@appaflytech/wappa-mcp 0.0.10 → 0.0.12

package/dist/factory.js

@@ -0,0 +1,286 @@
+/**
+ * Per-session MCP server factory
+ *
+ * Builds a McpServer + WapClient pair from a SessionConfig.
+ * Used by both the stdio entry (index.ts) and the HTTP server (server.ts)
+ * so tool/resource behaviour is identical across transports.
+ */
+import { McpServer, ResourceTemplate, } from "@modelcontextprotocol/sdk/server/mcp.js";
+import { z } from "zod";
+import { TokenManager, BearerAuthStrategy, StaticBearerStrategy, ApiKeyAuthStrategy, } from "./auth.js";
+import { WapClient } from "./client.js";
+import { getComponentTools } from "./tools/components.js";
+import { getPageTools } from "./tools/pages.js";
+import { getWidgetTools } from "./tools/widgets.js";
+import { getGeneralTools } from "./tools/general.js";
+import { getSiteTools } from "./tools/sites.js";
+import { getEntityTools } from "./tools/entities.js";
+import { getDynamicEntityTools } from "./tools/dynamic-entities.js";
+import { getLayoutTools } from "./tools/layouts.js";
+import { getQueryTools } from "./tools/queries.js";
+import { getMenuTools } from "./tools/menus.js";
+import { getThemeTools } from "./tools/themes.js";
+import { getLanguageTools } from "./tools/languages.js";
+import { getOrganizationTools } from "./tools/organizations.js";
+import { getPlanTools } from "./tools/plans.js";
+import { getSubscriptionTools } from "./tools/subscriptions.js";
+import { getPushNotificationTools } from "./tools/push-notifications.js";
+import { getUserTools } from "./tools/users.js";
+import { getRoleTools } from "./tools/roles.js";
+import { getCountryTools } from "./tools/countries.js";
+import { getRegionTools } from "./tools/regions.js";
+import { getDbRoutineTools } from "./tools/db-routines.js";
+import { getErrorLogTools } from "./tools/error-logs.js";
+import { getComponentCategoryTools } from "./tools/component-categories.js";
+import { getQueryCategoryTools } from "./tools/query-categories.js";
+import { getShowcaseTools } from "./tools/showcases.js";
+import { getSystemVariableTools } from "./tools/system-variables.js";
+import { getSystemToolTools } from "./tools/system-tools.js";
+import { getPluginTools } from "./tools/plugins.js";
+import { getWorkflowTools } from "./tools/workflows.js";
+import { getAiChatSessionTools } from "./tools/ai-chat-sessions.js";
+import { getAppUserTools } from "./tools/app-users.js";
+import { getOperationTools } from "./tools/operations.js";
+import { getPageEntityTools } from "./tools/page-entities.js";
+import { getStorageTools } from "./tools/storage.js";
+import { getSettingsTools } from "./tools/settings.js";
+// ─── Auth strategy resolver ─────────────────────────────────
+function resolveAuthStrategy(cfg) {
+    switch (cfg.auth.kind) {
+        case "emailPwd":
+            return new BearerAuthStrategy(new TokenManager({
+                adminApiUrl: cfg.adminApiUrl,
+                email: cfg.auth.email,
+                password: cfg.auth.password,
+            }));
+        case "userJwt":
+            return new StaticBearerStrategy(cfg.auth.jwt);
+        case "apiKey":
+            return new ApiKeyAuthStrategy(cfg.auth.apiKey);
+    }
+}
+// ─── Tool → Zod schema converter (shared with original index.ts) ────────────
+function buildZodShape(inputSchema) {
+    const zodShape = {};
+    const props = inputSchema.properties || {};
+    const required = inputSchema.required || [];
+    for (const [propName, propDef] of Object.entries(props)) {
+        let zodType;
+        switch (propDef.type) {
+            case "string":
+                zodType = propDef.enum ? z.enum(propDef.enum) : z.string();
+                break;
+            case "number":
+                zodType = z.number();
+                break;
+            case "boolean":
+                zodType = z.boolean();
+                break;
+            case "object":
+                zodType = z.record(z.string(), z.unknown());
+                break;
+            case "array":
+                zodType = z.array(z.unknown());
+                break;
+            default:
+                zodType = z.unknown();
+        }
+        if (propDef.description)
+            zodType = zodType.describe(propDef.description);
+        if (!required.includes(propName))
+            zodType = zodType.optional();
+        zodShape[propName] = zodType;
+    }
+    return zodShape;
+}
+// ─── Factory ─────────────────────────────────────────────────
+export function buildMcpServerForSession(cfg) {
+    const auth = resolveAuthStrategy(cfg);
+    const client = new WapClient({
+        adminApiUrl: cfg.adminApiUrl,
+        siteKey: cfg.siteKey,
+        language: cfg.language,
+        auth,
+    });
+    const server = new McpServer({ name: "wappa-mcp", version: "1.0.0" });
+    // ─── Register tools ───────────────────────────────────────
+    const allTools = {
+        ...getComponentTools(client),
+        ...getPageTools(client),
+        ...getWidgetTools(client),
+        ...getGeneralTools(client),
+        ...getSiteTools(client),
+        ...getEntityTools(client),
+        ...getDynamicEntityTools(client),
+        ...getLayoutTools(client),
+        ...getQueryTools(client),
+        ...getMenuTools(client),
+        ...getThemeTools(client),
+        ...getLanguageTools(client),
+        ...getOrganizationTools(client),
+        ...getPlanTools(client),
+        ...getSubscriptionTools(client),
+        ...getPushNotificationTools(client),
+        ...getUserTools(client),
+        ...getRoleTools(client),
+        ...getCountryTools(client),
+        ...getRegionTools(client),
+        ...getDbRoutineTools(client),
+        ...getErrorLogTools(client),
+        ...getComponentCategoryTools(client),
+        ...getQueryCategoryTools(client),
+        ...getShowcaseTools(client),
+        ...getSystemVariableTools(client),
+        ...getSystemToolTools(client),
+        ...getPluginTools(client),
+        ...getWorkflowTools(client),
+        ...getAiChatSessionTools(client),
+        ...getAppUserTools(client),
+        ...getOperationTools(client),
+        ...getPageEntityTools(client),
+        ...getStorageTools(client),
+        ...getSettingsTools(client),
+    };
+    for (const [toolName, toolDef] of Object.entries(allTools)) {
+        const { description, inputSchema, handler } = toolDef;
+        server.tool(`wappa_${toolName}`, description, buildZodShape(inputSchema), async (args) => {
+            try {
+                return await handler(args);
+            }
+            catch (error) {
+                return {
+                    content: [
+                        { type: "text", text: `Error: ${error.message}` },
+                    ],
+                    isError: true,
+                };
+            }
+        });
+    }
+    // ─── Register resources ───────────────────────────────────
+    server.resource("wappa-config", "wappa://config", {
+        description: "Aktif WAPPA sunucu yapılandırması (site ID, dil, API URL)",
+        mimeType: "application/json",
+    }, async (uri) => ({
+        contents: [
+            {
+                uri: uri.href,
+                mimeType: "application/json",
+                text: JSON.stringify({
+                    adminApiUrl: cfg.adminApiUrl,
+                    siteKey: cfg.siteKey,
+                    language: cfg.language,
+                }, null, 2),
+            },
+        ],
+    }));
+    server.resource("wappa-sites", "wappa://sites", {
+        description: "WAPPA'daki tüm site listesi (canlı veri)",
+        mimeType: "application/json",
+    }, async (uri) => {
+        const result = await client.getSites({});
+        return {
+            contents: [
+                {
+                    uri: uri.href,
+                    mimeType: "application/json",
+                    text: JSON.stringify(result, null, 2),
+                },
+            ],
+        };
+    });
+    server.resource("wappa-pages", "wappa://pages", {
+        description: "Aktif sitedeki tüm sayfalar (canlı veri)",
+        mimeType: "application/json",
+    }, async (uri) => {
+        const result = await client.getPages({});
+        return {
+            contents: [
+                {
+                    uri: uri.href,
+                    mimeType: "application/json",
+                    text: JSON.stringify(result, null, 2),
+                },
+            ],
+        };
+    });
+    server.resource("wappa-components", "wappa://components", {
+        description: "Aktif sitedeki tüm bileşenler (canlı veri)",
+        mimeType: "application/json",
+    }, async (uri) => {
+        const result = await client.getComponents({});
+        return {
+            contents: [
+                {
+                    uri: uri.href,
+                    mimeType: "application/json",
+                    text: JSON.stringify(result, null, 2),
+                },
+            ],
+        };
+    });
+    server.resource("wappa-entities", "wappa://entities", {
+        description: "Tanımlı tüm entity şemaları (canlı veri)",
+        mimeType: "application/json",
+    }, async (uri) => {
+        const result = await client.getEntities({});
+        return {
+            contents: [
+                {
+                    uri: uri.href,
+                    mimeType: "application/json",
+                    text: JSON.stringify(result, null, 2),
+                },
+            ],
+        };
+    });
+    server.resource("wappa-layouts", "wappa://layouts", {
+        description: "Aktif sitedeki tüm layoutlar (canlı veri)",
+        mimeType: "application/json",
+    }, async (uri) => {
+        const result = await client.getLayouts({});
+        return {
+            contents: [
+                {
+                    uri: uri.href,
+                    mimeType: "application/json",
+                    text: JSON.stringify(result, null, 2),
+                },
+            ],
+        };
+    });
+    server.resource("wappa-queries", "wappa://queries", {
+        description: "Kayıtlı tüm query/sorgu şablonları (canlı veri)",
+        mimeType: "application/json",
+    }, async (uri) => {
+        const result = await client.getQueries({});
+        return {
+            contents: [
+                {
+                    uri: uri.href,
+                    mimeType: "application/json",
+                    text: JSON.stringify(result, null, 2),
+                },
+            ],
+        };
+    });
+    server.resource("wappa-entity-records", new ResourceTemplate("wappa://entities/{entityId}/records", {
+        list: undefined,
+    }), {
+        description: "Belirli bir entity'nin tüm kayıtları. URI: wappa://entities/{entityId}/records",
+        mimeType: "application/json",
+    }, async (uri, { entityId }) => {
+        const result = await client.getDynamicEntities(entityId, {});
+        return {
+            contents: [
+                {
+                    uri: uri.href,
+                    mimeType: "application/json",
+                    text: JSON.stringify(result, null, 2),
+                },
+            ],
+        };
+    });
+    return { server, client };
+}
+//# sourceMappingURL=factory.js.map

package/dist/factory.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"factory.js","sourceRoot":"","sources":["../src/factory.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EACL,SAAS,EACT,gBAAgB,GACjB,MAAM,yCAAyC,CAAC;AACjD,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,OAAO,EACL,YAAY,EAEZ,kBAAkB,EAClB,oBAAoB,EACpB,kBAAkB,GACnB,MAAM,WAAW,CAAC;AACnB,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAExC,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAC1D,OAAO,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAChD,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AACpD,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AACrD,OAAO,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAChD,OAAO,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AACrD,OAAO,EAAE,qBAAqB,EAAE,MAAM,6BAA6B,CAAC;AACpE,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AACpD,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACnD,OAAO,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAChD,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAClD,OAAO,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AACxD,OAAO,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAC;AAChE,OAAO,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAChD,OAAO,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAC;AAChE,OAAO,EAAE,wBAAwB,EAAE,MAAM,+BAA+B,CAAC;AACzE,OAAO,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAChD,OAAO,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAChD,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AACvD,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AACpD,OAAO,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAC3D,OAAO,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AACzD,OAAO,EAAE,yBAAyB,EAAE,MAAM,iCAAiC,CAAC;AAC5E,OAAO,EAAE,qBAAqB,EAAE,MAAM,6BAA6B,CAAC;AACpE,OAAO,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AACxD,OAAO,EAAE,sBAAsB,EAAE,MAAM,6BAA6B,CAAC;AACrE,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAC7D,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AACpD,OAAO,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AACxD,OAAO,EAAE,qBAAqB,EAAE,MAAM,6BAA6B,CAAC;AACpE,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AACvD,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAC1D,OAAO,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAC9D,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AACrD,OAAO,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AAgBvD,+DAA+D;AAE/D,SAAS,mBAAmB,CAAC,GAAkB;IAC7C,QAAQ,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QACtB,KAAK,UAAU;YACb,OAAO,IAAI,kBAAkB,CAC3B,IAAI,YAAY,CAAC;gBACf,WAAW,EAAE,GAAG,CAAC,WAAW;gBAC5B,KAAK,EAAE,GAAG,CAAC,IAAI,CAAC,KAAK;gBACrB,QAAQ,EAAE,GAAG,CAAC,IAAI,CAAC,QAAQ;aAC5B,CAAC,CACH,CAAC;QACJ,KAAK,SAAS;YACZ,OAAO,IAAI,oBAAoB,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAChD,KAAK,QAAQ;YACX,OAAO,IAAI,kBAAkB,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACnD,CAAC;AACH,CAAC;AAED,+EAA+E;AAE/E,SAAS,aAAa,CAAC,WAAgC;IACrD,MAAM,QAAQ,GAAwB,EAAE,CAAC;IACzC,MAAM,KAAK,GAAG,WAAW,CAAC,UAAU,IAAI,EAAE,CAAC;IAC3C,MAAM,QAAQ,GAAa,WAAW,CAAC,QAAQ,IAAI,EAAE,CAAC;IAEtD,KAAK,MAAM,CAAC,QAAQ,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAoB,EAAE,CAAC;QAC3E,IAAI,OAAY,CAAC;QACjB,QAAQ,OAAO,CAAC,IAAI,EAAE,CAAC;YACrB,KAAK,QAAQ;gBACX,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;gBAC3D,MAAM;YACR,KAAK,QAAQ;gBACX,OAAO,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC;gBACrB,MAAM;YACR,KAAK,SAAS;gBACZ,OAAO,GAAG,CAAC,CAAC,OAAO,EAAE,CAAC;gBACtB,MAAM;YACR,KAAK,QAAQ;gBACX,OAAO,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;gBAC5C,MAAM;YACR,KAAK,OAAO;gBACV,OAAO,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;gBAC/B,MAAM;YACR;gBACE,OAAO,GAAG,CAAC,CAAC,OAAO,EAAE,CAAC;QAC1B,CAAC;QACD,IAAI,OAAO,CAAC,WAAW;YAAE,OAAO,GAAG,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;QACzE,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC;YAAE,OAAO,GAAG,OAAO,CAAC,QAAQ,EAAE,CAAC;QAC/D,QAAQ,CAAC,QAAQ,CAAC,GAAG,OAAO,CAAC;IAC/B,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,gEAAgE;AAEhE,MAAM,UAAU,wBAAwB,CAAC,GAAkB;IAIzD,MAAM,IAAI,GAAG,mBAAmB,CAAC,GAAG,CAAC,CAAC;IAEtC,MAAM,MAAM,GAAG,IAAI,SAAS,CAAC;QAC3B,WAAW,EAAE,GAAG,CAAC,WAAW;QAC5B,OAAO,EAAE,GAAG,CAAC,OAAO;QACpB,QAAQ,EAAE,GAAG,CAAC,QAAQ;QACtB,IAAI;KACL,CAAC,CAAC;IAEH,MAAM,MAAM,GAAG,IAAI,SAAS,CAAC,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC,CAAC;IAEtE,6DAA6D;IAE7D,MAAM,QAAQ,GAAwB;QACpC,GAAG,iBAAiB,CAAC,MAAM,CAAC;QAC5B,GAAG,YAAY,CAAC,MAAM,CAAC;QACvB,GAAG,cAAc,CAAC,MAAM,CAAC;QACzB,GAAG,eAAe,CAAC,MAAM,CAAC;QAC1B,GAAG,YAAY,CAAC,MAAM,CAAC;QACvB,GAAG,cAAc,CAAC,MAAM,CAAC;QACzB,GAAG,qBAAqB,CAAC,MAAM,CAAC;QAChC,GAAG,cAAc,CAAC,MAAM,CAAC;QACzB,GAAG,aAAa,CAAC,MAAM,CAAC;QACxB,GAAG,YAAY,CAAC,MAAM,CAAC;QACvB,GAAG,aAAa,CAAC,MAAM,CAAC;QACxB,GAAG,gBAAgB,CAAC,MAAM,CAAC;QAC3B,GAAG,oBAAoB,CAAC,MAAM,CAAC;QAC/B,GAAG,YAAY,CAAC,MAAM,CAAC;QACvB,GAAG,oBAAoB,CAAC,MAAM,CAAC;QAC/B,GAAG,wBAAwB,CAAC,MAAM,CAAC;QACnC,GAAG,YAAY,CAAC,MAAM,CAAC;QACvB,GAAG,YAAY,CAAC,MAAM,CAAC;QACvB,GAAG,eAAe,CAAC,MAAM,CAAC;QAC1B,GAAG,cAAc,CAAC,MAAM,CAAC;QACzB,GAAG,iBAAiB,CAAC,MAAM,CAAC;QAC5B,GAAG,gBAAgB,CAAC,MAAM,CAAC;QAC3B,GAAG,yBAAyB,CAAC,MAAM,CAAC;QACpC,GAAG,qBAAqB,CAAC,MAAM,CAAC;QAChC,GAAG,gBAAgB,CAAC,MAAM,CAAC;QAC3B,GAAG,sBAAsB,CAAC,MAAM,CAAC;QACjC,GAAG,kBAAkB,CAAC,MAAM,CAAC;QAC7B,GAAG,cAAc,CAAC,MAAM,CAAC;QACzB,GAAG,gBAAgB,CAAC,MAAM,CAAC;QAC3B,GAAG,qBAAqB,CAAC,MAAM,CAAC;QAChC,GAAG,eAAe,CAAC,MAAM,CAAC;QAC1B,GAAG,iBAAiB,CAAC,MAAM,CAAC;QAC5B,GAAG,kBAAkB,CAAC,MAAM,CAAC;QAC7B,GAAG,eAAe,CAAC,MAAM,CAAC;QAC1B,GAAG,gBAAgB,CAAC,MAAM,CAAC;KAC5B,CAAC;IAEF,KAAK,MAAM,CAAC,QAAQ,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC3D,MAAM,EAAE,WAAW,EAAE,WAAW,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC;QACtD,MAAM,CAAC,IAAI,CACT,SAAS,QAAQ,EAAE,EACnB,WAAW,EACX,aAAa,CAAC,WAAW,CAAC,EAC1B,KAAK,EAAE,IAAS,EAAE,EAAE;YAClB,IAAI,CAAC;gBACH,OAAO,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;YAC7B,CAAC;YAAC,OAAO,KAAU,EAAE,CAAC;gBACpB,OAAO;oBACL,OAAO,EAAE;wBACP,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,UAAU,KAAK,CAAC,OAAO,EAAE,EAAE;qBAC3D;oBACD,OAAO,EAAE,IAAI;iBACd,CAAC;YACJ,CAAC;QACH,CAAC,CACF,CAAC;IACJ,CAAC;IAED,6DAA6D;IAE7D,MAAM,CAAC,QAAQ,CACb,cAAc,EACd,gBAAgB,EAChB;QACE,WAAW,EAAE,2DAA2D;QACxE,QAAQ,EAAE,kBAAkB;KAC7B,EACD,KAAK,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;QACd,QAAQ,EAAE;YACR;gBACE,GAAG,EAAE,GAAG,CAAC,IAAI;gBACb,QAAQ,EAAE,kBAAkB;gBAC5B,IAAI,EAAE,IAAI,CAAC,SAAS,CAClB;oBACE,WAAW,EAAE,GAAG,CAAC,WAAW;oBAC5B,OAAO,EAAE,GAAG,CAAC,OAAO;oBACpB,QAAQ,EAAE,GAAG,CAAC,QAAQ;iBACvB,EACD,IAAI,EACJ,CAAC,CACF;aACF;SACF;KACF,CAAC,CACH,CAAC;IAEF,MAAM,CAAC,QAAQ,CACb,aAAa,EACb,eAAe,EACf;QACE,WAAW,EAAE,0CAA0C;QACvD,QAAQ,EAAE,kBAAkB;KAC7B,EACD,KAAK,EAAE,GAAG,EAAE,EAAE;QACZ,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;QACzC,OAAO;YACL,QAAQ,EAAE;gBACR;oBACE,GAAG,EAAE,GAAG,CAAC,IAAI;oBACb,QAAQ,EAAE,kBAAkB;oBAC5B,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;iBACtC;aACF;SACF,CAAC;IACJ,CAAC,CACF,CAAC;IAEF,MAAM,CAAC,QAAQ,CACb,aAAa,EACb,eAAe,EACf;QACE,WAAW,EAAE,0CAA0C;QACvD,QAAQ,EAAE,kBAAkB;KAC7B,EACD,KAAK,EAAE,GAAG,EAAE,EAAE;QACZ,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;QACzC,OAAO;YACL,QAAQ,EAAE;gBACR;oBACE,GAAG,EAAE,GAAG,CAAC,IAAI;oBACb,QAAQ,EAAE,kBAAkB;oBAC5B,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;iBACtC;aACF;SACF,CAAC;IACJ,CAAC,CACF,CAAC;IAEF,MAAM,CAAC,QAAQ,CACb,kBAAkB,EAClB,oBAAoB,EACpB;QACE,WAAW,EAAE,4CAA4C;QACzD,QAAQ,EAAE,kBAAkB;KAC7B,EACD,KAAK,EAAE,GAAG,EAAE,EAAE;QACZ,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,EAAE,CAAC,CAAC;QAC9C,OAAO;YACL,QAAQ,EAAE;gBACR;oBACE,GAAG,EAAE,GAAG,CAAC,IAAI;oBACb,QAAQ,EAAE,kBAAkB;oBAC5B,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;iBACtC;aACF;SACF,CAAC;IACJ,CAAC,CACF,CAAC;IAEF,MAAM,CAAC,QAAQ,CACb,gBAAgB,EAChB,kBAAkB,EAClB;QACE,WAAW,EAAE,0CAA0C;QACvD,QAAQ,EAAE,kBAAkB;KAC7B,EACD,KAAK,EAAE,GAAG,EAAE,EAAE;QACZ,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;QAC5C,OAAO;YACL,QAAQ,EAAE;gBACR;oBACE,GAAG,EAAE,GAAG,CAAC,IAAI;oBACb,QAAQ,EAAE,kBAAkB;oBAC5B,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;iBACtC;aACF;SACF,CAAC;IACJ,CAAC,CACF,CAAC;IAEF,MAAM,CAAC,QAAQ,CACb,eAAe,EACf,iBAAiB,EACjB;QACE,WAAW,EAAE,2CAA2C;QACxD,QAAQ,EAAE,kBAAkB;KAC7B,EACD,KAAK,EAAE,GAAG,EAAE,EAAE;QACZ,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;QAC3C,OAAO;YACL,QAAQ,EAAE;gBACR;oBACE,GAAG,EAAE,GAAG,CAAC,IAAI;oBACb,QAAQ,EAAE,kBAAkB;oBAC5B,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;iBACtC;aACF;SACF,CAAC;IACJ,CAAC,CACF,CAAC;IAEF,MAAM,CAAC,QAAQ,CACb,eAAe,EACf,iBAAiB,EACjB;QACE,WAAW,EAAE,iDAAiD;QAC9D,QAAQ,EAAE,kBAAkB;KAC7B,EACD,KAAK,EAAE,GAAG,EAAE,EAAE;QACZ,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;QAC3C,OAAO;YACL,QAAQ,EAAE;gBACR;oBACE,GAAG,EAAE,GAAG,CAAC,IAAI;oBACb,QAAQ,EAAE,kBAAkB;oBAC5B,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;iBACtC;aACF;SACF,CAAC;IACJ,CAAC,CACF,CAAC;IAEF,MAAM,CAAC,QAAQ,CACb,sBAAsB,EACtB,IAAI,gBAAgB,CAAC,qCAAqC,EAAE;QAC1D,IAAI,EAAE,SAAS;KAChB,CAAC,EACF;QACE,WAAW,EACT,gFAAgF;QAClF,QAAQ,EAAE,kBAAkB;KAC7B,EACD,KAAK,EAAE,GAAG,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE;QAC1B,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,kBAAkB,CAAC,QAAkB,EAAE,EAAE,CAAC,CAAC;QACvE,OAAO;YACL,QAAQ,EAAE;gBACR;oBACE,GAAG,EAAE,GAAG,CAAC,IAAI;oBACb,QAAQ,EAAE,kBAAkB;oBAC5B,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;iBACtC;aACF;SACF,CAAC;IACJ,CAAC,CACF,CAAC;IAEF,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;AAC5B,CAAC"}

package/dist/http/auth.d.ts

@@ -0,0 +1,33 @@
+/**
+ * HTTP transport auth middleware
+ *
+ * Reads auth credentials from request headers and attaches them to req.wappa.
+ * Supports two modes:
+ *   - Bearer JWT  : Authorization: Bearer <jwt>  (Admin UI passthrough)
+ *   - API Key     : X-API-Key: <key>             (Backend API Key)
+ *
+ * Required headers on every request:
+ *   X-Wappa-Site-Key   : site slug, e.g. "glomil"
+ *   X-Wappa-Admin-Api  : backend admin API base URL, e.g. "https://api.example.com"
+ *
+ * Optional:
+ *   X-Wappa-Language   : locale (default "en-us")
+ */
+import type { Request, Response, NextFunction } from "express";
+export interface WappaRequestContext {
+    /** Resolved auth: either a JWT or an API key */
+    jwt?: string;
+    apiKey?: string;
+    siteKey: string;
+    adminApiUrl: string;
+    language: string;
+}
+declare global {
+    namespace Express {
+        interface Request {
+            wappa: WappaRequestContext;
+        }
+    }
+}
+export declare function wappaAuthMiddleware(req: Request, res: Response, next: NextFunction): void;
+//# sourceMappingURL=auth.d.ts.map

package/dist/http/auth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../src/http/auth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAE/D,MAAM,WAAW,mBAAmB;IAClC,gDAAgD;IAChD,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAGD,OAAO,CAAC,MAAM,CAAC;IAEb,UAAU,OAAO,CAAC;QAChB,UAAU,OAAO;YACf,KAAK,EAAE,mBAAmB,CAAC;SAC5B;KACF;CACF;AAKD,wBAAgB,mBAAmB,CACjC,GAAG,EAAE,OAAO,EACZ,GAAG,EAAE,QAAQ,EACb,IAAI,EAAE,YAAY,GACjB,IAAI,CA4CN"}

package/dist/http/auth.js

@@ -0,0 +1,55 @@
+/**
+ * HTTP transport auth middleware
+ *
+ * Reads auth credentials from request headers and attaches them to req.wappa.
+ * Supports two modes:
+ *   - Bearer JWT  : Authorization: Bearer <jwt>  (Admin UI passthrough)
+ *   - API Key     : X-API-Key: <key>             (Backend API Key)
+ *
+ * Required headers on every request:
+ *   X-Wappa-Site-Key   : site slug, e.g. "glomil"
+ *   X-Wappa-Admin-Api  : backend admin API base URL, e.g. "https://api.example.com"
+ *
+ * Optional:
+ *   X-Wappa-Language   : locale (default "en-us")
+ */
+/** Regex for a minimal sanity check on incoming JWTs (three base64url segments). */
+const JWT_PATTERN = /^[\w-]+\.[\w-]+\.[\w-]+$/;
+export function wappaAuthMiddleware(req, res, next) {
+    const adminApiUrl = req.headers["x-wappa-admin-api"];
+    const siteKey = req.headers["x-wappa-site-key"];
+    const language = req.headers["x-wappa-language"] ?? "en-us";
+    if (!adminApiUrl) {
+        res.status(400).json({ error: "Missing header: X-Wappa-Admin-Api" });
+        return;
+    }
+    if (!siteKey) {
+        res.status(400).json({ error: "Missing header: X-Wappa-Site-Key" });
+        return;
+    }
+    const authHeader = req.headers.authorization;
+    const apiKeyHeader = req.headers["x-api-key"];
+    if (authHeader?.startsWith("Bearer ")) {
+        const jwt = authHeader.slice(7);
+        if (!JWT_PATTERN.test(jwt)) {
+            res.status(401).json({ error: "Malformed JWT in Authorization header" });
+            return;
+        }
+        req.wappa = { jwt, siteKey, adminApiUrl, language };
+        next();
+        return;
+    }
+    if (apiKeyHeader) {
+        if (apiKeyHeader.length < 8) {
+            res.status(401).json({ error: "API key too short" });
+            return;
+        }
+        req.wappa = { apiKey: apiKeyHeader, siteKey, adminApiUrl, language };
+        next();
+        return;
+    }
+    res.status(401).json({
+        error: "Authentication required: provide Authorization: Bearer <jwt> or X-API-Key: <key>",
+    });
+}
+//# sourceMappingURL=auth.js.map

package/dist/http/auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../src/http/auth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAuBH,oFAAoF;AACpF,MAAM,WAAW,GAAG,0BAA0B,CAAC;AAE/C,MAAM,UAAU,mBAAmB,CACjC,GAAY,EACZ,GAAa,EACb,IAAkB;IAElB,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,mBAAmB,CAAuB,CAAC;IAC3E,MAAM,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC,kBAAkB,CAAuB,CAAC;IACtE,MAAM,QAAQ,GACX,GAAG,CAAC,OAAO,CAAC,kBAAkB,CAAwB,IAAI,OAAO,CAAC;IAErE,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,mCAAmC,EAAE,CAAC,CAAC;QACrE,OAAO;IACT,CAAC;IAED,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,kCAAkC,EAAE,CAAC,CAAC;QACpE,OAAO;IACT,CAAC;IAED,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC;IAC7C,MAAM,YAAY,GAAG,GAAG,CAAC,OAAO,CAAC,WAAW,CAAuB,CAAC;IAEpE,IAAI,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QACtC,MAAM,GAAG,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAChC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;YAC3B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,uCAAuC,EAAE,CAAC,CAAC;YACzE,OAAO;QACT,CAAC;QACD,GAAG,CAAC,KAAK,GAAG,EAAE,GAAG,EAAE,OAAO,EAAE,WAAW,EAAE,QAAQ,EAAE,CAAC;QACpD,IAAI,EAAE,CAAC;QACP,OAAO;IACT,CAAC;IAED,IAAI,YAAY,EAAE,CAAC;QACjB,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC5B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,mBAAmB,EAAE,CAAC,CAAC;YACrD,OAAO;QACT,CAAC;QACD,GAAG,CAAC,KAAK,GAAG,EAAE,MAAM,EAAE,YAAY,EAAE,OAAO,EAAE,WAAW,EAAE,QAAQ,EAAE,CAAC;QACrE,IAAI,EAAE,CAAC;QACP,OAAO;IACT,CAAC;IAED,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;QACnB,KAAK,EACH,kFAAkF;KACrF,CAAC,CAAC;AACL,CAAC"}

package/dist/http/session.d.ts

@@ -0,0 +1,30 @@
+/**
+ * In-memory MCP session store
+ *
+ * Each HTTP/Streamable-HTTP session maps a session-id (UUID) to:
+ *   - the McpServer instance
+ *   - the StreamableHTTPServerTransport
+ *   - metadata for TTL cleanup
+ *
+ * Sessions are cleaned up automatically after SESSION_TTL_MS (default 1 hour)
+ * of inactivity.  "Activity" is refreshed on every MCP request.
+ */
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+import { StreamableHTTPServerTransport } from "@modelcontextprotocol/sdk/server/streamableHttp.js";
+export interface McpSession {
+    server: McpServer;
+    transport: StreamableHTTPServerTransport;
+    siteKey: string;
+    adminApiUrl: string;
+    createdAt: number;
+    lastUsedAt: number;
+}
+/** Register a new session (called once per POST /mcp that initialises). */
+export declare function addSession(id: string, session: McpSession): void;
+/** Look up a session and refresh its lastUsedAt timestamp. */
+export declare function getSession(id: string): McpSession | undefined;
+/** Delete a session and close its transport. */
+export declare function removeSession(id: string): Promise<void>;
+/** Gracefully close all sessions (called on process exit). */
+export declare function closeAllSessions(): Promise<void>;
+//# sourceMappingURL=session.d.ts.map

package/dist/http/session.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"session.d.ts","sourceRoot":"","sources":["../../src/http/session.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACpE,OAAO,EAAE,6BAA6B,EAAE,MAAM,oDAAoD,CAAC;AAEnG,MAAM,WAAW,UAAU;IACzB,MAAM,EAAE,SAAS,CAAC;IAClB,SAAS,EAAE,6BAA6B,CAAC;IACzC,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;CACpB;AAMD,2EAA2E;AAC3E,wBAAgB,UAAU,CAAC,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,UAAU,GAAG,IAAI,CAEhE;AAED,8DAA8D;AAC9D,wBAAgB,UAAU,CAAC,EAAE,EAAE,MAAM,GAAG,UAAU,GAAG,SAAS,CAI7D;AAED,gDAAgD;AAChD,wBAAsB,aAAa,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAS7D;AAgBD,8DAA8D;AAC9D,wBAAsB,gBAAgB,IAAI,OAAO,CAAC,IAAI,CAAC,CAGtD"}

package/dist/http/session.js

@@ -0,0 +1,56 @@
+/**
+ * In-memory MCP session store
+ *
+ * Each HTTP/Streamable-HTTP session maps a session-id (UUID) to:
+ *   - the McpServer instance
+ *   - the StreamableHTTPServerTransport
+ *   - metadata for TTL cleanup
+ *
+ * Sessions are cleaned up automatically after SESSION_TTL_MS (default 1 hour)
+ * of inactivity.  "Activity" is refreshed on every MCP request.
+ */
+const SESSION_TTL_MS = 60 * 60 * 1_000; // 1 hour
+const sessions = new Map();
+/** Register a new session (called once per POST /mcp that initialises). */
+export function addSession(id, session) {
+    sessions.set(id, session);
+}
+/** Look up a session and refresh its lastUsedAt timestamp. */
+export function getSession(id) {
+    const s = sessions.get(id);
+    if (s)
+        s.lastUsedAt = Date.now();
+    return s;
+}
+/** Delete a session and close its transport. */
+export async function removeSession(id) {
+    const s = sessions.get(id);
+    if (!s)
+        return;
+    sessions.delete(id);
+    try {
+        await s.transport.close();
+    }
+    catch {
+        // ignore close errors
+    }
+}
+/** Periodic cleanup of idle sessions. */
+function evictExpiredSessions() {
+    const now = Date.now();
+    for (const [id, s] of sessions) {
+        if (now - s.lastUsedAt > SESSION_TTL_MS) {
+            removeSession(id).catch(() => undefined);
+        }
+    }
+}
+// Run cleanup every 10 minutes — unref so it doesn't block process exit
+const cleanupTimer = setInterval(evictExpiredSessions, 10 * 60 * 1_000);
+if (typeof cleanupTimer.unref === "function")
+    cleanupTimer.unref();
+/** Gracefully close all sessions (called on process exit). */
+export async function closeAllSessions() {
+    clearInterval(cleanupTimer);
+    await Promise.allSettled([...sessions.keys()].map(removeSession));
+}
+//# sourceMappingURL=session.js.map

package/dist/http/session.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"session.js","sourceRoot":"","sources":["../../src/http/session.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAcH,MAAM,cAAc,GAAG,EAAE,GAAG,EAAE,GAAG,KAAK,CAAC,CAAC,SAAS;AAEjD,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAsB,CAAC;AAE/C,2EAA2E;AAC3E,MAAM,UAAU,UAAU,CAAC,EAAU,EAAE,OAAmB;IACxD,QAAQ,CAAC,GAAG,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;AAC5B,CAAC;AAED,8DAA8D;AAC9D,MAAM,UAAU,UAAU,CAAC,EAAU;IACnC,MAAM,CAAC,GAAG,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAC3B,IAAI,CAAC;QAAE,CAAC,CAAC,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACjC,OAAO,CAAC,CAAC;AACX,CAAC;AAED,gDAAgD;AAChD,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,EAAU;IAC5C,MAAM,CAAC,GAAG,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAC3B,IAAI,CAAC,CAAC;QAAE,OAAO;IACf,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;IACpB,IAAI,CAAC;QACH,MAAM,CAAC,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC;IAC5B,CAAC;IAAC,MAAM,CAAC;QACP,sBAAsB;IACxB,CAAC;AACH,CAAC;AAED,yCAAyC;AACzC,SAAS,oBAAoB;IAC3B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,KAAK,MAAM,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,QAAQ,EAAE,CAAC;QAC/B,IAAI,GAAG,GAAG,CAAC,CAAC,UAAU,GAAG,cAAc,EAAE,CAAC;YACxC,aAAa,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,CAAC;QAC3C,CAAC;IACH,CAAC;AACH,CAAC;AAED,wEAAwE;AACxE,MAAM,YAAY,GAAG,WAAW,CAAC,oBAAoB,EAAE,EAAE,GAAG,EAAE,GAAG,KAAK,CAAC,CAAC;AACxE,IAAI,OAAO,YAAY,CAAC,KAAK,KAAK,UAAU;IAAE,YAAY,CAAC,KAAK,EAAE,CAAC;AAEnE,8DAA8D;AAC9D,MAAM,CAAC,KAAK,UAAU,gBAAgB;IACpC,aAAa,CAAC,YAAY,CAAC,CAAC;IAC5B,MAAM,OAAO,CAAC,UAAU,CAAC,CAAC,GAAG,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC;AACpE,CAAC"}

package/dist/http/transport.d.ts

@@ -0,0 +1,21 @@
+/**
+ * MCP Streamable-HTTP transport handlers
+ *
+ * POST /mcp
+ *   - First request (no Mcp-Session-Id header): initialise new session
+ *   - Subsequent requests (with header): delegate to existing transport
+ *
+ * GET /mcp
+ *   - SSE streaming for existing session (server-to-client push)
+ *
+ * DELETE /mcp
+ *   - Explicitly close a session
+ */
+import type { Request, Response } from "express";
+/** Handle POST /mcp — init new session or route to existing one */
+export declare function handleMcpPost(req: Request, res: Response): Promise<void>;
+/** Handle GET /mcp — SSE stream for an existing session */
+export declare function handleMcpGet(req: Request, res: Response): Promise<void>;
+/** Handle DELETE /mcp — explicit session teardown */
+export declare function handleMcpDelete(req: Request, res: Response): Promise<void>;
+//# sourceMappingURL=transport.d.ts.map

package/dist/http/transport.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"transport.d.ts","sourceRoot":"","sources":["../../src/http/transport.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAGH,OAAO,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAejD,mEAAmE;AACnE,wBAAsB,aAAa,CACjC,GAAG,EAAE,OAAO,EACZ,GAAG,EAAE,QAAQ,GACZ,OAAO,CAAC,IAAI,CAAC,CAyDf;AAED,2DAA2D;AAC3D,wBAAsB,YAAY,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC,CAc7E;AAED,qDAAqD;AACrD,wBAAsB,eAAe,CACnC,GAAG,EAAE,OAAO,EACZ,GAAG,EAAE,QAAQ,GACZ,OAAO,CAAC,IAAI,CAAC,CASf"}

package/dist/http/transport.js

@@ -0,0 +1,101 @@
+/**
+ * MCP Streamable-HTTP transport handlers
+ *
+ * POST /mcp
+ *   - First request (no Mcp-Session-Id header): initialise new session
+ *   - Subsequent requests (with header): delegate to existing transport
+ *
+ * GET /mcp
+ *   - SSE streaming for existing session (server-to-client push)
+ *
+ * DELETE /mcp
+ *   - Explicitly close a session
+ */
+import { randomUUID } from "crypto";
+import { StreamableHTTPServerTransport } from "@modelcontextprotocol/sdk/server/streamableHttp.js";
+import { isInitializeRequest } from "@modelcontextprotocol/sdk/types.js";
+import { buildMcpServerForSession } from "../factory.js";
+import { addSession, getSession, removeSession } from "./session.js";
+function buildSessionAuth(ctx) {
+    if (ctx.apiKey)
+        return { kind: "apiKey", apiKey: ctx.apiKey };
+    if (ctx.jwt)
+        return { kind: "userJwt", jwt: ctx.jwt };
+    // Should never reach here — middleware already validated
+    throw new Error("No auth credential in request context");
+}
+/** Handle POST /mcp — init new session or route to existing one */
+export async function handleMcpPost(req, res) {
+    const existingId = req.headers["mcp-session-id"];
+    // ── Route to existing session ──────────────────────────────
+    if (existingId) {
+        const session = getSession(existingId);
+        if (!session) {
+            res.status(404).json({ error: "Session not found or expired" });
+            return;
+        }
+        await session.transport.handleRequest(req, res, req.body);
+        return;
+    }
+    // ── Init new session ───────────────────────────────────────
+    if (!isInitializeRequest(req.body)) {
+        res
+            .status(400)
+            .json({ error: "First request must be an MCP initialize request" });
+        return;
+    }
+    const ctx = req.wappa;
+    const sessionId = randomUUID();
+    const transport = new StreamableHTTPServerTransport({
+        sessionIdGenerator: () => sessionId,
+        onsessioninitialized: (sid) => {
+            // transport is ready after server.connect — addSession is called below
+            void sid;
+        },
+    });
+    // Clean up session when transport closes
+    transport.onclose = () => {
+        removeSession(sessionId).catch(() => undefined);
+    };
+    const { server } = buildMcpServerForSession({
+        adminApiUrl: ctx.adminApiUrl,
+        siteKey: ctx.siteKey,
+        language: ctx.language,
+        auth: buildSessionAuth(ctx),
+    });
+    await server.connect(transport);
+    addSession(sessionId, {
+        server,
+        transport,
+        siteKey: ctx.siteKey,
+        adminApiUrl: ctx.adminApiUrl,
+        createdAt: Date.now(),
+        lastUsedAt: Date.now(),
+    });
+    await transport.handleRequest(req, res, req.body);
+}
+/** Handle GET /mcp — SSE stream for an existing session */
+export async function handleMcpGet(req, res) {
+    const sessionId = req.headers["mcp-session-id"];
+    if (!sessionId) {
+        res.status(400).json({ error: "Missing Mcp-Session-Id header" });
+        return;
+    }
+    const session = getSession(sessionId);
+    if (!session) {
+        res.status(404).json({ error: "Session not found or expired" });
+        return;
+    }
+    await session.transport.handleRequest(req, res);
+}
+/** Handle DELETE /mcp — explicit session teardown */
+export async function handleMcpDelete(req, res) {
+    const sessionId = req.headers["mcp-session-id"];
+    if (!sessionId) {
+        res.status(400).json({ error: "Missing Mcp-Session-Id header" });
+        return;
+    }
+    await removeSession(sessionId);
+    res.status(204).send();
+}
+//# sourceMappingURL=transport.js.map

package/dist/http/transport.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"transport.js","sourceRoot":"","sources":["../../src/http/transport.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AAEpC,OAAO,EAAE,6BAA6B,EAAE,MAAM,oDAAoD,CAAC;AACnG,OAAO,EAAE,mBAAmB,EAAE,MAAM,oCAAoC,CAAC;AAEzE,OAAO,EAAE,wBAAwB,EAAoB,MAAM,eAAe,CAAC;AAC3E,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAGrE,SAAS,gBAAgB,CAAC,GAAwB;IAChD,IAAI,GAAG,CAAC,MAAM;QAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC;IAC9D,IAAI,GAAG,CAAC,GAAG;QAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,CAAC;IACtD,yDAAyD;IACzD,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;AAC3D,CAAC;AAED,mEAAmE;AACnE,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,GAAY,EACZ,GAAa;IAEb,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAAuB,CAAC;IAEvE,8DAA8D;IAC9D,IAAI,UAAU,EAAE,CAAC;QACf,MAAM,OAAO,GAAG,UAAU,CAAC,UAAU,CAAC,CAAC;QACvC,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,8BAA8B,EAAE,CAAC,CAAC;YAChE,OAAO;QACT,CAAC;QACD,MAAM,OAAO,CAAC,SAAS,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;QAC1D,OAAO;IACT,CAAC;IAED,8DAA8D;IAC9D,IAAI,CAAC,mBAAmB,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;QACnC,GAAG;aACA,MAAM,CAAC,GAAG,CAAC;aACX,IAAI,CAAC,EAAE,KAAK,EAAE,iDAAiD,EAAE,CAAC,CAAC;QACtE,OAAO;IACT,CAAC;IAED,MAAM,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC;IACtB,MAAM,SAAS,GAAG,UAAU,EAAE,CAAC;IAE/B,MAAM,SAAS,GAAG,IAAI,6BAA6B,CAAC;QAClD,kBAAkB,EAAE,GAAG,EAAE,CAAC,SAAS;QACnC,oBAAoB,EAAE,CAAC,GAAG,EAAE,EAAE;YAC5B,uEAAuE;YACvE,KAAK,GAAG,CAAC;QACX,CAAC;KACF,CAAC,CAAC;IAEH,yCAAyC;IACzC,SAAS,CAAC,OAAO,GAAG,GAAG,EAAE;QACvB,aAAa,CAAC,SAAS,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,CAAC;IAClD,CAAC,CAAC;IAEF,MAAM,EAAE,MAAM,EAAE,GAAG,wBAAwB,CAAC;QAC1C,WAAW,EAAE,GAAG,CAAC,WAAW;QAC5B,OAAO,EAAE,GAAG,CAAC,OAAO;QACpB,QAAQ,EAAE,GAAG,CAAC,QAAQ;QACtB,IAAI,EAAE,gBAAgB,CAAC,GAAG,CAAC;KAC5B,CAAC,CAAC;IAEH,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAEhC,UAAU,CAAC,SAAS,EAAE;QACpB,MAAM;QACN,SAAS;QACT,OAAO,EAAE,GAAG,CAAC,OAAO;QACpB,WAAW,EAAE,GAAG,CAAC,WAAW;QAC5B,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;QACrB,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE;KACvB,CAAC,CAAC;IAEH,MAAM,SAAS,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;AACpD,CAAC;AAED,2DAA2D;AAC3D,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,GAAY,EAAE,GAAa;IAC5D,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAAuB,CAAC;IACtE,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,+BAA+B,EAAE,CAAC,CAAC;QACjE,OAAO;IACT,CAAC;IAED,MAAM,OAAO,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC;IACtC,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,8BAA8B,EAAE,CAAC,CAAC;QAChE,OAAO;IACT,CAAC;IAED,MAAM,OAAO,CAAC,SAAS,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;AAClD,CAAC;AAED,qDAAqD;AACrD,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,GAAY,EACZ,GAAa;IAEb,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAAuB,CAAC;IACtE,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,+BAA+B,EAAE,CAAC,CAAC;QACjE,OAAO;IACT,CAAC;IAED,MAAM,aAAa,CAAC,SAAS,CAAC,CAAC;IAC/B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;AACzB,CAAC"}

package/dist/index.d.ts

@@ -1,10 +1,12 @@
 #!/usr/bin/env node
 /**
- * WAPPA Admin API MCP Server
+ * WAPPA Admin API MCP Server — stdio entry point
  *
- * Provides Claude Code with direct access to WAPPA (Web as Platform) Admin API.
- * Supports component CRUD, page management, widget operations, and more.
+ * Supports two auth modes controlled by environment variables:
+ *   1. Email/password  — WAP_EMAIL + WAP_PASSWORD (legacy, default)
+ *   2. API Key         — WAP_API_KEY (Organisation API Key, no sign-in needed)
  *
+ * Provides Claude Code / Cursor with direct access to WAPPA Admin API tools.
  */
 export {};
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAEA;;;;;;GAMG"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAEA;;;;;;;;GAQG"}