@frontmcp/sdk 0.1.0

package/src/utils/decide-request-intent.utils.js

@@ -0,0 +1,326 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.decisionSchema = exports.intentSchema = void 0;
+exports.decideIntent = decideIntent;
+const zod_1 = require("zod");
+/* --------------------------------- Schemas --------------------------------- */
+exports.intentSchema = zod_1.z.union([
+    zod_1.z.literal('legacy-sse'),
+    zod_1.z.literal('sse'),
+    zod_1.z.literal('streamable-http'),
+    zod_1.z.literal('stateful-http'),
+    zod_1.z.literal('stateless-http'),
+    zod_1.z.literal('unknown'),
+]);
+exports.decisionSchema = zod_1.z.object({
+    intent: exports.intentSchema,
+    reasons: zod_1.z.array(zod_1.z.string()),
+    recommendation: zod_1.z
+        .object({
+        httpStatus: zod_1.z.number(),
+        message: zod_1.z.string(),
+    })
+        .optional(),
+    // Echo back bits for debugging/telemetry if you like
+    debug: zod_1.z
+        .object({
+        key: zod_1.z.number(),
+        channel: zod_1.z.number(),
+        flags: zod_1.z.number(),
+    })
+        .optional(),
+});
+/* ------------------------------- Bit layout ---------------------------------
+
+bits 0..2  CHANNEL
+           000 OTHER
+           001 GET_SSE                 (GET + Accept: text/event-stream)
+           010 POST_INIT_JSON          (POST initialize + Accept: application/json or default JSON)
+           011 POST_INIT_SSE           (POST initialize + Accept: text/event-stream)
+           100 POST_JSON               (POST non-init + Accept: application/json or default JSON)
+           101 POST_SSE                (POST non-init + Accept: text/event-stream)
+           110 POST_MESSAGE            (POST to /message)  ← legacy bridge
+
+bit 3      HAS_SESSION                 (Mcp-Session-Id present)
+bit 4      STATELESS_EN                (config: enableStatelessHttp)
+bit 5      REQ_SESSION                 (config: requireSessionForStreamable)
+bit 6      LEGACY_HINT                 (x-legacy-sse=true OR session.transportType=legacy-sse)
+bit 7      SSE_LISTENER_EN             (config: enableSseListener)
+bit 8      STREAMABLE_EN               (config: enableStreamableHttp)
+bit 9      STATEFUL_EN                 (config: enableStatefulHttp)
+bit 10     LEGACY_EN                   (config: enableLegacySSE)
+
+----------------------------------------------------------------------------- */
+// --- Channels ---------------------------------------------------------------
+const CH_OTHER = 0b000;
+const CH_GET_SSE = 0b001;
+const CH_POST_INIT_JSON = 0b010;
+const CH_POST_INIT_SSE = 0b011;
+const CH_POST_JSON = 0b100;
+const CH_POST_SSE = 0b101;
+const CH_POST_MESSAGE = 0b110; // NEW: POST /message (legacy bridge)
+const CH_MASK = 0b00000111;
+// --- Flags ------------------------------------------------------------------
+const B_HAS_SESSION = 1 << 3; // 8
+const B_STATELESS_EN = 1 << 4; // 16
+const B_REQ_SESSION = 1 << 5; // 32
+const B_LEGACY_HINT = 1 << 6; // 64 (kept for telemetry; not required by merged rules)
+const B_SSE_LISTENER_EN = 1 << 7; // 128
+const B_STREAMABLE_EN = 1 << 8; // 256
+const B_STATEFUL_EN = 1 << 9; // 512
+const B_LEGACY_EN = 1 << 10; // 1024
+// --- Minimal helpers ---------------------------------------------------------
+const h = (req, name) => Object.entries(req.headers).find(([k]) => k.toLowerCase() === name.toLowerCase())?.[1];
+const wantsSSE = (accept) => (accept ?? '').toLowerCase().includes('text/event-stream');
+const wantsJSON = (accept) => (accept ?? '').toLowerCase().includes('application/json');
+const isInitialize = (body) => !!body && typeof body === 'object' && body.method === 'initialize';
+// Robust path extractor (supports absolute/relative)
+function pathOf(req) {
+    const anyReq = req;
+    const raw = anyReq.path ?? anyReq.pathname ?? anyReq.url ?? '/';
+    try {
+        const u = new URL(String(raw), 'http://local');
+        return u.pathname || '/';
+    }
+    catch {
+        return String(raw).split('?')[0] || '/';
+    }
+}
+/** Optionally extract transportType from base64 JSON session id, if you embed it. */
+function tryDecodeTransportType(sessionId) {
+    if (!sessionId)
+        return;
+    try {
+        const b64 = sessionId.replace(/-/g, '+').replace(/_/g, '/');
+        const obj = JSON.parse(Buffer.from(b64, 'base64').toString('utf8'));
+        return obj?.transportType;
+    }
+    catch {
+        return;
+    }
+}
+// --- Build the 11-bit key ----------------------------------------------------
+function computeBitmap(req, cfg) {
+    const method = req.method.toUpperCase();
+    const accept = h(req, 'accept');
+    const sessionId = h(req, 'mcp-session-id');
+    const legacyHeader = h(req, 'x-legacy-sse') === 'true';
+    const transportType = tryDecodeTransportType(sessionId);
+    const path = pathOf(req);
+    const acceptSSE = wantsSSE(accept);
+    const acceptJSON = wantsJSON(accept) || (!accept && cfg.tolerateMissingAccept);
+    const init = method === 'POST' && isInitialize(req.body);
+    const postToMessage = method === 'POST' && path === '/message';
+    const channel = method === 'POST' && postToMessage
+        ? CH_POST_MESSAGE
+        : method === 'GET' && acceptSSE
+            ? CH_GET_SSE
+            : method === 'POST' && init && acceptSSE
+                ? CH_POST_INIT_SSE
+                : method === 'POST' && init && acceptJSON
+                    ? CH_POST_INIT_JSON
+                    : method === 'POST' && !init && acceptSSE
+                        ? CH_POST_SSE
+                        : method === 'POST' && !init && acceptJSON
+                            ? CH_POST_JSON
+                            : CH_OTHER;
+    let flags = 0;
+    if (sessionId)
+        flags |= B_HAS_SESSION;
+    if (cfg.enableStatelessHttp)
+        flags |= B_STATELESS_EN;
+    if (cfg.requireSessionForStreamable)
+        flags |= B_REQ_SESSION;
+    if (legacyHeader || transportType === 'legacy-sse')
+        flags |= B_LEGACY_HINT; // informational
+    if (cfg.enableSseListener)
+        flags |= B_SSE_LISTENER_EN;
+    if (cfg.enableStreamableHttp)
+        flags |= B_STREAMABLE_EN;
+    if (cfg.enableStatefulHttp)
+        flags |= B_STATEFUL_EN;
+    if (cfg.enableLegacySSE)
+        flags |= B_LEGACY_EN;
+    return { key: (channel & CH_MASK) | flags, channel, flags, init };
+}
+// --- Rules (merged semantics) -----------------------------------------------
+const RULES = [
+    // A) Legacy SSE (GET SSE without session) → requires legacy enabled
+    {
+        care: CH_MASK | B_HAS_SESSION | B_LEGACY_EN,
+        match: CH_GET_SSE | B_LEGACY_EN, // HAS_SESSION must be 0; it's in 'care' but not in 'match'
+        outcome: { intent: 'legacy-sse', reason: 'GET SSE without Mcp-Session-Id → legacy SSE.' },
+    },
+    {
+        care: CH_MASK | B_HAS_SESSION | B_LEGACY_EN,
+        match: CH_GET_SSE /* legacy disabled; HAS_SESSION=0 */,
+        outcome: {
+            intent: 'unknown',
+            reason: 'Legacy SSE disabled.',
+            recommendation: { httpStatus: 405, message: 'Legacy SSE disabled' },
+        },
+    },
+    // B) Legacy SSE: POST /message WITH session id
+    {
+        care: CH_MASK | B_HAS_SESSION | B_LEGACY_EN,
+        match: CH_POST_MESSAGE | B_HAS_SESSION | B_LEGACY_EN,
+        outcome: { intent: 'legacy-sse', reason: 'POST /message with Mcp-Session-Id → legacy SSE bridge.' },
+    },
+    {
+        care: CH_MASK | B_HAS_SESSION | B_LEGACY_EN,
+        match: CH_POST_MESSAGE | B_HAS_SESSION /* legacy disabled */,
+        outcome: {
+            intent: 'unknown',
+            reason: 'Legacy /message endpoint disabled.',
+            recommendation: { httpStatus: 405, message: 'Legacy SSE disabled' },
+        },
+    },
+    // C) Modern SSE (GET SSE with session) → requires SSE listener enabled
+    {
+        care: CH_MASK | B_SSE_LISTENER_EN | B_HAS_SESSION,
+        match: CH_GET_SSE | B_HAS_SESSION /* listener disabled */,
+        outcome: {
+            intent: 'unknown',
+            reason: 'SSE listener disabled.',
+            recommendation: { httpStatus: 405, message: 'SSE listener disabled' },
+        },
+    },
+    {
+        care: CH_MASK | B_SSE_LISTENER_EN | B_HAS_SESSION,
+        match: CH_GET_SSE | B_SSE_LISTENER_EN | B_HAS_SESSION,
+        outcome: { intent: 'sse', reason: 'GET SSE with Mcp-Session-Id.' },
+    },
+    // D) Initialize (POST → SSE)
+    {
+        care: CH_MASK | B_STREAMABLE_EN,
+        match: CH_POST_INIT_SSE /* streamable disabled */,
+        outcome: {
+            intent: 'unknown',
+            reason: 'Streamable HTTP disabled.',
+            recommendation: { httpStatus: 405, message: 'Streamable HTTP disabled' },
+        },
+    },
+    {
+        care: CH_MASK | B_STREAMABLE_EN,
+        match: CH_POST_INIT_SSE | B_STREAMABLE_EN,
+        outcome: { intent: 'streamable-http', reason: 'Initialize with SSE.' },
+    },
+    // E) Initialize (POST → JSON)
+    {
+        care: CH_MASK | B_STREAMABLE_EN,
+        match: CH_POST_INIT_JSON /* streamable disabled */,
+        outcome: {
+            intent: 'unknown',
+            reason: 'JSON mode disabled.',
+            recommendation: { httpStatus: 405, message: 'JSON mode disabled' },
+        },
+    },
+    {
+        care: CH_MASK | B_STREAMABLE_EN,
+        match: CH_POST_INIT_JSON | B_STREAMABLE_EN,
+        outcome: { intent: 'stateful-http', reason: 'Initialize with JSON.' },
+    },
+    // F) POST non-init → SSE
+    {
+        care: CH_MASK | B_REQ_SESSION | B_HAS_SESSION | B_STATELESS_EN,
+        match: CH_POST_SSE | B_REQ_SESSION /* !HAS_SESSION & !STATELESS_EN */,
+        outcome: {
+            intent: 'unknown',
+            reason: 'POST SSE requires session.',
+            recommendation: { httpStatus: 400, message: 'Initialize required (no Mcp-Session-Id)' },
+        },
+    },
+    {
+        care: CH_MASK | B_STREAMABLE_EN,
+        match: CH_POST_SSE /* streamable disabled */,
+        outcome: {
+            intent: 'unknown',
+            reason: 'Streamable HTTP disabled.',
+            recommendation: { httpStatus: 405, message: 'Streamable HTTP disabled' },
+        },
+    },
+    {
+        care: CH_MASK | B_HAS_SESSION | B_STATELESS_EN,
+        match: CH_POST_SSE | B_STATELESS_EN /* no session */,
+        outcome: { intent: 'stateless-http', reason: 'Stateless short-lived SSE.' },
+    },
+    {
+        care: CH_MASK,
+        match: CH_POST_SSE,
+        outcome: { intent: 'streamable-http', reason: 'Short-lived SSE for this request.' },
+    },
+    // G) POST non-init → JSON
+    {
+        care: CH_MASK | B_REQ_SESSION | B_HAS_SESSION | B_STATELESS_EN,
+        match: CH_POST_JSON | B_REQ_SESSION /* !HAS_SESSION & !STATELESS_EN */,
+        outcome: {
+            intent: 'unknown',
+            reason: 'POST JSON requires session.',
+            recommendation: { httpStatus: 400, message: 'Initialize required (no Mcp-Session-Id)' },
+        },
+    },
+    {
+        care: CH_MASK | B_STATEFUL_EN | B_STREAMABLE_EN,
+        match: CH_POST_JSON /* neither enabled */,
+        outcome: {
+            intent: 'unknown',
+            reason: 'JSON mode disabled.',
+            recommendation: { httpStatus: 405, message: 'JSON mode disabled' },
+        },
+    },
+    {
+        care: CH_MASK | B_HAS_SESSION | B_STATELESS_EN,
+        match: CH_POST_JSON | B_STATELESS_EN /* no session */,
+        outcome: { intent: 'stateless-http', reason: 'Stateless JSON request.' },
+    },
+    {
+        care: CH_MASK,
+        match: CH_POST_JSON,
+        outcome: { intent: 'stateful-http', reason: 'Aggregated JSON response.' },
+    },
+    // H) Fallback
+    {
+        care: CH_MASK,
+        match: CH_OTHER,
+        outcome: {
+            intent: 'unknown',
+            reason: 'Method/Accept not allowed.',
+            recommendation: { httpStatus: 405, message: 'Method/Accept not allowed' },
+        },
+    },
+];
+// --- Public API --------------------------------------------------------------
+function decideIntent(req, cfg) {
+    const reasons = [];
+    const { key, channel, flags, init } = computeBitmap(req, cfg);
+    // Optional strict Accept validation for POST (incl. /message)
+    if (req.method.toUpperCase() === 'POST') {
+        const accept = h(req, 'accept');
+        const acceptsSSE = wantsSSE(accept);
+        const acceptsJSON = wantsJSON(accept) || (!accept && cfg.tolerateMissingAccept);
+        if (!acceptsSSE && !acceptsJSON) {
+            return {
+                intent: 'unknown',
+                reasons: ['Client must accept application/json or text/event-stream.'],
+                recommendation: { httpStatus: 406, message: 'Not acceptable' },
+                debug: { key, channel, flags },
+            };
+        }
+    }
+    for (const rule of RULES) {
+        if ((key & rule.care) === rule.match) {
+            const { reason, ...rest } = rule.outcome;
+            reasons.push(reason);
+            if (init)
+                reasons.push('Initialize body detected.');
+            return { ...rest, reasons, debug: { key, channel, flags } };
+        }
+    }
+    return {
+        intent: 'unknown',
+        reasons: ['No matching rule.'],
+        recommendation: { httpStatus: 500, message: 'Unroutable request' },
+        debug: { key, channel, flags },
+    };
+}
+//# sourceMappingURL=decide-request-intent.utils.js.map

package/src/utils/decide-request-intent.utils.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"decide-request-intent.utils.js","sourceRoot":"","sources":["../../../src/utils/decide-request-intent.utils.ts"],"names":[],"mappings":";;;AA2VA,oCAkCC;AA5XD,6BAAwB;AAExB,iFAAiF;AAEpE,QAAA,YAAY,GAAG,OAAC,CAAC,KAAK,CAAC;IAClC,OAAC,CAAC,OAAO,CAAC,YAAY,CAAC;IACvB,OAAC,CAAC,OAAO,CAAC,KAAK,CAAC;IAChB,OAAC,CAAC,OAAO,CAAC,iBAAiB,CAAC;IAC5B,OAAC,CAAC,OAAO,CAAC,eAAe,CAAC;IAC1B,OAAC,CAAC,OAAO,CAAC,gBAAgB,CAAC;IAC3B,OAAC,CAAC,OAAO,CAAC,SAAS,CAAC;CACrB,CAAC,CAAC;AAEU,QAAA,cAAc,GAAG,OAAC,CAAC,MAAM,CAAC;IACrC,MAAM,EAAE,oBAAY;IACpB,OAAO,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;IAC5B,cAAc,EAAE,OAAC;SACd,MAAM,CAAC;QACN,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE;QACtB,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE;KACpB,CAAC;SACD,QAAQ,EAAE;IACb,qDAAqD;IACrD,KAAK,EAAE,OAAC;SACL,MAAM,CAAC;QACN,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE;QACf,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE;QACnB,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE;KAClB,CAAC;SACD,QAAQ,EAAE;CACd,CAAC,CAAC;AA6BH;;;;;;;;;;;;;;;;;;;;gFAoBgF;AAEhF,+EAA+E;AAE/E,MAAM,QAAQ,GAAG,KAAK,CAAC;AACvB,MAAM,UAAU,GAAG,KAAK,CAAC;AACzB,MAAM,iBAAiB,GAAG,KAAK,CAAC;AAChC,MAAM,gBAAgB,GAAG,KAAK,CAAC;AAC/B,MAAM,YAAY,GAAG,KAAK,CAAC;AAC3B,MAAM,WAAW,GAAG,KAAK,CAAC;AAC1B,MAAM,eAAe,GAAG,KAAK,CAAC,CAAC,qCAAqC;AAEpE,MAAM,OAAO,GAAG,UAAU,CAAC;AAE3B,+EAA+E;AAE/E,MAAM,aAAa,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI;AAClC,MAAM,cAAc,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK;AACpC,MAAM,aAAa,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK;AACnC,MAAM,aAAa,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,wDAAwD;AACtF,MAAM,iBAAiB,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM;AACxC,MAAM,eAAe,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM;AACtC,MAAM,aAAa,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM;AACpC,MAAM,WAAW,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC,OAAO;AAEpC,gFAAgF;AAEhF,MAAM,CAAC,GAAG,CAAC,GAAkB,EAAE,IAAY,EAAE,EAAE,CAC7C,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,KAAK,IAAI,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;AAEzF,MAAM,QAAQ,GAAG,CAAC,MAAe,EAAE,EAAE,CAAC,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,mBAAmB,CAAC,CAAC;AACjG,MAAM,SAAS,GAAG,CAAC,MAAe,EAAE,EAAE,CAAC,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,kBAAkB,CAAC,CAAC;AACjG,MAAM,YAAY,GAAG,CAAC,IAAa,EAAE,EAAE,CACrC,CAAC,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAK,IAAY,CAAC,MAAM,KAAK,YAAY,CAAC;AAE9E,qDAAqD;AACrD,SAAS,MAAM,CAAC,GAAkB;IAChC,MAAM,MAAM,GAAG,GAAU,CAAC;IAC1B,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,IAAI,MAAM,CAAC,QAAQ,IAAI,MAAM,CAAC,GAAG,IAAI,GAAG,CAAC;IAChE,IAAI,CAAC;QACH,MAAM,CAAC,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,cAAc,CAAC,CAAC;QAC/C,OAAO,CAAC,CAAC,QAAQ,IAAI,GAAG,CAAC;IAC3B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,MAAM,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC;IAC1C,CAAC;AACH,CAAC;AAED,qFAAqF;AACrF,SAAS,sBAAsB,CAAC,SAAkB;IAChD,IAAI,CAAC,SAAS;QAAE,OAAO;IACvB,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,SAAS,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;QAC5D,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;QACpE,OAAO,GAAG,EAAE,aAAa,CAAC;IAC5B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO;IACT,CAAC;AACH,CAAC;AAED,gFAAgF;AAEhF,SAAS,aAAa,CAAC,GAAkB,EAAE,GAAW;IACpD,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;IACxC,MAAM,MAAM,GAAG,CAAC,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;IAChC,MAAM,SAAS,GAAG,CAAC,CAAC,GAAG,EAAE,gBAAgB,CAAC,CAAC;IAC3C,MAAM,YAAY,GAAG,CAAC,CAAC,GAAG,EAAE,cAAc,CAAC,KAAK,MAAM,CAAC;IACvD,MAAM,aAAa,GAAG,sBAAsB,CAAC,SAAS,CAAC,CAAC;IACxD,MAAM,IAAI,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC;IAEzB,MAAM,SAAS,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC;IACnC,MAAM,UAAU,GAAG,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,IAAI,GAAG,CAAC,qBAAqB,CAAC,CAAC;IAC/E,MAAM,IAAI,GAAG,MAAM,KAAK,MAAM,IAAI,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IACzD,MAAM,aAAa,GAAG,MAAM,KAAK,MAAM,IAAI,IAAI,KAAK,UAAU,CAAC;IAE/D,MAAM,OAAO,GACX,MAAM,KAAK,MAAM,IAAI,aAAa;QAChC,CAAC,CAAC,eAAe;QACjB,CAAC,CAAC,MAAM,KAAK,KAAK,IAAI,SAAS;YAC7B,CAAC,CAAC,UAAU;YACZ,CAAC,CAAC,MAAM,KAAK,MAAM,IAAI,IAAI,IAAI,SAAS;gBACtC,CAAC,CAAC,gBAAgB;gBAClB,CAAC,CAAC,MAAM,KAAK,MAAM,IAAI,IAAI,IAAI,UAAU;oBACvC,CAAC,CAAC,iBAAiB;oBACnB,CAAC,CAAC,MAAM,KAAK,MAAM,IAAI,CAAC,IAAI,IAAI,SAAS;wBACvC,CAAC,CAAC,WAAW;wBACb,CAAC,CAAC,MAAM,KAAK,MAAM,IAAI,CAAC,IAAI,IAAI,UAAU;4BACxC,CAAC,CAAC,YAAY;4BACd,CAAC,CAAC,QAAQ,CAAC;IAEzB,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,IAAI,SAAS;QAAE,KAAK,IAAI,aAAa,CAAC;IACtC,IAAI,GAAG,CAAC,mBAAmB;QAAE,KAAK,IAAI,cAAc,CAAC;IACrD,IAAI,GAAG,CAAC,2BAA2B;QAAE,KAAK,IAAI,aAAa,CAAC;IAC5D,IAAI,YAAY,IAAI,aAAa,KAAK,YAAY;QAAE,KAAK,IAAI,aAAa,CAAC,CAAC,gBAAgB;IAC5F,IAAI,GAAG,CAAC,iBAAiB;QAAE,KAAK,IAAI,iBAAiB,CAAC;IACtD,IAAI,GAAG,CAAC,oBAAoB;QAAE,KAAK,IAAI,eAAe,CAAC;IACvD,IAAI,GAAG,CAAC,kBAAkB;QAAE,KAAK,IAAI,aAAa,CAAC;IACnD,IAAI,GAAG,CAAC,eAAe;QAAE,KAAK,IAAI,WAAW,CAAC;IAE9C,OAAO,EAAE,GAAG,EAAE,CAAC,OAAO,GAAG,OAAO,CAAC,GAAG,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;AACpE,CAAC;AAUD,+EAA+E;AAE/E,MAAM,KAAK,GAAW;IACpB,oEAAoE;IACpE;QACE,IAAI,EAAE,OAAO,GAAG,aAAa,GAAG,WAAW;QAC3C,KAAK,EAAE,UAAU,GAAG,WAAW,EAAE,2DAA2D;QAC5F,OAAO,EAAE,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,8CAA8C,EAAE;KAC1F;IACD;QACE,IAAI,EAAE,OAAO,GAAG,aAAa,GAAG,WAAW;QAC3C,KAAK,EAAE,UAAU,CAAC,oCAAoC;QACtD,OAAO,EAAE;YACP,MAAM,EAAE,SAAS;YACjB,MAAM,EAAE,sBAAsB;YAC9B,cAAc,EAAE,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,qBAAqB,EAAE;SACpE;KACF;IAED,+CAA+C;IAC/C;QACE,IAAI,EAAE,OAAO,GAAG,aAAa,GAAG,WAAW;QAC3C,KAAK,EAAE,eAAe,GAAG,aAAa,GAAG,WAAW;QACpD,OAAO,EAAE,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,wDAAwD,EAAE;KACpG;IACD;QACE,IAAI,EAAE,OAAO,GAAG,aAAa,GAAG,WAAW;QAC3C,KAAK,EAAE,eAAe,GAAG,aAAa,CAAC,qBAAqB;QAC5D,OAAO,EAAE;YACP,MAAM,EAAE,SAAS;YACjB,MAAM,EAAE,oCAAoC;YAC5C,cAAc,EAAE,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,qBAAqB,EAAE;SACpE;KACF;IAED,uEAAuE;IACvE;QACE,IAAI,EAAE,OAAO,GAAG,iBAAiB,GAAG,aAAa;QACjD,KAAK,EAAE,UAAU,GAAG,aAAa,CAAC,uBAAuB;QACzD,OAAO,EAAE;YACP,MAAM,EAAE,SAAS;YACjB,MAAM,EAAE,wBAAwB;YAChC,cAAc,EAAE,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,uBAAuB,EAAE;SACtE;KACF;IACD;QACE,IAAI,EAAE,OAAO,GAAG,iBAAiB,GAAG,aAAa;QACjD,KAAK,EAAE,UAAU,GAAG,iBAAiB,GAAG,aAAa;QACrD,OAAO,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,8BAA8B,EAAE;KACnE;IAED,6BAA6B;IAC7B;QACE,IAAI,EAAE,OAAO,GAAG,eAAe;QAC/B,KAAK,EAAE,gBAAgB,CAAC,yBAAyB;QACjD,OAAO,EAAE;YACP,MAAM,EAAE,SAAS;YACjB,MAAM,EAAE,2BAA2B;YACnC,cAAc,EAAE,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,0BAA0B,EAAE;SACzE;KACF;IACD;QACE,IAAI,EAAE,OAAO,GAAG,eAAe;QAC/B,KAAK,EAAE,gBAAgB,GAAG,eAAe;QACzC,OAAO,EAAE,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,sBAAsB,EAAE;KACvE;IAED,8BAA8B;IAC9B;QACE,IAAI,EAAE,OAAO,GAAG,eAAe;QAC/B,KAAK,EAAE,iBAAiB,CAAC,yBAAyB;QAClD,OAAO,EAAE;YACP,MAAM,EAAE,SAAS;YACjB,MAAM,EAAE,qBAAqB;YAC7B,cAAc,EAAE,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,oBAAoB,EAAE;SACnE;KACF;IACD;QACE,IAAI,EAAE,OAAO,GAAG,eAAe;QAC/B,KAAK,EAAE,iBAAiB,GAAG,eAAe;QAC1C,OAAO,EAAE,EAAE,MAAM,EAAE,eAAe,EAAE,MAAM,EAAE,uBAAuB,EAAE;KACtE;IAED,yBAAyB;IACzB;QACE,IAAI,EAAE,OAAO,GAAG,aAAa,GAAG,aAAa,GAAG,cAAc;QAC9D,KAAK,EAAE,WAAW,GAAG,aAAa,CAAC,kCAAkC;QACrE,OAAO,EAAE;YACP,MAAM,EAAE,SAAS;YACjB,MAAM,EAAE,4BAA4B;YACpC,cAAc,EAAE,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,yCAAyC,EAAE;SACxF;KACF;IACD;QACE,IAAI,EAAE,OAAO,GAAG,eAAe;QAC/B,KAAK,EAAE,WAAW,CAAC,yBAAyB;QAC5C,OAAO,EAAE;YACP,MAAM,EAAE,SAAS;YACjB,MAAM,EAAE,2BAA2B;YACnC,cAAc,EAAE,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,0BAA0B,EAAE;SACzE;KACF;IACD;QACE,IAAI,EAAE,OAAO,GAAG,aAAa,GAAG,cAAc;QAC9C,KAAK,EAAE,WAAW,GAAG,cAAc,CAAC,gBAAgB;QACpD,OAAO,EAAE,EAAE,MAAM,EAAE,gBAAgB,EAAE,MAAM,EAAE,4BAA4B,EAAE;KAC5E;IACD;QACE,IAAI,EAAE,OAAO;QACb,KAAK,EAAE,WAAW;QAClB,OAAO,EAAE,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,mCAAmC,EAAE;KACpF;IAED,0BAA0B;IAC1B;QACE,IAAI,EAAE,OAAO,GAAG,aAAa,GAAG,aAAa,GAAG,cAAc;QAC9D,KAAK,EAAE,YAAY,GAAG,aAAa,CAAC,kCAAkC;QACtE,OAAO,EAAE;YACP,MAAM,EAAE,SAAS;YACjB,MAAM,EAAE,6BAA6B;YACrC,cAAc,EAAE,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,yCAAyC,EAAE;SACxF;KACF;IACD;QACE,IAAI,EAAE,OAAO,GAAG,aAAa,GAAG,eAAe;QAC/C,KAAK,EAAE,YAAY,CAAC,qBAAqB;QACzC,OAAO,EAAE;YACP,MAAM,EAAE,SAAS;YACjB,MAAM,EAAE,qBAAqB;YAC7B,cAAc,EAAE,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,oBAAoB,EAAE;SACnE;KACF;IACD;QACE,IAAI,EAAE,OAAO,GAAG,aAAa,GAAG,cAAc;QAC9C,KAAK,EAAE,YAAY,GAAG,cAAc,CAAC,gBAAgB;QACrD,OAAO,EAAE,EAAE,MAAM,EAAE,gBAAgB,EAAE,MAAM,EAAE,yBAAyB,EAAE;KACzE;IACD;QACE,IAAI,EAAE,OAAO;QACb,KAAK,EAAE,YAAY;QACnB,OAAO,EAAE,EAAE,MAAM,EAAE,eAAe,EAAE,MAAM,EAAE,2BAA2B,EAAE;KAC1E;IAED,cAAc;IACd;QACE,IAAI,EAAE,OAAO;QACb,KAAK,EAAE,QAAQ;QACf,OAAO,EAAE;YACP,MAAM,EAAE,SAAS;YACjB,MAAM,EAAE,4BAA4B;YACpC,cAAc,EAAE,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,2BAA2B,EAAE;SAC1E;KACF;CACF,CAAC;AAEF,gFAAgF;AAEhF,SAAgB,YAAY,CAAC,GAAkB,EAAE,GAAW;IAC1D,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,GAAG,aAAa,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IAE9D,8DAA8D;IAC9D,IAAI,GAAG,CAAC,MAAM,CAAC,WAAW,EAAE,KAAK,MAAM,EAAE,CAAC;QACxC,MAAM,MAAM,GAAG,CAAC,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;QAChC,MAAM,UAAU,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC;QACpC,MAAM,WAAW,GAAG,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,IAAI,GAAG,CAAC,qBAAqB,CAAC,CAAC;QAChF,IAAI,CAAC,UAAU,IAAI,CAAC,WAAW,EAAE,CAAC;YAChC,OAAO;gBACL,MAAM,EAAE,SAAS;gBACjB,OAAO,EAAE,CAAC,2DAA2D,CAAC;gBACtE,cAAc,EAAE,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,gBAAgB,EAAE;gBAC9D,KAAK,EAAE,EAAE,GAAG,EAAE,OAAO,EAAE,KAAK,EAAE;aAC/B,CAAC;QACJ,CAAC;IACH,CAAC;IAED,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,KAAK,IAAI,CAAC,KAAK,EAAE,CAAC;YACrC,MAAM,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,GAAG,IAAI,CAAC,OAAO,CAAC;YACzC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACrB,IAAI,IAAI;gBAAE,OAAO,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC;YACpD,OAAO,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,GAAG,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,CAAC;QAC9D,CAAC;IACH,CAAC;IAED,OAAO;QACL,MAAM,EAAE,SAAS;QACjB,OAAO,EAAE,CAAC,mBAAmB,CAAC;QAC9B,cAAc,EAAE,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,oBAAoB,EAAE;QAClE,KAAK,EAAE,EAAE,GAAG,EAAE,OAAO,EAAE,KAAK,EAAE;KAC/B,CAAC;AACJ,CAAC","sourcesContent":["import { ServerRequest } from '@frontmcp/sdk';\nimport { z } from 'zod';\n\n/* --------------------------------- Schemas --------------------------------- */\n\nexport const intentSchema = z.union([\n  z.literal('legacy-sse'),\n  z.literal('sse'),\n  z.literal('streamable-http'),\n  z.literal('stateful-http'),\n  z.literal('stateless-http'),\n  z.literal('unknown'),\n]);\n\nexport const decisionSchema = z.object({\n  intent: intentSchema,\n  reasons: z.array(z.string()),\n  recommendation: z\n    .object({\n      httpStatus: z.number(),\n      message: z.string(),\n    })\n    .optional(),\n  // Echo back bits for debugging/telemetry if you like\n  debug: z\n    .object({\n      key: z.number(),\n      channel: z.number(),\n      flags: z.number(),\n    })\n    .optional(),\n});\n\nexport type HttpRequestIntent =\n  | 'legacy-sse'\n  | 'sse'\n  | 'streamable-http'\n  | 'stateful-http'\n  | 'stateless-http';\n\nexport type Intent = HttpRequestIntent | 'unknown';\n\nexport type Decision = {\n  intent: Intent;\n  reasons: string[];\n  recommendation?: { httpStatus: number; message: string };\n  // Echo back bits for debugging/telemetry if you like\n  debug?: { key: number; channel: number; flags: number };\n};\n\nexport interface Config {\n  enableLegacySSE: boolean;\n  enableSseListener: boolean;\n  enableStreamableHttp: boolean;\n  enableStatefulHttp: boolean;\n  enableStatelessHttp: boolean;\n  requireSessionForStreamable: boolean;\n  tolerateMissingAccept: boolean;\n}\n\n/* ------------------------------- Bit layout ---------------------------------\n\nbits 0..2  CHANNEL\n           000 OTHER\n           001 GET_SSE                 (GET + Accept: text/event-stream)\n           010 POST_INIT_JSON          (POST initialize + Accept: application/json or default JSON)\n           011 POST_INIT_SSE           (POST initialize + Accept: text/event-stream)\n           100 POST_JSON               (POST non-init + Accept: application/json or default JSON)\n           101 POST_SSE                (POST non-init + Accept: text/event-stream)\n           110 POST_MESSAGE            (POST to /message)  ← legacy bridge\n\nbit 3      HAS_SESSION                 (Mcp-Session-Id present)\nbit 4      STATELESS_EN                (config: enableStatelessHttp)\nbit 5      REQ_SESSION                 (config: requireSessionForStreamable)\nbit 6      LEGACY_HINT                 (x-legacy-sse=true OR session.transportType=legacy-sse)\nbit 7      SSE_LISTENER_EN             (config: enableSseListener)\nbit 8      STREAMABLE_EN               (config: enableStreamableHttp)\nbit 9      STATEFUL_EN                 (config: enableStatefulHttp)\nbit 10     LEGACY_EN                   (config: enableLegacySSE)\n\n----------------------------------------------------------------------------- */\n\n// --- Channels ---------------------------------------------------------------\n\nconst CH_OTHER = 0b000;\nconst CH_GET_SSE = 0b001;\nconst CH_POST_INIT_JSON = 0b010;\nconst CH_POST_INIT_SSE = 0b011;\nconst CH_POST_JSON = 0b100;\nconst CH_POST_SSE = 0b101;\nconst CH_POST_MESSAGE = 0b110; // NEW: POST /message (legacy bridge)\n\nconst CH_MASK = 0b00000111;\n\n// --- Flags ------------------------------------------------------------------\n\nconst B_HAS_SESSION = 1 << 3; // 8\nconst B_STATELESS_EN = 1 << 4; // 16\nconst B_REQ_SESSION = 1 << 5; // 32\nconst B_LEGACY_HINT = 1 << 6; // 64 (kept for telemetry; not required by merged rules)\nconst B_SSE_LISTENER_EN = 1 << 7; // 128\nconst B_STREAMABLE_EN = 1 << 8; // 256\nconst B_STATEFUL_EN = 1 << 9; // 512\nconst B_LEGACY_EN = 1 << 10; // 1024\n\n// --- Minimal helpers ---------------------------------------------------------\n\nconst h = (req: ServerRequest, name: string) =>\n  Object.entries(req.headers).find(([k]) => k.toLowerCase() === name.toLowerCase())?.[1];\n\nconst wantsSSE = (accept?: string) => (accept ?? '').toLowerCase().includes('text/event-stream');\nconst wantsJSON = (accept?: string) => (accept ?? '').toLowerCase().includes('application/json');\nconst isInitialize = (body: unknown) =>\n  !!body && typeof body === 'object' && (body as any).method === 'initialize';\n\n// Robust path extractor (supports absolute/relative)\nfunction pathOf(req: ServerRequest): string {\n  const anyReq = req as any;\n  const raw = anyReq.path ?? anyReq.pathname ?? anyReq.url ?? '/';\n  try {\n    const u = new URL(String(raw), 'http://local');\n    return u.pathname || '/';\n  } catch {\n    return String(raw).split('?')[0] || '/';\n  }\n}\n\n/** Optionally extract transportType from base64 JSON session id, if you embed it. */\nfunction tryDecodeTransportType(sessionId?: string): string | undefined {\n  if (!sessionId) return;\n  try {\n    const b64 = sessionId.replace(/-/g, '+').replace(/_/g, '/');\n    const obj = JSON.parse(Buffer.from(b64, 'base64').toString('utf8'));\n    return obj?.transportType;\n  } catch {\n    return;\n  }\n}\n\n// --- Build the 11-bit key ----------------------------------------------------\n\nfunction computeBitmap(req: ServerRequest, cfg: Config) {\n  const method = req.method.toUpperCase();\n  const accept = h(req, 'accept');\n  const sessionId = h(req, 'mcp-session-id');\n  const legacyHeader = h(req, 'x-legacy-sse') === 'true';\n  const transportType = tryDecodeTransportType(sessionId);\n  const path = pathOf(req);\n\n  const acceptSSE = wantsSSE(accept);\n  const acceptJSON = wantsJSON(accept) || (!accept && cfg.tolerateMissingAccept);\n  const init = method === 'POST' && isInitialize(req.body);\n  const postToMessage = method === 'POST' && path === '/message';\n\n  const channel =\n    method === 'POST' && postToMessage\n      ? CH_POST_MESSAGE\n      : method === 'GET' && acceptSSE\n        ? CH_GET_SSE\n        : method === 'POST' && init && acceptSSE\n          ? CH_POST_INIT_SSE\n          : method === 'POST' && init && acceptJSON\n            ? CH_POST_INIT_JSON\n            : method === 'POST' && !init && acceptSSE\n              ? CH_POST_SSE\n              : method === 'POST' && !init && acceptJSON\n                ? CH_POST_JSON\n                : CH_OTHER;\n\n  let flags = 0;\n  if (sessionId) flags |= B_HAS_SESSION;\n  if (cfg.enableStatelessHttp) flags |= B_STATELESS_EN;\n  if (cfg.requireSessionForStreamable) flags |= B_REQ_SESSION;\n  if (legacyHeader || transportType === 'legacy-sse') flags |= B_LEGACY_HINT; // informational\n  if (cfg.enableSseListener) flags |= B_SSE_LISTENER_EN;\n  if (cfg.enableStreamableHttp) flags |= B_STREAMABLE_EN;\n  if (cfg.enableStatefulHttp) flags |= B_STATEFUL_EN;\n  if (cfg.enableLegacySSE) flags |= B_LEGACY_EN;\n\n  return { key: (channel & CH_MASK) | flags, channel, flags, init };\n}\n\n// --- Rule definition ---------------------------------------------------------\n\ntype Rule = {\n  care: number; // which bits matter\n  match: number; // the exact bit pattern to match (after masking)\n  outcome: Omit<Decision, 'reasons' | 'debug'> & { reason: string };\n};\n\n// --- Rules (merged semantics) -----------------------------------------------\n\nconst RULES: Rule[] = [\n  // A) Legacy SSE (GET SSE without session) → requires legacy enabled\n  {\n    care: CH_MASK | B_HAS_SESSION | B_LEGACY_EN,\n    match: CH_GET_SSE | B_LEGACY_EN, // HAS_SESSION must be 0; it's in 'care' but not in 'match'\n    outcome: { intent: 'legacy-sse', reason: 'GET SSE without Mcp-Session-Id → legacy SSE.' },\n  },\n  {\n    care: CH_MASK | B_HAS_SESSION | B_LEGACY_EN,\n    match: CH_GET_SSE /* legacy disabled; HAS_SESSION=0 */,\n    outcome: {\n      intent: 'unknown',\n      reason: 'Legacy SSE disabled.',\n      recommendation: { httpStatus: 405, message: 'Legacy SSE disabled' },\n    },\n  },\n\n  // B) Legacy SSE: POST /message WITH session id\n  {\n    care: CH_MASK | B_HAS_SESSION | B_LEGACY_EN,\n    match: CH_POST_MESSAGE | B_HAS_SESSION | B_LEGACY_EN,\n    outcome: { intent: 'legacy-sse', reason: 'POST /message with Mcp-Session-Id → legacy SSE bridge.' },\n  },\n  {\n    care: CH_MASK | B_HAS_SESSION | B_LEGACY_EN,\n    match: CH_POST_MESSAGE | B_HAS_SESSION /* legacy disabled */,\n    outcome: {\n      intent: 'unknown',\n      reason: 'Legacy /message endpoint disabled.',\n      recommendation: { httpStatus: 405, message: 'Legacy SSE disabled' },\n    },\n  },\n\n  // C) Modern SSE (GET SSE with session) → requires SSE listener enabled\n  {\n    care: CH_MASK | B_SSE_LISTENER_EN | B_HAS_SESSION,\n    match: CH_GET_SSE | B_HAS_SESSION /* listener disabled */,\n    outcome: {\n      intent: 'unknown',\n      reason: 'SSE listener disabled.',\n      recommendation: { httpStatus: 405, message: 'SSE listener disabled' },\n    },\n  },\n  {\n    care: CH_MASK | B_SSE_LISTENER_EN | B_HAS_SESSION,\n    match: CH_GET_SSE | B_SSE_LISTENER_EN | B_HAS_SESSION,\n    outcome: { intent: 'sse', reason: 'GET SSE with Mcp-Session-Id.' },\n  },\n\n  // D) Initialize (POST → SSE)\n  {\n    care: CH_MASK | B_STREAMABLE_EN,\n    match: CH_POST_INIT_SSE /* streamable disabled */,\n    outcome: {\n      intent: 'unknown',\n      reason: 'Streamable HTTP disabled.',\n      recommendation: { httpStatus: 405, message: 'Streamable HTTP disabled' },\n    },\n  },\n  {\n    care: CH_MASK | B_STREAMABLE_EN,\n    match: CH_POST_INIT_SSE | B_STREAMABLE_EN,\n    outcome: { intent: 'streamable-http', reason: 'Initialize with SSE.' },\n  },\n\n  // E) Initialize (POST → JSON)\n  {\n    care: CH_MASK | B_STREAMABLE_EN,\n    match: CH_POST_INIT_JSON /* streamable disabled */,\n    outcome: {\n      intent: 'unknown',\n      reason: 'JSON mode disabled.',\n      recommendation: { httpStatus: 405, message: 'JSON mode disabled' },\n    },\n  },\n  {\n    care: CH_MASK | B_STREAMABLE_EN,\n    match: CH_POST_INIT_JSON | B_STREAMABLE_EN,\n    outcome: { intent: 'stateful-http', reason: 'Initialize with JSON.' },\n  },\n\n  // F) POST non-init → SSE\n  {\n    care: CH_MASK | B_REQ_SESSION | B_HAS_SESSION | B_STATELESS_EN,\n    match: CH_POST_SSE | B_REQ_SESSION /* !HAS_SESSION & !STATELESS_EN */,\n    outcome: {\n      intent: 'unknown',\n      reason: 'POST SSE requires session.',\n      recommendation: { httpStatus: 400, message: 'Initialize required (no Mcp-Session-Id)' },\n    },\n  },\n  {\n    care: CH_MASK | B_STREAMABLE_EN,\n    match: CH_POST_SSE /* streamable disabled */,\n    outcome: {\n      intent: 'unknown',\n      reason: 'Streamable HTTP disabled.',\n      recommendation: { httpStatus: 405, message: 'Streamable HTTP disabled' },\n    },\n  },\n  {\n    care: CH_MASK | B_HAS_SESSION | B_STATELESS_EN,\n    match: CH_POST_SSE | B_STATELESS_EN /* no session */,\n    outcome: { intent: 'stateless-http', reason: 'Stateless short-lived SSE.' },\n  },\n  {\n    care: CH_MASK,\n    match: CH_POST_SSE,\n    outcome: { intent: 'streamable-http', reason: 'Short-lived SSE for this request.' },\n  },\n\n  // G) POST non-init → JSON\n  {\n    care: CH_MASK | B_REQ_SESSION | B_HAS_SESSION | B_STATELESS_EN,\n    match: CH_POST_JSON | B_REQ_SESSION /* !HAS_SESSION & !STATELESS_EN */,\n    outcome: {\n      intent: 'unknown',\n      reason: 'POST JSON requires session.',\n      recommendation: { httpStatus: 400, message: 'Initialize required (no Mcp-Session-Id)' },\n    },\n  },\n  {\n    care: CH_MASK | B_STATEFUL_EN | B_STREAMABLE_EN,\n    match: CH_POST_JSON /* neither enabled */,\n    outcome: {\n      intent: 'unknown',\n      reason: 'JSON mode disabled.',\n      recommendation: { httpStatus: 405, message: 'JSON mode disabled' },\n    },\n  },\n  {\n    care: CH_MASK | B_HAS_SESSION | B_STATELESS_EN,\n    match: CH_POST_JSON | B_STATELESS_EN /* no session */,\n    outcome: { intent: 'stateless-http', reason: 'Stateless JSON request.' },\n  },\n  {\n    care: CH_MASK,\n    match: CH_POST_JSON,\n    outcome: { intent: 'stateful-http', reason: 'Aggregated JSON response.' },\n  },\n\n  // H) Fallback\n  {\n    care: CH_MASK,\n    match: CH_OTHER,\n    outcome: {\n      intent: 'unknown',\n      reason: 'Method/Accept not allowed.',\n      recommendation: { httpStatus: 405, message: 'Method/Accept not allowed' },\n    },\n  },\n];\n\n// --- Public API --------------------------------------------------------------\n\nexport function decideIntent(req: ServerRequest, cfg: Config): Decision {\n  const reasons: string[] = [];\n  const { key, channel, flags, init } = computeBitmap(req, cfg);\n\n  // Optional strict Accept validation for POST (incl. /message)\n  if (req.method.toUpperCase() === 'POST') {\n    const accept = h(req, 'accept');\n    const acceptsSSE = wantsSSE(accept);\n    const acceptsJSON = wantsJSON(accept) || (!accept && cfg.tolerateMissingAccept);\n    if (!acceptsSSE && !acceptsJSON) {\n      return {\n        intent: 'unknown',\n        reasons: ['Client must accept application/json or text/event-stream.'],\n        recommendation: { httpStatus: 406, message: 'Not acceptable' },\n        debug: { key, channel, flags },\n      };\n    }\n  }\n\n  for (const rule of RULES) {\n    if ((key & rule.care) === rule.match) {\n      const { reason, ...rest } = rule.outcome;\n      reasons.push(reason);\n      if (init) reasons.push('Initialize body detected.');\n      return { ...rest, reasons, debug: { key, channel, flags } };\n    }\n  }\n\n  return {\n    intent: 'unknown',\n    reasons: ['No matching rule.'],\n    recommendation: { httpStatus: 500, message: 'Unroutable request' },\n    debug: { key, channel, flags },\n  };\n}"]}

package/src/utils/index.d.ts

@@ -0,0 +1,2 @@
+export * from './decide-request-intent.utils';
+export * from './path.utils';

package/src/utils/index.js

@@ -0,0 +1,6 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const tslib_1 = require("tslib");
+tslib_1.__exportStar(require("./decide-request-intent.utils"), exports);
+tslib_1.__exportStar(require("./path.utils"), exports);
+//# sourceMappingURL=index.js.map

package/src/utils/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/utils/index.ts"],"names":[],"mappings":";;;AAAA,wEAA6C;AAC7C,uDAA4B","sourcesContent":["export * from './decide-request-intent.utils'\nexport * from './path.utils'"]}

package/src/utils/path.utils.d.ts

@@ -0,0 +1,20 @@
+import { ServerRequest } from '@frontmcp/sdk';
+export declare function trimSlashes(s: string): string;
+/** Normalize entryPath (gateway prefix) to "" or "/mcp" */
+export declare function normalizeEntryPrefix(entryPath?: string): string;
+/** Normalize a scope base (per-app or per-auth) to "" or "/app1" */
+export declare function normalizeScopeBase(scopeBase?: string): string;
+/** Join URL path segments with a single slash and no trailing slash */
+export declare function joinPath(...parts: string[]): string;
+export declare function getRequestBaseUrl(req: ServerRequest, entryPath?: string): string;
+export declare function computeIssuer(req: ServerRequest, entryPath: string, scopeBase: string): string;
+export declare function computeResource(req: ServerRequest, entryPath: string, scopeBase: string): string;
+/** Derive a safe provider id from a URL when no id is provided. */
+export declare function urlToSafeId(url: string): string;
+/**
+ * Build all path variants for a given well-known name:
+ * - reversed under root: /.well-known/<name><entryPrefix><scopeBase>
+ * - in prefix root: <entryPrefix>/.well-known/<name><scopeBase>
+ * - in prefix + scope: <entryPrefix><scopeBase>/.well-known/<name>
+ */
+export declare function makeWellKnownPaths(name: string, entryPrefix: string, scopeBase?: string): Set<string>;

package/src/utils/path.utils.js

@@ -0,0 +1,66 @@
+"use strict";
+// auth/path.utils.ts
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.trimSlashes = trimSlashes;
+exports.normalizeEntryPrefix = normalizeEntryPrefix;
+exports.normalizeScopeBase = normalizeScopeBase;
+exports.joinPath = joinPath;
+exports.getRequestBaseUrl = getRequestBaseUrl;
+exports.computeIssuer = computeIssuer;
+exports.computeResource = computeResource;
+exports.urlToSafeId = urlToSafeId;
+exports.makeWellKnownPaths = makeWellKnownPaths;
+function trimSlashes(s) {
+    return (s ?? '').replace(/^\/+|\/+$/g, '');
+}
+/** Normalize entryPath (gateway prefix) to "" or "/mcp" */
+function normalizeEntryPrefix(entryPath) {
+    const t = trimSlashes(entryPath ?? '');
+    return t ? `/${t}` : '';
+}
+/** Normalize a scope base (per-app or per-auth) to "" or "/app1" */
+function normalizeScopeBase(scopeBase) {
+    const t = trimSlashes(scopeBase ?? '');
+    return t ? `/${t}` : '';
+}
+/** Join URL path segments with a single slash and no trailing slash */
+function joinPath(...parts) {
+    const cleaned = parts.map((p) => trimSlashes(p)).filter(Boolean);
+    return cleaned.length ? `/${cleaned.join('/')}` : '';
+}
+function getRequestBaseUrl(req, entryPath) {
+    const proto = req.headers['x-forwarded-proto'] || req.protocol || 'http';
+    const host = req.headers['x-forwarded-host'] || req.headers['host'];
+    return `${proto}://${host}${entryPath ?? ''}`;
+}
+function computeIssuer(req, entryPath, scopeBase) {
+    const entryPrefix = normalizeEntryPrefix(entryPath);
+    const scope = normalizeScopeBase(scopeBase);
+    return `${getRequestBaseUrl(req)}${entryPrefix}${scope}`;
+}
+function computeResource(req, entryPath, scopeBase) {
+    const entryPrefix = normalizeEntryPrefix(entryPath);
+    const scope = normalizeScopeBase(scopeBase);
+    return `${getRequestBaseUrl(req)}${entryPrefix}${scope}`;
+}
+/** Derive a safe provider id from a URL when no id is provided. */
+function urlToSafeId(url) {
+    const u = new URL(url);
+    const raw = (u.host + (u.pathname && u.pathname !== '/' ? u.pathname : '')).replace(/\/+$/, '');
+    return trimSlashes(raw).replace(/[^a-zA-Z0-9_-]/g, '-');
+}
+/**
+ * Build all path variants for a given well-known name:
+ * - reversed under root: /.well-known/<name><entryPrefix><scopeBase>
+ * - in prefix root: <entryPrefix>/.well-known/<name><scopeBase>
+ * - in prefix + scope: <entryPrefix><scopeBase>/.well-known/<name>
+ */
+function makeWellKnownPaths(name, entryPrefix, scopeBase = '') {
+    const prefix = normalizeEntryPrefix(entryPrefix);
+    const scope = normalizeScopeBase(scopeBase);
+    const reversed = joinPath('.well-known', name) + `${prefix}${scope}`; // /.well-known/name + /mcp/app1
+    const inPrefixRoot = `${prefix}${joinPath('.well-known', name)}${scope}`; // /mcp/.well-known/name + /app1
+    const inPrefixScope = `${prefix}${scope}${joinPath('.well-known', name)}`; // /mcp/app1/.well-known/name
+    return new Set([reversed, inPrefixRoot, inPrefixScope]);
+}
+//# sourceMappingURL=path.utils.js.map

package/src/utils/path.utils.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"path.utils.js","sourceRoot":"","sources":["../../../src/utils/path.utils.ts"],"names":[],"mappings":";AAAA,qBAAqB;;AAIrB,kCAEC;AAGD,oDAGC;AAGD,gDAGC;AAGD,4BAGC;AAGD,8CAIC;AAED,sCAIC;AAED,0CAIC;AAGD,kCAIC;AAQD,gDAOC;AA7DD,SAAgB,WAAW,CAAC,CAAS;IACnC,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC;AAC7C,CAAC;AAED,2DAA2D;AAC3D,SAAgB,oBAAoB,CAAC,SAAkB;IACrD,MAAM,CAAC,GAAG,WAAW,CAAC,SAAS,IAAI,EAAE,CAAC,CAAC;IACvC,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;AAC1B,CAAC;AAED,oEAAoE;AACpE,SAAgB,kBAAkB,CAAC,SAAkB;IACnD,MAAM,CAAC,GAAG,WAAW,CAAC,SAAS,IAAI,EAAE,CAAC,CAAC;IACvC,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;AAC1B,CAAC;AAED,uEAAuE;AACvE,SAAgB,QAAQ,CAAC,GAAG,KAAe;IACzC,MAAM,OAAO,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IACjE,OAAO,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;AACvD,CAAC;AAGD,SAAgB,iBAAiB,CAAC,GAAkB,EAAE,SAAkB;IACtE,MAAM,KAAK,GAAI,GAAG,CAAC,OAAO,CAAC,mBAAmB,CAAY,IAAK,GAAW,CAAC,QAAQ,IAAI,MAAM,CAAC;IAC9F,MAAM,IAAI,GAAI,GAAG,CAAC,OAAO,CAAC,kBAAkB,CAAY,IAAI,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IAChF,OAAO,GAAG,KAAK,MAAM,IAAI,GAAG,SAAS,IAAI,EAAE,EAAE,CAAC;AAChD,CAAC;AAED,SAAgB,aAAa,CAAC,GAAkB,EAAE,SAAiB,EAAE,SAAiB;IACpF,MAAM,WAAW,GAAG,oBAAoB,CAAC,SAAS,CAAC,CAAC;IACpD,MAAM,KAAK,GAAG,kBAAkB,CAAC,SAAS,CAAC,CAAC;IAC5C,OAAO,GAAG,iBAAiB,CAAC,GAAG,CAAC,GAAG,WAAW,GAAG,KAAK,EAAE,CAAC;AAC3D,CAAC;AAED,SAAgB,eAAe,CAAC,GAAkB,EAAE,SAAiB,EAAE,SAAiB;IACtF,MAAM,WAAW,GAAG,oBAAoB,CAAC,SAAS,CAAC,CAAC;IACpD,MAAM,KAAK,GAAG,kBAAkB,CAAC,SAAS,CAAC,CAAC;IAC5C,OAAO,GAAG,iBAAiB,CAAC,GAAG,CAAC,GAAG,WAAW,GAAG,KAAK,EAAE,CAAC;AAC3D,CAAC;AAED,mEAAmE;AACnE,SAAgB,WAAW,CAAC,GAAW;IACrC,MAAM,CAAC,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;IACvB,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,QAAQ,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IAChG,OAAO,WAAW,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,iBAAiB,EAAE,GAAG,CAAC,CAAC;AAC1D,CAAC;AAED;;;;;GAKG;AACH,SAAgB,kBAAkB,CAAC,IAAY,EAAE,WAAmB,EAAE,SAAS,GAAG,EAAE;IAClF,MAAM,MAAM,GAAG,oBAAoB,CAAC,WAAW,CAAC,CAAC;IACjD,MAAM,KAAK,GAAG,kBAAkB,CAAC,SAAS,CAAC,CAAC;IAC5C,MAAM,QAAQ,GAAG,QAAQ,CAAC,aAAa,EAAE,IAAI,CAAC,GAAG,GAAG,MAAM,GAAG,KAAK,EAAE,CAAC,CAAC,gCAAgC;IACtG,MAAM,YAAY,GAAG,GAAG,MAAM,GAAG,QAAQ,CAAC,aAAa,EAAE,IAAI,CAAC,GAAG,KAAK,EAAE,CAAC,CAAC,gCAAgC;IAC1G,MAAM,aAAa,GAAG,GAAG,MAAM,GAAG,KAAK,GAAG,QAAQ,CAAC,aAAa,EAAE,IAAI,CAAC,EAAE,CAAC,CAAC,6BAA6B;IACxG,OAAO,IAAI,GAAG,CAAC,CAAC,QAAQ,EAAE,YAAY,EAAE,aAAa,CAAC,CAAC,CAAC;AAC1D,CAAC","sourcesContent":["// auth/path.utils.ts\n\nimport { ServerRequest } from '@frontmcp/sdk';\n\nexport function trimSlashes(s: string) {\n  return (s ?? '').replace(/^\\/+|\\/+$/g, '');\n}\n\n/** Normalize entryPath (gateway prefix) to \"\" or \"/mcp\" */\nexport function normalizeEntryPrefix(entryPath?: string): string {\n  const t = trimSlashes(entryPath ?? '');\n  return t ? `/${t}` : '';\n}\n\n/** Normalize a scope base (per-app or per-auth) to \"\" or \"/app1\" */\nexport function normalizeScopeBase(scopeBase?: string): string {\n  const t = trimSlashes(scopeBase ?? '');\n  return t ? `/${t}` : '';\n}\n\n/** Join URL path segments with a single slash and no trailing slash */\nexport function joinPath(...parts: string[]) {\n  const cleaned = parts.map((p) => trimSlashes(p)).filter(Boolean);\n  return cleaned.length ? `/${cleaned.join('/')}` : '';\n}\n\n\nexport function getRequestBaseUrl(req: ServerRequest, entryPath?: string) {\n  const proto = (req.headers['x-forwarded-proto'] as string) || (req as any).protocol || 'http';\n  const host = (req.headers['x-forwarded-host'] as string) || req.headers['host'];\n  return `${proto}://${host}${entryPath ?? ''}`;\n}\n\nexport function computeIssuer(req: ServerRequest, entryPath: string, scopeBase: string) {\n  const entryPrefix = normalizeEntryPrefix(entryPath);\n  const scope = normalizeScopeBase(scopeBase);\n  return `${getRequestBaseUrl(req)}${entryPrefix}${scope}`;\n}\n\nexport function computeResource(req: ServerRequest, entryPath: string, scopeBase: string) {\n  const entryPrefix = normalizeEntryPrefix(entryPath);\n  const scope = normalizeScopeBase(scopeBase);\n  return `${getRequestBaseUrl(req)}${entryPrefix}${scope}`;\n}\n\n/** Derive a safe provider id from a URL when no id is provided. */\nexport function urlToSafeId(url: string): string {\n  const u = new URL(url);\n  const raw = (u.host + (u.pathname && u.pathname !== '/' ? u.pathname : '')).replace(/\\/+$/, '');\n  return trimSlashes(raw).replace(/[^a-zA-Z0-9_-]/g, '-');\n}\n\n/**\n * Build all path variants for a given well-known name:\n * - reversed under root: /.well-known/<name><entryPrefix><scopeBase>\n * - in prefix root: <entryPrefix>/.well-known/<name><scopeBase>\n * - in prefix + scope: <entryPrefix><scopeBase>/.well-known/<name>\n */\nexport function makeWellKnownPaths(name: string, entryPrefix: string, scopeBase = '') {\n  const prefix = normalizeEntryPrefix(entryPrefix);\n  const scope = normalizeScopeBase(scopeBase);\n  const reversed = joinPath('.well-known', name) + `${prefix}${scope}`; // /.well-known/name + /mcp/app1\n  const inPrefixRoot = `${prefix}${joinPath('.well-known', name)}${scope}`; // /mcp/.well-known/name + /app1\n  const inPrefixScope = `${prefix}${scope}${joinPath('.well-known', name)}`; // /mcp/app1/.well-known/name\n  return new Set([reversed, inPrefixRoot, inPrefixScope]);\n}\n"]}