npm - @creature-ai/sdk - Versions diffs - 0.1.16 → 0.1.17 - Mend

@creature-ai/sdk 0.1.16 → 0.1.17

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dist/server/index.d.ts CHANGED Viewed

@@ -207,10 +207,10 @@ interface ToolContext {
      */
     instanceId: string;
     /**
-     * Creature App Token for identity retrieval.
-     * ONLY present when:
-     * 1. App opted into Creature-managed auth (`auth: { creatureManaged: true }`)
-     * 2. Tool call originated from Creature host
+     * Creature token for identity retrieval.
+     * Present when either:
+     * 1. Tool call originated from Creature host (injected via `_creatureToken` arg)
+     * 2. Tool call includes OAuth bearer token in Authorization header (ChatGPT/other hosts)
      *
      * Use `getIdentity(context.creatureToken)` to retrieve user identity
      * for multi-tenant data access.

package/dist/server/index.js CHANGED Viewed

@@ -6786,6 +6786,7 @@ var require_dist = __commonJS({
 // src/server/app.ts
 import { randomUUID } from "crypto";
+import { AsyncLocalStorage } from "async_hooks";
 import path2 from "path";
 import { fileURLToPath } from "url";
@@ -13738,6 +13739,15 @@ var WebSocketManager = class {
 };
 // src/server/app.ts
+var requestContextStorage = new AsyncLocalStorage();
+var extractBearerToken = (authHeader) => {
+  if (!authHeader) return void 0;
+  const trimmed = authHeader.trim();
+  if (trimmed.toLowerCase().startsWith("bearer ")) {
+    return trimmed.slice(7).trim();
+  }
+  return void 0;
+};
 var App = class {
   // ==========================================================================
   // Private Properties
@@ -14520,38 +14530,42 @@ var App = class {
   }
   async handleMcpPost(req, res) {
     const transportSessionId = req.headers["mcp-session-id"];
-    try {
-      let transport;
-      if (transportSessionId && this.transports.has(transportSessionId)) {
-        transport = this.transports.get(transportSessionId);
-      } else if (!transportSessionId && isInitializeRequest2(req.body)) {
-        const clientName = req.body?.params?.clientInfo?.name;
-        this.hostSupportsMultiInstance = clientName === "creature";
-        console.log(`[MCP] Client: ${clientName}, multiInstance support: ${this.hostSupportsMultiInstance}`);
-        transport = this.createTransport();
-        const server = this.createMcpServer();
-        await server.connect(transport);
+    const authorizationHeader = req.headers["authorization"];
+    const context = { authorizationHeader };
+    await requestContextStorage.run(context, async () => {
+      try {
+        let transport;
+        if (transportSessionId && this.transports.has(transportSessionId)) {
+          transport = this.transports.get(transportSessionId);
+        } else if (!transportSessionId && isInitializeRequest2(req.body)) {
+          const clientName = req.body?.params?.clientInfo?.name;
+          this.hostSupportsMultiInstance = clientName === "creature";
+          console.log(`[MCP] Client: ${clientName}, multiInstance support: ${this.hostSupportsMultiInstance}`);
+          transport = this.createTransport();
+          const server = this.createMcpServer();
+          await server.connect(transport);
+          await transport.handleRequest(req, res, req.body);
+          return;
+        } else {
+          res.status(400).json({
+            jsonrpc: "2.0",
+            error: { code: -32e3, message: "Bad Request: No valid transport session ID" },
+            id: null
+          });
+          return;
+        }
         await transport.handleRequest(req, res, req.body);
-        return;
-      } else {
-        res.status(400).json({
-          jsonrpc: "2.0",
-          error: { code: -32e3, message: "Bad Request: No valid transport session ID" },
-          id: null
-        });
-        return;
-      }
-      await transport.handleRequest(req, res, req.body);
-    } catch (error) {
-      console.error("Error:", error);
-      if (!res.headersSent) {
-        res.status(500).json({
-          jsonrpc: "2.0",
-          error: { code: -32603, message: "Internal server error" },
-          id: null
-        });
+      } catch (error) {
+        console.error("Error:", error);
+        if (!res.headersSent) {
+          res.status(500).json({
+            jsonrpc: "2.0",
+            error: { code: -32603, message: "Internal server error" },
+            id: null
+          });
+        }
       }
-    }
+    });
   }
   async handleMcpGet(req, res) {
     const transportSessionId = req.headers["mcp-session-id"];
@@ -14687,7 +14701,11 @@ var App = class {
         },
         async (args) => {
           try {
-            const creatureToken = args._creatureToken;
+            let creatureToken = args._creatureToken;
+            if (!creatureToken) {
+              const reqContext = requestContextStorage.getStore();
+              creatureToken = extractBearerToken(reqContext?.authorizationHeader);
+            }
             const { _creatureToken: _, ...cleanArgs } = args;
             const input = config.input ? config.input.parse(cleanArgs) : cleanArgs;
             let instanceId;