npm - @cyanheads/mcp-ts-core - Versions diffs - 0.1.0-beta.12 - Mend

@cyanheads/mcp-ts-core 0.1.0-beta.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (485) hide show

package/CLAUDE.md +583 -0
package/LICENSE +201 -0
package/README.md +287 -0
package/biome.json +103 -0
package/dist/app.d.ts +82 -0
package/dist/app.d.ts.map +1 -0
package/dist/app.js +222 -0
package/dist/app.js.map +1 -0
package/dist/cli/init.d.ts +8 -0
package/dist/cli/init.d.ts.map +1 -0
package/dist/cli/init.js +161 -0
package/dist/cli/init.js.map +1 -0
package/dist/config/index.d.ts +349 -0
package/dist/config/index.d.ts.map +1 -0
package/dist/config/index.js +464 -0
package/dist/config/index.js.map +1 -0
package/dist/context.d.ts +119 -0
package/dist/context.d.ts.map +1 -0
package/dist/context.js +144 -0
package/dist/context.js.map +1 -0
package/dist/index.d.ts +8 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +9 -0
package/dist/index.js.map +1 -0
package/dist/mcp-server/prompts/prompt-registration.d.ts +33 -0
package/dist/mcp-server/prompts/prompt-registration.d.ts.map +1 -0
package/dist/mcp-server/prompts/prompt-registration.js +91 -0
package/dist/mcp-server/prompts/prompt-registration.js.map +1 -0
package/dist/mcp-server/prompts/utils/newPromptDefinition.d.ts +49 -0
package/dist/mcp-server/prompts/utils/newPromptDefinition.d.ts.map +1 -0
package/dist/mcp-server/prompts/utils/newPromptDefinition.js +39 -0
package/dist/mcp-server/prompts/utils/newPromptDefinition.js.map +1 -0
package/dist/mcp-server/prompts/utils/promptDefinition.d.ts +37 -0
package/dist/mcp-server/prompts/utils/promptDefinition.d.ts.map +1 -0
package/dist/mcp-server/prompts/utils/promptDefinition.js +2 -0
package/dist/mcp-server/prompts/utils/promptDefinition.js.map +1 -0
package/dist/mcp-server/resources/resource-registration.d.ts +27 -0
package/dist/mcp-server/resources/resource-registration.d.ts.map +1 -0
package/dist/mcp-server/resources/resource-registration.js +85 -0
package/dist/mcp-server/resources/resource-registration.js.map +1 -0
package/dist/mcp-server/resources/utils/newResourceDefinition.d.ts +84 -0
package/dist/mcp-server/resources/utils/newResourceDefinition.d.ts.map +1 -0
package/dist/mcp-server/resources/utils/newResourceDefinition.js +40 -0
package/dist/mcp-server/resources/utils/newResourceDefinition.js.map +1 -0
package/dist/mcp-server/resources/utils/newResourceHandlerFactory.d.ts +32 -0
package/dist/mcp-server/resources/utils/newResourceHandlerFactory.d.ts.map +1 -0
package/dist/mcp-server/resources/utils/newResourceHandlerFactory.js +103 -0
package/dist/mcp-server/resources/utils/newResourceHandlerFactory.js.map +1 -0
package/dist/mcp-server/resources/utils/resourceDefinition.d.ts +94 -0
package/dist/mcp-server/resources/utils/resourceDefinition.d.ts.map +1 -0
package/dist/mcp-server/resources/utils/resourceDefinition.js +2 -0
package/dist/mcp-server/resources/utils/resourceDefinition.js.map +1 -0
package/dist/mcp-server/resources/utils/resourceHandlerFactory.d.ts +14 -0
package/dist/mcp-server/resources/utils/resourceHandlerFactory.d.ts.map +1 -0
package/dist/mcp-server/resources/utils/resourceHandlerFactory.js +111 -0
package/dist/mcp-server/resources/utils/resourceHandlerFactory.js.map +1 -0
package/dist/mcp-server/roots/roots-registration.d.ts +22 -0
package/dist/mcp-server/roots/roots-registration.d.ts.map +1 -0
package/dist/mcp-server/roots/roots-registration.js +25 -0
package/dist/mcp-server/roots/roots-registration.js.map +1 -0
package/dist/mcp-server/server.d.ts +34 -0
package/dist/mcp-server/server.d.ts.map +1 -0
package/dist/mcp-server/server.js +62 -0
package/dist/mcp-server/server.js.map +1 -0
package/dist/mcp-server/tasks/core/sessionAwareTaskStore.d.ts +42 -0
package/dist/mcp-server/tasks/core/sessionAwareTaskStore.d.ts.map +1 -0
package/dist/mcp-server/tasks/core/sessionAwareTaskStore.js +70 -0
package/dist/mcp-server/tasks/core/sessionAwareTaskStore.js.map +1 -0
package/dist/mcp-server/tasks/core/storageBackedTaskStore.d.ts +109 -0
package/dist/mcp-server/tasks/core/storageBackedTaskStore.d.ts.map +1 -0
package/dist/mcp-server/tasks/core/storageBackedTaskStore.js +209 -0
package/dist/mcp-server/tasks/core/storageBackedTaskStore.js.map +1 -0
package/dist/mcp-server/tasks/core/taskManager.d.ts +103 -0
package/dist/mcp-server/tasks/core/taskManager.d.ts.map +1 -0
package/dist/mcp-server/tasks/core/taskManager.js +144 -0
package/dist/mcp-server/tasks/core/taskManager.js.map +1 -0
package/dist/mcp-server/tasks/core/taskTypes.d.ts +11 -0
package/dist/mcp-server/tasks/core/taskTypes.d.ts.map +1 -0
package/dist/mcp-server/tasks/core/taskTypes.js +13 -0
package/dist/mcp-server/tasks/core/taskTypes.js.map +1 -0
package/dist/mcp-server/tasks/utils/taskToolDefinition.d.ts +108 -0
package/dist/mcp-server/tasks/utils/taskToolDefinition.d.ts.map +1 -0
package/dist/mcp-server/tasks/utils/taskToolDefinition.js +14 -0
package/dist/mcp-server/tasks/utils/taskToolDefinition.js.map +1 -0
package/dist/mcp-server/tools/tool-registration.d.ts +49 -0
package/dist/mcp-server/tools/tool-registration.d.ts.map +1 -0
package/dist/mcp-server/tools/tool-registration.js +269 -0
package/dist/mcp-server/tools/tool-registration.js.map +1 -0
package/dist/mcp-server/tools/utils/newToolDefinition.d.ts +73 -0
package/dist/mcp-server/tools/utils/newToolDefinition.d.ts.map +1 -0
package/dist/mcp-server/tools/utils/newToolDefinition.js +45 -0
package/dist/mcp-server/tools/utils/newToolDefinition.js.map +1 -0
package/dist/mcp-server/tools/utils/newToolHandlerFactory.d.ts +33 -0
package/dist/mcp-server/tools/utils/newToolHandlerFactory.d.ts.map +1 -0
package/dist/mcp-server/tools/utils/newToolHandlerFactory.js +107 -0
package/dist/mcp-server/tools/utils/newToolHandlerFactory.js.map +1 -0
package/dist/mcp-server/tools/utils/toolDefinition.d.ts +118 -0
package/dist/mcp-server/tools/utils/toolDefinition.d.ts.map +1 -0
package/dist/mcp-server/tools/utils/toolDefinition.js +2 -0
package/dist/mcp-server/tools/utils/toolDefinition.js.map +1 -0
package/dist/mcp-server/tools/utils/toolHandlerFactory.d.ts +34 -0
package/dist/mcp-server/tools/utils/toolHandlerFactory.d.ts.map +1 -0
package/dist/mcp-server/tools/utils/toolHandlerFactory.js +68 -0
package/dist/mcp-server/tools/utils/toolHandlerFactory.js.map +1 -0
package/dist/mcp-server/transports/ITransport.d.ts +15 -0
package/dist/mcp-server/transports/ITransport.d.ts.map +1 -0
package/dist/mcp-server/transports/ITransport.js +2 -0
package/dist/mcp-server/transports/ITransport.js.map +1 -0
package/dist/mcp-server/transports/auth/authFactory.d.ts +11 -0
package/dist/mcp-server/transports/auth/authFactory.d.ts.map +1 -0
package/dist/mcp-server/transports/auth/authFactory.js +43 -0
package/dist/mcp-server/transports/auth/authFactory.js.map +1 -0
package/dist/mcp-server/transports/auth/authMiddleware.d.ts +24 -0
package/dist/mcp-server/transports/auth/authMiddleware.d.ts.map +1 -0
package/dist/mcp-server/transports/auth/authMiddleware.js +69 -0
package/dist/mcp-server/transports/auth/authMiddleware.js.map +1 -0
package/dist/mcp-server/transports/auth/lib/authContext.d.ts +34 -0
package/dist/mcp-server/transports/auth/lib/authContext.d.ts.map +1 -0
package/dist/mcp-server/transports/auth/lib/authContext.js +25 -0
package/dist/mcp-server/transports/auth/lib/authContext.js.map +1 -0
package/dist/mcp-server/transports/auth/lib/authTypes.d.ts +19 -0
package/dist/mcp-server/transports/auth/lib/authTypes.d.ts.map +1 -0
package/dist/mcp-server/transports/auth/lib/authTypes.js +2 -0
package/dist/mcp-server/transports/auth/lib/authTypes.js.map +1 -0
package/dist/mcp-server/transports/auth/lib/authUtils.d.ts +18 -0
package/dist/mcp-server/transports/auth/lib/authUtils.d.ts.map +1 -0
package/dist/mcp-server/transports/auth/lib/authUtils.js +64 -0
package/dist/mcp-server/transports/auth/lib/authUtils.js.map +1 -0
package/dist/mcp-server/transports/auth/lib/checkScopes.d.ts +25 -0
package/dist/mcp-server/transports/auth/lib/checkScopes.d.ts.map +1 -0
package/dist/mcp-server/transports/auth/lib/checkScopes.js +34 -0
package/dist/mcp-server/transports/auth/lib/checkScopes.js.map +1 -0
package/dist/mcp-server/transports/auth/lib/claimParser.d.ts +34 -0
package/dist/mcp-server/transports/auth/lib/claimParser.d.ts.map +1 -0
package/dist/mcp-server/transports/auth/lib/claimParser.js +58 -0
package/dist/mcp-server/transports/auth/lib/claimParser.js.map +1 -0
package/dist/mcp-server/transports/auth/lib/withAuth.d.ts +25 -0
package/dist/mcp-server/transports/auth/lib/withAuth.d.ts.map +1 -0
package/dist/mcp-server/transports/auth/lib/withAuth.js +30 -0
package/dist/mcp-server/transports/auth/lib/withAuth.js.map +1 -0
package/dist/mcp-server/transports/auth/strategies/authStrategy.d.ts +18 -0
package/dist/mcp-server/transports/auth/strategies/authStrategy.d.ts.map +1 -0
package/dist/mcp-server/transports/auth/strategies/authStrategy.js +2 -0
package/dist/mcp-server/transports/auth/strategies/authStrategy.js.map +1 -0
package/dist/mcp-server/transports/auth/strategies/jwtStrategy.d.ts +14 -0
package/dist/mcp-server/transports/auth/strategies/jwtStrategy.d.ts.map +1 -0
package/dist/mcp-server/transports/auth/strategies/jwtStrategy.js +86 -0
package/dist/mcp-server/transports/auth/strategies/jwtStrategy.js.map +1 -0
package/dist/mcp-server/transports/auth/strategies/oauthStrategy.d.ts +14 -0
package/dist/mcp-server/transports/auth/strategies/oauthStrategy.d.ts.map +1 -0
package/dist/mcp-server/transports/auth/strategies/oauthStrategy.js +113 -0
package/dist/mcp-server/transports/auth/strategies/oauthStrategy.js.map +1 -0
package/dist/mcp-server/transports/http/httpErrorHandler.d.ts +25 -0
package/dist/mcp-server/transports/http/httpErrorHandler.d.ts.map +1 -0
package/dist/mcp-server/transports/http/httpErrorHandler.js +112 -0
package/dist/mcp-server/transports/http/httpErrorHandler.js.map +1 -0
package/dist/mcp-server/transports/http/httpTransport.d.ts +47 -0
package/dist/mcp-server/transports/http/httpTransport.d.ts.map +1 -0
package/dist/mcp-server/transports/http/httpTransport.js +396 -0
package/dist/mcp-server/transports/http/httpTransport.js.map +1 -0
package/dist/mcp-server/transports/http/httpTypes.d.ts +17 -0
package/dist/mcp-server/transports/http/httpTypes.d.ts.map +1 -0
package/dist/mcp-server/transports/http/httpTypes.js +2 -0
package/dist/mcp-server/transports/http/httpTypes.js.map +1 -0
package/dist/mcp-server/transports/http/protectedResourceMetadata.d.ts +21 -0
package/dist/mcp-server/transports/http/protectedResourceMetadata.d.ts.map +1 -0
package/dist/mcp-server/transports/http/protectedResourceMetadata.js +44 -0
package/dist/mcp-server/transports/http/protectedResourceMetadata.js.map +1 -0
package/dist/mcp-server/transports/http/sessionIdUtils.d.ts +33 -0
package/dist/mcp-server/transports/http/sessionIdUtils.d.ts.map +1 -0
package/dist/mcp-server/transports/http/sessionIdUtils.js +54 -0
package/dist/mcp-server/transports/http/sessionIdUtils.js.map +1 -0
package/dist/mcp-server/transports/http/sessionStore.d.ts +87 -0
package/dist/mcp-server/transports/http/sessionStore.d.ts.map +1 -0
package/dist/mcp-server/transports/http/sessionStore.js +209 -0
package/dist/mcp-server/transports/http/sessionStore.js.map +1 -0
package/dist/mcp-server/transports/manager.d.ts +22 -0
package/dist/mcp-server/transports/manager.d.ts.map +1 -0
package/dist/mcp-server/transports/manager.js +62 -0
package/dist/mcp-server/transports/manager.js.map +1 -0
package/dist/mcp-server/transports/stdio/stdioTransport.d.ts +44 -0
package/dist/mcp-server/transports/stdio/stdioTransport.d.ts.map +1 -0
package/dist/mcp-server/transports/stdio/stdioTransport.js +63 -0
package/dist/mcp-server/transports/stdio/stdioTransport.js.map +1 -0
package/dist/services/graph/core/GraphService.d.ts +205 -0
package/dist/services/graph/core/GraphService.d.ts.map +1 -0
package/dist/services/graph/core/GraphService.js +231 -0
package/dist/services/graph/core/GraphService.js.map +1 -0
package/dist/services/graph/core/IGraphProvider.d.ts +295 -0
package/dist/services/graph/core/IGraphProvider.d.ts.map +1 -0
package/dist/services/graph/core/IGraphProvider.js +8 -0
package/dist/services/graph/core/IGraphProvider.js.map +1 -0
package/dist/services/graph/types.d.ts +107 -0
package/dist/services/graph/types.d.ts.map +1 -0
package/dist/services/graph/types.js +8 -0
package/dist/services/graph/types.js.map +1 -0
package/dist/services/llm/core/ILlmProvider.d.ts +86 -0
package/dist/services/llm/core/ILlmProvider.d.ts.map +1 -0
package/dist/services/llm/core/ILlmProvider.js +2 -0
package/dist/services/llm/core/ILlmProvider.js.map +1 -0
package/dist/services/llm/providers/openrouter.provider.d.ts +187 -0
package/dist/services/llm/providers/openrouter.provider.d.ts.map +1 -0
package/dist/services/llm/providers/openrouter.provider.js +302 -0
package/dist/services/llm/providers/openrouter.provider.js.map +1 -0
package/dist/services/llm/types.d.ts +16 -0
package/dist/services/llm/types.d.ts.map +1 -0
package/dist/services/llm/types.js +9 -0
package/dist/services/llm/types.js.map +1 -0
package/dist/services/speech/core/ISpeechProvider.d.ts +92 -0
package/dist/services/speech/core/ISpeechProvider.d.ts.map +1 -0
package/dist/services/speech/core/ISpeechProvider.js +34 -0
package/dist/services/speech/core/ISpeechProvider.js.map +1 -0
package/dist/services/speech/core/SpeechService.d.ts +87 -0
package/dist/services/speech/core/SpeechService.d.ts.map +1 -0
package/dist/services/speech/core/SpeechService.js +135 -0
package/dist/services/speech/core/SpeechService.js.map +1 -0
package/dist/services/speech/providers/elevenlabs.provider.d.ts +77 -0
package/dist/services/speech/providers/elevenlabs.provider.d.ts.map +1 -0
package/dist/services/speech/providers/elevenlabs.provider.js +199 -0
package/dist/services/speech/providers/elevenlabs.provider.js.map +1 -0
package/dist/services/speech/providers/whisper.provider.d.ts +94 -0
package/dist/services/speech/providers/whisper.provider.d.ts.map +1 -0
package/dist/services/speech/providers/whisper.provider.js +240 -0
package/dist/services/speech/providers/whisper.provider.js.map +1 -0
package/dist/services/speech/types.d.ts +173 -0
package/dist/services/speech/types.d.ts.map +1 -0
package/dist/services/speech/types.js +8 -0
package/dist/services/speech/types.js.map +1 -0
package/dist/storage/core/IStorageProvider.d.ts +159 -0
package/dist/storage/core/IStorageProvider.d.ts.map +1 -0
package/dist/storage/core/IStorageProvider.js +2 -0
package/dist/storage/core/IStorageProvider.js.map +1 -0
package/dist/storage/core/StorageService.d.ts +22 -0
package/dist/storage/core/StorageService.d.ts.map +1 -0
package/dist/storage/core/StorageService.js +151 -0
package/dist/storage/core/StorageService.js.map +1 -0
package/dist/storage/core/storageFactory.d.ts +66 -0
package/dist/storage/core/storageFactory.d.ts.map +1 -0
package/dist/storage/core/storageFactory.js +122 -0
package/dist/storage/core/storageFactory.js.map +1 -0
package/dist/storage/core/storageValidation.d.ts +77 -0
package/dist/storage/core/storageValidation.d.ts.map +1 -0
package/dist/storage/core/storageValidation.js +303 -0
package/dist/storage/core/storageValidation.js.map +1 -0
package/dist/storage/providers/cloudflare/d1Provider.d.ts +94 -0
package/dist/storage/providers/cloudflare/d1Provider.d.ts.map +1 -0
package/dist/storage/providers/cloudflare/d1Provider.js +347 -0
package/dist/storage/providers/cloudflare/d1Provider.js.map +1 -0
package/dist/storage/providers/cloudflare/kvProvider.d.ts +21 -0
package/dist/storage/providers/cloudflare/kvProvider.d.ts.map +1 -0
package/dist/storage/providers/cloudflare/kvProvider.js +183 -0
package/dist/storage/providers/cloudflare/kvProvider.js.map +1 -0
package/dist/storage/providers/cloudflare/r2Provider.d.ts +28 -0
package/dist/storage/providers/cloudflare/r2Provider.d.ts.map +1 -0
package/dist/storage/providers/cloudflare/r2Provider.js +222 -0
package/dist/storage/providers/cloudflare/r2Provider.js.map +1 -0
package/dist/storage/providers/fileSystem/fileSystemProvider.d.ts +20 -0
package/dist/storage/providers/fileSystem/fileSystemProvider.d.ts.map +1 -0
package/dist/storage/providers/fileSystem/fileSystemProvider.js +282 -0
package/dist/storage/providers/fileSystem/fileSystemProvider.js.map +1 -0
package/dist/storage/providers/inMemory/inMemoryProvider.d.ts +21 -0
package/dist/storage/providers/inMemory/inMemoryProvider.d.ts.map +1 -0
package/dist/storage/providers/inMemory/inMemoryProvider.js +139 -0
package/dist/storage/providers/inMemory/inMemoryProvider.js.map +1 -0
package/dist/storage/providers/supabase/supabase.types.d.ts +49 -0
package/dist/storage/providers/supabase/supabase.types.d.ts.map +1 -0
package/dist/storage/providers/supabase/supabase.types.js +8 -0
package/dist/storage/providers/supabase/supabase.types.js.map +1 -0
package/dist/storage/providers/supabase/supabaseProvider.d.ts +24 -0
package/dist/storage/providers/supabase/supabaseProvider.d.ts.map +1 -0
package/dist/storage/providers/supabase/supabaseProvider.js +209 -0
package/dist/storage/providers/supabase/supabaseProvider.js.map +1 -0
package/dist/testing/index.d.ts +53 -0
package/dist/testing/index.d.ts.map +1 -0
package/dist/testing/index.js +132 -0
package/dist/testing/index.js.map +1 -0
package/dist/types-global/errors.d.ts +83 -0
package/dist/types-global/errors.d.ts.map +1 -0
package/dist/types-global/errors.js +113 -0
package/dist/types-global/errors.js.map +1 -0
package/dist/utils/formatting/diffFormatter.d.ts +227 -0
package/dist/utils/formatting/diffFormatter.d.ts.map +1 -0
package/dist/utils/formatting/diffFormatter.js +369 -0
package/dist/utils/formatting/diffFormatter.js.map +1 -0
package/dist/utils/formatting/index.d.ts +9 -0
package/dist/utils/formatting/index.d.ts.map +1 -0
package/dist/utils/formatting/index.js +9 -0
package/dist/utils/formatting/index.js.map +1 -0
package/dist/utils/formatting/markdownBuilder.d.ts +543 -0
package/dist/utils/formatting/markdownBuilder.d.ts.map +1 -0
package/dist/utils/formatting/markdownBuilder.js +674 -0
package/dist/utils/formatting/markdownBuilder.js.map +1 -0
package/dist/utils/formatting/tableFormatter.d.ts +261 -0
package/dist/utils/formatting/tableFormatter.d.ts.map +1 -0
package/dist/utils/formatting/tableFormatter.js +456 -0
package/dist/utils/formatting/tableFormatter.js.map +1 -0
package/dist/utils/formatting/treeFormatter.d.ts +344 -0
package/dist/utils/formatting/treeFormatter.d.ts.map +1 -0
package/dist/utils/formatting/treeFormatter.js +400 -0
package/dist/utils/formatting/treeFormatter.js.map +1 -0
package/dist/utils/internal/encoding.d.ts +42 -0
package/dist/utils/internal/encoding.d.ts.map +1 -0
package/dist/utils/internal/encoding.js +87 -0
package/dist/utils/internal/encoding.js.map +1 -0
package/dist/utils/internal/error-handler/errorHandler.d.ts +140 -0
package/dist/utils/internal/error-handler/errorHandler.d.ts.map +1 -0
package/dist/utils/internal/error-handler/errorHandler.js +318 -0
package/dist/utils/internal/error-handler/errorHandler.js.map +1 -0
package/dist/utils/internal/error-handler/helpers.d.ts +98 -0
package/dist/utils/internal/error-handler/helpers.d.ts.map +1 -0
package/dist/utils/internal/error-handler/helpers.js +214 -0
package/dist/utils/internal/error-handler/helpers.js.map +1 -0
package/dist/utils/internal/error-handler/mappings.d.ts +85 -0
package/dist/utils/internal/error-handler/mappings.d.ts.map +1 -0
package/dist/utils/internal/error-handler/mappings.js +234 -0
package/dist/utils/internal/error-handler/mappings.js.map +1 -0
package/dist/utils/internal/error-handler/types.d.ts +160 -0
package/dist/utils/internal/error-handler/types.d.ts.map +1 -0
package/dist/utils/internal/error-handler/types.js +6 -0
package/dist/utils/internal/error-handler/types.js.map +1 -0
package/dist/utils/internal/health.d.ts +60 -0
package/dist/utils/internal/health.d.ts.map +1 -0
package/dist/utils/internal/health.js +46 -0
package/dist/utils/internal/health.js.map +1 -0
package/dist/utils/internal/logger.d.ts +300 -0
package/dist/utils/internal/logger.d.ts.map +1 -0
package/dist/utils/internal/logger.js +573 -0
package/dist/utils/internal/logger.js.map +1 -0
package/dist/utils/internal/performance.d.ts +78 -0
package/dist/utils/internal/performance.d.ts.map +1 -0
package/dist/utils/internal/performance.js +227 -0
package/dist/utils/internal/performance.js.map +1 -0
package/dist/utils/internal/requestContext.d.ts +200 -0
package/dist/utils/internal/requestContext.d.ts.map +1 -0
package/dist/utils/internal/requestContext.js +163 -0
package/dist/utils/internal/requestContext.js.map +1 -0
package/dist/utils/internal/runtime.d.ts +49 -0
package/dist/utils/internal/runtime.d.ts.map +1 -0
package/dist/utils/internal/runtime.js +90 -0
package/dist/utils/internal/runtime.js.map +1 -0
package/dist/utils/internal/startupBanner.d.ts +23 -0
package/dist/utils/internal/startupBanner.d.ts.map +1 -0
package/dist/utils/internal/startupBanner.js +34 -0
package/dist/utils/internal/startupBanner.js.map +1 -0
package/dist/utils/metrics/tokenCounter.d.ts +97 -0
package/dist/utils/metrics/tokenCounter.d.ts.map +1 -0
package/dist/utils/metrics/tokenCounter.js +162 -0
package/dist/utils/metrics/tokenCounter.js.map +1 -0
package/dist/utils/network/fetchWithTimeout.d.ts +91 -0
package/dist/utils/network/fetchWithTimeout.d.ts.map +1 -0
package/dist/utils/network/fetchWithTimeout.js +305 -0
package/dist/utils/network/fetchWithTimeout.js.map +1 -0
package/dist/utils/pagination/pagination.d.ts +157 -0
package/dist/utils/pagination/pagination.d.ts.map +1 -0
package/dist/utils/pagination/pagination.js +191 -0
package/dist/utils/pagination/pagination.js.map +1 -0
package/dist/utils/parsing/csvParser.d.ts +84 -0
package/dist/utils/parsing/csvParser.d.ts.map +1 -0
package/dist/utils/parsing/csvParser.js +132 -0
package/dist/utils/parsing/csvParser.js.map +1 -0
package/dist/utils/parsing/dateParser.d.ts +103 -0
package/dist/utils/parsing/dateParser.d.ts.map +1 -0
package/dist/utils/parsing/dateParser.js +142 -0
package/dist/utils/parsing/dateParser.js.map +1 -0
package/dist/utils/parsing/frontmatterParser.d.ts +91 -0
package/dist/utils/parsing/frontmatterParser.d.ts.map +1 -0
package/dist/utils/parsing/frontmatterParser.js +163 -0
package/dist/utils/parsing/frontmatterParser.js.map +1 -0
package/dist/utils/parsing/index.d.ts +15 -0
package/dist/utils/parsing/index.d.ts.map +1 -0
package/dist/utils/parsing/index.js +15 -0
package/dist/utils/parsing/index.js.map +1 -0
package/dist/utils/parsing/jsonParser.d.ts +115 -0
package/dist/utils/parsing/jsonParser.d.ts.map +1 -0
package/dist/utils/parsing/jsonParser.js +177 -0
package/dist/utils/parsing/jsonParser.js.map +1 -0
package/dist/utils/parsing/pdfParser.d.ts +563 -0
package/dist/utils/parsing/pdfParser.d.ts.map +1 -0
package/dist/utils/parsing/pdfParser.js +775 -0
package/dist/utils/parsing/pdfParser.js.map +1 -0
package/dist/utils/parsing/thinkBlock.d.ts +31 -0
package/dist/utils/parsing/thinkBlock.d.ts.map +1 -0
package/dist/utils/parsing/thinkBlock.js +31 -0
package/dist/utils/parsing/thinkBlock.js.map +1 -0
package/dist/utils/parsing/xmlParser.d.ts +69 -0
package/dist/utils/parsing/xmlParser.d.ts.map +1 -0
package/dist/utils/parsing/xmlParser.js +140 -0
package/dist/utils/parsing/xmlParser.js.map +1 -0
package/dist/utils/parsing/yamlParser.d.ts +64 -0
package/dist/utils/parsing/yamlParser.d.ts.map +1 -0
package/dist/utils/parsing/yamlParser.js +129 -0
package/dist/utils/parsing/yamlParser.js.map +1 -0
package/dist/utils/scheduling/scheduler.d.ts +174 -0
package/dist/utils/scheduling/scheduler.d.ts.map +1 -0
package/dist/utils/scheduling/scheduler.js +248 -0
package/dist/utils/scheduling/scheduler.js.map +1 -0
package/dist/utils/security/idGenerator.d.ts +189 -0
package/dist/utils/security/idGenerator.d.ts.map +1 -0
package/dist/utils/security/idGenerator.js +301 -0
package/dist/utils/security/idGenerator.js.map +1 -0
package/dist/utils/security/index.d.ts +8 -0
package/dist/utils/security/index.d.ts.map +1 -0
package/dist/utils/security/index.js +8 -0
package/dist/utils/security/index.js.map +1 -0
package/dist/utils/security/rateLimiter.d.ts +171 -0
package/dist/utils/security/rateLimiter.d.ts.map +1 -0
package/dist/utils/security/rateLimiter.js +294 -0
package/dist/utils/security/rateLimiter.js.map +1 -0
package/dist/utils/security/sanitization.d.ts +430 -0
package/dist/utils/security/sanitization.d.ts.map +1 -0
package/dist/utils/security/sanitization.js +759 -0
package/dist/utils/security/sanitization.js.map +1 -0
package/dist/utils/telemetry/index.d.ts +12 -0
package/dist/utils/telemetry/index.d.ts.map +1 -0
package/dist/utils/telemetry/index.js +12 -0
package/dist/utils/telemetry/index.js.map +1 -0
package/dist/utils/telemetry/instrumentation.d.ts +62 -0
package/dist/utils/telemetry/instrumentation.d.ts.map +1 -0
package/dist/utils/telemetry/instrumentation.js +223 -0
package/dist/utils/telemetry/instrumentation.js.map +1 -0
package/dist/utils/telemetry/metrics.d.ts +170 -0
package/dist/utils/telemetry/metrics.d.ts.map +1 -0
package/dist/utils/telemetry/metrics.js +205 -0
package/dist/utils/telemetry/metrics.js.map +1 -0
package/dist/utils/telemetry/semconv.d.ts +147 -0
package/dist/utils/telemetry/semconv.d.ts.map +1 -0
package/dist/utils/telemetry/semconv.js +159 -0
package/dist/utils/telemetry/semconv.js.map +1 -0
package/dist/utils/telemetry/trace.d.ts +141 -0
package/dist/utils/telemetry/trace.d.ts.map +1 -0
package/dist/utils/telemetry/trace.js +193 -0
package/dist/utils/telemetry/trace.js.map +1 -0
package/dist/utils/types/guards.d.ts +209 -0
package/dist/utils/types/guards.d.ts.map +1 -0
package/dist/utils/types/guards.js +229 -0
package/dist/utils/types/guards.js.map +1 -0
package/dist/utils/types/index.d.ts +6 -0
package/dist/utils/types/index.d.ts.map +1 -0
package/dist/utils/types/index.js +6 -0
package/dist/utils/types/index.js.map +1 -0
package/dist/worker.d.ts +59 -0
package/dist/worker.d.ts.map +1 -0
package/dist/worker.js +216 -0
package/dist/worker.js.map +1 -0
package/package.json +377 -0
package/skills/README.md +38 -0
package/skills/add-export/SKILL.md +49 -0
package/skills/add-prompt/SKILL.md +97 -0
package/skills/add-provider/SKILL.md +53 -0
package/skills/add-resource/SKILL.md +107 -0
package/skills/add-service/SKILL.md +113 -0
package/skills/add-tool/SKILL.md +110 -0
package/skills/api-auth/SKILL.md +173 -0
package/skills/api-config/SKILL.md +68 -0
package/skills/api-context/SKILL.md +321 -0
package/skills/api-errors/SKILL.md +146 -0
package/skills/api-services/SKILL.md +24 -0
package/skills/api-services/references/graph.md +124 -0
package/skills/api-services/references/llm.md +46 -0
package/skills/api-services/references/speech.md +72 -0
package/skills/api-testing/SKILL.md +263 -0
package/skills/api-utils/SKILL.md +106 -0
package/skills/api-utils/references/formatting.md +237 -0
package/skills/api-utils/references/parsing.md +263 -0
package/skills/api-utils/references/security.md +226 -0
package/skills/api-workers/SKILL.md +165 -0
package/skills/devcheck/SKILL.md +31 -0
package/skills/maintenance/SKILL.md +52 -0
package/skills/migrate-mcp-ts-template/SKILL.md +131 -0
package/skills/release/SKILL.md +67 -0
package/skills/setup/SKILL.md +89 -0
package/skills/walkthrough-init/SKILL.md +50 -0
package/templates/.env.example +17 -0
package/templates/AGENTS.md +113 -0
package/templates/CLAUDE.md +113 -0
package/templates/_tsconfig.json +33 -0
package/templates/biome.template.json +43 -0
package/templates/package.json +26 -0
package/templates/src/index.ts +16 -0
package/templates/src/mcp-server/prompts/definitions/echo.prompt.ts +19 -0
package/templates/src/mcp-server/resources/definitions/echo.resource.ts +30 -0
package/templates/src/mcp-server/tools/definitions/echo.tool.ts +24 -0
package/templates/vitest.config.ts +12 -0
package/tsconfig.base.json +44 -0
package/vitest.config.base.ts +38 -0

package/skills/api-utils/references/parsing.md ADDED Viewed

@@ -0,0 +1,263 @@
+# Parsing Utilities (`utils/parsing`)
+```ts
+import { yamlParser, xmlParser, csvParser, jsonParser, pdfParser, dateParser, frontmatterParser } from '@cyanheads/mcp-ts-core/utils/parsing';
+```
+All parsers are **Tier 3** — lazy-load their peer dependency on first call. All methods are **async** unless noted.
+**Common behavior:**
+- Singleton instances exported alongside classes
+- `<think>...</think>` blocks at the start of input are automatically stripped and logged at `debug` level (except `dateParser` and `pdfParser`)
+- All `context?: RequestContext` parameters are optional (synthetic context created if omitted)
+- Errors throw `McpError` — never return error values
+---
+## `yamlParser`
+**Peer dep:** `js-yaml` (`bun add js-yaml`)
+| Method | Signature |
+|:-------|:----------|
+| `parse` | `<T = unknown>(yamlString, context?) -> Promise<T>` |
+Uses `js-yaml` `DEFAULT_SCHEMA`. Throws `ConfigurationError` if dep missing, `ValidationError` on empty/malformed input.
+```ts
+const config = await yamlParser.parse<ServerConfig>(yamlString);
+```
+---
+## `xmlParser`
+**Peer dep:** `fast-xml-parser` (`bun add fast-xml-parser`)
+| Method | Signature |
+|:-------|:----------|
+| `parse` | `<T = unknown>(xmlString, context?) -> Promise<T>` |
+Internal `XMLParser` instance constructed once with `{ processEntities: false, htmlEntities: false }` and cached. Entity refs pass through as-is.
+```ts
+const data = await xmlParser.parse<FeedResponse>(xmlString);
+```
+---
+## `csvParser`
+**Peer dep:** `papaparse` (`bun add papaparse`)
+| Method | Signature |
+|:-------|:----------|
+| `parse` | `<T = unknown>(csvString, options?, context?) -> Promise<Papa.ParseResult<T>>` |
+`options` is `Papa.ParseConfig` forwarded verbatim — key options: `header`, `delimiter`, `dynamicTyping`. Returns `{ data: T[], errors: ParseError[], meta: ParseMeta }`. Throws `ValidationError` if `result.errors` is non-empty.
+```ts
+const result = await csvParser.parse<Row>(csvString, { header: true, dynamicTyping: true });
+for (const row of result.data) { /* ... */ }
+```
+---
+## `jsonParser`
+**Peer dep:** `partial-json` (`bun add partial-json`)
+| Method | Signature |
+|:-------|:----------|
+| `parse` | `<T = unknown>(jsonString, allowPartial?, context?) -> Promise<T>` |
+`allowPartial` defaults to `Allow.ALL`. Combine `Allow` flags with bitwise OR for fine-grained control over what partial constructs to accept.
+### `Allow` flags
+| Flag | Value | Meaning |
+|:-----|------:|:--------|
+| `STR` | `0x1` | Partial strings |
+| `NUM` | `0x2` | Partial numbers |
+| `ARR` | `0x4` | Partial arrays |
+| `OBJ` | `0x8` | Partial objects |
+| `NULL` | `0x10` | Partial nulls |
+| `BOOL` | `0x20` | Partial booleans |
+| `NAN` | `0x40` | NaN values |
+| `INFINITY` | `0x80` | Positive Infinity |
+| `_INFINITY` | `0x100` | Negative Infinity |
+| `INF` | `0x180` | Both Infinity variants |
+| `SPECIAL` | `0x1F0` | NULL \| BOOL \| NAN \| INF |
+| `ATOM` | `0x1F3` | All atomic types |
+| `COLLECTION` | `0xC` | ARR \| OBJ |
+| `ALL` | `0x1FF` | Everything (default) |
+```ts
+// Parse streaming/partial JSON from LLM output
+const partial = await jsonParser.parse<ToolCall>(chunk, Allow.OBJ | Allow.STR);
+// Strict parse — no partial constructs
+const strict = await jsonParser.parse<Config>(jsonString, 0);
+```
+---
+## `pdfParser`
+**Peer deps:** `pdf-lib` + `unpdf` (`bun add pdf-lib unpdf`)
+### Methods
+| Method | Sync? | Signature |
+|:-------|:------|:----------|
+| `createDocument` | async | `(context?) -> Promise<PDFDocument>` |
+| `loadDocument` | async | `(pdfBytes, context?) -> Promise<PDFDocument>` |
+| `addPage` | **sync** | `(doc, options?) -> PDFPage` |
+| `embedFont` | async | `(doc, fontName?, context?) -> Promise<PDFFont>` |
+| `embedImage` | async | `(doc, options, context?) -> Promise<PDFImage>` |
+| `drawText` | async | `(page, options) -> Promise<void>` |
+| `drawImage` | async | `(page, options) -> Promise<void>` |
+| `mergePdfs` | async | `(pdfBytesArray, context?) -> Promise<PDFDocument>` |
+| `splitPdf` | async | `(pdfBytes, ranges, context?) -> Promise<PDFDocument[]>` |
+| `fillForm` | **sync** | `(doc, options, context?) -> void` |
+| `extractMetadata` | **sync** | `(doc) -> PdfMetadata` |
+| `setMetadata` | **sync** | `(doc, metadata) -> void` |
+| `extractText` | async | `(doc, options?, context?) -> Promise<ExtractTextResult>` |
+| `saveDocument` | async | `(doc, context?) -> Promise<Uint8Array>` |
+### Option types
+```ts
+interface AddPageOptions { height?: number; width?: number }  // default: 612x792 (US Letter)
+interface DrawTextOptions {
+  text: string; x: number; y: number;
+  size?: number;        // default 12
+  font?: PDFFont;       // default Helvetica
+  color?: RGB;          // default black
+  rotate?: number;      // degrees, default 0
+  maxWidth?: number;    // enables word-wrap when set
+  lineHeight?: number;  // multiplier, default 1.2
+}
+interface EmbedImageOptions { imageBytes: Uint8Array | ArrayBuffer; format: 'png' | 'jpg' }
+interface DrawImageOptions {
+  image: PDFImage; x: number; y: number;
+  width?: number; height?: number;  // default: intrinsic dimensions
+  rotate?: number; opacity?: number; // default: 0, 1
+}
+interface PageRange { start: number; end: number }  // 0-based, inclusive
+interface FillFormOptions {
+  fields: Record<string, string | boolean | number>;
+  flatten?: boolean;  // default false — flatten removes form interactivity
+}
+interface ExtractTextOptions { mergePages?: boolean }  // default false
+interface ExtractTextResult { text: string | string[]; totalPages: number }
+// mergePages=true -> single string; false -> string[] per page
+interface PdfMetadata {
+  pageCount: number;
+  title?: string; author?: string; subject?: string; keywords?: string;
+  creator?: string; producer?: string;
+  creationDate?: string; modificationDate?: string;  // ISO 8601
+}
+interface SetMetadataOptions {
+  title?: string; author?: string; subject?: string; keywords?: string;
+  creator?: string; producer?: string;
+}
+```
+Also re-exports from `pdf-lib`: `PDFDocument`, `PDFFont`, `PDFImage`, `PDFPage`, `RGB`.
+### Usage
+```ts
+// Create a PDF
+const doc = await pdfParser.createDocument();
+const page = pdfParser.addPage(doc, { width: 612, height: 792 });
+const font = await pdfParser.embedFont(doc, 'Helvetica');
+await pdfParser.drawText(page, { text: 'Hello', x: 50, y: 700, font, size: 24 });
+const bytes = await pdfParser.saveDocument(doc);
+// Extract text from existing PDF
+const loaded = await pdfParser.loadDocument(existingBytes);
+const result = await pdfParser.extractText(loaded, { mergePages: true });
+// result: { text: 'full document text', totalPages: 5 }
+// Merge multiple PDFs
+const merged = await pdfParser.mergePdfs([pdf1Bytes, pdf2Bytes]);
+// Fill form fields
+pdfParser.fillForm(doc, {
+  fields: { name: 'Alice', approved: true, score: 95 },
+  flatten: true,
+});
+```
+---
+## `dateParser`
+**Peer dep:** `chrono-node` (`bun add chrono-node`)
+Unlike other parsers, `dateParser` is a plain object (not a class singleton) and `context` is **required**.
+| Method | Signature | Returns |
+|:-------|:----------|:--------|
+| `parseDate` | `(text, context, refDate?) -> Promise<Date \| null>` | First parsed date, or `null` |
+| `parse` | `(text, context, refDate?) -> Promise<chrono.ParsedResult[]>` | Full chrono results array |
+Both use `forwardDate: true` — ambiguous relative dates resolve to the next future occurrence.
+Also exported as standalone functions: `parseDateString` (= `parseDate`) and `parseDateStringDetailed` (= `parse`).
+```ts
+const date = await dateParser.parseDate('next Tuesday at 3pm', ctx);
+// Date object for the upcoming Tuesday
+const results = await dateParser.parse('between March 1 and March 15', ctx);
+// Array of ParsedResult with start/end components
+```
+---
+## `frontmatterParser`
+**Peer dep:** inherits `js-yaml` via `yamlParser` (`bun add js-yaml`)
+| Method | Signature |
+|:-------|:----------|
+| `parse` | `<T = unknown>(markdown, context?) -> Promise<FrontmatterResult<T>>` |
+```ts
+interface FrontmatterResult<T = unknown> {
+  frontmatter: T;         // parsed YAML object, or {} if none found
+  content: string;        // markdown body after frontmatter block
+  hasFrontmatter: boolean;
+}
+```
+Matches `--- ... ---` at the very start of the document. An empty `---\n---` block returns `frontmatter: {}` with `hasFrontmatter: true`. Delegates YAML parsing to `yamlParser`, so `<think>` blocks are also stripped from the YAML content.
+```ts
+const { frontmatter, content, hasFrontmatter } = await frontmatterParser.parse<SkillMeta>(markdown);
+if (hasFrontmatter) {
+  console.log(frontmatter.name, frontmatter.version);
+}
+```
+---
+## `thinkBlockRegex`
+Exported from the barrel. Regex: `/^<think>([\s\S]*?)<\/think>\s*([\s\S]*)$/`
+- Group 1: content inside `<think>` tag
+- Group 2: payload after the closing tag
+- Only matches when `<think>` is the very first character of the string

package/skills/api-utils/references/security.md ADDED Viewed

@@ -0,0 +1,226 @@
+# Security Utilities (`utils/security`)
+```ts
+import { sanitization, RateLimiter, IdGenerator, idGenerator, generateUUID, generateRequestContextId } from '@cyanheads/mcp-ts-core/utils/security';
+```
+---
+## `sanitization`
+Pre-constructed singleton of `Sanitization`. Tier 3 peers: `sanitize-html`, `validator` (install as needed per method).
+### Methods
+| Method | Async | Peer dep | Signature |
+|:-------|:------|:---------|:----------|
+| `sanitizeHtml` | yes | `sanitize-html` | `(input, config?) -> Promise<string>` |
+| `sanitizeString` | yes | `sanitize-html` / `validator` | `(input, options?) -> Promise<string>` |
+| `sanitizeUrl` | yes | `validator` | `(input, allowedProtocols?) -> Promise<string>` |
+| `sanitizeNumber` | yes | `validator` (string input) | `(input, min?, max?) -> Promise<number>` |
+| `sanitizePath` | **no** | Node.js only | `(input, options?) -> SanitizedPathInfo` |
+| `sanitizeJson` | **no** | none | `<T>(input, maxSize?) -> T` |
+| `sanitizeForLogging` | **no** | none | `(input) -> unknown` |
+| `redactSensitiveFields` | **no** | none | `(data, fields?, ctx?) -> unknown` |
+| `getSensitivePinoFields` | **no** | none | `() -> string[]` |
+### Option types
+```ts
+interface HtmlSanitizeConfig {
+  allowedTags?: string[];
+  allowedAttributes?: sanitizeHtml.IOptions['allowedAttributes'];
+  preserveComments?: boolean;
+  transformTags?: sanitizeHtml.IOptions['transformTags'];
+}
+interface SanitizeStringOptions {
+  context?: 'text' | 'html' | 'attribute' | 'url' | 'javascript';  // default: 'text'
+  allowedTags?: string[];          // only used when context: 'html'
+  allowedAttributes?: Record<string, string[]>;  // only used when context: 'html'
+}
+interface PathSanitizeOptions {
+  allowAbsolute?: boolean;  // default: false
+  rootDir?: string;         // resolved via path.resolve before use
+  toPosix?: boolean;        // normalize backslashes to /
+}
+interface SanitizedPathInfo {
+  sanitizedPath: string;
+  originalInput: string;
+  wasAbsolute: boolean;
+  convertedToRelative: boolean;
+  optionsUsed: PathSanitizeOptions;
+}
+```
+### Behavior notes
+- `sanitizeHtml`: returns `''` for falsy input; `<a>` tags get `rel="noopener noreferrer"` by default
+- `sanitizeString`: `'javascript'` context always throws `McpError(ValidationError)` — no JavaScript allowed
+- `sanitizeUrl`: default protocols `['http', 'https']`; always blocks `javascript:`, `data:`, `vbscript:`
+- `sanitizePath`: **Node-only** — throws `McpError(InternalError)` in Workers. Throws `McpError(ValidationError)` on path traversal or null bytes.
+- `sanitizeJson`: `maxSize` is bytes (UTF-8); uses `Buffer.byteLength` / `TextEncoder` / `string.length` fallback chain
+- `sanitizeNumber`: `NaN`/`Infinity` always rejected; out-of-range values silently clamped with debug log
+- `sanitizeForLogging`: deep clones via `structuredClone`; returns `'[Log Sanitization Failed]'` on clone error
+### Sensitive fields
+Pre-populated: `password`, `token`, `secret`, `apiKey`, `credential`, `jwt`, `ssn`, `cvv`, `authorization`, `cookie`, `clientsecret`, `client_secret`, `private_key`, `privatekey`.
+Manage with `setSensitiveFields(fields)` (merges, deduped, lowercased) and `getSensitiveFields()`. `getSensitivePinoFields()` generates 3-depth pino `redact.paths` patterns from the current list.
+### Usage
+```ts
+// HTML sanitization
+const clean = await sanitization.sanitizeHtml(userHtml, {
+  allowedTags: ['p', 'b', 'i', 'a'],
+  allowedAttributes: { a: ['href'] },
+});
+// URL validation
+const safeUrl = await sanitization.sanitizeUrl(userUrl, ['http', 'https', 'mailto']);
+// Path sanitization (Node-only)
+const info = sanitization.sanitizePath(userPath, { rootDir: '/app/data', allowAbsolute: false });
+// info.sanitizedPath is safe to use in fs operations
+// JSON with size limit
+const data = sanitization.sanitizeJson<Config>(rawJson, 1024 * 1024); // 1MB max
+// Logging redaction
+const safe = sanitization.sanitizeForLogging({ password: 'secret', name: 'Alice' });
+// { password: '[REDACTED]', name: 'Alice' }
+```
+Also exported: `sanitizeInputForLogging(input)` — convenience wrapper around `sanitization.sanitizeForLogging`.
+---
+## `RateLimiter`
+In-process sliding window rate limiter with LRU eviction and OTEL span annotations.
+### Constructor
+```ts
+new RateLimiter(config: AppConfig, logger: Logger)
+```
+Reads initial settings from `AppConfig`. Call `configure()` to override at runtime.
+### Configuration
+```ts
+interface RateLimitConfig {
+  maxRequests: number;            // required
+  windowMs: number;               // required, in milliseconds
+  cleanupInterval?: number;       // ms between expired entry purges
+  maxTrackedKeys?: number;        // default 10,000; LRU eviction beyond this
+  skipInDevelopment?: boolean;    // skips limiting when environment === 'development'
+  errorMessage?: string;          // supports {waitTime} placeholder
+  keyGenerator?: (identifier: string, context?: RequestContext) => string;
+}
+```
+Defaults: `windowMs` 15 min, `maxRequests` 100, `cleanupInterval` 5 min, `maxTrackedKeys` 10,000.
+### Methods
+| Method | Signature | Notes |
+|:-------|:----------|:------|
+| `configure` | `(config: Partial<RateLimitConfig>) -> void` | Merges partial config; restarts cleanup timer if `cleanupInterval` changed |
+| `check` | `(key, context?) -> void` | Throws `McpError(RateLimited)` with data `{ waitTimeSeconds, key, limit, windowMs }` when exceeded; annotates active OTEL span |
+| `getStatus` | `(key) -> { current, limit, remaining, resetTime } \| null` | Does NOT apply `keyGenerator` — pass the already-resolved key |
+| `getConfig` | `() -> RateLimitConfig` | Shallow copy of effective config |
+| `reset` | `() -> void` | Clears all tracked entries (no per-key reset) |
+| `dispose` | `() -> void` | Stops cleanup timer and clears all entries; call on shutdown |
+### Usage
+```ts
+// In a service — check before expensive operation
+rateLimiter.check(`api:${ctx.tenantId}`, ctx);
+// Check status without consuming a request
+const status = rateLimiter.getStatus('api:tenant-123');
+if (status) {
+  console.log(`${status.remaining} requests left, resets at ${new Date(status.resetTime)}`);
+}
+// Runtime reconfiguration
+rateLimiter.configure({ maxRequests: 200, windowMs: 60_000 });
+// Cleanup on shutdown
+rateLimiter.dispose();
+```
+---
+## `IdGenerator` / `idGenerator`
+Crypto-random ID generation via Web Crypto API (`crypto.getRandomValues`). Rejection sampling prevents modulo bias.
+### Constructor
+```ts
+new IdGenerator(entityPrefixes?: EntityPrefixConfig)
+```
+`idGenerator` is the pre-constructed singleton (no prefixes registered by default).
+### Configuration
+```ts
+interface EntityPrefixConfig {
+  [key: string]: string;  // entityType -> prefix, e.g. { project: 'PROJ', task: 'TASK' }
+}
+interface IdGenerationOptions {
+  charset?: string;    // default: 'ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'
+  length?: number;     // default: 6 (random part length)
+  separator?: string;  // default: '_'
+}
+```
+### Methods
+| Method | Signature | Notes |
+|:-------|:----------|:------|
+| `generate` | `(prefix?, options?) -> string` | `PREFIX_XXXXXX` or just `XXXXXX` if no prefix |
+| `generateForEntity` | `(entityType, options?) -> string` | Uses registered prefix; throws `McpError(ValidationError)` if type unknown |
+| `generateRandomString` | `(length?, charset?) -> string` | Raw random string; defaults: length 6, charset `A-Z0-9` |
+| `isValid` | `(id, entityType, options?) -> boolean` | Regex-validates format against prefix + separator + charset{length} |
+| `getEntityType` | `(id, separator?) -> string` | Resolves entity type from prefix; throws `McpError(ValidationError)` if unknown |
+| `normalize` | `(id, separator?) -> string` | Canonical prefix casing + uppercase random part |
+| `stripPrefix` | `(id, separator?) -> string` | Returns random part; returns original if separator not found |
+| `setEntityPrefixes` | `(config) -> void` | Replaces all prefixes and rebuilds reverse lookup |
+| `getEntityPrefixes` | `() -> EntityPrefixConfig` | Copy of current config |
+### Standalone exports
+| Export | Returns | Notes |
+|:-------|:--------|:------|
+| `generateUUID()` | `string` | `crypto.randomUUID()` — UUID v4 |
+| `generateRequestContextId()` | `string` | `XXXXX-XXXXX` format (5+5 alphanumeric, hyphen-joined) |
+### Usage
+```ts
+// Simple ID with prefix
+const id = idGenerator.generate('PROJ'); // 'PROJ_A7K2M9'
+// Entity-based generation
+const gen = new IdGenerator({ project: 'PROJ', task: 'TASK' });
+const taskId = gen.generateForEntity('task'); // 'TASK_X3B8P1'
+const valid = gen.isValid('TASK_X3B8P1', 'task'); // true
+const type = gen.getEntityType('TASK_X3B8P1'); // 'task'
+// Raw random string
+const token = idGenerator.generateRandomString(32); // 32-char alphanumeric
+// UUIDs
+const uuid = generateUUID(); // 'a1b2c3d4-e5f6-...'
+```

package/skills/api-workers/SKILL.md ADDED Viewed

@@ -0,0 +1,165 @@
+---
+name: api-workers
+description: >
+  Cloudflare Workers deployment using `createWorkerHandler` from `@cyanheads/mcp-ts-core/worker`. Covers the full handler signature, binding types, CloudflareBindings extensibility, runtime compatibility guards, and wrangler.toml requirements.
+metadata:
+  author: cyanheads
+  version: "1.0"
+  audience: external
+  type: reference
+---
+## Overview
+`@cyanheads/mcp-ts-core/worker` exports `createWorkerHandler` — the Workers entry point. It wraps tool/resource/prompt registries into a per-request `McpServer` factory that integrates with the Cloudflare Workers runtime.
+---
+## `createWorkerHandler(options)`
+```ts
+import { createWorkerHandler } from '@cyanheads/mcp-ts-core/worker';
+import { allToolDefinitions } from './mcp-server/tools/index.js';
+import { allResourceDefinitions } from './mcp-server/resources/index.js';
+import { allPromptDefinitions } from './mcp-server/prompts/index.js';
+import { initMyService } from './services/my-domain/my-service.js';
+export default createWorkerHandler({
+  tools: allToolDefinitions,
+  resources: allResourceDefinitions,
+  prompts: allPromptDefinitions,
+  setup(core) {
+    initMyService(core.config, core.storage);
+  },
+  extraEnvBindings: [['MY_API_KEY', 'MY_API_KEY']],
+  extraObjectBindings: [['MY_CUSTOM_KV', 'MY_CUSTOM_KV']],
+  onScheduled: async (controller, env, ctx) => {
+    // Cloudflare cron trigger handler
+  },
+});
+```
+### Options
+| Option | Type | Purpose |
+|:-------|:-----|:--------|
+| `tools` | `AnyToolDefinition[]` | Tool definitions to register |
+| `resources` | `AnyResourceDefinition[]` | Resource definitions to register |
+| `prompts` | `PromptDefinition[]` | Prompt definitions to register |
+| `setup` | `(core: CoreServices) => void \| Promise<void>` | Runs after core services are ready, before first request |
+| `extraEnvBindings` | `[bindingKey: string, processEnvKey: string][]` | Maps CF string bindings to `process.env` keys |
+| `extraObjectBindings` | `[bindingKey: string, globalKey: string][]` | Maps CF object bindings (KV, R2, D1, AI) to `globalThis` keys |
+| `onScheduled` | `(controller, env, ctx) => Promise<void>` | Cloudflare cron trigger handler |
+### Key design points
+- **Per-request `McpServer` factory** — a new server instance is created for each request. Required by SDK security advisory GHSA-345p-7cg4-v4c7.
+- **Env bindings refreshed per-request** — Cloudflare may rotate binding object references between requests; the handler re-injects them on every call.
+- **`ctx.waitUntil()` is documented but not yet called by the framework** — the `ExecutionContext` is received and passed through to `app.fetch` and `onScheduled`, but the framework itself does not currently call `ctx.waitUntil()` for telemetry flush. Spans complete synchronously within the request lifecycle.
+- **Singleton app promise with retry-on-failure** — the framework init runs once; if it fails, the next request retries rather than leaving the Worker in a permanently broken state.
+---
+## Binding types
+Cloudflare Workers bindings come in two kinds with different injection mechanisms:
+| Type | Examples | Injection mechanism | Runtime access |
+|:-----|:---------|:--------------------|:---------------|
+| String values | API keys, base URLs, feature flags | `injectEnvVars()` → `process.env` | `process.env.MY_API_KEY` |
+| Object bindings | KV namespace, R2 bucket, D1 database, AI | `storeBindings()` → `globalThis` | `(globalThis as any).MY_CUSTOM_KV` |
+**`extraEnvBindings`** — array of `[bindingKey, processEnvKey]` tuples. The value of `env[bindingKey]` is assigned to `process.env[processEnvKey]` at request time.
+**`extraObjectBindings`** — array of `[bindingKey, globalKey]` tuples. The object at `env[bindingKey]` is stored on `globalThis[globalKey]` at request time.
+Both are refreshed on every request. Never cache binding references between requests.
+---
+## `CloudflareBindings` extensibility
+Core defines `CloudflareBindings` without an index signature, so servers extend it via intersection rather than module augmentation:
+```ts
+import type { CloudflareBindings as CoreBindings } from '@cyanheads/mcp-ts-core/worker';
+interface MyBindings extends CoreBindings {
+  MY_CUSTOM_KV: KVNamespace;
+  MY_R2_BUCKET: R2Bucket;
+}
+```
+Pass `MyBindings` as a type parameter where the framework accepts a generic env type (e.g., Hono route handlers, `onScheduled`).
+---
+## Runtime compatibility
+### `runtimeCaps` feature detection
+```ts
+import { runtimeCaps } from '@cyanheads/mcp-ts-core/utils/runtime';
+if (runtimeCaps.isWorkerLike) {
+  // Workers-specific path
+}
+if (runtimeCaps.isNode) {
+  // Node.js-specific path (e.g., filesystem access)
+}
+```
+`runtimeCaps` is a snapshot taken at import time. Fields: `isNode`, `isBun`, `isWorkerLike`, `isBrowserLike`, `hasProcess`, `hasBuffer`, `hasTextEncoder`, `hasPerformanceNow`. All booleans, never throw.
+### Serverless storage whitelist
+In Workers, only these storage providers are allowed:
+| Provider | Notes |
+|:---------|:------|
+| `in-memory` | Default — data lost on cold start, no persistence |
+| `cloudflare-kv` | KV namespace binding — eventually consistent |
+| `cloudflare-r2` | R2 bucket binding — object storage |
+| `cloudflare-d1` | D1 database binding — SQLite-compatible |
+`filesystem` and `supabase` providers are not on the whitelist. In a serverless environment, any non-whitelisted provider type is **silently forced to `in-memory`** (a warning is logged) rather than throwing. Set `STORAGE_PROVIDER_TYPE` to one of the whitelisted values to avoid the fallback.
+---
+## `wrangler.toml` requirements
+```toml
+compatibility_flags = ["nodejs_compat"]
+compatibility_date = "2025-09-01"  # must be >= 2025-09-01
+[[kv_namespaces]]
+binding = "MY_CUSTOM_KV"
+id = "..."
+[[r2_buckets]]
+binding = "MY_R2_BUCKET"
+bucket_name = "..."
+```
+`nodejs_compat` is required for Node.js API shims (e.g., `process.env`, `Buffer`, `crypto`). The minimum `compatibility_date` activates the required shim set.
+---
+## Workers-specific warnings
+**Lazy env parsing is mandatory.** Cloudflare injects env bindings at request time via `injectEnvVars()` — after all static module imports complete. Never parse `process.env` at module top-level in Workers:
+```ts
+// WRONG — parsed before env is injected
+const apiKey = process.env.MY_API_KEY;  // undefined in Workers
+// CORRECT — lazy parse inside a function or getter
+export function getServerConfig() {
+  return ServerConfigSchema.parse({ apiKey: process.env.MY_API_KEY });
+}
+```
+**`in-memory` storage is volatile.** Data stored with the `in-memory` provider is lost between cold starts and is not shared across Worker instances. Use `cloudflare-kv`, `cloudflare-r2`, or `cloudflare-d1` for any state that must persist or be shared.
+**Node-only utilities throw in Workers.** `scheduler` (`node-cron`), `sanitizePath` (fs-based), and `filesystem` storage provider all throw `ConfigurationError` when called from a Worker. Guard with `runtimeCaps.isNode` or avoid entirely.

package/skills/devcheck/SKILL.md ADDED Viewed

@@ -0,0 +1,31 @@
+---
+name: devcheck
+description: >
+  Lint, format, typecheck, and audit the project. Use after making changes, before committing, or when the user asks to verify the project is clean.
+metadata:
+  author: cyanheads
+  version: "1.0"
+  audience: external
+  type: workflow
+---
+## Steps
+1. Run `bun run devcheck`
+2. Read the output carefully — it runs lint, format check, typecheck, and security audit
+3. If there are failures, fix the issues in the source files
+4. Re-run `bun run devcheck` until clean
+5. Do not consider this skill complete until the command exits successfully with no errors
+## Common Issues
+| Error Type | Typical Fix |
+|:-----------|:------------|
+| Lint errors | Fix code style issues, unused imports, missing types |
+| Format errors | Run `bun run format` or fix manually |
+| Type errors | Fix type mismatches, missing properties, incorrect generics |
+| Security audit | Update vulnerable dependencies with `bun update` |
+## Checklist
+- [ ] `bun run devcheck` exits with no errors