@frontmcp/sdk 0.6.0 → 0.6.2

package/src/common/utils/decide-request-intent.utils.js

@@ -1,391 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.decisionSchema = exports.intentSchema = void 0;
-exports.decideIntent = decideIntent;
-const zod_1 = require("zod");
-/* --------------------------------- Schemas --------------------------------- */
-exports.intentSchema = zod_1.z.union([
-    zod_1.z.literal('legacy-sse'),
-    zod_1.z.literal('sse'),
-    zod_1.z.literal('streamable-http'),
-    zod_1.z.literal('stateful-http'),
-    zod_1.z.literal('stateless-http'),
-    zod_1.z.literal('delete-session'),
-    zod_1.z.literal('unknown'),
-]);
-exports.decisionSchema = zod_1.z.object({
-    intent: exports.intentSchema,
-    reasons: zod_1.z.array(zod_1.z.string()),
-    recommendation: zod_1.z
-        .object({
-        httpStatus: zod_1.z.number(),
-        message: zod_1.z.string(),
-    })
-        .optional(),
-    // Echo back bits for debugging/telemetry if you like
-    debug: zod_1.z
-        .object({
-        key: zod_1.z.number(),
-        channel: zod_1.z.number(),
-        flags: zod_1.z.number(),
-    })
-        .optional(),
-});
-/* ------------------------------- Bit layout ---------------------------------
-
-bits 0..2  CHANNEL
-           000 OTHER
-           001 GET_SSE                 (GET + Accept: text/event-stream)
-           010 POST_INIT_JSON          (POST initialize + Accept: application/json or default JSON)
-           011 POST_INIT_SSE           (POST initialize + Accept: text/event-stream)
-           100 POST_JSON               (POST non-init + Accept: application/json or default JSON)
-           101 POST_SSE                (POST non-init + Accept: text/event-stream)
-           110 POST_MESSAGE            (POST to /message)  ← legacy bridge
-
-bit 3      HAS_SESSION                 (Mcp-Session-Id present)
-bit 4      STATELESS_EN                (config: enableStatelessHttp)
-bit 5      REQ_SESSION                 (config: requireSessionForStreamable)
-bit 6      LEGACY_HINT                 (x-legacy-sse=true OR session.transportType=legacy-sse)
-bit 7      SSE_LISTENER_EN             (config: enableSseListener)
-bit 8      STREAMABLE_EN               (config: enableStreamableHttp)
-bit 9      STATEFUL_EN                 (config: enableStatefulHttp)
-bit 10     LEGACY_EN                   (config: enableLegacySSE)
-
------------------------------------------------------------------------------ */
-// --- Channels ---------------------------------------------------------------
-const CH_OTHER = 0b000;
-const CH_GET_SSE = 0b001; // GET / + SSE (not handled, forward to next middleware)
-const CH_POST_INIT_JSON = 0b010;
-const CH_POST_INIT_SSE = 0b011;
-const CH_POST_JSON = 0b100;
-const CH_POST_SSE = 0b101;
-const CH_POST_MESSAGE = 0b110; // POST /message (legacy bridge)
-const CH_GET_SSE_PATH = 0b111; // GET /sse path (legacy SSE initialize)
-const CH_MASK = 0b00000111;
-// --- Flags ------------------------------------------------------------------
-const B_HAS_SESSION = 1 << 3; // 8
-const B_STATELESS_EN = 1 << 4; // 16
-const B_REQ_SESSION = 1 << 5; // 32
-const B_LEGACY_HINT = 1 << 6; // 64 (kept for telemetry; not required by merged rules)
-const B_SSE_LISTENER_EN = 1 << 7; // 128
-const B_STREAMABLE_EN = 1 << 8; // 256
-const B_STATEFUL_EN = 1 << 9; // 512
-const B_LEGACY_EN = 1 << 10; // 1024
-// --- Minimal helpers ---------------------------------------------------------
-const h = (req, name) => Object.entries(req.headers).find(([k]) => k.toLowerCase() === name.toLowerCase())?.[1];
-const wantsSSE = (accept) => (accept ?? '').toLowerCase().includes('text/event-stream');
-const wantsJSON = (accept) => (accept ?? '').toLowerCase().includes('application/json');
-const isInitialize = (body) => !!body && typeof body === 'object' && body.method === 'initialize';
-// Robust path extractor (supports absolute/relative)
-function pathOf(req) {
-    const anyReq = req;
-    const raw = anyReq.path ?? anyReq.pathname ?? anyReq.url ?? '/';
-    try {
-        const u = new URL(String(raw), 'http://local');
-        return u.pathname || '/';
-    }
-    catch {
-        return String(raw).split('?')[0] || '/';
-    }
-}
-// Check if path is the legacy SSE path (/sse)
-function isLegacySsePath(path) {
-    return path === '/sse' || path.endsWith('/sse');
-}
-/** Optionally extract transportType from base64 JSON session id, if you embed it. */
-function tryDecodeTransportType(sessionId) {
-    if (!sessionId)
-        return;
-    try {
-        const b64 = sessionId.replace(/-/g, '+').replace(/_/g, '/');
-        const obj = JSON.parse(Buffer.from(b64, 'base64').toString('utf8'));
-        return obj?.transportType;
-    }
-    catch {
-        return;
-    }
-}
-// --- Build the 11-bit key ----------------------------------------------------
-function computeBitmap(req, cfg) {
-    const method = req.method.toUpperCase();
-    const accept = h(req, 'accept');
-    const sessionId = h(req, 'mcp-session-id');
-    const legacyHeader = h(req, 'x-legacy-sse') === 'true';
-    const transportType = tryDecodeTransportType(sessionId);
-    const path = pathOf(req);
-    const acceptSSE = wantsSSE(accept);
-    const acceptJSON = wantsJSON(accept) || (!accept && cfg.tolerateMissingAccept);
-    const init = method === 'POST' && isInitialize(req.body);
-    const postToMessage = method === 'POST' && (path === '/message' || path.endsWith('/message'));
-    const getToSsePath = method === 'GET' && isLegacySsePath(path);
-    const channel = method === 'POST' && postToMessage
-        ? CH_POST_MESSAGE
-        : getToSsePath && acceptSSE
-            ? CH_GET_SSE_PATH // GET /sse → legacy SSE channel
-            : method === 'GET' && acceptSSE
-                ? CH_GET_SSE // GET / + SSE → forward to next middleware (unknown)
-                : method === 'POST' && init && acceptSSE
-                    ? CH_POST_INIT_SSE
-                    : method === 'POST' && init && acceptJSON
-                        ? CH_POST_INIT_JSON
-                        : method === 'POST' && !init && acceptSSE
-                            ? CH_POST_SSE
-                            : method === 'POST' && !init && acceptJSON
-                                ? CH_POST_JSON
-                                : CH_OTHER;
-    let flags = 0;
-    if (sessionId)
-        flags |= B_HAS_SESSION;
-    if (cfg.enableStatelessHttp)
-        flags |= B_STATELESS_EN;
-    if (cfg.requireSessionForStreamable)
-        flags |= B_REQ_SESSION;
-    if (legacyHeader || transportType === 'legacy-sse')
-        flags |= B_LEGACY_HINT; // informational
-    if (cfg.enableSseListener)
-        flags |= B_SSE_LISTENER_EN;
-    if (cfg.enableStreamableHttp)
-        flags |= B_STREAMABLE_EN;
-    if (cfg.enableStatefulHttp)
-        flags |= B_STATEFUL_EN;
-    if (cfg.enableLegacySSE)
-        flags |= B_LEGACY_EN;
-    return { key: (channel & CH_MASK) | flags, channel, flags, init };
-}
-// --- Rules (merged semantics) -----------------------------------------------
-const RULES = [
-    // A) Legacy SSE via GET /sse path (without session) → requires legacy enabled
-    {
-        care: CH_MASK | B_HAS_SESSION | B_LEGACY_EN,
-        match: CH_GET_SSE_PATH | B_LEGACY_EN, // HAS_SESSION must be 0; it's in 'care' but not in 'match'
-        outcome: { intent: 'legacy-sse', reason: 'GET /sse without Mcp-Session-Id → legacy SSE.' },
-    },
-    {
-        care: CH_MASK | B_HAS_SESSION | B_LEGACY_EN,
-        match: CH_GET_SSE_PATH /* legacy disabled; HAS_SESSION=0 */,
-        outcome: {
-            intent: 'unknown',
-            reason: 'Legacy SSE disabled.',
-            recommendation: { httpStatus: 405, message: 'Legacy SSE disabled' },
-        },
-    },
-    // A2) GET / + SSE (not /sse path) with session ID → SSE listener for streamable-http
-    // Per MCP 2025-11-25 spec, clients can open SSE stream via GET with session ID
-    {
-        care: CH_MASK | B_HAS_SESSION | B_SSE_LISTENER_EN | B_STREAMABLE_EN,
-        match: CH_GET_SSE | B_HAS_SESSION | B_SSE_LISTENER_EN | B_STREAMABLE_EN,
-        outcome: { intent: 'streamable-http', reason: 'GET / with session ID → SSE listener for streamable-http.' },
-    },
-    // A2b) GET / + SSE with session but listener/streamable disabled
-    {
-        care: CH_MASK | B_HAS_SESSION | B_SSE_LISTENER_EN,
-        match: CH_GET_SSE | B_HAS_SESSION /* listener disabled */,
-        outcome: {
-            intent: 'unknown',
-            reason: 'SSE listener disabled for GET / requests.',
-            recommendation: { httpStatus: 405, message: 'SSE listener disabled' },
-        },
-    },
-    // A2c) GET / + SSE without session → forward to next middleware
-    {
-        care: CH_MASK | B_HAS_SESSION,
-        match: CH_GET_SSE /* no session */,
-        outcome: {
-            intent: 'unknown',
-            reason: 'GET / with SSE requires session for MCP transport.',
-        },
-    },
-    // B) Legacy SSE: POST /message WITH session id
-    {
-        care: CH_MASK | B_HAS_SESSION | B_LEGACY_EN,
-        match: CH_POST_MESSAGE | B_HAS_SESSION | B_LEGACY_EN,
-        outcome: { intent: 'legacy-sse', reason: 'POST /message with Mcp-Session-Id → legacy SSE bridge.' },
-    },
-    {
-        care: CH_MASK | B_HAS_SESSION | B_LEGACY_EN,
-        match: CH_POST_MESSAGE | B_HAS_SESSION /* legacy disabled */,
-        outcome: {
-            intent: 'unknown',
-            reason: 'Legacy /message endpoint disabled.',
-            recommendation: { httpStatus: 405, message: 'Legacy SSE disabled' },
-        },
-    },
-    // C) Modern SSE (GET /sse with session) → requires SSE listener enabled
-    {
-        care: CH_MASK | B_SSE_LISTENER_EN | B_HAS_SESSION,
-        match: CH_GET_SSE_PATH | B_HAS_SESSION /* listener disabled */,
-        outcome: {
-            intent: 'unknown',
-            reason: 'SSE listener disabled.',
-            recommendation: { httpStatus: 405, message: 'SSE listener disabled' },
-        },
-    },
-    {
-        care: CH_MASK | B_SSE_LISTENER_EN | B_HAS_SESSION,
-        match: CH_GET_SSE_PATH | B_SSE_LISTENER_EN | B_HAS_SESSION,
-        outcome: { intent: 'sse', reason: 'GET /sse with Mcp-Session-Id.' },
-    },
-    // D) Initialize (POST → SSE)
-    // D1) Stateless initialize (no session, stateless enabled) - must come before streamable rules
-    {
-        care: CH_MASK | B_HAS_SESSION | B_STATELESS_EN,
-        match: CH_POST_INIT_SSE | B_STATELESS_EN /* no session */,
-        outcome: { intent: 'stateless-http', reason: 'Stateless initialize (no session).' },
-    },
-    {
-        care: CH_MASK | B_STREAMABLE_EN,
-        match: CH_POST_INIT_SSE /* streamable disabled */,
-        outcome: {
-            intent: 'unknown',
-            reason: 'Streamable HTTP disabled.',
-            recommendation: { httpStatus: 405, message: 'Streamable HTTP disabled' },
-        },
-    },
-    {
-        care: CH_MASK | B_STREAMABLE_EN,
-        match: CH_POST_INIT_SSE | B_STREAMABLE_EN,
-        outcome: { intent: 'streamable-http', reason: 'Initialize with SSE.' },
-    },
-    // E) Initialize (POST → JSON)
-    // E1) Stateless initialize JSON (no session, stateless enabled) - must come before stateful rules
-    {
-        care: CH_MASK | B_HAS_SESSION | B_STATELESS_EN,
-        match: CH_POST_INIT_JSON | B_STATELESS_EN /* no session */,
-        outcome: { intent: 'stateless-http', reason: 'Stateless initialize JSON (no session).' },
-    },
-    {
-        care: CH_MASK | B_STREAMABLE_EN,
-        match: CH_POST_INIT_JSON /* streamable disabled */,
-        outcome: {
-            intent: 'unknown',
-            reason: 'JSON mode disabled.',
-            recommendation: { httpStatus: 405, message: 'JSON mode disabled' },
-        },
-    },
-    {
-        care: CH_MASK | B_STREAMABLE_EN,
-        match: CH_POST_INIT_JSON | B_STREAMABLE_EN,
-        outcome: { intent: 'stateful-http', reason: 'Initialize with JSON.' },
-    },
-    // F) POST non-init → SSE
-    {
-        care: CH_MASK | B_REQ_SESSION | B_HAS_SESSION | B_STATELESS_EN,
-        match: CH_POST_SSE | B_REQ_SESSION /* !HAS_SESSION & !STATELESS_EN */,
-        outcome: {
-            intent: 'unknown',
-            reason: 'POST SSE requires session.',
-            recommendation: { httpStatus: 400, message: 'Initialize required (no Mcp-Session-Id)' },
-        },
-    },
-    {
-        care: CH_MASK | B_STREAMABLE_EN,
-        match: CH_POST_SSE /* streamable disabled */,
-        outcome: {
-            intent: 'unknown',
-            reason: 'Streamable HTTP disabled.',
-            recommendation: { httpStatus: 405, message: 'Streamable HTTP disabled' },
-        },
-    },
-    {
-        care: CH_MASK | B_HAS_SESSION | B_STATELESS_EN,
-        match: CH_POST_SSE | B_STATELESS_EN /* no session */,
-        outcome: { intent: 'stateless-http', reason: 'Stateless short-lived SSE.' },
-    },
-    {
-        care: CH_MASK,
-        match: CH_POST_SSE,
-        outcome: { intent: 'streamable-http', reason: 'Short-lived SSE for this request.' },
-    },
-    // G) POST non-init → JSON
-    {
-        care: CH_MASK | B_REQ_SESSION | B_HAS_SESSION | B_STATELESS_EN,
-        match: CH_POST_JSON | B_REQ_SESSION /* !HAS_SESSION & !STATELESS_EN */,
-        outcome: {
-            intent: 'unknown',
-            reason: 'POST JSON requires session.',
-            recommendation: { httpStatus: 400, message: 'Initialize required (no Mcp-Session-Id)' },
-        },
-    },
-    {
-        care: CH_MASK | B_STATEFUL_EN | B_STREAMABLE_EN,
-        match: CH_POST_JSON /* neither enabled */,
-        outcome: {
-            intent: 'unknown',
-            reason: 'JSON mode disabled.',
-            recommendation: { httpStatus: 405, message: 'JSON mode disabled' },
-        },
-    },
-    {
-        care: CH_MASK | B_HAS_SESSION | B_STATELESS_EN,
-        match: CH_POST_JSON | B_STATELESS_EN /* no session */,
-        outcome: { intent: 'stateless-http', reason: 'Stateless JSON request.' },
-    },
-    {
-        care: CH_MASK,
-        match: CH_POST_JSON,
-        outcome: { intent: 'stateful-http', reason: 'Aggregated JSON response.' },
-    },
-    // H) Fallback
-    {
-        care: CH_MASK,
-        match: CH_OTHER,
-        outcome: {
-            intent: 'unknown',
-            reason: 'Method/Accept not allowed.',
-            recommendation: { httpStatus: 405, message: 'Method/Accept not allowed' },
-        },
-    },
-];
-// --- Public API --------------------------------------------------------------
-function decideIntent(req, cfg) {
-    const reasons = [];
-    const method = req.method.toUpperCase();
-    // Handle HTTP DELETE for session termination (MCP 2025-11-25 spec)
-    if (method === 'DELETE') {
-        const sessionId = h(req, 'mcp-session-id');
-        if (!sessionId) {
-            return {
-                intent: 'unknown',
-                reasons: ['DELETE requires Mcp-Session-Id header.'],
-                recommendation: { httpStatus: 400, message: 'Session ID required for DELETE' },
-                debug: { key: 0, channel: 0, flags: 0 },
-            };
-        }
-        return {
-            intent: 'delete-session',
-            reasons: ['DELETE with Mcp-Session-Id → session termination.'],
-            debug: { key: 0, channel: 0, flags: sessionId ? B_HAS_SESSION : 0 },
-        };
-    }
-    const { key, channel, flags, init } = computeBitmap(req, cfg);
-    // Optional strict Accept validation for POST (incl. /message)
-    if (method === 'POST') {
-        const accept = h(req, 'accept');
-        const acceptsSSE = wantsSSE(accept);
-        const acceptsJSON = wantsJSON(accept) || (!accept && cfg.tolerateMissingAccept);
-        if (!acceptsSSE && !acceptsJSON) {
-            return {
-                intent: 'unknown',
-                reasons: ['Client must accept application/json or text/event-stream.'],
-                recommendation: { httpStatus: 406, message: 'Not acceptable' },
-                debug: { key, channel, flags },
-            };
-        }
-    }
-    for (const rule of RULES) {
-        if ((key & rule.care) === rule.match) {
-            const { reason, ...rest } = rule.outcome;
-            reasons.push(reason);
-            if (init)
-                reasons.push('Initialize body detected.');
-            return { ...rest, reasons, debug: { key, channel, flags } };
-        }
-    }
-    return {
-        intent: 'unknown',
-        reasons: ['No matching rule.'],
-        recommendation: { httpStatus: 500, message: 'Unroutable request' },
-        debug: { key, channel, flags },
-    };
-}
-//# sourceMappingURL=decide-request-intent.utils.js.map

package/src/common/utils/decide-request-intent.utils.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"decide-request-intent.utils.js","sourceRoot":"","sources":["../../../../src/common/utils/decide-request-intent.utils.ts"],"names":[],"mappings":";;;AA4YA,oCAsDC;AAlcD,6BAAwB;AAGxB,iFAAiF;AAEpE,QAAA,YAAY,GAAG,OAAC,CAAC,KAAK,CAAC;IAClC,OAAC,CAAC,OAAO,CAAC,YAAY,CAAC;IACvB,OAAC,CAAC,OAAO,CAAC,KAAK,CAAC;IAChB,OAAC,CAAC,OAAO,CAAC,iBAAiB,CAAC;IAC5B,OAAC,CAAC,OAAO,CAAC,eAAe,CAAC;IAC1B,OAAC,CAAC,OAAO,CAAC,gBAAgB,CAAC;IAC3B,OAAC,CAAC,OAAO,CAAC,gBAAgB,CAAC;IAC3B,OAAC,CAAC,OAAO,CAAC,SAAS,CAAC;CACrB,CAAC,CAAC;AAEU,QAAA,cAAc,GAAG,OAAC,CAAC,MAAM,CAAC;IACrC,MAAM,EAAE,oBAAY;IACpB,OAAO,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;IAC5B,cAAc,EAAE,OAAC;SACd,MAAM,CAAC;QACN,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE;QACtB,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE;KACpB,CAAC;SACD,QAAQ,EAAE;IACb,qDAAqD;IACrD,KAAK,EAAE,OAAC;SACL,MAAM,CAAC;QACN,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE;QACf,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE;QACnB,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE;KAClB,CAAC;SACD,QAAQ,EAAE;CACd,CAAC,CAAC;AA8BH;;;;;;;;;;;;;;;;;;;;gFAoBgF;AAEhF,+EAA+E;AAE/E,MAAM,QAAQ,GAAG,KAAK,CAAC;AACvB,MAAM,UAAU,GAAG,KAAK,CAAC,CAAC,wDAAwD;AAClF,MAAM,iBAAiB,GAAG,KAAK,CAAC;AAChC,MAAM,gBAAgB,GAAG,KAAK,CAAC;AAC/B,MAAM,YAAY,GAAG,KAAK,CAAC;AAC3B,MAAM,WAAW,GAAG,KAAK,CAAC;AAC1B,MAAM,eAAe,GAAG,KAAK,CAAC,CAAC,gCAAgC;AAC/D,MAAM,eAAe,GAAG,KAAK,CAAC,CAAC,wCAAwC;AAEvE,MAAM,OAAO,GAAG,UAAU,CAAC;AAE3B,+EAA+E;AAE/E,MAAM,aAAa,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI;AAClC,MAAM,cAAc,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK;AACpC,MAAM,aAAa,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK;AACnC,MAAM,aAAa,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,wDAAwD;AACtF,MAAM,iBAAiB,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM;AACxC,MAAM,eAAe,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM;AACtC,MAAM,aAAa,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM;AACpC,MAAM,WAAW,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC,OAAO;AAEpC,gFAAgF;AAEhF,MAAM,CAAC,GAAG,CAAC,GAAkB,EAAE,IAAY,EAAE,EAAE,CAC7C,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,KAAK,IAAI,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;AAEzF,MAAM,QAAQ,GAAG,CAAC,MAAe,EAAE,EAAE,CAAC,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,mBAAmB,CAAC,CAAC;AACjG,MAAM,SAAS,GAAG,CAAC,MAAe,EAAE,EAAE,CAAC,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,kBAAkB,CAAC,CAAC;AACjG,MAAM,YAAY,GAAG,CAAC,IAAa,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAK,IAAY,CAAC,MAAM,KAAK,YAAY,CAAC;AAEpH,qDAAqD;AACrD,SAAS,MAAM,CAAC,GAAkB;IAChC,MAAM,MAAM,GAAG,GAAU,CAAC;IAC1B,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,IAAI,MAAM,CAAC,QAAQ,IAAI,MAAM,CAAC,GAAG,IAAI,GAAG,CAAC;IAChE,IAAI,CAAC;QACH,MAAM,CAAC,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,cAAc,CAAC,CAAC;QAC/C,OAAO,CAAC,CAAC,QAAQ,IAAI,GAAG,CAAC;IAC3B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,MAAM,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC;IAC1C,CAAC;AACH,CAAC;AAED,8CAA8C;AAC9C,SAAS,eAAe,CAAC,IAAY;IACnC,OAAO,IAAI,KAAK,MAAM,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;AAClD,CAAC;AAED,qFAAqF;AACrF,SAAS,sBAAsB,CAAC,SAAkB;IAChD,IAAI,CAAC,SAAS;QAAE,OAAO;IACvB,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,SAAS,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;QAC5D,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;QACpE,OAAO,GAAG,EAAE,aAAa,CAAC;IAC5B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO;IACT,CAAC;AACH,CAAC;AAED,gFAAgF;AAEhF,SAAS,aAAa,CAAC,GAAkB,EAAE,GAAW;IACpD,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;IACxC,MAAM,MAAM,GAAG,CAAC,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;IAChC,MAAM,SAAS,GAAG,CAAC,CAAC,GAAG,EAAE,gBAAgB,CAAC,CAAC;IAC3C,MAAM,YAAY,GAAG,CAAC,CAAC,GAAG,EAAE,cAAc,CAAC,KAAK,MAAM,CAAC;IACvD,MAAM,aAAa,GAAG,sBAAsB,CAAC,SAAS,CAAC,CAAC;IACxD,MAAM,IAAI,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC;IAEzB,MAAM,SAAS,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC;IACnC,MAAM,UAAU,GAAG,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,IAAI,GAAG,CAAC,qBAAqB,CAAC,CAAC;IAC/E,MAAM,IAAI,GAAG,MAAM,KAAK,MAAM,IAAI,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IACzD,MAAM,aAAa,GAAG,MAAM,KAAK,MAAM,IAAI,CAAC,IAAI,KAAK,UAAU,IAAI,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC;IAC9F,MAAM,YAAY,GAAG,MAAM,KAAK,KAAK,IAAI,eAAe,CAAC,IAAI,CAAC,CAAC;IAE/D,MAAM,OAAO,GACX,MAAM,KAAK,MAAM,IAAI,aAAa;QAChC,CAAC,CAAC,eAAe;QACjB,CAAC,CAAC,YAAY,IAAI,SAAS;YAC3B,CAAC,CAAC,eAAe,CAAC,gCAAgC;YAClD,CAAC,CAAC,MAAM,KAAK,KAAK,IAAI,SAAS;gBAC/B,CAAC,CAAC,UAAU,CAAC,qDAAqD;gBAClE,CAAC,CAAC,MAAM,KAAK,MAAM,IAAI,IAAI,IAAI,SAAS;oBACxC,CAAC,CAAC,gBAAgB;oBAClB,CAAC,CAAC,MAAM,KAAK,MAAM,IAAI,IAAI,IAAI,UAAU;wBACzC,CAAC,CAAC,iBAAiB;wBACnB,CAAC,CAAC,MAAM,KAAK,MAAM,IAAI,CAAC,IAAI,IAAI,SAAS;4BACzC,CAAC,CAAC,WAAW;4BACb,CAAC,CAAC,MAAM,KAAK,MAAM,IAAI,CAAC,IAAI,IAAI,UAAU;gCAC1C,CAAC,CAAC,YAAY;gCACd,CAAC,CAAC,QAAQ,CAAC;IAEf,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,IAAI,SAAS;QAAE,KAAK,IAAI,aAAa,CAAC;IACtC,IAAI,GAAG,CAAC,mBAAmB;QAAE,KAAK,IAAI,cAAc,CAAC;IACrD,IAAI,GAAG,CAAC,2BAA2B;QAAE,KAAK,IAAI,aAAa,CAAC;IAC5D,IAAI,YAAY,IAAI,aAAa,KAAK,YAAY;QAAE,KAAK,IAAI,aAAa,CAAC,CAAC,gBAAgB;IAC5F,IAAI,GAAG,CAAC,iBAAiB;QAAE,KAAK,IAAI,iBAAiB,CAAC;IACtD,IAAI,GAAG,CAAC,oBAAoB;QAAE,KAAK,IAAI,eAAe,CAAC;IACvD,IAAI,GAAG,CAAC,kBAAkB;QAAE,KAAK,IAAI,aAAa,CAAC;IACnD,IAAI,GAAG,CAAC,eAAe;QAAE,KAAK,IAAI,WAAW,CAAC;IAE9C,OAAO,EAAE,GAAG,EAAE,CAAC,OAAO,GAAG,OAAO,CAAC,GAAG,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;AACpE,CAAC;AAUD,+EAA+E;AAE/E,MAAM,KAAK,GAAW;IACpB,8EAA8E;IAC9E;QACE,IAAI,EAAE,OAAO,GAAG,aAAa,GAAG,WAAW;QAC3C,KAAK,EAAE,eAAe,GAAG,WAAW,EAAE,2DAA2D;QACjG,OAAO,EAAE,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,+CAA+C,EAAE;KAC3F;IACD;QACE,IAAI,EAAE,OAAO,GAAG,aAAa,GAAG,WAAW;QAC3C,KAAK,EAAE,eAAe,CAAC,oCAAoC;QAC3D,OAAO,EAAE;YACP,MAAM,EAAE,SAAS;YACjB,MAAM,EAAE,sBAAsB;YAC9B,cAAc,EAAE,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,qBAAqB,EAAE;SACpE;KACF;IAED,qFAAqF;IACrF,+EAA+E;IAC/E;QACE,IAAI,EAAE,OAAO,GAAG,aAAa,GAAG,iBAAiB,GAAG,eAAe;QACnE,KAAK,EAAE,UAAU,GAAG,aAAa,GAAG,iBAAiB,GAAG,eAAe;QACvE,OAAO,EAAE,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,2DAA2D,EAAE;KAC5G;IACD,iEAAiE;IACjE;QACE,IAAI,EAAE,OAAO,GAAG,aAAa,GAAG,iBAAiB;QACjD,KAAK,EAAE,UAAU,GAAG,aAAa,CAAC,uBAAuB;QACzD,OAAO,EAAE;YACP,MAAM,EAAE,SAAS;YACjB,MAAM,EAAE,2CAA2C;YACnD,cAAc,EAAE,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,uBAAuB,EAAE;SACtE;KACF;IACD,gEAAgE;IAChE;QACE,IAAI,EAAE,OAAO,GAAG,aAAa;QAC7B,KAAK,EAAE,UAAU,CAAC,gBAAgB;QAClC,OAAO,EAAE;YACP,MAAM,EAAE,SAAS;YACjB,MAAM,EAAE,oDAAoD;SAC7D;KACF;IAED,+CAA+C;IAC/C;QACE,IAAI,EAAE,OAAO,GAAG,aAAa,GAAG,WAAW;QAC3C,KAAK,EAAE,eAAe,GAAG,aAAa,GAAG,WAAW;QACpD,OAAO,EAAE,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,wDAAwD,EAAE;KACpG;IACD;QACE,IAAI,EAAE,OAAO,GAAG,aAAa,GAAG,WAAW;QAC3C,KAAK,EAAE,eAAe,GAAG,aAAa,CAAC,qBAAqB;QAC5D,OAAO,EAAE;YACP,MAAM,EAAE,SAAS;YACjB,MAAM,EAAE,oCAAoC;YAC5C,cAAc,EAAE,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,qBAAqB,EAAE;SACpE;KACF;IAED,wEAAwE;IACxE;QACE,IAAI,EAAE,OAAO,GAAG,iBAAiB,GAAG,aAAa;QACjD,KAAK,EAAE,eAAe,GAAG,aAAa,CAAC,uBAAuB;QAC9D,OAAO,EAAE;YACP,MAAM,EAAE,SAAS;YACjB,MAAM,EAAE,wBAAwB;YAChC,cAAc,EAAE,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,uBAAuB,EAAE;SACtE;KACF;IACD;QACE,IAAI,EAAE,OAAO,GAAG,iBAAiB,GAAG,aAAa;QACjD,KAAK,EAAE,eAAe,GAAG,iBAAiB,GAAG,aAAa;QAC1D,OAAO,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,+BAA+B,EAAE;KACpE;IAED,6BAA6B;IAC7B,+FAA+F;IAC/F;QACE,IAAI,EAAE,OAAO,GAAG,aAAa,GAAG,cAAc;QAC9C,KAAK,EAAE,gBAAgB,GAAG,cAAc,CAAC,gBAAgB;QACzD,OAAO,EAAE,EAAE,MAAM,EAAE,gBAAgB,EAAE,MAAM,EAAE,oCAAoC,EAAE;KACpF;IACD;QACE,IAAI,EAAE,OAAO,GAAG,eAAe;QAC/B,KAAK,EAAE,gBAAgB,CAAC,yBAAyB;QACjD,OAAO,EAAE;YACP,MAAM,EAAE,SAAS;YACjB,MAAM,EAAE,2BAA2B;YACnC,cAAc,EAAE,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,0BAA0B,EAAE;SACzE;KACF;IACD;QACE,IAAI,EAAE,OAAO,GAAG,eAAe;QAC/B,KAAK,EAAE,gBAAgB,GAAG,eAAe;QACzC,OAAO,EAAE,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,sBAAsB,EAAE;KACvE;IAED,8BAA8B;IAC9B,kGAAkG;IAClG;QACE,IAAI,EAAE,OAAO,GAAG,aAAa,GAAG,cAAc;QAC9C,KAAK,EAAE,iBAAiB,GAAG,cAAc,CAAC,gBAAgB;QAC1D,OAAO,EAAE,EAAE,MAAM,EAAE,gBAAgB,EAAE,MAAM,EAAE,yCAAyC,EAAE;KACzF;IACD;QACE,IAAI,EAAE,OAAO,GAAG,eAAe;QAC/B,KAAK,EAAE,iBAAiB,CAAC,yBAAyB;QAClD,OAAO,EAAE;YACP,MAAM,EAAE,SAAS;YACjB,MAAM,EAAE,qBAAqB;YAC7B,cAAc,EAAE,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,oBAAoB,EAAE;SACnE;KACF;IACD;QACE,IAAI,EAAE,OAAO,GAAG,eAAe;QAC/B,KAAK,EAAE,iBAAiB,GAAG,eAAe;QAC1C,OAAO,EAAE,EAAE,MAAM,EAAE,eAAe,EAAE,MAAM,EAAE,uBAAuB,EAAE;KACtE;IAED,yBAAyB;IACzB;QACE,IAAI,EAAE,OAAO,GAAG,aAAa,GAAG,aAAa,GAAG,cAAc;QAC9D,KAAK,EAAE,WAAW,GAAG,aAAa,CAAC,kCAAkC;QACrE,OAAO,EAAE;YACP,MAAM,EAAE,SAAS;YACjB,MAAM,EAAE,4BAA4B;YACpC,cAAc,EAAE,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,yCAAyC,EAAE;SACxF;KACF;IACD;QACE,IAAI,EAAE,OAAO,GAAG,eAAe;QAC/B,KAAK,EAAE,WAAW,CAAC,yBAAyB;QAC5C,OAAO,EAAE;YACP,MAAM,EAAE,SAAS;YACjB,MAAM,EAAE,2BAA2B;YACnC,cAAc,EAAE,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,0BAA0B,EAAE;SACzE;KACF;IACD;QACE,IAAI,EAAE,OAAO,GAAG,aAAa,GAAG,cAAc;QAC9C,KAAK,EAAE,WAAW,GAAG,cAAc,CAAC,gBAAgB;QACpD,OAAO,EAAE,EAAE,MAAM,EAAE,gBAAgB,EAAE,MAAM,EAAE,4BAA4B,EAAE;KAC5E;IACD;QACE,IAAI,EAAE,OAAO;QACb,KAAK,EAAE,WAAW;QAClB,OAAO,EAAE,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,mCAAmC,EAAE;KACpF;IAED,0BAA0B;IAC1B;QACE,IAAI,EAAE,OAAO,GAAG,aAAa,GAAG,aAAa,GAAG,cAAc;QAC9D,KAAK,EAAE,YAAY,GAAG,aAAa,CAAC,kCAAkC;QACtE,OAAO,EAAE;YACP,MAAM,EAAE,SAAS;YACjB,MAAM,EAAE,6BAA6B;YACrC,cAAc,EAAE,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,yCAAyC,EAAE;SACxF;KACF;IACD;QACE,IAAI,EAAE,OAAO,GAAG,aAAa,GAAG,eAAe;QAC/C,KAAK,EAAE,YAAY,CAAC,qBAAqB;QACzC,OAAO,EAAE;YACP,MAAM,EAAE,SAAS;YACjB,MAAM,EAAE,qBAAqB;YAC7B,cAAc,EAAE,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,oBAAoB,EAAE;SACnE;KACF;IACD;QACE,IAAI,EAAE,OAAO,GAAG,aAAa,GAAG,cAAc;QAC9C,KAAK,EAAE,YAAY,GAAG,cAAc,CAAC,gBAAgB;QACrD,OAAO,EAAE,EAAE,MAAM,EAAE,gBAAgB,EAAE,MAAM,EAAE,yBAAyB,EAAE;KACzE;IACD;QACE,IAAI,EAAE,OAAO;QACb,KAAK,EAAE,YAAY;QACnB,OAAO,EAAE,EAAE,MAAM,EAAE,eAAe,EAAE,MAAM,EAAE,2BAA2B,EAAE;KAC1E;IAED,cAAc;IACd;QACE,IAAI,EAAE,OAAO;QACb,KAAK,EAAE,QAAQ;QACf,OAAO,EAAE;YACP,MAAM,EAAE,SAAS;YACjB,MAAM,EAAE,4BAA4B;YACpC,cAAc,EAAE,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,2BAA2B,EAAE;SAC1E;KACF;CACF,CAAC;AAEF,gFAAgF;AAEhF,SAAgB,YAAY,CAAC,GAAkB,EAAE,GAAW;IAC1D,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;IAExC,mEAAmE;IACnE,IAAI,MAAM,KAAK,QAAQ,EAAE,CAAC;QACxB,MAAM,SAAS,GAAG,CAAC,CAAC,GAAG,EAAE,gBAAgB,CAAC,CAAC;QAC3C,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,OAAO;gBACL,MAAM,EAAE,SAAS;gBACjB,OAAO,EAAE,CAAC,wCAAwC,CAAC;gBACnD,cAAc,EAAE,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,gCAAgC,EAAE;gBAC9E,KAAK,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE;aACxC,CAAC;QACJ,CAAC;QACD,OAAO;YACL,MAAM,EAAE,gBAAgB;YACxB,OAAO,EAAE,CAAC,mDAAmD,CAAC;YAC9D,KAAK,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,KAAK,EAAE,SAAS,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,EAAE;SACpE,CAAC;IACJ,CAAC;IAED,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,GAAG,aAAa,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IAE9D,8DAA8D;IAC9D,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;QACtB,MAAM,MAAM,GAAG,CAAC,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;QAChC,MAAM,UAAU,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC;QACpC,MAAM,WAAW,GAAG,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,IAAI,GAAG,CAAC,qBAAqB,CAAC,CAAC;QAChF,IAAI,CAAC,UAAU,IAAI,CAAC,WAAW,EAAE,CAAC;YAChC,OAAO;gBACL,MAAM,EAAE,SAAS;gBACjB,OAAO,EAAE,CAAC,2DAA2D,CAAC;gBACtE,cAAc,EAAE,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,gBAAgB,EAAE;gBAC9D,KAAK,EAAE,EAAE,GAAG,EAAE,OAAO,EAAE,KAAK,EAAE;aAC/B,CAAC;QACJ,CAAC;IACH,CAAC;IAED,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,KAAK,IAAI,CAAC,KAAK,EAAE,CAAC;YACrC,MAAM,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,GAAG,IAAI,CAAC,OAAO,CAAC;YACzC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACrB,IAAI,IAAI;gBAAE,OAAO,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC;YACpD,OAAO,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,GAAG,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,CAAC;QAC9D,CAAC;IACH,CAAC;IAED,OAAO;QACL,MAAM,EAAE,SAAS;QACjB,OAAO,EAAE,CAAC,mBAAmB,CAAC;QAC9B,cAAc,EAAE,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,oBAAoB,EAAE;QAClE,KAAK,EAAE,EAAE,GAAG,EAAE,OAAO,EAAE,KAAK,EAAE;KAC/B,CAAC;AACJ,CAAC","sourcesContent":["import { z } from 'zod';\nimport { ServerRequest } from '../interfaces';\n\n/* --------------------------------- Schemas --------------------------------- */\n\nexport const intentSchema = z.union([\n  z.literal('legacy-sse'),\n  z.literal('sse'),\n  z.literal('streamable-http'),\n  z.literal('stateful-http'),\n  z.literal('stateless-http'),\n  z.literal('delete-session'),\n  z.literal('unknown'),\n]);\n\nexport const decisionSchema = z.object({\n  intent: intentSchema,\n  reasons: z.array(z.string()),\n  recommendation: z\n    .object({\n      httpStatus: z.number(),\n      message: z.string(),\n    })\n    .optional(),\n  // Echo back bits for debugging/telemetry if you like\n  debug: z\n    .object({\n      key: z.number(),\n      channel: z.number(),\n      flags: z.number(),\n    })\n    .optional(),\n});\n\nexport type HttpRequestIntent =\n  | 'legacy-sse'\n  | 'sse'\n  | 'streamable-http'\n  | 'stateful-http'\n  | 'stateless-http'\n  | 'delete-session';\n\nexport type Intent = HttpRequestIntent | 'unknown';\n\nexport type Decision = {\n  intent: Intent;\n  reasons: string[];\n  recommendation?: { httpStatus: number; message: string };\n  // Echo back bits for debugging/telemetry if you like\n  debug?: { key: number; channel: number; flags: number };\n};\n\nexport interface Config {\n  enableLegacySSE: boolean;\n  enableSseListener: boolean;\n  enableStreamableHttp: boolean;\n  enableStatefulHttp: boolean;\n  enableStatelessHttp: boolean;\n  requireSessionForStreamable: boolean;\n  tolerateMissingAccept: boolean;\n}\n\n/* ------------------------------- Bit layout ---------------------------------\n\nbits 0..2  CHANNEL\n           000 OTHER\n           001 GET_SSE                 (GET + Accept: text/event-stream)\n           010 POST_INIT_JSON          (POST initialize + Accept: application/json or default JSON)\n           011 POST_INIT_SSE           (POST initialize + Accept: text/event-stream)\n           100 POST_JSON               (POST non-init + Accept: application/json or default JSON)\n           101 POST_SSE                (POST non-init + Accept: text/event-stream)\n           110 POST_MESSAGE            (POST to /message)  ← legacy bridge\n\nbit 3      HAS_SESSION                 (Mcp-Session-Id present)\nbit 4      STATELESS_EN                (config: enableStatelessHttp)\nbit 5      REQ_SESSION                 (config: requireSessionForStreamable)\nbit 6      LEGACY_HINT                 (x-legacy-sse=true OR session.transportType=legacy-sse)\nbit 7      SSE_LISTENER_EN             (config: enableSseListener)\nbit 8      STREAMABLE_EN               (config: enableStreamableHttp)\nbit 9      STATEFUL_EN                 (config: enableStatefulHttp)\nbit 10     LEGACY_EN                   (config: enableLegacySSE)\n\n----------------------------------------------------------------------------- */\n\n// --- Channels ---------------------------------------------------------------\n\nconst CH_OTHER = 0b000;\nconst CH_GET_SSE = 0b001; // GET / + SSE (not handled, forward to next middleware)\nconst CH_POST_INIT_JSON = 0b010;\nconst CH_POST_INIT_SSE = 0b011;\nconst CH_POST_JSON = 0b100;\nconst CH_POST_SSE = 0b101;\nconst CH_POST_MESSAGE = 0b110; // POST /message (legacy bridge)\nconst CH_GET_SSE_PATH = 0b111; // GET /sse path (legacy SSE initialize)\n\nconst CH_MASK = 0b00000111;\n\n// --- Flags ------------------------------------------------------------------\n\nconst B_HAS_SESSION = 1 << 3; // 8\nconst B_STATELESS_EN = 1 << 4; // 16\nconst B_REQ_SESSION = 1 << 5; // 32\nconst B_LEGACY_HINT = 1 << 6; // 64 (kept for telemetry; not required by merged rules)\nconst B_SSE_LISTENER_EN = 1 << 7; // 128\nconst B_STREAMABLE_EN = 1 << 8; // 256\nconst B_STATEFUL_EN = 1 << 9; // 512\nconst B_LEGACY_EN = 1 << 10; // 1024\n\n// --- Minimal helpers ---------------------------------------------------------\n\nconst h = (req: ServerRequest, name: string) =>\n  Object.entries(req.headers).find(([k]) => k.toLowerCase() === name.toLowerCase())?.[1];\n\nconst wantsSSE = (accept?: string) => (accept ?? '').toLowerCase().includes('text/event-stream');\nconst wantsJSON = (accept?: string) => (accept ?? '').toLowerCase().includes('application/json');\nconst isInitialize = (body: unknown) => !!body && typeof body === 'object' && (body as any).method === 'initialize';\n\n// Robust path extractor (supports absolute/relative)\nfunction pathOf(req: ServerRequest): string {\n  const anyReq = req as any;\n  const raw = anyReq.path ?? anyReq.pathname ?? anyReq.url ?? '/';\n  try {\n    const u = new URL(String(raw), 'http://local');\n    return u.pathname || '/';\n  } catch {\n    return String(raw).split('?')[0] || '/';\n  }\n}\n\n// Check if path is the legacy SSE path (/sse)\nfunction isLegacySsePath(path: string): boolean {\n  return path === '/sse' || path.endsWith('/sse');\n}\n\n/** Optionally extract transportType from base64 JSON session id, if you embed it. */\nfunction tryDecodeTransportType(sessionId?: string): string | undefined {\n  if (!sessionId) return;\n  try {\n    const b64 = sessionId.replace(/-/g, '+').replace(/_/g, '/');\n    const obj = JSON.parse(Buffer.from(b64, 'base64').toString('utf8'));\n    return obj?.transportType;\n  } catch {\n    return;\n  }\n}\n\n// --- Build the 11-bit key ----------------------------------------------------\n\nfunction computeBitmap(req: ServerRequest, cfg: Config) {\n  const method = req.method.toUpperCase();\n  const accept = h(req, 'accept');\n  const sessionId = h(req, 'mcp-session-id');\n  const legacyHeader = h(req, 'x-legacy-sse') === 'true';\n  const transportType = tryDecodeTransportType(sessionId);\n  const path = pathOf(req);\n\n  const acceptSSE = wantsSSE(accept);\n  const acceptJSON = wantsJSON(accept) || (!accept && cfg.tolerateMissingAccept);\n  const init = method === 'POST' && isInitialize(req.body);\n  const postToMessage = method === 'POST' && (path === '/message' || path.endsWith('/message'));\n  const getToSsePath = method === 'GET' && isLegacySsePath(path);\n\n  const channel =\n    method === 'POST' && postToMessage\n      ? CH_POST_MESSAGE\n      : getToSsePath && acceptSSE\n      ? CH_GET_SSE_PATH // GET /sse → legacy SSE channel\n      : method === 'GET' && acceptSSE\n      ? CH_GET_SSE // GET / + SSE → forward to next middleware (unknown)\n      : method === 'POST' && init && acceptSSE\n      ? CH_POST_INIT_SSE\n      : method === 'POST' && init && acceptJSON\n      ? CH_POST_INIT_JSON\n      : method === 'POST' && !init && acceptSSE\n      ? CH_POST_SSE\n      : method === 'POST' && !init && acceptJSON\n      ? CH_POST_JSON\n      : CH_OTHER;\n\n  let flags = 0;\n  if (sessionId) flags |= B_HAS_SESSION;\n  if (cfg.enableStatelessHttp) flags |= B_STATELESS_EN;\n  if (cfg.requireSessionForStreamable) flags |= B_REQ_SESSION;\n  if (legacyHeader || transportType === 'legacy-sse') flags |= B_LEGACY_HINT; // informational\n  if (cfg.enableSseListener) flags |= B_SSE_LISTENER_EN;\n  if (cfg.enableStreamableHttp) flags |= B_STREAMABLE_EN;\n  if (cfg.enableStatefulHttp) flags |= B_STATEFUL_EN;\n  if (cfg.enableLegacySSE) flags |= B_LEGACY_EN;\n\n  return { key: (channel & CH_MASK) | flags, channel, flags, init };\n}\n\n// --- Rule definition ---------------------------------------------------------\n\ntype Rule = {\n  care: number; // which bits matter\n  match: number; // the exact bit pattern to match (after masking)\n  outcome: Omit<Decision, 'reasons' | 'debug'> & { reason: string };\n};\n\n// --- Rules (merged semantics) -----------------------------------------------\n\nconst RULES: Rule[] = [\n  // A) Legacy SSE via GET /sse path (without session) → requires legacy enabled\n  {\n    care: CH_MASK | B_HAS_SESSION | B_LEGACY_EN,\n    match: CH_GET_SSE_PATH | B_LEGACY_EN, // HAS_SESSION must be 0; it's in 'care' but not in 'match'\n    outcome: { intent: 'legacy-sse', reason: 'GET /sse without Mcp-Session-Id → legacy SSE.' },\n  },\n  {\n    care: CH_MASK | B_HAS_SESSION | B_LEGACY_EN,\n    match: CH_GET_SSE_PATH /* legacy disabled; HAS_SESSION=0 */,\n    outcome: {\n      intent: 'unknown',\n      reason: 'Legacy SSE disabled.',\n      recommendation: { httpStatus: 405, message: 'Legacy SSE disabled' },\n    },\n  },\n\n  // A2) GET / + SSE (not /sse path) with session ID → SSE listener for streamable-http\n  // Per MCP 2025-11-25 spec, clients can open SSE stream via GET with session ID\n  {\n    care: CH_MASK | B_HAS_SESSION | B_SSE_LISTENER_EN | B_STREAMABLE_EN,\n    match: CH_GET_SSE | B_HAS_SESSION | B_SSE_LISTENER_EN | B_STREAMABLE_EN,\n    outcome: { intent: 'streamable-http', reason: 'GET / with session ID → SSE listener for streamable-http.' },\n  },\n  // A2b) GET / + SSE with session but listener/streamable disabled\n  {\n    care: CH_MASK | B_HAS_SESSION | B_SSE_LISTENER_EN,\n    match: CH_GET_SSE | B_HAS_SESSION /* listener disabled */,\n    outcome: {\n      intent: 'unknown',\n      reason: 'SSE listener disabled for GET / requests.',\n      recommendation: { httpStatus: 405, message: 'SSE listener disabled' },\n    },\n  },\n  // A2c) GET / + SSE without session → forward to next middleware\n  {\n    care: CH_MASK | B_HAS_SESSION,\n    match: CH_GET_SSE /* no session */,\n    outcome: {\n      intent: 'unknown',\n      reason: 'GET / with SSE requires session for MCP transport.',\n    },\n  },\n\n  // B) Legacy SSE: POST /message WITH session id\n  {\n    care: CH_MASK | B_HAS_SESSION | B_LEGACY_EN,\n    match: CH_POST_MESSAGE | B_HAS_SESSION | B_LEGACY_EN,\n    outcome: { intent: 'legacy-sse', reason: 'POST /message with Mcp-Session-Id → legacy SSE bridge.' },\n  },\n  {\n    care: CH_MASK | B_HAS_SESSION | B_LEGACY_EN,\n    match: CH_POST_MESSAGE | B_HAS_SESSION /* legacy disabled */,\n    outcome: {\n      intent: 'unknown',\n      reason: 'Legacy /message endpoint disabled.',\n      recommendation: { httpStatus: 405, message: 'Legacy SSE disabled' },\n    },\n  },\n\n  // C) Modern SSE (GET /sse with session) → requires SSE listener enabled\n  {\n    care: CH_MASK | B_SSE_LISTENER_EN | B_HAS_SESSION,\n    match: CH_GET_SSE_PATH | B_HAS_SESSION /* listener disabled */,\n    outcome: {\n      intent: 'unknown',\n      reason: 'SSE listener disabled.',\n      recommendation: { httpStatus: 405, message: 'SSE listener disabled' },\n    },\n  },\n  {\n    care: CH_MASK | B_SSE_LISTENER_EN | B_HAS_SESSION,\n    match: CH_GET_SSE_PATH | B_SSE_LISTENER_EN | B_HAS_SESSION,\n    outcome: { intent: 'sse', reason: 'GET /sse with Mcp-Session-Id.' },\n  },\n\n  // D) Initialize (POST → SSE)\n  // D1) Stateless initialize (no session, stateless enabled) - must come before streamable rules\n  {\n    care: CH_MASK | B_HAS_SESSION | B_STATELESS_EN,\n    match: CH_POST_INIT_SSE | B_STATELESS_EN /* no session */,\n    outcome: { intent: 'stateless-http', reason: 'Stateless initialize (no session).' },\n  },\n  {\n    care: CH_MASK | B_STREAMABLE_EN,\n    match: CH_POST_INIT_SSE /* streamable disabled */,\n    outcome: {\n      intent: 'unknown',\n      reason: 'Streamable HTTP disabled.',\n      recommendation: { httpStatus: 405, message: 'Streamable HTTP disabled' },\n    },\n  },\n  {\n    care: CH_MASK | B_STREAMABLE_EN,\n    match: CH_POST_INIT_SSE | B_STREAMABLE_EN,\n    outcome: { intent: 'streamable-http', reason: 'Initialize with SSE.' },\n  },\n\n  // E) Initialize (POST → JSON)\n  // E1) Stateless initialize JSON (no session, stateless enabled) - must come before stateful rules\n  {\n    care: CH_MASK | B_HAS_SESSION | B_STATELESS_EN,\n    match: CH_POST_INIT_JSON | B_STATELESS_EN /* no session */,\n    outcome: { intent: 'stateless-http', reason: 'Stateless initialize JSON (no session).' },\n  },\n  {\n    care: CH_MASK | B_STREAMABLE_EN,\n    match: CH_POST_INIT_JSON /* streamable disabled */,\n    outcome: {\n      intent: 'unknown',\n      reason: 'JSON mode disabled.',\n      recommendation: { httpStatus: 405, message: 'JSON mode disabled' },\n    },\n  },\n  {\n    care: CH_MASK | B_STREAMABLE_EN,\n    match: CH_POST_INIT_JSON | B_STREAMABLE_EN,\n    outcome: { intent: 'stateful-http', reason: 'Initialize with JSON.' },\n  },\n\n  // F) POST non-init → SSE\n  {\n    care: CH_MASK | B_REQ_SESSION | B_HAS_SESSION | B_STATELESS_EN,\n    match: CH_POST_SSE | B_REQ_SESSION /* !HAS_SESSION & !STATELESS_EN */,\n    outcome: {\n      intent: 'unknown',\n      reason: 'POST SSE requires session.',\n      recommendation: { httpStatus: 400, message: 'Initialize required (no Mcp-Session-Id)' },\n    },\n  },\n  {\n    care: CH_MASK | B_STREAMABLE_EN,\n    match: CH_POST_SSE /* streamable disabled */,\n    outcome: {\n      intent: 'unknown',\n      reason: 'Streamable HTTP disabled.',\n      recommendation: { httpStatus: 405, message: 'Streamable HTTP disabled' },\n    },\n  },\n  {\n    care: CH_MASK | B_HAS_SESSION | B_STATELESS_EN,\n    match: CH_POST_SSE | B_STATELESS_EN /* no session */,\n    outcome: { intent: 'stateless-http', reason: 'Stateless short-lived SSE.' },\n  },\n  {\n    care: CH_MASK,\n    match: CH_POST_SSE,\n    outcome: { intent: 'streamable-http', reason: 'Short-lived SSE for this request.' },\n  },\n\n  // G) POST non-init → JSON\n  {\n    care: CH_MASK | B_REQ_SESSION | B_HAS_SESSION | B_STATELESS_EN,\n    match: CH_POST_JSON | B_REQ_SESSION /* !HAS_SESSION & !STATELESS_EN */,\n    outcome: {\n      intent: 'unknown',\n      reason: 'POST JSON requires session.',\n      recommendation: { httpStatus: 400, message: 'Initialize required (no Mcp-Session-Id)' },\n    },\n  },\n  {\n    care: CH_MASK | B_STATEFUL_EN | B_STREAMABLE_EN,\n    match: CH_POST_JSON /* neither enabled */,\n    outcome: {\n      intent: 'unknown',\n      reason: 'JSON mode disabled.',\n      recommendation: { httpStatus: 405, message: 'JSON mode disabled' },\n    },\n  },\n  {\n    care: CH_MASK | B_HAS_SESSION | B_STATELESS_EN,\n    match: CH_POST_JSON | B_STATELESS_EN /* no session */,\n    outcome: { intent: 'stateless-http', reason: 'Stateless JSON request.' },\n  },\n  {\n    care: CH_MASK,\n    match: CH_POST_JSON,\n    outcome: { intent: 'stateful-http', reason: 'Aggregated JSON response.' },\n  },\n\n  // H) Fallback\n  {\n    care: CH_MASK,\n    match: CH_OTHER,\n    outcome: {\n      intent: 'unknown',\n      reason: 'Method/Accept not allowed.',\n      recommendation: { httpStatus: 405, message: 'Method/Accept not allowed' },\n    },\n  },\n];\n\n// --- Public API --------------------------------------------------------------\n\nexport function decideIntent(req: ServerRequest, cfg: Config): Decision {\n  const reasons: string[] = [];\n  const method = req.method.toUpperCase();\n\n  // Handle HTTP DELETE for session termination (MCP 2025-11-25 spec)\n  if (method === 'DELETE') {\n    const sessionId = h(req, 'mcp-session-id');\n    if (!sessionId) {\n      return {\n        intent: 'unknown',\n        reasons: ['DELETE requires Mcp-Session-Id header.'],\n        recommendation: { httpStatus: 400, message: 'Session ID required for DELETE' },\n        debug: { key: 0, channel: 0, flags: 0 },\n      };\n    }\n    return {\n      intent: 'delete-session',\n      reasons: ['DELETE with Mcp-Session-Id → session termination.'],\n      debug: { key: 0, channel: 0, flags: sessionId ? B_HAS_SESSION : 0 },\n    };\n  }\n\n  const { key, channel, flags, init } = computeBitmap(req, cfg);\n\n  // Optional strict Accept validation for POST (incl. /message)\n  if (method === 'POST') {\n    const accept = h(req, 'accept');\n    const acceptsSSE = wantsSSE(accept);\n    const acceptsJSON = wantsJSON(accept) || (!accept && cfg.tolerateMissingAccept);\n    if (!acceptsSSE && !acceptsJSON) {\n      return {\n        intent: 'unknown',\n        reasons: ['Client must accept application/json or text/event-stream.'],\n        recommendation: { httpStatus: 406, message: 'Not acceptable' },\n        debug: { key, channel, flags },\n      };\n    }\n  }\n\n  for (const rule of RULES) {\n    if ((key & rule.care) === rule.match) {\n      const { reason, ...rest } = rule.outcome;\n      reasons.push(reason);\n      if (init) reasons.push('Initialize body detected.');\n      return { ...rest, reasons, debug: { key, channel, flags } };\n    }\n  }\n\n  return {\n    intent: 'unknown',\n    reasons: ['No matching rule.'],\n    recommendation: { httpStatus: 500, message: 'Unroutable request' },\n    debug: { key, channel, flags },\n  };\n}\n"]}

package/src/common/utils/index.js

@@ -1,6 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-const tslib_1 = require("tslib");
-tslib_1.__exportStar(require("./decide-request-intent.utils"), exports);
-tslib_1.__exportStar(require("./path.utils"), exports);
-//# sourceMappingURL=index.js.map

package/src/common/utils/index.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/common/utils/index.ts"],"names":[],"mappings":";;;AAAA,wEAA6C;AAC7C,uDAA4B","sourcesContent":["export * from './decide-request-intent.utils'\nexport * from './path.utils'"]}

package/src/common/utils/path.utils.js

@@ -1,66 +0,0 @@
-"use strict";
-// auth/path.utils.ts
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.trimSlashes = trimSlashes;
-exports.normalizeEntryPrefix = normalizeEntryPrefix;
-exports.normalizeScopeBase = normalizeScopeBase;
-exports.joinPath = joinPath;
-exports.getRequestBaseUrl = getRequestBaseUrl;
-exports.computeIssuer = computeIssuer;
-exports.computeResource = computeResource;
-exports.urlToSafeId = urlToSafeId;
-exports.makeWellKnownPaths = makeWellKnownPaths;
-function trimSlashes(s) {
-    return (s ?? '').replace(/^\/+|\/+$/g, '');
-}
-/** Normalize entryPath (gateway prefix) to "" or "/mcp" */
-function normalizeEntryPrefix(entryPath) {
-    const t = trimSlashes(entryPath ?? '');
-    return t ? `/${t}` : '';
-}
-/** Normalize a scope base (per-app or per-auth) to "" or "/app1" */
-function normalizeScopeBase(scopeBase) {
-    const t = trimSlashes(scopeBase ?? '');
-    return t ? `/${t}` : '';
-}
-/** Join URL path segments with a single slash and no trailing slash */
-function joinPath(...parts) {
-    const cleaned = parts.map((p) => trimSlashes(p)).filter(Boolean);
-    return cleaned.length ? `/${cleaned.join('/')}` : '';
-}
-function getRequestBaseUrl(req, entryPath) {
-    const proto = req.headers['x-forwarded-proto'] || req.protocol || 'http';
-    const host = req.headers['x-forwarded-host'] || req.headers['host'];
-    return `${proto}://${host}${entryPath ?? ''}`;
-}
-function computeIssuer(req, entryPath, scopeBase) {
-    const entryPrefix = normalizeEntryPrefix(entryPath);
-    const scope = normalizeScopeBase(scopeBase);
-    return `${getRequestBaseUrl(req)}${entryPrefix}${scope}`;
-}
-function computeResource(req, entryPath, scopeBase) {
-    const entryPrefix = normalizeEntryPrefix(entryPath);
-    const scope = normalizeScopeBase(scopeBase);
-    return `${getRequestBaseUrl(req)}${entryPrefix}${scope}`;
-}
-/** Derive a safe provider id from a URL when no id is provided. */
-function urlToSafeId(url) {
-    const u = new URL(url);
-    const raw = (u.host + (u.pathname && u.pathname !== '/' ? u.pathname : '')).replace(/\/+$/, '');
-    return trimSlashes(raw).replace(/[^a-zA-Z0-9_-]/g, '-');
-}
-/**
- * Build all path variants for a given well-known name:
- * - reversed under root: /.well-known/<name><entryPrefix><scopeBase>
- * - in prefix root: <entryPrefix>/.well-known/<name><scopeBase>
- * - in prefix + scope: <entryPrefix><scopeBase>/.well-known/<name>
- */
-function makeWellKnownPaths(name, entryPrefix, scopeBase = '') {
-    const prefix = normalizeEntryPrefix(entryPrefix);
-    const scope = normalizeScopeBase(scopeBase);
-    const reversed = joinPath('.well-known', name) + `${prefix}${scope}`; // /.well-known/name + /mcp/app1
-    const inPrefixRoot = `${prefix}${joinPath('.well-known', name)}${scope}`; // /mcp/.well-known/name + /app1
-    const inPrefixScope = `${prefix}${scope}${joinPath('.well-known', name)}`; // /mcp/app1/.well-known/name
-    return new Set([reversed, inPrefixRoot, inPrefixScope]);
-}
-//# sourceMappingURL=path.utils.js.map

package/src/common/utils/path.utils.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"path.utils.js","sourceRoot":"","sources":["../../../../src/common/utils/path.utils.ts"],"names":[],"mappings":";AAAA,qBAAqB;;AAIrB,kCAEC;AAGD,oDAGC;AAGD,gDAGC;AAGD,4BAGC;AAGD,8CAIC;AAED,sCAIC;AAED,0CAIC;AAGD,kCAIC;AAQD,gDAOC;AA7DD,SAAgB,WAAW,CAAC,CAAS;IACnC,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC;AAC7C,CAAC;AAED,2DAA2D;AAC3D,SAAgB,oBAAoB,CAAC,SAAkB;IACrD,MAAM,CAAC,GAAG,WAAW,CAAC,SAAS,IAAI,EAAE,CAAC,CAAC;IACvC,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;AAC1B,CAAC;AAED,oEAAoE;AACpE,SAAgB,kBAAkB,CAAC,SAAkB;IACnD,MAAM,CAAC,GAAG,WAAW,CAAC,SAAS,IAAI,EAAE,CAAC,CAAC;IACvC,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;AAC1B,CAAC;AAED,uEAAuE;AACvE,SAAgB,QAAQ,CAAC,GAAG,KAAe;IACzC,MAAM,OAAO,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IACjE,OAAO,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;AACvD,CAAC;AAGD,SAAgB,iBAAiB,CAAC,GAAkB,EAAE,SAAkB;IACtE,MAAM,KAAK,GAAI,GAAG,CAAC,OAAO,CAAC,mBAAmB,CAAY,IAAK,GAAW,CAAC,QAAQ,IAAI,MAAM,CAAC;IAC9F,MAAM,IAAI,GAAI,GAAG,CAAC,OAAO,CAAC,kBAAkB,CAAY,IAAI,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IAChF,OAAO,GAAG,KAAK,MAAM,IAAI,GAAG,SAAS,IAAI,EAAE,EAAE,CAAC;AAChD,CAAC;AAED,SAAgB,aAAa,CAAC,GAAkB,EAAE,SAAiB,EAAE,SAAiB;IACpF,MAAM,WAAW,GAAG,oBAAoB,CAAC,SAAS,CAAC,CAAC;IACpD,MAAM,KAAK,GAAG,kBAAkB,CAAC,SAAS,CAAC,CAAC;IAC5C,OAAO,GAAG,iBAAiB,CAAC,GAAG,CAAC,GAAG,WAAW,GAAG,KAAK,EAAE,CAAC;AAC3D,CAAC;AAED,SAAgB,eAAe,CAAC,GAAkB,EAAE,SAAiB,EAAE,SAAiB;IACtF,MAAM,WAAW,GAAG,oBAAoB,CAAC,SAAS,CAAC,CAAC;IACpD,MAAM,KAAK,GAAG,kBAAkB,CAAC,SAAS,CAAC,CAAC;IAC5C,OAAO,GAAG,iBAAiB,CAAC,GAAG,CAAC,GAAG,WAAW,GAAG,KAAK,EAAE,CAAC;AAC3D,CAAC;AAED,mEAAmE;AACnE,SAAgB,WAAW,CAAC,GAAW;IACrC,MAAM,CAAC,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;IACvB,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,QAAQ,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IAChG,OAAO,WAAW,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,iBAAiB,EAAE,GAAG,CAAC,CAAC;AAC1D,CAAC;AAED;;;;;GAKG;AACH,SAAgB,kBAAkB,CAAC,IAAY,EAAE,WAAmB,EAAE,SAAS,GAAG,EAAE;IAClF,MAAM,MAAM,GAAG,oBAAoB,CAAC,WAAW,CAAC,CAAC;IACjD,MAAM,KAAK,GAAG,kBAAkB,CAAC,SAAS,CAAC,CAAC;IAC5C,MAAM,QAAQ,GAAG,QAAQ,CAAC,aAAa,EAAE,IAAI,CAAC,GAAG,GAAG,MAAM,GAAG,KAAK,EAAE,CAAC,CAAC,gCAAgC;IACtG,MAAM,YAAY,GAAG,GAAG,MAAM,GAAG,QAAQ,CAAC,aAAa,EAAE,IAAI,CAAC,GAAG,KAAK,EAAE,CAAC,CAAC,gCAAgC;IAC1G,MAAM,aAAa,GAAG,GAAG,MAAM,GAAG,KAAK,GAAG,QAAQ,CAAC,aAAa,EAAE,IAAI,CAAC,EAAE,CAAC,CAAC,6BAA6B;IACxG,OAAO,IAAI,GAAG,CAAC,CAAC,QAAQ,EAAE,YAAY,EAAE,aAAa,CAAC,CAAC,CAAC;AAC1D,CAAC","sourcesContent":["// auth/path.utils.ts\n\nimport {ServerRequest} from \"../interfaces\";\n\nexport function trimSlashes(s: string) {\n  return (s ?? '').replace(/^\\/+|\\/+$/g, '');\n}\n\n/** Normalize entryPath (gateway prefix) to \"\" or \"/mcp\" */\nexport function normalizeEntryPrefix(entryPath?: string): string {\n  const t = trimSlashes(entryPath ?? '');\n  return t ? `/${t}` : '';\n}\n\n/** Normalize a scope base (per-app or per-auth) to \"\" or \"/app1\" */\nexport function normalizeScopeBase(scopeBase?: string): string {\n  const t = trimSlashes(scopeBase ?? '');\n  return t ? `/${t}` : '';\n}\n\n/** Join URL path segments with a single slash and no trailing slash */\nexport function joinPath(...parts: string[]) {\n  const cleaned = parts.map((p) => trimSlashes(p)).filter(Boolean);\n  return cleaned.length ? `/${cleaned.join('/')}` : '';\n}\n\n\nexport function getRequestBaseUrl(req: ServerRequest, entryPath?: string) {\n  const proto = (req.headers['x-forwarded-proto'] as string) || (req as any).protocol || 'http';\n  const host = (req.headers['x-forwarded-host'] as string) || req.headers['host'];\n  return `${proto}://${host}${entryPath ?? ''}`;\n}\n\nexport function computeIssuer(req: ServerRequest, entryPath: string, scopeBase: string) {\n  const entryPrefix = normalizeEntryPrefix(entryPath);\n  const scope = normalizeScopeBase(scopeBase);\n  return `${getRequestBaseUrl(req)}${entryPrefix}${scope}`;\n}\n\nexport function computeResource(req: ServerRequest, entryPath: string, scopeBase: string) {\n  const entryPrefix = normalizeEntryPrefix(entryPath);\n  const scope = normalizeScopeBase(scopeBase);\n  return `${getRequestBaseUrl(req)}${entryPrefix}${scope}`;\n}\n\n/** Derive a safe provider id from a URL when no id is provided. */\nexport function urlToSafeId(url: string): string {\n  const u = new URL(url);\n  const raw = (u.host + (u.pathname && u.pathname !== '/' ? u.pathname : '')).replace(/\\/+$/, '');\n  return trimSlashes(raw).replace(/[^a-zA-Z0-9_-]/g, '-');\n}\n\n/**\n * Build all path variants for a given well-known name:\n * - reversed under root: /.well-known/<name><entryPrefix><scopeBase>\n * - in prefix root: <entryPrefix>/.well-known/<name><scopeBase>\n * - in prefix + scope: <entryPrefix><scopeBase>/.well-known/<name>\n */\nexport function makeWellKnownPaths(name: string, entryPrefix: string, scopeBase = '') {\n  const prefix = normalizeEntryPrefix(entryPrefix);\n  const scope = normalizeScopeBase(scopeBase);\n  const reversed = joinPath('.well-known', name) + `${prefix}${scope}`; // /.well-known/name + /mcp/app1\n  const inPrefixRoot = `${prefix}${joinPath('.well-known', name)}${scope}`; // /mcp/.well-known/name + /app1\n  const inPrefixScope = `${prefix}${scope}${joinPath('.well-known', name)}`; // /mcp/app1/.well-known/name\n  return new Set([reversed, inPrefixRoot, inPrefixScope]);\n}\n"]}