@hexabot-ai/api 3.2.2-alpha.9 → 3.2.2-beta.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (311) hide show
  1. package/dist/actions/actions.service.d.ts +1 -0
  2. package/dist/actions/actions.service.js +19 -1
  3. package/dist/actions/actions.service.js.map +1 -1
  4. package/dist/actions/types.d.ts +3 -1
  5. package/dist/app.controller.d.ts +1 -0
  6. package/dist/app.controller.js +1 -0
  7. package/dist/app.controller.js.map +1 -1
  8. package/dist/app.module.js +13 -1
  9. package/dist/app.module.js.map +1 -1
  10. package/dist/config/index.js +14 -2
  11. package/dist/config/index.js.map +1 -1
  12. package/dist/config/types.d.ts +9 -0
  13. package/dist/extensions/actions/ai/agent.action.d.ts +1 -1
  14. package/dist/extensions/actions/ai/agent.action.js +6 -3
  15. package/dist/extensions/actions/ai/agent.action.js.map +1 -1
  16. package/dist/extensions/actions/ai/ai-base.action.d.ts +1 -1
  17. package/dist/extensions/actions/ai/ai-base.action.js +18 -5
  18. package/dist/extensions/actions/ai/ai-base.action.js.map +1 -1
  19. package/dist/extensions/actions/ai/generate-object.base.action.d.ts +1 -1
  20. package/dist/extensions/actions/ai/generate-object.base.action.js +3 -2
  21. package/dist/extensions/actions/ai/generate-object.base.action.js.map +1 -1
  22. package/dist/extensions/actions/ai/generate-text.base.action.d.ts +1 -1
  23. package/dist/extensions/actions/ai/generate-text.base.action.js +3 -2
  24. package/dist/extensions/actions/ai/generate-text.base.action.js.map +1 -1
  25. package/dist/extensions/actions/ai/mcp.binding.js +2 -0
  26. package/dist/extensions/actions/ai/mcp.binding.js.map +1 -1
  27. package/dist/extensions/actions/ai/memory.binding.js +2 -0
  28. package/dist/extensions/actions/ai/memory.binding.js.map +1 -1
  29. package/dist/extensions/actions/ai/retrieve-content-rag.action.js +2 -0
  30. package/dist/extensions/actions/ai/retrieve-content-rag.action.js.map +1 -1
  31. package/dist/extensions/actions/messaging/list.action.d.ts +2 -2
  32. package/dist/extensions/actions/messaging/list.action.js +7 -0
  33. package/dist/extensions/actions/messaging/list.action.js.map +1 -1
  34. package/dist/extensions/actions/subscriber/update-labels.action.js +3 -0
  35. package/dist/extensions/actions/subscriber/update-labels.action.js.map +1 -1
  36. package/dist/extensions/actions/web/http-request.action.js +12 -1
  37. package/dist/extensions/actions/web/http-request.action.js.map +1 -1
  38. package/dist/extensions/actions/workflow/call-workflow.action.d.ts +19 -0
  39. package/dist/extensions/actions/workflow/call-workflow.action.js +83 -0
  40. package/dist/extensions/actions/workflow/call-workflow.action.js.map +1 -0
  41. package/dist/extensions/actions/workflow/i18n/en.translations.json +9 -0
  42. package/dist/extensions/actions/workflow/i18n/fr.translations.json +9 -0
  43. package/dist/extensions/index.d.ts +1 -0
  44. package/dist/extensions/index.js +1 -0
  45. package/dist/extensions/index.js.map +1 -1
  46. package/dist/index.d.ts +1 -0
  47. package/dist/index.js +1 -0
  48. package/dist/index.js.map +1 -1
  49. package/dist/mcp/controllers/mcp-token.controller.d.ts +47 -0
  50. package/dist/mcp/controllers/mcp-token.controller.js +70 -0
  51. package/dist/mcp/controllers/mcp-token.controller.js.map +1 -0
  52. package/dist/mcp/decorators/mcp-permission.decorator.d.ts +8 -0
  53. package/dist/mcp/decorators/mcp-permission.decorator.js +11 -0
  54. package/dist/mcp/decorators/mcp-permission.decorator.js.map +1 -0
  55. package/dist/mcp/dto/mcp-token.dto.d.ts +17 -0
  56. package/dist/mcp/dto/mcp-token.dto.js +40 -0
  57. package/dist/mcp/dto/mcp-token.dto.js.map +1 -0
  58. package/dist/mcp/entities/mcp-token.entity.d.ts +111 -0
  59. package/dist/mcp/entities/mcp-token.entity.js +69 -0
  60. package/dist/mcp/entities/mcp-token.entity.js.map +1 -0
  61. package/dist/mcp/guards/hexabot-mcp-token.guard.d.ts +9 -0
  62. package/dist/mcp/guards/hexabot-mcp-token.guard.js +49 -0
  63. package/dist/mcp/guards/hexabot-mcp-token.guard.js.map +1 -0
  64. package/dist/mcp/guards/mcp-permission.guard.d.ts +9 -0
  65. package/dist/mcp/guards/mcp-permission.guard.js +47 -0
  66. package/dist/mcp/guards/mcp-permission.guard.js.map +1 -0
  67. package/dist/mcp/mcp-api.module.d.ts +2 -0
  68. package/dist/mcp/mcp-api.module.js +65 -0
  69. package/dist/mcp/mcp-api.module.js.map +1 -0
  70. package/dist/mcp/repositories/mcp-token.repository.d.ts +8 -0
  71. package/dist/mcp/repositories/mcp-token.repository.js +41 -0
  72. package/dist/mcp/repositories/mcp-token.repository.js.map +1 -0
  73. package/dist/mcp/services/mcp-token.service.d.ts +24 -0
  74. package/dist/mcp/services/mcp-token.service.js +106 -0
  75. package/dist/mcp/services/mcp-token.service.js.map +1 -0
  76. package/dist/mcp/tools/catalog-mcp.tools.d.ts +63 -0
  77. package/dist/mcp/tools/catalog-mcp.tools.js +135 -0
  78. package/dist/mcp/tools/catalog-mcp.tools.js.map +1 -0
  79. package/dist/mcp/tools/cms-mcp.tools.d.ts +128 -0
  80. package/dist/mcp/tools/cms-mcp.tools.js +242 -0
  81. package/dist/mcp/tools/cms-mcp.tools.js.map +1 -0
  82. package/dist/mcp/tools/credential-mcp.tools.d.ts +19 -0
  83. package/dist/mcp/tools/credential-mcp.tools.js +82 -0
  84. package/dist/mcp/tools/credential-mcp.tools.js.map +1 -0
  85. package/dist/mcp/tools/hexabot-mcp-tool.base.d.ts +22 -0
  86. package/dist/mcp/tools/hexabot-mcp-tool.base.js +48 -0
  87. package/dist/mcp/tools/hexabot-mcp-tool.base.js.map +1 -0
  88. package/dist/mcp/tools/hexabot-mcp.schemas.d.ts +41 -0
  89. package/dist/mcp/tools/hexabot-mcp.schemas.js +36 -0
  90. package/dist/mcp/tools/hexabot-mcp.schemas.js.map +1 -0
  91. package/dist/mcp/tools/hexabot-mcp.tools.d.ts +1 -0
  92. package/dist/mcp/tools/hexabot-mcp.tools.js +18 -0
  93. package/dist/mcp/tools/hexabot-mcp.tools.js.map +1 -0
  94. package/dist/mcp/tools/hexabot-mcp.utils.d.ts +2 -0
  95. package/dist/mcp/tools/hexabot-mcp.utils.js +21 -0
  96. package/dist/mcp/tools/hexabot-mcp.utils.js.map +1 -0
  97. package/dist/mcp/tools/index.d.ts +22 -0
  98. package/dist/mcp/tools/index.js +50 -0
  99. package/dist/mcp/tools/index.js.map +1 -0
  100. package/dist/mcp/tools/mcp-server-mcp.tools.d.ts +77 -0
  101. package/dist/mcp/tools/mcp-server-mcp.tools.js +130 -0
  102. package/dist/mcp/tools/mcp-server-mcp.tools.js.map +1 -0
  103. package/dist/mcp/tools/memory-definition-mcp.tools.d.ts +57 -0
  104. package/dist/mcp/tools/memory-definition-mcp.tools.js +128 -0
  105. package/dist/mcp/tools/memory-definition-mcp.tools.js.map +1 -0
  106. package/dist/mcp/tools/workflow-mcp.helper.d.ts +156 -0
  107. package/dist/mcp/tools/workflow-mcp.helper.js +128 -0
  108. package/dist/mcp/tools/workflow-mcp.helper.js.map +1 -0
  109. package/dist/mcp/tools/workflow-mcp.tools.d.ts +790 -0
  110. package/dist/mcp/tools/workflow-mcp.tools.js +227 -0
  111. package/dist/mcp/tools/workflow-mcp.tools.js.map +1 -0
  112. package/dist/mcp/tools/workflow-run-mcp.tools.d.ts +349 -0
  113. package/dist/mcp/tools/workflow-run-mcp.tools.js +242 -0
  114. package/dist/mcp/tools/workflow-run-mcp.tools.js.map +1 -0
  115. package/dist/mcp/tools/workflow-version-mcp.tools.d.ts +238 -0
  116. package/dist/mcp/tools/workflow-version-mcp.tools.js +368 -0
  117. package/dist/mcp/tools/workflow-version-mcp.tools.js.map +1 -0
  118. package/dist/mcp/types.d.ts +7 -0
  119. package/dist/mcp/types.js +3 -0
  120. package/dist/mcp/types.js.map +1 -0
  121. package/dist/static/assets/{browser-ponyfill-Qk7qpw-i.js → browser-ponyfill-D1dKqhtP.js} +2 -2
  122. package/dist/static/assets/{cssMode-CdhvY6oD.js → cssMode-DplazEqd.js} +1 -1
  123. package/dist/static/assets/{freemarker2-BPoURZH1.js → freemarker2-oSA1bGAm.js} +1 -1
  124. package/dist/static/assets/{handlebars-C4oubER1.js → handlebars-CcC7EgN2.js} +1 -1
  125. package/dist/static/assets/{html-CDE5RgVN.js → html-CcFTB7eP.js} +1 -1
  126. package/dist/static/assets/{htmlMode-C8edIUUq.js → htmlMode-g5g2wCUD.js} +1 -1
  127. package/dist/static/assets/{index-C1NxBXuS.js → index-CMp45yDR.js} +2379 -2330
  128. package/dist/static/assets/{index-BI1BtkYv.css → index-D-b9KTZd.css} +1 -1
  129. package/dist/static/assets/{javascript-Wp5m7adK.js → javascript-Dv0J7ioP.js} +1 -1
  130. package/dist/static/assets/{jsonMode-0eww5Srr.js → jsonMode-CzBkKOe4.js} +1 -1
  131. package/dist/static/assets/{liquid-DTktXITv.js → liquid-CptRs_ZU.js} +1 -1
  132. package/dist/static/assets/{lspLanguageFeatures-BzIRlKhn.js → lspLanguageFeatures-DXNU_upS.js} +1 -1
  133. package/dist/static/assets/{mdx-D508emqD.js → mdx-af00eMTm.js} +1 -1
  134. package/dist/static/assets/{python-BfhIq2kX.js → python-CNcx7i3L.js} +1 -1
  135. package/dist/static/assets/{razor-C7F8fOds.js → razor-BL_MSmP7.js} +1 -1
  136. package/dist/static/assets/{tsMode-B8zPu6Wl.js → tsMode-BWD4nt2F.js} +1 -1
  137. package/dist/static/assets/{typescript-Dew3VavZ.js → typescript-BbKUic6G.js} +1 -1
  138. package/dist/static/assets/{xml-B_2tc6Mh.js → xml-DFx6l4N0.js} +1 -1
  139. package/dist/static/assets/{yaml-pHcw4KrS.js → yaml-BNuTzPxo.js} +1 -1
  140. package/dist/static/index.html +2 -2
  141. package/dist/static/locales/en/translation.json +89 -4
  142. package/dist/static/locales/fr/translation.json +90 -5
  143. package/dist/transfer/adapters/content-type-transfer.adapter.d.ts +14 -0
  144. package/dist/transfer/adapters/content-type-transfer.adapter.js +102 -0
  145. package/dist/transfer/adapters/content-type-transfer.adapter.js.map +1 -0
  146. package/dist/transfer/adapters/credential-transfer.adapter.d.ts +13 -0
  147. package/dist/transfer/adapters/credential-transfer.adapter.js +110 -0
  148. package/dist/transfer/adapters/credential-transfer.adapter.js.map +1 -0
  149. package/dist/transfer/adapters/label-transfer.adapter.d.ts +15 -0
  150. package/dist/transfer/adapters/label-transfer.adapter.js +189 -0
  151. package/dist/transfer/adapters/label-transfer.adapter.js.map +1 -0
  152. package/dist/transfer/adapters/mcp-server-transfer.adapter.d.ts +16 -0
  153. package/dist/transfer/adapters/mcp-server-transfer.adapter.js +169 -0
  154. package/dist/transfer/adapters/mcp-server-transfer.adapter.js.map +1 -0
  155. package/dist/transfer/adapters/memory-definition-transfer.adapter.d.ts +14 -0
  156. package/dist/transfer/adapters/memory-definition-transfer.adapter.js +111 -0
  157. package/dist/transfer/adapters/memory-definition-transfer.adapter.js.map +1 -0
  158. package/dist/transfer/index.d.ts +7 -0
  159. package/dist/transfer/index.js +24 -0
  160. package/dist/transfer/index.js.map +1 -0
  161. package/dist/transfer/workflow-transfer-adapter.registry.d.ts +27 -0
  162. package/dist/transfer/workflow-transfer-adapter.registry.js +164 -0
  163. package/dist/transfer/workflow-transfer-adapter.registry.js.map +1 -0
  164. package/dist/transfer/workflow-transfer-definition.service.d.ts +40 -0
  165. package/dist/transfer/workflow-transfer-definition.service.js +353 -0
  166. package/dist/transfer/workflow-transfer-definition.service.js.map +1 -0
  167. package/dist/transfer/workflow-transfer-resource-adapter.d.ts +33 -0
  168. package/dist/transfer/workflow-transfer-resource-adapter.js +81 -0
  169. package/dist/transfer/workflow-transfer-resource-adapter.js.map +1 -0
  170. package/dist/transfer/workflow-transfer.controller.d.ts +9 -0
  171. package/dist/transfer/workflow-transfer.controller.js +63 -0
  172. package/dist/transfer/workflow-transfer.controller.js.map +1 -0
  173. package/dist/transfer/workflow-transfer.module.d.ts +2 -0
  174. package/dist/transfer/workflow-transfer.module.js +47 -0
  175. package/dist/transfer/workflow-transfer.module.js.map +1 -0
  176. package/dist/transfer/workflow-transfer.service.d.ts +51 -0
  177. package/dist/transfer/workflow-transfer.service.js +509 -0
  178. package/dist/transfer/workflow-transfer.service.js.map +1 -0
  179. package/dist/transfer/workflow-transfer.types.d.ts +31 -0
  180. package/dist/transfer/workflow-transfer.types.js +35 -0
  181. package/dist/transfer/workflow-transfer.types.js.map +1 -0
  182. package/dist/tsconfig.build.tsbuildinfo +1 -1
  183. package/dist/types/event-emitter.d.ts +12 -5
  184. package/dist/user/dto/user.dto.d.ts +1 -1
  185. package/dist/user/guards/ability.guard.js +12 -2
  186. package/dist/user/guards/ability.guard.js.map +1 -1
  187. package/dist/utils/test/fixtures/label-group.d.ts +1 -1
  188. package/dist/utils/test/fixtures/label.d.ts +1 -1
  189. package/dist/utils/test/fixtures/subscriber.d.ts +1 -1
  190. package/dist/utils/test/fixtures/workflow-run.js +4 -1
  191. package/dist/utils/test/fixtures/workflow-run.js.map +1 -1
  192. package/dist/utils/test/port.d.ts +8 -0
  193. package/dist/utils/test/port.js +34 -0
  194. package/dist/utils/test/port.js.map +1 -0
  195. package/dist/websocket/websocket.gateway.d.ts +2 -1
  196. package/dist/websocket/websocket.gateway.js.map +1 -1
  197. package/dist/workflow/contexts/workflow-runtime.context.d.ts +3 -1
  198. package/dist/workflow/contexts/workflow-runtime.context.js +5 -0
  199. package/dist/workflow/contexts/workflow-runtime.context.js.map +1 -1
  200. package/dist/workflow/controllers/workflow-run.controller.js +2 -0
  201. package/dist/workflow/controllers/workflow-run.controller.js.map +1 -1
  202. package/dist/workflow/dto/workflow-run.dto.d.ts +1 -0
  203. package/dist/workflow/dto/workflow-run.dto.js +11 -0
  204. package/dist/workflow/dto/workflow-run.dto.js.map +1 -1
  205. package/dist/workflow/entities/memory-record.entity.d.ts +2 -0
  206. package/dist/workflow/entities/workflow-run.entity.d.ts +62 -0
  207. package/dist/workflow/entities/workflow-run.entity.js +15 -1
  208. package/dist/workflow/entities/workflow-run.entity.js.map +1 -1
  209. package/dist/workflow/index.d.ts +7 -0
  210. package/dist/workflow/index.js +7 -0
  211. package/dist/workflow/index.js.map +1 -1
  212. package/dist/workflow/repositories/workflow-run.repository.js +7 -1
  213. package/dist/workflow/repositories/workflow-run.repository.js.map +1 -1
  214. package/dist/workflow/resource-refs.d.ts +17 -0
  215. package/dist/workflow/resource-refs.js +15 -0
  216. package/dist/workflow/resource-refs.js.map +1 -0
  217. package/dist/workflow/services/agentic.service.d.ts +9 -2
  218. package/dist/workflow/services/agentic.service.js +142 -19
  219. package/dist/workflow/services/agentic.service.js.map +1 -1
  220. package/dist/workflow/services/workflow-run.service.d.ts +3 -0
  221. package/dist/workflow/services/workflow-run.service.js +75 -3
  222. package/dist/workflow/services/workflow-run.service.js.map +1 -1
  223. package/dist/workflow/services/workflow-version.service.d.ts +2 -0
  224. package/dist/workflow/services/workflow-version.service.js +19 -0
  225. package/dist/workflow/services/workflow-version.service.js.map +1 -1
  226. package/dist/workflow/services/workflow.service.d.ts +13 -9
  227. package/dist/workflow/services/workflow.service.js +64 -35
  228. package/dist/workflow/services/workflow.service.js.map +1 -1
  229. package/dist/workflow/types.d.ts +31 -0
  230. package/dist/workflow/types.js +2 -1
  231. package/dist/workflow/types.js.map +1 -1
  232. package/dist/workflow/workflow.module.js +3 -0
  233. package/dist/workflow/workflow.module.js.map +1 -1
  234. package/package.json +8 -6
  235. package/src/actions/actions.service.ts +34 -4
  236. package/src/actions/types.ts +6 -5
  237. package/src/app.controller.ts +1 -0
  238. package/src/app.module.ts +17 -1
  239. package/src/config/index.ts +17 -2
  240. package/src/config/types.ts +9 -0
  241. package/src/extensions/actions/ai/agent.action.ts +6 -1
  242. package/src/extensions/actions/ai/ai-base.action.ts +39 -5
  243. package/src/extensions/actions/ai/generate-object.base.action.ts +3 -0
  244. package/src/extensions/actions/ai/generate-text.base.action.ts +3 -0
  245. package/src/extensions/actions/ai/mcp.binding.ts +2 -0
  246. package/src/extensions/actions/ai/memory.binding.ts +2 -0
  247. package/src/extensions/actions/ai/retrieve-content-rag.action.ts +2 -0
  248. package/src/extensions/actions/messaging/list.action.ts +7 -0
  249. package/src/extensions/actions/subscriber/update-labels.action.ts +3 -0
  250. package/src/extensions/actions/web/http-request.action.ts +17 -1
  251. package/src/extensions/actions/workflow/call-workflow.action.ts +112 -0
  252. package/src/extensions/actions/workflow/i18n/en.translations.json +9 -0
  253. package/src/extensions/actions/workflow/i18n/fr.translations.json +9 -0
  254. package/src/extensions/index.ts +2 -0
  255. package/src/index.ts +2 -0
  256. package/src/mcp/README.md +277 -0
  257. package/src/mcp/controllers/mcp-token.controller.ts +64 -0
  258. package/src/mcp/decorators/mcp-permission.decorator.ts +23 -0
  259. package/src/mcp/dto/mcp-token.dto.ts +48 -0
  260. package/src/mcp/entities/mcp-token.entity.ts +60 -0
  261. package/src/mcp/guards/hexabot-mcp-token.guard.ts +55 -0
  262. package/src/mcp/guards/mcp-permission.guard.ts +61 -0
  263. package/src/mcp/mcp-api.module.ts +61 -0
  264. package/src/mcp/repositories/mcp-token.repository.ts +34 -0
  265. package/src/mcp/services/mcp-token.service.ts +138 -0
  266. package/src/mcp/tools/catalog-mcp.tools.ts +122 -0
  267. package/src/mcp/tools/cms-mcp.tools.ts +239 -0
  268. package/src/mcp/tools/credential-mcp.tools.ts +81 -0
  269. package/src/mcp/tools/hexabot-mcp-tool.base.ts +74 -0
  270. package/src/mcp/tools/hexabot-mcp.schemas.ts +55 -0
  271. package/src/mcp/tools/hexabot-mcp.tools.ts +7 -0
  272. package/src/mcp/tools/hexabot-mcp.utils.ts +29 -0
  273. package/src/mcp/tools/index.ts +51 -0
  274. package/src/mcp/tools/mcp-server-mcp.tools.ts +135 -0
  275. package/src/mcp/tools/memory-definition-mcp.tools.ts +125 -0
  276. package/src/mcp/tools/workflow-mcp.helper.ts +219 -0
  277. package/src/mcp/tools/workflow-mcp.tools.ts +271 -0
  278. package/src/mcp/tools/workflow-run-mcp.tools.ts +292 -0
  279. package/src/mcp/tools/workflow-version-mcp.tools.ts +459 -0
  280. package/src/mcp/types.ts +14 -0
  281. package/src/transfer/adapters/content-type-transfer.adapter.ts +154 -0
  282. package/src/transfer/adapters/credential-transfer.adapter.ts +158 -0
  283. package/src/transfer/adapters/label-transfer.adapter.ts +291 -0
  284. package/src/transfer/adapters/mcp-server-transfer.adapter.ts +255 -0
  285. package/src/transfer/adapters/memory-definition-transfer.adapter.ts +167 -0
  286. package/src/transfer/index.ts +19 -0
  287. package/src/transfer/workflow-transfer-adapter.registry.ts +250 -0
  288. package/src/transfer/workflow-transfer-definition.service.ts +587 -0
  289. package/src/transfer/workflow-transfer-resource-adapter.ts +132 -0
  290. package/src/transfer/workflow-transfer.controller.ts +86 -0
  291. package/src/transfer/workflow-transfer.module.ts +46 -0
  292. package/src/transfer/workflow-transfer.service.ts +858 -0
  293. package/src/transfer/workflow-transfer.types.ts +98 -0
  294. package/src/user/guards/ability.guard.ts +15 -3
  295. package/src/utils/test/fixtures/workflow-run.ts +4 -1
  296. package/src/utils/test/port.ts +48 -0
  297. package/src/websocket/websocket.gateway.ts +2 -1
  298. package/src/workflow/contexts/workflow-runtime.context.ts +12 -1
  299. package/src/workflow/controllers/workflow-run.controller.ts +2 -0
  300. package/src/workflow/dto/workflow-run.dto.ts +10 -0
  301. package/src/workflow/entities/workflow-run.entity.ts +22 -1
  302. package/src/workflow/index.ts +14 -0
  303. package/src/workflow/repositories/workflow-run.repository.ts +7 -1
  304. package/src/workflow/resource-refs.ts +44 -0
  305. package/src/workflow/services/agentic.service.ts +271 -30
  306. package/src/workflow/services/workflow-run.service.ts +120 -7
  307. package/src/workflow/services/workflow-version.service.ts +33 -0
  308. package/src/workflow/services/workflow.service.ts +86 -31
  309. package/src/workflow/types.ts +52 -0
  310. package/src/workflow/workflow.module.ts +3 -0
  311. package/types/event-emitter.d.ts +12 -5
@@ -0,0 +1,277 @@
1
+ # Hexabot API MCP Server
2
+
3
+ This module exposes Hexabot API capabilities through the Model Context Protocol
4
+ (MCP) so coding agents can inspect and manage workflows, workflow runs, memory
5
+ definitions, actions, credentials, MCP servers, and CMS content.
6
+
7
+ The implementation uses `@rekog/mcp-nest` with Streamable HTTP transport.
8
+ Authentication is Hexabot-native: users create personal MCP bearer tokens from
9
+ their Hexabot account and paste those tokens into MCP clients such as Codex or
10
+ Claude Code.
11
+
12
+ ## Runtime endpoints
13
+
14
+ All routes are mounted under the existing API prefix.
15
+
16
+ | Route | Purpose |
17
+ | --------------------------- | ------------------------------------------------------------------------ |
18
+ | `/api/mcp` | Streamable HTTP MCP endpoint. |
19
+ | `/api/mcp-token` | List and create MCP personal access tokens for the current Hexabot user. |
20
+ | `/api/mcp-token/:id/revoke` | Revoke one MCP personal access token owned by the current Hexabot user. |
21
+
22
+ The MCP endpoint is stateful and uses `mcp-session-id` headers for sessions.
23
+
24
+ ## Enabling the server
25
+
26
+ Set the MCP variables in `packages/api/.env` and restart the API.
27
+
28
+ ```dotenv
29
+ MCP_ENABLED=true
30
+ MCP_SERVER_NAME=hexabot-api
31
+ MCP_SERVER_TITLE=Hexabot API MCP Server
32
+ MCP_SERVER_VERSION=1.0.0
33
+ ```
34
+
35
+ ## Authentication and authorization
36
+
37
+ MCP requests use Hexabot-issued bearer tokens. Tokens are prefixed with
38
+ `hbt_mcp_` and are shown only once when created.
39
+
40
+ The guard chain is:
41
+
42
+ 1. `HexabotMcpTokenGuard` validates the bearer token hash and resolves its
43
+ active Hexabot owner.
44
+ 2. `McpPermissionGuard` checks the requested tool against Hexabot role
45
+ permissions.
46
+
47
+ Token storage is intentionally secret-safe:
48
+
49
+ - Raw token values are never stored.
50
+ - Only a SHA-256 token hash and short display prefix are persisted.
51
+ - The full token is returned only in the create-token response.
52
+ - Revoked, expired, unknown, or inactive-owner tokens are rejected.
53
+
54
+ The token owner must be an active Hexabot user.
55
+
56
+ Tool permissions use `@McpPermission(model, action)` metadata and the existing
57
+ `PermissionService`. For example, workflow read tools require the caller role to
58
+ have `workflow:read`; workflow mutation tools require the corresponding create
59
+ or update permission.
60
+
61
+ ## Creating a bearer token
62
+
63
+ Use the authenticated Hexabot REST API to create a token for the current user:
64
+
65
+ ```http
66
+ POST /api/mcp-token
67
+ Content-Type: application/json
68
+
69
+ {
70
+ "name": "Codex",
71
+ "expiresAt": "2026-12-31T23:59:59.000Z"
72
+ }
73
+ ```
74
+
75
+ The response includes the raw bearer token once:
76
+
77
+ ```json
78
+ {
79
+ "token": "hbt_mcp_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
80
+ "record": {
81
+ "id": "token-id",
82
+ "name": "Codex",
83
+ "tokenPrefix": "hbt_mcp_xxxxxxxx",
84
+ "owner": "user-id",
85
+ "expiresAt": "2026-12-31T23:59:59.000Z",
86
+ "lastUsedAt": null,
87
+ "revokedAt": null,
88
+ "createdAt": "2026-05-05T00:00:00.000Z",
89
+ "updatedAt": "2026-05-05T00:00:00.000Z"
90
+ }
91
+ }
92
+ ```
93
+
94
+ Copy the `token` value into the MCP client. After this response, Hexabot cannot
95
+ show the raw token again.
96
+
97
+ List token metadata:
98
+
99
+ ```http
100
+ GET /api/mcp-token
101
+ ```
102
+
103
+ Revoke a token:
104
+
105
+ ```http
106
+ POST /api/mcp-token/{id}/revoke
107
+ ```
108
+
109
+ ## Connecting an MCP client
110
+
111
+ Use a Streamable HTTP MCP client pointed at:
112
+
113
+ ```text
114
+ http://localhost:3000/api/mcp
115
+ ```
116
+
117
+ Production clients should use the public API origin, for example:
118
+
119
+ ```text
120
+ https://api.example.com/api/mcp
121
+ ```
122
+
123
+ If a client requires a JSON config entry, the exact field names depend on the
124
+ client, but the effective configuration should be equivalent to:
125
+
126
+ ```json
127
+ {
128
+ "mcpServers": {
129
+ "hexabot": {
130
+ "type": "http",
131
+ "url": "http://localhost:3000/api/mcp",
132
+ "headers": {
133
+ "Authorization": "Bearer hbt_mcp_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
134
+ }
135
+ }
136
+ }
137
+ }
138
+ ```
139
+
140
+ ## Tool surface
141
+
142
+ ### Workflows
143
+
144
+ | Tool | Permission | Purpose |
145
+ | --------------------------------- | ------------------------ | -------------------------------------------------------------------------------------------- |
146
+ | `hexabot_workflow_search` | `workflow:read` | Search workflows by metadata. |
147
+ | `hexabot_workflow_get` | `workflow:read` | Read one workflow with compact version metadata. |
148
+ | `hexabot_workflow_version_status` | `workflow:read` | Check current and published version pointers for one workflow. |
149
+ | `hexabot_workflow_create` | `workflow:create` | Create a workflow and optionally commit initial YAML. |
150
+ | `hexabot_workflow_update` | `workflow:update` | Update workflow metadata and optionally commit YAML. |
151
+ | `hexabot_workflow_yaml_validate` | `workflow:read` | Validate workflow definition YAML without creating a version. |
152
+ | `hexabot_workflow_yaml_get` | `workflowversion:read` | Read exact workflow YAML by current workflow version or version ID with byte-range chunking. |
153
+ | `hexabot_workflow_yaml_commit` | `workflowversion:create` | Validate and commit workflow definition YAML. |
154
+ | `hexabot_workflow_rollback` | `workflowversion:create` | Roll back to a previous version by creating a new restore snapshot. |
155
+ | `hexabot_workflow_publish` | `workflow:update` | Publish the current workflow version. |
156
+ | `hexabot_workflow_unpublish` | `workflow:update` | Clear the published workflow version. |
157
+ | `hexabot_workflow_run` | `workflowrun:create` | Run a manual or scheduled workflow and return the run summary. |
158
+
159
+ Workflow YAML is validated with `parseWorkflowDefinition()` before a version is
160
+ created. Coding agents can call `hexabot_workflow_yaml_validate` first to get
161
+ structured validation errors without mutating workflow state. Commits inherit
162
+ the workflow's current version as their parent unless `parentVersion` is
163
+ explicitly supplied. `hexabot_workflow_rollback` and
164
+ `hexabot_workflow_version_restore` both create a new current restore snapshot;
165
+ publish that snapshot with `hexabot_workflow_publish` when it should become the
166
+ published version.
167
+
168
+ Large YAML definitions are intentionally omitted from workflow and version list
169
+ or metadata tools. Use `hexabot_workflow_yaml_get` with `workflowId` or
170
+ `versionId` to retrieve the exact YAML. Its `offset`, `limit`, `endOffset`, and
171
+ `nextOffset` fields use UTF-8 byte offsets; the response also includes the
172
+ version checksum and total byte length so clients can verify reconstruction.
173
+
174
+ ### Workflow versions and runs
175
+
176
+ | Tool | Permission | Purpose |
177
+ | ---------------------------------- | ------------------------ | ----------------------------------------------------------------------------------------------- |
178
+ | `hexabot_workflow_version_search` | `workflowversion:read` | List compact version metadata for a workflow. |
179
+ | `hexabot_workflow_version_get` | `workflowversion:read` | Read compact version metadata. |
180
+ | `hexabot_workflow_version_update` | `workflowversion:update` | Update workflow version metadata. |
181
+ | `hexabot_workflow_version_restore` | `workflowversion:create` | Restore a previous version by creating a new snapshot. |
182
+ | `hexabot_workflow_run_search` | `workflowrun:read` | Search workflow runs by workflow and status. |
183
+ | `hexabot_workflow_run_get` | `workflowrun:read` | Read one workflow run with populated workflow metadata but no nested YAML body. |
184
+ | `hexabot_workflow_run_debug` | `workflowrun:read` | Inspect one workflow run with execution state and parent/child run context for troubleshooting. |
185
+
186
+ Workflow run search/get responses strip nested `definitionYml` fields from
187
+ populated workflow-version relations. `hexabot_workflow_run_debug` returns the
188
+ executed YAML once as top-level `workflowDefinitionYml` only when
189
+ `includeWorkflowDefinition=true`.
190
+
191
+ ### Memory definitions
192
+
193
+ | Tool | Permission | Purpose |
194
+ | ---------------------------------- | ------------------------- | --------------------------- |
195
+ | `hexabot_memory_definition_search` | `memorydefinition:read` | Search memory definitions. |
196
+ | `hexabot_memory_definition_get` | `memorydefinition:read` | Read one memory definition. |
197
+ | `hexabot_memory_definition_create` | `memorydefinition:create` | Create a memory definition. |
198
+ | `hexabot_memory_definition_update` | `memorydefinition:update` | Update a memory definition. |
199
+
200
+ ### Actions and runtime bindings
201
+
202
+ | Tool | Permission | Purpose |
203
+ | ------------------------ | --------------- | ---------------------------------------------- |
204
+ | `hexabot_action_search` | `workflow:read` | Search available workflow actions and schemas. |
205
+ | `hexabot_action_get` | `workflow:read` | Read one workflow action schema. |
206
+ | `hexabot_binding_search` | `workflow:read` | Search runtime binding kind schemas. |
207
+ | `hexabot_binding_get` | `workflow:read` | Read one runtime binding schema. |
208
+
209
+ ### Credentials
210
+
211
+ | Tool | Permission | Purpose |
212
+ | --------------------------- | ----------------- | -------------------------------------------- |
213
+ | `hexabot_credential_search` | `credential:read` | Search credential metadata by name or owner. |
214
+ | `hexabot_credential_get` | `credential:read` | Read credential metadata. |
215
+
216
+ Credential secret values are never returned. The MCP tools remove the `value`
217
+ field from all credential responses and do not support searching by secret
218
+ value.
219
+
220
+ ### MCP servers
221
+
222
+ | Tool | Permission | Purpose |
223
+ | --------------------------- | ------------------ | ----------------------------------- |
224
+ | `hexabot_mcp_server_search` | `mcpserver:read` | Search configured MCP servers. |
225
+ | `hexabot_mcp_server_get` | `mcpserver:read` | Read one configured MCP server. |
226
+ | `hexabot_mcp_server_create` | `mcpserver:create` | Create an MCP server configuration. |
227
+ | `hexabot_mcp_server_update` | `mcpserver:update` | Update an MCP server configuration. |
228
+
229
+ ### CMS and RAG content
230
+
231
+ | Tool | Permission | Purpose |
232
+ | ----------------------------- | -------------------- | ------------------------------------------------- |
233
+ | `hexabot_content_type_search` | `contenttype:read` | Search CMS content types. |
234
+ | `hexabot_content_type_get` | `contenttype:read` | Read one content type. |
235
+ | `hexabot_content_type_create` | `contenttype:create` | Create a content type. |
236
+ | `hexabot_content_type_update` | `contenttype:update` | Update a content type. |
237
+ | `hexabot_content_search` | `content:read` | Search CMS content records. |
238
+ | `hexabot_content_get` | `content:read` | Read one content record. |
239
+ | `hexabot_content_create` | `content:create` | Create a content record. |
240
+ | `hexabot_content_update` | `content:update` | Update a content record. |
241
+ | `hexabot_rag_content_search` | `content:read` | Search indexed CMS content through RAG retrieval. |
242
+
243
+ ## Extending the MCP module
244
+
245
+ Add new tools in the focused provider file under `tools/` that matches the
246
+ domain, or create a new `*-mcp.tools.ts` provider when the domain is new. Export
247
+ and register new providers through `tools/index.ts`.
248
+
249
+ Each tool should:
250
+
251
+ 1. Use `@Tool()` with a stable `hexabot_*` name and a Zod parameter schema.
252
+ 2. Use `@ToolGuards([McpPermissionGuard])`.
253
+ 3. Use `@McpPermission(model, action)` with existing Hexabot permission models.
254
+ 4. Return plain JSON-serializable data.
255
+ 5. Avoid exposing secrets, tokens, connection strings, or raw credential values.
256
+
257
+ If a tool changes API behavior or a public contract, update this README and the
258
+ relevant tests in `packages/api/src/mcp`.
259
+
260
+ ## Tests
261
+
262
+ Run the API checks from the repository root:
263
+
264
+ ```bash
265
+ pnpm --filter @hexabot-ai/api run typecheck
266
+ pnpm --filter @hexabot-ai/api run lint
267
+ pnpm --filter @hexabot-ai/api run test
268
+ pnpm --filter @hexabot-ai/api run test:e2e
269
+ pnpm --filter @hexabot-ai/api run build
270
+ ```
271
+
272
+ The MCP e2e tests are enabled only when `MCP_ENABLED=true`. A local test command
273
+ is:
274
+
275
+ ```bash
276
+ NODE_ENV=test MCP_ENABLED=true pnpm --filter @hexabot-ai/api run test:e2e
277
+ ```
@@ -0,0 +1,64 @@
1
+ /*
2
+ * Hexabot — Fair Core License (FCL-1.0-ALv2)
3
+ * Copyright (c) 2026 Hexastack.
4
+ * Full terms: see LICENSE.md.
5
+ */
6
+
7
+ import {
8
+ Body,
9
+ Controller,
10
+ Get,
11
+ HttpCode,
12
+ Post,
13
+ Req,
14
+ UnauthorizedException,
15
+ } from '@nestjs/common';
16
+ import { Request } from 'express';
17
+
18
+ import { UuidParam } from '@/utils';
19
+
20
+ import { McpTokenCreateDto } from '../dto/mcp-token.dto';
21
+ import { McpTokenService } from '../services/mcp-token.service';
22
+
23
+ type AuthenticatedRequest = Request & {
24
+ user?: { id?: string };
25
+ session?: Request['session'] & {
26
+ passport?: { user?: { id?: string } };
27
+ };
28
+ };
29
+
30
+ @Controller('mcp-token')
31
+ export class McpTokenController {
32
+ constructor(private readonly mcpTokenService: McpTokenService) {}
33
+
34
+ @Get()
35
+ async list(@Req() req: AuthenticatedRequest) {
36
+ return await this.mcpTokenService.findOwnedTokens(this.getUserId(req));
37
+ }
38
+
39
+ @Post()
40
+ async create(
41
+ @Body() dto: McpTokenCreateDto,
42
+ @Req() req: AuthenticatedRequest,
43
+ ) {
44
+ return await this.mcpTokenService.createPersonalToken(
45
+ this.getUserId(req),
46
+ dto,
47
+ );
48
+ }
49
+
50
+ @Post(':id/revoke')
51
+ @HttpCode(200)
52
+ async revoke(@UuidParam('id') id: string, @Req() req: AuthenticatedRequest) {
53
+ return await this.mcpTokenService.revokeOwnedToken(this.getUserId(req), id);
54
+ }
55
+
56
+ private getUserId(req: AuthenticatedRequest): string {
57
+ const userId = req.user?.id ?? req.session?.passport?.user?.id;
58
+ if (!userId) {
59
+ throw new UnauthorizedException('Authenticated user is required');
60
+ }
61
+
62
+ return userId;
63
+ }
64
+ }
@@ -0,0 +1,23 @@
1
+ /*
2
+ * Hexabot — Fair Core License (FCL-1.0-ALv2)
3
+ * Copyright (c) 2026 Hexastack.
4
+ * Full terms: see LICENSE.md.
5
+ */
6
+
7
+ import { SetMetadata } from '@nestjs/common';
8
+
9
+ import { Action } from '@/user/types/action.type';
10
+ import { TModel } from '@/user/types/model.type';
11
+
12
+ export const MCP_PERMISSION_METADATA_KEY = 'mcp:hexabot-permission';
13
+
14
+ export type McpPermissionMetadata = {
15
+ model: TModel;
16
+ action: Action;
17
+ };
18
+
19
+ export const McpPermission = (model: TModel, action: Action): MethodDecorator =>
20
+ SetMetadata(MCP_PERMISSION_METADATA_KEY, {
21
+ model,
22
+ action,
23
+ } satisfies McpPermissionMetadata);
@@ -0,0 +1,48 @@
1
+ /*
2
+ * Hexabot — Fair Core License (FCL-1.0-ALv2)
3
+ * Copyright (c) 2026 Hexastack.
4
+ * Full terms: see LICENSE.md.
5
+ */
6
+
7
+ import { mcpTokenFullSchema, mcpTokenSchema } from '@hexabot-ai/types';
8
+ import { ApiProperty, ApiPropertyOptional, PartialType } from '@nestjs/swagger';
9
+ import {
10
+ IsDateString,
11
+ IsNotEmpty,
12
+ IsOptional,
13
+ IsString,
14
+ } from 'class-validator';
15
+
16
+ import { TDto } from '@/utils/types/dto.types';
17
+
18
+ export class McpTokenCreateDto {
19
+ @ApiProperty({
20
+ description: 'Human-readable MCP token name',
21
+ type: String,
22
+ })
23
+ @IsNotEmpty()
24
+ @IsString()
25
+ name!: string;
26
+
27
+ @ApiPropertyOptional({
28
+ description: 'Optional token expiry date',
29
+ type: String,
30
+ format: 'date-time',
31
+ })
32
+ @IsOptional()
33
+ @IsDateString()
34
+ expiresAt?: string | null;
35
+ }
36
+
37
+ export class McpTokenUpdateDto extends PartialType(McpTokenCreateDto) {}
38
+
39
+ export type McpTokenDto = TDto<
40
+ {
41
+ plain: typeof mcpTokenSchema;
42
+ full: typeof mcpTokenFullSchema;
43
+ },
44
+ {
45
+ create: McpTokenCreateDto;
46
+ update: McpTokenUpdateDto;
47
+ }
48
+ >;
@@ -0,0 +1,60 @@
1
+ /*
2
+ * Hexabot — Fair Core License (FCL-1.0-ALv2)
3
+ * Copyright (c) 2026 Hexastack.
4
+ * Full terms: see LICENSE.md.
5
+ */
6
+
7
+ import { mcpTokenFullSchema, mcpTokenSchema } from '@hexabot-ai/types';
8
+ import {
9
+ Column,
10
+ Entity,
11
+ Index,
12
+ JoinColumn,
13
+ ManyToOne,
14
+ RelationId,
15
+ } from 'typeorm';
16
+
17
+ import { DatetimeColumn } from '@/database';
18
+ import { BaseOrmEntity } from '@/database/entities/base.entity';
19
+ import { UserOrmEntity } from '@/user/entities/user.entity';
20
+ import { AsRelation } from '@/utils/decorators/relation-ref.decorator';
21
+
22
+ import { McpTokenDto } from '../dto/mcp-token.dto';
23
+
24
+ @Entity({ name: 'mcp_tokens' })
25
+ @Index(['tokenHash'], { unique: true })
26
+ @Index(['owner'])
27
+ export class McpTokenOrmEntity extends BaseOrmEntity<McpTokenDto> {
28
+ plainCls = mcpTokenSchema;
29
+
30
+ fullCls = mcpTokenFullSchema;
31
+
32
+ @Column()
33
+ name!: string;
34
+
35
+ @Column({ name: 'token_hash', type: 'text' })
36
+ tokenHash!: string;
37
+
38
+ @Column({ name: 'token_prefix', length: 32 })
39
+ tokenPrefix!: string;
40
+
41
+ @ManyToOne(() => UserOrmEntity, {
42
+ nullable: false,
43
+ onDelete: 'CASCADE',
44
+ })
45
+ @JoinColumn({ name: 'owner_id' })
46
+ @AsRelation()
47
+ owner!: UserOrmEntity;
48
+
49
+ @RelationId((token: McpTokenOrmEntity) => token.owner)
50
+ private readonly ownerId!: string;
51
+
52
+ @DatetimeColumn({ name: 'expires_at', nullable: true })
53
+ expiresAt!: Date | null;
54
+
55
+ @DatetimeColumn({ name: 'last_used_at', nullable: true })
56
+ lastUsedAt!: Date | null;
57
+
58
+ @DatetimeColumn({ name: 'revoked_at', nullable: true })
59
+ revokedAt!: Date | null;
60
+ }
@@ -0,0 +1,55 @@
1
+ /*
2
+ * Hexabot — Fair Core License (FCL-1.0-ALv2)
3
+ * Copyright (c) 2026 Hexastack.
4
+ * Full terms: see LICENSE.md.
5
+ */
6
+
7
+ import {
8
+ CanActivate,
9
+ ExecutionContext,
10
+ Injectable,
11
+ UnauthorizedException,
12
+ } from '@nestjs/common';
13
+ import { ModuleRef } from '@nestjs/core';
14
+ import { Request } from 'express';
15
+
16
+ import { McpTokenService } from '../services/mcp-token.service';
17
+ import { HexabotMcpRequest } from '../types';
18
+
19
+ @Injectable()
20
+ export class HexabotMcpTokenGuard implements CanActivate {
21
+ constructor(private readonly moduleRef: ModuleRef) {}
22
+
23
+ async canActivate(context: ExecutionContext): Promise<boolean> {
24
+ const request = context.switchToHttp().getRequest<HexabotMcpRequest>();
25
+ const token = this.extractTokenFromHeader(request);
26
+
27
+ if (!token) {
28
+ throw new UnauthorizedException('MCP bearer token is required');
29
+ }
30
+
31
+ const { user, tokenId } =
32
+ await this.getMcpTokenService().authenticateBearerToken(token);
33
+
34
+ request.hexabotUser = user;
35
+ request.user = user;
36
+ request.mcpTokenId = tokenId;
37
+
38
+ return true;
39
+ }
40
+
41
+ private extractTokenFromHeader(request: Request): string | undefined {
42
+ const authHeader = request.headers.authorization;
43
+ if (!authHeader) {
44
+ return undefined;
45
+ }
46
+
47
+ const match = authHeader.trim().match(/^Bearer\s+(\S+)$/i);
48
+
49
+ return match?.[1];
50
+ }
51
+
52
+ private getMcpTokenService(): McpTokenService {
53
+ return this.moduleRef.get(McpTokenService, { strict: false });
54
+ }
55
+ }
@@ -0,0 +1,61 @@
1
+ /*
2
+ * Hexabot — Fair Core License (FCL-1.0-ALv2)
3
+ * Copyright (c) 2026 Hexastack.
4
+ * Full terms: see LICENSE.md.
5
+ */
6
+
7
+ import {
8
+ CanActivate,
9
+ ExecutionContext,
10
+ ForbiddenException,
11
+ Injectable,
12
+ } from '@nestjs/common';
13
+ import { Reflector } from '@nestjs/core';
14
+
15
+ import {
16
+ MCP_PERMISSION_METADATA_KEY,
17
+ McpPermissionMetadata,
18
+ } from '@/mcp/decorators/mcp-permission.decorator';
19
+ import { PermissionService } from '@/user/services/permission.service';
20
+
21
+ import { HexabotMcpRequest } from '../types';
22
+
23
+ @Injectable()
24
+ export class McpPermissionGuard implements CanActivate {
25
+ constructor(
26
+ private readonly reflector: Reflector,
27
+ private readonly permissionService: PermissionService,
28
+ ) {}
29
+
30
+ async canActivate(context: ExecutionContext): Promise<boolean> {
31
+ const permission = this.reflector.getAllAndOverride<McpPermissionMetadata>(
32
+ MCP_PERMISSION_METADATA_KEY,
33
+ [context.getHandler(), context.getClass()],
34
+ );
35
+
36
+ if (!permission) {
37
+ return true;
38
+ }
39
+
40
+ const request = context.switchToHttp().getRequest<HexabotMcpRequest>();
41
+ const user = request.hexabotUser ?? request.user;
42
+ const roleIds = Array.isArray(user?.roles) ? user.roles : [];
43
+
44
+ if (roleIds.length === 0) {
45
+ throw new ForbiddenException('MCP tool requires a Hexabot role');
46
+ }
47
+
48
+ const permissions = await this.permissionService.getPermissions();
49
+ const hasPermission = roleIds.some((roleId) =>
50
+ permissions[roleId]?.[permission.model]?.includes(permission.action),
51
+ );
52
+
53
+ if (!hasPermission) {
54
+ throw new ForbiddenException(
55
+ `MCP tool requires ${permission.action} permission on ${permission.model}`,
56
+ );
57
+ }
58
+
59
+ return true;
60
+ }
61
+ }
@@ -0,0 +1,61 @@
1
+ /*
2
+ * Hexabot — Fair Core License (FCL-1.0-ALv2)
3
+ * Copyright (c) 2026 Hexastack.
4
+ * Full terms: see LICENSE.md.
5
+ */
6
+
7
+ import { randomUUID } from 'crypto';
8
+
9
+ import { Module } from '@nestjs/common';
10
+ import { TypeOrmModule } from '@nestjs/typeorm';
11
+ import { McpModule, McpTransportType } from '@rekog/mcp-nest';
12
+
13
+ import { ActionsModule } from '@/actions/actions.module';
14
+ import { BindingsModule } from '@/bindings/bindings.module';
15
+ import { CmsModule } from '@/cms/cms.module';
16
+ import { config } from '@/config';
17
+ import { UserModule } from '@/user/user.module';
18
+ import { WorkflowModule } from '@/workflow/workflow.module';
19
+
20
+ import { McpTokenController } from './controllers/mcp-token.controller';
21
+ import { McpTokenOrmEntity } from './entities/mcp-token.entity';
22
+ import { HexabotMcpTokenGuard } from './guards/hexabot-mcp-token.guard';
23
+ import { McpPermissionGuard } from './guards/mcp-permission.guard';
24
+ import { McpTokenRepository } from './repositories/mcp-token.repository';
25
+ import { McpTokenService } from './services/mcp-token.service';
26
+ import { HEXABOT_MCP_TOOL_PROVIDERS } from './tools';
27
+
28
+ @Module({
29
+ imports: [
30
+ TypeOrmModule.forFeature([McpTokenOrmEntity]),
31
+ McpModule.forRoot({
32
+ name: config.mcp.serverName,
33
+ title: config.mcp.serverTitle,
34
+ version: config.mcp.serverVersion,
35
+ description: config.mcp.serverDescription,
36
+ instructions: config.mcp.serverInstructions,
37
+ transport: McpTransportType.STREAMABLE_HTTP,
38
+ mcpEndpoint: 'mcp',
39
+ guards: [HexabotMcpTokenGuard],
40
+ streamableHttp: {
41
+ enableJsonResponse: false,
42
+ sessionIdGenerator: () => randomUUID(),
43
+ statelessMode: false,
44
+ },
45
+ }),
46
+ ActionsModule,
47
+ BindingsModule,
48
+ CmsModule,
49
+ UserModule,
50
+ WorkflowModule,
51
+ ],
52
+ providers: [
53
+ HexabotMcpTokenGuard,
54
+ McpPermissionGuard,
55
+ McpTokenRepository,
56
+ McpTokenService,
57
+ ...HEXABOT_MCP_TOOL_PROVIDERS,
58
+ ],
59
+ controllers: [McpTokenController],
60
+ })
61
+ export class McpApiModule {}
@@ -0,0 +1,34 @@
1
+ /*
2
+ * Hexabot — Fair Core License (FCL-1.0-ALv2)
3
+ * Copyright (c) 2026 Hexastack.
4
+ * Full terms: see LICENSE.md.
5
+ */
6
+
7
+ import { Injectable } from '@nestjs/common';
8
+ import { InjectRepository } from '@nestjs/typeorm';
9
+ import { Repository } from 'typeorm';
10
+
11
+ import { BaseOrmRepository } from '@/utils/generics/base-orm.repository';
12
+
13
+ import { McpTokenOrmEntity } from '../entities/mcp-token.entity';
14
+
15
+ @Injectable()
16
+ export class McpTokenRepository extends BaseOrmRepository<McpTokenOrmEntity> {
17
+ constructor(
18
+ @InjectRepository(McpTokenOrmEntity)
19
+ repository: Repository<McpTokenOrmEntity>,
20
+ ) {
21
+ super(repository, ['owner']);
22
+ }
23
+
24
+ async findOneByHash(tokenHash: string): Promise<McpTokenOrmEntity | null> {
25
+ return await this.repository.findOne({
26
+ where: { tokenHash },
27
+ relations: ['owner', 'owner.roles'],
28
+ });
29
+ }
30
+
31
+ async touchLastUsedAt(id: string, lastUsedAt = new Date()): Promise<void> {
32
+ await this.repository.update(id, { lastUsedAt });
33
+ }
34
+ }