@grackle-ai/mcp 0.32.0 → 0.34.0

package/dist/auth-context.d.ts

@@ -3,6 +3,7 @@
  *
  * - `"api-key"`: Full-access authentication via the global API key.
  * - `"scoped"`: Session-scoped token identifying a specific task/session/persona.
+ * - `"oauth"`: OAuth-authorized client — full tool access (user explicitly approved).
  */
 export type AuthContext = {
     type: "api-key";
@@ -12,5 +13,8 @@ export type AuthContext = {
     projectId: string;
     personaId: string;
     taskSessionId: string;
+} | {
+    type: "oauth";
+    clientId: string;
 };
 //# sourceMappingURL=auth-context.d.ts.map

package/dist/auth-context.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"auth-context.d.ts","sourceRoot":"","sources":["../src/auth-context.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,MAAM,MAAM,WAAW,GACnB;IAAE,IAAI,EAAE,SAAS,CAAA;CAAE,GACnB;IAAE,IAAI,EAAE,QAAQ,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAC;IAAC,aAAa,EAAE,MAAM,CAAA;CAAE,CAAC"}
+{"version":3,"file":"auth-context.d.ts","sourceRoot":"","sources":["../src/auth-context.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AACH,MAAM,MAAM,WAAW,GACnB;IAAE,IAAI,EAAE,SAAS,CAAA;CAAE,GACnB;IAAE,IAAI,EAAE,QAAQ,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAC;IAAC,aAAa,EAAE,MAAM,CAAA;CAAE,GAC/F;IAAE,IAAI,EAAE,OAAO,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,CAAC"}

package/dist/auth-middleware.d.ts

@@ -3,9 +3,10 @@ import type { AuthContext } from "./auth-context.js";
 /**
  * Authenticate an incoming MCP HTTP request.
  *
- * Supports two authentication modes:
+ * Supports three authentication modes:
  * 1. **API key**: A 64-character hex Bearer token compared constant-time against the server API key.
- * 2. **Scoped token**: An HMAC-signed token (contains a `.`) verified against the API key as signing secret.
+ * 2. **OAuth token**: An HMAC-signed token with `typ === "oauth"`, audience-validated against the request.
+ * 3. **Scoped token**: An HMAC-signed token (contains a `.`) verified against the API key as signing secret.
  *
  * @param req - The incoming HTTP request.
  * @param apiKey - The server's API key (used for both direct comparison and as the HMAC signing secret).

package/dist/auth-middleware.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"auth-middleware.d.ts","sourceRoot":"","sources":["../src/auth-middleware.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAMrD;;;;;;;;;;GAUG;AACH,wBAAgB,sBAAsB,CAAC,GAAG,EAAE,IAAI,CAAC,eAAe,EAAE,MAAM,EAAE,MAAM,GAAG,WAAW,GAAG,SAAS,CAyCzG"}
+{"version":3,"file":"auth-middleware.d.ts","sourceRoot":"","sources":["../src/auth-middleware.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAOrD;;;;;;;;;;;GAWG;AACH,wBAAgB,sBAAsB,CAAC,GAAG,EAAE,IAAI,CAAC,eAAe,EAAE,MAAM,EAAE,MAAM,GAAG,WAAW,GAAG,SAAS,CA6DzG"}

package/dist/auth-middleware.js

@@ -1,13 +1,15 @@
 import { timingSafeEqual } from "node:crypto";
+import { verifyOAuthAccessToken } from "./oauth-token.js";
 import { isRevokedTask, verifyScopedToken } from "./scoped-token.js";
 /** Expected length of API key tokens (64 hex characters). */
 const API_KEY_LENGTH = 64;
 /**
  * Authenticate an incoming MCP HTTP request.
  *
- * Supports two authentication modes:
+ * Supports three authentication modes:
  * 1. **API key**: A 64-character hex Bearer token compared constant-time against the server API key.
- * 2. **Scoped token**: An HMAC-signed token (contains a `.`) verified against the API key as signing secret.
+ * 2. **OAuth token**: An HMAC-signed token with `typ === "oauth"`, audience-validated against the request.
+ * 3. **Scoped token**: An HMAC-signed token (contains a `.`) verified against the API key as signing secret.
  *
  * @param req - The incoming HTTP request.
  * @param apiKey - The server's API key (used for both direct comparison and as the HMAC signing secret).
@@ -33,8 +35,27 @@ export function authenticateMcpRequest(req, apiKey) {
         // Fall through — a 64-char token that doesn't match the API key is invalid
         return undefined;
     }
-    // Path 2: Scoped token authentication (contains a dot separator)
+    // Path 2: Token with dot separator — try OAuth first, then scoped
     if (token.includes(".")) {
+        // Try OAuth access token (distinguished by typ === "oauth")
+        const oauthClaims = verifyOAuthAccessToken(token, apiKey);
+        if (oauthClaims) {
+            // Validate audience if present — when non-empty, must match this server's resource URL.
+            // Empty aud is accepted because the client may omit the resource indicator (RFC 8707).
+            // Use the socket's local port (server-controlled) rather than the Host header (client-controlled)
+            // to prevent token replay via Host spoofing.
+            // Normalize trailing slashes since clients may include them (e.g., "http://127.0.0.1:7435/").
+            if (oauthClaims.aud) {
+                const localPort = req.socket.localPort;
+                const expectedAudience = localPort ? `http://127.0.0.1:${localPort}` : undefined;
+                const normalizedAud = oauthClaims.aud.replace(/\/+$/, "");
+                if (!expectedAudience || normalizedAud !== expectedAudience) {
+                    return undefined;
+                }
+            }
+            return { type: "oauth", clientId: oauthClaims.sub };
+        }
+        // Fall through to scoped token
         const claims = verifyScopedToken(token, apiKey);
         if (!claims) {
             return undefined;

package/dist/auth-middleware.js.map

@@ -1 +1 @@
-{"version":3,"file":"auth-middleware.js","sourceRoot":"","sources":["../src/auth-middleware.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAG9C,OAAO,EAAE,aAAa,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAErE,6DAA6D;AAC7D,MAAM,cAAc,GAAW,EAAE,CAAC;AAElC;;;;;;;;;;GAUG;AACH,MAAM,UAAU,sBAAsB,CAAC,GAAyB,EAAE,MAAc;IAC9E,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,IAAI,EAAE,CAAC;IACnD,MAAM,KAAK,GAAG,kBAAkB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IAClD,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;IACvB,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,0DAA0D;IAC1D,IAAI,KAAK,CAAC,MAAM,KAAK,cAAc,IAAI,MAAM,CAAC,MAAM,KAAK,cAAc,EAAE,CAAC;QACxE,MAAM,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC7B,MAAM,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC9B,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM,IAAI,eAAe,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;YACnD,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC;QAC7B,CAAC;QACD,2EAA2E;QAC3E,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,iEAAiE;IACjE,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACxB,MAAM,MAAM,GAAG,iBAAiB,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;QAChD,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,SAAS,CAAC;QACnB,CAAC;QACD,IAAI,aAAa,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;YAC9B,OAAO,SAAS,CAAC;QACnB,CAAC;QACD,OAAO;YACL,IAAI,EAAE,QAAQ;YACd,MAAM,EAAE,MAAM,CAAC,GAAG;YAClB,SAAS,EAAE,MAAM,CAAC,GAAG;YACrB,SAAS,EAAE,MAAM,CAAC,GAAG;YACrB,aAAa,EAAE,MAAM,CAAC,GAAG;SAC1B,CAAC;IACJ,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC"}
+{"version":3,"file":"auth-middleware.js","sourceRoot":"","sources":["../src/auth-middleware.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAG9C,OAAO,EAAE,sBAAsB,EAAE,MAAM,kBAAkB,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAErE,6DAA6D;AAC7D,MAAM,cAAc,GAAW,EAAE,CAAC;AAElC;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,sBAAsB,CAAC,GAAyB,EAAE,MAAc;IAC9E,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,IAAI,EAAE,CAAC;IACnD,MAAM,KAAK,GAAG,kBAAkB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IAClD,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;IACvB,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,0DAA0D;IAC1D,IAAI,KAAK,CAAC,MAAM,KAAK,cAAc,IAAI,MAAM,CAAC,MAAM,KAAK,cAAc,EAAE,CAAC;QACxE,MAAM,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC7B,MAAM,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC9B,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM,IAAI,eAAe,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;YACnD,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC;QAC7B,CAAC;QACD,2EAA2E;QAC3E,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,kEAAkE;IAClE,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACxB,4DAA4D;QAC5D,MAAM,WAAW,GAAG,sBAAsB,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;QAC1D,IAAI,WAAW,EAAE,CAAC;YAChB,wFAAwF;YACxF,uFAAuF;YACvF,kGAAkG;YAClG,6CAA6C;YAC7C,8FAA8F;YAC9F,IAAI,WAAW,CAAC,GAAG,EAAE,CAAC;gBACpB,MAAM,SAAS,GAAG,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC;gBACvC,MAAM,gBAAgB,GAAG,SAAS,CAAC,CAAC,CAAC,oBAAoB,SAAS,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;gBACjF,MAAM,aAAa,GAAG,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;gBAC1D,IAAI,CAAC,gBAAgB,IAAI,aAAa,KAAK,gBAAgB,EAAE,CAAC;oBAC5D,OAAO,SAAS,CAAC;gBACnB,CAAC;YACH,CAAC;YACD,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,WAAW,CAAC,GAAG,EAAE,CAAC;QACtD,CAAC;QAED,+BAA+B;QAC/B,MAAM,MAAM,GAAG,iBAAiB,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;QAChD,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,SAAS,CAAC;QACnB,CAAC;QACD,IAAI,aAAa,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;YAC9B,OAAO,SAAS,CAAC;QACnB,CAAC;QACD,OAAO;YACL,IAAI,EAAE,QAAQ;YACd,MAAM,EAAE,MAAM,CAAC,GAAG;YAClB,SAAS,EAAE,MAAM,CAAC,GAAG;YACrB,SAAS,EAAE,MAAM,CAAC,GAAG;YACrB,aAAa,EAAE,MAAM,CAAC,GAAG;SAC1B,CAAC;IACJ,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC"}

package/dist/index.d.ts

@@ -2,4 +2,12 @@ export { createMcpServer } from "./mcp-server.js";
 export type { McpServerOptions } from "./mcp-server.js";
 export type { AuthContext } from "./auth-context.js";
 export { createScopedToken, revokeTask } from "./scoped-token.js";
+export { verifyScopedToken } from "./scoped-token.js";
+export { createOAuthAccessToken, verifyOAuthAccessToken } from "./oauth-token.js";
+export { OAUTH_ACCESS_TOKEN_TTL_MS, OAUTH_REFRESH_TOKEN_TTL_MS } from "./oauth-token.js";
+export type { OAuthTokenClaims } from "./oauth-token.js";
+export { createToolRegistry } from "./tools/index.js";
+export { ToolRegistry } from "./tool-registry.js";
+export type { ToolDefinition, ToolResult } from "./tool-registry.js";
+export { authenticateMcpRequest } from "./auth-middleware.js";
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAClD,YAAY,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACxD,YAAY,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AACrD,OAAO,EAAE,iBAAiB,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAClD,YAAY,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACxD,YAAY,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AACrD,OAAO,EAAE,iBAAiB,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAClE,OAAO,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AACtD,OAAO,EAAE,sBAAsB,EAAE,sBAAsB,EAAE,MAAM,kBAAkB,CAAC;AAClF,OAAO,EAAE,yBAAyB,EAAE,0BAA0B,EAAE,MAAM,kBAAkB,CAAC;AACzF,YAAY,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACzD,OAAO,EAAE,kBAAkB,EAAE,MAAM,kBAAkB,CAAC;AACtD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,YAAY,EAAE,cAAc,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AACrE,OAAO,EAAE,sBAAsB,EAAE,MAAM,sBAAsB,CAAC"}

package/dist/index.js

@@ -1,3 +1,9 @@
 export { createMcpServer } from "./mcp-server.js";
 export { createScopedToken, revokeTask } from "./scoped-token.js";
+export { verifyScopedToken } from "./scoped-token.js";
+export { createOAuthAccessToken, verifyOAuthAccessToken } from "./oauth-token.js";
+export { OAUTH_ACCESS_TOKEN_TTL_MS, OAUTH_REFRESH_TOKEN_TTL_MS } from "./oauth-token.js";
+export { createToolRegistry } from "./tools/index.js";
+export { ToolRegistry } from "./tool-registry.js";
+export { authenticateMcpRequest } from "./auth-middleware.js";
 //# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAGlD,OAAO,EAAE,iBAAiB,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAGlD,OAAO,EAAE,iBAAiB,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAClE,OAAO,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AACtD,OAAO,EAAE,sBAAsB,EAAE,sBAAsB,EAAE,MAAM,kBAAkB,CAAC;AAClF,OAAO,EAAE,yBAAyB,EAAE,0BAA0B,EAAE,MAAM,kBAAkB,CAAC;AAEzF,OAAO,EAAE,kBAAkB,EAAE,MAAM,kBAAkB,CAAC;AACtD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAElD,OAAO,EAAE,sBAAsB,EAAE,MAAM,sBAAsB,CAAC"}

package/dist/mcp-server.d.ts

@@ -9,6 +9,8 @@ export interface McpServerOptions {
     grpcPort: number;
     /** API key used for authenticating both inbound MCP and outbound gRPC requests. */
     apiKey: string;
+    /** Base URL of the OAuth authorization server (web server). When set, enables OAuth discovery. */
+    authorizationServerUrl?: string;
 }
 /**
  * Create an HTTP server that serves the MCP Streamable HTTP protocol on `/mcp`.

package/dist/mcp-server.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"mcp-server.d.ts","sourceRoot":"","sources":["../src/mcp-server.ts"],"names":[],"mappings":"AAEA,OAAO,IAAI,MAAM,WAAW,CAAC;AAmC7B,0CAA0C;AAC1C,MAAM,WAAW,gBAAgB;IAC/B,8CAA8C;IAC9C,QAAQ,EAAE,MAAM,CAAC;IACjB,4CAA4C;IAC5C,OAAO,EAAE,MAAM,CAAC;IAChB,4DAA4D;IAC5D,QAAQ,EAAE,MAAM,CAAC;IACjB,mFAAmF;IACnF,MAAM,EAAE,MAAM,CAAC;CAChB;AA6FD;;;;;GAKG;AACH,wBAAgB,eAAe,CAAC,OAAO,EAAE,gBAAgB,GAAG,IAAI,CAAC,MAAM,CAgDtE"}
+{"version":3,"file":"mcp-server.d.ts","sourceRoot":"","sources":["../src/mcp-server.ts"],"names":[],"mappings":"AAEA,OAAO,IAAI,MAAM,WAAW,CAAC;AAoC7B,0CAA0C;AAC1C,MAAM,WAAW,gBAAgB;IAC/B,8CAA8C;IAC9C,QAAQ,EAAE,MAAM,CAAC;IACjB,4CAA4C;IAC5C,OAAO,EAAE,MAAM,CAAC;IAChB,4DAA4D;IAC5D,QAAQ,EAAE,MAAM,CAAC;IACjB,mFAAmF;IACnF,MAAM,EAAE,MAAM,CAAC;IACf,kGAAkG;IAClG,sBAAsB,CAAC,EAAE,MAAM,CAAC;CACjC;AAmGD;;;;;GAKG;AACH,wBAAgB,eAAe,CAAC,OAAO,EAAE,gBAAgB,GAAG,IAAI,CAAC,MAAM,CAkEtE"}

package/dist/mcp-server.js

@@ -15,6 +15,7 @@ import { authenticateMcpRequest } from "./auth-middleware.js";
 import { grpcErrorToToolResult } from "./error-handler.js";
 import { pruneRevocations } from "./scoped-token.js";
 import { createToolRegistry } from "./tools/index.js";
+import { resolveToolForAuth, listToolsForAuth } from "./tool-scoping.js";
 /** Read the package version from package.json at module load time. */
 const PACKAGE_VERSION = JSON.parse(readFileSync(join(dirname(fileURLToPath(import.meta.url)), "..", "package.json"), "utf8")).version;
 const logger = pino({
@@ -42,7 +43,7 @@ function createMcpServerInstance(grpcClient, authContext) {
     const registry = createToolRegistry();
     const server = new Server({ name: "grackle-mcp", version: PACKAGE_VERSION }, { capabilities: { tools: {} } });
     server.setRequestHandler(ListToolsRequestSchema, async () => {
-        const tools = registry.list();
+        const tools = listToolsForAuth(registry, authContext);
         return {
             tools: tools.map((t) => ({
                 name: t.name,
@@ -54,15 +55,20 @@ function createMcpServerInstance(grpcClient, authContext) {
     });
     server.setRequestHandler(CallToolRequestSchema, async (request) => {
         const { name, arguments: args } = request.params;
-        const tool = registry.get(name);
+        const tool = resolveToolForAuth(registry, name, authContext);
         if (!tool) {
             return {
                 content: [{ type: "text", text: `Unknown tool: ${name}` }],
                 isError: true,
             };
         }
+        // Inject projectId from scoped token so callers don't need to provide it
+        const rawArgs = (args ?? {});
+        if (authContext.type === "scoped") {
+            rawArgs.projectId = authContext.projectId;
+        }
         // Validate inputs against Zod schema
-        const parsed = tool.inputSchema.safeParse(args ?? {});
+        const parsed = tool.inputSchema.safeParse(rawArgs);
         if (!parsed.success) {
             const issues = parsed.error.issues.map((i) => `${i.path.join(".")}: ${i.message}`);
             logger.warn({ tool: name, issues }, "Input validation failed: %s", name);
@@ -77,7 +83,7 @@ function createMcpServerInstance(grpcClient, authContext) {
             };
         }
         try {
-            logger.info({ tool: name }, "Executing MCP tool: %s", name);
+            logger.info({ tool: name, resolved: tool.name }, "Executing MCP tool: %s", name);
             const result = await tool.handler(parsed.data, grpcClient, authContext);
             return result;
         }
@@ -106,7 +112,7 @@ const REVOCATION_PRUNE_INTERVAL_MS = 60 * 60 * 1000;
  * and Server instance, tracked by session ID.
  */
 export function createMcpServer(options) {
-    const { bindHost, grpcPort, apiKey } = options;
+    const { bindHost, grpcPort, apiKey, authorizationServerUrl } = options;
     const grpcClient = createGrpcClient(bindHost, grpcPort, apiKey);
     /** Map of active session transports, keyed by session ID. */
     const transports = new Map();
@@ -118,6 +124,17 @@ export function createMcpServer(options) {
     // eslint-disable-next-line @typescript-eslint/no-misused-promises
     const httpServer = http.createServer(async (req, res) => {
         const url = new URL(req.url || "/", `http://${req.headers.host || "localhost"}`);
+        // Derive resource URL from request Host header (dialable by the client)
+        const requestResourceUrl = `http://${req.headers.host || url.host}`;
+        // OAuth Protected Resource Metadata (RFC 9728) — no auth required
+        if (authorizationServerUrl && url.pathname === "/.well-known/oauth-protected-resource/mcp") {
+            res.writeHead(200, { "Content-Type": "application/json" });
+            res.end(JSON.stringify({
+                resource: requestResourceUrl,
+                authorization_servers: [authorizationServerUrl],
+            }));
+            return;
+        }
         // Only serve the /mcp endpoint
         if (url.pathname !== "/mcp") {
             res.writeHead(404, { "Content-Type": "application/json" });
@@ -127,7 +144,12 @@ export function createMcpServer(options) {
         // Auth check on every request
         const authContext = authenticateMcpRequest(req, apiKey);
         if (!authContext) {
-            res.writeHead(401, { "Content-Type": "application/json" });
+            const headers = { "Content-Type": "application/json" };
+            if (authorizationServerUrl) {
+                headers["WWW-Authenticate"] =
+                    `Bearer resource_metadata="${requestResourceUrl}/.well-known/oauth-protected-resource/mcp"`;
+            }
+            res.writeHead(401, headers);
             res.end(JSON.stringify({ error: "Unauthorized" }));
             return;
         }

package/dist/mcp-server.js.map

@@ -1 +1 @@
-{"version":3,"file":"mcp-server.js","sourceRoot":"","sources":["../src/mcp-server.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,YAAY,EAAe,MAAM,qBAAqB,CAAC;AAChE,OAAO,EAAE,mBAAmB,EAAE,MAAM,0BAA0B,CAAC;AAC/D,OAAO,EAAE,OAAO,EAAE,MAAM,oBAAoB,CAAC;AAC7C,OAAO,EAAE,MAAM,EAAE,MAAM,2CAA2C,CAAC;AACnE,OAAO,EAAE,6BAA6B,EAAE,MAAM,oDAAoD,CAAC;AACnG,OAAO,EACL,sBAAsB,EACtB,qBAAqB,EACrB,mBAAmB,GAEpB,MAAM,oCAAoC,CAAC;AAC5C,OAAO,IAAqB,MAAM,MAAM,CAAC;AACzC,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AAErD,OAAO,EAAE,sBAAsB,EAAE,MAAM,sBAAsB,CAAC;AAC9D,OAAO,EAAE,qBAAqB,EAAE,MAAM,oBAAoB,CAAC;AAC3D,OAAO,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AACrD,OAAO,EAAE,kBAAkB,EAAE,MAAM,kBAAkB,CAAC;AAEtD,sEAAsE;AACtE,MAAM,eAAe,GAAY,IAAI,CAAC,KAAK,CACzC,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,EAAE,cAAc,CAAC,EAAE,MAAM,CAAC,CAClE,CAAC,OAAO,CAAC;AAElC,MAAM,MAAM,GAAW,IAAI,CAAC;IAC1B,IAAI,EAAE,aAAa;IACnB,KAAK,EAAE,OAAO,CAAC,GAAG,CAAC,SAAS,IAAI,MAAM;IACtC,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY;QAC9C,CAAC,CAAC,EAAE,MAAM,EAAE,WAAW,EAAE,OAAO,EAAE,EAAE,WAAW,EAAE,CAAC,EAAE,EAAE;QACtD,CAAC,CAAC,SAAS;CACd,CAAC,CAAC;AAcH,iFAAiF;AACjF,SAAS,gBAAgB,CAAC,QAAgB,EAAE,QAAgB,EAAE,MAAc;IAC1E,MAAM,SAAS,GAAG,mBAAmB,CAAC;QACpC,OAAO,EAAE,UAAU,QAAQ,IAAI,QAAQ,EAAE;QACzC,YAAY,EAAE;YACZ,CAAC,IAAI,EAAE,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE;gBACtB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,eAAe,EAAE,UAAU,MAAM,EAAE,CAAC,CAAC;gBACpD,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC;YACnB,CAAC;SACF;KACF,CAAC,CAAC;IACH,OAAO,YAAY,CAAC,OAAO,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;AAClD,CAAC;AAED,iGAAiG;AACjG,SAAS,uBAAuB,CAAC,UAA0C,EAAE,WAAwB;IACnG,MAAM,QAAQ,GAAG,kBAAkB,EAAE,CAAC;IAEtC,MAAM,MAAM,GAAG,IAAI,MAAM,CACvB,EAAE,IAAI,EAAE,aAAa,EAAE,OAAO,EAAE,eAAe,EAAE,EACjD,EAAE,YAAY,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE,CAChC,CAAC;IAEF,MAAM,CAAC,iBAAiB,CAAC,sBAAsB,EAAE,KAAK,IAAI,EAAE;QAC1D,MAAM,KAAK,GAAG,QAAQ,CAAC,IAAI,EAAE,CAAC;QAC9B,OAAO;YACL,KAAK,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gBACvB,IAAI,EAAE,CAAC,CAAC,IAAI;gBACZ,WAAW,EAAE,CAAC,CAAC,WAAW;gBAC1B,WAAW,EAAE,eAAe,CAAC,CAAC,CAAC,WAAW,EAAE,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC;gBACtE,WAAW,EAAE,CAAC,CAAC,WAAW;aAC3B,CAAC,CAAC;SACJ,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,MAAM,CAAC,iBAAiB,CAAC,qBAAqB,EAAE,KAAK,EAAE,OAAO,EAA2B,EAAE;QACzF,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC;QACjD,MAAM,IAAI,GAAG,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAChC,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO;gBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,iBAAiB,IAAI,EAAE,EAAE,CAAC;gBAC1D,OAAO,EAAE,IAAI;aACd,CAAC;QACJ,CAAC;QAED,qCAAqC;QACrC,MAAM,MAAM,GAAG,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC;QACtD,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACpB,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CACpC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAC3C,CAAC;YACF,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,6BAA6B,EAAE,IAAI,CAAC,CAAC;YACzE,OAAO;gBACL,OAAO,EAAE;oBACP;wBACE,IAAI,EAAE,MAAM;wBACZ,IAAI,EAAE,IAAI,CAAC,SAAS,CAClB,EAAE,KAAK,EAAE,mBAAmB,EAAE,IAAI,EAAE,kBAAkB,EAAE,MAAM,EAAE,EAChE,IAAI,EACJ,CAAC,CACF;qBACF;iBACF;gBACD,OAAO,EAAE,IAAI;aACd,CAAC;QACJ,CAAC;QAED,IAAI,CAAC;YACH,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,wBAAwB,EAAE,IAAI,CAAC,CAAC;YAC5D,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,IAA+B,EAAE,UAAU,EAAE,WAAW,CAAC,CAAC;YACnG,OAAO,MAAwB,CAAC;QAClC,CAAC;QAAC,OAAO,KAAc,EAAE,CAAC;YACxB,MAAM,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,EAAE,2BAA2B,EAAE,IAAI,CAAC,CAAC;YAC5E,IAAI,CAAC;gBACH,OAAO,qBAAqB,CAAC,KAAK,CAAmB,CAAC;YACxD,CAAC;YAAC,MAAM,CAAC;gBACP,MAAM,YAAY,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;gBAC5E,OAAO;oBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,YAAY,EAAE,EAAE,CAAC;oBAC3D,OAAO,EAAE,IAAI;iBACd,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,8DAA8D;AAC9D,MAAM,4BAA4B,GAAW,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AAE5D;;;;;GAKG;AACH,MAAM,UAAU,eAAe,CAAC,OAAyB;IACvD,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC;IAC/C,MAAM,UAAU,GAAG,gBAAgB,CAAC,QAAQ,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;IAEhE,6DAA6D;IAC7D,MAAM,UAAU,GAA+C,IAAI,GAAG,EAAE,CAAC;IAEzE,+DAA+D;IAC/D,MAAM,YAAY,GAA6B,IAAI,GAAG,EAAE,CAAC;IAEzD,8CAA8C;IAC9C,MAAM,aAAa,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC,gBAAgB,EAAE,EAAE,4BAA4B,CAAC,CAAC;IAC1F,aAAa,CAAC,KAAK,EAAE,CAAC;IAEtB,kEAAkE;IAClE,MAAM,UAAU,GAAG,IAAI,CAAC,YAAY,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;QACtD,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,IAAI,GAAG,EAAE,UAAU,GAAG,CAAC,OAAO,CAAC,IAAI,IAAI,WAAW,EAAE,CAAC,CAAC;QAEjF,+BAA+B;QAC/B,IAAI,GAAG,CAAC,QAAQ,KAAK,MAAM,EAAE,CAAC;YAC5B,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;YAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC;YAChD,OAAO;QACT,CAAC;QAED,8BAA8B;QAC9B,MAAM,WAAW,GAAG,sBAAsB,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;QACxD,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;YAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,CAAC,CAAC,CAAC;YACnD,OAAO;QACT,CAAC;QAED,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,EAAE,WAAW,EAAE,CAAC;QAEzC,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;YACtB,MAAM,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,UAAU,EAAE,UAAU,EAAE,YAAY,EAAE,WAAW,CAAC,CAAC;QAChF,CAAC;aAAM,IAAI,MAAM,KAAK,KAAK,EAAE,CAAC;YAC5B,MAAM,SAAS,CAAC,GAAG,EAAE,GAAG,EAAE,UAAU,CAAC,CAAC;QACxC,CAAC;aAAM,IAAI,MAAM,KAAK,QAAQ,EAAE,CAAC;YAC/B,MAAM,YAAY,CAAC,GAAG,EAAE,GAAG,EAAE,UAAU,EAAE,YAAY,CAAC,CAAC;QACzD,CAAC;aAAM,CAAC;YACN,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;YAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC,CAAC,CAAC;QAC3D,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,OAAO,UAAU,CAAC;AACpB,CAAC;AAED,iDAAiD;AACjD,MAAM,aAAa,GAAW,SAAS,CAAC;AAExC,qFAAqF;AACrF,KAAK,UAAU,SAAS,CAAC,GAAyB;IAChD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,MAAM,GAAa,EAAE,CAAC;QAC5B,IAAI,SAAS,GAAW,CAAC,CAAC;QAC1B,GAAG,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YAC/B,SAAS,IAAI,KAAK,CAAC,MAAM,CAAC;YAC1B,IAAI,SAAS,GAAG,aAAa,EAAE,CAAC;gBAC9B,GAAG,CAAC,OAAO,EAAE,CAAC;gBACd,MAAM,CAAC,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC,CAAC;gBAC5C,OAAO;YACT,CAAC;YACD,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACrB,CAAC,CAAC,CAAC;QACH,GAAG,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE;YACjB,IAAI,CAAC;gBACH,MAAM,IAAI,GAAY,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;gBACzE,OAAO,CAAC,IAAI,CAAC,CAAC;YAChB,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,CAAC,GAAG,CAAC,CAAC;YACd,CAAC;QACH,CAAC,CAAC,CAAC;QACH,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAC1B,CAAC,CAAC,CAAC;AACL,CAAC;AAED,mEAAmE;AACnE,KAAK,UAAU,UAAU,CACvB,GAAyB,EACzB,GAAwB,EACxB,UAA0C,EAC1C,UAAsD,EACtD,YAAsC,EACtC,WAAwB;IAExB,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,SAAS,CAAC,GAAG,CAAC,CAAC;QAClC,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAAuB,CAAC;QAEtE,IAAI,SAAS,IAAI,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;YAC3C,0EAA0E;YAC1E,MAAM,WAAW,GAAG,YAAY,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;YAChD,IAAI,WAAW,IAAI,WAAW,CAAC,IAAI,KAAK,WAAW,CAAC,IAAI,EAAE,CAAC;gBACzD,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;gBAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,mCAAmC,EAAE,CAAC,CAAC,CAAC;gBACxE,OAAO;YACT,CAAC;YAED,4CAA4C;YAC5C,MAAM,SAAS,GAAG,UAAU,CAAC,GAAG,CAAC,SAAS,CAAE,CAAC;YAC7C,MAAM,SAAS,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;YAC9C,OAAO;QACT,CAAC;QAED,IAAI,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,SAAS,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC;YAC5E,uDAAuD;YACvD,MAAM,SAAS,GAAG,IAAI,6BAA6B,CAAC;gBAClD,kBAAkB,EAAE,GAAG,EAAE,CAAC,UAAU,EAAE;gBACtC,oBAAoB,EAAE,CAAC,GAAW,EAAE,EAAE;oBACpC,MAAM,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,GAAG,EAAE,EAAE,yBAAyB,CAAC,CAAC;oBAC3D,UAAU,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;oBAC/B,YAAY,CAAC,GAAG,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;gBACrC,CAAC;aACF,CAAC,CAAC;YAEH,SAAS,CAAC,OAAO,GAAG,GAAG,EAAE;gBACvB,MAAM,GAAG,GAAG,SAAS,CAAC,SAAS,CAAC;gBAChC,IAAI,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;oBAC/B,MAAM,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,GAAG,EAAE,EAAE,oBAAoB,CAAC,CAAC;oBACtD,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;oBACvB,YAAY,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;gBAC3B,CAAC;YACH,CAAC,CAAC;YAEF,MAAM,SAAS,GAAG,uBAAuB,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;YACnE,MAAM,SAAS,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;YACnC,MAAM,SAAS,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;YAC9C,OAAO;QACT,CAAC;QAED,sDAAsD;QACtD,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;QAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC;YACrB,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,2CAA2C,EAAE;YAC7E,EAAE,EAAE,IAAI;SACT,CAAC,CAAC,CAAC;IACN,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,KAAK,EAAE,EAAE,iCAAiC,CAAC,CAAC;QAChE,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;YACrB,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;YAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC;gBACrB,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,uBAAuB,EAAE;gBACzD,EAAE,EAAE,IAAI;aACT,CAAC,CAAC,CAAC;QACN,CAAC;IACH,CAAC;AACH,CAAC;AAED,+EAA+E;AAC/E,KAAK,UAAU,SAAS,CACtB,GAAyB,EACzB,GAAwB,EACxB,UAAsD;IAEtD,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAAuB,CAAC;IACtE,IAAI,CAAC,SAAS,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;QAC7C,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;QAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,+BAA+B,EAAE,CAAC,CAAC,CAAC;QACpE,OAAO;IACT,CAAC;IAED,MAAM,SAAS,GAAG,UAAU,CAAC,GAAG,CAAC,SAAS,CAAE,CAAC;IAC7C,MAAM,SAAS,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;AAC1C,CAAC;AAED,4DAA4D;AAC5D,KAAK,UAAU,YAAY,CACzB,GAAyB,EACzB,GAAwB,EACxB,UAAsD,EACtD,YAAsC;IAEtC,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAAuB,CAAC;IACtE,IAAI,CAAC,SAAS,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;QAC7C,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;QAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,+BAA+B,EAAE,CAAC,CAAC,CAAC;QACpE,OAAO;IACT,CAAC;IAED,MAAM,SAAS,GAAG,UAAU,CAAC,GAAG,CAAC,SAAS,CAAE,CAAC;IAC7C,IAAI,CAAC;QACH,MAAM,SAAS,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QACxC,YAAY,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACjC,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,KAAK,EAAE,EAAE,oCAAoC,CAAC,CAAC;QACnE,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;YACrB,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;YAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,sCAAsC,EAAE,CAAC,CAAC,CAAC;QAC7E,CAAC;IACH,CAAC;AACH,CAAC"}
+{"version":3,"file":"mcp-server.js","sourceRoot":"","sources":["../src/mcp-server.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,YAAY,EAAe,MAAM,qBAAqB,CAAC;AAChE,OAAO,EAAE,mBAAmB,EAAE,MAAM,0BAA0B,CAAC;AAC/D,OAAO,EAAE,OAAO,EAAE,MAAM,oBAAoB,CAAC;AAC7C,OAAO,EAAE,MAAM,EAAE,MAAM,2CAA2C,CAAC;AACnE,OAAO,EAAE,6BAA6B,EAAE,MAAM,oDAAoD,CAAC;AACnG,OAAO,EACL,sBAAsB,EACtB,qBAAqB,EACrB,mBAAmB,GAEpB,MAAM,oCAAoC,CAAC;AAC5C,OAAO,IAAqB,MAAM,MAAM,CAAC;AACzC,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AAErD,OAAO,EAAE,sBAAsB,EAAE,MAAM,sBAAsB,CAAC;AAC9D,OAAO,EAAE,qBAAqB,EAAE,MAAM,oBAAoB,CAAC;AAC3D,OAAO,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AACrD,OAAO,EAAE,kBAAkB,EAAE,MAAM,kBAAkB,CAAC;AACtD,OAAO,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AAEzE,sEAAsE;AACtE,MAAM,eAAe,GAAY,IAAI,CAAC,KAAK,CACzC,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,EAAE,cAAc,CAAC,EAAE,MAAM,CAAC,CAClE,CAAC,OAAO,CAAC;AAElC,MAAM,MAAM,GAAW,IAAI,CAAC;IAC1B,IAAI,EAAE,aAAa;IACnB,KAAK,EAAE,OAAO,CAAC,GAAG,CAAC,SAAS,IAAI,MAAM;IACtC,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY;QAC9C,CAAC,CAAC,EAAE,MAAM,EAAE,WAAW,EAAE,OAAO,EAAE,EAAE,WAAW,EAAE,CAAC,EAAE,EAAE;QACtD,CAAC,CAAC,SAAS;CACd,CAAC,CAAC;AAgBH,iFAAiF;AACjF,SAAS,gBAAgB,CAAC,QAAgB,EAAE,QAAgB,EAAE,MAAc;IAC1E,MAAM,SAAS,GAAG,mBAAmB,CAAC;QACpC,OAAO,EAAE,UAAU,QAAQ,IAAI,QAAQ,EAAE;QACzC,YAAY,EAAE;YACZ,CAAC,IAAI,EAAE,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE;gBACtB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,eAAe,EAAE,UAAU,MAAM,EAAE,CAAC,CAAC;gBACpD,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC;YACnB,CAAC;SACF;KACF,CAAC,CAAC;IACH,OAAO,YAAY,CAAC,OAAO,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;AAClD,CAAC;AAED,iGAAiG;AACjG,SAAS,uBAAuB,CAAC,UAA0C,EAAE,WAAwB;IACnG,MAAM,QAAQ,GAAG,kBAAkB,EAAE,CAAC;IAEtC,MAAM,MAAM,GAAG,IAAI,MAAM,CACvB,EAAE,IAAI,EAAE,aAAa,EAAE,OAAO,EAAE,eAAe,EAAE,EACjD,EAAE,YAAY,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE,CAChC,CAAC;IAEF,MAAM,CAAC,iBAAiB,CAAC,sBAAsB,EAAE,KAAK,IAAI,EAAE;QAC1D,MAAM,KAAK,GAAG,gBAAgB,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;QACtD,OAAO;YACL,KAAK,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gBACvB,IAAI,EAAE,CAAC,CAAC,IAAI;gBACZ,WAAW,EAAE,CAAC,CAAC,WAAW;gBAC1B,WAAW,EAAE,eAAe,CAAC,CAAC,CAAC,WAAW,EAAE,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC;gBACtE,WAAW,EAAE,CAAC,CAAC,WAAW;aAC3B,CAAC,CAAC;SACJ,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,MAAM,CAAC,iBAAiB,CAAC,qBAAqB,EAAE,KAAK,EAAE,OAAO,EAA2B,EAAE;QACzF,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC;QACjD,MAAM,IAAI,GAAG,kBAAkB,CAAC,QAAQ,EAAE,IAAI,EAAE,WAAW,CAAC,CAAC;QAC7D,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO;gBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,iBAAiB,IAAI,EAAE,EAAE,CAAC;gBAC1D,OAAO,EAAE,IAAI;aACd,CAAC;QACJ,CAAC;QAED,yEAAyE;QACzE,MAAM,OAAO,GAAG,CAAC,IAAI,IAAI,EAAE,CAA4B,CAAC;QACxD,IAAI,WAAW,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YAClC,OAAO,CAAC,SAAS,GAAG,WAAW,CAAC,SAAS,CAAC;QAC5C,CAAC;QAED,qCAAqC;QACrC,MAAM,MAAM,GAAG,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QACnD,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACpB,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CACpC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAC3C,CAAC;YACF,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,6BAA6B,EAAE,IAAI,CAAC,CAAC;YACzE,OAAO;gBACL,OAAO,EAAE;oBACP;wBACE,IAAI,EAAE,MAAM;wBACZ,IAAI,EAAE,IAAI,CAAC,SAAS,CAClB,EAAE,KAAK,EAAE,mBAAmB,EAAE,IAAI,EAAE,kBAAkB,EAAE,MAAM,EAAE,EAChE,IAAI,EACJ,CAAC,CACF;qBACF;iBACF;gBACD,OAAO,EAAE,IAAI;aACd,CAAC;QACJ,CAAC;QAED,IAAI,CAAC;YACH,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE,EAAE,wBAAwB,EAAE,IAAI,CAAC,CAAC;YACjF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,IAA+B,EAAE,UAAU,EAAE,WAAW,CAAC,CAAC;YACnG,OAAO,MAAwB,CAAC;QAClC,CAAC;QAAC,OAAO,KAAc,EAAE,CAAC;YACxB,MAAM,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,EAAE,2BAA2B,EAAE,IAAI,CAAC,CAAC;YAC5E,IAAI,CAAC;gBACH,OAAO,qBAAqB,CAAC,KAAK,CAAmB,CAAC;YACxD,CAAC;YAAC,MAAM,CAAC;gBACP,MAAM,YAAY,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;gBAC5E,OAAO;oBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,YAAY,EAAE,EAAE,CAAC;oBAC3D,OAAO,EAAE,IAAI;iBACd,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,8DAA8D;AAC9D,MAAM,4BAA4B,GAAW,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AAE5D;;;;;GAKG;AACH,MAAM,UAAU,eAAe,CAAC,OAAyB;IACvD,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,sBAAsB,EAAE,GAAG,OAAO,CAAC;IACvE,MAAM,UAAU,GAAG,gBAAgB,CAAC,QAAQ,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;IAEhE,6DAA6D;IAC7D,MAAM,UAAU,GAA+C,IAAI,GAAG,EAAE,CAAC;IAEzE,+DAA+D;IAC/D,MAAM,YAAY,GAA6B,IAAI,GAAG,EAAE,CAAC;IAEzD,8CAA8C;IAC9C,MAAM,aAAa,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC,gBAAgB,EAAE,EAAE,4BAA4B,CAAC,CAAC;IAC1F,aAAa,CAAC,KAAK,EAAE,CAAC;IAEtB,kEAAkE;IAClE,MAAM,UAAU,GAAG,IAAI,CAAC,YAAY,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;QACtD,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,IAAI,GAAG,EAAE,UAAU,GAAG,CAAC,OAAO,CAAC,IAAI,IAAI,WAAW,EAAE,CAAC,CAAC;QAEjF,wEAAwE;QACxE,MAAM,kBAAkB,GAAG,UAAU,GAAG,CAAC,OAAO,CAAC,IAAI,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC;QAEpE,kEAAkE;QAClE,IAAI,sBAAsB,IAAI,GAAG,CAAC,QAAQ,KAAK,2CAA2C,EAAE,CAAC;YAC3F,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;YAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC;gBACrB,QAAQ,EAAE,kBAAkB;gBAC5B,qBAAqB,EAAE,CAAC,sBAAsB,CAAC;aAChD,CAAC,CAAC,CAAC;YACJ,OAAO;QACT,CAAC;QAED,+BAA+B;QAC/B,IAAI,GAAG,CAAC,QAAQ,KAAK,MAAM,EAAE,CAAC;YAC5B,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;YAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC;YAChD,OAAO;QACT,CAAC;QAED,8BAA8B;QAC9B,MAAM,WAAW,GAAG,sBAAsB,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;QACxD,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,MAAM,OAAO,GAA2B,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC;YAC/E,IAAI,sBAAsB,EAAE,CAAC;gBAC3B,OAAO,CAAC,kBAAkB,CAAC;oBACzB,6BAA6B,kBAAkB,4CAA4C,CAAC;YAChG,CAAC;YACD,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;YAC5B,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,CAAC,CAAC,CAAC;YACnD,OAAO;QACT,CAAC;QAED,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,EAAE,WAAW,EAAE,CAAC;QAEzC,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;YACtB,MAAM,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,UAAU,EAAE,UAAU,EAAE,YAAY,EAAE,WAAW,CAAC,CAAC;QAChF,CAAC;aAAM,IAAI,MAAM,KAAK,KAAK,EAAE,CAAC;YAC5B,MAAM,SAAS,CAAC,GAAG,EAAE,GAAG,EAAE,UAAU,CAAC,CAAC;QACxC,CAAC;aAAM,IAAI,MAAM,KAAK,QAAQ,EAAE,CAAC;YAC/B,MAAM,YAAY,CAAC,GAAG,EAAE,GAAG,EAAE,UAAU,EAAE,YAAY,CAAC,CAAC;QACzD,CAAC;aAAM,CAAC;YACN,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;YAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC,CAAC,CAAC;QAC3D,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,OAAO,UAAU,CAAC;AACpB,CAAC;AAED,iDAAiD;AACjD,MAAM,aAAa,GAAW,SAAS,CAAC;AAExC,qFAAqF;AACrF,KAAK,UAAU,SAAS,CAAC,GAAyB;IAChD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,MAAM,GAAa,EAAE,CAAC;QAC5B,IAAI,SAAS,GAAW,CAAC,CAAC;QAC1B,GAAG,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YAC/B,SAAS,IAAI,KAAK,CAAC,MAAM,CAAC;YAC1B,IAAI,SAAS,GAAG,aAAa,EAAE,CAAC;gBAC9B,GAAG,CAAC,OAAO,EAAE,CAAC;gBACd,MAAM,CAAC,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC,CAAC;gBAC5C,OAAO;YACT,CAAC;YACD,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACrB,CAAC,CAAC,CAAC;QACH,GAAG,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE;YACjB,IAAI,CAAC;gBACH,MAAM,IAAI,GAAY,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;gBACzE,OAAO,CAAC,IAAI,CAAC,CAAC;YAChB,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,CAAC,GAAG,CAAC,CAAC;YACd,CAAC;QACH,CAAC,CAAC,CAAC;QACH,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAC1B,CAAC,CAAC,CAAC;AACL,CAAC;AAED,mEAAmE;AACnE,KAAK,UAAU,UAAU,CACvB,GAAyB,EACzB,GAAwB,EACxB,UAA0C,EAC1C,UAAsD,EACtD,YAAsC,EACtC,WAAwB;IAExB,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,SAAS,CAAC,GAAG,CAAC,CAAC;QAClC,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAAuB,CAAC;QAEtE,IAAI,SAAS,IAAI,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;YAC3C,0EAA0E;YAC1E,MAAM,WAAW,GAAG,YAAY,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;YAChD,IAAI,WAAW,IAAI,WAAW,CAAC,IAAI,KAAK,WAAW,CAAC,IAAI,EAAE,CAAC;gBACzD,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;gBAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,mCAAmC,EAAE,CAAC,CAAC,CAAC;gBACxE,OAAO;YACT,CAAC;YAED,4CAA4C;YAC5C,MAAM,SAAS,GAAG,UAAU,CAAC,GAAG,CAAC,SAAS,CAAE,CAAC;YAC7C,MAAM,SAAS,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;YAC9C,OAAO;QACT,CAAC;QAED,IAAI,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,SAAS,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC;YAC5E,uDAAuD;YACvD,MAAM,SAAS,GAAG,IAAI,6BAA6B,CAAC;gBAClD,kBAAkB,EAAE,GAAG,EAAE,CAAC,UAAU,EAAE;gBACtC,oBAAoB,EAAE,CAAC,GAAW,EAAE,EAAE;oBACpC,MAAM,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,GAAG,EAAE,EAAE,yBAAyB,CAAC,CAAC;oBAC3D,UAAU,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;oBAC/B,YAAY,CAAC,GAAG,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;gBACrC,CAAC;aACF,CAAC,CAAC;YAEH,SAAS,CAAC,OAAO,GAAG,GAAG,EAAE;gBACvB,MAAM,GAAG,GAAG,SAAS,CAAC,SAAS,CAAC;gBAChC,IAAI,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;oBAC/B,MAAM,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,GAAG,EAAE,EAAE,oBAAoB,CAAC,CAAC;oBACtD,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;oBACvB,YAAY,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;gBAC3B,CAAC;YACH,CAAC,CAAC;YAEF,MAAM,SAAS,GAAG,uBAAuB,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;YACnE,MAAM,SAAS,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;YACnC,MAAM,SAAS,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;YAC9C,OAAO;QACT,CAAC;QAED,sDAAsD;QACtD,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;QAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC;YACrB,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,2CAA2C,EAAE;YAC7E,EAAE,EAAE,IAAI;SACT,CAAC,CAAC,CAAC;IACN,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,KAAK,EAAE,EAAE,iCAAiC,CAAC,CAAC;QAChE,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;YACrB,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;YAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC;gBACrB,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,uBAAuB,EAAE;gBACzD,EAAE,EAAE,IAAI;aACT,CAAC,CAAC,CAAC;QACN,CAAC;IACH,CAAC;AACH,CAAC;AAED,+EAA+E;AAC/E,KAAK,UAAU,SAAS,CACtB,GAAyB,EACzB,GAAwB,EACxB,UAAsD;IAEtD,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAAuB,CAAC;IACtE,IAAI,CAAC,SAAS,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;QAC7C,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;QAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,+BAA+B,EAAE,CAAC,CAAC,CAAC;QACpE,OAAO;IACT,CAAC;IAED,MAAM,SAAS,GAAG,UAAU,CAAC,GAAG,CAAC,SAAS,CAAE,CAAC;IAC7C,MAAM,SAAS,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;AAC1C,CAAC;AAED,4DAA4D;AAC5D,KAAK,UAAU,YAAY,CACzB,GAAyB,EACzB,GAAwB,EACxB,UAAsD,EACtD,YAAsC;IAEtC,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAAuB,CAAC;IACtE,IAAI,CAAC,SAAS,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;QAC7C,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;QAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,+BAA+B,EAAE,CAAC,CAAC,CAAC;QACpE,OAAO;IACT,CAAC;IAED,MAAM,SAAS,GAAG,UAAU,CAAC,GAAG,CAAC,SAAS,CAAE,CAAC;IAC7C,IAAI,CAAC;QACH,MAAM,SAAS,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QACxC,YAAY,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACjC,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,KAAK,EAAE,EAAE,oCAAoC,CAAC,CAAC;QACnE,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;YACrB,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;YAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,sCAAsC,EAAE,CAAC,CAAC,CAAC;QAC7E,CAAC;IACH,CAAC;AACH,CAAC"}

package/dist/oauth-token.d.ts

@@ -0,0 +1,38 @@
+/** Default access token time-to-live: 1 hour in milliseconds. */
+export declare const OAUTH_ACCESS_TOKEN_TTL_MS: number;
+/** Default refresh token time-to-live: 30 days in milliseconds. */
+export declare const OAUTH_REFRESH_TOKEN_TTL_MS: number;
+/** Claims embedded in an OAuth access token payload. */
+export interface OAuthTokenClaims {
+    /** Token type discriminator — always "oauth" for OAuth access tokens. */
+    typ: "oauth";
+    /** Subject — the OAuth client ID that was authorized. */
+    sub: string;
+    /** Audience — the resource URL (MCP server URL) this token was issued for. */
+    aud: string;
+    /** Issued-at time (epoch seconds). */
+    iat: number;
+    /** Expiry time (epoch seconds). */
+    exp: number;
+}
+/**
+ * Create an OAuth access token with the given client ID and resource, signed with the provided secret.
+ *
+ * @param clientId - The OAuth client ID (subject).
+ * @param resource - The resource URL (audience) this token is scoped to.
+ * @param signingSecret - Secret used to HMAC-sign the token (typically the API key).
+ * @param ttlMs - Token time-to-live in milliseconds (default: 1 hour).
+ * @returns The signed opaque token string.
+ */
+export declare function createOAuthAccessToken(clientId: string, resource: string, signingSecret: string, ttlMs?: number): string;
+/**
+ * Verify an OAuth access token's signature and expiry.
+ *
+ * Uses constant-time comparison for the HMAC signature.
+ *
+ * @param token - The token string to verify.
+ * @param signingSecret - The secret used to verify the HMAC signature.
+ * @returns The decoded claims if valid, or `undefined` if verification fails.
+ */
+export declare function verifyOAuthAccessToken(token: string, signingSecret: string): OAuthTokenClaims | undefined;
+//# sourceMappingURL=oauth-token.d.ts.map

package/dist/oauth-token.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth-token.d.ts","sourceRoot":"","sources":["../src/oauth-token.ts"],"names":[],"mappings":"AAEA,iEAAiE;AACjE,eAAO,MAAM,yBAAyB,EAAE,MAAuB,CAAC;AAEhE,mEAAmE;AACnE,eAAO,MAAM,0BAA0B,EAAE,MAAiC,CAAC;AAE3E,wDAAwD;AACxD,MAAM,WAAW,gBAAgB;IAC/B,yEAAyE;IACzE,GAAG,EAAE,OAAO,CAAC;IACb,yDAAyD;IACzD,GAAG,EAAE,MAAM,CAAC;IACZ,8EAA8E;IAC9E,GAAG,EAAE,MAAM,CAAC;IACZ,sCAAsC;IACtC,GAAG,EAAE,MAAM,CAAC;IACZ,mCAAmC;IACnC,GAAG,EAAE,MAAM,CAAC;CACb;AAiBD;;;;;;;;GAQG;AACH,wBAAgB,sBAAsB,CACpC,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,aAAa,EAAE,MAAM,EACrB,KAAK,GAAE,MAAkC,GACxC,MAAM,CAaR;AAED;;;;;;;;GAQG;AACH,wBAAgB,sBAAsB,CAAC,KAAK,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,GAAG,gBAAgB,GAAG,SAAS,CA4DzG"}

package/dist/oauth-token.js

@@ -0,0 +1,101 @@
+import { createHmac, timingSafeEqual } from "node:crypto";
+/** Default access token time-to-live: 1 hour in milliseconds. */
+export const OAUTH_ACCESS_TOKEN_TTL_MS = 60 * 60 * 1000;
+/** Default refresh token time-to-live: 30 days in milliseconds. */
+export const OAUTH_REFRESH_TOKEN_TTL_MS = 30 * 24 * 60 * 60 * 1000;
+/** Encode a buffer as base64url (no padding). */
+function toBase64Url(buf) {
+    return buf.toString("base64url");
+}
+/** Decode a base64url string to a Buffer. */
+function fromBase64Url(str) {
+    return Buffer.from(str, "base64url");
+}
+/** Compute HMAC-SHA256 signature over a payload string. */
+function sign(payload, secret) {
+    return createHmac("sha256", secret).update(payload).digest();
+}
+/**
+ * Create an OAuth access token with the given client ID and resource, signed with the provided secret.
+ *
+ * @param clientId - The OAuth client ID (subject).
+ * @param resource - The resource URL (audience) this token is scoped to.
+ * @param signingSecret - Secret used to HMAC-sign the token (typically the API key).
+ * @param ttlMs - Token time-to-live in milliseconds (default: 1 hour).
+ * @returns The signed opaque token string.
+ */
+export function createOAuthAccessToken(clientId, resource, signingSecret, ttlMs = OAUTH_ACCESS_TOKEN_TTL_MS) {
+    const now = Math.floor(Date.now() / 1000);
+    const payload = {
+        typ: "oauth",
+        sub: clientId,
+        aud: resource,
+        iat: now,
+        exp: now + Math.floor(ttlMs / 1000),
+    };
+    const payloadStr = JSON.stringify(payload);
+    const payloadEncoded = toBase64Url(Buffer.from(payloadStr, "utf8"));
+    const signature = toBase64Url(sign(payloadEncoded, signingSecret));
+    return `${payloadEncoded}.${signature}`;
+}
+/**
+ * Verify an OAuth access token's signature and expiry.
+ *
+ * Uses constant-time comparison for the HMAC signature.
+ *
+ * @param token - The token string to verify.
+ * @param signingSecret - The secret used to verify the HMAC signature.
+ * @returns The decoded claims if valid, or `undefined` if verification fails.
+ */
+export function verifyOAuthAccessToken(token, signingSecret) {
+    const dotIndex = token.indexOf(".");
+    if (dotIndex === -1 || dotIndex === 0 || dotIndex === token.length - 1) {
+        return undefined;
+    }
+    // Reject tokens with multiple dots
+    if (token.indexOf(".", dotIndex + 1) !== -1) {
+        return undefined;
+    }
+    const payloadEncoded = token.slice(0, dotIndex);
+    const signatureEncoded = token.slice(dotIndex + 1);
+    // Verify signature using constant-time comparison
+    const expectedSignature = sign(payloadEncoded, signingSecret);
+    let actualSignature;
+    try {
+        actualSignature = fromBase64Url(signatureEncoded);
+    }
+    catch {
+        return undefined;
+    }
+    if (expectedSignature.length !== actualSignature.length) {
+        return undefined;
+    }
+    if (!timingSafeEqual(expectedSignature, actualSignature)) {
+        return undefined;
+    }
+    // Decode and parse payload — parse as Record first for runtime validation
+    let raw;
+    try {
+        const payloadStr = fromBase64Url(payloadEncoded).toString("utf8");
+        raw = JSON.parse(payloadStr);
+    }
+    catch {
+        return undefined;
+    }
+    // Validate claim types to prevent bypass via crafted payloads
+    if (raw.typ !== "oauth" ||
+        typeof raw.sub !== "string" ||
+        typeof raw.aud !== "string" ||
+        !Number.isFinite(raw.iat) ||
+        !Number.isFinite(raw.exp)) {
+        return undefined;
+    }
+    const claims = raw;
+    // Check expiry (exp must be strictly greater than both iat and now)
+    const now = Math.floor(Date.now() / 1000);
+    if (claims.exp <= now || claims.exp <= claims.iat) {
+        return undefined;
+    }
+    return claims;
+}
+//# sourceMappingURL=oauth-token.js.map

package/dist/oauth-token.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth-token.js","sourceRoot":"","sources":["../src/oauth-token.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAE1D,iEAAiE;AACjE,MAAM,CAAC,MAAM,yBAAyB,GAAW,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AAEhE,mEAAmE;AACnE,MAAM,CAAC,MAAM,0BAA0B,GAAW,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AAgB3E,iDAAiD;AACjD,SAAS,WAAW,CAAC,GAAW;IAC9B,OAAO,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;AACnC,CAAC;AAED,6CAA6C;AAC7C,SAAS,aAAa,CAAC,GAAW;IAChC,OAAO,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;AACvC,CAAC;AAED,2DAA2D;AAC3D,SAAS,IAAI,CAAC,OAAe,EAAE,MAAc;IAC3C,OAAO,UAAU,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,CAAC;AAC/D,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,sBAAsB,CACpC,QAAgB,EAChB,QAAgB,EAChB,aAAqB,EACrB,QAAgB,yBAAyB;IAEzC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC1C,MAAM,OAAO,GAAqB;QAChC,GAAG,EAAE,OAAO;QACZ,GAAG,EAAE,QAAQ;QACb,GAAG,EAAE,QAAQ;QACb,GAAG,EAAE,GAAG;QACR,GAAG,EAAE,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,GAAG,IAAI,CAAC;KACpC,CAAC;IACF,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;IAC3C,MAAM,cAAc,GAAG,WAAW,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC;IACpE,MAAM,SAAS,GAAG,WAAW,CAAC,IAAI,CAAC,cAAc,EAAE,aAAa,CAAC,CAAC,CAAC;IACnE,OAAO,GAAG,cAAc,IAAI,SAAS,EAAE,CAAC;AAC1C,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,sBAAsB,CAAC,KAAa,EAAE,aAAqB;IACzE,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACpC,IAAI,QAAQ,KAAK,CAAC,CAAC,IAAI,QAAQ,KAAK,CAAC,IAAI,QAAQ,KAAK,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvE,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,mCAAmC;IACnC,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,EAAE,QAAQ,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;QAC5C,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,cAAc,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;IAChD,MAAM,gBAAgB,GAAG,KAAK,CAAC,KAAK,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC;IAEnD,kDAAkD;IAClD,MAAM,iBAAiB,GAAG,IAAI,CAAC,cAAc,EAAE,aAAa,CAAC,CAAC;IAC9D,IAAI,eAAuB,CAAC;IAC5B,IAAI,CAAC;QACH,eAAe,GAAG,aAAa,CAAC,gBAAgB,CAAC,CAAC;IACpD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,IAAI,iBAAiB,CAAC,MAAM,KAAK,eAAe,CAAC,MAAM,EAAE,CAAC;QACxD,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,IAAI,CAAC,eAAe,CAAC,iBAAiB,EAAE,eAAe,CAAC,EAAE,CAAC;QACzD,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,0EAA0E;IAC1E,IAAI,GAA4B,CAAC;IACjC,IAAI,CAAC;QACH,MAAM,UAAU,GAAG,aAAa,CAAC,cAAc,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QAClE,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAA4B,CAAC;IAC1D,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,8DAA8D;IAC9D,IACE,GAAG,CAAC,GAAG,KAAK,OAAO;QACnB,OAAO,GAAG,CAAC,GAAG,KAAK,QAAQ;QAC3B,OAAO,GAAG,CAAC,GAAG,KAAK,QAAQ;QAC3B,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC;QACzB,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,EACzB,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,MAAM,GAAqB,GAAkC,CAAC;IAEpE,oEAAoE;IACpE,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC1C,IAAI,MAAM,CAAC,GAAG,IAAI,GAAG,IAAI,MAAM,CAAC,GAAG,IAAI,MAAM,CAAC,GAAG,EAAE,CAAC;QAClD,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/tool-scoping.d.ts

@@ -0,0 +1,9 @@
+import type { AuthContext } from "./auth-context.js";
+import type { ToolRegistry, ToolDefinition } from "./tool-registry.js";
+/** Tools exposed to scoped-token (agent) callers. */
+export declare const SCOPED_TOOLS: ReadonlySet<string>;
+/** Resolve a tool by name with scope checks. */
+export declare function resolveToolForAuth(registry: ToolRegistry, name: string, authContext: AuthContext): ToolDefinition | undefined;
+/** List tools visible to the given auth context. */
+export declare function listToolsForAuth(registry: ToolRegistry, authContext: AuthContext): ToolDefinition[];
+//# sourceMappingURL=tool-scoping.d.ts.map

package/dist/tool-scoping.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"tool-scoping.d.ts","sourceRoot":"","sources":["../src/tool-scoping.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AACrD,OAAO,KAAK,EAAE,YAAY,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AAEvE,qDAAqD;AACrD,eAAO,MAAM,YAAY,EAAE,WAAW,CAAC,MAAM,CAE3C,CAAC;AAKH,gDAAgD;AAChD,wBAAgB,kBAAkB,CAChC,QAAQ,EAAE,YAAY,EACtB,IAAI,EAAE,MAAM,EACZ,WAAW,EAAE,WAAW,GACvB,cAAc,GAAG,SAAS,CAS5B;AAED,oDAAoD;AACpD,wBAAgB,gBAAgB,CAAC,QAAQ,EAAE,YAAY,EAAE,WAAW,EAAE,WAAW,GAAG,cAAc,EAAE,CAKnG"}

package/dist/tool-scoping.js

@@ -0,0 +1,25 @@
+/** Tools exposed to scoped-token (agent) callers. */
+export const SCOPED_TOOLS = new Set([
+    "finding_post", "finding_list", "task_create",
+]);
+/** Auth types that receive full tool access. */
+const FULL_ACCESS_TYPES = new Set(["api-key", "oauth"]);
+/** Resolve a tool by name with scope checks. */
+export function resolveToolForAuth(registry, name, authContext) {
+    const tool = registry.get(name);
+    if (!tool) {
+        return undefined;
+    }
+    if (!FULL_ACCESS_TYPES.has(authContext.type) && !SCOPED_TOOLS.has(tool.name)) {
+        return undefined;
+    }
+    return tool;
+}
+/** List tools visible to the given auth context. */
+export function listToolsForAuth(registry, authContext) {
+    if (FULL_ACCESS_TYPES.has(authContext.type)) {
+        return registry.list();
+    }
+    return registry.list((t) => SCOPED_TOOLS.has(t.name));
+}
+//# sourceMappingURL=tool-scoping.js.map

package/dist/tool-scoping.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tool-scoping.js","sourceRoot":"","sources":["../src/tool-scoping.ts"],"names":[],"mappings":"AAGA,qDAAqD;AACrD,MAAM,CAAC,MAAM,YAAY,GAAwB,IAAI,GAAG,CAAC;IACvD,cAAc,EAAE,cAAc,EAAE,aAAa;CAC9C,CAAC,CAAC;AAEH,gDAAgD;AAChD,MAAM,iBAAiB,GAAqC,IAAI,GAAG,CAAC,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC,CAAC;AAE1F,gDAAgD;AAChD,MAAM,UAAU,kBAAkB,CAChC,QAAsB,EACtB,IAAY,EACZ,WAAwB;IAExB,MAAM,IAAI,GAAG,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAChC,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QAC7E,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,oDAAoD;AACpD,MAAM,UAAU,gBAAgB,CAAC,QAAsB,EAAE,WAAwB;IAC/E,IAAI,iBAAiB,CAAC,GAAG,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,CAAC;QAC5C,OAAO,QAAQ,CAAC,IAAI,EAAE,CAAC;IACzB,CAAC;IACD,OAAO,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;AACxD,CAAC"}

package/dist/tools/finding.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"finding.d.ts","sourceRoot":"","sources":["../../src/tools/finding.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AAI1D,gDAAgD;AAChD,eAAO,MAAM,YAAY,EAAE,cAAc,EAyFxC,CAAC"}
+{"version":3,"file":"finding.d.ts","sourceRoot":"","sources":["../../src/tools/finding.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AAK1D,gDAAgD;AAChD,eAAO,MAAM,YAAY,EAAE,cAAc,EAyFxC,CAAC"}

package/dist/tools/finding.js

@@ -65,7 +65,7 @@ export const findingTools = [
             idempotentHint: false,
             openWorldHint: false,
         },
-        async handler(args, client) {
+        async handler(args, client, authContext) {
             try {
                 const finding = await client.postFinding({
                     projectId: args.projectId,
@@ -73,8 +73,8 @@ export const findingTools = [
                     category: args.category ?? "",
                     content: args.content ?? "",
                     tags: args.tags ?? [],
-                    taskId: "",
-                    sessionId: "",
+                    taskId: authContext?.type === "scoped" ? authContext.taskId : (args.taskId ?? ""),
+                    sessionId: authContext?.type === "scoped" ? authContext.taskSessionId : (args.sessionId ?? ""),
                 });
                 return jsonResult({
                     id: finding.id,

package/dist/tools/finding.js.map

@@ -1 +1 @@
-{"version":3,"file":"finding.js","sourceRoot":"","sources":["../../src/tools/finding.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,OAAO,EAAE,UAAU,EAAE,MAAM,sBAAsB,CAAC;AAClD,OAAO,EAAE,qBAAqB,EAAE,MAAM,qBAAqB,CAAC;AAE5D,gDAAgD;AAChD,MAAM,CAAC,MAAM,YAAY,GAAqB;IAC5C;QACE,IAAI,EAAE,cAAc;QACpB,KAAK,EAAE,SAAS;QAChB,WAAW,EAAE,0EAA0E;QACvF,WAAW,EAAE,CAAC,CAAC,MAAM,CAAC;YACpB,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,kCAAkC,CAAC;YAClE,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,4BAA4B,CAAC;YACtE,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,eAAe,CAAC;YACpD,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,sCAAsC,CAAC;SAC/F,CAAC;QACF,SAAS,EAAE,eAAe;QAC1B,QAAQ,EAAE,KAAK;QACf,WAAW,EAAE;YACX,YAAY,EAAE,IAAI;YAClB,eAAe,EAAE,KAAK;YACtB,cAAc,EAAE,IAAI;YACpB,aAAa,EAAE,KAAK;SACrB;QACD,KAAK,CAAC,OAAO,CAAC,IAA6B,EAAE,MAAsC;YACjF,IAAI,CAAC;gBACH,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC;oBAC1C,SAAS,EAAE,IAAI,CAAC,SAAmB;oBACnC,UAAU,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,QAAkB,CAAC,CAAC,CAAC,CAAC,EAAE;oBAC1D,IAAI,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAa,CAAC,CAAC,CAAC,CAAC,EAAE;oBAC1C,KAAK,EAAG,IAAI,CAAC,KAA4B,IAAI,CAAC;iBAC/C,CAAC,CAAC;gBACH,OAAO,UAAU,CACf,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;oBAC5B,EAAE,EAAE,CAAC,CAAC,EAAE;oBACR,SAAS,EAAE,CAAC,CAAC,SAAS;oBACtB,MAAM,EAAE,CAAC,CAAC,MAAM;oBAChB,SAAS,EAAE,CAAC,CAAC,SAAS;oBACtB,QAAQ,EAAE,CAAC,CAAC,QAAQ;oBACpB,KAAK,EAAE,CAAC,CAAC,KAAK;oBACd,OAAO,EAAE,CAAC,CAAC,OAAO;oBAClB,IAAI,EAAE,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBACjB,SAAS,EAAE,CAAC,CAAC,SAAS;iBACvB,CAAC,CAAC,CACJ,CAAC;YACJ,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,OAAO,qBAAqB,CAAC,KAAK,CAAC,CAAC;YACtC,CAAC;QACH,CAAC;KACF;IACD;QACE,IAAI,EAAE,cAAc;QACpB,KAAK,EAAE,SAAS;QAChB,WAAW,EAAE,4EAA4E;QACzF,WAAW,EAAE,CAAC,CAAC,MAAM,CAAC;YACpB,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,mCAAmC,CAAC;YACnE,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,eAAe,CAAC;YAC3C,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,kDAAkD,CAAC;YAC5F,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,0BAA0B,CAAC;YACnE,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,sBAAsB,CAAC;SACtE,CAAC;QACF,SAAS,EAAE,aAAa;QACxB,QAAQ,EAAE,IAAI;QACd,WAAW,EAAE;YACX,YAAY,EAAE,KAAK;YACnB,eAAe,EAAE,KAAK;YACtB,cAAc,EAAE,KAAK;YACrB,aAAa,EAAE,KAAK;SACrB;QACD,KAAK,CAAC,OAAO,CAAC,IAA6B,EAAE,MAAsC;YACjF,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,WAAW,CAAC;oBACvC,SAAS,EAAE,IAAI,CAAC,SAAmB;oBACnC,KAAK,EAAE,IAAI,CAAC,KAAe;oBAC3B,QAAQ,EAAG,IAAI,CAAC,QAA+B,IAAI,EAAE;oBACrD,OAAO,EAAG,IAAI,CAAC,OAA8B,IAAI,EAAE;oBACnD,IAAI,EAAG,IAAI,CAAC,IAA6B,IAAI,EAAE;oBAC/C,MAAM,EAAE,EAAE;oBACV,SAAS,EAAE,EAAE;iBACd,CAAC,CAAC;gBACH,OAAO,UAAU,CAAC;oBAChB,EAAE,EAAE,OAAO,CAAC,EAAE;oBACd,SAAS,EAAE,OAAO,CAAC,SAAS;oBAC5B,QAAQ,EAAE,OAAO,CAAC,QAAQ;oBAC1B,KAAK,EAAE,OAAO,CAAC,KAAK;oBACpB,OAAO,EAAE,OAAO,CAAC,OAAO;oBACxB,IAAI,EAAE,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC;oBACvB,SAAS,EAAE,OAAO,CAAC,SAAS;iBAC7B,CAAC,CAAC;YACL,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,OAAO,qBAAqB,CAAC,KAAK,CAAC,CAAC;YACtC,CAAC;QACH,CAAC;KACF;CACF,CAAC"}
+{"version":3,"file":"finding.js","sourceRoot":"","sources":["../../src/tools/finding.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAGxB,OAAO,EAAE,UAAU,EAAE,MAAM,sBAAsB,CAAC;AAClD,OAAO,EAAE,qBAAqB,EAAE,MAAM,qBAAqB,CAAC;AAE5D,gDAAgD;AAChD,MAAM,CAAC,MAAM,YAAY,GAAqB;IAC5C;QACE,IAAI,EAAE,cAAc;QACpB,KAAK,EAAE,SAAS;QAChB,WAAW,EAAE,0EAA0E;QACvF,WAAW,EAAE,CAAC,CAAC,MAAM,CAAC;YACpB,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,kCAAkC,CAAC;YAClE,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,4BAA4B,CAAC;YACtE,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,eAAe,CAAC;YACpD,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,sCAAsC,CAAC;SAC/F,CAAC;QACF,SAAS,EAAE,eAAe;QAC1B,QAAQ,EAAE,KAAK;QACf,WAAW,EAAE;YACX,YAAY,EAAE,IAAI;YAClB,eAAe,EAAE,KAAK;YACtB,cAAc,EAAE,IAAI;YACpB,aAAa,EAAE,KAAK;SACrB;QACD,KAAK,CAAC,OAAO,CAAC,IAA6B,EAAE,MAAsC;YACjF,IAAI,CAAC;gBACH,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC;oBAC1C,SAAS,EAAE,IAAI,CAAC,SAAmB;oBACnC,UAAU,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,QAAkB,CAAC,CAAC,CAAC,CAAC,EAAE;oBAC1D,IAAI,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAa,CAAC,CAAC,CAAC,CAAC,EAAE;oBAC1C,KAAK,EAAG,IAAI,CAAC,KAA4B,IAAI,CAAC;iBAC/C,CAAC,CAAC;gBACH,OAAO,UAAU,CACf,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;oBAC5B,EAAE,EAAE,CAAC,CAAC,EAAE;oBACR,SAAS,EAAE,CAAC,CAAC,SAAS;oBACtB,MAAM,EAAE,CAAC,CAAC,MAAM;oBAChB,SAAS,EAAE,CAAC,CAAC,SAAS;oBACtB,QAAQ,EAAE,CAAC,CAAC,QAAQ;oBACpB,KAAK,EAAE,CAAC,CAAC,KAAK;oBACd,OAAO,EAAE,CAAC,CAAC,OAAO;oBAClB,IAAI,EAAE,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBACjB,SAAS,EAAE,CAAC,CAAC,SAAS;iBACvB,CAAC,CAAC,CACJ,CAAC;YACJ,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,OAAO,qBAAqB,CAAC,KAAK,CAAC,CAAC;YACtC,CAAC;QACH,CAAC;KACF;IACD;QACE,IAAI,EAAE,cAAc;QACpB,KAAK,EAAE,SAAS;QAChB,WAAW,EAAE,4EAA4E;QACzF,WAAW,EAAE,CAAC,CAAC,MAAM,CAAC;YACpB,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,mCAAmC,CAAC;YACnE,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,eAAe,CAAC;YAC3C,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,kDAAkD,CAAC;YAC5F,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,0BAA0B,CAAC;YACnE,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,sBAAsB,CAAC;SACtE,CAAC;QACF,SAAS,EAAE,aAAa;QACxB,QAAQ,EAAE,IAAI;QACd,WAAW,EAAE;YACX,YAAY,EAAE,KAAK;YACnB,eAAe,EAAE,KAAK;YACtB,cAAc,EAAE,KAAK;YACrB,aAAa,EAAE,KAAK;SACrB;QACD,KAAK,CAAC,OAAO,CAAC,IAA6B,EAAE,MAAsC,EAAE,WAAyB;YAC5G,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,WAAW,CAAC;oBACvC,SAAS,EAAE,IAAI,CAAC,SAAmB;oBACnC,KAAK,EAAE,IAAI,CAAC,KAAe;oBAC3B,QAAQ,EAAG,IAAI,CAAC,QAA+B,IAAI,EAAE;oBACrD,OAAO,EAAG,IAAI,CAAC,OAA8B,IAAI,EAAE;oBACnD,IAAI,EAAG,IAAI,CAAC,IAA6B,IAAI,EAAE;oBAC/C,MAAM,EAAE,WAAW,EAAE,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,CAAE,IAAI,CAAC,MAA6B,IAAI,EAAE,CAAC;oBACzG,SAAS,EAAE,WAAW,EAAE,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAC,aAAa,CAAC,CAAC,CAAC,CAAE,IAAI,CAAC,SAAgC,IAAI,EAAE,CAAC;iBACvH,CAAC,CAAC;gBACH,OAAO,UAAU,CAAC;oBAChB,EAAE,EAAE,OAAO,CAAC,EAAE;oBACd,SAAS,EAAE,OAAO,CAAC,SAAS;oBAC5B,QAAQ,EAAE,OAAO,CAAC,QAAQ;oBAC1B,KAAK,EAAE,OAAO,CAAC,KAAK;oBACpB,OAAO,EAAE,OAAO,CAAC,OAAO;oBACxB,IAAI,EAAE,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC;oBACvB,SAAS,EAAE,OAAO,CAAC,SAAS;iBAC7B,CAAC,CAAC;YACL,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,OAAO,qBAAqB,CAAC,KAAK,CAAC,CAAC;YACtC,CAAC;QACH,CAAC;KACF;CACF,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@grackle-ai/mcp",
-  "version": "0.32.0",
+  "version": "0.34.0",
   "description": "MCP (Model Context Protocol) server for Grackle — translates MCP tool calls to ConnectRPC",
   "license": "MIT",
   "repository": {
@@ -34,7 +34,7 @@
     "pino": "^10.3.1",
     "zod": "^3.23.0",
     "zod-to-json-schema": "^3.24.0",
-    "@grackle-ai/common": "0.32.0"
+    "@grackle-ai/common": "0.34.0"
   },
   "devDependencies": {
     "@rushstack/heft": "1.2.4",