@gainable.dev/mcp-server 0.1.4 → 0.1.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/gainableHttpRunner.js +3 -1
- package/dist/index.js +4 -0
- package/package.json +1 -1
|
@@ -28,7 +28,9 @@ export class GainableHttpRunner extends StreamableHttpRunner {
|
|
|
28
28
|
const agent = await db.collection('agents').findOne({ appId: this.baseConfig.appName, uid: agentUid }, { projection: { scopes: 1 } });
|
|
29
29
|
if (!agent?.scopes || agent.scopes.length === 0)
|
|
30
30
|
return undefined;
|
|
31
|
-
|
|
31
|
+
// Normalize scopes: strip app prefix if present (e.g. "my-app_deals" → "deals")
|
|
32
|
+
const appPrefix = `${this.baseConfig.appName}_`;
|
|
33
|
+
return agent.scopes.map((s) => s.startsWith(appPrefix) ? s.slice(appPrefix.length) : s);
|
|
32
34
|
}
|
|
33
35
|
async createServerForRequest({ request, serverOptions, sessionOptions, }) {
|
|
34
36
|
const agentId = extractAgentId(request);
|
package/dist/index.js
CHANGED
|
@@ -23,6 +23,10 @@ const userConfig = UserConfigSchema.parse({
|
|
|
23
23
|
// Weavy manages session IDs externally — accept any session ID without requiring initialize
|
|
24
24
|
// This prevents 404 "session not found" after sidecar restarts
|
|
25
25
|
externallyManagedSessions: true,
|
|
26
|
+
// Auth: validate X-Internal-Key header on every request (returns 403 if invalid)
|
|
27
|
+
httpHeaders: process.env.INTERNAL_API_KEY
|
|
28
|
+
? { 'x-internal-key': process.env.INTERNAL_API_KEY }
|
|
29
|
+
: {},
|
|
26
30
|
disabledTools: [
|
|
27
31
|
'drop-database', 'drop-collection', 'create-collection',
|
|
28
32
|
'list-databases', 'rename-collection', 'drop-index',
|
package/package.json
CHANGED