@frontmcp/adapters 0.7.2 → 0.8.1

package/openapi/index.js

@@ -29,7 +29,9 @@ var __decorateClass = (decorators, target, key, kind) => {
 var openapi_exports = {};
 __export(openapi_exports, {
   FRONTMCP_EXTENSION_KEY: () => FRONTMCP_EXTENSION_KEY,
-  default: () => OpenapiAdapter
+  default: () => OpenapiAdapter,
+  forceJwtSecurity: () => forceJwtSecurity,
+  removeSecurityFromOperations: () => removeSecurityFromOperations
 });
 module.exports = __toCommonJS(openapi_exports);
 
@@ -149,9 +151,6 @@ function applyAdditionalHeaders(headers, additionalHeaders) {
 var DEFAULT_MAX_RESPONSE_SIZE = 10 * 1024 * 1024;
 async function parseResponse(response, options) {
   const maxSize = options?.maxResponseSize ?? DEFAULT_MAX_RESPONSE_SIZE;
-  if (!response.ok) {
-    throw new Error(`API request failed: ${response.status}`);
-  }
   const contentLength = response.headers.get("content-length");
   if (contentLength) {
     const length = parseInt(contentLength, 10);
@@ -165,14 +164,29 @@ async function parseResponse(response, options) {
     throw new Error(`Response size (${byteSize} bytes) exceeds maximum allowed (${maxSize} bytes)`);
   }
   const contentType = response.headers.get("content-type");
+  let data;
   if (contentType?.toLowerCase().includes("application/json")) {
     try {
-      return { data: JSON.parse(text) };
+      data = JSON.parse(text);
     } catch {
-      return { data: text };
+      data = text;
     }
+  } else {
+    data = text;
+  }
+  if (!response.ok) {
+    return {
+      status: response.status,
+      ok: false,
+      data,
+      error: typeof data === "object" && data !== null && "message" in data ? String(data.message) : typeof data === "string" ? data : `HTTP ${response.status} error`
+    };
   }
-  return { data: text };
+  return {
+    status: response.status,
+    ok: true,
+    data
+  };
 }
 
 // libs/adapters/src/openapi/openapi.security.ts
@@ -598,15 +612,32 @@ function createOpenApiTool(openapiTool, options, logger) {
   const metadata = openapiTool.metadata;
   const inputTransforms = metadata.adapter?.inputTransforms ?? [];
   const toolTransform = metadata.adapter?.toolTransform ?? {};
+  const postToolTransform = metadata.adapter?.postToolTransform;
   const frontmcpValidation = validateFrontMcpExtension(metadata.frontmcp, openapiTool.name, logger);
   const frontmcpExt = frontmcpValidation.data;
   const schemaResult = getZodSchemaFromJsonSchema(openapiTool.inputSchema, openapiTool.name, logger);
+  let wrappedOutputSchema;
+  if (openapiTool.outputSchema !== void 0) {
+    const baseOutputSchema = openapiTool.outputSchema ?? { type: "string" };
+    wrappedOutputSchema = {
+      type: "object",
+      properties: {
+        status: { type: "number", description: "HTTP status code" },
+        ok: { type: "boolean", description: "Whether the response was successful" },
+        data: baseOutputSchema,
+        error: { type: "string", description: "Error message for non-ok responses" }
+      },
+      required: ["status", "ok"]
+    };
+  }
   const toolMetadata = {
     id: openapiTool.name,
     name: openapiTool.name,
     description: openapiTool.description,
     inputSchema: schemaResult.schema.shape || {},
-    rawInputSchema: openapiTool.inputSchema
+    rawInputSchema: openapiTool.inputSchema,
+    // Add output schema for tool/list to expose (only if not moved to description)
+    ...wrappedOutputSchema && { rawOutputSchema: wrappedOutputSchema }
   };
   if (schemaResult.conversionFailed) {
     toolMetadata["_schemaConversionFailed"] = true;
@@ -719,11 +750,71 @@ function createOpenApiTool(openapiTool, options, logger) {
         body: serializedBody,
         signal: controller.signal
       });
-      return await parseResponse(response, { maxResponseSize: options.maxResponseSize });
+      const apiResponse = await parseResponse(response, { maxResponseSize: options.maxResponseSize });
+      let transformedData = apiResponse.data;
+      if (postToolTransform) {
+        const transformCtx = {
+          ctx,
+          tool: openapiTool,
+          status: apiResponse.status,
+          ok: apiResponse.ok,
+          adapterOptions: options
+        };
+        const shouldTransform = postToolTransform.filter ? postToolTransform.filter(transformCtx) : true;
+        if (shouldTransform) {
+          try {
+            transformedData = await postToolTransform.transform(apiResponse.data, transformCtx);
+          } catch (err) {
+            const errorMessage = err instanceof Error ? err.message : String(err);
+            const errorStack = err instanceof Error ? err.stack : void 0;
+            logger.error(`[${openapiTool.name}] Post-tool output transform failed`, {
+              error: errorMessage,
+              stack: errorStack,
+              status: apiResponse.status,
+              ok: apiResponse.ok
+            });
+          }
+        }
+      }
+      if (!apiResponse.ok) {
+        return {
+          content: [
+            {
+              type: "text",
+              text: JSON.stringify({
+                status: apiResponse.status,
+                error: apiResponse.error,
+                data: transformedData
+              })
+            }
+          ],
+          isError: true,
+          _meta: {
+            status: apiResponse.status,
+            errorCode: "OPENAPI_ERROR"
+          }
+        };
+      }
+      return {
+        status: apiResponse.status,
+        ok: true,
+        data: transformedData
+      };
     } catch (err) {
       if (err instanceof Error && err.name === "AbortError") {
-        throw new Error(`Request timeout after ${requestTimeout}ms for tool '${openapiTool.name}'`);
+        const timeoutError = new Error(`Request timeout after ${requestTimeout}ms for tool '${openapiTool.name}'`);
+        logger.error(`[${openapiTool.name}] API request timeout`, {
+          timeout: requestTimeout,
+          url,
+          method: openapiTool.metadata.method.toUpperCase()
+        });
+        throw timeoutError;
       }
+      logger.error(`[${openapiTool.name}] API request failed`, {
+        url,
+        method: openapiTool.metadata.method.toUpperCase(),
+        error: err instanceof Error ? { name: err.name, message: err.message, stack: err.stack } : err
+      });
       throw err;
     } finally {
       clearTimeout(timeoutId);
@@ -894,6 +985,15 @@ Add one of the following to your adapter configuration:
     if (this.options.inputTransforms) {
       transformedTools = transformedTools.map((tool2) => this.applyInputTransforms(tool2));
     }
+    if (this.options.schemaTransforms) {
+      transformedTools = transformedTools.map((tool2) => this.applySchemaTransforms(tool2));
+    }
+    const dataTransforms = this.options.dataTransforms || this.options.outputTransforms;
+    if (this.options.outputSchema || dataTransforms) {
+      transformedTools = await Promise.all(
+        transformedTools.map((tool2) => this.applyOutputSchemaOptions(tool2, dataTransforms))
+      );
+    }
     const tools = transformedTools.map((openapiTool) => createOpenApiTool(openapiTool, this.options, this.logger));
     return { tools };
   }
@@ -1163,6 +1263,251 @@ ${opDescription}`;
       }
     };
   }
+  /**
+   * Apply schema transforms to an OpenAPI tool.
+   * Modifies input and output schema definitions.
+   * @private
+   */
+  applySchemaTransforms(tool2) {
+    const opts = this.options.schemaTransforms;
+    if (!opts) return tool2;
+    const ctx = {
+      tool: tool2,
+      adapterOptions: this.options
+    };
+    let newInputSchema = tool2.inputSchema;
+    let newOutputSchema = tool2.outputSchema;
+    if (opts.input) {
+      const inputTransform = this.collectInputSchemaTransform(tool2);
+      if (inputTransform) {
+        newInputSchema = inputTransform(newInputSchema, ctx);
+      }
+    }
+    if (opts.output) {
+      const outputTransform = this.collectOutputSchemaTransform(tool2);
+      if (outputTransform) {
+        newOutputSchema = outputTransform(newOutputSchema, ctx);
+      }
+    }
+    if (newInputSchema === tool2.inputSchema && newOutputSchema === tool2.outputSchema) {
+      return tool2;
+    }
+    this.logger.debug(`Applied schema transforms to '${tool2.name}'`);
+    return {
+      ...tool2,
+      inputSchema: newInputSchema,
+      outputSchema: newOutputSchema
+    };
+  }
+  /**
+   * Collect input schema transform for a specific tool.
+   * @private
+   */
+  collectInputSchemaTransform(tool2) {
+    const opts = this.options.schemaTransforms?.input;
+    if (!opts) return void 0;
+    if (opts.generator) {
+      const generated = opts.generator(tool2);
+      if (generated) return generated;
+    }
+    if (opts.perTool?.[tool2.name]) {
+      return opts.perTool[tool2.name];
+    }
+    return opts.global;
+  }
+  /**
+   * Collect output schema transform for a specific tool.
+   * @private
+   */
+  collectOutputSchemaTransform(tool2) {
+    const opts = this.options.schemaTransforms?.output;
+    if (!opts) return void 0;
+    if (opts.generator) {
+      const generated = opts.generator(tool2);
+      if (generated) return generated;
+    }
+    if (opts.perTool?.[tool2.name]) {
+      return opts.perTool[tool2.name];
+    }
+    return opts.global;
+  }
+  /**
+   * Apply output schema options to an OpenAPI tool.
+   * Handles output schema mode and async description formatting.
+   * @private
+   */
+  async applyOutputSchemaOptions(tool2, dataTransforms) {
+    const outputSchemaOpts = this.options.outputSchema;
+    let newDescription = tool2.description;
+    let newOutputSchema = tool2.outputSchema;
+    const mode = outputSchemaOpts?.mode ?? "definition";
+    if (newOutputSchema && (mode === "description" || mode === "both")) {
+      const descriptionFormat = outputSchemaOpts?.descriptionFormat ?? "summary";
+      const formatter = outputSchemaOpts?.descriptionFormatter;
+      const formatterCtx = {
+        tool: tool2,
+        adapterOptions: this.options,
+        originalDescription: tool2.description
+      };
+      let schemaText;
+      if (formatter) {
+        schemaText = await Promise.resolve(formatter(newOutputSchema, formatterCtx));
+      } else {
+        schemaText = this.formatSchemaForDescription(newOutputSchema, descriptionFormat);
+      }
+      newDescription = tool2.description + schemaText;
+    }
+    if (mode === "description") {
+      newOutputSchema = void 0;
+    }
+    const preTransform = this.collectPreToolTransformsFromDataTransforms(tool2, dataTransforms);
+    if (preTransform) {
+      const ctx = {
+        tool: tool2,
+        adapterOptions: this.options
+      };
+      if (preTransform.transformSchema) {
+        newOutputSchema = preTransform.transformSchema(newOutputSchema, ctx);
+      }
+      if (preTransform.transformDescription) {
+        newDescription = preTransform.transformDescription(newDescription, newOutputSchema, ctx);
+      }
+    }
+    const postTransform = this.collectPostToolTransformsFromDataTransforms(tool2, dataTransforms);
+    if (newDescription === tool2.description && newOutputSchema === tool2.outputSchema && !postTransform) {
+      return tool2;
+    }
+    this.logger.debug(`Applied output schema options to '${tool2.name}' (mode: ${mode})`);
+    const metadataRecord = tool2.metadata;
+    const existingAdapter = metadataRecord["adapter"];
+    return {
+      ...tool2,
+      description: newDescription,
+      outputSchema: newOutputSchema,
+      metadata: {
+        ...tool2.metadata,
+        adapter: {
+          ...existingAdapter || {},
+          ...postTransform && { postToolTransform: postTransform }
+        }
+      }
+    };
+  }
+  /**
+   * Format schema for description based on mode.
+   * @private
+   */
+  formatSchemaForDescription(schema, mode) {
+    switch (mode) {
+      case "jsonSchema":
+        return `
+
+## Output Schema
+\`\`\`json
+${JSON.stringify(schema, null, 2)}
+\`\`\``;
+      case "summary":
+        return `
+
+## Returns
+${this.formatSchemaAsSummary(schema)}`;
+      default:
+        return `
+
+## Returns
+${this.formatSchemaAsSummary(schema)}`;
+    }
+  }
+  /**
+   * Collect pre-tool transforms from dataTransforms options.
+   * @private
+   */
+  collectPreToolTransformsFromDataTransforms(tool2, dataTransforms) {
+    const opts = dataTransforms?.preToolTransforms;
+    if (!opts) return void 0;
+    let result;
+    if (opts.global) {
+      result = { ...opts.global };
+    }
+    if (opts.perTool?.[tool2.name]) {
+      result = { ...result, ...opts.perTool[tool2.name] };
+    }
+    if (opts.generator) {
+      const generated = opts.generator(tool2);
+      if (generated) {
+        result = { ...result, ...generated };
+      }
+    }
+    return result;
+  }
+  /**
+   * Collect post-tool transforms from dataTransforms options.
+   * @private
+   */
+  collectPostToolTransformsFromDataTransforms(tool2, dataTransforms) {
+    const opts = dataTransforms?.postToolTransforms;
+    if (!opts) return void 0;
+    let result;
+    if (opts.global) {
+      result = { ...opts.global };
+    }
+    if (opts.perTool?.[tool2.name]) {
+      const perTool = opts.perTool[tool2.name];
+      result = result ? {
+        transform: perTool.transform,
+        filter: perTool.filter ?? result.filter
+      } : perTool;
+    }
+    if (opts.generator) {
+      const generated = opts.generator(tool2);
+      if (generated) {
+        result = result ? {
+          transform: generated.transform,
+          filter: generated.filter ?? result.filter
+        } : generated;
+      }
+    }
+    return result;
+  }
+  /**
+   * Format JSON Schema as human-readable summary.
+   * @private
+   */
+  formatSchemaAsSummary(schema) {
+    const lines = [];
+    if (schema.type === "object" && schema.properties) {
+      const required = new Set(schema.required || []);
+      for (const [name, propSchema] of Object.entries(schema.properties)) {
+        const isRequired = required.has(name);
+        const typeStr = this.getSchemaTypeString(propSchema);
+        const desc = propSchema.description ? ` - ${propSchema.description}` : "";
+        const reqStr = isRequired ? " (required)" : " (optional)";
+        lines.push(`- **${name}**: ${typeStr}${reqStr}${desc}`);
+      }
+    } else if (schema.type === "array" && schema.items) {
+      const itemType = this.getSchemaTypeString(schema.items);
+      lines.push(`Array of ${itemType}`);
+    } else {
+      lines.push(this.getSchemaTypeString(schema));
+    }
+    return lines.join("\n");
+  }
+  /**
+   * Get human-readable type string from JSON Schema.
+   * @private
+   */
+  getSchemaTypeString(schema) {
+    if (schema.type === "array") {
+      return schema.items ? `${this.getSchemaTypeString(schema.items)}[]` : "array";
+    }
+    if (schema.type === "object") {
+      return schema.title || "object";
+    }
+    if (Array.isArray(schema.type)) {
+      return schema.type.join(" | ");
+    }
+    return schema.type || "any";
+  }
 };
 OpenapiAdapter = __decorateClass([
   (0, import_sdk2.Adapter)({
@@ -1173,7 +1518,110 @@ OpenapiAdapter = __decorateClass([
 
 // libs/adapters/src/openapi/openapi.types.ts
 var FRONTMCP_EXTENSION_KEY = "x-frontmcp";
+
+// libs/adapters/src/openapi/openapi.spec-utils.ts
+function deepClone(obj) {
+  return JSON.parse(JSON.stringify(obj));
+}
+function forceJwtSecurity(spec, options = {}) {
+  const result = deepClone(spec);
+  const {
+    schemeName = "BearerAuth",
+    schemeType = "bearer",
+    apiKeyIn = "header",
+    apiKeyName = "X-API-Key",
+    operations,
+    description
+  } = options;
+  if (!result.components) {
+    result.components = {};
+  }
+  if (!result.components.securitySchemes) {
+    result.components.securitySchemes = {};
+  }
+  let securityScheme;
+  switch (schemeType) {
+    case "bearer":
+      securityScheme = {
+        type: "http",
+        scheme: "bearer",
+        bearerFormat: "JWT",
+        description: description ?? "JWT Bearer token authentication"
+      };
+      break;
+    case "apiKey":
+      securityScheme = {
+        type: "apiKey",
+        in: apiKeyIn,
+        name: apiKeyName,
+        description: description ?? `API Key authentication via ${apiKeyIn}`
+      };
+      break;
+    case "basic":
+      securityScheme = {
+        type: "http",
+        scheme: "basic",
+        description: description ?? "HTTP Basic authentication"
+      };
+      break;
+    default:
+      throw new Error(`Unsupported scheme type: ${schemeType}`);
+  }
+  result.components.securitySchemes[schemeName] = securityScheme;
+  const securityRequirement = {
+    [schemeName]: []
+  };
+  if (!result.paths) {
+    return result;
+  }
+  const operationSet = operations ? new Set(operations) : null;
+  for (const [, pathItem] of Object.entries(result.paths)) {
+    if (!pathItem) continue;
+    const methods = ["get", "put", "post", "delete", "options", "head", "patch", "trace"];
+    for (const method of methods) {
+      const operation = pathItem[method];
+      if (!operation) continue;
+      if (operationSet) {
+        if (!operation.operationId || !operationSet.has(operation.operationId)) {
+          continue;
+        }
+      }
+      if (!operation.security) {
+        operation.security = [];
+      }
+      const hasSecurityRequirement = operation.security.some((req) => Object.keys(req).includes(schemeName));
+      if (!hasSecurityRequirement) {
+        operation.security.push(securityRequirement);
+      }
+    }
+  }
+  return result;
+}
+function removeSecurityFromOperations(spec, operations) {
+  const result = deepClone(spec);
+  if (!result.paths) {
+    return result;
+  }
+  const operationSet = operations ? new Set(operations) : null;
+  for (const [, pathItem] of Object.entries(result.paths)) {
+    if (!pathItem) continue;
+    const methods = ["get", "put", "post", "delete", "options", "head", "patch", "trace"];
+    for (const method of methods) {
+      const operation = pathItem[method];
+      if (!operation) continue;
+      if (operationSet) {
+        if (!operation.operationId || !operationSet.has(operation.operationId)) {
+          continue;
+        }
+      }
+      operation.security = [];
+    }
+  }
+  return result;
+}
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
-  FRONTMCP_EXTENSION_KEY
+  FRONTMCP_EXTENSION_KEY,
+  forceJwtSecurity,
+  removeSecurityFromOperations
 });

package/openapi/openapi.adapter.d.ts

@@ -48,5 +48,52 @@ export default class OpenapiAdapter extends DynamicAdapter<OpenApiAdapterOptions
      * @private
      */
     private filterSecuritySchemes;
+    /**
+     * Apply schema transforms to an OpenAPI tool.
+     * Modifies input and output schema definitions.
+     * @private
+     */
+    private applySchemaTransforms;
+    /**
+     * Collect input schema transform for a specific tool.
+     * @private
+     */
+    private collectInputSchemaTransform;
+    /**
+     * Collect output schema transform for a specific tool.
+     * @private
+     */
+    private collectOutputSchemaTransform;
+    /**
+     * Apply output schema options to an OpenAPI tool.
+     * Handles output schema mode and async description formatting.
+     * @private
+     */
+    private applyOutputSchemaOptions;
+    /**
+     * Format schema for description based on mode.
+     * @private
+     */
+    private formatSchemaForDescription;
+    /**
+     * Collect pre-tool transforms from dataTransforms options.
+     * @private
+     */
+    private collectPreToolTransformsFromDataTransforms;
+    /**
+     * Collect post-tool transforms from dataTransforms options.
+     * @private
+     */
+    private collectPostToolTransformsFromDataTransforms;
+    /**
+     * Format JSON Schema as human-readable summary.
+     * @private
+     */
+    private formatSchemaAsSummary;
+    /**
+     * Get human-readable type string from JSON Schema.
+     * @private
+     */
+    private getSchemaTypeString;
 }
 //# sourceMappingURL=openapi.adapter.d.ts.map

package/openapi/openapi.adapter.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"openapi.adapter.d.ts","sourceRoot":"","sources":["../../src/openapi/openapi.adapter.ts"],"names":[],"mappings":"AAAA,OAAO,EAAW,cAAc,EAAE,uBAAuB,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AACjG,OAAO,EAAE,qBAAqB,EAAyD,MAAM,iBAAiB,CAAC;AA2B/G,MAAM,CAAC,OAAO,OAAO,cAAe,SAAQ,cAAc,CAAC,qBAAqB,CAAC;IAC/E,OAAO,CAAC,SAAS,CAAC,CAAuB;IACzC,OAAO,CAAC,MAAM,CAAiB;IACxB,OAAO,EAAE,qBAAqB,CAAC;gBAE1B,OAAO,EAAE,qBAAqB;IAO1C;;OAEG;IACH,SAAS,CAAC,MAAM,EAAE,cAAc,GAAG,IAAI;IAIjC,KAAK,IAAI,OAAO,CAAC,uBAAuB,CAAC;IAkG/C;;;OAGG;YACW,mBAAmB;IAqBjC;;;OAGG;IACH,OAAO,CAAC,oBAAoB;IA0C5B;;;OAGG;IACH,OAAO,CAAC,qBAAqB;IA4D7B;;;OAGG;IACH,OAAO,CAAC,mBAAmB;IAsC3B;;;OAGG;IACH,OAAO,CAAC,wBAAwB;IAuBhC;;;;;OAKG;IACH,OAAO,CAAC,oBAAoB;IAoD5B;;;;OAIG;IACH,OAAO,CAAC,qBAAqB;CA0D9B"}
+{"version":3,"file":"openapi.adapter.d.ts","sourceRoot":"","sources":["../../src/openapi/openapi.adapter.ts"],"names":[],"mappings":"AAAA,OAAO,EAAW,cAAc,EAAE,uBAAuB,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AACjG,OAAO,EACL,qBAAqB,EAWtB,MAAM,iBAAiB,CAAC;AA2BzB,MAAM,CAAC,OAAO,OAAO,cAAe,SAAQ,cAAc,CAAC,qBAAqB,CAAC;IAC/E,OAAO,CAAC,SAAS,CAAC,CAAuB;IACzC,OAAO,CAAC,MAAM,CAAiB;IACxB,OAAO,EAAE,qBAAqB,CAAC;gBAE1B,OAAO,EAAE,qBAAqB;IAO1C;;OAEG;IACH,SAAS,CAAC,MAAM,EAAE,cAAc,GAAG,IAAI;IAIjC,KAAK,IAAI,OAAO,CAAC,uBAAuB,CAAC;IAgH/C;;;OAGG;YACW,mBAAmB;IAqBjC;;;OAGG;IACH,OAAO,CAAC,oBAAoB;IA0C5B;;;OAGG;IACH,OAAO,CAAC,qBAAqB;IA4D7B;;;OAGG;IACH,OAAO,CAAC,mBAAmB;IAsC3B;;;OAGG;IACH,OAAO,CAAC,wBAAwB;IAuBhC;;;;;OAKG;IACH,OAAO,CAAC,oBAAoB;IAoD5B;;;;OAIG;IACH,OAAO,CAAC,qBAAqB;IA2D7B;;;;OAIG;IACH,OAAO,CAAC,qBAAqB;IA0C7B;;;OAGG;IACH,OAAO,CAAC,2BAA2B;IAiBnC;;;OAGG;IACH,OAAO,CAAC,4BAA4B;IAmBpC;;;;OAIG;YACW,wBAAwB;IAiFtC;;;OAGG;IACH,OAAO,CAAC,0BAA0B;IAgBlC;;;OAGG;IACH,OAAO,CAAC,0CAA0C;IA8BlD;;;OAGG;IACH,OAAO,CAAC,2CAA2C;IAyCnD;;;OAGG;IACH,OAAO,CAAC,qBAAqB;IAuB7B;;;OAGG;IACH,OAAO,CAAC,mBAAmB;CAY5B"}

package/openapi/openapi.spec-utils.d.ts

@@ -0,0 +1,86 @@
+import type { OpenAPIV3, OpenAPIV3_1 } from 'openapi-types';
+/**
+ * Options for forcing security on OpenAPI operations
+ */
+export interface ForceSecurityOptions {
+    /**
+     * Security scheme name to add/override.
+     * @default 'BearerAuth'
+     */
+    schemeName?: string;
+    /**
+     * Security scheme type.
+     * - 'bearer': HTTP Bearer authentication (JWT)
+     * - 'apiKey': API Key authentication
+     * - 'basic': HTTP Basic authentication
+     * @default 'bearer'
+     */
+    schemeType?: 'bearer' | 'apiKey' | 'basic';
+    /**
+     * For apiKey type: where to send the API key.
+     * @default 'header'
+     */
+    apiKeyIn?: 'header' | 'query' | 'cookie';
+    /**
+     * For apiKey type: the name of the header/query/cookie.
+     * @default 'X-API-Key'
+     */
+    apiKeyName?: string;
+    /**
+     * Apply security only to these operation IDs.
+     * If not specified, applies to all operations.
+     */
+    operations?: string[];
+    /**
+     * Description for the security scheme.
+     */
+    description?: string;
+}
+type OpenAPIDocument = OpenAPIV3.Document | OpenAPIV3_1.Document;
+/**
+ * Modify OpenAPI spec to force JWT/Bearer security on operations.
+ * Returns a new spec object (does not mutate input).
+ *
+ * @param spec - Original OpenAPI specification
+ * @param options - Security configuration options
+ * @returns Modified OpenAPI specification with security applied
+ *
+ * @example
+ * ```typescript
+ * import { forceJwtSecurity } from '@frontmcp/adapters/openapi';
+ *
+ * // Force Bearer auth on all operations
+ * const securedSpec = forceJwtSecurity(originalSpec);
+ *
+ * // Force Bearer auth with custom scheme name
+ * const securedSpec = forceJwtSecurity(originalSpec, {
+ *   schemeName: 'JWTAuth',
+ *   description: 'JWT Bearer token authentication'
+ * });
+ *
+ * // Force auth on specific operations only
+ * const securedSpec = forceJwtSecurity(originalSpec, {
+ *   operations: ['createUser', 'updateUser', 'deleteUser']
+ * });
+ *
+ * // Force API Key auth
+ * const securedSpec = forceJwtSecurity(originalSpec, {
+ *   schemeName: 'ApiKeyAuth',
+ *   schemeType: 'apiKey',
+ *   apiKeyIn: 'header',
+ *   apiKeyName: 'X-API-Key'
+ * });
+ * ```
+ */
+export declare function forceJwtSecurity(spec: OpenAPIDocument, options?: ForceSecurityOptions): OpenAPIDocument;
+/**
+ * Remove security requirements from specific operations.
+ * Returns a new spec object (does not mutate input).
+ *
+ * @param spec - Original OpenAPI specification
+ * @param operations - Operation IDs to remove security from. If not specified, removes from all.
+ * @returns Modified OpenAPI specification
+ */
+export declare function removeSecurityFromOperations(spec: OpenAPIDocument, operations?: string[]): OpenAPIDocument;
+export {};
+//# sourceMappingURL=openapi.spec-utils.d.ts.map

package/openapi/openapi.spec-utils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"openapi.spec-utils.d.ts","sourceRoot":"","sources":["../../src/openapi/openapi.spec-utils.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAE5D;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC;;;OAGG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;IAEpB;;;;;;OAMG;IACH,UAAU,CAAC,EAAE,QAAQ,GAAG,QAAQ,GAAG,OAAO,CAAC;IAE3C;;;OAGG;IACH,QAAQ,CAAC,EAAE,QAAQ,GAAG,OAAO,GAAG,QAAQ,CAAC;IAEzC;;;OAGG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;IAEpB;;;OAGG;IACH,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IAEtB;;OAEG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,KAAK,eAAe,GAAG,SAAS,CAAC,QAAQ,GAAG,WAAW,CAAC,QAAQ,CAAC;AAUjE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAkCG;AACH,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,eAAe,EAAE,OAAO,GAAE,oBAAyB,GAAG,eAAe,CAuG3G;AAED;;;;;;;GAOG;AACH,wBAAgB,4BAA4B,CAAC,IAAI,EAAE,eAAe,EAAE,UAAU,CAAC,EAAE,MAAM,EAAE,GAAG,eAAe,CAgC1G"}

package/openapi/openapi.tool.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"openapi.tool.d.ts","sourceRoot":"","sources":["../../src/openapi/openapi.tool.ts"],"names":[],"mappings":"AACA,OAAO,EAAQ,cAAc,EAAE,MAAM,eAAe,CAAC;AAErD,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AACvD,OAAO,KAAK,EACV,qBAAqB,EAItB,MAAM,iBAAiB,CAAC;AASzB;;;;;;;GAOG;AACH,wBAAgB,iBAAiB,CAAC,WAAW,EAAE,cAAc,EAAE,OAAO,EAAE,qBAAqB,EAAE,MAAM,EAAE,cAAc,cAgLpH"}
+{"version":3,"file":"openapi.tool.d.ts","sourceRoot":"","sources":["../../src/openapi/openapi.tool.ts"],"names":[],"mappings":"AACA,OAAO,EAAQ,cAAc,EAAE,MAAM,eAAe,CAAC;AAErD,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AACvD,OAAO,KAAK,EACV,qBAAqB,EAKtB,MAAM,iBAAiB,CAAC;AASzB;;;;;;;GAOG;AACH,wBAAgB,iBAAiB,CAAC,WAAW,EAAE,cAAc,EAAE,OAAO,EAAE,qBAAqB,EAAE,MAAM,EAAE,cAAc,cA+QpH"}