@frontmcp/sdk 0.2.3 → 0.3.0

package/src/types/options/session.options.d.ts

@@ -1,67 +0,0 @@
-import { z } from 'zod';
-export type SessionMode = 'stateful' | 'stateless';
-export type TransportIdMode = 'uuid' | 'jwt';
-export type SessionOptions = {
-    /**
-     * Defines how the session lifecycle and nested tokens are managed.
-     *
-     * Modes:
-     * - `'stateful'`: Session and nested tokens are stored in a server-side store (e.g., Redis).
-     * - `'stateless'`: All session data (including nested tokens) is embedded within a signed/encrypted JWT.
-     *
-     * **Behavior:**
-     * - When using `'stateful'`:
-     *   - Nested OAuth tokens are **never exposed** in the JWT.
-     *   - Tokens are encrypted and persisted in Redis under a session key.
-     *   - The client receives only a lightweight reference (session key) instead of full credentials.
-     *   - Results in smaller JWT payloads and reduces token leakage risk.
-     *   - Allows seamless refresh of nested provider tokens without requiring user re-authorization.
-     *   - Recommended for multi-application environments or setups using short-lived OAuth tokens.
-     *
-     * - When using `'stateless'`:
-     *   - Stores all nested tokens directly within the JWT, enabling fully client-managed sessions.
-     *   - Does **not support token refresh** — once a nested provider token expires, re-authorization is required.
-     *   - Simplifies implementation but may degrade UX when tokens are short-lived.
-     *   - Best suited for lightweight or single-application environments where token rotation is less critical.
-     *
-     * @default 'stateful'
-     */
-    sessionMode?: SessionMode | ((issuer: string) => Promise<SessionMode> | SessionMode);
-    /**
-     * Defines how the Transport ID is generated, verified, and used across sessions.
-     *
-     * Modes:
-     * - `'uuid'`: Generates a random UUID per session.
-     * - `'jwt'`: Uses a signed JWT for stateless sessions, signed with a generated session key.
-     *
-     * **Behavior: **
-     * - When using `'jwt'`:
-     *   - Requires an active Redis connection to support distributed, stateless transport sessions.
-     *   - Each token is verified using a generated public key associated with the existing session.
-     *   - Enables access to a streamable HTTP transport session ID.
-     *   - For distributed systems, verification is optimized by checking if the session is already
-     *     verified by an existing live transport ID. This allows fast validation when multiple
-     *     transports are connected to a shared queue (high-availability setup).
-     *   - If the JWT’s transport ID is not found on the current worker node, the system attempts
-     *     to connect to the corresponding remote transport in the distributed infrastructure.
-     *
-     * - When using `'uuid'`:
-     *   - Provides a strict, node-bound session transport (single-node mode).
-     *   - Each request verifies the `Authorization` header and searches for a matching transport ID
-     *     derived from the hashed authorization header and the generated transport UUID.
-     *   - If no matching transport ID is found, an error (`TransportNotInitialized`) is thrown.
-     *
-     * @default 'uuid'
-     */
-    transportIdMode?: TransportIdMode | ((issuer: string) => Promise<TransportIdMode> | TransportIdMode);
-};
-export declare const sessionOptionsSchema: z.ZodObject<{
-    sessionMode: z.ZodDefault<z.ZodOptional<z.ZodUnion<[z.ZodLiteral<"stateful">, z.ZodLiteral<"stateless">, z.ZodFunction<z.ZodTuple<[], z.ZodUnknown>, z.ZodUnknown>]>>>;
-    transportIdMode: z.ZodDefault<z.ZodOptional<z.ZodUnion<[z.ZodLiteral<"uuid">, z.ZodLiteral<"jwt">, z.ZodFunction<z.ZodTuple<[], z.ZodUnknown>, z.ZodUnknown>]>>>;
-}, "strip", z.ZodTypeAny, {
-    sessionMode: "stateful" | "stateless" | ((...args: unknown[]) => unknown);
-    transportIdMode: "uuid" | "jwt" | ((...args: unknown[]) => unknown);
-}, {
-    sessionMode?: "stateful" | "stateless" | ((...args: unknown[]) => unknown) | undefined;
-    transportIdMode?: "uuid" | "jwt" | ((...args: unknown[]) => unknown) | undefined;
-}>;

package/src/types/options/session.options.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"session.options.js","sourceRoot":"","sources":["../../../../src/types/options/session.options.ts"],"names":[],"mappings":";;;AACA,6BAAwB;AA4DX,QAAA,oBAAoB,GAAG,OAAC,CAAC,MAAM,CAAC;IAC3C,WAAW,EAAE,OAAC,CAAC,KAAK,CAClB,CAAC,OAAC,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,OAAC,CAAC,OAAO,CAAC,WAAW,CAAC,EAAE,OAAC,CAAC,QAAQ,EAAE,CAAC,CAC9D,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,WAAW,CAAC;IACjC,eAAe,EAAE,OAAC,CAAC,KAAK,CACtB,CAAC,OAAC,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,OAAC,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,OAAC,CAAC,QAAQ,EAAE,CAAC,CACpD,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC;CACS,CAAC,CAAC","sourcesContent":["import { RawZodShape } from '../common.types';\nimport { z } from 'zod';\n\nexport type SessionMode = 'stateful' | 'stateless';\nexport type TransportIdMode = 'uuid' | 'jwt';\n\nexport type SessionOptions = {\n  /**\n   * Defines how the session lifecycle and nested tokens are managed.\n   *\n   * Modes:\n   * - `'stateful'`: Session and nested tokens are stored in a server-side store (e.g., Redis).\n   * - `'stateless'`: All session data (including nested tokens) is embedded within a signed/encrypted JWT.\n   *\n   * **Behavior:**\n   * - When using `'stateful'`:\n   *   - Nested OAuth tokens are **never exposed** in the JWT.\n   *   - Tokens are encrypted and persisted in Redis under a session key.\n   *   - The client receives only a lightweight reference (session key) instead of full credentials.\n   *   - Results in smaller JWT payloads and reduces token leakage risk.\n   *   - Allows seamless refresh of nested provider tokens without requiring user re-authorization.\n   *   - Recommended for multi-application environments or setups using short-lived OAuth tokens.\n   *\n   * - When using `'stateless'`:\n   *   - Stores all nested tokens directly within the JWT, enabling fully client-managed sessions.\n   *   - Does **not support token refresh** — once a nested provider token expires, re-authorization is required.\n   *   - Simplifies implementation but may degrade UX when tokens are short-lived.\n   *   - Best suited for lightweight or single-application environments where token rotation is less critical.\n   *\n   * @default 'stateful'\n   */\n  sessionMode?: SessionMode | ((issuer: string) => Promise<SessionMode> | SessionMode);\n  /**\n   * Defines how the Transport ID is generated, verified, and used across sessions.\n   *\n   * Modes:\n   * - `'uuid'`: Generates a random UUID per session.\n   * - `'jwt'`: Uses a signed JWT for stateless sessions, signed with a generated session key.\n   *\n   * **Behavior: **\n   * - When using `'jwt'`:\n   *   - Requires an active Redis connection to support distributed, stateless transport sessions.\n   *   - Each token is verified using a generated public key associated with the existing session.\n   *   - Enables access to a streamable HTTP transport session ID.\n   *   - For distributed systems, verification is optimized by checking if the session is already\n   *     verified by an existing live transport ID. This allows fast validation when multiple\n   *     transports are connected to a shared queue (high-availability setup).\n   *   - If the JWT’s transport ID is not found on the current worker node, the system attempts\n   *     to connect to the corresponding remote transport in the distributed infrastructure.\n   *\n   * - When using `'uuid'`:\n   *   - Provides a strict, node-bound session transport (single-node mode).\n   *   - Each request verifies the `Authorization` header and searches for a matching transport ID\n   *     derived from the hashed authorization header and the generated transport UUID.\n   *   - If no matching transport ID is found, an error (`TransportNotInitialized`) is thrown.\n   *\n   * @default 'uuid'\n   */\n  transportIdMode?: TransportIdMode | ((issuer: string) => Promise<TransportIdMode> | TransportIdMode);\n};\n\nexport const sessionOptionsSchema = z.object({\n  sessionMode: z.union(\n    [z.literal('stateful'), z.literal('stateless'), z.function()],\n  ).optional().default('stateless'),\n  transportIdMode: z.union(\n    [z.literal('uuid'), z.literal('jwt'), z.function()],\n  ).optional().default('uuid'),\n} satisfies RawZodShape<SessionOptions>);"]}

package/src/utils/decide-request-intent.utils.d.ts

@@ -1,79 +0,0 @@
-import { ServerRequest } from '@frontmcp/sdk';
-import { z } from 'zod';
-export declare const intentSchema: z.ZodUnion<[z.ZodLiteral<"legacy-sse">, z.ZodLiteral<"sse">, z.ZodLiteral<"streamable-http">, z.ZodLiteral<"stateful-http">, z.ZodLiteral<"stateless-http">, z.ZodLiteral<"unknown">]>;
-export declare const decisionSchema: z.ZodObject<{
-    intent: z.ZodUnion<[z.ZodLiteral<"legacy-sse">, z.ZodLiteral<"sse">, z.ZodLiteral<"streamable-http">, z.ZodLiteral<"stateful-http">, z.ZodLiteral<"stateless-http">, z.ZodLiteral<"unknown">]>;
-    reasons: z.ZodArray<z.ZodString, "many">;
-    recommendation: z.ZodOptional<z.ZodObject<{
-        httpStatus: z.ZodNumber;
-        message: z.ZodString;
-    }, "strip", z.ZodTypeAny, {
-        message: string;
-        httpStatus: number;
-    }, {
-        message: string;
-        httpStatus: number;
-    }>>;
-    debug: z.ZodOptional<z.ZodObject<{
-        key: z.ZodNumber;
-        channel: z.ZodNumber;
-        flags: z.ZodNumber;
-    }, "strip", z.ZodTypeAny, {
-        key: number;
-        channel: number;
-        flags: number;
-    }, {
-        key: number;
-        channel: number;
-        flags: number;
-    }>>;
-}, "strip", z.ZodTypeAny, {
-    intent: "unknown" | "legacy-sse" | "sse" | "streamable-http" | "stateful-http" | "stateless-http";
-    reasons: string[];
-    recommendation?: {
-        message: string;
-        httpStatus: number;
-    } | undefined;
-    debug?: {
-        key: number;
-        channel: number;
-        flags: number;
-    } | undefined;
-}, {
-    intent: "unknown" | "legacy-sse" | "sse" | "streamable-http" | "stateful-http" | "stateless-http";
-    reasons: string[];
-    recommendation?: {
-        message: string;
-        httpStatus: number;
-    } | undefined;
-    debug?: {
-        key: number;
-        channel: number;
-        flags: number;
-    } | undefined;
-}>;
-export type HttpRequestIntent = 'legacy-sse' | 'sse' | 'streamable-http' | 'stateful-http' | 'stateless-http';
-export type Intent = HttpRequestIntent | 'unknown';
-export type Decision = {
-    intent: Intent;
-    reasons: string[];
-    recommendation?: {
-        httpStatus: number;
-        message: string;
-    };
-    debug?: {
-        key: number;
-        channel: number;
-        flags: number;
-    };
-};
-export interface Config {
-    enableLegacySSE: boolean;
-    enableSseListener: boolean;
-    enableStreamableHttp: boolean;
-    enableStatefulHttp: boolean;
-    enableStatelessHttp: boolean;
-    requireSessionForStreamable: boolean;
-    tolerateMissingAccept: boolean;
-}
-export declare function decideIntent(req: ServerRequest, cfg: Config): Decision;

package/src/utils/decide-request-intent.utils.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"decide-request-intent.utils.js","sourceRoot":"","sources":["../../../src/utils/decide-request-intent.utils.ts"],"names":[],"mappings":";;;AA2VA,oCAkCC;AA5XD,6BAAwB;AAExB,iFAAiF;AAEpE,QAAA,YAAY,GAAG,OAAC,CAAC,KAAK,CAAC;IAClC,OAAC,CAAC,OAAO,CAAC,YAAY,CAAC;IACvB,OAAC,CAAC,OAAO,CAAC,KAAK,CAAC;IAChB,OAAC,CAAC,OAAO,CAAC,iBAAiB,CAAC;IAC5B,OAAC,CAAC,OAAO,CAAC,eAAe,CAAC;IAC1B,OAAC,CAAC,OAAO,CAAC,gBAAgB,CAAC;IAC3B,OAAC,CAAC,OAAO,CAAC,SAAS,CAAC;CACrB,CAAC,CAAC;AAEU,QAAA,cAAc,GAAG,OAAC,CAAC,MAAM,CAAC;IACrC,MAAM,EAAE,oBAAY;IACpB,OAAO,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;IAC5B,cAAc,EAAE,OAAC;SACd,MAAM,CAAC;QACN,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE;QACtB,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE;KACpB,CAAC;SACD,QAAQ,EAAE;IACb,qDAAqD;IACrD,KAAK,EAAE,OAAC;SACL,MAAM,CAAC;QACN,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE;QACf,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE;QACnB,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE;KAClB,CAAC;SACD,QAAQ,EAAE;CACd,CAAC,CAAC;AA6BH;;;;;;;;;;;;;;;;;;;;gFAoBgF;AAEhF,+EAA+E;AAE/E,MAAM,QAAQ,GAAG,KAAK,CAAC;AACvB,MAAM,UAAU,GAAG,KAAK,CAAC;AACzB,MAAM,iBAAiB,GAAG,KAAK,CAAC;AAChC,MAAM,gBAAgB,GAAG,KAAK,CAAC;AAC/B,MAAM,YAAY,GAAG,KAAK,CAAC;AAC3B,MAAM,WAAW,GAAG,KAAK,CAAC;AAC1B,MAAM,eAAe,GAAG,KAAK,CAAC,CAAC,qCAAqC;AAEpE,MAAM,OAAO,GAAG,UAAU,CAAC;AAE3B,+EAA+E;AAE/E,MAAM,aAAa,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI;AAClC,MAAM,cAAc,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK;AACpC,MAAM,aAAa,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK;AACnC,MAAM,aAAa,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,wDAAwD;AACtF,MAAM,iBAAiB,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM;AACxC,MAAM,eAAe,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM;AACtC,MAAM,aAAa,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM;AACpC,MAAM,WAAW,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC,OAAO;AAEpC,gFAAgF;AAEhF,MAAM,CAAC,GAAG,CAAC,GAAkB,EAAE,IAAY,EAAE,EAAE,CAC7C,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,KAAK,IAAI,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;AAEzF,MAAM,QAAQ,GAAG,CAAC,MAAe,EAAE,EAAE,CAAC,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,mBAAmB,CAAC,CAAC;AACjG,MAAM,SAAS,GAAG,CAAC,MAAe,EAAE,EAAE,CAAC,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,kBAAkB,CAAC,CAAC;AACjG,MAAM,YAAY,GAAG,CAAC,IAAa,EAAE,EAAE,CACrC,CAAC,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAK,IAAY,CAAC,MAAM,KAAK,YAAY,CAAC;AAE9E,qDAAqD;AACrD,SAAS,MAAM,CAAC,GAAkB;IAChC,MAAM,MAAM,GAAG,GAAU,CAAC;IAC1B,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,IAAI,MAAM,CAAC,QAAQ,IAAI,MAAM,CAAC,GAAG,IAAI,GAAG,CAAC;IAChE,IAAI,CAAC;QACH,MAAM,CAAC,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,cAAc,CAAC,CAAC;QAC/C,OAAO,CAAC,CAAC,QAAQ,IAAI,GAAG,CAAC;IAC3B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,MAAM,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC;IAC1C,CAAC;AACH,CAAC;AAED,qFAAqF;AACrF,SAAS,sBAAsB,CAAC,SAAkB;IAChD,IAAI,CAAC,SAAS;QAAE,OAAO;IACvB,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,SAAS,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;QAC5D,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;QACpE,OAAO,GAAG,EAAE,aAAa,CAAC;IAC5B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO;IACT,CAAC;AACH,CAAC;AAED,gFAAgF;AAEhF,SAAS,aAAa,CAAC,GAAkB,EAAE,GAAW;IACpD,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;IACxC,MAAM,MAAM,GAAG,CAAC,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;IAChC,MAAM,SAAS,GAAG,CAAC,CAAC,GAAG,EAAE,gBAAgB,CAAC,CAAC;IAC3C,MAAM,YAAY,GAAG,CAAC,CAAC,GAAG,EAAE,cAAc,CAAC,KAAK,MAAM,CAAC;IACvD,MAAM,aAAa,GAAG,sBAAsB,CAAC,SAAS,CAAC,CAAC;IACxD,MAAM,IAAI,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC;IAEzB,MAAM,SAAS,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC;IACnC,MAAM,UAAU,GAAG,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,IAAI,GAAG,CAAC,qBAAqB,CAAC,CAAC;IAC/E,MAAM,IAAI,GAAG,MAAM,KAAK,MAAM,IAAI,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IACzD,MAAM,aAAa,GAAG,MAAM,KAAK,MAAM,IAAI,IAAI,KAAK,UAAU,CAAC;IAE/D,MAAM,OAAO,GACX,MAAM,KAAK,MAAM,IAAI,aAAa;QAChC,CAAC,CAAC,eAAe;QACjB,CAAC,CAAC,MAAM,KAAK,KAAK,IAAI,SAAS;YAC7B,CAAC,CAAC,UAAU;YACZ,CAAC,CAAC,MAAM,KAAK,MAAM,IAAI,IAAI,IAAI,SAAS;gBACtC,CAAC,CAAC,gBAAgB;gBAClB,CAAC,CAAC,MAAM,KAAK,MAAM,IAAI,IAAI,IAAI,UAAU;oBACvC,CAAC,CAAC,iBAAiB;oBACnB,CAAC,CAAC,MAAM,KAAK,MAAM,IAAI,CAAC,IAAI,IAAI,SAAS;wBACvC,CAAC,CAAC,WAAW;wBACb,CAAC,CAAC,MAAM,KAAK,MAAM,IAAI,CAAC,IAAI,IAAI,UAAU;4BACxC,CAAC,CAAC,YAAY;4BACd,CAAC,CAAC,QAAQ,CAAC;IAEzB,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,IAAI,SAAS;QAAE,KAAK,IAAI,aAAa,CAAC;IACtC,IAAI,GAAG,CAAC,mBAAmB;QAAE,KAAK,IAAI,cAAc,CAAC;IACrD,IAAI,GAAG,CAAC,2BAA2B;QAAE,KAAK,IAAI,aAAa,CAAC;IAC5D,IAAI,YAAY,IAAI,aAAa,KAAK,YAAY;QAAE,KAAK,IAAI,aAAa,CAAC,CAAC,gBAAgB;IAC5F,IAAI,GAAG,CAAC,iBAAiB;QAAE,KAAK,IAAI,iBAAiB,CAAC;IACtD,IAAI,GAAG,CAAC,oBAAoB;QAAE,KAAK,IAAI,eAAe,CAAC;IACvD,IAAI,GAAG,CAAC,kBAAkB;QAAE,KAAK,IAAI,aAAa,CAAC;IACnD,IAAI,GAAG,CAAC,eAAe;QAAE,KAAK,IAAI,WAAW,CAAC;IAE9C,OAAO,EAAE,GAAG,EAAE,CAAC,OAAO,GAAG,OAAO,CAAC,GAAG,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;AACpE,CAAC;AAUD,+EAA+E;AAE/E,MAAM,KAAK,GAAW;IACpB,oEAAoE;IACpE;QACE,IAAI,EAAE,OAAO,GAAG,aAAa,GAAG,WAAW;QAC3C,KAAK,EAAE,UAAU,GAAG,WAAW,EAAE,2DAA2D;QAC5F,OAAO,EAAE,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,8CAA8C,EAAE;KAC1F;IACD;QACE,IAAI,EAAE,OAAO,GAAG,aAAa,GAAG,WAAW;QAC3C,KAAK,EAAE,UAAU,CAAC,oCAAoC;QACtD,OAAO,EAAE;YACP,MAAM,EAAE,SAAS;YACjB,MAAM,EAAE,sBAAsB;YAC9B,cAAc,EAAE,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,qBAAqB,EAAE;SACpE;KACF;IAED,+CAA+C;IAC/C;QACE,IAAI,EAAE,OAAO,GAAG,aAAa,GAAG,WAAW;QAC3C,KAAK,EAAE,eAAe,GAAG,aAAa,GAAG,WAAW;QACpD,OAAO,EAAE,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,wDAAwD,EAAE;KACpG;IACD;QACE,IAAI,EAAE,OAAO,GAAG,aAAa,GAAG,WAAW;QAC3C,KAAK,EAAE,eAAe,GAAG,aAAa,CAAC,qBAAqB;QAC5D,OAAO,EAAE;YACP,MAAM,EAAE,SAAS;YACjB,MAAM,EAAE,oCAAoC;YAC5C,cAAc,EAAE,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,qBAAqB,EAAE;SACpE;KACF;IAED,uEAAuE;IACvE;QACE,IAAI,EAAE,OAAO,GAAG,iBAAiB,GAAG,aAAa;QACjD,KAAK,EAAE,UAAU,GAAG,aAAa,CAAC,uBAAuB;QACzD,OAAO,EAAE;YACP,MAAM,EAAE,SAAS;YACjB,MAAM,EAAE,wBAAwB;YAChC,cAAc,EAAE,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,uBAAuB,EAAE;SACtE;KACF;IACD;QACE,IAAI,EAAE,OAAO,GAAG,iBAAiB,GAAG,aAAa;QACjD,KAAK,EAAE,UAAU,GAAG,iBAAiB,GAAG,aAAa;QACrD,OAAO,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,8BAA8B,EAAE;KACnE;IAED,6BAA6B;IAC7B;QACE,IAAI,EAAE,OAAO,GAAG,eAAe;QAC/B,KAAK,EAAE,gBAAgB,CAAC,yBAAyB;QACjD,OAAO,EAAE;YACP,MAAM,EAAE,SAAS;YACjB,MAAM,EAAE,2BAA2B;YACnC,cAAc,EAAE,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,0BAA0B,EAAE;SACzE;KACF;IACD;QACE,IAAI,EAAE,OAAO,GAAG,eAAe;QAC/B,KAAK,EAAE,gBAAgB,GAAG,eAAe;QACzC,OAAO,EAAE,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,sBAAsB,EAAE;KACvE;IAED,8BAA8B;IAC9B;QACE,IAAI,EAAE,OAAO,GAAG,eAAe;QAC/B,KAAK,EAAE,iBAAiB,CAAC,yBAAyB;QAClD,OAAO,EAAE;YACP,MAAM,EAAE,SAAS;YACjB,MAAM,EAAE,qBAAqB;YAC7B,cAAc,EAAE,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,oBAAoB,EAAE;SACnE;KACF;IACD;QACE,IAAI,EAAE,OAAO,GAAG,eAAe;QAC/B,KAAK,EAAE,iBAAiB,GAAG,eAAe;QAC1C,OAAO,EAAE,EAAE,MAAM,EAAE,eAAe,EAAE,MAAM,EAAE,uBAAuB,EAAE;KACtE;IAED,yBAAyB;IACzB;QACE,IAAI,EAAE,OAAO,GAAG,aAAa,GAAG,aAAa,GAAG,cAAc;QAC9D,KAAK,EAAE,WAAW,GAAG,aAAa,CAAC,kCAAkC;QACrE,OAAO,EAAE;YACP,MAAM,EAAE,SAAS;YACjB,MAAM,EAAE,4BAA4B;YACpC,cAAc,EAAE,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,yCAAyC,EAAE;SACxF;KACF;IACD;QACE,IAAI,EAAE,OAAO,GAAG,eAAe;QAC/B,KAAK,EAAE,WAAW,CAAC,yBAAyB;QAC5C,OAAO,EAAE;YACP,MAAM,EAAE,SAAS;YACjB,MAAM,EAAE,2BAA2B;YACnC,cAAc,EAAE,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,0BAA0B,EAAE;SACzE;KACF;IACD;QACE,IAAI,EAAE,OAAO,GAAG,aAAa,GAAG,cAAc;QAC9C,KAAK,EAAE,WAAW,GAAG,cAAc,CAAC,gBAAgB;QACpD,OAAO,EAAE,EAAE,MAAM,EAAE,gBAAgB,EAAE,MAAM,EAAE,4BAA4B,EAAE;KAC5E;IACD;QACE,IAAI,EAAE,OAAO;QACb,KAAK,EAAE,WAAW;QAClB,OAAO,EAAE,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,mCAAmC,EAAE;KACpF;IAED,0BAA0B;IAC1B;QACE,IAAI,EAAE,OAAO,GAAG,aAAa,GAAG,aAAa,GAAG,cAAc;QAC9D,KAAK,EAAE,YAAY,GAAG,aAAa,CAAC,kCAAkC;QACtE,OAAO,EAAE;YACP,MAAM,EAAE,SAAS;YACjB,MAAM,EAAE,6BAA6B;YACrC,cAAc,EAAE,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,yCAAyC,EAAE;SACxF;KACF;IACD;QACE,IAAI,EAAE,OAAO,GAAG,aAAa,GAAG,eAAe;QAC/C,KAAK,EAAE,YAAY,CAAC,qBAAqB;QACzC,OAAO,EAAE;YACP,MAAM,EAAE,SAAS;YACjB,MAAM,EAAE,qBAAqB;YAC7B,cAAc,EAAE,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,oBAAoB,EAAE;SACnE;KACF;IACD;QACE,IAAI,EAAE,OAAO,GAAG,aAAa,GAAG,cAAc;QAC9C,KAAK,EAAE,YAAY,GAAG,cAAc,CAAC,gBAAgB;QACrD,OAAO,EAAE,EAAE,MAAM,EAAE,gBAAgB,EAAE,MAAM,EAAE,yBAAyB,EAAE;KACzE;IACD;QACE,IAAI,EAAE,OAAO;QACb,KAAK,EAAE,YAAY;QACnB,OAAO,EAAE,EAAE,MAAM,EAAE,eAAe,EAAE,MAAM,EAAE,2BAA2B,EAAE;KAC1E;IAED,cAAc;IACd;QACE,IAAI,EAAE,OAAO;QACb,KAAK,EAAE,QAAQ;QACf,OAAO,EAAE;YACP,MAAM,EAAE,SAAS;YACjB,MAAM,EAAE,4BAA4B;YACpC,cAAc,EAAE,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,2BAA2B,EAAE;SAC1E;KACF;CACF,CAAC;AAEF,gFAAgF;AAEhF,SAAgB,YAAY,CAAC,GAAkB,EAAE,GAAW;IAC1D,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,GAAG,aAAa,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IAE9D,8DAA8D;IAC9D,IAAI,GAAG,CAAC,MAAM,CAAC,WAAW,EAAE,KAAK,MAAM,EAAE,CAAC;QACxC,MAAM,MAAM,GAAG,CAAC,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;QAChC,MAAM,UAAU,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC;QACpC,MAAM,WAAW,GAAG,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,IAAI,GAAG,CAAC,qBAAqB,CAAC,CAAC;QAChF,IAAI,CAAC,UAAU,IAAI,CAAC,WAAW,EAAE,CAAC;YAChC,OAAO;gBACL,MAAM,EAAE,SAAS;gBACjB,OAAO,EAAE,CAAC,2DAA2D,CAAC;gBACtE,cAAc,EAAE,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,gBAAgB,EAAE;gBAC9D,KAAK,EAAE,EAAE,GAAG,EAAE,OAAO,EAAE,KAAK,EAAE;aAC/B,CAAC;QACJ,CAAC;IACH,CAAC;IAED,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,KAAK,IAAI,CAAC,KAAK,EAAE,CAAC;YACrC,MAAM,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,GAAG,IAAI,CAAC,OAAO,CAAC;YACzC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACrB,IAAI,IAAI;gBAAE,OAAO,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC;YACpD,OAAO,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,GAAG,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,CAAC;QAC9D,CAAC;IACH,CAAC;IAED,OAAO;QACL,MAAM,EAAE,SAAS;QACjB,OAAO,EAAE,CAAC,mBAAmB,CAAC;QAC9B,cAAc,EAAE,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,oBAAoB,EAAE;QAClE,KAAK,EAAE,EAAE,GAAG,EAAE,OAAO,EAAE,KAAK,EAAE;KAC/B,CAAC;AACJ,CAAC","sourcesContent":["import { ServerRequest } from '@frontmcp/sdk';\nimport { z } from 'zod';\n\n/* --------------------------------- Schemas --------------------------------- */\n\nexport const intentSchema = z.union([\n  z.literal('legacy-sse'),\n  z.literal('sse'),\n  z.literal('streamable-http'),\n  z.literal('stateful-http'),\n  z.literal('stateless-http'),\n  z.literal('unknown'),\n]);\n\nexport const decisionSchema = z.object({\n  intent: intentSchema,\n  reasons: z.array(z.string()),\n  recommendation: z\n    .object({\n      httpStatus: z.number(),\n      message: z.string(),\n    })\n    .optional(),\n  // Echo back bits for debugging/telemetry if you like\n  debug: z\n    .object({\n      key: z.number(),\n      channel: z.number(),\n      flags: z.number(),\n    })\n    .optional(),\n});\n\nexport type HttpRequestIntent =\n  | 'legacy-sse'\n  | 'sse'\n  | 'streamable-http'\n  | 'stateful-http'\n  | 'stateless-http';\n\nexport type Intent = HttpRequestIntent | 'unknown';\n\nexport type Decision = {\n  intent: Intent;\n  reasons: string[];\n  recommendation?: { httpStatus: number; message: string };\n  // Echo back bits for debugging/telemetry if you like\n  debug?: { key: number; channel: number; flags: number };\n};\n\nexport interface Config {\n  enableLegacySSE: boolean;\n  enableSseListener: boolean;\n  enableStreamableHttp: boolean;\n  enableStatefulHttp: boolean;\n  enableStatelessHttp: boolean;\n  requireSessionForStreamable: boolean;\n  tolerateMissingAccept: boolean;\n}\n\n/* ------------------------------- Bit layout ---------------------------------\n\nbits 0..2  CHANNEL\n           000 OTHER\n           001 GET_SSE                 (GET + Accept: text/event-stream)\n           010 POST_INIT_JSON          (POST initialize + Accept: application/json or default JSON)\n           011 POST_INIT_SSE           (POST initialize + Accept: text/event-stream)\n           100 POST_JSON               (POST non-init + Accept: application/json or default JSON)\n           101 POST_SSE                (POST non-init + Accept: text/event-stream)\n           110 POST_MESSAGE            (POST to /message)  ← legacy bridge\n\nbit 3      HAS_SESSION                 (Mcp-Session-Id present)\nbit 4      STATELESS_EN                (config: enableStatelessHttp)\nbit 5      REQ_SESSION                 (config: requireSessionForStreamable)\nbit 6      LEGACY_HINT                 (x-legacy-sse=true OR session.transportType=legacy-sse)\nbit 7      SSE_LISTENER_EN             (config: enableSseListener)\nbit 8      STREAMABLE_EN               (config: enableStreamableHttp)\nbit 9      STATEFUL_EN                 (config: enableStatefulHttp)\nbit 10     LEGACY_EN                   (config: enableLegacySSE)\n\n----------------------------------------------------------------------------- */\n\n// --- Channels ---------------------------------------------------------------\n\nconst CH_OTHER = 0b000;\nconst CH_GET_SSE = 0b001;\nconst CH_POST_INIT_JSON = 0b010;\nconst CH_POST_INIT_SSE = 0b011;\nconst CH_POST_JSON = 0b100;\nconst CH_POST_SSE = 0b101;\nconst CH_POST_MESSAGE = 0b110; // NEW: POST /message (legacy bridge)\n\nconst CH_MASK = 0b00000111;\n\n// --- Flags ------------------------------------------------------------------\n\nconst B_HAS_SESSION = 1 << 3; // 8\nconst B_STATELESS_EN = 1 << 4; // 16\nconst B_REQ_SESSION = 1 << 5; // 32\nconst B_LEGACY_HINT = 1 << 6; // 64 (kept for telemetry; not required by merged rules)\nconst B_SSE_LISTENER_EN = 1 << 7; // 128\nconst B_STREAMABLE_EN = 1 << 8; // 256\nconst B_STATEFUL_EN = 1 << 9; // 512\nconst B_LEGACY_EN = 1 << 10; // 1024\n\n// --- Minimal helpers ---------------------------------------------------------\n\nconst h = (req: ServerRequest, name: string) =>\n  Object.entries(req.headers).find(([k]) => k.toLowerCase() === name.toLowerCase())?.[1];\n\nconst wantsSSE = (accept?: string) => (accept ?? '').toLowerCase().includes('text/event-stream');\nconst wantsJSON = (accept?: string) => (accept ?? '').toLowerCase().includes('application/json');\nconst isInitialize = (body: unknown) =>\n  !!body && typeof body === 'object' && (body as any).method === 'initialize';\n\n// Robust path extractor (supports absolute/relative)\nfunction pathOf(req: ServerRequest): string {\n  const anyReq = req as any;\n  const raw = anyReq.path ?? anyReq.pathname ?? anyReq.url ?? '/';\n  try {\n    const u = new URL(String(raw), 'http://local');\n    return u.pathname || '/';\n  } catch {\n    return String(raw).split('?')[0] || '/';\n  }\n}\n\n/** Optionally extract transportType from base64 JSON session id, if you embed it. */\nfunction tryDecodeTransportType(sessionId?: string): string | undefined {\n  if (!sessionId) return;\n  try {\n    const b64 = sessionId.replace(/-/g, '+').replace(/_/g, '/');\n    const obj = JSON.parse(Buffer.from(b64, 'base64').toString('utf8'));\n    return obj?.transportType;\n  } catch {\n    return;\n  }\n}\n\n// --- Build the 11-bit key ----------------------------------------------------\n\nfunction computeBitmap(req: ServerRequest, cfg: Config) {\n  const method = req.method.toUpperCase();\n  const accept = h(req, 'accept');\n  const sessionId = h(req, 'mcp-session-id');\n  const legacyHeader = h(req, 'x-legacy-sse') === 'true';\n  const transportType = tryDecodeTransportType(sessionId);\n  const path = pathOf(req);\n\n  const acceptSSE = wantsSSE(accept);\n  const acceptJSON = wantsJSON(accept) || (!accept && cfg.tolerateMissingAccept);\n  const init = method === 'POST' && isInitialize(req.body);\n  const postToMessage = method === 'POST' && path === '/message';\n\n  const channel =\n    method === 'POST' && postToMessage\n      ? CH_POST_MESSAGE\n      : method === 'GET' && acceptSSE\n        ? CH_GET_SSE\n        : method === 'POST' && init && acceptSSE\n          ? CH_POST_INIT_SSE\n          : method === 'POST' && init && acceptJSON\n            ? CH_POST_INIT_JSON\n            : method === 'POST' && !init && acceptSSE\n              ? CH_POST_SSE\n              : method === 'POST' && !init && acceptJSON\n                ? CH_POST_JSON\n                : CH_OTHER;\n\n  let flags = 0;\n  if (sessionId) flags |= B_HAS_SESSION;\n  if (cfg.enableStatelessHttp) flags |= B_STATELESS_EN;\n  if (cfg.requireSessionForStreamable) flags |= B_REQ_SESSION;\n  if (legacyHeader || transportType === 'legacy-sse') flags |= B_LEGACY_HINT; // informational\n  if (cfg.enableSseListener) flags |= B_SSE_LISTENER_EN;\n  if (cfg.enableStreamableHttp) flags |= B_STREAMABLE_EN;\n  if (cfg.enableStatefulHttp) flags |= B_STATEFUL_EN;\n  if (cfg.enableLegacySSE) flags |= B_LEGACY_EN;\n\n  return { key: (channel & CH_MASK) | flags, channel, flags, init };\n}\n\n// --- Rule definition ---------------------------------------------------------\n\ntype Rule = {\n  care: number; // which bits matter\n  match: number; // the exact bit pattern to match (after masking)\n  outcome: Omit<Decision, 'reasons' | 'debug'> & { reason: string };\n};\n\n// --- Rules (merged semantics) -----------------------------------------------\n\nconst RULES: Rule[] = [\n  // A) Legacy SSE (GET SSE without session) → requires legacy enabled\n  {\n    care: CH_MASK | B_HAS_SESSION | B_LEGACY_EN,\n    match: CH_GET_SSE | B_LEGACY_EN, // HAS_SESSION must be 0; it's in 'care' but not in 'match'\n    outcome: { intent: 'legacy-sse', reason: 'GET SSE without Mcp-Session-Id → legacy SSE.' },\n  },\n  {\n    care: CH_MASK | B_HAS_SESSION | B_LEGACY_EN,\n    match: CH_GET_SSE /* legacy disabled; HAS_SESSION=0 */,\n    outcome: {\n      intent: 'unknown',\n      reason: 'Legacy SSE disabled.',\n      recommendation: { httpStatus: 405, message: 'Legacy SSE disabled' },\n    },\n  },\n\n  // B) Legacy SSE: POST /message WITH session id\n  {\n    care: CH_MASK | B_HAS_SESSION | B_LEGACY_EN,\n    match: CH_POST_MESSAGE | B_HAS_SESSION | B_LEGACY_EN,\n    outcome: { intent: 'legacy-sse', reason: 'POST /message with Mcp-Session-Id → legacy SSE bridge.' },\n  },\n  {\n    care: CH_MASK | B_HAS_SESSION | B_LEGACY_EN,\n    match: CH_POST_MESSAGE | B_HAS_SESSION /* legacy disabled */,\n    outcome: {\n      intent: 'unknown',\n      reason: 'Legacy /message endpoint disabled.',\n      recommendation: { httpStatus: 405, message: 'Legacy SSE disabled' },\n    },\n  },\n\n  // C) Modern SSE (GET SSE with session) → requires SSE listener enabled\n  {\n    care: CH_MASK | B_SSE_LISTENER_EN | B_HAS_SESSION,\n    match: CH_GET_SSE | B_HAS_SESSION /* listener disabled */,\n    outcome: {\n      intent: 'unknown',\n      reason: 'SSE listener disabled.',\n      recommendation: { httpStatus: 405, message: 'SSE listener disabled' },\n    },\n  },\n  {\n    care: CH_MASK | B_SSE_LISTENER_EN | B_HAS_SESSION,\n    match: CH_GET_SSE | B_SSE_LISTENER_EN | B_HAS_SESSION,\n    outcome: { intent: 'sse', reason: 'GET SSE with Mcp-Session-Id.' },\n  },\n\n  // D) Initialize (POST → SSE)\n  {\n    care: CH_MASK | B_STREAMABLE_EN,\n    match: CH_POST_INIT_SSE /* streamable disabled */,\n    outcome: {\n      intent: 'unknown',\n      reason: 'Streamable HTTP disabled.',\n      recommendation: { httpStatus: 405, message: 'Streamable HTTP disabled' },\n    },\n  },\n  {\n    care: CH_MASK | B_STREAMABLE_EN,\n    match: CH_POST_INIT_SSE | B_STREAMABLE_EN,\n    outcome: { intent: 'streamable-http', reason: 'Initialize with SSE.' },\n  },\n\n  // E) Initialize (POST → JSON)\n  {\n    care: CH_MASK | B_STREAMABLE_EN,\n    match: CH_POST_INIT_JSON /* streamable disabled */,\n    outcome: {\n      intent: 'unknown',\n      reason: 'JSON mode disabled.',\n      recommendation: { httpStatus: 405, message: 'JSON mode disabled' },\n    },\n  },\n  {\n    care: CH_MASK | B_STREAMABLE_EN,\n    match: CH_POST_INIT_JSON | B_STREAMABLE_EN,\n    outcome: { intent: 'stateful-http', reason: 'Initialize with JSON.' },\n  },\n\n  // F) POST non-init → SSE\n  {\n    care: CH_MASK | B_REQ_SESSION | B_HAS_SESSION | B_STATELESS_EN,\n    match: CH_POST_SSE | B_REQ_SESSION /* !HAS_SESSION & !STATELESS_EN */,\n    outcome: {\n      intent: 'unknown',\n      reason: 'POST SSE requires session.',\n      recommendation: { httpStatus: 400, message: 'Initialize required (no Mcp-Session-Id)' },\n    },\n  },\n  {\n    care: CH_MASK | B_STREAMABLE_EN,\n    match: CH_POST_SSE /* streamable disabled */,\n    outcome: {\n      intent: 'unknown',\n      reason: 'Streamable HTTP disabled.',\n      recommendation: { httpStatus: 405, message: 'Streamable HTTP disabled' },\n    },\n  },\n  {\n    care: CH_MASK | B_HAS_SESSION | B_STATELESS_EN,\n    match: CH_POST_SSE | B_STATELESS_EN /* no session */,\n    outcome: { intent: 'stateless-http', reason: 'Stateless short-lived SSE.' },\n  },\n  {\n    care: CH_MASK,\n    match: CH_POST_SSE,\n    outcome: { intent: 'streamable-http', reason: 'Short-lived SSE for this request.' },\n  },\n\n  // G) POST non-init → JSON\n  {\n    care: CH_MASK | B_REQ_SESSION | B_HAS_SESSION | B_STATELESS_EN,\n    match: CH_POST_JSON | B_REQ_SESSION /* !HAS_SESSION & !STATELESS_EN */,\n    outcome: {\n      intent: 'unknown',\n      reason: 'POST JSON requires session.',\n      recommendation: { httpStatus: 400, message: 'Initialize required (no Mcp-Session-Id)' },\n    },\n  },\n  {\n    care: CH_MASK | B_STATEFUL_EN | B_STREAMABLE_EN,\n    match: CH_POST_JSON /* neither enabled */,\n    outcome: {\n      intent: 'unknown',\n      reason: 'JSON mode disabled.',\n      recommendation: { httpStatus: 405, message: 'JSON mode disabled' },\n    },\n  },\n  {\n    care: CH_MASK | B_HAS_SESSION | B_STATELESS_EN,\n    match: CH_POST_JSON | B_STATELESS_EN /* no session */,\n    outcome: { intent: 'stateless-http', reason: 'Stateless JSON request.' },\n  },\n  {\n    care: CH_MASK,\n    match: CH_POST_JSON,\n    outcome: { intent: 'stateful-http', reason: 'Aggregated JSON response.' },\n  },\n\n  // H) Fallback\n  {\n    care: CH_MASK,\n    match: CH_OTHER,\n    outcome: {\n      intent: 'unknown',\n      reason: 'Method/Accept not allowed.',\n      recommendation: { httpStatus: 405, message: 'Method/Accept not allowed' },\n    },\n  },\n];\n\n// --- Public API --------------------------------------------------------------\n\nexport function decideIntent(req: ServerRequest, cfg: Config): Decision {\n  const reasons: string[] = [];\n  const { key, channel, flags, init } = computeBitmap(req, cfg);\n\n  // Optional strict Accept validation for POST (incl. /message)\n  if (req.method.toUpperCase() === 'POST') {\n    const accept = h(req, 'accept');\n    const acceptsSSE = wantsSSE(accept);\n    const acceptsJSON = wantsJSON(accept) || (!accept && cfg.tolerateMissingAccept);\n    if (!acceptsSSE && !acceptsJSON) {\n      return {\n        intent: 'unknown',\n        reasons: ['Client must accept application/json or text/event-stream.'],\n        recommendation: { httpStatus: 406, message: 'Not acceptable' },\n        debug: { key, channel, flags },\n      };\n    }\n  }\n\n  for (const rule of RULES) {\n    if ((key & rule.care) === rule.match) {\n      const { reason, ...rest } = rule.outcome;\n      reasons.push(reason);\n      if (init) reasons.push('Initialize body detected.');\n      return { ...rest, reasons, debug: { key, channel, flags } };\n    }\n  }\n\n  return {\n    intent: 'unknown',\n    reasons: ['No matching rule.'],\n    recommendation: { httpStatus: 500, message: 'Unroutable request' },\n    debug: { key, channel, flags },\n  };\n}"]}

package/src/utils/index.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/utils/index.ts"],"names":[],"mappings":";;;AAAA,wEAA6C;AAC7C,uDAA4B","sourcesContent":["export * from './decide-request-intent.utils'\nexport * from './path.utils'"]}

package/src/utils/path.utils.d.ts

@@ -1,20 +0,0 @@
-import { ServerRequest } from '@frontmcp/sdk';
-export declare function trimSlashes(s: string): string;
-/** Normalize entryPath (gateway prefix) to "" or "/mcp" */
-export declare function normalizeEntryPrefix(entryPath?: string): string;
-/** Normalize a scope base (per-app or per-auth) to "" or "/app1" */
-export declare function normalizeScopeBase(scopeBase?: string): string;
-/** Join URL path segments with a single slash and no trailing slash */
-export declare function joinPath(...parts: string[]): string;
-export declare function getRequestBaseUrl(req: ServerRequest, entryPath?: string): string;
-export declare function computeIssuer(req: ServerRequest, entryPath: string, scopeBase: string): string;
-export declare function computeResource(req: ServerRequest, entryPath: string, scopeBase: string): string;
-/** Derive a safe provider id from a URL when no id is provided. */
-export declare function urlToSafeId(url: string): string;
-/**
- * Build all path variants for a given well-known name:
- * - reversed under root: /.well-known/<name><entryPrefix><scopeBase>
- * - in prefix root: <entryPrefix>/.well-known/<name><scopeBase>
- * - in prefix + scope: <entryPrefix><scopeBase>/.well-known/<name>
- */
-export declare function makeWellKnownPaths(name: string, entryPrefix: string, scopeBase?: string): Set<string>;

package/src/utils/path.utils.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"path.utils.js","sourceRoot":"","sources":["../../../src/utils/path.utils.ts"],"names":[],"mappings":";AAAA,qBAAqB;;AAIrB,kCAEC;AAGD,oDAGC;AAGD,gDAGC;AAGD,4BAGC;AAGD,8CAIC;AAED,sCAIC;AAED,0CAIC;AAGD,kCAIC;AAQD,gDAOC;AA7DD,SAAgB,WAAW,CAAC,CAAS;IACnC,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC;AAC7C,CAAC;AAED,2DAA2D;AAC3D,SAAgB,oBAAoB,CAAC,SAAkB;IACrD,MAAM,CAAC,GAAG,WAAW,CAAC,SAAS,IAAI,EAAE,CAAC,CAAC;IACvC,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;AAC1B,CAAC;AAED,oEAAoE;AACpE,SAAgB,kBAAkB,CAAC,SAAkB;IACnD,MAAM,CAAC,GAAG,WAAW,CAAC,SAAS,IAAI,EAAE,CAAC,CAAC;IACvC,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;AAC1B,CAAC;AAED,uEAAuE;AACvE,SAAgB,QAAQ,CAAC,GAAG,KAAe;IACzC,MAAM,OAAO,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IACjE,OAAO,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;AACvD,CAAC;AAGD,SAAgB,iBAAiB,CAAC,GAAkB,EAAE,SAAkB;IACtE,MAAM,KAAK,GAAI,GAAG,CAAC,OAAO,CAAC,mBAAmB,CAAY,IAAK,GAAW,CAAC,QAAQ,IAAI,MAAM,CAAC;IAC9F,MAAM,IAAI,GAAI,GAAG,CAAC,OAAO,CAAC,kBAAkB,CAAY,IAAI,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IAChF,OAAO,GAAG,KAAK,MAAM,IAAI,GAAG,SAAS,IAAI,EAAE,EAAE,CAAC;AAChD,CAAC;AAED,SAAgB,aAAa,CAAC,GAAkB,EAAE,SAAiB,EAAE,SAAiB;IACpF,MAAM,WAAW,GAAG,oBAAoB,CAAC,SAAS,CAAC,CAAC;IACpD,MAAM,KAAK,GAAG,kBAAkB,CAAC,SAAS,CAAC,CAAC;IAC5C,OAAO,GAAG,iBAAiB,CAAC,GAAG,CAAC,GAAG,WAAW,GAAG,KAAK,EAAE,CAAC;AAC3D,CAAC;AAED,SAAgB,eAAe,CAAC,GAAkB,EAAE,SAAiB,EAAE,SAAiB;IACtF,MAAM,WAAW,GAAG,oBAAoB,CAAC,SAAS,CAAC,CAAC;IACpD,MAAM,KAAK,GAAG,kBAAkB,CAAC,SAAS,CAAC,CAAC;IAC5C,OAAO,GAAG,iBAAiB,CAAC,GAAG,CAAC,GAAG,WAAW,GAAG,KAAK,EAAE,CAAC;AAC3D,CAAC;AAED,mEAAmE;AACnE,SAAgB,WAAW,CAAC,GAAW;IACrC,MAAM,CAAC,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;IACvB,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,QAAQ,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IAChG,OAAO,WAAW,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,iBAAiB,EAAE,GAAG,CAAC,CAAC;AAC1D,CAAC;AAED;;;;;GAKG;AACH,SAAgB,kBAAkB,CAAC,IAAY,EAAE,WAAmB,EAAE,SAAS,GAAG,EAAE;IAClF,MAAM,MAAM,GAAG,oBAAoB,CAAC,WAAW,CAAC,CAAC;IACjD,MAAM,KAAK,GAAG,kBAAkB,CAAC,SAAS,CAAC,CAAC;IAC5C,MAAM,QAAQ,GAAG,QAAQ,CAAC,aAAa,EAAE,IAAI,CAAC,GAAG,GAAG,MAAM,GAAG,KAAK,EAAE,CAAC,CAAC,gCAAgC;IACtG,MAAM,YAAY,GAAG,GAAG,MAAM,GAAG,QAAQ,CAAC,aAAa,EAAE,IAAI,CAAC,GAAG,KAAK,EAAE,CAAC,CAAC,gCAAgC;IAC1G,MAAM,aAAa,GAAG,GAAG,MAAM,GAAG,KAAK,GAAG,QAAQ,CAAC,aAAa,EAAE,IAAI,CAAC,EAAE,CAAC,CAAC,6BAA6B;IACxG,OAAO,IAAI,GAAG,CAAC,CAAC,QAAQ,EAAE,YAAY,EAAE,aAAa,CAAC,CAAC,CAAC;AAC1D,CAAC","sourcesContent":["// auth/path.utils.ts\n\nimport { ServerRequest } from '@frontmcp/sdk';\n\nexport function trimSlashes(s: string) {\n  return (s ?? '').replace(/^\\/+|\\/+$/g, '');\n}\n\n/** Normalize entryPath (gateway prefix) to \"\" or \"/mcp\" */\nexport function normalizeEntryPrefix(entryPath?: string): string {\n  const t = trimSlashes(entryPath ?? '');\n  return t ? `/${t}` : '';\n}\n\n/** Normalize a scope base (per-app or per-auth) to \"\" or \"/app1\" */\nexport function normalizeScopeBase(scopeBase?: string): string {\n  const t = trimSlashes(scopeBase ?? '');\n  return t ? `/${t}` : '';\n}\n\n/** Join URL path segments with a single slash and no trailing slash */\nexport function joinPath(...parts: string[]) {\n  const cleaned = parts.map((p) => trimSlashes(p)).filter(Boolean);\n  return cleaned.length ? `/${cleaned.join('/')}` : '';\n}\n\n\nexport function getRequestBaseUrl(req: ServerRequest, entryPath?: string) {\n  const proto = (req.headers['x-forwarded-proto'] as string) || (req as any).protocol || 'http';\n  const host = (req.headers['x-forwarded-host'] as string) || req.headers['host'];\n  return `${proto}://${host}${entryPath ?? ''}`;\n}\n\nexport function computeIssuer(req: ServerRequest, entryPath: string, scopeBase: string) {\n  const entryPrefix = normalizeEntryPrefix(entryPath);\n  const scope = normalizeScopeBase(scopeBase);\n  return `${getRequestBaseUrl(req)}${entryPrefix}${scope}`;\n}\n\nexport function computeResource(req: ServerRequest, entryPath: string, scopeBase: string) {\n  const entryPrefix = normalizeEntryPrefix(entryPath);\n  const scope = normalizeScopeBase(scopeBase);\n  return `${getRequestBaseUrl(req)}${entryPrefix}${scope}`;\n}\n\n/** Derive a safe provider id from a URL when no id is provided. */\nexport function urlToSafeId(url: string): string {\n  const u = new URL(url);\n  const raw = (u.host + (u.pathname && u.pathname !== '/' ? u.pathname : '')).replace(/\\/+$/, '');\n  return trimSlashes(raw).replace(/[^a-zA-Z0-9_-]/g, '-');\n}\n\n/**\n * Build all path variants for a given well-known name:\n * - reversed under root: /.well-known/<name><entryPrefix><scopeBase>\n * - in prefix root: <entryPrefix>/.well-known/<name><scopeBase>\n * - in prefix + scope: <entryPrefix><scopeBase>/.well-known/<name>\n */\nexport function makeWellKnownPaths(name: string, entryPrefix: string, scopeBase = '') {\n  const prefix = normalizeEntryPrefix(entryPrefix);\n  const scope = normalizeScopeBase(scopeBase);\n  const reversed = joinPath('.well-known', name) + `${prefix}${scope}`; // /.well-known/name + /mcp/app1\n  const inPrefixRoot = `${prefix}${joinPath('.well-known', name)}${scope}`; // /mcp/.well-known/name + /app1\n  const inPrefixScope = `${prefix}${scope}${joinPath('.well-known', name)}`; // /mcp/app1/.well-known/name\n  return new Set([reversed, inPrefixRoot, inPrefixScope]);\n}\n"]}