@frontmcp/sdk 0.5.1 → 0.6.1

package/src/common/metadata/front-mcp.metadata.js

@@ -12,7 +12,10 @@ exports.frontMcpBaseSchema = zod_1.z.object({
     apps: zod_1.z.array(schemas_1.annotatedFrontMcpAppSchema),
     serve: zod_1.z.boolean().optional().default(true),
     http: types_1.httpOptionsSchema.optional(),
-    session: types_1.sessionOptionsSchema.optional(),
+    redis: types_1.redisOptionsSchema.optional(),
+    pubsub: types_1.pubsubOptionsSchema.optional(),
+    transport: types_1.transportOptionsSchema.optional().transform((val) => val ?? types_1.transportOptionsSchema.parse({})),
+    session: types_1.sessionOptionsSchema.optional(), // @deprecated - kept for backward compatibility
     logging: types_1.loggingOptionsSchema.optional(),
 });
 const frontMcpMultiAppSchema = exports.frontMcpBaseSchema.extend({

package/src/common/metadata/front-mcp.metadata.js.map

@@ -1 +1 @@
-{"version":3,"file":"front-mcp.metadata.js","sourceRoot":"","sources":["../../../../src/common/metadata/front-mcp.metadata.ts"],"names":[],"mappings":";;;AAAA,6BAAwB;AACxB,oCAakB;AAClB,wCAKoB;AA8BP,QAAA,kBAAkB,GAAG,OAAC,CAAC,MAAM,CAAC;IACzC,IAAI,EAAE,+BAAuB;IAC7B,SAAS,EAAE,OAAC,CAAC,KAAK,CAAC,0CAAgC,CAAC,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC;IAC3E,KAAK,EAAE,OAAC,CAAC,KAAK,CAAC,sCAA4B,CAAC,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC;IACnE,SAAS,EAAE,OAAC,CAAC,KAAK,CAAC,0CAAgC,CAAC,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC;IAC3E,IAAI,EAAE,OAAC,CAAC,KAAK,CAAC,oCAA0B,CAAC;IACzC,KAAK,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IAC3C,IAAI,EAAE,yBAAiB,CAAC,QAAQ,EAAE;IAClC,OAAO,EAAE,4BAAoB,CAAC,QAAQ,EAAE;IACxC,OAAO,EAAE,4BAAoB,CAAC,QAAQ,EAAE;CACG,CAAC,CAAC;AAO/C,MAAM,sBAAsB,GAAG,0BAAkB,CAAC,MAAM,CAAC;IACvD,UAAU,EAAE,OAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC,kDAAkD,CAAC;IACxG,IAAI,EAAE,yBAAiB,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,0DAA0D,CAAC;CAClC,CAAC,CAAC;AAOzE,MAAM,wBAAwB,GAAG,0BAAkB,CAAC,MAAM,CAAC;IACzD,UAAU,EAAE,OAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,6DAA6D,CAAC;IACnG,IAAI,EAAE,OAAC,CAAC,KAAK,EAAE,CAAC,QAAQ,EAAE;CAC6C,CAAC,CAAC;AAI9D,QAAA,sBAAsB,GAAG,sBAAsB,CAAC,EAAE,CAAC,wBAAwB,CAAC,CAAC","sourcesContent":["import { z } from 'zod';\nimport {\n  AuthOptions,\n  authOptionsSchema,\n  SessionOptions,\n  sessionOptionsSchema,\n  ServerInfoOptions,\n  serverInfoOptionsSchema,\n  HttpOptions,\n  httpOptionsSchema,\n  LoggingOptions,\n  loggingOptionsSchema,\n  RawZodShape,\n  AuthOptionsInput,\n} from '../types';\nimport {\n  annotatedFrontMcpAppSchema,\n  annotatedFrontMcpProvidersSchema,\n  annotatedFrontMcpResourcesSchema,\n  annotatedFrontMcpToolsSchema,\n} from '../schemas';\nimport { AppType, ProviderType, ResourceType, ToolType } from '../interfaces';\n\nexport interface FrontMcpBaseMetadata {\n  info: ServerInfoOptions;\n  apps: AppType[];\n  http?: HttpOptions;\n  session?: SessionOptions;\n  logging?: LoggingOptions;\n\n  serve?: boolean; // default to true\n\n  /**\n   * Additional providers that are available to all apps.\n   */\n  providers?: ProviderType[];\n\n  /**\n   * Shared tools that are available to all apps.\n   * These are merged (additively) with app-specific tools.\n   */\n  tools?: ToolType[];\n\n  /**\n   * Shared resources that are available to all apps.\n   * These are merged (additively) with app-specific resources.\n   */\n  resources?: ResourceType[];\n}\n\nexport const frontMcpBaseSchema = z.object({\n  info: serverInfoOptionsSchema,\n  providers: z.array(annotatedFrontMcpProvidersSchema).optional().default([]),\n  tools: z.array(annotatedFrontMcpToolsSchema).optional().default([]),\n  resources: z.array(annotatedFrontMcpResourcesSchema).optional().default([]),\n  apps: z.array(annotatedFrontMcpAppSchema),\n  serve: z.boolean().optional().default(true),\n  http: httpOptionsSchema.optional(),\n  session: sessionOptionsSchema.optional(),\n  logging: loggingOptionsSchema.optional(),\n} satisfies RawZodShape<FrontMcpBaseMetadata>);\n\nexport interface FrontMcpMultiAppMetadata extends FrontMcpBaseMetadata {\n  splitByApp?: false;\n  auth?: AuthOptionsInput;\n}\n\nconst frontMcpMultiAppSchema = frontMcpBaseSchema.extend({\n  splitByApp: z.literal(false).default(false).describe('If true, each app gets its own scope & basePath.'),\n  auth: authOptionsSchema.optional().describe(\"Configures the server's default authentication provider.\"),\n} satisfies RawZodShape<FrontMcpMultiAppMetadata, FrontMcpBaseMetadata>);\n\nexport interface FrontMcpSplitByAppMetadata extends FrontMcpBaseMetadata {\n  splitByApp: true;\n  auth?: never;\n}\n\nconst frontMcpSplitByAppSchema = frontMcpBaseSchema.extend({\n  splitByApp: z.literal(true).describe('If false, apps are grouped under the same scope & basePath.'),\n  auth: z.never().optional(),\n} satisfies RawZodShape<FrontMcpSplitByAppMetadata, FrontMcpBaseMetadata>);\n\nexport type FrontMcpMetadata = FrontMcpMultiAppMetadata | FrontMcpSplitByAppMetadata;\n\nexport const frontMcpMetadataSchema = frontMcpMultiAppSchema.or(frontMcpSplitByAppSchema);\n\nexport type FrontMcpMultiAppConfig = z.infer<typeof frontMcpMultiAppSchema>;\nexport type FrontMcpSplitByAppConfig = z.infer<typeof frontMcpSplitByAppSchema>;\n\nexport type FrontMcpConfigType = z.infer<typeof frontMcpMetadataSchema>;\n\nexport interface AppScopeMetadata extends Omit<FrontMcpSplitByAppMetadata, 'auth' | 'splitByApp'> {\n  id: string;\n  apps: [AppType];\n  auth?: AuthOptions;\n}\n\nexport interface MultiAppScopeMetadata extends FrontMcpMultiAppMetadata {\n  id: string;\n  apps: AppType[];\n}\n\nexport type ScopeMetadata = AppScopeMetadata | MultiAppScopeMetadata;\n"]}
+{"version":3,"file":"front-mcp.metadata.js","sourceRoot":"","sources":["../../../../src/common/metadata/front-mcp.metadata.ts"],"names":[],"mappings":";;;AAAA,6BAAwB;AACxB,oCAmBkB;AAClB,wCAKoB;AAuDP,QAAA,kBAAkB,GAAG,OAAC,CAAC,MAAM,CAAC;IACzC,IAAI,EAAE,+BAAuB;IAC7B,SAAS,EAAE,OAAC,CAAC,KAAK,CAAC,0CAAgC,CAAC,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC;IAC3E,KAAK,EAAE,OAAC,CAAC,KAAK,CAAC,sCAA4B,CAAC,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC;IACnE,SAAS,EAAE,OAAC,CAAC,KAAK,CAAC,0CAAgC,CAAC,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC;IAC3E,IAAI,EAAE,OAAC,CAAC,KAAK,CAAC,oCAA0B,CAAC;IACzC,KAAK,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IAC3C,IAAI,EAAE,yBAAiB,CAAC,QAAQ,EAAE;IAClC,KAAK,EAAE,0BAAkB,CAAC,QAAQ,EAAE;IACpC,MAAM,EAAE,2BAAmB,CAAC,QAAQ,EAAE;IACtC,SAAS,EAAE,8BAAsB,CAAC,QAAQ,EAAE,CAAC,SAAS,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,IAAI,8BAAsB,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;IACxG,OAAO,EAAE,4BAAoB,CAAC,QAAQ,EAAE,EAAE,gDAAgD;IAC1F,OAAO,EAAE,4BAAoB,CAAC,QAAQ,EAAE;CACG,CAAC,CAAC;AAO/C,MAAM,sBAAsB,GAAG,0BAAkB,CAAC,MAAM,CAAC;IACvD,UAAU,EAAE,OAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC,kDAAkD,CAAC;IACxG,IAAI,EAAE,yBAAiB,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,0DAA0D,CAAC;CAClC,CAAC,CAAC;AAOzE,MAAM,wBAAwB,GAAG,0BAAkB,CAAC,MAAM,CAAC;IACzD,UAAU,EAAE,OAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,6DAA6D,CAAC;IACnG,IAAI,EAAE,OAAC,CAAC,KAAK,EAAE,CAAC,QAAQ,EAAE;CAC6C,CAAC,CAAC;AAI9D,QAAA,sBAAsB,GAAG,sBAAsB,CAAC,EAAE,CAAC,wBAAwB,CAAC,CAAC","sourcesContent":["import { z } from 'zod';\nimport {\n  AuthOptions,\n  authOptionsSchema,\n  SessionOptions,\n  sessionOptionsSchema,\n  ServerInfoOptions,\n  serverInfoOptionsSchema,\n  HttpOptions,\n  httpOptionsSchema,\n  LoggingOptions,\n  loggingOptionsSchema,\n  RawZodShape,\n  AuthOptionsInput,\n  RedisOptionsInput,\n  redisOptionsSchema,\n  PubsubOptionsInput,\n  pubsubOptionsSchema,\n  TransportOptionsInput,\n  transportOptionsSchema,\n} from '../types';\nimport {\n  annotatedFrontMcpAppSchema,\n  annotatedFrontMcpProvidersSchema,\n  annotatedFrontMcpResourcesSchema,\n  annotatedFrontMcpToolsSchema,\n} from '../schemas';\nimport { AppType, ProviderType, ResourceType, ToolType } from '../interfaces';\n\nexport interface FrontMcpBaseMetadata {\n  info: ServerInfoOptions;\n  apps: AppType[];\n  http?: HttpOptions;\n  logging?: LoggingOptions;\n\n  serve?: boolean; // default to true\n\n  /**\n   * Shared storage configuration\n   * Used by transport persistence and auth token storage.\n   * Supports both Redis and Vercel KV providers.\n   */\n  redis?: RedisOptionsInput;\n\n  /**\n   * Pub/Sub configuration (Redis-only)\n   * Required for resource subscriptions when using Vercel KV for sessions.\n   * Falls back to `redis` config if not specified and redis is configured with Redis provider.\n   */\n  pubsub?: PubsubOptionsInput;\n\n  /**\n   * Transport and session lifecycle configuration\n   * Controls transport protocols, session management, and persistence\n   * @default {} (all transport options use their schema defaults)\n   */\n  transport?: TransportOptionsInput; // Optional in input, but always defined in output\n\n  /**\n   * @deprecated Use `transport` instead. Session config has been merged into transport.\n   */\n  session?: SessionOptions;\n\n  /**\n   * Additional providers that are available to all apps.\n   */\n  providers?: ProviderType[];\n\n  /**\n   * Shared tools that are available to all apps.\n   * These are merged (additively) with app-specific tools.\n   */\n  tools?: ToolType[];\n\n  /**\n   * Shared resources that are available to all apps.\n   * These are merged (additively) with app-specific resources.\n   */\n  resources?: ResourceType[];\n}\n\nexport const frontMcpBaseSchema = z.object({\n  info: serverInfoOptionsSchema,\n  providers: z.array(annotatedFrontMcpProvidersSchema).optional().default([]),\n  tools: z.array(annotatedFrontMcpToolsSchema).optional().default([]),\n  resources: z.array(annotatedFrontMcpResourcesSchema).optional().default([]),\n  apps: z.array(annotatedFrontMcpAppSchema),\n  serve: z.boolean().optional().default(true),\n  http: httpOptionsSchema.optional(),\n  redis: redisOptionsSchema.optional(),\n  pubsub: pubsubOptionsSchema.optional(),\n  transport: transportOptionsSchema.optional().transform((val) => val ?? transportOptionsSchema.parse({})),\n  session: sessionOptionsSchema.optional(), // @deprecated - kept for backward compatibility\n  logging: loggingOptionsSchema.optional(),\n} satisfies RawZodShape<FrontMcpBaseMetadata>);\n\nexport interface FrontMcpMultiAppMetadata extends FrontMcpBaseMetadata {\n  splitByApp?: false;\n  auth?: AuthOptionsInput;\n}\n\nconst frontMcpMultiAppSchema = frontMcpBaseSchema.extend({\n  splitByApp: z.literal(false).default(false).describe('If true, each app gets its own scope & basePath.'),\n  auth: authOptionsSchema.optional().describe(\"Configures the server's default authentication provider.\"),\n} satisfies RawZodShape<FrontMcpMultiAppMetadata, FrontMcpBaseMetadata>);\n\nexport interface FrontMcpSplitByAppMetadata extends FrontMcpBaseMetadata {\n  splitByApp: true;\n  auth?: never;\n}\n\nconst frontMcpSplitByAppSchema = frontMcpBaseSchema.extend({\n  splitByApp: z.literal(true).describe('If false, apps are grouped under the same scope & basePath.'),\n  auth: z.never().optional(),\n} satisfies RawZodShape<FrontMcpSplitByAppMetadata, FrontMcpBaseMetadata>);\n\nexport type FrontMcpMetadata = FrontMcpMultiAppMetadata | FrontMcpSplitByAppMetadata;\n\nexport const frontMcpMetadataSchema = frontMcpMultiAppSchema.or(frontMcpSplitByAppSchema);\n\nexport type FrontMcpMultiAppConfig = z.infer<typeof frontMcpMultiAppSchema>;\nexport type FrontMcpSplitByAppConfig = z.infer<typeof frontMcpSplitByAppSchema>;\n\nexport type FrontMcpConfigType = z.infer<typeof frontMcpMetadataSchema>;\n\nexport interface AppScopeMetadata extends Omit<FrontMcpSplitByAppMetadata, 'auth' | 'splitByApp'> {\n  id: string;\n  apps: [AppType];\n  auth?: AuthOptions;\n}\n\nexport interface MultiAppScopeMetadata extends FrontMcpMultiAppMetadata {\n  id: string;\n  apps: AppType[];\n}\n\nexport type ScopeMetadata = AppScopeMetadata | MultiAppScopeMetadata;\n"]}

package/src/common/metadata/prompt.metadata.d.ts

@@ -64,6 +64,10 @@ export declare const frontMcpPromptMetadataSchema: z.ZodObject<{
         src: z.ZodString;
         mimeType: z.ZodOptional<z.ZodString>;
         sizes: z.ZodOptional<z.ZodArray<z.ZodString>>;
+        theme: z.ZodOptional<z.ZodEnum<{
+            light: "light";
+            dark: "dark";
+        }>>;
     }, z.core.$strip>>>;
 }, z.core.$loose>;
 export { FrontMcpPromptMetadata as PromptMetadata, };

package/src/common/metadata/provider.metadata.d.ts

@@ -10,10 +10,24 @@ export interface ProviderMetadata {
 }
 /**
  * Provider lifetime scope semantics.
+ *
+ * - GLOBAL: Singleton, shared across all requests
+ * - CONTEXT: Per-context instance (combines session + request data)
+ * - SESSION: deprecated Use CONTEXT instead
+ * - REQUEST: deprecated Use CONTEXT instead
  */
 export declare enum ProviderScope {
+    /** Singleton, shared across all requests */
     GLOBAL = "global",
+    /** Per-context instance (unified session + request scope) */
+    CONTEXT = "context",
+    /**
+     * @deprecated Use CONTEXT instead. Maps to CONTEXT internally.
+     */
     SESSION = "session",
+    /**
+     * @deprecated Use CONTEXT instead. Maps to CONTEXT internally.
+     */
     REQUEST = "request"
 }
 export declare const frontMcpProviderMetadataSchema: z.ZodObject<{

package/src/common/metadata/provider.metadata.js

@@ -4,17 +4,33 @@ exports.frontMcpProviderMetadataSchema = exports.ProviderScope = void 0;
 const zod_1 = require("zod");
 /**
  * Provider lifetime scope semantics.
+ *
+ * - GLOBAL: Singleton, shared across all requests
+ * - CONTEXT: Per-context instance (combines session + request data)
+ * - SESSION: deprecated Use CONTEXT instead
+ * - REQUEST: deprecated Use CONTEXT instead
  */
 var ProviderScope;
 (function (ProviderScope) {
+    /** Singleton, shared across all requests */
     ProviderScope["GLOBAL"] = "global";
+    /** Per-context instance (unified session + request scope) */
+    ProviderScope["CONTEXT"] = "context";
+    /**
+     * @deprecated Use CONTEXT instead. Maps to CONTEXT internally.
+     */
     ProviderScope["SESSION"] = "session";
+    /**
+     * @deprecated Use CONTEXT instead. Maps to CONTEXT internally.
+     */
     ProviderScope["REQUEST"] = "request";
 })(ProviderScope || (exports.ProviderScope = ProviderScope = {}));
-exports.frontMcpProviderMetadataSchema = zod_1.z.object({
+exports.frontMcpProviderMetadataSchema = zod_1.z
+    .object({
     id: zod_1.z.string().optional(),
     name: zod_1.z.string().min(1),
     description: zod_1.z.string().optional(),
     scope: zod_1.z.nativeEnum(ProviderScope).optional().default(ProviderScope.GLOBAL),
-}).passthrough();
+})
+    .passthrough();
 //# sourceMappingURL=provider.metadata.js.map

package/src/common/metadata/provider.metadata.js.map

@@ -1 +1 @@
-{"version":3,"file":"provider.metadata.js","sourceRoot":"","sources":["../../../../src/common/metadata/provider.metadata.ts"],"names":[],"mappings":";;;AAAA,6BAAwB;AAcxB;;GAEG;AACH,IAAY,aAIX;AAJD,WAAY,aAAa;IACvB,kCAAiB,CAAA;IACjB,oCAAmB,CAAA;IACnB,oCAAmB,CAAA;AACrB,CAAC,EAJW,aAAa,6BAAb,aAAa,QAIxB;AAEY,QAAA,8BAA8B,GAAG,OAAC,CAAC,MAAM,CAAC;IACrD,EAAE,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACzB,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACvB,WAAW,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAClC,KAAK,EAAE,OAAC,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC;CACpC,CAAC,CAAC,WAAW,EAAE,CAAC","sourcesContent":["import { z } from 'zod';\nimport { RawZodShape } from '../types';\n\n\n/**\n * Declarative metadata describing what a FrontMcpProvider contributes at app scope.\n */\nexport interface ProviderMetadata {\n  id?: string;\n  name: string;\n  description?: string;\n  scope?: ProviderScope;\n}\n\n/**\n * Provider lifetime scope semantics.\n */\nexport enum ProviderScope {\n  GLOBAL = 'global',\n  SESSION = 'session',\n  REQUEST = 'request',\n}\n\nexport const frontMcpProviderMetadataSchema = z.object({\n  id: z.string().optional(),\n  name: z.string().min(1),\n  description: z.string().optional(),\n  scope: z.nativeEnum(ProviderScope).optional().default(ProviderScope.GLOBAL),\n} satisfies RawZodShape<ProviderMetadata>).passthrough();\n\n"]}
+{"version":3,"file":"provider.metadata.js","sourceRoot":"","sources":["../../../../src/common/metadata/provider.metadata.ts"],"names":[],"mappings":";;;AAAA,6BAAwB;AAaxB;;;;;;;GAOG;AACH,IAAY,aAaX;AAbD,WAAY,aAAa;IACvB,4CAA4C;IAC5C,kCAAiB,CAAA;IACjB,6DAA6D;IAC7D,oCAAmB,CAAA;IACnB;;OAEG;IACH,oCAAmB,CAAA;IACnB;;OAEG;IACH,oCAAmB,CAAA;AACrB,CAAC,EAbW,aAAa,6BAAb,aAAa,QAaxB;AAEY,QAAA,8BAA8B,GAAG,OAAC;KAC5C,MAAM,CAAC;IACN,EAAE,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACzB,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACvB,WAAW,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAClC,KAAK,EAAE,OAAC,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC;CACpC,CAAC;KACzC,WAAW,EAAE,CAAC","sourcesContent":["import { z } from 'zod';\nimport { RawZodShape } from '../types';\n\n/**\n * Declarative metadata describing what a FrontMcpProvider contributes at app scope.\n */\nexport interface ProviderMetadata {\n  id?: string;\n  name: string;\n  description?: string;\n  scope?: ProviderScope;\n}\n\n/**\n * Provider lifetime scope semantics.\n *\n * - GLOBAL: Singleton, shared across all requests\n * - CONTEXT: Per-context instance (combines session + request data)\n * - SESSION: deprecated Use CONTEXT instead\n * - REQUEST: deprecated Use CONTEXT instead\n */\nexport enum ProviderScope {\n  /** Singleton, shared across all requests */\n  GLOBAL = 'global',\n  /** Per-context instance (unified session + request scope) */\n  CONTEXT = 'context',\n  /**\n   * @deprecated Use CONTEXT instead. Maps to CONTEXT internally.\n   */\n  SESSION = 'session',\n  /**\n   * @deprecated Use CONTEXT instead. Maps to CONTEXT internally.\n   */\n  REQUEST = 'request',\n}\n\nexport const frontMcpProviderMetadataSchema = z\n  .object({\n    id: z.string().optional(),\n    name: z.string().min(1),\n    description: z.string().optional(),\n    scope: z.nativeEnum(ProviderScope).optional().default(ProviderScope.GLOBAL),\n  } satisfies RawZodShape<ProviderMetadata>)\n  .passthrough();\n"]}

package/src/common/metadata/resource.metadata.d.ts

@@ -56,6 +56,10 @@ export declare const frontMcpResourceMetadataSchema: z.ZodObject<{
         src: z.ZodString;
         mimeType: z.ZodOptional<z.ZodString>;
         sizes: z.ZodOptional<z.ZodArray<z.ZodString>>;
+        theme: z.ZodOptional<z.ZodEnum<{
+            light: "light";
+            dark: "dark";
+        }>>;
     }, z.core.$strip>>>;
 }, z.core.$loose>;
 /**
@@ -102,6 +106,10 @@ export declare const frontMcpResourceTemplateMetadataSchema: z.ZodObject<{
         src: z.ZodString;
         mimeType: z.ZodOptional<z.ZodString>;
         sizes: z.ZodOptional<z.ZodArray<z.ZodString>>;
+        theme: z.ZodOptional<z.ZodEnum<{
+            light: "light";
+            dark: "dark";
+        }>>;
     }, z.core.$strip>>>;
 }, z.core.$loose>;
 export { ResourceMetadata, ResourceMetadata as FrontMcpResourceMetadata, ResourceTemplateMetadata, ResourceTemplateMetadata as FrontMcpResourceTemplateMetadata, };

package/src/common/metadata/tool-ui.metadata.d.ts

@@ -1,10 +1,10 @@
 /**
  * Tool UI Configuration Types
  *
- * Re-exports types from @frontmcp/ui/types for SDK consumers.
+ * Re-exports types from @frontmcp/uipack/types for SDK consumers.
  * This provides a single source of truth for UI configuration types
  * while maintaining backwards compatibility.
  *
  * @see {@link https://docs.agentfront.dev/docs/servers/tools#tool-ui | Tool UI Documentation}
  */
-export { type UIContentSecurityPolicy, type TemplateHelpers, type TemplateContext, type TemplateBuilderFn, type WidgetServingMode, type WidgetDisplayMode, type UITemplateConfig as ToolUIConfig, type UIType, type BundlingMode, type DisplayMode, type ResourceMode, type CSPDirectives, type RendererAssets, type WidgetManifest, type RuntimePayload, type WidgetConfig, type WidgetTemplate, type WidgetRuntimeOptions, type BuildManifestResult, type BuildManifestOptions, } from '@frontmcp/ui/types';
+export { type UIContentSecurityPolicy, type TemplateHelpers, type TemplateContext, type TemplateBuilderFn, type WidgetServingMode, type WidgetDisplayMode, type UITemplateConfig as ToolUIConfig, type UIType, type BundlingMode, type DisplayMode, type ResourceMode, type CSPDirectives, type RendererAssets, type WidgetManifest, type RuntimePayload, type WidgetConfig, type WidgetTemplate, type WidgetRuntimeOptions, type BuildManifestResult, type BuildManifestOptions, } from '@frontmcp/uipack/types';

package/src/common/metadata/tool-ui.metadata.js

@@ -2,7 +2,7 @@
 /**
  * Tool UI Configuration Types
  *
- * Re-exports types from @frontmcp/ui/types for SDK consumers.
+ * Re-exports types from @frontmcp/uipack/types for SDK consumers.
  * This provides a single source of truth for UI configuration types
  * while maintaining backwards compatibility.
  *

package/src/common/metadata/tool-ui.metadata.js.map

@@ -1 +1 @@
-{"version":3,"file":"tool-ui.metadata.js","sourceRoot":"","sources":["../../../../src/common/metadata/tool-ui.metadata.ts"],"names":[],"mappings":";AAAA;;;;;;;;GAQG","sourcesContent":["/**\n * Tool UI Configuration Types\n *\n * Re-exports types from @frontmcp/ui/types for SDK consumers.\n * This provides a single source of truth for UI configuration types\n * while maintaining backwards compatibility.\n *\n * @see {@link https://docs.agentfront.dev/docs/servers/tools#tool-ui | Tool UI Documentation}\n */\n\n// Re-export all UI configuration types from @frontmcp/ui\nexport {\n  // Legacy UI Config Types\n  type UIContentSecurityPolicy,\n  type TemplateHelpers,\n  type TemplateContext,\n  type TemplateBuilderFn,\n  type WidgetServingMode,\n  type WidgetDisplayMode,\n  // Re-export UITemplateConfig as ToolUIConfig for backwards compatibility\n  type UITemplateConfig as ToolUIConfig,\n  // New Widget Runtime Types\n  type UIType,\n  type BundlingMode,\n  type DisplayMode,\n  type ResourceMode,\n  type CSPDirectives,\n  type RendererAssets,\n  type WidgetManifest,\n  type RuntimePayload,\n  type WidgetConfig,\n  type WidgetTemplate,\n  type WidgetRuntimeOptions,\n  type BuildManifestResult,\n  type BuildManifestOptions,\n} from '@frontmcp/ui/types';\n"]}
+{"version":3,"file":"tool-ui.metadata.js","sourceRoot":"","sources":["../../../../src/common/metadata/tool-ui.metadata.ts"],"names":[],"mappings":";AAAA;;;;;;;;GAQG","sourcesContent":["/**\n * Tool UI Configuration Types\n *\n * Re-exports types from @frontmcp/uipack/types for SDK consumers.\n * This provides a single source of truth for UI configuration types\n * while maintaining backwards compatibility.\n *\n * @see {@link https://docs.agentfront.dev/docs/servers/tools#tool-ui | Tool UI Documentation}\n */\n\n// Re-export all UI configuration types from @frontmcp/uipack\nexport {\n  // Legacy UI Config Types\n  type UIContentSecurityPolicy,\n  type TemplateHelpers,\n  type TemplateContext,\n  type TemplateBuilderFn,\n  type WidgetServingMode,\n  type WidgetDisplayMode,\n  // Re-export UITemplateConfig as ToolUIConfig for backwards compatibility\n  type UITemplateConfig as ToolUIConfig,\n  // New Widget Runtime Types\n  type UIType,\n  type BundlingMode,\n  type DisplayMode,\n  type ResourceMode,\n  type CSPDirectives,\n  type RendererAssets,\n  type WidgetManifest,\n  type RuntimePayload,\n  type WidgetConfig,\n  type WidgetTemplate,\n  type WidgetRuntimeOptions,\n  type BuildManifestResult,\n  type BuildManifestOptions,\n} from '@frontmcp/uipack/types';\n"]}

package/src/common/metadata/tool.metadata.d.ts

@@ -159,6 +159,10 @@ export declare const ResourceLinkOutputSchema: z.ZodObject<{
         src: z.ZodString;
         mimeType: z.ZodOptional<z.ZodString>;
         sizes: z.ZodOptional<z.ZodArray<z.ZodString>>;
+        theme: z.ZodOptional<z.ZodEnum<{
+            light: "light";
+            dark: "dark";
+        }>>;
     }, z.core.$strip>>>;
     name: z.ZodString;
     title: z.ZodOptional<z.ZodString>;
@@ -174,7 +178,7 @@ export type ToolSingleOutputType = PrimitiveOutputType | ImageOutputType | Audio
  * Default default tool schema is {}
  */
 export type ToolOutputType = ToolSingleOutputType | ToolSingleOutputType[] | undefined;
-export type ToolInputType = z.ZodRawShape;
+export type ToolInputType = z.ZodRawShape | z.ZodObject<any>;
 /**
  * Declarative metadata describing what an McpTool contributes.
  */

package/src/common/metadata/tool.metadata.js.map

@@ -1 +1 @@
-{"version":3,"file":"tool.metadata.js","sourceRoot":"","sources":["../../../../src/common/metadata/tool.metadata.ts"],"names":[],"mappings":";;;AAAA,6BAAwB;AAMxB,iEAK4C;AAyE5C,MAAM,wBAAwB,GAAG,OAAC;KAC/B,MAAM,CAAC;IACN,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,YAAY,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACpC,eAAe,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACvC,cAAc,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACtC,aAAa,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;CACC,CAAC;KACxC,WAAW,EAAE,CAAC;AAmBJ,QAAA,iBAAiB,GAAG,6BAAkB,CAAC;AAOvC,QAAA,iBAAiB,GAAG,6BAAkB,CAAC;AAOvC,QAAA,oBAAoB,GAAG,iCAAsB,CAAC;AAO9C,QAAA,wBAAwB,GAAG,6BAAkB,CAAC;AAyF3D;;;;;GAKG;AAEH,MAAM,4BAA4B,GAAG,OAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC,CAAC;AACrF,MAAM,0BAA0B,GAAG,OAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,eAAe,CAAC,CAAC,CAAC;AAE3F,MAAM,mBAAmB,GAAG,OAAC,CAAC,KAAK,CAAC,CAAC,4BAA4B,EAAE,0BAA0B,CAAC,CAAC,CAAC;AAEhG,uDAAuD;AACvD,MAAM,uBAAuB,GAAG,OAAC,CAAC,UAAU,CAAC,OAAC,CAAC,OAAO,CAAC,CAAC;AAExD,wCAAwC;AACxC,MAAM,iBAAiB,GAAG,OAAC,CAAC,MAAM,CAAC,OAAC,CAAC,MAAM,EAAE,EAAE,uBAAuB,CAAC,CAAC;AAExE,MAAM,sBAAsB,GAAG,OAAC,CAAC,KAAK,CAAC,CAAC,mBAAmB,EAAE,uBAAuB,EAAE,iBAAiB,CAAC,CAAC,CAAC;AAE1G,iEAAiE;AACjE,MAAM,gBAAgB,GAAG,OAAC,CAAC,KAAK,CAAC,CAAC,sBAAsB,EAAE,OAAC,CAAC,KAAK,CAAC,sBAAsB,CAAC,CAAC,CAAC,CAAC;AAC5F,MAAM,iBAAiB,GAAG,OAAC,CAAC,MAAM,CAAC;IACjC,WAAW,EAAE,OAAC,CAAC,MAAM,EAAE;IACvB,KAAK,EAAE,OAAC,CAAC,MAAM,CAAC,OAAC,CAAC,MAAM,EAAE,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC;IACxC,MAAM,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;CAC/B,CAAC,CAAC;AAEU,QAAA,0BAA0B,GAAG,OAAC;KACxC,MAAM,CAAC;IACN,EAAE,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACzB,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACvB,WAAW,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAClC,WAAW,EAAE,OAAC,CAAC,UAAU,CAAC,MAAM,CAAC;IACjC,cAAc,EAAE,OAAC,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IAClC,YAAY,EAAE,gBAAgB,CAAC,QAAQ,EAAE;IACzC,IAAI,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IAC3C,WAAW,EAAE,wBAAwB,CAAC,QAAQ,EAAE;IAChD,iBAAiB,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;IACxD,QAAQ,EAAE,OAAC,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC,QAAQ,EAAE;IAC/C,EAAE,EAAE,OAAC,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,EAAE;CAC+B,CAAC;KACjE,WAAW,EAAE,CAAC","sourcesContent":["import { z } from 'zod';\nimport { RawZodShape } from '../types';\nimport type { JSONSchema } from 'zod/v4/core';\n\n/** JSON Schema type from Zod v4 */\ntype JsonSchema = JSONSchema.JSONSchema;\nimport {\n  ImageContentSchema,\n  AudioContentSchema,\n  ResourceLinkSchema,\n  EmbeddedResourceSchema,\n} from '@modelcontextprotocol/sdk/types.js';\nimport { ToolUIConfig } from './tool-ui.metadata';\nimport { ToolInputOf, ToolOutputOf } from '../decorators';\n\ndeclare global {\n  /**\n   * Declarative metadata extends to the an McpTool decorator.\n   */\n  interface ExtendFrontMcpToolMetadata {}\n}\n\n/**\n * Example input/output pair for a tool, used in documentation and describe output.\n */\nexport interface ToolExample {\n  /**\n   * Description of what this example demonstrates.\n   */\n  description: string;\n\n  /**\n   * Example input values for the tool.\n   */\n  input: Record<string, unknown>;\n\n  /**\n   * Optional expected output for the example.\n   */\n  output?: unknown;\n}\n\nexport interface ToolAnnotations {\n  [x: string]: unknown;\n\n  /**\n   * A human-readable title for the tool.\n   */\n  title?: string;\n  /**\n   * If true, the tool does not modify its environment.\n   *\n   * Default: false\n   */\n  readOnlyHint?: boolean;\n  /**\n   * If true, the tool may perform destructive updates to its environment.\n   * If false, the tool performs only additive updates.\n   *\n   * (This property is meaningful only when `readOnlyHint == false`)\n   *\n   * Default: true\n   */\n  destructiveHint?: boolean;\n  /**\n   * If true, calling the tool repeatedly with the same arguments\n   * will have no additional effect on the its environment.\n   *\n   * (This property is meaningful only when `readOnlyHint == false`)\n   *\n   * Default: false\n   */\n  idempotentHint?: boolean;\n  /**\n   * If true, this tool may interact with an \"open world\" of external\n   * entities. If false, the tool's domain of interaction is closed.\n   * For example, the world of a web search tool is open, whereas that\n   * of a memory tool is not.\n   *\n   * Default: true\n   */\n  openWorldHint?: boolean;\n}\n\nconst mcpToolAnnotationsSchema = z\n  .object({\n    title: z.string().optional(),\n    readOnlyHint: z.boolean().optional(),\n    destructiveHint: z.boolean().optional(),\n    idempotentHint: z.boolean().optional(),\n    openWorldHint: z.boolean().optional(),\n  } satisfies RawZodShape<ToolAnnotations>)\n  .passthrough();\n\n/**\n * Tool response type text: include if outputSchema is zod primitive types\n */\ntype PrimitiveOutputType =\n  | 'string'\n  | 'number'\n  | 'date'\n  | 'boolean'\n  | z.ZodString\n  | z.ZodNumber\n  | z.ZodBoolean\n  | z.ZodBigInt\n  | z.ZodDate;\n/**\n * Tool response type image, will use the ImageContentSchema from MCP types\n */\ntype ImageOutputType = 'image';\nexport const ImageOutputSchema = ImageContentSchema;\nexport type ImageOutput = z.output<typeof ImageOutputSchema>;\n\n/**\n * Tool response type audio, will use the AudioContentSchema from MCP types\n */\ntype AudioOutputType = 'audio';\nexport const AudioOutputSchema = AudioContentSchema;\nexport type AudioOutput = z.output<typeof AudioOutputSchema>;\n\n/**\n * Tool response type resource, will use the EmbeddedResourceSchema from MCP types\n */\ntype ResourceOutputType = 'resource';\nexport const ResourceOutputSchema = EmbeddedResourceSchema;\nexport type ResourceOutput = z.output<typeof ResourceOutputSchema>;\n\n/**\n * Tool response type resource_link, will use the ResourceLinkSchema from MCP types\n */\ntype ResourceLinkOutputType = 'resource_link';\nexport const ResourceLinkOutputSchema = ResourceLinkSchema;\nexport type ResourceLinkOutput = z.output<typeof ResourceLinkOutputSchema>;\n\n/**\n * Tool response type json, ZodRawShape for fast usage\n */\ntype StructuredOutputType =\n  | z.ZodRawShape\n  | z.ZodObject<any>\n  | z.ZodArray<z.ZodType>\n  | z.ZodUnion<[z.ZodObject<any>, ...z.ZodObject<any>[]]>\n  | z.ZodDiscriminatedUnion<z.ZodObject<any>[]>;\n\nexport type ToolSingleOutputType =\n  | PrimitiveOutputType\n  | ImageOutputType\n  | AudioOutputType\n  | ResourceOutputType\n  | ResourceLinkOutputType\n  | StructuredOutputType;\n\n/**\n * Default default tool schema is {}\n */\nexport type ToolOutputType = ToolSingleOutputType | ToolSingleOutputType[] | undefined;\nexport type ToolInputType = z.ZodRawShape;\n\n/**\n * Declarative metadata describing what an McpTool contributes.\n */\nexport interface ToolMetadata<InSchema = ToolInputType, OutSchema extends ToolOutputType = ToolOutputType>\n  extends ExtendFrontMcpToolMetadata {\n  /**\n   * Optional unique identifier for the tool.\n   * If omitted, a consumer may derive an ID from the class or file name.\n   */\n  id?: string;\n\n  /**\n   * Human‑readable name of the tool, used in UIs, logs, and discovery.\n   */\n  name: string;\n\n  /**\n   * Short summary describing what the tool does and when to use it.\n   */\n  description?: string;\n\n  /**\n   * Zod schema describing the expected input payload for the tool.\n   * Used for validation and for generating automatic docs/UX.\n   */\n  inputSchema: InSchema;\n  /**\n   * Zod schema describing the expected input payload for the tool.\n   * Used for validation and for generating automatic docs/UX.\n   */\n  rawInputSchema?: JsonSchema;\n\n  /**\n   * Zod schema describing the structure of the tool's successful output.\n   */\n  outputSchema?: OutSchema;\n\n  /**\n   * Optional list of tags/labels that categorize the tool for discovery and filtering.\n   */\n  tags?: string[];\n\n  annotations?: ToolAnnotations;\n\n  /**\n   * If true, the tool will not be shown in the tool/list action results.\n   * this method can still be called directly with tool/call even if hidden.\n   * use case: tools that are intended to be private or internal. (usually for testing / private apis)\n   * Default: false\n   */\n  hideFromDiscovery?: boolean;\n\n  /**\n   * Optional usage examples for the tool.\n   * These are used by codecall:describe to provide accurate usage examples.\n   * If provided, these take precedence over auto-generated examples.\n   */\n  examples?: ToolExample[];\n\n  ui?: ToolUIConfig<ToolInputOf<InSchema>, ToolOutputOf<OutSchema>>;\n}\n\n/**\n * Runtime schema for ToolSingleOutputType:\n *  - literals ('string', 'image', ...)\n *  - any Zod schema (ZodObject, ZodArray, etc.)\n *  - raw shapes (Record<string, ZodTypeAny>)\n */\n\nconst primitiveOutputLiteralSchema = z.enum(['string', 'number', 'date', 'boolean']);\nconst specialOutputLiteralSchema = z.enum(['image', 'audio', 'resource', 'resource_link']);\n\nconst outputLiteralSchema = z.union([primitiveOutputLiteralSchema, specialOutputLiteralSchema]);\n\n// Any Zod schema instance (object, array, union, etc.)\nconst zodSchemaInstanceSchema = z.instanceof(z.ZodType);\n\n// Raw shape: { field: z.string(), ... }\nconst zodRawShapeSchema = z.record(z.string(), zodSchemaInstanceSchema);\n\nconst toolSingleOutputSchema = z.union([outputLiteralSchema, zodSchemaInstanceSchema, zodRawShapeSchema]);\n\n// ToolOutputType = ToolSingleOutputType | ToolSingleOutputType[]\nconst toolOutputSchema = z.union([toolSingleOutputSchema, z.array(toolSingleOutputSchema)]);\nconst toolExampleSchema = z.object({\n  description: z.string(),\n  input: z.record(z.string(), z.unknown()),\n  output: z.unknown().optional(),\n});\n\nexport const frontMcpToolMetadataSchema = z\n  .object({\n    id: z.string().optional(),\n    name: z.string().min(1),\n    description: z.string().optional(),\n    inputSchema: z.instanceof(Object),\n    rawInputSchema: z.any().optional(),\n    outputSchema: toolOutputSchema.optional(),\n    tags: z.array(z.string().min(1)).optional(),\n    annotations: mcpToolAnnotationsSchema.optional(),\n    hideFromDiscovery: z.boolean().optional().default(false),\n    examples: z.array(toolExampleSchema).optional(),\n    ui: z.looseObject({}).optional(),\n  } satisfies RawZodShape<ToolMetadata, ExtendFrontMcpToolMetadata>)\n  .passthrough();\n"]}
+{"version":3,"file":"tool.metadata.js","sourceRoot":"","sources":["../../../../src/common/metadata/tool.metadata.ts"],"names":[],"mappings":";;;AAAA,6BAAwB;AAMxB,iEAK4C;AAyE5C,MAAM,wBAAwB,GAAG,OAAC;KAC/B,MAAM,CAAC;IACN,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,YAAY,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACpC,eAAe,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACvC,cAAc,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACtC,aAAa,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;CACC,CAAC;KACxC,WAAW,EAAE,CAAC;AAmBJ,QAAA,iBAAiB,GAAG,6BAAkB,CAAC;AAOvC,QAAA,iBAAiB,GAAG,6BAAkB,CAAC;AAOvC,QAAA,oBAAoB,GAAG,iCAAsB,CAAC;AAO9C,QAAA,wBAAwB,GAAG,6BAAkB,CAAC;AAyF3D;;;;;GAKG;AAEH,MAAM,4BAA4B,GAAG,OAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC,CAAC;AACrF,MAAM,0BAA0B,GAAG,OAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,eAAe,CAAC,CAAC,CAAC;AAE3F,MAAM,mBAAmB,GAAG,OAAC,CAAC,KAAK,CAAC,CAAC,4BAA4B,EAAE,0BAA0B,CAAC,CAAC,CAAC;AAEhG,uDAAuD;AACvD,MAAM,uBAAuB,GAAG,OAAC,CAAC,UAAU,CAAC,OAAC,CAAC,OAAO,CAAC,CAAC;AAExD,wCAAwC;AACxC,MAAM,iBAAiB,GAAG,OAAC,CAAC,MAAM,CAAC,OAAC,CAAC,MAAM,EAAE,EAAE,uBAAuB,CAAC,CAAC;AAExE,MAAM,sBAAsB,GAAG,OAAC,CAAC,KAAK,CAAC,CAAC,mBAAmB,EAAE,uBAAuB,EAAE,iBAAiB,CAAC,CAAC,CAAC;AAE1G,iEAAiE;AACjE,MAAM,gBAAgB,GAAG,OAAC,CAAC,KAAK,CAAC,CAAC,sBAAsB,EAAE,OAAC,CAAC,KAAK,CAAC,sBAAsB,CAAC,CAAC,CAAC,CAAC;AAC5F,MAAM,iBAAiB,GAAG,OAAC,CAAC,MAAM,CAAC;IACjC,WAAW,EAAE,OAAC,CAAC,MAAM,EAAE;IACvB,KAAK,EAAE,OAAC,CAAC,MAAM,CAAC,OAAC,CAAC,MAAM,EAAE,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC;IACxC,MAAM,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;CAC/B,CAAC,CAAC;AAEU,QAAA,0BAA0B,GAAG,OAAC;KACxC,MAAM,CAAC;IACN,EAAE,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACzB,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACvB,WAAW,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAClC,WAAW,EAAE,OAAC,CAAC,UAAU,CAAC,MAAM,CAAC;IACjC,cAAc,EAAE,OAAC,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IAClC,YAAY,EAAE,gBAAgB,CAAC,QAAQ,EAAE;IACzC,IAAI,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IAC3C,WAAW,EAAE,wBAAwB,CAAC,QAAQ,EAAE;IAChD,iBAAiB,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;IACxD,QAAQ,EAAE,OAAC,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC,QAAQ,EAAE;IAC/C,EAAE,EAAE,OAAC,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,EAAE;CAC+B,CAAC;KACjE,WAAW,EAAE,CAAC","sourcesContent":["import { z } from 'zod';\nimport { RawZodShape } from '../types';\nimport type { JSONSchema } from 'zod/v4/core';\n\n/** JSON Schema type from Zod v4 */\ntype JsonSchema = JSONSchema.JSONSchema;\nimport {\n  ImageContentSchema,\n  AudioContentSchema,\n  ResourceLinkSchema,\n  EmbeddedResourceSchema,\n} from '@modelcontextprotocol/sdk/types.js';\nimport { ToolUIConfig } from './tool-ui.metadata';\nimport { ToolInputOf, ToolOutputOf } from '../decorators';\n\ndeclare global {\n  /**\n   * Declarative metadata extends to the an McpTool decorator.\n   */\n  interface ExtendFrontMcpToolMetadata {}\n}\n\n/**\n * Example input/output pair for a tool, used in documentation and describe output.\n */\nexport interface ToolExample {\n  /**\n   * Description of what this example demonstrates.\n   */\n  description: string;\n\n  /**\n   * Example input values for the tool.\n   */\n  input: Record<string, unknown>;\n\n  /**\n   * Optional expected output for the example.\n   */\n  output?: unknown;\n}\n\nexport interface ToolAnnotations {\n  [x: string]: unknown;\n\n  /**\n   * A human-readable title for the tool.\n   */\n  title?: string;\n  /**\n   * If true, the tool does not modify its environment.\n   *\n   * Default: false\n   */\n  readOnlyHint?: boolean;\n  /**\n   * If true, the tool may perform destructive updates to its environment.\n   * If false, the tool performs only additive updates.\n   *\n   * (This property is meaningful only when `readOnlyHint == false`)\n   *\n   * Default: true\n   */\n  destructiveHint?: boolean;\n  /**\n   * If true, calling the tool repeatedly with the same arguments\n   * will have no additional effect on the its environment.\n   *\n   * (This property is meaningful only when `readOnlyHint == false`)\n   *\n   * Default: false\n   */\n  idempotentHint?: boolean;\n  /**\n   * If true, this tool may interact with an \"open world\" of external\n   * entities. If false, the tool's domain of interaction is closed.\n   * For example, the world of a web search tool is open, whereas that\n   * of a memory tool is not.\n   *\n   * Default: true\n   */\n  openWorldHint?: boolean;\n}\n\nconst mcpToolAnnotationsSchema = z\n  .object({\n    title: z.string().optional(),\n    readOnlyHint: z.boolean().optional(),\n    destructiveHint: z.boolean().optional(),\n    idempotentHint: z.boolean().optional(),\n    openWorldHint: z.boolean().optional(),\n  } satisfies RawZodShape<ToolAnnotations>)\n  .passthrough();\n\n/**\n * Tool response type text: include if outputSchema is zod primitive types\n */\ntype PrimitiveOutputType =\n  | 'string'\n  | 'number'\n  | 'date'\n  | 'boolean'\n  | z.ZodString\n  | z.ZodNumber\n  | z.ZodBoolean\n  | z.ZodBigInt\n  | z.ZodDate;\n/**\n * Tool response type image, will use the ImageContentSchema from MCP types\n */\ntype ImageOutputType = 'image';\nexport const ImageOutputSchema = ImageContentSchema;\nexport type ImageOutput = z.output<typeof ImageOutputSchema>;\n\n/**\n * Tool response type audio, will use the AudioContentSchema from MCP types\n */\ntype AudioOutputType = 'audio';\nexport const AudioOutputSchema = AudioContentSchema;\nexport type AudioOutput = z.output<typeof AudioOutputSchema>;\n\n/**\n * Tool response type resource, will use the EmbeddedResourceSchema from MCP types\n */\ntype ResourceOutputType = 'resource';\nexport const ResourceOutputSchema = EmbeddedResourceSchema;\nexport type ResourceOutput = z.output<typeof ResourceOutputSchema>;\n\n/**\n * Tool response type resource_link, will use the ResourceLinkSchema from MCP types\n */\ntype ResourceLinkOutputType = 'resource_link';\nexport const ResourceLinkOutputSchema = ResourceLinkSchema;\nexport type ResourceLinkOutput = z.output<typeof ResourceLinkOutputSchema>;\n\n/**\n * Tool response type json, ZodRawShape for fast usage\n */\ntype StructuredOutputType =\n  | z.ZodRawShape\n  | z.ZodObject<any>\n  | z.ZodArray<z.ZodType>\n  | z.ZodUnion<[z.ZodObject<any>, ...z.ZodObject<any>[]]>\n  | z.ZodDiscriminatedUnion<z.ZodObject<any>[]>;\n\nexport type ToolSingleOutputType =\n  | PrimitiveOutputType\n  | ImageOutputType\n  | AudioOutputType\n  | ResourceOutputType\n  | ResourceLinkOutputType\n  | StructuredOutputType;\n\n/**\n * Default default tool schema is {}\n */\nexport type ToolOutputType = ToolSingleOutputType | ToolSingleOutputType[] | undefined;\nexport type ToolInputType = z.ZodRawShape | z.ZodObject<any>;\n\n/**\n * Declarative metadata describing what an McpTool contributes.\n */\nexport interface ToolMetadata<InSchema = ToolInputType, OutSchema extends ToolOutputType = ToolOutputType>\n  extends ExtendFrontMcpToolMetadata {\n  /**\n   * Optional unique identifier for the tool.\n   * If omitted, a consumer may derive an ID from the class or file name.\n   */\n  id?: string;\n\n  /**\n   * Human‑readable name of the tool, used in UIs, logs, and discovery.\n   */\n  name: string;\n\n  /**\n   * Short summary describing what the tool does and when to use it.\n   */\n  description?: string;\n\n  /**\n   * Zod schema describing the expected input payload for the tool.\n   * Used for validation and for generating automatic docs/UX.\n   */\n  inputSchema: InSchema;\n  /**\n   * Zod schema describing the expected input payload for the tool.\n   * Used for validation and for generating automatic docs/UX.\n   */\n  rawInputSchema?: JsonSchema;\n\n  /**\n   * Zod schema describing the structure of the tool's successful output.\n   */\n  outputSchema?: OutSchema;\n\n  /**\n   * Optional list of tags/labels that categorize the tool for discovery and filtering.\n   */\n  tags?: string[];\n\n  annotations?: ToolAnnotations;\n\n  /**\n   * If true, the tool will not be shown in the tool/list action results.\n   * this method can still be called directly with tool/call even if hidden.\n   * use case: tools that are intended to be private or internal. (usually for testing / private apis)\n   * Default: false\n   */\n  hideFromDiscovery?: boolean;\n\n  /**\n   * Optional usage examples for the tool.\n   * These are used by codecall:describe to provide accurate usage examples.\n   * If provided, these take precedence over auto-generated examples.\n   */\n  examples?: ToolExample[];\n\n  ui?: ToolUIConfig<ToolInputOf<InSchema>, ToolOutputOf<OutSchema>>;\n}\n\n/**\n * Runtime schema for ToolSingleOutputType:\n *  - literals ('string', 'image', ...)\n *  - any Zod schema (ZodObject, ZodArray, etc.)\n *  - raw shapes (Record<string, ZodTypeAny>)\n */\n\nconst primitiveOutputLiteralSchema = z.enum(['string', 'number', 'date', 'boolean']);\nconst specialOutputLiteralSchema = z.enum(['image', 'audio', 'resource', 'resource_link']);\n\nconst outputLiteralSchema = z.union([primitiveOutputLiteralSchema, specialOutputLiteralSchema]);\n\n// Any Zod schema instance (object, array, union, etc.)\nconst zodSchemaInstanceSchema = z.instanceof(z.ZodType);\n\n// Raw shape: { field: z.string(), ... }\nconst zodRawShapeSchema = z.record(z.string(), zodSchemaInstanceSchema);\n\nconst toolSingleOutputSchema = z.union([outputLiteralSchema, zodSchemaInstanceSchema, zodRawShapeSchema]);\n\n// ToolOutputType = ToolSingleOutputType | ToolSingleOutputType[]\nconst toolOutputSchema = z.union([toolSingleOutputSchema, z.array(toolSingleOutputSchema)]);\nconst toolExampleSchema = z.object({\n  description: z.string(),\n  input: z.record(z.string(), z.unknown()),\n  output: z.unknown().optional(),\n});\n\nexport const frontMcpToolMetadataSchema = z\n  .object({\n    id: z.string().optional(),\n    name: z.string().min(1),\n    description: z.string().optional(),\n    inputSchema: z.instanceof(Object),\n    rawInputSchema: z.any().optional(),\n    outputSchema: toolOutputSchema.optional(),\n    tags: z.array(z.string().min(1)).optional(),\n    annotations: mcpToolAnnotationsSchema.optional(),\n    hideFromDiscovery: z.boolean().optional().default(false),\n    examples: z.array(toolExampleSchema).optional(),\n    ui: z.looseObject({}).optional(),\n  } satisfies RawZodShape<ToolMetadata, ExtendFrontMcpToolMetadata>)\n  .passthrough();\n"]}

package/src/common/migrate/auth-transport.migrate.d.ts

@@ -0,0 +1,62 @@
+import type { TransportOptionsInput } from '../types/options/transport.options';
+import type { RedisOptionsInput } from '../types/options/redis.options';
+import type { SessionOptions } from '../types/options/session.options';
+/**
+ * Old transport config structure (nested under auth)
+ */
+interface OldTransportConfig {
+    enableLegacySSE?: boolean;
+    enableSseListener?: boolean;
+    enableStreamableHttp?: boolean;
+    enableStatelessHttp?: boolean;
+    enableStatefulHttp?: boolean;
+    requireSessionForStreamable?: boolean;
+    recreation?: {
+        enabled?: boolean;
+        redis?: RedisOptionsInput;
+        defaultTtlMs?: number;
+    };
+}
+/**
+ * Old auth config structure (with nested transport)
+ */
+interface OldAuthConfig {
+    mode: string;
+    transport?: OldTransportConfig;
+    [key: string]: unknown;
+}
+/**
+ * Metadata structure for migration
+ */
+interface MigratableMetadata {
+    auth?: OldAuthConfig;
+    session?: SessionOptions;
+    transport?: TransportOptionsInput;
+    redis?: RedisOptionsInput;
+}
+/**
+ * Reset deprecation warning flag (for testing)
+ */
+export declare function resetDeprecationWarning(): void;
+/**
+ * Check if config needs migration
+ */
+export declare function needsMigration(metadata: MigratableMetadata): boolean;
+/**
+ * Migrate old config structure to new structure
+ *
+ * Returns the migrated values that should be applied to the metadata
+ */
+export declare function migrateAuthTransportConfig(metadata: MigratableMetadata): {
+    transport?: TransportOptionsInput;
+    redis?: RedisOptionsInput;
+    auth?: OldAuthConfig;
+};
+/**
+ * Apply migration to metadata (mutates in place for decorator use)
+ *
+ * This function takes a metadata object with the old config structure
+ * and transforms it to the new structure in place.
+ */
+export declare function applyMigration<T extends MigratableMetadata>(metadata: T): T;
+export {};

package/src/common/migrate/auth-transport.migrate.js

@@ -0,0 +1,140 @@
+"use strict";
+// common/migrate/auth-transport.migrate.ts
+//
+// Migration helper for auth.transport -> transport config
+//
+// This file handles backward compatibility for the old config structure.
+// DELETE THIS FILE when removing deprecated support (target: v1.0.0)
+//
+// Migration performed:
+// 1. auth.transport -> transport (top-level)
+// 2. session -> transport (merged)
+// 3. auth.transport.recreation.redis -> redis (top-level, if not already set)
+// 4. auth.tokenStorage.config -> references top-level redis
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.resetDeprecationWarning = resetDeprecationWarning;
+exports.needsMigration = needsMigration;
+exports.migrateAuthTransportConfig = migrateAuthTransportConfig;
+exports.applyMigration = applyMigration;
+let deprecationWarningShown = false;
+/**
+ * Show deprecation warning once per process
+ */
+function showDeprecationWarning(hasOldTransport, hasOldSession) {
+    if (deprecationWarningShown) {
+        return;
+    }
+    deprecationWarningShown = true;
+    const warnings = [];
+    if (hasOldTransport) {
+        warnings.push('  - auth.transport is deprecated, use top-level "transport" instead');
+    }
+    if (hasOldSession) {
+        warnings.push('  - session is deprecated, merge into top-level "transport" instead');
+    }
+    console.warn('\n[DEPRECATION WARNING] FrontMCP config structure has changed:\n' +
+        warnings.join('\n') +
+        '\n  - For Redis config, use top-level "redis" instead\n' +
+        '\nSee documentation: https://docs.agentfront.dev/docs/servers/server\n');
+}
+/**
+ * Reset deprecation warning flag (for testing)
+ */
+function resetDeprecationWarning() {
+    deprecationWarningShown = false;
+}
+/**
+ * Check if config needs migration
+ */
+function needsMigration(metadata) {
+    const hasOldTransport = !!(metadata.auth && 'transport' in metadata.auth && metadata.auth.transport);
+    const hasOldSession = !!metadata.session;
+    return hasOldTransport || hasOldSession;
+}
+/**
+ * Migrate old config structure to new structure
+ *
+ * Returns the migrated values that should be applied to the metadata
+ */
+function migrateAuthTransportConfig(metadata) {
+    const result = {};
+    const hasOldTransport = !!(metadata.auth && 'transport' in metadata.auth && metadata.auth.transport);
+    const hasOldSession = !!metadata.session;
+    if (!hasOldTransport && !hasOldSession) {
+        return result;
+    }
+    // Show deprecation warning
+    showDeprecationWarning(hasOldTransport, hasOldSession);
+    // Start with existing transport config if present
+    result.transport = { ...metadata.transport };
+    // Migrate session config
+    if (hasOldSession) {
+        const session = metadata.session;
+        result.transport = {
+            ...result.transport,
+            sessionMode: session.sessionMode,
+            transportIdMode: session.transportIdMode,
+            platformDetection: session.platformDetection,
+        };
+    }
+    // Migrate auth.transport config
+    if (hasOldTransport) {
+        const oldTransport = metadata.auth.transport;
+        // Merge transport protocol settings
+        result.transport = {
+            ...result.transport,
+            enableLegacySSE: oldTransport.enableLegacySSE ?? result.transport.enableLegacySSE,
+            enableSseListener: oldTransport.enableSseListener ?? result.transport.enableSseListener,
+            enableStreamableHttp: oldTransport.enableStreamableHttp ?? result.transport.enableStreamableHttp,
+            enableStatelessHttp: oldTransport.enableStatelessHttp ?? result.transport.enableStatelessHttp,
+            enableStatefulHttp: oldTransport.enableStatefulHttp ?? result.transport.enableStatefulHttp,
+            requireSessionForStreamable: oldTransport.requireSessionForStreamable ?? result.transport.requireSessionForStreamable,
+        };
+        // Migrate recreation -> persistence
+        if (oldTransport.recreation) {
+            result.transport.persistence = {
+                enabled: oldTransport.recreation.enabled ?? false,
+                redis: oldTransport.recreation.redis,
+                defaultTtlMs: oldTransport.recreation.defaultTtlMs,
+            };
+            // Extract Redis config to top-level if not already present
+            if (oldTransport.recreation.redis && !metadata.redis) {
+                result.redis = oldTransport.recreation.redis;
+            }
+        }
+        // Create clean auth without transport
+        // eslint-disable-next-line @typescript-eslint/no-unused-vars
+        const { transport: _, ...cleanAuth } = metadata.auth;
+        result.auth = cleanAuth;
+    }
+    return result;
+}
+/**
+ * Apply migration to metadata (mutates in place for decorator use)
+ *
+ * This function takes a metadata object with the old config structure
+ * and transforms it to the new structure in place.
+ */
+function applyMigration(metadata) {
+    if (!needsMigration(metadata)) {
+        return metadata;
+    }
+    const migrated = migrateAuthTransportConfig(metadata);
+    // Apply migrated transport config
+    if (migrated.transport) {
+        metadata['transport'] = {
+            ...metadata.transport,
+            ...migrated.transport,
+        };
+    }
+    // Apply migrated redis config
+    if (migrated.redis) {
+        metadata['redis'] = migrated.redis;
+    }
+    // Apply cleaned auth config (without transport)
+    if (migrated.auth) {
+        metadata.auth = migrated.auth;
+    }
+    return metadata;
+}
+//# sourceMappingURL=auth-transport.migrate.js.map

package/src/common/migrate/auth-transport.migrate.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-transport.migrate.js","sourceRoot":"","sources":["../../../../src/common/migrate/auth-transport.migrate.ts"],"names":[],"mappings":";AAAA,2CAA2C;AAC3C,EAAE;AACF,0DAA0D;AAC1D,EAAE;AACF,yEAAyE;AACzE,qEAAqE;AACrE,EAAE;AACF,uBAAuB;AACvB,6CAA6C;AAC7C,mCAAmC;AACnC,8EAA8E;AAC9E,4DAA4D;;AAwE5D,0DAEC;AAKD,wCAIC;AAOD,gEAwEC;AAQD,wCA0BC;AA1JD,IAAI,uBAAuB,GAAG,KAAK,CAAC;AAEpC;;GAEG;AACH,SAAS,sBAAsB,CAAC,eAAwB,EAAE,aAAsB;IAC9E,IAAI,uBAAuB,EAAE,CAAC;QAC5B,OAAO;IACT,CAAC;IACD,uBAAuB,GAAG,IAAI,CAAC;IAE/B,MAAM,QAAQ,GAAa,EAAE,CAAC;IAC9B,IAAI,eAAe,EAAE,CAAC;QACpB,QAAQ,CAAC,IAAI,CAAC,qEAAqE,CAAC,CAAC;IACvF,CAAC;IACD,IAAI,aAAa,EAAE,CAAC;QAClB,QAAQ,CAAC,IAAI,CAAC,qEAAqE,CAAC,CAAC;IACvF,CAAC;IAED,OAAO,CAAC,IAAI,CACV,kEAAkE;QAChE,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC;QACnB,yDAAyD;QACzD,wEAAwE,CAC3E,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAgB,uBAAuB;IACrC,uBAAuB,GAAG,KAAK,CAAC;AAClC,CAAC;AAED;;GAEG;AACH,SAAgB,cAAc,CAAC,QAA4B;IACzD,MAAM,eAAe,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,IAAI,WAAW,IAAI,QAAQ,CAAC,IAAI,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IACrG,MAAM,aAAa,GAAG,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC;IACzC,OAAO,eAAe,IAAI,aAAa,CAAC;AAC1C,CAAC;AAED;;;;GAIG;AACH,SAAgB,0BAA0B,CAAC,QAA4B;IAKrE,MAAM,MAAM,GAIR,EAAE,CAAC;IAEP,MAAM,eAAe,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,IAAI,WAAW,IAAI,QAAQ,CAAC,IAAI,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IACrG,MAAM,aAAa,GAAG,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC;IAEzC,IAAI,CAAC,eAAe,IAAI,CAAC,aAAa,EAAE,CAAC;QACvC,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,2BAA2B;IAC3B,sBAAsB,CAAC,eAAe,EAAE,aAAa,CAAC,CAAC;IAEvD,kDAAkD;IAClD,MAAM,CAAC,SAAS,GAAG,EAAE,GAAG,QAAQ,CAAC,SAAS,EAAE,CAAC;IAE7C,yBAAyB;IACzB,IAAI,aAAa,EAAE,CAAC;QAClB,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAQ,CAAC;QAClC,MAAM,CAAC,SAAS,GAAG;YACjB,GAAG,MAAM,CAAC,SAAS;YACnB,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,eAAe,EAAE,OAAO,CAAC,eAAe;YACxC,iBAAiB,EAAE,OAAO,CAAC,iBAAiB;SAC7C,CAAC;IACJ,CAAC;IAED,gCAAgC;IAChC,IAAI,eAAe,EAAE,CAAC;QACpB,MAAM,YAAY,GAAG,QAAQ,CAAC,IAAK,CAAC,SAAU,CAAC;QAE/C,oCAAoC;QACpC,MAAM,CAAC,SAAS,GAAG;YACjB,GAAG,MAAM,CAAC,SAAS;YACnB,eAAe,EAAE,YAAY,CAAC,eAAe,IAAI,MAAM,CAAC,SAAS,CAAC,eAAe;YACjF,iBAAiB,EAAE,YAAY,CAAC,iBAAiB,IAAI,MAAM,CAAC,SAAS,CAAC,iBAAiB;YACvF,oBAAoB,EAAE,YAAY,CAAC,oBAAoB,IAAI,MAAM,CAAC,SAAS,CAAC,oBAAoB;YAChG,mBAAmB,EAAE,YAAY,CAAC,mBAAmB,IAAI,MAAM,CAAC,SAAS,CAAC,mBAAmB;YAC7F,kBAAkB,EAAE,YAAY,CAAC,kBAAkB,IAAI,MAAM,CAAC,SAAS,CAAC,kBAAkB;YAC1F,2BAA2B,EACzB,YAAY,CAAC,2BAA2B,IAAI,MAAM,CAAC,SAAS,CAAC,2BAA2B;SAC3F,CAAC;QAEF,oCAAoC;QACpC,IAAI,YAAY,CAAC,UAAU,EAAE,CAAC;YAC5B,MAAM,CAAC,SAAS,CAAC,WAAW,GAAG;gBAC7B,OAAO,EAAE,YAAY,CAAC,UAAU,CAAC,OAAO,IAAI,KAAK;gBACjD,KAAK,EAAE,YAAY,CAAC,UAAU,CAAC,KAAK;gBACpC,YAAY,EAAE,YAAY,CAAC,UAAU,CAAC,YAAY;aACnD,CAAC;YAEF,2DAA2D;YAC3D,IAAI,YAAY,CAAC,UAAU,CAAC,KAAK,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC;gBACrD,MAAM,CAAC,KAAK,GAAG,YAAY,CAAC,UAAU,CAAC,KAAK,CAAC;YAC/C,CAAC;QACH,CAAC;QAED,sCAAsC;QACtC,6DAA6D;QAC7D,MAAM,EAAE,SAAS,EAAE,CAAC,EAAE,GAAG,SAAS,EAAE,GAAG,QAAQ,CAAC,IAAK,CAAC;QACtD,MAAM,CAAC,IAAI,GAAG,SAA0B,CAAC;IAC3C,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;GAKG;AACH,SAAgB,cAAc,CAA+B,QAAW;IACtE,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC9B,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,MAAM,QAAQ,GAAG,0BAA0B,CAAC,QAAQ,CAAC,CAAC;IAEtD,kCAAkC;IAClC,IAAI,QAAQ,CAAC,SAAS,EAAE,CAAC;QACtB,QAAoC,CAAC,WAAW,CAAC,GAAG;YACnD,GAAG,QAAQ,CAAC,SAAS;YACrB,GAAG,QAAQ,CAAC,SAAS;SACtB,CAAC;IACJ,CAAC;IAED,8BAA8B;IAC9B,IAAI,QAAQ,CAAC,KAAK,EAAE,CAAC;QAClB,QAAoC,CAAC,OAAO,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC;IAClE,CAAC;IAED,gDAAgD;IAChD,IAAI,QAAQ,CAAC,IAAI,EAAE,CAAC;QAClB,QAAQ,CAAC,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC;IAChC,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC","sourcesContent":["// common/migrate/auth-transport.migrate.ts\n//\n// Migration helper for auth.transport -> transport config\n//\n// This file handles backward compatibility for the old config structure.\n// DELETE THIS FILE when removing deprecated support (target: v1.0.0)\n//\n// Migration performed:\n// 1. auth.transport -> transport (top-level)\n// 2. session -> transport (merged)\n// 3. auth.transport.recreation.redis -> redis (top-level, if not already set)\n// 4. auth.tokenStorage.config -> references top-level redis\n\nimport type { TransportOptionsInput } from '../types/options/transport.options';\nimport type { RedisOptionsInput } from '../types/options/redis.options';\nimport type { SessionOptions } from '../types/options/session.options';\n\n/**\n * Old transport config structure (nested under auth)\n */\ninterface OldTransportConfig {\n  enableLegacySSE?: boolean;\n  enableSseListener?: boolean;\n  enableStreamableHttp?: boolean;\n  enableStatelessHttp?: boolean;\n  enableStatefulHttp?: boolean;\n  requireSessionForStreamable?: boolean;\n  recreation?: {\n    enabled?: boolean;\n    redis?: RedisOptionsInput;\n    defaultTtlMs?: number;\n  };\n}\n\n/**\n * Old auth config structure (with nested transport)\n */\ninterface OldAuthConfig {\n  mode: string;\n  transport?: OldTransportConfig;\n  [key: string]: unknown;\n}\n\n/**\n * Metadata structure for migration\n */\ninterface MigratableMetadata {\n  auth?: OldAuthConfig;\n  session?: SessionOptions;\n  transport?: TransportOptionsInput;\n  redis?: RedisOptionsInput;\n}\n\nlet deprecationWarningShown = false;\n\n/**\n * Show deprecation warning once per process\n */\nfunction showDeprecationWarning(hasOldTransport: boolean, hasOldSession: boolean): void {\n  if (deprecationWarningShown) {\n    return;\n  }\n  deprecationWarningShown = true;\n\n  const warnings: string[] = [];\n  if (hasOldTransport) {\n    warnings.push('  - auth.transport is deprecated, use top-level \"transport\" instead');\n  }\n  if (hasOldSession) {\n    warnings.push('  - session is deprecated, merge into top-level \"transport\" instead');\n  }\n\n  console.warn(\n    '\\n[DEPRECATION WARNING] FrontMCP config structure has changed:\\n' +\n      warnings.join('\\n') +\n      '\\n  - For Redis config, use top-level \"redis\" instead\\n' +\n      '\\nSee documentation: https://docs.agentfront.dev/docs/servers/server\\n',\n  );\n}\n\n/**\n * Reset deprecation warning flag (for testing)\n */\nexport function resetDeprecationWarning(): void {\n  deprecationWarningShown = false;\n}\n\n/**\n * Check if config needs migration\n */\nexport function needsMigration(metadata: MigratableMetadata): boolean {\n  const hasOldTransport = !!(metadata.auth && 'transport' in metadata.auth && metadata.auth.transport);\n  const hasOldSession = !!metadata.session;\n  return hasOldTransport || hasOldSession;\n}\n\n/**\n * Migrate old config structure to new structure\n *\n * Returns the migrated values that should be applied to the metadata\n */\nexport function migrateAuthTransportConfig(metadata: MigratableMetadata): {\n  transport?: TransportOptionsInput;\n  redis?: RedisOptionsInput;\n  auth?: OldAuthConfig;\n} {\n  const result: {\n    transport?: TransportOptionsInput;\n    redis?: RedisOptionsInput;\n    auth?: OldAuthConfig;\n  } = {};\n\n  const hasOldTransport = !!(metadata.auth && 'transport' in metadata.auth && metadata.auth.transport);\n  const hasOldSession = !!metadata.session;\n\n  if (!hasOldTransport && !hasOldSession) {\n    return result;\n  }\n\n  // Show deprecation warning\n  showDeprecationWarning(hasOldTransport, hasOldSession);\n\n  // Start with existing transport config if present\n  result.transport = { ...metadata.transport };\n\n  // Migrate session config\n  if (hasOldSession) {\n    const session = metadata.session!;\n    result.transport = {\n      ...result.transport,\n      sessionMode: session.sessionMode,\n      transportIdMode: session.transportIdMode,\n      platformDetection: session.platformDetection,\n    };\n  }\n\n  // Migrate auth.transport config\n  if (hasOldTransport) {\n    const oldTransport = metadata.auth!.transport!;\n\n    // Merge transport protocol settings\n    result.transport = {\n      ...result.transport,\n      enableLegacySSE: oldTransport.enableLegacySSE ?? result.transport.enableLegacySSE,\n      enableSseListener: oldTransport.enableSseListener ?? result.transport.enableSseListener,\n      enableStreamableHttp: oldTransport.enableStreamableHttp ?? result.transport.enableStreamableHttp,\n      enableStatelessHttp: oldTransport.enableStatelessHttp ?? result.transport.enableStatelessHttp,\n      enableStatefulHttp: oldTransport.enableStatefulHttp ?? result.transport.enableStatefulHttp,\n      requireSessionForStreamable:\n        oldTransport.requireSessionForStreamable ?? result.transport.requireSessionForStreamable,\n    };\n\n    // Migrate recreation -> persistence\n    if (oldTransport.recreation) {\n      result.transport.persistence = {\n        enabled: oldTransport.recreation.enabled ?? false,\n        redis: oldTransport.recreation.redis,\n        defaultTtlMs: oldTransport.recreation.defaultTtlMs,\n      };\n\n      // Extract Redis config to top-level if not already present\n      if (oldTransport.recreation.redis && !metadata.redis) {\n        result.redis = oldTransport.recreation.redis;\n      }\n    }\n\n    // Create clean auth without transport\n    // eslint-disable-next-line @typescript-eslint/no-unused-vars\n    const { transport: _, ...cleanAuth } = metadata.auth!;\n    result.auth = cleanAuth as OldAuthConfig;\n  }\n\n  return result;\n}\n\n/**\n * Apply migration to metadata (mutates in place for decorator use)\n *\n * This function takes a metadata object with the old config structure\n * and transforms it to the new structure in place.\n */\nexport function applyMigration<T extends MigratableMetadata>(metadata: T): T {\n  if (!needsMigration(metadata)) {\n    return metadata;\n  }\n\n  const migrated = migrateAuthTransportConfig(metadata);\n\n  // Apply migrated transport config\n  if (migrated.transport) {\n    (metadata as Record<string, unknown>)['transport'] = {\n      ...metadata.transport,\n      ...migrated.transport,\n    };\n  }\n\n  // Apply migrated redis config\n  if (migrated.redis) {\n    (metadata as Record<string, unknown>)['redis'] = migrated.redis;\n  }\n\n  // Apply cleaned auth config (without transport)\n  if (migrated.auth) {\n    metadata.auth = migrated.auth;\n  }\n\n  return metadata;\n}\n"]}

package/src/common/migrate/index.d.ts

@@ -0,0 +1 @@
+export * from './auth-transport.migrate';

package/src/common/migrate/index.js

@@ -0,0 +1,6 @@
+"use strict";
+// common/migrate/index.ts
+Object.defineProperty(exports, "__esModule", { value: true });
+const tslib_1 = require("tslib");
+tslib_1.__exportStar(require("./auth-transport.migrate"), exports);
+//# sourceMappingURL=index.js.map

package/src/common/migrate/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/common/migrate/index.ts"],"names":[],"mappings":";AAAA,0BAA0B;;;AAE1B,mEAAyC","sourcesContent":["// common/migrate/index.ts\n\nexport * from './auth-transport.migrate';\n"]}

package/src/common/schemas/http-output.schema.d.ts

@@ -298,19 +298,28 @@ export declare const HttpJsonRpcSchema: z.ZodObject<{
     kind: z.ZodLiteral<"jsonrpc">;
     status: z.ZodNumber;
     contentType: z.ZodDefault<z.ZodString>;
-    body: z.ZodUnion<readonly [z.ZodObject<{
+    body: z.ZodUnion<readonly [z.ZodUnion<readonly [z.ZodObject<{
         jsonrpc: z.ZodLiteral<"2.0">;
         id: z.ZodUnion<readonly [z.ZodString, z.ZodNumber]>;
         result: z.ZodObject<{
             _meta: z.ZodOptional<z.ZodObject<{
+                progressToken: z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodNumber]>>;
                 "io.modelcontextprotocol/related-task": z.ZodOptional<z.ZodObject<{
                     taskId: z.ZodString;
-                }, z.core.$loose>>;
+                }, z.core.$strip>>;
             }, z.core.$loose>>;
         }, z.core.$loose>;
     }, z.core.$strict>, z.ZodObject<{
         jsonrpc: z.ZodLiteral<"2.0">;
-        id: z.ZodUnion<readonly [z.ZodString, z.ZodNumber]>;
+        id: z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodNumber]>>;
+        error: z.ZodObject<{
+            code: z.ZodNumber;
+            message: z.ZodString;
+            data: z.ZodOptional<z.ZodUnknown>;
+        }, z.core.$strip>;
+    }, z.core.$strict>]>, z.ZodObject<{
+        jsonrpc: z.ZodLiteral<"2.0">;
+        id: z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodNumber]>>;
         error: z.ZodObject<{
             code: z.ZodNumber;
             message: z.ZodString;
@@ -596,19 +605,28 @@ export declare const httpOutputSchema: z.ZodDiscriminatedUnion<[z.ZodObject<{
     kind: z.ZodLiteral<"jsonrpc">;
     status: z.ZodNumber;
     contentType: z.ZodDefault<z.ZodString>;
-    body: z.ZodUnion<readonly [z.ZodObject<{
+    body: z.ZodUnion<readonly [z.ZodUnion<readonly [z.ZodObject<{
         jsonrpc: z.ZodLiteral<"2.0">;
         id: z.ZodUnion<readonly [z.ZodString, z.ZodNumber]>;
         result: z.ZodObject<{
             _meta: z.ZodOptional<z.ZodObject<{
+                progressToken: z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodNumber]>>;
                 "io.modelcontextprotocol/related-task": z.ZodOptional<z.ZodObject<{
                     taskId: z.ZodString;
-                }, z.core.$loose>>;
+                }, z.core.$strip>>;
             }, z.core.$loose>>;
         }, z.core.$loose>;
     }, z.core.$strict>, z.ZodObject<{
         jsonrpc: z.ZodLiteral<"2.0">;
-        id: z.ZodUnion<readonly [z.ZodString, z.ZodNumber]>;
+        id: z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodNumber]>>;
+        error: z.ZodObject<{
+            code: z.ZodNumber;
+            message: z.ZodString;
+            data: z.ZodOptional<z.ZodUnknown>;
+        }, z.core.$strip>;
+    }, z.core.$strict>]>, z.ZodObject<{
+        jsonrpc: z.ZodLiteral<"2.0">;
+        id: z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodNumber]>>;
         error: z.ZodObject<{
             code: z.ZodNumber;
             message: z.ZodString;

package/src/common/schemas/index.d.ts

@@ -1,3 +1,4 @@
 export * from './annotated-class.schema';
 export * from './http-output.schema';
 export * from './http-input.schema';
+export * from './session-header.schema';

package/src/common/schemas/index.js

@@ -4,4 +4,5 @@ const tslib_1 = require("tslib");
 tslib_1.__exportStar(require("./annotated-class.schema"), exports);
 tslib_1.__exportStar(require("./http-output.schema"), exports);
 tslib_1.__exportStar(require("./http-input.schema"), exports);
+tslib_1.__exportStar(require("./session-header.schema"), exports);
 //# sourceMappingURL=index.js.map

package/src/common/schemas/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/common/schemas/index.ts"],"names":[],"mappings":";;;AAAA,mEAAyC;AACzC,+DAAqC;AACrC,8DAAoC","sourcesContent":["export * from './annotated-class.schema';\nexport * from './http-output.schema';\nexport * from './http-input.schema';"]}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/common/schemas/index.ts"],"names":[],"mappings":";;;AAAA,mEAAyC;AACzC,+DAAqC;AACrC,8DAAoC;AACpC,kEAAwC","sourcesContent":["export * from './annotated-class.schema';\nexport * from './http-output.schema';\nexport * from './http-input.schema';\nexport * from './session-header.schema';\n"]}

package/src/common/schemas/session-header.schema.d.ts

@@ -0,0 +1,16 @@
+import { z } from 'zod';
+/**
+ * Zod schema for validating mcp-session-id header format.
+ * Uses Zod's built-in validators to prevent ReDoS attacks and ensure safe validation.
+ *
+ * - Max length: 2048 characters (encrypted session IDs can be 460-700+ characters
+ *   due to AES-256-GCM encryption producing base64url format: iv.tag.ciphertext)
+ * - Only allows printable ASCII characters (0x20-0x7E)
+ * - Rejects control characters and null bytes
+ */
+export declare const mcpSessionHeaderSchema: z.ZodString;
+/**
+ * Validate mcp-session-id header using Zod schema.
+ * Returns undefined for invalid or missing values.
+ */
+export declare function validateMcpSessionHeader(value: string | undefined): string | undefined;