@j0hanz/fetch-url-mcp 1.2.0 → 1.3.1

package/dist/http/auth.js

@@ -0,0 +1,344 @@
+import { InvalidTokenError, ServerError, } from '@modelcontextprotocol/sdk/server/auth/errors.js';
+import { Buffer } from 'node:buffer';
+import { randomBytes } from 'node:crypto';
+import { config } from '../config.js';
+import { hmacSha256Hex, timingSafeEqualUtf8 } from '../crypto.js';
+import { normalizeHost } from '../host-normalization.js';
+import { isObject } from '../type-guards.js';
+import { getHeaderValue, sendEmpty, sendError, sendJson, } from './helpers.js';
+// ---------------------------------------------------------------------------
+// CORS
+// ---------------------------------------------------------------------------
+class CorsPolicy {
+    // NOTE: CorsPolicy.handle() is invoked only AFTER hostOriginPolicy.validate() in
+    // HttpRequestPipeline. The Origin header is reflected only when it matches an
+    // allowlisted host — arbitrary/unauthenticated origins are never reflected.
+    handle(ctx) {
+        const { req, res } = ctx;
+        const origin = getHeaderValue(req, 'origin');
+        if (origin) {
+            res.setHeader('Access-Control-Allow-Origin', origin);
+            res.setHeader('Vary', 'Origin');
+        }
+        else {
+            res.setHeader('Access-Control-Allow-Origin', '*');
+        }
+        res.setHeader('Access-Control-Allow-Methods', 'GET, POST, OPTIONS, DELETE');
+        res.setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization, X-API-Key, MCP-Protocol-Version, MCP-Session-ID, X-MCP-Session-ID, Last-Event-ID');
+        if (req.method !== 'OPTIONS')
+            return false;
+        sendEmpty(res, 204);
+        return true;
+    }
+}
+export const corsPolicy = new CorsPolicy();
+// ---------------------------------------------------------------------------
+// Host / Origin validation
+// ---------------------------------------------------------------------------
+const LOOPBACK_HOSTS = new Set(['localhost', '127.0.0.1', '::1']);
+const WILDCARD_HOSTS = new Set(['0.0.0.0', '::']);
+function hasConstantTimeMatch(candidates, input) {
+    // Avoid leaking match index via early-return.
+    let matched = 0;
+    for (const candidate of candidates) {
+        matched |= timingSafeEqualUtf8(candidate, input) ? 1 : 0;
+    }
+    return matched === 1;
+}
+function isWildcardHost(host) {
+    return WILDCARD_HOSTS.has(host);
+}
+function addNormalizedHost(target, value) {
+    const normalized = normalizeHost(value);
+    if (normalized)
+        target.add(normalized);
+}
+function buildAllowedHosts() {
+    const allowed = new Set(LOOPBACK_HOSTS);
+    const configuredHost = normalizeHost(config.server.host);
+    if (configuredHost && !isWildcardHost(configuredHost)) {
+        allowed.add(configuredHost);
+    }
+    for (const host of config.security.allowedHosts) {
+        addNormalizedHost(allowed, host);
+    }
+    return allowed;
+}
+const ALLOWED_HOSTS = buildAllowedHosts();
+class HostOriginPolicy {
+    validate(ctx) {
+        const { req, res } = ctx;
+        const host = this.resolveHostHeader(req);
+        if (!host)
+            return this.reject(res, 400, 'Missing or invalid Host header');
+        if (!ALLOWED_HOSTS.has(host))
+            return this.reject(res, 403, 'Host not allowed');
+        const originHeader = getHeaderValue(req, 'origin');
+        if (!originHeader)
+            return true;
+        const originHost = this.resolveOriginHost(originHeader);
+        if (!originHost)
+            return this.reject(res, 403, 'Invalid Origin header');
+        if (!ALLOWED_HOSTS.has(originHost))
+            return this.reject(res, 403, 'Origin not allowed');
+        return true;
+    }
+    resolveHostHeader(req) {
+        const host = getHeaderValue(req, 'host');
+        if (!host)
+            return null;
+        return normalizeHost(host);
+    }
+    resolveOriginHost(origin) {
+        if (origin === 'null')
+            return null;
+        try {
+            const parsed = new URL(origin);
+            return normalizeHost(parsed.host);
+        }
+        catch {
+            return null;
+        }
+    }
+    reject(res, status, message) {
+        sendJson(res, status, { error: message });
+        return false;
+    }
+}
+export const hostOriginPolicy = new HostOriginPolicy();
+// ---------------------------------------------------------------------------
+// HTTP mode configuration guard
+// ---------------------------------------------------------------------------
+export function assertHttpModeConfiguration() {
+    const configuredHost = normalizeHost(config.server.host);
+    const isLoopback = configuredHost !== null && LOOPBACK_HOSTS.has(configuredHost);
+    const isRemoteBinding = !isLoopback;
+    if (isRemoteBinding && !config.security.allowRemote) {
+        throw new Error('ALLOW_REMOTE must be true to bind to non-loopback interfaces');
+    }
+    if (isRemoteBinding && config.auth.mode !== 'oauth') {
+        throw new Error('OAuth authentication is required for remote bindings');
+    }
+    if (config.auth.mode === 'static' && config.auth.staticTokens.length === 0) {
+        throw new Error('Static auth requires ACCESS_TOKENS or API_KEY to be configured');
+    }
+}
+// ---------------------------------------------------------------------------
+// MCP protocol version
+// ---------------------------------------------------------------------------
+const DEFAULT_MCP_PROTOCOL_VERSION = '2025-11-25';
+const LEGACY_MCP_PROTOCOL_VERSION = '2025-03-26';
+export const SUPPORTED_MCP_PROTOCOL_VERSIONS = new Set([
+    DEFAULT_MCP_PROTOCOL_VERSION,
+    LEGACY_MCP_PROTOCOL_VERSION,
+]);
+export function resolveMcpProtocolVersion(req) {
+    const versionHeader = getHeaderValue(req, 'mcp-protocol-version');
+    if (!versionHeader)
+        return undefined;
+    const version = versionHeader.trim();
+    return version.length > 0 ? version : undefined;
+}
+export function ensureMcpProtocolVersion(req, res, options) {
+    const version = resolveMcpProtocolVersion(req);
+    const requireHeader = options?.requireHeader ?? false;
+    if (!version) {
+        if (!requireHeader) {
+            // Permissive backward-compat fallback: clients predating MCP 2025-03-26 do not
+            // send MCP-Protocol-Version. Accepting requests without the header keeps older
+            // integrations working. Pass requireHeader: true to enforce strict version checking.
+            return true;
+        }
+        sendError(res, -32600, 'Missing MCP-Protocol-Version header');
+        return false;
+    }
+    if (!SUPPORTED_MCP_PROTOCOL_VERSIONS.has(version)) {
+        sendError(res, -32600, `Unsupported MCP-Protocol-Version: ${version}`);
+        return false;
+    }
+    const expectedVersion = options?.expectedVersion;
+    if (expectedVersion && version !== expectedVersion) {
+        sendError(res, -32600, `MCP-Protocol-Version mismatch: expected ${expectedVersion}, got ${version}`);
+        return false;
+    }
+    return true;
+}
+// ---------------------------------------------------------------------------
+// Auth fingerprint
+// ---------------------------------------------------------------------------
+const SESSION_AUTH_FINGERPRINT_KEY = randomBytes(32);
+export function buildAuthFingerprint(auth) {
+    if (!auth)
+        return null;
+    const safeClientId = typeof auth.clientId === 'string' ? auth.clientId : '';
+    const safeToken = typeof auth.token === 'string' ? auth.token : '';
+    if (!safeClientId && !safeToken)
+        return null;
+    return hmacSha256Hex(SESSION_AUTH_FINGERPRINT_KEY, `${safeClientId}:${safeToken}`);
+}
+// ---------------------------------------------------------------------------
+// Auth service
+// ---------------------------------------------------------------------------
+const STATIC_TOKEN_TTL_SECONDS = 60 * 60 * 24;
+const STATIC_TOKEN_HMAC_KEY = randomBytes(32);
+class AuthService {
+    staticTokenDigests = config.auth.staticTokens.map((token) => hmacSha256Hex(STATIC_TOKEN_HMAC_KEY, token));
+    async authenticate(req, signal) {
+        const authHeader = getHeaderValue(req, 'authorization');
+        if (!authHeader) {
+            return this.authenticateWithApiKey(req);
+        }
+        const token = this.resolveBearerToken(authHeader);
+        return this.authenticateWithToken(token, signal);
+    }
+    authenticateWithToken(token, signal) {
+        return config.auth.mode === 'oauth'
+            ? this.verifyWithIntrospection(token, signal)
+            : Promise.resolve(this.verifyStaticToken(token));
+    }
+    authenticateWithApiKey(req) {
+        const apiKey = getHeaderValue(req, 'x-api-key');
+        if (apiKey && config.auth.mode === 'static') {
+            return this.verifyStaticToken(apiKey);
+        }
+        if (apiKey && config.auth.mode === 'oauth') {
+            throw new InvalidTokenError('X-API-Key not supported for OAuth');
+        }
+        throw new InvalidTokenError('Missing Authorization header');
+    }
+    resolveBearerToken(authHeader) {
+        if (!authHeader.startsWith('Bearer ')) {
+            throw new InvalidTokenError('Invalid Authorization header format');
+        }
+        const token = authHeader.substring(7);
+        if (!token) {
+            throw new InvalidTokenError('Invalid Authorization header format');
+        }
+        return token;
+    }
+    buildStaticAuthInfo(token) {
+        return {
+            token,
+            clientId: 'static-token',
+            scopes: config.auth.requiredScopes,
+            expiresAt: Math.floor(Date.now() / 1000) + STATIC_TOKEN_TTL_SECONDS,
+            resource: config.auth.resourceUrl,
+        };
+    }
+    verifyStaticToken(token) {
+        if (this.staticTokenDigests.length === 0) {
+            throw new InvalidTokenError('No static tokens configured');
+        }
+        const tokenDigest = hmacSha256Hex(STATIC_TOKEN_HMAC_KEY, token);
+        const matched = hasConstantTimeMatch(this.staticTokenDigests, tokenDigest);
+        if (!matched)
+            throw new InvalidTokenError('Invalid token');
+        return this.buildStaticAuthInfo(token);
+    }
+    stripHash(url) {
+        const clean = new URL(url);
+        clean.hash = '';
+        return clean.href;
+    }
+    buildBasicAuthHeader(clientId, clientSecret) {
+        // Base64 is only an encoding for header transport; it is NOT encryption.
+        const credentials = `${clientId}:${clientSecret ?? ''}`;
+        return `Basic ${Buffer.from(credentials, 'utf8').toString('base64')}`;
+    }
+    buildIntrospectionRequest(token, resourceUrl, clientId, clientSecret) {
+        const body = new URLSearchParams({
+            token,
+            token_type_hint: 'access_token',
+            resource: this.stripHash(resourceUrl),
+        }).toString();
+        const headers = {
+            'content-type': 'application/x-www-form-urlencoded',
+        };
+        if (clientId) {
+            headers['authorization'] = this.buildBasicAuthHeader(clientId, clientSecret);
+        }
+        return { body, headers };
+    }
+    async requestIntrospection(url, request, timeoutMs, signal) {
+        const timeoutSignal = AbortSignal.timeout(timeoutMs);
+        const combinedSignal = signal
+            ? AbortSignal.any([signal, timeoutSignal])
+            : timeoutSignal;
+        const response = await fetch(url, {
+            method: 'POST',
+            headers: request.headers,
+            body: request.body,
+            signal: combinedSignal,
+        });
+        if (!response.ok) {
+            if (response.body) {
+                await response.body.cancel();
+            }
+            throw new ServerError(`Token introspection failed: ${response.status}`);
+        }
+        return response.json();
+    }
+    buildIntrospectionAuthInfo(token, payload) {
+        const { exp, client_id: clientIdRaw, scope: scopeRaw } = payload;
+        const expiresAt = typeof exp === 'number' ? exp : undefined;
+        const clientId = typeof clientIdRaw === 'string' ? clientIdRaw : 'unknown';
+        const info = {
+            token,
+            clientId,
+            scopes: typeof scopeRaw === 'string' ? scopeRaw.split(' ') : [],
+            resource: config.auth.resourceUrl,
+        };
+        if (expiresAt !== undefined)
+            info.expiresAt = expiresAt;
+        return info;
+    }
+    async verifyWithIntrospection(token, signal) {
+        if (!config.auth.introspectionUrl) {
+            throw new ServerError('Introspection not configured');
+        }
+        const req = this.buildIntrospectionRequest(token, config.auth.resourceUrl, config.auth.clientId, config.auth.clientSecret);
+        const payload = await this.requestIntrospection(config.auth.introspectionUrl, req, config.auth.introspectionTimeoutMs, signal);
+        if (!isObject(payload) || payload['active'] !== true) {
+            throw new InvalidTokenError('Token is inactive');
+        }
+        return this.buildIntrospectionAuthInfo(token, payload);
+    }
+}
+function resolvePublicOrigin(req) {
+    const host = getHeaderValue(req, 'host');
+    if (host) {
+        const protocol = config.server.https.enabled ? 'https' : 'http';
+        return `${protocol}://${host}`;
+    }
+    return config.auth.resourceUrl.origin;
+}
+function resolveResourceMetadataPath() {
+    return '/.well-known/oauth-protected-resource/mcp';
+}
+export function buildResourceMetadataUrl(req) {
+    const origin = resolvePublicOrigin(req);
+    const path = resolveResourceMetadataPath();
+    return new URL(path, `${origin}/`).href;
+}
+export function applyUnauthorizedAuthHeaders(req, res) {
+    const resourceMetadata = buildResourceMetadataUrl(req);
+    res.setHeader('WWW-Authenticate', `Bearer resource_metadata="${resourceMetadata}"`);
+}
+export function buildProtectedResourceMetadataDocument(req) {
+    const metadataUrl = buildResourceMetadataUrl(req);
+    return {
+        resource: config.auth.resourceUrl.href,
+        resource_metadata: metadataUrl,
+        authorization_servers: config.auth.issuerUrl
+            ? [config.auth.issuerUrl.href]
+            : [],
+        bearer_methods_supported: ['header'],
+        scopes_supported: config.auth.requiredScopes,
+    };
+}
+export function isProtectedResourceMetadataPath(pathname) {
+    return (pathname === '/.well-known/oauth-protected-resource' ||
+        pathname === '/.well-known/oauth-protected-resource/mcp');
+}
+export const authService = new AuthService();
+//# sourceMappingURL=auth.js.map

package/dist/http/auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../src/http/auth.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,iBAAiB,EACjB,WAAW,GACZ,MAAM,iDAAiD,CAAC;AAGzD,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AACrC,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAG1C,OAAO,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AACtC,OAAO,EAAE,aAAa,EAAE,mBAAmB,EAAE,MAAM,cAAc,CAAC;AAClE,OAAO,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAC;AACzD,OAAO,EAAE,QAAQ,EAAE,MAAM,mBAAmB,CAAC;AAC7C,OAAO,EACL,cAAc,EAEd,SAAS,EACT,SAAS,EACT,QAAQ,GACT,MAAM,cAAc,CAAC;AAEtB,8EAA8E;AAC9E,OAAO;AACP,8EAA8E;AAE9E,MAAM,UAAU;IACd,iFAAiF;IACjF,8EAA8E;IAC9E,4EAA4E;IAC5E,MAAM,CAAC,GAAmB;QACxB,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,GAAG,CAAC;QACzB,MAAM,MAAM,GAAG,cAAc,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;QAE7C,IAAI,MAAM,EAAE,CAAC;YACX,GAAG,CAAC,SAAS,CAAC,6BAA6B,EAAE,MAAM,CAAC,CAAC;YACrD,GAAG,CAAC,SAAS,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAClC,CAAC;aAAM,CAAC;YACN,GAAG,CAAC,SAAS,CAAC,6BAA6B,EAAE,GAAG,CAAC,CAAC;QACpD,CAAC;QAED,GAAG,CAAC,SAAS,CAAC,8BAA8B,EAAE,4BAA4B,CAAC,CAAC;QAC5E,GAAG,CAAC,SAAS,CACX,8BAA8B,EAC9B,+GAA+G,CAChH,CAAC;QAEF,IAAI,GAAG,CAAC,MAAM,KAAK,SAAS;YAAE,OAAO,KAAK,CAAC;QAC3C,SAAS,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QACpB,OAAO,IAAI,CAAC;IACd,CAAC;CACF;AAED,MAAM,CAAC,MAAM,UAAU,GAAG,IAAI,UAAU,EAAE,CAAC;AAE3C,8EAA8E;AAC9E,2BAA2B;AAC3B,8EAA8E;AAE9E,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,CAAC,WAAW,EAAE,WAAW,EAAE,KAAK,CAAC,CAAC,CAAC;AAClE,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC,CAAC;AAElD,SAAS,oBAAoB,CAC3B,UAA6B,EAC7B,KAAa;IAEb,8CAA8C;IAC9C,IAAI,OAAO,GAAG,CAAC,CAAC;IAChB,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;QACnC,OAAO,IAAI,mBAAmB,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC3D,CAAC;IACD,OAAO,OAAO,KAAK,CAAC,CAAC;AACvB,CAAC;AAED,SAAS,cAAc,CAAC,IAAY;IAClC,OAAO,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;AAClC,CAAC;AAED,SAAS,iBAAiB,CAAC,MAAmB,EAAE,KAAa;IAC3D,MAAM,UAAU,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC;IACxC,IAAI,UAAU;QAAE,MAAM,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;AACzC,CAAC;AAED,SAAS,iBAAiB;IACxB,MAAM,OAAO,GAAG,IAAI,GAAG,CAAS,cAAc,CAAC,CAAC;IAEhD,MAAM,cAAc,GAAG,aAAa,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IACzD,IAAI,cAAc,IAAI,CAAC,cAAc,CAAC,cAAc,CAAC,EAAE,CAAC;QACtD,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;IAC9B,CAAC;IAED,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,QAAQ,CAAC,YAAY,EAAE,CAAC;QAChD,iBAAiB,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;IACnC,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,MAAM,aAAa,GAAG,iBAAiB,EAAE,CAAC;AAE1C,MAAM,gBAAgB;IACpB,QAAQ,CAAC,GAAmB;QAC1B,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,GAAG,CAAC;QACzB,MAAM,IAAI,GAAG,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAC;QAEzC,IAAI,CAAC,IAAI;YAAE,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,GAAG,EAAE,gCAAgC,CAAC,CAAC;QAC1E,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC;YAC1B,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,GAAG,EAAE,kBAAkB,CAAC,CAAC;QAEnD,MAAM,YAAY,GAAG,cAAc,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;QACnD,IAAI,CAAC,YAAY;YAAE,OAAO,IAAI,CAAC;QAE/B,MAAM,UAAU,GAAG,IAAI,CAAC,iBAAiB,CAAC,YAAY,CAAC,CAAC;QACxD,IAAI,CAAC,UAAU;YAAE,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,GAAG,EAAE,uBAAuB,CAAC,CAAC;QACvE,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,UAAU,CAAC;YAChC,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,GAAG,EAAE,oBAAoB,CAAC,CAAC;QAErD,OAAO,IAAI,CAAC;IACd,CAAC;IAEO,iBAAiB,CAAC,GAAoB;QAC5C,MAAM,IAAI,GAAG,cAAc,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;QACzC,IAAI,CAAC,IAAI;YAAE,OAAO,IAAI,CAAC;QACvB,OAAO,aAAa,CAAC,IAAI,CAAC,CAAC;IAC7B,CAAC;IAEO,iBAAiB,CAAC,MAAc;QACtC,IAAI,MAAM,KAAK,MAAM;YAAE,OAAO,IAAI,CAAC;QACnC,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC;YAC/B,OAAO,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QACpC,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAEO,MAAM,CACZ,GAAmB,EACnB,MAAc,EACd,OAAe;QAEf,QAAQ,CAAC,GAAG,EAAE,MAAM,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;QAC1C,OAAO,KAAK,CAAC;IACf,CAAC;CACF;AAED,MAAM,CAAC,MAAM,gBAAgB,GAAG,IAAI,gBAAgB,EAAE,CAAC;AAEvD,8EAA8E;AAC9E,gCAAgC;AAChC,8EAA8E;AAE9E,MAAM,UAAU,2BAA2B;IACzC,MAAM,cAAc,GAAG,aAAa,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IACzD,MAAM,UAAU,GACd,cAAc,KAAK,IAAI,IAAI,cAAc,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;IAChE,MAAM,eAAe,GAAG,CAAC,UAAU,CAAC;IAEpC,IAAI,eAAe,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;QACpD,MAAM,IAAI,KAAK,CACb,8DAA8D,CAC/D,CAAC;IACJ,CAAC;IAED,IAAI,eAAe,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;QACpD,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAC;IAC1E,CAAC;IAED,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,KAAK,QAAQ,IAAI,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC3E,MAAM,IAAI,KAAK,CACb,gEAAgE,CACjE,CAAC;IACJ,CAAC;AACH,CAAC;AAED,8EAA8E;AAC9E,uBAAuB;AACvB,8EAA8E;AAE9E,MAAM,4BAA4B,GAAG,YAAY,CAAC;AAClD,MAAM,2BAA2B,GAAG,YAAY,CAAC;AACjD,MAAM,CAAC,MAAM,+BAA+B,GAAG,IAAI,GAAG,CAAS;IAC7D,4BAA4B;IAC5B,2BAA2B;CAC5B,CAAC,CAAC;AAOH,MAAM,UAAU,yBAAyB,CACvC,GAAoB;IAEpB,MAAM,aAAa,GAAG,cAAc,CAAC,GAAG,EAAE,sBAAsB,CAAC,CAAC;IAClE,IAAI,CAAC,aAAa;QAAE,OAAO,SAAS,CAAC;IAErC,MAAM,OAAO,GAAG,aAAa,CAAC,IAAI,EAAE,CAAC;IACrC,OAAO,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;AAClD,CAAC;AAED,MAAM,UAAU,wBAAwB,CACtC,GAAoB,EACpB,GAAmB,EACnB,OAAwC;IAExC,MAAM,OAAO,GAAG,yBAAyB,CAAC,GAAG,CAAC,CAAC;IAC/C,MAAM,aAAa,GAAG,OAAO,EAAE,aAAa,IAAI,KAAK,CAAC;IAEtD,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,+EAA+E;YAC/E,+EAA+E;YAC/E,qFAAqF;YACrF,OAAO,IAAI,CAAC;QACd,CAAC;QAED,SAAS,CAAC,GAAG,EAAE,CAAC,KAAK,EAAE,qCAAqC,CAAC,CAAC;QAC9D,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,CAAC,+BAA+B,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;QAClD,SAAS,CAAC,GAAG,EAAE,CAAC,KAAK,EAAE,qCAAqC,OAAO,EAAE,CAAC,CAAC;QACvE,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,eAAe,GAAG,OAAO,EAAE,eAAe,CAAC;IACjD,IAAI,eAAe,IAAI,OAAO,KAAK,eAAe,EAAE,CAAC;QACnD,SAAS,CACP,GAAG,EACH,CAAC,KAAK,EACN,2CAA2C,eAAe,SAAS,OAAO,EAAE,CAC7E,CAAC;QACF,OAAO,KAAK,CAAC;IACf,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,8EAA8E;AAC9E,mBAAmB;AACnB,8EAA8E;AAE9E,MAAM,4BAA4B,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;AAErD,MAAM,UAAU,oBAAoB,CAClC,IAA0B;IAE1B,IAAI,CAAC,IAAI;QAAE,OAAO,IAAI,CAAC;IAEvB,MAAM,YAAY,GAAG,OAAO,IAAI,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC;IAC5E,MAAM,SAAS,GAAG,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;IAEnE,IAAI,CAAC,YAAY,IAAI,CAAC,SAAS;QAAE,OAAO,IAAI,CAAC;IAC7C,OAAO,aAAa,CAClB,4BAA4B,EAC5B,GAAG,YAAY,IAAI,SAAS,EAAE,CAC/B,CAAC;AACJ,CAAC;AAED,8EAA8E;AAC9E,eAAe;AACf,8EAA8E;AAE9E,MAAM,wBAAwB,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC;AAC9C,MAAM,qBAAqB,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;AAE9C,MAAM,WAAW;IACE,kBAAkB,GAAG,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAC3E,aAAa,CAAC,qBAAqB,EAAE,KAAK,CAAC,CAC5C,CAAC;IAEF,KAAK,CAAC,YAAY,CAChB,GAAoB,EACpB,MAAoB;QAEpB,MAAM,UAAU,GAAG,cAAc,CAAC,GAAG,EAAE,eAAe,CAAC,CAAC;QACxD,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,OAAO,IAAI,CAAC,sBAAsB,CAAC,GAAG,CAAC,CAAC;QAC1C,CAAC;QAED,MAAM,KAAK,GAAG,IAAI,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC;QAClD,OAAO,IAAI,CAAC,qBAAqB,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;IACnD,CAAC;IAEO,qBAAqB,CAC3B,KAAa,EACb,MAAoB;QAEpB,OAAO,MAAM,CAAC,IAAI,CAAC,IAAI,KAAK,OAAO;YACjC,CAAC,CAAC,IAAI,CAAC,uBAAuB,CAAC,KAAK,EAAE,MAAM,CAAC;YAC7C,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC,CAAC;IACrD,CAAC;IAEO,sBAAsB,CAAC,GAAoB;QACjD,MAAM,MAAM,GAAG,cAAc,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;QAEhD,IAAI,MAAM,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC5C,OAAO,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC;QACxC,CAAC;QACD,IAAI,MAAM,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;YAC3C,MAAM,IAAI,iBAAiB,CAAC,mCAAmC,CAAC,CAAC;QACnE,CAAC;QAED,MAAM,IAAI,iBAAiB,CAAC,8BAA8B,CAAC,CAAC;IAC9D,CAAC;IAEO,kBAAkB,CAAC,UAAkB;QAC3C,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YACtC,MAAM,IAAI,iBAAiB,CAAC,qCAAqC,CAAC,CAAC;QACrE,CAAC;QACD,MAAM,KAAK,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;QACtC,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,IAAI,iBAAiB,CAAC,qCAAqC,CAAC,CAAC;QACrE,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAEO,mBAAmB,CAAC,KAAa;QACvC,OAAO;YACL,KAAK;YACL,QAAQ,EAAE,cAAc;YACxB,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,cAAc;YAClC,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,wBAAwB;YACnE,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC,WAAW;SAClC,CAAC;IACJ,CAAC;IAEO,iBAAiB,CAAC,KAAa;QACrC,IAAI,IAAI,CAAC,kBAAkB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACzC,MAAM,IAAI,iBAAiB,CAAC,6BAA6B,CAAC,CAAC;QAC7D,CAAC;QAED,MAAM,WAAW,GAAG,aAAa,CAAC,qBAAqB,EAAE,KAAK,CAAC,CAAC;QAChE,MAAM,OAAO,GAAG,oBAAoB,CAAC,IAAI,CAAC,kBAAkB,EAAE,WAAW,CAAC,CAAC;QAE3E,IAAI,CAAC,OAAO;YAAE,MAAM,IAAI,iBAAiB,CAAC,eAAe,CAAC,CAAC;QAC3D,OAAO,IAAI,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC;IACzC,CAAC;IAEO,SAAS,CAAC,GAAQ;QACxB,MAAM,KAAK,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAC3B,KAAK,CAAC,IAAI,GAAG,EAAE,CAAC;QAChB,OAAO,KAAK,CAAC,IAAI,CAAC;IACpB,CAAC;IAEO,oBAAoB,CAC1B,QAAgB,EAChB,YAAgC;QAEhC,yEAAyE;QACzE,MAAM,WAAW,GAAG,GAAG,QAAQ,IAAI,YAAY,IAAI,EAAE,EAAE,CAAC;QACxD,OAAO,SAAS,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;IACxE,CAAC;IAEO,yBAAyB,CAC/B,KAAa,EACb,WAAgB,EAChB,QAA4B,EAC5B,YAAgC;QAEhC,MAAM,IAAI,GAAG,IAAI,eAAe,CAAC;YAC/B,KAAK;YACL,eAAe,EAAE,cAAc;YAC/B,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC;SACtC,CAAC,CAAC,QAAQ,EAAE,CAAC;QAEd,MAAM,OAAO,GAA2B;YACtC,cAAc,EAAE,mCAAmC;SACpD,CAAC;QAEF,IAAI,QAAQ,EAAE,CAAC;YACb,OAAO,CAAC,eAAe,CAAC,GAAG,IAAI,CAAC,oBAAoB,CAClD,QAAQ,EACR,YAAY,CACb,CAAC;QACJ,CAAC;QAED,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;IAC3B,CAAC;IAEO,KAAK,CAAC,oBAAoB,CAChC,GAAQ,EACR,OAA0D,EAC1D,SAAiB,EACjB,MAAoB;QAEpB,MAAM,aAAa,GAAG,WAAW,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QACrD,MAAM,cAAc,GAAG,MAAM;YAC3B,CAAC,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;YAC1C,CAAC,CAAC,aAAa,CAAC;QAElB,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAChC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,IAAI,EAAE,OAAO,CAAC,IAAI;YAClB,MAAM,EAAE,cAAc;SACvB,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,IAAI,QAAQ,CAAC,IAAI,EAAE,CAAC;gBAClB,MAAM,QAAQ,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YAC/B,CAAC;YACD,MAAM,IAAI,WAAW,CAAC,+BAA+B,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;QAC1E,CAAC;QAED,OAAO,QAAQ,CAAC,IAAI,EAAE,CAAC;IACzB,CAAC;IAEO,0BAA0B,CAChC,KAAa,EACb,OAAgC;QAEhC,MAAM,EAAE,GAAG,EAAE,SAAS,EAAE,WAAW,EAAE,KAAK,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC;QACjE,MAAM,SAAS,GAAG,OAAO,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC;QAC5D,MAAM,QAAQ,GAAG,OAAO,WAAW,KAAK,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;QAE3E,MAAM,IAAI,GAAa;YACrB,KAAK;YACL,QAAQ;YACR,MAAM,EAAE,OAAO,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE;YAC/D,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC,WAAW;SAClC,CAAC;QAEF,IAAI,SAAS,KAAK,SAAS;YAAE,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;QACxD,OAAO,IAAI,CAAC;IACd,CAAC;IAEO,KAAK,CAAC,uBAAuB,CACnC,KAAa,EACb,MAAoB;QAEpB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,gBAAgB,EAAE,CAAC;YAClC,MAAM,IAAI,WAAW,CAAC,8BAA8B,CAAC,CAAC;QACxD,CAAC;QAED,MAAM,GAAG,GAAG,IAAI,CAAC,yBAAyB,CACxC,KAAK,EACL,MAAM,CAAC,IAAI,CAAC,WAAW,EACvB,MAAM,CAAC,IAAI,CAAC,QAAQ,EACpB,MAAM,CAAC,IAAI,CAAC,YAAY,CACzB,CAAC;QAEF,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,oBAAoB,CAC7C,MAAM,CAAC,IAAI,CAAC,gBAAgB,EAC5B,GAAG,EACH,MAAM,CAAC,IAAI,CAAC,sBAAsB,EAClC,MAAM,CACP,CAAC;QAEF,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,KAAK,IAAI,EAAE,CAAC;YACrD,MAAM,IAAI,iBAAiB,CAAC,mBAAmB,CAAC,CAAC;QACnD,CAAC;QAED,OAAO,IAAI,CAAC,0BAA0B,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;IACzD,CAAC;CACF;AAED,SAAS,mBAAmB,CAAC,GAAoB;IAC/C,MAAM,IAAI,GAAG,cAAc,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;IACzC,IAAI,IAAI,EAAE,CAAC;QACT,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC;QAChE,OAAO,GAAG,QAAQ,MAAM,IAAI,EAAE,CAAC;IACjC,CAAC;IAED,OAAO,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC;AACxC,CAAC;AAED,SAAS,2BAA2B;IAClC,OAAO,2CAA2C,CAAC;AACrD,CAAC;AAED,MAAM,UAAU,wBAAwB,CAAC,GAAoB;IAC3D,MAAM,MAAM,GAAG,mBAAmB,CAAC,GAAG,CAAC,CAAC;IACxC,MAAM,IAAI,GAAG,2BAA2B,EAAE,CAAC;IAC3C,OAAO,IAAI,GAAG,CAAC,IAAI,EAAE,GAAG,MAAM,GAAG,CAAC,CAAC,IAAI,CAAC;AAC1C,CAAC;AAED,MAAM,UAAU,4BAA4B,CAC1C,GAAoB,EACpB,GAAmB;IAEnB,MAAM,gBAAgB,GAAG,wBAAwB,CAAC,GAAG,CAAC,CAAC;IACvD,GAAG,CAAC,SAAS,CACX,kBAAkB,EAClB,6BAA6B,gBAAgB,GAAG,CACjD,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,sCAAsC,CAAC,GAAoB;IAOzE,MAAM,WAAW,GAAG,wBAAwB,CAAC,GAAG,CAAC,CAAC;IAElD,OAAO;QACL,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI;QACtC,iBAAiB,EAAE,WAAW;QAC9B,qBAAqB,EAAE,MAAM,CAAC,IAAI,CAAC,SAAS;YAC1C,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;YAC9B,CAAC,CAAC,EAAE;QACN,wBAAwB,EAAE,CAAC,QAAQ,CAAC;QACpC,gBAAgB,EAAE,MAAM,CAAC,IAAI,CAAC,cAAc;KAC7C,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,+BAA+B,CAAC,QAAgB;IAC9D,OAAO,CACL,QAAQ,KAAK,uCAAuC;QACpD,QAAQ,KAAK,2CAA2C,CACzD,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,MAAM,WAAW,GAAG,IAAI,WAAW,EAAE,CAAC"}

package/dist/http/health.d.ts

@@ -0,0 +1,7 @@
+import type { SessionStore } from '../session.js';
+import { type RequestContext } from './helpers.js';
+export declare function resetEventLoopMonitoring(): void;
+export declare function disableEventLoopMonitoring(): void;
+export declare function shouldHandleHealthRoute(ctx: RequestContext): boolean;
+export declare function sendHealthRouteResponse(store: SessionStore, ctx: RequestContext, authPresent: boolean): boolean;
+//# sourceMappingURL=health.d.ts.map

package/dist/http/health.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"health.d.ts","sourceRoot":"","sources":["../../src/http/health.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAElD,OAAO,EAAE,KAAK,cAAc,EAAY,MAAM,cAAc,CAAC;AAY7D,wBAAgB,wBAAwB,IAAI,IAAI,CAI/C;AAED,wBAAgB,0BAA0B,IAAI,IAAI,CAEjD;AAwMD,wBAAgB,uBAAuB,CAAC,GAAG,EAAE,cAAc,GAAG,OAAO,CAEpE;AAED,wBAAgB,uBAAuB,CACrC,KAAK,EAAE,YAAY,EACnB,GAAG,EAAE,cAAc,EACnB,WAAW,EAAE,OAAO,GACnB,OAAO,CAOT"}

package/dist/http/health.js

@@ -0,0 +1,156 @@
+import { freemem, hostname, totalmem } from 'node:os';
+import { monitorEventLoopDelay, performance } from 'node:perf_hooks';
+import process from 'node:process';
+import { keys as cacheKeys } from '../cache.js';
+import { config, serverVersion } from '../config.js';
+import { getTransformPoolStats } from '../transform/transform.js';
+import { sendJson } from './helpers.js';
+// ---------------------------------------------------------------------------
+// Event-loop monitoring
+// ---------------------------------------------------------------------------
+const EVENT_LOOP_DELAY_RESOLUTION_MS = 20;
+const eventLoopDelay = monitorEventLoopDelay({
+    resolution: EVENT_LOOP_DELAY_RESOLUTION_MS,
+});
+let lastEventLoopUtilization = performance.eventLoopUtilization();
+export function resetEventLoopMonitoring() {
+    lastEventLoopUtilization = performance.eventLoopUtilization();
+    eventLoopDelay.reset();
+    eventLoopDelay.enable();
+}
+export function disableEventLoopMonitoring() {
+    eventLoopDelay.disable();
+}
+// ---------------------------------------------------------------------------
+// Stats helpers
+// ---------------------------------------------------------------------------
+function roundTo(value, precision) {
+    const factor = 10 ** precision;
+    return Math.round(value * factor) / factor;
+}
+function formatEventLoopUtilization(snapshot) {
+    return {
+        utilization: roundTo(snapshot.utilization, 4),
+        activeMs: Math.round(snapshot.active),
+        idleMs: Math.round(snapshot.idle),
+    };
+}
+function toMs(valueNs) {
+    return roundTo(valueNs / 1_000_000, 3);
+}
+function getEventLoopStats() {
+    const current = performance.eventLoopUtilization();
+    const delta = performance.eventLoopUtilization(current, lastEventLoopUtilization);
+    lastEventLoopUtilization = current;
+    return {
+        utilization: {
+            total: formatEventLoopUtilization(current),
+            sinceLast: formatEventLoopUtilization(delta),
+        },
+        delay: {
+            minMs: toMs(eventLoopDelay.min),
+            maxMs: toMs(eventLoopDelay.max),
+            meanMs: toMs(eventLoopDelay.mean),
+            stddevMs: toMs(eventLoopDelay.stddev),
+            p50Ms: toMs(eventLoopDelay.percentile(50)),
+            p95Ms: toMs(eventLoopDelay.percentile(95)),
+            p99Ms: toMs(eventLoopDelay.percentile(99)),
+        },
+    };
+}
+function buildHealthResponse(store, includeDiagnostics) {
+    const base = {
+        status: 'ok',
+        version: serverVersion,
+        uptime: Math.floor(process.uptime()),
+        timestamp: new Date().toISOString(),
+    };
+    if (!includeDiagnostics)
+        return base;
+    const poolStats = getTransformPoolStats();
+    return {
+        ...base,
+        os: {
+            hostname: hostname(),
+            platform: process.platform,
+            arch: process.arch,
+            memoryFree: freemem(),
+            memoryTotal: totalmem(),
+        },
+        process: {
+            pid: process.pid,
+            ppid: process.ppid,
+            memory: process.memoryUsage(),
+            cpu: process.cpuUsage(),
+            resource: process.resourceUsage(),
+        },
+        perf: getEventLoopStats(),
+        stats: {
+            activeSessions: store.size(),
+            cacheKeys: cacheKeys().length,
+            workerPool: poolStats ?? {
+                queueDepth: 0,
+                activeWorkers: 0,
+                capacity: 0,
+            },
+        },
+    };
+}
+function sendHealth(store, res, includeDiagnostics) {
+    res.setHeader('Cache-Control', 'no-store');
+    sendJson(res, 200, buildHealthResponse(store, includeDiagnostics));
+}
+// ---------------------------------------------------------------------------
+// Health route helpers
+// ---------------------------------------------------------------------------
+function isVerboseHealthRequest(ctx) {
+    const value = ctx.url.searchParams.get('verbose');
+    if (!value)
+        return false;
+    const normalized = value.trim().toLowerCase();
+    return normalized === '1' || normalized === 'true';
+}
+function isGetHealthRoute(ctx) {
+    return ctx.method === 'GET' && ctx.url.pathname === '/health';
+}
+function isVerboseHealthRoute(ctx) {
+    return isGetHealthRoute(ctx) && isVerboseHealthRequest(ctx);
+}
+function isHealthRoute(ctx) {
+    return isGetHealthRoute(ctx);
+}
+function ensureHealthAuthIfNeeded(ctx, authPresent) {
+    if (!isHealthRoute(ctx))
+        return true;
+    const isVerbose = isVerboseHealthRequest(ctx);
+    if (!isVerbose)
+        return true;
+    if (!config.security.allowRemote)
+        return true;
+    if (authPresent)
+        return true;
+    sendJson(ctx.res, 401, {
+        error: 'Authentication required for verbose health metrics',
+    });
+    return false;
+}
+function resolveHealthDiagnosticsMode(ctx, authPresent) {
+    if (!isVerboseHealthRoute(ctx))
+        return false;
+    if (authPresent)
+        return true;
+    return !config.security.allowRemote;
+}
+export function shouldHandleHealthRoute(ctx) {
+    return isGetHealthRoute(ctx);
+}
+export function sendHealthRouteResponse(store, ctx, authPresent) {
+    if (!shouldHandleHealthRoute(ctx))
+        return false;
+    if (!ensureHealthAuthIfNeeded(ctx, authPresent))
+        return true;
+    const includeDiagnostics = resolveHealthDiagnosticsMode(ctx, authPresent);
+    sendHealth(store, ctx.res, includeDiagnostics);
+    return true;
+}
+//# sourceMappingURL=health.js.map

package/dist/http/health.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"health.js","sourceRoot":"","sources":["../../src/http/health.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AACtD,OAAO,EAAE,qBAAqB,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AACrE,OAAO,OAAO,MAAM,cAAc,CAAC;AAEnC,OAAO,EAAE,IAAI,IAAI,SAAS,EAAE,MAAM,aAAa,CAAC;AAChD,OAAO,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAErD,OAAO,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAC;AAClE,OAAO,EAAuB,QAAQ,EAAE,MAAM,cAAc,CAAC;AAE7D,8EAA8E;AAC9E,wBAAwB;AACxB,8EAA8E;AAE9E,MAAM,8BAA8B,GAAG,EAAE,CAAC;AAC1C,MAAM,cAAc,GAAG,qBAAqB,CAAC;IAC3C,UAAU,EAAE,8BAA8B;CAC3C,CAAC,CAAC;AACH,IAAI,wBAAwB,GAAG,WAAW,CAAC,oBAAoB,EAAE,CAAC;AAElE,MAAM,UAAU,wBAAwB;IACtC,wBAAwB,GAAG,WAAW,CAAC,oBAAoB,EAAE,CAAC;IAC9D,cAAc,CAAC,KAAK,EAAE,CAAC;IACvB,cAAc,CAAC,MAAM,EAAE,CAAC;AAC1B,CAAC;AAED,MAAM,UAAU,0BAA0B;IACxC,cAAc,CAAC,OAAO,EAAE,CAAC;AAC3B,CAAC;AAED,8EAA8E;AAC9E,gBAAgB;AAChB,8EAA8E;AAE9E,SAAS,OAAO,CAAC,KAAa,EAAE,SAAiB;IAC/C,MAAM,MAAM,GAAG,EAAE,IAAI,SAAS,CAAC;IAC/B,OAAO,IAAI,CAAC,KAAK,CAAC,KAAK,GAAG,MAAM,CAAC,GAAG,MAAM,CAAC;AAC7C,CAAC;AAED,SAAS,0BAA0B,CACjC,QAA6D;IAE7D,OAAO;QACL,WAAW,EAAE,OAAO,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC,CAAC;QAC7C,QAAQ,EAAE,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC;QACrC,MAAM,EAAE,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC;KAClC,CAAC;AACJ,CAAC;AAED,SAAS,IAAI,CAAC,OAAe;IAC3B,OAAO,OAAO,CAAC,OAAO,GAAG,SAAS,EAAE,CAAC,CAAC,CAAC;AACzC,CAAC;AAED,SAAS,iBAAiB;IAexB,MAAM,OAAO,GAAG,WAAW,CAAC,oBAAoB,EAAE,CAAC;IACnD,MAAM,KAAK,GAAG,WAAW,CAAC,oBAAoB,CAC5C,OAAO,EACP,wBAAwB,CACzB,CAAC;IACF,wBAAwB,GAAG,OAAO,CAAC;IAEnC,OAAO;QACL,WAAW,EAAE;YACX,KAAK,EAAE,0BAA0B,CAAC,OAAO,CAAC;YAC1C,SAAS,EAAE,0BAA0B,CAAC,KAAK,CAAC;SAC7C;QACD,KAAK,EAAE;YACL,KAAK,EAAE,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC;YAC/B,KAAK,EAAE,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC;YAC/B,MAAM,EAAE,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC;YACjC,QAAQ,EAAE,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC;YACrC,KAAK,EAAE,IAAI,CAAC,cAAc,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;YAC1C,KAAK,EAAE,IAAI,CAAC,cAAc,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;YAC1C,KAAK,EAAE,IAAI,CAAC,cAAc,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;SAC3C;KACF,CAAC;AACJ,CAAC;AAqCD,SAAS,mBAAmB,CAC1B,KAAmB,EACnB,kBAA2B;IAE3B,MAAM,IAAI,GAAmB;QAC3B,MAAM,EAAE,IAAI;QACZ,OAAO,EAAE,aAAa;QACtB,MAAM,EAAE,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;QACpC,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACpC,CAAC;IAEF,IAAI,CAAC,kBAAkB;QAAE,OAAO,IAAI,CAAC;IAErC,MAAM,SAAS,GAAG,qBAAqB,EAAE,CAAC;IAC1C,OAAO;QACL,GAAG,IAAI;QACP,EAAE,EAAE;YACF,QAAQ,EAAE,QAAQ,EAAE;YACpB,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,IAAI,EAAE,OAAO,CAAC,IAAI;YAClB,UAAU,EAAE,OAAO,EAAE;YACrB,WAAW,EAAE,QAAQ,EAAE;SACxB;QACD,OAAO,EAAE;YACP,GAAG,EAAE,OAAO,CAAC,GAAG;YAChB,IAAI,EAAE,OAAO,CAAC,IAAI;YAClB,MAAM,EAAE,OAAO,CAAC,WAAW,EAAE;YAC7B,GAAG,EAAE,OAAO,CAAC,QAAQ,EAAE;YACvB,QAAQ,EAAE,OAAO,CAAC,aAAa,EAAE;SAClC;QACD,IAAI,EAAE,iBAAiB,EAAE;QACzB,KAAK,EAAE;YACL,cAAc,EAAE,KAAK,CAAC,IAAI,EAAE;YAC5B,SAAS,EAAE,SAAS,EAAE,CAAC,MAAM;YAC7B,UAAU,EAAE,SAAS,IAAI;gBACvB,UAAU,EAAE,CAAC;gBACb,aAAa,EAAE,CAAC;gBAChB,QAAQ,EAAE,CAAC;aACZ;SACF;KACF,CAAC;AACJ,CAAC;AAED,SAAS,UAAU,CACjB,KAAmB,EACnB,GAAmB,EACnB,kBAA2B;IAE3B,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,UAAU,CAAC,CAAC;IAC3C,QAAQ,CAAC,GAAG,EAAE,GAAG,EAAE,mBAAmB,CAAC,KAAK,EAAE,kBAAkB,CAAC,CAAC,CAAC;AACrE,CAAC;AAED,8EAA8E;AAC9E,uBAAuB;AACvB,8EAA8E;AAE9E,SAAS,sBAAsB,CAAC,GAAmB;IACjD,MAAM,KAAK,GAAG,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IAClD,IAAI,CAAC,KAAK;QAAE,OAAO,KAAK,CAAC;IACzB,MAAM,UAAU,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC9C,OAAO,UAAU,KAAK,GAAG,IAAI,UAAU,KAAK,MAAM,CAAC;AACrD,CAAC;AAED,SAAS,gBAAgB,CAAC,GAAmB;IAC3C,OAAO,GAAG,CAAC,MAAM,KAAK,KAAK,IAAI,GAAG,CAAC,GAAG,CAAC,QAAQ,KAAK,SAAS,CAAC;AAChE,CAAC;AAED,SAAS,oBAAoB,CAAC,GAAmB;IAC/C,OAAO,gBAAgB,CAAC,GAAG,CAAC,IAAI,sBAAsB,CAAC,GAAG,CAAC,CAAC;AAC9D,CAAC;AAED,SAAS,aAAa,CAAC,GAAmB;IACxC,OAAO,gBAAgB,CAAC,GAAG,CAAC,CAAC;AAC/B,CAAC;AAED,SAAS,wBAAwB,CAC/B,GAAmB,EACnB,WAAoB;IAEpB,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IACrC,MAAM,SAAS,GAAG,sBAAsB,CAAC,GAAG,CAAC,CAAC;IAE9C,IAAI,CAAC,SAAS;QAAE,OAAO,IAAI,CAAC;IAC5B,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,WAAW;QAAE,OAAO,IAAI,CAAC;IAC9C,IAAI,WAAW;QAAE,OAAO,IAAI,CAAC;IAE7B,QAAQ,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE;QACrB,KAAK,EAAE,oDAAoD;KAC5D,CAAC,CAAC;IACH,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,4BAA4B,CACnC,GAAmB,EACnB,WAAoB;IAEpB,IAAI,CAAC,oBAAoB,CAAC,GAAG,CAAC;QAAE,OAAO,KAAK,CAAC;IAC7C,IAAI,WAAW;QAAE,OAAO,IAAI,CAAC;IAC7B,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC;AACtC,CAAC;AAED,MAAM,UAAU,uBAAuB,CAAC,GAAmB;IACzD,OAAO,gBAAgB,CAAC,GAAG,CAAC,CAAC;AAC/B,CAAC;AAED,MAAM,UAAU,uBAAuB,CACrC,KAAmB,EACnB,GAAmB,EACnB,WAAoB;IAEpB,IAAI,CAAC,uBAAuB,CAAC,GAAG,CAAC;QAAE,OAAO,KAAK,CAAC;IAChD,IAAI,CAAC,wBAAwB,CAAC,GAAG,EAAE,WAAW,CAAC;QAAE,OAAO,IAAI,CAAC;IAE7D,MAAM,kBAAkB,GAAG,4BAA4B,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;IAC1E,UAAU,CAAC,KAAK,EAAE,GAAG,CAAC,GAAG,EAAE,kBAAkB,CAAC,CAAC;IAC/C,OAAO,IAAI,CAAC;AACd,CAAC"}

package/dist/http/helpers.d.ts

@@ -0,0 +1,58 @@
+import type { AuthInfo } from '@modelcontextprotocol/sdk/server/auth/types.js';
+import type { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
+import type { StreamableHTTPServerTransport } from '@modelcontextprotocol/sdk/server/streamableHttp.js';
+import type { Transport } from '@modelcontextprotocol/sdk/shared/transport.js';
+import type { IncomingMessage, Server, ServerResponse } from 'node:http';
+import type { Server as HttpsServer } from 'node:https';
+import type { JsonRpcId } from '../mcp-validator.js';
+export type NetworkServer = Server | HttpsServer;
+export interface RequestContext {
+    req: IncomingMessage;
+    res: ServerResponse;
+    url: URL;
+    method: string | undefined;
+    ip: string | null;
+    body: unknown;
+    signal?: AbortSignal;
+}
+export interface AuthenticatedContext extends RequestContext {
+    auth: AuthInfo;
+}
+export declare function setNoStoreHeaders(res: ServerResponse): void;
+export declare function sendJson(res: ServerResponse, status: number, body: unknown): void;
+export declare function sendText(res: ServerResponse, status: number, body: string): void;
+export declare function sendEmpty(res: ServerResponse, status: number): void;
+export declare function sendError(res: ServerResponse, code: number, message: string, status?: number, id?: JsonRpcId): void;
+export declare function getHeaderValue(req: IncomingMessage, name: string): string | null;
+export declare function getMcpSessionId(req: IncomingMessage): string | null;
+export declare function findDuplicateSingleValueHeader(req: IncomingMessage): string | null;
+export declare function drainRequest(req: IncomingMessage): void;
+export declare function createRequestAbortSignal(req: IncomingMessage): {
+    signal: AbortSignal;
+    cleanup: () => void;
+};
+export declare function normalizeRemoteAddress(address: string | undefined): string | null;
+export declare function registerInboundBlockList(server: NetworkServer): void;
+export declare function buildRequestContext(req: IncomingMessage, res: ServerResponse, signal?: AbortSignal): RequestContext | null;
+export declare function closeTransportBestEffort(transport: {
+    close: () => Promise<unknown>;
+}, context: string): Promise<void>;
+export declare function closeMcpServerBestEffort(server: McpServer, context: string): Promise<void>;
+export declare function createTransportAdapter(transportImpl: StreamableHTTPServerTransport): Transport;
+type JsonBodyErrorKind = 'payload-too-large' | 'invalid-json' | 'read-failed';
+export declare class JsonBodyError extends Error {
+    readonly kind: JsonBodyErrorKind;
+    constructor(kind: JsonBodyErrorKind, message: string);
+}
+export declare const DEFAULT_BODY_LIMIT_BYTES: number;
+declare class JsonBodyReader {
+    read(req: IncomingMessage, limit?: number, signal?: AbortSignal): Promise<unknown>;
+    private readBody;
+    private attachAbortListener;
+    private detachAbortListener;
+    private collectChunks;
+    private normalizeChunk;
+}
+export declare const jsonBodyReader: JsonBodyReader;
+export {};
+//# sourceMappingURL=helpers.d.ts.map

package/dist/http/helpers.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"helpers.d.ts","sourceRoot":"","sources":["../../src/http/helpers.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,gDAAgD,CAAC;AAC/E,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACzE,OAAO,KAAK,EAAE,6BAA6B,EAAE,MAAM,oDAAoD,CAAC;AACxG,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,+CAA+C,CAAC;AAG/E,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AACzE,OAAO,KAAK,EAAE,MAAM,IAAI,WAAW,EAAE,MAAM,YAAY,CAAC;AAUxD,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAC;AAQrD,MAAM,MAAM,aAAa,GAAG,MAAM,GAAG,WAAW,CAAC;AAEjD,MAAM,WAAW,cAAc;IAC7B,GAAG,EAAE,eAAe,CAAC;IACrB,GAAG,EAAE,cAAc,CAAC;IACpB,GAAG,EAAE,GAAG,CAAC;IACT,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC;IAC3B,EAAE,EAAE,MAAM,GAAG,IAAI,CAAC;IAClB,IAAI,EAAE,OAAO,CAAC;IACd,MAAM,CAAC,EAAE,WAAW,CAAC;CACtB;AAED,MAAM,WAAW,oBAAqB,SAAQ,cAAc;IAC1D,IAAI,EAAE,QAAQ,CAAC;CAChB;AAMD,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,cAAc,GAAG,IAAI,CAG3D;AAED,wBAAgB,QAAQ,CACtB,GAAG,EAAE,cAAc,EACnB,MAAM,EAAE,MAAM,EACd,IAAI,EAAE,OAAO,GACZ,IAAI,CAKN;AAED,wBAAgB,QAAQ,CACtB,GAAG,EAAE,cAAc,EACnB,MAAM,EAAE,MAAM,EACd,IAAI,EAAE,MAAM,GACX,IAAI,CAKN;AAED,wBAAgB,SAAS,CAAC,GAAG,EAAE,cAAc,EAAE,MAAM,EAAE,MAAM,GAAG,IAAI,CAInE;AAED,wBAAgB,SAAS,CACvB,GAAG,EAAE,cAAc,EACnB,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,MAAM,SAAM,EACZ,EAAE,GAAE,SAAgB,GACnB,IAAI,CAMN;AAMD,wBAAgB,cAAc,CAC5B,GAAG,EAAE,eAAe,EACpB,IAAI,EAAE,MAAM,GACX,MAAM,GAAG,IAAI,CAIf;AAED,wBAAgB,eAAe,CAAC,GAAG,EAAE,eAAe,GAAG,MAAM,GAAG,IAAI,CAKnE;AAiBD,wBAAgB,8BAA8B,CAC5C,GAAG,EAAE,eAAe,GACnB,MAAM,GAAG,IAAI,CAKf;AAED,wBAAgB,YAAY,CAAC,GAAG,EAAE,eAAe,GAAG,IAAI,CAOvD;AAMD,wBAAgB,wBAAwB,CAAC,GAAG,EAAE,eAAe,GAAG;IAC9D,MAAM,EAAE,WAAW,CAAC;IACpB,OAAO,EAAE,MAAM,IAAI,CAAC;CACrB,CA2CA;AAMD,wBAAgB,sBAAsB,CACpC,OAAO,EAAE,MAAM,GAAG,SAAS,GAC1B,MAAM,GAAG,IAAI,CAQf;AAED,wBAAgB,wBAAwB,CAAC,MAAM,EAAE,aAAa,GAAG,IAAI,CAoBpE;AAMD,wBAAgB,mBAAmB,CACjC,GAAG,EAAE,eAAe,EACpB,GAAG,EAAE,cAAc,EACnB,MAAM,CAAC,EAAE,WAAW,GACnB,cAAc,GAAG,IAAI,CAkBvB;AAMD,wBAAsB,wBAAwB,CAC5C,SAAS,EAAE;IAAE,KAAK,EAAE,MAAM,OAAO,CAAC,OAAO,CAAC,CAAA;CAAE,EAC5C,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,IAAI,CAAC,CAMf;AAED,wBAAsB,wBAAwB,CAC5C,MAAM,EAAE,SAAS,EACjB,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,IAAI,CAAC,CAMf;AAED,wBAAgB,sBAAsB,CACpC,aAAa,EAAE,6BAA6B,GAC3C,SAAS,CA4CX;AAMD,KAAK,iBAAiB,GAAG,mBAAmB,GAAG,cAAc,GAAG,aAAa,CAAC;AAE9E,qBAAa,aAAc,SAAQ,KAAK;IACtC,QAAQ,CAAC,IAAI,EAAE,iBAAiB,CAAC;gBAErB,IAAI,EAAE,iBAAiB,EAAE,OAAO,EAAE,MAAM;CAKrD;AAED,eAAO,MAAM,wBAAwB,QAAc,CAAC;AAMpD,cAAM,cAAc;IACZ,IAAI,CACR,GAAG,EAAE,eAAe,EACpB,KAAK,SAA2B,EAChC,MAAM,CAAC,EAAE,WAAW,GACnB,OAAO,CAAC,OAAO,CAAC;YAkCL,QAAQ;IAgBtB,OAAO,CAAC,mBAAmB;IAuB3B,OAAO,CAAC,mBAAmB;YAYb,aAAa;IAwD3B,OAAO,CAAC,cAAc;CAKvB;AAED,eAAO,MAAM,cAAc,gBAAuB,CAAC"}