@j0hanz/superfetch 2.1.3 → 2.1.5

package/dist/http/auth-static.js

@@ -1,23 +0,0 @@
-import { InvalidTokenError } from '@modelcontextprotocol/sdk/server/auth/errors.js';
-import { config } from '../config/index.js';
-import { timingSafeEqualUtf8 } from '../utils/crypto.js';
-const STATIC_TOKEN_TTL_SECONDS = 60 * 60 * 24;
-function buildStaticAuthInfo(token) {
-    return {
-        token,
-        clientId: 'static-token',
-        scopes: config.auth.requiredScopes,
-        expiresAt: Math.floor(Date.now() / 1000) + STATIC_TOKEN_TTL_SECONDS,
-        resource: config.auth.resourceUrl,
-    };
-}
-export function verifyStaticToken(token) {
-    if (config.auth.staticTokens.length === 0) {
-        throw new InvalidTokenError('No static tokens configured');
-    }
-    const matched = config.auth.staticTokens.some((candidate) => timingSafeEqualUtf8(candidate, token));
-    if (!matched) {
-        throw new InvalidTokenError('Invalid token');
-    }
-    return buildStaticAuthInfo(token);
-}

package/dist/http/auth.d.ts

@@ -1,3 +0,0 @@
-import type { RequestHandler, Router } from 'express';
-export declare function createAuthMiddleware(): RequestHandler;
-export declare function createAuthMetadataRouter(): Router | null;

package/dist/http/auth.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../src/http/auth.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAsC/D,wBAAgB,oBAAoB,CAClC,SAAS,EAAE,MAAM,GAChB,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE,YAAY,KAAK,IAAI,CAa3D"}

package/dist/http/auth.js

@@ -1,269 +0,0 @@
-import { InvalidTokenError, ServerError, } from '@modelcontextprotocol/sdk/server/auth/errors.js';
-import { requireBearerAuth } from '@modelcontextprotocol/sdk/server/auth/middleware/bearerAuth.js';
-import { getOAuthProtectedResourceMetadataUrl, mcpAuthMetadataRouter, } from '@modelcontextprotocol/sdk/server/auth/router.js';
-import { config } from '../config/index.js';
-import { timingSafeEqualUtf8 } from '../utils/crypto.js';
-import { isRecord } from '../utils/guards.js';
-const STATIC_TOKEN_TTL_SECONDS = 60 * 60 * 24;
-function stripHash(url) {
-    const copy = new URL(url.href);
-    copy.hash = '';
-    return copy.href;
-}
-function parseScopes(value) {
-    if (typeof value === 'string') {
-        return value
-            .split(' ')
-            .map((scope) => scope.trim())
-            .filter((scope) => scope.length > 0);
-    }
-    if (Array.isArray(value)) {
-        return value.filter((scope) => typeof scope === 'string');
-    }
-    return [];
-}
-function parseResourceUrl(value) {
-    if (typeof value !== 'string')
-        return undefined;
-    if (!URL.canParse(value))
-        return undefined;
-    return new URL(value);
-}
-function parseAudResource(aud) {
-    if (typeof aud === 'string') {
-        return parseResourceUrl(aud);
-    }
-    if (Array.isArray(aud)) {
-        for (const entry of aud) {
-            const parsed = parseResourceUrl(entry);
-            if (parsed)
-                return parsed;
-        }
-    }
-    return undefined;
-}
-function extractResource(data) {
-    const resource = parseResourceUrl(data.resource);
-    if (resource)
-        return resource;
-    return parseAudResource(data.aud);
-}
-function extractScopes(data) {
-    if (data.scope !== undefined) {
-        return parseScopes(data.scope);
-    }
-    if (data.scopes !== undefined) {
-        return parseScopes(data.scopes);
-    }
-    if (data.scp !== undefined) {
-        return parseScopes(data.scp);
-    }
-    return [];
-}
-function readExpiresAt(data) {
-    const expiresAt = typeof data.exp === 'number' ? data.exp : Number.NaN;
-    if (!Number.isFinite(expiresAt)) {
-        throw new InvalidTokenError('Token has no expiration time');
-    }
-    return expiresAt;
-}
-function resolveClientId(data) {
-    if (typeof data.client_id === 'string')
-        return data.client_id;
-    if (typeof data.cid === 'string')
-        return data.cid;
-    if (typeof data.sub === 'string')
-        return data.sub;
-    return 'unknown';
-}
-function ensureResourceMatch(resource) {
-    if (resource && stripHash(resource) !== stripHash(config.auth.resourceUrl)) {
-        throw new InvalidTokenError('Token resource mismatch');
-    }
-    return resource;
-}
-function buildIntrospectionAuthInfo(token, data) {
-    const resource = ensureResourceMatch(extractResource(data));
-    return {
-        token,
-        clientId: resolveClientId(data),
-        scopes: extractScopes(data),
-        expiresAt: readExpiresAt(data),
-        resource: resource ?? config.auth.resourceUrl,
-        extra: data,
-    };
-}
-function buildBasicAuthHeader(clientId, clientSecret) {
-    const secret = clientSecret ?? '';
-    const basic = Buffer.from(`${clientId}:${secret}`, 'utf8').toString('base64');
-    return `Basic ${basic}`;
-}
-function buildIntrospectionRequest(token, resourceUrl, clientId, clientSecret) {
-    const body = new URLSearchParams({
-        token,
-        token_type_hint: 'access_token',
-        resource: stripHash(resourceUrl),
-    }).toString();
-    const headers = {
-        'content-type': 'application/x-www-form-urlencoded',
-    };
-    if (clientId) {
-        headers.authorization = buildBasicAuthHeader(clientId, clientSecret);
-    }
-    return { body, headers };
-}
-async function requestIntrospection(introspectionUrl, request, timeoutMs) {
-    const response = await fetch(introspectionUrl, {
-        method: 'POST',
-        headers: request.headers,
-        body: request.body,
-        signal: AbortSignal.timeout(timeoutMs),
-    });
-    if (!response.ok) {
-        await response.body?.cancel();
-        throw new ServerError(`Token introspection failed: ${response.status}`);
-    }
-    return response.json();
-}
-function parseIntrospectionPayload(payload) {
-    if (!isRecord(payload) || Array.isArray(payload)) {
-        throw new ServerError('Invalid introspection response');
-    }
-    if (payload.active !== true) {
-        throw new InvalidTokenError('Token is inactive');
-    }
-    return payload;
-}
-async function verifyWithIntrospection(token) {
-    const { auth } = config;
-    if (!auth.introspectionUrl) {
-        throw new ServerError('Token introspection is not configured');
-    }
-    const request = buildIntrospectionRequest(token, auth.resourceUrl, auth.clientId, auth.clientSecret);
-    const payload = await requestIntrospection(auth.introspectionUrl, request, auth.introspectionTimeoutMs);
-    return buildIntrospectionAuthInfo(token, parseIntrospectionPayload(payload));
-}
-function buildStaticAuthInfo(token) {
-    return {
-        token,
-        clientId: 'static-token',
-        scopes: config.auth.requiredScopes,
-        expiresAt: Math.floor(Date.now() / 1000) + STATIC_TOKEN_TTL_SECONDS,
-        resource: config.auth.resourceUrl,
-    };
-}
-function verifyStaticToken(token) {
-    if (config.auth.staticTokens.length === 0) {
-        throw new InvalidTokenError('No static tokens configured');
-    }
-    const matched = config.auth.staticTokens.some((candidate) => timingSafeEqualUtf8(candidate, token));
-    if (!matched) {
-        throw new InvalidTokenError('Invalid token');
-    }
-    return buildStaticAuthInfo(token);
-}
-function normalizeHeaderValue(header) {
-    return Array.isArray(header) ? header[0] : header;
-}
-function getApiKeyHeader(req) {
-    const apiKeyHeader = normalizeHeaderValue(req.headers['x-api-key']);
-    return apiKeyHeader ? apiKeyHeader.trim() : null;
-}
-function createLegacyApiKeyMiddleware() {
-    return (req, _res, next) => {
-        if (config.auth.mode !== 'static') {
-            next();
-            return;
-        }
-        if (!req.headers.authorization) {
-            const apiKey = getApiKeyHeader(req);
-            if (apiKey) {
-                req.headers.authorization = `Bearer ${apiKey}`;
-            }
-        }
-        next();
-    };
-}
-async function verifyAccessToken(token) {
-    if (config.auth.mode === 'oauth') {
-        return verifyWithIntrospection(token);
-    }
-    return verifyStaticToken(token);
-}
-function resolveMetadataUrl() {
-    if (config.auth.mode !== 'oauth')
-        return null;
-    return getOAuthProtectedResourceMetadataUrl(new URL(config.auth.resourceUrl));
-}
-function resolveOptionalScopes(requiredScopes) {
-    return requiredScopes.length > 0 ? [...requiredScopes] : undefined;
-}
-function resolveOAuthMetadataParams(authConfig) {
-    const { issuerUrl, authorizationUrl, tokenUrl, revocationUrl, registrationUrl, requiredScopes, } = authConfig;
-    if (!issuerUrl || !authorizationUrl || !tokenUrl)
-        return null;
-    return {
-        issuerUrl,
-        authorizationUrl,
-        tokenUrl,
-        revocationUrl,
-        registrationUrl,
-        requiredScopes,
-    };
-}
-function buildBaseOAuthMetadata(params) {
-    return {
-        issuer: params.issuerUrl.href,
-        authorization_endpoint: params.authorizationUrl.href,
-        response_types_supported: ['code'],
-        code_challenge_methods_supported: ['S256'],
-        token_endpoint: params.tokenUrl.href,
-        token_endpoint_auth_methods_supported: ['client_secret_post', 'none'],
-        grant_types_supported: ['authorization_code', 'refresh_token'],
-    };
-}
-function applyOptionalScopes(metadata, requiredScopes) {
-    const scopesSupported = resolveOptionalScopes(requiredScopes);
-    if (scopesSupported !== undefined) {
-        metadata.scopes_supported = scopesSupported;
-    }
-}
-function applyOptionalEndpoint(metadata, key, url) {
-    if (!url)
-        return;
-    metadata[key] = url.href;
-}
-function buildOAuthMetadata(params) {
-    const oauthMetadata = buildBaseOAuthMetadata(params);
-    applyOptionalScopes(oauthMetadata, params.requiredScopes);
-    applyOptionalEndpoint(oauthMetadata, 'revocation_endpoint', params.revocationUrl);
-    applyOptionalEndpoint(oauthMetadata, 'registration_endpoint', params.registrationUrl);
-    return oauthMetadata;
-}
-export function createAuthMiddleware() {
-    const metadataUrl = resolveMetadataUrl();
-    const authHandler = requireBearerAuth({
-        verifier: { verifyAccessToken },
-        requiredScopes: config.auth.requiredScopes,
-        ...(metadataUrl ? { resourceMetadataUrl: metadataUrl } : {}),
-    });
-    const legacyHandler = createLegacyApiKeyMiddleware();
-    return (req, res, next) => {
-        legacyHandler(req, res, () => {
-            authHandler(req, res, next);
-        });
-    };
-}
-export function createAuthMetadataRouter() {
-    if (config.auth.mode !== 'oauth')
-        return null;
-    const oauthMetadataParams = resolveOAuthMetadataParams(config.auth);
-    if (!oauthMetadataParams)
-        return null;
-    return mcpAuthMetadataRouter({
-        oauthMetadata: buildOAuthMetadata(oauthMetadataParams),
-        resourceServerUrl: config.auth.resourceUrl,
-        scopesSupported: config.auth.requiredScopes,
-        resourceName: config.server.name,
-    });
-}

package/dist/http/auth.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../src/http/auth.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAEzD,SAAS,oBAAoB,CAC3B,MAAqC;IAErC,OAAO,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;AACpD,CAAC;AAED,SAAS,gBAAgB,CAAC,CAAS,EAAE,CAAS;IAC5C,OAAO,mBAAmB,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;AACnC,CAAC;AAED,SAAS,mBAAmB,CAAC,GAAY,EAAE,SAAiB;IAC1D,IAAI,CAAC,SAAS;QAAE,OAAO,KAAK,CAAC;IAE7B,MAAM,WAAW,GAAG,cAAc,CAAC,GAAG,CAAC,CAAC;IACxC,IAAI,WAAW,EAAE,CAAC;QAChB,OAAO,gBAAgB,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC;IAClD,CAAC;IAED,MAAM,YAAY,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC;IAC1C,OAAO,YAAY,CAAC,CAAC,CAAC,gBAAgB,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;AAC1E,CAAC;AAED,SAAS,cAAc,CAAC,GAAY;IAClC,MAAM,UAAU,GAAG,oBAAoB,CAAC,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;IACnE,IAAI,CAAC,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC;QAAE,OAAO,IAAI,CAAC;IACpD,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC;IACxD,OAAO,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;AACzC,CAAC;AAED,SAAS,eAAe,CAAC,GAAY;IACnC,MAAM,YAAY,GAAG,oBAAoB,CAAC,GAAG,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC;IACpE,OAAO,YAAY,CAAC,CAAC,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;AACnD,CAAC;AAED,MAAM,UAAU,oBAAoB,CAClC,SAAiB;IAEjB,OAAO,CAAC,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAQ,EAAE;QAC/D,IAAI,mBAAmB,CAAC,GAAG,EAAE,SAAS,CAAC,EAAE,CAAC;YACxC,IAAI,EAAE,CAAC;YACP,OAAO;QACT,CAAC;QAED,GAAG,CAAC,GAAG,CACL,kBAAkB,EAClB,+FAA+F,CAChG,CAAC;QACF,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,CAAC,CAAC;IAClD,CAAC,CAAC;AACJ,CAAC"}

package/dist/http/base-middleware.d.ts

@@ -1,7 +0,0 @@
-import type { Express, RequestHandler } from 'express';
-export declare function attachBaseMiddleware(options: {
-    app: Express;
-    jsonParser: RequestHandler;
-    rateLimitMiddleware: RequestHandler;
-    corsMiddleware: RequestHandler;
-}): void;

package/dist/http/base-middleware.js

@@ -1,143 +0,0 @@
-import { randomUUID } from 'node:crypto';
-import { config } from '../config/index.js';
-import { runWithRequestContext } from '../services/context.js';
-import { logDebug } from '../services/logger.js';
-import { normalizeHost } from '../utils/host-normalizer.js';
-import { getSessionId } from './mcp-sessions.js';
-const LOOPBACK_HOSTS = new Set(['localhost', '127.0.0.1', '::1']);
-function getNonEmptyStringHeader(value) {
-    if (typeof value !== 'string')
-        return null;
-    const trimmed = value.trim();
-    return trimmed === '' ? null : trimmed;
-}
-function respondHostNotAllowed(res) {
-    res.status(403).json({
-        error: 'Host not allowed',
-        code: 'HOST_NOT_ALLOWED',
-    });
-}
-function respondOriginNotAllowed(res) {
-    res.status(403).json({
-        error: 'Origin not allowed',
-        code: 'ORIGIN_NOT_ALLOWED',
-    });
-}
-function tryParseOriginHostname(originHeader) {
-    try {
-        return new URL(originHeader).hostname.toLowerCase();
-    }
-    catch {
-        return null;
-    }
-}
-function isWildcardHost(host) {
-    return host === '0.0.0.0' || host === '::';
-}
-function addLoopbackHosts(allowedHosts) {
-    for (const host of LOOPBACK_HOSTS) {
-        allowedHosts.add(host);
-    }
-}
-function addConfiguredHost(allowedHosts) {
-    const configuredHost = normalizeHost(config.server.host);
-    if (!configuredHost)
-        return;
-    if (isWildcardHost(configuredHost))
-        return;
-    allowedHosts.add(configuredHost);
-}
-function addExplicitAllowedHosts(allowedHosts) {
-    for (const host of config.security.allowedHosts) {
-        const normalized = normalizeHost(host);
-        if (!normalized) {
-            logDebug('Ignoring invalid allowed host entry', { host });
-            continue;
-        }
-        allowedHosts.add(normalized);
-    }
-}
-function buildAllowedHosts() {
-    const allowedHosts = new Set();
-    addLoopbackHosts(allowedHosts);
-    addConfiguredHost(allowedHosts);
-    addExplicitAllowedHosts(allowedHosts);
-    return allowedHosts;
-}
-function createHostValidationMiddleware() {
-    const allowedHosts = buildAllowedHosts();
-    return (req, res, next) => {
-        const hostHeader = typeof req.headers.host === 'string' ? req.headers.host : '';
-        const normalized = normalizeHost(hostHeader);
-        if (!normalized || !allowedHosts.has(normalized)) {
-            respondHostNotAllowed(res);
-            return;
-        }
-        next();
-    };
-}
-function createOriginValidationMiddleware() {
-    const allowedHosts = buildAllowedHosts();
-    return (req, res, next) => {
-        const originHeader = getNonEmptyStringHeader(req.headers.origin);
-        if (!originHeader) {
-            next();
-            return;
-        }
-        const originHostname = tryParseOriginHostname(originHeader);
-        if (!originHostname || !allowedHosts.has(originHostname)) {
-            respondOriginNotAllowed(res);
-            return;
-        }
-        next();
-    };
-}
-function createJsonParseErrorHandler() {
-    return (err, _req, res, next) => {
-        if (err instanceof SyntaxError && 'body' in err) {
-            res.status(400).json({
-                jsonrpc: '2.0',
-                error: {
-                    code: -32700,
-                    message: 'Parse error: Invalid JSON',
-                },
-                id: null,
-            });
-            return;
-        }
-        next();
-    };
-}
-function createContextMiddleware() {
-    return (req, _res, next) => {
-        const requestId = randomUUID();
-        const sessionId = getSessionId(req);
-        const context = sessionId === undefined
-            ? { requestId, operationId: requestId }
-            : { requestId, operationId: requestId, sessionId };
-        runWithRequestContext(context, () => {
-            next();
-        });
-    };
-}
-function registerHealthRoute(app) {
-    app.get('/health', (_req, res) => {
-        res.json({
-            status: 'healthy',
-            name: config.server.name,
-            version: config.server.version,
-            uptime: process.uptime(),
-        });
-    });
-}
-export function attachBaseMiddleware(options) {
-    const { app, jsonParser, rateLimitMiddleware, corsMiddleware } = options;
-    app.use(createHostValidationMiddleware());
-    app.use(createOriginValidationMiddleware());
-    app.use(jsonParser);
-    app.use(createContextMiddleware());
-    app.use(createJsonParseErrorHandler());
-    app.use(corsMiddleware);
-    app.use('/mcp', rateLimitMiddleware);
-    registerHealthRoute(app);
-}

package/dist/http/cors.d.ts

@@ -1,2 +0,0 @@
-import type { NextFunction, Request, Response } from 'express';
-export declare function createCorsMiddleware(): (req: Request, res: Response, next: NextFunction) => void;

package/dist/http/cors.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"cors.d.ts","sourceRoot":"","sources":["../../src/http/cors.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAE/D,UAAU,WAAW;IACnB,QAAQ,CAAC,cAAc,EAAE,MAAM,EAAE,CAAC;IAClC,QAAQ,CAAC,eAAe,EAAE,OAAO,CAAC;CACnC;AAgBD,wBAAgB,oBAAoB,CAClC,OAAO,EAAE,WAAW,GACnB,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE,YAAY,KAAK,IAAI,CAoB3D"}

package/dist/http/cors.js

@@ -1,9 +0,0 @@
-export function createCorsMiddleware() {
-    return (req, res, next) => {
-        if (req.method === 'OPTIONS') {
-            res.sendStatus(200);
-            return;
-        }
-        next();
-    };
-}

package/dist/http/cors.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"cors.js","sourceRoot":"","sources":["../../src/http/cors.ts"],"names":[],"mappings":"AAOA,SAAS,eAAe,CACtB,MAA0B,EAC1B,OAAoB;IAEpB,IAAI,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IACzB,IAAI,OAAO,CAAC,eAAe;QAAE,OAAO,IAAI,CAAC;IACzC,IAAI,OAAO,CAAC,cAAc,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IACtD,OAAO,OAAO,CAAC,cAAc,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;AACjD,CAAC;AAED,SAAS,aAAa,CAAC,MAAc;IACnC,OAAO,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;AAC9B,CAAC;AAED,MAAM,UAAU,oBAAoB,CAClC,OAAoB;IAEpB,OAAO,CAAC,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAQ,EAAE;QAC/D,MAAM,MAAM,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC;QAClC,IAAI,uBAAuB,CAAC,MAAM,CAAC,EAAE,CAAC;YACpC,IAAI,EAAE,CAAC;YACP,OAAO;QACT,CAAC;QAED,IAAI,CAAC,gBAAgB,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,CAAC;YAC5C,IAAI,EAAE,CAAC;YACP,OAAO;QACT,CAAC;QAED,IAAI,GAAG,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;YAC7B,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;YACpB,OAAO;QACT,CAAC;QAED,IAAI,EAAE,CAAC;IACT,CAAC,CAAC;AACJ,CAAC;AAED,SAAS,aAAa,CAAC,GAAY;IACjC,OAAO,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC;AAC5B,CAAC;AAED,SAAS,uBAAuB,CAAC,MAA0B;IACzD,OAAO,OAAO,CAAC,MAAM,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;AACnD,CAAC;AAED,SAAS,gBAAgB,CACvB,GAAa,EACb,MAA0B,EAC1B,OAAoB;IAEpB,IAAI,eAAe,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,CAAC;QACrC,IAAI,MAAM,EAAE,CAAC;YACX,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACrB,CAAC;QACD,GAAG,CAAC,MAAM,CAAC,6BAA6B,EAAE,MAAM,IAAI,GAAG,CAAC,CAAC;QACzD,GAAG,CAAC,MAAM,CAAC,8BAA8B,EAAE,4BAA4B,CAAC,CAAC;QACzE,GAAG,CAAC,MAAM,CACR,8BAA8B,EAC9B,wDAAwD,CACzD,CAAC;QACF,GAAG,CAAC,MAAM,CAAC,+BAA+B,EAAE,gBAAgB,CAAC,CAAC;QAC9D,GAAG,CAAC,MAAM,CAAC,wBAAwB,EAAE,OAAO,CAAC,CAAC;QAC9C,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,OAAO,CAAC,cAAc,CAAC,MAAM,KAAK,CAAC,CAAC;AAC7C,CAAC"}

package/dist/http/download-routes.d.ts

@@ -1,2 +0,0 @@
-import type { Express } from 'express';
-export declare function registerDownloadRoutes(app: Express): void;

package/dist/http/download-routes.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"download-routes.d.ts","sourceRoot":"","sources":["../../src/http/download-routes.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAmC,MAAM,SAAS,CAAC;AAGxE,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,4BAA4B,CAAC;AAU7D,UAAU,cAAc;IACtB,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,MAAM,CAAC;CACd;AAQD,UAAU,eAAe;IACvB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAoFD,wBAAgB,sBAAsB,CACpC,MAAM,EAAE,cAAc,EACtB,UAAU,EAAE,UAAU,GACrB,eAAe,GAAG,IAAI,CAmBxB;AA+CD,wBAAgB,sBAAsB,CAAC,GAAG,EAAE,OAAO,GAAG,IAAI,CAQzD"}

package/dist/http/download-routes.js

@@ -1,104 +0,0 @@
-import { config } from '../config/index.js';
-import * as cache from '../services/cache.js';
-import { logDebug } from '../services/logger.js';
-import { parseCachedPayload, resolveCachedPayloadContent, } from '../utils/cached-payload.js';
-import { generateSafeFilename } from '../utils/filename-generator.js';
-const HASH_PATTERN = /^[a-f0-9.]+$/i;
-function validateNamespace(namespace) {
-    return namespace === 'markdown';
-}
-function validateHash(hash) {
-    return HASH_PATTERN.test(hash) && hash.length >= 8 && hash.length <= 64;
-}
-function isSingleParam(value) {
-    return typeof value === 'string';
-}
-function parseDownloadParams(req) {
-    const { namespace, hash } = req.params;
-    if (!isSingleParam(namespace) || !isSingleParam(hash))
-        return null;
-    if (!namespace || !hash)
-        return null;
-    if (!validateNamespace(namespace))
-        return null;
-    if (!validateHash(hash))
-        return null;
-    return { namespace, hash };
-}
-function buildCacheKeyFromParams(params) {
-    return `${params.namespace}:${params.hash}`;
-}
-function respondBadRequest(res, message) {
-    res.status(400).json({
-        error: message,
-        code: 'BAD_REQUEST',
-    });
-}
-function respondNotFound(res) {
-    res.status(404).json({
-        error: 'Content not found or expired',
-        code: 'NOT_FOUND',
-    });
-}
-function respondServiceUnavailable(res) {
-    res.status(503).json({
-        error: 'Download service is disabled',
-        code: 'SERVICE_UNAVAILABLE',
-    });
-}
-function resolveDownloadPayload(params, cacheEntry) {
-    const payload = parseCachedPayload(cacheEntry.content);
-    if (!payload)
-        return null;
-    const content = resolveCachedPayloadContent(payload);
-    if (!content)
-        return null;
-    const safeTitle = typeof payload.title === 'string' ? payload.title : undefined;
-    const fileName = generateSafeFilename(cacheEntry.url, cacheEntry.title ?? safeTitle, params.hash, '.md');
-    return {
-        content,
-        contentType: 'text/markdown; charset=utf-8',
-        fileName,
-    };
-}
-function buildContentDisposition(fileName) {
-    const encodedName = encodeURIComponent(fileName).replace(/'/g, '%27');
-    return `attachment; filename="${fileName}"; filename*=UTF-8''${encodedName}`;
-}
-function sendDownloadPayload(res, payload) {
-    const disposition = buildContentDisposition(payload.fileName);
-    res.setHeader('Content-Type', payload.contentType);
-    res.setHeader('Content-Disposition', disposition);
-    res.setHeader('Cache-Control', `private, max-age=${config.cache.ttl}`);
-    res.setHeader('X-Content-Type-Options', 'nosniff');
-    res.send(payload.content);
-}
-function handleDownload(req, res) {
-    if (!config.cache.enabled) {
-        respondServiceUnavailable(res);
-        return;
-    }
-    const params = parseDownloadParams(req);
-    if (!params) {
-        respondBadRequest(res, 'Invalid namespace or hash format');
-        return;
-    }
-    const cacheKey = buildCacheKeyFromParams(params);
-    const cacheEntry = cache.get(cacheKey);
-    if (!cacheEntry) {
-        logDebug('Download request for missing cache key', { cacheKey });
-        respondNotFound(res);
-        return;
-    }
-    const payload = resolveDownloadPayload(params, cacheEntry);
-    if (!payload) {
-        logDebug('Download payload unavailable', { cacheKey });
-        respondNotFound(res);
-        return;
-    }
-    logDebug('Serving download', { cacheKey, fileName: payload.fileName });
-    sendDownloadPayload(res, payload);
-}
-export function registerDownloadRoutes(app) {
-    app.get('/mcp/downloads/:namespace/:hash', handleDownload);
-}

package/dist/http/download-routes.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"download-routes.js","sourceRoot":"","sources":["../../src/http/download-routes.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAG5C,OAAO,KAAK,KAAK,MAAM,sBAAsB,CAAC;AAC9C,OAAO,EAAE,QAAQ,EAAE,MAAM,uBAAuB,CAAC;AAEjD,OAAO,EAAE,oBAAoB,EAAE,MAAM,gCAAgC,CAAC;AAEtE,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC,CAAC;AACtD,MAAM,YAAY,GAAG,eAAe,CAAC;AAmBrC,SAAS,iBAAiB,CAAC,SAAiB;IAC1C,OAAO,gBAAgB,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;AACzC,CAAC;AAED,SAAS,YAAY,CAAC,IAAY;IAChC,OAAO,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,MAAM,IAAI,CAAC,IAAI,IAAI,CAAC,MAAM,IAAI,EAAE,CAAC;AAC1E,CAAC;AAED,SAAS,mBAAmB,CAAC,GAAY;IACvC,MAAM,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,GAAG,CAAC,MAAM,CAAC;IAEvC,IAAI,CAAC,SAAS,IAAI,CAAC,IAAI;QAAE,OAAO,IAAI,CAAC;IACrC,IAAI,CAAC,iBAAiB,CAAC,SAAS,CAAC;QAAE,OAAO,IAAI,CAAC;IAC/C,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC;IAErC,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC;AAC7B,CAAC;AAED,SAAS,uBAAuB,CAAC,MAAsB;IACrD,OAAO,GAAG,MAAM,CAAC,SAAS,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC;AAC9C,CAAC;AAED,SAAS,iBAAiB,CAAC,GAAa,EAAE,OAAe;IACvD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;QACnB,KAAK,EAAE,OAAO;QACd,IAAI,EAAE,aAAa;KACpB,CAAC,CAAC;AACL,CAAC;AAED,SAAS,eAAe,CAAC,GAAa;IACpC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;QACnB,KAAK,EAAE,8BAA8B;QACrC,IAAI,EAAE,WAAW;KAClB,CAAC,CAAC;AACL,CAAC;AAED,SAAS,yBAAyB,CAAC,GAAa;IAC9C,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;QACnB,KAAK,EAAE,8BAA8B;QACrC,IAAI,EAAE,qBAAqB;KAC5B,CAAC,CAAC;AACL,CAAC;AAED,SAAS,kBAAkB,CAAC,SAAiB;IAC3C,OAAO,SAAS,KAAK,UAAU;QAC7B,CAAC,CAAC,8BAA8B;QAChC,CAAC,CAAC,qCAAqC,CAAC;AAC5C,CAAC;AAED,SAAS,gBAAgB,CAAC,SAAiB;IACzC,OAAO,SAAS,KAAK,UAAU,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC;AACrD,CAAC;AAED,SAAS,kBAAkB,CAAC,GAAW;IACrC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAY,CAAC;QAC1C,IAAI,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;YACzC,OAAO,MAAuB,CAAC;QACjC,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,qBAAqB,CAC5B,OAAsB,EACtB,SAAiB;IAEjB,IAAI,SAAS,KAAK,UAAU,EAAE,CAAC;QAC7B,IAAI,OAAO,OAAO,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;YACzC,OAAO,OAAO,CAAC,QAAQ,CAAC;QAC1B,CAAC;QACD,IAAI,OAAO,OAAO,CAAC,OAAO,KAAK,QAAQ,EAAE,CAAC;YACxC,OAAO,OAAO,CAAC,OAAO,CAAC;QACzB,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,OAAO,OAAO,CAAC,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC;AACtE,CAAC;AAED,MAAM,UAAU,sBAAsB,CACpC,MAAsB,EACtB,UAAsB;IAEtB,MAAM,OAAO,GAAG,kBAAkB,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IACvD,IAAI,CAAC,OAAO;QAAE,OAAO,IAAI,CAAC;IAE1B,MAAM,OAAO,GAAG,qBAAqB,CAAC,OAAO,EAAE,MAAM,CAAC,SAAS,CAAC,CAAC;IACjE,IAAI,CAAC,OAAO;QAAE,OAAO,IAAI,CAAC;IAE1B,MAAM,QAAQ,GAAG,oBAAoB,CACnC,UAAU,CAAC,GAAG,EACd,UAAU,CAAC,KAAK,IAAI,OAAO,CAAC,KAAK,EACjC,MAAM,CAAC,IAAI,EACX,gBAAgB,CAAC,MAAM,CAAC,SAAS,CAAC,CACnC,CAAC;IAEF,OAAO;QACL,OAAO;QACP,WAAW,EAAE,kBAAkB,CAAC,MAAM,CAAC,SAAS,CAAC;QACjD,QAAQ;KACT,CAAC;AACJ,CAAC;AAED,SAAS,uBAAuB,CAAC,QAAgB;IAC/C,MAAM,WAAW,GAAG,kBAAkB,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IACtE,OAAO,yBAAyB,QAAQ,uBAAuB,WAAW,EAAE,CAAC;AAC/E,CAAC;AAED,SAAS,cAAc,CAAC,GAAY,EAAE,GAAa;IACjD,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC;QAC1B,yBAAyB,CAAC,GAAG,CAAC,CAAC;QAC/B,OAAO,OAAO,CAAC,OAAO,EAAE,CAAC;IAC3B,CAAC;IAED,MAAM,MAAM,GAAG,mBAAmB,CAAC,GAAG,CAAC,CAAC;IACxC,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,iBAAiB,CAAC,GAAG,EAAE,kCAAkC,CAAC,CAAC;QAC3D,OAAO,OAAO,CAAC,OAAO,EAAE,CAAC;IAC3B,CAAC;IAED,MAAM,QAAQ,GAAG,uBAAuB,CAAC,MAAM,CAAC,CAAC;IACjD,MAAM,UAAU,GAAG,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IAEvC,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,QAAQ,CAAC,wCAAwC,EAAE,EAAE,QAAQ,EAAE,CAAC,CAAC;QACjE,eAAe,CAAC,GAAG,CAAC,CAAC;QACrB,OAAO,OAAO,CAAC,OAAO,EAAE,CAAC;IAC3B,CAAC;IAED,MAAM,OAAO,GAAG,sBAAsB,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;IAC3D,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,QAAQ,CAAC,8BAA8B,EAAE,EAAE,QAAQ,EAAE,CAAC,CAAC;QACvD,eAAe,CAAC,GAAG,CAAC,CAAC;QACrB,OAAO,OAAO,CAAC,OAAO,EAAE,CAAC;IAC3B,CAAC;IAED,MAAM,WAAW,GAAG,uBAAuB,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IAE9D,GAAG,CAAC,SAAS,CAAC,cAAc,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC;IACnD,GAAG,CAAC,SAAS,CAAC,qBAAqB,EAAE,WAAW,CAAC,CAAC;IAClD,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,oBAAoB,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC;IACvE,GAAG,CAAC,SAAS,CAAC,wBAAwB,EAAE,SAAS,CAAC,CAAC;IAEnD,QAAQ,CAAC,kBAAkB,EAAE,EAAE,QAAQ,EAAE,QAAQ,EAAE,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC;IACvE,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IAC1B,OAAO,OAAO,CAAC,OAAO,EAAE,CAAC;AAC3B,CAAC;AAED,MAAM,UAAU,sBAAsB,CAAC,GAAY;IACjD,MAAM,YAAY,GAChB,CAAC,EAAkD,EAAE,EAAE,CACvD,CAAC,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAE,EAAE;QAClD,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC5C,CAAC,CAAC;IAEJ,GAAG,CAAC,GAAG,CAAC,iCAAiC,EAAE,YAAY,CAAC,cAAc,CAAC,CAAC,CAAC;AAC3E,CAAC"}

package/dist/http/error-handler.d.ts

@@ -1,2 +0,0 @@
-import type { NextFunction, Request, Response } from 'express';
-export declare function errorHandler(err: Error, req: Request, res: Response, next: NextFunction): void;

package/dist/http/error-handler.js

@@ -1,55 +0,0 @@
-import { FetchError } from '../errors/app-error.js';
-import { logError } from '../services/logger.js';
-function getStatusCode(fetchError) {
-    return fetchError ? fetchError.statusCode : 500;
-}
-function getErrorCode(fetchError) {
-    return fetchError ? fetchError.code : 'INTERNAL_ERROR';
-}
-function getFetchErrorMessage(fetchError) {
-    return fetchError ? fetchError.message : 'Internal Server Error';
-}
-function getErrorDetails(fetchError) {
-    if (fetchError && Object.keys(fetchError.details).length > 0) {
-        return fetchError.details;
-    }
-    return undefined;
-}
-function resolveRetryAfter(fetchError) {
-    if (fetchError?.statusCode !== 429)
-        return undefined;
-    const { retryAfter } = fetchError.details;
-    return isRetryAfterValue(retryAfter) ? String(retryAfter) : undefined;
-}
-function isRetryAfterValue(value) {
-    return typeof value === 'number' || typeof value === 'string';
-}
-function setRetryAfterHeader(res, fetchError) {
-    const retryAfter = resolveRetryAfter(fetchError);
-    if (retryAfter === undefined)
-        return;
-    res.set('Retry-After', retryAfter);
-}
-function buildErrorResponse(fetchError) {
-    const details = getErrorDetails(fetchError);
-    const response = {
-        error: {
-            message: getFetchErrorMessage(fetchError),
-            code: getErrorCode(fetchError),
-            statusCode: getStatusCode(fetchError),
-            ...(details && { details }),
-        },
-    };
-    return response;
-}
-export function errorHandler(err, req, res, next) {
-    if (res.headersSent) {
-        next(err);
-        return;
-    }
-    const fetchError = err instanceof FetchError ? err : null;
-    const statusCode = getStatusCode(fetchError);
-    logError(`HTTP ${statusCode}: ${err.message} - ${req.method} ${req.path}`, err);
-    setRetryAfterHeader(res, fetchError);
-    res.status(statusCode).json(buildErrorResponse(fetchError));
-}

package/dist/http/host-allowlist.d.ts

@@ -1,3 +0,0 @@
-import type { RequestHandler } from 'express';
-export declare function createHostValidationMiddleware(): RequestHandler;
-export declare function createOriginValidationMiddleware(): RequestHandler;