npm - @frontmcp/sdk - Versions diffs - 0.4.0 → 0.5.0 - Mend

@frontmcp/sdk 0.4.0 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (558) hide show

package/README.md +30 -18
package/package.json +20 -5
package/src/app/app.registry.d.ts +3 -2
package/src/app/app.registry.js +3 -1
package/src/app/app.registry.js.map +1 -1
package/src/app/instances/app.local.instance.js +2 -2
package/src/app/instances/app.local.instance.js.map +1 -1
package/src/auth/auth.registry.d.ts +34 -2
package/src/auth/auth.registry.js +162 -24
package/src/auth/auth.registry.js.map +1 -1
package/src/auth/auth.utils.js +8 -9
package/src/auth/auth.utils.js.map +1 -1
package/src/auth/authorization/authorization.class.d.ts +125 -0
package/src/auth/authorization/authorization.class.js +224 -0
package/src/auth/authorization/authorization.class.js.map +1 -0
package/src/auth/authorization/authorization.types.d.ts +300 -0
package/src/auth/authorization/authorization.types.js +79 -0
package/src/auth/authorization/authorization.types.js.map +1 -0
package/src/auth/authorization/index.d.ts +5 -0
package/src/auth/authorization/index.js +19 -0
package/src/auth/authorization/index.js.map +1 -0
package/src/auth/authorization/orchestrated.authorization.d.ts +242 -0
package/src/auth/authorization/orchestrated.authorization.js +306 -0
package/src/auth/authorization/orchestrated.authorization.js.map +1 -0
package/src/auth/authorization/public.authorization.d.ts +91 -0
package/src/auth/authorization/public.authorization.js +132 -0
package/src/auth/authorization/public.authorization.js.map +1 -0
package/src/auth/authorization/transparent.authorization.d.ts +130 -0
package/src/auth/authorization/transparent.authorization.js +147 -0
package/src/auth/authorization/transparent.authorization.js.map +1 -0
package/src/auth/consent/consent.types.d.ts +111 -0
package/src/auth/consent/consent.types.js +119 -0
package/src/auth/consent/consent.types.js.map +1 -0
package/src/auth/consent/index.d.ts +1 -0
package/src/auth/consent/index.js +13 -0
package/src/auth/consent/index.js.map +1 -0
package/src/auth/detection/auth-provider-detection.d.ts +84 -0
package/src/auth/detection/auth-provider-detection.js +230 -0
package/src/auth/detection/auth-provider-detection.js.map +1 -0
package/src/auth/detection/index.d.ts +1 -0
package/src/auth/detection/index.js +15 -0
package/src/auth/detection/index.js.map +1 -0
package/src/auth/flows/auth.verify.flow.d.ts +110 -0
package/src/auth/flows/auth.verify.flow.js +379 -0
package/src/auth/flows/auth.verify.flow.js.map +1 -0
package/src/auth/flows/oauth.authorize.flow.d.ts +118 -164
package/src/auth/flows/oauth.authorize.flow.js +701 -33
package/src/auth/flows/oauth.authorize.flow.js.map +1 -1
package/src/auth/flows/oauth.callback.flow.d.ts +117 -0
package/src/auth/flows/oauth.callback.flow.js +357 -0
package/src/auth/flows/oauth.callback.flow.js.map +1 -0
package/src/auth/flows/oauth.register.flow.d.ts +32 -125
package/src/auth/flows/oauth.token.flow.d.ts +52 -154
package/src/auth/flows/oauth.token.flow.js +193 -55
package/src/auth/flows/oauth.token.flow.js.map +1 -1
package/src/auth/flows/session.verify.flow.d.ts +66 -321
package/src/auth/flows/session.verify.flow.js +107 -18
package/src/auth/flows/session.verify.flow.js.map +1 -1
package/src/auth/flows/well-known.jwks.flow.d.ts +34 -205
package/src/auth/flows/well-known.jwks.flow.js +15 -8
package/src/auth/flows/well-known.jwks.flow.js.map +1 -1
package/src/auth/flows/well-known.oauth-authorization-server.flow.d.ts +48 -223
package/src/auth/flows/well-known.oauth-authorization-server.flow.js +2 -3
package/src/auth/flows/well-known.oauth-authorization-server.flow.js.map +1 -1
package/src/auth/flows/well-known.prm.flow.d.ts +19 -120
package/src/auth/flows/well-known.prm.flow.js +3 -4
package/src/auth/flows/well-known.prm.flow.js.map +1 -1
package/src/auth/instances/instance.local-primary-auth.d.ts +91 -4
package/src/auth/instances/instance.local-primary-auth.js +236 -6
package/src/auth/instances/instance.local-primary-auth.js.map +1 -1
package/src/auth/instances/instance.remote-primary-auth.d.ts +4 -3
package/src/auth/instances/instance.remote-primary-auth.js +2 -2
package/src/auth/instances/instance.remote-primary-auth.js.map +1 -1
package/src/auth/session/authorization-vault.d.ts +611 -0
package/src/auth/session/authorization-vault.js +817 -0
package/src/auth/session/authorization-vault.js.map +1 -0
package/src/auth/session/authorization.store.d.ts +301 -0
package/src/auth/session/authorization.store.js +323 -0
package/src/auth/session/authorization.store.js.map +1 -0
package/src/auth/session/encrypted-authorization-vault.d.ts +181 -0
package/src/auth/session/encrypted-authorization-vault.js +493 -0
package/src/auth/session/encrypted-authorization-vault.js.map +1 -0
package/src/auth/session/index.d.ts +4 -4
package/src/auth/session/index.js +11 -7
package/src/auth/session/index.js.map +1 -1
package/src/auth/session/session.schema.d.ts +1 -1
package/src/auth/session/session.service.d.ts +1 -1
package/src/auth/session/transport-session.manager.d.ts +101 -0
package/src/auth/session/transport-session.manager.js +300 -0
package/src/auth/session/transport-session.manager.js.map +1 -0
package/src/auth/session/transport-session.types.d.ts +457 -0
package/src/auth/session/transport-session.types.js +110 -0
package/src/auth/session/transport-session.types.js.map +1 -0
package/src/auth/session/utils/session-id.utils.d.ts +14 -2
package/src/auth/session/utils/session-id.utils.js +68 -19
package/src/auth/session/utils/session-id.utils.js.map +1 -1
package/src/auth/session/vault-encryption.d.ts +189 -0
package/src/auth/session/vault-encryption.js +263 -0
package/src/auth/session/vault-encryption.js.map +1 -0
package/src/auth/ui/base-layout.d.ts +188 -0
package/src/auth/ui/base-layout.js +292 -0
package/src/auth/ui/base-layout.js.map +1 -0
package/src/auth/ui/htmx-templates.d.ts +135 -0
package/src/auth/ui/htmx-templates.js +433 -0
package/src/auth/ui/htmx-templates.js.map +1 -0
package/src/auth/ui/index.d.ts +11 -0
package/src/auth/ui/index.js +35 -0
package/src/auth/ui/index.js.map +1 -0
package/src/auth/utils/audience.validator.d.ts +129 -0
package/src/auth/utils/audience.validator.js +196 -0
package/src/auth/utils/audience.validator.js.map +1 -0
package/src/auth/utils/index.d.ts +2 -0
package/src/auth/utils/index.js +7 -0
package/src/auth/utils/index.js.map +1 -0
package/src/auth/utils/www-authenticate.utils.d.ts +97 -0
package/src/auth/utils/www-authenticate.utils.js +183 -0
package/src/auth/utils/www-authenticate.utils.js.map +1 -0
package/src/common/common.schema.d.ts +2 -16
package/src/common/constants.d.ts +3 -0
package/src/common/constants.js +6 -1
package/src/common/constants.js.map +1 -1
package/src/common/decorators/decorator-utils.d.ts +131 -0
package/src/common/decorators/decorator-utils.js +195 -0
package/src/common/decorators/decorator-utils.js.map +1 -0
package/src/common/decorators/front-mcp.decorator.js +3 -2
package/src/common/decorators/front-mcp.decorator.js.map +1 -1
package/src/common/decorators/hook.decorator.d.ts +58 -2
package/src/common/decorators/hook.decorator.js +127 -17
package/src/common/decorators/hook.decorator.js.map +1 -1
package/src/common/decorators/plugin.decorator.d.ts +1 -1
package/src/common/decorators/plugin.decorator.js +11 -10
package/src/common/decorators/plugin.decorator.js.map +1 -1
package/src/common/decorators/resource.decorator.d.ts +32 -3
package/src/common/decorators/resource.decorator.js +46 -4
package/src/common/decorators/resource.decorator.js.map +1 -1
package/src/common/decorators/tool.decorator.d.ts +54 -5
package/src/common/decorators/tool.decorator.js.map +1 -1
package/src/common/dynamic/dynamic.plugin.d.ts +22 -11
package/src/common/dynamic/dynamic.plugin.js +7 -1
package/src/common/dynamic/dynamic.plugin.js.map +1 -1
package/src/common/entries/prompt.entry.d.ts +46 -2
package/src/common/entries/prompt.entry.js +10 -0
package/src/common/entries/prompt.entry.js.map +1 -1
package/src/common/entries/resource.entry.d.ts +69 -6
package/src/common/entries/resource.entry.js +27 -3
package/src/common/entries/resource.entry.js.map +1 -1
package/src/common/entries/scope.entry.d.ts +5 -1
package/src/common/entries/scope.entry.js +3 -3
package/src/common/entries/scope.entry.js.map +1 -1
package/src/common/flow/flow.utils.d.ts +56 -0
package/src/common/flow/flow.utils.js +96 -0
package/src/common/flow/flow.utils.js.map +1 -0
package/src/common/index.d.ts +2 -2
package/src/common/index.js +2 -2
package/src/common/index.js.map +1 -1
package/src/common/interfaces/execution-context.interface.d.ts +59 -0
package/src/common/interfaces/execution-context.interface.js +81 -0
package/src/common/interfaces/execution-context.interface.js.map +1 -0
package/src/common/interfaces/flow.interface.d.ts +1 -1
package/src/common/interfaces/flow.interface.js.map +1 -1
package/src/common/interfaces/index.d.ts +1 -0
package/src/common/interfaces/index.js +1 -0
package/src/common/interfaces/index.js.map +1 -1
package/src/common/interfaces/internal/primary-auth-provider.interface.d.ts +17 -2
package/src/common/interfaces/internal/primary-auth-provider.interface.js +52 -4
package/src/common/interfaces/internal/primary-auth-provider.interface.js.map +1 -1
package/src/common/interfaces/internal/registry.interface.d.ts +16 -2
package/src/common/interfaces/internal/registry.interface.js.map +1 -1
package/src/common/interfaces/plugin.interface.js.map +1 -1
package/src/common/interfaces/prompt.interface.d.ts +53 -4
package/src/common/interfaces/prompt.interface.js +78 -0
package/src/common/interfaces/prompt.interface.js.map +1 -1
package/src/common/interfaces/resource.interface.d.ts +47 -17
package/src/common/interfaces/resource.interface.js +53 -0
package/src/common/interfaces/resource.interface.js.map +1 -1
package/src/common/interfaces/tool.interface.d.ts +39 -22
package/src/common/interfaces/tool.interface.js +61 -34
package/src/common/interfaces/tool.interface.js.map +1 -1
package/src/common/metadata/adapter.metadata.d.ts +1 -9
package/src/common/metadata/app.metadata.d.ts +425 -730
package/src/common/metadata/auth-provider.metadata.d.ts +2 -12
package/src/common/metadata/flow.metadata.d.ts +10 -25
package/src/common/metadata/front-mcp.metadata.d.ts +602 -1023
package/src/common/metadata/front-mcp.metadata.js +6 -4
package/src/common/metadata/front-mcp.metadata.js.map +1 -1
package/src/common/metadata/hook.metadata.d.ts +1 -1
package/src/common/metadata/hook.metadata.js.map +1 -1
package/src/common/metadata/index.d.ts +1 -0
package/src/common/metadata/index.js +1 -0
package/src/common/metadata/index.js.map +1 -1
package/src/common/metadata/logger.metadata.d.ts +1 -9
package/src/common/metadata/plugin.metadata.d.ts +8 -30
package/src/common/metadata/prompt.metadata.d.ts +4 -161
package/src/common/metadata/provider.metadata.d.ts +2 -12
package/src/common/metadata/resource.metadata.d.ts +6 -98
package/src/common/metadata/resource.metadata.js +15 -6
package/src/common/metadata/resource.metadata.js.map +1 -1
package/src/common/metadata/tool-ui.metadata.d.ts +10 -0
package/src/common/metadata/tool-ui.metadata.js +12 -0
package/src/common/metadata/tool-ui.metadata.js.map +1 -0
package/src/common/metadata/tool.metadata.d.ts +78 -199
package/src/common/metadata/tool.metadata.js +11 -14
package/src/common/metadata/tool.metadata.js.map +1 -1
package/src/common/providers/base-config.provider.d.ts +84 -0
package/src/common/providers/base-config.provider.js +128 -0
package/src/common/providers/base-config.provider.js.map +1 -0
package/src/common/records/plugin.record.d.ts +5 -6
package/src/common/records/plugin.record.js.map +1 -1
package/src/common/records/prompt.record.js.map +1 -1
package/src/common/records/resource.record.d.ts +17 -1
package/src/common/records/resource.record.js +12 -6
package/src/common/records/resource.record.js.map +1 -1
package/src/common/records/tool.record.js.map +1 -1
package/src/common/schemas/annotated-class.schema.d.ts +9 -9
package/src/common/schemas/annotated-class.schema.js +92 -27
package/src/common/schemas/annotated-class.schema.js.map +1 -1
package/src/common/schemas/http-input.schema.d.ts +6 -30
package/src/common/schemas/http-output.schema.d.ts +326 -1630
package/src/common/schemas/http-output.schema.js +39 -1
package/src/common/schemas/http-output.schema.js.map +1 -1
package/src/common/tokens/front-mcp.tokens.js +4 -1
package/src/common/tokens/front-mcp.tokens.js.map +1 -1
package/src/common/tokens/resource.tokens.d.ts +2 -0
package/src/common/tokens/resource.tokens.js +4 -1
package/src/common/tokens/resource.tokens.js.map +1 -1
package/src/common/tokens/tool.tokens.d.ts +2 -0
package/src/common/tokens/tool.tokens.js +2 -0
package/src/common/tokens/tool.tokens.js.map +1 -1
package/src/common/types/auth/jwt.types.d.ts +5 -31
package/src/common/types/auth/session.types.d.ts +97 -192
package/src/common/types/auth/session.types.js +24 -11
package/src/common/types/auth/session.types.js.map +1 -1
package/src/common/types/options/auth.options.d.ts +1013 -490
package/src/common/types/options/auth.options.js +554 -36
package/src/common/types/options/auth.options.js.map +1 -1
package/src/common/types/options/http.options.d.ts +1 -9
package/src/common/types/options/logging.options.d.ts +7 -13
package/src/common/types/options/logging.options.js +4 -0
package/src/common/types/options/logging.options.js.map +1 -1
package/src/common/types/options/server-info.options.d.ts +3 -31
package/src/common/types/options/session.options.d.ts +90 -10
package/src/common/types/options/session.options.js +26 -3
package/src/common/types/options/session.options.js.map +1 -1
package/src/common/utils/decide-request-intent.utils.d.ts +8 -46
package/src/common/utils/decide-request-intent.utils.js +88 -23
package/src/common/utils/decide-request-intent.utils.js.map +1 -1
package/src/completion/flows/complete.flow.d.ts +74 -0
package/src/completion/flows/complete.flow.js +199 -0
package/src/completion/flows/complete.flow.js.map +1 -0
package/src/errors/authorization-required.error.d.ts +189 -0
package/src/errors/authorization-required.error.js +274 -0
package/src/errors/authorization-required.error.js.map +1 -0
package/src/errors/index.d.ts +2 -1
package/src/errors/index.js +17 -1
package/src/errors/index.js.map +1 -1
package/src/errors/mcp.error.d.ts +101 -1
package/src/errors/mcp.error.js +147 -2
package/src/errors/mcp.error.js.map +1 -1
package/src/flows/flow.instance.js +4 -3
package/src/flows/flow.instance.js.map +1 -1
package/src/flows/flow.registry.js.map +1 -1
package/src/flows/flow.stages.js +14 -11
package/src/flows/flow.stages.js.map +1 -1
package/src/front-mcp/front-mcp.providers.d.ts +464 -102
package/src/front-mcp/front-mcp.providers.js +3 -5
package/src/front-mcp/front-mcp.providers.js.map +1 -1
package/src/hooks/hook.instance.d.ts +1 -1
package/src/hooks/hook.instance.js +5 -2
package/src/hooks/hook.instance.js.map +1 -1
package/src/hooks/hook.registry.js +7 -5
package/src/hooks/hook.registry.js.map +1 -1
package/src/index.d.ts +28 -9
package/src/index.js +5 -1
package/src/index.js.map +1 -1
package/src/logger/instances/instance.logger.js +3 -2
package/src/logger/instances/instance.logger.js.map +1 -1
package/src/logger/logger.registry.js +7 -2
package/src/logger/logger.registry.js.map +1 -1
package/src/logging/flows/set-level.flow.d.ts +62 -0
package/src/logging/flows/set-level.flow.js +108 -0
package/src/logging/flows/set-level.flow.js.map +1 -0
package/src/mcp-apps/csp.d.ts +111 -0
package/src/mcp-apps/csp.js +267 -0
package/src/mcp-apps/csp.js.map +1 -0
package/src/mcp-apps/index.d.ts +23 -0
package/src/mcp-apps/index.js +91 -0
package/src/mcp-apps/index.js.map +1 -0
package/src/mcp-apps/schemas.d.ts +403 -0
package/src/mcp-apps/schemas.js +345 -0
package/src/mcp-apps/schemas.js.map +1 -0
package/src/mcp-apps/template.d.ts +94 -0
package/src/mcp-apps/template.js +419 -0
package/src/mcp-apps/template.js.map +1 -0
package/src/mcp-apps/types.d.ts +323 -0
package/src/mcp-apps/types.js +59 -0
package/src/mcp-apps/types.js.map +1 -0
package/src/notification/index.d.ts +1 -0
package/src/notification/index.js +13 -0
package/src/notification/index.js.map +1 -0
package/src/notification/notification.service.d.ts +378 -0
package/src/notification/notification.service.js +727 -0
package/src/notification/notification.service.js.map +1 -0
package/src/plugin/plugin.registry.js +12 -9
package/src/plugin/plugin.registry.js.map +1 -1
package/src/prompt/flows/get-prompt.flow.d.ts +153 -0
package/src/prompt/flows/get-prompt.flow.js +214 -0
package/src/prompt/flows/get-prompt.flow.js.map +1 -0
package/src/prompt/flows/prompts-list.flow.d.ts +67 -0
package/src/prompt/flows/prompts-list.flow.js +176 -0
package/src/prompt/flows/prompts-list.flow.js.map +1 -0
package/src/prompt/index.d.ts +7 -0
package/src/prompt/index.js +17 -0
package/src/prompt/index.js.map +1 -0
package/src/prompt/prompt.events.d.ts +17 -0
package/src/prompt/prompt.events.js +25 -0
package/src/prompt/prompt.events.js.map +1 -0
package/src/prompt/prompt.instance.d.ts +30 -0
package/src/prompt/prompt.instance.js +120 -0
package/src/prompt/prompt.instance.js.map +1 -0
package/src/prompt/prompt.registry.d.ts +79 -12
package/src/prompt/prompt.registry.js +360 -15
package/src/prompt/prompt.registry.js.map +1 -1
package/src/prompt/prompt.types.d.ts +26 -0
package/src/prompt/prompt.types.js +11 -0
package/src/prompt/prompt.types.js.map +1 -0
package/src/prompt/prompt.utils.d.ts +26 -0
package/src/prompt/prompt.utils.js +136 -0
package/src/prompt/prompt.utils.js.map +1 -0
package/src/provider/provider.registry.d.ts +12 -5
package/src/provider/provider.registry.js +30 -138
package/src/provider/provider.registry.js.map +1 -1
package/src/regsitry/registry.base.d.ts +1 -1
package/src/regsitry/registry.base.js.map +1 -1
package/src/resource/flows/read-resource.flow.d.ts +91 -0
package/src/resource/flows/read-resource.flow.js +270 -0
package/src/resource/flows/read-resource.flow.js.map +1 -0
package/src/resource/flows/resource-templates-list.flow.d.ts +64 -0
package/src/resource/flows/resource-templates-list.flow.js +191 -0
package/src/resource/flows/resource-templates-list.flow.js.map +1 -0
package/src/resource/flows/resources-list.flow.d.ts +64 -0
package/src/resource/flows/resources-list.flow.js +196 -0
package/src/resource/flows/resources-list.flow.js.map +1 -0
package/src/resource/flows/subscribe-resource.flow.d.ts +45 -0
package/src/resource/flows/subscribe-resource.flow.js +123 -0
package/src/resource/flows/subscribe-resource.flow.js.map +1 -0
package/src/resource/flows/unsubscribe-resource.flow.d.ts +44 -0
package/src/resource/flows/unsubscribe-resource.flow.js +107 -0
package/src/resource/flows/unsubscribe-resource.flow.js.map +1 -0
package/src/resource/index.d.ts +8 -0
package/src/resource/index.js +20 -0
package/src/resource/index.js.map +1 -0
package/src/resource/resource.events.d.ts +24 -0
package/src/resource/resource.events.js +17 -0
package/src/resource/resource.events.js.map +1 -0
package/src/resource/resource.instance.d.ts +35 -0
package/src/resource/resource.instance.js +163 -0
package/src/resource/resource.instance.js.map +1 -0
package/src/resource/resource.registry.d.ts +106 -12
package/src/resource/resource.registry.js +449 -13
package/src/resource/resource.registry.js.map +1 -1
package/src/resource/resource.types.d.ts +35 -0
package/src/resource/resource.types.js +11 -0
package/src/resource/resource.types.js.map +1 -0
package/src/resource/resource.utils.d.ts +30 -0
package/src/resource/resource.utils.js +151 -0
package/src/resource/resource.utils.js.map +1 -0
package/src/scope/flows/http.request.flow.d.ts +48 -330
package/src/scope/flows/http.request.flow.js +306 -78
package/src/scope/flows/http.request.flow.js.map +1 -1
package/src/scope/scope.instance.d.ts +12 -0
package/src/scope/scope.instance.js +145 -15
package/src/scope/scope.instance.js.map +1 -1
package/src/tool/flows/call-tool.flow.d.ts +64 -1110
package/src/tool/flows/call-tool.flow.js +303 -15
package/src/tool/flows/call-tool.flow.js.map +1 -1
package/src/tool/flows/tools-list.flow.d.ts +32 -473
package/src/tool/flows/tools-list.flow.js +111 -10
package/src/tool/flows/tools-list.flow.js.map +1 -1
package/src/tool/tool.events.d.ts +8 -1
package/src/tool/tool.events.js.map +1 -1
package/src/tool/tool.instance.d.ts +3 -1
package/src/tool/tool.instance.js +17 -3
package/src/tool/tool.instance.js.map +1 -1
package/src/tool/tool.registry.d.ts +7 -1
package/src/tool/tool.registry.js +26 -10
package/src/tool/tool.registry.js.map +1 -1
package/src/tool/tool.types.d.ts +4 -4
package/src/tool/tool.types.js.map +1 -1
package/src/tool/tool.utils.d.ts +3 -12
package/src/tool/tool.utils.js +39 -193
package/src/tool/tool.utils.js.map +1 -1
package/src/tool/ui/index.d.ts +22 -0
package/src/tool/ui/index.js +63 -0
package/src/tool/ui/index.js.map +1 -0
package/src/tool/ui/platform-adapters.d.ts +10 -0
package/src/tool/ui/platform-adapters.js +18 -0
package/src/tool/ui/platform-adapters.js.map +1 -0
package/src/tool/ui/template-helpers.d.ts +46 -0
package/src/tool/ui/template-helpers.js +112 -0
package/src/tool/ui/template-helpers.js.map +1 -0
package/src/tool/ui/ui-resource-template.d.ts +34 -0
package/src/tool/ui/ui-resource-template.js +64 -0
package/src/tool/ui/ui-resource-template.js.map +1 -0
package/src/tool/ui/ui-resource.handler.d.ts +74 -0
package/src/tool/ui/ui-resource.handler.js +129 -0
package/src/tool/ui/ui-resource.handler.js.map +1 -0
package/src/transport/adapters/transport.local.adapter.d.ts +2 -2
package/src/transport/adapters/transport.local.adapter.js +28 -7
package/src/transport/adapters/transport.local.adapter.js.map +1 -1
package/src/transport/adapters/transport.sse.adapter.d.ts +2 -2
package/src/transport/adapters/transport.sse.adapter.js +4 -3
package/src/transport/adapters/transport.sse.adapter.js.map +1 -1
package/src/transport/adapters/transport.streamable-http.adapter.d.ts +10 -3
package/src/transport/adapters/transport.streamable-http.adapter.js +54 -8
package/src/transport/adapters/transport.streamable-http.adapter.js.map +1 -1
package/src/transport/flows/handle.sse.flow.d.ts +29 -63
package/src/transport/flows/handle.sse.flow.js +78 -10
package/src/transport/flows/handle.sse.flow.js.map +1 -1
package/src/transport/flows/handle.stateless-http.flow.d.ts +29 -0
package/src/transport/flows/handle.stateless-http.flow.js +102 -0
package/src/transport/flows/handle.stateless-http.flow.js.map +1 -0
package/src/transport/flows/handle.streamable-http.flow.d.ts +32 -64
package/src/transport/flows/handle.streamable-http.flow.js +158 -26
package/src/transport/flows/handle.streamable-http.flow.js.map +1 -1
package/src/transport/legacy/legacy.sse.tranporter.d.ts +9 -0
package/src/transport/legacy/legacy.sse.tranporter.js +17 -2
package/src/transport/legacy/legacy.sse.tranporter.js.map +1 -1
package/src/transport/mcp-handlers/call-tool-request.handler.js +27 -1
package/src/transport/mcp-handlers/call-tool-request.handler.js.map +1 -1
package/src/transport/mcp-handlers/complete-request.handler.d.ts +69 -0
package/src/transport/mcp-handlers/complete-request.handler.js +11 -0
package/src/transport/mcp-handlers/complete-request.handler.js.map +1 -0
package/src/transport/mcp-handlers/get-prompt-request.handler.d.ts +87 -0
package/src/transport/mcp-handlers/get-prompt-request.handler.js +11 -0
package/src/transport/mcp-handlers/get-prompt-request.handler.js.map +1 -0
package/src/transport/mcp-handlers/index.d.ts +517 -208
package/src/transport/mcp-handlers/index.js +39 -2
package/src/transport/mcp-handlers/index.js.map +1 -1
package/src/transport/mcp-handlers/initialize-request.handler.d.ts +1 -1
package/src/transport/mcp-handlers/initialize-request.handler.js +73 -7
package/src/transport/mcp-handlers/initialize-request.handler.js.map +1 -1
package/src/transport/mcp-handlers/list-prompts-request.handler.d.ts +54 -0
package/src/transport/mcp-handlers/list-prompts-request.handler.js +11 -0
package/src/transport/mcp-handlers/list-prompts-request.handler.js.map +1 -0
package/src/transport/mcp-handlers/list-resource-templates-request.handler.d.ts +51 -0
package/src/transport/mcp-handlers/list-resource-templates-request.handler.js +12 -0
package/src/transport/mcp-handlers/list-resource-templates-request.handler.js.map +1 -0
package/src/transport/mcp-handlers/list-resources-request.handler.d.ts +51 -0
package/src/transport/mcp-handlers/list-resources-request.handler.js +12 -0
package/src/transport/mcp-handlers/list-resources-request.handler.js.map +1 -0
package/src/transport/mcp-handlers/list-tools-request.handler.d.ts +19 -146
package/src/transport/mcp-handlers/logging-set-level-request.handler.d.ts +46 -0
package/src/transport/mcp-handlers/logging-set-level-request.handler.js +34 -0
package/src/transport/mcp-handlers/logging-set-level-request.handler.js.map +1 -0
package/src/transport/mcp-handlers/mcp-handlers.types.d.ts +3 -7
package/src/transport/mcp-handlers/mcp-handlers.types.js.map +1 -1
package/src/transport/mcp-handlers/read-resource-request.handler.d.ts +46 -0
package/src/transport/mcp-handlers/read-resource-request.handler.js +12 -0
package/src/transport/mcp-handlers/read-resource-request.handler.js.map +1 -0
package/src/transport/mcp-handlers/roots-list-changed-notification.handler.d.ts +11 -0
package/src/transport/mcp-handlers/roots-list-changed-notification.handler.js +26 -0
package/src/transport/mcp-handlers/roots-list-changed-notification.handler.js.map +1 -0
package/src/transport/mcp-handlers/subscribe-request.handler.d.ts +37 -0
package/src/transport/mcp-handlers/subscribe-request.handler.js +34 -0
package/src/transport/mcp-handlers/subscribe-request.handler.js.map +1 -0
package/src/transport/mcp-handlers/unsubscribe-request.handler.d.ts +37 -0
package/src/transport/mcp-handlers/unsubscribe-request.handler.js +34 -0
package/src/transport/mcp-handlers/unsubscribe-request.handler.js.map +1 -0
package/src/transport/transport.local.js +7 -2
package/src/transport/transport.local.js.map +1 -1
package/src/transport/transport.registry.d.ts +30 -0
package/src/transport/transport.registry.js +84 -1
package/src/transport/transport.registry.js.map +1 -1
package/src/transport/transport.types.d.ts +3 -3
package/src/transport/transport.types.js.map +1 -1
package/src/utils/content.utils.d.ts +48 -0
package/src/utils/content.utils.js +194 -0
package/src/utils/content.utils.js.map +1 -0
package/src/utils/index.d.ts +8 -0
package/src/utils/index.js +55 -0
package/src/utils/index.js.map +1 -0
package/src/utils/lineage.utils.d.ts +40 -0
package/src/utils/lineage.utils.js +82 -0
package/src/utils/lineage.utils.js.map +1 -0
package/src/utils/naming.utils.d.ts +46 -0
package/src/utils/naming.utils.js +136 -0
package/src/utils/naming.utils.js.map +1 -0
package/src/utils/types.utils.d.ts +2 -2
package/src/utils/types.utils.js.map +1 -1
package/src/utils/uri-template.utils.d.ts +57 -0
package/src/utils/uri-template.utils.js +113 -0
package/src/utils/uri-template.utils.js.map +1 -0
package/src/utils/uri-validation.utils.d.ts +40 -0
package/src/utils/uri-validation.utils.js +76 -0
package/src/utils/uri-validation.utils.js.map +1 -0
package/src/__test-utils__/fixtures/hook.fixtures.d.ts +0 -46
package/src/__test-utils__/fixtures/hook.fixtures.js +0 -114
package/src/__test-utils__/fixtures/hook.fixtures.js.map +0 -1
package/src/__test-utils__/fixtures/index.d.ts +0 -7
package/src/__test-utils__/fixtures/index.js +0 -11
package/src/__test-utils__/fixtures/index.js.map +0 -1
package/src/__test-utils__/fixtures/plugin.fixtures.d.ts +0 -46
package/src/__test-utils__/fixtures/plugin.fixtures.js +0 -127
package/src/__test-utils__/fixtures/plugin.fixtures.js.map +0 -1
package/src/__test-utils__/fixtures/provider.fixtures.d.ts +0 -69
package/src/__test-utils__/fixtures/provider.fixtures.js +0 -131
package/src/__test-utils__/fixtures/provider.fixtures.js.map +0 -1
package/src/__test-utils__/fixtures/scope.fixtures.d.ts +0 -14
package/src/__test-utils__/fixtures/scope.fixtures.js +0 -59
package/src/__test-utils__/fixtures/scope.fixtures.js.map +0 -1
package/src/__test-utils__/fixtures/tool.fixtures.d.ts +0 -36
package/src/__test-utils__/fixtures/tool.fixtures.js +0 -91
package/src/__test-utils__/fixtures/tool.fixtures.js.map +0 -1
package/src/__test-utils__/helpers/assertion.helpers.d.ts +0 -45
package/src/__test-utils__/helpers/assertion.helpers.js +0 -153
package/src/__test-utils__/helpers/assertion.helpers.js.map +0 -1
package/src/__test-utils__/helpers/async.helpers.d.ts +0 -48
package/src/__test-utils__/helpers/async.helpers.js +0 -112
package/src/__test-utils__/helpers/async.helpers.js.map +0 -1
package/src/__test-utils__/helpers/index.d.ts +0 -6
package/src/__test-utils__/helpers/index.js +0 -10
package/src/__test-utils__/helpers/index.js.map +0 -1
package/src/__test-utils__/helpers/setup.helpers.d.ts +0 -54
package/src/__test-utils__/helpers/setup.helpers.js +0 -106
package/src/__test-utils__/helpers/setup.helpers.js.map +0 -1
package/src/__test-utils__/index.d.ts +0 -9
package/src/__test-utils__/index.js +0 -14
package/src/__test-utils__/index.js.map +0 -1
package/src/__test-utils__/mocks/flow-instance.mock.d.ts +0 -50
package/src/__test-utils__/mocks/flow-instance.mock.js +0 -72
package/src/__test-utils__/mocks/flow-instance.mock.js.map +0 -1
package/src/__test-utils__/mocks/hook-registry.mock.d.ts +0 -25
package/src/__test-utils__/mocks/hook-registry.mock.js +0 -65
package/src/__test-utils__/mocks/hook-registry.mock.js.map +0 -1
package/src/__test-utils__/mocks/index.d.ts +0 -8
package/src/__test-utils__/mocks/index.js +0 -12
package/src/__test-utils__/mocks/index.js.map +0 -1
package/src/__test-utils__/mocks/plugin-registry.mock.d.ts +0 -43
package/src/__test-utils__/mocks/plugin-registry.mock.js +0 -70
package/src/__test-utils__/mocks/plugin-registry.mock.js.map +0 -1
package/src/__test-utils__/mocks/provider-registry.mock.d.ts +0 -39
package/src/__test-utils__/mocks/provider-registry.mock.js +0 -72
package/src/__test-utils__/mocks/provider-registry.mock.js.map +0 -1
package/src/__test-utils__/mocks/tool-registry.mock.d.ts +0 -43
package/src/__test-utils__/mocks/tool-registry.mock.js +0 -79
package/src/__test-utils__/mocks/tool-registry.mock.js.map +0 -1
package/src/auth/path.utils.d.ts +0 -20
package/src/auth/path.utils.js +0 -71
package/src/auth/path.utils.js.map +0 -1
package/src/common/decorators-old/async-with.decorator.d.ts +0 -10
package/src/common/decorators-old/async-with.decorator.js +0 -24
package/src/common/decorators-old/async-with.decorator.js.map +0 -1
package/src/common/decorators-old/auth-hook.decorator.d.ts +0 -14
package/src/common/decorators-old/auth-hook.decorator.js +0 -27
package/src/common/decorators-old/auth-hook.decorator.js.map +0 -1
package/src/common/decorators-old/session-hook.decorator.d.ts +0 -14
package/src/common/decorators-old/session-hook.decorator.js +0 -27
package/src/common/decorators-old/session-hook.decorator.js.map +0 -1

package/src/mcp-apps/csp.d.ts ADDED Viewed

@@ -0,0 +1,111 @@
+/**
+ * @file csp.ts
+ * @description Content Security Policy generation for MCP Apps.
+ *
+ * Generates CSP headers per the MCP Apps specification for iframe sandboxing.
+ *
+ * @module @frontmcp/sdk/mcp-apps/csp
+ */
+import type { McpAppsCSP } from './types';
+/**
+ * Individual CSP directive.
+ */
+export interface CSPDirective {
+    name: string;
+    values: string[];
+}
+/**
+ * Complete CSP configuration.
+ */
+export interface CSPConfig {
+    directives: CSPDirective[];
+}
+/**
+ * Default CSP directives per MCP Apps spec.
+ * These are the baseline security restrictions.
+ */
+export declare const DEFAULT_CSP_DIRECTIVES: CSPDirective[];
+/**
+ * Sandbox attribute values for iframe.
+ * Minimum required permissions per MCP Apps spec.
+ */
+export declare const SANDBOX_PERMISSIONS: readonly ["allow-scripts", "allow-same-origin"];
+/**
+ * Extended sandbox permissions that may be granted.
+ */
+export declare const EXTENDED_SANDBOX_PERMISSIONS: readonly ["allow-scripts", "allow-same-origin", "allow-forms", "allow-popups", "allow-popups-to-escape-sandbox"];
+/**
+ * Build CSP header string from MCP Apps CSP configuration.
+ *
+ * @param csp - MCP Apps CSP configuration
+ * @returns CSP header string
+ *
+ * @example
+ * ```typescript
+ * const csp = buildCSPHeader({
+ *   connectDomains: ['https://api.example.com'],
+ *   resourceDomains: ['https://cdn.example.com'],
+ * });
+ * // Returns: "default-src 'none'; script-src 'self' 'unsafe-inline' https://cdn.example.com; ..."
+ * ```
+ */
+export declare function buildCSPHeader(csp?: McpAppsCSP): string;
+/**
+ * Build CSP directives array from MCP Apps CSP configuration.
+ *
+ * @param csp - MCP Apps CSP configuration
+ * @returns Array of CSP directives
+ */
+export declare function buildCSPDirectives(csp?: McpAppsCSP): CSPDirective[];
+/**
+ * Build sandbox attribute value for iframe.
+ *
+ * @param options - Sandbox options
+ * @returns Sandbox attribute value string
+ *
+ * @example
+ * ```typescript
+ * const sandbox = buildSandboxAttribute({ allowForms: true });
+ * // Returns: "allow-scripts allow-same-origin allow-forms"
+ * ```
+ */
+export declare function buildSandboxAttribute(options?: {
+    allowForms?: boolean;
+    allowPopups?: boolean;
+    allowPopupsToEscapeSandbox?: boolean;
+}): string;
+/**
+ * Build CSP meta tag for embedding in HTML.
+ *
+ * @param csp - MCP Apps CSP configuration
+ * @returns HTML meta tag string
+ *
+ * @example
+ * ```typescript
+ * const meta = buildCSPMetaTag({ connectDomains: ['https://api.example.com'] });
+ * // Returns: <meta http-equiv="Content-Security-Policy" content="...">
+ * ```
+ */
+export declare function buildCSPMetaTag(csp?: McpAppsCSP): string;
+/**
+ * Validate domain against CSP configuration.
+ *
+ * @param domain - Domain to validate
+ * @param csp - CSP configuration
+ * @param type - Type of access ('connect' or 'resource')
+ * @returns Whether the domain is allowed
+ */
+export declare function isDomainAllowed(domain: string, csp: McpAppsCSP | undefined, type: 'connect' | 'resource'): boolean;
+/**
+ * Merge two CSP configurations.
+ *
+ * @param base - Base CSP configuration
+ * @param override - Override CSP configuration
+ * @returns Merged CSP configuration
+ */
+export declare function mergeCSP(base: McpAppsCSP | undefined, override: McpAppsCSP | undefined): McpAppsCSP;
+/**
+ * Parse CSP header string back to configuration.
+ * Useful for testing and debugging.
+ */
+export declare function parseCSPHeader(header: string): McpAppsCSP;

package/src/mcp-apps/csp.js ADDED Viewed

@@ -0,0 +1,267 @@
+"use strict";
+/**
+ * @file csp.ts
+ * @description Content Security Policy generation for MCP Apps.
+ *
+ * Generates CSP headers per the MCP Apps specification for iframe sandboxing.
+ *
+ * @module @frontmcp/sdk/mcp-apps/csp
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.EXTENDED_SANDBOX_PERMISSIONS = exports.SANDBOX_PERMISSIONS = exports.DEFAULT_CSP_DIRECTIVES = void 0;
+exports.buildCSPHeader = buildCSPHeader;
+exports.buildCSPDirectives = buildCSPDirectives;
+exports.buildSandboxAttribute = buildSandboxAttribute;
+exports.buildCSPMetaTag = buildCSPMetaTag;
+exports.isDomainAllowed = isDomainAllowed;
+exports.mergeCSP = mergeCSP;
+exports.parseCSPHeader = parseCSPHeader;
+// ============================================
+// Default CSP Values
+// ============================================
+/**
+ * Default CSP directives per MCP Apps spec.
+ * These are the baseline security restrictions.
+ */
+exports.DEFAULT_CSP_DIRECTIVES = [
+    { name: 'default-src', values: ["'none'"] },
+    { name: 'script-src', values: ["'self'", "'unsafe-inline'"] },
+    { name: 'style-src', values: ["'self'", "'unsafe-inline'"] },
+    { name: 'img-src', values: ["'self'", 'data:'] },
+    { name: 'font-src', values: ["'self'"] },
+    { name: 'connect-src', values: ["'none'"] },
+    { name: 'frame-src', values: ["'none'"] },
+    { name: 'object-src', values: ["'none'"] },
+    { name: 'base-uri', values: ["'self'"] },
+    { name: 'form-action', values: ["'self'"] },
+];
+/**
+ * Sandbox attribute values for iframe.
+ * Minimum required permissions per MCP Apps spec.
+ */
+exports.SANDBOX_PERMISSIONS = ['allow-scripts', 'allow-same-origin'];
+/**
+ * Extended sandbox permissions that may be granted.
+ */
+exports.EXTENDED_SANDBOX_PERMISSIONS = [
+    ...exports.SANDBOX_PERMISSIONS,
+    'allow-forms',
+    'allow-popups',
+    'allow-popups-to-escape-sandbox',
+];
+// ============================================
+// CSP Generation Functions
+// ============================================
+/**
+ * Build CSP header string from MCP Apps CSP configuration.
+ *
+ * @param csp - MCP Apps CSP configuration
+ * @returns CSP header string
+ *
+ * @example
+ * ```typescript
+ * const csp = buildCSPHeader({
+ *   connectDomains: ['https://api.example.com'],
+ *   resourceDomains: ['https://cdn.example.com'],
+ * });
+ * // Returns: "default-src 'none'; script-src 'self' 'unsafe-inline' https://cdn.example.com; ..."
+ * ```
+ */
+function buildCSPHeader(csp) {
+    const directives = buildCSPDirectives(csp);
+    return directives.map((d) => `${d.name} ${d.values.join(' ')}`).join('; ');
+}
+/**
+ * Build CSP directives array from MCP Apps CSP configuration.
+ *
+ * @param csp - MCP Apps CSP configuration
+ * @returns Array of CSP directives
+ */
+function buildCSPDirectives(csp) {
+    // Start with defaults
+    const directives = new Map();
+    for (const directive of exports.DEFAULT_CSP_DIRECTIVES) {
+        directives.set(directive.name, [...directive.values]);
+    }
+    if (csp) {
+        // Add connect domains
+        if (csp.connectDomains && csp.connectDomains.length > 0) {
+            const connectSrc = directives.get('connect-src') || [];
+            // Replace 'none' with actual domains
+            const filteredConnect = connectSrc.filter((v) => v !== "'none'");
+            directives.set('connect-src', [...filteredConnect, "'self'", ...csp.connectDomains]);
+        }
+        // Add resource domains to appropriate directives
+        if (csp.resourceDomains && csp.resourceDomains.length > 0) {
+            const resourceDomains = csp.resourceDomains;
+            // script-src
+            const scriptSrc = directives.get('script-src') || [];
+            directives.set('script-src', [...scriptSrc, ...resourceDomains]);
+            // style-src
+            const styleSrc = directives.get('style-src') || [];
+            directives.set('style-src', [...styleSrc, ...resourceDomains]);
+            // img-src
+            const imgSrc = directives.get('img-src') || [];
+            directives.set('img-src', [...imgSrc, ...resourceDomains]);
+            // font-src
+            const fontSrc = directives.get('font-src') || [];
+            directives.set('font-src', [...fontSrc, ...resourceDomains]);
+        }
+    }
+    // Convert map to array
+    return Array.from(directives.entries()).map(([name, values]) => ({
+        name,
+        values: [...new Set(values)], // Deduplicate
+    }));
+}
+/**
+ * Build sandbox attribute value for iframe.
+ *
+ * @param options - Sandbox options
+ * @returns Sandbox attribute value string
+ *
+ * @example
+ * ```typescript
+ * const sandbox = buildSandboxAttribute({ allowForms: true });
+ * // Returns: "allow-scripts allow-same-origin allow-forms"
+ * ```
+ */
+function buildSandboxAttribute(options) {
+    const permissions = [...exports.SANDBOX_PERMISSIONS];
+    if (options?.allowForms) {
+        permissions.push('allow-forms');
+    }
+    if (options?.allowPopups) {
+        permissions.push('allow-popups');
+    }
+    if (options?.allowPopupsToEscapeSandbox) {
+        permissions.push('allow-popups-to-escape-sandbox');
+    }
+    return permissions.join(' ');
+}
+/**
+ * Build CSP meta tag for embedding in HTML.
+ *
+ * @param csp - MCP Apps CSP configuration
+ * @returns HTML meta tag string
+ *
+ * @example
+ * ```typescript
+ * const meta = buildCSPMetaTag({ connectDomains: ['https://api.example.com'] });
+ * // Returns: <meta http-equiv="Content-Security-Policy" content="...">
+ * ```
+ */
+function buildCSPMetaTag(csp) {
+    const header = buildCSPHeader(csp);
+    return `<meta http-equiv="Content-Security-Policy" content="${escapeHtmlAttribute(header)}">`;
+}
+/**
+ * Validate domain against CSP configuration.
+ *
+ * @param domain - Domain to validate
+ * @param csp - CSP configuration
+ * @param type - Type of access ('connect' or 'resource')
+ * @returns Whether the domain is allowed
+ */
+function isDomainAllowed(domain, csp, type) {
+    if (!csp)
+        return false;
+    const domains = type === 'connect' ? csp.connectDomains : csp.resourceDomains;
+    if (!domains || domains.length === 0)
+        return false;
+    // Check if domain matches any allowed domain
+    return domains.some((allowed) => {
+        try {
+            const allowedUrl = new URL(allowed);
+            const testUrl = new URL(domain);
+            // Match protocol and hostname
+            return allowedUrl.protocol === testUrl.protocol && allowedUrl.hostname === testUrl.hostname;
+        }
+        catch {
+            // If URL parsing fails, do exact string match
+            return allowed === domain;
+        }
+    });
+}
+/**
+ * Merge two CSP configurations.
+ *
+ * @param base - Base CSP configuration
+ * @param override - Override CSP configuration
+ * @returns Merged CSP configuration
+ */
+function mergeCSP(base, override) {
+    const merged = {};
+    // Merge connect domains
+    const connectDomains = new Set();
+    if (base?.connectDomains) {
+        base.connectDomains.forEach((d) => connectDomains.add(d));
+    }
+    if (override?.connectDomains) {
+        override.connectDomains.forEach((d) => connectDomains.add(d));
+    }
+    if (connectDomains.size > 0) {
+        merged.connectDomains = Array.from(connectDomains);
+    }
+    // Merge resource domains
+    const resourceDomains = new Set();
+    if (base?.resourceDomains) {
+        base.resourceDomains.forEach((d) => resourceDomains.add(d));
+    }
+    if (override?.resourceDomains) {
+        override.resourceDomains.forEach((d) => resourceDomains.add(d));
+    }
+    if (resourceDomains.size > 0) {
+        merged.resourceDomains = Array.from(resourceDomains);
+    }
+    return merged;
+}
+// ============================================
+// Helper Functions
+// ============================================
+/**
+ * Escape string for use in HTML attribute.
+ */
+function escapeHtmlAttribute(str) {
+    return str
+        .replace(/&/g, '&amp;')
+        .replace(/"/g, '&quot;')
+        .replace(/'/g, '&#39;')
+        .replace(/</g, '&lt;')
+        .replace(/>/g, '&gt;');
+}
+/**
+ * Parse CSP header string back to configuration.
+ * Useful for testing and debugging.
+ */
+function parseCSPHeader(header) {
+    const csp = {};
+    const connectDomains = [];
+    const resourceDomains = [];
+    const directives = header.split(';').map((d) => d.trim());
+    for (const directive of directives) {
+        const [name, ...values] = directive.split(/\s+/);
+        if (name === 'connect-src') {
+            for (const value of values) {
+                if (value.startsWith('https://') || value.startsWith('http://')) {
+                    connectDomains.push(value);
+                }
+            }
+        }
+        if (['script-src', 'style-src', 'img-src', 'font-src'].includes(name)) {
+            for (const value of values) {
+                if (value.startsWith('https://') || value.startsWith('http://')) {
+                    resourceDomains.push(value);
+                }
+            }
+        }
+    }
+    if (connectDomains.length > 0) {
+        csp.connectDomains = [...new Set(connectDomains)];
+    }
+    if (resourceDomains.length > 0) {
+        csp.resourceDomains = [...new Set(resourceDomains)];
+    }
+    return csp;
+}
+//# sourceMappingURL=csp.js.map

package/src/mcp-apps/csp.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"csp.js","sourceRoot":"","sources":["../../../src/mcp-apps/csp.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;;AA+EH,wCAGC;AAQD,gDA4CC;AAcD,sDAoBC;AAcD,0CAGC;AAUD,0CAoBC;AASD,4BA4BC;AAsBD,wCAoCC;AA/RD,+CAA+C;AAC/C,qBAAqB;AACrB,+CAA+C;AAE/C;;;GAGG;AACU,QAAA,sBAAsB,GAAmB;IACpD,EAAE,IAAI,EAAE,aAAa,EAAE,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE;IAC3C,EAAE,IAAI,EAAE,YAAY,EAAE,MAAM,EAAE,CAAC,QAAQ,EAAE,iBAAiB,CAAC,EAAE;IAC7D,EAAE,IAAI,EAAE,WAAW,EAAE,MAAM,EAAE,CAAC,QAAQ,EAAE,iBAAiB,CAAC,EAAE;IAC5D,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,CAAC,QAAQ,EAAE,OAAO,CAAC,EAAE;IAChD,EAAE,IAAI,EAAE,UAAU,EAAE,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE;IACxC,EAAE,IAAI,EAAE,aAAa,EAAE,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE;IAC3C,EAAE,IAAI,EAAE,WAAW,EAAE,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE;IACzC,EAAE,IAAI,EAAE,YAAY,EAAE,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE;IAC1C,EAAE,IAAI,EAAE,UAAU,EAAE,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE;IACxC,EAAE,IAAI,EAAE,aAAa,EAAE,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE;CAC5C,CAAC;AAEF;;;GAGG;AACU,QAAA,mBAAmB,GAAG,CAAC,eAAe,EAAE,mBAAmB,CAAU,CAAC;AAEnF;;GAEG;AACU,QAAA,4BAA4B,GAAG;IAC1C,GAAG,2BAAmB;IACtB,aAAa;IACb,cAAc;IACd,gCAAgC;CACxB,CAAC;AAEX,+CAA+C;AAC/C,2BAA2B;AAC3B,+CAA+C;AAE/C;;;;;;;;;;;;;;GAcG;AACH,SAAgB,cAAc,CAAC,GAAgB;IAC7C,MAAM,UAAU,GAAG,kBAAkB,CAAC,GAAG,CAAC,CAAC;IAC3C,OAAO,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC7E,CAAC;AAED;;;;;GAKG;AACH,SAAgB,kBAAkB,CAAC,GAAgB;IACjD,sBAAsB;IACtB,MAAM,UAAU,GAAG,IAAI,GAAG,EAAoB,CAAC;IAE/C,KAAK,MAAM,SAAS,IAAI,8BAAsB,EAAE,CAAC;QAC/C,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;IACxD,CAAC;IAED,IAAI,GAAG,EAAE,CAAC;QACR,sBAAsB;QACtB,IAAI,GAAG,CAAC,cAAc,IAAI,GAAG,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACxD,MAAM,UAAU,GAAG,UAAU,CAAC,GAAG,CAAC,aAAa,CAAC,IAAI,EAAE,CAAC;YACvD,qCAAqC;YACrC,MAAM,eAAe,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,QAAQ,CAAC,CAAC;YACjE,UAAU,CAAC,GAAG,CAAC,aAAa,EAAE,CAAC,GAAG,eAAe,EAAE,QAAQ,EAAE,GAAG,GAAG,CAAC,cAAc,CAAC,CAAC,CAAC;QACvF,CAAC;QAED,iDAAiD;QACjD,IAAI,GAAG,CAAC,eAAe,IAAI,GAAG,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC1D,MAAM,eAAe,GAAG,GAAG,CAAC,eAAe,CAAC;YAE5C,aAAa;YACb,MAAM,SAAS,GAAG,UAAU,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC;YACrD,UAAU,CAAC,GAAG,CAAC,YAAY,EAAE,CAAC,GAAG,SAAS,EAAE,GAAG,eAAe,CAAC,CAAC,CAAC;YAEjE,YAAY;YACZ,MAAM,QAAQ,GAAG,UAAU,CAAC,GAAG,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC;YACnD,UAAU,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,GAAG,QAAQ,EAAE,GAAG,eAAe,CAAC,CAAC,CAAC;YAE/D,UAAU;YACV,MAAM,MAAM,GAAG,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC;YAC/C,UAAU,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC,GAAG,MAAM,EAAE,GAAG,eAAe,CAAC,CAAC,CAAC;YAE3D,WAAW;YACX,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC;YACjD,UAAU,CAAC,GAAG,CAAC,UAAU,EAAE,CAAC,GAAG,OAAO,EAAE,GAAG,eAAe,CAAC,CAAC,CAAC;QAC/D,CAAC;IACH,CAAC;IAED,uBAAuB;IACvB,OAAO,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,MAAM,CAAC,EAAE,EAAE,CAAC,CAAC;QAC/D,IAAI;QACJ,MAAM,EAAE,CAAC,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC,EAAE,cAAc;KAC7C,CAAC,CAAC,CAAC;AACN,CAAC;AAED;;;;;;;;;;;GAWG;AACH,SAAgB,qBAAqB,CAAC,OAIrC;IACC,MAAM,WAAW,GAAa,CAAC,GAAG,2BAAmB,CAAC,CAAC;IAEvD,IAAI,OAAO,EAAE,UAAU,EAAE,CAAC;QACxB,WAAW,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;IAClC,CAAC;IAED,IAAI,OAAO,EAAE,WAAW,EAAE,CAAC;QACzB,WAAW,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IACnC,CAAC;IAED,IAAI,OAAO,EAAE,0BAA0B,EAAE,CAAC;QACxC,WAAW,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAC;IACrD,CAAC;IAED,OAAO,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC/B,CAAC;AAED;;;;;;;;;;;GAWG;AACH,SAAgB,eAAe,CAAC,GAAgB;IAC9C,MAAM,MAAM,GAAG,cAAc,CAAC,GAAG,CAAC,CAAC;IACnC,OAAO,uDAAuD,mBAAmB,CAAC,MAAM,CAAC,IAAI,CAAC;AAChG,CAAC;AAED;;;;;;;GAOG;AACH,SAAgB,eAAe,CAAC,MAAc,EAAE,GAA2B,EAAE,IAA4B;IACvG,IAAI,CAAC,GAAG;QAAE,OAAO,KAAK,CAAC;IAEvB,MAAM,OAAO,GAAG,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,CAAC,GAAG,CAAC,eAAe,CAAC;IAE9E,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAEnD,6CAA6C;IAC7C,OAAO,OAAO,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE;QAC9B,IAAI,CAAC;YACH,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC;YACpC,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC;YAEhC,8BAA8B;YAC9B,OAAO,UAAU,CAAC,QAAQ,KAAK,OAAO,CAAC,QAAQ,IAAI,UAAU,CAAC,QAAQ,KAAK,OAAO,CAAC,QAAQ,CAAC;QAC9F,CAAC;QAAC,MAAM,CAAC;YACP,8CAA8C;YAC9C,OAAO,OAAO,KAAK,MAAM,CAAC;QAC5B,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,QAAQ,CAAC,IAA4B,EAAE,QAAgC;IACrF,MAAM,MAAM,GAAe,EAAE,CAAC;IAE9B,wBAAwB;IACxB,MAAM,cAAc,GAAG,IAAI,GAAG,EAAU,CAAC;IACzC,IAAI,IAAI,EAAE,cAAc,EAAE,CAAC;QACzB,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IAC5D,CAAC;IACD,IAAI,QAAQ,EAAE,cAAc,EAAE,CAAC;QAC7B,QAAQ,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IAChE,CAAC;IACD,IAAI,cAAc,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;QAC5B,MAAM,CAAC,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IACrD,CAAC;IAED,yBAAyB;IACzB,MAAM,eAAe,GAAG,IAAI,GAAG,EAAU,CAAC;IAC1C,IAAI,IAAI,EAAE,eAAe,EAAE,CAAC;QAC1B,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IAC9D,CAAC;IACD,IAAI,QAAQ,EAAE,eAAe,EAAE,CAAC;QAC9B,QAAQ,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IAClE,CAAC;IACD,IAAI,eAAe,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;QAC7B,MAAM,CAAC,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;IACvD,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,+CAA+C;AAC/C,mBAAmB;AACnB,+CAA+C;AAE/C;;GAEG;AACH,SAAS,mBAAmB,CAAC,GAAW;IACtC,OAAO,GAAG;SACP,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC;SACtB,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC;SACvB,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC;SACtB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;SACrB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;AAC3B,CAAC;AAED;;;GAGG;AACH,SAAgB,cAAc,CAAC,MAAc;IAC3C,MAAM,GAAG,GAAe,EAAE,CAAC;IAC3B,MAAM,cAAc,GAAa,EAAE,CAAC;IACpC,MAAM,eAAe,GAAa,EAAE,CAAC;IAErC,MAAM,UAAU,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;IAE1D,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;QACnC,MAAM,CAAC,IAAI,EAAE,GAAG,MAAM,CAAC,GAAG,SAAS,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAEjD,IAAI,IAAI,KAAK,aAAa,EAAE,CAAC;YAC3B,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;gBAC3B,IAAI,KAAK,CAAC,UAAU,CAAC,UAAU,CAAC,IAAI,KAAK,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;oBAChE,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;gBAC7B,CAAC;YACH,CAAC;QACH,CAAC;QAED,IAAI,CAAC,YAAY,EAAE,WAAW,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YACtE,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;gBAC3B,IAAI,KAAK,CAAC,UAAU,CAAC,UAAU,CAAC,IAAI,KAAK,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;oBAChE,eAAe,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;gBAC9B,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9B,GAAG,CAAC,cAAc,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,cAAc,CAAC,CAAC,CAAC;IACpD,CAAC;IAED,IAAI,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/B,GAAG,CAAC,eAAe,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,eAAe,CAAC,CAAC,CAAC;IACtD,CAAC;IAED,OAAO,GAAG,CAAC;AACb,CAAC","sourcesContent":["/**\n * @file csp.ts\n * @description Content Security Policy generation for MCP Apps.\n *\n * Generates CSP headers per the MCP Apps specification for iframe sandboxing.\n *\n * @module @frontmcp/sdk/mcp-apps/csp\n */\n\nimport type { McpAppsCSP } from './types';\n\n// ============================================\n// CSP Directive Types\n// ============================================\n\n/**\n * Individual CSP directive.\n */\nexport interface CSPDirective {\n name: string;\n values: string[];\n}\n\n/**\n * Complete CSP configuration.\n */\nexport interface CSPConfig {\n directives: CSPDirective[];\n}\n\n// ============================================\n// Default CSP Values\n// ============================================\n\n/**\n * Default CSP directives per MCP Apps spec.\n * These are the baseline security restrictions.\n */\nexport const DEFAULT_CSP_DIRECTIVES: CSPDirective[] = [\n { name: 'default-src', values: [\"'none'\"] },\n { name: 'script-src', values: [\"'self'\", \"'unsafe-inline'\"] },\n { name: 'style-src', values: [\"'self'\", \"'unsafe-inline'\"] },\n { name: 'img-src', values: [\"'self'\", 'data:'] },\n { name: 'font-src', values: [\"'self'\"] },\n { name: 'connect-src', values: [\"'none'\"] },\n { name: 'frame-src', values: [\"'none'\"] },\n { name: 'object-src', values: [\"'none'\"] },\n { name: 'base-uri', values: [\"'self'\"] },\n { name: 'form-action', values: [\"'self'\"] },\n];\n\n/**\n * Sandbox attribute values for iframe.\n * Minimum required permissions per MCP Apps spec.\n */\nexport const SANDBOX_PERMISSIONS = ['allow-scripts', 'allow-same-origin'] as const;\n\n/**\n * Extended sandbox permissions that may be granted.\n */\nexport const EXTENDED_SANDBOX_PERMISSIONS = [\n ...SANDBOX_PERMISSIONS,\n 'allow-forms',\n 'allow-popups',\n 'allow-popups-to-escape-sandbox',\n] as const;\n\n// ============================================\n// CSP Generation Functions\n// ============================================\n\n/**\n * Build CSP header string from MCP Apps CSP configuration.\n *\n * @param csp - MCP Apps CSP configuration\n * @returns CSP header string\n *\n * @example\n * ```typescript\n * const csp = buildCSPHeader({\n * connectDomains: ['https://api.example.com'],\n * resourceDomains: ['https://cdn.example.com'],\n * });\n * // Returns: \"default-src 'none'; script-src 'self' 'unsafe-inline' https://cdn.example.com; ...\"\n * ```\n */\nexport function buildCSPHeader(csp?: McpAppsCSP): string {\n const directives = buildCSPDirectives(csp);\n return directives.map((d) => `${d.name} ${d.values.join(' ')}`).join('; ');\n}\n\n/**\n * Build CSP directives array from MCP Apps CSP configuration.\n *\n * @param csp - MCP Apps CSP configuration\n * @returns Array of CSP directives\n */\nexport function buildCSPDirectives(csp?: McpAppsCSP): CSPDirective[] {\n // Start with defaults\n const directives = new Map<string, string[]>();\n\n for (const directive of DEFAULT_CSP_DIRECTIVES) {\n directives.set(directive.name, [...directive.values]);\n }\n\n if (csp) {\n // Add connect domains\n if (csp.connectDomains && csp.connectDomains.length > 0) {\n const connectSrc = directives.get('connect-src') || [];\n // Replace 'none' with actual domains\n const filteredConnect = connectSrc.filter((v) => v !== \"'none'\");\n directives.set('connect-src', [...filteredConnect, \"'self'\", ...csp.connectDomains]);\n }\n\n // Add resource domains to appropriate directives\n if (csp.resourceDomains && csp.resourceDomains.length > 0) {\n const resourceDomains = csp.resourceDomains;\n\n // script-src\n const scriptSrc = directives.get('script-src') || [];\n directives.set('script-src', [...scriptSrc, ...resourceDomains]);\n\n // style-src\n const styleSrc = directives.get('style-src') || [];\n directives.set('style-src', [...styleSrc, ...resourceDomains]);\n\n // img-src\n const imgSrc = directives.get('img-src') || [];\n directives.set('img-src', [...imgSrc, ...resourceDomains]);\n\n // font-src\n const fontSrc = directives.get('font-src') || [];\n directives.set('font-src', [...fontSrc, ...resourceDomains]);\n }\n }\n\n // Convert map to array\n return Array.from(directives.entries()).map(([name, values]) => ({\n name,\n values: [...new Set(values)], // Deduplicate\n }));\n}\n\n/**\n * Build sandbox attribute value for iframe.\n *\n * @param options - Sandbox options\n * @returns Sandbox attribute value string\n *\n * @example\n * ```typescript\n * const sandbox = buildSandboxAttribute({ allowForms: true });\n * // Returns: \"allow-scripts allow-same-origin allow-forms\"\n * ```\n */\nexport function buildSandboxAttribute(options?: {\n allowForms?: boolean;\n allowPopups?: boolean;\n allowPopupsToEscapeSandbox?: boolean;\n}): string {\n const permissions: string[] = [...SANDBOX_PERMISSIONS];\n\n if (options?.allowForms) {\n permissions.push('allow-forms');\n }\n\n if (options?.allowPopups) {\n permissions.push('allow-popups');\n }\n\n if (options?.allowPopupsToEscapeSandbox) {\n permissions.push('allow-popups-to-escape-sandbox');\n }\n\n return permissions.join(' ');\n}\n\n/**\n * Build CSP meta tag for embedding in HTML.\n *\n * @param csp - MCP Apps CSP configuration\n * @returns HTML meta tag string\n *\n * @example\n * ```typescript\n * const meta = buildCSPMetaTag({ connectDomains: ['https://api.example.com'] });\n * // Returns: <meta http-equiv=\"Content-Security-Policy\" content=\"...\">\n * ```\n */\nexport function buildCSPMetaTag(csp?: McpAppsCSP): string {\n const header = buildCSPHeader(csp);\n return `<meta http-equiv=\"Content-Security-Policy\" content=\"${escapeHtmlAttribute(header)}\">`;\n}\n\n/**\n * Validate domain against CSP configuration.\n *\n * @param domain - Domain to validate\n * @param csp - CSP configuration\n * @param type - Type of access ('connect' or 'resource')\n * @returns Whether the domain is allowed\n */\nexport function isDomainAllowed(domain: string, csp: McpAppsCSP | undefined, type: 'connect' | 'resource'): boolean {\n if (!csp) return false;\n\n const domains = type === 'connect' ? csp.connectDomains : csp.resourceDomains;\n\n if (!domains || domains.length === 0) return false;\n\n // Check if domain matches any allowed domain\n return domains.some((allowed) => {\n try {\n const allowedUrl = new URL(allowed);\n const testUrl = new URL(domain);\n\n // Match protocol and hostname\n return allowedUrl.protocol === testUrl.protocol && allowedUrl.hostname === testUrl.hostname;\n } catch {\n // If URL parsing fails, do exact string match\n return allowed === domain;\n }\n });\n}\n\n/**\n * Merge two CSP configurations.\n *\n * @param base - Base CSP configuration\n * @param override - Override CSP configuration\n * @returns Merged CSP configuration\n */\nexport function mergeCSP(base: McpAppsCSP | undefined, override: McpAppsCSP | undefined): McpAppsCSP {\n const merged: McpAppsCSP = {};\n\n // Merge connect domains\n const connectDomains = new Set<string>();\n if (base?.connectDomains) {\n base.connectDomains.forEach((d) => connectDomains.add(d));\n }\n if (override?.connectDomains) {\n override.connectDomains.forEach((d) => connectDomains.add(d));\n }\n if (connectDomains.size > 0) {\n merged.connectDomains = Array.from(connectDomains);\n }\n\n // Merge resource domains\n const resourceDomains = new Set<string>();\n if (base?.resourceDomains) {\n base.resourceDomains.forEach((d) => resourceDomains.add(d));\n }\n if (override?.resourceDomains) {\n override.resourceDomains.forEach((d) => resourceDomains.add(d));\n }\n if (resourceDomains.size > 0) {\n merged.resourceDomains = Array.from(resourceDomains);\n }\n\n return merged;\n}\n\n// ============================================\n// Helper Functions\n// ============================================\n\n/**\n * Escape string for use in HTML attribute.\n */\nfunction escapeHtmlAttribute(str: string): string {\n return str\n .replace(/&/g, '&')\n .replace(/\"/g, '"')\n .replace(/'/g, ''')\n .replace(/</g, '<')\n .replace(/>/g, '>');\n}\n\n/**\n * Parse CSP header string back to configuration.\n * Useful for testing and debugging.\n */\nexport function parseCSPHeader(header: string): McpAppsCSP {\n const csp: McpAppsCSP = {};\n const connectDomains: string[] = [];\n const resourceDomains: string[] = [];\n\n const directives = header.split(';').map((d) => d.trim());\n\n for (const directive of directives) {\n const [name, ...values] = directive.split(/\\s+/);\n\n if (name === 'connect-src') {\n for (const value of values) {\n if (value.startsWith('https://') || value.startsWith('http://')) {\n connectDomains.push(value);\n }\n }\n }\n\n if (['script-src', 'style-src', 'img-src', 'font-src'].includes(name)) {\n for (const value of values) {\n if (value.startsWith('https://') || value.startsWith('http://')) {\n resourceDomains.push(value);\n }\n }\n }\n }\n\n if (connectDomains.length > 0) {\n csp.connectDomains = [...new Set(connectDomains)];\n }\n\n if (resourceDomains.length > 0) {\n csp.resourceDomains = [...new Set(resourceDomains)];\n }\n\n return csp;\n}\n"]}

package/src/mcp-apps/index.d.ts ADDED Viewed

@@ -0,0 +1,23 @@
+/**
+ * @file index.ts
+ * @description MCP Apps module barrel exports.
+ *
+ * Provides support for the MCP Apps extension specification:
+ * https://github.com/modelcontextprotocol/ext-apps/blob/main/specification/draft/apps.mdx
+ *
+ * @example
+ * ```typescript
+ * import {
+ *   generateMcpAppsTemplate,
+ *   buildCSPHeader,
+ *   MCP_APPS_MIME_TYPE,
+ *   type McpAppsHostContext,
+ * } from '@frontmcp/sdk/mcp-apps';
+ * ```
+ *
+ * @module @frontmcp/sdk/mcp-apps
+ */
+export { MCP_APPS_MIME_TYPE, type McpAppsMimeType, type McpAppsCSP, type UIResourceMeta, type UIResource, type McpAppsDisplayMode, type McpAppsPlatform, type DeviceCapabilities, type SafeAreaInsets, type ViewportInfo, type ToolInfo, type McpAppsHostContext, type JsonRpcMessage, type JsonRpcRequest, type JsonRpcResponse, type JsonRpcNotification, type JsonRpcError, type McpUiInitializeParams, type McpUiInitializeResult, type McpUiToolInputParams, type McpUiToolInputPartialParams, type McpUiToolResultParams, type McpUiToolCancelledParams, type McpUiSizeChangeParams, type McpUiHostContextChangeParams, type McpUiOpenLinkParams, type McpUiMessageParams, type McpAppsExtensionCapability, type McpClientExtensions, type ToolUIMeta, type McpAppsToolResultMeta, MCP_APPS_METHODS, MCP_APPS_PROTOCOL_VERSION, } from './types';
+export { McpAppsMimeTypeSchema, McpAppsDisplayModeSchema, McpAppsPlatformSchema, ThemeSchema, McpAppsCSPSchema, UIResourceMetaSchema, UIResourceSchema, DeviceCapabilitiesSchema, SafeAreaInsetsSchema, ViewportInfoSchema, ToolInfoSchema, McpAppsHostContextSchema, JsonRpcErrorSchema, JsonRpcRequestSchema, JsonRpcResponseSchema, JsonRpcNotificationSchema, McpUiInitializeParamsSchema, McpUiInitializeResultSchema, McpUiToolInputParamsSchema, McpUiToolInputPartialParamsSchema, McpUiToolResultParamsSchema, McpUiToolCancelledParamsSchema, McpUiSizeChangeParamsSchema, McpUiHostContextChangeParamsSchema, McpUiOpenLinkParamsSchema, McpUiMessageParamsSchema, McpAppsExtensionCapabilitySchema, ToolUIMetaSchema, isValidUIResourceUri, isValidProtocolVersion, parseUIResource, parseHostContext, DEFAULT_PROTOCOL_VERSION, } from './schemas';
+export { type CSPDirective, type CSPConfig, DEFAULT_CSP_DIRECTIVES, SANDBOX_PERMISSIONS, EXTENDED_SANDBOX_PERMISSIONS, buildCSPHeader, buildCSPDirectives, buildSandboxAttribute, buildCSPMetaTag, isDomainAllowed, mergeCSP, parseCSPHeader, } from './csp';
+export { type McpAppsTemplateOptions, type McpAppsBridgeConfig, generateMcpAppsTemplate, wrapInMcpAppsTemplate, createSimpleMcpAppsTemplate, extractBodyContent, } from './template';

package/src/mcp-apps/index.js ADDED Viewed

@@ -0,0 +1,91 @@
+"use strict";
+/**
+ * @file index.ts
+ * @description MCP Apps module barrel exports.
+ *
+ * Provides support for the MCP Apps extension specification:
+ * https://github.com/modelcontextprotocol/ext-apps/blob/main/specification/draft/apps.mdx
+ *
+ * @example
+ * ```typescript
+ * import {
+ *   generateMcpAppsTemplate,
+ *   buildCSPHeader,
+ *   MCP_APPS_MIME_TYPE,
+ *   type McpAppsHostContext,
+ * } from '@frontmcp/sdk/mcp-apps';
+ * ```
+ *
+ * @module @frontmcp/sdk/mcp-apps
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.extractBodyContent = exports.createSimpleMcpAppsTemplate = exports.wrapInMcpAppsTemplate = exports.generateMcpAppsTemplate = exports.parseCSPHeader = exports.mergeCSP = exports.isDomainAllowed = exports.buildCSPMetaTag = exports.buildSandboxAttribute = exports.buildCSPDirectives = exports.buildCSPHeader = exports.EXTENDED_SANDBOX_PERMISSIONS = exports.SANDBOX_PERMISSIONS = exports.DEFAULT_CSP_DIRECTIVES = exports.DEFAULT_PROTOCOL_VERSION = exports.parseHostContext = exports.parseUIResource = exports.isValidProtocolVersion = exports.isValidUIResourceUri = exports.ToolUIMetaSchema = exports.McpAppsExtensionCapabilitySchema = exports.McpUiMessageParamsSchema = exports.McpUiOpenLinkParamsSchema = exports.McpUiHostContextChangeParamsSchema = exports.McpUiSizeChangeParamsSchema = exports.McpUiToolCancelledParamsSchema = exports.McpUiToolResultParamsSchema = exports.McpUiToolInputPartialParamsSchema = exports.McpUiToolInputParamsSchema = exports.McpUiInitializeResultSchema = exports.McpUiInitializeParamsSchema = exports.JsonRpcNotificationSchema = exports.JsonRpcResponseSchema = exports.JsonRpcRequestSchema = exports.JsonRpcErrorSchema = exports.McpAppsHostContextSchema = exports.ToolInfoSchema = exports.ViewportInfoSchema = exports.SafeAreaInsetsSchema = exports.DeviceCapabilitiesSchema = exports.UIResourceSchema = exports.UIResourceMetaSchema = exports.McpAppsCSPSchema = exports.ThemeSchema = exports.McpAppsPlatformSchema = exports.McpAppsDisplayModeSchema = exports.McpAppsMimeTypeSchema = exports.MCP_APPS_PROTOCOL_VERSION = exports.MCP_APPS_METHODS = exports.MCP_APPS_MIME_TYPE = void 0;
+// Types
+var types_1 = require("./types");
+// MIME types
+Object.defineProperty(exports, "MCP_APPS_MIME_TYPE", { enumerable: true, get: function () { return types_1.MCP_APPS_MIME_TYPE; } });
+// Method names
+Object.defineProperty(exports, "MCP_APPS_METHODS", { enumerable: true, get: function () { return types_1.MCP_APPS_METHODS; } });
+// Protocol version
+Object.defineProperty(exports, "MCP_APPS_PROTOCOL_VERSION", { enumerable: true, get: function () { return types_1.MCP_APPS_PROTOCOL_VERSION; } });
+// Schemas
+var schemas_1 = require("./schemas");
+// Basic schemas
+Object.defineProperty(exports, "McpAppsMimeTypeSchema", { enumerable: true, get: function () { return schemas_1.McpAppsMimeTypeSchema; } });
+Object.defineProperty(exports, "McpAppsDisplayModeSchema", { enumerable: true, get: function () { return schemas_1.McpAppsDisplayModeSchema; } });
+Object.defineProperty(exports, "McpAppsPlatformSchema", { enumerable: true, get: function () { return schemas_1.McpAppsPlatformSchema; } });
+Object.defineProperty(exports, "ThemeSchema", { enumerable: true, get: function () { return schemas_1.ThemeSchema; } });
+Object.defineProperty(exports, "McpAppsCSPSchema", { enumerable: true, get: function () { return schemas_1.McpAppsCSPSchema; } });
+// Resource schemas
+Object.defineProperty(exports, "UIResourceMetaSchema", { enumerable: true, get: function () { return schemas_1.UIResourceMetaSchema; } });
+Object.defineProperty(exports, "UIResourceSchema", { enumerable: true, get: function () { return schemas_1.UIResourceSchema; } });
+// Context schemas
+Object.defineProperty(exports, "DeviceCapabilitiesSchema", { enumerable: true, get: function () { return schemas_1.DeviceCapabilitiesSchema; } });
+Object.defineProperty(exports, "SafeAreaInsetsSchema", { enumerable: true, get: function () { return schemas_1.SafeAreaInsetsSchema; } });
+Object.defineProperty(exports, "ViewportInfoSchema", { enumerable: true, get: function () { return schemas_1.ViewportInfoSchema; } });
+Object.defineProperty(exports, "ToolInfoSchema", { enumerable: true, get: function () { return schemas_1.ToolInfoSchema; } });
+Object.defineProperty(exports, "McpAppsHostContextSchema", { enumerable: true, get: function () { return schemas_1.McpAppsHostContextSchema; } });
+// JSON-RPC schemas
+Object.defineProperty(exports, "JsonRpcErrorSchema", { enumerable: true, get: function () { return schemas_1.JsonRpcErrorSchema; } });
+Object.defineProperty(exports, "JsonRpcRequestSchema", { enumerable: true, get: function () { return schemas_1.JsonRpcRequestSchema; } });
+Object.defineProperty(exports, "JsonRpcResponseSchema", { enumerable: true, get: function () { return schemas_1.JsonRpcResponseSchema; } });
+Object.defineProperty(exports, "JsonRpcNotificationSchema", { enumerable: true, get: function () { return schemas_1.JsonRpcNotificationSchema; } });
+// Protocol message schemas
+Object.defineProperty(exports, "McpUiInitializeParamsSchema", { enumerable: true, get: function () { return schemas_1.McpUiInitializeParamsSchema; } });
+Object.defineProperty(exports, "McpUiInitializeResultSchema", { enumerable: true, get: function () { return schemas_1.McpUiInitializeResultSchema; } });
+Object.defineProperty(exports, "McpUiToolInputParamsSchema", { enumerable: true, get: function () { return schemas_1.McpUiToolInputParamsSchema; } });
+Object.defineProperty(exports, "McpUiToolInputPartialParamsSchema", { enumerable: true, get: function () { return schemas_1.McpUiToolInputPartialParamsSchema; } });
+Object.defineProperty(exports, "McpUiToolResultParamsSchema", { enumerable: true, get: function () { return schemas_1.McpUiToolResultParamsSchema; } });
+Object.defineProperty(exports, "McpUiToolCancelledParamsSchema", { enumerable: true, get: function () { return schemas_1.McpUiToolCancelledParamsSchema; } });
+Object.defineProperty(exports, "McpUiSizeChangeParamsSchema", { enumerable: true, get: function () { return schemas_1.McpUiSizeChangeParamsSchema; } });
+Object.defineProperty(exports, "McpUiHostContextChangeParamsSchema", { enumerable: true, get: function () { return schemas_1.McpUiHostContextChangeParamsSchema; } });
+Object.defineProperty(exports, "McpUiOpenLinkParamsSchema", { enumerable: true, get: function () { return schemas_1.McpUiOpenLinkParamsSchema; } });
+Object.defineProperty(exports, "McpUiMessageParamsSchema", { enumerable: true, get: function () { return schemas_1.McpUiMessageParamsSchema; } });
+// Extension schemas
+Object.defineProperty(exports, "McpAppsExtensionCapabilitySchema", { enumerable: true, get: function () { return schemas_1.McpAppsExtensionCapabilitySchema; } });
+Object.defineProperty(exports, "ToolUIMetaSchema", { enumerable: true, get: function () { return schemas_1.ToolUIMetaSchema; } });
+// Validation helpers
+Object.defineProperty(exports, "isValidUIResourceUri", { enumerable: true, get: function () { return schemas_1.isValidUIResourceUri; } });
+Object.defineProperty(exports, "isValidProtocolVersion", { enumerable: true, get: function () { return schemas_1.isValidProtocolVersion; } });
+Object.defineProperty(exports, "parseUIResource", { enumerable: true, get: function () { return schemas_1.parseUIResource; } });
+Object.defineProperty(exports, "parseHostContext", { enumerable: true, get: function () { return schemas_1.parseHostContext; } });
+Object.defineProperty(exports, "DEFAULT_PROTOCOL_VERSION", { enumerable: true, get: function () { return schemas_1.DEFAULT_PROTOCOL_VERSION; } });
+// CSP
+var csp_1 = require("./csp");
+Object.defineProperty(exports, "DEFAULT_CSP_DIRECTIVES", { enumerable: true, get: function () { return csp_1.DEFAULT_CSP_DIRECTIVES; } });
+Object.defineProperty(exports, "SANDBOX_PERMISSIONS", { enumerable: true, get: function () { return csp_1.SANDBOX_PERMISSIONS; } });
+Object.defineProperty(exports, "EXTENDED_SANDBOX_PERMISSIONS", { enumerable: true, get: function () { return csp_1.EXTENDED_SANDBOX_PERMISSIONS; } });
+Object.defineProperty(exports, "buildCSPHeader", { enumerable: true, get: function () { return csp_1.buildCSPHeader; } });
+Object.defineProperty(exports, "buildCSPDirectives", { enumerable: true, get: function () { return csp_1.buildCSPDirectives; } });
+Object.defineProperty(exports, "buildSandboxAttribute", { enumerable: true, get: function () { return csp_1.buildSandboxAttribute; } });
+Object.defineProperty(exports, "buildCSPMetaTag", { enumerable: true, get: function () { return csp_1.buildCSPMetaTag; } });
+Object.defineProperty(exports, "isDomainAllowed", { enumerable: true, get: function () { return csp_1.isDomainAllowed; } });
+Object.defineProperty(exports, "mergeCSP", { enumerable: true, get: function () { return csp_1.mergeCSP; } });
+Object.defineProperty(exports, "parseCSPHeader", { enumerable: true, get: function () { return csp_1.parseCSPHeader; } });
+// Template
+var template_1 = require("./template");
+Object.defineProperty(exports, "generateMcpAppsTemplate", { enumerable: true, get: function () { return template_1.generateMcpAppsTemplate; } });
+Object.defineProperty(exports, "wrapInMcpAppsTemplate", { enumerable: true, get: function () { return template_1.wrapInMcpAppsTemplate; } });
+Object.defineProperty(exports, "createSimpleMcpAppsTemplate", { enumerable: true, get: function () { return template_1.createSimpleMcpAppsTemplate; } });
+Object.defineProperty(exports, "extractBodyContent", { enumerable: true, get: function () { return template_1.extractBodyContent; } });
+//# sourceMappingURL=index.js.map

package/src/mcp-apps/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/mcp-apps/index.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;GAkBG;;;AAEH,QAAQ;AACR,iCAiDiB;AAhDf,aAAa;AACb,2GAAA,kBAAkB,OAAA;AA0ClB,eAAe;AACf,yGAAA,gBAAgB,OAAA;AAEhB,mBAAmB;AACnB,kHAAA,yBAAyB,OAAA;AAG3B,UAAU;AACV,qCA+CmB;AA9CjB,gBAAgB;AAChB,gHAAA,qBAAqB,OAAA;AACrB,mHAAA,wBAAwB,OAAA;AACxB,gHAAA,qBAAqB,OAAA;AACrB,sGAAA,WAAW,OAAA;AACX,2GAAA,gBAAgB,OAAA;AAEhB,mBAAmB;AACnB,+GAAA,oBAAoB,OAAA;AACpB,2GAAA,gBAAgB,OAAA;AAEhB,kBAAkB;AAClB,mHAAA,wBAAwB,OAAA;AACxB,+GAAA,oBAAoB,OAAA;AACpB,6GAAA,kBAAkB,OAAA;AAClB,yGAAA,cAAc,OAAA;AACd,mHAAA,wBAAwB,OAAA;AAExB,mBAAmB;AACnB,6GAAA,kBAAkB,OAAA;AAClB,+GAAA,oBAAoB,OAAA;AACpB,gHAAA,qBAAqB,OAAA;AACrB,oHAAA,yBAAyB,OAAA;AAEzB,2BAA2B;AAC3B,sHAAA,2BAA2B,OAAA;AAC3B,sHAAA,2BAA2B,OAAA;AAC3B,qHAAA,0BAA0B,OAAA;AAC1B,4HAAA,iCAAiC,OAAA;AACjC,sHAAA,2BAA2B,OAAA;AAC3B,yHAAA,8BAA8B,OAAA;AAC9B,sHAAA,2BAA2B,OAAA;AAC3B,6HAAA,kCAAkC,OAAA;AAClC,oHAAA,yBAAyB,OAAA;AACzB,mHAAA,wBAAwB,OAAA;AAExB,oBAAoB;AACpB,2HAAA,gCAAgC,OAAA;AAChC,2GAAA,gBAAgB,OAAA;AAEhB,qBAAqB;AACrB,+GAAA,oBAAoB,OAAA;AACpB,iHAAA,sBAAsB,OAAA;AACtB,0GAAA,eAAe,OAAA;AACf,2GAAA,gBAAgB,OAAA;AAChB,mHAAA,wBAAwB,OAAA;AAG1B,MAAM;AACN,6BAae;AAVb,6GAAA,sBAAsB,OAAA;AACtB,0GAAA,mBAAmB,OAAA;AACnB,mHAAA,4BAA4B,OAAA;AAC5B,qGAAA,cAAc,OAAA;AACd,yGAAA,kBAAkB,OAAA;AAClB,4GAAA,qBAAqB,OAAA;AACrB,sGAAA,eAAe,OAAA;AACf,sGAAA,eAAe,OAAA;AACf,+FAAA,QAAQ,OAAA;AACR,qGAAA,cAAc,OAAA;AAGhB,WAAW;AACX,uCAOoB;AAJlB,mHAAA,uBAAuB,OAAA;AACvB,iHAAA,qBAAqB,OAAA;AACrB,uHAAA,2BAA2B,OAAA;AAC3B,8GAAA,kBAAkB,OAAA","sourcesContent":["/**\n * @file index.ts\n * @description MCP Apps module barrel exports.\n *\n * Provides support for the MCP Apps extension specification:\n * https://github.com/modelcontextprotocol/ext-apps/blob/main/specification/draft/apps.mdx\n *\n * @example\n * ```typescript\n * import {\n * generateMcpAppsTemplate,\n * buildCSPHeader,\n * MCP_APPS_MIME_TYPE,\n * type McpAppsHostContext,\n * } from '@frontmcp/sdk/mcp-apps';\n * ```\n *\n * @module @frontmcp/sdk/mcp-apps\n */\n\n// Types\nexport {\n // MIME types\n MCP_APPS_MIME_TYPE,\n type McpAppsMimeType,\n\n // UI Resource types\n type McpAppsCSP,\n type UIResourceMeta,\n type UIResource,\n\n // Host context types\n type McpAppsDisplayMode,\n type McpAppsPlatform,\n type DeviceCapabilities,\n type SafeAreaInsets,\n type ViewportInfo,\n type ToolInfo,\n type McpAppsHostContext,\n\n // JSON-RPC types\n type JsonRpcMessage,\n type JsonRpcRequest,\n type JsonRpcResponse,\n type JsonRpcNotification,\n type JsonRpcError,\n\n // Protocol message types\n type McpUiInitializeParams,\n type McpUiInitializeResult,\n type McpUiToolInputParams,\n type McpUiToolInputPartialParams,\n type McpUiToolResultParams,\n type McpUiToolCancelledParams,\n type McpUiSizeChangeParams,\n type McpUiHostContextChangeParams,\n type McpUiOpenLinkParams,\n type McpUiMessageParams,\n\n // Extension types\n type McpAppsExtensionCapability,\n type McpClientExtensions,\n type ToolUIMeta,\n type McpAppsToolResultMeta,\n\n // Method names\n MCP_APPS_METHODS,\n\n // Protocol version\n MCP_APPS_PROTOCOL_VERSION,\n} from './types';\n\n// Schemas\nexport {\n // Basic schemas\n McpAppsMimeTypeSchema,\n McpAppsDisplayModeSchema,\n McpAppsPlatformSchema,\n ThemeSchema,\n McpAppsCSPSchema,\n\n // Resource schemas\n UIResourceMetaSchema,\n UIResourceSchema,\n\n // Context schemas\n DeviceCapabilitiesSchema,\n SafeAreaInsetsSchema,\n ViewportInfoSchema,\n ToolInfoSchema,\n McpAppsHostContextSchema,\n\n // JSON-RPC schemas\n JsonRpcErrorSchema,\n JsonRpcRequestSchema,\n JsonRpcResponseSchema,\n JsonRpcNotificationSchema,\n\n // Protocol message schemas\n McpUiInitializeParamsSchema,\n McpUiInitializeResultSchema,\n McpUiToolInputParamsSchema,\n McpUiToolInputPartialParamsSchema,\n McpUiToolResultParamsSchema,\n McpUiToolCancelledParamsSchema,\n McpUiSizeChangeParamsSchema,\n McpUiHostContextChangeParamsSchema,\n McpUiOpenLinkParamsSchema,\n McpUiMessageParamsSchema,\n\n // Extension schemas\n McpAppsExtensionCapabilitySchema,\n ToolUIMetaSchema,\n\n // Validation helpers\n isValidUIResourceUri,\n isValidProtocolVersion,\n parseUIResource,\n parseHostContext,\n DEFAULT_PROTOCOL_VERSION,\n} from './schemas';\n\n// CSP\nexport {\n type CSPDirective,\n type CSPConfig,\n DEFAULT_CSP_DIRECTIVES,\n SANDBOX_PERMISSIONS,\n EXTENDED_SANDBOX_PERMISSIONS,\n buildCSPHeader,\n buildCSPDirectives,\n buildSandboxAttribute,\n buildCSPMetaTag,\n isDomainAllowed,\n mergeCSP,\n parseCSPHeader,\n} from './csp';\n\n// Template\nexport {\n type McpAppsTemplateOptions,\n type McpAppsBridgeConfig,\n generateMcpAppsTemplate,\n wrapInMcpAppsTemplate,\n createSimpleMcpAppsTemplate,\n extractBodyContent,\n} from './template';\n"]}