@frontmcp/plugins 0.4.1 → 0.5.1

package/src/codecall/tools/execute.tool.js

@@ -0,0 +1,238 @@
+"use strict";
+// file: libs/plugins/src/codecall/tools/execute.tool.ts
+Object.defineProperty(exports, "__esModule", { value: true });
+const tslib_1 = require("tslib");
+const sdk_1 = require("@frontmcp/sdk");
+const execute_schema_1 = require("./execute.schema");
+const enclave_service_1 = tslib_1.__importDefault(require("../services/enclave.service"));
+const code_call_config_1 = tslib_1.__importDefault(require("../providers/code-call.config"));
+const security_1 = require("../security");
+const errors_1 = require("../errors");
+const utils_1 = require("../utils");
+/**
+ * Determine the error code from an error object.
+ * Used to categorize errors for sanitized reporting.
+ */
+function getErrorCode(error) {
+    if (!(error instanceof Error)) {
+        return errors_1.TOOL_CALL_ERROR_CODES.EXECUTION;
+    }
+    // Check for specific error types
+    if (error.name === 'ZodError' || error.message?.includes('validation')) {
+        return errors_1.TOOL_CALL_ERROR_CODES.VALIDATION;
+    }
+    if (error.message?.includes('timeout') || error.message?.includes('timed out')) {
+        return errors_1.TOOL_CALL_ERROR_CODES.TIMEOUT;
+    }
+    if (error.name === 'ToolNotFoundError' || error.message?.includes('not found')) {
+        return errors_1.TOOL_CALL_ERROR_CODES.NOT_FOUND;
+    }
+    return errors_1.TOOL_CALL_ERROR_CODES.EXECUTION;
+}
+let ExecuteTool = class ExecuteTool extends sdk_1.ToolContext {
+    async execute(input) {
+        const { script, allowedTools } = input;
+        // Set up the VM environment with tool integration
+        const allowedToolSet = allowedTools ? new Set(allowedTools) : null;
+        const environment = {
+            callTool: async (name, toolInput, options) => {
+                const throwOnError = options?.throwOnError !== false; // Default: true
+                // ============================================================
+                // SECURITY LAYER 1: Self-reference blocking (FIRST CHECK)
+                // This MUST be the first check - no exceptions, no try/catch
+                // ============================================================
+                (0, security_1.assertNotSelfReference)(name);
+                // ============================================================
+                // SECURITY LAYER 2: Whitelist check (if configured)
+                // ============================================================
+                if (allowedToolSet && !allowedToolSet.has(name)) {
+                    const error = (0, errors_1.createToolCallError)(errors_1.TOOL_CALL_ERROR_CODES.ACCESS_DENIED, name);
+                    if (throwOnError) {
+                        throw error;
+                    }
+                    return { success: false, error };
+                }
+                // ============================================================
+                // Tool execution through the proper flow system
+                // This ensures hooks, validation, quota, and all middleware run
+                // ============================================================
+                try {
+                    // Build MCP-compatible CallToolRequest
+                    const request = {
+                        method: 'tools/call',
+                        params: {
+                            name,
+                            arguments: toolInput,
+                        },
+                    };
+                    // Build context with auth info
+                    const ctx = {
+                        authInfo: this.authInfo,
+                    };
+                    // Execute through the flow system - this runs all stages:
+                    // PRE: parseInput → findTool → createToolCallContext → acquireQuota → acquireSemaphore
+                    // EXECUTE: validateInput → execute → validateOutput
+                    // FINALIZE: releaseSemaphore → releaseQuota → finalize
+                    const mcpResult = await this.scope.runFlow('tools:call-tool', { request, ctx });
+                    if (!mcpResult) {
+                        const error = (0, errors_1.createToolCallError)(errors_1.TOOL_CALL_ERROR_CODES.EXECUTION, name, 'Flow returned no result');
+                        if (throwOnError) {
+                            throw error;
+                        }
+                        return { success: false, error };
+                    }
+                    // Extract the actual result from MCP CallToolResult format
+                    const result = (0, utils_1.extractResultFromCallToolResult)(mcpResult);
+                    // Success path
+                    if (throwOnError) {
+                        return result;
+                    }
+                    return { success: true, data: result };
+                }
+                catch (error) {
+                    // ============================================================
+                    // Error sanitization - NEVER expose internal details
+                    // ============================================================
+                    // Determine error code from the error type
+                    const errorCode = getErrorCode(error);
+                    const rawMessage = error instanceof Error ? error.message : undefined;
+                    const sanitizedError = (0, errors_1.createToolCallError)(errorCode, name, rawMessage);
+                    if (throwOnError) {
+                        // Throw sanitized error (no stack trace, no internal details)
+                        throw sanitizedError;
+                    }
+                    return { success: false, error: sanitizedError };
+                }
+            },
+            getTool: (name) => {
+                try {
+                    const tools = this.scope.tools.getTools(true);
+                    const tool = tools.find((t) => t.name === name || t.fullName === name);
+                    if (!tool)
+                        return undefined;
+                    return {
+                        name: tool.name,
+                        description: tool.metadata?.description,
+                        inputSchema: tool.rawInputSchema,
+                        outputSchema: tool.outputSchema,
+                    };
+                }
+                catch {
+                    return undefined;
+                }
+            },
+            console: this.get(code_call_config_1.default).get('resolvedVm.allowConsole') ? console : undefined,
+            mcpLog: (level, message, metadata) => {
+                // Log through FrontMCP logging system if available
+                this.logger?.[level](message, metadata);
+            },
+            mcpNotify: (event, payload) => {
+                // Send notifications through FrontMCP notification system if available
+                this.logger?.debug('Notification sent', { event, payload });
+            },
+        };
+        // Get the enclave service and config
+        const enclaveService = this.get(enclave_service_1.default);
+        const config = this.get(code_call_config_1.default);
+        try {
+            const executionResult = await enclaveService.execute(script, environment);
+            // Map execution result to CodeCall result
+            if (executionResult.timedOut) {
+                return {
+                    status: 'timeout',
+                    error: {
+                        message: `Script execution timed out after ${config.getAll().resolvedVm.timeoutMs}ms`,
+                    },
+                };
+            }
+            if (!executionResult.success) {
+                const error = executionResult.error;
+                // Check if it's a validation error (from AST validation)
+                if (error.code === 'VALIDATION_ERROR' || error.name === 'ValidationError') {
+                    return {
+                        status: 'illegal_access',
+                        error: {
+                            kind: 'IllegalBuiltinAccess',
+                            message: error.message,
+                        },
+                    };
+                }
+                // Check if it's a tool error
+                if (error.toolName) {
+                    return {
+                        status: 'tool_error',
+                        error: {
+                            source: 'tool',
+                            toolName: error.toolName,
+                            toolInput: error.toolInput,
+                            message: error.message,
+                            code: error.code,
+                            details: error.details,
+                        },
+                    };
+                }
+                // Otherwise it's a runtime error
+                return {
+                    status: 'runtime_error',
+                    error: {
+                        source: 'script',
+                        message: error.message,
+                        name: error.name,
+                        stack: error.stack,
+                    },
+                };
+            }
+            // Success!
+            return {
+                status: 'ok',
+                result: executionResult.result,
+                logs: executionResult.logs.length > 0 ? executionResult.logs : undefined,
+            };
+        }
+        catch (error) {
+            // Type-safe error handling
+            const errorName = error instanceof Error ? error.name : 'Error';
+            const errorMessage = error instanceof Error ? error.message : String(error);
+            const errorStack = error instanceof Error ? error.stack : undefined;
+            const errorLoc = error.loc;
+            // Check for syntax errors
+            if (errorName === 'SyntaxError' || errorMessage?.includes('syntax')) {
+                return {
+                    status: 'syntax_error',
+                    error: {
+                        message: errorMessage || 'Syntax error in script',
+                        location: errorLoc ? { line: errorLoc.line, column: errorLoc.column } : undefined,
+                    },
+                };
+            }
+            // Unexpected error during execution
+            return {
+                status: 'runtime_error',
+                error: {
+                    source: 'script',
+                    message: errorMessage || 'An unexpected error occurred during script execution',
+                    name: errorName,
+                    stack: errorStack,
+                },
+            };
+        }
+    }
+};
+ExecuteTool = tslib_1.__decorate([
+    (0, sdk_1.Tool)({
+        name: 'codecall:execute',
+        cache: {
+            ttl: 0, // No caching - each execution is unique
+            slideWindow: false,
+        },
+        codecall: {
+            enabledInCodeCall: false,
+            visibleInListTools: true,
+        },
+        description: execute_schema_1.executeToolDescription,
+        inputSchema: execute_schema_1.executeToolInputSchema,
+        outputSchema: execute_schema_1.executeToolOutputSchema,
+    })
+], ExecuteTool);
+exports.default = ExecuteTool;
+//# sourceMappingURL=execute.tool.js.map

package/src/codecall/tools/execute.tool.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"execute.tool.js","sourceRoot":"","sources":["../../../../src/codecall/tools/execute.tool.ts"],"names":[],"mappings":";AAAA,wDAAwD;;;AAExD,uCAAkD;AAClD,qDAM0B;AAE1B,0FAAyD;AACzD,6FAA2D;AAC3D,0CAAqD;AACrD,sCAMmB;AACnB,oCAA2D;AAE3D;;;GAGG;AACH,SAAS,YAAY,CAAC,KAAc;IAClC,IAAI,CAAC,CAAC,KAAK,YAAY,KAAK,CAAC,EAAE,CAAC;QAC9B,OAAO,8BAAqB,CAAC,SAAS,CAAC;IACzC,CAAC;IAED,iCAAiC;IACjC,IAAI,KAAK,CAAC,IAAI,KAAK,UAAU,IAAI,KAAK,CAAC,OAAO,EAAE,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;QACvE,OAAO,8BAAqB,CAAC,UAAU,CAAC;IAC1C,CAAC;IAED,IAAI,KAAK,CAAC,OAAO,EAAE,QAAQ,CAAC,SAAS,CAAC,IAAI,KAAK,CAAC,OAAO,EAAE,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;QAC/E,OAAO,8BAAqB,CAAC,OAAO,CAAC;IACvC,CAAC;IAED,IAAI,KAAK,CAAC,IAAI,KAAK,mBAAmB,IAAI,KAAK,CAAC,OAAO,EAAE,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;QAC/E,OAAO,8BAAqB,CAAC,SAAS,CAAC;IACzC,CAAC;IAED,OAAO,8BAAqB,CAAC,SAAS,CAAC;AACzC,CAAC;AAgBc,IAAM,WAAW,GAAjB,MAAM,WAAY,SAAQ,iBAAW;IAClD,KAAK,CAAC,OAAO,CAAC,KAAuB;QACnC,MAAM,EAAE,MAAM,EAAE,YAAY,EAAE,GAAG,KAAK,CAAC;QAEvC,kDAAkD;QAClD,MAAM,cAAc,GAAG,YAAY,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QAEnE,MAAM,WAAW,GAA0B;YACzC,QAAQ,EAAE,KAAK,EACb,IAAY,EACZ,SAAiB,EACjB,OAAyB,EACmB,EAAE;gBAC9C,MAAM,YAAY,GAAG,OAAO,EAAE,YAAY,KAAK,KAAK,CAAC,CAAC,gBAAgB;gBAEtE,+DAA+D;gBAC/D,0DAA0D;gBAC1D,6DAA6D;gBAC7D,+DAA+D;gBAC/D,IAAA,iCAAsB,EAAC,IAAI,CAAC,CAAC;gBAE7B,+DAA+D;gBAC/D,oDAAoD;gBACpD,+DAA+D;gBAC/D,IAAI,cAAc,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;oBAChD,MAAM,KAAK,GAAG,IAAA,4BAAmB,EAAC,8BAAqB,CAAC,aAAa,EAAE,IAAI,CAAC,CAAC;oBAC7E,IAAI,YAAY,EAAE,CAAC;wBACjB,MAAM,KAAK,CAAC;oBACd,CAAC;oBACD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC;gBACnC,CAAC;gBAED,+DAA+D;gBAC/D,gDAAgD;gBAChD,gEAAgE;gBAChE,+DAA+D;gBAC/D,IAAI,CAAC;oBACH,uCAAuC;oBACvC,MAAM,OAAO,GAAG;wBACd,MAAM,EAAE,YAAqB;wBAC7B,MAAM,EAAE;4BACN,IAAI;4BACJ,SAAS,EAAE,SAAoC;yBAChD;qBACF,CAAC;oBAEF,+BAA+B;oBAC/B,MAAM,GAAG,GAAG;wBACV,QAAQ,EAAE,IAAI,CAAC,QAAQ;qBACxB,CAAC;oBAEF,0DAA0D;oBAC1D,uFAAuF;oBACvF,oDAAoD;oBACpD,uDAAuD;oBACvD,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,iBAAiB,EAAE,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC;oBAEhF,IAAI,CAAC,SAAS,EAAE,CAAC;wBACf,MAAM,KAAK,GAAG,IAAA,4BAAmB,EAAC,8BAAqB,CAAC,SAAS,EAAE,IAAI,EAAE,yBAAyB,CAAC,CAAC;wBACpG,IAAI,YAAY,EAAE,CAAC;4BACjB,MAAM,KAAK,CAAC;wBACd,CAAC;wBACD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC;oBACnC,CAAC;oBAED,2DAA2D;oBAC3D,MAAM,MAAM,GAAG,IAAA,uCAA+B,EAAC,SAAS,CAAC,CAAC;oBAE1D,eAAe;oBACf,IAAI,YAAY,EAAE,CAAC;wBACjB,OAAO,MAAiB,CAAC;oBAC3B,CAAC;oBACD,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,MAAiB,EAAE,CAAC;gBACpD,CAAC;gBAAC,OAAO,KAAc,EAAE,CAAC;oBACxB,+DAA+D;oBAC/D,qDAAqD;oBACrD,+DAA+D;oBAE/D,2CAA2C;oBAC3C,MAAM,SAAS,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC;oBACtC,MAAM,UAAU,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;oBAEtE,MAAM,cAAc,GAAG,IAAA,4BAAmB,EAAC,SAAS,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC;oBAExE,IAAI,YAAY,EAAE,CAAC;wBACjB,8DAA8D;wBAC9D,MAAM,cAAc,CAAC;oBACvB,CAAC;oBACD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,cAAc,EAAE,CAAC;gBACnD,CAAC;YACH,CAAC;YAED,OAAO,EAAE,CAAC,IAAY,EAAE,EAAE;gBACxB,IAAI,CAAC;oBACH,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;oBAC9C,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,IAAI,CAAC,CAAC,QAAQ,KAAK,IAAI,CAAC,CAAC;oBAEvE,IAAI,CAAC,IAAI;wBAAE,OAAO,SAAS,CAAC;oBAE5B,OAAO;wBACL,IAAI,EAAE,IAAI,CAAC,IAAI;wBACf,WAAW,EAAE,IAAI,CAAC,QAAQ,EAAE,WAAW;wBACvC,WAAW,EAAE,IAAI,CAAC,cAAc;wBAChC,YAAY,EAAE,IAAI,CAAC,YAAY;qBAChC,CAAC;gBACJ,CAAC;gBAAC,MAAM,CAAC;oBACP,OAAO,SAAS,CAAC;gBACnB,CAAC;YACH,CAAC;YAED,OAAO,EAAE,IAAI,CAAC,GAAG,CAAC,0BAAc,CAAC,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS;YAEtF,MAAM,EAAE,CAAC,KAA0C,EAAE,OAAe,EAAE,QAAkC,EAAE,EAAE;gBAC1G,mDAAmD;gBACnD,IAAI,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;YAC1C,CAAC;YAED,SAAS,EAAE,CAAC,KAAa,EAAE,OAAgC,EAAE,EAAE;gBAC7D,uEAAuE;gBACvE,IAAI,CAAC,MAAM,EAAE,KAAK,CAAC,mBAAmB,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;YAC9D,CAAC;SACF,CAAC;QAEF,qCAAqC;QACrC,MAAM,cAAc,GAAG,IAAI,CAAC,GAAG,CAAC,yBAAc,CAAC,CAAC;QAChD,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC,0BAAc,CAAC,CAAC;QAExC,IAAI,CAAC;YACH,MAAM,eAAe,GAAG,MAAM,cAAc,CAAC,OAAO,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;YAE1E,0CAA0C;YAC1C,IAAI,eAAe,CAAC,QAAQ,EAAE,CAAC;gBAC7B,OAAO;oBACL,MAAM,EAAE,SAAS;oBACjB,KAAK,EAAE;wBACL,OAAO,EAAE,oCAAoC,MAAM,CAAC,MAAM,EAAE,CAAC,UAAU,CAAC,SAAS,IAAI;qBACtF;iBACF,CAAC;YACJ,CAAC;YAED,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,CAAC;gBAC7B,MAAM,KAAK,GAAG,eAAe,CAAC,KAAM,CAAC;gBAErC,yDAAyD;gBACzD,IAAI,KAAK,CAAC,IAAI,KAAK,kBAAkB,IAAI,KAAK,CAAC,IAAI,KAAK,iBAAiB,EAAE,CAAC;oBAC1E,OAAO;wBACL,MAAM,EAAE,gBAAgB;wBACxB,KAAK,EAAE;4BACL,IAAI,EAAE,sBAAsB;4BAC5B,OAAO,EAAE,KAAK,CAAC,OAAO;yBACvB;qBACF,CAAC;gBACJ,CAAC;gBAED,6BAA6B;gBAC7B,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;oBACnB,OAAO;wBACL,MAAM,EAAE,YAAY;wBACpB,KAAK,EAAE;4BACL,MAAM,EAAE,MAAM;4BACd,QAAQ,EAAE,KAAK,CAAC,QAAQ;4BACxB,SAAS,EAAE,KAAK,CAAC,SAAS;4BAC1B,OAAO,EAAE,KAAK,CAAC,OAAO;4BACtB,IAAI,EAAE,KAAK,CAAC,IAAI;4BAChB,OAAO,EAAE,KAAK,CAAC,OAAO;yBACvB;qBACF,CAAC;gBACJ,CAAC;gBAED,iCAAiC;gBACjC,OAAO;oBACL,MAAM,EAAE,eAAe;oBACvB,KAAK,EAAE;wBACL,MAAM,EAAE,QAAQ;wBAChB,OAAO,EAAE,KAAK,CAAC,OAAO;wBACtB,IAAI,EAAE,KAAK,CAAC,IAAI;wBAChB,KAAK,EAAE,KAAK,CAAC,KAAK;qBACnB;iBACF,CAAC;YACJ,CAAC;YAED,WAAW;YACX,OAAO;gBACL,MAAM,EAAE,IAAI;gBACZ,MAAM,EAAE,eAAe,CAAC,MAAM;gBAC9B,IAAI,EAAE,eAAe,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS;aACzE,CAAC;QACJ,CAAC;QAAC,OAAO,KAAc,EAAE,CAAC;YACxB,2BAA2B;YAC3B,MAAM,SAAS,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC;YAChE,MAAM,YAAY,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YAC5E,MAAM,UAAU,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;YACpE,MAAM,QAAQ,GAAI,KAAoD,CAAC,GAAG,CAAC;YAE3E,0BAA0B;YAC1B,IAAI,SAAS,KAAK,aAAa,IAAI,YAAY,EAAE,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACpE,OAAO;oBACL,MAAM,EAAE,cAAc;oBACtB,KAAK,EAAE;wBACL,OAAO,EAAE,YAAY,IAAI,wBAAwB;wBACjD,QAAQ,EAAE,QAAQ,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,SAAS;qBAClF;iBACF,CAAC;YACJ,CAAC;YAED,oCAAoC;YACpC,OAAO;gBACL,MAAM,EAAE,eAAe;gBACvB,KAAK,EAAE;oBACL,MAAM,EAAE,QAAQ;oBAChB,OAAO,EAAE,YAAY,IAAI,sDAAsD;oBAC/E,IAAI,EAAE,SAAS;oBACf,KAAK,EAAE,UAAU;iBAClB;aACF,CAAC;QACJ,CAAC;IACH,CAAC;CACF,CAAA;AAzNoB,WAAW;IAd/B,IAAA,UAAI,EAAC;QACJ,IAAI,EAAE,kBAAkB;QACxB,KAAK,EAAE;YACL,GAAG,EAAE,CAAC,EAAE,wCAAwC;YAChD,WAAW,EAAE,KAAK;SACnB;QACD,QAAQ,EAAE;YACR,iBAAiB,EAAE,KAAK;YACxB,kBAAkB,EAAE,IAAI;SACzB;QACD,WAAW,EAAE,uCAAsB;QACnC,WAAW,EAAE,uCAAsB;QACnC,YAAY,EAAE,wCAAuB;KACtC,CAAC;GACmB,WAAW,CAyN/B;kBAzNoB,WAAW","sourcesContent":["// file: libs/plugins/src/codecall/tools/execute.tool.ts\n\nimport { Tool, ToolContext } from '@frontmcp/sdk';\nimport {\n  CodeCallExecuteResult,\n  executeToolOutputSchema,\n  executeToolDescription,\n  executeToolInputSchema,\n  ExecuteToolInput,\n} from './execute.schema';\nimport type { CodeCallVmEnvironment } from '../codecall.symbol';\nimport EnclaveService from '../services/enclave.service';\nimport CodeCallConfig from '../providers/code-call.config';\nimport { assertNotSelfReference } from '../security';\nimport {\n  createToolCallError,\n  TOOL_CALL_ERROR_CODES,\n  ToolCallResult,\n  CallToolOptions,\n  ToolCallErrorCode,\n} from '../errors';\nimport { extractResultFromCallToolResult } from '../utils';\n\n/**\n * Determine the error code from an error object.\n * Used to categorize errors for sanitized reporting.\n */\nfunction getErrorCode(error: unknown): ToolCallErrorCode {\n  if (!(error instanceof Error)) {\n    return TOOL_CALL_ERROR_CODES.EXECUTION;\n  }\n\n  // Check for specific error types\n  if (error.name === 'ZodError' || error.message?.includes('validation')) {\n    return TOOL_CALL_ERROR_CODES.VALIDATION;\n  }\n\n  if (error.message?.includes('timeout') || error.message?.includes('timed out')) {\n    return TOOL_CALL_ERROR_CODES.TIMEOUT;\n  }\n\n  if (error.name === 'ToolNotFoundError' || error.message?.includes('not found')) {\n    return TOOL_CALL_ERROR_CODES.NOT_FOUND;\n  }\n\n  return TOOL_CALL_ERROR_CODES.EXECUTION;\n}\n\n@Tool({\n  name: 'codecall:execute',\n  cache: {\n    ttl: 0, // No caching - each execution is unique\n    slideWindow: false,\n  },\n  codecall: {\n    enabledInCodeCall: false,\n    visibleInListTools: true,\n  },\n  description: executeToolDescription,\n  inputSchema: executeToolInputSchema,\n  outputSchema: executeToolOutputSchema,\n})\nexport default class ExecuteTool extends ToolContext {\n  async execute(input: ExecuteToolInput): Promise<CodeCallExecuteResult> {\n    const { script, allowedTools } = input;\n\n    // Set up the VM environment with tool integration\n    const allowedToolSet = allowedTools ? new Set(allowedTools) : null;\n\n    const environment: CodeCallVmEnvironment = {\n      callTool: async <TInput, TResult>(\n        name: string,\n        toolInput: TInput,\n        options?: CallToolOptions,\n      ): Promise<TResult | ToolCallResult<TResult>> => {\n        const throwOnError = options?.throwOnError !== false; // Default: true\n\n        // ============================================================\n        // SECURITY LAYER 1: Self-reference blocking (FIRST CHECK)\n        // This MUST be the first check - no exceptions, no try/catch\n        // ============================================================\n        assertNotSelfReference(name);\n\n        // ============================================================\n        // SECURITY LAYER 2: Whitelist check (if configured)\n        // ============================================================\n        if (allowedToolSet && !allowedToolSet.has(name)) {\n          const error = createToolCallError(TOOL_CALL_ERROR_CODES.ACCESS_DENIED, name);\n          if (throwOnError) {\n            throw error;\n          }\n          return { success: false, error };\n        }\n\n        // ============================================================\n        // Tool execution through the proper flow system\n        // This ensures hooks, validation, quota, and all middleware run\n        // ============================================================\n        try {\n          // Build MCP-compatible CallToolRequest\n          const request = {\n            method: 'tools/call' as const,\n            params: {\n              name,\n              arguments: toolInput as Record<string, unknown>,\n            },\n          };\n\n          // Build context with auth info\n          const ctx = {\n            authInfo: this.authInfo,\n          };\n\n          // Execute through the flow system - this runs all stages:\n          // PRE: parseInput → findTool → createToolCallContext → acquireQuota → acquireSemaphore\n          // EXECUTE: validateInput → execute → validateOutput\n          // FINALIZE: releaseSemaphore → releaseQuota → finalize\n          const mcpResult = await this.scope.runFlow('tools:call-tool', { request, ctx });\n\n          if (!mcpResult) {\n            const error = createToolCallError(TOOL_CALL_ERROR_CODES.EXECUTION, name, 'Flow returned no result');\n            if (throwOnError) {\n              throw error;\n            }\n            return { success: false, error };\n          }\n\n          // Extract the actual result from MCP CallToolResult format\n          const result = extractResultFromCallToolResult(mcpResult);\n\n          // Success path\n          if (throwOnError) {\n            return result as TResult;\n          }\n          return { success: true, data: result as TResult };\n        } catch (error: unknown) {\n          // ============================================================\n          // Error sanitization - NEVER expose internal details\n          // ============================================================\n\n          // Determine error code from the error type\n          const errorCode = getErrorCode(error);\n          const rawMessage = error instanceof Error ? error.message : undefined;\n\n          const sanitizedError = createToolCallError(errorCode, name, rawMessage);\n\n          if (throwOnError) {\n            // Throw sanitized error (no stack trace, no internal details)\n            throw sanitizedError;\n          }\n          return { success: false, error: sanitizedError };\n        }\n      },\n\n      getTool: (name: string) => {\n        try {\n          const tools = this.scope.tools.getTools(true);\n          const tool = tools.find((t) => t.name === name || t.fullName === name);\n\n          if (!tool) return undefined;\n\n          return {\n            name: tool.name,\n            description: tool.metadata?.description,\n            inputSchema: tool.rawInputSchema,\n            outputSchema: tool.outputSchema,\n          };\n        } catch {\n          return undefined;\n        }\n      },\n\n      console: this.get(CodeCallConfig).get('resolvedVm.allowConsole') ? console : undefined,\n\n      mcpLog: (level: 'debug' | 'info' | 'warn' | 'error', message: string, metadata?: Record<string, unknown>) => {\n        // Log through FrontMCP logging system if available\n        this.logger?.[level](message, metadata);\n      },\n\n      mcpNotify: (event: string, payload: Record<string, unknown>) => {\n        // Send notifications through FrontMCP notification system if available\n        this.logger?.debug('Notification sent', { event, payload });\n      },\n    };\n\n    // Get the enclave service and config\n    const enclaveService = this.get(EnclaveService);\n    const config = this.get(CodeCallConfig);\n\n    try {\n      const executionResult = await enclaveService.execute(script, environment);\n\n      // Map execution result to CodeCall result\n      if (executionResult.timedOut) {\n        return {\n          status: 'timeout',\n          error: {\n            message: `Script execution timed out after ${config.getAll().resolvedVm.timeoutMs}ms`,\n          },\n        };\n      }\n\n      if (!executionResult.success) {\n        const error = executionResult.error!;\n\n        // Check if it's a validation error (from AST validation)\n        if (error.code === 'VALIDATION_ERROR' || error.name === 'ValidationError') {\n          return {\n            status: 'illegal_access',\n            error: {\n              kind: 'IllegalBuiltinAccess',\n              message: error.message,\n            },\n          };\n        }\n\n        // Check if it's a tool error\n        if (error.toolName) {\n          return {\n            status: 'tool_error',\n            error: {\n              source: 'tool',\n              toolName: error.toolName,\n              toolInput: error.toolInput,\n              message: error.message,\n              code: error.code,\n              details: error.details,\n            },\n          };\n        }\n\n        // Otherwise it's a runtime error\n        return {\n          status: 'runtime_error',\n          error: {\n            source: 'script',\n            message: error.message,\n            name: error.name,\n            stack: error.stack,\n          },\n        };\n      }\n\n      // Success!\n      return {\n        status: 'ok',\n        result: executionResult.result,\n        logs: executionResult.logs.length > 0 ? executionResult.logs : undefined,\n      };\n    } catch (error: unknown) {\n      // Type-safe error handling\n      const errorName = error instanceof Error ? error.name : 'Error';\n      const errorMessage = error instanceof Error ? error.message : String(error);\n      const errorStack = error instanceof Error ? error.stack : undefined;\n      const errorLoc = (error as { loc?: { line: number; column: number } }).loc;\n\n      // Check for syntax errors\n      if (errorName === 'SyntaxError' || errorMessage?.includes('syntax')) {\n        return {\n          status: 'syntax_error',\n          error: {\n            message: errorMessage || 'Syntax error in script',\n            location: errorLoc ? { line: errorLoc.line, column: errorLoc.column } : undefined,\n          },\n        };\n      }\n\n      // Unexpected error during execution\n      return {\n        status: 'runtime_error',\n        error: {\n          source: 'script',\n          message: errorMessage || 'An unexpected error occurred during script execution',\n          name: errorName,\n          stack: errorStack,\n        },\n      };\n    }\n  }\n}\n"]}

package/src/codecall/tools/index.d.ts

@@ -0,0 +1,4 @@
+export { default as SearchTool } from './search.tool';
+export { default as DescribeTool } from './describe.tool';
+export { default as ExecuteTool } from './execute.tool';
+export { default as InvokeTool } from './invoke.tool';

package/src/codecall/tools/index.js

@@ -0,0 +1,13 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.InvokeTool = exports.ExecuteTool = exports.DescribeTool = exports.SearchTool = void 0;
+const tslib_1 = require("tslib");
+var search_tool_1 = require("./search.tool");
+Object.defineProperty(exports, "SearchTool", { enumerable: true, get: function () { return tslib_1.__importDefault(search_tool_1).default; } });
+var describe_tool_1 = require("./describe.tool");
+Object.defineProperty(exports, "DescribeTool", { enumerable: true, get: function () { return tslib_1.__importDefault(describe_tool_1).default; } });
+var execute_tool_1 = require("./execute.tool");
+Object.defineProperty(exports, "ExecuteTool", { enumerable: true, get: function () { return tslib_1.__importDefault(execute_tool_1).default; } });
+var invoke_tool_1 = require("./invoke.tool");
+Object.defineProperty(exports, "InvokeTool", { enumerable: true, get: function () { return tslib_1.__importDefault(invoke_tool_1).default; } });
+//# sourceMappingURL=index.js.map

package/src/codecall/tools/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/codecall/tools/index.ts"],"names":[],"mappings":";;;;AAAA,6CAAsD;AAA7C,kIAAA,OAAO,OAAc;AAC9B,iDAA0D;AAAjD,sIAAA,OAAO,OAAgB;AAChC,+CAAwD;AAA/C,oIAAA,OAAO,OAAe;AAC/B,6CAAsD;AAA7C,kIAAA,OAAO,OAAc","sourcesContent":["export { default as SearchTool } from './search.tool';\nexport { default as DescribeTool } from './describe.tool';\nexport { default as ExecuteTool } from './execute.tool';\nexport { default as InvokeTool } from './invoke.tool';\n"]}

package/src/codecall/tools/invoke.schema.d.ts

@@ -0,0 +1,99 @@
+import { z } from 'zod';
+export declare const invokeToolDescription = "Call ONE tool directly. Returns standard MCP CallToolResult.\n\nUSE invoke: single tool, no transformation\nUSE execute: multiple tools, loops, filtering, joining\n\nINPUT: tool (string), input (object matching tool schema)\nOUTPUT: MCP CallToolResult (same as standard tool call)\nERRORS: tool_not_found (\u2192 re-search) | validation_error | execution_error | permission_denied\n\nFLOW: search \u2192 describe \u2192 invoke";
+export declare const invokeToolInputSchema: z.ZodObject<{
+    tool: z.ZodString;
+    input: z.ZodRecord<z.ZodString, z.ZodUnknown>;
+}, z.core.$strip>;
+export type InvokeToolInput = z.infer<typeof invokeToolInputSchema>;
+export declare const invokeToolOutputSchema: z.ZodObject<{
+    _meta: z.ZodOptional<z.ZodObject<{
+        "io.modelcontextprotocol/related-task": z.ZodOptional<z.ZodObject<{
+            taskId: z.ZodString;
+        }, z.core.$loose>>;
+    }, z.core.$loose>>;
+    content: z.ZodDefault<z.ZodArray<z.ZodUnion<readonly [z.ZodObject<{
+        type: z.ZodLiteral<"text">;
+        text: z.ZodString;
+        annotations: z.ZodOptional<z.ZodObject<{
+            audience: z.ZodOptional<z.ZodArray<z.ZodEnum<{
+                user: "user";
+                assistant: "assistant";
+            }>>>;
+            priority: z.ZodOptional<z.ZodNumber>;
+            lastModified: z.ZodOptional<z.ZodISODateTime>;
+        }, z.core.$strip>>;
+        _meta: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
+    }, z.core.$strip>, z.ZodObject<{
+        type: z.ZodLiteral<"image">;
+        data: z.ZodString;
+        mimeType: z.ZodString;
+        annotations: z.ZodOptional<z.ZodObject<{
+            audience: z.ZodOptional<z.ZodArray<z.ZodEnum<{
+                user: "user";
+                assistant: "assistant";
+            }>>>;
+            priority: z.ZodOptional<z.ZodNumber>;
+            lastModified: z.ZodOptional<z.ZodISODateTime>;
+        }, z.core.$strip>>;
+        _meta: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
+    }, z.core.$strip>, z.ZodObject<{
+        type: z.ZodLiteral<"audio">;
+        data: z.ZodString;
+        mimeType: z.ZodString;
+        annotations: z.ZodOptional<z.ZodObject<{
+            audience: z.ZodOptional<z.ZodArray<z.ZodEnum<{
+                user: "user";
+                assistant: "assistant";
+            }>>>;
+            priority: z.ZodOptional<z.ZodNumber>;
+            lastModified: z.ZodOptional<z.ZodISODateTime>;
+        }, z.core.$strip>>;
+        _meta: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
+    }, z.core.$strip>, z.ZodObject<{
+        uri: z.ZodString;
+        description: z.ZodOptional<z.ZodString>;
+        mimeType: z.ZodOptional<z.ZodString>;
+        annotations: z.ZodOptional<z.ZodObject<{
+            audience: z.ZodOptional<z.ZodArray<z.ZodEnum<{
+                user: "user";
+                assistant: "assistant";
+            }>>>;
+            priority: z.ZodOptional<z.ZodNumber>;
+            lastModified: z.ZodOptional<z.ZodISODateTime>;
+        }, z.core.$strip>>;
+        _meta: z.ZodOptional<z.ZodObject<{}, z.core.$loose>>;
+        icons: z.ZodOptional<z.ZodArray<z.ZodObject<{
+            src: z.ZodString;
+            mimeType: z.ZodOptional<z.ZodString>;
+            sizes: z.ZodOptional<z.ZodArray<z.ZodString>>;
+        }, z.core.$strip>>>;
+        name: z.ZodString;
+        title: z.ZodOptional<z.ZodString>;
+        type: z.ZodLiteral<"resource_link">;
+    }, z.core.$strip>, z.ZodObject<{
+        type: z.ZodLiteral<"resource">;
+        resource: z.ZodUnion<readonly [z.ZodObject<{
+            uri: z.ZodString;
+            mimeType: z.ZodOptional<z.ZodString>;
+            _meta: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
+            text: z.ZodString;
+        }, z.core.$strip>, z.ZodObject<{
+            uri: z.ZodString;
+            mimeType: z.ZodOptional<z.ZodString>;
+            _meta: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
+            blob: z.ZodString;
+        }, z.core.$strip>]>;
+        annotations: z.ZodOptional<z.ZodObject<{
+            audience: z.ZodOptional<z.ZodArray<z.ZodEnum<{
+                user: "user";
+                assistant: "assistant";
+            }>>>;
+            priority: z.ZodOptional<z.ZodNumber>;
+            lastModified: z.ZodOptional<z.ZodISODateTime>;
+        }, z.core.$strip>>;
+        _meta: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
+    }, z.core.$strip>]>>>;
+    structuredContent: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
+    isError: z.ZodOptional<z.ZodBoolean>;
+}, z.core.$loose>;
+export type InvokeToolOutput = z.infer<typeof invokeToolOutputSchema>;

package/src/codecall/tools/invoke.schema.js

@@ -0,0 +1,27 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.invokeToolOutputSchema = exports.invokeToolInputSchema = exports.invokeToolDescription = void 0;
+// file: libs/plugins/src/codecall/tools/invoke.schema.ts
+const zod_1 = require("zod");
+const types_js_1 = require("@modelcontextprotocol/sdk/types.js");
+exports.invokeToolDescription = `Call ONE tool directly. Returns standard MCP CallToolResult.
+
+USE invoke: single tool, no transformation
+USE execute: multiple tools, loops, filtering, joining
+
+INPUT: tool (string), input (object matching tool schema)
+OUTPUT: MCP CallToolResult (same as standard tool call)
+ERRORS: tool_not_found (→ re-search) | validation_error | execution_error | permission_denied
+
+FLOW: search → describe → invoke`;
+exports.invokeToolInputSchema = zod_1.z.object({
+    tool: zod_1.z
+        .string()
+        .describe('The name of the tool to invoke (e.g., "users:getById", "billing:getInvoice"). Must be a tool you discovered via codecall:search.'),
+    input: zod_1.z
+        .record(zod_1.z.string(), zod_1.z.unknown())
+        .describe("The input parameters for the tool. Structure must match the tool's input schema (check codecall:describe for schema details)."),
+});
+// Use standard MCP CallToolResult schema - returns same format as direct tool call
+exports.invokeToolOutputSchema = types_js_1.CallToolResultSchema;
+//# sourceMappingURL=invoke.schema.js.map

package/src/codecall/tools/invoke.schema.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"invoke.schema.js","sourceRoot":"","sources":["../../../../src/codecall/tools/invoke.schema.ts"],"names":[],"mappings":";;;AAAA,yDAAyD;AACzD,6BAAwB;AACxB,iEAA0E;AAE7D,QAAA,qBAAqB,GAAG;;;;;;;;;iCASJ,CAAC;AAErB,QAAA,qBAAqB,GAAG,OAAC,CAAC,MAAM,CAAC;IAC5C,IAAI,EAAE,OAAC;SACJ,MAAM,EAAE;SACR,QAAQ,CACP,kIAAkI,CACnI;IACH,KAAK,EAAE,OAAC;SACL,MAAM,CAAC,OAAC,CAAC,MAAM,EAAE,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC;SAC/B,QAAQ,CACP,+HAA+H,CAChI;CACJ,CAAC,CAAC;AAIH,mFAAmF;AACtE,QAAA,sBAAsB,GAAG,+BAAoB,CAAC","sourcesContent":["// file: libs/plugins/src/codecall/tools/invoke.schema.ts\nimport { z } from 'zod';\nimport { CallToolResultSchema } from '@modelcontextprotocol/sdk/types.js';\n\nexport const invokeToolDescription = `Call ONE tool directly. Returns standard MCP CallToolResult.\n\nUSE invoke: single tool, no transformation\nUSE execute: multiple tools, loops, filtering, joining\n\nINPUT: tool (string), input (object matching tool schema)\nOUTPUT: MCP CallToolResult (same as standard tool call)\nERRORS: tool_not_found (→ re-search) | validation_error | execution_error | permission_denied\n\nFLOW: search → describe → invoke`;\n\nexport const invokeToolInputSchema = z.object({\n  tool: z\n    .string()\n    .describe(\n      'The name of the tool to invoke (e.g., \"users:getById\", \"billing:getInvoice\"). Must be a tool you discovered via codecall:search.',\n    ),\n  input: z\n    .record(z.string(), z.unknown())\n    .describe(\n      \"The input parameters for the tool. Structure must match the tool's input schema (check codecall:describe for schema details).\",\n    ),\n});\n\nexport type InvokeToolInput = z.infer<typeof invokeToolInputSchema>;\n\n// Use standard MCP CallToolResult schema - returns same format as direct tool call\nexport const invokeToolOutputSchema = CallToolResultSchema;\n\nexport type InvokeToolOutput = z.infer<typeof invokeToolOutputSchema>;\n"]}

package/src/codecall/tools/invoke.tool.d.ts

@@ -0,0 +1,13 @@
+import { ToolContext } from '@frontmcp/sdk';
+import { InvokeToolInput, InvokeToolOutput } from './invoke.schema';
+/**
+ * InvokeTool allows direct tool invocation without running JavaScript code.
+ * Returns the same CallToolResult format as a standard MCP tool call.
+ *
+ * Security Considerations:
+ * - Self-reference blocking: Cannot invoke codecall:* tools
+ * - All middleware (auth, PII, rate limiting) applies via normal tool execution
+ */
+export default class InvokeTool extends ToolContext {
+    execute(input: InvokeToolInput): Promise<InvokeToolOutput>;
+}

package/src/codecall/tools/invoke.tool.js

@@ -0,0 +1,70 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const tslib_1 = require("tslib");
+// file: libs/plugins/src/codecall/tools/invoke.tool.ts
+const sdk_1 = require("@frontmcp/sdk");
+const invoke_schema_1 = require("./invoke.schema");
+const security_1 = require("../security");
+/**
+ * Build an MCP error response in CallToolResult format.
+ */
+function buildErrorResult(message) {
+    return {
+        content: [{ type: 'text', text: message }],
+        isError: true,
+    };
+}
+/**
+ * InvokeTool allows direct tool invocation without running JavaScript code.
+ * Returns the same CallToolResult format as a standard MCP tool call.
+ *
+ * Security Considerations:
+ * - Self-reference blocking: Cannot invoke codecall:* tools
+ * - All middleware (auth, PII, rate limiting) applies via normal tool execution
+ */
+let InvokeTool = class InvokeTool extends sdk_1.ToolContext {
+    async execute(input) {
+        const { tool: toolName, input: toolInput } = input;
+        // Security: Cannot invoke codecall:* tools to prevent recursion attacks
+        if ((0, security_1.isBlockedSelfReference)(toolName)) {
+            return buildErrorResult(`Tool "${toolName}" cannot be invoked directly. CodeCall tools are internal and not accessible via codecall:invoke.`);
+        }
+        // Execute through the flow system - returns standard CallToolResult
+        // Flow handles: findTool, validation, quota, middleware, execution, error formatting
+        const request = {
+            method: 'tools/call',
+            params: {
+                name: toolName,
+                arguments: toolInput,
+            },
+        };
+        const ctx = {
+            authInfo: this.authInfo,
+        };
+        // runFlow returns CallToolResult directly - no transformation needed
+        const result = await this.scope.runFlow('tools:call-tool', { request, ctx });
+        // Flow returns null if tool not found or other pre-execution errors
+        if (!result) {
+            return buildErrorResult(`Tool "${toolName}" not found. Use codecall:search to discover available tools.`);
+        }
+        return result;
+    }
+};
+InvokeTool = tslib_1.__decorate([
+    (0, sdk_1.Tool)({
+        name: 'codecall:invoke',
+        cache: {
+            ttl: 0, // No caching - each invocation is unique
+            slideWindow: false,
+        },
+        codecall: {
+            enabledInCodeCall: false,
+            visibleInListTools: true,
+        },
+        description: invoke_schema_1.invokeToolDescription,
+        inputSchema: invoke_schema_1.invokeToolInputSchema,
+        outputSchema: invoke_schema_1.invokeToolOutputSchema,
+    })
+], InvokeTool);
+exports.default = InvokeTool;
+//# sourceMappingURL=invoke.tool.js.map

package/src/codecall/tools/invoke.tool.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"invoke.tool.js","sourceRoot":"","sources":["../../../../src/codecall/tools/invoke.tool.ts"],"names":[],"mappings":";;;AAAA,uDAAuD;AACvD,uCAAkD;AAElD,mDAMyB;AACzB,0CAAqD;AAErD;;GAEG;AACH,SAAS,gBAAgB,CAAC,OAAe;IACvC,OAAO;QACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;QAC1C,OAAO,EAAE,IAAI;KACd,CAAC;AACJ,CAAC;AAED;;;;;;;GAOG;AAeY,IAAM,UAAU,GAAhB,MAAM,UAAW,SAAQ,iBAAW;IACjD,KAAK,CAAC,OAAO,CAAC,KAAsB;QAClC,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,KAAK,CAAC;QAEnD,wEAAwE;QACxE,IAAI,IAAA,iCAAsB,EAAC,QAAQ,CAAC,EAAE,CAAC;YACrC,OAAO,gBAAgB,CACrB,SAAS,QAAQ,mGAAmG,CACrH,CAAC;QACJ,CAAC;QAED,oEAAoE;QACpE,qFAAqF;QACrF,MAAM,OAAO,GAAG;YACd,MAAM,EAAE,YAAqB;YAC7B,MAAM,EAAE;gBACN,IAAI,EAAE,QAAQ;gBACd,SAAS,EAAE,SAAS;aACrB;SACF,CAAC;QAEF,MAAM,GAAG,GAAG;YACV,QAAQ,EAAE,IAAI,CAAC,QAAQ;SACxB,CAAC;QAEF,qEAAqE;QACrE,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,iBAAiB,EAAE,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC;QAE7E,oEAAoE;QACpE,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,gBAAgB,CAAC,SAAS,QAAQ,+DAA+D,CAAC,CAAC;QAC5G,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;CACF,CAAA;AAnCoB,UAAU;IAd9B,IAAA,UAAI,EAAC;QACJ,IAAI,EAAE,iBAAiB;QACvB,KAAK,EAAE;YACL,GAAG,EAAE,CAAC,EAAE,yCAAyC;YACjD,WAAW,EAAE,KAAK;SACnB;QACD,QAAQ,EAAE;YACR,iBAAiB,EAAE,KAAK;YACxB,kBAAkB,EAAE,IAAI;SACzB;QACD,WAAW,EAAE,qCAAqB;QAClC,WAAW,EAAE,qCAAqB;QAClC,YAAY,EAAE,sCAAsB;KACrC,CAAC;GACmB,UAAU,CAmC9B;kBAnCoB,UAAU","sourcesContent":["// file: libs/plugins/src/codecall/tools/invoke.tool.ts\nimport { Tool, ToolContext } from '@frontmcp/sdk';\nimport type { CallToolResult } from '@modelcontextprotocol/sdk/types.js';\nimport {\n  InvokeToolInput,\n  invokeToolInputSchema,\n  InvokeToolOutput,\n  invokeToolOutputSchema,\n  invokeToolDescription,\n} from './invoke.schema';\nimport { isBlockedSelfReference } from '../security';\n\n/**\n * Build an MCP error response in CallToolResult format.\n */\nfunction buildErrorResult(message: string): CallToolResult {\n  return {\n    content: [{ type: 'text', text: message }],\n    isError: true,\n  };\n}\n\n/**\n * InvokeTool allows direct tool invocation without running JavaScript code.\n * Returns the same CallToolResult format as a standard MCP tool call.\n *\n * Security Considerations:\n * - Self-reference blocking: Cannot invoke codecall:* tools\n * - All middleware (auth, PII, rate limiting) applies via normal tool execution\n */\n@Tool({\n  name: 'codecall:invoke',\n  cache: {\n    ttl: 0, // No caching - each invocation is unique\n    slideWindow: false,\n  },\n  codecall: {\n    enabledInCodeCall: false,\n    visibleInListTools: true,\n  },\n  description: invokeToolDescription,\n  inputSchema: invokeToolInputSchema,\n  outputSchema: invokeToolOutputSchema,\n})\nexport default class InvokeTool extends ToolContext {\n  async execute(input: InvokeToolInput): Promise<InvokeToolOutput> {\n    const { tool: toolName, input: toolInput } = input;\n\n    // Security: Cannot invoke codecall:* tools to prevent recursion attacks\n    if (isBlockedSelfReference(toolName)) {\n      return buildErrorResult(\n        `Tool \"${toolName}\" cannot be invoked directly. CodeCall tools are internal and not accessible via codecall:invoke.`,\n      );\n    }\n\n    // Execute through the flow system - returns standard CallToolResult\n    // Flow handles: findTool, validation, quota, middleware, execution, error formatting\n    const request = {\n      method: 'tools/call' as const,\n      params: {\n        name: toolName,\n        arguments: toolInput,\n      },\n    };\n\n    const ctx = {\n      authInfo: this.authInfo,\n    };\n\n    // runFlow returns CallToolResult directly - no transformation needed\n    const result = await this.scope.runFlow('tools:call-tool', { request, ctx });\n\n    // Flow returns null if tool not found or other pre-execution errors\n    if (!result) {\n      return buildErrorResult(`Tool \"${toolName}\" not found. Use codecall:search to discover available tools.`);\n    }\n\n    return result;\n  }\n}\n"]}

package/src/codecall/tools/search.schema.d.ts

@@ -0,0 +1,30 @@
+import { z } from 'zod';
+export declare const searchToolDescription = "Find tools by splitting user request into atomic actions.\n\nDECOMPOSE: \"delete users and send email\" \u2192 queries: [\"delete user\", \"send email\"]\nDECOMPOSE: \"get order and refund\" \u2192 queries: [\"get order\", \"calculate refund\"]\n\nAVOID RE-SEARCHING: Use excludeToolNames for already-discovered tools.\nRE-SEARCH WHEN: describe fails (typo?) OR execute returns tool_not_found.\n\nINPUT:\n- queries: string[] (required) - atomic action phrases, max 10\n- appIds?: string[] - filter by app\n- excludeToolNames?: string[] - skip known tools\n- topK?: number (default 5) - results per query\n- minRelevanceScore?: number (default 0.3) - minimum match threshold\n\nOUTPUT: Flat deduplicated tool list. relevanceScore: 0.5+=good, 0.7+=strong match.\n\nFLOW: search \u2192 describe \u2192 execute/invoke";
+export declare const searchToolInputSchema: z.ZodObject<{
+    queries: z.ZodArray<z.ZodString>;
+    appIds: z.ZodOptional<z.ZodArray<z.ZodString>>;
+    excludeToolNames: z.ZodOptional<z.ZodArray<z.ZodString>>;
+    topK: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
+    minRelevanceScore: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
+}, z.core.$strip>;
+export type SearchToolInput = z.infer<typeof searchToolInputSchema>;
+export declare const searchToolOutputSchema: z.ZodObject<{
+    tools: z.ZodArray<z.ZodObject<{
+        name: z.ZodString;
+        appId: z.ZodOptional<z.ZodString>;
+        description: z.ZodString;
+        relevanceScore: z.ZodNumber;
+        matchedQueries: z.ZodArray<z.ZodString>;
+    }, z.core.$strip>>;
+    warnings: z.ZodArray<z.ZodObject<{
+        type: z.ZodEnum<{
+            excluded_tool_not_found: "excluded_tool_not_found";
+            no_results: "no_results";
+            low_relevance: "low_relevance";
+        }>;
+        message: z.ZodString;
+        affectedTools: z.ZodOptional<z.ZodArray<z.ZodString>>;
+    }, z.core.$strip>>;
+    totalAvailableTools: z.ZodNumber;
+}, z.core.$strip>;
+export type SearchToolOutput = z.infer<typeof searchToolOutputSchema>;

package/src/codecall/tools/search.schema.js

@@ -0,0 +1,60 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.searchToolOutputSchema = exports.searchToolInputSchema = exports.searchToolDescription = void 0;
+// file: libs/plugins/src/codecall/tools/search.schema.ts
+const zod_1 = require("zod");
+exports.searchToolDescription = `Find tools by splitting user request into atomic actions.
+
+DECOMPOSE: "delete users and send email" → queries: ["delete user", "send email"]
+DECOMPOSE: "get order and refund" → queries: ["get order", "calculate refund"]
+
+AVOID RE-SEARCHING: Use excludeToolNames for already-discovered tools.
+RE-SEARCH WHEN: describe fails (typo?) OR execute returns tool_not_found.
+
+INPUT:
+- queries: string[] (required) - atomic action phrases, max 10
+- appIds?: string[] - filter by app
+- excludeToolNames?: string[] - skip known tools
+- topK?: number (default 5) - results per query
+- minRelevanceScore?: number (default 0.3) - minimum match threshold
+
+OUTPUT: Flat deduplicated tool list. relevanceScore: 0.5+=good, 0.7+=strong match.
+
+FLOW: search → describe → execute/invoke`;
+exports.searchToolInputSchema = zod_1.z.object({
+    queries: zod_1.z
+        .array(zod_1.z.string().min(2).max(256))
+        .min(1)
+        .max(10)
+        .describe('Atomic action queries. Split complex requests into simple actions.'),
+    appIds: zod_1.z.array(zod_1.z.string()).max(10).optional().describe('Filter by app IDs'),
+    excludeToolNames: zod_1.z.array(zod_1.z.string()).max(50).optional().describe('Skip already-known tool names'),
+    topK: zod_1.z.number().int().positive().max(50).optional().default(10).describe('Results per query (default 10)'),
+    minRelevanceScore: zod_1.z
+        .number()
+        .min(0)
+        .max(1)
+        .optional()
+        .default(0.1)
+        .describe('Minimum relevance threshold (default 0.1)'),
+});
+exports.searchToolOutputSchema = zod_1.z.object({
+    tools: zod_1.z
+        .array(zod_1.z.object({
+        name: zod_1.z.string().describe('Tool name (e.g., "users:list")'),
+        appId: zod_1.z.string().optional().describe('App ID'),
+        description: zod_1.z.string().describe('What this tool does'),
+        relevanceScore: zod_1.z.number().min(0).max(1).describe('Match score (0-1)'),
+        matchedQueries: zod_1.z.array(zod_1.z.string()).describe('Which queries matched this tool'),
+    }))
+        .describe('Deduplicated tools sorted by relevance'),
+    warnings: zod_1.z
+        .array(zod_1.z.object({
+        type: zod_1.z.enum(['excluded_tool_not_found', 'no_results', 'low_relevance']).describe('Warning type'),
+        message: zod_1.z.string().describe('Warning message'),
+        affectedTools: zod_1.z.array(zod_1.z.string()).optional().describe('Affected tool names'),
+    }))
+        .describe('Search warnings'),
+    totalAvailableTools: zod_1.z.number().int().nonnegative().describe('Total tools in index'),
+});
+//# sourceMappingURL=search.schema.js.map

package/src/codecall/tools/search.schema.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"search.schema.js","sourceRoot":"","sources":["../../../../src/codecall/tools/search.schema.ts"],"names":[],"mappings":";;;AAAA,yDAAyD;AACzD,6BAAwB;AAEX,QAAA,qBAAqB,GAAG;;;;;;;;;;;;;;;;;yCAiBI,CAAC;AAE7B,QAAA,qBAAqB,GAAG,OAAC,CAAC,MAAM,CAAC;IAC5C,OAAO,EAAE,OAAC;SACP,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;SACjC,GAAG,CAAC,CAAC,CAAC;SACN,GAAG,CAAC,EAAE,CAAC;SACP,QAAQ,CAAC,oEAAoE,CAAC;IACjF,MAAM,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,mBAAmB,CAAC;IAC5E,gBAAgB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,+BAA+B,CAAC;IAClG,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,gCAAgC,CAAC;IAC3G,iBAAiB,EAAE,OAAC;SACjB,MAAM,EAAE;SACR,GAAG,CAAC,CAAC,CAAC;SACN,GAAG,CAAC,CAAC,CAAC;SACN,QAAQ,EAAE;SACV,OAAO,CAAC,GAAG,CAAC;SACZ,QAAQ,CAAC,2CAA2C,CAAC;CACzD,CAAC,CAAC;AAIU,QAAA,sBAAsB,GAAG,OAAC,CAAC,MAAM,CAAC;IAC7C,KAAK,EAAE,OAAC;SACL,KAAK,CACJ,OAAC,CAAC,MAAM,CAAC;QACP,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,gCAAgC,CAAC;QAC3D,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAC/C,WAAW,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,qBAAqB,CAAC;QACvD,cAAc,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,mBAAmB,CAAC;QACtE,cAAc,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,CAAC,iCAAiC,CAAC;KAChF,CAAC,CACH;SACA,QAAQ,CAAC,wCAAwC,CAAC;IACrD,QAAQ,EAAE,OAAC;SACR,KAAK,CACJ,OAAC,CAAC,MAAM,CAAC;QACP,IAAI,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,yBAAyB,EAAE,YAAY,EAAE,eAAe,CAAC,CAAC,CAAC,QAAQ,CAAC,cAAc,CAAC;QACjG,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,iBAAiB,CAAC;QAC/C,aAAa,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,qBAAqB,CAAC;KAC9E,CAAC,CACH;SACA,QAAQ,CAAC,iBAAiB,CAAC;IAC9B,mBAAmB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,sBAAsB,CAAC;CACrF,CAAC,CAAC","sourcesContent":["// file: libs/plugins/src/codecall/tools/search.schema.ts\nimport { z } from 'zod';\n\nexport const searchToolDescription = `Find tools by splitting user request into atomic actions.\n\nDECOMPOSE: \"delete users and send email\" → queries: [\"delete user\", \"send email\"]\nDECOMPOSE: \"get order and refund\" → queries: [\"get order\", \"calculate refund\"]\n\nAVOID RE-SEARCHING: Use excludeToolNames for already-discovered tools.\nRE-SEARCH WHEN: describe fails (typo?) OR execute returns tool_not_found.\n\nINPUT:\n- queries: string[] (required) - atomic action phrases, max 10\n- appIds?: string[] - filter by app\n- excludeToolNames?: string[] - skip known tools\n- topK?: number (default 5) - results per query\n- minRelevanceScore?: number (default 0.3) - minimum match threshold\n\nOUTPUT: Flat deduplicated tool list. relevanceScore: 0.5+=good, 0.7+=strong match.\n\nFLOW: search → describe → execute/invoke`;\n\nexport const searchToolInputSchema = z.object({\n  queries: z\n    .array(z.string().min(2).max(256))\n    .min(1)\n    .max(10)\n    .describe('Atomic action queries. Split complex requests into simple actions.'),\n  appIds: z.array(z.string()).max(10).optional().describe('Filter by app IDs'),\n  excludeToolNames: z.array(z.string()).max(50).optional().describe('Skip already-known tool names'),\n  topK: z.number().int().positive().max(50).optional().default(10).describe('Results per query (default 10)'),\n  minRelevanceScore: z\n    .number()\n    .min(0)\n    .max(1)\n    .optional()\n    .default(0.1)\n    .describe('Minimum relevance threshold (default 0.1)'),\n});\n\nexport type SearchToolInput = z.infer<typeof searchToolInputSchema>;\n\nexport const searchToolOutputSchema = z.object({\n  tools: z\n    .array(\n      z.object({\n        name: z.string().describe('Tool name (e.g., \"users:list\")'),\n        appId: z.string().optional().describe('App ID'),\n        description: z.string().describe('What this tool does'),\n        relevanceScore: z.number().min(0).max(1).describe('Match score (0-1)'),\n        matchedQueries: z.array(z.string()).describe('Which queries matched this tool'),\n      }),\n    )\n    .describe('Deduplicated tools sorted by relevance'),\n  warnings: z\n    .array(\n      z.object({\n        type: z.enum(['excluded_tool_not_found', 'no_results', 'low_relevance']).describe('Warning type'),\n        message: z.string().describe('Warning message'),\n        affectedTools: z.array(z.string()).optional().describe('Affected tool names'),\n      }),\n    )\n    .describe('Search warnings'),\n  totalAvailableTools: z.number().int().nonnegative().describe('Total tools in index'),\n});\n\nexport type SearchToolOutput = z.infer<typeof searchToolOutputSchema>;\n"]}

package/src/codecall/tools/search.tool.d.ts

@@ -0,0 +1,5 @@
+import { ToolContext } from '@frontmcp/sdk';
+import { SearchToolInput, SearchToolOutput } from './search.schema';
+export default class SearchTool extends ToolContext {
+    execute(input: SearchToolInput): Promise<SearchToolOutput>;
+}