@lynq/lynq 0.3.0 → 0.5.0

package/dist/middleware/crypto.mjs

@@ -0,0 +1,2 @@
+import {a}from'../chunk-BVDKAIOU.mjs';import'../chunk-OYHVJKUP.mjs';import'../chunk-VAAZWX4U.mjs';function g(e){let{recipient:s,amount:t,token:r="USDC",network:a$1="base",baseUrl:o,callbackPath:n="/payment/crypto/callback",once:p=false}=e,y=e.name??"crypto",m=e.sessionKey??"payment",f=e.message??`Payment required (${t} ${r}).`,i={name:y,sessionKey:m,message:f,buildUrl:({sessionId:c,elicitationId:l})=>{let b=new URLSearchParams({recipient:s,amount:String(t),token:r,network:a$1,state:`${c}:${l}`});return `${o}${n}?${b}`}};e.timeout!==void 0&&(i.timeout=e.timeout),e.skipIf&&(i.skipIf=e.skipIf),e.onComplete&&(i.onComplete=e.onComplete);let u=a(i);return p?u:{...u,onResult(c,l){return l.session.set(m,void 0),c}}}var P=g;async function C(e,s,t){let r=t.sessionKey??"payment",[a,o]=s.state.split(":");if(!a||!o)return {success:false,error:"Invalid state parameter"};try{return await h(s.txHash,t)?(e.session(a).set(r,{provider:"crypto",txHash:s.txHash,amount:t.amount,recipient:t.recipient,paidAt:new Date().toISOString()}),e.completeElicitation(o),{success:!0}):{success:!1,error:"Transaction verification failed"}}catch(n){return {success:false,error:n instanceof Error?n.message:String(n)}}}var x=C;async function h(e,s){let t=s.rpcUrl??"https://mainnet.base.org";try{return (await(await fetch(t,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({jsonrpc:"2.0",id:1,method:"eth_getTransactionReceipt",params:[e]})})).json()).result?.status==="0x1"}catch{return  false}}
+export{g as crypto,C as handleCallback,x as handleUsdcCallback,P as usdcPayment};

package/dist/middleware/github.d.ts

@@ -0,0 +1,54 @@
+import { s as ToolContext, v as ToolMiddleware, M as MCPServer } from '../types-BdFjg9Tn.js';
+import '@modelcontextprotocol/sdk/types.js';
+import 'zod';
+
+interface GitHubOptions {
+    /** Middleware name. Default: "github" */
+    name?: string;
+    /** GitHub OAuth App client ID. */
+    clientId: string;
+    /** GitHub OAuth App client secret. */
+    clientSecret: string;
+    /** OAuth callback URL (your server's callback endpoint). */
+    redirectUri: string;
+    /** GitHub OAuth scopes. Default: [] */
+    scopes?: string[];
+    /** Session key for user data. Default: "user" */
+    sessionKey?: string;
+    /** Message shown to the user. Default: "Please sign in with GitHub to continue." */
+    message?: string;
+    /** Timeout in ms. Default: 300000 */
+    timeout?: number;
+    /** Custom skip condition. Takes priority over sessionKey check. */
+    skipIf?: (c: ToolContext) => boolean | Promise<boolean>;
+    /** Called after authentication completes successfully, before next(). */
+    onComplete?: (c: ToolContext) => void | Promise<void>;
+}
+/** @deprecated Use `GitHubOptions` instead. */
+type GitHubOAuthOptions = GitHubOptions;
+declare function github(options: GitHubOptions): ToolMiddleware;
+/** @deprecated Use `github()` from `lynq/github` instead. */
+declare const githubOAuth: typeof github;
+interface HandleCallbackOptions {
+    clientId: string;
+    clientSecret: string;
+    /** Session key for user data. Default: "user" */
+    sessionKey?: string;
+}
+/** @deprecated Use `HandleCallbackOptions` instead. */
+type HandleGitHubCallbackOptions = HandleCallbackOptions;
+/**
+ * Handle GitHub OAuth callback. Call from your HTTP callback route.
+ * Exchanges code for token, fetches user info, stores in session, and completes elicitation.
+ */
+declare function handleCallback(server: MCPServer, params: {
+    code: string;
+    state: string;
+}, options: HandleCallbackOptions): Promise<{
+    success: boolean;
+    error?: string;
+}>;
+/** @deprecated Use `handleCallback()` from `lynq/github` instead. */
+declare const handleGitHubCallback: typeof handleCallback;
+
+export { type GitHubOAuthOptions, type GitHubOptions, type HandleCallbackOptions, type HandleGitHubCallbackOptions, github, githubOAuth, handleCallback, handleGitHubCallback };

package/dist/middleware/github.mjs

@@ -0,0 +1,2 @@
+import {a}from'../chunk-INAAPNKG.mjs';import'../chunk-OYHVJKUP.mjs';import'../chunk-VAAZWX4U.mjs';function p(e){let s=e.scopes??[],t={name:e.name??"github",sessionKey:e.sessionKey??"user",message:e.message??"Please sign in with GitHub to continue.",buildUrl({sessionId:c,elicitationId:n}){let r=new URLSearchParams({client_id:e.clientId,redirect_uri:e.redirectUri,state:`${c}:${n}`});return s.length>0&&r.set("scope",s.join(" ")),`https://github.com/login/oauth/authorize?${r}`}};return e.timeout!==void 0&&(t.timeout=e.timeout),e.skipIf&&(t.skipIf=e.skipIf),e.onComplete&&(t.onComplete=e.onComplete),a(t)}var h=p;async function d(e,s,t){let c=t.sessionKey??"user",[n,r]=s.state.split(":");if(!n||!r)return {success:false,error:"Invalid state parameter"};try{let i=await(await fetch("https://github.com/login/oauth/access_token",{method:"POST",headers:{"Content-Type":"application/json",Accept:"application/json"},body:JSON.stringify({client_id:t.clientId,client_secret:t.clientSecret,code:s.code})})).json();if(!i.access_token)return {success:!1,error:i.error_description??i.error??"Token exchange failed"};let u=await(await fetch("https://api.github.com/user",{headers:{Authorization:`Bearer ${i.access_token}`}})).json(),a=e.session(n);return a.set(c,u),a.set("accessToken",i.access_token),e.completeElicitation(r),{success:!0}}catch(o){return {success:false,error:o instanceof Error?o.message:String(o)}}}var f=d;
+export{p as github,h as githubOAuth,d as handleCallback,f as handleGitHubCallback};

package/dist/middleware/google.d.ts

@@ -0,0 +1,55 @@
+import { s as ToolContext, v as ToolMiddleware, M as MCPServer } from '../types-BdFjg9Tn.js';
+import '@modelcontextprotocol/sdk/types.js';
+import 'zod';
+
+interface GoogleOptions {
+    /** Middleware name. Default: "google" */
+    name?: string;
+    /** Google OAuth client ID. */
+    clientId: string;
+    /** Google OAuth client secret. */
+    clientSecret: string;
+    /** OAuth callback URL (your server's callback endpoint). */
+    redirectUri: string;
+    /** OAuth scopes. Default: ["openid", "profile", "email"] */
+    scopes?: string[];
+    /** Session key for user data. Default: "user" */
+    sessionKey?: string;
+    /** Message shown to the user. Default: "Please sign in with Google to continue." */
+    message?: string;
+    /** Timeout in ms. Default: 300000 */
+    timeout?: number;
+    /** Custom skip condition. Takes priority over sessionKey check. */
+    skipIf?: (c: ToolContext) => boolean | Promise<boolean>;
+    /** Called after authentication completes successfully, before next(). */
+    onComplete?: (c: ToolContext) => void | Promise<void>;
+}
+/** @deprecated Use `GoogleOptions` instead. */
+type GoogleOAuthOptions = GoogleOptions;
+declare function google(options: GoogleOptions): ToolMiddleware;
+/** @deprecated Use `google()` from `lynq/google` instead. */
+declare const googleOAuth: typeof google;
+interface HandleCallbackOptions {
+    clientId: string;
+    clientSecret: string;
+    redirectUri: string;
+    /** Session key for user data. Default: "user" */
+    sessionKey?: string;
+}
+/** @deprecated Use `HandleCallbackOptions` instead. */
+type HandleGoogleCallbackOptions = HandleCallbackOptions;
+/**
+ * Handle Google OAuth callback. Call from your HTTP callback route.
+ * Exchanges code for tokens, fetches user info, stores in session, and completes elicitation.
+ */
+declare function handleCallback(server: MCPServer, params: {
+    code: string;
+    state: string;
+}, options: HandleCallbackOptions): Promise<{
+    success: boolean;
+    error?: string;
+}>;
+/** @deprecated Use `handleCallback()` from `lynq/google` instead. */
+declare const handleGoogleCallback: typeof handleCallback;
+
+export { type GoogleOAuthOptions, type GoogleOptions, type HandleCallbackOptions, type HandleGoogleCallbackOptions, google, googleOAuth, handleCallback, handleGoogleCallback };

package/dist/middleware/google.mjs

@@ -0,0 +1,2 @@
+import {a}from'../chunk-INAAPNKG.mjs';import'../chunk-OYHVJKUP.mjs';import'../chunk-VAAZWX4U.mjs';function g(e){let s=e.scopes??["openid","profile","email"],t={name:e.name??"google",sessionKey:e.sessionKey??"user",message:e.message??"Please sign in with Google to continue.",buildUrl({sessionId:i,elicitationId:r}){return `https://accounts.google.com/o/oauth2/v2/auth?${new URLSearchParams({client_id:e.clientId,redirect_uri:e.redirectUri,response_type:"code",scope:s.join(" "),state:`${i}:${r}`,access_type:"offline"})}`}};return e.timeout!==void 0&&(t.timeout=e.timeout),e.skipIf&&(t.skipIf=e.skipIf),e.onComplete&&(t.onComplete=e.onComplete),a(t)}var f=g;async function p(e,s,t){let i=t.sessionKey??"user",[r,c]=s.state.split(":");if(!r||!c)return {success:false,error:"Invalid state parameter"};try{let o=await(await fetch("https://oauth2.googleapis.com/token",{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:new URLSearchParams({code:s.code,client_id:t.clientId,client_secret:t.clientSecret,redirect_uri:t.redirectUri,grant_type:"authorization_code"})})).json();if(!o.access_token)return {success:!1,error:o.error_description??o.error??"Token exchange failed"};let d=await(await fetch("https://www.googleapis.com/oauth2/v2/userinfo",{headers:{Authorization:`Bearer ${o.access_token}`}})).json(),a=e.session(r);return a.set(i,d),a.set("accessToken",o.access_token),o.id_token&&a.set("idToken",o.id_token),e.completeElicitation(c),{success:!0}}catch(n){return {success:false,error:n instanceof Error?n.message:String(n)}}}var h=p;
+export{g as google,f as googleOAuth,p as handleCallback,h as handleGoogleCallback};

package/dist/middleware/guard.d.ts

@@ -0,0 +1,15 @@
+import { v as ToolMiddleware } from '../types-BdFjg9Tn.js';
+import '@modelcontextprotocol/sdk/types.js';
+import 'zod';
+
+interface GuardOptions {
+    /** Middleware name. Used for authorize()/revoke(). Default: "guard" */
+    name?: string;
+    /** Session key to check. Default: "user" */
+    sessionKey?: string;
+    /** Error message when not authorized. */
+    message?: string;
+}
+declare function guard(options?: GuardOptions): ToolMiddleware;
+
+export { type GuardOptions, guard };

package/dist/middleware/guard.mjs

@@ -0,0 +1 @@
+export{a as guard}from'../chunk-L7SD7KKW.mjs';import'../chunk-VAAZWX4U.mjs';

package/dist/middleware/jwt.d.ts

@@ -0,0 +1,27 @@
+import { v as ToolMiddleware } from '../types-BdFjg9Tn.js';
+import '@modelcontextprotocol/sdk/types.js';
+import 'zod';
+
+interface JwtOptions {
+    /** Middleware name. Default: "jwt" */
+    name?: string;
+    /** Session key where the raw token is stored. Default: "token" */
+    tokenKey?: string;
+    /** Session key to store decoded payload. Default: "user" */
+    sessionKey?: string;
+    /** Symmetric secret for HMAC verification. */
+    secret?: string;
+    /** JWKS URI for remote key fetching. */
+    jwksUri?: string;
+    /** Expected issuer claim. */
+    issuer?: string;
+    /** Expected audience claim. */
+    audience?: string;
+    /** Additional validation on the decoded payload. Return user data or null. */
+    validate?: (payload: Record<string, unknown>) => unknown | null | Promise<unknown | null>;
+    /** Error message. Default: "Invalid or expired JWT." */
+    message?: string;
+}
+declare function jwt(options: JwtOptions): ToolMiddleware;
+
+export { type JwtOptions, jwt };

package/dist/middleware/jwt.mjs

@@ -0,0 +1 @@
+import {c}from'../chunk-VAAZWX4U.mjs';function j(e){let u=e.name??"jwt",y=e.tokenKey??"token",l=e.sessionKey??"user",d=e.message??"Invalid or expired JWT.",s=null;function m(){return s||(s=import('jose').catch(()=>(s=null,null))),s}return {name:u,onRegister(){return  false},async onCall(n,c$1){if(n.session.get(l))return c$1();let a=n.session.get(y);if(!a)return c("JWT required.");let t=await m();if(!t)return c("jose library is required for JWT middleware. Install it: pnpm add jose");try{let i;if(e.jwksUri){let o=t.createRemoteJWKSet(new URL(e.jwksUri));i=(await t.jwtVerify(a,o,{issuer:e.issuer,audience:e.audience})).payload;}else if(e.secret){let o=new TextEncoder().encode(e.secret);i=(await t.jwtVerify(a,o,{issuer:e.issuer,audience:e.audience})).payload;}else return c("JWT middleware misconfigured: provide secret or jwksUri.");let w=e.validate?await e.validate(i):i;return w?(n.session.set(l,w),n.session.authorize(u),c$1()):c(d)}catch{return c(d)}}}}export{j as jwt};

package/dist/middleware/logger.d.ts

@@ -0,0 +1,11 @@
+import { v as ToolMiddleware } from '../types-BdFjg9Tn.js';
+import '@modelcontextprotocol/sdk/types.js';
+import 'zod';
+
+interface LoggerOptions {
+    /** Custom log function. Default: console.log */
+    log?: (message: string) => void;
+}
+declare function logger(options?: LoggerOptions): ToolMiddleware;
+
+export { type LoggerOptions, logger };

package/dist/middleware/logger.mjs

@@ -0,0 +1 @@
+function a(s){let e=s?.log??console.log;return {name:"logger",async onCall(o,t){let n=performance.now();e(`[${o.toolName}] called (session: ${o.sessionId})`);let r=await t(),l=(performance.now()-n).toFixed(1);return e(`[${o.toolName}] ${l}ms${r.isError?" ERROR":""}`),r}}}export{a as logger};

package/dist/middleware/oauth.d.ts

@@ -0,0 +1,28 @@
+import { s as ToolContext, v as ToolMiddleware } from '../types-BdFjg9Tn.js';
+import '@modelcontextprotocol/sdk/types.js';
+import 'zod';
+
+interface OAuthOptions {
+    /** Middleware name. Default: "oauth" */
+    name?: string;
+    /** Session key for storing tokens. Default: "user" */
+    sessionKey?: string;
+    /** Message shown to the user. Default: "Please sign in to continue." */
+    message?: string;
+    /** Build the OAuth authorization URL. */
+    buildUrl: (params: {
+        sessionId: string;
+        elicitationId: string;
+    }) => string | Promise<string>;
+    /** Timeout in ms. Default: 300000 */
+    timeout?: number;
+    /** Use persistent store (userStore) instead of session for state. Default: false */
+    persistent?: boolean;
+    /** Custom skip condition. Takes priority over sessionKey check. */
+    skipIf?: (c: ToolContext) => boolean | Promise<boolean>;
+    /** Called after authentication completes successfully, before next(). */
+    onComplete?: (c: ToolContext) => void | Promise<void>;
+}
+declare function oauth(options: OAuthOptions): ToolMiddleware;
+
+export { type OAuthOptions, oauth };

package/dist/middleware/oauth.mjs

@@ -0,0 +1 @@
+export{a as oauth}from'../chunk-INAAPNKG.mjs';import'../chunk-OYHVJKUP.mjs';import'../chunk-VAAZWX4U.mjs';

package/dist/middleware/payment.d.ts

@@ -0,0 +1,28 @@
+import { s as ToolContext, v as ToolMiddleware } from '../types-BdFjg9Tn.js';
+import '@modelcontextprotocol/sdk/types.js';
+import 'zod';
+
+interface PaymentOptions {
+    /** Middleware name. Default: "payment" */
+    name?: string;
+    /** Session key for storing payment confirmation. Default: "payment" */
+    sessionKey?: string;
+    /** Message shown to the user. Default: "Please complete payment to continue." */
+    message?: string;
+    /** Build the payment page URL. */
+    buildUrl: (params: {
+        sessionId: string;
+        elicitationId: string;
+    }) => string | Promise<string>;
+    /** Timeout in ms. Default: 300000 */
+    timeout?: number;
+    /** Use persistent store (userStore) instead of session for state. Default: false */
+    persistent?: boolean;
+    /** Custom skip condition. Takes priority over sessionKey check. */
+    skipIf?: (c: ToolContext) => boolean | Promise<boolean>;
+    /** Called after payment completes successfully, before next(). */
+    onComplete?: (c: ToolContext) => void | Promise<void>;
+}
+declare function payment(options: PaymentOptions): ToolMiddleware;
+
+export { type PaymentOptions, payment };

package/dist/middleware/payment.mjs

@@ -0,0 +1 @@
+export{a as payment}from'../chunk-BVDKAIOU.mjs';import'../chunk-OYHVJKUP.mjs';import'../chunk-VAAZWX4U.mjs';

package/dist/middleware/rate-limit.d.ts

@@ -0,0 +1,15 @@
+import { v as ToolMiddleware } from '../types-BdFjg9Tn.js';
+import '@modelcontextprotocol/sdk/types.js';
+import 'zod';
+
+interface RateLimitOptions {
+    /** Maximum calls per window. */
+    max: number;
+    /** Window duration in milliseconds. Default: 60000 (1 minute) */
+    windowMs?: number;
+    /** Error message. */
+    message?: string;
+}
+declare function rateLimit(options: RateLimitOptions): ToolMiddleware;
+
+export { type RateLimitOptions, rateLimit };

package/dist/middleware/rate-limit.mjs

@@ -0,0 +1 @@
+import {c}from'../chunk-VAAZWX4U.mjs';function l(n){let{max:o,windowMs:r=6e4}=n,u=n.message??`Rate limit exceeded. Max ${o} calls per ${r/1e3}s.`;return {name:"rateLimit",async onCall(t,i){let s=`rateLimit:${t.toolName}`,e=t.session.get(s),a=Date.now();return !e||a>=e.resetAt?(t.session.set(s,{count:1,resetAt:a+r}),i()):e.count>=o?c(u):(t.session.set(s,{...e,count:e.count+1}),i())}}}export{l as rateLimit};

package/dist/middleware/stripe.d.ts

@@ -0,0 +1,60 @@
+import { s as ToolContext, M as MCPServer, v as ToolMiddleware } from '../types-BdFjg9Tn.js';
+import '@modelcontextprotocol/sdk/types.js';
+import 'zod';
+
+interface StripeOptions {
+    /** Middleware name. Default: "stripe" */
+    name?: string;
+    /** Stripe secret key (server-side). */
+    secretKey: string;
+    /** Base URL of your server (for callback URLs). */
+    baseUrl: string;
+    /** Callback path. Default: "/payment/stripe/callback" */
+    callbackPath?: string;
+    /** Price in cents (USD). e.g., 100 = $1.00 */
+    amount: number;
+    /** Currency. Default: "usd" */
+    currency?: string;
+    /** Product description shown on Stripe Checkout. */
+    description?: string;
+    /** Session key for payment data. Default: "payment" */
+    sessionKey?: string;
+    /** If true, only charge once per session per tool. Default: false */
+    once?: boolean;
+    /** Message shown to user. */
+    message?: string;
+    /** Timeout in ms. Default: 300000 */
+    timeout?: number;
+    /** Custom skip condition. Takes priority over sessionKey check. */
+    skipIf?: (c: ToolContext) => boolean | Promise<boolean>;
+    /** Called after payment completes successfully, before next(). */
+    onComplete?: (c: ToolContext) => void | Promise<void>;
+}
+/** @deprecated Use `StripeOptions` instead. */
+type StripePaymentOptions = StripeOptions;
+declare function stripe(options: StripeOptions): ToolMiddleware;
+/** @deprecated Use `stripe()` from `lynq/stripe` instead. */
+declare const stripePayment: typeof stripe;
+interface HandleCallbackOptions {
+    /** Stripe secret key. */
+    secretKey: string;
+    /** Session key. Default: "payment" */
+    sessionKey?: string;
+}
+/** @deprecated Use `HandleCallbackOptions` instead. */
+type HandleStripeCallbackOptions = HandleCallbackOptions;
+/**
+ * Handle Stripe Checkout callback. Call from your HTTP callback route.
+ * Retrieves the Checkout Session, verifies payment, stores in session, and completes elicitation.
+ */
+declare function handleCallback(server: MCPServer, params: {
+    checkoutSessionId: string;
+    state: string;
+}, options: HandleCallbackOptions): Promise<{
+    success: boolean;
+    error?: string;
+}>;
+/** @deprecated Use `handleCallback()` from `lynq/stripe` instead. */
+declare const handleStripeCallback: typeof handleCallback;
+
+export { type HandleCallbackOptions, type HandleStripeCallbackOptions, type StripeOptions, type StripePaymentOptions, handleCallback, handleStripeCallback, stripe, stripePayment };

package/dist/middleware/stripe.mjs

@@ -0,0 +1 @@
+import {a}from'../chunk-BVDKAIOU.mjs';import'../chunk-OYHVJKUP.mjs';import'../chunk-VAAZWX4U.mjs';function S(e){let{secretKey:o,baseUrl:n,callbackPath:a$1="/payment/stripe/callback",amount:r,currency:i="usd",description:t,once:m=false}=e,s=e.name??"stripe",u=e.sessionKey??"payment",b=e.message??`Payment required ($${(r/100).toFixed(2)}).`,c={name:s,sessionKey:u,message:b,async buildUrl({sessionId:l,elicitationId:p}){let g=(await import('stripe')).default,k=new g(o),y=`${l}:${p}`;return (await k.checkout.sessions.create({payment_method_types:["card"],line_items:[{price_data:{currency:i,product_data:{name:t??"Tool access"},unit_amount:r},quantity:1}],mode:"payment",success_url:`${n}${a$1}?session_id={CHECKOUT_SESSION_ID}&state=${y}`,cancel_url:`${n}${a$1}?cancelled=true&state=${y}`,metadata:{sessionId:l,elicitationId:p}})).url??""}};e.timeout!==void 0&&(c.timeout=e.timeout),e.skipIf&&(c.skipIf=e.skipIf),e.onComplete&&(c.onComplete=e.onComplete);let d=a(c);return m?d:{...d,onResult(l,p){return p.session.set(u,void 0),l}}}var x=S;async function C(e,o,n){let a=n.sessionKey??"payment",[r,i]=o.state.split(":");if(!r||!i)return {success:false,error:"Invalid state parameter"};try{let t=(await import('stripe')).default,s=await new t(n.secretKey).checkout.sessions.retrieve(o.checkoutSessionId);return s.payment_status!=="paid"?{success:!1,error:"Payment not completed"}:(e.session(r).set(a,{provider:"stripe",checkoutSessionId:s.id,amount:s.amount_total,currency:s.currency,paidAt:new Date().toISOString()}),e.completeElicitation(i),{success:!0})}catch(t){return {success:false,error:t instanceof Error?t.message:String(t)}}}var P=C;export{C as handleCallback,P as handleStripeCallback,S as stripe,x as stripePayment};

package/dist/middleware/tip.d.ts

@@ -0,0 +1,15 @@
+import { v as ToolMiddleware } from '../types-BdFjg9Tn.js';
+import '@modelcontextprotocol/sdk/types.js';
+import 'zod';
+
+interface TipOptions {
+    /** Middleware name. Default: "tip" */
+    name?: string;
+    /** Build the tip URL. Receives sessionId. */
+    url: (sessionId: string) => string;
+    /** Message shown to user. Default: "If this was helpful, consider leaving a tip!" */
+    message?: string;
+}
+declare function tip(options: TipOptions): ToolMiddleware;
+
+export { type TipOptions, tip };

package/dist/middleware/tip.mjs

@@ -0,0 +1,4 @@
+function o(t){let n=t.name??"tip",s=t.message??"If this was helpful, consider leaving a tip!";return {name:n,onResult(e,i){if(e.isError)return e;let r=t.url(i.sessionId);return {...e,content:[...e.content??[],{type:"text",text:`
+
+${s}
+${r}`}]}}}}export{o as tip};

package/dist/middleware/truncate.d.ts

@@ -0,0 +1,13 @@
+import { v as ToolMiddleware } from '../types-BdFjg9Tn.js';
+import '@modelcontextprotocol/sdk/types.js';
+import 'zod';
+
+interface TruncateOptions {
+    /** Maximum characters per text content block. */
+    maxChars: number;
+    /** Suffix appended when truncated. Default: "..." */
+    suffix?: string;
+}
+declare function truncate(options: TruncateOptions): ToolMiddleware;
+
+export { type TruncateOptions, truncate };

package/dist/middleware/truncate.mjs

@@ -0,0 +1 @@
+function a(e){let{maxChars:r}=e,n=e.suffix??"...";return {name:"truncate",onResult(s){return {...s,content:s.content.map(t=>t.type==="text"&&t.text&&t.text.length>r?{...t,text:t.text.slice(0,r-n.length)+n}:t)}}}}export{a as truncate};

package/dist/middleware/url-action.d.ts

@@ -0,0 +1,30 @@
+import { s as ToolContext, v as ToolMiddleware } from '../types-BdFjg9Tn.js';
+import '@modelcontextprotocol/sdk/types.js';
+import 'zod';
+
+interface UrlActionOptions {
+    /** Middleware name. Default: "url-action" */
+    name?: string;
+    /** Session key to check/store result. Default: "user" */
+    sessionKey?: string;
+    /** Message shown to the user in the elicitation. */
+    message: string;
+    /** Build the URL. Receives sessionId and elicitationId for callback routing. */
+    buildUrl: (params: {
+        sessionId: string;
+        elicitationId: string;
+    }) => string | Promise<string>;
+    /** Timeout in ms for waiting for external callback. Default: 300000 (5 min). */
+    timeout?: number;
+    /** Error message when user declines. Default: "Action cancelled." */
+    declineMessage?: string;
+    /** Use persistent store (userStore) instead of session for state. Default: false */
+    persistent?: boolean;
+    /** Custom skip condition. If returns true, skip the elicitation and call next(). Takes priority over sessionKey check. */
+    skipIf?: (c: ToolContext) => boolean | Promise<boolean>;
+    /** Called after elicitation completes successfully, before next(). */
+    onComplete?: (c: ToolContext) => void | Promise<void>;
+}
+declare function urlAction(options: UrlActionOptions): ToolMiddleware;
+
+export { type UrlActionOptions, urlAction };

package/dist/middleware/url-action.mjs

@@ -0,0 +1 @@
+export{a as urlAction}from'../chunk-OYHVJKUP.mjs';import'../chunk-VAAZWX4U.mjs';

package/dist/pages-IPpN74gp.d.ts

@@ -0,0 +1,26 @@
+interface GitHubPagesConfig {
+    clientId: string;
+    clientSecret: string;
+    sessionKey?: string;
+}
+interface GooglePagesConfig {
+    clientId: string;
+    clientSecret: string;
+    sessionKey?: string;
+}
+interface StripePagesConfig {
+    secretKey: string;
+    sessionKey?: string;
+}
+interface CryptoPagesConfig {
+    rpcUrl?: string;
+    sessionKey?: string;
+}
+interface PagesConfig {
+    github?: true | string | GitHubPagesConfig;
+    google?: true | string | GooglePagesConfig;
+    stripe?: true | string | StripePagesConfig;
+    crypto?: true | string | CryptoPagesConfig;
+}
+
+export type { PagesConfig as P };

package/dist/pages-VK55ZBAP.mjs

@@ -0,0 +1 @@
+export{d as cryptoPaymentPage,c as errorPage,a as escapeHtml,h as handleCryptoGet,i as handleCryptoPost,e as handleGitHubPage,f as handleGooglePage,g as handleStripePage,b as successPage}from'./chunk-OJJZGR4B.mjs';

package/dist/store.d.ts

@@ -0,0 +1,9 @@
+import { n as Store, m as Session, U as UserStore } from './types-BdFjg9Tn.js';
+import '@modelcontextprotocol/sdk/types.js';
+import 'zod';
+
+declare function memoryStore(): Store;
+declare function resolveUserId(session: Session): string | undefined;
+declare function createUserStore(session: Session, store: Store): UserStore;
+
+export { createUserStore, memoryStore, resolveUserId };

package/dist/store.mjs

@@ -0,0 +1 @@
+export{c as createUserStore,a as memoryStore,b as resolveUserId}from'./chunk-SPZY5GJA.mjs';

package/dist/test.d.ts

@@ -1,5 +1,5 @@
 import { CallToolResult } from '@modelcontextprotocol/sdk/types.js';
-import { k as Session, M as MCPServer } from './types-D504PjnN.js';
+import { m as Session, M as MCPServer } from './types-BdFjg9Tn.js';
 import 'zod';
 
 interface TestClient {

package/dist/{types-D504PjnN.d.ts → types-BdFjg9Tn.d.ts}

@@ -20,6 +20,15 @@ interface ServerInfo {
     name: string;
     version: string;
 }
+interface Store {
+    get<T = unknown>(key: string): Promise<T | undefined>;
+    set(key: string, value: unknown, ttl?: number): Promise<void>;
+    delete(key: string): Promise<void>;
+}
+type UserStore = Store;
+interface ServerOptions extends ServerInfo {
+    store?: Store;
+}
 interface Session {
     /** Get a session-scoped value. */
     get<T = unknown>(key: string): T | undefined;
@@ -45,11 +54,19 @@ interface ElicitFormResult<T = Record<string, string | number | boolean | string
 interface ElicitUrlResult {
     action: "accept" | "decline" | "cancel";
 }
+interface ElicitUrlOptions {
+    /** Pre-generated elicitation ID. If omitted, a random UUID is used. */
+    elicitationId?: string;
+    /** If true, wait for completeElicitation() before resolving. Default: false. */
+    waitForCompletion?: boolean;
+    /** Timeout in ms for waiting. Default: 300000 (5 minutes). */
+    timeout?: number;
+}
 interface Elicit {
     /** Request structured data from the user via a form. */
     form<T extends z.ZodObject<z.ZodRawShape>>(message: string, schema: T): Promise<ElicitFormResult<z.infer<T>>>;
     /** Direct the user to an external URL. */
-    url(message: string, url: string): Promise<ElicitUrlResult>;
+    url(message: string, url: string, options?: ElicitUrlOptions): Promise<ElicitUrlResult>;
 }
 interface SampleOptions {
     maxTokens?: number;
@@ -96,6 +113,10 @@ interface ToolContext {
     error(message: string): ToolResponse;
     /** Create an image response. Chainable. */
     image(data: string, mimeType: string): ToolResponse;
+    /** Persistent key-value store (global scope). */
+    store: Store;
+    /** Persistent key-value store (user scope, keyed by session user ID). */
+    userStore: UserStore;
 }
 interface ToolInfo {
     name: string;
@@ -108,16 +129,16 @@ interface ToolMiddleware {
     /** Called when a tool is registered. Return false to hide the tool initially. */
     onRegister?(tool: ToolInfo): boolean | undefined;
     /** Called when a tool is invoked. Must call next() to continue the chain. */
-    onCall?(ctx: ToolContext, next: () => Promise<CallToolResult>): Promise<CallToolResult>;
+    onCall?(c: ToolContext, next: () => Promise<CallToolResult>): Promise<CallToolResult>;
     /** Called after the handler returns. Runs in reverse middleware order. */
-    onResult?(result: CallToolResult, ctx: ToolContext): CallToolResult | Promise<CallToolResult>;
+    onResult?(result: CallToolResult, c: ToolContext): CallToolResult | Promise<CallToolResult>;
 }
 type InferInput<T> = T extends z.ZodTypeAny ? z.output<T> : Record<string, unknown>;
 interface ToolConfig<TInput = unknown> {
     description?: string;
     input?: TInput;
 }
-type ToolHandler<TInput = unknown> = (args: InferInput<TInput>, ctx: ToolContext) => CallToolResult | Promise<CallToolResult>;
+type ToolHandler<TInput = unknown> = (args: InferInput<TInput>, c: ToolContext) => CallToolResult | Promise<CallToolResult>;
 /** @experimental */
 interface TaskConfig<TInput = unknown> {
     description?: string;
@@ -135,7 +156,7 @@ interface TaskContext extends ToolContext {
     task: TaskControl;
 }
 /** @experimental */
-type TaskHandler<TInput = unknown> = (args: InferInput<TInput>, ctx: TaskContext) => CallToolResult | Promise<CallToolResult>;
+type TaskHandler<TInput = unknown> = (args: InferInput<TInput>, c: TaskContext) => CallToolResult | Promise<CallToolResult>;
 interface ResourceConfig {
     name: string;
     description?: string;
@@ -152,8 +173,12 @@ interface ResourceContext {
     sessionId: string;
     /** Query client-provided filesystem roots. */
     roots: () => Promise<RootInfo[]>;
+    /** Persistent key-value store (global scope). */
+    store: Store;
+    /** Persistent key-value store (user scope, keyed by session user ID). */
+    userStore: UserStore;
 }
-type ResourceHandler = (uri: string, ctx: ResourceContext) => ResourceContent | Promise<ResourceContent>;
+type ResourceHandler = (uri: string, c: ResourceContext) => ResourceContent | Promise<ResourceContent>;
 interface HttpAdapterOptions {
     /** Disable session management. Default: false. */
     sessionless?: boolean;
@@ -161,6 +186,8 @@ interface HttpAdapterOptions {
     sessionIdGenerator?: () => string;
     /** Return JSON instead of SSE streams. Default: false. */
     enableJsonResponse?: boolean;
+    /** Called on each HTTP request after session is resolved. Use to inject auth headers into sessions. */
+    onRequest?: (req: Request, sessionId: string, session: Session) => void | Promise<void>;
 }
 interface MCPServer {
     /** Register a global middleware applied to all subsequently registered tools. */
@@ -181,6 +208,12 @@ interface MCPServer {
     stdio(): Promise<void>;
     /** Start HTTP transport. Returns a Web Standard request handler. */
     http(options?: HttpAdapterOptions): (req: Request) => Promise<Response>;
+    /** Access a session by ID (for external HTTP callback routes). Stateful mode only. */
+    session(sessionId: string): Session;
+    /** Complete a pending URL elicitation (called from external HTTP callback). */
+    completeElicitation(elicitationId: string): void;
+    /** The persistent store instance. */
+    store: Store;
 }
 
-export { type Elicit as E, type HttpAdapterOptions as H, type MCPServer as M, type ResourceConfig as R, type Sample as S, type TaskConfig as T, type ElicitFormResult as a, type ElicitUrlResult as b, type ResourceContent as c, type ResourceContext as d, type ResourceHandler as e, type RootInfo as f, type SampleOptions as g, type SampleRawParams as h, type SampleRawResult as i, type ServerInfo as j, type Session as k, type TaskContext as l, type TaskControl as m, type TaskHandler as n, type ToolConfig as o, type ToolContext as p, type ToolHandler as q, type ToolInfo as r, type ToolMiddleware as s, type ToolResponse as t, error as u, image as v, json as w, text as x };
+export { text as A, type Elicit as E, type HttpAdapterOptions as H, type MCPServer as M, type ResourceConfig as R, type ServerOptions as S, type TaskConfig as T, type UserStore as U, type ElicitFormResult as a, type ElicitUrlOptions as b, type ElicitUrlResult as c, type ResourceContent as d, type ResourceContext as e, type ResourceHandler as f, type RootInfo as g, type Sample as h, type SampleOptions as i, type SampleRawParams as j, type SampleRawResult as k, type ServerInfo as l, type Session as m, type Store as n, type TaskContext as o, type TaskControl as p, type TaskHandler as q, type ToolConfig as r, type ToolContext as s, type ToolHandler as t, type ToolInfo as u, type ToolMiddleware as v, type ToolResponse as w, error as x, image as y, json as z };