@casys/mcp-server 0.8.1 → 0.9.1

package/mod.ts

@@ -82,8 +82,16 @@ export type {
   ToolHandler,
 } from "./src/types.js";
 
-// MCP Apps constants
+// MCP Apps constants & viewer utilities
 export { MCP_APP_MIME_TYPE } from "./src/types.js";
+export type {
+  RegisterViewersConfig,
+  RegisterViewersSummary,
+} from "./src/concurrent-server.js";
+export {
+  resolveViewerDistPath,
+  discoverViewers,
+} from "./src/ui/viewer-utils.js";
 
 // Middleware pipeline
 export type {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@casys/mcp-server",
-  "version": "0.8.1",
+  "version": "0.9.1",
   "description": "Production-ready MCP server framework with concurrency control, auth, and observability",
   "type": "module",
   "main": "mod.ts",

package/src/client-auth/callback-server.ts

@@ -0,0 +1,130 @@
+/**
+ * Localhost callback server for OAuth PKCE redirect capture.
+ *
+ * Starts a temporary HTTP server on localhost to receive the
+ * authorization code from the OAuth redirect. Shuts down
+ * after receiving the code or on timeout.
+ *
+ * @module lib/server/client-auth/callback-server
+ */
+
+export interface CallbackServerOptions {
+  /** Port to listen on (0 = auto-assign, default: 0) */
+  port?: number;
+  /** Timeout in ms (default: 120_000) */
+  timeout?: number;
+}
+
+const SUCCESS_HTML = `<!DOCTYPE html>
+<html><head><title>PML Auth</title><style>
+body{font-family:system-ui;display:flex;justify-content:center;align-items:center;height:100vh;margin:0;background:#08080a;color:#fff}
+.card{text-align:center;padding:2rem}h1{color:#FFB86F}
+</style></head><body><div class="card">
+<h1>Authentication successful</h1>
+<p>You can close this tab and return to the terminal.</p>
+</div></body></html>`;
+
+const ERROR_HTML = `<!DOCTYPE html>
+<html><head><title>PML Auth Error</title><style>
+body{font-family:system-ui;display:flex;justify-content:center;align-items:center;height:100vh;margin:0;background:#08080a;color:#fff}
+.card{text-align:center;padding:2rem}h1{color:#ff6b6b}
+</style></head><body><div class="card">
+<h1>Authentication failed</h1>
+<p>Missing authorization code. Please try again.</p>
+</div></body></html>`;
+
+export class CallbackServer {
+  private port: number;
+  private timeout: number;
+  private abortController: AbortController | null = null;
+  private server: Deno.HttpServer | null = null;
+  private timerId: ReturnType<typeof setTimeout> | null = null;
+  private closeTimerId: ReturnType<typeof setTimeout> | null = null;
+
+  constructor(options?: CallbackServerOptions) {
+    this.port = options?.port ?? 0;
+    this.timeout = options?.timeout ?? 120_000;
+  }
+
+  async start(): Promise<{ port: number; codePromise: Promise<string> }> {
+    this.abortController = new AbortController();
+
+    let resolveCode!: (code: string) => void;
+    let rejectCode!: (err: Error) => void;
+    const codePromise = new Promise<string>((resolve, reject) => {
+      resolveCode = resolve;
+      rejectCode = reject;
+    });
+
+    this.timerId = setTimeout(() => {
+      this.timerId = null;
+      rejectCode(
+        new Error(
+          "OAuth callback timeout — no authorization code received",
+        ),
+      );
+      this.close();
+    }, this.timeout);
+
+    this.server = Deno.serve(
+      {
+        port: this.port,
+        signal: this.abortController.signal,
+        onListen: () => {},
+      },
+      (req) => {
+        const url = new URL(req.url);
+        if (url.pathname === "/callback") {
+          const code = url.searchParams.get("code");
+          if (!code) {
+            return new Response(ERROR_HTML, {
+              status: 400,
+              headers: { "Content-Type": "text/html" },
+            });
+          }
+          if (this.timerId) {
+            clearTimeout(this.timerId);
+            this.timerId = null;
+          }
+          resolveCode(code);
+          // Schedule close after response is sent
+          this.closeTimerId = setTimeout(() => {
+            this.closeTimerId = null;
+            this.close();
+          }, 100);
+          return new Response(SUCCESS_HTML, {
+            status: 200,
+            headers: { "Content-Type": "text/html" },
+          });
+        }
+        return new Response("Not Found", { status: 404 });
+      },
+    );
+
+    const addr = this.server.addr as Deno.NetAddr;
+    return { port: addr.port, codePromise };
+  }
+
+  async close(): Promise<void> {
+    if (this.timerId) {
+      clearTimeout(this.timerId);
+      this.timerId = null;
+    }
+    if (this.closeTimerId) {
+      clearTimeout(this.closeTimerId);
+      this.closeTimerId = null;
+    }
+    if (this.abortController) {
+      this.abortController.abort();
+      this.abortController = null;
+    }
+    if (this.server) {
+      try {
+        await this.server.finished;
+      } catch {
+        // Expected when aborted
+      }
+      this.server = null;
+    }
+  }
+}

package/src/client-auth/connect.ts

@@ -0,0 +1,48 @@
+/**
+ * Sugar helper for preparing an authenticated MCP transport.
+ *
+ * Wires together OAuthClientProviderImpl with a CallbackServer.
+ * The consumer is responsible for creating the StreamableHTTPClientTransport
+ * and passing `result.provider` as the `authProvider` option.
+ *
+ * @module lib/server/client-auth/connect
+ */
+
+import { OAuthClientProviderImpl } from "./provider.js";
+import type { OAuthClientConfig } from "./types.js";
+import { CallbackServer } from "./callback-server.js";
+
+export interface PrepareOAuthResult {
+  /** The configured provider — pass as authProvider to StreamableHTTPClientTransport */
+  provider: OAuthClientProviderImpl;
+  /** The callback server instance (caller must close on error paths) */
+  callbackServer: CallbackServer;
+  /** The actual port the callback server is listening on */
+  callbackPort: number;
+}
+
+/**
+ * Prepare an OAuth client provider with a running callback server.
+ *
+ * Usage:
+ * ```typescript
+ * const { provider, callbackServer } = await prepareOAuthProvider(serverUrl, config);
+ * const transport = new StreamableHTTPClientTransport(new URL(serverUrl), { authProvider: provider });
+ * await client.connect(transport);
+ * ```
+ */
+export async function prepareOAuthProvider(
+  serverUrl: string,
+  config: OAuthClientConfig,
+): Promise<PrepareOAuthResult> {
+  const callbackServer = new CallbackServer({
+    port: config.callbackPort ?? 0,
+    timeout: config.authTimeout ?? 120_000,
+  });
+  const { port } = await callbackServer.start();
+
+  const provider = new OAuthClientProviderImpl(serverUrl, config);
+  provider.setRedirectUrl(`http://localhost:${port}/callback`);
+
+  return { provider, callbackServer, callbackPort: port };
+}

package/src/client-auth/provider.ts

@@ -0,0 +1,100 @@
+/**
+ * OAuth client provider implementation.
+ *
+ * Implements OAuthClientProvider from the MCP SDK for authenticating
+ * against OAuth-protected MCP servers. Handles token storage,
+ * PKCE flow, and browser-based authorization.
+ *
+ * @module lib/server/client-auth/provider
+ */
+
+import type {
+  OAuthClientInformationMixed,
+  OAuthClientMetadata,
+  OAuthTokens,
+} from "@modelcontextprotocol/sdk/shared/auth.js";
+import type { OAuthClientProvider } from "@modelcontextprotocol/sdk/client/auth.js";
+import type { OAuthClientConfig } from "./types.js";
+
+export class OAuthClientProviderImpl implements OAuthClientProvider {
+  private serverUrl: string;
+  private config: OAuthClientConfig;
+  private _codeVerifier = "";
+  private _clientInfo: OAuthClientInformationMixed | undefined;
+  private _redirectUrl: string | undefined;
+
+  constructor(serverUrl: string, config: OAuthClientConfig) {
+    this.serverUrl = serverUrl;
+    this.config = config;
+  }
+
+  get redirectUrl(): string | URL {
+    return this._redirectUrl ?? "http://localhost:0/callback";
+  }
+
+  /** Set the redirect URL (called after CallbackServer binds to a port). */
+  setRedirectUrl(url: string): void {
+    this._redirectUrl = url;
+  }
+
+  get clientMetadata(): OAuthClientMetadata {
+    return {
+      client_name: this.config.clientName ?? "PML Client",
+      redirect_uris: [String(this.redirectUrl)],
+      grant_types: ["authorization_code"],
+      response_types: ["code"],
+      token_endpoint_auth_method: "none", // public client, PKCE only
+    };
+  }
+
+  async clientInformation(): Promise<OAuthClientInformationMixed | undefined> {
+    return this._clientInfo ?? {
+      client_id: this.config.clientId,
+    };
+  }
+
+  async saveClientInformation(
+    info: OAuthClientInformationMixed,
+  ): Promise<void> {
+    this._clientInfo = info;
+  }
+
+  async tokens(): Promise<OAuthTokens | undefined> {
+    const stored = await this.config.tokenStore.get(this.serverUrl);
+    return stored?.tokens ?? undefined;
+  }
+
+  async saveTokens(tokens: OAuthTokens): Promise<void> {
+    await this.config.tokenStore.set(this.serverUrl, {
+      serverUrl: this.serverUrl,
+      tokens,
+      obtainedAt: Date.now(),
+    });
+  }
+
+  async redirectToAuthorization(authorizationUrl: URL): Promise<void> {
+    await this.config.openBrowser(authorizationUrl.toString());
+  }
+
+  async saveCodeVerifier(codeVerifier: string): Promise<void> {
+    this._codeVerifier = codeVerifier;
+  }
+
+  async codeVerifier(): Promise<string> {
+    return this._codeVerifier;
+  }
+
+  async invalidateCredentials(
+    scope: "all" | "client" | "tokens" | "verifier" | "discovery",
+  ): Promise<void> {
+    if (scope === "all" || scope === "tokens") {
+      await this.config.tokenStore.delete(this.serverUrl);
+    }
+    if (scope === "all" || scope === "verifier") {
+      this._codeVerifier = "";
+    }
+    if (scope === "all" || scope === "client") {
+      this._clientInfo = undefined;
+    }
+  }
+}

package/src/client-auth/token-store/file-store.ts

@@ -0,0 +1,82 @@
+/**
+ * File-based token store.
+ *
+ * Stores OAuth credentials as JSON files with restrictive permissions (0o600).
+ * One file per MCP server, keyed by SHA-256 hash of the server URL.
+ *
+ * @module lib/server/client-auth/token-store/file-store
+ */
+
+import type { StoredCredentials, TokenStore } from "../types.js";
+
+async function sha256hex(input: string): Promise<string> {
+  const data = new TextEncoder().encode(input);
+  const hash = await crypto.subtle.digest("SHA-256", data);
+  return Array.from(new Uint8Array(hash))
+    .map((b) => b.toString(16).padStart(2, "0"))
+    .join("");
+}
+
+export class FileTokenStore implements TokenStore {
+  constructor(private baseDir: string) {}
+
+  private async filePath(serverUrl: string): Promise<string> {
+    const hash = await sha256hex(serverUrl);
+    return `${this.baseDir}/${hash}.json`;
+  }
+
+  private async ensureDir(): Promise<void> {
+    await Deno.mkdir(this.baseDir, { recursive: true, mode: 0o700 });
+  }
+
+  async get(serverUrl: string): Promise<StoredCredentials | null> {
+    const path = await this.filePath(serverUrl);
+    try {
+      const content = await Deno.readTextFile(path);
+      return JSON.parse(content) as StoredCredentials;
+    } catch (e) {
+      if (e instanceof Deno.errors.NotFound) return null;
+      throw e;
+    }
+  }
+
+  async set(serverUrl: string, credentials: StoredCredentials): Promise<void> {
+    await this.ensureDir();
+    const path = await this.filePath(serverUrl);
+    const content = JSON.stringify(credentials, null, 2);
+    await Deno.writeTextFile(path, content, { mode: 0o600 });
+  }
+
+  async delete(serverUrl: string): Promise<void> {
+    const path = await this.filePath(serverUrl);
+    try {
+      await Deno.remove(path);
+    } catch (e) {
+      if (e instanceof Deno.errors.NotFound) return;
+      throw e;
+    }
+  }
+
+  async list(): Promise<string[]> {
+    try {
+      const urls: string[] = [];
+      for await (const entry of Deno.readDir(this.baseDir)) {
+        if (entry.isFile && entry.name.endsWith(".json")) {
+          try {
+            const content = await Deno.readTextFile(
+              `${this.baseDir}/${entry.name}`,
+            );
+            const creds = JSON.parse(content) as StoredCredentials;
+            urls.push(creds.serverUrl);
+          } catch {
+            // Corrupted file, skip
+          }
+        }
+      }
+      return urls;
+    } catch (e) {
+      if (e instanceof Deno.errors.NotFound) return [];
+      throw e;
+    }
+  }
+}

package/src/client-auth/token-store/memory-store.ts

@@ -0,0 +1,27 @@
+/**
+ * In-memory token store for testing and ephemeral use.
+ *
+ * @module lib/server/client-auth/token-store/memory-store
+ */
+
+import type { StoredCredentials, TokenStore } from "../types.js";
+
+export class MemoryTokenStore implements TokenStore {
+  private store = new Map<string, StoredCredentials>();
+
+  async get(serverUrl: string): Promise<StoredCredentials | null> {
+    return this.store.get(serverUrl) ?? null;
+  }
+
+  async set(serverUrl: string, credentials: StoredCredentials): Promise<void> {
+    this.store.set(serverUrl, credentials);
+  }
+
+  async delete(serverUrl: string): Promise<void> {
+    this.store.delete(serverUrl);
+  }
+
+  async list(): Promise<string[]> {
+    return [...this.store.keys()];
+  }
+}

package/src/client-auth/types.ts

@@ -0,0 +1,53 @@
+/**
+ * OAuth client auth types.
+ *
+ * Interfaces for token storage and OAuth client configuration.
+ * Used by OAuthClientProviderImpl to authenticate against
+ * OAuth-protected MCP servers.
+ *
+ * @module lib/server/client-auth/types
+ */
+
+import type { OAuthTokens } from "@modelcontextprotocol/sdk/shared/auth.js";
+
+/** Stored OAuth credentials for one MCP server */
+export interface StoredCredentials {
+  /** The MCP server URL these credentials are for */
+  serverUrl: string;
+  /** OAuth tokens (access_token, refresh_token, etc.) */
+  tokens: OAuthTokens;
+  /** When the tokens were obtained (Unix epoch ms) */
+  obtainedAt: number;
+  /** Authorization server URL (needed for refresh) */
+  authServerUrl?: string;
+}
+
+/** Abstract token storage — consumers provide the implementation */
+export interface TokenStore {
+  /** Retrieve stored credentials for a server, or null if none */
+  get(serverUrl: string): Promise<StoredCredentials | null>;
+  /** Store credentials for a server */
+  set(serverUrl: string, credentials: StoredCredentials): Promise<void>;
+  /** Delete credentials for a server */
+  delete(serverUrl: string): Promise<void>;
+  /** List all server URLs with stored credentials */
+  list(): Promise<string[]>;
+}
+
+/** Configuration for creating an OAuthClientProvider */
+export interface OAuthClientConfig {
+  /** OAuth Client ID (public — embedded in consumer binary) */
+  clientId: string;
+  /** Client name shown in consent screen */
+  clientName?: string;
+  /** Scopes to request (space-separated in OAuth, array here) */
+  scopes?: string[];
+  /** Token storage backend */
+  tokenStore: TokenStore;
+  /** Callback to open browser — injected by consumer (platform-specific) */
+  openBrowser: (url: string) => Promise<void>;
+  /** Callback server port (0 = OS auto-assign, default: 0) */
+  callbackPort?: number;
+  /** Timeout for user to complete OAuth flow (ms, default: 120_000) */
+  authTimeout?: number;
+}

package/src/concurrent-server.ts

@@ -56,6 +56,8 @@ import type {
   ToolHandler,
 } from "./types.js";
 import { MCP_APP_MIME_TYPE, MCP_APP_URI_SCHEME } from "./types.js";
+import { resolveViewerDistPath, discoverViewers } from "./ui/viewer-utils.js";
+import type { DirEntry, DiscoverViewersFS } from "./ui/viewer-utils.js";
 import { buildCspHeader, injectCspMetaTag } from "./security/csp.js";
 import { ServerMetrics } from "./observability/metrics.js";
 import { endToolCallSpan, startToolCallSpan } from "./observability/otel.js";
@@ -802,6 +804,75 @@ export class ConcurrentMCPServer {
     this.log(`Registered ${resources.length} resources`);
   }
 
+  /**
+   * Register MCP Apps viewers with automatic dist path resolution.
+   *
+   * Replaces the manual pattern of: enumerate viewers → resolve paths → register resources.
+   * Each viewer gets a `ui://{prefix}/{viewerName}` resource URI.
+   *
+   * Viewers whose dist is not found are skipped with a warning (not an error),
+   * so that the server can start in dev without building UIs first.
+   *
+   * @returns Summary of registered and skipped viewers
+   */
+  registerViewers(config: RegisterViewersConfig): RegisterViewersSummary {
+    if (!config.prefix) {
+      throw new Error("[ConcurrentMCPServer] registerViewers: prefix is required");
+    }
+
+    // Resolve viewer list: explicit or auto-discovered
+    let viewerNames: string[];
+    if (config.viewers) {
+      viewerNames = config.viewers;
+    } else if (config.discover) {
+      viewerNames = discoverViewers(config.discover.uiDir, config.discover);
+    } else {
+      viewerNames = [];
+    }
+
+    const humanNameFn = config.humanName ?? defaultHumanName;
+    const registered: string[] = [];
+    const skipped: string[] = [];
+
+    for (const viewerName of viewerNames) {
+      const distPath = resolveViewerDistPath(config.moduleUrl, viewerName, config.exists);
+
+      if (!distPath) {
+        this.log(
+          `Warning: UI not built for ui://${config.prefix}/${viewerName}. ` +
+            `Run the UI build step first.`,
+        );
+        skipped.push(viewerName);
+        continue;
+      }
+
+      const resourceUri = `ui://${config.prefix}/${viewerName}`;
+      const readFile = config.readFile;
+      const currentDistPath = distPath;
+
+      this.registerResource(
+        {
+          uri: resourceUri,
+          name: humanNameFn(viewerName),
+          description: `MCP App: ${viewerName}`,
+          mimeType: MCP_APP_MIME_TYPE,
+        },
+        async () => {
+          const html = await Promise.resolve(readFile(currentDistPath));
+          return { uri: resourceUri, mimeType: MCP_APP_MIME_TYPE, text: html };
+        },
+      );
+
+      registered.push(viewerName);
+    }
+
+    if (registered.length > 0) {
+      this.log(`Registered ${registered.length} viewer(s): ${registered.join(", ")}`);
+    }
+
+    return { registered, skipped };
+  }
+
   /**
    * Start the MCP server with stdio transport
    */
@@ -1548,6 +1619,24 @@ export class ConcurrentMCPServer {
           }
         }
 
+        // MCP protocol methods we don't implement — return empty results
+        if (method === "ping") {
+          return c.json({ jsonrpc: "2.0", id, result: {} });
+        }
+        if (method === "prompts/list") {
+          return c.json({ jsonrpc: "2.0", id, result: { prompts: [] } });
+        }
+        if (method === "logging/setLevel") {
+          return c.json({ jsonrpc: "2.0", id, result: {} });
+        }
+        if (method === "completion/complete") {
+          return c.json({
+            jsonrpc: "2.0",
+            id,
+            result: { completion: { values: [] } },
+          });
+        }
+
         // Handle notifications: must have a method and no id (JSON-RPC 2.0 notification)
         if (method && !id) {
           return new Response(null, { status: 202 });
@@ -1897,3 +1986,39 @@ export class ConcurrentMCPServer {
     }
   }
 }
+
+// ── registerViewers types ──────────────────────────────────────────
+
+/** Configuration for registerViewers() */
+export interface RegisterViewersConfig {
+  /** URI prefix — viewers get `ui://{prefix}/{viewerName}` */
+  prefix: string;
+  /** import.meta.url of the consumer's server.ts (for resolving dist paths) */
+  moduleUrl: string;
+  /** Check if a filesystem path exists */
+  exists: (path: string) => boolean;
+  /** Read a file and return its content as string */
+  readFile: (path: string) => string | Promise<string>;
+  /** Explicit list of viewer names. If omitted, use `discover`. */
+  viewers?: string[];
+  /** Auto-discover viewers by scanning a directory */
+  discover?: {
+    uiDir: string;
+  } & DiscoverViewersFS;
+  /** Custom function to generate human-readable names. Default: kebab-to-Title. */
+  humanName?: (viewerName: string) => string;
+}
+
+/** Summary returned by registerViewers() */
+export interface RegisterViewersSummary {
+  registered: string[];
+  skipped: string[];
+}
+
+/** Default: "invoice-viewer" → "Invoice Viewer" */
+function defaultHumanName(name: string): string {
+  return name
+    .split("-")
+    .map((w) => w.charAt(0).toUpperCase() + w.slice(1))
+    .join(" ");
+}

package/src/types.ts

@@ -7,6 +7,8 @@
  * @module lib/server/types
  */
 
+import type { McpUiToolMeta as McpUiToolMetaBase } from "@casys/mcp-compose/core";
+
 /**
  * Rate limit configuration
  */
@@ -122,6 +124,10 @@ export interface ConcurrentServerOptions {
 /**
  * MCP Apps UI metadata for tools (SEP-1865 + PML extensions)
  *
+ * Extends the base `McpUiToolMeta` from mcp-compose/core with
+ * PML-specific `emits`/`accepts` fields for cross-UI sync rules.
+ * The server DECLARES capabilities; mcp-compose OWNS the contract.
+ *
  * @example
  * ```typescript
  * const tool: MCPTool = {
@@ -138,21 +144,14 @@ export interface ConcurrentServerOptions {
  * };
  * ```
  */
-export interface McpUiToolMeta {
+export interface McpUiToolMeta extends McpUiToolMetaBase {
   /**
    * Resource URI for the UI. MUST use ui:// scheme.
+   * Narrows the optional base field to required for server tools.
    * @example "ui://mcp-std/table-viewer"
    */
   resourceUri: string;
 
-  /**
-   * Visibility control: who can see/call this tool
-   * - "model": Only the AI model can see/call
-   * - "app": Only the UI app can call (hidden from model)
-   * - Default (both): Visible to model and app
-   */
-  visibility?: Array<"model" | "app">;
-
   /**
    * Events this UI can emit (PML extension for sync rules)
    * Used by PML orchestrator to build cross-UI event routing

package/src/ui/viewer-utils.ts

@@ -0,0 +1,95 @@
+/**
+ * MCP Apps Viewer Utilities
+ *
+ * Shared functions for resolving viewer dist paths and discovering
+ * viewer directories. Used by registerViewers() and the build pipeline.
+ *
+ * @module lib/server/src/ui/viewer-utils
+ */
+
+/** Directories to skip during auto-discovery */
+const SKIP_DIRS = new Set(["shared", "dist", "node_modules", ".cache", ".vite"]);
+
+/**
+ * Convert a file:// URL to a filesystem path.
+ * Handles Windows drive letters and UNC paths.
+ */
+function fileUrlToPath(url: URL): string {
+  const decoded = decodeURIComponent(url.pathname);
+  // Windows: /C:/path → C:/path
+  if (/^\/[A-Za-z]:\//.test(decoded)) return decoded.slice(1);
+  // UNC: //host/share
+  if (url.host.length > 0) return `//${url.host}${decoded}`;
+  return decoded;
+}
+
+/**
+ * Resolve the dist path for a viewer's built index.html.
+ *
+ * Checks two candidate locations relative to the module URL:
+ * 1. ./src/ui/dist/{viewerName}/index.html (Deno dev)
+ * 2. ./ui-dist/{viewerName}/index.html     (npm package)
+ *
+ * @param moduleUrl - import.meta.url of the consumer's server.ts
+ * @param viewerName - Viewer directory name (e.g. "invoice-viewer")
+ * @param exists - Function to check if a path exists (injectable for tests)
+ * @returns Absolute path to index.html, or null if not found
+ */
+export function resolveViewerDistPath(
+  moduleUrl: string,
+  viewerName: string,
+  exists: (path: string) => boolean,
+): string | null {
+  const candidates = [
+    fileUrlToPath(new URL(`./src/ui/dist/${viewerName}/index.html`, moduleUrl)),
+    fileUrlToPath(new URL(`./ui-dist/${viewerName}/index.html`, moduleUrl)),
+  ];
+
+  for (const candidate of candidates) {
+    if (exists(candidate)) return candidate;
+  }
+
+  return null;
+}
+
+/** Minimal entry returned by a directory reader */
+export interface DirEntry {
+  name: string;
+  isDirectory: boolean;
+}
+
+/** Injectable filesystem operations for discoverViewers */
+export interface DiscoverViewersFS {
+  readDir: (path: string) => DirEntry[];
+  hasIndexHtml: (uiDir: string, viewerName: string) => boolean;
+}
+
+/**
+ * Auto-discover viewer directories inside a UI root folder.
+ *
+ * A viewer is a directory that:
+ * - Is not in the skip list (shared, dist, node_modules, .cache, .vite)
+ * - Does not start with "."
+ * - Contains an index.html file
+ *
+ * @param uiDir - Absolute path to the UI root directory
+ * @param fs - Injectable filesystem operations
+ * @returns Sorted array of viewer names
+ */
+export function discoverViewers(
+  uiDir: string,
+  fs: DiscoverViewersFS,
+): string[] {
+  const entries = fs.readDir(uiDir);
+  const viewers: string[] = [];
+
+  for (const entry of entries) {
+    if (!entry.isDirectory) continue;
+    if (entry.name.startsWith(".")) continue;
+    if (SKIP_DIRS.has(entry.name)) continue;
+    if (!fs.hasIndexHtml(uiDir, entry.name)) continue;
+    viewers.push(entry.name);
+  }
+
+  return viewers.sort();
+}