@creative-ia/cortex 1.0.5

package/dist/knowledge/loader.js

@@ -0,0 +1,57 @@
+/**
+ * Knowledge Loader — Carrega skills e knowledge do S3 (LocalStack ou AWS).
+ * O conteúdo NUNCA é exposto diretamente ao cliente.
+ * As tools processam o conteúdo e retornam apenas respostas derivadas.
+ */
+import { S3Client, GetObjectCommand, ListObjectsV2Command } from "@aws-sdk/client-s3";
+const isLocal = process.env.USE_LOCALSTACK === "true";
+const s3 = new S3Client({
+    region: process.env.AWS_REGION || "us-east-1",
+    ...(isLocal && {
+        endpoint: "http://localhost:4566",
+        forcePathStyle: true,
+        credentials: { accessKeyId: "test", secretAccessKey: "test" },
+    }),
+});
+const BUCKET = process.env.SKILLS_BUCKET || "creative-ia50-skills";
+async function getObject(key) {
+    const cmd = new GetObjectCommand({ Bucket: BUCKET, Key: key });
+    const res = await s3.send(cmd);
+    return (await res.Body?.transformToString()) || "";
+}
+async function listObjects(prefix) {
+    const cmd = new ListObjectsV2Command({ Bucket: BUCKET, Prefix: prefix });
+    const res = await s3.send(cmd);
+    return (res.Contents || []).map((o) => o.Key).filter(Boolean);
+}
+// --- Public API ---
+export async function loadCodeStandards() {
+    const raw = await getObject("knowledge/code-standards.json");
+    return JSON.parse(raw);
+}
+export async function loadDecisions() {
+    const raw = await getObject("knowledge/decisions.json");
+    return JSON.parse(raw);
+}
+export async function loadGlossary() {
+    const raw = await getObject("knowledge/glossary.json");
+    return JSON.parse(raw);
+}
+export async function loadIntegrations() {
+    const raw = await getObject("knowledge/integrations.json");
+    return JSON.parse(raw);
+}
+export async function loadSkill(name) {
+    return getObject(`skills/${name}.md`);
+}
+export async function listSkills() {
+    const keys = await listObjects("skills/");
+    return keys.map((k) => k.replace("skills/", "").replace(".md", ""));
+}
+export async function loadIndex() {
+    const raw = await getObject("knowledge/index.json");
+    return JSON.parse(raw);
+}
+export async function loadTemplate(name) {
+    return getObject(`templates/${name}`);
+}

package/dist/lambda.d.ts

@@ -0,0 +1,22 @@
+#!/usr/bin/env node
+interface APIGatewayV2Event {
+    requestContext: {
+        http: {
+            method: string;
+            path: string;
+            sourceIp: string;
+        };
+        requestId: string;
+    };
+    headers: Record<string, string>;
+    body?: string;
+    isBase64Encoded?: boolean;
+}
+interface APIGatewayV2Result {
+    statusCode: number;
+    headers: Record<string, string>;
+    body: string;
+    isBase64Encoded?: boolean;
+}
+export declare function handler(event: APIGatewayV2Event): Promise<APIGatewayV2Result>;
+export {};

package/dist/lambda.js

@@ -0,0 +1,496 @@
+#!/usr/bin/env node
+/**
+ * Creative IA 50 — Lambda Handler (Streamable HTTP)
+ *
+ * Recebe requests HTTP do API Gateway e processa via MCP Server.
+ * Stateless: cada request cria uma nova instância do transport.
+ *
+ * Usa WebStandardStreamableHTTPServerTransport (Web Standard Request/Response)
+ * que é a forma correta de integrar com Lambda/API Gateway.
+ *
+ * Fluxo:
+ * 1. API Gateway recebe POST /mcp com JSON-RPC body
+ * 2. Lambda converte evento para Web Standard Request
+ * 3. WebStandardStreamableHTTPServerTransport processa
+ * 4. Response volta como JSON-RPC via API Gateway
+ */
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+import { WebStandardStreamableHTTPServerTransport } from "@modelcontextprotocol/sdk/server/webStandardStreamableHttp.js";
+import { z } from "zod";
+import { validateLicense, canAccessDomain } from "./config/license.js";
+import { getCodeStandards } from "./tools/get-code-standards.js";
+import { analyzeCode } from "./tools/analyze-code.js";
+import { getArchitectureGuidance } from "./tools/get-architecture.js";
+import { initProcess } from "./tools/init-process.js";
+import { validateProcess } from "./tools/validate-process.js";
+import { validateIdea } from "./tools/validate-idea.js";
+import { generateReport } from "./tools/generate-report.js";
+import { saveKnowledge, getKnowledge, searchKnowledge, deleteKnowledgeEntry, listDomains, } from "./tools/knowledge-crud.js";
+import { getConfig } from "./tools/config-registry.js";
+import { logEvent, searchLogs, insightsQuery } from "./tools/logs-query.js";
+import { semanticSearch } from "./tools/semantic-search.js";
+import { createProcess } from "./tools/create-process.js";
+import { updateProcess } from "./tools/update-process.js";
+import { decomposeEpic } from "./tools/decompose-epic.js";
+import { advanceProcess } from "./tools/advance-process.js";
+import { generateWiki } from "./tools/generate-wiki.js";
+import { reverseEngineer } from "./tools/reverse-engineer.js";
+// --- Helper: license gate ---
+async function licenseGate(licenseKey, toolName) {
+    const check = await validateLicense(licenseKey, toolName);
+    if (!check.valid)
+        return { denied: `Access denied: ${check.reason}` };
+    return { license: check.license };
+}
+function createServer() {
+    const server = new McpServer({ name: "creative-ia50", version: "1.0.0" });
+    // --- Tool: get_code_standards ---
+    server.tool("get_code_standards", "Returns code standards rules (L1-L4) for the requested level, language, or specific rule ID.", {
+        licenseKey: z.string().describe("Client license key"),
+        level: z.string().optional().describe("L1, L2, L3, L4, or all"),
+        language: z.string().optional().describe("typescript, java, or all"),
+        ruleId: z.string().optional().describe("Specific rule ID (e.g. L1-001)"),
+    }, async ({ licenseKey, level, language, ruleId }) => {
+        const gate = await licenseGate(licenseKey, "get_code_standards");
+        if ("denied" in gate)
+            return { content: [{ type: "text", text: gate.denied }] };
+        const result = await getCodeStandards({ level, language, ruleId });
+        return { content: [{ type: "text", text: result }] };
+    });
+    // --- Tool: analyze_code ---
+    server.tool("analyze_code", "Analyzes code against L1-L4 standards. Returns violations with fix suggestions.", {
+        licenseKey: z.string().describe("Client license key"),
+        code: z.string().describe("Source code to analyze"),
+        language: z.string().optional().describe("typescript or java"),
+        filename: z.string().optional().describe("Filename for context"),
+    }, async ({ licenseKey, code, language, filename }) => {
+        const gate = await licenseGate(licenseKey, "analyze_code");
+        if ("denied" in gate)
+            return { content: [{ type: "text", text: gate.denied }] };
+        const result = await analyzeCode({ code, language, filename });
+        return { content: [{ type: "text", text: result }] };
+    });
+    // --- Tool: get_architecture_guidance ---
+    server.tool("get_architecture_guidance", "Returns architecture guidance for a specific stack (BFF, Backend, Frontend).", {
+        licenseKey: z.string().describe("Client license key"),
+        stack: z.string().describe("bff, backend, or frontend"),
+        topic: z.string().optional().describe("layers, folders, errors, api, di, or all"),
+    }, async ({ licenseKey, stack, topic }) => {
+        const gate = await licenseGate(licenseKey, "get_architecture_guidance");
+        if ("denied" in gate)
+            return { content: [{ type: "text", text: gate.denied }] };
+        const result = await getArchitectureGuidance({ stack, topic });
+        return { content: [{ type: "text", text: result }] };
+    });
+    // --- Tool: init_process ---
+    server.tool("init_process", "Initializes a new process with UUID, checklist, and mandatory workflow.", {
+        licenseKey: z.string().describe("Client license key"),
+        title: z.string().describe("Process title"),
+        stakeholder: z.string().optional().describe("Stakeholder name"),
+        description: z.string().optional().describe("Process description"),
+    }, async ({ licenseKey, title, stakeholder, description }) => {
+        const gate = await licenseGate(licenseKey, "init_process");
+        if ("denied" in gate)
+            return { content: [{ type: "text", text: gate.denied }] };
+        const result = await initProcess({ title, stakeholder, description });
+        return { content: [{ type: "text", text: result }] };
+    });
+    // --- Tool: validate_process ---
+    server.tool("validate_process", "Validates if a process follows the mandatory workflow and has all required artifacts.", {
+        licenseKey: z.string().describe("Client license key"),
+        processId: z.string().describe("Process UUID"),
+        artifacts: z.array(z.string()).describe("List of artifact filenames in the process"),
+    }, async ({ licenseKey, processId, artifacts }) => {
+        const gate = await licenseGate(licenseKey, "validate_process");
+        if ("denied" in gate)
+            return { content: [{ type: "text", text: gate.denied }] };
+        const result = await validateProcess({ processId, artifacts });
+        return { content: [{ type: "text", text: result }] };
+    });
+    // --- Tool: validate_idea ---
+    server.tool("validate_idea", "Analyzes a business idea against the company knowledge base.", {
+        licenseKey: z.string().describe("Client license key"),
+        idea: z.string().describe("Business idea in natural language"),
+        context: z.string().optional().describe("Additional context about the idea"),
+        processId: z.string().optional().describe("UUID do processo (se chamado dentro de um processo existente)"),
+    }, async ({ licenseKey, idea, context, processId }) => {
+        const gate = await licenseGate(licenseKey, "validate_idea");
+        if ("denied" in gate)
+            return { content: [{ type: "text", text: gate.denied }] };
+        const result = await validateIdea({ idea, context, processId });
+        return { content: [{ type: "text", text: result }] };
+    });
+    // --- Tool: generate_report ---
+    server.tool("generate_report", "Generates a branded HTML report from processed content.", {
+        licenseKey: z.string().describe("Client license key"),
+        title: z.string().describe("Report title"),
+        content: z.string().describe("Report content"),
+        reportType: z.string().describe("Report type: feasibility, analysis, architecture, process, epics"),
+        outputDir: z.string().optional().describe("Custom output directory"),
+        diagramsDir: z.string().optional().describe("Relative path to generated-diagrams folder (for epics reportType)"),
+    }, async ({ licenseKey, title, content, reportType, outputDir, diagramsDir }) => {
+        const gate = await licenseGate(licenseKey, "generate_report");
+        if ("denied" in gate)
+            return { content: [{ type: "text", text: gate.denied }] };
+        const result = await generateReport({ title, content, reportType, outputDir, diagramsDir });
+        return { content: [{ type: "text", text: result }] };
+    });
+    // =============================================================================
+    // Knowledge CRUD Tools
+    // =============================================================================
+    server.tool("save_knowledge", "Salva ou atualiza um registro de conhecimento organizacional no DynamoDB.", {
+        licenseKey: z.string().describe("Client license key"),
+        domain: z.string().describe("Knowledge domain"),
+        id: z.string().describe("Unique ID within domain"),
+        title: z.string().describe("Entry title"),
+        content: z.string().describe("Entry content (markdown)"),
+        tags: z.array(z.string()).optional().describe("Tags for search/filtering"),
+        metadata: z.record(z.unknown()).optional().describe("Additional structured metadata"),
+    }, async ({ licenseKey, domain, id, title, content, tags, metadata }) => {
+        const gate = await licenseGate(licenseKey, "save_knowledge");
+        if ("denied" in gate)
+            return { content: [{ type: "text", text: gate.denied }] };
+        if (!canAccessDomain(gate.license, domain))
+            return { content: [{ type: "text", text: `Access denied: domain '${domain}' not allowed` }] };
+        const result = await saveKnowledge({ domain, id, title, content, tags, metadata });
+        return { content: [{ type: "text", text: result }] };
+    });
+    server.tool("get_knowledge", "Recupera conhecimento organizacional.", {
+        licenseKey: z.string().describe("Client license key"),
+        domain: z.string().describe("Knowledge domain"),
+        id: z.string().optional().describe("Specific entry ID"),
+        limit: z.number().optional().describe("Max entries to return"),
+    }, async ({ licenseKey, domain, id, limit }) => {
+        const gate = await licenseGate(licenseKey, "get_knowledge");
+        if ("denied" in gate)
+            return { content: [{ type: "text", text: gate.denied }] };
+        if (!canAccessDomain(gate.license, domain))
+            return { content: [{ type: "text", text: `Access denied: domain '${domain}' not allowed` }] };
+        const result = await getKnowledge({ domain, id, limit });
+        return { content: [{ type: "text", text: result }] };
+    });
+    server.tool("search_knowledge", "Busca textual no conhecimento organizacional.", {
+        licenseKey: z.string().describe("Client license key"),
+        query: z.string().describe("Search text"),
+        domain: z.string().optional().describe("Limit search to specific domain"),
+        tag: z.string().optional().describe("Search by tag"),
+        limit: z.number().optional().describe("Max results"),
+    }, async ({ licenseKey, query, domain, tag, limit }) => {
+        const gate = await licenseGate(licenseKey, "search_knowledge");
+        if ("denied" in gate)
+            return { content: [{ type: "text", text: gate.denied }] };
+        if (domain && !canAccessDomain(gate.license, domain))
+            return { content: [{ type: "text", text: `Access denied: domain '${domain}' not allowed` }] };
+        const result = await searchKnowledge({ query, domain, tag, limit, license: gate.license });
+        return { content: [{ type: "text", text: result }] };
+    });
+    server.tool("delete_knowledge", "Remove um registro de conhecimento organizacional.", {
+        licenseKey: z.string().describe("Client license key"),
+        domain: z.string().describe("Knowledge domain"),
+        id: z.string().describe("Entry ID to delete"),
+    }, async ({ licenseKey, domain, id }) => {
+        const gate = await licenseGate(licenseKey, "delete_knowledge");
+        if ("denied" in gate)
+            return { content: [{ type: "text", text: gate.denied }] };
+        if (!canAccessDomain(gate.license, domain))
+            return { content: [{ type: "text", text: `Access denied: domain '${domain}' not allowed` }] };
+        const result = await deleteKnowledgeEntry({ domain, id });
+        return { content: [{ type: "text", text: result }] };
+    });
+    server.tool("list_knowledge_domains", "Lista todos os domains de conhecimento disponíveis.", { licenseKey: z.string().describe("Client license key") }, async ({ licenseKey }) => {
+        const gate = await licenseGate(licenseKey, "list_knowledge_domains");
+        if ("denied" in gate)
+            return { content: [{ type: "text", text: gate.denied }] };
+        const result = await listDomains(gate.license);
+        return { content: [{ type: "text", text: result }] };
+    });
+    // =============================================================================
+    // Config + Logs + Semantic Search
+    // =============================================================================
+    server.tool("get_config", "Lê configuração do MCP Server via SSM Parameter Store.", {
+        licenseKey: z.string().describe("Client license key"),
+        key: z.string().optional().describe("Config key"),
+    }, async ({ licenseKey, key }) => {
+        const gate = await licenseGate(licenseKey, "get_config");
+        if ("denied" in gate)
+            return { content: [{ type: "text", text: gate.denied }] };
+        const result = await getConfig({ key });
+        return { content: [{ type: "text", text: result }] };
+    });
+    server.tool("log_event", "Registra um evento de log no CloudWatch Logs.", {
+        licenseKey: z.string().describe("Client license key"),
+        level: z.string().describe("Log level: info, warn, error, debug"),
+        message: z.string().describe("Log message"),
+        meta: z.record(z.unknown()).optional().describe("Additional metadata"),
+    }, async ({ licenseKey, level, message, meta }) => {
+        const gate = await licenseGate(licenseKey, "log_event");
+        if ("denied" in gate)
+            return { content: [{ type: "text", text: gate.denied }] };
+        const result = await logEvent({ level, message, meta });
+        return { content: [{ type: "text", text: result }] };
+    });
+    server.tool("search_logs", "Busca logs no CloudWatch por pattern.", {
+        licenseKey: z.string().describe("Client license key"),
+        pattern: z.string().optional().describe("Filter pattern"),
+        hours: z.number().optional().describe("Hours to look back"),
+        limit: z.number().optional().describe("Max results"),
+    }, async ({ licenseKey, pattern, hours, limit }) => {
+        const gate = await licenseGate(licenseKey, "search_logs");
+        if ("denied" in gate)
+            return { content: [{ type: "text", text: gate.denied }] };
+        const result = await searchLogs({ pattern, hours, limit });
+        return { content: [{ type: "text", text: result }] };
+    });
+    server.tool("insights_query", "Executa uma query CloudWatch Insights nos logs.", {
+        licenseKey: z.string().describe("Client license key"),
+        query: z.string().describe("CloudWatch Insights query"),
+        hours: z.number().optional().describe("Hours to look back"),
+        limit: z.number().optional().describe("Max results"),
+    }, async ({ licenseKey, query, hours, limit }) => {
+        const gate = await licenseGate(licenseKey, "insights_query");
+        if ("denied" in gate)
+            return { content: [{ type: "text", text: gate.denied }] };
+        const result = await insightsQuery({ query, hours, limit });
+        return { content: [{ type: "text", text: result }] };
+    });
+    server.tool("semantic_search", "Busca semântica no knowledge base usando Bedrock Titan Embeddings.", {
+        licenseKey: z.string().describe("Client license key"),
+        query: z.string().describe("Natural language search query"),
+        domain: z.string().optional().describe("Limit to specific domain"),
+        limit: z.number().optional().describe("Max results"),
+    }, async ({ licenseKey, query, domain, limit }) => {
+        const gate = await licenseGate(licenseKey, "semantic_search");
+        if ("denied" in gate)
+            return { content: [{ type: "text", text: gate.denied }] };
+        if (domain && !canAccessDomain(gate.license, domain))
+            return { content: [{ type: "text", text: `Access denied: domain '${domain}' not allowed` }] };
+        const result = await semanticSearch({ query, domain, limit, license: gate.license });
+        return { content: [{ type: "text", text: result }] };
+    });
+    server.tool("create_process", "Cria esqueleto de processo: recebe frase em linguagem natural, inicializa no DynamoDB e retorna arquivos locais (README, 01-stakeholder, knowledge.json, orchestration.json). O parecer de viabilidade é gerado após o stakeholder estar completo.", {
+        licenseKey: z.string().describe("Client license key"),
+        prompt: z.string().describe("Frase em linguagem natural descrevendo o processo (ex: 'Criar processo de arquitetura para jornada PIX')"),
+        stakeholder: z.string().optional().describe("Nome do stakeholder ou squad"),
+    }, async ({ licenseKey, prompt, stakeholder }) => {
+        const gate = await licenseGate(licenseKey, "create_process");
+        if ("denied" in gate)
+            return { content: [{ type: "text", text: gate.denied }] };
+        const result = await createProcess({ prompt, stakeholder });
+        return { content: [{ type: "text", text: result }] };
+    });
+    server.tool("update_process", "Acrescenta informações a um processo existente (tech stack, decisões, status de fases, notas). Pode listar processos acessíveis.", {
+        licenseKey: z.string().describe("Client license key"),
+        processId: z.string().describe("UUID do processo (ex: 'ddb8715d')"),
+        updates: z.object({
+            tech_stack: z.record(z.string()).optional().describe("Mapa chave-valor do tech stack (ex: {frontend: 'React Native', backend: 'Java Spring Boot'})"),
+            decisions: z.array(z.object({
+                title: z.string().describe("Título da decisão"),
+                decision: z.string().describe("Decisão tomada"),
+                rationale: z.string().optional().describe("Justificativa"),
+            })).optional().describe("Novas decisões técnicas a adicionar"),
+            phase_status: z.record(z.string()).optional().describe("Atualização de status de fases (ex: {'01-stakeholder': 'done'})"),
+            notes: z.string().optional().describe("Nota ou observação a adicionar"),
+            stakeholder: z.string().optional().describe("Atualizar stakeholder"),
+        }).describe("Objeto com as atualizações a aplicar"),
+        listProcesses: z.boolean().optional().describe("Se true, lista processos acessíveis ao invés de atualizar"),
+    }, async ({ licenseKey, processId, updates, listProcesses }) => {
+        const gate = await licenseGate(licenseKey, "update_process");
+        if ("denied" in gate)
+            return { content: [{ type: "text", text: gate.denied }] };
+        const result = await updateProcess({ processId, updates, listProcesses });
+        return { content: [{ type: "text", text: result }] };
+    });
+    server.tool("decompose_epic", "Decompõe um épico (EP-XX) em artefatos completos: EPIC.md + Features + User Stories + Tasks. Lê o markdown de épicos do processo e gera toda a hierarquia.", {
+        licenseKey: z.string().describe("Client license key"),
+        processId: z.string().describe("UUID do processo (ex: '5b650020')"),
+        epicId: z.string().describe("ID do épico a decompor (ex: 'EP-01', 'EP-02')"),
+        processDir: z.string().describe("Caminho absoluto do diretório do processo (ex: '/Users/.../process/5b650020')"),
+    }, async ({ licenseKey, processId, epicId, processDir }) => {
+        const gate = await licenseGate(licenseKey, "decompose_epic");
+        if ("denied" in gate)
+            return { content: [{ type: "text", text: gate.denied }] };
+        const result = await decomposeEpic({ processId, epicId, processDir });
+        return { content: [{ type: "text", text: result }] };
+    });
+    server.tool("advance_process", "Orquestrador inteligente: detecta a fase atual do processo e avança para o próximo artefato. Se há épicos pendentes, decompõe o próximo automaticamente. Pode receber epicId específico.", {
+        licenseKey: z.string().describe("Client license key"),
+        processId: z.string().describe("UUID do processo (ex: '5b650020')"),
+        processDir: z.string().describe("Caminho absoluto do diretório do processo"),
+        epicId: z.string().optional().describe("ID do épico específico (ex: 'EP-01'). Se omitido, avança o próximo pendente."),
+    }, async ({ licenseKey, processId, processDir, epicId }) => {
+        const gate = await licenseGate(licenseKey, "advance_process");
+        if ("denied" in gate)
+            return { content: [{ type: "text", text: gate.denied }] };
+        const result = await advanceProcess({ processId, processDir, epicId });
+        return { content: [{ type: "text", text: result }] };
+    });
+    server.tool("generate_wiki", "Gera/atualiza wiki navegável do processo: index.html (home com cards), pages/ (cada artefato .md como .html com sidebar TOC + breadcrumb), styles.css e loader.js compartilhados. Formato dark theme com layout de referência.", {
+        licenseKey: z.string().describe("Client license key"),
+        processId: z.string().describe("UUID do processo (ex: '5b650020')"),
+        processDir: z.string().describe("Caminho absoluto do diretório do processo"),
+    }, async ({ licenseKey, processId, processDir }) => {
+        const gate = await licenseGate(licenseKey, "generate_wiki");
+        if ("denied" in gate)
+            return { content: [{ type: "text", text: gate.denied }] };
+        const result = await generateWiki({ processId, processDir });
+        return { content: [{ type: "text", text: JSON.stringify(result, null, 2) }] };
+    });
+    server.tool("reverse_engineer", "Analisa repositório local ou remoto (Git URL) e gera artefato .md de engenharia reversa: stack, módulos, dependências, APIs, padrões de arquitetura e métricas. Para repos remotos, configure tokens nas env vars do mcp.json (GITHUB_TOKEN, GITLAB_TOKEN, BITBUCKET_TOKEN, AZURE_DEVOPS_TOKEN).", {
+        licenseKey: z.string().describe("Client license key"),
+        repoDir: z.string().describe("Caminho absoluto do repositório local OU URL Git remota (https://github.com/org/repo.git)"),
+        processId: z.string().optional().describe("UUID do processo (se vinculado a um processo existente)"),
+        processDir: z.string().optional().describe("Caminho absoluto do diretório do processo (para salvar o artefato dentro do processo)"),
+        outputFilename: z.string().optional().describe("Nome do arquivo de saída (default: engenharia-reversa-{repo}.md)"),
+    }, async ({ licenseKey, repoDir, processId, processDir, outputFilename }) => {
+        const gate = await licenseGate(licenseKey, "reverse_engineer");
+        if ("denied" in gate)
+            return { content: [{ type: "text", text: gate.denied }] };
+        const result = await reverseEngineer({ repoDir, processId, processDir, outputFilename });
+        return { content: [{ type: "text", text: JSON.stringify(result, null, 2) }] };
+    });
+    return server;
+}
+/**
+ * Extrai X-License-Key do header (case-insensitive, API Gateway normaliza pra lowercase).
+ */
+function extractLicenseKey(headers) {
+    // API Gateway HTTP API v2 normaliza headers pra lowercase
+    return headers["x-license-key"] || headers["X-License-Key"];
+}
+/**
+ * Injeta licenseKey nos argumentos de tools/call se não estiver presente.
+ * Assim o cliente não precisa passar licenseKey em cada chamada — vem do header.
+ */
+function injectLicenseKey(body, licenseKey) {
+    if (!body || typeof body !== "object")
+        return body;
+    const rpc = body;
+    // Só injeta em tools/call
+    if (rpc.method !== "tools/call")
+        return body;
+    const params = rpc.params;
+    if (!params?.arguments)
+        return body;
+    const args = params.arguments;
+    // Só injeta se não veio no body (header tem prioridade como fallback)
+    if (!args.licenseKey) {
+        args.licenseKey = licenseKey;
+    }
+    return body;
+}
+export async function handler(event) {
+    const method = event.requestContext.http.method;
+    // Health check
+    if (method === "GET") {
+        return {
+            statusCode: 200,
+            headers: { "content-type": "application/json" },
+            body: JSON.stringify({ status: "ok", service: "creative-ia50-mcp", version: "1.0.0" }),
+        };
+    }
+    // Only POST allowed for MCP
+    if (method !== "POST") {
+        return {
+            statusCode: 405,
+            headers: { "content-type": "application/json" },
+            body: JSON.stringify({ error: "Method not allowed" }),
+        };
+    }
+    // --- License validation at HTTP level ---
+    const licenseKey = extractLicenseKey(event.headers);
+    if (!licenseKey) {
+        return {
+            statusCode: 401,
+            headers: { "content-type": "application/json" },
+            body: JSON.stringify({ error: "Missing X-License-Key header" }),
+        };
+    }
+    // Validate license before processing any MCP request
+    const licenseCheck = await validateLicense(licenseKey);
+    if (!licenseCheck.valid) {
+        return {
+            statusCode: 403,
+            headers: { "content-type": "application/json" },
+            body: JSON.stringify({ error: `License denied: ${licenseCheck.reason}` }),
+        };
+    }
+    // Parse body
+    const rawBody = event.isBase64Encoded
+        ? Buffer.from(event.body || "", "base64").toString("utf-8")
+        : event.body || "";
+    // Input size limit (256KB)
+    if (rawBody.length > 256 * 1024) {
+        return {
+            statusCode: 413,
+            headers: { "content-type": "application/json" },
+            body: JSON.stringify({ error: "Request too large" }),
+        };
+    }
+    let parsedBody;
+    try {
+        parsedBody = JSON.parse(rawBody);
+    }
+    catch {
+        return {
+            statusCode: 400,
+            headers: { "content-type": "application/json" },
+            body: JSON.stringify({ error: "Invalid JSON" }),
+        };
+    }
+    // Inject licenseKey from header into tool call arguments
+    parsedBody = injectLicenseKey(parsedBody, licenseKey);
+    const injectedBody = JSON.stringify(parsedBody);
+    // Build Web Standard Request from API Gateway event
+    const url = `https://${event.headers?.host || "localhost"}${event.requestContext.http.path}`;
+    const webHeaders = new Headers();
+    for (const [k, v] of Object.entries(event.headers || {})) {
+        webHeaders.set(k, v);
+    }
+    // Ensure Accept header includes both required types for MCP
+    if (!webHeaders.get("accept")?.includes("text/event-stream")) {
+        webHeaders.set("accept", "application/json, text/event-stream");
+    }
+    const webRequest = new Request(url, {
+        method: "POST",
+        headers: webHeaders,
+        body: injectedBody,
+    });
+    // Create MCP server + transport per request (stateless)
+    const server = createServer();
+    const transport = new WebStandardStreamableHTTPServerTransport({ sessionIdGenerator: undefined });
+    await server.connect(transport);
+    let result;
+    try {
+        // Process the MCP request using Web Standard API
+        const webResponse = await transport.handleRequest(webRequest, { parsedBody });
+        // Convert Web Standard Response to API Gateway format
+        const responseBody = await webResponse.text();
+        const responseHeaders = {};
+        webResponse.headers.forEach((v, k) => {
+            responseHeaders[k] = v;
+        });
+        result = {
+            statusCode: webResponse.status,
+            headers: responseHeaders,
+            body: responseBody,
+        };
+    }
+    catch (err) {
+        result = {
+            statusCode: 500,
+            headers: { "content-type": "application/json" },
+            body: JSON.stringify({ error: "Internal server error", detail: String(err) }),
+        };
+    }
+    // Cleanup silencioso — não pode lançar exceção após response pronta
+    // (evita InvalidStateTransition no Lambda runtime)
+    try {
+        await transport.close();
+    }
+    catch { /* ignore */ }
+    try {
+        await server.close();
+    }
+    catch { /* ignore */ }
+    return result;
+}

package/dist/package.json

@@ -0,0 +1 @@
+{ "type": "module" }

package/dist/tools/advance-process.d.ts

@@ -0,0 +1,7 @@
+interface AdvanceProcessRequest {
+    processId: string;
+    processDir: string;
+    epicId?: string;
+}
+export declare function advanceProcess(params: AdvanceProcessRequest): Promise<string>;
+export {};