@gavdi/cap-mcp 0.9.0 → 0.9.1

package/lib/config/loader.js

@@ -2,6 +2,8 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.loadConfiguration = loadConfiguration;
 const logger_1 = require("../logger");
+const env_sanitizer_1 = require("./env-sanitizer");
+const json_parser_1 = require("./json-parser");
 /* @ts-ignore */
 const cds = global.cds || require("@sap/cds"); // This is a work around for missing cds context
 const ENV_NPM_PACKAGE_NAME = "npm_package_name";
@@ -10,6 +12,10 @@ const DEFAULT_PROJECT_INFO = {
     name: "cap-mcp-server",
     version: "1.0.0",
 };
+/**
+ * Loads CAP configuration from environment and CDS settings
+ * @returns Complete CAP configuration object with defaults applied
+ */
 function loadConfiguration() {
     const packageInfo = getProjectInfo();
     const cdsEnv = loadCdsEnvConfiguration();
@@ -24,17 +30,15 @@ function loadConfiguration() {
     };
 }
 /**
- * Retrieves the current runtime's project information.
- * This is used to distinguish the MCP server, by associating it with its parent application.
- *
- * In case of an error, the project info will default to plugin defaults.
- * See constants for reference.
+ * Extracts project information from environment variables with fallback to defaults
+ * Uses npm package environment variables to identify the hosting CAP application
+ * @returns Project information object with name and version
  */
 function getProjectInfo() {
     try {
         return {
-            name: process.env[ENV_NPM_PACKAGE_NAME] ?? DEFAULT_PROJECT_INFO.name,
-            version: process.env[ENV_NPM_PACKAGE_VERSION] ?? DEFAULT_PROJECT_INFO.version,
+            name: (0, env_sanitizer_1.getSafeEnvVar)(ENV_NPM_PACKAGE_NAME, DEFAULT_PROJECT_INFO.name),
+            version: (0, env_sanitizer_1.getSafeEnvVar)(ENV_NPM_PACKAGE_VERSION, DEFAULT_PROJECT_INFO.version),
         };
     }
     catch (e) {
@@ -42,17 +46,21 @@ function getProjectInfo() {
         return DEFAULT_PROJECT_INFO;
     }
 }
+/**
+ * Loads CDS environment configuration from cds.env.mcp
+ * @returns CAP configuration object or undefined if not found/invalid
+ */
 function loadCdsEnvConfiguration() {
     const config = cds.env.mcp;
     if (!config)
         return undefined;
     else if (typeof config === "object")
         return config;
-    try {
-        return JSON.parse(config);
-    }
-    catch (_) {
-        logger_1.LOGGER.warn("Could not parse the configuration object from cdsrc");
+    // Use secure JSON parser for string configurations
+    const parsed = (0, json_parser_1.parseCAPConfiguration)(config);
+    if (!parsed) {
+        logger_1.LOGGER.warn((0, json_parser_1.createSafeErrorMessage)("CDS environment configuration"));
         return undefined;
     }
+    return parsed;
 }

package/lib/logger.js

@@ -1,6 +1,14 @@
 "use strict";
+/**
+ * Logger instance for the CDS MCP plugin
+ * Uses CAP's built-in logging system with "cds-mcp" namespace
+ */
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.LOGGER = void 0;
 /* @ts-ignore */
 const cds = global.cds || require("@sap/cds"); // This is a work around for missing cds context
+/**
+ * Shared logger instance for all MCP plugin components
+ * Provides debug, info, warn, and error logging methods
+ */
 exports.LOGGER = cds.log("cds-mcp");

package/lib/mcp/constants.js

@@ -1,6 +1,22 @@
 "use strict";
+/**
+ * Constants used throughout the MCP (Model Context Protocol) implementation
+ * Defines error messages, HTTP headers, and formatting constants
+ */
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.NEW_LINE = exports.MCP_SESSION_HEADER = exports.ERR_MISSING_SERVICE = void 0;
+/**
+ * Standard error message returned when a CAP service cannot be found or accessed
+ * Used in tool execution when the target service is unavailable
+ */
 exports.ERR_MISSING_SERVICE = "Error: Service could not be found";
+/**
+ * HTTP header name used to identify MCP session IDs in requests
+ * Client must include this header with a valid session ID for authenticated requests
+ */
 exports.MCP_SESSION_HEADER = "mcp-session-id";
+/**
+ * Newline character constant used for consistent text formatting
+ * Used in resource descriptions and error message formatting
+ */
 exports.NEW_LINE = "\n";

package/lib/mcp/custom-resource-template.js

@@ -0,0 +1,156 @@
+"use strict";
+/**
+ * Custom URI template implementation that fixes the MCP SDK's broken
+ * URI template matching for grouped query parameters.
+ *
+ * This is duck typing implementation of the ResourceTemplate class.
+ * See @modelcontextprotocol/sdk/server/mcp.js
+ *
+ * This is only a temporary solution, as we should use the official implementation from the SDK
+ * Upon the SDK being fixed, we should switch over to that implementation.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CustomResourceTemplate = exports.CustomUriTemplate = void 0;
+// TODO: Get rid of 'any' typing for better type safety
+/**
+ * Custom URI template class that properly handles grouped query parameters
+ * in the format {?param1,param2,param3}
+ */
+class CustomUriTemplate {
+    template;
+    baseUri = "";
+    queryParams = [];
+    constructor(template) {
+        this.template = template;
+        this.parseTemplate();
+    }
+    toString() {
+        return this.template;
+    }
+    parseTemplate() {
+        // Extract base URI and query parameters from template
+        // Template format: odata://CatalogService/books{?filter,orderby,select,skip,top}
+        const queryTemplateMatch = this.template.match(/^([^{]+)\{\?([^}]+)\}$/);
+        if (!queryTemplateMatch) {
+            // No query parameters, treat as static URI
+            this.baseUri = this.template;
+            this.queryParams = [];
+            return;
+        }
+        this.baseUri = queryTemplateMatch[1];
+        this.queryParams = queryTemplateMatch[2]
+            .split(",")
+            .map((param) => param.trim())
+            .filter((param) => param.length > 0);
+    }
+    /**
+     * Matches a URI against this template and extracts variables
+     * @param uri The URI to match
+     * @returns Object with extracted variables or null if no match
+     */
+    match(uri) {
+        // Check if base URI matches
+        if (!uri.startsWith(this.baseUri)) {
+            return null;
+        }
+        // Extract query string
+        const queryStart = uri.indexOf("?");
+        if (queryStart === -1) {
+            // No query parameters in URI
+            if (this.queryParams.length === 0) {
+                return {}; // Static URI match
+            }
+            // Template expects query params but URI has none - still valid for optional params
+            return {};
+        }
+        const queryString = uri.substring(queryStart + 1);
+        const queryPairs = queryString.split("&");
+        const extractedVars = {};
+        // Parse query parameters with strict validation
+        for (const pair of queryPairs) {
+            const equalIndex = pair.indexOf("=");
+            if (equalIndex > 0) {
+                const key = pair.substring(0, equalIndex);
+                const value = pair.substring(equalIndex + 1);
+                if (key && value !== undefined) {
+                    const decodedKey = decodeURIComponent(key);
+                    const decodedValue = decodeURIComponent(value);
+                    // SECURITY: Reject entire URI if ANY unauthorized parameter is present
+                    if (!this.queryParams.includes(decodedKey)) {
+                        return null; // Unauthorized parameter found - reject entire URI
+                    }
+                    extractedVars[decodedKey] = decodedValue;
+                }
+            }
+            else if (pair.trim().length > 0) {
+                // Handle malformed parameters (missing = or empty key)
+                // SECURITY: Reject malformed query parameters
+                return null;
+            }
+        }
+        // For static templates (no parameters allowed), reject any query string
+        if (this.queryParams.length === 0 && queryString.trim().length > 0) {
+            return null;
+        }
+        return extractedVars;
+    }
+    /**
+     * Expands the template with given variables
+     * @param variables Object containing variable values
+     * @returns Expanded URI string
+     */
+    expand(variables) {
+        if (this.queryParams.length === 0) {
+            return this.baseUri;
+        }
+        const queryPairs = [];
+        for (const param of this.queryParams) {
+            const value = variables[param];
+            if (value !== undefined && value !== null && value !== "") {
+                queryPairs.push(`${encodeURIComponent(param)}=${encodeURIComponent(value)}`);
+            }
+        }
+        if (queryPairs.length === 0) {
+            return this.baseUri;
+        }
+        return `${this.baseUri}?${queryPairs.join("&")}`;
+    }
+    /**
+     * Gets the variable names from the template
+     */
+    get variableNames() {
+        return [...this.queryParams];
+    }
+}
+exports.CustomUriTemplate = CustomUriTemplate;
+/**
+ * Custom ResourceTemplate that uses our CustomUriTemplate for proper URI matching
+ * Duck-types the MCP SDK's ResourceTemplate interface for compatibility
+ */
+class CustomResourceTemplate {
+    _uriTemplate;
+    _callbacks;
+    constructor(uriTemplate, callbacks) {
+        this._callbacks = callbacks;
+        this._uriTemplate = new CustomUriTemplate(uriTemplate);
+    }
+    /**
+     * Gets the URI template pattern - must match MCP SDK interface
+     */
+    get uriTemplate() {
+        return this._uriTemplate;
+    }
+    /**
+     * Gets the list callback, if one was provided
+     */
+    get listCallback() {
+        return this._callbacks.list;
+    }
+    /**
+     * Gets the callback for completing a specific URI template variable
+     */
+    completeCallback(variable) {
+        return this._callbacks.complete?.[variable];
+    }
+}
+exports.CustomResourceTemplate = CustomResourceTemplate;

package/lib/mcp/customResourceTemplate.js

@@ -0,0 +1,156 @@
+"use strict";
+/**
+ * Custom URI template implementation that fixes the MCP SDK's broken
+ * URI template matching for grouped query parameters.
+ *
+ * This is duck typing implementation of the ResourceTemplate class.
+ * See @modelcontextprotocol/sdk/server/mcp.js
+ *
+ * This is only a temporary solution, as we should use the official implementation from the SDK
+ * Upon the SDK being fixed, we should switch over to that implementation.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CustomResourceTemplate = exports.CustomUriTemplate = void 0;
+// TODO: Get rid of 'any' typing
+/**
+ * Custom URI template class that properly handles grouped query parameters
+ * in the format {?param1,param2,param3}
+ */
+class CustomUriTemplate {
+    template;
+    baseUri = "";
+    queryParams = [];
+    constructor(template) {
+        this.template = template;
+        this.parseTemplate();
+    }
+    toString() {
+        return this.template;
+    }
+    parseTemplate() {
+        // Extract base URI and query parameters from template
+        // Template format: odata://CatalogService/books{?filter,orderby,select,skip,top}
+        const queryTemplateMatch = this.template.match(/^([^{]+)\{\?([^}]+)\}$/);
+        if (!queryTemplateMatch) {
+            // No query parameters, treat as static URI
+            this.baseUri = this.template;
+            this.queryParams = [];
+            return;
+        }
+        this.baseUri = queryTemplateMatch[1];
+        this.queryParams = queryTemplateMatch[2]
+            .split(",")
+            .map((param) => param.trim())
+            .filter((param) => param.length > 0);
+    }
+    /**
+     * Matches a URI against this template and extracts variables
+     * @param uri The URI to match
+     * @returns Object with extracted variables or null if no match
+     */
+    match(uri) {
+        // Check if base URI matches
+        if (!uri.startsWith(this.baseUri)) {
+            return null;
+        }
+        // Extract query string
+        const queryStart = uri.indexOf("?");
+        if (queryStart === -1) {
+            // No query parameters in URI
+            if (this.queryParams.length === 0) {
+                return {}; // Static URI match
+            }
+            // Template expects query params but URI has none - still valid for optional params
+            return {};
+        }
+        const queryString = uri.substring(queryStart + 1);
+        const queryPairs = queryString.split("&");
+        const extractedVars = {};
+        // Parse query parameters with strict validation
+        for (const pair of queryPairs) {
+            const equalIndex = pair.indexOf("=");
+            if (equalIndex > 0) {
+                const key = pair.substring(0, equalIndex);
+                const value = pair.substring(equalIndex + 1);
+                if (key && value !== undefined) {
+                    const decodedKey = decodeURIComponent(key);
+                    const decodedValue = decodeURIComponent(value);
+                    // SECURITY: Reject entire URI if ANY unauthorized parameter is present
+                    if (!this.queryParams.includes(decodedKey)) {
+                        return null; // Unauthorized parameter found - reject entire URI
+                    }
+                    extractedVars[decodedKey] = decodedValue;
+                }
+            }
+            else if (pair.trim().length > 0) {
+                // Handle malformed parameters (missing = or empty key)
+                // SECURITY: Reject malformed query parameters
+                return null;
+            }
+        }
+        // For static templates (no parameters allowed), reject any query string
+        if (this.queryParams.length === 0 && queryString.trim().length > 0) {
+            return null;
+        }
+        return extractedVars;
+    }
+    /**
+     * Expands the template with given variables
+     * @param variables Object containing variable values
+     * @returns Expanded URI string
+     */
+    expand(variables) {
+        if (this.queryParams.length === 0) {
+            return this.baseUri;
+        }
+        const queryPairs = [];
+        for (const param of this.queryParams) {
+            const value = variables[param];
+            if (value !== undefined && value !== null && value !== "") {
+                queryPairs.push(`${encodeURIComponent(param)}=${encodeURIComponent(value)}`);
+            }
+        }
+        if (queryPairs.length === 0) {
+            return this.baseUri;
+        }
+        return `${this.baseUri}?${queryPairs.join("&")}`;
+    }
+    /**
+     * Gets the variable names from the template
+     */
+    get variableNames() {
+        return [...this.queryParams];
+    }
+}
+exports.CustomUriTemplate = CustomUriTemplate;
+/**
+ * Custom ResourceTemplate that uses our CustomUriTemplate for proper URI matching
+ * Duck-types the MCP SDK's ResourceTemplate interface for compatibility
+ */
+class CustomResourceTemplate {
+    _uriTemplate;
+    _callbacks;
+    constructor(uriTemplate, callbacks) {
+        this._callbacks = callbacks;
+        this._uriTemplate = new CustomUriTemplate(uriTemplate);
+    }
+    /**
+     * Gets the URI template pattern - must match MCP SDK interface
+     */
+    get uriTemplate() {
+        return this._uriTemplate;
+    }
+    /**
+     * Gets the list callback, if one was provided
+     */
+    get listCallback() {
+        return this._callbacks.list;
+    }
+    /**
+     * Gets the callback for completing a specific URI template variable
+     */
+    completeCallback(variable) {
+        return this._callbacks.complete?.[variable];
+    }
+}
+exports.CustomResourceTemplate = CustomResourceTemplate;

package/lib/mcp/factory.js

@@ -7,6 +7,12 @@ const structures_1 = require("../annotations/structures");
 const tools_1 = require("./tools");
 const resources_1 = require("./resources");
 const prompts_1 = require("./prompts");
+/**
+ * Creates and configures an MCP server instance with the given configuration and annotations
+ * @param config - CAP configuration object
+ * @param annotations - Optional parsed annotations to register with the server
+ * @returns Configured MCP server instance
+ */
 function createMcpServer(config, annotations) {
     logger_1.LOGGER.debug("Creating MCP server instance");
     const server = new mcp_js_1.McpServer({
@@ -14,28 +20,26 @@ function createMcpServer(config, annotations) {
         version: config.version,
         capabilities: config.capabilities,
     });
-    if (!annotations)
+    if (!annotations) {
+        logger_1.LOGGER.debug("No annotations provided, skipping registration...");
         return server;
+    }
     logger_1.LOGGER.debug("Annotations found for server: ", annotations);
-    // TODO: Handle the parsed annotations
-    // TODO: Error handling
-    // TODO: This should only be mapped once, not per each server instance. Maybe this should be pre-packaged on load?
     // TODO: Handle auth
     for (const entry of annotations.values()) {
-        switch (entry.constructor) {
-            case structures_1.McpToolAnnotation:
-                (0, tools_1.assignToolToServer)(entry, server);
-                continue;
-            case structures_1.McpResourceAnnotation:
-                (0, resources_1.assignResourceToServer)(entry, server);
-                continue;
-            case structures_1.McpPromptAnnotation:
-                (0, prompts_1.assignPromptToServer)(entry, server);
-                continue;
-            default:
-                logger_1.LOGGER.warn("Invalid annotation entry - Cannot be parsed by MCP server, skipping...");
-                continue;
+        if (entry instanceof structures_1.McpToolAnnotation) {
+            (0, tools_1.assignToolToServer)(entry, server);
+            continue;
+        }
+        else if (entry instanceof structures_1.McpResourceAnnotation) {
+            (0, resources_1.assignResourceToServer)(entry, server);
+            continue;
+        }
+        else if (entry instanceof structures_1.McpPromptAnnotation) {
+            (0, prompts_1.assignPromptToServer)(entry, server);
+            continue;
         }
+        logger_1.LOGGER.warn("Invalid annotation entry - Cannot be parsed by MCP server, skipping...");
     }
     return server;
 }

package/lib/mcp/prompts.js

@@ -3,8 +3,6 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.assignPromptToServer = assignPromptToServer;
 const logger_1 = require("../logger");
 const utils_1 = require("./utils");
-/* @ts-ignore */
-const cds = global.cds || require("@sap/cds"); // This is a work around for missing cds context
 // NOTE: Not satisfied with below implementation, will need to be revised for full effect
 /*
 annotate CatalogService with @mcp.prompts: [{
@@ -18,6 +16,12 @@ annotate CatalogService with @mcp.prompts: [{
   }]
 }];
  */
+/**
+ * Registers prompt templates from a prompt annotation with the MCP server
+ * Each prompt template supports variable substitution using {{variable}} syntax
+ * @param model - The prompt annotation containing template definitions and inputs
+ * @param server - The MCP server instance to register prompts with
+ */
 function assignPromptToServer(model, server) {
     logger_1.LOGGER.debug("Adding prompt", model);
     for (const prompt of model.prompts) {
@@ -45,6 +49,12 @@ function assignPromptToServer(model, server) {
         });
     }
 }
+/**
+ * Builds Zod schema definitions for prompt input parameters
+ * Converts CDS type strings to appropriate Zod validation schemas
+ * @param inputs - Array of prompt input parameter definitions
+ * @returns Record mapping parameter names to Zod schemas, or undefined if no inputs
+ */
 function constructInputArgs(inputs) {
     // Not happy with using any here, but zod types are hard to figure out....
     if (!inputs || inputs.length <= 0)

package/lib/mcp/resources.js

@@ -1,45 +1,87 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.assignResourceToServer = assignResourceToServer;
-const mcp_js_1 = require("@modelcontextprotocol/sdk/server/mcp.js");
+const custom_resource_template_1 = require("./custom-resource-template");
 const logger_1 = require("../logger");
 const utils_1 = require("./utils");
+const validation_1 = require("./validation");
 // import cds from "@sap/cds";
 /* @ts-ignore */
 const cds = global.cds || require("@sap/cds"); // This is a work around for missing cds context
+/**
+ * Registers a CAP entity as an MCP resource with optional OData query support
+ * Creates either static or dynamic resources based on configured functionalities
+ * @param model - The resource annotation containing entity metadata and query options
+ * @param server - The MCP server instance to register the resource with
+ */
 function assignResourceToServer(model, server) {
     logger_1.LOGGER.debug("Adding resource", model);
     if (model.functionalities.size <= 0) {
         registerStaticResource(model, server);
+        return;
     }
     // Dynamic resource registration
     const detailedDescription = (0, utils_1.writeODataDescriptionForResource)(model);
-    const functionalities = Array.from(model.functionalities).map((el) => `{?${el}}`);
-    // BUG: RFC compliance breaking bug in the MCP SDK library, must wait for fix....
-    const resourceTemplateUri = `odata://${model.serviceName}/${model.name}${functionalities.join("")}`;
-    const template = new mcp_js_1.ResourceTemplate(resourceTemplateUri, {
+    const functionalities = Array.from(model.functionalities);
+    // Using grouped query parameter format to fix MCP SDK URI matching issue
+    // Format: {?param1,param2,param3} instead of {?param1}{?param2}{?param3}
+    const templateParams = functionalities.length > 0 ? `{?${functionalities.join(",")}}` : "";
+    const resourceTemplateUri = `odata://${model.serviceName}/${model.name}${templateParams}`;
+    const template = new custom_resource_template_1.CustomResourceTemplate(resourceTemplateUri, {
         list: undefined,
     });
-    server.registerResource(model.name, template, { title: model.target, description: detailedDescription }, async (uri, queryParameters) => {
+    server.registerResource(model.name, template, // Type assertion to bypass strict type checking - necessary due to broken URI parser in the MCP SDK
+    { title: model.target, description: detailedDescription }, async (uri, variables) => {
+        const queryParameters = variables;
         const service = cds.services[model.serviceName];
-        const query = SELECT.from(model.target).limit(queryParameters.top ? Number(queryParameters.top) : 100, queryParameters.skip ? Number(queryParameters.skip) : undefined);
-        for (const [k, v] of Object.entries(queryParameters)) {
-            switch (k) {
-                case "filter":
-                    const expression = cds.parse.expr(decodeURIComponent(v));
-                    query.where(expression);
-                    continue;
-                case "select":
-                    const decodedSelect = decodeURIComponent(v);
-                    query.columns(decodedSelect.split(","));
-                    continue;
-                case "orderby":
-                    query.orderBy(decodeURIComponent(v));
-                    continue;
-                default:
+        if (!service) {
+            logger_1.LOGGER.error(`Invalid service found for service '${model.serviceName}'`);
+            throw new Error(`Invalid service found for service '${model.serviceName}'`);
+        }
+        // Create validator with entity properties
+        const validator = new validation_1.ODataQueryValidator(model.properties);
+        // Validate and build query with secure parameter handling
+        let query;
+        try {
+            query = SELECT.from(model.target).limit(queryParameters.top
+                ? validator.validateTop(queryParameters.top)
+                : 100, queryParameters.skip
+                ? validator.validateSkip(queryParameters.skip)
+                : undefined);
+            for (const [k, v] of Object.entries(queryParameters)) {
+                if (!v || v.trim().length <= 0)
                     continue;
+                switch (k) {
+                    case "filter":
+                        // BUG: If filter value is e.g. "filter=1234" the value 1234 will go through
+                        const validatedFilter = validator.validateFilter(v);
+                        const expression = cds.parse.expr(validatedFilter);
+                        query.where(expression);
+                        continue;
+                    case "select":
+                        const validatedColumns = validator.validateSelect(v);
+                        query.columns(validatedColumns);
+                        continue;
+                    case "orderby":
+                        const validatedOrderBy = validator.validateOrderBy(v);
+                        query.orderBy(validatedOrderBy);
+                        continue;
+                    default:
+                        continue;
+                }
             }
         }
+        catch (error) {
+            logger_1.LOGGER.warn(`OData query validation failed for ${model.target}:`, error);
+            return {
+                contents: [
+                    {
+                        uri: uri.href,
+                        text: `ERROR: Invalid query parameter - ${error instanceof validation_1.ODataValidationError ? error.message : "Invalid query syntax"}`,
+                    },
+                ],
+            };
+        }
         try {
             const response = await service.run(query);
             return {
@@ -64,11 +106,22 @@ function assignResourceToServer(model, server) {
         }
     });
 }
+/**
+ * Registers a static resource without OData query functionality
+ * Used when no query functionalities are configured for the resource
+ * @param model - The resource annotation with entity metadata
+ * @param server - The MCP server instance to register with
+ */
 function registerStaticResource(model, server) {
-    server.registerResource(model.name, `odata://${model.serviceName}/${model.name}`, { title: model.target, description: model.description }, async (uri, queryParameters) => {
+    server.registerResource(model.name, `odata://${model.serviceName}/${model.name}`, { title: model.target, description: model.description }, async (uri, extra) => {
+        const queryParameters = extra;
         const service = cds.services[model.serviceName];
-        const query = SELECT.from(model.target).limit(queryParameters.top ? Number(queryParameters.top) : 100);
+        // Create validator even for static resources to validate top parameter
+        const validator = new validation_1.ODataQueryValidator(model.properties);
         try {
+            const query = SELECT.from(model.target).limit(queryParameters.top
+                ? validator.validateTop(queryParameters.top)
+                : 100);
             const response = await service.run(query);
             return {
                 contents: [
@@ -79,8 +132,19 @@ function registerStaticResource(model, server) {
                 ],
             };
         }
-        catch (e) {
-            logger_1.LOGGER.error(`Failed to retrieve resource data for ${model.target}`, e);
+        catch (error) {
+            if (error instanceof validation_1.ODataValidationError) {
+                logger_1.LOGGER.warn(`OData validation failed for static resource ${model.target}:`, error);
+                return {
+                    contents: [
+                        {
+                            uri: uri.href,
+                            text: `ERROR: Invalid query parameter - ${error.message}`,
+                        },
+                    ],
+                };
+            }
+            logger_1.LOGGER.error(`Failed to retrieve resource data for ${model.target}`, error);
             return {
                 contents: [
                     {