@chykalophia/clickup-mcp-server 3.2.0

package/build/utils/security.d.ts

@@ -0,0 +1,79 @@
+import { z } from 'zod';
+/**
+ * Security utilities for the ClickUp MCP Server
+ */
+export interface RateLimitConfig {
+    windowMs: number;
+    maxRequests: number;
+}
+export declare const DEFAULT_RATE_LIMITS: Record<string, RateLimitConfig>;
+declare class RateLimiter {
+    private requests;
+    isAllowed(key: string, config: RateLimitConfig): boolean;
+    reset(key?: string): void;
+}
+export declare const rateLimiter: RateLimiter;
+/**
+ * Validate and sanitize API token
+ */
+export declare const validateApiToken: (token: string) => {
+    isValid: boolean;
+    error?: string;
+};
+/**
+ * Sanitize user input to prevent injection attacks
+ */
+export declare const sanitizeInput: (input: any) => any;
+/**
+ * Validate webhook signature with timing-safe comparison
+ */
+export declare const validateWebhookSignature: (payload: string, signature: string, secret: string) => {
+    isValid: boolean;
+    error?: string;
+};
+/**
+ * Validate file upload security
+ */
+export declare const validateFileUpload: (filename: string, mimetype?: string, size?: number) => {
+    isValid: boolean;
+    errors: string[];
+};
+/**
+ * Validate URL for security
+ */
+export declare const validateUrl: (url: string) => {
+    isValid: boolean;
+    error?: string;
+};
+/**
+ * Generate secure random string
+ */
+export declare const generateSecureToken: (length?: number) => string;
+/**
+ * Hash sensitive data
+ */
+export declare const hashSensitiveData: (data: string, salt?: string) => string;
+/**
+ * Validate environment variables
+ */
+export declare const validateEnvironment: () => {
+    isValid: boolean;
+    errors: string[];
+};
+/**
+ * Security headers for HTTP responses
+ */
+export declare const getSecurityHeaders: () => Record<string, string>;
+/**
+ * Log security events
+ */
+export declare const logSecurityEvent: (event: string, details: Record<string, any>, level?: 'info' | 'warn' | 'error') => void;
+/**
+ * Validate MCP tool parameters
+ */
+export declare const validateMcpParameters: (schema: z.ZodSchema, params: any) => {
+    isValid: boolean;
+    data?: any;
+    errors?: string[];
+};
+export {};

package/build/utils/security.js

@@ -0,0 +1,303 @@
+import crypto from 'crypto';
+import { z } from 'zod';
+// Default rate limits
+export const DEFAULT_RATE_LIMITS = {
+    webhook: { windowMs: 60000, maxRequests: 100 }, // 100 requests per minute
+    api: { windowMs: 60000, maxRequests: 1000 }, // 1000 requests per minute
+    upload: { windowMs: 60000, maxRequests: 10 } // 10 uploads per minute
+};
+// Rate limiter implementation
+class RateLimiter {
+    constructor() {
+        this.requests = new Map();
+    }
+    isAllowed(key, config) {
+        const now = Date.now();
+        const windowStart = now - config.windowMs;
+        // Get existing requests for this key
+        const keyRequests = this.requests.get(key) || [];
+        // Filter out old requests
+        const recentRequests = keyRequests.filter(time => time > windowStart);
+        // Check if under limit
+        if (recentRequests.length >= config.maxRequests) {
+            return false;
+        }
+        // Add current request
+        recentRequests.push(now);
+        this.requests.set(key, recentRequests);
+        return true;
+    }
+    reset(key) {
+        if (key) {
+            this.requests.delete(key);
+        }
+        else {
+            this.requests.clear();
+        }
+    }
+}
+export const rateLimiter = new RateLimiter();
+/**
+ * Validate and sanitize API token
+ */
+export const validateApiToken = (token) => {
+    if (!token) {
+        return { isValid: false, error: 'API token is required' };
+    }
+    if (typeof token !== 'string') {
+        return { isValid: false, error: 'API token must be a string' };
+    }
+    if (token.length < 10) {
+        return { isValid: false, error: 'API token appears to be too short' };
+    }
+    if (token.length > 200) {
+        return { isValid: false, error: 'API token appears to be too long' };
+    }
+    // Check for suspicious patterns
+    if (token.includes(' ') || token.includes('\n') || token.includes('\t')) {
+        return { isValid: false, error: 'API token contains invalid characters' };
+    }
+    return { isValid: true };
+};
+/**
+ * Sanitize user input to prevent injection attacks
+ */
+export const sanitizeInput = (input) => {
+    if (typeof input === 'string') {
+        // Remove potentially dangerous characters
+        return input
+            .replace(/[<>]/g, '') // Remove HTML tags
+            .replace(/javascript:/gi, '') // Remove javascript: protocol
+            .replace(/on\w+=/gi, '') // Remove event handlers
+            .trim();
+    }
+    if (Array.isArray(input)) {
+        return input.map(sanitizeInput);
+    }
+    if (input && typeof input === 'object') {
+        const sanitized = {};
+        for (const [key, value] of Object.entries(input)) {
+            sanitized[sanitizeInput(key)] = sanitizeInput(value);
+        }
+        return sanitized;
+    }
+    return input;
+};
+/**
+ * Validate webhook signature with timing-safe comparison
+ */
+export const validateWebhookSignature = (payload, signature, secret) => {
+    try {
+        if (!payload || !signature || !secret) {
+            return { isValid: false, error: 'Missing required parameters for signature validation' };
+        }
+        // Generate expected signature
+        const expectedSignature = crypto
+            .createHmac('sha256', secret)
+            .update(payload, 'utf8')
+            .digest('hex');
+        // Extract signature from header (remove 'sha256=' prefix if present)
+        const receivedSignature = signature.replace(/^sha256=/, '');
+        // Validate signature format
+        if (!/^[a-f0-9]{64}$/i.test(receivedSignature)) {
+            return { isValid: false, error: 'Invalid signature format' };
+        }
+        // Timing-safe comparison
+        const isValid = crypto.timingSafeEqual(Buffer.from(expectedSignature, 'hex'), Buffer.from(receivedSignature, 'hex'));
+        return { isValid };
+    }
+    catch (error) {
+        return {
+            isValid: false,
+            error: `Signature validation error: ${error instanceof Error ? error.message : 'Unknown error'}`
+        };
+    }
+};
+/**
+ * Validate file upload security
+ */
+export const validateFileUpload = (filename, mimetype, size) => {
+    const errors = [];
+    // Validate filename
+    if (!filename || typeof filename !== 'string') {
+        errors.push('Filename is required and must be a string');
+    }
+    else {
+        // Check for path traversal attempts
+        if (filename.includes('..') || filename.includes('/') || filename.includes('\\')) {
+            errors.push('Filename contains invalid path characters');
+        }
+        // Check for dangerous extensions
+        const dangerousExtensions = [
+            '.exe', '.bat', '.cmd', '.com', '.pif', '.scr', '.vbs', '.js', '.jar',
+            '.php', '.asp', '.aspx', '.jsp', '.sh', '.ps1', '.py', '.rb'
+        ];
+        const extension = filename.toLowerCase().split('.').pop();
+        if (extension && dangerousExtensions.includes(`.${extension}`)) {
+            errors.push('File type not allowed for security reasons');
+        }
+        // Check filename length
+        if (filename.length > 255) {
+            errors.push('Filename too long (max 255 characters)');
+        }
+        // Check for null bytes
+        if (filename.includes('\0')) {
+            errors.push('Filename contains null bytes');
+        }
+    }
+    // Validate mimetype if provided
+    if (mimetype) {
+        const allowedMimetypes = [
+            // Images
+            'image/jpeg', 'image/png', 'image/gif', 'image/webp', 'image/svg+xml',
+            // Documents
+            'application/pdf', 'text/plain', 'text/csv',
+            'application/msword', 'application/vnd.openxmlformats-officedocument.wordprocessingml.document',
+            'application/vnd.ms-excel', 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
+            'application/vnd.ms-powerpoint', 'application/vnd.openxmlformats-officedocument.presentationml.presentation',
+            // Archives
+            'application/zip', 'application/x-rar-compressed', 'application/x-7z-compressed',
+            // Media
+            'video/mp4', 'video/webm', 'audio/mp3', 'audio/wav', 'audio/ogg'
+        ];
+        if (!allowedMimetypes.includes(mimetype)) {
+            errors.push(`Mimetype '${mimetype}' not allowed`);
+        }
+    }
+    // Validate file size if provided (max 100MB)
+    if (size !== undefined) {
+        const maxSize = 100 * 1024 * 1024; // 100MB
+        if (size > maxSize) {
+            errors.push(`File size too large (max ${maxSize} bytes)`);
+        }
+        if (size < 0) {
+            errors.push('Invalid file size');
+        }
+    }
+    return {
+        isValid: errors.length === 0,
+        errors
+    };
+};
+/**
+ * Validate URL for security
+ */
+export const validateUrl = (url) => {
+    try {
+        const parsedUrl = new URL(url);
+        // Only allow HTTP and HTTPS
+        if (!['http:', 'https:'].includes(parsedUrl.protocol)) {
+            return { isValid: false, error: 'Only HTTP and HTTPS URLs are allowed' };
+        }
+        // Block localhost and private IPs for security
+        const hostname = parsedUrl.hostname.toLowerCase();
+        if (hostname === 'localhost' ||
+            hostname === '127.0.0.1' ||
+            hostname === '::1' ||
+            hostname.startsWith('192.168.') ||
+            hostname.startsWith('10.') ||
+            hostname.startsWith('172.16.') ||
+            hostname.startsWith('172.17.') ||
+            hostname.startsWith('172.18.') ||
+            hostname.startsWith('172.19.') ||
+            hostname.startsWith('172.2') ||
+            hostname.startsWith('172.30.') ||
+            hostname.startsWith('172.31.')) {
+            return { isValid: false, error: 'Private and localhost URLs are not allowed' };
+        }
+        return { isValid: true };
+    }
+    catch (error) {
+        return { isValid: false, error: 'Invalid URL format' };
+    }
+};
+/**
+ * Generate secure random string
+ */
+export const generateSecureToken = (length = 32) => {
+    return crypto.randomBytes(length).toString('hex');
+};
+/**
+ * Hash sensitive data
+ */
+export const hashSensitiveData = (data, salt) => {
+    const actualSalt = salt || crypto.randomBytes(16).toString('hex');
+    return crypto.pbkdf2Sync(data, actualSalt, 10000, 64, 'sha512').toString('hex');
+};
+/**
+ * Validate environment variables
+ */
+export const validateEnvironment = () => {
+    const errors = [];
+    // Check required environment variables
+    const requiredVars = ['CLICKUP_API_TOKEN'];
+    for (const varName of requiredVars) {
+        const value = process.env[varName];
+        if (!value) {
+            errors.push(`Missing required environment variable: ${varName}`);
+        }
+        else {
+            // Validate API token format
+            if (varName === 'CLICKUP_API_TOKEN') {
+                const validation = validateApiToken(value);
+                if (!validation.isValid) {
+                    errors.push(`Invalid ${varName}: ${validation.error}`);
+                }
+            }
+        }
+    }
+    return {
+        isValid: errors.length === 0,
+        errors
+    };
+};
+/**
+ * Security headers for HTTP responses
+ */
+export const getSecurityHeaders = () => {
+    return {
+        'X-Content-Type-Options': 'nosniff',
+        'X-Frame-Options': 'DENY',
+        'X-XSS-Protection': '1; mode=block',
+        'Strict-Transport-Security': 'max-age=31536000; includeSubDomains',
+        'Content-Security-Policy': "default-src 'self'",
+        'Referrer-Policy': 'strict-origin-when-cross-origin'
+    };
+};
+/**
+ * Log security events
+ */
+export const logSecurityEvent = (event, details, level = 'info') => {
+    const timestamp = new Date().toISOString();
+    const logEntry = {
+        timestamp,
+        event,
+        level,
+        details: sanitizeInput(details)
+    };
+    // In production, this should go to a proper logging system
+    console.error(`[SECURITY ${level.toUpperCase()}] ${timestamp}: ${event}`, logEntry);
+};
+/**
+ * Validate MCP tool parameters
+ */
+export const validateMcpParameters = (schema, params) => {
+    try {
+        // Sanitize input first
+        const sanitizedParams = sanitizeInput(params);
+        // Validate with schema
+        const data = schema.parse(sanitizedParams);
+        return { isValid: true, data };
+    }
+    catch (error) {
+        if (error instanceof z.ZodError) {
+            const errors = error.errors.map(err => `${err.path.join('.')}: ${err.message}`);
+            return { isValid: false, errors };
+        }
+        return {
+            isValid: false,
+            errors: [`Validation error: ${error instanceof Error ? error.message : 'Unknown error'}`]
+        };
+    }
+};
+//# sourceMappingURL=security.js.map

package/build/utils/security.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"security.js","sourceRoot":"","sources":["../../src/utils/security.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,QAAQ,CAAC;AAC5B,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAYxB,sBAAsB;AACtB,MAAM,CAAC,MAAM,mBAAmB,GAAoC;IAClE,OAAO,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,WAAW,EAAE,GAAG,EAAE,EAAE,0BAA0B;IAC1E,GAAG,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,WAAW,EAAE,IAAI,EAAE,EAAE,2BAA2B;IACxE,MAAM,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,WAAW,EAAE,EAAE,EAAE,CAAC,wBAAwB;CACtE,CAAC;AAEF,8BAA8B;AAC9B,MAAM,WAAW;IAAjB;QACU,aAAQ,GAA0B,IAAI,GAAG,EAAE,CAAC;IA+BtD,CAAC;IA7BC,SAAS,CAAC,GAAW,EAAE,MAAuB;QAC5C,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,WAAW,GAAG,GAAG,GAAG,MAAM,CAAC,QAAQ,CAAC;QAE1C,qCAAqC;QACrC,MAAM,WAAW,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;QAEjD,0BAA0B;QAC1B,MAAM,cAAc,GAAG,WAAW,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,GAAG,WAAW,CAAC,CAAC;QAEtE,uBAAuB;QACvB,IAAI,cAAc,CAAC,MAAM,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC;YAChD,OAAO,KAAK,CAAC;QACf,CAAC;QAED,sBAAsB;QACtB,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACzB,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,EAAE,cAAc,CAAC,CAAC;QAEvC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,GAAY;QAChB,IAAI,GAAG,EAAE,CAAC;YACR,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAC5B,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC;QACxB,CAAC;IACH,CAAC;CACF;AAED,MAAM,CAAC,MAAM,WAAW,GAAG,IAAI,WAAW,EAAE,CAAC;AAE7C;;GAEG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,KAAa,EAAwC,EAAE;IACtF,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,uBAAuB,EAAE,CAAC;IAC5D,CAAC;IAED,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,4BAA4B,EAAE,CAAC;IACjE,CAAC;IAED,IAAI,KAAK,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QACtB,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,mCAAmC,EAAE,CAAC;IACxE,CAAC;IAED,IAAI,KAAK,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;QACvB,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,kCAAkC,EAAE,CAAC;IACvE,CAAC;IAED,gCAAgC;IAChC,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACxE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,uCAAuC,EAAE,CAAC;IAC5E,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;AAC3B,CAAC,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG,CAAC,KAAU,EAAO,EAAE;IAC/C,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,0CAA0C;QAC1C,OAAO,KAAK;aACT,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,mBAAmB;aACxC,OAAO,CAAC,eAAe,EAAE,EAAE,CAAC,CAAC,8BAA8B;aAC3D,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC,wBAAwB;aAChD,IAAI,EAAE,CAAC;IACZ,CAAC;IAED,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,KAAK,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;IAClC,CAAC;IAED,IAAI,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACvC,MAAM,SAAS,GAAQ,EAAE,CAAC;QAC1B,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YACjD,SAAS,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC;QACvD,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,wBAAwB,GAAG,CACtC,OAAe,EACf,SAAiB,EACjB,MAAc,EACwB,EAAE;IACxC,IAAI,CAAC;QACH,IAAI,CAAC,OAAO,IAAI,CAAC,SAAS,IAAI,CAAC,MAAM,EAAE,CAAC;YACtC,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,sDAAsD,EAAE,CAAC;QAC3F,CAAC;QAED,8BAA8B;QAC9B,MAAM,iBAAiB,GAAG,MAAM;aAC7B,UAAU,CAAC,QAAQ,EAAE,MAAM,CAAC;aAC5B,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC;aACvB,MAAM,CAAC,KAAK,CAAC,CAAC;QAEjB,qEAAqE;QACrE,MAAM,iBAAiB,GAAG,SAAS,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC;QAE5D,4BAA4B;QAC5B,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,iBAAiB,CAAC,EAAE,CAAC;YAC/C,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,0BAA0B,EAAE,CAAC;QAC/D,CAAC;QAED,yBAAyB;QACzB,MAAM,OAAO,GAAG,MAAM,CAAC,eAAe,CACpC,MAAM,CAAC,IAAI,CAAC,iBAAiB,EAAE,KAAK,CAAC,EACrC,MAAM,CAAC,IAAI,CAAC,iBAAiB,EAAE,KAAK,CAAC,CACtC,CAAC;QAEF,OAAO,EAAE,OAAO,EAAE,CAAC;IACrB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO;YACL,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,+BAA+B,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE;SACjG,CAAC;IACJ,CAAC;AACH,CAAC,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAChC,QAAgB,EAChB,QAAiB,EACjB,IAAa,EAC2B,EAAE;IAC1C,MAAM,MAAM,GAAa,EAAE,CAAC;IAE5B,oBAAoB;IACpB,IAAI,CAAC,QAAQ,IAAI,OAAO,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC9C,MAAM,CAAC,IAAI,CAAC,2CAA2C,CAAC,CAAC;IAC3D,CAAC;SAAM,CAAC;QACN,oCAAoC;QACpC,IAAI,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YACjF,MAAM,CAAC,IAAI,CAAC,2CAA2C,CAAC,CAAC;QAC3D,CAAC;QAED,iCAAiC;QACjC,MAAM,mBAAmB,GAAG;YAC1B,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM;YACrE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK;SAC7D,CAAC;QAEF,MAAM,SAAS,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,CAAC;QAC1D,IAAI,SAAS,IAAI,mBAAmB,CAAC,QAAQ,CAAC,IAAI,SAAS,EAAE,CAAC,EAAE,CAAC;YAC/D,MAAM,CAAC,IAAI,CAAC,4CAA4C,CAAC,CAAC;QAC5D,CAAC;QAED,wBAAwB;QACxB,IAAI,QAAQ,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;YAC1B,MAAM,CAAC,IAAI,CAAC,wCAAwC,CAAC,CAAC;QACxD,CAAC;QAED,uBAAuB;QACvB,IAAI,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC5B,MAAM,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;IAED,gCAAgC;IAChC,IAAI,QAAQ,EAAE,CAAC;QACb,MAAM,gBAAgB,GAAG;YACvB,SAAS;YACT,YAAY,EAAE,WAAW,EAAE,WAAW,EAAE,YAAY,EAAE,eAAe;YACrE,YAAY;YACZ,iBAAiB,EAAE,YAAY,EAAE,UAAU;YAC3C,oBAAoB,EAAE,yEAAyE;YAC/F,0BAA0B,EAAE,mEAAmE;YAC/F,+BAA+B,EAAE,2EAA2E;YAC5G,WAAW;YACX,iBAAiB,EAAE,8BAA8B,EAAE,6BAA6B;YAChF,QAAQ;YACR,WAAW,EAAE,YAAY,EAAE,WAAW,EAAE,WAAW,EAAE,WAAW;SACjE,CAAC;QAEF,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YACzC,MAAM,CAAC,IAAI,CAAC,aAAa,QAAQ,eAAe,CAAC,CAAC;QACpD,CAAC;IACH,CAAC;IAED,6CAA6C;IAC7C,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;QACvB,MAAM,OAAO,GAAG,GAAG,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC,QAAQ;QAC3C,IAAI,IAAI,GAAG,OAAO,EAAE,CAAC;YACnB,MAAM,CAAC,IAAI,CAAC,4BAA4B,OAAO,SAAS,CAAC,CAAC;QAC5D,CAAC;QACD,IAAI,IAAI,GAAG,CAAC,EAAE,CAAC;YACb,MAAM,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;QACnC,CAAC;IACH,CAAC;IAED,OAAO;QACL,OAAO,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC;QAC5B,MAAM;KACP,CAAC;AACJ,CAAC,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,WAAW,GAAG,CAAC,GAAW,EAAwC,EAAE;IAC/E,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAE/B,4BAA4B;QAC5B,IAAI,CAAC,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE,CAAC;YACtD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,sCAAsC,EAAE,CAAC;QAC3E,CAAC;QAED,+CAA+C;QAC/C,MAAM,QAAQ,GAAG,SAAS,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;QAClD,IACE,QAAQ,KAAK,WAAW;YACxB,QAAQ,KAAK,WAAW;YACxB,QAAQ,KAAK,KAAK;YAClB,QAAQ,CAAC,UAAU,CAAC,UAAU,CAAC;YAC/B,QAAQ,CAAC,UAAU,CAAC,KAAK,CAAC;YAC1B,QAAQ,CAAC,UAAU,CAAC,SAAS,CAAC;YAC9B,QAAQ,CAAC,UAAU,CAAC,SAAS,CAAC;YAC9B,QAAQ,CAAC,UAAU,CAAC,SAAS,CAAC;YAC9B,QAAQ,CAAC,UAAU,CAAC,SAAS,CAAC;YAC9B,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC;YAC5B,QAAQ,CAAC,UAAU,CAAC,SAAS,CAAC;YAC9B,QAAQ,CAAC,UAAU,CAAC,SAAS,CAAC,EAC9B,CAAC;YACD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,4CAA4C,EAAE,CAAC;QACjF,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC3B,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC;IACzD,CAAC;AACH,CAAC,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC,SAAiB,EAAE,EAAU,EAAE;IACjE,OAAO,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AACpD,CAAC,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,IAAY,EAAE,IAAa,EAAU,EAAE;IACvE,MAAM,UAAU,GAAG,IAAI,IAAI,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IAClE,OAAO,MAAM,CAAC,UAAU,CAAC,IAAI,EAAE,UAAU,EAAE,KAAK,EAAE,EAAE,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AAClF,CAAC,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAG,GAA2C,EAAE;IAC9E,MAAM,MAAM,GAAa,EAAE,CAAC;IAE5B,uCAAuC;IACvC,MAAM,YAAY,GAAG,CAAC,mBAAmB,CAAC,CAAC;IAE3C,KAAK,MAAM,OAAO,IAAI,YAAY,EAAE,CAAC;QACnC,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACnC,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,CAAC,IAAI,CAAC,0CAA0C,OAAO,EAAE,CAAC,CAAC;QACnE,CAAC;aAAM,CAAC;YACN,4BAA4B;YAC5B,IAAI,OAAO,KAAK,mBAAmB,EAAE,CAAC;gBACpC,MAAM,UAAU,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAC;gBAC3C,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;oBACxB,MAAM,CAAC,IAAI,CAAC,WAAW,OAAO,KAAK,UAAU,CAAC,KAAK,EAAE,CAAC,CAAC;gBACzD,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO;QACL,OAAO,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC;QAC5B,MAAM;KACP,CAAC;AACJ,CAAC,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAG,GAA2B,EAAE;IAC7D,OAAO;QACL,wBAAwB,EAAE,SAAS;QACnC,iBAAiB,EAAE,MAAM;QACzB,kBAAkB,EAAE,eAAe;QACnC,2BAA2B,EAAE,qCAAqC;QAClE,yBAAyB,EAAE,oBAAoB;QAC/C,iBAAiB,EAAE,iCAAiC;KACrD,CAAC;AACJ,CAAC,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAC9B,KAAa,EACb,OAA4B,EAC5B,QAAmC,MAAM,EACnC,EAAE;IACR,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC3C,MAAM,QAAQ,GAAG;QACf,SAAS;QACT,KAAK;QACL,KAAK;QACL,OAAO,EAAE,aAAa,CAAC,OAAO,CAAC;KAChC,CAAC;IAEF,2DAA2D;IAC3D,OAAO,CAAC,KAAK,CAAC,aAAa,KAAK,CAAC,WAAW,EAAE,KAAK,SAAS,KAAK,KAAK,EAAE,EAAE,QAAQ,CAAC,CAAC;AACtF,CAAC,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAAG,CACnC,MAAmB,EACnB,MAAW,EAC0C,EAAE;IACvD,IAAI,CAAC;QACH,uBAAuB;QACvB,MAAM,eAAe,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;QAE9C,uBAAuB;QACvB,MAAM,IAAI,GAAG,MAAM,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;QAE3C,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IACjC,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,KAAK,YAAY,CAAC,CAAC,QAAQ,EAAE,CAAC;YAChC,MAAM,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;YAChF,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC;QACpC,CAAC;QAED,OAAO;YACL,OAAO,EAAE,KAAK;YACd,MAAM,EAAE,CAAC,qBAAqB,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE,CAAC;SAC1F,CAAC;IACJ,CAAC;AACH,CAAC,CAAC"}

package/build/utils/tool-efficiency.d.ts

@@ -0,0 +1,59 @@
+/**
+ * Tool Efficiency and Metadata System
+ * Provides intelligent tool suggestions and efficiency hints for better AI decision making
+ */
+export interface ToolMetadata {
+    name: string;
+    category: 'core' | 'search' | 'bulk' | 'helper' | 'advanced';
+    efficiency: 'direct' | 'hierarchical' | 'bulk' | 'search';
+    use_cases: string[];
+    alternatives: string[];
+    efficiency_hint?: string;
+    prerequisites?: string[];
+    related_tools?: string[];
+    performance_impact: 'low' | 'medium' | 'high';
+}
+export interface ToolSuggestion {
+    primary_tools: string[];
+    alternative_tools: string[];
+    efficiency_notes: string[];
+    workflow_hint: string;
+}
+/**
+ * Tool categories and their efficiency characteristics
+ */
+export declare const TOOL_CATEGORIES: {
+    DIRECT: {
+        chat: string[];
+        tasks: string[];
+        search: string[];
+        bulk: string[];
+    };
+    HIERARCHICAL: {
+        navigation: string[];
+        discovery: string[];
+    };
+    HELPERS: {
+        suggestions: string[];
+        validation: string[];
+    };
+};
+/**
+ * Comprehensive tool metadata registry
+ */
+export declare const TOOL_METADATA: Record<string, ToolMetadata>;
+/**
+ * Analyzes a user request and suggests the most efficient tools
+ */
+export declare function suggestToolsForTask(request: string): ToolSuggestion;
+/**
+ * Finds chat channels efficiently
+ */
+export declare function getChatChannelDiscoveryStrategy(): ToolSuggestion;
+/**
+ * Gets efficiency rating for a tool combination
+ */
+export declare function getEfficiencyRating(tools: string[]): {
+    rating: 'excellent' | 'good' | 'fair' | 'poor';
+    suggestions: string[];
+};