npm - @frontmcp/sdk - Versions diffs - 0.5.0 → 0.6.0 - Mend

@frontmcp/sdk 0.5.0 → 0.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (226) hide show

package/README.md +3 -3
package/package.json +8 -19
package/src/adapter/adapter.instance.js +5 -0
package/src/adapter/adapter.instance.js.map +1 -1
package/src/auth/authorization/authorization.class.d.ts +1 -4
package/src/auth/authorization/authorization.class.js +6 -13
package/src/auth/authorization/authorization.class.js.map +1 -1
package/src/auth/flows/session.verify.flow.d.ts +1 -0
package/src/auth/flows/session.verify.flow.js +11 -1
package/src/auth/flows/session.verify.flow.js.map +1 -1
package/src/auth/flows/well-known.jwks.flow.js +2 -2
package/src/auth/flows/well-known.jwks.flow.js.map +1 -1
package/src/auth/jwks/dev-key-persistence.d.ts +63 -0
package/src/auth/jwks/dev-key-persistence.js +219 -0
package/src/auth/jwks/dev-key-persistence.js.map +1 -0
package/src/auth/jwks/index.d.ts +1 -0
package/src/auth/jwks/index.js +1 -0
package/src/auth/jwks/index.js.map +1 -1
package/src/auth/jwks/jwks.service.d.ts +7 -4
package/src/auth/jwks/jwks.service.js +81 -12
package/src/auth/jwks/jwks.service.js.map +1 -1
package/src/auth/jwks/jwks.types.d.ts +7 -0
package/src/auth/jwks/jwks.types.js.map +1 -1
package/src/auth/machine-id.d.ts +5 -0
package/src/auth/machine-id.js +32 -0
package/src/auth/machine-id.js.map +1 -0
package/src/auth/session/index.d.ts +1 -0
package/src/auth/session/index.js +3 -1
package/src/auth/session/index.js.map +1 -1
package/src/auth/session/record/session.base.js +5 -3
package/src/auth/session/record/session.base.js.map +1 -1
package/src/auth/session/record/session.stateless.d.ts +2 -2
package/src/auth/session/record/session.stateless.js +5 -3
package/src/auth/session/record/session.stateless.js.map +1 -1
package/src/auth/session/redis-session.store.d.ts +64 -0
package/src/auth/session/redis-session.store.js +204 -0
package/src/auth/session/redis-session.store.js.map +1 -0
package/src/auth/session/session.service.d.ts +0 -2
package/src/auth/session/session.service.js +1 -7
package/src/auth/session/session.service.js.map +1 -1
package/src/auth/session/transport-session.manager.js +3 -5
package/src/auth/session/transport-session.manager.js.map +1 -1
package/src/auth/session/transport-session.types.d.ts +4 -0
package/src/auth/session/transport-session.types.js +4 -3
package/src/auth/session/transport-session.types.js.map +1 -1
package/src/auth/session/utils/session-id.utils.d.ts +12 -1
package/src/auth/session/utils/session-id.utils.js +48 -9
package/src/auth/session/utils/session-id.utils.js.map +1 -1
package/src/auth/ui/base-layout.d.ts +0 -8
package/src/auth/ui/base-layout.js +1 -14
package/src/auth/ui/base-layout.js.map +1 -1
package/src/auth/ui/index.d.ts +3 -4
package/src/auth/ui/index.js +10 -11
package/src/auth/ui/index.js.map +1 -1
package/src/auth/ui/{htmx-templates.d.ts → templates.d.ts} +5 -6
package/src/auth/ui/{htmx-templates.js → templates.js} +8 -15
package/src/auth/ui/templates.js.map +1 -0
package/src/common/decorators/decorator-utils.js.map +1 -1
package/src/common/decorators/front-mcp.decorator.js +28 -2
package/src/common/decorators/front-mcp.decorator.js.map +1 -1
package/src/common/index.d.ts +0 -1
package/src/common/index.js +0 -1
package/src/common/index.js.map +1 -1
package/src/common/interfaces/adapter.interface.d.ts +6 -0
package/src/common/interfaces/adapter.interface.js.map +1 -1
package/src/common/interfaces/execution-context.interface.d.ts +52 -3
package/src/common/interfaces/execution-context.interface.js +88 -3
package/src/common/interfaces/execution-context.interface.js.map +1 -1
package/src/common/interfaces/flow.interface.d.ts +13 -0
package/src/common/interfaces/flow.interface.js +24 -0
package/src/common/interfaces/flow.interface.js.map +1 -1
package/src/common/interfaces/server.interface.d.ts +9 -0
package/src/common/interfaces/server.interface.js.map +1 -1
package/src/common/metadata/app.metadata.d.ts +108 -0
package/src/common/metadata/front-mcp.metadata.d.ts +659 -2
package/src/common/metadata/front-mcp.metadata.js +3 -1
package/src/common/metadata/front-mcp.metadata.js.map +1 -1
package/src/common/metadata/provider.metadata.d.ts +14 -0
package/src/common/metadata/provider.metadata.js +18 -2
package/src/common/metadata/provider.metadata.js.map +1 -1
package/src/common/metadata/tool.metadata.d.ts +33 -1
package/src/common/metadata/tool.metadata.js.map +1 -1
package/src/common/migrate/auth-transport.migrate.d.ts +62 -0
package/src/common/migrate/auth-transport.migrate.js +140 -0
package/src/common/migrate/auth-transport.migrate.js.map +1 -0
package/src/common/migrate/index.d.ts +1 -0
package/src/common/migrate/index.js +6 -0
package/src/common/migrate/index.js.map +1 -0
package/src/common/schemas/http-output.schema.d.ts +10 -2
package/src/common/schemas/index.d.ts +1 -0
package/src/common/schemas/index.js +1 -0
package/src/common/schemas/index.js.map +1 -1
package/src/common/schemas/session-header.schema.d.ts +16 -0
package/src/common/schemas/session-header.schema.js +42 -0
package/src/common/schemas/session-header.schema.js.map +1 -0
package/src/common/tokens/front-mcp.tokens.js +3 -1
package/src/common/tokens/front-mcp.tokens.js.map +1 -1
package/src/common/types/options/auth.options.d.ts +233 -3
package/src/common/types/options/auth.options.js +29 -40
package/src/common/types/options/auth.options.js.map +1 -1
package/src/common/types/options/index.d.ts +2 -0
package/src/common/types/options/index.js +2 -0
package/src/common/types/options/index.js.map +1 -1
package/src/common/types/options/redis.options.d.ts +22 -0
package/src/common/types/options/redis.options.js +45 -0
package/src/common/types/options/redis.options.js.map +1 -0
package/src/common/types/options/transport.options.d.ts +84 -0
package/src/common/types/options/transport.options.js +121 -0
package/src/common/types/options/transport.options.js.map +1 -0
package/src/completion/flows/complete.flow.d.ts +17 -2
package/src/context/frontmcp-context-storage.d.ts +94 -0
package/src/context/frontmcp-context-storage.js +183 -0
package/src/context/frontmcp-context-storage.js.map +1 -0
package/src/context/frontmcp-context.d.ts +269 -0
package/src/context/frontmcp-context.js +360 -0
package/src/context/frontmcp-context.js.map +1 -0
package/src/context/frontmcp-context.provider.d.ts +43 -0
package/src/context/frontmcp-context.provider.js +61 -0
package/src/context/frontmcp-context.provider.js.map +1 -0
package/src/context/index.d.ts +34 -0
package/src/context/index.js +64 -0
package/src/context/index.js.map +1 -0
package/src/context/request-context-storage.d.ts +89 -0
package/src/context/request-context-storage.js +183 -0
package/src/context/request-context-storage.js.map +1 -0
package/src/context/request-context.d.ts +184 -0
package/src/context/request-context.js +209 -0
package/src/context/request-context.js.map +1 -0
package/src/context/request-context.provider.d.ts +37 -0
package/src/context/request-context.provider.js +51 -0
package/src/context/request-context.provider.js.map +1 -0
package/src/context/session-key.provider.d.ts +45 -0
package/src/context/session-key.provider.js +65 -0
package/src/context/session-key.provider.js.map +1 -0
package/src/context/trace-context.d.ts +43 -0
package/src/context/trace-context.js +142 -0
package/src/context/trace-context.js.map +1 -0
package/src/errors/index.d.ts +1 -1
package/src/errors/index.js +3 -1
package/src/errors/index.js.map +1 -1
package/src/errors/mcp.error.d.ts +7 -0
package/src/errors/mcp.error.js +11 -1
package/src/errors/mcp.error.js.map +1 -1
package/src/flows/flow.instance.d.ts +16 -0
package/src/flows/flow.instance.js +166 -80
package/src/flows/flow.instance.js.map +1 -1
package/src/flows/flow.registry.d.ts +5 -0
package/src/flows/flow.registry.js +45 -3
package/src/flows/flow.registry.js.map +1 -1
package/src/front-mcp/front-mcp.d.ts +12 -0
package/src/front-mcp/front-mcp.js +22 -3
package/src/front-mcp/front-mcp.js.map +1 -1
package/src/front-mcp/front-mcp.providers.d.ts +266 -1
package/src/front-mcp/front-mcp.providers.js +2 -1
package/src/front-mcp/front-mcp.providers.js.map +1 -1
package/src/front-mcp/serverless-handler.d.ts +28 -0
package/src/front-mcp/serverless-handler.js +61 -0
package/src/front-mcp/serverless-handler.js.map +1 -0
package/src/hooks/hooks.utils.d.ts +1 -1
package/src/hooks/hooks.utils.js +10 -3
package/src/hooks/hooks.utils.js.map +1 -1
package/src/index.d.ts +8 -4
package/src/index.js +20 -1
package/src/index.js.map +1 -1
package/src/logger/instances/instance.logger.js +0 -1
package/src/logger/instances/instance.logger.js.map +1 -1
package/src/logging/flows/set-level.flow.d.ts +17 -2
package/src/notification/notification.service.js +5 -1
package/src/notification/notification.service.js.map +1 -1
package/src/prompt/flows/get-prompt.flow.d.ts +97 -2
package/src/prompt/flows/prompts-list.flow.d.ts +12 -1
package/src/provider/provider.registry.d.ts +97 -5
package/src/provider/provider.registry.js +306 -9
package/src/provider/provider.registry.js.map +1 -1
package/src/provider/provider.types.d.ts +21 -3
package/src/provider/provider.types.js.map +1 -1
package/src/resource/flows/read-resource.flow.d.ts +22 -3
package/src/resource/flows/resource-templates-list.flow.d.ts +20 -1
package/src/resource/flows/resources-list.flow.d.ts +20 -1
package/src/resource/flows/subscribe-resource.flow.d.ts +17 -2
package/src/resource/flows/unsubscribe-resource.flow.d.ts +17 -2
package/src/scope/flows/http.request.flow.js +43 -7
package/src/scope/flows/http.request.flow.js.map +1 -1
package/src/scope/scope.instance.js +12 -5
package/src/scope/scope.instance.js.map +1 -1
package/src/server/adapters/base.host.adapter.d.ts +9 -0
package/src/server/adapters/base.host.adapter.js.map +1 -1
package/src/server/adapters/express.host.adapter.d.ts +12 -0
package/src/server/adapters/express.host.adapter.js +21 -1
package/src/server/adapters/express.host.adapter.js.map +1 -1
package/src/server/server.instance.d.ts +3 -0
package/src/server/server.instance.js +14 -7
package/src/server/server.instance.js.map +1 -1
package/src/tool/flows/call-tool.flow.d.ts +118 -13
package/src/tool/flows/call-tool.flow.js +240 -194
package/src/tool/flows/call-tool.flow.js.map +1 -1
package/src/tool/flows/tools-list.flow.d.ts +25 -11
package/src/tool/flows/tools-list.flow.js +82 -31
package/src/tool/flows/tools-list.flow.js.map +1 -1
package/src/tool/tool.instance.d.ts +1 -4
package/src/transport/adapters/transport.streamable-http.adapter.js +1 -0
package/src/transport/adapters/transport.streamable-http.adapter.js.map +1 -1
package/src/transport/flows/handle.sse.flow.js +9 -2
package/src/transport/flows/handle.sse.flow.js.map +1 -1
package/src/transport/flows/handle.streamable-http.flow.js +63 -6
package/src/transport/flows/handle.streamable-http.flow.js.map +1 -1
package/src/transport/mcp-handlers/complete-request.handler.d.ts +27 -1
package/src/transport/mcp-handlers/get-prompt-request.handler.d.ts +52 -1
package/src/transport/mcp-handlers/index.d.ts +413 -7
package/src/transport/mcp-handlers/initialize-request.handler.js +12 -2
package/src/transport/mcp-handlers/initialize-request.handler.js.map +1 -1
package/src/transport/mcp-handlers/list-prompts-request.handler.d.ts +27 -1
package/src/transport/mcp-handlers/list-resource-templates-request.handler.d.ts +32 -1
package/src/transport/mcp-handlers/list-resources-request.handler.d.ts +32 -1
package/src/transport/mcp-handlers/list-tools-request.handler.d.ts +30 -1
package/src/transport/mcp-handlers/logging-set-level-request.handler.d.ts +20 -0
package/src/transport/mcp-handlers/read-resource-request.handler.d.ts +27 -1
package/src/transport/mcp-handlers/subscribe-request.handler.d.ts +20 -0
package/src/transport/mcp-handlers/unsubscribe-request.handler.d.ts +20 -0
package/src/transport/transport.registry.d.ts +68 -4
package/src/transport/transport.registry.js +313 -11
package/src/transport/transport.registry.js.map +1 -1
package/src/auth/ui/htmx-templates.js.map +0 -1
package/src/common/providers/session.provider.d.ts +0 -13
package/src/common/providers/session.provider.js +0 -27
package/src/common/providers/session.provider.js.map +0 -1

package/src/common/metadata/front-mcp.metadata.js CHANGED Viewed

@@ -12,7 +12,9 @@ exports.frontMcpBaseSchema = zod_1.z.object({
     apps: zod_1.z.array(schemas_1.annotatedFrontMcpAppSchema),
     serve: zod_1.z.boolean().optional().default(true),
     http: types_1.httpOptionsSchema.optional(),
-    session: types_1.sessionOptionsSchema.optional(),
+    redis: types_1.redisOptionsSchema.optional(),
+    transport: types_1.transportOptionsSchema.optional().transform((val) => val ?? types_1.transportOptionsSchema.parse({})),
+    session: types_1.sessionOptionsSchema.optional(), // @deprecated - kept for backward compatibility
     logging: types_1.loggingOptionsSchema.optional(),
 });
 const frontMcpMultiAppSchema = exports.frontMcpBaseSchema.extend({

package/src/common/metadata/front-mcp.metadata.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"front-mcp.metadata.js","sourceRoot":"","sources":["../../../../src/common/metadata/front-mcp.metadata.ts"],"names":[],"mappings":";;;AAAA,6BAAwB;AACxB,~~oCAakB~~;AAClB,wCAKoB;~~AA8BP~~,QAAA,kBAAkB,GAAG,OAAC,CAAC,MAAM,CAAC;IACzC,IAAI,EAAE,+BAAuB;IAC7B,SAAS,EAAE,OAAC,CAAC,KAAK,CAAC,0CAAgC,CAAC,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC;IAC3E,KAAK,EAAE,OAAC,CAAC,KAAK,CAAC,sCAA4B,CAAC,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC;IACnE,SAAS,EAAE,OAAC,CAAC,KAAK,CAAC,0CAAgC,CAAC,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC;IAC3E,IAAI,EAAE,OAAC,CAAC,KAAK,CAAC,oCAA0B,CAAC;IACzC,KAAK,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IAC3C,IAAI,EAAE,yBAAiB,CAAC,QAAQ,EAAE;IAClC,OAAO,EAAE,4BAAoB,CAAC,QAAQ,EAAE;~~IACxC~~,OAAO,EAAE,4BAAoB,CAAC,QAAQ,EAAE;CACG,CAAC,CAAC;AAO/C,MAAM,sBAAsB,GAAG,0BAAkB,CAAC,MAAM,CAAC;IACvD,UAAU,EAAE,OAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC,kDAAkD,CAAC;IACxG,IAAI,EAAE,yBAAiB,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,0DAA0D,CAAC;CAClC,CAAC,CAAC;AAOzE,MAAM,wBAAwB,GAAG,0BAAkB,CAAC,MAAM,CAAC;IACzD,UAAU,EAAE,OAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,6DAA6D,CAAC;IACnG,IAAI,EAAE,OAAC,CAAC,KAAK,EAAE,CAAC,QAAQ,EAAE;CAC6C,CAAC,CAAC;AAI9D,QAAA,sBAAsB,GAAG,sBAAsB,CAAC,EAAE,CAAC,wBAAwB,CAAC,CAAC","sourcesContent":["import { z } from 'zod';\nimport {\n AuthOptions,\n authOptionsSchema,\n SessionOptions,\n sessionOptionsSchema,\n ServerInfoOptions,\n serverInfoOptionsSchema,\n HttpOptions,\n httpOptionsSchema,\n LoggingOptions,\n loggingOptionsSchema,\n RawZodShape,\n AuthOptionsInput,\n} from '../types';\nimport {\n annotatedFrontMcpAppSchema,\n annotatedFrontMcpProvidersSchema,\n annotatedFrontMcpResourcesSchema,\n annotatedFrontMcpToolsSchema,\n} from '../schemas';\nimport { AppType, ProviderType, ResourceType, ToolType } from '../interfaces';\n\nexport interface FrontMcpBaseMetadata {\n info: ServerInfoOptions;\n apps: AppType[];\n http?: HttpOptions;\n ~~session?: SessionOptions;\n~~ logging?: LoggingOptions;\n\n serve?: boolean; // default to true\n\n /*\n Additional providers that are available to all apps.\n /\n providers?: ProviderType[];\n\n /\n Shared tools that are available to all apps.\n * These are merged (additively) with app-specific tools.\n /\n tools?: ToolType[];\n\n /\n Shared resources that are available to all apps.\n * These are merged (additively) with app-specific resources.\n */\n resources?: ResourceType[];\n}\n\nexport const frontMcpBaseSchema = z.object({\n info: serverInfoOptionsSchema,\n providers: z.array(annotatedFrontMcpProvidersSchema).optional().default([]),\n tools: z.array(annotatedFrontMcpToolsSchema).optional().default([]),\n resources: z.array(annotatedFrontMcpResourcesSchema).optional().default([]),\n apps: z.array(annotatedFrontMcpAppSchema),\n serve: z.boolean().optional().default(true),\n http: httpOptionsSchema.optional(),\n session: sessionOptionsSchema.optional(),\n logging: loggingOptionsSchema.optional(),\n} satisfies RawZodShape<FrontMcpBaseMetadata>);\n\nexport interface FrontMcpMultiAppMetadata extends FrontMcpBaseMetadata {\n splitByApp?: false;\n auth?: AuthOptionsInput;\n}\n\nconst frontMcpMultiAppSchema = frontMcpBaseSchema.extend({\n splitByApp: z.literal(false).default(false).describe('If true, each app gets its own scope & basePath.'),\n auth: authOptionsSchema.optional().describe(\"Configures the server's default authentication provider.\"),\n} satisfies RawZodShape<FrontMcpMultiAppMetadata, FrontMcpBaseMetadata>);\n\nexport interface FrontMcpSplitByAppMetadata extends FrontMcpBaseMetadata {\n splitByApp: true;\n auth?: never;\n}\n\nconst frontMcpSplitByAppSchema = frontMcpBaseSchema.extend({\n splitByApp: z.literal(true).describe('If false, apps are grouped under the same scope & basePath.'),\n auth: z.never().optional(),\n} satisfies RawZodShape<FrontMcpSplitByAppMetadata, FrontMcpBaseMetadata>);\n\nexport type FrontMcpMetadata = FrontMcpMultiAppMetadata \| FrontMcpSplitByAppMetadata;\n\nexport const frontMcpMetadataSchema = frontMcpMultiAppSchema.or(frontMcpSplitByAppSchema);\n\nexport type FrontMcpMultiAppConfig = z.infer<typeof frontMcpMultiAppSchema>;\nexport type FrontMcpSplitByAppConfig = z.infer<typeof frontMcpSplitByAppSchema>;\n\nexport type FrontMcpConfigType = z.infer<typeof frontMcpMetadataSchema>;\n\nexport interface AppScopeMetadata extends Omit<FrontMcpSplitByAppMetadata, 'auth' \| 'splitByApp'> {\n id: string;\n apps: [AppType];\n auth?: AuthOptions;\n}\n\nexport interface MultiAppScopeMetadata extends FrontMcpMultiAppMetadata {\n id: string;\n apps: AppType[];\n}\n\nexport type ScopeMetadata = AppScopeMetadata \| MultiAppScopeMetadata;\n"]}
1	+ {"version":3,"file":"front-mcp.metadata.js","sourceRoot":"","sources":["../../../../src/common/metadata/front-mcp.metadata.ts"],"names":[],"mappings":";;;AAAA,6BAAwB;AACxB,oCAiBkB;AAClB,wCAKoB;AA+CP,QAAA,kBAAkB,GAAG,OAAC,CAAC,MAAM,CAAC;IACzC,IAAI,EAAE,+BAAuB;IAC7B,SAAS,EAAE,OAAC,CAAC,KAAK,CAAC,0CAAgC,CAAC,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC;IAC3E,KAAK,EAAE,OAAC,CAAC,KAAK,CAAC,sCAA4B,CAAC,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC;IACnE,SAAS,EAAE,OAAC,CAAC,KAAK,CAAC,0CAAgC,CAAC,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC;IAC3E,IAAI,EAAE,OAAC,CAAC,KAAK,CAAC,oCAA0B,CAAC;IACzC,KAAK,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IAC3C,IAAI,EAAE,yBAAiB,CAAC,QAAQ,EAAE;IAClC,KAAK,EAAE,0BAAkB,CAAC,QAAQ,EAAE;IACpC,SAAS,EAAE,8BAAsB,CAAC,QAAQ,EAAE,CAAC,SAAS,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,IAAI,8BAAsB,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;IACxG,OAAO,EAAE,4BAAoB,CAAC,QAAQ,EAAE,EAAE,gDAAgD;IAC1F,OAAO,EAAE,4BAAoB,CAAC,QAAQ,EAAE;CACG,CAAC,CAAC;AAO/C,MAAM,sBAAsB,GAAG,0BAAkB,CAAC,MAAM,CAAC;IACvD,UAAU,EAAE,OAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC,kDAAkD,CAAC;IACxG,IAAI,EAAE,yBAAiB,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,0DAA0D,CAAC;CAClC,CAAC,CAAC;AAOzE,MAAM,wBAAwB,GAAG,0BAAkB,CAAC,MAAM,CAAC;IACzD,UAAU,EAAE,OAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,6DAA6D,CAAC;IACnG,IAAI,EAAE,OAAC,CAAC,KAAK,EAAE,CAAC,QAAQ,EAAE;CAC6C,CAAC,CAAC;AAI9D,QAAA,sBAAsB,GAAG,sBAAsB,CAAC,EAAE,CAAC,wBAAwB,CAAC,CAAC","sourcesContent":["import { z } from 'zod';\nimport {\n AuthOptions,\n authOptionsSchema,\n SessionOptions,\n sessionOptionsSchema,\n ServerInfoOptions,\n serverInfoOptionsSchema,\n HttpOptions,\n httpOptionsSchema,\n LoggingOptions,\n loggingOptionsSchema,\n RawZodShape,\n AuthOptionsInput,\n RedisOptionsInput,\n redisOptionsSchema,\n TransportOptionsInput,\n transportOptionsSchema,\n} from '../types';\nimport {\n annotatedFrontMcpAppSchema,\n annotatedFrontMcpProvidersSchema,\n annotatedFrontMcpResourcesSchema,\n annotatedFrontMcpToolsSchema,\n} from '../schemas';\nimport { AppType, ProviderType, ResourceType, ToolType } from '../interfaces';\n\nexport interface FrontMcpBaseMetadata {\n info: ServerInfoOptions;\n apps: AppType[];\n http?: HttpOptions;\n logging?: LoggingOptions;\n\n serve?: boolean; // default to true\n\n /*\n Shared Redis configuration\n * Used by transport persistence and auth token storage\n /\n redis?: RedisOptionsInput;\n\n /\n Transport and session lifecycle configuration\n * Controls transport protocols, session management, and persistence\n * @default {} (all transport options use their schema defaults)\n /\n transport?: TransportOptionsInput; // Optional in input, but always defined in output\n\n /\n @deprecated Use `transport` instead. Session config has been merged into transport.\n /\n session?: SessionOptions;\n\n /\n Additional providers that are available to all apps.\n /\n providers?: ProviderType[];\n\n /\n Shared tools that are available to all apps.\n * These are merged (additively) with app-specific tools.\n /\n tools?: ToolType[];\n\n /\n Shared resources that are available to all apps.\n * These are merged (additively) with app-specific resources.\n */\n resources?: ResourceType[];\n}\n\nexport const frontMcpBaseSchema = z.object({\n info: serverInfoOptionsSchema,\n providers: z.array(annotatedFrontMcpProvidersSchema).optional().default([]),\n tools: z.array(annotatedFrontMcpToolsSchema).optional().default([]),\n resources: z.array(annotatedFrontMcpResourcesSchema).optional().default([]),\n apps: z.array(annotatedFrontMcpAppSchema),\n serve: z.boolean().optional().default(true),\n http: httpOptionsSchema.optional(),\n redis: redisOptionsSchema.optional(),\n transport: transportOptionsSchema.optional().transform((val) => val ?? transportOptionsSchema.parse({})),\n session: sessionOptionsSchema.optional(), // @deprecated - kept for backward compatibility\n logging: loggingOptionsSchema.optional(),\n} satisfies RawZodShape<FrontMcpBaseMetadata>);\n\nexport interface FrontMcpMultiAppMetadata extends FrontMcpBaseMetadata {\n splitByApp?: false;\n auth?: AuthOptionsInput;\n}\n\nconst frontMcpMultiAppSchema = frontMcpBaseSchema.extend({\n splitByApp: z.literal(false).default(false).describe('If true, each app gets its own scope & basePath.'),\n auth: authOptionsSchema.optional().describe(\"Configures the server's default authentication provider.\"),\n} satisfies RawZodShape<FrontMcpMultiAppMetadata, FrontMcpBaseMetadata>);\n\nexport interface FrontMcpSplitByAppMetadata extends FrontMcpBaseMetadata {\n splitByApp: true;\n auth?: never;\n}\n\nconst frontMcpSplitByAppSchema = frontMcpBaseSchema.extend({\n splitByApp: z.literal(true).describe('If false, apps are grouped under the same scope & basePath.'),\n auth: z.never().optional(),\n} satisfies RawZodShape<FrontMcpSplitByAppMetadata, FrontMcpBaseMetadata>);\n\nexport type FrontMcpMetadata = FrontMcpMultiAppMetadata \| FrontMcpSplitByAppMetadata;\n\nexport const frontMcpMetadataSchema = frontMcpMultiAppSchema.or(frontMcpSplitByAppSchema);\n\nexport type FrontMcpMultiAppConfig = z.infer<typeof frontMcpMultiAppSchema>;\nexport type FrontMcpSplitByAppConfig = z.infer<typeof frontMcpSplitByAppSchema>;\n\nexport type FrontMcpConfigType = z.infer<typeof frontMcpMetadataSchema>;\n\nexport interface AppScopeMetadata extends Omit<FrontMcpSplitByAppMetadata, 'auth' \| 'splitByApp'> {\n id: string;\n apps: [AppType];\n auth?: AuthOptions;\n}\n\nexport interface MultiAppScopeMetadata extends FrontMcpMultiAppMetadata {\n id: string;\n apps: AppType[];\n}\n\nexport type ScopeMetadata = AppScopeMetadata \| MultiAppScopeMetadata;\n"]}

package/src/common/metadata/provider.metadata.d.ts CHANGED Viewed

@@ -10,10 +10,24 @@ export interface ProviderMetadata {
 }
 /**
  * Provider lifetime scope semantics.
+ *
+ * - GLOBAL: Singleton, shared across all requests
+ * - CONTEXT: Per-context instance (combines session + request data)
+ * - SESSION: deprecated Use CONTEXT instead
+ * - REQUEST: deprecated Use CONTEXT instead
  */
 export declare enum ProviderScope {
+    /** Singleton, shared across all requests */
     GLOBAL = "global",
+    /** Per-context instance (unified session + request scope) */
+    CONTEXT = "context",
+    /**
+     * @deprecated Use CONTEXT instead. Maps to CONTEXT internally.
+     */
     SESSION = "session",
+    /**
+     * @deprecated Use CONTEXT instead. Maps to CONTEXT internally.
+     */
     REQUEST = "request"
 }
 export declare const frontMcpProviderMetadataSchema: z.ZodObject<{

package/src/common/metadata/provider.metadata.js CHANGED Viewed

@@ -4,17 +4,33 @@ exports.frontMcpProviderMetadataSchema = exports.ProviderScope = void 0;
 const zod_1 = require("zod");
 /**
  * Provider lifetime scope semantics.
+ *
+ * - GLOBAL: Singleton, shared across all requests
+ * - CONTEXT: Per-context instance (combines session + request data)
+ * - SESSION: deprecated Use CONTEXT instead
+ * - REQUEST: deprecated Use CONTEXT instead
  */
 var ProviderScope;
 (function (ProviderScope) {
+    /** Singleton, shared across all requests */
     ProviderScope["GLOBAL"] = "global";
+    /** Per-context instance (unified session + request scope) */
+    ProviderScope["CONTEXT"] = "context";
+    /**
+     * @deprecated Use CONTEXT instead. Maps to CONTEXT internally.
+     */
     ProviderScope["SESSION"] = "session";
+    /**
+     * @deprecated Use CONTEXT instead. Maps to CONTEXT internally.
+     */
     ProviderScope["REQUEST"] = "request";
 })(ProviderScope || (exports.ProviderScope = ProviderScope = {}));
-exports.frontMcpProviderMetadataSchema = zod_1.z.object({
+exports.frontMcpProviderMetadataSchema = zod_1.z
+    .object({
     id: zod_1.z.string().optional(),
     name: zod_1.z.string().min(1),
     description: zod_1.z.string().optional(),
     scope: zod_1.z.nativeEnum(ProviderScope).optional().default(ProviderScope.GLOBAL),
-}).passthrough();
+})
+    .passthrough();
 //# sourceMappingURL=provider.metadata.js.map

package/src/common/metadata/provider.metadata.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"provider.metadata.js","sourceRoot":"","sources":["../../../../src/common/metadata/provider.metadata.ts"],"names":[],"mappings":";;;AAAA,6BAAwB;~~AAcxB;;GAEG~~;AACH,IAAY,~~aAIX~~;~~AAJD~~,WAAY,aAAa;IACvB,kCAAiB,CAAA;IACjB,oCAAmB,CAAA;IACnB,oCAAmB,CAAA;AACrB,CAAC,~~EAJW~~,aAAa,6BAAb,aAAa,~~QAIxB~~;AAEY,QAAA,8BAA8B,GAAG,OAAC,~~CAAC,~~MAAM,CAAC;~~IACrD~~,EAAE,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACzB,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACvB,WAAW,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAClC,KAAK,EAAE,OAAC,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC;CACpC,CAAC,~~CAAC,~~WAAW,EAAE,CAAC","sourcesContent":["import { z } from 'zod';\nimport { RawZodShape } from '../types';\n\n\n/*\n Declarative metadata describing what a FrontMcpProvider contributes at app scope.\n /\nexport interface ProviderMetadata {\n id?: string;\n name: string;\n description?: string;\n scope?: ProviderScope;\n}\n\n/\n Provider lifetime scope semantics.\n */\nexport enum ProviderScope {\n GLOBAL = 'global',\n SESSION = 'session',\n REQUEST = 'request',\n}\n\nexport const frontMcpProviderMetadataSchema = z.object({\n id: z.string().optional(),\n name: z.string().min(1),\n description: z.string().optional(),\n scope: z.nativeEnum(ProviderScope).optional().default(ProviderScope.GLOBAL),\n} satisfies RawZodShape<ProviderMetadata>).passthrough();\n\n"]}
1	+ {"version":3,"file":"provider.metadata.js","sourceRoot":"","sources":["../../../../src/common/metadata/provider.metadata.ts"],"names":[],"mappings":";;;AAAA,6BAAwB;AAaxB;;;;;;;GAOG;AACH,IAAY,aAaX;AAbD,WAAY,aAAa;IACvB,4CAA4C;IAC5C,kCAAiB,CAAA;IACjB,6DAA6D;IAC7D,oCAAmB,CAAA;IACnB;;OAEG;IACH,oCAAmB,CAAA;IACnB;;OAEG;IACH,oCAAmB,CAAA;AACrB,CAAC,EAbW,aAAa,6BAAb,aAAa,QAaxB;AAEY,QAAA,8BAA8B,GAAG,OAAC;KAC5C,MAAM,CAAC;IACN,EAAE,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACzB,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACvB,WAAW,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAClC,KAAK,EAAE,OAAC,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC;CACpC,CAAC;KACzC,WAAW,EAAE,CAAC","sourcesContent":["import { z } from 'zod';\nimport { RawZodShape } from '../types';\n\n/*\n Declarative metadata describing what a FrontMcpProvider contributes at app scope.\n /\nexport interface ProviderMetadata {\n id?: string;\n name: string;\n description?: string;\n scope?: ProviderScope;\n}\n\n/\n Provider lifetime scope semantics.\n \n - GLOBAL: Singleton, shared across all requests\n * - CONTEXT: Per-context instance (combines session + request data)\n * - SESSION: deprecated Use CONTEXT instead\n * - REQUEST: deprecated Use CONTEXT instead\n /\nexport enum ProviderScope {\n /* Singleton, shared across all requests /\n GLOBAL = 'global',\n /* Per-context instance (unified session + request scope) /\n CONTEXT = 'context',\n /\n @deprecated Use CONTEXT instead. Maps to CONTEXT internally.\n /\n SESSION = 'session',\n /\n @deprecated Use CONTEXT instead. Maps to CONTEXT internally.\n */\n REQUEST = 'request',\n}\n\nexport const frontMcpProviderMetadataSchema = z\n .object({\n id: z.string().optional(),\n name: z.string().min(1),\n description: z.string().optional(),\n scope: z.nativeEnum(ProviderScope).optional().default(ProviderScope.GLOBAL),\n } satisfies RawZodShape<ProviderMetadata>)\n .passthrough();\n"]}

package/src/common/metadata/tool.metadata.d.ts CHANGED Viewed

@@ -80,6 +80,14 @@ export declare const ImageOutputSchema: z.ZodObject<{
     type: z.ZodLiteral<"image">;
     data: z.ZodString;
     mimeType: z.ZodString;
+    annotations: z.ZodOptional<z.ZodObject<{
+        audience: z.ZodOptional<z.ZodArray<z.ZodEnum<{
+            user: "user";
+            assistant: "assistant";
+        }>>>;
+        priority: z.ZodOptional<z.ZodNumber>;
+        lastModified: z.ZodOptional<z.ZodISODateTime>;
+    }, z.core.$strip>>;
     _meta: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
 }, z.core.$strip>;
 export type ImageOutput = z.output<typeof ImageOutputSchema>;
@@ -91,6 +99,14 @@ export declare const AudioOutputSchema: z.ZodObject<{
     type: z.ZodLiteral<"audio">;
     data: z.ZodString;
     mimeType: z.ZodString;
+    annotations: z.ZodOptional<z.ZodObject<{
+        audience: z.ZodOptional<z.ZodArray<z.ZodEnum<{
+            user: "user";
+            assistant: "assistant";
+        }>>>;
+        priority: z.ZodOptional<z.ZodNumber>;
+        lastModified: z.ZodOptional<z.ZodISODateTime>;
+    }, z.core.$strip>>;
     _meta: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
 }, z.core.$strip>;
 export type AudioOutput = z.output<typeof AudioOutputSchema>;
@@ -111,6 +127,14 @@ export declare const ResourceOutputSchema: z.ZodObject<{
         _meta: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
         blob: z.ZodString;
     }, z.core.$strip>]>;
+    annotations: z.ZodOptional<z.ZodObject<{
+        audience: z.ZodOptional<z.ZodArray<z.ZodEnum<{
+            user: "user";
+            assistant: "assistant";
+        }>>>;
+        priority: z.ZodOptional<z.ZodNumber>;
+        lastModified: z.ZodOptional<z.ZodISODateTime>;
+    }, z.core.$strip>>;
     _meta: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
 }, z.core.$strip>;
 export type ResourceOutput = z.output<typeof ResourceOutputSchema>;
@@ -122,6 +146,14 @@ export declare const ResourceLinkOutputSchema: z.ZodObject<{
     uri: z.ZodString;
     description: z.ZodOptional<z.ZodString>;
     mimeType: z.ZodOptional<z.ZodString>;
+    annotations: z.ZodOptional<z.ZodObject<{
+        audience: z.ZodOptional<z.ZodArray<z.ZodEnum<{
+            user: "user";
+            assistant: "assistant";
+        }>>>;
+        priority: z.ZodOptional<z.ZodNumber>;
+        lastModified: z.ZodOptional<z.ZodISODateTime>;
+    }, z.core.$strip>>;
     _meta: z.ZodOptional<z.ZodObject<{}, z.core.$loose>>;
     icons: z.ZodOptional<z.ZodArray<z.ZodObject<{
         src: z.ZodString;
@@ -142,7 +174,7 @@ export type ToolSingleOutputType = PrimitiveOutputType | ImageOutputType | Audio
  * Default default tool schema is {}
  */
 export type ToolOutputType = ToolSingleOutputType | ToolSingleOutputType[] | undefined;
-export type ToolInputType = z.ZodRawShape;
+export type ToolInputType = z.ZodRawShape | z.ZodObject<any>;
 /**
  * Declarative metadata describing what an McpTool contributes.
  */

package/src/common/metadata/tool.metadata.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"tool.metadata.js","sourceRoot":"","sources":["../../../../src/common/metadata/tool.metadata.ts"],"names":[],"mappings":";;;AAAA,6BAAwB;AAMxB,iEAK4C;AAyE5C,MAAM,wBAAwB,GAAG,OAAC;KAC/B,MAAM,CAAC;IACN,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,YAAY,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACpC,eAAe,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACvC,cAAc,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACtC,aAAa,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;CACC,CAAC;KACxC,WAAW,EAAE,CAAC;AAmBJ,QAAA,iBAAiB,GAAG,6BAAkB,CAAC;AAOvC,QAAA,iBAAiB,GAAG,6BAAkB,CAAC;AAOvC,QAAA,oBAAoB,GAAG,iCAAsB,CAAC;AAO9C,QAAA,wBAAwB,GAAG,6BAAkB,CAAC;AAyF3D;;;;;GAKG;AAEH,MAAM,4BAA4B,GAAG,OAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC,CAAC;AACrF,MAAM,0BAA0B,GAAG,OAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,eAAe,CAAC,CAAC,CAAC;AAE3F,MAAM,mBAAmB,GAAG,OAAC,CAAC,KAAK,CAAC,CAAC,4BAA4B,EAAE,0BAA0B,CAAC,CAAC,CAAC;AAEhG,uDAAuD;AACvD,MAAM,uBAAuB,GAAG,OAAC,CAAC,UAAU,CAAC,OAAC,CAAC,OAAO,CAAC,CAAC;AAExD,wCAAwC;AACxC,MAAM,iBAAiB,GAAG,OAAC,CAAC,MAAM,CAAC,OAAC,CAAC,MAAM,EAAE,EAAE,uBAAuB,CAAC,CAAC;AAExE,MAAM,sBAAsB,GAAG,OAAC,CAAC,KAAK,CAAC,CAAC,mBAAmB,EAAE,uBAAuB,EAAE,iBAAiB,CAAC,CAAC,CAAC;AAE1G,iEAAiE;AACjE,MAAM,gBAAgB,GAAG,OAAC,CAAC,KAAK,CAAC,CAAC,sBAAsB,EAAE,OAAC,CAAC,KAAK,CAAC,sBAAsB,CAAC,CAAC,CAAC,CAAC;AAC5F,MAAM,iBAAiB,GAAG,OAAC,CAAC,MAAM,CAAC;IACjC,WAAW,EAAE,OAAC,CAAC,MAAM,EAAE;IACvB,KAAK,EAAE,OAAC,CAAC,MAAM,CAAC,OAAC,CAAC,MAAM,EAAE,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC;IACxC,MAAM,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;CAC/B,CAAC,CAAC;AAEU,QAAA,0BAA0B,GAAG,OAAC;KACxC,MAAM,CAAC;IACN,EAAE,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACzB,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACvB,WAAW,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAClC,WAAW,EAAE,OAAC,CAAC,UAAU,CAAC,MAAM,CAAC;IACjC,cAAc,EAAE,OAAC,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IAClC,YAAY,EAAE,gBAAgB,CAAC,QAAQ,EAAE;IACzC,IAAI,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IAC3C,WAAW,EAAE,wBAAwB,CAAC,QAAQ,EAAE;IAChD,iBAAiB,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;IACxD,QAAQ,EAAE,OAAC,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC,QAAQ,EAAE;IAC/C,EAAE,EAAE,OAAC,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,EAAE;CAC+B,CAAC;KACjE,WAAW,EAAE,CAAC","sourcesContent":["import { z } from 'zod';\nimport { RawZodShape } from '../types';\nimport type { JSONSchema } from 'zod/v4/core';\n\n/** JSON Schema type from Zod v4 /\ntype JsonSchema = JSONSchema.JSONSchema;\nimport {\n ImageContentSchema,\n AudioContentSchema,\n ResourceLinkSchema,\n EmbeddedResourceSchema,\n} from '@modelcontextprotocol/sdk/types.js';\nimport { ToolUIConfig } from './tool-ui.metadata';\nimport { ToolInputOf, ToolOutputOf } from '../decorators';\n\ndeclare global {\n /\n Declarative metadata extends to the an McpTool decorator.\n /\n interface ExtendFrontMcpToolMetadata {}\n}\n\n/\n Example input/output pair for a tool, used in documentation and describe output.\n /\nexport interface ToolExample {\n /\n Description of what this example demonstrates.\n /\n description: string;\n\n /\n Example input values for the tool.\n /\n input: Record<string, unknown>;\n\n /\n Optional expected output for the example.\n /\n output?: unknown;\n}\n\nexport interface ToolAnnotations {\n [x: string]: unknown;\n\n /\n A human-readable title for the tool.\n /\n title?: string;\n /\n If true, the tool does not modify its environment.\n \n Default: false\n /\n readOnlyHint?: boolean;\n /\n If true, the tool may perform destructive updates to its environment.\n * If false, the tool performs only additive updates.\n \n (This property is meaningful only when `readOnlyHint == false`)\n \n Default: true\n /\n destructiveHint?: boolean;\n /\n If true, calling the tool repeatedly with the same arguments\n * will have no additional effect on the its environment.\n \n (This property is meaningful only when `readOnlyHint == false`)\n \n Default: false\n /\n idempotentHint?: boolean;\n /\n If true, this tool may interact with an \"open world\" of external\n * entities. If false, the tool's domain of interaction is closed.\n * For example, the world of a web search tool is open, whereas that\n * of a memory tool is not.\n \n Default: true\n /\n openWorldHint?: boolean;\n}\n\nconst mcpToolAnnotationsSchema = z\n .object({\n title: z.string().optional(),\n readOnlyHint: z.boolean().optional(),\n destructiveHint: z.boolean().optional(),\n idempotentHint: z.boolean().optional(),\n openWorldHint: z.boolean().optional(),\n } satisfies RawZodShape<ToolAnnotations>)\n .passthrough();\n\n/\n Tool response type text: include if outputSchema is zod primitive types\n /\ntype PrimitiveOutputType =\n \| 'string'\n \| 'number'\n \| 'date'\n \| 'boolean'\n \| z.ZodString\n \| z.ZodNumber\n \| z.ZodBoolean\n \| z.ZodBigInt\n \| z.ZodDate;\n/\n Tool response type image, will use the ImageContentSchema from MCP types\n /\ntype ImageOutputType = 'image';\nexport const ImageOutputSchema = ImageContentSchema;\nexport type ImageOutput = z.output<typeof ImageOutputSchema>;\n\n/\n Tool response type audio, will use the AudioContentSchema from MCP types\n /\ntype AudioOutputType = 'audio';\nexport const AudioOutputSchema = AudioContentSchema;\nexport type AudioOutput = z.output<typeof AudioOutputSchema>;\n\n/\n Tool response type resource, will use the EmbeddedResourceSchema from MCP types\n /\ntype ResourceOutputType = 'resource';\nexport const ResourceOutputSchema = EmbeddedResourceSchema;\nexport type ResourceOutput = z.output<typeof ResourceOutputSchema>;\n\n/\n Tool response type resource_link, will use the ResourceLinkSchema from MCP types\n /\ntype ResourceLinkOutputType = 'resource_link';\nexport const ResourceLinkOutputSchema = ResourceLinkSchema;\nexport type ResourceLinkOutput = z.output<typeof ResourceLinkOutputSchema>;\n\n/\n Tool response type json, ZodRawShape for fast usage\n /\ntype StructuredOutputType =\n \| z.ZodRawShape\n \| z.ZodObject<any>\n \| z.ZodArray<z.ZodType>\n \| z.ZodUnion<[z.ZodObject<any>, ...z.ZodObject<any>[]]>\n \| z.ZodDiscriminatedUnion<z.ZodObject<any>[]>;\n\nexport type ToolSingleOutputType =\n \| PrimitiveOutputType\n \| ImageOutputType\n \| AudioOutputType\n \| ResourceOutputType\n \| ResourceLinkOutputType\n \| StructuredOutputType;\n\n/\n Default default tool schema is {}\n /\nexport type ToolOutputType = ToolSingleOutputType \| ToolSingleOutputType[] \| undefined;\nexport type ToolInputType = z.ZodRawShape;\n\n/\n Declarative metadata describing what an McpTool contributes.\n /\nexport interface ToolMetadata<InSchema = ToolInputType, OutSchema extends ToolOutputType = ToolOutputType>\n extends ExtendFrontMcpToolMetadata {\n /\n Optional unique identifier for the tool.\n * If omitted, a consumer may derive an ID from the class or file name.\n /\n id?: string;\n\n /\n Human‑readable name of the tool, used in UIs, logs, and discovery.\n /\n name: string;\n\n /\n Short summary describing what the tool does and when to use it.\n /\n description?: string;\n\n /\n Zod schema describing the expected input payload for the tool.\n * Used for validation and for generating automatic docs/UX.\n /\n inputSchema: InSchema;\n /\n Zod schema describing the expected input payload for the tool.\n * Used for validation and for generating automatic docs/UX.\n /\n rawInputSchema?: JsonSchema;\n\n /\n Zod schema describing the structure of the tool's successful output.\n /\n outputSchema?: OutSchema;\n\n /\n Optional list of tags/labels that categorize the tool for discovery and filtering.\n /\n tags?: string[];\n\n annotations?: ToolAnnotations;\n\n /\n If true, the tool will not be shown in the tool/list action results.\n * this method can still be called directly with tool/call even if hidden.\n * use case: tools that are intended to be private or internal. (usually for testing / private apis)\n * Default: false\n /\n hideFromDiscovery?: boolean;\n\n /\n Optional usage examples for the tool.\n * These are used by codecall:describe to provide accurate usage examples.\n * If provided, these take precedence over auto-generated examples.\n /\n examples?: ToolExample[];\n\n ui?: ToolUIConfig<ToolInputOf<InSchema>, ToolOutputOf<OutSchema>>;\n}\n\n/\n Runtime schema for ToolSingleOutputType:\n * - literals ('string', 'image', ...)\n * - any Zod schema (ZodObject, ZodArray, etc.)\n * - raw shapes (Record<string, ZodTypeAny>)\n */\n\nconst primitiveOutputLiteralSchema = z.enum(['string', 'number', 'date', 'boolean']);\nconst specialOutputLiteralSchema = z.enum(['image', 'audio', 'resource', 'resource_link']);\n\nconst outputLiteralSchema = z.union([primitiveOutputLiteralSchema, specialOutputLiteralSchema]);\n\n// Any Zod schema instance (object, array, union, etc.)\nconst zodSchemaInstanceSchema = z.instanceof(z.ZodType);\n\n// Raw shape: { field: z.string(), ... }\nconst zodRawShapeSchema = z.record(z.string(), zodSchemaInstanceSchema);\n\nconst toolSingleOutputSchema = z.union([outputLiteralSchema, zodSchemaInstanceSchema, zodRawShapeSchema]);\n\n// ToolOutputType = ToolSingleOutputType \| ToolSingleOutputType[]\nconst toolOutputSchema = z.union([toolSingleOutputSchema, z.array(toolSingleOutputSchema)]);\nconst toolExampleSchema = z.object({\n description: z.string(),\n input: z.record(z.string(), z.unknown()),\n output: z.unknown().optional(),\n});\n\nexport const frontMcpToolMetadataSchema = z\n .object({\n id: z.string().optional(),\n name: z.string().min(1),\n description: z.string().optional(),\n inputSchema: z.instanceof(Object),\n rawInputSchema: z.any().optional(),\n outputSchema: toolOutputSchema.optional(),\n tags: z.array(z.string().min(1)).optional(),\n annotations: mcpToolAnnotationsSchema.optional(),\n hideFromDiscovery: z.boolean().optional().default(false),\n examples: z.array(toolExampleSchema).optional(),\n ui: z.looseObject({}).optional(),\n } satisfies RawZodShape<ToolMetadata, ExtendFrontMcpToolMetadata>)\n .passthrough();\n"]}
1	+ {"version":3,"file":"tool.metadata.js","sourceRoot":"","sources":["../../../../src/common/metadata/tool.metadata.ts"],"names":[],"mappings":";;;AAAA,6BAAwB;AAMxB,iEAK4C;AAyE5C,MAAM,wBAAwB,GAAG,OAAC;KAC/B,MAAM,CAAC;IACN,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,YAAY,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACpC,eAAe,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACvC,cAAc,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACtC,aAAa,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;CACC,CAAC;KACxC,WAAW,EAAE,CAAC;AAmBJ,QAAA,iBAAiB,GAAG,6BAAkB,CAAC;AAOvC,QAAA,iBAAiB,GAAG,6BAAkB,CAAC;AAOvC,QAAA,oBAAoB,GAAG,iCAAsB,CAAC;AAO9C,QAAA,wBAAwB,GAAG,6BAAkB,CAAC;AAyF3D;;;;;GAKG;AAEH,MAAM,4BAA4B,GAAG,OAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC,CAAC;AACrF,MAAM,0BAA0B,GAAG,OAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,eAAe,CAAC,CAAC,CAAC;AAE3F,MAAM,mBAAmB,GAAG,OAAC,CAAC,KAAK,CAAC,CAAC,4BAA4B,EAAE,0BAA0B,CAAC,CAAC,CAAC;AAEhG,uDAAuD;AACvD,MAAM,uBAAuB,GAAG,OAAC,CAAC,UAAU,CAAC,OAAC,CAAC,OAAO,CAAC,CAAC;AAExD,wCAAwC;AACxC,MAAM,iBAAiB,GAAG,OAAC,CAAC,MAAM,CAAC,OAAC,CAAC,MAAM,EAAE,EAAE,uBAAuB,CAAC,CAAC;AAExE,MAAM,sBAAsB,GAAG,OAAC,CAAC,KAAK,CAAC,CAAC,mBAAmB,EAAE,uBAAuB,EAAE,iBAAiB,CAAC,CAAC,CAAC;AAE1G,iEAAiE;AACjE,MAAM,gBAAgB,GAAG,OAAC,CAAC,KAAK,CAAC,CAAC,sBAAsB,EAAE,OAAC,CAAC,KAAK,CAAC,sBAAsB,CAAC,CAAC,CAAC,CAAC;AAC5F,MAAM,iBAAiB,GAAG,OAAC,CAAC,MAAM,CAAC;IACjC,WAAW,EAAE,OAAC,CAAC,MAAM,EAAE;IACvB,KAAK,EAAE,OAAC,CAAC,MAAM,CAAC,OAAC,CAAC,MAAM,EAAE,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC;IACxC,MAAM,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;CAC/B,CAAC,CAAC;AAEU,QAAA,0BAA0B,GAAG,OAAC;KACxC,MAAM,CAAC;IACN,EAAE,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACzB,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACvB,WAAW,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAClC,WAAW,EAAE,OAAC,CAAC,UAAU,CAAC,MAAM,CAAC;IACjC,cAAc,EAAE,OAAC,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IAClC,YAAY,EAAE,gBAAgB,CAAC,QAAQ,EAAE;IACzC,IAAI,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IAC3C,WAAW,EAAE,wBAAwB,CAAC,QAAQ,EAAE;IAChD,iBAAiB,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;IACxD,QAAQ,EAAE,OAAC,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC,QAAQ,EAAE;IAC/C,EAAE,EAAE,OAAC,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,EAAE;CAC+B,CAAC;KACjE,WAAW,EAAE,CAAC","sourcesContent":["import { z } from 'zod';\nimport { RawZodShape } from '../types';\nimport type { JSONSchema } from 'zod/v4/core';\n\n/** JSON Schema type from Zod v4 /\ntype JsonSchema = JSONSchema.JSONSchema;\nimport {\n ImageContentSchema,\n AudioContentSchema,\n ResourceLinkSchema,\n EmbeddedResourceSchema,\n} from '@modelcontextprotocol/sdk/types.js';\nimport { ToolUIConfig } from './tool-ui.metadata';\nimport { ToolInputOf, ToolOutputOf } from '../decorators';\n\ndeclare global {\n /\n Declarative metadata extends to the an McpTool decorator.\n /\n interface ExtendFrontMcpToolMetadata {}\n}\n\n/\n Example input/output pair for a tool, used in documentation and describe output.\n /\nexport interface ToolExample {\n /\n Description of what this example demonstrates.\n /\n description: string;\n\n /\n Example input values for the tool.\n /\n input: Record<string, unknown>;\n\n /\n Optional expected output for the example.\n /\n output?: unknown;\n}\n\nexport interface ToolAnnotations {\n [x: string]: unknown;\n\n /\n A human-readable title for the tool.\n /\n title?: string;\n /\n If true, the tool does not modify its environment.\n \n Default: false\n /\n readOnlyHint?: boolean;\n /\n If true, the tool may perform destructive updates to its environment.\n * If false, the tool performs only additive updates.\n \n (This property is meaningful only when `readOnlyHint == false`)\n \n Default: true\n /\n destructiveHint?: boolean;\n /\n If true, calling the tool repeatedly with the same arguments\n * will have no additional effect on the its environment.\n \n (This property is meaningful only when `readOnlyHint == false`)\n \n Default: false\n /\n idempotentHint?: boolean;\n /\n If true, this tool may interact with an \"open world\" of external\n * entities. If false, the tool's domain of interaction is closed.\n * For example, the world of a web search tool is open, whereas that\n * of a memory tool is not.\n \n Default: true\n /\n openWorldHint?: boolean;\n}\n\nconst mcpToolAnnotationsSchema = z\n .object({\n title: z.string().optional(),\n readOnlyHint: z.boolean().optional(),\n destructiveHint: z.boolean().optional(),\n idempotentHint: z.boolean().optional(),\n openWorldHint: z.boolean().optional(),\n } satisfies RawZodShape<ToolAnnotations>)\n .passthrough();\n\n/\n Tool response type text: include if outputSchema is zod primitive types\n /\ntype PrimitiveOutputType =\n \| 'string'\n \| 'number'\n \| 'date'\n \| 'boolean'\n \| z.ZodString\n \| z.ZodNumber\n \| z.ZodBoolean\n \| z.ZodBigInt\n \| z.ZodDate;\n/\n Tool response type image, will use the ImageContentSchema from MCP types\n /\ntype ImageOutputType = 'image';\nexport const ImageOutputSchema = ImageContentSchema;\nexport type ImageOutput = z.output<typeof ImageOutputSchema>;\n\n/\n Tool response type audio, will use the AudioContentSchema from MCP types\n /\ntype AudioOutputType = 'audio';\nexport const AudioOutputSchema = AudioContentSchema;\nexport type AudioOutput = z.output<typeof AudioOutputSchema>;\n\n/\n Tool response type resource, will use the EmbeddedResourceSchema from MCP types\n /\ntype ResourceOutputType = 'resource';\nexport const ResourceOutputSchema = EmbeddedResourceSchema;\nexport type ResourceOutput = z.output<typeof ResourceOutputSchema>;\n\n/\n Tool response type resource_link, will use the ResourceLinkSchema from MCP types\n /\ntype ResourceLinkOutputType = 'resource_link';\nexport const ResourceLinkOutputSchema = ResourceLinkSchema;\nexport type ResourceLinkOutput = z.output<typeof ResourceLinkOutputSchema>;\n\n/\n Tool response type json, ZodRawShape for fast usage\n /\ntype StructuredOutputType =\n \| z.ZodRawShape\n \| z.ZodObject<any>\n \| z.ZodArray<z.ZodType>\n \| z.ZodUnion<[z.ZodObject<any>, ...z.ZodObject<any>[]]>\n \| z.ZodDiscriminatedUnion<z.ZodObject<any>[]>;\n\nexport type ToolSingleOutputType =\n \| PrimitiveOutputType\n \| ImageOutputType\n \| AudioOutputType\n \| ResourceOutputType\n \| ResourceLinkOutputType\n \| StructuredOutputType;\n\n/\n Default default tool schema is {}\n /\nexport type ToolOutputType = ToolSingleOutputType \| ToolSingleOutputType[] \| undefined;\nexport type ToolInputType = z.ZodRawShape \| z.ZodObject<any>;\n\n/\n Declarative metadata describing what an McpTool contributes.\n /\nexport interface ToolMetadata<InSchema = ToolInputType, OutSchema extends ToolOutputType = ToolOutputType>\n extends ExtendFrontMcpToolMetadata {\n /\n Optional unique identifier for the tool.\n * If omitted, a consumer may derive an ID from the class or file name.\n /\n id?: string;\n\n /\n Human‑readable name of the tool, used in UIs, logs, and discovery.\n /\n name: string;\n\n /\n Short summary describing what the tool does and when to use it.\n /\n description?: string;\n\n /\n Zod schema describing the expected input payload for the tool.\n * Used for validation and for generating automatic docs/UX.\n /\n inputSchema: InSchema;\n /\n Zod schema describing the expected input payload for the tool.\n * Used for validation and for generating automatic docs/UX.\n /\n rawInputSchema?: JsonSchema;\n\n /\n Zod schema describing the structure of the tool's successful output.\n /\n outputSchema?: OutSchema;\n\n /\n Optional list of tags/labels that categorize the tool for discovery and filtering.\n /\n tags?: string[];\n\n annotations?: ToolAnnotations;\n\n /\n If true, the tool will not be shown in the tool/list action results.\n * this method can still be called directly with tool/call even if hidden.\n * use case: tools that are intended to be private or internal. (usually for testing / private apis)\n * Default: false\n /\n hideFromDiscovery?: boolean;\n\n /\n Optional usage examples for the tool.\n * These are used by codecall:describe to provide accurate usage examples.\n * If provided, these take precedence over auto-generated examples.\n /\n examples?: ToolExample[];\n\n ui?: ToolUIConfig<ToolInputOf<InSchema>, ToolOutputOf<OutSchema>>;\n}\n\n/\n Runtime schema for ToolSingleOutputType:\n * - literals ('string', 'image', ...)\n * - any Zod schema (ZodObject, ZodArray, etc.)\n * - raw shapes (Record<string, ZodTypeAny>)\n */\n\nconst primitiveOutputLiteralSchema = z.enum(['string', 'number', 'date', 'boolean']);\nconst specialOutputLiteralSchema = z.enum(['image', 'audio', 'resource', 'resource_link']);\n\nconst outputLiteralSchema = z.union([primitiveOutputLiteralSchema, specialOutputLiteralSchema]);\n\n// Any Zod schema instance (object, array, union, etc.)\nconst zodSchemaInstanceSchema = z.instanceof(z.ZodType);\n\n// Raw shape: { field: z.string(), ... }\nconst zodRawShapeSchema = z.record(z.string(), zodSchemaInstanceSchema);\n\nconst toolSingleOutputSchema = z.union([outputLiteralSchema, zodSchemaInstanceSchema, zodRawShapeSchema]);\n\n// ToolOutputType = ToolSingleOutputType \| ToolSingleOutputType[]\nconst toolOutputSchema = z.union([toolSingleOutputSchema, z.array(toolSingleOutputSchema)]);\nconst toolExampleSchema = z.object({\n description: z.string(),\n input: z.record(z.string(), z.unknown()),\n output: z.unknown().optional(),\n});\n\nexport const frontMcpToolMetadataSchema = z\n .object({\n id: z.string().optional(),\n name: z.string().min(1),\n description: z.string().optional(),\n inputSchema: z.instanceof(Object),\n rawInputSchema: z.any().optional(),\n outputSchema: toolOutputSchema.optional(),\n tags: z.array(z.string().min(1)).optional(),\n annotations: mcpToolAnnotationsSchema.optional(),\n hideFromDiscovery: z.boolean().optional().default(false),\n examples: z.array(toolExampleSchema).optional(),\n ui: z.looseObject({}).optional(),\n } satisfies RawZodShape<ToolMetadata, ExtendFrontMcpToolMetadata>)\n .passthrough();\n"]}

package/src/common/migrate/auth-transport.migrate.d.ts ADDED Viewed

@@ -0,0 +1,62 @@
+import type { TransportOptionsInput } from '../types/options/transport.options';
+import type { RedisOptionsInput } from '../types/options/redis.options';
+import type { SessionOptions } from '../types/options/session.options';
+/**
+ * Old transport config structure (nested under auth)
+ */
+interface OldTransportConfig {
+    enableLegacySSE?: boolean;
+    enableSseListener?: boolean;
+    enableStreamableHttp?: boolean;
+    enableStatelessHttp?: boolean;
+    enableStatefulHttp?: boolean;
+    requireSessionForStreamable?: boolean;
+    recreation?: {
+        enabled?: boolean;
+        redis?: RedisOptionsInput;
+        defaultTtlMs?: number;
+    };
+}
+/**
+ * Old auth config structure (with nested transport)
+ */
+interface OldAuthConfig {
+    mode: string;
+    transport?: OldTransportConfig;
+    [key: string]: unknown;
+}
+/**
+ * Metadata structure for migration
+ */
+interface MigratableMetadata {
+    auth?: OldAuthConfig;
+    session?: SessionOptions;
+    transport?: TransportOptionsInput;
+    redis?: RedisOptionsInput;
+}
+/**
+ * Reset deprecation warning flag (for testing)
+ */
+export declare function resetDeprecationWarning(): void;
+/**
+ * Check if config needs migration
+ */
+export declare function needsMigration(metadata: MigratableMetadata): boolean;
+/**
+ * Migrate old config structure to new structure
+ *
+ * Returns the migrated values that should be applied to the metadata
+ */
+export declare function migrateAuthTransportConfig(metadata: MigratableMetadata): {
+    transport?: TransportOptionsInput;
+    redis?: RedisOptionsInput;
+    auth?: OldAuthConfig;
+};
+/**
+ * Apply migration to metadata (mutates in place for decorator use)
+ *
+ * This function takes a metadata object with the old config structure
+ * and transforms it to the new structure in place.
+ */
+export declare function applyMigration<T extends MigratableMetadata>(metadata: T): T;
+export {};

package/src/common/migrate/auth-transport.migrate.js ADDED Viewed

@@ -0,0 +1,140 @@
+"use strict";
+// common/migrate/auth-transport.migrate.ts
+//
+// Migration helper for auth.transport -> transport config
+//
+// This file handles backward compatibility for the old config structure.
+// DELETE THIS FILE when removing deprecated support (target: v1.0.0)
+//
+// Migration performed:
+// 1. auth.transport -> transport (top-level)
+// 2. session -> transport (merged)
+// 3. auth.transport.recreation.redis -> redis (top-level, if not already set)
+// 4. auth.tokenStorage.config -> references top-level redis
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.resetDeprecationWarning = resetDeprecationWarning;
+exports.needsMigration = needsMigration;
+exports.migrateAuthTransportConfig = migrateAuthTransportConfig;
+exports.applyMigration = applyMigration;
+let deprecationWarningShown = false;
+/**
+ * Show deprecation warning once per process
+ */
+function showDeprecationWarning(hasOldTransport, hasOldSession) {
+    if (deprecationWarningShown) {
+        return;
+    }
+    deprecationWarningShown = true;
+    const warnings = [];
+    if (hasOldTransport) {
+        warnings.push('  - auth.transport is deprecated, use top-level "transport" instead');
+    }
+    if (hasOldSession) {
+        warnings.push('  - session is deprecated, merge into top-level "transport" instead');
+    }
+    console.warn('\n[DEPRECATION WARNING] FrontMCP config structure has changed:\n' +
+        warnings.join('\n') +
+        '\n  - For Redis config, use top-level "redis" instead\n' +
+        '\nSee documentation: https://docs.agentfront.dev/docs/servers/server\n');
+}
+/**
+ * Reset deprecation warning flag (for testing)
+ */
+function resetDeprecationWarning() {
+    deprecationWarningShown = false;
+}
+/**
+ * Check if config needs migration
+ */
+function needsMigration(metadata) {
+    const hasOldTransport = !!(metadata.auth && 'transport' in metadata.auth && metadata.auth.transport);
+    const hasOldSession = !!metadata.session;
+    return hasOldTransport || hasOldSession;
+}
+/**
+ * Migrate old config structure to new structure
+ *
+ * Returns the migrated values that should be applied to the metadata
+ */
+function migrateAuthTransportConfig(metadata) {
+    const result = {};
+    const hasOldTransport = !!(metadata.auth && 'transport' in metadata.auth && metadata.auth.transport);
+    const hasOldSession = !!metadata.session;
+    if (!hasOldTransport && !hasOldSession) {
+        return result;
+    }
+    // Show deprecation warning
+    showDeprecationWarning(hasOldTransport, hasOldSession);
+    // Start with existing transport config if present
+    result.transport = { ...metadata.transport };
+    // Migrate session config
+    if (hasOldSession) {
+        const session = metadata.session;
+        result.transport = {
+            ...result.transport,
+            sessionMode: session.sessionMode,
+            transportIdMode: session.transportIdMode,
+            platformDetection: session.platformDetection,
+        };
+    }
+    // Migrate auth.transport config
+    if (hasOldTransport) {
+        const oldTransport = metadata.auth.transport;
+        // Merge transport protocol settings
+        result.transport = {
+            ...result.transport,
+            enableLegacySSE: oldTransport.enableLegacySSE ?? result.transport.enableLegacySSE,
+            enableSseListener: oldTransport.enableSseListener ?? result.transport.enableSseListener,
+            enableStreamableHttp: oldTransport.enableStreamableHttp ?? result.transport.enableStreamableHttp,
+            enableStatelessHttp: oldTransport.enableStatelessHttp ?? result.transport.enableStatelessHttp,
+            enableStatefulHttp: oldTransport.enableStatefulHttp ?? result.transport.enableStatefulHttp,
+            requireSessionForStreamable: oldTransport.requireSessionForStreamable ?? result.transport.requireSessionForStreamable,
+        };
+        // Migrate recreation -> persistence
+        if (oldTransport.recreation) {
+            result.transport.persistence = {
+                enabled: oldTransport.recreation.enabled ?? false,
+                redis: oldTransport.recreation.redis,
+                defaultTtlMs: oldTransport.recreation.defaultTtlMs,
+            };
+            // Extract Redis config to top-level if not already present
+            if (oldTransport.recreation.redis && !metadata.redis) {
+                result.redis = oldTransport.recreation.redis;
+            }
+        }
+        // Create clean auth without transport
+        // eslint-disable-next-line @typescript-eslint/no-unused-vars
+        const { transport: _, ...cleanAuth } = metadata.auth;
+        result.auth = cleanAuth;
+    }
+    return result;
+}
+/**
+ * Apply migration to metadata (mutates in place for decorator use)
+ *
+ * This function takes a metadata object with the old config structure
+ * and transforms it to the new structure in place.
+ */
+function applyMigration(metadata) {
+    if (!needsMigration(metadata)) {
+        return metadata;
+    }
+    const migrated = migrateAuthTransportConfig(metadata);
+    // Apply migrated transport config
+    if (migrated.transport) {
+        metadata['transport'] = {
+            ...metadata.transport,
+            ...migrated.transport,
+        };
+    }
+    // Apply migrated redis config
+    if (migrated.redis) {
+        metadata['redis'] = migrated.redis;
+    }
+    // Apply cleaned auth config (without transport)
+    if (migrated.auth) {
+        metadata.auth = migrated.auth;
+    }
+    return metadata;
+}
+//# sourceMappingURL=auth-transport.migrate.js.map

package/src/common/migrate/auth-transport.migrate.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"auth-transport.migrate.js","sourceRoot":"","sources":["../../../../src/common/migrate/auth-transport.migrate.ts"],"names":[],"mappings":";AAAA,2CAA2C;AAC3C,EAAE;AACF,0DAA0D;AAC1D,EAAE;AACF,yEAAyE;AACzE,qEAAqE;AACrE,EAAE;AACF,uBAAuB;AACvB,6CAA6C;AAC7C,mCAAmC;AACnC,8EAA8E;AAC9E,4DAA4D;;AAwE5D,0DAEC;AAKD,wCAIC;AAOD,gEAwEC;AAQD,wCA0BC;AA1JD,IAAI,uBAAuB,GAAG,KAAK,CAAC;AAEpC;;GAEG;AACH,SAAS,sBAAsB,CAAC,eAAwB,EAAE,aAAsB;IAC9E,IAAI,uBAAuB,EAAE,CAAC;QAC5B,OAAO;IACT,CAAC;IACD,uBAAuB,GAAG,IAAI,CAAC;IAE/B,MAAM,QAAQ,GAAa,EAAE,CAAC;IAC9B,IAAI,eAAe,EAAE,CAAC;QACpB,QAAQ,CAAC,IAAI,CAAC,qEAAqE,CAAC,CAAC;IACvF,CAAC;IACD,IAAI,aAAa,EAAE,CAAC;QAClB,QAAQ,CAAC,IAAI,CAAC,qEAAqE,CAAC,CAAC;IACvF,CAAC;IAED,OAAO,CAAC,IAAI,CACV,kEAAkE;QAChE,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC;QACnB,yDAAyD;QACzD,wEAAwE,CAC3E,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAgB,uBAAuB;IACrC,uBAAuB,GAAG,KAAK,CAAC;AAClC,CAAC;AAED;;GAEG;AACH,SAAgB,cAAc,CAAC,QAA4B;IACzD,MAAM,eAAe,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,IAAI,WAAW,IAAI,QAAQ,CAAC,IAAI,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IACrG,MAAM,aAAa,GAAG,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC;IACzC,OAAO,eAAe,IAAI,aAAa,CAAC;AAC1C,CAAC;AAED;;;;GAIG;AACH,SAAgB,0BAA0B,CAAC,QAA4B;IAKrE,MAAM,MAAM,GAIR,EAAE,CAAC;IAEP,MAAM,eAAe,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,IAAI,WAAW,IAAI,QAAQ,CAAC,IAAI,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IACrG,MAAM,aAAa,GAAG,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC;IAEzC,IAAI,CAAC,eAAe,IAAI,CAAC,aAAa,EAAE,CAAC;QACvC,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,2BAA2B;IAC3B,sBAAsB,CAAC,eAAe,EAAE,aAAa,CAAC,CAAC;IAEvD,kDAAkD;IAClD,MAAM,CAAC,SAAS,GAAG,EAAE,GAAG,QAAQ,CAAC,SAAS,EAAE,CAAC;IAE7C,yBAAyB;IACzB,IAAI,aAAa,EAAE,CAAC;QAClB,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAQ,CAAC;QAClC,MAAM,CAAC,SAAS,GAAG;YACjB,GAAG,MAAM,CAAC,SAAS;YACnB,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,eAAe,EAAE,OAAO,CAAC,eAAe;YACxC,iBAAiB,EAAE,OAAO,CAAC,iBAAiB;SAC7C,CAAC;IACJ,CAAC;IAED,gCAAgC;IAChC,IAAI,eAAe,EAAE,CAAC;QACpB,MAAM,YAAY,GAAG,QAAQ,CAAC,IAAK,CAAC,SAAU,CAAC;QAE/C,oCAAoC;QACpC,MAAM,CAAC,SAAS,GAAG;YACjB,GAAG,MAAM,CAAC,SAAS;YACnB,eAAe,EAAE,YAAY,CAAC,eAAe,IAAI,MAAM,CAAC,SAAS,CAAC,eAAe;YACjF,iBAAiB,EAAE,YAAY,CAAC,iBAAiB,IAAI,MAAM,CAAC,SAAS,CAAC,iBAAiB;YACvF,oBAAoB,EAAE,YAAY,CAAC,oBAAoB,IAAI,MAAM,CAAC,SAAS,CAAC,oBAAoB;YAChG,mBAAmB,EAAE,YAAY,CAAC,mBAAmB,IAAI,MAAM,CAAC,SAAS,CAAC,mBAAmB;YAC7F,kBAAkB,EAAE,YAAY,CAAC,kBAAkB,IAAI,MAAM,CAAC,SAAS,CAAC,kBAAkB;YAC1F,2BAA2B,EACzB,YAAY,CAAC,2BAA2B,IAAI,MAAM,CAAC,SAAS,CAAC,2BAA2B;SAC3F,CAAC;QAEF,oCAAoC;QACpC,IAAI,YAAY,CAAC,UAAU,EAAE,CAAC;YAC5B,MAAM,CAAC,SAAS,CAAC,WAAW,GAAG;gBAC7B,OAAO,EAAE,YAAY,CAAC,UAAU,CAAC,OAAO,IAAI,KAAK;gBACjD,KAAK,EAAE,YAAY,CAAC,UAAU,CAAC,KAAK;gBACpC,YAAY,EAAE,YAAY,CAAC,UAAU,CAAC,YAAY;aACnD,CAAC;YAEF,2DAA2D;YAC3D,IAAI,YAAY,CAAC,UAAU,CAAC,KAAK,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC;gBACrD,MAAM,CAAC,KAAK,GAAG,YAAY,CAAC,UAAU,CAAC,KAAK,CAAC;YAC/C,CAAC;QACH,CAAC;QAED,sCAAsC;QACtC,6DAA6D;QAC7D,MAAM,EAAE,SAAS,EAAE,CAAC,EAAE,GAAG,SAAS,EAAE,GAAG,QAAQ,CAAC,IAAK,CAAC;QACtD,MAAM,CAAC,IAAI,GAAG,SAA0B,CAAC;IAC3C,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;GAKG;AACH,SAAgB,cAAc,CAA+B,QAAW;IACtE,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC9B,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,MAAM,QAAQ,GAAG,0BAA0B,CAAC,QAAQ,CAAC,CAAC;IAEtD,kCAAkC;IAClC,IAAI,QAAQ,CAAC,SAAS,EAAE,CAAC;QACtB,QAAoC,CAAC,WAAW,CAAC,GAAG;YACnD,GAAG,QAAQ,CAAC,SAAS;YACrB,GAAG,QAAQ,CAAC,SAAS;SACtB,CAAC;IACJ,CAAC;IAED,8BAA8B;IAC9B,IAAI,QAAQ,CAAC,KAAK,EAAE,CAAC;QAClB,QAAoC,CAAC,OAAO,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC;IAClE,CAAC;IAED,gDAAgD;IAChD,IAAI,QAAQ,CAAC,IAAI,EAAE,CAAC;QAClB,QAAQ,CAAC,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC;IAChC,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC","sourcesContent":["// common/migrate/auth-transport.migrate.ts\n//\n// Migration helper for auth.transport -> transport config\n//\n// This file handles backward compatibility for the old config structure.\n// DELETE THIS FILE when removing deprecated support (target: v1.0.0)\n//\n// Migration performed:\n// 1. auth.transport -> transport (top-level)\n// 2. session -> transport (merged)\n// 3. auth.transport.recreation.redis -> redis (top-level, if not already set)\n// 4. auth.tokenStorage.config -> references top-level redis\n\nimport type { TransportOptionsInput } from '../types/options/transport.options';\nimport type { RedisOptionsInput } from '../types/options/redis.options';\nimport type { SessionOptions } from '../types/options/session.options';\n\n/**\n * Old transport config structure (nested under auth)\n */\ninterface OldTransportConfig {\n enableLegacySSE?: boolean;\n enableSseListener?: boolean;\n enableStreamableHttp?: boolean;\n enableStatelessHttp?: boolean;\n enableStatefulHttp?: boolean;\n requireSessionForStreamable?: boolean;\n recreation?: {\n enabled?: boolean;\n redis?: RedisOptionsInput;\n defaultTtlMs?: number;\n };\n}\n\n/**\n * Old auth config structure (with nested transport)\n */\ninterface OldAuthConfig {\n mode: string;\n transport?: OldTransportConfig;\n [key: string]: unknown;\n}\n\n/**\n * Metadata structure for migration\n */\ninterface MigratableMetadata {\n auth?: OldAuthConfig;\n session?: SessionOptions;\n transport?: TransportOptionsInput;\n redis?: RedisOptionsInput;\n}\n\nlet deprecationWarningShown = false;\n\n/**\n * Show deprecation warning once per process\n */\nfunction showDeprecationWarning(hasOldTransport: boolean, hasOldSession: boolean): void {\n if (deprecationWarningShown) {\n return;\n }\n deprecationWarningShown = true;\n\n const warnings: string[] = [];\n if (hasOldTransport) {\n warnings.push(' - auth.transport is deprecated, use top-level \"transport\" instead');\n }\n if (hasOldSession) {\n warnings.push(' - session is deprecated, merge into top-level \"transport\" instead');\n }\n\n console.warn(\n '\\n[DEPRECATION WARNING] FrontMCP config structure has changed:\\n' +\n warnings.join('\\n') +\n '\\n - For Redis config, use top-level \"redis\" instead\\n' +\n '\\nSee documentation: https://docs.agentfront.dev/docs/servers/server\\n',\n );\n}\n\n/**\n * Reset deprecation warning flag (for testing)\n */\nexport function resetDeprecationWarning(): void {\n deprecationWarningShown = false;\n}\n\n/**\n * Check if config needs migration\n */\nexport function needsMigration(metadata: MigratableMetadata): boolean {\n const hasOldTransport = !!(metadata.auth && 'transport' in metadata.auth && metadata.auth.transport);\n const hasOldSession = !!metadata.session;\n return hasOldTransport || hasOldSession;\n}\n\n/**\n * Migrate old config structure to new structure\n *\n * Returns the migrated values that should be applied to the metadata\n */\nexport function migrateAuthTransportConfig(metadata: MigratableMetadata): {\n transport?: TransportOptionsInput;\n redis?: RedisOptionsInput;\n auth?: OldAuthConfig;\n} {\n const result: {\n transport?: TransportOptionsInput;\n redis?: RedisOptionsInput;\n auth?: OldAuthConfig;\n } = {};\n\n const hasOldTransport = !!(metadata.auth && 'transport' in metadata.auth && metadata.auth.transport);\n const hasOldSession = !!metadata.session;\n\n if (!hasOldTransport && !hasOldSession) {\n return result;\n }\n\n // Show deprecation warning\n showDeprecationWarning(hasOldTransport, hasOldSession);\n\n // Start with existing transport config if present\n result.transport = { ...metadata.transport };\n\n // Migrate session config\n if (hasOldSession) {\n const session = metadata.session!;\n result.transport = {\n ...result.transport,\n sessionMode: session.sessionMode,\n transportIdMode: session.transportIdMode,\n platformDetection: session.platformDetection,\n };\n }\n\n // Migrate auth.transport config\n if (hasOldTransport) {\n const oldTransport = metadata.auth!.transport!;\n\n // Merge transport protocol settings\n result.transport = {\n ...result.transport,\n enableLegacySSE: oldTransport.enableLegacySSE ?? result.transport.enableLegacySSE,\n enableSseListener: oldTransport.enableSseListener ?? result.transport.enableSseListener,\n enableStreamableHttp: oldTransport.enableStreamableHttp ?? result.transport.enableStreamableHttp,\n enableStatelessHttp: oldTransport.enableStatelessHttp ?? result.transport.enableStatelessHttp,\n enableStatefulHttp: oldTransport.enableStatefulHttp ?? result.transport.enableStatefulHttp,\n requireSessionForStreamable:\n oldTransport.requireSessionForStreamable ?? result.transport.requireSessionForStreamable,\n };\n\n // Migrate recreation -> persistence\n if (oldTransport.recreation) {\n result.transport.persistence = {\n enabled: oldTransport.recreation.enabled ?? false,\n redis: oldTransport.recreation.redis,\n defaultTtlMs: oldTransport.recreation.defaultTtlMs,\n };\n\n // Extract Redis config to top-level if not already present\n if (oldTransport.recreation.redis && !metadata.redis) {\n result.redis = oldTransport.recreation.redis;\n }\n }\n\n // Create clean auth without transport\n // eslint-disable-next-line @typescript-eslint/no-unused-vars\n const { transport: _, ...cleanAuth } = metadata.auth!;\n result.auth = cleanAuth as OldAuthConfig;\n }\n\n return result;\n}\n\n/**\n * Apply migration to metadata (mutates in place for decorator use)\n *\n * This function takes a metadata object with the old config structure\n * and transforms it to the new structure in place.\n */\nexport function applyMigration<T extends MigratableMetadata>(metadata: T): T {\n if (!needsMigration(metadata)) {\n return metadata;\n }\n\n const migrated = migrateAuthTransportConfig(metadata);\n\n // Apply migrated transport config\n if (migrated.transport) {\n (metadata as Record<string, unknown>)['transport'] = {\n ...metadata.transport,\n ...migrated.transport,\n };\n }\n\n // Apply migrated redis config\n if (migrated.redis) {\n (metadata as Record<string, unknown>)['redis'] = migrated.redis;\n }\n\n // Apply cleaned auth config (without transport)\n if (migrated.auth) {\n metadata.auth = migrated.auth;\n }\n\n return metadata;\n}\n"]}

package/src/common/migrate/index.d.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export * from './auth-transport.migrate';

package/src/common/migrate/index.js ADDED Viewed

@@ -0,0 +1,6 @@
+"use strict";
+// common/migrate/index.ts
+Object.defineProperty(exports, "__esModule", { value: true });
+const tslib_1 = require("tslib");
+tslib_1.__exportStar(require("./auth-transport.migrate"), exports);
+//# sourceMappingURL=index.js.map

package/src/common/migrate/index.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/common/migrate/index.ts"],"names":[],"mappings":";AAAA,0BAA0B;;;AAE1B,mEAAyC","sourcesContent":["// common/migrate/index.ts\n\nexport * from './auth-transport.migrate';\n"]}

package/src/common/schemas/http-output.schema.d.ts CHANGED Viewed

@@ -302,7 +302,11 @@ export declare const HttpJsonRpcSchema: z.ZodObject<{
         jsonrpc: z.ZodLiteral<"2.0">;
         id: z.ZodUnion<readonly [z.ZodString, z.ZodNumber]>;
         result: z.ZodObject<{
-            _meta: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
+            _meta: z.ZodOptional<z.ZodObject<{
+                "io.modelcontextprotocol/related-task": z.ZodOptional<z.ZodObject<{
+                    taskId: z.ZodString;
+                }, z.core.$loose>>;
+            }, z.core.$loose>>;
         }, z.core.$loose>;
     }, z.core.$strict>, z.ZodObject<{
         jsonrpc: z.ZodLiteral<"2.0">;
@@ -596,7 +600,11 @@ export declare const httpOutputSchema: z.ZodDiscriminatedUnion<[z.ZodObject<{
         jsonrpc: z.ZodLiteral<"2.0">;
         id: z.ZodUnion<readonly [z.ZodString, z.ZodNumber]>;
         result: z.ZodObject<{
-            _meta: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
+            _meta: z.ZodOptional<z.ZodObject<{
+                "io.modelcontextprotocol/related-task": z.ZodOptional<z.ZodObject<{
+                    taskId: z.ZodString;
+                }, z.core.$loose>>;
+            }, z.core.$loose>>;
         }, z.core.$loose>;
     }, z.core.$strict>, z.ZodObject<{
         jsonrpc: z.ZodLiteral<"2.0">;

package/src/common/schemas/index.d.ts CHANGED Viewed

@@ -1,3 +1,4 @@
 export * from './annotated-class.schema';
 export * from './http-output.schema';
 export * from './http-input.schema';
+export * from './session-header.schema';

package/src/common/schemas/index.js CHANGED Viewed

@@ -4,4 +4,5 @@ const tslib_1 = require("tslib");
 tslib_1.__exportStar(require("./annotated-class.schema"), exports);
 tslib_1.__exportStar(require("./http-output.schema"), exports);
 tslib_1.__exportStar(require("./http-input.schema"), exports);
+tslib_1.__exportStar(require("./session-header.schema"), exports);
 //# sourceMappingURL=index.js.map

package/src/common/schemas/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/common/schemas/index.ts"],"names":[],"mappings":";;;AAAA,mEAAyC;AACzC,+DAAqC;AACrC,8DAAoC","sourcesContent":["export * from './annotated-class.schema';\nexport * from './http-output.schema';\nexport * from './http-input.schema';"]}
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/common/schemas/index.ts"],"names":[],"mappings":";;;AAAA,mEAAyC;AACzC,+DAAqC;AACrC,8DAAoC;AACpC,kEAAwC","sourcesContent":["export * from './annotated-class.schema';\nexport * from './http-output.schema';\nexport * from './http-input.schema';\nexport * from './session-header.schema';\n"]}

package/src/common/schemas/session-header.schema.d.ts ADDED Viewed

@@ -0,0 +1,16 @@
+import { z } from 'zod';
+/**
+ * Zod schema for validating mcp-session-id header format.
+ * Uses Zod's built-in validators to prevent ReDoS attacks and ensure safe validation.
+ *
+ * - Max length: 2048 characters (encrypted session IDs can be 460-700+ characters
+ *   due to AES-256-GCM encryption producing base64url format: iv.tag.ciphertext)
+ * - Only allows printable ASCII characters (0x20-0x7E)
+ * - Rejects control characters and null bytes
+ */
+export declare const mcpSessionHeaderSchema: z.ZodString;
+/**
+ * Validate mcp-session-id header using Zod schema.
+ * Returns undefined for invalid or missing values.
+ */
+export declare function validateMcpSessionHeader(value: string | undefined): string | undefined;

package/src/common/schemas/session-header.schema.js ADDED Viewed

@@ -0,0 +1,42 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.mcpSessionHeaderSchema = void 0;
+exports.validateMcpSessionHeader = validateMcpSessionHeader;
+const zod_1 = require("zod");
+/**
+ * Zod schema for validating mcp-session-id header format.
+ * Uses Zod's built-in validators to prevent ReDoS attacks and ensure safe validation.
+ *
+ * - Max length: 2048 characters (encrypted session IDs can be 460-700+ characters
+ *   due to AES-256-GCM encryption producing base64url format: iv.tag.ciphertext)
+ * - Only allows printable ASCII characters (0x20-0x7E)
+ * - Rejects control characters and null bytes
+ */
+exports.mcpSessionHeaderSchema = zod_1.z
+    .string()
+    .min(1)
+    .max(2048)
+    .refine((value) => {
+    // Check each character is printable ASCII (0x20-0x7E)
+    for (let i = 0; i < value.length; i++) {
+        const code = value.charCodeAt(i);
+        if (code < 0x20 || code > 0x7e) {
+            return false;
+        }
+    }
+    return true;
+}, { message: 'Session ID must contain only printable ASCII characters' })
+    .refine((v) => v === v.trim(), {
+    message: 'Session ID must not have leading/trailing whitespace',
+});
+/**
+ * Validate mcp-session-id header using Zod schema.
+ * Returns undefined for invalid or missing values.
+ */
+function validateMcpSessionHeader(value) {
+    if (!value)
+        return undefined;
+    const result = exports.mcpSessionHeaderSchema.safeParse(value);
+    return result.success ? result.data : undefined;
+}
+//# sourceMappingURL=session-header.schema.js.map

package/src/common/schemas/session-header.schema.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"session-header.schema.js","sourceRoot":"","sources":["../../../../src/common/schemas/session-header.schema.ts"],"names":[],"mappings":";;;AAoCA,4DAIC;AAxCD,6BAAwB;AAExB;;;;;;;;GAQG;AACU,QAAA,sBAAsB,GAAG,OAAC;KACpC,MAAM,EAAE;KACR,GAAG,CAAC,CAAC,CAAC;KACN,GAAG,CAAC,IAAI,CAAC;KACT,MAAM,CACL,CAAC,KAAK,EAAE,EAAE;IACR,sDAAsD;IACtD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;QACjC,IAAI,IAAI,GAAG,IAAI,IAAI,IAAI,GAAG,IAAI,EAAE,CAAC;YAC/B,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC,EACD,EAAE,OAAO,EAAE,yDAAyD,EAAE,CACvE;KACA,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,EAAE;IAC7B,OAAO,EAAE,sDAAsD;CAChE,CAAC,CAAC;AAEL;;;GAGG;AACH,SAAgB,wBAAwB,CAAC,KAAyB;IAChE,IAAI,CAAC,KAAK;QAAE,OAAO,SAAS,CAAC;IAC7B,MAAM,MAAM,GAAG,8BAAsB,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;IACvD,OAAO,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;AAClD,CAAC","sourcesContent":["import { z } from 'zod';\n\n/**\n * Zod schema for validating mcp-session-id header format.\n * Uses Zod's built-in validators to prevent ReDoS attacks and ensure safe validation.\n *\n * - Max length: 2048 characters (encrypted session IDs can be 460-700+ characters\n * due to AES-256-GCM encryption producing base64url format: iv.tag.ciphertext)\n * - Only allows printable ASCII characters (0x20-0x7E)\n * - Rejects control characters and null bytes\n */\nexport const mcpSessionHeaderSchema = z\n .string()\n .min(1)\n .max(2048)\n .refine(\n (value) => {\n // Check each character is printable ASCII (0x20-0x7E)\n for (let i = 0; i < value.length; i++) {\n const code = value.charCodeAt(i);\n if (code < 0x20 || code > 0x7e) {\n return false;\n }\n }\n return true;\n },\n { message: 'Session ID must contain only printable ASCII characters' },\n )\n .refine((v) => v === v.trim(), {\n message: 'Session ID must not have leading/trailing whitespace',\n });\n\n/**\n * Validate mcp-session-id header using Zod schema.\n * Returns undefined for invalid or missing values.\n */\nexport function validateMcpSessionHeader(value: string | undefined): string | undefined {\n if (!value) return undefined;\n const result = mcpSessionHeaderSchema.safeParse(value);\n return result.success ? result.data : undefined;\n}\n"]}

package/src/common/tokens/front-mcp.tokens.js CHANGED Viewed

@@ -7,7 +7,9 @@ exports.FrontMcpTokens = {
     info: base_tokens_1.tokenFactory.meta('info'),
     apps: base_tokens_1.tokenFactory.meta('apps'),
     http: base_tokens_1.tokenFactory.meta('http'),
-    session: base_tokens_1.tokenFactory.meta('session'),
+    redis: base_tokens_1.tokenFactory.meta('redis'),
+    transport: base_tokens_1.tokenFactory.meta('transport'),
+    session: base_tokens_1.tokenFactory.meta('session'), // @deprecated - kept for backward compatibility
     serve: base_tokens_1.tokenFactory.meta('serve'),
     splitByApp: base_tokens_1.tokenFactory.meta('splitByApp'),
     auth: base_tokens_1.tokenFactory.meta('auth'),

package/src/common/tokens/front-mcp.tokens.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"front-mcp.tokens.js","sourceRoot":"","sources":["../../../../src/common/tokens/front-mcp.tokens.ts"],"names":[],"mappings":";;;AAAA,+CAA6C;AAIhC,QAAA,cAAc,GAAuC;IAChE,IAAI,EAAE,0BAAY,CAAC,IAAI,CAAC,MAAM,CAAC;IAC/B,IAAI,EAAE,0BAAY,CAAC,IAAI,CAAC,MAAM,CAAC;IAC/B,IAAI,EAAE,0BAAY,CAAC,IAAI,CAAC,MAAM,CAAC;IAC/B,IAAI,EAAE,0BAAY,CAAC,IAAI,CAAC,MAAM,CAAC;IAC/B,OAAO,EAAE,0BAAY,CAAC,IAAI,CAAC,SAAS,CAAC;~~IACrC~~,KAAK,EAAE,0BAAY,CAAC,IAAI,CAAC,OAAO,CAAC;IACjC,UAAU,EAAE,0BAAY,CAAC,IAAI,CAAC,YAAY,CAAC;IAC3C,IAAI,EAAE,0BAAY,CAAC,IAAI,CAAC,MAAM,CAAC;IAC/B,OAAO,EAAE,0BAAY,CAAC,IAAI,CAAC,SAAS,CAAC;IAErC,0BAA0B;IAC1B,SAAS,EAAE,0BAAY,CAAC,IAAI,CAAC,WAAW,CAAC;IACzC,2CAA2C;IAC3C,KAAK,EAAE,0BAAY,CAAC,IAAI,CAAC,OAAO,CAAC;IACjC,+CAA+C;IAC/C,SAAS,EAAE,0BAAY,CAAC,IAAI,CAAC,WAAW,CAAC;CAC1C,CAAC","sourcesContent":["import { tokenFactory } from './base.tokens';\nimport { RawMetadataShape } from '../types';\nimport { FrontMcpMetadata } from '../metadata';\n\nexport const FrontMcpTokens: RawMetadataShape<FrontMcpMetadata> = {\n type: tokenFactory.type('root'),\n info: tokenFactory.meta('info'),\n apps: tokenFactory.meta('apps'),\n http: tokenFactory.meta('http'),\n session: tokenFactory.meta('session'),\n serve: tokenFactory.meta('serve'),\n splitByApp: tokenFactory.meta('splitByApp'),\n auth: tokenFactory.meta('auth'),\n logging: tokenFactory.meta('logging'),\n\n // global scoped providers\n providers: tokenFactory.meta('providers'),\n // global scoped tools (shared across apps)\n tools: tokenFactory.meta('tools'),\n // global scoped resources (shared across apps)\n resources: tokenFactory.meta('resources'),\n};\n"]}
1	+ {"version":3,"file":"front-mcp.tokens.js","sourceRoot":"","sources":["../../../../src/common/tokens/front-mcp.tokens.ts"],"names":[],"mappings":";;;AAAA,+CAA6C;AAIhC,QAAA,cAAc,GAAuC;IAChE,IAAI,EAAE,0BAAY,CAAC,IAAI,CAAC,MAAM,CAAC;IAC/B,IAAI,EAAE,0BAAY,CAAC,IAAI,CAAC,MAAM,CAAC;IAC/B,IAAI,EAAE,0BAAY,CAAC,IAAI,CAAC,MAAM,CAAC;IAC/B,IAAI,EAAE,0BAAY,CAAC,IAAI,CAAC,MAAM,CAAC;IAC/B,KAAK,EAAE,0BAAY,CAAC,IAAI,CAAC,OAAO,CAAC;IACjC,SAAS,EAAE,0BAAY,CAAC,IAAI,CAAC,WAAW,CAAC;IACzC,OAAO,EAAE,0BAAY,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,gDAAgD;IACvF,KAAK,EAAE,0BAAY,CAAC,IAAI,CAAC,OAAO,CAAC;IACjC,UAAU,EAAE,0BAAY,CAAC,IAAI,CAAC,YAAY,CAAC;IAC3C,IAAI,EAAE,0BAAY,CAAC,IAAI,CAAC,MAAM,CAAC;IAC/B,OAAO,EAAE,0BAAY,CAAC,IAAI,CAAC,SAAS,CAAC;IAErC,0BAA0B;IAC1B,SAAS,EAAE,0BAAY,CAAC,IAAI,CAAC,WAAW,CAAC;IACzC,2CAA2C;IAC3C,KAAK,EAAE,0BAAY,CAAC,IAAI,CAAC,OAAO,CAAC;IACjC,+CAA+C;IAC/C,SAAS,EAAE,0BAAY,CAAC,IAAI,CAAC,WAAW,CAAC;CAC1C,CAAC","sourcesContent":["import { tokenFactory } from './base.tokens';\nimport { RawMetadataShape } from '../types';\nimport { FrontMcpMetadata } from '../metadata';\n\nexport const FrontMcpTokens: RawMetadataShape<FrontMcpMetadata> = {\n type: tokenFactory.type('root'),\n info: tokenFactory.meta('info'),\n apps: tokenFactory.meta('apps'),\n http: tokenFactory.meta('http'),\n redis: tokenFactory.meta('redis'),\n transport: tokenFactory.meta('transport'),\n session: tokenFactory.meta('session'), // @deprecated - kept for backward compatibility\n serve: tokenFactory.meta('serve'),\n splitByApp: tokenFactory.meta('splitByApp'),\n auth: tokenFactory.meta('auth'),\n logging: tokenFactory.meta('logging'),\n\n // global scoped providers\n providers: tokenFactory.meta('providers'),\n // global scoped tools (shared across apps)\n tools: tokenFactory.meta('tools'),\n // global scoped resources (shared across apps)\n resources: tokenFactory.meta('resources'),\n};\n"]}