@inso_web/els-mcp 0.1.0

package/dist/redaction/index.js

@@ -0,0 +1,160 @@
+/**
+ * Pipeline редакции ErrorLog items перед возвратом из tools.
+ *
+ * Контракт:
+ *   - Не мутирует исходный объект, возвращает плоский клон.
+ *   - Применяет PII regex ко всем string-полям (включая компактные варианты).
+ *   - Анонимизирует `ip` (last octet → 0 для IPv4, /64 для IPv6).
+ *   - Усекает `userAgent` до family.
+ *   - Strip query из `url` и `referrer`.
+ *   - Оборачивает `message`/`stack` в `<untrusted>...</untrusted>` для compact/full форматов.
+ *   - Считает `suspiciousContent` по deny-list (см. promptInjection.ts).
+ *
+ * Конфиг управляется ENV (см. src/config.ts):
+ *   - MCP_REDACTION_ENABLED  (default true)
+ *   - MCP_REDACTION_FIELDS   (csv override — например `email,phone,jwt`)
+ */
+import { redactString } from './fields.js';
+import { userAgentFamily } from './userAgent.js';
+import { stripUrlQuery } from './url.js';
+import { redactValue } from './argsRedactor.js';
+import { wrapUntrusted, detectSuspicious } from './promptInjection.js';
+export const DEFAULT_REDACTION_CONFIG = {
+    enabled: true,
+    wrapUntrusted: true,
+};
+function shouldApply(field, cfg) {
+    if (!cfg.enabled)
+        return false;
+    if (!cfg.fields || cfg.fields.size === 0)
+        return true;
+    return cfg.fields.has(field);
+}
+/**
+ * Список «строковых» полей ErrorLog, которые мы прогоняем через `redactString`.
+ * Стек, message — отдельно (с wrap-обёрткой).
+ */
+const STRING_FIELDS_TO_SCAN = [
+    'browser',
+    'urlPath',
+    'errorCategory',
+    'appSlug',
+    'serviceName',
+    'deploymentEnv',
+    'language',
+    'fingerprint',
+    'sessionId',
+    'appVersion',
+    'screenSize',
+    'viewportSize',
+];
+/**
+ * Редактирует один ErrorLog (или его compact-вариант). Возвращает новый объект.
+ */
+export function redactErrorLog(log, opts = {}) {
+    const cfg = opts.config ?? DEFAULT_REDACTION_CONFIG;
+    const fieldsHit = new Set();
+    let suspiciousRule;
+    if (!cfg.enabled) {
+        return {
+            value: log,
+            stats: { fieldsHit: [], suspiciousContentBlocked: false },
+        };
+    }
+    const out = { ...log };
+    // 1. IP (отдельная анонимизация).
+    if (shouldApply('ip', cfg) && typeof out.ip === 'string' && out.ip.length > 0) {
+        const { value, fieldsHit: hits } = redactString(out.ip);
+        out.ip = value;
+        for (const h of hits)
+            fieldsHit.add(h);
+    }
+    // 2. userAgent → family.
+    if (shouldApply('userAgent', cfg) && typeof out.userAgent === 'string') {
+        const fam = userAgentFamily(out.userAgent);
+        out.userAgent = fam;
+        if (fam !== out.userAgent)
+            fieldsHit.add('userAgent');
+    }
+    // 3. URL / referrer — strip query.
+    if (shouldApply('url', cfg)) {
+        if (typeof out.url === 'string')
+            out.url = stripUrlQuery(out.url);
+        if (typeof out.referrer === 'string')
+            out.referrer = stripUrlQuery(out.referrer);
+    }
+    // 4. Простые строковые поля — regex pii.
+    for (const f of STRING_FIELDS_TO_SCAN) {
+        if (!shouldApply(f, cfg))
+            continue;
+        const v = out[f];
+        if (typeof v === 'string' && v.length > 0) {
+            const { value, fieldsHit: hits } = redactString(v);
+            out[f] = value;
+            for (const h of hits)
+                fieldsHit.add(h);
+        }
+    }
+    // 5. message + stack — отдельно. Сначала regex, потом suspicious-detect, потом wrap.
+    const processSensitiveText = (key) => {
+        if (!shouldApply(key, cfg))
+            return;
+        const v = out[key];
+        if (typeof v !== 'string' || v.length === 0)
+            return;
+        const { value, fieldsHit: hits } = redactString(v);
+        for (const h of hits)
+            fieldsHit.add(h);
+        const suspicious = detectSuspicious(value);
+        if (suspicious && !suspiciousRule)
+            suspiciousRule = suspicious.rule;
+        out[key] = cfg.wrapUntrusted !== false ? wrapUntrusted(value) : value;
+    };
+    processSensitiveText('message');
+    processSensitiveText('stack');
+    processSensitiveText('componentStack');
+    // 6. aiDiagnosis — если есть, прогоняем через универсальный redactor.
+    if (out.aiDiagnosis !== undefined && out.aiDiagnosis !== null) {
+        const { value, fieldsHit: hits } = redactValue(out.aiDiagnosis);
+        out.aiDiagnosis = value;
+        for (const h of hits)
+            fieldsHit.add(h);
+    }
+    return {
+        value: out,
+        stats: {
+            fieldsHit: Array.from(fieldsHit),
+            suspiciousContentBlocked: !!suspiciousRule,
+            ...(suspiciousRule ? { suspiciousRule } : {}),
+        },
+    };
+}
+/**
+ * Массовая редакция items. Объединяет stats по всем.
+ */
+export function redactErrorLogs(logs, opts = {}) {
+    const fieldsHit = new Set();
+    let suspiciousRule;
+    const items = logs.map((log) => {
+        const { value, stats } = redactErrorLog(log, opts);
+        for (const f of stats.fieldsHit)
+            fieldsHit.add(f);
+        if (stats.suspiciousContentBlocked && !suspiciousRule)
+            suspiciousRule = stats.suspiciousRule;
+        return value;
+    });
+    return {
+        items,
+        stats: {
+            fieldsHit: Array.from(fieldsHit),
+            suspiciousContentBlocked: !!suspiciousRule,
+            ...(suspiciousRule ? { suspiciousRule } : {}),
+        },
+    };
+}
+export { redactValue } from './argsRedactor.js';
+export { wrapUntrusted, detectSuspicious, containsSuspicious } from './promptInjection.js';
+export { userAgentFamily } from './userAgent.js';
+export { stripUrlQuery } from './url.js';
+export { redactString } from './fields.js';
+//# sourceMappingURL=index.js.map

package/dist/redaction/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/redaction/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AACjD,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,aAAa,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AAgBvE,MAAM,CAAC,MAAM,wBAAwB,GAAoB;IACvD,OAAO,EAAE,IAAI;IACb,aAAa,EAAE,IAAI;CACpB,CAAC;AAEF,SAAS,WAAW,CAAC,KAAa,EAAE,GAAoB;IACtD,IAAI,CAAC,GAAG,CAAC,OAAO;QAAE,OAAO,KAAK,CAAC;IAC/B,IAAI,CAAC,GAAG,CAAC,MAAM,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACtD,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;AAC/B,CAAC;AAED;;;GAGG;AACH,MAAM,qBAAqB,GAAG;IAC5B,SAAS;IACT,SAAS;IACT,eAAe;IACf,SAAS;IACT,aAAa;IACb,eAAe;IACf,UAAU;IACV,aAAa;IACb,WAAW;IACX,YAAY;IACZ,YAAY;IACZ,cAAc;CACN,CAAC;AAMX;;GAEG;AACH,MAAM,UAAU,cAAc,CAC5B,GAAM,EACN,OAA0B,EAAE;IAE5B,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,IAAI,wBAAwB,CAAC;IACpD,MAAM,SAAS,GAAG,IAAI,GAAG,EAAU,CAAC;IACpC,IAAI,cAAkC,CAAC;IAEvC,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;QACjB,OAAO;YACL,KAAK,EAAE,GAAG;YACV,KAAK,EAAE,EAAE,SAAS,EAAE,EAAE,EAAE,wBAAwB,EAAE,KAAK,EAAE;SAC1D,CAAC;IACJ,CAAC;IAED,MAAM,GAAG,GAA4B,EAAE,GAAG,GAAG,EAAE,CAAC;IAEhD,kCAAkC;IAClC,IAAI,WAAW,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,OAAO,GAAG,CAAC,EAAE,KAAK,QAAQ,IAAI,GAAG,CAAC,EAAE,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9E,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,YAAY,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACxD,GAAG,CAAC,EAAE,GAAG,KAAK,CAAC;QACf,KAAK,MAAM,CAAC,IAAI,IAAI;YAAE,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;IACzC,CAAC;IAED,yBAAyB;IACzB,IAAI,WAAW,CAAC,WAAW,EAAE,GAAG,CAAC,IAAI,OAAO,GAAG,CAAC,SAAS,KAAK,QAAQ,EAAE,CAAC;QACvE,MAAM,GAAG,GAAG,eAAe,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC3C,GAAG,CAAC,SAAS,GAAG,GAAG,CAAC;QACpB,IAAI,GAAG,KAAK,GAAG,CAAC,SAAS;YAAE,SAAS,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;IACxD,CAAC;IAED,mCAAmC;IACnC,IAAI,WAAW,CAAC,KAAK,EAAE,GAAG,CAAC,EAAE,CAAC;QAC5B,IAAI,OAAO,GAAG,CAAC,GAAG,KAAK,QAAQ;YAAE,GAAG,CAAC,GAAG,GAAG,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAClE,IAAI,OAAO,GAAG,CAAC,QAAQ,KAAK,QAAQ;YAAE,GAAG,CAAC,QAAQ,GAAG,aAAa,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACnF,CAAC;IAED,yCAAyC;IACzC,KAAK,MAAM,CAAC,IAAI,qBAAqB,EAAE,CAAC;QACtC,IAAI,CAAC,WAAW,CAAC,CAAC,EAAE,GAAG,CAAC;YAAE,SAAS;QACnC,MAAM,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC;QACjB,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC1C,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,YAAY,CAAC,CAAC,CAAC,CAAC;YACnD,GAAG,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC;YACf,KAAK,MAAM,CAAC,IAAI,IAAI;gBAAE,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QACzC,CAAC;IACH,CAAC;IAED,qFAAqF;IACrF,MAAM,oBAAoB,GAAG,CAAC,GAA2C,EAAQ,EAAE;QACjF,IAAI,CAAC,WAAW,CAAC,GAAG,EAAE,GAAG,CAAC;YAAE,OAAO;QACnC,MAAM,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;QACnB,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO;QACpD,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,YAAY,CAAC,CAAC,CAAC,CAAC;QACnD,KAAK,MAAM,CAAC,IAAI,IAAI;YAAE,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QACvC,MAAM,UAAU,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAC;QAC3C,IAAI,UAAU,IAAI,CAAC,cAAc;YAAE,cAAc,GAAG,UAAU,CAAC,IAAI,CAAC;QACpE,GAAG,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC,aAAa,KAAK,KAAK,CAAC,CAAC,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;IACxE,CAAC,CAAC;IACF,oBAAoB,CAAC,SAAS,CAAC,CAAC;IAChC,oBAAoB,CAAC,OAAO,CAAC,CAAC;IAC9B,oBAAoB,CAAC,gBAAgB,CAAC,CAAC;IAEvC,sEAAsE;IACtE,IAAI,GAAG,CAAC,WAAW,KAAK,SAAS,IAAI,GAAG,CAAC,WAAW,KAAK,IAAI,EAAE,CAAC;QAC9D,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,WAAW,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;QAChE,GAAG,CAAC,WAAW,GAAG,KAAK,CAAC;QACxB,KAAK,MAAM,CAAC,IAAI,IAAI;YAAE,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;IACzC,CAAC;IAED,OAAO;QACL,KAAK,EAAE,GAAQ;QACf,KAAK,EAAE;YACL,SAAS,EAAE,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC;YAChC,wBAAwB,EAAE,CAAC,CAAC,cAAc;YAC1C,GAAG,CAAC,cAAc,CAAC,CAAC,CAAC,EAAE,cAAc,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAC9C;KACF,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe,CAC7B,IAAS,EACT,OAA0B,EAAE;IAE5B,MAAM,SAAS,GAAG,IAAI,GAAG,EAAU,CAAC;IACpC,IAAI,cAAkC,CAAC;IACvC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE;QAC7B,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,cAAc,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QACnD,KAAK,MAAM,CAAC,IAAI,KAAK,CAAC,SAAS;YAAE,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QAClD,IAAI,KAAK,CAAC,wBAAwB,IAAI,CAAC,cAAc;YAAE,cAAc,GAAG,KAAK,CAAC,cAAc,CAAC;QAC7F,OAAO,KAAK,CAAC;IACf,CAAC,CAAC,CAAC;IACH,OAAO;QACL,KAAK;QACL,KAAK,EAAE;YACL,SAAS,EAAE,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC;YAChC,wBAAwB,EAAE,CAAC,CAAC,cAAc;YAC1C,GAAG,CAAC,cAAc,CAAC,CAAC,CAAC,EAAE,cAAc,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAC9C;KACF,CAAC;AACJ,CAAC;AAED,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,aAAa,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAC3F,OAAO,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AACjD,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC"}

package/dist/redaction/promptInjection.d.ts

@@ -0,0 +1,32 @@
+/**
+ * Prompt-injection mitigation:
+ *   1. Оборачиваем untrusted-контент в `<untrusted>...</untrusted>` теги.
+ *   2. Сканируем на regex-deny-list. При совпадении — флаг `suspicious=true`,
+ *      вызывающий код может заменить контент на `<blocked: suspicious content>`.
+ *
+ * См. 06-security.md §2.
+ *
+ * Phase 6: при detect инкрементим Prometheus counter
+ * `mcp_prompt_injection_blocked_total{rule}`.
+ */
+/** Regex-список «подозрительных» паттернов в untrusted-контенте. */
+export declare const SUSPICIOUS_PATTERNS: Array<{
+    name: string;
+    re: RegExp;
+}>;
+/**
+ * Оборачивает строку в `<untrusted>`-теги. Если внутри уже есть точно
+ * такие же теги — экранируем их, чтобы не дать атакующему «закрыть»
+ * нашу обёртку.
+ */
+export declare function wrapUntrusted(text: string | null | undefined): string | null;
+export interface SuspiciousMatch {
+    rule: string;
+}
+/**
+ * Возвращает первое совпавшее правило или null. Не модифицирует строку.
+ */
+export declare function detectSuspicious(text: string | null | undefined): SuspiciousMatch | null;
+/** Удобный bool-обёртка вокруг `detectSuspicious`. */
+export declare function containsSuspicious(text: string | null | undefined): boolean;
+//# sourceMappingURL=promptInjection.d.ts.map

package/dist/redaction/promptInjection.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"promptInjection.d.ts","sourceRoot":"","sources":["../../src/redaction/promptInjection.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAIH,oEAAoE;AACpE,eAAO,MAAM,mBAAmB,EAAE,KAAK,CAAC;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,EAAE,EAAE,MAAM,CAAA;CAAE,CAUnE,CAAC;AAOF;;;;GAIG;AACH,wBAAgB,aAAa,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAAG,MAAM,GAAG,IAAI,CAM5E;AAED,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,MAAM,CAAC;CACd;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAAG,eAAe,GAAG,IAAI,CAcxF;AAED,sDAAsD;AACtD,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAAG,OAAO,CAE3E"}

package/dist/redaction/promptInjection.js

@@ -0,0 +1,68 @@
+/**
+ * Prompt-injection mitigation:
+ *   1. Оборачиваем untrusted-контент в `<untrusted>...</untrusted>` теги.
+ *   2. Сканируем на regex-deny-list. При совпадении — флаг `suspicious=true`,
+ *      вызывающий код может заменить контент на `<blocked: suspicious content>`.
+ *
+ * См. 06-security.md §2.
+ *
+ * Phase 6: при detect инкрементим Prometheus counter
+ * `mcp_prompt_injection_blocked_total{rule}`.
+ */
+import { recordPromptInjectionBlocked } from '../observability/metrics.js';
+/** Regex-список «подозрительных» паттернов в untrusted-контенте. */
+export const SUSPICIOUS_PATTERNS = [
+    { name: 'ignore_previous', re: /ignore\s+(all\s+)?previous\s+(instructions?|messages?|prompts?)/i },
+    { name: 'disregard_prior', re: /disregard\s+(all\s+)?(prior|previous)/i },
+    { name: 'system_role', re: /(^|\W)system\s*:/i },
+    { name: 'assistant_role', re: /(^|\W)assistant\s*:/i },
+    { name: 'im_marker', re: /<\|im_(start|end)\|>/i },
+    { name: 'inst_marker', re: /\[\/?INST\]/i },
+    { name: 'you_are_now', re: /you\s+are\s+now\s+(a|an)\s+\w+/i },
+    { name: 'override_rules', re: /override\s+your\s+(rules|instructions)/i },
+    { name: 'jailbreak', re: /jailbreak/i },
+];
+const OPEN_TAG = '<untrusted>';
+const CLOSE_TAG = '</untrusted>';
+const ESCAPED_OPEN = '&lt;untrusted&gt;';
+const ESCAPED_CLOSE = '&lt;/untrusted&gt;';
+/**
+ * Оборачивает строку в `<untrusted>`-теги. Если внутри уже есть точно
+ * такие же теги — экранируем их, чтобы не дать атакующему «закрыть»
+ * нашу обёртку.
+ */
+export function wrapUntrusted(text) {
+    if (text === null || text === undefined)
+        return null;
+    if (typeof text !== 'string')
+        return String(text);
+    if (text.length === 0)
+        return text;
+    const escaped = text.replace(/<untrusted>/gi, ESCAPED_OPEN).replace(/<\/untrusted>/gi, ESCAPED_CLOSE);
+    return `${OPEN_TAG}${escaped}${CLOSE_TAG}`;
+}
+/**
+ * Возвращает первое совпавшее правило или null. Не модифицирует строку.
+ */
+export function detectSuspicious(text) {
+    if (!text || typeof text !== 'string')
+        return null;
+    for (const { name, re } of SUSPICIOUS_PATTERNS) {
+        if (re.test(text)) {
+            // Phase 6: метрика на каждое срабатывание.
+            try {
+                recordPromptInjectionBlocked(name);
+            }
+            catch {
+                // не блокируем основной flow при ошибке метрики
+            }
+            return { rule: name };
+        }
+    }
+    return null;
+}
+/** Удобный bool-обёртка вокруг `detectSuspicious`. */
+export function containsSuspicious(text) {
+    return detectSuspicious(text) !== null;
+}
+//# sourceMappingURL=promptInjection.js.map

package/dist/redaction/promptInjection.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"promptInjection.js","sourceRoot":"","sources":["../../src/redaction/promptInjection.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,4BAA4B,EAAE,MAAM,6BAA6B,CAAC;AAE3E,oEAAoE;AACpE,MAAM,CAAC,MAAM,mBAAmB,GAAwC;IACtE,EAAE,IAAI,EAAE,iBAAiB,EAAE,EAAE,EAAE,kEAAkE,EAAE;IACnG,EAAE,IAAI,EAAE,iBAAiB,EAAE,EAAE,EAAE,wCAAwC,EAAE;IACzE,EAAE,IAAI,EAAE,aAAa,EAAE,EAAE,EAAE,mBAAmB,EAAE;IAChD,EAAE,IAAI,EAAE,gBAAgB,EAAE,EAAE,EAAE,sBAAsB,EAAE;IACtD,EAAE,IAAI,EAAE,WAAW,EAAE,EAAE,EAAE,uBAAuB,EAAE;IAClD,EAAE,IAAI,EAAE,aAAa,EAAE,EAAE,EAAE,cAAc,EAAE;IAC3C,EAAE,IAAI,EAAE,aAAa,EAAE,EAAE,EAAE,iCAAiC,EAAE;IAC9D,EAAE,IAAI,EAAE,gBAAgB,EAAE,EAAE,EAAE,yCAAyC,EAAE;IACzE,EAAE,IAAI,EAAE,WAAW,EAAE,EAAE,EAAE,YAAY,EAAE;CACxC,CAAC;AAEF,MAAM,QAAQ,GAAG,aAAa,CAAC;AAC/B,MAAM,SAAS,GAAG,cAAc,CAAC;AACjC,MAAM,YAAY,GAAG,mBAAmB,CAAC;AACzC,MAAM,aAAa,GAAG,oBAAoB,CAAC;AAE3C;;;;GAIG;AACH,MAAM,UAAU,aAAa,CAAC,IAA+B;IAC3D,IAAI,IAAI,KAAK,IAAI,IAAI,IAAI,KAAK,SAAS;QAAE,OAAO,IAAI,CAAC;IACrD,IAAI,OAAO,IAAI,KAAK,QAAQ;QAAE,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC;IAClD,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACnC,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,eAAe,EAAE,YAAY,CAAC,CAAC,OAAO,CAAC,iBAAiB,EAAE,aAAa,CAAC,CAAC;IACtG,OAAO,GAAG,QAAQ,GAAG,OAAO,GAAG,SAAS,EAAE,CAAC;AAC7C,CAAC;AAMD;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,IAA+B;IAC9D,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IACnD,KAAK,MAAM,EAAE,IAAI,EAAE,EAAE,EAAE,IAAI,mBAAmB,EAAE,CAAC;QAC/C,IAAI,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAClB,2CAA2C;YAC3C,IAAI,CAAC;gBACH,4BAA4B,CAAC,IAAI,CAAC,CAAC;YACrC,CAAC;YAAC,MAAM,CAAC;gBACP,gDAAgD;YAClD,CAAC;YACD,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;QACxB,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,sDAAsD;AACtD,MAAM,UAAU,kBAAkB,CAAC,IAA+B;IAChE,OAAO,gBAAgB,CAAC,IAAI,CAAC,KAAK,IAAI,CAAC;AACzC,CAAC"}

package/dist/redaction/url.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Очистка URL: убираем query string (часто содержит токены/PII),
+ * оставляем host + path. Hash-фрагмент тоже отбрасываем.
+ *
+ * Если строка не похожа на URL — возвращаем как есть.
+ */
+export declare function stripUrlQuery(url: string | null | undefined): string | null;
+//# sourceMappingURL=url.d.ts.map

package/dist/redaction/url.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"url.d.ts","sourceRoot":"","sources":["../../src/redaction/url.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,wBAAgB,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAAG,MAAM,GAAG,IAAI,CAgB3E"}

package/dist/redaction/url.js

@@ -0,0 +1,26 @@
+/**
+ * Очистка URL: убираем query string (часто содержит токены/PII),
+ * оставляем host + path. Hash-фрагмент тоже отбрасываем.
+ *
+ * Если строка не похожа на URL — возвращаем как есть.
+ */
+export function stripUrlQuery(url) {
+    if (!url)
+        return url ?? null;
+    try {
+        // Поддерживаем как absolute, так и relative URL.
+        if (url.startsWith('/')) {
+            const qIdx = url.indexOf('?');
+            const hIdx = url.indexOf('#');
+            const end = [qIdx, hIdx].filter((i) => i >= 0).sort((a, b) => a - b)[0];
+            return end === undefined ? url : url.slice(0, end);
+        }
+        const u = new URL(url);
+        return `${u.protocol}//${u.host}${u.pathname}`;
+    }
+    catch {
+        // Не URL — возвращаем как есть.
+        return url;
+    }
+}
+//# sourceMappingURL=url.js.map

package/dist/redaction/url.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"url.js","sourceRoot":"","sources":["../../src/redaction/url.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,MAAM,UAAU,aAAa,CAAC,GAA8B;IAC1D,IAAI,CAAC,GAAG;QAAE,OAAO,GAAG,IAAI,IAAI,CAAC;IAC7B,IAAI,CAAC;QACH,iDAAiD;QACjD,IAAI,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YACxB,MAAM,IAAI,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YAC9B,MAAM,IAAI,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YAC9B,MAAM,GAAG,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YACxE,OAAO,GAAG,KAAK,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;QACrD,CAAC;QACD,MAAM,CAAC,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QACvB,OAAO,GAAG,CAAC,CAAC,QAAQ,KAAK,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,QAAQ,EAAE,CAAC;IACjD,CAAC;IAAC,MAAM,CAAC;QACP,gCAAgC;QAChC,OAAO,GAAG,CAAC;IACb,CAAC;AACH,CAAC"}

package/dist/redaction/userAgent.d.ts

@@ -0,0 +1,9 @@
+/**
+ * Сокращение userAgent до family (browser / runtime name).
+ *
+ * Phase 5: упрощённый matcher без зависимости на ua-parser-js (минимизируем
+ * supply-chain). Покрывает 99 % browser/runtime семейств, встречающихся в логах.
+ * При необходимости можно поменять на ua-parser-js в будущем — контракт остаётся.
+ */
+export declare function userAgentFamily(ua: string | null | undefined): string | null;
+//# sourceMappingURL=userAgent.d.ts.map

package/dist/redaction/userAgent.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"userAgent.d.ts","sourceRoot":"","sources":["../../src/redaction/userAgent.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAyBH,wBAAgB,eAAe,CAAC,EAAE,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAAG,MAAM,GAAG,IAAI,CAM5E"}

package/dist/redaction/userAgent.js

@@ -0,0 +1,39 @@
+/**
+ * Сокращение userAgent до family (browser / runtime name).
+ *
+ * Phase 5: упрощённый matcher без зависимости на ua-parser-js (минимизируем
+ * supply-chain). Покрывает 99 % browser/runtime семейств, встречающихся в логах.
+ * При необходимости можно поменять на ua-parser-js в будущем — контракт остаётся.
+ */
+const PATTERNS = [
+    // Boтыs / crawlers — first, чтобы не путать с Chrome.
+    { re: /Googlebot/i, family: 'Googlebot' },
+    { re: /Bingbot/i, family: 'Bingbot' },
+    { re: /YandexBot/i, family: 'YandexBot' },
+    { re: /DuckDuckBot/i, family: 'DuckDuckBot' },
+    { re: /Slackbot|Slack-ImgProxy/i, family: 'Slackbot' },
+    // Order matters: Edge contains Chrome substring.
+    { re: /Edg\//i, family: 'Edge' },
+    { re: /OPR\/|Opera/i, family: 'Opera' },
+    { re: /Firefox\//i, family: 'Firefox' },
+    { re: /Chrome\//i, family: 'Chrome' },
+    { re: /Safari\//i, family: 'Safari' },
+    // Runtimes.
+    { re: /curl\//i, family: 'curl' },
+    { re: /wget\//i, family: 'wget' },
+    { re: /node\b|node-fetch|undici/i, family: 'Node' },
+    { re: /python-requests|urllib/i, family: 'Python' },
+    { re: /Go-http-client/i, family: 'Go' },
+    { re: /Java\//i, family: 'Java' },
+    { re: /PostmanRuntime/i, family: 'Postman' },
+];
+export function userAgentFamily(ua) {
+    if (!ua)
+        return null;
+    for (const { re, family } of PATTERNS) {
+        if (re.test(ua))
+            return family;
+    }
+    return 'Unknown';
+}
+//# sourceMappingURL=userAgent.js.map

package/dist/redaction/userAgent.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"userAgent.js","sourceRoot":"","sources":["../../src/redaction/userAgent.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,MAAM,QAAQ,GAA0C;IACtD,sDAAsD;IACtD,EAAE,EAAE,EAAE,YAAY,EAAE,MAAM,EAAE,WAAW,EAAE;IACzC,EAAE,EAAE,EAAE,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE;IACrC,EAAE,EAAE,EAAE,YAAY,EAAE,MAAM,EAAE,WAAW,EAAE;IACzC,EAAE,EAAE,EAAE,cAAc,EAAE,MAAM,EAAE,aAAa,EAAE;IAC7C,EAAE,EAAE,EAAE,0BAA0B,EAAE,MAAM,EAAE,UAAU,EAAE;IACtD,iDAAiD;IACjD,EAAE,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE;IAChC,EAAE,EAAE,EAAE,cAAc,EAAE,MAAM,EAAE,OAAO,EAAE;IACvC,EAAE,EAAE,EAAE,YAAY,EAAE,MAAM,EAAE,SAAS,EAAE;IACvC,EAAE,EAAE,EAAE,WAAW,EAAE,MAAM,EAAE,QAAQ,EAAE;IACrC,EAAE,EAAE,EAAE,WAAW,EAAE,MAAM,EAAE,QAAQ,EAAE;IACrC,YAAY;IACZ,EAAE,EAAE,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE;IACjC,EAAE,EAAE,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE;IACjC,EAAE,EAAE,EAAE,2BAA2B,EAAE,MAAM,EAAE,MAAM,EAAE;IACnD,EAAE,EAAE,EAAE,yBAAyB,EAAE,MAAM,EAAE,QAAQ,EAAE;IACnD,EAAE,EAAE,EAAE,iBAAiB,EAAE,MAAM,EAAE,IAAI,EAAE;IACvC,EAAE,EAAE,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE;IACjC,EAAE,EAAE,EAAE,iBAAiB,EAAE,MAAM,EAAE,SAAS,EAAE;CAC7C,CAAC;AAEF,MAAM,UAAU,eAAe,CAAC,EAA6B;IAC3D,IAAI,CAAC,EAAE;QAAE,OAAO,IAAI,CAAC;IACrB,KAAK,MAAM,EAAE,EAAE,EAAE,MAAM,EAAE,IAAI,QAAQ,EAAE,CAAC;QACtC,IAAI,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;YAAE,OAAO,MAAM,CAAC;IACjC,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC"}

package/dist/resources/index.d.ts

@@ -0,0 +1,24 @@
+import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
+import type { Logger } from 'pino';
+import type { ElsClient } from '../elsClient.js';
+/**
+ * Phase 2 MCP-resources поверх ELS.
+ *
+ * Подход: каждый resource — это thin wrapper над соответствующим tool/handler,
+ * чтобы вся business-логика жила в одном месте. Cache + subscriptions —
+ * Phase 4 (нужен Redis); сейчас на каждый read делается свежий upstream-вызов.
+ *
+ * Зарегистрированные URI:
+ *   els://apps                                — список доступных apps
+ *   els://apps/{slug}/stats/24h               — сводка за 24ч
+ *   els://apps/{slug}/recent-critical         — top-50 CRITICAL за час
+ *   els://logs/{traceId}                      — детальный лог
+ *   els://apps/{slug}/saved-queries           — V2 placeholder
+ */
+export interface RegisterResourcesOptions {
+    client: ElsClient;
+    log?: Logger;
+}
+export declare const ALL_RESOURCE_URIS: readonly ["els://apps", "els://apps/{slug}/stats/24h", "els://apps/{slug}/recent-critical", "els://logs/{traceId}", "els://apps/{slug}/saved-queries"];
+export declare function registerResources(server: McpServer, opts: RegisterResourcesOptions): string[];
+//# sourceMappingURL=index.d.ts.map

package/dist/resources/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/resources/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAoB,MAAM,yCAAyC,CAAC;AACtF,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,MAAM,CAAC;AACnC,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAOjD;;;;;;;;;;;;;GAaG;AAEH,MAAM,WAAW,wBAAwB;IACvC,MAAM,EAAE,SAAS,CAAC;IAClB,GAAG,CAAC,EAAE,MAAM,CAAC;CACd;AAED,eAAO,MAAM,iBAAiB,wJAMpB,CAAC;AAqBX,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,SAAS,EAAE,IAAI,EAAE,wBAAwB,GAAG,MAAM,EAAE,CA+J7F"}

package/dist/resources/index.js

@@ -0,0 +1,150 @@
+import { ResourceTemplate } from '@modelcontextprotocol/sdk/server/mcp.js';
+import { ToolError } from '../lib/errors.js';
+import { handleListApps } from '../tools/listApps.js';
+import { handleErrorStatsBreakdown } from '../tools/errorStatsBreakdown.js';
+import { handleSearchLogs } from '../tools/searchLogs.js';
+import { handleGetLogDetails } from '../tools/getLogDetails.js';
+export const ALL_RESOURCE_URIS = [
+    'els://apps',
+    'els://apps/{slug}/stats/24h',
+    'els://apps/{slug}/recent-critical',
+    'els://logs/{traceId}',
+    'els://apps/{slug}/saved-queries',
+];
+function buildJsonResource(uri, payload) {
+    return {
+        contents: [
+            {
+                uri,
+                mimeType: 'application/json',
+                text: JSON.stringify(payload, null, 2),
+            },
+        ],
+    };
+}
+function extractStructured(result) {
+    if (result.isError) {
+        return { error: result.structuredContent ?? { code: 'INTERNAL' } };
+    }
+    return result.structuredContent ?? {};
+}
+export function registerResources(server, opts) {
+    const { client } = opts;
+    const registered = [];
+    // ─── els://apps ─────────────────────────────────────────────────────────
+    server.registerResource('els-apps', 'els://apps', {
+        title: 'List of apps accessible to current API key',
+        description: 'Returns apps available to the current API key. For master keys — all apps; for regular keys — single current app.',
+        mimeType: 'application/json',
+    }, async (uri) => {
+        const result = await handleListApps({}, client);
+        return buildJsonResource(uri.toString(), extractStructured(result));
+    });
+    registered.push('els://apps');
+    // ─── els://apps/{slug}/stats/24h ─────────────────────────────────────────
+    server.registerResource('els-app-stats-24h', new ResourceTemplate('els://apps/{slug}/stats/24h', { list: undefined }), {
+        title: 'App stats for the last 24 hours',
+        description: 'Aggregated stats for a single app over the last 24 hours: total, unique fingerprints, distinct users/services/urls, byLevel breakdown.',
+        mimeType: 'application/json',
+    }, async (uri, variables) => {
+        const slug = String(variables.slug ?? '');
+        const fromIso = new Date(Date.now() - 24 * 60 * 60 * 1000).toISOString();
+        const toIso = new Date().toISOString();
+        try {
+            const result = await handleErrorStatsBreakdown({ from: fromIso, to: toIso, compareTo: 'none' }, client);
+            const payload = { slug, window: '24h', from: fromIso, to: toIso, ...extractStructured(result) };
+            return buildJsonResource(uri.toString(), payload);
+        }
+        catch (err) {
+            if (err instanceof ToolError) {
+                return buildJsonResource(uri.toString(), {
+                    slug,
+                    error: { code: err.code, message: err.message },
+                });
+            }
+            throw err;
+        }
+    });
+    registered.push('els://apps/{slug}/stats/24h');
+    // ─── els://apps/{slug}/recent-critical ───────────────────────────────────
+    server.registerResource('els-app-recent-critical', new ResourceTemplate('els://apps/{slug}/recent-critical', { list: undefined }), {
+        title: 'Recent CRITICAL errors (last hour, top 50)',
+        description: 'Up to 50 CRITICAL errors from the last hour, newest first. Phase 2: no subscriptions yet (each read = fresh upstream call). Subscriptions added in Phase 4.',
+        mimeType: 'application/json',
+    }, async (uri, variables) => {
+        const slug = String(variables.slug ?? '');
+        const fromIso = new Date(Date.now() - 60 * 60 * 1000).toISOString();
+        try {
+            const result = await handleSearchLogs({
+                limit: 50,
+                sortBy: 'receivedAt',
+                sortOrder: 'desc',
+                from: fromIso,
+                level: ['CRITICAL'],
+                response_format: 'compact',
+            }, client);
+            const sc = extractStructured(result);
+            const payload = {
+                slug,
+                items: sc.items ?? [],
+                total: sc.total ?? 0,
+                lastUpdated: new Date().toISOString(),
+                _meta: sc._meta,
+            };
+            return buildJsonResource(uri.toString(), payload);
+        }
+        catch (err) {
+            if (err instanceof ToolError) {
+                return buildJsonResource(uri.toString(), {
+                    slug,
+                    error: { code: err.code, message: err.message },
+                });
+            }
+            throw err;
+        }
+    });
+    registered.push('els://apps/{slug}/recent-critical');
+    // ─── els://logs/{traceId} ────────────────────────────────────────────────
+    server.registerResource('els-log-details', new ResourceTemplate('els://logs/{traceId}', { list: undefined }), {
+        title: 'Full error log details by traceId',
+        description: 'Identical payload to get_log_details (response_format=full).',
+        mimeType: 'application/json',
+    }, async (uri, variables) => {
+        const traceId = String(variables.traceId ?? '');
+        try {
+            const result = await handleGetLogDetails({ traceId, response_format: 'full' }, client);
+            return buildJsonResource(uri.toString(), extractStructured(result));
+        }
+        catch (err) {
+            if (err instanceof ToolError) {
+                return buildJsonResource(uri.toString(), {
+                    traceId,
+                    error: { code: err.code, message: err.message },
+                });
+            }
+            throw err;
+        }
+    });
+    registered.push('els://logs/{traceId}');
+    // ─── els://apps/{slug}/saved-queries (V2 placeholder) ────────────────────
+    server.registerResource('els-app-saved-queries', new ResourceTemplate('els://apps/{slug}/saved-queries', { list: undefined }), {
+        title: 'Saved JQL queries (not implemented yet)',
+        description: 'Placeholder for V2: saved JQL queries per app. Returns empty list with notImplemented marker until Phase 4.',
+        mimeType: 'application/json',
+    }, async (uri, variables) => {
+        const slug = String(variables.slug ?? '');
+        return buildJsonResource(uri.toString(), {
+            slug,
+            items: [],
+            _meta: {
+                notImplemented: true,
+                plannedFor: 'Phase 4 (post-GA)',
+                rationale: 'Saved queries are a UI feature in LK; MCP delivers in Phase 4 when JQL editor is stable.',
+            },
+        });
+    });
+    registered.push('els://apps/{slug}/saved-queries');
+    opts.log?.info?.({ resources: registered }, 'MCP resources registered');
+    return registered;
+}
+//# sourceMappingURL=index.js.map

package/dist/resources/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/resources/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAa,gBAAgB,EAAE,MAAM,yCAAyC,CAAC;AAGtF,OAAO,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAC7C,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,yBAAyB,EAAE,MAAM,iCAAiC,CAAC;AAC5E,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAsBhE,MAAM,CAAC,MAAM,iBAAiB,GAAG;IAC/B,YAAY;IACZ,6BAA6B;IAC7B,mCAAmC;IACnC,sBAAsB;IACtB,iCAAiC;CACzB,CAAC;AAEX,SAAS,iBAAiB,CAAC,GAAW,EAAE,OAAgB;IACtD,OAAO;QACL,QAAQ,EAAE;YACR;gBACE,GAAG;gBACH,QAAQ,EAAE,kBAAkB;gBAC5B,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;aACvC;SACF;KACF,CAAC;AACJ,CAAC;AAED,SAAS,iBAAiB,CAAC,MAA0E;IACnG,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QACnB,OAAO,EAAE,KAAK,EAAE,MAAM,CAAC,iBAAiB,IAAI,EAAE,IAAI,EAAE,UAAU,EAAE,EAAE,CAAC;IACrE,CAAC;IACD,OAAO,MAAM,CAAC,iBAAiB,IAAI,EAAE,CAAC;AACxC,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,MAAiB,EAAE,IAA8B;IACjF,MAAM,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC;IACxB,MAAM,UAAU,GAAa,EAAE,CAAC;IAEhC,2EAA2E;IAC3E,MAAM,CAAC,gBAAgB,CACrB,UAAU,EACV,YAAY,EACZ;QACE,KAAK,EAAE,4CAA4C;QACnD,WAAW,EACT,mHAAmH;QACrH,QAAQ,EAAE,kBAAkB;KAC7B,EACD,KAAK,EAAE,GAAG,EAAE,EAAE;QACZ,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC;QAChD,OAAO,iBAAiB,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE,iBAAiB,CAAC,MAAM,CAAC,CAAC,CAAC;IACtE,CAAC,CACF,CAAC;IACF,UAAU,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IAE9B,4EAA4E;IAC5E,MAAM,CAAC,gBAAgB,CACrB,mBAAmB,EACnB,IAAI,gBAAgB,CAAC,6BAA6B,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,EACxE;QACE,KAAK,EAAE,iCAAiC;QACxC,WAAW,EACT,wIAAwI;QAC1I,QAAQ,EAAE,kBAAkB;KAC7B,EACD,KAAK,EAAE,GAAG,EAAE,SAAS,EAAE,EAAE;QACvB,MAAM,IAAI,GAAG,MAAM,CAAC,SAAS,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC;QAC1C,MAAM,OAAO,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;QACzE,MAAM,KAAK,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACvC,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,yBAAyB,CAC5C,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,EAC/C,MAAM,CACP,CAAC;YACF,MAAM,OAAO,GAAG,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,GAAG,iBAAiB,CAAC,MAAM,CAAC,EAAE,CAAC;YAChG,OAAO,iBAAiB,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE,OAAO,CAAC,CAAC;QACpD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,GAAG,YAAY,SAAS,EAAE,CAAC;gBAC7B,OAAO,iBAAiB,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE;oBACvC,IAAI;oBACJ,KAAK,EAAE,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE;iBAChD,CAAC,CAAC;YACL,CAAC;YACD,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC,CACF,CAAC;IACF,UAAU,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC;IAE/C,4EAA4E;IAC5E,MAAM,CAAC,gBAAgB,CACrB,yBAAyB,EACzB,IAAI,gBAAgB,CAAC,mCAAmC,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,EAC9E;QACE,KAAK,EAAE,4CAA4C;QACnD,WAAW,EACT,6JAA6J;QAC/J,QAAQ,EAAE,kBAAkB;KAC7B,EACD,KAAK,EAAE,GAAG,EAAE,SAAS,EAAE,EAAE;QACvB,MAAM,IAAI,GAAG,MAAM,CAAC,SAAS,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC;QAC1C,MAAM,OAAO,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;QACpE,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,gBAAgB,CACnC;gBACE,KAAK,EAAE,EAAE;gBACT,MAAM,EAAE,YAAY;gBACpB,SAAS,EAAE,MAAM;gBACjB,IAAI,EAAE,OAAO;gBACb,KAAK,EAAE,CAAC,UAAU,CAAC;gBACnB,eAAe,EAAE,SAAS;aAC3B,EACD,MAAM,CACP,CAAC;YACF,MAAM,EAAE,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC;YACrC,MAAM,OAAO,GAAG;gBACd,IAAI;gBACJ,KAAK,EAAE,EAAE,CAAC,KAAK,IAAI,EAAE;gBACrB,KAAK,EAAE,EAAE,CAAC,KAAK,IAAI,CAAC;gBACpB,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBACrC,KAAK,EAAE,EAAE,CAAC,KAAK;aAChB,CAAC;YACF,OAAO,iBAAiB,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE,OAAO,CAAC,CAAC;QACpD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,GAAG,YAAY,SAAS,EAAE,CAAC;gBAC7B,OAAO,iBAAiB,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE;oBACvC,IAAI;oBACJ,KAAK,EAAE,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE;iBAChD,CAAC,CAAC;YACL,CAAC;YACD,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC,CACF,CAAC;IACF,UAAU,CAAC,IAAI,CAAC,mCAAmC,CAAC,CAAC;IAErD,4EAA4E;IAC5E,MAAM,CAAC,gBAAgB,CACrB,iBAAiB,EACjB,IAAI,gBAAgB,CAAC,sBAAsB,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,EACjE;QACE,KAAK,EAAE,mCAAmC;QAC1C,WAAW,EAAE,8DAA8D;QAC3E,QAAQ,EAAE,kBAAkB;KAC7B,EACD,KAAK,EAAE,GAAG,EAAE,SAAS,EAAE,EAAE;QACvB,MAAM,OAAO,GAAG,MAAM,CAAC,SAAS,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC;QAChD,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,mBAAmB,CACtC,EAAE,OAAO,EAAE,eAAe,EAAE,MAAM,EAAE,EACpC,MAAM,CACP,CAAC;YACF,OAAO,iBAAiB,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE,iBAAiB,CAAC,MAAM,CAAC,CAAC,CAAC;QACtE,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,GAAG,YAAY,SAAS,EAAE,CAAC;gBAC7B,OAAO,iBAAiB,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE;oBACvC,OAAO;oBACP,KAAK,EAAE,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE;iBAChD,CAAC,CAAC;YACL,CAAC;YACD,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC,CACF,CAAC;IACF,UAAU,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;IAExC,4EAA4E;IAC5E,MAAM,CAAC,gBAAgB,CACrB,uBAAuB,EACvB,IAAI,gBAAgB,CAAC,iCAAiC,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,EAC5E;QACE,KAAK,EAAE,yCAAyC;QAChD,WAAW,EACT,6GAA6G;QAC/G,QAAQ,EAAE,kBAAkB;KAC7B,EACD,KAAK,EAAE,GAAG,EAAE,SAAS,EAAE,EAAE;QACvB,MAAM,IAAI,GAAG,MAAM,CAAC,SAAS,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC;QAC1C,OAAO,iBAAiB,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE;YACvC,IAAI;YACJ,KAAK,EAAE,EAAE;YACT,KAAK,EAAE;gBACL,cAAc,EAAE,IAAI;gBACpB,UAAU,EAAE,mBAAmB;gBAC/B,SAAS,EAAE,0FAA0F;aACtG;SACF,CAAC,CAAC;IACL,CAAC,CACF,CAAC;IACF,UAAU,CAAC,IAAI,CAAC,iCAAiC,CAAC,CAAC;IAEnD,IAAI,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,EAAE,SAAS,EAAE,UAAU,EAAE,EAAE,0BAA0B,CAAC,CAAC;IACxE,OAAO,UAAU,CAAC;AACpB,CAAC"}

package/dist/server.d.ts

@@ -0,0 +1,37 @@
+import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
+import { type Logger } from 'pino';
+import type { Config } from './config.js';
+import { ElsClient } from './elsClient.js';
+import type { ToolContext, MiddlewareDeps } from './middleware/withMiddleware.js';
+/**
+ * Создаёт McpServer, регистрирует tools, возвращает готовый объект.
+ *
+ * В Phase 1 transport подключается отдельно (stdio через cli.ts). В Phase 3
+ * добавится HTTP transport.
+ *
+ * Логи всегда идут в stderr (pino.destination(2)) — stdout зарезервирован
+ * для JSON-RPC.
+ */
+export interface CreateMcpServerOptions {
+    config: Config;
+    log?: Logger;
+    /** Для тестов: использовать готовый ELS клиент вместо создания нового. */
+    client?: ElsClient;
+    /**
+     * Phase 5/6: opt-in contextProvider. Если задан — все tools будут обёрнуты
+     * в `withMiddleware` (quota + audit + usage + redaction).
+     */
+    contextProvider?: () => ToolContext;
+    /** Phase 5: middleware deps (audit/usage/redaction). */
+    middleware?: MiddlewareDeps;
+}
+export interface McpServerHandle {
+    server: McpServer;
+    client: ElsClient;
+    log: Logger;
+    registeredTools: string[];
+    registeredResources: string[];
+    registeredPrompts: string[];
+}
+export declare function createMcpServer(opts: CreateMcpServerOptions): McpServerHandle;
+//# sourceMappingURL=server.d.ts.map

package/dist/server.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACpE,OAAa,EAAE,KAAK,MAAM,EAAE,MAAM,MAAM,CAAC;AACzC,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AAI3C,OAAO,KAAK,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,gCAAgC,CAAC;AAElF;;;;;;;;GAQG;AAEH,MAAM,WAAW,sBAAsB;IACrC,MAAM,EAAE,MAAM,CAAC;IACf,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,0EAA0E;IAC1E,MAAM,CAAC,EAAE,SAAS,CAAC;IACnB;;;OAGG;IACH,eAAe,CAAC,EAAE,MAAM,WAAW,CAAC;IACpC,wDAAwD;IACxD,UAAU,CAAC,EAAE,cAAc,CAAC;CAC7B;AAED,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,SAAS,CAAC;IAClB,MAAM,EAAE,SAAS,CAAC;IAClB,GAAG,EAAE,MAAM,CAAC;IACZ,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,mBAAmB,EAAE,MAAM,EAAE,CAAC;IAC9B,iBAAiB,EAAE,MAAM,EAAE,CAAC;CAC7B;AAED,wBAAgB,eAAe,CAAC,IAAI,EAAE,sBAAsB,GAAG,eAAe,CA4C7E"}