAE;CAC9C,MAAM,qBAAqB,SACzB,KAAK;EACL,UAAU,MAAM;EAChB,OAAO,MAAM;EACb,CAAC,CACD,cAAc;EACd,gBAAgB;EAChB,qBAAqB;EACrB,oBAAoB,KAAA;GACnB;CACH,MAAM,kCAA2C,CAAC,iBAAiB,aAAa,SAAS;CACzF,OAAO,2BAA2B,EAAE;EACnC,MAAM,QAAQ,aAAa,OAAO;EAClC,IAAI,UAAU,KAAA,GAAW;GACxB,MAAM;GACN;;EAED,eAAe,MAAM,OAAO;EAG5B,MAAM,uBAAuB;GAC5B,uBAAuB,WAAW;IACjC,oBAAoB;;GAErB,GAAI,MAAM,WAAW,KAAA,IAAY,EAAE,QAAQ,MAAM,QAAQ,GAAG,EAAE;GAC9D,CAAC;;CAEH,MAAM,cAAc,MAAM;CAC1B,eAAe,MAAM,OAAO;CAC5B,IAAI,YAAY,OAAO,SAAS,GAAG;EAClC,MAAM;GAAE,MAAM;GAAa,QAAQ,8BAA8B,YAAY;GAAE;EAC/E;;CAED,KAAK,MAAM,WAAW,YAAY,KAAK,OAAO;EAC7C,MAAM,eAAe,YAAY,QAAQ,QAAQ;EACjD,MAAM,aACL,iBAAiB,KAAA,IACb;GACD,OAAO;IACN,MAAM;IACN,SAAS,mDAAmD,QAAQ,GAAG;IACvE,WAAW,QAAQ;IACnB,UAAU,QAAQ;IAClB;GACD,WAAW,QAAQ;GACnB,QAAQ;GACR,GACA,+BAA+B,QAAQ,IAAI,aAAa;EAC5D,YAAY,KAAK,WAAW;EAC5B,IAAI,WAAW,WAAW,WACzB,MAAM;GAAE,MAAM;GAAkB,WAAW,QAAQ;GAAI,QAAQ;GAAY;OAE3E,MAAM;GAAE,OAAO,WAAW;GAAO,MAAM;GAAe,WAAW,QAAQ;GAAI;;CAI/E,MAAM;EACL,MAAM;EACN,QAAQ,uBAAuB;GAAE,aAAa,YAAY;GAAa,OAAO;GAAa,CAAC;EAC5F;;AAGF,SAAgB,iBAAiB,OAA0C;CAC1E,MAAM,iBAAiB,2BAA2B;EACjD,cAAc,MAAM;EACpB,cAAc,MAAM;EACpB,SAAS,MAAM;EACf,GAAI,MAAM,WAAW,KAAA,IAAY,EAAE,QAAQ,MAAM,QAAQ,GAAG,EAAE;EAC9D,oBAAoB,MAAM;EAC1B,CAAC;CACF,MAAM,uCAAuB,IAAI,KAAa;CAC9C,MAAM,WACL,MAAM,mBACC;EACN,IAAI,MAAM,0BAA0B,kCACnC,OAAO,EAAE,MAAM,SAAS;EAEzB,MAAM,IAAI,MAAM,oDAAoD;;CAEtE,MAAM,cAAiC;EACtC;EACA,kBAAkB,MAAM,QAAQ;EAChC,YAAY,eAAe;EAC3B;CAED,gBAAgB,WAAW,MAA4D;EACtF,IAAI;GACH,eAAe,KAAK,OAAO;GAC3B,MAAM;IAAE,MAAM;IAAW,UAAU,KAAK;IAAU;GAClD,eAAe,KAAK,OAAO;GAC3B,IAAI,KAAK,aAAa,mBAAmB;IACxC,OAAO,eAAe;KACrB,OAAO,KAAK;KACZ,OAAO,KAAK;KACZ,GAAI,KAAK,WAAW,KAAA,IAAY,EAAE,QAAQ,KAAK,QAAQ,GAAG,EAAE;KAC5D;KACA,CAAC;IACF;;GAED,OAAO,iBAAiB;IACvB,OAAO,KAAK;IACZ,OAAO,KAAK;IACZ,GAAI,KAAK,WAAW,KAAA,IAAY,EAAE,QAAQ,KAAK,QAAQ,GAAG,EAAE;IAC5D;IACA,UAAU,KAAK;IACf;IACA,CAAC;WACM,OAAO;GACf,MAAM;IAAE;IAAO,MAAM;IAAU;;;CAIjC,OAAO;EACN,UAAU,EACT,gBAAgB,OAAO,OAAO,kBAAkB,SAAS,OAAO,OAAO,cAAc,EACrF;EACD;EACA,OAAO,YAAY;GAClB,MAAM,QAAQ,IACb,CAAC,GAAG,qBAAqB,CAAC,KAAK,iBAC9B,eAAe,qBAAqB,aAAa,CACjD,CACD;;EAEF;EACA,mBAAmB,UAAU;GAC5B,MAAM,QAAQ,0BAA0B,MAAM;GAC9C,qBAAqB,IAAI,MAAM,aAAa;GAC5C,OAAO;;EAER,gBAAgB,UAAU;GAMzB,OAAO,8BALQ,0BAA0B;IACxC,QAAQ,MAAM;IACd,UAAU;IACV,oBAAoB,MAAM;IAC1B,CAC0C,CAAC,kBAAkB;;EAE/D,sBAAsB,OAAO,iBAAiB;GAC7C,qBAAqB,OAAO,aAAa;GACzC,MAAM,eAAe,qBAAqB,aAAa;;EAExD,mBAAmB,OAAO,UAAU;GACnC,MAAM,eAAe,kBAAkB,MAAM;;EAE9C,oBAAoB,MAAM;EAC1B"}
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { n as PortalToolRecord, s as JsonObject } from "./catalog-types-BVuB4Ynx.js";
|
|
2
|
-
import {
|
|
2
|
+
import { F as PortalAgentScopeSource, N as PortalAccessPolicyConfig, P as PortalAgentIdentity, S as SkillGraphInput, o as PortalSessionRuntime, r as PortalSession } from "./portal-session-5ksK1G9Z.js";
|
|
3
3
|
import { Tool } from "@modelcontextprotocol/sdk/types.js";
|
|
4
4
|
|
|
5
5
|
//#region src/core/portal-tools.d.ts
|
|
@@ -21,9 +21,17 @@ interface PortalBatchError {
|
|
|
21
21
|
readonly message: string;
|
|
22
22
|
}
|
|
23
23
|
interface PortalBatchDiagnostic {
|
|
24
|
+
readonly causeMessage?: string;
|
|
25
|
+
readonly elapsedMs?: number;
|
|
26
|
+
readonly hint?: string;
|
|
24
27
|
readonly kind: string;
|
|
25
28
|
readonly message: string;
|
|
26
29
|
readonly namespace?: string;
|
|
30
|
+
readonly operation?: string;
|
|
31
|
+
readonly phase?: string;
|
|
32
|
+
readonly timeoutMs?: number;
|
|
33
|
+
readonly toolName?: string;
|
|
34
|
+
readonly transport?: unknown;
|
|
27
35
|
}
|
|
28
36
|
interface PortalBatchResult {
|
|
29
37
|
readonly diagnostics: readonly PortalBatchDiagnostic[];
|
|
@@ -131,9 +139,17 @@ declare function createPortalToolHandlers(runtime: PortalToolRuntime): PortalToo
|
|
|
131
139
|
type PortalAgentScope = PortalAgentIdentity;
|
|
132
140
|
type PortalCoreToolName = 'mcp_portal_list' | 'mcp_portal_search' | 'mcp_portal_describe' | 'mcp_portal_call';
|
|
133
141
|
interface PortalAuditEvent {
|
|
142
|
+
readonly causeMessage?: string;
|
|
143
|
+
readonly elapsedMs?: number;
|
|
144
|
+
readonly hint?: string;
|
|
134
145
|
readonly kind: string;
|
|
135
146
|
readonly message: string;
|
|
136
147
|
readonly namespace?: string;
|
|
148
|
+
readonly operation?: string;
|
|
149
|
+
readonly phase?: string;
|
|
150
|
+
readonly timeoutMs?: number;
|
|
151
|
+
readonly toolName?: string;
|
|
152
|
+
readonly transport?: unknown;
|
|
137
153
|
}
|
|
138
154
|
interface PortalCoreResult {
|
|
139
155
|
readonly auditEvents?: readonly PortalAuditEvent[];
|
|
@@ -156,6 +172,7 @@ interface PortalCoreItemError {
|
|
|
156
172
|
readonly message: string;
|
|
157
173
|
readonly namespace?: string;
|
|
158
174
|
readonly toolName?: string;
|
|
175
|
+
readonly upstream?: unknown;
|
|
159
176
|
}
|
|
160
177
|
type PortalCoreContentBlock = {
|
|
161
178
|
readonly text: string;
|
|
@@ -261,4 +278,4 @@ declare function collectPortalCoreResult(events: AsyncIterable<PortalCoreEvent>,
|
|
|
261
278
|
declare function createPortalCore(props: CreatePortalCoreProps): PortalCore;
|
|
262
279
|
//#endregion
|
|
263
280
|
export { PortalToolSuccess as A, PortalCallUpstreamTool as C, PortalToolResult as D, PortalToolHandlers as E, createPortalToolHandlers as M, portalToolInputSchemas as N, PortalToolResultMap as O, PortalBatchResult as S, PortalToolHandlerCall as T, createPortalCore as _, PortalCore as a, PortalBatchDiagnostic as b, PortalCoreEvent as c, PortalCoreResult as d, PortalCoreRuntime as f, collectPortalCoreResult as g, PortalCoreToolName as h, PortalAuditEvent as i, PortalUpstreamEvent as j, PortalToolRuntime as k, PortalCoreItemError as l, PortalCoreToolDescriptor as m, PortalAgentScope as n, PortalCoreCollectOptions as o, PortalCoreStreamCall as p, PortalApprovalEvaluator as r, PortalCoreContentBlock as s, CreatePortalCoreProps as t, PortalCoreItemResult as u, listPortalCoreToolDescriptors as v, PortalToolFailure as w, PortalBatchError as x, PortalApprovalCall as y };
|
|
264
|
-
//# sourceMappingURL=portal-core-
|
|
281
|
+
//# sourceMappingURL=portal-core-Ckq-Mrzb.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"portal-core-Ckq-Mrzb.d.ts","names":[],"sources":["../src/core/portal-tools.ts","../src/core/portal-core.ts"],"mappings":";;;;;UAkBiB,iBAAA;EAAA,SACP,KAAA,EAAO,QAAA,CAAS,MAAA;EAAA,SAChB,EAAA;EAAA,SACA,MAAA,EAAQ,QAAA,CAAS,MAAA;AAAA;AAAA,UAGV,iBAAA;EAAA,SACP,KAAA;EAAA,SACA,KAAA,EAAO,QAAA,CAAS,MAAA;EAAA,SAChB,EAAA;AAAA;AAAA,KAGE,gBAAA,GAAmB,iBAAA,GAAoB,iBAAA;AAAA,KACvC,mBAAA,GAAsB,QAAA,CAAS,MAAA,SAAe,gBAAA;AAAA,UAEzC,gBAAA;EAAA,SACP,EAAA;EAAA,SACA,IAAA;EAAA,SACA,OAAA;AAAA;AAAA,UAGO,qBAAA;EAAA,SACP,YAAA;EAAA,SACA,SAAA;EAAA,SACA,IAAA;EAAA,SACA,IAAA;EAAA,SACA,OAAA;EAAA,SACA,SAAA;EAAA,SACA,SAAA;EAAA,SACA,KAAA;EAAA,SACA,SAAA;EAAA,SACA,QAAA;EAAA,SACA,SAAA;AAAA;AAAA,UAGO,iBAAA;EAAA,SACP,WAAA,WAAsB,qBAAA;EAAA,SACtB,MAAA,WAAiB,gBAAA;EAAA,SACjB,EAAA;EAAA,SACA,OAAA,EAAS,mBAAA;AAAA;AAAA,UAGF,kBAAA;EAAA,SACP,SAAA,EAAW,UAAA;EAAA,SACX,EAAA;EAAA,SACA,SAAA;EAAA,SACA,IAAA,EAAM,gBAAA;EAAA,SACN,QAAA;AAAA;AAAA,cAyHG,sBAAA;EAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;UAOI,qBAAA;EAAA,SACP,QAAA,EAAU,mBAAA;EAAA,SACV,KAAA;AAAA;AAAA,UAGO,sBAAA;EAAA,SACP,SAAA,EAAW,UAAA;EAAA,SACX,YAAA;EAAA,SACA,SAAA;EAAA,SACA,OAAA,IAAW,KAAA,EAAO,mBAAA,KAAwB,OAAA;EAAA,SAC1C,SAAA;EAAA,SACA,MAAA,GAAS,WAAA;EAAA,SACT,QAAA;AAAA;AAAA,KAGE,mBAAA;EAAA,SAEA,IAAA;EAAA,SACA,OAAA;EAAA,SACA,QAAA;EAAA,SACA,KAAA;AAAA;EAAA,SAGA,IAAA;EAAA,SACA,MAAA;EAAA,SACA,MAAA;AAAA;EAAA,SAGA,OAAA;IAAA,SACK,IAAA;IAAA,SAAuB,IAAA;EAAA;IAAA,SACvB,IAAA;IAAA,SAAuB,KAAA;EAAA;EAAA,SAC5B,IAAA;AAAA;AAAA,UAGK,iBAAA;EAAA,SACP,QAAA,IACR,KAAA,WAAgB,kBAAA,IAChB,QAAA,EAAU,mBAAA,EACV,aAAA;IAAA,SAEa,IAAA;EAAA;IAAA,SACA,IAAA;IAAA,SAAyC,MAAA;EAAA;IAAA,SACzC,IAAA;EAAA;IAAA,SACA,IAAA;IAAA,SAAoC,KAAA;EAAA;EAAA,SACzC,gBAAA,GAAmB,IAAA,EAAM,sBAAA,KAA2B,OAAA;EAAA,SACpD,UAAA,GAAa,QAAA,EAAU,mBAAA,KAAwB,OAAA,CAAQ,aAAA;AAAA;AAAA,UAUhD,kBAAA;EAAA,SACP,IAAA,GAAO,IAAA,EAAM,qBAAA,KAA0B,OAAA,CAAQ,iBAAA;EAAA,SAC/C,QAAA,GAAW,IAAA,EAAM,qBAAA,KAA0B,OAAA,CAAQ,iBAAA;EAAA,SACnD,IAAA,GAAO,IAAA,EAAM,qBAAA,KAA0B,OAAA,CAAQ,iBAAA;EAAA,SAC/C,MAAA,GAAS,IAAA,EAAM,qBAAA,KAA0B,OAAA,CAAQ,iBAAA;AAAA;AAAA,iBAmb3C,wBAAA,CAAyB,OAAA,EAAS,iBAAA,GAAoB,kBAAA;;;KCppB1D,gBAAA,GAAmB,mBAAA;AAAA,KAEnB,kBAAA;AAAA,UAMK,gBAAA;EAAA,SACP,YAAA;EAAA,SACA,SAAA;EAAA,SACA,IAAA;EAAA,SACA,IAAA;EAAA,SACA,OAAA;EAAA,SACA,SAAA;EAAA,SACA,SAAA;EAAA,SACA,KAAA;EAAA,SACA,SAAA;EAAA,SACA,QAAA;EAAA,SACA,SAAA;AAAA;AAAA,UAGO,gBAAA;EAAA,SACP,WAAA,YAAuB,gBAAA;EAAA,SACvB,OAAA,WAAkB,sBAAA;EAAA,SAClB,KAAA,WAAgB,oBAAA;EAAA,SAChB,iBAAA;AAAA;AAAA,KAGE,oBAAA;EAAA,SAEA,OAAA,WAAkB,sBAAA;EAAA,SAClB,SAAA;EAAA,SACA,MAAA;EAAA,SACA,iBAAA;AAAA;EAAA,SAGA,KAAA,EAAO,mBAAA;EAAA,SACP,SAAA;EAAA,SACA,MAAA;AAAA;AAAA,UAGK,mBAAA;EAAA,SACP,IAAA;EAAA,SACA,OAAA;EAAA,SACA,SAAA;EAAA,SACA,QAAA;EAAA,SACA,QAAA;AAAA;AAAA,KAGE,sBAAA;EAAA,SACE,IAAA;EAAA,SAAuB,IAAA;AAAA;EAAA,SACvB,IAAA;EAAA,SAAuB,KAAA;AAAA;AAAA,KAEzB,eAAA;EAAA,SAEA,IAAA;EAAA,SACA,QAAA,EAAU,kBAAA;AAAA;EAAA,SAGV,IAAA;EAAA,SACA,SAAA;EAAA,SACA,SAAA;EAAA,SACA,QAAA;AAAA;EAAA,SAGA,IAAA;EAAA,SACA,OAAA;EAAA,SACA,QAAA;EAAA,SACA,SAAA;EAAA,SACA,KAAA;AAAA;EAAA,SAGA,IAAA;EAAA,SACA,MAAA;EAAA,SACA,MAAA;EAAA,SACA,SAAA;AAAA;EAAA,SAGA,OAAA,EAAS,sBAAA;EAAA,SACT,IAAA;EAAA,SACA,SAAA;AAAA;EAAA,SAGA,IAAA;EAAA,SACA,SAAA;EAAA,SACA,MAAA,EAAQ,OAAA,CAAQ,oBAAA;IAAA,SAAiC,MAAA;EAAA;AAAA;EAAA,SAGjD,KAAA,EAAO,mBAAA;EAAA,SACP,IAAA;EAAA,SACA,SAAA;AAAA;EAAA,SAGA,IAAA;EAAA,SACA,MAAA,EAAQ,gBAAA;AAAA;EAAA,SAGR,KAAA;EAAA,SACA,IAAA;AAAA;AAAA,UAGK,oBAAA;EAAA,SACP,KAAA;EAAA,SACA,KAAA,EAAO,gBAAA;EAAA,SACP,MAAA,GAAS,WAAA;EAAA,SACT,QAAA,EAAU,kBAAA;AAAA;AAAA,UAMH,wBAAA;EAAA,SACP,OAAA,IAAW,KAAA,EAAO,eAAA,KAAoB,OAAA;AAAA;AAAA,UAG/B,iBAAA,SAA0B,oBAAA;EAAA,SACjC,gBAAA,EAAkB,iBAAA;AAAA;AAAA,KAGhB,uBAAA,GAA0B,WAAA,CAAY,iBAAA;AAAA,UAExC,yBAAA;EAAA,SACA,YAAA,EAAc,wBAAA;EAAA,SACd,YAAA;EAAA,SACA,OAAA,EAAS,iBAAA;EAAA,SACT,MAAA,YAAkB,eAAA;EAAA,SAClB,kBAAA;AAAA;AAAA,KAGE,qBAAA,IACR,yBAAA;EAAA,SACQ,QAAA,EAAU,uBAAA;EAAA,SACV,qBAAA;AAAA,MAER,yBAAA;EAAA,SACQ,QAAA;EAAA,SACA,qBAAA;AAAA;AAAA,UAGK,UAAA;EAAA,SACP,QAAA;IAAA,SACC,aAAA,GACR,KAAA,WAAgB,kBAAA,IAChB,KAAA,EAAO,gBAAA,EACP,aAAA,yBACI,UAAA,CAAW,uBAAA;EAAA;EAAA,SAER,UAAA,GAAa,IAAA,EAAM,oBAAA,KAAyB,aAAA,CAAc,eAAA;EAAA,SAC1D,KAAA,QAAa,OAAA;EAAA,SACb,uBAAA,SAAgC,uBAAA;EAAA,SAChC,gBAAA,GAAmB,KAAA;IAAA,SAClB,OAAA;IAAA,SACA,YAAA;IAAA,SACA,WAAA;IAAA,SACA,SAAA;IAAA,SACA,UAAA;IAAA,SACA,MAAA,EAAQ,sBAAA;EAAA,MACZ,gBAAA;EAAA,SACG,aAAA,GAAgB,KAAA,EAAO,gBAAA,cAA8B,wBAAA;EAAA,SACrD,oBAAA,GAAuB,YAAA,aAAyB,OAAA;EAAA,SAChD,iBAAA,GAAoB,KAAA,EAAO,gBAAA,KAAqB,OAAA;EAAA,SAChD,kBAAA;AAAA;AAAA,UAGO,wBAAA;EAAA,SACP,WAAA;EAAA,SACA,WAAA,EAAa,IAAA;EAAA,SACb,IAAA,EAAM,kBAAA;AAAA;AAAA,iBA+LA,6BAAA,CACf,UAAA,gCACW,wBAAA;AAAA,iBA6BU,uBAAA,CACrB,MAAA,EAAQ,aAAA,CAAc,eAAA,GACtB,OAAA,GAAS,wBAAA,GACP,OAAA,CAAQ,gBAAA;AAAA,iBA8KK,gBAAA,CAAiB,KAAA,EAAO,qBAAA,GAAwB,UAAA"}
|