@anton.andrusenko/shopify-mcp-admin 2.1.1 → 2.2.1

package/dist/chunk-EGGOXEIC.js

@@ -0,0 +1,249 @@
+// src/config/schema.ts
+import { z } from "zod";
+var configSchema = z.object({
+  // Server operation mode (ADR-008)
+  // local: Single-tenant, credentials via env vars (default)
+  // remote: Multi-tenant, credentials via database
+  SERVER_MODE: z.enum(["local", "remote"]).default("local"),
+  // Database connection URL (required in remote mode)
+  DATABASE_URL: z.string().url().optional().describe("PostgreSQL connection URL for multi-tenant mode"),
+  // Required in local mode - store identity
+  SHOPIFY_STORE_URL: z.string().min(1, "SHOPIFY_STORE_URL is required").regex(/\.myshopify\.com$/, "Must be a valid myshopify.com domain").optional(),
+  // Authentication Option 1: Legacy Custom App (static token)
+  SHOPIFY_ACCESS_TOKEN: z.string().optional(),
+  // Authentication Option 2: Dev Dashboard (OAuth 2.0 client credentials)
+  SHOPIFY_CLIENT_ID: z.string().optional(),
+  SHOPIFY_CLIENT_SECRET: z.string().optional(),
+  // Optional with defaults
+  SHOPIFY_API_VERSION: z.string().default("2025-10"),
+  DEBUG: z.string().optional(),
+  LOG_LEVEL: z.enum(["debug", "info", "warn", "error"]).default("info"),
+  // Log format configuration (Story 13.1: Structured Logging)
+  // json: JSON output for production (default)
+  // pretty: Human-readable output for development
+  LOG_FORMAT: z.enum(["json", "pretty"]).default("json"),
+  PORT: z.string().default("3000").transform(Number),
+  // Transport selection (AC-2.2.6, AC-2.2.7)
+  // Default: stdio for Claude Desktop compatibility
+  TRANSPORT: z.enum(["stdio", "http"]).default("stdio"),
+  // Store info cache TTL (milliseconds)
+  // Default: 5 minutes (300000ms) - configurable for performance tuning
+  STORE_INFO_CACHE_TTL_MS: z.string().optional().default("300000").transform(Number).describe("Cache TTL for store info in milliseconds (default: 5 minutes)"),
+  // Lazy loading configuration (Epic 12)
+  // Default: false - loads all tools at startup for maximum compatibility
+  // Note: Claude Desktop doesn't support dynamic tool refresh via notifications,
+  // so lazy loading is disabled by default. Set to 'true' for clients that
+  // properly handle notifications/tools/list_changed.
+  SHOPIFY_MCP_LAZY_LOADING: z.string().optional().default("false").transform((val) => val === "true" || val === "1").describe("Enable lazy loading of tools via modules (default: false)"),
+  // Role preset configuration (Story 12.3: Progressive Loading)
+  // Automatically loads appropriate modules at startup based on role
+  // Valid roles: inventory-manager, product-manager, content-manager,
+  //              seo-specialist, international-manager, full-access
+  // When not set, only core module is loaded (requires manual module loading)
+  SHOPIFY_MCP_ROLE: z.string().optional().describe("Role preset for automatic module loading at startup"),
+  // AES-256-GCM encryption key for credential protection (Story 6-2)
+  // Must be exactly 64 hex characters (32 bytes = 256 bits)
+  // Required in remote mode for encrypting stored Shopify access tokens
+  // Generate with: openssl rand -hex 32
+  ENCRYPTION_KEY: z.string().regex(
+    /^[0-9a-fA-F]{64}$/,
+    "ENCRYPTION_KEY must be exactly 64 hex characters (32 bytes). Generate with: openssl rand -hex 32"
+  ).optional().describe("AES-256-GCM encryption key for credential protection (required in remote mode)"),
+  // CORS allowed origins configuration (Story 6-7)
+  // Comma-separated list of allowed origins for cross-origin requests
+  // Default: '*' (all origins allowed - suitable for development)
+  // Example: 'https://app.example.com,https://admin.example.com'
+  ALLOWED_ORIGINS: z.string().optional().describe("Comma-separated list of allowed origins for CORS"),
+  // Enable HSTS header (Story 6-7)
+  // When true, sends Strict-Transport-Security header with HTTPS responses
+  // Default: true in remote mode, false in local mode
+  ENABLE_HSTS: z.string().optional().default("false").transform((val) => val === "true" || val === "1").describe("Enable HTTP Strict Transport Security header"),
+  // Metrics endpoint configuration (Story 13-2: Metrics & Monitoring)
+  // Exposes Prometheus-format metrics at /metrics endpoint
+  // Default: true in remote mode (HTTP transport), false in local mode (STDIO)
+  METRICS_ENDPOINT_ENABLED: z.string().optional().transform((val) => val === "true" || val === "1").describe("Enable Prometheus metrics endpoint at /metrics"),
+  // Sentry error tracking DSN (Story 13.7: Production Deployment Infrastructure)
+  // Optional but recommended for production error tracking
+  // Get from: https://sentry.io → Your Project → Settings → Client Keys (DSN)
+  SENTRY_DSN: z.string().url("SENTRY_DSN must be a valid URL").optional().describe("Sentry error tracking DSN (optional but recommended for production)"),
+  // Graceful shutdown drain timeout configuration (Story 13-3: Graceful Shutdown)
+  // Time in seconds to wait for existing connections to complete before force shutdown
+  // Default: 30 seconds, max: 300 seconds (5 minutes)
+  // Railway recommends values less than termination grace period (default 10s)
+  // Kubernetes default terminationGracePeriodSeconds is 30s
+  SHUTDOWN_DRAIN_SECONDS: z.string().optional().default("30").transform(Number).pipe(
+    z.number().int("SHUTDOWN_DRAIN_SECONDS must be an integer").positive("SHUTDOWN_DRAIN_SECONDS must be positive").max(300, "SHUTDOWN_DRAIN_SECONDS cannot exceed 300 seconds (5 minutes)")
+  ).describe("Graceful shutdown drain timeout in seconds (default: 30, max: 300)"),
+  // App URL for OAuth redirects (required in remote mode when OAuth is enabled)
+  // Used as the redirect_uri in OAuth flows
+  APP_URL: z.string().url("APP_URL must be a valid URL").optional().describe("Base URL of the application (required for OAuth redirects in remote mode)")
+}).refine(
+  (data) => {
+    if (data.SERVER_MODE === "remote" && !data.DATABASE_URL) {
+      return false;
+    }
+    return true;
+  },
+  {
+    message: "DATABASE_URL is required when SERVER_MODE=remote. Example: postgresql://user:pass@localhost:5432/dbname",
+    path: ["DATABASE_URL"]
+  }
+).refine(
+  (data) => {
+    if (data.SERVER_MODE === "remote" && !data.ENCRYPTION_KEY) {
+      return false;
+    }
+    return true;
+  },
+  {
+    message: "ENCRYPTION_KEY is required when SERVER_MODE=remote. Generate with: openssl rand -hex 32",
+    path: ["ENCRYPTION_KEY"]
+  }
+).refine(
+  (data) => {
+    if (data.SERVER_MODE === "local" && !data.SHOPIFY_STORE_URL) {
+      return false;
+    }
+    return true;
+  },
+  {
+    message: "SHOPIFY_STORE_URL is required when SERVER_MODE=local",
+    path: ["SHOPIFY_STORE_URL"]
+  }
+).refine(
+  (data) => {
+    if (data.SERVER_MODE === "remote") {
+      return true;
+    }
+    const hasLegacyAuth = !!data.SHOPIFY_ACCESS_TOKEN;
+    const hasClientId = !!data.SHOPIFY_CLIENT_ID;
+    const hasClientSecret = !!data.SHOPIFY_CLIENT_SECRET;
+    const hasClientCredentials = hasClientId && hasClientSecret;
+    return hasLegacyAuth || hasClientCredentials;
+  },
+  {
+    message: "Authentication required: Provide either SHOPIFY_ACCESS_TOKEN (legacy) OR both SHOPIFY_CLIENT_ID and SHOPIFY_CLIENT_SECRET (Dev Dashboard)"
+  }
+).refine(
+  (data) => {
+    if (data.SERVER_MODE === "remote") {
+      return true;
+    }
+    const hasClientId = !!data.SHOPIFY_CLIENT_ID;
+    const hasClientSecret = !!data.SHOPIFY_CLIENT_SECRET;
+    if (hasClientId && !hasClientSecret) {
+      return false;
+    }
+    return true;
+  },
+  {
+    message: "Incomplete client credentials: SHOPIFY_CLIENT_SECRET is required when SHOPIFY_CLIENT_ID is provided"
+  }
+).refine(
+  (data) => {
+    if (data.SERVER_MODE === "remote") {
+      return true;
+    }
+    const hasClientId = !!data.SHOPIFY_CLIENT_ID;
+    const hasClientSecret = !!data.SHOPIFY_CLIENT_SECRET;
+    if (hasClientSecret && !hasClientId) {
+      return false;
+    }
+    return true;
+  },
+  {
+    message: "Incomplete client credentials: SHOPIFY_CLIENT_ID is required when SHOPIFY_CLIENT_SECRET is provided"
+  }
+);
+function getAuthMode(config) {
+  if (config.SHOPIFY_ACCESS_TOKEN) {
+    return "token";
+  }
+  return "client_credentials";
+}
+function isDebugEnabled(debugValue) {
+  if (!debugValue) return false;
+  const normalized = debugValue.toLowerCase().trim();
+  return normalized === "1" || normalized === "true";
+}
+function isLazyLoadingEnabled(config) {
+  return config.SHOPIFY_MCP_LAZY_LOADING;
+}
+function getConfiguredRole(config) {
+  return config.SHOPIFY_MCP_ROLE;
+}
+function getServerMode(config) {
+  return config.SERVER_MODE;
+}
+function isRemoteMode(config) {
+  return config.SERVER_MODE === "remote";
+}
+function getDatabaseUrl(config) {
+  return config.DATABASE_URL;
+}
+function getStoreUrl(config) {
+  return config.SHOPIFY_STORE_URL;
+}
+function requireStoreUrl(config) {
+  if (!config.SHOPIFY_STORE_URL) {
+    throw new Error(
+      "SHOPIFY_STORE_URL is not available in remote mode. Use per-request shop domain instead."
+    );
+  }
+  return config.SHOPIFY_STORE_URL;
+}
+function getEncryptionKey(config) {
+  if (!config.ENCRYPTION_KEY) {
+    return void 0;
+  }
+  return Buffer.from(config.ENCRYPTION_KEY, "hex");
+}
+function requireEncryptionKey(config) {
+  if (!config.ENCRYPTION_KEY) {
+    throw new Error(
+      "ENCRYPTION_KEY is required in remote mode. Generate with: openssl rand -hex 32"
+    );
+  }
+  return Buffer.from(config.ENCRYPTION_KEY, "hex");
+}
+function getAllowedOrigins(config) {
+  if (!config.ALLOWED_ORIGINS) {
+    return ["*"];
+  }
+  return config.ALLOWED_ORIGINS.split(",").map((origin) => origin.trim()).filter((origin) => origin.length > 0);
+}
+function isHSTSEnabled(config) {
+  return config.ENABLE_HSTS;
+}
+function isMetricsEnabled(config) {
+  if (config.METRICS_ENDPOINT_ENABLED !== void 0) {
+    return config.METRICS_ENDPOINT_ENABLED;
+  }
+  return config.SERVER_MODE === "remote" && config.TRANSPORT === "http";
+}
+function getShutdownDrainMs(config) {
+  return config.SHUTDOWN_DRAIN_SECONDS * 1e3;
+}
+function getShutdownDrainSeconds(config) {
+  return config.SHUTDOWN_DRAIN_SECONDS;
+}
+
+export {
+  configSchema,
+  getAuthMode,
+  isDebugEnabled,
+  isLazyLoadingEnabled,
+  getConfiguredRole,
+  getServerMode,
+  isRemoteMode,
+  getDatabaseUrl,
+  getStoreUrl,
+  requireStoreUrl,
+  getEncryptionKey,
+  requireEncryptionKey,
+  getAllowedOrigins,
+  isHSTSEnabled,
+  isMetricsEnabled,
+  getShutdownDrainMs,
+  getShutdownDrainSeconds
+};

package/dist/chunk-JU5IFCVJ.js

@@ -0,0 +1,208 @@
+import {
+  log
+} from "./chunk-5QMYOO4B.js";
+
+// src/db/client.ts
+import { PrismaClient } from "@prisma/client";
+import { PrismaClient as PrismaClient2 } from "@prisma/client";
+var prismaInstance = null;
+function getPrismaClient() {
+  if (!prismaInstance) {
+    log.debug("Creating new Prisma client instance");
+    prismaInstance = new PrismaClient({
+      log: process.env.DEBUG === "true" ? ["query", "info", "warn", "error"] : ["error"]
+    });
+  }
+  return prismaInstance;
+}
+async function disconnectPrisma() {
+  if (prismaInstance) {
+    log.debug("Disconnecting Prisma client");
+    await prismaInstance.$disconnect();
+    prismaInstance = null;
+  }
+}
+var prisma = getPrismaClient();
+
+// src/session/store.ts
+var SessionStore = class {
+  cleanupInterval = null;
+  prisma = getPrismaClient();
+  SESSION_TTL_MS = 24 * 60 * 60 * 1e3;
+  // 24 hours
+  /**
+   * Retrieve session data by session ID
+   * @param sessionId - Unique session identifier
+   * @returns SessionData if valid and not expired, null otherwise
+   */
+  async get(sessionId) {
+    try {
+      const session = await this.prisma.tenantSession.findUnique({
+        where: { id: sessionId },
+        select: {
+          tenantId: true,
+          expiresAt: true
+        }
+      });
+      if (!session) {
+        return null;
+      }
+      const expiresAt = session.expiresAt.getTime();
+      if (expiresAt < Date.now()) {
+        await this.prisma.tenantSession.delete({
+          where: { id: sessionId }
+        }).catch(() => {
+        });
+        return null;
+      }
+      return {
+        tenantId: session.tenantId,
+        expiresAt
+      };
+    } catch (error) {
+      log.error("Failed to retrieve session", error instanceof Error ? error : void 0);
+      return null;
+    }
+  }
+  /**
+   * Store session data with automatic 24-hour expiration
+   * @param sessionId - Unique session identifier
+   * @param data - Session data (tenantId)
+   */
+  async set(sessionId, data) {
+    const expiresAt = new Date(Date.now() + this.SESSION_TTL_MS);
+    try {
+      await this.prisma.tenantSession.upsert({
+        where: { id: sessionId },
+        update: {
+          expiresAt
+        },
+        create: {
+          id: sessionId,
+          tenantId: data.tenantId,
+          expiresAt
+        }
+      });
+    } catch (error) {
+      log.error("Failed to store session", error instanceof Error ? error : void 0);
+      throw error;
+    }
+  }
+  /**
+   * Delete a specific session
+   * @param sessionId - Session identifier to delete
+   */
+  async delete(sessionId) {
+    try {
+      await this.prisma.tenantSession.delete({
+        where: { id: sessionId }
+      });
+    } catch (error) {
+      if (error && typeof error === "object" && "code" in error && error.code !== "P2025") {
+        log.error("Failed to delete session", error instanceof Error ? error : void 0);
+      }
+    }
+  }
+  /**
+   * Delete all sessions for a specific tenant
+   * Used when a tenant changes their password for security
+   * @param tenantId - Tenant identifier
+   */
+  async deleteByTenantId(tenantId) {
+    try {
+      await this.prisma.tenantSession.deleteMany({
+        where: { tenantId }
+      });
+      log.debug(`Deleted all sessions for tenant ${tenantId}`);
+    } catch (error) {
+      log.error("Failed to delete tenant sessions", error instanceof Error ? error : void 0);
+      throw error;
+    }
+  }
+  /**
+   * Remove all expired sessions from the store
+   */
+  async cleanup() {
+    try {
+      const result = await this.prisma.tenantSession.deleteMany({
+        where: {
+          expiresAt: {
+            lt: /* @__PURE__ */ new Date()
+          }
+        }
+      });
+      if (result.count > 0) {
+        log.debug(`Cleaned up ${result.count} expired sessions`);
+      }
+    } catch (error) {
+      log.error("Session cleanup failed", error instanceof Error ? error : void 0);
+    }
+  }
+  /**
+   * Start automatic cleanup task (runs every 10 minutes)
+   * @returns Timer handle for cleanup task
+   */
+  startCleanup() {
+    if (this.cleanupInterval) {
+      return this.cleanupInterval;
+    }
+    this.cleanupInterval = setInterval(
+      () => {
+        this.cleanup().catch((error) => {
+          log.error("Background session cleanup error", error instanceof Error ? error : void 0);
+        });
+      },
+      10 * 60 * 1e3
+    );
+    this.cleanupInterval.unref();
+    log.info("Session cleanup background task started (runs every 10 minutes)");
+    return this.cleanupInterval;
+  }
+  /**
+   * Stop the automatic cleanup task
+   */
+  stopCleanup() {
+    if (this.cleanupInterval) {
+      clearInterval(this.cleanupInterval);
+      this.cleanupInterval = null;
+      log.info("Session cleanup background task stopped");
+    }
+  }
+  /**
+   * Get the number of active sessions (for testing/monitoring)
+   */
+  async size() {
+    try {
+      return await this.prisma.tenantSession.count({
+        where: {
+          expiresAt: {
+            gte: /* @__PURE__ */ new Date()
+          }
+        }
+      });
+    } catch (error) {
+      log.error("Failed to count sessions", error instanceof Error ? error : void 0);
+      return 0;
+    }
+  }
+  /**
+   * Clear all sessions (for testing)
+   */
+  async clear() {
+    try {
+      await this.prisma.tenantSession.deleteMany();
+    } catch (error) {
+      log.error("Failed to clear sessions", error instanceof Error ? error : void 0);
+      throw error;
+    }
+  }
+};
+var sessionStore = new SessionStore();
+
+export {
+  getPrismaClient,
+  disconnectPrisma,
+  prisma,
+  SessionStore,
+  sessionStore
+};