npm - @frontmcp/sdk - Versions diffs - 0.1.0 - Mend

@frontmcp/sdk 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (353) hide show

package/README.md +11 -0
package/package.json +29 -0
package/src/constants.d.ts +30 -0
package/src/constants.js +36 -0
package/src/constants.js.map +1 -0
package/src/decorators/adapter.decorator.d.ts +7 -0
package/src/decorators/adapter.decorator.js +20 -0
package/src/decorators/adapter.decorator.js.map +1 -0
package/src/decorators/app.decorator.d.ts +7 -0
package/src/decorators/app.decorator.js +44 -0
package/src/decorators/app.decorator.js.map +1 -0
package/src/decorators/auth-provider.decorator.d.ts +7 -0
package/src/decorators/auth-provider.decorator.js +20 -0
package/src/decorators/auth-provider.decorator.js.map +1 -0
package/src/decorators/flow-hooks.decorator.d.ts +12 -0
package/src/decorators/flow-hooks.decorator.js +63 -0
package/src/decorators/flow-hooks.decorator.js.map +1 -0
package/src/decorators/flow.decorator.d.ts +6 -0
package/src/decorators/flow.decorator.js +19 -0
package/src/decorators/flow.decorator.js.map +1 -0
package/src/decorators/front-mcp.decorator.d.ts +6 -0
package/src/decorators/front-mcp.decorator.js +40 -0
package/src/decorators/front-mcp.decorator.js.map +1 -0
package/src/decorators/index.d.ts +12 -0
package/src/decorators/index.js +16 -0
package/src/decorators/index.js.map +1 -0
package/src/decorators/logger.decorator.d.ts +7 -0
package/src/decorators/logger.decorator.js +20 -0
package/src/decorators/logger.decorator.js.map +1 -0
package/src/decorators/plugin.decorator.d.ts +7 -0
package/src/decorators/plugin.decorator.js +38 -0
package/src/decorators/plugin.decorator.js.map +1 -0
package/src/decorators/prompt.decorator.d.ts +13 -0
package/src/decorators/prompt.decorator.js +38 -0
package/src/decorators/prompt.decorator.js.map +1 -0
package/src/decorators/provider.decorator.d.ts +7 -0
package/src/decorators/provider.decorator.js +20 -0
package/src/decorators/provider.decorator.js.map +1 -0
package/src/decorators/resource.decorator.d.ts +17 -0
package/src/decorators/resource.decorator.js +52 -0
package/src/decorators/resource.decorator.js.map +1 -0
package/src/decorators/tool.decorator.d.ts +14 -0
package/src/decorators/tool.decorator.js +38 -0
package/src/decorators/tool.decorator.js.map +1 -0
package/src/decorators-old/async-with.decorator.d.ts +9 -0
package/src/decorators-old/async-with.decorator.js +23 -0
package/src/decorators-old/async-with.decorator.js.map +1 -0
package/src/decorators-old/auth-hook.decorator.d.ts +14 -0
package/src/decorators-old/auth-hook.decorator.js +27 -0
package/src/decorators-old/auth-hook.decorator.js.map +1 -0
package/src/decorators-old/session-hook.decorator.d.ts +14 -0
package/src/decorators-old/session-hook.decorator.js +27 -0
package/src/decorators-old/session-hook.decorator.js.map +1 -0
package/src/decorators-old/tool-hook.decorator.d.ts +14 -0
package/src/decorators-old/tool-hook.decorator.js +27 -0
package/src/decorators-old/tool-hook.decorator.js.map +1 -0
package/src/dynamic/dynamic.adapter.d.ts +42 -0
package/src/dynamic/dynamic.adapter.js +28 -0
package/src/dynamic/dynamic.adapter.js.map +1 -0
package/src/dynamic/dynamic.plugin.d.ts +52 -0
package/src/dynamic/dynamic.plugin.js +33 -0
package/src/dynamic/dynamic.plugin.js.map +1 -0
package/src/dynamic/dynamic.utils.d.ts +3 -0
package/src/dynamic/dynamic.utils.js +27 -0
package/src/dynamic/dynamic.utils.js.map +1 -0
package/src/dynamic/index.d.ts +2 -0
package/src/dynamic/index.js +6 -0
package/src/dynamic/index.js.map +1 -0
package/src/entries/adapter.entry.d.ts +6 -0
package/src/entries/adapter.entry.js +8 -0
package/src/entries/adapter.entry.js.map +1 -0
package/src/entries/app.entry.d.ts +13 -0
package/src/entries/app.entry.js +9 -0
package/src/entries/app.entry.js.map +1 -0
package/src/entries/auth-provider.entry.d.ts +6 -0
package/src/entries/auth-provider.entry.js +8 -0
package/src/entries/auth-provider.entry.js.map +1 -0
package/src/entries/base.entry.d.ts +20 -0
package/src/entries/base.entry.js +17 -0
package/src/entries/base.entry.js.map +1 -0
package/src/entries/flow.entry.d.ts +15 -0
package/src/entries/flow.entry.js +21 -0
package/src/entries/flow.entry.js.map +1 -0
package/src/entries/index.d.ts +12 -0
package/src/entries/index.js +16 -0
package/src/entries/index.js.map +1 -0
package/src/entries/logger.entry.d.ts +6 -0
package/src/entries/logger.entry.js +8 -0
package/src/entries/logger.entry.js.map +1 -0
package/src/entries/plugin.entry.d.ts +6 -0
package/src/entries/plugin.entry.js +8 -0
package/src/entries/plugin.entry.js.map +1 -0
package/src/entries/prompt.entry.d.ts +6 -0
package/src/entries/prompt.entry.js +8 -0
package/src/entries/prompt.entry.js.map +1 -0
package/src/entries/provider.entry.d.ts +7 -0
package/src/entries/provider.entry.js +8 -0
package/src/entries/provider.entry.js.map +1 -0
package/src/entries/resource.entry.d.ts +7 -0
package/src/entries/resource.entry.js +11 -0
package/src/entries/resource.entry.js.map +1 -0
package/src/entries/scope.entry.d.ts +17 -0
package/src/entries/scope.entry.js +8 -0
package/src/entries/scope.entry.js.map +1 -0
package/src/entries/tool.entry.d.ts +15 -0
package/src/entries/tool.entry.js +11 -0
package/src/entries/tool.entry.js.map +1 -0
package/src/index.d.ts +18 -0
package/src/index.js +22 -0
package/src/index.js.map +1 -0
package/src/interfaces/adapter.interface.d.ts +20 -0
package/src/interfaces/adapter.interface.js +3 -0
package/src/interfaces/adapter.interface.js.map +1 -0
package/src/interfaces/app.interface.d.ts +6 -0
package/src/interfaces/app.interface.js +3 -0
package/src/interfaces/app.interface.js.map +1 -0
package/src/interfaces/auth-hook.interface.d.ts +126 -0
package/src/interfaces/auth-hook.interface.js +135 -0
package/src/interfaces/auth-hook.interface.js.map +1 -0
package/src/interfaces/auth-provider.interface.d.ts +22 -0
package/src/interfaces/auth-provider.interface.js +18 -0
package/src/interfaces/auth-provider.interface.js.map +1 -0
package/src/interfaces/base.interface.d.ts +77 -0
package/src/interfaces/base.interface.js +3 -0
package/src/interfaces/base.interface.js.map +1 -0
package/src/interfaces/flow.interface.d.ts +38 -0
package/src/interfaces/flow.interface.js +69 -0
package/src/interfaces/flow.interface.js.map +1 -0
package/src/interfaces/front-mcp.interface.d.ts +5 -0
package/src/interfaces/front-mcp.interface.js +3 -0
package/src/interfaces/front-mcp.interface.js.map +1 -0
package/src/interfaces/index.d.ts +15 -0
package/src/interfaces/index.js +19 -0
package/src/interfaces/index.js.map +1 -0
package/src/interfaces/internal/flow.utils.d.ts +24 -0
package/src/interfaces/internal/flow.utils.js +83 -0
package/src/interfaces/internal/flow.utils.js.map +1 -0
package/src/interfaces/internal/index.d.ts +2 -0
package/src/interfaces/internal/index.js +7 -0
package/src/interfaces/internal/index.js.map +1 -0
package/src/interfaces/internal/primary-auth-provider.interface.d.ts +24 -0
package/src/interfaces/internal/primary-auth-provider.interface.js +33 -0
package/src/interfaces/internal/primary-auth-provider.interface.js.map +1 -0
package/src/interfaces/internal/registry.interface.d.ts +71 -0
package/src/interfaces/internal/registry.interface.js +3 -0
package/src/interfaces/internal/registry.interface.js.map +1 -0
package/src/interfaces/logger.interface.d.ts +42 -0
package/src/interfaces/logger.interface.js +10 -0
package/src/interfaces/logger.interface.js.map +1 -0
package/src/interfaces/plugin.interface.d.ts +8 -0
package/src/interfaces/plugin.interface.js +3 -0
package/src/interfaces/plugin.interface.js.map +1 -0
package/src/interfaces/prompt.interface.d.ts +5 -0
package/src/interfaces/prompt.interface.js +3 -0
package/src/interfaces/prompt.interface.js.map +1 -0
package/src/interfaces/provider.interface.d.ts +20 -0
package/src/interfaces/provider.interface.js +18 -0
package/src/interfaces/provider.interface.js.map +1 -0
package/src/interfaces/resource.interface.d.ts +21 -0
package/src/interfaces/resource.interface.js +3 -0
package/src/interfaces/resource.interface.js.map +1 -0
package/src/interfaces/scope.interface.d.ts +5 -0
package/src/interfaces/scope.interface.js +3 -0
package/src/interfaces/scope.interface.js.map +1 -0
package/src/interfaces/server.interface.d.ts +46 -0
package/src/interfaces/server.interface.js +18 -0
package/src/interfaces/server.interface.js.map +1 -0
package/src/interfaces/session-hook.interface.d.ts +131 -0
package/src/interfaces/session-hook.interface.js +140 -0
package/src/interfaces/session-hook.interface.js.map +1 -0
package/src/interfaces/tool-hook.interface.d.ts +80 -0
package/src/interfaces/tool-hook.interface.js +92 -0
package/src/interfaces/tool-hook.interface.js.map +1 -0
package/src/interfaces/tool.interface.d.ts +45 -0
package/src/interfaces/tool.interface.js +89 -0
package/src/interfaces/tool.interface.js.map +1 -0
package/src/metadata/adapter.metadata.d.ts +22 -0
package/src/metadata/adapter.metadata.js +10 -0
package/src/metadata/adapter.metadata.js.map +1 -0
package/src/metadata/app.metadata.d.ts +872 -0
package/src/metadata/app.metadata.js +30 -0
package/src/metadata/app.metadata.js.map +1 -0
package/src/metadata/auth-provider.metadata.d.ts +33 -0
package/src/metadata/auth-provider.metadata.js +19 -0
package/src/metadata/auth-provider.metadata.js.map +1 -0
package/src/metadata/flow-hooks.metadata.d.ts +20 -0
package/src/metadata/flow-hooks.metadata.js +3 -0
package/src/metadata/flow-hooks.metadata.js.map +1 -0
package/src/metadata/flow.metadata.d.ts +75 -0
package/src/metadata/flow.metadata.js +15 -0
package/src/metadata/flow.metadata.js.map +1 -0
package/src/metadata/front-mcp.metadata.d.ts +1144 -0
package/src/metadata/front-mcp.metadata.js +25 -0
package/src/metadata/front-mcp.metadata.js.map +1 -0
package/src/metadata/index.d.ts +12 -0
package/src/metadata/index.js +16 -0
package/src/metadata/index.js.map +1 -0
package/src/metadata/logger.metadata.d.ts +39 -0
package/src/metadata/logger.metadata.js +10 -0
package/src/metadata/logger.metadata.js.map +1 -0
package/src/metadata/plugin.metadata.d.ts +93 -0
package/src/metadata/plugin.metadata.js +18 -0
package/src/metadata/plugin.metadata.js.map +1 -0
package/src/metadata/prompt.metadata.d.ts +226 -0
package/src/metadata/prompt.metadata.js +27 -0
package/src/metadata/prompt.metadata.js.map +1 -0
package/src/metadata/provider.metadata.d.ts +34 -0
package/src/metadata/provider.metadata.js +20 -0
package/src/metadata/provider.metadata.js.map +1 -0
package/src/metadata/resource.metadata.d.ts +199 -0
package/src/metadata/resource.metadata.js +22 -0
package/src/metadata/resource.metadata.js.map +1 -0
package/src/metadata/tool.metadata.d.ts +278 -0
package/src/metadata/tool.metadata.js +28 -0
package/src/metadata/tool.metadata.js.map +1 -0
package/src/providers/session.provider.d.ts +13 -0
package/src/providers/session.provider.js +27 -0
package/src/providers/session.provider.js.map +1 -0
package/src/records/adapter.record.d.ts +26 -0
package/src/records/adapter.record.js +11 -0
package/src/records/adapter.record.js.map +1 -0
package/src/records/app.record.d.ts +19 -0
package/src/records/app.record.js +9 -0
package/src/records/app.record.js.map +1 -0
package/src/records/auth-provider.record.d.ts +37 -0
package/src/records/auth-provider.record.js +12 -0
package/src/records/auth-provider.record.js.map +1 -0
package/src/records/flow.record.d.ts +11 -0
package/src/records/flow.record.js +8 -0
package/src/records/flow.record.js.map +1 -0
package/src/records/index.d.ts +11 -0
package/src/records/index.js +15 -0
package/src/records/index.js.map +1 -0
package/src/records/logger.record.d.ts +11 -0
package/src/records/logger.record.js +8 -0
package/src/records/logger.record.js.map +1 -0
package/src/records/plugin.record.d.ts +21 -0
package/src/records/plugin.record.js +11 -0
package/src/records/plugin.record.js.map +1 -0
package/src/records/prompt.record.d.ts +18 -0
package/src/records/prompt.record.js +9 -0
package/src/records/prompt.record.js.map +1 -0
package/src/records/provider.record.d.ts +36 -0
package/src/records/provider.record.js +14 -0
package/src/records/provider.record.js.map +1 -0
package/src/records/resource.record.d.ts +18 -0
package/src/records/resource.record.js +14 -0
package/src/records/resource.record.js.map +1 -0
package/src/records/scope.record.d.ts +18 -0
package/src/records/scope.record.js +9 -0
package/src/records/scope.record.js.map +1 -0
package/src/records/tool.record.d.ts +17 -0
package/src/records/tool.record.js +9 -0
package/src/records/tool.record.js.map +1 -0
package/src/schemas/annotated-class.schema.d.ts +11 -0
package/src/schemas/annotated-class.schema.js +40 -0
package/src/schemas/annotated-class.schema.js.map +1 -0
package/src/schemas/http-input.schema.d.ts +33 -0
package/src/schemas/http-input.schema.js +13 -0
package/src/schemas/http-input.schema.js.map +1 -0
package/src/schemas/http-output.schema.d.ts +2011 -0
package/src/schemas/http-output.schema.js +283 -0
package/src/schemas/http-output.schema.js.map +1 -0
package/src/schemas/index.d.ts +3 -0
package/src/schemas/index.js +7 -0
package/src/schemas/index.js.map +1 -0
package/src/tokens/adapter.tokens.d.ts +3 -0
package/src/tokens/adapter.tokens.js +11 -0
package/src/tokens/adapter.tokens.js.map +1 -0
package/src/tokens/app.tokens.d.ts +4 -0
package/src/tokens/app.tokens.js +30 -0
package/src/tokens/app.tokens.js.map +1 -0
package/src/tokens/auth-provider.tokens.d.ts +3 -0
package/src/tokens/auth-provider.tokens.js +12 -0
package/src/tokens/auth-provider.tokens.js.map +1 -0
package/src/tokens/base.tokens.d.ts +5 -0
package/src/tokens/base.tokens.js +9 -0
package/src/tokens/base.tokens.js.map +1 -0
package/src/tokens/flow-hook.tokens.d.ts +4 -0
package/src/tokens/flow-hook.tokens.js +9 -0
package/src/tokens/flow-hook.tokens.js.map +1 -0
package/src/tokens/flow.tokens.d.ts +11 -0
package/src/tokens/flow.tokens.js +16 -0
package/src/tokens/flow.tokens.js.map +1 -0
package/src/tokens/front-mcp.tokens.d.ts +3 -0
package/src/tokens/front-mcp.tokens.js +19 -0
package/src/tokens/front-mcp.tokens.js.map +1 -0
package/src/tokens/index.d.ts +13 -0
package/src/tokens/index.js +17 -0
package/src/tokens/index.js.map +1 -0
package/src/tokens/logger.tokens.d.ts +3 -0
package/src/tokens/logger.tokens.js +11 -0
package/src/tokens/logger.tokens.js.map +1 -0
package/src/tokens/plugin.tokens.d.ts +13 -0
package/src/tokens/plugin.tokens.js +18 -0
package/src/tokens/plugin.tokens.js.map +1 -0
package/src/tokens/prompt.tokens.d.ts +9 -0
package/src/tokens/prompt.tokens.js +14 -0
package/src/tokens/prompt.tokens.js.map +1 -0
package/src/tokens/provider.tokens.d.ts +3 -0
package/src/tokens/provider.tokens.js +12 -0
package/src/tokens/provider.tokens.js.map +1 -0
package/src/tokens/resource.tokens.d.ts +20 -0
package/src/tokens/resource.tokens.js +25 -0
package/src/tokens/resource.tokens.js.map +1 -0
package/src/tokens/server.tokens.d.ts +6 -0
package/src/tokens/server.tokens.js +11 -0
package/src/tokens/server.tokens.js.map +1 -0
package/src/tokens/tool.tokens.d.ts +13 -0
package/src/tokens/tool.tokens.js +18 -0
package/src/tokens/tool.tokens.js.map +1 -0
package/src/types/auth/index.d.ts +2 -0
package/src/types/auth/index.js +6 -0
package/src/types/auth/index.js.map +1 -0
package/src/types/auth/jwt.types.d.ts +112 -0
package/src/types/auth/jwt.types.js +36 -0
package/src/types/auth/jwt.types.js.map +1 -0
package/src/types/auth/session.types.d.ts +263 -0
package/src/types/auth/session.types.js +40 -0
package/src/types/auth/session.types.js.map +1 -0
package/src/types/common.types.d.ts +11 -0
package/src/types/common.types.js +3 -0
package/src/types/common.types.js.map +1 -0
package/src/types/index.d.ts +3 -0
package/src/types/index.js +7 -0
package/src/types/index.js.map +1 -0
package/src/types/options/auth.options.d.ts +513 -0
package/src/types/options/auth.options.js +53 -0
package/src/types/options/auth.options.js.map +1 -0
package/src/types/options/http.options.d.ts +22 -0
package/src/types/options/http.options.js +10 -0
package/src/types/options/http.options.js.map +1 -0
package/src/types/options/index.d.ts +5 -0
package/src/types/options/index.js +9 -0
package/src/types/options/index.js.map +1 -0
package/src/types/options/logging.options.d.ts +39 -0
package/src/types/options/logging.options.js +37 -0
package/src/types/options/logging.options.js.map +1 -0
package/src/types/options/server-info.options.d.ts +48 -0
package/src/types/options/server-info.options.js +13 -0
package/src/types/options/server-info.options.js.map +1 -0
package/src/types/options/session.options.d.ts +67 -0
package/src/types/options/session.options.js +9 -0
package/src/types/options/session.options.js.map +1 -0
package/src/utils/decide-request-intent.utils.d.ts +79 -0
package/src/utils/decide-request-intent.utils.js +326 -0
package/src/utils/decide-request-intent.utils.js.map +1 -0
package/src/utils/index.d.ts +2 -0
package/src/utils/index.js +6 -0
package/src/utils/index.js.map +1 -0
package/src/utils/path.utils.d.ts +20 -0
package/src/utils/path.utils.js +66 -0
package/src/utils/path.utils.js.map +1 -0

package/src/interfaces/session-hook.interface.js ADDED Viewed

@@ -0,0 +1,140 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SessionHookStage = void 0;
+/**
+ * Lifecycle stages for session invocation.
+ *
+ * Ordering notes:
+ * - "will*" stages run before the action; "did*" stages run after.
+ * - Higher `priority()` runs earlier for "will*" (outermost), and later for "did*".
+ * - Finalization stages (`willFinalize`, `willAudit`, `didAudit`, `onMetrics`) should be placed
+ *   in your plan’s `finalize` array to run on both success and error paths.
+ *
+ * Control flow:
+ * - Hooks may call `ctx.respond(value)` to short-circuit with a return value.
+ * - Hooks may call `ctx.abort(reason, code?, httpStatus?)` to stop with an error.
+ *
+ * Common context fields:
+ * - `ctx.sessionId` SecureMcp session id (== secureJwt) once created/validated.
+ * - `ctx.input`/`output` Arbitrary payloads for the current flow.
+ * - `ctx.data` Shared bag for cross-hook state.
+ * - `ctx.providers` Optional provider views if needed for UI/selection.
+ */
+var SessionHookStage;
+(function (SessionHookStage) {
+    /** Prepare a new session (or re-register an incoming secureJwt).
+     * Responsibilities:
+     * - Validate incoming token (if any); compute defaults; attach user hints.
+     * - Initialize per-session resources and attach to `ctx.data`.
+     * Failure modes:
+     * - `ctx.abort('invalid jwt', 'INVALID_SESSION', 401)`.
+     */
+    SessionHookStage["willCreateSession"] = "willCreateSession";
+    /** Session created and registered.
+     * Responsibilities:
+     * - Announce readiness (mount handlers/streams), emit side-effects if needed.
+     * - Optionally shape `ctx.output` with a `SessionContextView`.
+     */
+    SessionHookStage["didCreateSession"] = "didCreateSession";
+    /** Bind DI providers needed for this session/request.
+     * Responsibilities:
+     * - Resolve and bind providers so later hooks can `ctx.get(...)`.
+     * - May set `ctx.bindProvider/bindProviders` helpers.
+     */
+    SessionHookStage["willBindProviders"] = "willBindProviders";
+    // ---------- Auth (within a session) ----------
+    /** Signal the beginning of an auth sequence in the scope of this session.
+     * Responsibilities:
+     * - Initialize auth-related state (PKCE/state, CSRF, telemetry).
+     * - Decide transport (SSE/StreamableHTTP) for status/URL events if applicable.
+     */
+    SessionHookStage["willBeginAuth"] = "willBeginAuth";
+    /** Streamable authorization progress within the session.
+     * Responsibilities:
+     * - Emit URL/status events (e.g., “authorize_url”, “awaiting_callback”).
+     * - Optionally `ctx.respond({event: ...})` for push-style transports.
+     */
+    SessionHookStage["willAuthorize"] = "willAuthorize";
+    /** Prepare and gate the token exchange with the provider.
+     * Responsibilities:
+     * - Verify callback params; ensure prerequisites (sessionId present).
+     * - Compute exchange request; rate-limit/anti-replay checks.
+     * Failure modes:
+     * - `ctx.abort('invalid state/pkce', 'OAUTH_CALLBACK_ERROR', 400)`.
+     */
+    SessionHookStage["willExchangeToken"] = "willExchangeToken";
+    /** SecureMcp JWT has been minted/confirmed for this session.
+     * Responsibilities:
+     * - React to issuance (e.g., persist session claims, notify listeners).
+     * Notes:
+     * - Fired once the session’s secureJwt is known; avoid logging secrets.
+     */
+    SessionHookStage["didIssueSecureJwt"] = "didIssueSecureJwt";
+    /** Encrypt and store provider tokens for this session.
+     * Responsibilities:
+     * - Write encrypted blobs to the session record (per provider).
+     * - Derive minimal metadata (scopes/expiry) for later claims-only exposure.
+     */
+    SessionHookStage["willStoreTokens"] = "willStoreTokens";
+    // ---------- Access (read path) ----------
+    /** Authorize and prepare a session read.
+     * Responsibilities:
+     * - Validate access to the session; attach read-scoped providers if required.
+     * - Optionally shape a partial view before execute.
+     */
+    SessionHookStage["willGetSession"] = "willGetSession";
+    /** Post-process the session view.
+     * Responsibilities:
+     * - Redact/transform/derive fields for the final response.
+     * - Set `ctx.output` to a `SessionContextView`.
+     */
+    SessionHookStage["didGetSession"] = "didGetSession";
+    // ---------- Disposal ----------
+    /** Announce shutdown and allow flush/cleanup.
+     * Responsibilities:
+     * - Close streams, unsubscribe listeners, schedule disposers.
+     */
+    SessionHookStage["willDisposeSession"] = "willDisposeSession";
+    /** Confirm teardown and emit metrics.
+     * Responsibilities:
+     * - Final confirmation of resource release; summarize outcome.
+     */
+    SessionHookStage["didDisposeSession"] = "didDisposeSession";
+    // ---------- Finalize / audit / metrics / errors ----------
+    /** Optional “late finally” hook if you need a single place before audit/metrics.
+     * Responsibilities:
+     * - Last-chance cleanup across success/error paths (idempotent, non-throwing).
+     * Notes:
+     * - Include this stage in your plan’s `finalize` array to activate.
+     */
+    SessionHookStage["willFinalize"] = "willFinalize";
+    /** Centralized error handler.
+     * Responsibilities:
+     * - Redact sensitive data; map internal errors to public codes.
+     * - Optionally `ctx.respond({ error })` or `ctx.abort(...)`.
+     * Notes:
+     * - Should not throw; runs before audit/metrics finalize.
+     */
+    SessionHookStage["onError"] = "onError";
+    /** Pre-audit collection on both success and error paths.
+     * Responsibilities:
+     * - Build audit envelope (actor, sessionId, providers touched).
+     * - Normalize and strip secrets (no raw tokens).
+     */
+    SessionHookStage["willAudit"] = "willAudit";
+    /** Persist/emit the audit record.
+     * Responsibilities:
+     * - Write to audit sink(s) with outcome and timings.
+     * - Correlate via `ctx.requestId`/`ctx.sessionId`.
+     */
+    SessionHookStage["didAudit"] = "didAudit";
+    /** Telemetry/metrics emission for both success and errors.
+     * Responsibilities:
+     * - Counters & timings (create/get/dispose/auth/exchange/store).
+     * - Error code/tag cardinality kept small for SLOs/alerts.
+     * Constraints:
+     * - Non-throwing; must not alter control flow.
+     */
+    SessionHookStage["onMetrics"] = "onMetrics";
+})(SessionHookStage || (exports.SessionHookStage = SessionHookStage = {}));
+//# sourceMappingURL=session-hook.interface.js.map

package/src/interfaces/session-hook.interface.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"session-hook.interface.js","sourceRoot":"","sources":["../../../src/interfaces/session-hook.interface.ts"],"names":[],"mappings":";;;AAAA;;;;;;;;;;;;;;;;;;GAkBG;AACH,IAAY,gBAuIX;AAvID,WAAY,gBAAgB;IAC1B;;;;;;OAMG;IACH,2DAAuC,CAAA;IAEvC;;;;OAIG;IACH,yDAAqC,CAAA;IAErC;;;;OAIG;IACH,2DAAuC,CAAA;IAEvC,gDAAgD;IAEhD;;;;OAIG;IACH,mDAA+B,CAAA;IAE/B;;;;OAIG;IACH,mDAA+B,CAAA;IAE/B;;;;;;OAMG;IACH,2DAAuC,CAAA;IAEvC;;;;;OAKG;IACH,2DAAuC,CAAA;IAEvC;;;;OAIG;IACH,uDAAmC,CAAA;IAEnC,2CAA2C;IAE3C;;;;OAIG;IACH,qDAAiC,CAAA;IAEjC;;;;OAIG;IACH,mDAA+B,CAAA;IAE/B,iCAAiC;IAEjC;;;OAGG;IACH,6DAAyC,CAAA;IAEzC;;;OAGG;IACH,2DAAuC,CAAA;IAEvC,4DAA4D;IAE5D;;;;;OAKG;IACH,iDAA6B,CAAA;IAE7B;;;;;;OAMG;IACH,uCAAmB,CAAA;IAEnB;;;;OAIG;IACH,2CAAuB,CAAA;IAEvB;;;;OAIG;IACH,yCAAqB,CAAA;IAErB;;;;;;OAMG;IACH,2CAAuB,CAAA;AACzB,CAAC,EAvIW,gBAAgB,gCAAhB,gBAAgB,QAuI3B","sourcesContent":["/**\n * Lifecycle stages for session invocation.\n *\n * Ordering notes:\n * - \"will*\" stages run before the action; \"did*\" stages run after.\n * - Higher `priority()` runs earlier for \"will*\" (outermost), and later for \"did*\".\n * - Finalization stages (`willFinalize`, `willAudit`, `didAudit`, `onMetrics`) should be placed\n * in your plan’s `finalize` array to run on both success and error paths.\n *\n * Control flow:\n * - Hooks may call `ctx.respond(value)` to short-circuit with a return value.\n * - Hooks may call `ctx.abort(reason, code?, httpStatus?)` to stop with an error.\n *\n * Common context fields:\n * - `ctx.sessionId` SecureMcp session id (== secureJwt) once created/validated.\n * - `ctx.input`/`output` Arbitrary payloads for the current flow.\n * - `ctx.data` Shared bag for cross-hook state.\n * - `ctx.providers` Optional provider views if needed for UI/selection.\n */\nexport enum SessionHookStage {\n /** Prepare a new session (or re-register an incoming secureJwt).\n * Responsibilities:\n * - Validate incoming token (if any); compute defaults; attach user hints.\n * - Initialize per-session resources and attach to `ctx.data`.\n * Failure modes:\n * - `ctx.abort('invalid jwt', 'INVALID_SESSION', 401)`.\n */\n willCreateSession = 'willCreateSession',\n\n /** Session created and registered.\n * Responsibilities:\n * - Announce readiness (mount handlers/streams), emit side-effects if needed.\n * - Optionally shape `ctx.output` with a `SessionContextView`.\n */\n didCreateSession = 'didCreateSession',\n\n /** Bind DI providers needed for this session/request.\n * Responsibilities:\n * - Resolve and bind providers so later hooks can `ctx.get(...)`.\n * - May set `ctx.bindProvider/bindProviders` helpers.\n */\n willBindProviders = 'willBindProviders',\n\n // ---------- Auth (within a session) ----------\n\n /** Signal the beginning of an auth sequence in the scope of this session.\n * Responsibilities:\n * - Initialize auth-related state (PKCE/state, CSRF, telemetry).\n * - Decide transport (SSE/StreamableHTTP) for status/URL events if applicable.\n */\n willBeginAuth = 'willBeginAuth',\n\n /** Streamable authorization progress within the session.\n * Responsibilities:\n * - Emit URL/status events (e.g., “authorize_url”, “awaiting_callback”).\n * - Optionally `ctx.respond({event: ...})` for push-style transports.\n */\n willAuthorize = 'willAuthorize', // stream-able events (URL/status)\n\n /** Prepare and gate the token exchange with the provider.\n * Responsibilities:\n * - Verify callback params; ensure prerequisites (sessionId present).\n * - Compute exchange request; rate-limit/anti-replay checks.\n * Failure modes:\n * - `ctx.abort('invalid state/pkce', 'OAUTH_CALLBACK_ERROR', 400)`.\n */\n willExchangeToken = 'willExchangeToken',\n\n /** SecureMcp JWT has been minted/confirmed for this session.\n * Responsibilities:\n * - React to issuance (e.g., persist session claims, notify listeners).\n * Notes:\n * - Fired once the session’s secureJwt is known; avoid logging secrets.\n */\n didIssueSecureJwt = 'didIssueSecureJwt',\n\n /** Encrypt and store provider tokens for this session.\n * Responsibilities:\n * - Write encrypted blobs to the session record (per provider).\n * - Derive minimal metadata (scopes/expiry) for later claims-only exposure.\n */\n willStoreTokens = 'willStoreTokens',\n\n // ---------- Access (read path) ----------\n\n /** Authorize and prepare a session read.\n * Responsibilities:\n * - Validate access to the session; attach read-scoped providers if required.\n * - Optionally shape a partial view before execute.\n */\n willGetSession = 'willGetSession',\n\n /** Post-process the session view.\n * Responsibilities:\n * - Redact/transform/derive fields for the final response.\n * - Set `ctx.output` to a `SessionContextView`.\n */\n didGetSession = 'didGetSession',\n\n // ---------- Disposal ----------\n\n /** Announce shutdown and allow flush/cleanup.\n * Responsibilities:\n * - Close streams, unsubscribe listeners, schedule disposers.\n */\n willDisposeSession = 'willDisposeSession',\n\n /** Confirm teardown and emit metrics.\n * Responsibilities:\n * - Final confirmation of resource release; summarize outcome.\n */\n didDisposeSession = 'didDisposeSession',\n\n // ---------- Finalize / audit / metrics / errors ----------\n\n /** Optional “late finally” hook if you need a single place before audit/metrics.\n * Responsibilities:\n * - Last-chance cleanup across success/error paths (idempotent, non-throwing).\n * Notes:\n * - Include this stage in your plan’s `finalize` array to activate.\n */\n willFinalize = 'willFinalize',\n\n /** Centralized error handler.\n * Responsibilities:\n * - Redact sensitive data; map internal errors to public codes.\n * - Optionally `ctx.respond({ error })` or `ctx.abort(...)`.\n * Notes:\n * - Should not throw; runs before audit/metrics finalize.\n */\n onError = 'onError',\n\n /** Pre-audit collection on both success and error paths.\n * Responsibilities:\n * - Build audit envelope (actor, sessionId, providers touched).\n * - Normalize and strip secrets (no raw tokens).\n */\n willAudit = 'willAudit',\n\n /** Persist/emit the audit record.\n * Responsibilities:\n * - Write to audit sink(s) with outcome and timings.\n * - Correlate via `ctx.requestId`/`ctx.sessionId`.\n */\n didAudit = 'didAudit',\n\n /** Telemetry/metrics emission for both success and errors.\n * Responsibilities:\n * - Counters & timings (create/get/dispose/auth/exchange/store).\n * - Error code/tag cardinality kept small for SLOs/alerts.\n * Constraints:\n * - Non-throwing; must not alter control flow.\n */\n onMetrics = 'onMetrics',\n}\n"]}

package/src/interfaces/tool-hook.interface.d.ts ADDED Viewed

@@ -0,0 +1,80 @@
+/**
+ * Lifecycle stages for tool invocation.
+ *
+ * Ordering notes:
+ * - "will*" stages run before the action; "did*" run after.
+ * - Higher `priority()` runs earlier for "will*" (outermost for wrappers), and later for "did*".
+ * - `aroundExecute` wraps the actual execution block (including will/didExecute inside).
+ *
+ * Control flow:
+ * - Hooks may call `ctx.respond(value)` to short-circuit with a value.
+ * - Hooks may call `ctx.abort(reason, code?, httpStatus?)` to deny/stop.
+ * - Hooks may call `ctx.retryAfter(ms, reason?)` to signal backoff.
+ */
+export declare enum ToolHookStage {
+    /** Bind DI providers needed for this invocation (from ctor tokens + hook/tool `provide()`).
+     * Runs very early so later hooks can use `ctx.get(...)`. */
+    willBindProviders = "willBindProviders",
+    /** Last chance to populate/shape the invocation context (user, tenant, attrs, ids). */
+    willCreateInvokeContext = "willCreateInvokeContext",
+    /** Post-context creation; good for sanity checks, tracing decorations. */
+    didCreateInvokeContext = "didCreateInvokeContext",
+    /** Authorization gate (roles/scopes/RBAC/ABAC). May `abort()` if unauthorized. */
+    willAuthorize = "willAuthorize",
+    /** Consent gate. May `respond()` with a consent challenge or `abort()` if missing consent. */
+    willCheckConsent = "willCheckConsent",
+    /** Feature-flag gate (enable/disable per user/tenant/experiment). May `abort()`. */
+    willCheckFeatureFlags = "willCheckFeatureFlags",
+    /** Acquire rate-limit quota. May `retryAfter()` or `abort()` on exhaustion. */
+    willAcquireQuota = "willAcquireQuota",
+    /** Release rate-limit quota (best-effort; typically run in `finally`). */
+    didReleaseQuota = "didReleaseQuota",
+    /** Acquire concurrency slot/semaphore. May `retryAfter()` or `abort()`. */
+    willAcquireSemaphore = "willAcquireSemaphore",
+    /** Release concurrency slot/semaphore (best-effort). */
+    didReleaseSemaphore = "didReleaseSemaphore",
+    /** Parse/coerce raw input (types, defaults). Mutate `ctx.input` as needed. */
+    willParseInput = "willParseInput",
+    /** Validate business rules for input. May `abort()` on violations. */
+    willValidateInput = "willValidateInput",
+    /** Normalize/canonicalize input (ids → uuids, trim, sort fields, etc.). */
+    willNormalizeInput = "willNormalizeInput",
+    /** Apply DLP/minimization to input (mask/drop/hash fields). */
+    willRedactInput = "willRedactInput",
+    /** Inject credentials/secrets (tokens, API keys) into context or input. */
+    willInjectSecrets = "willInjectSecrets",
+    /** Attempt to serve from cache. May `respond(cachedValue)` to short-circuit. */
+    willReadCache = "willReadCache",
+    /** Metrics/telemetry for cache hit; typically emitted by cache plugin. */
+    didCacheHit = "didCacheHit",
+    /** Metrics/telemetry for cache miss; typically emitted by cache plugin. */
+    didCacheMiss = "didCacheMiss",
+    /** Write result to cache after successful execution. */
+    willWriteCache = "willWriteCache",
+    /** Around wrapper for execution (timeouts/retries/circuit/tracing). Must call `next()` unless short-circuiting. */
+    aroundExecute = "aroundExecute",
+    /** Right before calling the tool implementation; may mutate `ctx.input`. */
+    willExecute = "willExecute",
+    /** Right after tool returns; `ctx.output` is available for downstream hooks. */
+    didExecute = "didExecute",
+    /** Apply DLP/minimization to output (mask/drop/truncate sensitive fields). */
+    willRedactOutput = "willRedactOutput",
+    /** Validate output against business/schema rules. May `abort()` or fix. */
+    willValidateOutput = "willValidateOutput",
+    /** Transform output shape (projection/mapping/pagination). Mutate `ctx.output`. */
+    willTransformOutput = "willTransformOutput",
+    /** Called on each retry attempt by a retry wrapper (emit metrics/backoff hints). */
+    onRetry = "onRetry",
+    /** Called when retries are exhausted and execution gives up. */
+    onGiveUp = "onGiveUp",
+    /** Prepare audit payload (apply redaction) and/or write audit logs. */
+    willAudit = "willAudit",
+    /** Post-audit hook (confirm persistence, forward to sinks). */
+    didAudit = "didAudit",
+    /** Emit metrics (counters, histograms, traces). */
+    onMetrics = "onMetrics",
+    /** Error handler for unexpected failures or control errors. Can map/normalize errors. */
+    onError = "onError",
+    /** Always runs at the very end (success or error). Cleanup/releases here. */
+    willFinalizeInvoke = "willFinalizeInvoke"
+}

package/src/interfaces/tool-hook.interface.js ADDED Viewed

@@ -0,0 +1,92 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ToolHookStage = void 0;
+/**
+ * Lifecycle stages for tool invocation.
+ *
+ * Ordering notes:
+ * - "will*" stages run before the action; "did*" run after.
+ * - Higher `priority()` runs earlier for "will*" (outermost for wrappers), and later for "did*".
+ * - `aroundExecute` wraps the actual execution block (including will/didExecute inside).
+ *
+ * Control flow:
+ * - Hooks may call `ctx.respond(value)` to short-circuit with a value.
+ * - Hooks may call `ctx.abort(reason, code?, httpStatus?)` to deny/stop.
+ * - Hooks may call `ctx.retryAfter(ms, reason?)` to signal backoff.
+ */
+var ToolHookStage;
+(function (ToolHookStage) {
+    /** Bind DI providers needed for this invocation (from ctor tokens + hook/tool `provide()`).
+     * Runs very early so later hooks can use `ctx.get(...)`. */
+    ToolHookStage["willBindProviders"] = "willBindProviders";
+    /** Last chance to populate/shape the invocation context (user, tenant, attrs, ids). */
+    ToolHookStage["willCreateInvokeContext"] = "willCreateInvokeContext";
+    /** Post-context creation; good for sanity checks, tracing decorations. */
+    ToolHookStage["didCreateInvokeContext"] = "didCreateInvokeContext";
+    /** Authorization gate (roles/scopes/RBAC/ABAC). May `abort()` if unauthorized. */
+    ToolHookStage["willAuthorize"] = "willAuthorize";
+    /** Consent gate. May `respond()` with a consent challenge or `abort()` if missing consent. */
+    ToolHookStage["willCheckConsent"] = "willCheckConsent";
+    /** Feature-flag gate (enable/disable per user/tenant/experiment). May `abort()`. */
+    ToolHookStage["willCheckFeatureFlags"] = "willCheckFeatureFlags";
+    // ---------------- Capacity & Resilience ----------------
+    /** Acquire rate-limit quota. May `retryAfter()` or `abort()` on exhaustion. */
+    ToolHookStage["willAcquireQuota"] = "willAcquireQuota";
+    /** Release rate-limit quota (best-effort; typically run in `finally`). */
+    ToolHookStage["didReleaseQuota"] = "didReleaseQuota";
+    /** Acquire concurrency slot/semaphore. May `retryAfter()` or `abort()`. */
+    ToolHookStage["willAcquireSemaphore"] = "willAcquireSemaphore";
+    /** Release concurrency slot/semaphore (best-effort). */
+    ToolHookStage["didReleaseSemaphore"] = "didReleaseSemaphore";
+    // ---------------- Input shaping ----------------
+    /** Parse/coerce raw input (types, defaults). Mutate `ctx.input` as needed. */
+    ToolHookStage["willParseInput"] = "willParseInput";
+    /** Validate business rules for input. May `abort()` on violations. */
+    ToolHookStage["willValidateInput"] = "willValidateInput";
+    /** Normalize/canonicalize input (ids → uuids, trim, sort fields, etc.). */
+    ToolHookStage["willNormalizeInput"] = "willNormalizeInput";
+    /** Apply DLP/minimization to input (mask/drop/hash fields). */
+    ToolHookStage["willRedactInput"] = "willRedactInput";
+    /** Inject credentials/secrets (tokens, API keys) into context or input. */
+    ToolHookStage["willInjectSecrets"] = "willInjectSecrets";
+    // ---------------- Caching ----------------
+    /** Attempt to serve from cache. May `respond(cachedValue)` to short-circuit. */
+    ToolHookStage["willReadCache"] = "willReadCache";
+    /** Metrics/telemetry for cache hit; typically emitted by cache plugin. */
+    ToolHookStage["didCacheHit"] = "didCacheHit";
+    /** Metrics/telemetry for cache miss; typically emitted by cache plugin. */
+    ToolHookStage["didCacheMiss"] = "didCacheMiss";
+    /** Write result to cache after successful execution. */
+    ToolHookStage["willWriteCache"] = "willWriteCache";
+    // ---------------- Execution ----------------
+    /** Around wrapper for execution (timeouts/retries/circuit/tracing). Must call `next()` unless short-circuiting. */
+    ToolHookStage["aroundExecute"] = "aroundExecute";
+    /** Right before calling the tool implementation; may mutate `ctx.input`. */
+    ToolHookStage["willExecute"] = "willExecute";
+    /** Right after tool returns; `ctx.output` is available for downstream hooks. */
+    ToolHookStage["didExecute"] = "didExecute";
+    // ---------------- Output shaping ----------------
+    /** Apply DLP/minimization to output (mask/drop/truncate sensitive fields). */
+    ToolHookStage["willRedactOutput"] = "willRedactOutput";
+    /** Validate output against business/schema rules. May `abort()` or fix. */
+    ToolHookStage["willValidateOutput"] = "willValidateOutput";
+    /** Transform output shape (projection/mapping/pagination). Mutate `ctx.output`. */
+    ToolHookStage["willTransformOutput"] = "willTransformOutput";
+    // ---------------- Retry & Observability ----------------
+    /** Called on each retry attempt by a retry wrapper (emit metrics/backoff hints). */
+    ToolHookStage["onRetry"] = "onRetry";
+    /** Called when retries are exhausted and execution gives up. */
+    ToolHookStage["onGiveUp"] = "onGiveUp";
+    /** Prepare audit payload (apply redaction) and/or write audit logs. */
+    ToolHookStage["willAudit"] = "willAudit";
+    /** Post-audit hook (confirm persistence, forward to sinks). */
+    ToolHookStage["didAudit"] = "didAudit";
+    /** Emit metrics (counters, histograms, traces). */
+    ToolHookStage["onMetrics"] = "onMetrics";
+    // ---------------- Error & Finalization ----------------
+    /** Error handler for unexpected failures or control errors. Can map/normalize errors. */
+    ToolHookStage["onError"] = "onError";
+    /** Always runs at the very end (success or error). Cleanup/releases here. */
+    ToolHookStage["willFinalizeInvoke"] = "willFinalizeInvoke";
+})(ToolHookStage || (exports.ToolHookStage = ToolHookStage = {}));
+//# sourceMappingURL=tool-hook.interface.js.map

package/src/interfaces/tool-hook.interface.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"tool-hook.interface.js","sourceRoot":"","sources":["../../../src/interfaces/tool-hook.interface.ts"],"names":[],"mappings":";;;AAAA;;;;;;;;;;;;GAYG;AACH,IAAY,aA+GX;AA/GD,WAAY,aAAa;IACvB;gEAC4D;IAC5D,wDAAuC,CAAA;IAEvC,uFAAuF;IACvF,oEAAmD,CAAA;IAEnD,0EAA0E;IAC1E,kEAAiD,CAAA;IAEjD,kFAAkF;IAClF,gDAA+B,CAAA;IAE/B,8FAA8F;IAC9F,sDAAqC,CAAA;IAErC,oFAAoF;IACpF,gEAA+C,CAAA;IAE/C,0DAA0D;IAE1D,+EAA+E;IAC/E,sDAAqC,CAAA;IAErC,0EAA0E;IAC1E,oDAAmC,CAAA;IAEnC,2EAA2E;IAC3E,8DAA6C,CAAA;IAE7C,wDAAwD;IACxD,4DAA2C,CAAA;IAE3C,kDAAkD;IAElD,8EAA8E;IAC9E,kDAAiC,CAAA;IAEjC,sEAAsE;IACtE,wDAAuC,CAAA;IAEvC,2EAA2E;IAC3E,0DAAyC,CAAA;IAEzC,+DAA+D;IAC/D,oDAAmC,CAAA;IAEnC,2EAA2E;IAC3E,wDAAuC,CAAA;IAEvC,4CAA4C;IAE5C,gFAAgF;IAChF,gDAA+B,CAAA;IAE/B,0EAA0E;IAC1E,4CAA2B,CAAA;IAE3B,2EAA2E;IAC3E,8CAA6B,CAAA;IAE7B,wDAAwD;IACxD,kDAAiC,CAAA;IAEjC,8CAA8C;IAE9C,mHAAmH;IACnH,gDAA+B,CAAA;IAE/B,4EAA4E;IAC5E,4CAA2B,CAAA;IAE3B,gFAAgF;IAChF,0CAAyB,CAAA;IAEzB,mDAAmD;IAEnD,8EAA8E;IAC9E,sDAAqC,CAAA;IAErC,2EAA2E;IAC3E,0DAAyC,CAAA;IAEzC,mFAAmF;IACnF,4DAA2C,CAAA;IAE3C,0DAA0D;IAE1D,oFAAoF;IACpF,oCAAmB,CAAA;IAEnB,gEAAgE;IAChE,sCAAqB,CAAA;IAErB,uEAAuE;IACvE,wCAAuB,CAAA;IAEvB,+DAA+D;IAC/D,sCAAqB,CAAA;IAErB,mDAAmD;IACnD,wCAAuB,CAAA;IAEvB,yDAAyD;IAEzD,yFAAyF;IACzF,oCAAmB,CAAA;IAEnB,6EAA6E;IAC7E,0DAAyC,CAAA;AAC3C,CAAC,EA/GW,aAAa,6BAAb,aAAa,QA+GxB","sourcesContent":["/**\n * Lifecycle stages for tool invocation.\n *\n * Ordering notes:\n * - \"will*\" stages run before the action; \"did*\" run after.\n * - Higher `priority()` runs earlier for \"will*\" (outermost for wrappers), and later for \"did*\".\n * - `aroundExecute` wraps the actual execution block (including will/didExecute inside).\n *\n * Control flow:\n * - Hooks may call `ctx.respond(value)` to short-circuit with a value.\n * - Hooks may call `ctx.abort(reason, code?, httpStatus?)` to deny/stop.\n * - Hooks may call `ctx.retryAfter(ms, reason?)` to signal backoff.\n */\nexport enum ToolHookStage {\n /** Bind DI providers needed for this invocation (from ctor tokens + hook/tool `provide()`).\n * Runs very early so later hooks can use `ctx.get(...)`. */\n willBindProviders = 'willBindProviders',\n\n /** Last chance to populate/shape the invocation context (user, tenant, attrs, ids). */\n willCreateInvokeContext = 'willCreateInvokeContext',\n\n /** Post-context creation; good for sanity checks, tracing decorations. */\n didCreateInvokeContext = 'didCreateInvokeContext',\n\n /** Authorization gate (roles/scopes/RBAC/ABAC). May `abort()` if unauthorized. */\n willAuthorize = 'willAuthorize',\n\n /** Consent gate. May `respond()` with a consent challenge or `abort()` if missing consent. */\n willCheckConsent = 'willCheckConsent',\n\n /** Feature-flag gate (enable/disable per user/tenant/experiment). May `abort()`. */\n willCheckFeatureFlags = 'willCheckFeatureFlags',\n\n // ---------------- Capacity & Resilience ----------------\n\n /** Acquire rate-limit quota. May `retryAfter()` or `abort()` on exhaustion. */\n willAcquireQuota = 'willAcquireQuota',\n\n /** Release rate-limit quota (best-effort; typically run in `finally`). */\n didReleaseQuota = 'didReleaseQuota',\n\n /** Acquire concurrency slot/semaphore. May `retryAfter()` or `abort()`. */\n willAcquireSemaphore = 'willAcquireSemaphore',\n\n /** Release concurrency slot/semaphore (best-effort). */\n didReleaseSemaphore = 'didReleaseSemaphore',\n\n // ---------------- Input shaping ----------------\n\n /** Parse/coerce raw input (types, defaults). Mutate `ctx.input` as needed. */\n willParseInput = 'willParseInput',\n\n /** Validate business rules for input. May `abort()` on violations. */\n willValidateInput = 'willValidateInput',\n\n /** Normalize/canonicalize input (ids → uuids, trim, sort fields, etc.). */\n willNormalizeInput = 'willNormalizeInput',\n\n /** Apply DLP/minimization to input (mask/drop/hash fields). */\n willRedactInput = 'willRedactInput',\n\n /** Inject credentials/secrets (tokens, API keys) into context or input. */\n willInjectSecrets = 'willInjectSecrets',\n\n // ---------------- Caching ----------------\n\n /** Attempt to serve from cache. May `respond(cachedValue)` to short-circuit. */\n willReadCache = 'willReadCache',\n\n /** Metrics/telemetry for cache hit; typically emitted by cache plugin. */\n didCacheHit = 'didCacheHit',\n\n /** Metrics/telemetry for cache miss; typically emitted by cache plugin. */\n didCacheMiss = 'didCacheMiss',\n\n /** Write result to cache after successful execution. */\n willWriteCache = 'willWriteCache',\n\n // ---------------- Execution ----------------\n\n /** Around wrapper for execution (timeouts/retries/circuit/tracing). Must call `next()` unless short-circuiting. */\n aroundExecute = 'aroundExecute',\n\n /** Right before calling the tool implementation; may mutate `ctx.input`. */\n willExecute = 'willExecute',\n\n /** Right after tool returns; `ctx.output` is available for downstream hooks. */\n didExecute = 'didExecute',\n\n // ---------------- Output shaping ----------------\n\n /** Apply DLP/minimization to output (mask/drop/truncate sensitive fields). */\n willRedactOutput = 'willRedactOutput',\n\n /** Validate output against business/schema rules. May `abort()` or fix. */\n willValidateOutput = 'willValidateOutput',\n\n /** Transform output shape (projection/mapping/pagination). Mutate `ctx.output`. */\n willTransformOutput = 'willTransformOutput',\n\n // ---------------- Retry & Observability ----------------\n\n /** Called on each retry attempt by a retry wrapper (emit metrics/backoff hints). */\n onRetry = 'onRetry',\n\n /** Called when retries are exhausted and execution gives up. */\n onGiveUp = 'onGiveUp',\n\n /** Prepare audit payload (apply redaction) and/or write audit logs. */\n willAudit = 'willAudit',\n\n /** Post-audit hook (confirm persistence, forward to sinks). */\n didAudit = 'didAudit',\n\n /** Emit metrics (counters, histograms, traces). */\n onMetrics = 'onMetrics',\n\n // ---------------- Error & Finalization ----------------\n\n /** Error handler for unexpected failures or control errors. Can map/normalize errors. */\n onError = 'onError',\n\n /** Always runs at the very end (success or error). Cleanup/releases here. */\n willFinalizeInvoke = 'willFinalizeInvoke',\n}\n"]}

package/src/interfaces/tool.interface.d.ts ADDED Viewed

@@ -0,0 +1,45 @@
+import { FuncType, Token, Type } from "./base.interface";
+import { ProviderRegistryInterface } from "./internal";
+import { ToolMetadata } from "../metadata";
+import { FrontMcpLogger } from "./logger.interface";
+import { URL } from "url";
+export type ToolType<T = any> = Type<T> | FuncType<T>;
+type HistoryEntry<T> = {
+    at: number;
+    stage?: string;
+    value: T | undefined;
+    note?: string;
+};
+export declare abstract class ToolContext<In, Out> {
+    private providers;
+    private session;
+    protected readonly runId: string;
+    protected readonly toolId: string;
+    protected readonly toolName: string;
+    protected readonly metadata: ToolMetadata;
+    protected readonly logger: FrontMcpLogger;
+    protected activeStage: string;
+    private _rawInput?;
+    private _input?;
+    private _outputDraft?;
+    private _output?;
+    private _error?;
+    private readonly _inputHistory;
+    private readonly _outputHistory;
+    constructor(metadata: ToolMetadata, input: In, providers: ProviderRegistryInterface, logger: FrontMcpLogger, session: any);
+    abstract execute(input: In): Promise<Out>;
+    get<T>(token: Token<T>): T;
+    tryGet<T>(token: Token<T>): T | undefined;
+    get input(): In;
+    set input(v: In | undefined);
+    get inputHistory(): ReadonlyArray<HistoryEntry<In>>;
+    get output(): Out | undefined;
+    set output(v: Out | undefined);
+    get outputHistory(): ReadonlyArray<HistoryEntry<Out>>;
+    protected respond(value: Out): never;
+    /** Fail the run (invoker will run error/finalize). */
+    protected fail(err: Error): never;
+    mark(stage: string): void;
+    fetch(input: RequestInfo | URL, init?: RequestInit): Promise<Response>;
+}
+export {};

package/src/interfaces/tool.interface.js ADDED Viewed

@@ -0,0 +1,89 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ToolContext = void 0;
+const crypto_1 = require("crypto");
+const flow_interface_1 = require("./flow.interface");
+class ToolContext {
+    providers;
+    session; // TODO: type this
+    runId;
+    toolId;
+    toolName;
+    metadata;
+    logger;
+    activeStage;
+    // ---- INPUT storages (backing fields)
+    _rawInput;
+    _input;
+    // ---- OUTPUT storages (backing fields)
+    _outputDraft;
+    _output;
+    _error;
+    // ---- histories
+    _inputHistory = [];
+    _outputHistory = [];
+    constructor(metadata, input, providers, logger, session) {
+        this.runId = (0, crypto_1.randomUUID)();
+        this.toolName = metadata.name;
+        this.toolId = metadata.id ?? metadata.name;
+        this.metadata = metadata;
+        this._input = input;
+        this.providers = providers;
+        this.logger = logger.child(`tool:${this.toolId}`);
+        this.session = session;
+    }
+    get(token) {
+        return this.providers.get(token);
+    }
+    tryGet(token) {
+        try {
+            return this.providers.get(token);
+        }
+        catch (e) {
+            this.logger.warn("Requesting provider that doesn't exist: ", token);
+            return undefined;
+        }
+    }
+    get input() {
+        return this._input;
+    }
+    set input(v) {
+        this._input = v;
+        this._inputHistory.push({
+            at: Date.now(),
+            stage: this.activeStage,
+            value: v,
+        });
+    }
+    get inputHistory() {
+        return this._inputHistory;
+    }
+    get output() {
+        return this._output;
+    }
+    set output(v) {
+        this._output = v;
+        this._outputHistory.push({ at: Date.now(), stage: this.activeStage, value: v, });
+    }
+    get outputHistory() {
+        return this._outputHistory;
+    }
+    respond(value) {
+        // record validated output and surface the value via control flow
+        this.output = value;
+        flow_interface_1.FlowControl.respond(value);
+    }
+    /** Fail the run (invoker will run error/finalize). */
+    fail(err) {
+        this._error = err;
+        flow_interface_1.FlowControl.fail(err);
+    }
+    mark(stage) {
+        this.activeStage = stage;
+    }
+    fetch(input, init) {
+        return this.session.fetch(input, init);
+    }
+}
+exports.ToolContext = ToolContext;
+//# sourceMappingURL=tool.interface.js.map

package/src/interfaces/tool.interface.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"tool.interface.js","sourceRoot":"","sources":["../../../src/interfaces/tool.interface.ts"],"names":[],"mappings":";;;AAAA,mCAAkC;AAKlC,qDAA6C;AAc7C,MAAsB,WAAW;IACvB,SAAS,CAA4B;IACrC,OAAO,CAAM,CAAC,kBAAkB;IAErB,KAAK,CAAS;IACd,MAAM,CAAS;IACf,QAAQ,CAAS;IACjB,QAAQ,CAAe;IACvB,MAAM,CAAiB;IAEhC,WAAW,CAAS;IAE9B,uCAAuC;IAC/B,SAAS,CAAqB;IAC9B,MAAM,CAAM;IAEpB,wCAAwC;IAChC,YAAY,CAAsB;IAClC,OAAO,CAAO;IAEd,MAAM,CAAS;IAEvB,iBAAiB;IACA,aAAa,GAAuB,EAAE,CAAC;IACvC,cAAc,GAAwB,EAAE,CAAC;IAG1D,YAAY,QAAsB,EAAE,KAAS,EAAE,SAAoC,EAAE,MAAsB,EAAE,OAAY;QACvH,IAAI,CAAC,KAAK,GAAG,IAAA,mBAAU,GAAE,CAAC;QAC1B,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC,IAAI,CAAC;QAC9B,IAAI,CAAC,MAAM,GAAG,QAAQ,CAAC,EAAE,IAAI,QAAQ,CAAC,IAAI,CAAC;QAC3C,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC;QACpB,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;QAC3B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,QAAQ,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;QAClD,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;IACzB,CAAC;IAID,GAAG,CAAI,KAAe;QACpB,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IACnC,CAAC;IAED,MAAM,CAAI,KAAe;QACvB,IAAI,CAAC;YACH,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACnC,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,0CAA0C,EAAE,KAAK,CAAC,CAAC;YACpE,OAAO,SAAS,CAAC;QACnB,CAAC;IACH,CAAC;IAED,IAAW,KAAK;QACd,OAAO,IAAI,CAAC,MAAY,CAAC;IAC3B,CAAC;IAED,IAAW,KAAK,CAAC,CAAiB;QAChC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC;QAChB,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC;YACtB,EAAE,EAAE,IAAI,CAAC,GAAG,EAAE;YACd,KAAK,EAAE,IAAI,CAAC,WAAW;YACvB,KAAK,EAAE,CAAC;SACT,CAAC,CAAC;IACL,CAAC;IAED,IAAW,YAAY;QACrB,OAAO,IAAI,CAAC,aAAa,CAAC;IAC5B,CAAC;IAED,IAAW,MAAM;QACf,OAAO,IAAI,CAAC,OAAO,CAAC;IACtB,CAAC;IAED,IAAW,MAAM,CAAC,CAAkB;QAClC,IAAI,CAAC,OAAO,GAAG,CAAC,CAAC;QACjB,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,EAAC,EAAE,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,KAAK,EAAE,IAAI,CAAC,WAAW,EAAE,KAAK,EAAE,CAAC,GAAE,CAAC,CAAC;IACjF,CAAC;IAED,IAAW,aAAa;QACtB,OAAO,IAAI,CAAC,cAAc,CAAC;IAC7B,CAAC;IAES,OAAO,CAAC,KAAU;QAC1B,iEAAiE;QACjE,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC;QACpB,4BAAW,CAAC,OAAO,CAAM,KAAK,CAAC,CAAC;IAClC,CAAC;IAED,sDAAsD;IAC5C,IAAI,CAAC,GAAU;QACvB,IAAI,CAAC,MAAM,GAAG,GAAG,CAAC;QAClB,4BAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACxB,CAAC;IAED,IAAI,CAAC,KAAa;QAChB,IAAI,CAAC,WAAW,GAAG,KAAK,CAAC;IAC3B,CAAC;IAED,KAAK,CAAC,KAAwB,EAAE,IAAkB;QAChD,OAAO,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;IACzC,CAAC;CACF;AAtGD,kCAsGC","sourcesContent":["import {randomUUID} from \"crypto\";\nimport {FuncType, Token, Type} from \"./base.interface\";\nimport {ProviderRegistryInterface} from \"./internal\";\nimport {ToolMetadata} from \"../metadata\";\nimport {FrontMcpLogger} from \"./logger.interface\";\nimport {FlowControl} from \"./flow.interface\";\nimport {URL} from \"url\";\n\nexport type ToolType<T = any> =\n | Type<T>\n | FuncType<T>\n\ntype HistoryEntry<T> = {\n at: number;\n stage?: string;\n value: T | undefined;\n note?: string;\n};\n\nexport abstract class ToolContext<In, Out> {\n private providers: ProviderRegistryInterface;\n private session: any; // TODO: type this\n\n protected readonly runId: string;\n protected readonly toolId: string;\n protected readonly toolName: string;\n protected readonly metadata: ToolMetadata;\n protected readonly logger: FrontMcpLogger;\n\n protected activeStage: string;\n\n // ---- INPUT storages (backing fields)\n private _rawInput?: Partial<In> | any;\n private _input?: In;\n\n // ---- OUTPUT storages (backing fields)\n private _outputDraft?: Partial<Out> | any;\n private _output?: Out;\n\n private _error?: Error;\n\n // ---- histories\n private readonly _inputHistory: HistoryEntry<In>[] = [];\n private readonly _outputHistory: HistoryEntry<Out>[] = [];\n\n\n constructor(metadata: ToolMetadata, input: In, providers: ProviderRegistryInterface, logger: FrontMcpLogger, session: any) {\n this.runId = randomUUID();\n this.toolName = metadata.name;\n this.toolId = metadata.id ?? metadata.name;\n this.metadata = metadata;\n this._input = input;\n this.providers = providers;\n this.logger = logger.child(`tool:${this.toolId}`);\n this.session = session;\n }\n\n abstract execute(input: In): Promise<Out>;\n\n get<T>(token: Token<T>): T {\n return this.providers.get(token);\n }\n\n tryGet<T>(token: Token<T>): T | undefined {\n try {\n return this.providers.get(token);\n } catch (e) {\n this.logger.warn(\"Requesting provider that doesn't exist: \", token);\n return undefined;\n }\n }\n\n public get input(): In {\n return this._input as In;\n }\n\n public set input(v: In | undefined) {\n this._input = v;\n this._inputHistory.push({\n at: Date.now(),\n stage: this.activeStage,\n value: v,\n });\n }\n\n public get inputHistory(): ReadonlyArray<HistoryEntry<In>> {\n return this._inputHistory;\n }\n\n public get output(): Out | undefined {\n return this._output;\n }\n\n public set output(v: Out | undefined) {\n this._output = v;\n this._outputHistory.push({at: Date.now(), stage: this.activeStage, value: v,});\n }\n\n public get outputHistory(): ReadonlyArray<HistoryEntry<Out>> {\n return this._outputHistory;\n }\n\n protected respond(value: Out): never {\n // record validated output and surface the value via control flow\n this.output = value;\n FlowControl.respond<Out>(value);\n }\n\n /** Fail the run (invoker will run error/finalize). */\n protected fail(err: Error): never {\n this._error = err;\n FlowControl.fail(err);\n }\n\n mark(stage: string): void {\n this.activeStage = stage;\n }\n\n fetch(input: RequestInfo | URL, init?: RequestInit): Promise<Response> {\n return this.session.fetch(input, init);\n }\n}\n\n"]}

package/src/metadata/adapter.metadata.d.ts ADDED Viewed

@@ -0,0 +1,22 @@
+import { z } from 'zod';
+/**
+ * Declarative metadata describing what a FrontMcpAdapter contributes at app scope.
+ */
+export interface AdapterMetadata {
+    id?: string;
+    name: string;
+    description?: string;
+}
+export declare const frontMcpAdapterMetadataSchema: z.ZodObject<{
+    id: z.ZodOptional<z.ZodString>;
+    name: z.ZodString;
+    description: z.ZodOptional<z.ZodString>;
+}, "passthrough", z.ZodTypeAny, z.objectOutputType<{
+    id: z.ZodOptional<z.ZodString>;
+    name: z.ZodString;
+    description: z.ZodOptional<z.ZodString>;
+}, z.ZodTypeAny, "passthrough">, z.objectInputType<{
+    id: z.ZodOptional<z.ZodString>;
+    name: z.ZodString;
+    description: z.ZodOptional<z.ZodString>;
+}, z.ZodTypeAny, "passthrough">>;

package/src/metadata/adapter.metadata.js ADDED Viewed

@@ -0,0 +1,10 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.frontMcpAdapterMetadataSchema = void 0;
+const zod_1 = require("zod");
+exports.frontMcpAdapterMetadataSchema = zod_1.z.object({
+    id: zod_1.z.string().optional(),
+    name: zod_1.z.string().min(1),
+    description: zod_1.z.string().optional(),
+}).passthrough();
+//# sourceMappingURL=adapter.metadata.js.map

package/src/metadata/adapter.metadata.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"adapter.metadata.js","sourceRoot":"","sources":["../../../src/metadata/adapter.metadata.ts"],"names":[],"mappings":";;;AAAA,6BAAwB;AAcX,QAAA,6BAA6B,GAAG,OAAC,CAAC,MAAM,CAAC;IACpD,EAAE,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACzB,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACvB,WAAW,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACI,CAAC,CAAC,WAAW,EAAE,CAAC","sourcesContent":["import { z } from 'zod';\nimport { RawZodShape } from '../types';\n\n\n/**\n * Declarative metadata describing what a FrontMcpAdapter contributes at app scope.\n */\nexport interface AdapterMetadata {\n id?: string;\n name: string;\n description?: string;\n}\n\n\nexport const frontMcpAdapterMetadataSchema = z.object({\n id: z.string().optional(),\n name: z.string().min(1),\n description: z.string().optional(),\n} satisfies RawZodShape<AdapterMetadata>).passthrough();\n"]}