npm - @frontmcp/skills - Versions diffs - 1.0.3 → 1.1.0-beta.1 - Mend

@frontmcp/skills 1.0.3 → 1.1.0-beta.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (141) hide show

package/catalog/frontmcp-config/examples/configure-deployment-targets/json-schema-ide-support.md ADDED Viewed

@@ -0,0 +1,64 @@
+---
+name: json-schema-ide-support
+reference: configure-deployment-targets
+level: basic
+description: Use frontmcp.config.json with JSON Schema for VS Code and WebStorm autocomplete
+tags: [config, deployment, json, schema, ide, autocomplete]
+features:
+  - Adding $schema field for IDE autocomplete in JSON config files
+  - Configuring multiple deployment targets in JSON format
+  - Using the frontmcp.schema.json for property validation and hover docs
+---
+# JSON Config with IDE Autocomplete
+Use frontmcp.config.json with JSON Schema for VS Code and WebStorm autocomplete
+## Code
+```json
+{
+  "$schema": "./node_modules/@frontmcp/cli/frontmcp.schema.json",
+  "name": "my-server",
+  "version": "1.0.0",
+  "deployments": [
+    {
+      "target": "node",
+      "server": {
+        "http": { "port": 3000 },
+        "headers": {
+          "hsts": "max-age=31536000",
+          "contentTypeOptions": "nosniff",
+          "frameOptions": "DENY"
+        }
+      }
+    },
+    {
+      "target": "distributed",
+      "ha": {
+        "heartbeatIntervalMs": 10000,
+        "heartbeatTtlMs": 30000
+      }
+    }
+  ]
+}
+```
+### Verify
+```bash
+# Build all targets defined in config (no -t flag needed)
+frontmcp build
+# [build] Building 2 target(s) from frontmcp.config: node, distributed
+```
+## What This Demonstrates
+- Adding $schema field for IDE autocomplete in JSON config files
+- Configuring multiple deployment targets in JSON format
+- Using the frontmcp.schema.json for property validation and hover docs
+## Related
+- See `configure-deployment-targets` for the full configuration reference
+- See `multi-target-with-security` for the TypeScript `defineConfig()` approach

package/catalog/frontmcp-config/examples/configure-deployment-targets/multi-target-with-security.md ADDED Viewed

@@ -0,0 +1,113 @@
+---
+name: multi-target-with-security
+reference: configure-deployment-targets
+level: intermediate
+description: Configure a FrontMCP project with node + distributed targets, CSP headers, and HSTS
+tags: [config, deployment, csp, security, distributed, hsts, multi-target]
+features:
+  - Using defineConfig() for typed configuration with IDE autocomplete
+  - Multi-target deployments with per-target server settings
+  - CSP directives including value-less directives like upgrade-insecure-requests
+  - Security headers (HSTS, X-Frame-Options, X-Content-Type-Options)
+  - HA configuration for the distributed target
+---
+# Multi-Target Configuration with Security Headers
+Configure a FrontMCP project with node + distributed targets, CSP headers, and HSTS
+## Code
+```typescript
+// frontmcp.config.ts
+import { defineConfig } from '@frontmcp/cli';
+export default defineConfig({
+  name: 'secure-server',
+  version: '1.0.0',
+  deployments: [
+    // Target 1: Standalone Node.js for development and single-server production
+    {
+      target: 'node',
+      server: {
+        http: { port: 3000 },
+        csp: {
+          enabled: true,
+          directives: [
+            "default-src 'self'",
+            "script-src 'self' https://cdn.example.com",
+            "style-src 'self' 'unsafe-inline'",
+            'img-src * data:',
+            'upgrade-insecure-requests',
+          ].join('; '),
+        },
+        headers: {
+          hsts: 'max-age=31536000; includeSubDomains; preload',
+          contentTypeOptions: 'nosniff',
+          frameOptions: 'SAMEORIGIN',
+        },
+      },
+    },
+    // Target 2: Distributed deployment with HA for Kubernetes
+    {
+      target: 'distributed',
+      ha: {
+        heartbeatIntervalMs: 5000,
+        heartbeatTtlMs: 15000,
+        takeoverGracePeriodMs: 3000,
+      },
+      server: {
+        csp: {
+          enabled: true,
+          directives: "default-src 'self'; upgrade-insecure-requests",
+          reportUri: 'https://report.example.com/csp',
+          reportOnly: false,
+        },
+        headers: {
+          hsts: 'max-age=63072000; includeSubDomains; preload',
+          contentTypeOptions: 'nosniff',
+          frameOptions: 'DENY',
+        },
+      },
+    },
+  ],
+});
+```
+### Build Commands
+```bash
+# Build for standalone Node.js
+frontmcp build --target node
+# Build for distributed deployment
+FRONTMCP_DEPLOYMENT_MODE=distributed frontmcp build --target distributed
+```
+### Verify Security Headers
+```bash
+# Check headers on standalone
+curl -I http://localhost:3000/healthz
+# Expected:
+# Content-Security-Policy: default-src 'self'; script-src 'self' https://cdn.example.com; ...
+# Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
+# X-Content-Type-Options: nosniff
+# X-Frame-Options: SAMEORIGIN
+```
+## What This Demonstrates
+- Using defineConfig() for typed configuration with IDE autocomplete
+- Multi-target deployments with per-target server settings
+- CSP directives including value-less directives like upgrade-insecure-requests
+- Security headers (HSTS, X-Frame-Options, X-Content-Type-Options)
+- HA configuration for the distributed target
+## Related
+- See `configure-deployment-targets` for the full configuration reference
+- See `distributed-ha` for the HA architecture deep dive
+- See `deploy-to-node` for Docker and PM2 deployment

package/catalog/frontmcp-config/examples/configure-elicitation/basic-confirmation-gate.md CHANGED Viewed

@@ -19,8 +19,7 @@ Request user confirmation before executing a destructive action.
 ```typescript
 // src/server.ts
-import { FrontMcp, App, Tool, ToolContext } from '@frontmcp/sdk';
-import { z } from 'zod';
+import { App, FrontMcp, Tool, ToolContext, z } from '@frontmcp/sdk';
 @Tool({
   name: 'delete_records',

package/catalog/frontmcp-config/examples/configure-elicitation/distributed-elicitation-redis.md CHANGED Viewed

@@ -19,8 +19,7 @@ Configure elicitation with Redis storage for multi-instance production deploymen
 ```typescript
 // src/server.ts
-import { FrontMcp, App, Tool, ToolContext } from '@frontmcp/sdk';
-import { z } from 'zod';
+import { App, FrontMcp, Tool, ToolContext, z } from '@frontmcp/sdk';
 @Tool({
   name: 'deploy_service',

package/catalog/frontmcp-config/examples/configure-http/entry-path-reverse-proxy.md CHANGED Viewed

@@ -19,8 +19,7 @@ Mount the MCP server under a URL prefix for reverse proxy or multi-service setup
 ```typescript
 // src/server.ts
-import { FrontMcp, App, Tool, ToolContext } from '@frontmcp/sdk';
-import { z } from 'zod';
+import { App, FrontMcp, Tool, ToolContext, z } from '@frontmcp/sdk';
 @Tool({
   name: 'health_check',

package/catalog/frontmcp-config/examples/configure-http/unix-socket-local.md CHANGED Viewed

@@ -19,8 +19,7 @@ Bind the server to a unix socket instead of a TCP port for local-only communicat
 ```typescript
 // src/server.ts
-import { FrontMcp, App, Tool, ToolContext } from '@frontmcp/sdk';
-import { z } from 'zod';
+import { App, FrontMcp, Tool, ToolContext, z } from '@frontmcp/sdk';
 @Tool({
   name: 'system_status',

package/catalog/frontmcp-config/examples/configure-security-headers/csp-report-only.md ADDED Viewed

@@ -0,0 +1,69 @@
+---
+name: csp-report-only
+reference: configure-security-headers
+level: basic
+description: Test CSP policies in report-only mode to identify violations before enforcement
+tags: [config, csp, security, report-only, headers]
+features:
+  - Enabling CSP in report-only mode with reportUri for violation monitoring
+  - Using the object-format directives in frontmcp.config
+  - Verifying report-only header is emitted instead of enforcement header
+---
+# CSP Report-Only Mode
+Test CSP policies in report-only mode to identify violations before enforcement
+## Code
+```typescript
+// frontmcp.config.ts
+import { defineConfig } from '@frontmcp/cli';
+export default defineConfig({
+  name: 'csp-test-server',
+  deployments: [
+    {
+      target: 'node',
+      server: {
+        csp: {
+          enabled: true,
+          reportOnly: true, // Key: report violations, don't block
+          directives: {
+            'default-src': "'self'",
+            'script-src': "'self'",
+            'style-src': "'self'",
+            'img-src': "'self' data:",
+            'connect-src': "'self'",
+          },
+          reportUri: 'https://report.example.com/csp-violations',
+        },
+      },
+    },
+  ],
+});
+```
+### Verify
+```bash
+frontmcp build --target node && node dist/node/main.js
+# Check which header is emitted
+curl -sI http://localhost:3000/healthz | grep -i content-security-policy
+# Content-Security-Policy-Report-Only: default-src 'self'; script-src 'self'; ...
+# Once violations are resolved, switch to enforcement:
+# reportOnly: false
+```
+## What This Demonstrates
+- Enabling CSP in report-only mode with reportUri for violation monitoring
+- Using the object-format directives in frontmcp.config
+- Verifying report-only header is emitted instead of enforcement header
+## Related
+- See `configure-security-headers` for the full CSP configuration reference
+- See `full-production-headers` for the enforcement version with all security headers

package/catalog/frontmcp-config/examples/configure-security-headers/full-production-headers.md ADDED Viewed

@@ -0,0 +1,91 @@
+---
+name: full-production-headers
+reference: configure-security-headers
+level: intermediate
+description: Complete security headers configuration for production with CSP enforcement, HSTS preload, and clickjacking protection
+tags: [config, csp, security, hsts, production, headers, frame-options]
+features:
+  - Full CSP enforcement with multiple directive types including value-less directives
+  - HSTS with preload and includeSubDomains for HTTPS enforcement
+  - X-Frame-Options DENY for clickjacking protection
+  - Custom headers for additional security controls
+---
+# Full Production Security Headers
+Complete security headers configuration for production with CSP enforcement, HSTS preload, and clickjacking protection
+## Code
+```typescript
+// frontmcp.config.ts
+import { defineConfig } from '@frontmcp/cli';
+export default defineConfig({
+  name: 'production-server',
+  version: '1.0.0',
+  deployments: [
+    {
+      target: 'distributed',
+      ha: {
+        heartbeatIntervalMs: 10000,
+        heartbeatTtlMs: 30000,
+      },
+      server: {
+        http: { port: 3000 },
+        csp: {
+          enabled: true,
+          reportOnly: false, // Enforce (not just report)
+          directives: {
+            'default-src': "'self'",
+            'script-src': "'self' https://cdn.example.com",
+            'style-src': "'self' 'unsafe-inline'",
+            'img-src': '* data: blob:',
+            'font-src': "'self' https://fonts.gstatic.com",
+            'connect-src': "'self' https://api.example.com wss://ws.example.com",
+            'frame-ancestors': "'none'",
+            'base-uri': "'self'",
+            'form-action': "'self'",
+            'upgrade-insecure-requests': '', // Value-less directive
+          },
+          reportUri: 'https://report.example.com/csp',
+        },
+        headers: {
+          hsts: 'max-age=63072000; includeSubDomains; preload',
+          contentTypeOptions: 'nosniff',
+          frameOptions: 'DENY',
+        },
+      },
+    },
+  ],
+});
+```
+### Verify
+```bash
+FRONTMCP_DEPLOYMENT_MODE=distributed frontmcp build --target distributed
+node dist/distributed/main.js
+# Verify all headers
+curl -sI http://localhost:3000/healthz
+# Expected headers:
+# Content-Security-Policy: default-src 'self'; script-src 'self' https://cdn.example.com; ...
+# Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
+# X-Content-Type-Options: nosniff
+# X-Frame-Options: DENY
+```
+## What This Demonstrates
+- Full CSP enforcement with multiple directive types including value-less directives
+- HSTS with preload and includeSubDomains for HTTPS enforcement
+- X-Frame-Options DENY for clickjacking protection
+- Custom headers for additional security controls
+## Related
+- See `configure-security-headers` for the full configuration reference
+- See `csp-report-only` for testing CSP before enforcement
+- See `distributed-ha` for the HA architecture reference

package/catalog/frontmcp-config/examples/configure-throttle/distributed-redis-throttle.md CHANGED Viewed

@@ -19,8 +19,7 @@ Configure Redis-backed rate limiting for multi-instance deployments behind a loa
 ```typescript
 // src/server.ts
-import { FrontMcp, App, Tool, ToolContext } from '@frontmcp/sdk';
-import { z } from 'zod';
+import { App, FrontMcp, Tool, ToolContext, z } from '@frontmcp/sdk';
 @Tool({
   name: 'process_payment',

package/catalog/frontmcp-config/examples/configure-throttle/per-tool-rate-limit.md CHANGED Viewed

@@ -19,8 +19,7 @@ Override server defaults with per-tool rate limits and concurrency caps.
 ```typescript
 // src/server.ts
-import { FrontMcp, App, Tool, ToolContext } from '@frontmcp/sdk';
-import { z } from 'zod';
+import { App, FrontMcp, Tool, ToolContext, z } from '@frontmcp/sdk';
 @Tool({
   name: 'expensive_query',

package/catalog/frontmcp-config/examples/configure-throttle/server-level-rate-limit.md CHANGED Viewed

@@ -20,8 +20,7 @@ Configure global rate limits and IP filtering at the server level.
 ```typescript
 // src/server.ts
-import { FrontMcp, App, Tool, ToolContext } from '@frontmcp/sdk';
-import { z } from 'zod';
+import { App, FrontMcp, Tool, ToolContext, z } from '@frontmcp/sdk';
 @Tool({
   name: 'search',

package/catalog/frontmcp-config/examples/configure-transport/custom-protocol-flags.md CHANGED Viewed

@@ -20,8 +20,7 @@ Override individual protocol flags instead of using a preset for fine-grained co
 ```typescript
 // src/server.ts
-import { FrontMcp, App, Tool, ToolContext } from '@frontmcp/sdk';
-import { z } from 'zod';
+import { App, FrontMcp, Tool, ToolContext, z } from '@frontmcp/sdk';
 @Tool({
   name: 'stream_logs',

package/catalog/frontmcp-config/examples/configure-transport/distributed-sessions-redis.md CHANGED Viewed

@@ -20,8 +20,7 @@ Configure transport with Redis persistence for multi-instance load-balanced depl
 ```typescript
 // src/server.ts
-import { FrontMcp, App, Tool, ToolContext } from '@frontmcp/sdk';
-import { z } from 'zod';
+import { App, FrontMcp, Tool, ToolContext, z } from '@frontmcp/sdk';
 @Tool({
   name: 'get_report',

package/catalog/frontmcp-config/examples/configure-transport/stateless-serverless.md CHANGED Viewed

@@ -19,8 +19,7 @@ Configure stateless transport for Vercel, Lambda, or Cloudflare deployments.
 ```typescript
 // src/server.ts
-import { FrontMcp, App, Tool, ToolContext } from '@frontmcp/sdk';
-import { z } from 'zod';
+import { App, FrontMcp, Tool, ToolContext, z } from '@frontmcp/sdk';
 @Tool({
   name: 'convert_currency',

package/catalog/frontmcp-config/examples/configure-transport-protocol-presets/legacy-preset-nodejs.md CHANGED Viewed

@@ -19,8 +19,7 @@ Use the default legacy preset for maximum compatibility with all MCP clients.
 ```typescript
 // src/server.ts
-import { FrontMcp, App, Tool, ToolContext } from '@frontmcp/sdk';
-import { z } from 'zod';
+import { App, FrontMcp, Tool, ToolContext, z } from '@frontmcp/sdk';
 @Tool({
   name: 'hello',

package/catalog/frontmcp-config/examples/configure-transport-protocol-presets/stateless-api-serverless.md CHANGED Viewed

@@ -19,8 +19,7 @@ Use the stateless-api preset for Vercel, Lambda, or Cloudflare Workers.
 ```typescript
 // src/server.ts
-import { FrontMcp, App, Tool, ToolContext } from '@frontmcp/sdk';
-import { z } from 'zod';
+import { App, FrontMcp, Tool, ToolContext, z } from '@frontmcp/sdk';
 @Tool({
   name: 'translate',