@frontmcp/skills 0.0.1 → 1.0.0-beta.11

package/catalog/frontmcp-config/references/configure-elicitation.md

@@ -0,0 +1,183 @@
+---
+name: configure-elicitation
+description: Configure interactive user input during tool execution for confirmations, choices, and forms
+---
+
+# Configuring Elicitation
+
+Elicitation allows tools to request interactive input from users mid-execution — confirmations, choices, or structured form data.
+
+## When to Use This Skill
+
+### Must Use
+
+- Tools need user confirmation before destructive actions (delete, deploy, overwrite)
+- Building interactive multi-step workflows that require user decisions mid-execution
+- Tools need structured form input from the user during execution (e.g., parameter selection, file choice)
+
+### Recommended
+
+- Adding a safety gate to tools that modify external systems (databases, APIs, deployments)
+- Implementing approval flows where a tool must get explicit consent before proceeding
+- Multi-instance production deployments where elicitation state must be shared via Redis
+
+### Skip When
+
+- Tools are fully autonomous and never need user input -- elicitation adds overhead when unused
+- The MCP client does not support elicitation -- check client capabilities first (see Notes section)
+- Only need input validation, not mid-execution prompts -- use Zod input schemas on the `@Tool` decorator
+
+> **Decision:** Use this skill when tools need to pause execution and request interactive input from the user; skip if all tools run autonomously without user interaction.
+
+## Enable Elicitation
+
+### Basic (In-Memory)
+
+```typescript
+@FrontMcp({
+  info: { name: 'my-server', version: '1.0.0' },
+  apps: [MyApp],
+  elicitation: {
+    enabled: true,
+  },
+})
+class Server {}
+```
+
+### With Redis (Distributed/Production)
+
+```typescript
+@FrontMcp({
+  info: { name: 'my-server', version: '1.0.0' },
+  apps: [MyApp],
+  elicitation: {
+    enabled: true,
+    redis: { provider: 'redis', host: 'localhost', port: 6379 },
+  },
+})
+class Server {}
+```
+
+## ElicitationOptionsInput
+
+```typescript
+interface ElicitationOptionsInput {
+  enabled?: boolean; // default: false
+  redis?: RedisOptionsInput; // storage for elicitation state
+}
+```
+
+## Using Elicitation in Tools
+
+When elicitation is enabled, tools can request user input via the MCP elicitation protocol:
+
+```typescript
+import { Tool, ToolContext } from '@frontmcp/sdk';
+import { z } from 'zod';
+
+@Tool({
+  name: 'delete_records',
+  description: 'Delete records from the database',
+  inputSchema: {
+    table: z.string(),
+    filter: z.string(),
+  },
+  outputSchema: { deleted: z.number() },
+})
+class DeleteRecordsTool extends ToolContext {
+  async execute(input: { table: string; filter: string }) {
+    // Count records that would be deleted
+    const db = this.get(DB_TOKEN);
+    const count = await db.count(input.table, input.filter);
+
+    // Request confirmation from user before proceeding
+    const confirmation = await this.elicit({
+      message: `This will delete ${count} records from ${input.table}. Are you sure?`,
+      requestedSchema: {
+        type: 'object',
+        properties: {
+          confirmed: { type: 'boolean', description: 'Confirm deletion' },
+        },
+        required: ['confirmed'],
+      },
+    });
+
+    if (!confirmation || !confirmation.confirmed) {
+      return { deleted: 0 };
+    }
+
+    const deleted = await db.delete(input.table, input.filter);
+    return { deleted };
+  }
+}
+```
+
+## How It Works
+
+1. Tool calls `this.elicit()` with a message and requested schema
+2. Server sends an `elicitation/request` to the client
+3. Client displays the request to the user (UI varies by client)
+4. User responds with structured data matching the schema
+5. `this.elicit()` returns the user's response
+6. Tool continues execution with the response
+
+## Notes
+
+- When `enabled: false` (default), `this.elicit()` is not available — keeps resource overhead low
+- When enabled, tool output schemas are automatically extended with elicitation fallback type
+- Use Redis storage for production/multi-instance deployments
+- Not all MCP clients support elicitation — handle gracefully when `this.elicit()` returns `undefined`
+
+## Verification
+
+```bash
+# Enable elicitation and start
+frontmcp dev
+
+# Test with an MCP client that supports elicitation
+# The tool should pause and request user input
+```
+
+## Common Patterns
+
+| Pattern                      | Correct                                                                 | Incorrect                                                        | Why                                                                                                              |
+| ---------------------------- | ----------------------------------------------------------------------- | ---------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------- |
+| Handling unsupported clients | Check `if (!confirmation)` after `this.elicit()` and provide a fallback | Assuming `this.elicit()` always returns a value                  | Not all MCP clients support elicitation; `undefined` is returned when the client cannot handle the request       |
+| Schema for confirmation      | Use `{ confirmed: { type: 'boolean' } }` in `requestedSchema`           | Using a plain string prompt without a schema                     | Structured schemas let the client render proper UI controls (checkboxes, dropdowns) instead of free-text input   |
+| Redis for production         | Set `elicitation: { enabled: true, redis: { provider: 'redis', ... } }` | Using in-memory elicitation state in a multi-instance deployment | In-memory state is per-process; if the response arrives at a different instance, the elicitation context is lost |
+| Enabled flag                 | Explicitly set `elicitation: { enabled: true }`                         | Omitting the `enabled` field and expecting elicitation to work   | Elicitation is disabled by default (`enabled: false`) to minimize resource overhead                              |
+
+## Verification Checklist
+
+### Configuration
+
+- [ ] `elicitation.enabled` is set to `true` in the `@FrontMcp` decorator
+- [ ] For production/multi-instance: `elicitation.redis` is configured with a valid Redis provider
+- [ ] The `requestedSchema` in `this.elicit()` calls uses valid JSON Schema objects
+
+### Runtime
+
+- [ ] Tool execution pauses when `this.elicit()` is called and the client supports elicitation
+- [ ] The user sees a prompt or form matching the requested schema
+- [ ] After the user responds, `this.elicit()` returns the structured data and the tool resumes
+- [ ] When the client does not support elicitation, `this.elicit()` returns `undefined` and the tool handles the fallback gracefully
+
+### Integration
+
+- [ ] MCP client under test advertises elicitation support in its capabilities
+- [ ] Destructive tools have elicitation-based confirmation gates before proceeding
+
+## Troubleshooting
+
+| Problem                                           | Cause                                                                       | Solution                                                                                            |
+| ------------------------------------------------- | --------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------- |
+| `this.elicit is not a function`                   | Elicitation is not enabled in the server configuration                      | Set `elicitation: { enabled: true }` in the `@FrontMcp` decorator                                   |
+| `this.elicit()` returns `undefined` immediately   | The connected MCP client does not support elicitation                       | Check client capabilities; provide a fallback code path for unsupported clients                     |
+| Elicitation works locally but fails in production | In-memory store loses state across multiple server instances                | Configure `elicitation.redis` to share elicitation state via Redis                                  |
+| User sees raw JSON instead of a form              | The MCP client renders the `requestedSchema` as raw data rather than a form | Use standard JSON Schema types (`boolean`, `string`, `enum`) that clients can render as UI controls |
+| Tool hangs indefinitely waiting for user response | No timeout configured and user never responds                               | Implement a timeout or cancellation mechanism in the tool logic to handle non-responsive users      |
+
+## Reference
+
+- [Elicitation Docs](https://docs.agentfront.dev/frontmcp/servers/elicitation)
+- Related skills: `configure-http`, `configure-transport`, `setup-redis`, `create-tool`

package/catalog/frontmcp-config/references/configure-http.md

@@ -0,0 +1,210 @@
+---
+name: configure-http
+description: Configure HTTP server port, CORS policy, unix sockets, and entry path prefix
+---
+
+# Configuring HTTP Options
+
+Configure the HTTP server — port, CORS policy, unix sockets, and entry path prefix.
+
+## When to Use This Skill
+
+### Must Use
+
+- Changing the default HTTP port or binding to a specific network interface
+- Enabling or restricting CORS for a frontend application that calls the MCP server
+- Binding to a unix socket for local daemon or process-manager integrations
+
+### Recommended
+
+- Mounting the MCP server under a URL prefix behind a reverse proxy
+- Setting a dynamic port from an environment variable for container deployments
+- Fine-tuning CORS preflight caching for performance-sensitive frontends
+
+### Skip When
+
+- Using stdio transport only with no HTTP listener -- no HTTP options apply
+- Only need rate limiting or IP filtering without changing HTTP binding -- use `configure-throttle`
+- Need to configure TLS/HTTPS termination -- handle at the reverse proxy or load balancer level, not in FrontMCP
+
+> **Decision:** Use this skill when you need to customize how the HTTP listener binds (port, socket, prefix) or how it handles CORS; skip if the default port 3001 with permissive CORS is sufficient.
+
+## HttpOptionsInput
+
+```typescript
+@FrontMcp({
+  info: { name: 'my-server', version: '1.0.0' },
+  apps: [MyApp],
+  http: {
+    port: 3001, // default: 3001
+    entryPath: '', // default: '' (root)
+    socketPath: undefined, // unix socket path (overrides port)
+    cors: {
+      // default: permissive (all origins)
+      origin: ['https://myapp.com'],
+      credentials: true,
+      maxAge: 86400,
+    },
+  },
+})
+class Server {}
+```
+
+## Port Configuration
+
+```typescript
+// Default: port 3001
+http: {
+  port: 3001;
+}
+
+// Use environment variable
+http: {
+  port: Number(process.env.PORT) || 3001;
+}
+
+// Random port (useful for testing)
+http: {
+  port: 0;
+}
+```
+
+## CORS Configuration
+
+### Permissive (Default)
+
+When `cors` is not specified, the server allows all origins without credentials:
+
+```typescript
+// All origins allowed (default behavior)
+http: {
+}
+```
+
+### Restrict to Specific Origins
+
+```typescript
+http: {
+  cors: {
+    origin: ['https://myapp.com', 'https://staging.myapp.com'],
+    credentials: true,
+    maxAge: 86400,  // Cache preflight for 24 hours
+  },
+}
+```
+
+### Disable CORS Entirely
+
+```typescript
+http: {
+  cors: false,  // No CORS headers at all
+}
+```
+
+### Dynamic Origin
+
+```typescript
+http: {
+  cors: {
+    origin: (origin: string) => {
+      // Allow any *.myapp.com subdomain
+      return origin.endsWith('.myapp.com');
+    },
+    credentials: true,
+  },
+}
+```
+
+### CORS Fields
+
+| Field         | Type                                        | Default      | Description                        |
+| ------------- | ------------------------------------------- | ------------ | ---------------------------------- |
+| `origin`      | `boolean \| string \| string[] \| function` | `true` (all) | Allowed origins                    |
+| `credentials` | `boolean`                                   | `false`      | Allow cookies/auth headers         |
+| `maxAge`      | `number`                                    | —            | Preflight cache duration (seconds) |
+
+## Entry Path Prefix
+
+Mount the MCP server under a URL prefix:
+
+```typescript
+http: {
+  entryPath: '/api/mcp',
+}
+// Server endpoints become: /api/mcp/sse, /api/mcp/, etc.
+```
+
+Useful when running behind a reverse proxy or alongside other services.
+
+## Unix Socket Mode
+
+Bind to a unix socket instead of a TCP port for local-only access:
+
+```typescript
+http: {
+  socketPath: '/tmp/my-mcp-server.sock',
+}
+```
+
+- Mutually exclusive with `port` — if `socketPath` is set, `port` is ignored
+- Use for local daemons, CLI tools, and process manager integrations
+- Combine with `sqlite` for fully local deployments
+
+## Verification
+
+```bash
+# Start with custom port
+PORT=8080 frontmcp dev
+
+# Test CORS
+curl -v -H "Origin: https://myapp.com" http://localhost:8080/
+
+# Test unix socket
+curl --unix-socket /tmp/my-mcp-server.sock http://localhost/
+```
+
+## Common Patterns
+
+| Pattern               | Correct                                                      | Incorrect                                    | Why                                                                                                               |
+| --------------------- | ------------------------------------------------------------ | -------------------------------------------- | ----------------------------------------------------------------------------------------------------------------- |
+| Port from environment | `port: Number(process.env.PORT) \|\| 3001`                   | `port: process.env.PORT`                     | The `port` field expects a number; passing a string causes a silent bind failure                                  |
+| CORS with credentials | `cors: { origin: ['https://myapp.com'], credentials: true }` | `cors: { origin: true, credentials: true }`  | Browsers reject `Access-Control-Allow-Origin: *` when credentials are enabled; you must list explicit origins     |
+| Unix socket mode      | `socketPath: '/tmp/my-mcp.sock'` with no `port` field        | Setting both `socketPath` and `port`         | When `socketPath` is set, `port` is silently ignored which can cause confusion during debugging                   |
+| Entry path prefix     | `entryPath: '/api/mcp'` (no trailing slash)                  | `entryPath: '/api/mcp/'` with trailing slash | Trailing slashes cause double-slash issues in route matching (e.g., `/api/mcp//sse`)                              |
+| Disabling CORS        | `cors: false`                                                | Omitting the `cors` field entirely           | Omitting `cors` applies permissive defaults (all origins allowed); set `false` explicitly to send no CORS headers |
+
+## Verification Checklist
+
+### Configuration
+
+- [ ] `http` block is present in the `@FrontMcp` decorator metadata
+- [ ] Port value is a number (not a string) and falls within a valid range (0-65535)
+- [ ] If `socketPath` is set, `port` is removed or commented out to avoid confusion
+- [ ] `entryPath` does not have a trailing slash
+
+### CORS
+
+- [ ] If `credentials: true`, `origin` lists explicit allowed origins (not `true` or `*`)
+- [ ] `maxAge` is set to a reasonable value for production (e.g., `86400` for 24 hours)
+- [ ] Dynamic origin function handles `undefined` origin (non-browser requests)
+
+### Runtime
+
+- [ ] Server starts and binds to the expected port or socket path
+- [ ] `curl -v -H "Origin: <your-origin>" <url>` returns correct `Access-Control-Allow-Origin`
+- [ ] Preflight `OPTIONS` requests return `204` with expected CORS headers
+
+## Troubleshooting
+
+| Problem                                          | Cause                                                                                      | Solution                                                                                                |
+| ------------------------------------------------ | ------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------- |
+| `EADDRINUSE` on startup                          | Another process is already using the configured port                                       | Change the port, stop the other process, or use `port: 0` for a random available port                   |
+| CORS errors in the browser console               | Origin not included in the `cors.origin` list or `credentials: true` with wildcard origin  | Add the frontend origin to the `origin` array and ensure credentials and origin settings are compatible |
+| Unix socket file not created                     | Missing write permissions on the target directory or stale socket file from a previous run | Check directory permissions and remove the stale `.sock` file before restarting                         |
+| Routes return 404 after setting `entryPath`      | Client is still requesting the root path without the prefix                                | Update client base URL to include the entry path (e.g., `http://localhost:3001/api/mcp`)                |
+| Server binds but external clients cannot connect | Server bound to `localhost` or `127.0.0.1` inside a container                              | Set `host: '0.0.0.0'` or use Docker port mapping to expose the container port                           |
+
+## Reference
+
+- [HTTP Server Docs](https://docs.agentfront.dev/frontmcp/deployment/local-dev-server)
+- Related skills: `configure-throttle`, `configure-transport`, `setup-redis`, `setup-project`

package/catalog/frontmcp-config/references/configure-session.md

@@ -0,0 +1,210 @@
+---
+name: configure-session
+description: Set up session storage with Redis or Vercel KV for persistent user state across requests
+---
+
+# Configure Session Management
+
+This skill covers setting up session storage in FrontMCP. Sessions track authenticated user state, token storage, and request context across MCP interactions.
+
+## When to Use This Skill
+
+### Must Use
+
+- Deploying to production where sessions must survive process restarts (Redis or Vercel KV required)
+- Running multiple server instances behind a load balancer that need shared session state
+- Using Streamable HTTP transport where sessions must persist across reconnects
+
+### Recommended
+
+- Configuring session TTL to match your workload pattern (interactive, agent, CI/CD)
+- Namespacing session keys with a unique `keyPrefix` when sharing a Redis instance across multiple servers
+- Setting up Vercel KV for serverless deployments on the Vercel platform
+
+### Skip When
+
+- Running a single-instance local development server -- the default in-memory store is sufficient
+- Using stdio transport only where session persistence is not needed
+- Need to provision Redis itself rather than configure sessions -- use `setup-redis` first, then return here
+
+> **Decision:** Use this skill to choose and configure a session storage provider (memory, Redis, or Vercel KV) and tune TTL and key prefix settings; use `setup-redis` if Redis is not yet provisioned.
+
+## Storage Providers
+
+| Provider    | Use Case            | Persistence | Package Required |
+| ----------- | ------------------- | ----------- | ---------------- |
+| `memory`    | Development/testing | None        | None (default)   |
+| `redis`     | Node.js production  | Yes         | `ioredis`        |
+| `vercel-kv` | Vercel deployments  | Yes         | `@vercel/kv`     |
+
+Never use the memory store in production. Sessions are lost on process restart, which breaks authentication for all connected clients.
+
+## Redis (Production)
+
+Configure Redis session storage via the `@FrontMcp` decorator:
+
+```typescript
+import { FrontMcp, App } from '@frontmcp/sdk';
+
+@App({ name: 'MyApp' })
+class MyApp {}
+
+@FrontMcp({
+  info: { name: 'my-server', version: '1.0.0' },
+  apps: [MyApp],
+  redis: {
+    provider: 'redis',
+    host: process.env['REDIS_HOST'] ?? 'localhost',
+    port: Number(process.env['REDIS_PORT'] ?? 6379),
+    password: process.env['REDIS_PASSWORD'],
+  },
+})
+class MyServer {}
+```
+
+The SDK internally calls `createSessionStore()` to create a `RedisSessionStore`. The factory lazy-loads `ioredis` so it is not bundled when you use a different provider.
+
+## Vercel KV
+
+For Vercel deployments, use the `vercel-kv` provider. Credentials are read from environment variables set automatically by the Vercel platform:
+
+```typescript
+@FrontMcp({
+  info: { name: 'my-server', version: '1.0.0' },
+  apps: [MyApp],
+  redis: { provider: 'vercel-kv' },
+})
+class MyServer {}
+```
+
+Required environment variables (auto-injected when a KV store is linked to your Vercel project):
+
+| Variable            | Description                    |
+| ------------------- | ------------------------------ |
+| `KV_REST_API_URL`   | Vercel KV REST endpoint        |
+| `KV_REST_API_TOKEN` | Vercel KV authentication token |
+
+## Memory (Development Default)
+
+When no Redis or KV configuration is provided, the SDK falls back to an in-memory store. This is suitable only for development:
+
+```typescript
+@FrontMcp({
+  info: { name: 'my-server', version: '1.0.0' },
+  apps: [MyApp],
+  // No redis config -- defaults to memory
+})
+class MyServer {}
+```
+
+## Key Prefix
+
+All persistent stores support a `keyPrefix` option that namespaces session keys. This is important when multiple FrontMCP servers share the same Redis instance:
+
+```typescript
+@FrontMcp({
+  info: { name: 'billing-server', version: '1.0.0' },
+  apps: [MyApp],
+  redis: {
+    provider: 'redis',
+    host: 'shared-redis.internal',
+    port: 6379,
+    keyPrefix: 'billing-mcp:session:',
+  },
+})
+class BillingServer {}
+```
+
+Use a unique prefix per server to prevent session key collisions.
+
+## TTL Configuration
+
+The `defaultTtlMs` option controls how long sessions live before expiring:
+
+| Scenario                     | Recommended TTL         |
+| ---------------------------- | ----------------------- |
+| Interactive user sessions    | `3_600_000` (1 hour)    |
+| Long-running agent workflows | `86_400_000` (24 hours) |
+| Short-lived CI/CD operations | `600_000` (10 minutes)  |
+
+```typescript
+@FrontMcp({
+  info: { name: 'my-server', version: '1.0.0' },
+  apps: [MyApp],
+  redis: {
+    provider: 'redis',
+    host: 'localhost',
+    port: 6379,
+    defaultTtlMs: 86_400_000, // 24 hours for agent workflows
+  },
+})
+class MyServer {}
+```
+
+## Pub/Sub for Resource Subscriptions
+
+If your server uses resource subscriptions (clients subscribe to resource change notifications), you need a pub/sub channel. Vercel KV does not support pub/sub, so you must use Redis for the pub/sub channel even when using Vercel KV for sessions:
+
+```typescript
+import { createSessionStore, createPubsubStore } from '@frontmcp/sdk/auth/session';
+
+// Sessions in Vercel KV
+const sessionStore = await createSessionStore({
+  provider: 'vercel-kv',
+  url: process.env['KV_REST_API_URL'],
+  token: process.env['KV_REST_API_TOKEN'],
+});
+
+// Pub/sub requires Redis
+const pubsubStore = createPubsubStore({
+  provider: 'redis',
+  host: process.env['REDIS_HOST'] ?? 'localhost',
+  port: 6379,
+});
+```
+
+## Common Patterns
+
+| Pattern                | Correct                                                                                      | Incorrect                                                                     | Why                                                                                                            |
+| ---------------------- | -------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------- |
+| Store construction     | Use `createSessionStore()` factory function                                                  | `new RedisSessionStore(client)` direct construction                           | The factory handles lazy-loading, key prefix normalization, and provider detection automatically               |
+| Vercel KV creation     | `const store = await createSessionStore({ provider: 'vercel-kv' })`                          | `const store = createSessionStore({ provider: 'vercel-kv' })` without `await` | The factory is async for Vercel KV; forgetting `await` uses the store before its connection is ready           |
+| Key prefix per server  | `keyPrefix: 'billing-mcp:session:'` unique per server                                        | Same `keyPrefix` across multiple servers sharing one Redis instance           | Shared prefixes cause session key collisions; one server may read or overwrite another's sessions              |
+| Production storage     | `redis: { provider: 'redis', host: '...' }` or `redis: { provider: 'vercel-kv' }`            | Omitting redis config in production (falls back to memory)                    | Memory sessions vanish on restart; all connected clients must re-authenticate and in-flight workflows are lost |
+| Pub/sub with Vercel KV | Separate `pubsub` config pointing to real Redis alongside `redis: { provider: 'vercel-kv' }` | Expecting Vercel KV to handle pub/sub                                         | Vercel KV does not support pub/sub operations; a real Redis instance is required for resource subscriptions    |
+
+## Verification Checklist
+
+### Configuration
+
+- [ ] `redis` block is present in the `@FrontMcp` decorator with a valid `provider` field (`'redis'` or `'vercel-kv'`)
+- [ ] `keyPrefix` is unique per server when sharing a Redis instance
+- [ ] `defaultTtlMs` matches the workload pattern (1 hour for interactive, 24 hours for agents, 10 minutes for CI/CD)
+
+### Vercel KV
+
+- [ ] `provider: 'vercel-kv'` is set in the `redis` config
+- [ ] `KV_REST_API_URL` and `KV_REST_API_TOKEN` environment variables are present (auto-injected on Vercel)
+- [ ] A separate `pubsub` config pointing to real Redis is provided if resource subscriptions are used
+
+### Runtime
+
+- [ ] Server starts without Redis connection errors in the logs
+- [ ] `redis-cli keys "mcp:session:*"` shows session keys after an MCP request (for Redis provider)
+- [ ] Sessions persist across server restarts (for Redis/Vercel KV providers)
+- [ ] Sessions expire after the configured TTL
+
+## Troubleshooting
+
+| Problem                                | Cause                                                          | Solution                                                                                       |
+| -------------------------------------- | -------------------------------------------------------------- | ---------------------------------------------------------------------------------------------- |
+| Sessions lost after server restart     | Using the default in-memory store in production                | Configure `redis: { provider: 'redis' }` or `redis: { provider: 'vercel-kv' }` for persistence |
+| `ECONNREFUSED` on startup              | Redis is not running or host/port is incorrect                 | Start the Redis container (`docker compose up -d redis`) or verify connection details          |
+| Vercel KV `401 Unauthorized`           | Missing or invalid KV tokens                                   | Check `KV_REST_API_URL` and `KV_REST_API_TOKEN` in the Vercel dashboard and redeploy           |
+| Session key collisions between servers | Multiple servers share the same Redis instance and `keyPrefix` | Set a unique `keyPrefix` per server (e.g., `billing-mcp:session:`, `api-mcp:session:`)         |
+| Pub/sub not working with Vercel KV     | Vercel KV does not support pub/sub operations                  | Add a separate `pubsub` config pointing to a real Redis instance                               |
+
+## Reference
+
+- [Session Storage Docs](https://docs.agentfront.dev/frontmcp/deployment/redis-setup)
+- Related skills: `setup-redis`, `configure-auth`, `configure-transport`, `configure-elicitation`

package/catalog/{config/configure-throttle/references/guard-config.md → frontmcp-config/references/configure-throttle-guard-config.md}

@@ -1,3 +1,8 @@
+---
+name: configure-throttle-guard-config
+description: Complete GuardConfig interface reference for rate limiting, concurrency, and IP filtering
+---
+
 # GuardConfig Full Reference
 
 ## Complete Configuration