@hasna/mcps 0.0.26 → 0.0.28

package/bin/index.js

@@ -12743,6 +12743,40 @@ function normalizeCandidate(value) {
   const trimmed = value?.trim();
   return trimmed ? trimmed : undefined;
 }
+function normalizeServerTransport(value, fallback = "stdio") {
+  if (value === undefined)
+    return fallback;
+  if (typeof value !== "string") {
+    throw new Error("Invalid transport type");
+  }
+  const transport = value.trim();
+  if (!transport) {
+    throw new Error("Invalid transport type");
+  }
+  if (!VALID_TRANSPORTS.has(transport)) {
+    throw new Error("Invalid transport type");
+  }
+  return transport;
+}
+function normalizeServerUrl(value) {
+  if (value === null || value === undefined)
+    return null;
+  if (typeof value !== "string") {
+    throw new Error("URL must be a valid HTTP(S) URL");
+  }
+  const trimmed = value.trim();
+  if (!trimmed)
+    return null;
+  try {
+    const parsed = new URL(trimmed);
+    if (parsed.protocol !== "http:" && parsed.protocol !== "https:") {
+      throw new Error("unsupported protocol");
+    }
+  } catch {
+    throw new Error("URL must be a valid HTTP(S) URL");
+  }
+  return trimmed;
+}
 function pickNameFromArgs(args) {
   if (!args || args.length === 0)
     return;
@@ -12784,9 +12818,11 @@ function addServer(opts) {
   if (!id) {
     throw new Error("Unable to generate a valid server ID");
   }
+  const transport = normalizeServerTransport(opts.transport);
+  const url = normalizeServerUrl(opts.url);
   const row = db2.prepare(`INSERT INTO servers (id, name, description, command, args, env, credential_refs, transport, url, source)
        VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
-       RETURNING *`).get(id, name, opts.description || null, command, JSON.stringify(opts.args || []), JSON.stringify(normalizeLiteralEnv(opts.env)), JSON.stringify(normalizeCredentialRefs(opts.credentialRefs)), opts.transport || "stdio", opts.url || null, opts.source || "local");
+       RETURNING *`).get(id, name, opts.description || null, command, JSON.stringify(opts.args || []), JSON.stringify(normalizeLiteralEnv(opts.env)), JSON.stringify(normalizeCredentialRefs(opts.credentialRefs)), transport, url, opts.source || "local");
   return parseRow(row);
 }
 function removeServer(id) {
@@ -12807,9 +12843,21 @@ function updateServer(id, updates) {
   const db2 = getDb();
   const sets = [];
   const values = [];
+  let nextTransport;
+  let nextUrl;
+  if (updates.transport !== undefined) {
+    nextTransport = normalizeServerTransport(updates.transport);
+  }
+  if (updates.url !== undefined) {
+    nextUrl = normalizeServerUrl(updates.url);
+  }
   if (updates.name !== undefined) {
+    const name = normalizeCandidate(updates.name);
+    if (!name) {
+      throw new Error("Name is required");
+    }
     sets.push("name = ?");
-    values.push(updates.name);
+    values.push(name);
   }
   if (updates.description !== undefined) {
     sets.push("description = ?");
@@ -12837,11 +12885,11 @@ function updateServer(id, updates) {
   }
   if (updates.transport !== undefined) {
     sets.push("transport = ?");
-    values.push(updates.transport);
+    values.push(nextTransport);
   }
   if (updates.url !== undefined) {
     sets.push("url = ?");
-    values.push(updates.url);
+    values.push(nextUrl ?? null);
   }
   if (updates.enabled !== undefined) {
     sets.push("enabled = ?");
@@ -12949,9 +12997,15 @@ function getCachedTools(serverId) {
     input_schema: safeJsonParse(r.input_schema, {})
   }));
 }
+var VALID_TRANSPORTS;
 var init_registry = __esm(() => {
   init_db();
   init_credentials();
+  VALID_TRANSPORTS = new Set([
+    "stdio",
+    "sse",
+    "streamable-http"
+  ]);
 });
 
 // node_modules/zod/v3/helpers/util.js
@@ -34645,14 +34699,11 @@ function buildEnv(extra) {
   return merged;
 }
 function requireUrl(entry) {
-  if (!entry.url) {
+  const url2 = normalizeServerUrl(entry.url);
+  if (!url2) {
     throw new Error(`Server "${entry.id}" is missing a URL for ${entry.transport} transport`);
   }
-  try {
-    return new URL(entry.url);
-  } catch {
-    throw new Error(`Server "${entry.id}" has an invalid URL: ${entry.url}`);
-  }
+  return new URL(url2);
 }
 async function connectToServer(entry, options = {}) {
   if (connections.has(entry.id)) {
@@ -34684,8 +34735,10 @@ async function connectToServer(entry, options = {}) {
         });
       } else if (entry.transport === "sse") {
         transport = new SSEClientTransport(requireUrl(entry));
-      } else {
+      } else if (entry.transport === "streamable-http") {
         transport = new StreamableHTTPClientTransport(requireUrl(entry));
+      } else {
+        throw new Error(`Unsupported transport type for server "${entry.id}": ${entry.transport}`);
       }
       await client.connect(transport);
       const result = await client.listTools();
@@ -36450,7 +36503,7 @@ var init_provider_profiles = __esm(() => {
 var require_package = __commonJS((exports, module) => {
   module.exports = {
     name: "@hasna/mcps",
-    version: "0.0.26",
+    version: "0.0.28",
     description: "Meta-MCP registry & CLI \u2014 discover, manage, and proxy MCP servers",
     type: "module",
     repository: {
@@ -42512,8 +42565,16 @@ Dashboard not found at: ${dashboardDir}`);
             return json({ error: "Invalid JSON body" }, 400, port);
           }
           const fields = {};
-          if (body.name !== undefined)
-            fields.name = body.name;
+          if (body.name !== undefined) {
+            if (typeof body.name !== "string") {
+              return json({ error: "Invalid 'name' format" }, 400, port);
+            }
+            const name = body.name.trim();
+            if (!name) {
+              return json({ error: "Name is required" }, 400, port);
+            }
+            fields.name = name;
+          }
           if (body.description !== undefined)
             fields.description = body.description;
           if (body.command !== undefined) {
@@ -45418,6 +45479,16 @@ program2.command("import").argument("<file>", "Path to the export JSON file").de
     }
     const literalEnv = normalizeLiteralEnv(s.env ?? {});
     const credentialRefs = normalizeCredentialRefs(s.credentialRefs ?? s.credential_refs ?? {});
+    let transport;
+    let url2;
+    try {
+      transport = normalizeServerTransport(s.transport);
+      url2 = normalizeServerUrl(s.url);
+    } catch (err) {
+      console.error(chalk2.red(`Invalid server in import "${s.id ?? "(unknown)"}": ${err.message}`));
+      closeDb();
+      process.exit(1);
+    }
     db2.run(`INSERT ${orReplace} INTO servers (id, name, description, command, args, env, credential_refs, transport, url, source, enabled, created_at, updated_at) VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?)`, [
       s.id,
       s.name,
@@ -45426,8 +45497,8 @@ program2.command("import").argument("<file>", "Path to the export JSON file").de
       JSON.stringify(s.args ?? []),
       JSON.stringify(literalEnv),
       JSON.stringify(credentialRefs),
-      s.transport,
-      s.url,
+      transport,
+      url2,
       s.source,
       s.enabled ? 1 : 0,
       s.created_at,

package/bin/mcp.js

@@ -30759,6 +30759,40 @@ function normalizeCandidate(value) {
   const trimmed = value?.trim();
   return trimmed ? trimmed : undefined;
 }
+function normalizeServerTransport(value, fallback = "stdio") {
+  if (value === undefined)
+    return fallback;
+  if (typeof value !== "string") {
+    throw new Error("Invalid transport type");
+  }
+  const transport = value.trim();
+  if (!transport) {
+    throw new Error("Invalid transport type");
+  }
+  if (!VALID_TRANSPORTS.has(transport)) {
+    throw new Error("Invalid transport type");
+  }
+  return transport;
+}
+function normalizeServerUrl(value) {
+  if (value === null || value === undefined)
+    return null;
+  if (typeof value !== "string") {
+    throw new Error("URL must be a valid HTTP(S) URL");
+  }
+  const trimmed = value.trim();
+  if (!trimmed)
+    return null;
+  try {
+    const parsed = new URL(trimmed);
+    if (parsed.protocol !== "http:" && parsed.protocol !== "https:") {
+      throw new Error("unsupported protocol");
+    }
+  } catch {
+    throw new Error("URL must be a valid HTTP(S) URL");
+  }
+  return trimmed;
+}
 function pickNameFromArgs(args) {
   if (!args || args.length === 0)
     return;
@@ -30800,9 +30834,11 @@ function addServer(opts) {
   if (!id) {
     throw new Error("Unable to generate a valid server ID");
   }
+  const transport = normalizeServerTransport(opts.transport);
+  const url2 = normalizeServerUrl(opts.url);
   const row = db2.prepare(`INSERT INTO servers (id, name, description, command, args, env, credential_refs, transport, url, source)
        VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
-       RETURNING *`).get(id, name, opts.description || null, command, JSON.stringify(opts.args || []), JSON.stringify(normalizeLiteralEnv(opts.env)), JSON.stringify(normalizeCredentialRefs(opts.credentialRefs)), opts.transport || "stdio", opts.url || null, opts.source || "local");
+       RETURNING *`).get(id, name, opts.description || null, command, JSON.stringify(opts.args || []), JSON.stringify(normalizeLiteralEnv(opts.env)), JSON.stringify(normalizeCredentialRefs(opts.credentialRefs)), transport, url2, opts.source || "local");
   return parseRow(row);
 }
 function removeServer(id) {
@@ -30823,9 +30859,21 @@ function updateServer(id, updates) {
   const db2 = getDb();
   const sets = [];
   const values = [];
+  let nextTransport;
+  let nextUrl;
+  if (updates.transport !== undefined) {
+    nextTransport = normalizeServerTransport(updates.transport);
+  }
+  if (updates.url !== undefined) {
+    nextUrl = normalizeServerUrl(updates.url);
+  }
   if (updates.name !== undefined) {
+    const name = normalizeCandidate(updates.name);
+    if (!name) {
+      throw new Error("Name is required");
+    }
     sets.push("name = ?");
-    values.push(updates.name);
+    values.push(name);
   }
   if (updates.description !== undefined) {
     sets.push("description = ?");
@@ -30853,11 +30901,11 @@ function updateServer(id, updates) {
   }
   if (updates.transport !== undefined) {
     sets.push("transport = ?");
-    values.push(updates.transport);
+    values.push(nextTransport);
   }
   if (updates.url !== undefined) {
     sets.push("url = ?");
-    values.push(updates.url);
+    values.push(nextUrl ?? null);
   }
   if (updates.enabled !== undefined) {
     sets.push("enabled = ?");
@@ -30910,9 +30958,15 @@ function getCachedTools(serverId) {
     input_schema: safeJsonParse(r.input_schema, {})
   }));
 }
+var VALID_TRANSPORTS;
 var init_registry = __esm(() => {
   init_db();
   init_credentials();
+  VALID_TRANSPORTS = new Set([
+    "stdio",
+    "sse",
+    "streamable-http"
+  ]);
 });
 
 // src/lib/local-command-consent.ts
@@ -34448,14 +34502,11 @@ function buildEnv(extra) {
   return merged;
 }
 function requireUrl(entry) {
-  if (!entry.url) {
+  const url2 = normalizeServerUrl(entry.url);
+  if (!url2) {
     throw new Error(`Server "${entry.id}" is missing a URL for ${entry.transport} transport`);
   }
-  try {
-    return new URL(entry.url);
-  } catch {
-    throw new Error(`Server "${entry.id}" has an invalid URL: ${entry.url}`);
-  }
+  return new URL(url2);
 }
 async function connectToServer(entry, options = {}) {
   if (connections.has(entry.id)) {
@@ -34487,8 +34538,10 @@ async function connectToServer(entry, options = {}) {
         });
       } else if (entry.transport === "sse") {
         transport = new SSEClientTransport(requireUrl(entry));
-      } else {
+      } else if (entry.transport === "streamable-http") {
         transport = new StreamableHTTPClientTransport(requireUrl(entry));
+      } else {
+        throw new Error(`Unsupported transport type for server "${entry.id}": ${entry.transport}`);
       }
       await client.connect(transport);
       const result = await client.listTools();

package/dist/index.js

@@ -17441,6 +17441,11 @@ function credentialRefPlaceholders(refs) {
 }
 
 // src/lib/registry.ts
+var VALID_TRANSPORTS = new Set([
+  "stdio",
+  "sse",
+  "streamable-http"
+]);
 function parseRow(row) {
   return {
     id: row.id,
@@ -17476,6 +17481,40 @@ function normalizeCandidate(value) {
   const trimmed = value?.trim();
   return trimmed ? trimmed : undefined;
 }
+function normalizeServerTransport(value, fallback = "stdio") {
+  if (value === undefined)
+    return fallback;
+  if (typeof value !== "string") {
+    throw new Error("Invalid transport type");
+  }
+  const transport = value.trim();
+  if (!transport) {
+    throw new Error("Invalid transport type");
+  }
+  if (!VALID_TRANSPORTS.has(transport)) {
+    throw new Error("Invalid transport type");
+  }
+  return transport;
+}
+function normalizeServerUrl(value) {
+  if (value === null || value === undefined)
+    return null;
+  if (typeof value !== "string") {
+    throw new Error("URL must be a valid HTTP(S) URL");
+  }
+  const trimmed = value.trim();
+  if (!trimmed)
+    return null;
+  try {
+    const parsed = new URL(trimmed);
+    if (parsed.protocol !== "http:" && parsed.protocol !== "https:") {
+      throw new Error("unsupported protocol");
+    }
+  } catch {
+    throw new Error("URL must be a valid HTTP(S) URL");
+  }
+  return trimmed;
+}
 function pickNameFromArgs(args) {
   if (!args || args.length === 0)
     return;
@@ -17517,9 +17556,11 @@ function addServer(opts) {
   if (!id) {
     throw new Error("Unable to generate a valid server ID");
   }
+  const transport = normalizeServerTransport(opts.transport);
+  const url = normalizeServerUrl(opts.url);
   const row = db2.prepare(`INSERT INTO servers (id, name, description, command, args, env, credential_refs, transport, url, source)
        VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
-       RETURNING *`).get(id, name, opts.description || null, command, JSON.stringify(opts.args || []), JSON.stringify(normalizeLiteralEnv(opts.env)), JSON.stringify(normalizeCredentialRefs(opts.credentialRefs)), opts.transport || "stdio", opts.url || null, opts.source || "local");
+       RETURNING *`).get(id, name, opts.description || null, command, JSON.stringify(opts.args || []), JSON.stringify(normalizeLiteralEnv(opts.env)), JSON.stringify(normalizeCredentialRefs(opts.credentialRefs)), transport, url, opts.source || "local");
   return parseRow(row);
 }
 function removeServer(id) {
@@ -17540,9 +17581,21 @@ function updateServer(id, updates) {
   const db2 = getDb();
   const sets = [];
   const values = [];
+  let nextTransport;
+  let nextUrl;
+  if (updates.transport !== undefined) {
+    nextTransport = normalizeServerTransport(updates.transport);
+  }
+  if (updates.url !== undefined) {
+    nextUrl = normalizeServerUrl(updates.url);
+  }
   if (updates.name !== undefined) {
+    const name = normalizeCandidate(updates.name);
+    if (!name) {
+      throw new Error("Name is required");
+    }
     sets.push("name = ?");
-    values.push(updates.name);
+    values.push(name);
   }
   if (updates.description !== undefined) {
     sets.push("description = ?");
@@ -17570,11 +17623,11 @@ function updateServer(id, updates) {
   }
   if (updates.transport !== undefined) {
     sets.push("transport = ?");
-    values.push(updates.transport);
+    values.push(nextTransport);
   }
   if (updates.url !== undefined) {
     sets.push("url = ?");
-    values.push(updates.url);
+    values.push(nextUrl ?? null);
   }
   if (updates.enabled !== undefined) {
     sets.push("enabled = ?");
@@ -25994,14 +26047,11 @@ function buildEnv(extra) {
   return merged;
 }
 function requireUrl(entry) {
-  if (!entry.url) {
+  const url2 = normalizeServerUrl(entry.url);
+  if (!url2) {
     throw new Error(`Server "${entry.id}" is missing a URL for ${entry.transport} transport`);
   }
-  try {
-    return new URL(entry.url);
-  } catch {
-    throw new Error(`Server "${entry.id}" has an invalid URL: ${entry.url}`);
-  }
+  return new URL(url2);
 }
 async function connectToServer(entry, options = {}) {
   if (connections.has(entry.id)) {
@@ -26033,8 +26083,10 @@ async function connectToServer(entry, options = {}) {
         });
       } else if (entry.transport === "sse") {
         transport = new SSEClientTransport(requireUrl(entry));
-      } else {
+      } else if (entry.transport === "streamable-http") {
         transport = new StreamableHTTPClientTransport(requireUrl(entry));
+      } else {
+        throw new Error(`Unsupported transport type for server "${entry.id}": ${entry.transport}`);
       }
       await client.connect(transport);
       const result = await client.listTools();

package/dist/lib/registry.d.ts

@@ -1,4 +1,7 @@
 import type { CredentialReference, McpServerEntry, AddServerOptions } from "../types.js";
+export declare const VALID_TRANSPORTS: Set<"stdio" | "sse" | "streamable-http">;
+export declare function normalizeServerTransport(value: unknown, fallback?: McpServerEntry["transport"]): McpServerEntry["transport"];
+export declare function normalizeServerUrl(value: unknown): string | null;
 export declare function addServer(opts: AddServerOptions): McpServerEntry;
 export declare function removeServer(id: string): void;
 export declare function listServers(): McpServerEntry[];

package/dist/mcp/index.js

@@ -30759,6 +30759,40 @@ function normalizeCandidate(value) {
   const trimmed = value?.trim();
   return trimmed ? trimmed : undefined;
 }
+function normalizeServerTransport(value, fallback = "stdio") {
+  if (value === undefined)
+    return fallback;
+  if (typeof value !== "string") {
+    throw new Error("Invalid transport type");
+  }
+  const transport = value.trim();
+  if (!transport) {
+    throw new Error("Invalid transport type");
+  }
+  if (!VALID_TRANSPORTS.has(transport)) {
+    throw new Error("Invalid transport type");
+  }
+  return transport;
+}
+function normalizeServerUrl(value) {
+  if (value === null || value === undefined)
+    return null;
+  if (typeof value !== "string") {
+    throw new Error("URL must be a valid HTTP(S) URL");
+  }
+  const trimmed = value.trim();
+  if (!trimmed)
+    return null;
+  try {
+    const parsed = new URL(trimmed);
+    if (parsed.protocol !== "http:" && parsed.protocol !== "https:") {
+      throw new Error("unsupported protocol");
+    }
+  } catch {
+    throw new Error("URL must be a valid HTTP(S) URL");
+  }
+  return trimmed;
+}
 function pickNameFromArgs(args) {
   if (!args || args.length === 0)
     return;
@@ -30800,9 +30834,11 @@ function addServer(opts) {
   if (!id) {
     throw new Error("Unable to generate a valid server ID");
   }
+  const transport = normalizeServerTransport(opts.transport);
+  const url2 = normalizeServerUrl(opts.url);
   const row = db2.prepare(`INSERT INTO servers (id, name, description, command, args, env, credential_refs, transport, url, source)
        VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
-       RETURNING *`).get(id, name, opts.description || null, command, JSON.stringify(opts.args || []), JSON.stringify(normalizeLiteralEnv(opts.env)), JSON.stringify(normalizeCredentialRefs(opts.credentialRefs)), opts.transport || "stdio", opts.url || null, opts.source || "local");
+       RETURNING *`).get(id, name, opts.description || null, command, JSON.stringify(opts.args || []), JSON.stringify(normalizeLiteralEnv(opts.env)), JSON.stringify(normalizeCredentialRefs(opts.credentialRefs)), transport, url2, opts.source || "local");
   return parseRow(row);
 }
 function removeServer(id) {
@@ -30823,9 +30859,21 @@ function updateServer(id, updates) {
   const db2 = getDb();
   const sets = [];
   const values = [];
+  let nextTransport;
+  let nextUrl;
+  if (updates.transport !== undefined) {
+    nextTransport = normalizeServerTransport(updates.transport);
+  }
+  if (updates.url !== undefined) {
+    nextUrl = normalizeServerUrl(updates.url);
+  }
   if (updates.name !== undefined) {
+    const name = normalizeCandidate(updates.name);
+    if (!name) {
+      throw new Error("Name is required");
+    }
     sets.push("name = ?");
-    values.push(updates.name);
+    values.push(name);
   }
   if (updates.description !== undefined) {
     sets.push("description = ?");
@@ -30853,11 +30901,11 @@ function updateServer(id, updates) {
   }
   if (updates.transport !== undefined) {
     sets.push("transport = ?");
-    values.push(updates.transport);
+    values.push(nextTransport);
   }
   if (updates.url !== undefined) {
     sets.push("url = ?");
-    values.push(updates.url);
+    values.push(nextUrl ?? null);
   }
   if (updates.enabled !== undefined) {
     sets.push("enabled = ?");
@@ -30910,9 +30958,15 @@ function getCachedTools(serverId) {
     input_schema: safeJsonParse(r.input_schema, {})
   }));
 }
+var VALID_TRANSPORTS;
 var init_registry = __esm(() => {
   init_db();
   init_credentials();
+  VALID_TRANSPORTS = new Set([
+    "stdio",
+    "sse",
+    "streamable-http"
+  ]);
 });
 
 // src/lib/local-command-consent.ts
@@ -34448,14 +34502,11 @@ function buildEnv(extra) {
   return merged;
 }
 function requireUrl(entry) {
-  if (!entry.url) {
+  const url2 = normalizeServerUrl(entry.url);
+  if (!url2) {
     throw new Error(`Server "${entry.id}" is missing a URL for ${entry.transport} transport`);
   }
-  try {
-    return new URL(entry.url);
-  } catch {
-    throw new Error(`Server "${entry.id}" has an invalid URL: ${entry.url}`);
-  }
+  return new URL(url2);
 }
 async function connectToServer(entry, options = {}) {
   if (connections.has(entry.id)) {
@@ -34487,8 +34538,10 @@ async function connectToServer(entry, options = {}) {
         });
       } else if (entry.transport === "sse") {
         transport = new SSEClientTransport(requireUrl(entry));
-      } else {
+      } else if (entry.transport === "streamable-http") {
         transport = new StreamableHTTPClientTransport(requireUrl(entry));
+      } else {
+        throw new Error(`Unsupported transport type for server "${entry.id}": ${entry.transport}`);
       }
       await client.connect(transport);
       const result = await client.listTools();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@hasna/mcps",
-  "version": "0.0.26",
+  "version": "0.0.28",
   "description": "Meta-MCP registry & CLI — discover, manage, and proxy MCP servers",
   "type": "module",
   "repository": {