npm - @anton.andrusenko/shopify-mcp-admin - Versions diffs - 1.1.3 → 2.0.0 - Mend

@anton.andrusenko/shopify-mcp-admin 1.1.3 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/README.md +166 -2
package/dist/chunk-3Y4P67GZ.js +124 -0
package/dist/chunk-6YECVENJ.js +208 -0
package/dist/chunk-GKGHMPEC.js +333 -0
package/dist/index.js +5352 -2009
package/dist/mcp-auth-UJ6MADL4.js +15 -0
package/dist/store-MQK3GUUB.js +9 -0
package/package.json +61 -1

package/dist/chunk-GKGHMPEC.js ADDED Viewed

@@ -0,0 +1,333 @@
+// src/config/schema.ts
+import { z } from "zod";
+var configSchema = z.object({
+  // Server operation mode (ADR-008)
+  // local: Single-tenant, credentials via env vars (default)
+  // remote: Multi-tenant, credentials via database
+  SERVER_MODE: z.enum(["local", "remote"]).default("local"),
+  // Database connection URL (required in remote mode)
+  DATABASE_URL: z.string().url().optional().describe("PostgreSQL connection URL for multi-tenant mode"),
+  // Required in local mode - store identity
+  SHOPIFY_STORE_URL: z.string().min(1, "SHOPIFY_STORE_URL is required").regex(/\.myshopify\.com$/, "Must be a valid myshopify.com domain").optional(),
+  // Authentication Option 1: Legacy Custom App (static token)
+  SHOPIFY_ACCESS_TOKEN: z.string().optional(),
+  // Authentication Option 2: Dev Dashboard (OAuth 2.0 client credentials)
+  SHOPIFY_CLIENT_ID: z.string().optional(),
+  SHOPIFY_CLIENT_SECRET: z.string().optional(),
+  // Optional with defaults
+  SHOPIFY_API_VERSION: z.string().default("2025-10"),
+  DEBUG: z.string().optional(),
+  LOG_LEVEL: z.enum(["debug", "info", "warn", "error"]).default("info"),
+  // Log format configuration (Story 13.1: Structured Logging)
+  // json: JSON output for production (default)
+  // pretty: Human-readable output for development
+  LOG_FORMAT: z.enum(["json", "pretty"]).default("json"),
+  PORT: z.string().default("3000").transform(Number),
+  // Transport selection (AC-2.2.6, AC-2.2.7)
+  // Default: stdio for Claude Desktop compatibility
+  TRANSPORT: z.enum(["stdio", "http"]).default("stdio"),
+  // Store info cache TTL (milliseconds)
+  // Default: 5 minutes (300000ms) - configurable for performance tuning
+  STORE_INFO_CACHE_TTL_MS: z.string().optional().default("300000").transform(Number).describe("Cache TTL for store info in milliseconds (default: 5 minutes)"),
+  // Lazy loading configuration (Epic 12)
+  // Default: false - loads all tools at startup for maximum compatibility
+  // Note: Claude Desktop doesn't support dynamic tool refresh via notifications,
+  // so lazy loading is disabled by default. Set to 'true' for clients that
+  // properly handle notifications/tools/list_changed.
+  SHOPIFY_MCP_LAZY_LOADING: z.string().optional().default("false").transform((val) => val === "true" || val === "1").describe("Enable lazy loading of tools via modules (default: false)"),
+  // Role preset configuration (Story 12.3: Progressive Loading)
+  // Automatically loads appropriate modules at startup based on role
+  // Valid roles: inventory-manager, product-manager, content-manager,
+  //              seo-specialist, international-manager, full-access
+  // When not set, only core module is loaded (requires manual module loading)
+  SHOPIFY_MCP_ROLE: z.string().optional().describe("Role preset for automatic module loading at startup"),
+  // AES-256-GCM encryption key for credential protection (Story 6-2)
+  // Must be exactly 64 hex characters (32 bytes = 256 bits)
+  // Required in remote mode for encrypting stored Shopify access tokens
+  // Generate with: openssl rand -hex 32
+  ENCRYPTION_KEY: z.string().regex(
+    /^[0-9a-fA-F]{64}$/,
+    "ENCRYPTION_KEY must be exactly 64 hex characters (32 bytes). Generate with: openssl rand -hex 32"
+  ).optional().describe("AES-256-GCM encryption key for credential protection (required in remote mode)"),
+  // CORS allowed origins configuration (Story 6-7)
+  // Comma-separated list of allowed origins for cross-origin requests
+  // Default: '*' (all origins allowed - suitable for development)
+  // Example: 'https://app.example.com,https://admin.example.com'
+  ALLOWED_ORIGINS: z.string().optional().describe("Comma-separated list of allowed origins for CORS"),
+  // Enable HSTS header (Story 6-7)
+  // When true, sends Strict-Transport-Security header with HTTPS responses
+  // Default: true in remote mode, false in local mode
+  ENABLE_HSTS: z.string().optional().default("false").transform((val) => val === "true" || val === "1").describe("Enable HTTP Strict Transport Security header"),
+  // Metrics endpoint configuration (Story 13-2: Metrics & Monitoring)
+  // Exposes Prometheus-format metrics at /metrics endpoint
+  // Default: true in remote mode (HTTP transport), false in local mode (STDIO)
+  METRICS_ENDPOINT_ENABLED: z.string().optional().transform((val) => val === "true" || val === "1").describe("Enable Prometheus metrics endpoint at /metrics"),
+  // Sentry error tracking DSN (Story 13.7: Production Deployment Infrastructure)
+  // Optional but recommended for production error tracking
+  // Get from: https://sentry.io → Your Project → Settings → Client Keys (DSN)
+  SENTRY_DSN: z.string().url("SENTRY_DSN must be a valid URL").optional().describe("Sentry error tracking DSN (optional but recommended for production)"),
+  // Graceful shutdown drain timeout configuration (Story 13-3: Graceful Shutdown)
+  // Time in seconds to wait for existing connections to complete before force shutdown
+  // Default: 30 seconds, max: 300 seconds (5 minutes)
+  // Railway recommends values less than termination grace period (default 10s)
+  // Kubernetes default terminationGracePeriodSeconds is 30s
+  SHUTDOWN_DRAIN_SECONDS: z.string().optional().default("30").transform(Number).pipe(
+    z.number().int("SHUTDOWN_DRAIN_SECONDS must be an integer").positive("SHUTDOWN_DRAIN_SECONDS must be positive").max(300, "SHUTDOWN_DRAIN_SECONDS cannot exceed 300 seconds (5 minutes)")
+  ).describe("Graceful shutdown drain timeout in seconds (default: 30, max: 300)")
+}).refine(
+  (data) => {
+    if (data.SERVER_MODE === "remote" && !data.DATABASE_URL) {
+      return false;
+    }
+    return true;
+  },
+  {
+    message: "DATABASE_URL is required when SERVER_MODE=remote. Example: postgresql://user:pass@localhost:5432/dbname",
+    path: ["DATABASE_URL"]
+  }
+).refine(
+  (data) => {
+    if (data.SERVER_MODE === "remote" && !data.ENCRYPTION_KEY) {
+      return false;
+    }
+    return true;
+  },
+  {
+    message: "ENCRYPTION_KEY is required when SERVER_MODE=remote. Generate with: openssl rand -hex 32",
+    path: ["ENCRYPTION_KEY"]
+  }
+).refine(
+  (data) => {
+    if (data.SERVER_MODE === "local" && !data.SHOPIFY_STORE_URL) {
+      return false;
+    }
+    return true;
+  },
+  {
+    message: "SHOPIFY_STORE_URL is required when SERVER_MODE=local",
+    path: ["SHOPIFY_STORE_URL"]
+  }
+).refine(
+  (data) => {
+    if (data.SERVER_MODE === "remote") {
+      return true;
+    }
+    const hasLegacyAuth = !!data.SHOPIFY_ACCESS_TOKEN;
+    const hasClientId = !!data.SHOPIFY_CLIENT_ID;
+    const hasClientSecret = !!data.SHOPIFY_CLIENT_SECRET;
+    const hasClientCredentials = hasClientId && hasClientSecret;
+    return hasLegacyAuth || hasClientCredentials;
+  },
+  {
+    message: "Authentication required: Provide either SHOPIFY_ACCESS_TOKEN (legacy) OR both SHOPIFY_CLIENT_ID and SHOPIFY_CLIENT_SECRET (Dev Dashboard)"
+  }
+).refine(
+  (data) => {
+    if (data.SERVER_MODE === "remote") {
+      return true;
+    }
+    const hasClientId = !!data.SHOPIFY_CLIENT_ID;
+    const hasClientSecret = !!data.SHOPIFY_CLIENT_SECRET;
+    if (hasClientId && !hasClientSecret) {
+      return false;
+    }
+    return true;
+  },
+  {
+    message: "Incomplete client credentials: SHOPIFY_CLIENT_SECRET is required when SHOPIFY_CLIENT_ID is provided"
+  }
+).refine(
+  (data) => {
+    if (data.SERVER_MODE === "remote") {
+      return true;
+    }
+    const hasClientId = !!data.SHOPIFY_CLIENT_ID;
+    const hasClientSecret = !!data.SHOPIFY_CLIENT_SECRET;
+    if (hasClientSecret && !hasClientId) {
+      return false;
+    }
+    return true;
+  },
+  {
+    message: "Incomplete client credentials: SHOPIFY_CLIENT_ID is required when SHOPIFY_CLIENT_SECRET is provided"
+  }
+);
+function getAuthMode(config) {
+  if (config.SHOPIFY_ACCESS_TOKEN) {
+    return "token";
+  }
+  return "client_credentials";
+}
+function isDebugEnabled(debugValue) {
+  if (!debugValue) return false;
+  const normalized = debugValue.toLowerCase().trim();
+  return normalized === "1" || normalized === "true";
+}
+function isLazyLoadingEnabled(config) {
+  return config.SHOPIFY_MCP_LAZY_LOADING;
+}
+function getConfiguredRole(config) {
+  return config.SHOPIFY_MCP_ROLE;
+}
+function isRemoteMode(config) {
+  return config.SERVER_MODE === "remote";
+}
+function requireStoreUrl(config) {
+  if (!config.SHOPIFY_STORE_URL) {
+    throw new Error(
+      "SHOPIFY_STORE_URL is not available in remote mode. Use per-request shop domain instead."
+    );
+  }
+  return config.SHOPIFY_STORE_URL;
+}
+function requireEncryptionKey(config) {
+  if (!config.ENCRYPTION_KEY) {
+    throw new Error(
+      "ENCRYPTION_KEY is required in remote mode. Generate with: openssl rand -hex 32"
+    );
+  }
+  return Buffer.from(config.ENCRYPTION_KEY, "hex");
+}
+function isMetricsEnabled(config) {
+  if (config.METRICS_ENDPOINT_ENABLED !== void 0) {
+    return config.METRICS_ENDPOINT_ENABLED;
+  }
+  return config.SERVER_MODE === "remote" && config.TRANSPORT === "http";
+}
+function getShutdownDrainMs(config) {
+  return config.SHUTDOWN_DRAIN_SECONDS * 1e3;
+}
+// src/config/index.ts
+var _config = null;
+function getConfig() {
+  if (_config !== null) {
+    return _config;
+  }
+  const result = configSchema.safeParse(process.env);
+  if (!result.success) {
+    const errors = result.error.errors.map((err) => {
+      const path = err.path.join(".");
+      return `  - ${path}: ${err.message}`;
+    });
+    console.error("Configuration error:");
+    console.error(errors.join("\n"));
+    process.exit(1);
+  }
+  _config = result.data;
+  return _config;
+}
+// src/utils/logger.ts
+var SANITIZATION_PATTERNS = [
+  { pattern: /shpat_[a-zA-Z0-9]+/g, replacement: "[REDACTED]" },
+  { pattern: /shpua_[a-zA-Z0-9]+/g, replacement: "[REDACTED]" },
+  { pattern: /Bearer\s+[a-zA-Z0-9_-]+/g, replacement: "Bearer [REDACTED]" },
+  { pattern: /access_token[=:]\s*[a-zA-Z0-9_-]+/gi, replacement: "access_token=[REDACTED]" },
+  { pattern: /client_secret[=:]\s*[a-zA-Z0-9_-]+/gi, replacement: "client_secret=[REDACTED]" }
+];
+function sanitizeLogMessage(message) {
+  let result = message;
+  for (const { pattern, replacement } of SANITIZATION_PATTERNS) {
+    result = result.replace(pattern, replacement);
+  }
+  return result;
+}
+function sanitizeObject(obj, seen = /* @__PURE__ */ new WeakSet()) {
+  if (typeof obj === "string") {
+    return sanitizeLogMessage(obj);
+  }
+  if (obj === null || typeof obj !== "object") {
+    return obj;
+  }
+  if (seen.has(obj)) {
+    return "[Circular]";
+  }
+  seen.add(obj);
+  if (Array.isArray(obj)) {
+    return obj.map((item) => sanitizeObject(item, seen));
+  }
+  const result = {};
+  for (const [key, value] of Object.entries(obj)) {
+    result[key] = sanitizeObject(value, seen);
+  }
+  return result;
+}
+function safeStringify(data) {
+  try {
+    const seen = /* @__PURE__ */ new WeakSet();
+    return JSON.stringify(data, (_key, value) => {
+      if (typeof value === "object" && value !== null) {
+        if (seen.has(value)) {
+          return "[Circular]";
+        }
+        seen.add(value);
+      }
+      return value;
+    });
+  } catch {
+    return "[Unable to stringify]";
+  }
+}
+var log = {
+  /**
+   * Debug level logging - only outputs when DEBUG=1 or DEBUG=true
+   *
+   * @param msg - Debug message
+   * @param data - Optional data object to include (JSON-stringified)
+   */
+  debug: (msg, data) => {
+    if (isDebugEnabled(process.env.DEBUG)) {
+      const sanitizedMsg = sanitizeLogMessage(msg);
+      if (data) {
+        const sanitizedData = sanitizeObject(data);
+        const dataStr = safeStringify(sanitizedData);
+        console.error(`[DEBUG] ${sanitizedMsg} ${dataStr}`);
+      } else {
+        console.error(`[DEBUG] ${sanitizedMsg}`);
+      }
+    }
+  },
+  /**
+   * Info level logging
+   *
+   * @param msg - Info message
+   */
+  info: (msg) => {
+    console.error(`[INFO] ${sanitizeLogMessage(msg)}`);
+  },
+  /**
+   * Warning level logging
+   *
+   * @param msg - Warning message
+   */
+  warn: (msg) => {
+    console.error(`[WARN] ${sanitizeLogMessage(msg)}`);
+  },
+  /**
+   * Error level logging
+   *
+   * @param msg - Error message
+   * @param err - Optional Error object (stack trace shown when DEBUG enabled)
+   */
+  error: (msg, err) => {
+    console.error(`[ERROR] ${sanitizeLogMessage(msg)}`);
+    if (err && isDebugEnabled(process.env.DEBUG)) {
+      console.error(sanitizeLogMessage(err.stack || err.message));
+    }
+  }
+};
+export {
+  getAuthMode,
+  isLazyLoadingEnabled,
+  getConfiguredRole,
+  isRemoteMode,
+  requireStoreUrl,
+  requireEncryptionKey,
+  isMetricsEnabled,
+  getShutdownDrainMs,
+  getConfig,
+  sanitizeLogMessage,
+  log
+};