npm - @cjavdev/believe-mcp - Versions diffs - 0.19.0 → 0.20.1 - Mend

@cjavdev/believe-mcp 0.19.0 → 0.20.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (79) hide show

package/code-tool-paths.cjs +4 -2
package/code-tool-paths.cjs.map +1 -1
package/code-tool-paths.d.cts +1 -1
package/code-tool-paths.d.cts.map +1 -1
package/code-tool.d.mts.map +1 -1
package/code-tool.d.ts.map +1 -1
package/code-tool.js +29 -23
package/code-tool.js.map +1 -1
package/code-tool.mjs +20 -11
package/code-tool.mjs.map +1 -1
package/docs-search-tool.d.mts +2 -0
package/docs-search-tool.d.mts.map +1 -1
package/docs-search-tool.d.ts +2 -0
package/docs-search-tool.d.ts.map +1 -1
package/docs-search-tool.js +32 -2
package/docs-search-tool.js.map +1 -1
package/docs-search-tool.mjs +31 -2
package/docs-search-tool.mjs.map +1 -1
package/http.d.mts.map +1 -1
package/http.d.ts.map +1 -1
package/http.js +58 -3
package/http.js.map +1 -1
package/http.mjs +58 -3
package/http.mjs.map +1 -1
package/instructions.d.mts +4 -1
package/instructions.d.mts.map +1 -1
package/instructions.d.ts +4 -1
package/instructions.d.ts.map +1 -1
package/instructions.js +28 -13
package/instructions.js.map +1 -1
package/instructions.mjs +25 -13
package/instructions.mjs.map +1 -1
package/local-docs-search.d.mts +28 -0
package/local-docs-search.d.mts.map +1 -0
package/local-docs-search.d.ts +28 -0
package/local-docs-search.d.ts.map +1 -0
package/local-docs-search.js +3932 -0
package/local-docs-search.js.map +1 -0
package/local-docs-search.mjs +3892 -0
package/local-docs-search.mjs.map +1 -0
package/options.d.mts +3 -0
package/options.d.mts.map +1 -1
package/options.d.ts +3 -0
package/options.d.ts.map +1 -1
package/options.js +19 -0
package/options.js.map +1 -1
package/options.mjs +19 -0
package/options.mjs.map +1 -1
package/package.json +13 -2
package/server.d.mts +10 -1
package/server.d.mts.map +1 -1
package/server.d.ts +10 -1
package/server.d.ts.map +1 -1
package/server.js +13 -3
package/server.js.map +1 -1
package/server.mjs +13 -3
package/server.mjs.map +1 -1
package/src/code-tool-paths.cts +3 -1
package/src/code-tool.ts +27 -16
package/src/docs-search-tool.ts +46 -8
package/src/http.ts +62 -3
package/src/instructions.ts +32 -14
package/src/local-docs-search.ts +4636 -0
package/src/options.ts +24 -0
package/src/server.ts +23 -3
package/src/stdio.ts +4 -1
package/src/types.ts +3 -0
package/stdio.d.mts.map +1 -1
package/stdio.d.ts.map +1 -1
package/stdio.js +4 -1
package/stdio.js.map +1 -1
package/stdio.mjs +4 -1
package/stdio.mjs.map +1 -1
package/types.d.mts +6 -0
package/types.d.mts.map +1 -1
package/types.d.ts +6 -0
package/types.d.ts.map +1 -1
package/types.js.map +1 -1
package/types.mjs.map +1 -1

package/src/code-tool.ts CHANGED Viewed

@@ -1,10 +1,5 @@
 // File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
-import fs from 'node:fs';
-import path from 'node:path';
-import url from 'node:url';
-import { newDenoHTTPWorker } from '@valtown/deno-http-worker';
-import { workerPath } from './code-tool-paths.cjs';
 import {
   ContentBlock,
   McpRequestContext,
@@ -150,19 +145,23 @@ const remoteStainlessHandler = async ({
   const codeModeEndpoint = readEnv('CODE_MODE_ENDPOINT_URL') ?? 'https://api.stainless.com/api/ai/code-tool';
+  const localClientEnvs = {
+    BELIEVE_API_KEY: requireValue(
+      readEnv('BELIEVE_API_KEY') ?? client.apiKey,
+      'set BELIEVE_API_KEY environment variable or provide apiKey client option',
+    ),
+    BELIEVE_BASE_URL: readEnv('BELIEVE_BASE_URL') ?? client.baseURL ?? undefined,
+  };
+  // Merge any upstream client envs from the request header, with upstream values taking precedence.
+  const mergedClientEnvs = { ...localClientEnvs, ...reqContext.upstreamClientEnvs };
   // Setting a Stainless API key authenticates requests to the code tool endpoint.
   const res = await fetch(codeModeEndpoint, {
     method: 'POST',
     headers: {
       ...(reqContext.stainlessApiKey && { Authorization: reqContext.stainlessApiKey }),
       'Content-Type': 'application/json',
-      'x-stainless-mcp-client-envs': JSON.stringify({
-        BELIEVE_API_KEY: requireValue(
-          readEnv('BELIEVE_API_KEY') ?? client.apiKey,
-          'set BELIEVE_API_KEY environment variable or provide apiKey client option',
-        ),
-        BELIEVE_BASE_URL: readEnv('BELIEVE_BASE_URL') ?? client.baseURL ?? undefined,
-      }),
+      'x-stainless-mcp-client-envs': JSON.stringify(mergedClientEnvs),
     },
     body: JSON.stringify({
       project_name: 'believe',
@@ -205,6 +204,13 @@ const localDenoHandler = async ({
   reqContext: McpRequestContext;
   args: unknown;
 }): Promise<ToolCallResult> => {
+  const fs = await import('node:fs');
+  const path = await import('node:path');
+  const url = await import('node:url');
+  const { newDenoHTTPWorker } = await import('@valtown/deno-http-worker');
+  const { getWorkerPath } = await import('./code-tool-paths.cjs');
+  const workerPath = getWorkerPath();
   const client = reqContext.client;
   const baseURLHostname = new URL(client.baseURL).hostname;
   const { code } = args as { code: string };
@@ -266,6 +272,9 @@ const localDenoHandler = async ({
     printOutput: true,
     spawnOptions: {
       cwd: path.dirname(workerPath),
+      // Merge any upstream client envs into the Deno subprocess environment,
+      // with the upstream env vars taking precedence.
+      env: { ...process.env, ...reqContext.upstreamClientEnvs },
     },
   });
@@ -275,13 +284,15 @@ const localDenoHandler = async ({
         reject(new Error(`Worker exited with code ${exitCode}`));
       });
-      const opts: ClientOptions = {
-        baseURL: client.baseURL,
-        apiKey: client.apiKey,
+      // Strip null/undefined values so that the worker SDK client can fall back to
+      // reading from environment variables (including any upstreamClientEnvs).
+      const opts = {
+        ...(client.baseURL != null ? { baseURL: client.baseURL } : undefined),
+        ...(client.apiKey != null ? { apiKey: client.apiKey } : undefined),
         defaultHeaders: {
           'X-Stainless-MCP': 'true',
         },
-      };
+      } satisfies Partial<ClientOptions> as ClientOptions;
       const req = worker.request(
         'http://localhost',

package/src/docs-search-tool.ts CHANGED Viewed

@@ -3,6 +3,7 @@
 import { Tool } from '@modelcontextprotocol/sdk/types.js';
 import { Metadata, McpRequestContext, asTextContentResult } from './types';
 import { getLogger } from './logger';
+import type { LocalDocsSearch } from './local-docs-search';
 export const metadata: Metadata = {
   resource: 'all',
@@ -43,13 +44,30 @@ export const tool: Tool = {
 const docsSearchURL =
   process.env['DOCS_SEARCH_URL'] || 'https://api.stainless.com/api/projects/believe/docs/search';
-export const handler = async ({
-  reqContext,
-  args,
-}: {
-  reqContext: McpRequestContext;
-  args: Record<string, unknown> | undefined;
-}) => {
+let _localSearch: LocalDocsSearch | undefined;
+export function setLocalSearch(search: LocalDocsSearch): void {
+  _localSearch = search;
+}
+async function searchLocal(args: Record<string, unknown>): Promise<unknown> {
+  if (!_localSearch) {
+    throw new Error('Local search not initialized');
+  }
+  const query = (args['query'] as string) ?? '';
+  const language = (args['language'] as string) ?? 'typescript';
+  const detail = (args['detail'] as string) ?? 'default';
+  return _localSearch.search({
+    query,
+    language,
+    detail,
+    maxResults: 5,
+  }).results;
+}
+async function searchRemote(args: Record<string, unknown>, reqContext: McpRequestContext): Promise<unknown> {
   const body = args as any;
   const query = new URLSearchParams(body).toString();
@@ -57,6 +75,10 @@ export const handler = async ({
   const result = await fetch(`${docsSearchURL}?${query}`, {
     headers: {
       ...(reqContext.stainlessApiKey && { Authorization: reqContext.stainlessApiKey }),
+      ...(reqContext.mcpSessionId && { 'x-stainless-mcp-session-id': reqContext.mcpSessionId }),
+      ...(reqContext.mcpClientInfo && {
+        'x-stainless-mcp-client-info': JSON.stringify(reqContext.mcpClientInfo),
+      }),
     },
   });
@@ -94,7 +116,23 @@ export const handler = async ({
     },
     'Got docs search result',
   );
-  return asTextContentResult(resultBody);
+  return resultBody;
+}
+export const handler = async ({
+  reqContext,
+  args,
+}: {
+  reqContext: McpRequestContext;
+  args: Record<string, unknown> | undefined;
+}) => {
+  const body = args ?? {};
+  if (_localSearch) {
+    return asTextContentResult(await searchLocal(body));
+  }
+  return asTextContentResult(await searchRemote(body, reqContext));
 };
 export default { metadata, tool, handler };

package/src/http.ts CHANGED Viewed

@@ -23,18 +23,66 @@ const newServer = async ({
   res: express.Response;
 }): Promise<McpServer | null> => {
   const stainlessApiKey = getStainlessApiKey(req, mcpOptions);
-  const server = await newMcpServer(stainlessApiKey);
+  const customInstructionsPath = mcpOptions.customInstructionsPath;
+  const server = await newMcpServer({ stainlessApiKey, customInstructionsPath });
   const authOptions = parseClientAuthHeaders(req, false);
+  let upstreamClientEnvs: Record<string, string> | undefined;
+  const clientEnvsHeader = req.headers['x-stainless-mcp-client-envs'];
+  if (typeof clientEnvsHeader === 'string') {
+    try {
+      const parsed = JSON.parse(clientEnvsHeader);
+      if (parsed && typeof parsed === 'object' && !Array.isArray(parsed)) {
+        upstreamClientEnvs = parsed;
+      }
+    } catch {
+      // Ignore malformed header
+    }
+  }
+  // Parse x-stainless-mcp-client-permissions header to override permission options
+  //
+  // Note: Permissions are best-effort and intended to prevent clients from doing unexpected things;
+  // they're not a hard security boundary, so we allow arbitrary, client-driven overrides.
+  //
+  // See the Stainless MCP documentation for more details.
+  let effectiveMcpOptions = mcpOptions;
+  const clientPermissionsHeader = req.headers['x-stainless-mcp-client-permissions'];
+  if (typeof clientPermissionsHeader === 'string') {
+    try {
+      const parsed = JSON.parse(clientPermissionsHeader);
+      if (parsed && typeof parsed === 'object' && !Array.isArray(parsed)) {
+        effectiveMcpOptions = {
+          ...mcpOptions,
+          ...(typeof parsed.allow_http_gets === 'boolean' && { codeAllowHttpGets: parsed.allow_http_gets }),
+          ...(Array.isArray(parsed.allowed_methods) && { codeAllowedMethods: parsed.allowed_methods }),
+          ...(Array.isArray(parsed.blocked_methods) && { codeBlockedMethods: parsed.blocked_methods }),
+        };
+        getLogger().info(
+          { clientPermissions: parsed },
+          'Overriding code execution permissions from x-stainless-mcp-client-permissions header',
+        );
+      }
+    } catch (error) {
+      getLogger().warn({ error }, 'Failed to parse x-stainless-mcp-client-permissions header');
+    }
+  }
   await initMcpServer({
     server: server,
-    mcpOptions: mcpOptions,
+    mcpOptions: effectiveMcpOptions,
     clientOptions: {
       ...clientOptions,
       ...authOptions,
     },
     stainlessApiKey: stainlessApiKey,
+    upstreamClientEnvs,
+    mcpSessionId: (req as any).mcpSessionId,
+    mcpClientInfo:
+      typeof req.body?.params?.clientInfo?.name === 'string' ?
+        { name: req.body.params.clientInfo.name, version: String(req.body.params.clientInfo.version ?? '') }
+      : undefined,
   });
   return server;
@@ -72,7 +120,7 @@ const del = async (req: express.Request, res: express.Response) => {
 };
 const redactHeaders = (headers: Record<string, any>) => {
-  const hiddenHeaders = /auth|cookie|key|token/i;
+  const hiddenHeaders = /auth|cookie|key|token|x-stainless-mcp-client-envs/i;
   const filtered = { ...headers };
   Object.keys(filtered).forEach((key) => {
     if (hiddenHeaders.test(key)) {
@@ -92,6 +140,17 @@ export const streamableHTTPApp = ({
   const app = express();
   app.set('query parser', 'extended');
   app.use(express.json());
+  app.use((req: express.Request, res: express.Response, next: express.NextFunction) => {
+    const existing = req.headers['mcp-session-id'];
+    const sessionId = (Array.isArray(existing) ? existing[0] : existing) || crypto.randomUUID();
+    (req as any).mcpSessionId = sessionId;
+    const origWriteHead = res.writeHead.bind(res);
+    res.writeHead = function (statusCode: number, ...rest: any[]) {
+      res.setHeader('mcp-session-id', sessionId);
+      return origWriteHead(statusCode, ...rest);
+    } as typeof res.writeHead;
+    next();
+  });
   app.use(
     pinoHttp({
       logger: getLogger(),

package/src/instructions.ts CHANGED Viewed

@@ -1,5 +1,6 @@
 // File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
+import fs from 'fs/promises';
 import { readEnv } from './util';
 import { getLogger } from './logger';
@@ -12,33 +13,50 @@ interface InstructionsCacheEntry {
 const instructionsCache = new Map<string, InstructionsCacheEntry>();
-// Periodically evict stale entries so the cache doesn't grow unboundedly.
-const _cacheCleanupInterval = setInterval(() => {
+export async function getInstructions({
+  stainlessApiKey,
+  customInstructionsPath,
+}: {
+  stainlessApiKey?: string | undefined;
+  customInstructionsPath?: string | undefined;
+}): Promise<string> {
   const now = Date.now();
+  const cacheKey = customInstructionsPath ?? stainlessApiKey ?? '';
+  const cached = instructionsCache.get(cacheKey);
+  if (cached && now - cached.fetchedAt <= INSTRUCTIONS_CACHE_TTL_MS) {
+    return cached.fetchedInstructions;
+  }
+  // Evict stale entries so the cache doesn't grow unboundedly.
   for (const [key, entry] of instructionsCache) {
     if (now - entry.fetchedAt > INSTRUCTIONS_CACHE_TTL_MS) {
       instructionsCache.delete(key);
     }
   }
-}, INSTRUCTIONS_CACHE_TTL_MS);
-// Don't keep the process alive just for cleanup.
-_cacheCleanupInterval.unref();
+  let fetchedInstructions: string;
-export async function getInstructions(stainlessApiKey: string | undefined): Promise<string> {
-  const cacheKey = stainlessApiKey ?? '';
-  const cached = instructionsCache.get(cacheKey);
-  if (cached && Date.now() - cached.fetchedAt <= INSTRUCTIONS_CACHE_TTL_MS) {
-    return cached.fetchedInstructions;
+  if (customInstructionsPath) {
+    fetchedInstructions = await fetchLatestInstructionsFromFile(customInstructionsPath);
+  } else {
+    fetchedInstructions = await fetchLatestInstructionsFromApi(stainlessApiKey);
   }
-  const fetchedInstructions = await fetchLatestInstructions(stainlessApiKey);
-  instructionsCache.set(cacheKey, { fetchedInstructions, fetchedAt: Date.now() });
+  instructionsCache.set(cacheKey, { fetchedInstructions, fetchedAt: now });
   return fetchedInstructions;
 }
-async function fetchLatestInstructions(stainlessApiKey: string | undefined): Promise<string> {
+async function fetchLatestInstructionsFromFile(path: string): Promise<string> {
+  try {
+    return await fs.readFile(path, 'utf-8');
+  } catch (error) {
+    getLogger().error({ error, path }, 'Error fetching instructions from file');
+    throw error;
+  }
+}
+async function fetchLatestInstructionsFromApi(stainlessApiKey: string | undefined): Promise<string> {
   // Setting the stainless API key is optional, but may be required
   // to authenticate requests to the Stainless API.
   const response = await fetch(