npm - @epicdm/flowstate-mcp-gateway - Versions diffs - 1.0.0 - Mend

@epicdm/flowstate-mcp-gateway 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (14) hide show

package/dist/index.js ADDED Viewed

@@ -0,0 +1,335 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+// src/index.ts
+var src_exports = {};
+__export(src_exports, {
+  MCPGatewayServer: () => MCPGatewayServer
+});
+module.exports = __toCommonJS(src_exports);
+// src/server.ts
+var import_express = __toESM(require("express"));
+var import_cors = __toESM(require("cors"));
+var import_flowstate_mcp = require("@epicdm/flowstate-mcp");
+// src/InMemoryTransport.ts
+var import_events = require("events");
+var InMemoryTransport = class {
+  sessionId;
+  onclose;
+  onerror;
+  onmessage;
+  started = false;
+  emitter = new import_events.EventEmitter();
+  responseHandlers = /* @__PURE__ */ new Map();
+  async start() {
+    this.started = true;
+    this.sessionId = `inmemory-${Date.now()}-${Math.random().toString(36).substring(7)}`;
+  }
+  async send(message) {
+    if (!this.started) {
+      throw new Error("Transport not started");
+    }
+    if ("result" in message || "error" in message) {
+      const response = message;
+      const handler = this.responseHandlers.get(response.id);
+      if (handler) {
+        handler(message);
+        this.responseHandlers.delete(response.id);
+      }
+    }
+  }
+  async close() {
+    this.started = false;
+    this.responseHandlers.clear();
+    this.onclose?.();
+  }
+  setProtocolVersion(version) {
+  }
+  /**
+   * Send a request and wait for response
+   * Used by the gateway to make programmatic requests
+   */
+  async sendRequest(request) {
+    if (!this.started) {
+      throw new Error("Transport not started");
+    }
+    return new Promise((resolve, reject) => {
+      const req = request;
+      const timeout = setTimeout(() => {
+        this.responseHandlers.delete(req.id);
+        reject(new Error("Request timeout"));
+      }, 6e4);
+      this.responseHandlers.set(req.id, (response) => {
+        clearTimeout(timeout);
+        resolve(response);
+      });
+      if (this.onmessage) {
+        this.onmessage(request);
+      } else {
+        reject(new Error("Transport not connected to server"));
+      }
+    });
+  }
+};
+// src/server.ts
+var MCPGatewayServer = class {
+  app;
+  mcpServer;
+  config;
+  isInitialized = false;
+  httpServer;
+  transport;
+  constructor(config) {
+    this.config = config;
+    this.app = (0, import_express.default)();
+    this.mcpServer = new import_flowstate_mcp.FlowStateMCPServer({
+      rxdbServerUrl: config.rxdbServerUrl,
+      domainId: config.domainId,
+      projectPath: config.projectPath || process.cwd(),
+      ...config.userId && { userId: config.userId },
+      ...config.orgId && { orgId: config.orgId }
+    });
+    this.setupMiddleware();
+    this.setupRoutes();
+  }
+  /**
+   * Get list of tools from MCP server
+   *
+   * WARNING: This method accesses internal MCP server API via type casting.
+   * This is necessary because FlowStateMCPServer doesn't expose a public method
+   * for listing tools. The underlying server.request() method is used directly.
+   *
+   * RISKS:
+   * - Internal API may change without notice in future versions
+   * - Type casting bypasses TypeScript safety checks
+   * - May break if FlowStateMCPServer implementation changes
+   *
+   * TODO: Consider requesting a public API method in FlowStateMCPServer
+   * for listing and calling tools to avoid internal API access.
+   */
+  async listTools() {
+    if (!this.transport) {
+      return [];
+    }
+    const request = {
+      jsonrpc: "2.0",
+      id: Date.now(),
+      method: "tools/list"
+    };
+    const response = await this.transport.sendRequest(request);
+    if ("error" in response) {
+      throw new Error(response.error.message || "Failed to list tools");
+    }
+    return response.result?.tools || [];
+  }
+  /**
+   * Call a tool on the MCP server
+   *
+   * WARNING: This method accesses internal MCP server API via type casting.
+   * This is necessary because FlowStateMCPServer doesn't expose a public method
+   * for calling tools. The underlying server.request() method is used directly.
+   *
+   * RISKS:
+   * - Internal API may change without notice in future versions
+   * - Type casting bypasses TypeScript safety checks
+   * - May break if FlowStateMCPServer implementation changes
+   *
+   * TODO: Consider requesting a public API method in FlowStateMCPServer
+   * for listing and calling tools to avoid internal API access.
+   *
+   * NOTE: The MCP SDK's server.request() method appears to require the request
+   * object to be passed twice (once as the request, once as params). This seems
+   * to be how the underlying MCP SDK expects the call to be structured based on
+   * the protocol specification.
+   */
+  async callTool(toolName, args) {
+    if (!this.transport) {
+      throw new Error("MCP server not available");
+    }
+    const request = {
+      jsonrpc: "2.0",
+      id: Date.now(),
+      method: "tools/call",
+      params: {
+        name: toolName,
+        arguments: args
+      }
+    };
+    const response = await this.transport.sendRequest(request);
+    if ("error" in response) {
+      throw new Error(response.error.message || "Failed to call tool");
+    }
+    return response.result?.content?.[0]?.text || response.result;
+  }
+  setupMiddleware() {
+    this.app.use(
+      (0, import_cors.default)({
+        origin: this.config.corsOrigins || "*",
+        methods: ["GET", "POST", "OPTIONS"],
+        allowedHeaders: ["Content-Type", "Authorization"]
+      })
+    );
+    this.app.use(import_express.default.json());
+    this.app.use(import_express.default.urlencoded({ extended: true }));
+    this.app.use((req, res, next) => {
+      console.log(`${(/* @__PURE__ */ new Date()).toISOString()} ${req.method} ${req.path}`);
+      next();
+    });
+  }
+  /**
+   * Extract and forward auth token from request to MCP server
+   *
+   * This enables per-request auth so each API call can use its own token,
+   * rather than relying on the initial config token.
+   */
+  updateAuthFromRequest(req) {
+    const authHeader = req.headers["authorization"];
+    if (!authHeader) {
+      console.log("[MCP Gateway] No Authorization header in request");
+      return;
+    }
+    const token = authHeader.toString().replace("Bearer ", "");
+    if (!token) {
+      console.log("[MCP Gateway] Empty token after Bearer prefix removal");
+      return;
+    }
+    if (!token.startsWith("eyJ") && !token.startsWith("epic_")) {
+      console.log(`[MCP Gateway] Invalid token format (starts with: ${token.substring(0, 10)}...)`);
+      return;
+    }
+    try {
+      ;
+      this.mcpServer.config.authToken = token;
+      console.log("[MCP Gateway] Auth token updated from request");
+    } catch (error) {
+      console.error("[MCP Gateway] Failed to update auth config:", error);
+    }
+  }
+  setupRoutes() {
+    this.app.get("/health", (req, res) => {
+      res.json({
+        status: "ok",
+        initialized: this.isInitialized,
+        timestamp: (/* @__PURE__ */ new Date()).toISOString()
+      });
+    });
+    this.app.get("/mcp/tools", async (req, res) => {
+      try {
+        if (!this.isInitialized) {
+          return res.status(503).json({
+            error: "Server not initialized"
+          });
+        }
+        this.updateAuthFromRequest(req);
+        const tools = await this.listTools();
+        res.json({ tools });
+      } catch (error) {
+        console.error("Error listing tools:", error);
+        res.status(500).json({
+          error: error instanceof Error ? error.message : "Unknown error"
+        });
+      }
+    });
+    this.app.post("/mcp/tools/call", async (req, res) => {
+      try {
+        if (!this.isInitialized) {
+          return res.status(503).json({
+            success: false,
+            error: "Server not initialized"
+          });
+        }
+        this.updateAuthFromRequest(req);
+        const { toolName, arguments: args } = req.body;
+        if (!toolName) {
+          return res.status(400).json({
+            success: false,
+            error: "toolName is required"
+          });
+        }
+        const result = await this.callTool(toolName, args || {});
+        const response = {
+          success: true,
+          result
+        };
+        res.json(response);
+      } catch (error) {
+        console.error("Error calling tool:", error);
+        const response = {
+          success: false,
+          error: error instanceof Error ? error.message : "Unknown error"
+        };
+        res.status(500).json(response);
+      }
+    });
+  }
+  async initialize() {
+    await this.mcpServer.initialize();
+    this.transport = new InMemoryTransport();
+    const server = this.mcpServer.server;
+    if (server) {
+      await server.connect(this.transport);
+    }
+    this.isInitialized = true;
+    console.log("MCP Gateway initialized");
+  }
+  async start() {
+    await this.initialize();
+    return new Promise((resolve) => {
+      this.httpServer = this.app.listen(this.config.port, this.config.host, () => {
+        console.log(`MCP Gateway listening on http://${this.config.host}:${this.config.port}`);
+        resolve();
+      });
+    });
+  }
+  async close() {
+    if (this.httpServer) {
+      await new Promise((resolve, reject) => {
+        this.httpServer.close((err) => {
+          if (err) {
+            console.error("Error closing HTTP server:", err);
+            reject(err);
+          } else {
+            console.log("HTTP server closed");
+            resolve();
+          }
+        });
+      });
+    }
+    await this.mcpServer.close();
+    console.log("MCP Gateway closed");
+  }
+};
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  MCPGatewayServer
+});
+//# sourceMappingURL=index.js.map

package/dist/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/index.ts","../src/server.ts","../src/InMemoryTransport.ts"],"sourcesContent":["// Copyright 2026 Epic Digital Interactive Media LLC\n// SPDX-License-Identifier: Apache-2.0\n\nexport { MCPGatewayServer } from './server';\nexport type {\n MCPGatewayConfig,\n ToolDefinition,\n ToolCallRequest,\n ToolCallResponse,\n} from './types';\n","// Copyright 2026 Epic Digital Interactive Media LLC\n// SPDX-License-Identifier: Apache-2.0\n\nimport express, { Express, Request, Response } from 'express'\nimport cors from 'cors'\nimport { FlowStateMCPServer } from '@epicdm/flowstate-mcp'\nimport { InMemoryTransport } from './InMemoryTransport'\nimport type { MCPGatewayConfig, ToolCallRequest, ToolCallResponse } from './types'\n\nexport class MCPGatewayServer {\n private app: Express\n private mcpServer: FlowStateMCPServer\n private config: MCPGatewayConfig\n private isInitialized = false\n private httpServer?: ReturnType<Express['listen']>\n private transport?: InMemoryTransport\n\n constructor(config: MCPGatewayConfig) {\n this.config = config\n this.app = express()\n\n // Initialize MCP Server\n this.mcpServer = new FlowStateMCPServer({\n rxdbServerUrl: config.rxdbServerUrl,\n domainId: config.domainId,\n projectPath: config.projectPath || process.cwd(),\n ...(config.userId && { userId: config.userId }),\n ...(config.orgId && { orgId: config.orgId }),\n } as any)\n\n this.setupMiddleware()\n this.setupRoutes()\n }\n\n /**\n * Get list of tools from MCP server\n *\n * WARNING: This method accesses internal MCP server API via type casting.\n * This is necessary because FlowStateMCPServer doesn't expose a public method\n * for listing tools. The underlying server.request() method is used directly.\n *\n * RISKS:\n * - Internal API may change without notice in future versions\n * - Type casting bypasses TypeScript safety checks\n * - May break if FlowStateMCPServer implementation changes\n *\n * TODO: Consider requesting a public API method in FlowStateMCPServer\n * for listing and calling tools to avoid internal API access.\n */\n private async listTools(): Promise<any[]> {\n if (!this.transport) {\n return []\n }\n\n // Send request through transport\n const request = {\n jsonrpc: '2.0' as const,\n id: Date.now(),\n method: 'tools/list' as const,\n }\n\n const response: any = await this.transport.sendRequest(request)\n\n if ('error' in response) {\n throw new Error(response.error.message || 'Failed to list tools')\n }\n\n return response.result?.tools || []\n }\n\n /**\n * Call a tool on the MCP server\n *\n * WARNING: This method accesses internal MCP server API via type casting.\n * This is necessary because FlowStateMCPServer doesn't expose a public method\n * for calling tools. The underlying server.request() method is used directly.\n *\n * RISKS:\n * - Internal API may change without notice in future versions\n * - Type casting bypasses TypeScript safety checks\n * - May break if FlowStateMCPServer implementation changes\n *\n * TODO: Consider requesting a public API method in FlowStateMCPServer\n * for listing and calling tools to avoid internal API access.\n *\n * NOTE: The MCP SDK's server.request() method appears to require the request\n * object to be passed twice (once as the request, once as params). This seems\n * to be how the underlying MCP SDK expects the call to be structured based on\n * the protocol specification.\n */\n private async callTool(toolName: string, args: Record<string, any>): Promise<any> {\n if (!this.transport) {\n throw new Error('MCP server not available')\n }\n\n // Send request through transport\n const request = {\n jsonrpc: '2.0' as const,\n id: Date.now(),\n method: 'tools/call' as const,\n params: {\n name: toolName,\n arguments: args,\n },\n }\n\n const response: any = await this.transport.sendRequest(request)\n\n if ('error' in response) {\n throw new Error(response.error.message || 'Failed to call tool')\n }\n\n return response.result?.content?.[0]?.text || response.result\n }\n\n private setupMiddleware(): void {\n // CORS\n this.app.use(\n cors({\n origin: this.config.corsOrigins || '*',\n methods: ['GET', 'POST', 'OPTIONS'],\n allowedHeaders: ['Content-Type', 'Authorization'],\n })\n )\n\n // Body parsing\n this.app.use(express.json())\n this.app.use(express.urlencoded({ extended: true }))\n\n // Request logging\n this.app.use((req, res, next) => {\n console.log(`${new Date().toISOString()} ${req.method} ${req.path}`)\n next()\n })\n }\n\n /**\n * Extract and forward auth token from request to MCP server\n *\n * This enables per-request auth so each API call can use its own token,\n * rather than relying on the initial config token.\n */\n private updateAuthFromRequest(req: Request): void {\n const authHeader = req.headers['authorization']\n if (!authHeader) {\n console.log('[MCP Gateway] No Authorization header in request')\n return\n }\n\n const token = authHeader.toString().replace('Bearer ', '')\n if (!token) {\n console.log('[MCP Gateway] Empty token after Bearer prefix removal')\n return\n }\n\n // Only accept valid-looking tokens (JWT or API tokens)\n if (!token.startsWith('eyJ') && !token.startsWith('epic_')) {\n console.log(`[MCP Gateway] Invalid token format (starts with: ${token.substring(0, 10)}...)`)\n return\n }\n\n try {\n ;(this.mcpServer as any).config.authToken = token\n console.log('[MCP Gateway] Auth token updated from request')\n } catch (error) {\n console.error('[MCP Gateway] Failed to update auth config:', error)\n }\n }\n\n private setupRoutes(): void {\n // Health check\n this.app.get('/health', (req: Request, res: Response) => {\n res.json({\n status: 'ok',\n initialized: this.isInitialized,\n timestamp: new Date().toISOString(),\n })\n })\n\n // List available tools\n this.app.get('/mcp/tools', async (req: Request, res: Response) => {\n try {\n if (!this.isInitialized) {\n return res.status(503).json({\n error: 'Server not initialized',\n })\n }\n\n // Forward per-request auth to MCP server\n this.updateAuthFromRequest(req)\n\n const tools = await this.listTools()\n res.json({ tools })\n } catch (error) {\n console.error('Error listing tools:', error)\n res.status(500).json({\n error: error instanceof Error ? error.message : 'Unknown error',\n })\n }\n })\n\n // Execute a tool\n this.app.post('/mcp/tools/call', async (req: Request, res: Response) => {\n try {\n if (!this.isInitialized) {\n return res.status(503).json({\n success: false,\n error: 'Server not initialized',\n })\n }\n\n // Forward per-request auth to MCP server\n this.updateAuthFromRequest(req)\n\n const { toolName, arguments: args } = req.body as ToolCallRequest\n\n if (!toolName) {\n return res.status(400).json({\n success: false,\n error: 'toolName is required',\n })\n }\n\n const result = await this.callTool(toolName, args || {})\n\n const response: ToolCallResponse = {\n success: true,\n result,\n }\n\n res.json(response)\n } catch (error) {\n console.error('Error calling tool:', error)\n const response: ToolCallResponse = {\n success: false,\n error: error instanceof Error ? error.message : 'Unknown error',\n }\n res.status(500).json(response)\n }\n })\n }\n\n async initialize(): Promise<void> {\n await this.mcpServer.initialize()\n\n // Connect the MCP server to an in-memory transport\n // This is required for the MCP SDK to handle requests\n this.transport = new InMemoryTransport()\n const server = (this.mcpServer as any).server\n if (server) {\n await server.connect(this.transport)\n }\n\n this.isInitialized = true\n console.log('MCP Gateway initialized')\n }\n\n async start(): Promise<void> {\n await this.initialize()\n\n return new Promise(resolve => {\n this.httpServer = this.app.listen(this.config.port, this.config.host, () => {\n console.log(`MCP Gateway listening on http://${this.config.host}:${this.config.port}`)\n resolve()\n })\n })\n }\n\n async close(): Promise<void> {\n // Close HTTP server first\n if (this.httpServer) {\n await new Promise<void>((resolve, reject) => {\n this.httpServer!.close(err => {\n if (err) {\n console.error('Error closing HTTP server:', err)\n reject(err)\n } else {\n console.log('HTTP server closed')\n resolve()\n }\n })\n })\n }\n\n // Then close MCP server\n await this.mcpServer.close()\n console.log('MCP Gateway closed')\n }\n}\n","// Copyright 2026 Epic Digital Interactive Media LLC\n// SPDX-License-Identifier: Apache-2.0\n\nimport type { Transport } from '@modelcontextprotocol/sdk/shared/transport.js';\nimport type { JSONRPCMessage, JSONRPCRequest, JSONRPCResponse, JSONRPCErrorResponse } from '@modelcontextprotocol/sdk/types.js';\nimport { EventEmitter } from 'events';\n\n/**\n * In-Memory Transport for programmatic MCP server usage\n *\n * This transport creates a bidirectional message channel that allows\n * the MCP server to be used programmatically without stdio/SSE.\n */\nexport class InMemoryTransport implements Transport {\n sessionId?: string;\n onclose?: () => void;\n onerror?: (error: Error) => void;\n onmessage?: (message: JSONRPCMessage) => void;\n\n private started = false;\n private emitter = new EventEmitter();\n private responseHandlers = new Map<string | number, (response: JSONRPCMessage) => void>();\n\n async start(): Promise<void> {\n this.started = true;\n this.sessionId = `inmemory-${Date.now()}-${Math.random().toString(36).substring(7)}`;\n }\n\n async send(message: JSONRPCMessage): Promise<void> {\n if (!this.started) {\n throw new Error('Transport not started');\n }\n\n // If this is a response (has 'result' or 'error' and 'id')\n if ('result' in message || 'error' in message) {\n const response = message as JSONRPCResponse | JSONRPCErrorResponse;\n const handler = this.responseHandlers.get(response.id!);\n if (handler) {\n handler(message);\n this.responseHandlers.delete(response.id!);\n }\n }\n }\n\n async close(): Promise<void> {\n this.started = false;\n this.responseHandlers.clear();\n this.onclose?.();\n }\n\n setProtocolVersion?(version: string): void {\n // No-op for in-memory transport\n }\n\n /**\n * Send a request and wait for response\n * Used by the gateway to make programmatic requests\n */\n async sendRequest(request: JSONRPCMessage): Promise<JSONRPCMessage> {\n if (!this.started) {\n throw new Error('Transport not started');\n }\n\n return new Promise((resolve, reject) => {\n const req = request as JSONRPCRequest;\n const timeout = setTimeout(() => {\n this.responseHandlers.delete(req.id);\n reject(new Error('Request timeout'));\n }, 60000);\n\n this.responseHandlers.set(req.id, (response) => {\n clearTimeout(timeout);\n resolve(response);\n });\n\n // Route request to server's message handler\n if (this.onmessage) {\n this.onmessage(request);\n } else {\n reject(new Error('Transport not connected to server'));\n }\n });\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACGA,qBAAoD;AACpD,kBAAiB;AACjB,2BAAmC;;;ACAnC,oBAA6B;AAQtB,IAAM,oBAAN,MAA6C;AAAA,EAClD;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EAEQ,UAAU;AAAA,EACV,UAAU,IAAI,2BAAa;AAAA,EAC3B,mBAAmB,oBAAI,IAAyD;AAAA,EAExF,MAAM,QAAuB;AAC3B,SAAK,UAAU;AACf,SAAK,YAAY,YAAY,KAAK,IAAI,CAAC,IAAI,KAAK,OAAO,EAAE,SAAS,EAAE,EAAE,UAAU,CAAC,CAAC;AAAA,EACpF;AAAA,EAEA,MAAM,KAAK,SAAwC;AACjD,QAAI,CAAC,KAAK,SAAS;AACjB,YAAM,IAAI,MAAM,uBAAuB;AAAA,IACzC;AAGA,QAAI,YAAY,WAAW,WAAW,SAAS;AAC7C,YAAM,WAAW;AACjB,YAAM,UAAU,KAAK,iBAAiB,IAAI,SAAS,EAAG;AACtD,UAAI,SAAS;AACX,gBAAQ,OAAO;AACf,aAAK,iBAAiB,OAAO,SAAS,EAAG;AAAA,MAC3C;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAM,QAAuB;AAC3B,SAAK,UAAU;AACf,SAAK,iBAAiB,MAAM;AAC5B,SAAK,UAAU;AAAA,EACjB;AAAA,EAEA,mBAAoB,SAAuB;AAAA,EAE3C;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,YAAY,SAAkD;AAClE,QAAI,CAAC,KAAK,SAAS;AACjB,YAAM,IAAI,MAAM,uBAAuB;AAAA,IACzC;AAEA,WAAO,IAAI,QAAQ,CAAC,SAAS,WAAW;AACtC,YAAM,MAAM;AACZ,YAAM,UAAU,WAAW,MAAM;AAC/B,aAAK,iBAAiB,OAAO,IAAI,EAAE;AACnC,eAAO,IAAI,MAAM,iBAAiB,CAAC;AAAA,MACrC,GAAG,GAAK;AAER,WAAK,iBAAiB,IAAI,IAAI,IAAI,CAAC,aAAa;AAC9C,qBAAa,OAAO;AACpB,gBAAQ,QAAQ;AAAA,MAClB,CAAC;AAGD,UAAI,KAAK,WAAW;AAClB,aAAK,UAAU,OAAO;AAAA,MACxB,OAAO;AACL,eAAO,IAAI,MAAM,mCAAmC,CAAC;AAAA,MACvD;AAAA,IACF,CAAC;AAAA,EACH;AACF;;;AD1EO,IAAM,mBAAN,MAAuB;AAAA,EACpB;AAAA,EACA;AAAA,EACA;AAAA,EACA,gBAAgB;AAAA,EAChB;AAAA,EACA;AAAA,EAER,YAAY,QAA0B;AACpC,SAAK,SAAS;AACd,SAAK,UAAM,eAAAA,SAAQ;AAGnB,SAAK,YAAY,IAAI,wCAAmB;AAAA,MACtC,eAAe,OAAO;AAAA,MACtB,UAAU,OAAO;AAAA,MACjB,aAAa,OAAO,eAAe,QAAQ,IAAI;AAAA,MAC/C,GAAI,OAAO,UAAU,EAAE,QAAQ,OAAO,OAAO;AAAA,MAC7C,GAAI,OAAO,SAAS,EAAE,OAAO,OAAO,MAAM;AAAA,IAC5C,CAAQ;AAER,SAAK,gBAAgB;AACrB,SAAK,YAAY;AAAA,EACnB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAiBA,MAAc,YAA4B;AACxC,QAAI,CAAC,KAAK,WAAW;AACnB,aAAO,CAAC;AAAA,IACV;AAGA,UAAM,UAAU;AAAA,MACd,SAAS;AAAA,MACT,IAAI,KAAK,IAAI;AAAA,MACb,QAAQ;AAAA,IACV;AAEA,UAAM,WAAgB,MAAM,KAAK,UAAU,YAAY,OAAO;AAE9D,QAAI,WAAW,UAAU;AACvB,YAAM,IAAI,MAAM,SAAS,MAAM,WAAW,sBAAsB;AAAA,IAClE;AAEA,WAAO,SAAS,QAAQ,SAAS,CAAC;AAAA,EACpC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAsBA,MAAc,SAAS,UAAkB,MAAyC;AAChF,QAAI,CAAC,KAAK,WAAW;AACnB,YAAM,IAAI,MAAM,0BAA0B;AAAA,IAC5C;AAGA,UAAM,UAAU;AAAA,MACd,SAAS;AAAA,MACT,IAAI,KAAK,IAAI;AAAA,MACb,QAAQ;AAAA,MACR,QAAQ;AAAA,QACN,MAAM;AAAA,QACN,WAAW;AAAA,MACb;AAAA,IACF;AAEA,UAAM,WAAgB,MAAM,KAAK,UAAU,YAAY,OAAO;AAE9D,QAAI,WAAW,UAAU;AACvB,YAAM,IAAI,MAAM,SAAS,MAAM,WAAW,qBAAqB;AAAA,IACjE;AAEA,WAAO,SAAS,QAAQ,UAAU,CAAC,GAAG,QAAQ,SAAS;AAAA,EACzD;AAAA,EAEQ,kBAAwB;AAE9B,SAAK,IAAI;AAAA,UACP,YAAAC,SAAK;AAAA,QACH,QAAQ,KAAK,OAAO,eAAe;AAAA,QACnC,SAAS,CAAC,OAAO,QAAQ,SAAS;AAAA,QAClC,gBAAgB,CAAC,gBAAgB,eAAe;AAAA,MAClD,CAAC;AAAA,IACH;AAGA,SAAK,IAAI,IAAI,eAAAD,QAAQ,KAAK,CAAC;AAC3B,SAAK,IAAI,IAAI,eAAAA,QAAQ,WAAW,EAAE,UAAU,KAAK,CAAC,CAAC;AAGnD,SAAK,IAAI,IAAI,CAAC,KAAK,KAAK,SAAS;AAC/B,cAAQ,IAAI,IAAG,oBAAI,KAAK,GAAE,YAAY,CAAC,IAAI,IAAI,MAAM,IAAI,IAAI,IAAI,EAAE;AACnE,WAAK;AAAA,IACP,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQQ,sBAAsB,KAAoB;AAChD,UAAM,aAAa,IAAI,QAAQ,eAAe;AAC9C,QAAI,CAAC,YAAY;AACf,cAAQ,IAAI,kDAAkD;AAC9D;AAAA,IACF;AAEA,UAAM,QAAQ,WAAW,SAAS,EAAE,QAAQ,WAAW,EAAE;AACzD,QAAI,CAAC,OAAO;AACV,cAAQ,IAAI,uDAAuD;AACnE;AAAA,IACF;AAGA,QAAI,CAAC,MAAM,WAAW,KAAK,KAAK,CAAC,MAAM,WAAW,OAAO,GAAG;AAC1D,cAAQ,IAAI,oDAAoD,MAAM,UAAU,GAAG,EAAE,CAAC,MAAM;AAC5F;AAAA,IACF;AAEA,QAAI;AACF;AAAC,MAAC,KAAK,UAAkB,OAAO,YAAY;AAC5C,cAAQ,IAAI,+CAA+C;AAAA,IAC7D,SAAS,OAAO;AACd,cAAQ,MAAM,+CAA+C,KAAK;AAAA,IACpE;AAAA,EACF;AAAA,EAEQ,cAAoB;AAE1B,SAAK,IAAI,IAAI,WAAW,CAAC,KAAc,QAAkB;AACvD,UAAI,KAAK;AAAA,QACP,QAAQ;AAAA,QACR,aAAa,KAAK;AAAA,QAClB,YAAW,oBAAI,KAAK,GAAE,YAAY;AAAA,MACpC,CAAC;AAAA,IACH,CAAC;AAGD,SAAK,IAAI,IAAI,cAAc,OAAO,KAAc,QAAkB;AAChE,UAAI;AACF,YAAI,CAAC,KAAK,eAAe;AACvB,iBAAO,IAAI,OAAO,GAAG,EAAE,KAAK;AAAA,YAC1B,OAAO;AAAA,UACT,CAAC;AAAA,QACH;AAGA,aAAK,sBAAsB,GAAG;AAE9B,cAAM,QAAQ,MAAM,KAAK,UAAU;AACnC,YAAI,KAAK,EAAE,MAAM,CAAC;AAAA,MACpB,SAAS,OAAO;AACd,gBAAQ,MAAM,wBAAwB,KAAK;AAC3C,YAAI,OAAO,GAAG,EAAE,KAAK;AAAA,UACnB,OAAO,iBAAiB,QAAQ,MAAM,UAAU;AAAA,QAClD,CAAC;AAAA,MACH;AAAA,IACF,CAAC;AAGD,SAAK,IAAI,KAAK,mBAAmB,OAAO,KAAc,QAAkB;AACtE,UAAI;AACF,YAAI,CAAC,KAAK,eAAe;AACvB,iBAAO,IAAI,OAAO,GAAG,EAAE,KAAK;AAAA,YAC1B,SAAS;AAAA,YACT,OAAO;AAAA,UACT,CAAC;AAAA,QACH;AAGA,aAAK,sBAAsB,GAAG;AAE9B,cAAM,EAAE,UAAU,WAAW,KAAK,IAAI,IAAI;AAE1C,YAAI,CAAC,UAAU;AACb,iBAAO,IAAI,OAAO,GAAG,EAAE,KAAK;AAAA,YAC1B,SAAS;AAAA,YACT,OAAO;AAAA,UACT,CAAC;AAAA,QACH;AAEA,cAAM,SAAS,MAAM,KAAK,SAAS,UAAU,QAAQ,CAAC,CAAC;AAEvD,cAAM,WAA6B;AAAA,UACjC,SAAS;AAAA,UACT;AAAA,QACF;AAEA,YAAI,KAAK,QAAQ;AAAA,MACnB,SAAS,OAAO;AACd,gBAAQ,MAAM,uBAAuB,KAAK;AAC1C,cAAM,WAA6B;AAAA,UACjC,SAAS;AAAA,UACT,OAAO,iBAAiB,QAAQ,MAAM,UAAU;AAAA,QAClD;AACA,YAAI,OAAO,GAAG,EAAE,KAAK,QAAQ;AAAA,MAC/B;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,aAA4B;AAChC,UAAM,KAAK,UAAU,WAAW;AAIhC,SAAK,YAAY,IAAI,kBAAkB;AACvC,UAAM,SAAU,KAAK,UAAkB;AACvC,QAAI,QAAQ;AACV,YAAM,OAAO,QAAQ,KAAK,SAAS;AAAA,IACrC;AAEA,SAAK,gBAAgB;AACrB,YAAQ,IAAI,yBAAyB;AAAA,EACvC;AAAA,EAEA,MAAM,QAAuB;AAC3B,UAAM,KAAK,WAAW;AAEtB,WAAO,IAAI,QAAQ,aAAW;AAC5B,WAAK,aAAa,KAAK,IAAI,OAAO,KAAK,OAAO,MAAM,KAAK,OAAO,MAAM,MAAM;AAC1E,gBAAQ,IAAI,mCAAmC,KAAK,OAAO,IAAI,IAAI,KAAK,OAAO,IAAI,EAAE;AACrF,gBAAQ;AAAA,MACV,CAAC;AAAA,IACH,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,QAAuB;AAE3B,QAAI,KAAK,YAAY;AACnB,YAAM,IAAI,QAAc,CAAC,SAAS,WAAW;AAC3C,aAAK,WAAY,MAAM,SAAO;AAC5B,cAAI,KAAK;AACP,oBAAQ,MAAM,8BAA8B,GAAG;AAC/C,mBAAO,GAAG;AAAA,UACZ,OAAO;AACL,oBAAQ,IAAI,oBAAoB;AAChC,oBAAQ;AAAA,UACV;AAAA,QACF,CAAC;AAAA,MACH,CAAC;AAAA,IACH;AAGA,UAAM,KAAK,UAAU,MAAM;AAC3B,YAAQ,IAAI,oBAAoB;AAAA,EAClC;AACF;","names":["express","cors"]}

package/dist/index.mjs ADDED Viewed

@@ -0,0 +1,298 @@
+// src/server.ts
+import express from "express";
+import cors from "cors";
+import { FlowStateMCPServer } from "@epicdm/flowstate-mcp";
+// src/InMemoryTransport.ts
+import { EventEmitter } from "events";
+var InMemoryTransport = class {
+  sessionId;
+  onclose;
+  onerror;
+  onmessage;
+  started = false;
+  emitter = new EventEmitter();
+  responseHandlers = /* @__PURE__ */ new Map();
+  async start() {
+    this.started = true;
+    this.sessionId = `inmemory-${Date.now()}-${Math.random().toString(36).substring(7)}`;
+  }
+  async send(message) {
+    if (!this.started) {
+      throw new Error("Transport not started");
+    }
+    if ("result" in message || "error" in message) {
+      const response = message;
+      const handler = this.responseHandlers.get(response.id);
+      if (handler) {
+        handler(message);
+        this.responseHandlers.delete(response.id);
+      }
+    }
+  }
+  async close() {
+    this.started = false;
+    this.responseHandlers.clear();
+    this.onclose?.();
+  }
+  setProtocolVersion(version) {
+  }
+  /**
+   * Send a request and wait for response
+   * Used by the gateway to make programmatic requests
+   */
+  async sendRequest(request) {
+    if (!this.started) {
+      throw new Error("Transport not started");
+    }
+    return new Promise((resolve, reject) => {
+      const req = request;
+      const timeout = setTimeout(() => {
+        this.responseHandlers.delete(req.id);
+        reject(new Error("Request timeout"));
+      }, 6e4);
+      this.responseHandlers.set(req.id, (response) => {
+        clearTimeout(timeout);
+        resolve(response);
+      });
+      if (this.onmessage) {
+        this.onmessage(request);
+      } else {
+        reject(new Error("Transport not connected to server"));
+      }
+    });
+  }
+};
+// src/server.ts
+var MCPGatewayServer = class {
+  app;
+  mcpServer;
+  config;
+  isInitialized = false;
+  httpServer;
+  transport;
+  constructor(config) {
+    this.config = config;
+    this.app = express();
+    this.mcpServer = new FlowStateMCPServer({
+      rxdbServerUrl: config.rxdbServerUrl,
+      domainId: config.domainId,
+      projectPath: config.projectPath || process.cwd(),
+      ...config.userId && { userId: config.userId },
+      ...config.orgId && { orgId: config.orgId }
+    });
+    this.setupMiddleware();
+    this.setupRoutes();
+  }
+  /**
+   * Get list of tools from MCP server
+   *
+   * WARNING: This method accesses internal MCP server API via type casting.
+   * This is necessary because FlowStateMCPServer doesn't expose a public method
+   * for listing tools. The underlying server.request() method is used directly.
+   *
+   * RISKS:
+   * - Internal API may change without notice in future versions
+   * - Type casting bypasses TypeScript safety checks
+   * - May break if FlowStateMCPServer implementation changes
+   *
+   * TODO: Consider requesting a public API method in FlowStateMCPServer
+   * for listing and calling tools to avoid internal API access.
+   */
+  async listTools() {
+    if (!this.transport) {
+      return [];
+    }
+    const request = {
+      jsonrpc: "2.0",
+      id: Date.now(),
+      method: "tools/list"
+    };
+    const response = await this.transport.sendRequest(request);
+    if ("error" in response) {
+      throw new Error(response.error.message || "Failed to list tools");
+    }
+    return response.result?.tools || [];
+  }
+  /**
+   * Call a tool on the MCP server
+   *
+   * WARNING: This method accesses internal MCP server API via type casting.
+   * This is necessary because FlowStateMCPServer doesn't expose a public method
+   * for calling tools. The underlying server.request() method is used directly.
+   *
+   * RISKS:
+   * - Internal API may change without notice in future versions
+   * - Type casting bypasses TypeScript safety checks
+   * - May break if FlowStateMCPServer implementation changes
+   *
+   * TODO: Consider requesting a public API method in FlowStateMCPServer
+   * for listing and calling tools to avoid internal API access.
+   *
+   * NOTE: The MCP SDK's server.request() method appears to require the request
+   * object to be passed twice (once as the request, once as params). This seems
+   * to be how the underlying MCP SDK expects the call to be structured based on
+   * the protocol specification.
+   */
+  async callTool(toolName, args) {
+    if (!this.transport) {
+      throw new Error("MCP server not available");
+    }
+    const request = {
+      jsonrpc: "2.0",
+      id: Date.now(),
+      method: "tools/call",
+      params: {
+        name: toolName,
+        arguments: args
+      }
+    };
+    const response = await this.transport.sendRequest(request);
+    if ("error" in response) {
+      throw new Error(response.error.message || "Failed to call tool");
+    }
+    return response.result?.content?.[0]?.text || response.result;
+  }
+  setupMiddleware() {
+    this.app.use(
+      cors({
+        origin: this.config.corsOrigins || "*",
+        methods: ["GET", "POST", "OPTIONS"],
+        allowedHeaders: ["Content-Type", "Authorization"]
+      })
+    );
+    this.app.use(express.json());
+    this.app.use(express.urlencoded({ extended: true }));
+    this.app.use((req, res, next) => {
+      console.log(`${(/* @__PURE__ */ new Date()).toISOString()} ${req.method} ${req.path}`);
+      next();
+    });
+  }
+  /**
+   * Extract and forward auth token from request to MCP server
+   *
+   * This enables per-request auth so each API call can use its own token,
+   * rather than relying on the initial config token.
+   */
+  updateAuthFromRequest(req) {
+    const authHeader = req.headers["authorization"];
+    if (!authHeader) {
+      console.log("[MCP Gateway] No Authorization header in request");
+      return;
+    }
+    const token = authHeader.toString().replace("Bearer ", "");
+    if (!token) {
+      console.log("[MCP Gateway] Empty token after Bearer prefix removal");
+      return;
+    }
+    if (!token.startsWith("eyJ") && !token.startsWith("epic_")) {
+      console.log(`[MCP Gateway] Invalid token format (starts with: ${token.substring(0, 10)}...)`);
+      return;
+    }
+    try {
+      ;
+      this.mcpServer.config.authToken = token;
+      console.log("[MCP Gateway] Auth token updated from request");
+    } catch (error) {
+      console.error("[MCP Gateway] Failed to update auth config:", error);
+    }
+  }
+  setupRoutes() {
+    this.app.get("/health", (req, res) => {
+      res.json({
+        status: "ok",
+        initialized: this.isInitialized,
+        timestamp: (/* @__PURE__ */ new Date()).toISOString()
+      });
+    });
+    this.app.get("/mcp/tools", async (req, res) => {
+      try {
+        if (!this.isInitialized) {
+          return res.status(503).json({
+            error: "Server not initialized"
+          });
+        }
+        this.updateAuthFromRequest(req);
+        const tools = await this.listTools();
+        res.json({ tools });
+      } catch (error) {
+        console.error("Error listing tools:", error);
+        res.status(500).json({
+          error: error instanceof Error ? error.message : "Unknown error"
+        });
+      }
+    });
+    this.app.post("/mcp/tools/call", async (req, res) => {
+      try {
+        if (!this.isInitialized) {
+          return res.status(503).json({
+            success: false,
+            error: "Server not initialized"
+          });
+        }
+        this.updateAuthFromRequest(req);
+        const { toolName, arguments: args } = req.body;
+        if (!toolName) {
+          return res.status(400).json({
+            success: false,
+            error: "toolName is required"
+          });
+        }
+        const result = await this.callTool(toolName, args || {});
+        const response = {
+          success: true,
+          result
+        };
+        res.json(response);
+      } catch (error) {
+        console.error("Error calling tool:", error);
+        const response = {
+          success: false,
+          error: error instanceof Error ? error.message : "Unknown error"
+        };
+        res.status(500).json(response);
+      }
+    });
+  }
+  async initialize() {
+    await this.mcpServer.initialize();
+    this.transport = new InMemoryTransport();
+    const server = this.mcpServer.server;
+    if (server) {
+      await server.connect(this.transport);
+    }
+    this.isInitialized = true;
+    console.log("MCP Gateway initialized");
+  }
+  async start() {
+    await this.initialize();
+    return new Promise((resolve) => {
+      this.httpServer = this.app.listen(this.config.port, this.config.host, () => {
+        console.log(`MCP Gateway listening on http://${this.config.host}:${this.config.port}`);
+        resolve();
+      });
+    });
+  }
+  async close() {
+    if (this.httpServer) {
+      await new Promise((resolve, reject) => {
+        this.httpServer.close((err) => {
+          if (err) {
+            console.error("Error closing HTTP server:", err);
+            reject(err);
+          } else {
+            console.log("HTTP server closed");
+            resolve();
+          }
+        });
+      });
+    }
+    await this.mcpServer.close();
+    console.log("MCP Gateway closed");
+  }
+};
+export {
+  MCPGatewayServer
+};
+//# sourceMappingURL=index.mjs.map