@frontmcp/sdk 1.0.4 → 1.1.0

package/scope/scope.instance.d.ts

@@ -1,25 +1,30 @@
 import 'reflect-metadata';
-import { FlowInputOf, FlowName, FlowOutputOf, FlowType, FrontMcpAuth, FrontMcpLogger, FrontMcpServer, ScopeEntry, ScopeRecord, Token, Type } from '../common';
+import { type GuardManager } from '@frontmcp/guard';
+import { type EventStore } from '@frontmcp/protocol';
+import AgentRegistry from '../agent/agent.registry';
 import AppRegistry from '../app/app.registry';
-import ProviderRegistry from '../provider/provider.registry';
 import { AuthRegistry } from '../auth/auth.registry';
-import { TransportService } from '../transport/transport.registry';
-import ToolRegistry from '../tool/tool.registry';
-import ResourceRegistry from '../resource/resource.registry';
+import { type ChannelNotificationService } from '../channel/channel-notification.service';
+import type ChannelRegistry from '../channel/channel.registry';
+import { type ChannelEventBus } from '../channel/sources/app-event.source';
+import { FrontMcpLogger, FrontMcpServer, ScopeEntry, type FlowInputOf, type FlowName, type FlowOutputOf, type FlowType, type FrontMcpAuth, type ScopeRecord, type Token, type Type } from '../common';
+import { type ElicitationStore } from '../elicitation';
+import { HaManager } from '../ha';
+import { HealthService } from '../health';
 import HookRegistry from '../hooks/hook.registry';
+import type JobRegistry from '../job/job.registry';
+import { NotificationService } from '../notification';
+import PluginRegistry from '../plugin/plugin.registry';
 import PromptRegistry from '../prompt/prompt.registry';
-import AgentRegistry from '../agent/agent.registry';
-import SkillRegistry from '../skill/skill.registry';
+import ProviderRegistry from '../provider/provider.registry';
+import ResourceRegistry from '../resource/resource.registry';
 import { SkillSessionManager } from '../skill/session';
-import { NotificationService } from '../notification';
+import SkillRegistry from '../skill/skill.registry';
+import { TaskRegistry, type TaskStore } from '../task';
+import ToolRegistry from '../tool/tool.registry';
 import { ToolUIRegistry } from '../tool/ui';
-import PluginRegistry from '../plugin/plugin.registry';
-import { ElicitationStore } from '../elicitation';
-import type { EventStore } from '@frontmcp/protocol';
-import JobRegistry from '../job/job.registry';
-import WorkflowRegistry from '../workflow/workflow.registry';
-import { type GuardManager } from '@frontmcp/guard';
-import { HealthService } from '../health';
+import { TransportService } from '../transport/transport.registry';
+import type WorkflowRegistry from '../workflow/workflow.registry';
 export declare class Scope extends ScopeEntry {
     readonly id: string;
     private readonly globalProviders;
@@ -37,6 +42,7 @@ export declare class Scope extends ScopeEntry {
     private scopePlugins?;
     transportService: TransportService;
     notificationService: NotificationService;
+    haManager?: HaManager;
     private toolUIRegistry;
     readonly entryPath: string;
     readonly routeBase: string;
@@ -44,6 +50,10 @@ export declare class Scope extends ScopeEntry {
     readonly server: FrontMcpServer;
     /** Lazy-initialized elicitation store for distributed elicitation support */
     private _elicitationStore?;
+    /** Task store for MCP 2025-11-25 background tasks (optional). */
+    private _taskStore?;
+    /** Per-process task registry (AbortControllers + capability projection). */
+    private _taskRegistry?;
     /** Optional skill session manager for tool authorization enforcement */
     private _skillSession?;
     /** EventStore for SSE resumability support (optional) */
@@ -56,6 +66,15 @@ export declare class Scope extends ScopeEntry {
     private _jobDefinitionStore?;
     /** Guard manager for rate limiting, concurrency, IP filtering (optional) */
     private _rateLimitManager?;
+    /** Authorities engine for RBAC/ABAC/ReBAC enforcement (optional) */
+    private _authoritiesEngine?;
+    private _authoritiesContextBuilder?;
+    private _authoritiesScopeMapping?;
+    /** Channel system (optional) */
+    private _scopeChannels?;
+    private _channelNotificationService?;
+    private _channelEventBus?;
+    private _channelTeardown?;
     /** Health service for liveness and readiness probes (optional) */
     private _healthService?;
     /** CLI mode flag — skips non-essential initialization for faster startup */
@@ -82,6 +101,9 @@ export declare class Scope extends ScopeEntry {
     get skills(): SkillRegistry;
     get jobs(): JobRegistry | undefined;
     get workflows(): WorkflowRegistry | undefined;
+    get channels(): ChannelRegistry | undefined;
+    get channelNotifications(): ChannelNotificationService | undefined;
+    get channelEventBus(): ChannelEventBus | undefined;
     /**
      * Get the skill session manager for tool authorization enforcement.
      * Returns undefined if skill sessions are not enabled.
@@ -107,6 +129,16 @@ export declare class Scope extends ScopeEntry {
      * @see createElicitationStore for factory implementation details
      */
     get elicitationStore(): ElicitationStore | undefined;
+    /**
+     * Background-tasks record store (MCP 2025-11-25).
+     * Returns `undefined` if tasks are not enabled for this scope.
+     */
+    get taskStore(): TaskStore | undefined;
+    /**
+     * Per-process task registry (AbortControllers + capability projection).
+     * Returns `undefined` if tasks are not enabled for this scope.
+     */
+    get tasks(): TaskRegistry | undefined;
     /**
      * Get the EventStore for SSE resumability support.
      *
@@ -135,6 +167,28 @@ export declare class Scope extends ScopeEntry {
      * Returns undefined if health endpoints are disabled.
      */
     get healthService(): HealthService | undefined;
+    /**
+     * Authorities engine for evaluating RBAC/ABAC/ReBAC policies.
+     * Returns undefined if AuthoritiesPlugin is not configured.
+     * Used by flow `checkEntryAuthorities` stages.
+     */
+    get authoritiesEngine(): import('@frontmcp/auth').AuthoritiesEngine | undefined;
+    /**
+     * Authorities context builder for creating evaluation contexts from AuthInfo.
+     * Returns undefined if AuthoritiesPlugin is not configured.
+     */
+    get authoritiesContextBuilder(): import('@frontmcp/auth').AuthoritiesContextBuilder | undefined;
+    /**
+     * Scope mapping for converting authority denials to OAuth scope challenges.
+     * Returns undefined if no scopeMapping is configured.
+     */
+    get authoritiesScopeMapping(): import('@frontmcp/auth').AuthoritiesScopeMapping | undefined;
+    /**
+     * Collect all supported OAuth scopes from base OIDC scopes and
+     * tool-level authProvider scope declarations.
+     * Used by PRM endpoint to populate `scopes_supported` (RFC 9728).
+     */
+    getAllSupportedScopes(): string[];
     /**
      * Register the sendElicitationResult system tool.
      * This tool is hidden by default and only shown to clients that don't support elicitation.
@@ -154,5 +208,17 @@ export declare class Scope extends ScopeEntry {
     registryFlows(...flows: FlowType[]): Promise<void>;
     runFlow<Name extends FlowName>(name: Name, input: FlowInputOf<Name>, deps?: Map<Token, Type>): Promise<FlowOutputOf<Name> | undefined>;
     runFlowForOutput<Name extends FlowName>(name: Name, input: FlowInputOf<Name>, deps?: Map<Token, Type>): Promise<FlowOutputOf<Name>>;
+    /**
+     * Shut down the scope and release resources.
+     * Disconnects channel service connectors, unsubscribes event handlers,
+     * and clears the channel event bus.
+     */
+    shutdown(): Promise<void>;
+    /**
+     * Dispose of this scope, cleaning up all registries and native resources.
+     * Call before process exit to prevent native mutex crashes from addons
+     * (e.g., ONNX runtime) whose threads are still running during teardown.
+     */
+    dispose(): Promise<void>;
 }
 //# sourceMappingURL=scope.instance.d.ts.map

package/scope/scope.instance.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"scope.instance.d.ts","sourceRoot":"","sources":["../../src/scope/scope.instance.ts"],"names":[],"mappings":"AAAA,OAAO,kBAAkB,CAAC;AAC1B,OAAO,EAEL,WAAW,EACX,QAAQ,EACR,YAAY,EACZ,QAAQ,EACR,YAAY,EACZ,cAAc,EACd,cAAc,EAEd,UAAU,EACV,WAAW,EACX,KAAK,EACL,IAAI,EACL,MAAM,WAAW,CAAC;AAEnB,OAAO,WAAW,MAAM,qBAAqB,CAAC;AAC9C,OAAO,gBAAgB,MAAM,+BAA+B,CAAC;AAC7D,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAGrD,OAAO,EAAE,gBAAgB,EAAE,MAAM,iCAAiC,CAAC;AACnE,OAAO,YAAY,MAAM,uBAAuB,CAAC;AACjD,OAAO,gBAAgB,MAAM,+BAA+B,CAAC;AAC7D,OAAO,YAAY,MAAM,wBAAwB,CAAC;AAClD,OAAO,cAAc,MAAM,2BAA2B,CAAC;AACvD,OAAO,aAAa,MAAM,yBAAyB,CAAC;AACpD,OAAO,aAAa,MAAM,yBAAyB,CAAC;AAKpD,OAAO,EAAE,mBAAmB,EAA2B,MAAM,kBAAkB,CAAC;AAGhF,OAAO,EAAE,mBAAmB,EAAE,MAAM,iBAAiB,CAAC;AAGtD,OAAO,EAAE,cAAc,EAA6C,MAAM,YAAY,CAAC;AAEvF,OAAO,cAAmC,MAAM,2BAA2B,CAAC;AAC5E,OAAO,EAAE,gBAAgB,EAA0B,MAAM,gBAAgB,CAAC;AAK1E,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAErD,OAAO,WAAW,MAAM,qBAAqB,CAAC;AAC9C,OAAO,gBAAgB,MAAM,+BAA+B,CAAC;AAO7D,OAAO,EAAsB,KAAK,YAAY,EAAE,MAAM,iBAAiB,CAAC;AACxE,OAAO,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AAE1C,qBAAa,KAAM,SAAQ,UAAU;IACnC,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAmB;IACnD,QAAQ,CAAC,MAAM,EAAE,cAAc,CAAC;IAEhC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAmB;IAClD,OAAO,CAAC,SAAS,CAAe;IAChC,OAAO,CAAC,UAAU,CAAe;IACjC,OAAO,CAAC,SAAS,CAAc;IAC/B,OAAO,CAAC,UAAU,CAAe;IACjC,OAAO,CAAC,UAAU,CAAe;IACjC,OAAO,CAAC,cAAc,CAAmB;IACzC,OAAO,CAAC,YAAY,CAAiB;IACrC,OAAO,CAAC,WAAW,CAAgB;IACnC,OAAO,CAAC,WAAW,CAAgB;IACnC,OAAO,CAAC,YAAY,CAAC,CAAiB;IAEtC,gBAAgB,EAAE,gBAAgB,CAAC;IACnC,mBAAmB,EAAE,mBAAmB,CAAC;IACzC,OAAO,CAAC,cAAc,CAAiB;IACvC,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,YAAY,EAAE,OAAO,CAAS;IAEvC,QAAQ,CAAC,MAAM,EAAE,cAAc,CAAC;IAEhC,6EAA6E;IAC7E,OAAO,CAAC,iBAAiB,CAAC,CAAmB;IAE7C,wEAAwE;IACxE,OAAO,CAAC,aAAa,CAAC,CAAsB;IAE5C,yDAAyD;IACzD,OAAO,CAAC,WAAW,CAAC,CAAa;IAEjC,uDAAuD;IACvD,OAAO,CAAC,UAAU,CAAC,CAAc;IACjC,OAAO,CAAC,eAAe,CAAC,CAAmB;IAC3C,OAAO,CAAC,oBAAoB,CAAC,CAAsB;IACnD,OAAO,CAAC,cAAc,CAAC,CAAgB;IACvC,OAAO,CAAC,mBAAmB,CAAC,CAAqB;IAEjD,4EAA4E;IAC5E,OAAO,CAAC,iBAAiB,CAAC,CAAe;IAEzC,kEAAkE;IAClE,OAAO,CAAC,cAAc,CAAC,CAAgB;IAEvC,4EAA4E;IAC5E,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAU;gBAEtB,GAAG,EAAE,WAAW,EAAE,eAAe,EAAE,gBAAgB;cA2B/C,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IA2a3C;;;OAGG;YACW,gBAAgB;IAsH9B,OAAO,CAAC,kBAAkB;IAgB1B,OAAO,KAAK,qBAAqB,GA+BhC;IAED,IAAI,IAAI,IAAI,YAAY,CAEvB;IAED,IAAI,KAAK,IAAI,YAAY,CAExB;IAED,IAAI,aAAa,IAAI,YAAY,CAEhC;IAED,IAAI,SAAS,qBAEZ;IAED,IAAI,IAAI,IAAI,WAAW,CAEtB;IAED,IAAI,KAAK,IAAI,YAAY,CAExB;IAED,IAAI,MAAM,IAAI,cAAc,CAE3B;IAED,IAAI,SAAS,IAAI,gBAAgB,CAEhC;IAED,IAAI,OAAO,IAAI,cAAc,CAE5B;IAED,IAAI,MAAM,IAAI,aAAa,CAE1B;IAED,IAAI,MAAM,IAAI,aAAa,CAE1B;IAED,IAAI,IAAI,IAAI,WAAW,GAAG,SAAS,CAElC;IAED,IAAI,SAAS,IAAI,gBAAgB,GAAG,SAAS,CAE5C;IAED;;;;;;;;;;OAUG;IACH,IAAI,YAAY,IAAI,mBAAmB,GAAG,SAAS,CAElD;IAED,IAAI,OAAO,IAAI,cAAc,GAAG,SAAS,CAExC;IAED,IAAI,aAAa,IAAI,mBAAmB,CAEvC;IAED;;;;;;;;;OASG;IACH,IAAI,gBAAgB,IAAI,gBAAgB,GAAG,SAAS,CAEnD;IAED;;;;;;;;;;;;;;;;OAgBG;IACH,IAAI,UAAU,IAAI,UAAU,GAAG,SAAS,CAEvC;IAED;;;OAGG;IACH,IAAI,gBAAgB,IAAI,YAAY,GAAG,SAAS,CAE/C;IAED;;;OAGG;IACH,IAAI,aAAa,IAAI,aAAa,GAAG,SAAS,CAE7C;IAED;;;OAGG;IACH,OAAO,CAAC,iCAAiC;IAkBzC;;;OAGG;IACH,IAAI,UAAU;;;;;;kBAEb;IAED,aAAa,CAAC,GAAG,KAAK,EAAE,QAAQ,EAAE;IAIlC,OAAO,CAAC,IAAI,SAAS,QAAQ,EAC3B,IAAI,EAAE,IAAI,EACV,KAAK,EAAE,WAAW,CAAC,IAAI,CAAC,EACxB,IAAI,CAAC,EAAE,GAAG,CAAC,KAAK,EAAE,IAAI,CAAC,GACtB,OAAO,CAAC,YAAY,CAAC,IAAI,CAAC,GAAG,SAAS,CAAC;IAIpC,gBAAgB,CAAC,IAAI,SAAS,QAAQ,EAC1C,IAAI,EAAE,IAAI,EACV,KAAK,EAAE,WAAW,CAAC,IAAI,CAAC,EACxB,IAAI,CAAC,EAAE,GAAG,CAAC,KAAK,EAAE,IAAI,CAAC,GACtB,OAAO,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;CAO/B"}
+{"version":3,"file":"scope.instance.d.ts","sourceRoot":"","sources":["../../src/scope/scope.instance.ts"],"names":[],"mappings":"AAAA,OAAO,kBAAkB,CAAC;AAE1B,OAAO,EAAsB,KAAK,YAAY,EAAE,MAAM,iBAAiB,CAAC;AACxE,OAAO,EAAE,KAAK,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAGrD,OAAO,aAAa,MAAM,yBAAyB,CAAC;AAEpD,OAAO,WAAW,MAAM,qBAAqB,CAAC;AAC9C,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AACrD,OAAO,EAAE,KAAK,0BAA0B,EAAE,MAAM,yCAAyC,CAAC;AAE1F,OAAO,KAAK,eAAe,MAAM,6BAA6B,CAAC;AAC/D,OAAO,EAAE,KAAK,eAAe,EAAE,MAAM,qCAAqC,CAAC;AAI3E,OAAO,EACL,cAAc,EACd,cAAc,EAEd,UAAU,EAEV,KAAK,WAAW,EAChB,KAAK,QAAQ,EACb,KAAK,YAAY,EACjB,KAAK,QAAQ,EACb,KAAK,YAAY,EACjB,KAAK,WAAW,EAChB,KAAK,KAAK,EACV,KAAK,IAAI,EACV,MAAM,WAAW,CAAC;AAOnB,OAAO,EAA0B,KAAK,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAK/E,OAAO,EAAE,SAAS,EAAE,MAAM,OAAO,CAAC;AAClC,OAAO,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,YAAY,MAAM,wBAAwB,CAAC;AAIlD,OAAO,KAAK,WAAW,MAAM,qBAAqB,CAAC;AAInD,OAAO,EAAE,mBAAmB,EAAE,MAAM,iBAAiB,CAAC;AACtD,OAAO,cAAwC,MAAM,2BAA2B,CAAC;AACjF,OAAO,cAAc,MAAM,2BAA2B,CAAC;AACvD,OAAO,gBAAgB,MAAM,+BAA+B,CAAC;AAC7D,OAAO,gBAAgB,MAAM,+BAA+B,CAAC;AAG7D,OAAO,EAA2B,mBAAmB,EAAE,MAAM,kBAAkB,CAAC;AAEhF,OAAO,aAAa,MAAM,yBAAyB,CAAC;AACpD,OAAO,EAKL,YAAY,EAKZ,KAAK,SAAS,EACf,MAAM,SAAS,CAAC;AAEjB,OAAO,YAAY,MAAM,uBAAuB,CAAC;AAEjD,OAAO,EAA6C,cAAc,EAAE,MAAM,YAAY,CAAC;AAGvF,OAAO,EAAE,gBAAgB,EAAE,MAAM,iCAAiC,CAAC;AACnE,OAAO,KAAK,gBAAgB,MAAM,+BAA+B,CAAC;AAGlE,qBAAa,KAAM,SAAQ,UAAU;IACnC,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAmB;IACnD,QAAQ,CAAC,MAAM,EAAE,cAAc,CAAC;IAEhC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAmB;IAClD,OAAO,CAAC,SAAS,CAAe;IAChC,OAAO,CAAC,UAAU,CAAe;IACjC,OAAO,CAAC,SAAS,CAAc;IAC/B,OAAO,CAAC,UAAU,CAAe;IACjC,OAAO,CAAC,UAAU,CAAe;IACjC,OAAO,CAAC,cAAc,CAAmB;IACzC,OAAO,CAAC,YAAY,CAAiB;IACrC,OAAO,CAAC,WAAW,CAAgB;IACnC,OAAO,CAAC,WAAW,CAAgB;IACnC,OAAO,CAAC,YAAY,CAAC,CAAiB;IAEtC,gBAAgB,EAAE,gBAAgB,CAAC;IACnC,mBAAmB,EAAE,mBAAmB,CAAC;IACjC,SAAS,CAAC,EAAE,SAAS,CAAC;IAC9B,OAAO,CAAC,cAAc,CAAiB;IACvC,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,YAAY,EAAE,OAAO,CAAS;IAEvC,QAAQ,CAAC,MAAM,EAAE,cAAc,CAAC;IAEhC,6EAA6E;IAC7E,OAAO,CAAC,iBAAiB,CAAC,CAAmB;IAE7C,iEAAiE;IACjE,OAAO,CAAC,UAAU,CAAC,CAAY;IAE/B,4EAA4E;IAC5E,OAAO,CAAC,aAAa,CAAC,CAAe;IAErC,wEAAwE;IACxE,OAAO,CAAC,aAAa,CAAC,CAAsB;IAE5C,yDAAyD;IACzD,OAAO,CAAC,WAAW,CAAC,CAAa;IAEjC,uDAAuD;IACvD,OAAO,CAAC,UAAU,CAAC,CAAc;IACjC,OAAO,CAAC,eAAe,CAAC,CAAmB;IAC3C,OAAO,CAAC,oBAAoB,CAAC,CAAsB;IACnD,OAAO,CAAC,cAAc,CAAC,CAAgB;IACvC,OAAO,CAAC,mBAAmB,CAAC,CAAqB;IAEjD,4EAA4E;IAC5E,OAAO,CAAC,iBAAiB,CAAC,CAAe;IAEzC,oEAAoE;IACpE,OAAO,CAAC,kBAAkB,CAAC,CAA6C;IACxE,OAAO,CAAC,0BAA0B,CAAC,CAAqD;IACxF,OAAO,CAAC,wBAAwB,CAAC,CAAmD;IAEpF,gCAAgC;IAChC,OAAO,CAAC,cAAc,CAAC,CAAkB;IACzC,OAAO,CAAC,2BAA2B,CAAC,CAA6B;IACjE,OAAO,CAAC,gBAAgB,CAAC,CAAkB;IAC3C,OAAO,CAAC,gBAAgB,CAAC,CAAsB;IAE/C,kEAAkE;IAClE,OAAO,CAAC,cAAc,CAAC,CAAgB;IAEvC,4EAA4E;IAC5E,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAU;gBAEtB,GAAG,EAAE,WAAW,EAAE,eAAe,EAAE,gBAAgB;cA2B/C,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAonB3C;;;OAGG;YACW,gBAAgB;IAsH9B,OAAO,CAAC,kBAAkB;IAiB1B,OAAO,KAAK,qBAAqB,GA+BhC;IAED,IAAI,IAAI,IAAI,YAAY,CAEvB;IAED,IAAI,KAAK,IAAI,YAAY,CAExB;IAED,IAAI,aAAa,IAAI,YAAY,CAEhC;IAED,IAAI,SAAS,qBAEZ;IAED,IAAI,IAAI,IAAI,WAAW,CAEtB;IAED,IAAI,KAAK,IAAI,YAAY,CAExB;IAED,IAAI,MAAM,IAAI,cAAc,CAE3B;IAED,IAAI,SAAS,IAAI,gBAAgB,CAEhC;IAED,IAAI,OAAO,IAAI,cAAc,CAE5B;IAED,IAAI,MAAM,IAAI,aAAa,CAE1B;IAED,IAAI,MAAM,IAAI,aAAa,CAE1B;IAED,IAAI,IAAI,IAAI,WAAW,GAAG,SAAS,CAElC;IAED,IAAI,SAAS,IAAI,gBAAgB,GAAG,SAAS,CAE5C;IAED,IAAI,QAAQ,IAAI,eAAe,GAAG,SAAS,CAE1C;IAED,IAAI,oBAAoB,IAAI,0BAA0B,GAAG,SAAS,CAEjE;IAED,IAAI,eAAe,IAAI,eAAe,GAAG,SAAS,CAEjD;IAED;;;;;;;;;;OAUG;IACH,IAAI,YAAY,IAAI,mBAAmB,GAAG,SAAS,CAElD;IAED,IAAI,OAAO,IAAI,cAAc,GAAG,SAAS,CAExC;IAED,IAAI,aAAa,IAAI,mBAAmB,CAEvC;IAED;;;;;;;;;OASG;IACH,IAAI,gBAAgB,IAAI,gBAAgB,GAAG,SAAS,CAEnD;IAED;;;OAGG;IACH,IAAI,SAAS,IAAI,SAAS,GAAG,SAAS,CAErC;IAED;;;OAGG;IACH,IAAI,KAAK,IAAI,YAAY,GAAG,SAAS,CAEpC;IAED;;;;;;;;;;;;;;;;OAgBG;IACH,IAAI,UAAU,IAAI,UAAU,GAAG,SAAS,CAEvC;IAED;;;OAGG;IACH,IAAI,gBAAgB,IAAI,YAAY,GAAG,SAAS,CAE/C;IAED;;;OAGG;IACH,IAAI,aAAa,IAAI,aAAa,GAAG,SAAS,CAE7C;IAED;;;;OAIG;IACH,IAAI,iBAAiB,IAAI,OAAO,gBAAgB,EAAE,iBAAiB,GAAG,SAAS,CAE9E;IAED;;;OAGG;IACH,IAAI,yBAAyB,IAAI,OAAO,gBAAgB,EAAE,yBAAyB,GAAG,SAAS,CAE9F;IAED;;;OAGG;IACH,IAAI,uBAAuB,IAAI,OAAO,gBAAgB,EAAE,uBAAuB,GAAG,SAAS,CAE1F;IAED;;;;OAIG;IACH,qBAAqB,IAAI,MAAM,EAAE;IAoJjC;;;OAGG;IACH,OAAO,CAAC,iCAAiC;IAkBzC;;;OAGG;IACH,IAAI,UAAU;;;;;;kBAEb;IAED,aAAa,CAAC,GAAG,KAAK,EAAE,QAAQ,EAAE;IAIlC,OAAO,CAAC,IAAI,SAAS,QAAQ,EAC3B,IAAI,EAAE,IAAI,EACV,KAAK,EAAE,WAAW,CAAC,IAAI,CAAC,EACxB,IAAI,CAAC,EAAE,GAAG,CAAC,KAAK,EAAE,IAAI,CAAC,GACtB,OAAO,CAAC,YAAY,CAAC,IAAI,CAAC,GAAG,SAAS,CAAC;IAIpC,gBAAgB,CAAC,IAAI,SAAS,QAAQ,EAC1C,IAAI,EAAE,IAAI,EACV,KAAK,EAAE,WAAW,CAAC,IAAI,CAAC,EACxB,IAAI,CAAC,EAAE,GAAG,CAAC,KAAK,EAAE,IAAI,CAAC,GACtB,OAAO,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;IAQ9B;;;;OAIG;IACG,QAAQ,IAAI,OAAO,CAAC,IAAI,CAAC;IAkB/B;;;;OAIG;IACG,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;CAM/B"}

package/server/adapters/base.host.adapter.d.ts

@@ -13,7 +13,10 @@ export declare abstract class HostServerAdapter extends FrontMcpServer {
      * Start the server on the specified port or Unix socket path.
      * When a string is provided, the server listens on a Unix socket.
      * When a number is provided, the server listens on a TCP port.
+     *
+     * @param portOrSocketPath - Port number or Unix socket path
+     * @param bindAddress - Optional bind address (e.g., '127.0.0.1', '0.0.0.0')
      */
-    abstract start(portOrSocketPath: number | string): Promise<void> | void;
+    abstract start(portOrSocketPath: number | string, bindAddress?: string): Promise<void> | void;
 }
 //# sourceMappingURL=base.host.adapter.d.ts.map

package/server/adapters/base.host.adapter.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"base.host.adapter.d.ts","sourceRoot":"","sources":["../../../src/server/adapters/base.host.adapter.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAE9C,8BAAsB,iBAAkB,SAAQ,cAAc;IAC5D;;;OAGG;aACe,OAAO,IAAI,IAAI;IAEjC;;OAEG;aACe,UAAU,IAAI,OAAO;IAEvC;;;;OAIG;aACe,KAAK,CAAC,gBAAgB,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI;CACjF"}
+{"version":3,"file":"base.host.adapter.d.ts","sourceRoot":"","sources":["../../../src/server/adapters/base.host.adapter.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAE9C,8BAAsB,iBAAkB,SAAQ,cAAc;IAC5D;;;OAGG;aACe,OAAO,IAAI,IAAI;IAEjC;;OAEG;aACe,UAAU,IAAI,OAAO;IAEvC;;;;;;;OAOG;aACe,KAAK,CAAC,gBAAgB,EAAE,MAAM,GAAG,MAAM,EAAE,WAAW,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI;CACvG"}

package/server/adapters/express.host.adapter.d.ts

@@ -1,6 +1,7 @@
 import express from 'express';
+import { type CorsOptions, type HttpMethod, type ServerRequestHandler } from '../../common';
+import type { SecurityOptions } from '../../common/types/options/http/interfaces';
 import { HostServerAdapter } from './base.host.adapter';
-import { CorsOptions, HttpMethod, ServerRequestHandler } from '../../common';
 /**
  * Options for ExpressHostAdapter.
  */
@@ -11,6 +12,11 @@ export interface ExpressHostAdapterOptions {
      * Note: FrontMcpServerInstance provides a permissive default when `cors` is omitted.
      */
     cors?: CorsOptions;
+    /**
+     * Security options for transport hardening.
+     * Includes bind address and DNS rebinding protection.
+     */
+    security?: SecurityOptions;
 }
 export declare class ExpressHostAdapter extends HostServerAdapter {
     private app;
@@ -31,7 +37,7 @@ export declare class ExpressHostAdapter extends HostServerAdapter {
      * Automatically calls prepare() to ensure routes are registered.
      */
     getHandler(): express.Application;
-    start(portOrSocketPath: number | string): Promise<void>;
+    start(portOrSocketPath: number | string, bindAddress?: string): Promise<void>;
     private cleanupStaleSocket;
 }
 //# sourceMappingURL=express.host.adapter.d.ts.map

package/server/adapters/express.host.adapter.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"express.host.adapter.d.ts","sourceRoot":"","sources":["../../../src/server/adapters/express.host.adapter.ts"],"names":[],"mappings":"AAEA,OAAO,OAAO,MAAM,SAAS,CAAC;AAE9B,OAAO,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AACxD,OAAO,EAAE,WAAW,EAAE,UAAU,EAAiB,oBAAoB,EAAkB,MAAM,cAAc,CAAC;AAG5G;;GAEG;AACH,MAAM,WAAW,yBAAyB;IACxC;;;;OAIG;IACH,IAAI,CAAC,EAAE,WAAW,CAAC;CACpB;AAED,qBAAa,kBAAmB,SAAQ,iBAAiB;IACvD,OAAO,CAAC,GAAG,CAAa;IACxB,OAAO,CAAC,MAAM,CAAoB;IAClC,OAAO,CAAC,QAAQ,CAAS;gBAEb,OAAO,CAAC,EAAE,yBAAyB;IAgC/C,aAAa,CAAC,MAAM,EAAE,UAAU,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,oBAAoB;IAI7E,kBAAkB,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,oBAAoB;IAInE,eAAe,CAAC,OAAO,EAAE,oBAAoB,IACnC,KAAK,OAAO,CAAC,OAAO,EAAE,KAAK,OAAO,CAAC,QAAQ,EAAE,MAAM,OAAO,CAAC,YAAY;IAQjF;;;;OAIG;IACH,OAAO,IAAI,IAAI;IAMf;;;OAGG;IACH,UAAU,IAAI,OAAO,CAAC,WAAW;IAK3B,KAAK,CAAC,gBAAgB,EAAE,MAAM,GAAG,MAAM;YAoC/B,kBAAkB;CASjC"}
+{"version":3,"file":"express.host.adapter.d.ts","sourceRoot":"","sources":["../../../src/server/adapters/express.host.adapter.ts"],"names":[],"mappings":"AAIA,OAAO,OAAO,MAAM,SAAS,CAAC;AAI9B,OAAO,EACL,KAAK,WAAW,EAChB,KAAK,UAAU,EAEf,KAAK,oBAAoB,EAE1B,MAAM,cAAc,CAAC;AACtB,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,4CAA4C,CAAC;AAElF,OAAO,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AAExD;;GAEG;AACH,MAAM,WAAW,yBAAyB;IACxC;;;;OAIG;IACH,IAAI,CAAC,EAAE,WAAW,CAAC;IAEnB;;;OAGG;IACH,QAAQ,CAAC,EAAE,eAAe,CAAC;CAC5B;AAED,qBAAa,kBAAmB,SAAQ,iBAAiB;IACvD,OAAO,CAAC,GAAG,CAAa;IACxB,OAAO,CAAC,MAAM,CAAoB;IAClC,OAAO,CAAC,QAAQ,CAAS;gBAEb,OAAO,CAAC,EAAE,yBAAyB;IAwD/C,aAAa,CAAC,MAAM,EAAE,UAAU,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,oBAAoB;IAI7E,kBAAkB,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,oBAAoB;IAInE,eAAe,CAAC,OAAO,EAAE,oBAAoB,IACnC,KAAK,OAAO,CAAC,OAAO,EAAE,KAAK,OAAO,CAAC,QAAQ,EAAE,MAAM,OAAO,CAAC,YAAY;IAQjF;;;;OAIG;IACH,OAAO,IAAI,IAAI;IAMf;;;OAGG;IACH,UAAU,IAAI,OAAO,CAAC,WAAW;IAK3B,KAAK,CAAC,gBAAgB,EAAE,MAAM,GAAG,MAAM,EAAE,WAAW,CAAC,EAAE,MAAM;YAqCrD,kBAAkB;CASjC"}

package/server/middleware/csp.middleware.d.ts

@@ -0,0 +1,64 @@
+/**
+ * Content Security Policy (CSP) Middleware
+ *
+ * Sets CSP headers based on deployment configuration.
+ * Configured via `frontmcp.config` server.csp settings,
+ * injected as environment variables at build time.
+ */
+/**
+ * CSP configuration read from environment variables (set by build adapter).
+ */
+export interface CspOptions {
+    /** Enable CSP headers. */
+    enabled: boolean;
+    /** CSP directives map. */
+    directives: Record<string, string>;
+    /** Report URI for violations. */
+    reportUri?: string;
+    /** Use Report-Only header instead of enforcement. */
+    reportOnly: boolean;
+}
+/**
+ * Read CSP configuration from environment variables.
+ * Environment variables are injected by the build adapter from frontmcp.config.
+ *
+ * FRONTMCP_CSP_ENABLED=1
+ * FRONTMCP_CSP_DIRECTIVES=default-src 'self'; script-src 'self' https://cdn.example.com
+ * FRONTMCP_CSP_REPORT_URI=https://report.example.com/csp
+ * FRONTMCP_CSP_REPORT_ONLY=1
+ */
+export declare function readCspFromEnv(): CspOptions | undefined;
+/**
+ * Build the CSP header value from directives.
+ */
+export declare function buildCspHeaderValue(options: CspOptions): string;
+/**
+ * Get the CSP header name based on report-only mode.
+ */
+export declare function getCspHeaderName(reportOnly: boolean): string;
+/**
+ * Security headers read from environment variables.
+ * Set by the build adapter from frontmcp.config server.headers settings.
+ *
+ * FRONTMCP_HSTS=max-age=31536000; includeSubDomains
+ * FRONTMCP_CONTENT_TYPE_OPTIONS=nosniff
+ * FRONTMCP_FRAME_OPTIONS=DENY
+ */
+export interface SecurityHeaders {
+    hsts?: string;
+    contentTypeOptions?: string;
+    frameOptions?: string;
+    custom?: Record<string, string>;
+}
+/**
+ * Read security headers from environment variables.
+ */
+export declare function readSecurityHeadersFromEnv(): SecurityHeaders;
+/**
+ * Apply security headers to a response object.
+ * Called by the HTTP adapter on every response.
+ */
+export declare function applySecurityHeaders(res: {
+    setHeader(name: string, value: string): void;
+}, headers: SecurityHeaders, csp?: CspOptions): void;
+//# sourceMappingURL=csp.middleware.d.ts.map

package/server/middleware/csp.middleware.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"csp.middleware.d.ts","sourceRoot":"","sources":["../../../src/server/middleware/csp.middleware.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAIH;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,0BAA0B;IAC1B,OAAO,EAAE,OAAO,CAAC;IACjB,0BAA0B;IAC1B,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACnC,iCAAiC;IACjC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,qDAAqD;IACrD,UAAU,EAAE,OAAO,CAAC;CACrB;AAED;;;;;;;;GAQG;AACH,wBAAgB,cAAc,IAAI,UAAU,GAAG,SAAS,CAwBvD;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,UAAU,GAAG,MAAM,CAY/D;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,UAAU,EAAE,OAAO,GAAG,MAAM,CAE5D;AAED;;;;;;;GAOG;AACH,MAAM,WAAW,eAAe;IAC9B,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACjC;AAED;;GAEG;AACH,wBAAgB,0BAA0B,IAAI,eAAe,CAM5D;AAED;;;GAGG;AACH,wBAAgB,oBAAoB,CAClC,GAAG,EAAE;IAAE,SAAS,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,IAAI,CAAA;CAAE,EACrD,OAAO,EAAE,eAAe,EACxB,GAAG,CAAC,EAAE,UAAU,GACf,IAAI,CAsBN"}

package/server/middleware/host-validation.middleware.d.ts

@@ -0,0 +1,25 @@
+/**
+ * Host Header Validation Middleware
+ *
+ * Validates the HTTP Host header against a whitelist of allowed values
+ * to protect against DNS rebinding attacks. Only active when explicitly
+ * enabled via security.dnsRebindingProtection.enabled = true.
+ */
+import type { ServerRequest, ServerResponse } from '../../common';
+/**
+ * Configuration for host validation middleware.
+ */
+export interface HostValidationOptions {
+    /** Whether host validation is enabled. @default false */
+    enabled: boolean;
+    /** Allowed Host header values (e.g., ['localhost:3001', 'api.example.com']) */
+    allowedHosts?: string[];
+    /** Allowed Origin header values (e.g., ['https://app.example.com']) */
+    allowedOrigins?: string[];
+}
+/**
+ * Create middleware that validates Host and Origin headers.
+ * Returns a no-op middleware when not enabled.
+ */
+export declare function createHostValidationMiddleware(options: HostValidationOptions): (req: ServerRequest, res: ServerResponse, next: () => void) => void;
+//# sourceMappingURL=host-validation.middleware.d.ts.map

package/server/middleware/host-validation.middleware.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"host-validation.middleware.d.ts","sourceRoot":"","sources":["../../../src/server/middleware/host-validation.middleware.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAElE;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,yDAAyD;IACzD,OAAO,EAAE,OAAO,CAAC;IACjB,+EAA+E;IAC/E,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,uEAAuE;IACvE,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;CAC3B;AAED;;;GAGG;AACH,wBAAgB,8BAA8B,CAC5C,OAAO,EAAE,qBAAqB,GAC7B,CAAC,GAAG,EAAE,aAAa,EAAE,GAAG,EAAE,cAAc,EAAE,IAAI,EAAE,MAAM,IAAI,KAAK,IAAI,CAmCrE"}

package/server/security/security-audit.d.ts

@@ -0,0 +1,66 @@
+/**
+ * Security Audit — Production Readiness Warnings
+ *
+ * Logs security-relevant configuration at server startup.
+ * Warn-only approach: no defaults are changed, but insecure
+ * configurations are flagged in production environments.
+ */
+import type { CorsOptions } from '../../common';
+/**
+ * Security configuration for the audit.
+ */
+export interface SecurityAuditConfig {
+    /** CORS configuration (undefined = permissive default) */
+    cors?: CorsOptions | false;
+    /** Security options from HttpOptionsInterface */
+    security?: {
+        strict?: boolean;
+        bindAddress?: 'loopback' | 'all' | string;
+        dnsRebindingProtection?: {
+            enabled?: boolean;
+            allowedHosts?: string[];
+            allowedOrigins?: string[];
+        };
+    };
+    /** Resolved bind address (what the server actually binds to) */
+    resolvedBindAddress?: string;
+    /** Deployment mode */
+    deploymentMode?: string;
+}
+/**
+ * Individual security finding.
+ */
+export interface SecurityFinding {
+    level: 'warn' | 'info';
+    code: string;
+    message: string;
+    recommendation?: string;
+}
+/**
+ * Audit security configuration and return findings.
+ * Called at server startup to produce log warnings.
+ *
+ * @param config - Current security-relevant configuration
+ * @param isProduction - Whether NODE_ENV is 'production'
+ * @returns Array of security findings
+ */
+export declare function auditSecurityDefaults(config: SecurityAuditConfig, isProduction: boolean): SecurityFinding[];
+/**
+ * Format and log security findings.
+ *
+ * @param findings - Security findings from auditSecurityDefaults
+ * @param logger - Logger with info/warn methods
+ */
+export declare function logSecurityFindings(findings: SecurityFinding[], logger: {
+    info: (msg: string) => void;
+    warn: (msg: string) => void;
+}): void;
+/**
+ * Resolve the effective bind address based on configuration and deployment mode.
+ *
+ * @param security - Security configuration
+ * @param deploymentMode - Current deployment mode
+ * @returns Resolved IP address string
+ */
+export declare function resolveBindAddress(security?: SecurityAuditConfig['security'], deploymentMode?: string): string;
+//# sourceMappingURL=security-audit.d.ts.map

package/server/security/security-audit.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"security-audit.d.ts","sourceRoot":"","sources":["../../../src/server/security/security-audit.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAEhD;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,0DAA0D;IAC1D,IAAI,CAAC,EAAE,WAAW,GAAG,KAAK,CAAC;IAC3B,iDAAiD;IACjD,QAAQ,CAAC,EAAE;QACT,MAAM,CAAC,EAAE,OAAO,CAAC;QACjB,WAAW,CAAC,EAAE,UAAU,GAAG,KAAK,GAAG,MAAM,CAAC;QAC1C,sBAAsB,CAAC,EAAE;YACvB,OAAO,CAAC,EAAE,OAAO,CAAC;YAClB,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;YACxB,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;SAC3B,CAAC;KACH,CAAC;IACF,gEAAgE;IAChE,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,sBAAsB;IACtB,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,KAAK,EAAE,MAAM,GAAG,MAAM,CAAC;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAED;;;;;;;GAOG;AACH,wBAAgB,qBAAqB,CAAC,MAAM,EAAE,mBAAmB,EAAE,YAAY,EAAE,OAAO,GAAG,eAAe,EAAE,CAmG3G;AAED;;;;;GAKG;AACH,wBAAgB,mBAAmB,CACjC,QAAQ,EAAE,eAAe,EAAE,EAC3B,MAAM,EAAE;IACN,IAAI,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAC;IAC5B,IAAI,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAC;CAC7B,GACA,IAAI,CAeN;AAED;;;;;;GAMG;AACH,wBAAgB,kBAAkB,CAAC,QAAQ,CAAC,EAAE,mBAAmB,CAAC,UAAU,CAAC,EAAE,cAAc,CAAC,EAAE,MAAM,GAAG,MAAM,CAe9G"}

package/server/server.instance.d.ts

@@ -1,7 +1,7 @@
-import { FrontMcpServer, HttpOptions, HttpMethod, ServerRequestHandler } from '../common';
-import { HostServerAdapter } from './adapters/base.host.adapter';
-import type { HealthService } from '../health';
-import type { HealthOptionsInterface } from '../common/types/options/health';
+import { FrontMcpServer, type HttpMethod, type HttpOptions, type ServerRequestHandler } from '../common';
+import { type HealthOptionsInterface } from '../common/types/options/health';
+import { type HealthService } from '../health';
+import { type HostServerAdapter } from './adapters/base.host.adapter';
 export declare class FrontMcpServerInstance extends FrontMcpServer {
     config: HttpOptions;
     host: HostServerAdapter;

package/server/server.instance.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"server.instance.d.ts","sourceRoot":"","sources":["../../src/server/server.instance.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,WAAW,EAAE,UAAU,EAAE,oBAAoB,EAAe,MAAM,WAAW,CAAC;AAEvG,OAAO,EAAE,iBAAiB,EAAE,MAAM,8BAA8B,CAAC;AACjE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AAC/C,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,gCAAgC,CAAC;AAK7E,qBAAa,sBAAuB,SAAQ,cAAc;IACxD,MAAM,EAAE,WAAW,CAAC;IACpB,IAAI,EAAE,iBAAiB,CAAC;IACxB,OAAO,CAAC,qBAAqB,CAAS;IACtC,OAAO,CAAC,cAAc,CAAC,CAAgB;IACvC,OAAO,CAAC,aAAa,CAAC,CAAyB;gBAEnC,UAAU,EAAE,WAAW;IAMnC,OAAO,CAAC,aAAa;IAYrB,kBAAkB,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,oBAAoB;IAInE,aAAa,CAAC,MAAM,EAAE,UAAU,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,oBAAoB;IAIpE,eAAe,CAAC,OAAO,EAAE,oBAAoB,GAAG,oBAAoB;IAI7E;;;OAGG;IACH,gBAAgB,CAAC,aAAa,EAAE,aAAa,EAAE,YAAY,EAAE,sBAAsB,GAAG,IAAI;IAK1F;;;OAGG;IACH,eAAe,CAAC,YAAY,EAAE,sBAAsB,GAAG,IAAI;IAI3D,OAAO;IAkBP,UAAU,IAAI,OAAO;IAIf,KAAK;CAIZ"}
+{"version":3,"file":"server.instance.d.ts","sourceRoot":"","sources":["../../src/server/server.instance.ts"],"names":[],"mappings":"AAIA,OAAO,EACL,cAAc,EAEd,KAAK,UAAU,EACf,KAAK,WAAW,EAChB,KAAK,oBAAoB,EAC1B,MAAM,WAAW,CAAC;AACnB,OAAO,EAAE,KAAK,sBAAsB,EAAE,MAAM,gCAAgC,CAAC;AAC7E,OAAO,EAAwB,KAAK,aAAa,EAAE,MAAM,WAAW,CAAC;AACrE,OAAO,EAAE,KAAK,iBAAiB,EAAE,MAAM,8BAA8B,CAAC;AAKtE,qBAAa,sBAAuB,SAAQ,cAAc;IACxD,MAAM,EAAE,WAAW,CAAC;IACpB,IAAI,EAAE,iBAAiB,CAAC;IACxB,OAAO,CAAC,qBAAqB,CAAS;IACtC,OAAO,CAAC,cAAc,CAAC,CAAgB;IACvC,OAAO,CAAC,aAAa,CAAC,CAAyB;gBAEnC,UAAU,EAAE,WAAW;IAMnC,OAAO,CAAC,aAAa;IAerB,kBAAkB,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,oBAAoB;IAInE,aAAa,CAAC,MAAM,EAAE,UAAU,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,oBAAoB;IAIpE,eAAe,CAAC,OAAO,EAAE,oBAAoB,GAAG,oBAAoB;IAI7E;;;OAGG;IACH,gBAAgB,CAAC,aAAa,EAAE,aAAa,EAAE,YAAY,EAAE,sBAAsB,GAAG,IAAI;IAK1F;;;OAGG;IACH,eAAe,CAAC,YAAY,EAAE,sBAAsB,GAAG,IAAI;IAI3D,OAAO;IAkBP,UAAU,IAAI,OAAO;IAIf,KAAK;CAqBZ"}

package/skill/flows/http/llm-full-txt.flow.d.ts

@@ -1,39 +1,34 @@
-/**
- * HTTP flow for GET /llm_full.txt endpoint.
- * Returns full skill content with instructions and tool schemas.
- */
-import { FlowBase, FlowRunOptions, ScopeEntry, ServerRequest } from '../../../common';
-import { z } from 'zod';
-declare const inputSchema: z.ZodObject<{
-    request: z.ZodObject<{}, z.core.$loose>;
-    response: z.ZodObject<{}, z.core.$loose>;
-    next: z.ZodOptional<z.ZodFunction<z.core.$ZodFunctionArgs, z.core.$ZodFunctionOut>>;
-}, z.core.$strip>;
-declare const stateSchema: z.ZodObject<{
-    prefix: z.ZodString;
-}, z.core.$strip>;
-declare const outputSchema: z.ZodObject<{
-    kind: z.ZodLiteral<"text">;
-    status: z.ZodNumber;
-    body: z.ZodString;
-    contentType: z.ZodDefault<z.ZodString>;
-    headers: z.ZodOptional<z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodUnion<readonly [z.ZodString, z.ZodUnion<readonly [z.ZodString, z.ZodArray<z.ZodString>]>]>>>>;
-    cookies: z.ZodOptional<z.ZodDefault<z.ZodArray<z.ZodObject<{
-        name: z.ZodString;
-        value: z.ZodString;
-        path: z.ZodDefault<z.ZodString>;
-        domain: z.ZodOptional<z.ZodString>;
-        httpOnly: z.ZodDefault<z.ZodBoolean>;
-        secure: z.ZodOptional<z.ZodBoolean>;
-        sameSite: z.ZodOptional<z.ZodEnum<{
+import { FlowBase, type FlowRunOptions, type ScopeEntry, type ServerRequest } from '../../../common';
+declare const inputSchema: import("@frontmcp/lazy-zod").ZodObject<{
+    request: import("@frontmcp/lazy-zod").ZodObject<{}, import("zod/v4/core").$loose>;
+    response: import("@frontmcp/lazy-zod").ZodObject<{}, import("zod/v4/core").$loose>;
+    next: import("@frontmcp/lazy-zod").ZodOptional<import("zod").ZodFunction<import("zod/v4/core").$ZodFunctionArgs, import("zod/v4/core").$ZodFunctionOut>>;
+}, import("zod/v4/core").$strip>;
+declare const stateSchema: import("@frontmcp/lazy-zod").ZodObject<{
+    prefix: import("@frontmcp/lazy-zod").ZodString;
+}, import("zod/v4/core").$strip>;
+declare const outputSchema: import("@frontmcp/lazy-zod").ZodObject<{
+    kind: import("@frontmcp/lazy-zod").ZodLiteral<"text">;
+    status: import("@frontmcp/lazy-zod").ZodNumber;
+    body: import("@frontmcp/lazy-zod").ZodString;
+    contentType: import("@frontmcp/lazy-zod").ZodDefault<import("@frontmcp/lazy-zod").ZodString>;
+    headers: import("@frontmcp/lazy-zod").ZodOptional<import("@frontmcp/lazy-zod").ZodDefault<import("@frontmcp/lazy-zod").ZodRecord<import("@frontmcp/lazy-zod").ZodString, import("@frontmcp/lazy-zod").ZodUnion<readonly [import("@frontmcp/lazy-zod").ZodString, import("@frontmcp/lazy-zod").ZodUnion<readonly [import("@frontmcp/lazy-zod").ZodString, import("@frontmcp/lazy-zod").ZodArray<import("@frontmcp/lazy-zod").ZodString>]>]>>>>;
+    cookies: import("@frontmcp/lazy-zod").ZodOptional<import("@frontmcp/lazy-zod").ZodDefault<import("@frontmcp/lazy-zod").ZodArray<import("@frontmcp/lazy-zod").ZodObject<{
+        name: import("@frontmcp/lazy-zod").ZodString;
+        value: import("@frontmcp/lazy-zod").ZodString;
+        path: import("@frontmcp/lazy-zod").ZodDefault<import("@frontmcp/lazy-zod").ZodString>;
+        domain: import("@frontmcp/lazy-zod").ZodOptional<import("@frontmcp/lazy-zod").ZodString>;
+        httpOnly: import("@frontmcp/lazy-zod").ZodDefault<import("@frontmcp/lazy-zod").ZodBoolean>;
+        secure: import("@frontmcp/lazy-zod").ZodOptional<import("@frontmcp/lazy-zod").ZodBoolean>;
+        sameSite: import("@frontmcp/lazy-zod").ZodOptional<import("@frontmcp/lazy-zod").ZodEnum<{
             strict: "strict";
             lax: "lax";
             none: "none";
         }>>;
-        maxAge: z.ZodOptional<z.ZodNumber>;
-        expires: z.ZodOptional<z.ZodDate>;
-    }, z.core.$strip>>>>;
-}, z.core.$strip>;
+        maxAge: import("@frontmcp/lazy-zod").ZodOptional<import("@frontmcp/lazy-zod").ZodNumber>;
+        expires: import("@frontmcp/lazy-zod").ZodOptional<import("@frontmcp/lazy-zod").ZodDate>;
+    }, import("zod/v4/core").$strip>>>>;
+}, import("zod/v4/core").$strip>;
 declare const plan: {
     readonly pre: ["checkEnabled"];
     readonly execute: ["generateContent"];

package/skill/flows/http/llm-full-txt.flow.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"llm-full-txt.flow.d.ts","sourceRoot":"","sources":["../../../../src/skill/flows/http/llm-full-txt.flow.ts"],"names":[],"mappings":"AAEA;;;GAGG;AAEH,OAAO,EAEL,QAAQ,EAER,cAAc,EAId,UAAU,EACV,aAAa,EAId,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAMxB,QAAA,MAAM,WAAW;;;;iBAAkB,CAAC;AAEpC,QAAA,MAAM,WAAW;;iBAEf,CAAC;AAEH,QAAA,MAAM,YAAY;;;;;;;;;;;;;;;;;;;;;iBAAiB,CAAC;AAEpC,QAAA,MAAM,IAAI;;;CAG2B,CAAC;AAEtC,OAAO,CAAC,MAAM,CAAC;IACb,UAAU,WAAW;QACnB,0BAA0B,EAAE,cAAc,CACxC,cAAc,EACd,OAAO,IAAI,EACX,OAAO,WAAW,EAClB,OAAO,YAAY,EACnB,OAAO,WAAW,CACnB,CAAC;KACH;CACF;AAED,QAAA,MAAM,IAAI,EAAG,0BAAmC,CAAC;AAGjD;;;;;;;;;;;GAWG;AAWH,MAAM,CAAC,OAAO,OAAO,cAAe,SAAQ,QAAQ,CAAC,OAAO,IAAI,CAAC;IAC/D,MAAM,2CAA4C;IAElD;;;OAGG;IACH,MAAM,CAAC,WAAW,CAAC,OAAO,EAAE,aAAa,EAAE,KAAK,EAAE,UAAU,GAAG,OAAO;IAqBhE,YAAY;IAoCZ,eAAe;CAsDtB"}
+{"version":3,"file":"llm-full-txt.flow.d.ts","sourceRoot":"","sources":["../../../../src/skill/flows/http/llm-full-txt.flow.ts"],"names":[],"mappings":"AASA,OAAO,EAEL,QAAQ,EAQR,KAAK,cAAc,EACnB,KAAK,UAAU,EACf,KAAK,aAAa,EACnB,MAAM,iBAAiB,CAAC;AAMzB,QAAA,MAAM,WAAW;;;;gCAAkB,CAAC;AAEpC,QAAA,MAAM,WAAW;;gCAEf,CAAC;AAEH,QAAA,MAAM,YAAY;;;;;;;;;;;;;;;;;;;;;gCAAiB,CAAC;AAEpC,QAAA,MAAM,IAAI;;;CAG2B,CAAC;AAEtC,OAAO,CAAC,MAAM,CAAC;IACb,UAAU,WAAW;QACnB,0BAA0B,EAAE,cAAc,CACxC,cAAc,EACd,OAAO,IAAI,EACX,OAAO,WAAW,EAClB,OAAO,YAAY,EACnB,OAAO,WAAW,CACnB,CAAC;KACH;CACF;AAED,QAAA,MAAM,IAAI,EAAG,0BAAmC,CAAC;AAGjD;;;;;;;;;;;GAWG;AAWH,MAAM,CAAC,OAAO,OAAO,cAAe,SAAQ,QAAQ,CAAC,OAAO,IAAI,CAAC;IAC/D,MAAM,2CAA4C;IAElD;;;OAGG;IACH,MAAM,CAAC,WAAW,CAAC,OAAO,EAAE,aAAa,EAAE,KAAK,EAAE,UAAU,GAAG,OAAO;IAqBhE,YAAY;IAoCZ,eAAe;CAsDtB"}

package/skill/flows/http/llm-txt.flow.d.ts

@@ -1,39 +1,34 @@
-/**
- * HTTP flow for GET /llm.txt endpoint.
- * Returns compact skill summaries in plain text format.
- */
-import { FlowBase, FlowRunOptions, ScopeEntry, ServerRequest } from '../../../common';
-import { z } from 'zod';
-declare const inputSchema: z.ZodObject<{
-    request: z.ZodObject<{}, z.core.$loose>;
-    response: z.ZodObject<{}, z.core.$loose>;
-    next: z.ZodOptional<z.ZodFunction<z.core.$ZodFunctionArgs, z.core.$ZodFunctionOut>>;
-}, z.core.$strip>;
-declare const stateSchema: z.ZodObject<{
-    prefix: z.ZodString;
-}, z.core.$strip>;
-declare const outputSchema: z.ZodObject<{
-    kind: z.ZodLiteral<"text">;
-    status: z.ZodNumber;
-    body: z.ZodString;
-    contentType: z.ZodDefault<z.ZodString>;
-    headers: z.ZodOptional<z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodUnion<readonly [z.ZodString, z.ZodUnion<readonly [z.ZodString, z.ZodArray<z.ZodString>]>]>>>>;
-    cookies: z.ZodOptional<z.ZodDefault<z.ZodArray<z.ZodObject<{
-        name: z.ZodString;
-        value: z.ZodString;
-        path: z.ZodDefault<z.ZodString>;
-        domain: z.ZodOptional<z.ZodString>;
-        httpOnly: z.ZodDefault<z.ZodBoolean>;
-        secure: z.ZodOptional<z.ZodBoolean>;
-        sameSite: z.ZodOptional<z.ZodEnum<{
+import { FlowBase, type FlowRunOptions, type ScopeEntry, type ServerRequest } from '../../../common';
+declare const inputSchema: import("@frontmcp/lazy-zod").ZodObject<{
+    request: import("@frontmcp/lazy-zod").ZodObject<{}, import("zod/v4/core").$loose>;
+    response: import("@frontmcp/lazy-zod").ZodObject<{}, import("zod/v4/core").$loose>;
+    next: import("@frontmcp/lazy-zod").ZodOptional<import("zod").ZodFunction<import("zod/v4/core").$ZodFunctionArgs, import("zod/v4/core").$ZodFunctionOut>>;
+}, import("zod/v4/core").$strip>;
+declare const stateSchema: import("@frontmcp/lazy-zod").ZodObject<{
+    prefix: import("@frontmcp/lazy-zod").ZodString;
+}, import("zod/v4/core").$strip>;
+declare const outputSchema: import("@frontmcp/lazy-zod").ZodObject<{
+    kind: import("@frontmcp/lazy-zod").ZodLiteral<"text">;
+    status: import("@frontmcp/lazy-zod").ZodNumber;
+    body: import("@frontmcp/lazy-zod").ZodString;
+    contentType: import("@frontmcp/lazy-zod").ZodDefault<import("@frontmcp/lazy-zod").ZodString>;
+    headers: import("@frontmcp/lazy-zod").ZodOptional<import("@frontmcp/lazy-zod").ZodDefault<import("@frontmcp/lazy-zod").ZodRecord<import("@frontmcp/lazy-zod").ZodString, import("@frontmcp/lazy-zod").ZodUnion<readonly [import("@frontmcp/lazy-zod").ZodString, import("@frontmcp/lazy-zod").ZodUnion<readonly [import("@frontmcp/lazy-zod").ZodString, import("@frontmcp/lazy-zod").ZodArray<import("@frontmcp/lazy-zod").ZodString>]>]>>>>;
+    cookies: import("@frontmcp/lazy-zod").ZodOptional<import("@frontmcp/lazy-zod").ZodDefault<import("@frontmcp/lazy-zod").ZodArray<import("@frontmcp/lazy-zod").ZodObject<{
+        name: import("@frontmcp/lazy-zod").ZodString;
+        value: import("@frontmcp/lazy-zod").ZodString;
+        path: import("@frontmcp/lazy-zod").ZodDefault<import("@frontmcp/lazy-zod").ZodString>;
+        domain: import("@frontmcp/lazy-zod").ZodOptional<import("@frontmcp/lazy-zod").ZodString>;
+        httpOnly: import("@frontmcp/lazy-zod").ZodDefault<import("@frontmcp/lazy-zod").ZodBoolean>;
+        secure: import("@frontmcp/lazy-zod").ZodOptional<import("@frontmcp/lazy-zod").ZodBoolean>;
+        sameSite: import("@frontmcp/lazy-zod").ZodOptional<import("@frontmcp/lazy-zod").ZodEnum<{
             strict: "strict";
             lax: "lax";
             none: "none";
         }>>;
-        maxAge: z.ZodOptional<z.ZodNumber>;
-        expires: z.ZodOptional<z.ZodDate>;
-    }, z.core.$strip>>>>;
-}, z.core.$strip>;
+        maxAge: import("@frontmcp/lazy-zod").ZodOptional<import("@frontmcp/lazy-zod").ZodNumber>;
+        expires: import("@frontmcp/lazy-zod").ZodOptional<import("@frontmcp/lazy-zod").ZodDate>;
+    }, import("zod/v4/core").$strip>>>>;
+}, import("zod/v4/core").$strip>;
 declare const plan: {
     readonly pre: ["checkEnabled"];
     readonly execute: ["generateContent"];

package/skill/flows/http/llm-txt.flow.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"llm-txt.flow.d.ts","sourceRoot":"","sources":["../../../../src/skill/flows/http/llm-txt.flow.ts"],"names":[],"mappings":"AAEA;;;GAGG;AAEH,OAAO,EAEL,QAAQ,EAER,cAAc,EAId,UAAU,EACV,aAAa,EAId,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAMxB,QAAA,MAAM,WAAW;;;;iBAAkB,CAAC;AAEpC,QAAA,MAAM,WAAW;;iBAEf,CAAC;AAEH,QAAA,MAAM,YAAY;;;;;;;;;;;;;;;;;;;;;iBAAiB,CAAC;AAEpC,QAAA,MAAM,IAAI;;;CAG2B,CAAC;AAEtC,OAAO,CAAC,MAAM,CAAC;IACb,UAAU,WAAW;QACnB,qBAAqB,EAAE,cAAc,CACnC,UAAU,EACV,OAAO,IAAI,EACX,OAAO,WAAW,EAClB,OAAO,YAAY,EACnB,OAAO,WAAW,CACnB,CAAC;KACH;CACF;AAED,QAAA,MAAM,IAAI,EAAG,qBAA8B,CAAC;AAG5C;;;;;;;;;;;;;;;;;;GAkBG;AAWH,MAAM,CAAC,OAAO,OAAO,UAAW,SAAQ,QAAQ,CAAC,OAAO,IAAI,CAAC;IAC3D,MAAM,2CAAwC;IAE9C;;;OAGG;IACH,MAAM,CAAC,WAAW,CAAC,OAAO,EAAE,aAAa,EAAE,KAAK,EAAE,UAAU,GAAG,OAAO;IAqBhE,YAAY;IAoCZ,eAAe;CAuDtB"}
+{"version":3,"file":"llm-txt.flow.d.ts","sourceRoot":"","sources":["../../../../src/skill/flows/http/llm-txt.flow.ts"],"names":[],"mappings":"AASA,OAAO,EAEL,QAAQ,EAQR,KAAK,cAAc,EACnB,KAAK,UAAU,EACf,KAAK,aAAa,EACnB,MAAM,iBAAiB,CAAC;AAMzB,QAAA,MAAM,WAAW;;;;gCAAkB,CAAC;AAEpC,QAAA,MAAM,WAAW;;gCAEf,CAAC;AAEH,QAAA,MAAM,YAAY;;;;;;;;;;;;;;;;;;;;;gCAAiB,CAAC;AAEpC,QAAA,MAAM,IAAI;;;CAG2B,CAAC;AAEtC,OAAO,CAAC,MAAM,CAAC;IACb,UAAU,WAAW;QACnB,qBAAqB,EAAE,cAAc,CACnC,UAAU,EACV,OAAO,IAAI,EACX,OAAO,WAAW,EAClB,OAAO,YAAY,EACnB,OAAO,WAAW,CACnB,CAAC;KACH;CACF;AAED,QAAA,MAAM,IAAI,EAAG,qBAA8B,CAAC;AAG5C;;;;;;;;;;;;;;;;;;GAkBG;AAWH,MAAM,CAAC,OAAO,OAAO,UAAW,SAAQ,QAAQ,CAAC,OAAO,IAAI,CAAC;IAC3D,MAAM,2CAAwC;IAE9C;;;OAGG;IACH,MAAM,CAAC,WAAW,CAAC,OAAO,EAAE,aAAa,EAAE,KAAK,EAAE,UAAU,GAAG,OAAO;IAqBhE,YAAY;IAoCZ,eAAe;CAuDtB"}