@mcp-web/bridge 0.1.0

package/dist/bridge.js

@@ -0,0 +1,1004 @@
+#!/usr/bin/env node
+var __classPrivateFieldSet = (this && this.__classPrivateFieldSet) || function (receiver, state, value, kind, f) {
+    if (kind === "m") throw new TypeError("Private method is not writable");
+    if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a setter");
+    if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot write private member to an object whose class did not declare it");
+    return (kind === "a" ? f.call(receiver, value) : f ? f.value = value : state.set(receiver, value)), value;
+};
+var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (receiver, state, kind, f) {
+    if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter");
+    if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
+    return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
+};
+var _MCPWebBridge_instances, _MCPWebBridge_sessions, _MCPWebBridge_queries, _MCPWebBridge_config, _MCPWebBridge_wsServer, _MCPWebBridge_mcpServer, _MCPWebBridge_tokenSessionIds, _MCPWebBridge_tokenQueryCounts, _MCPWebBridge_sessionTimeoutInterval, _MCPWebBridge_decrementQueryCount, _MCPWebBridge_decrementQueryCountForQuery, _MCPWebBridge_closeOldestSessionForToken, _MCPWebBridge_cleanupSession, _MCPWebBridge_startSessionTimeoutChecker;
+import crypto from 'node:crypto';
+import { readFileSync } from 'node:fs';
+import { createServer } from 'node:http';
+import { dirname, join } from 'node:path';
+import { fileURLToPath, URL } from 'node:url';
+import { InternalErrorCode, InvalidSessionErrorCode, McpWebConfigSchema, MissingAuthenticationErrorCode, NoSessionsFoundErrorCode, QueryAcceptedMessageSchema, QueryCancelMessageSchema, QueryCompleteBridgeMessageSchema, QueryCompleteClientMessageSchema, QueryFailureMessageSchema, QueryLimitExceededErrorCode, QueryMessageSchema, QueryNotActiveErrorCode, QueryNotFoundErrorCode, QueryProgressMessageSchema, SessionExpiredErrorCode, SessionLimitExceededErrorCode, SessionNotFoundErrorCode, SessionNotSpecifiedErrorCode, ToolNameRequiredErrorCode, ToolNotAllowedErrorCode, ToolNotFoundErrorCode, UnknownMethodErrorCode, } from '@mcp-web/types';
+import { WebSocket, WebSocketServer } from 'ws';
+const SessionNotSpecifiedErrorDetails = 'Multiple sessions available. See `available_sessions` or call the `list_sessions` tool to discover available sessions and specify the session using `_meta.sessionId`.';
+/**
+ * Builds the query URL by appending the UUID to the agent URL.
+ * If the agent URL has no path (e.g., 'http://localhost:3000'), defaults to '/query'.
+ * Otherwise uses the existing path (e.g., 'http://localhost:3000/api/v1/query').
+ */
+const buildQueryUrl = (agentUrl, uuid) => {
+    const url = new URL(agentUrl);
+    // If URL has no path or just '/', default to '/query'
+    if (url.pathname === '/' || url.pathname === '') {
+        url.pathname = '/query';
+    }
+    // Ensure path doesn't end with /
+    if (url.pathname.endsWith('/')) {
+        url.pathname = url.pathname.slice(0, -1);
+    }
+    // Append UUID
+    url.pathname = `${url.pathname}/${uuid}`;
+    return url.toString();
+};
+export class MCPWebBridge {
+    constructor(config = {
+        wsPort: 3001,
+        mcpPort: 3002,
+        name: "Web App Controller",
+        description: "Control web applications and dashboards through your browser"
+    }) {
+        _MCPWebBridge_instances.add(this);
+        _MCPWebBridge_sessions.set(this, new Map());
+        _MCPWebBridge_queries.set(this, new Map());
+        _MCPWebBridge_config.set(this, void 0);
+        _MCPWebBridge_wsServer.set(this, void 0);
+        _MCPWebBridge_mcpServer.set(this, void 0);
+        // Session & Query limit tracking
+        _MCPWebBridge_tokenSessionIds.set(this, new Map()); // token -> sessionIds
+        _MCPWebBridge_tokenQueryCounts.set(this, new Map()); // token -> active query count
+        _MCPWebBridge_sessionTimeoutInterval.set(this, void 0);
+        // Validate the configuration
+        const parsedConfig = McpWebConfigSchema.safeParse(config);
+        if (!parsedConfig.success) {
+            throw new Error(`Invalid bridge server configuration: ${parsedConfig.error.message}`);
+        }
+        __classPrivateFieldSet(this, _MCPWebBridge_config, parsedConfig.data, "f");
+        __classPrivateFieldSet(this, _MCPWebBridge_wsServer, this.setupWebSocketServer(__classPrivateFieldGet(this, _MCPWebBridge_config, "f").wsPort), "f");
+        __classPrivateFieldSet(this, _MCPWebBridge_mcpServer, this.setupMCPServer(__classPrivateFieldGet(this, _MCPWebBridge_config, "f").mcpPort), "f");
+        // Start session timeout checker if configured
+        if (__classPrivateFieldGet(this, _MCPWebBridge_config, "f").sessionMaxDurationMs) {
+            __classPrivateFieldGet(this, _MCPWebBridge_instances, "m", _MCPWebBridge_startSessionTimeoutChecker).call(this);
+        }
+    }
+    setupWebSocketServer(wsPort) {
+        const wsServer = new WebSocketServer({
+            port: wsPort,
+            verifyClient: () => {
+                // Add origin verification if needed
+                return true;
+            }
+        });
+        wsServer.on('connection', (ws, req) => {
+            if (!req.url) {
+                ws.close(1008, 'Missing URL');
+                return;
+            }
+            const url = new URL(req.url, 'ws://localhost');
+            const sessionId = url.searchParams.get('session');
+            if (!sessionId) {
+                ws.close(1008, 'Missing session key');
+                return;
+            }
+            ws.on('message', (data) => {
+                try {
+                    const message = JSON.parse(data.toString());
+                    this.handleFrontendMessage(sessionId, message, ws);
+                }
+                catch (error) {
+                    console.error('Invalid JSON message:', error);
+                    ws.close(1003, 'Invalid JSON');
+                }
+            });
+            ws.on('close', () => {
+                __classPrivateFieldGet(this, _MCPWebBridge_instances, "m", _MCPWebBridge_cleanupSession).call(this, sessionId);
+            });
+            ws.on('error', (error) => {
+                console.error(`WebSocket error for session ${sessionId}:`, error);
+            });
+        });
+        return wsServer;
+    }
+    setupMCPServer(mcpPort) {
+        const mcpServer = createServer((req, res) => {
+            // Enable CORS
+            res.setHeader('Access-Control-Allow-Origin', '*');
+            res.setHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, OPTIONS');
+            res.setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization');
+            if (req.method === 'OPTIONS') {
+                res.writeHead(200);
+                res.end();
+                return;
+            }
+            // Route query progress/complete/fail/cancel endpoints
+            const url = req.url || '';
+            const queryProgressMatch = url.match(/^\/query\/([^/]+)\/progress$/);
+            const queryCompleteMatch = url.match(/^\/query\/([^/]+)\/complete$/);
+            const queryFailMatch = url.match(/^\/query\/([^/]+)\/fail$/);
+            const queryCancelMatch = url.match(/^\/query\/([^/]+)\/cancel$/);
+            if (req.method === 'POST' && queryProgressMatch) {
+                const uuid = queryProgressMatch[1];
+                let body = '';
+                req.on('data', (chunk) => { body += chunk; });
+                req.on('end', () => {
+                    this.handleQueryProgressEndpoint(req, res, uuid, body);
+                });
+                return;
+            }
+            if (req.method === 'PUT' && queryCompleteMatch) {
+                const uuid = queryCompleteMatch[1];
+                let body = '';
+                req.on('data', (chunk) => { body += chunk; });
+                req.on('end', () => {
+                    this.handleQueryCompleteEndpoint(req, res, uuid, body);
+                });
+                return;
+            }
+            if (req.method === 'PUT' && queryFailMatch) {
+                const uuid = queryFailMatch[1];
+                let body = '';
+                req.on('data', (chunk) => { body += chunk; });
+                req.on('end', () => {
+                    this.handleQueryFailEndpoint(req, res, uuid, body);
+                });
+                return;
+            }
+            if (req.method === 'PUT' && queryCancelMatch) {
+                const uuid = queryCancelMatch[1];
+                let body = '';
+                req.on('data', (chunk) => { body += chunk; });
+                req.on('end', () => {
+                    this.handleQueryCancelEndpoint(req, res, uuid, body);
+                });
+                return;
+            }
+            if (req.method === 'POST') {
+                let body = '';
+                req.on('data', (chunk) => { body += chunk; });
+                req.on('end', () => {
+                    this.handleMCPRequest(req, res, body);
+                });
+            }
+            else {
+                res.writeHead(404);
+                res.end('Not Found');
+            }
+        });
+        mcpServer.listen(mcpPort);
+        return mcpServer;
+    }
+    handleFrontendMessage(sessionId, message, ws) {
+        switch (message.type) {
+            case 'authenticate':
+                this.handleAuthentication(sessionId, message, ws);
+                break;
+            case 'register-tool':
+                this.handleToolRegistration(sessionId, message);
+                break;
+            case 'activity':
+                this.handleActivity(sessionId, message);
+                break;
+            case 'tool-response':
+                // tool-response messages are handled by per-request listeners
+                // in handleToolCall() at line ~770, not here in the main router
+                break;
+            case 'query':
+                this.handleQuery(sessionId, message, ws);
+                break;
+            case 'query_cancel':
+                this.handleQueryCancel(message);
+                break;
+            default:
+                // biome-ignore lint/suspicious/noExplicitAny: Edge case handling
+                console.warn(`Unknown message type: ${message.type}`);
+        }
+    }
+    handleAuthentication(sessionId, message, ws) {
+        const { authToken } = message;
+        // Check session limit
+        if (__classPrivateFieldGet(this, _MCPWebBridge_config, "f").maxSessionsPerToken) {
+            const existingSessions = __classPrivateFieldGet(this, _MCPWebBridge_tokenSessionIds, "f").get(authToken);
+            const currentCount = existingSessions?.size ?? 0;
+            if (currentCount >= __classPrivateFieldGet(this, _MCPWebBridge_config, "f").maxSessionsPerToken) {
+                if (__classPrivateFieldGet(this, _MCPWebBridge_config, "f").onSessionLimitExceeded === 'close_oldest') {
+                    __classPrivateFieldGet(this, _MCPWebBridge_instances, "m", _MCPWebBridge_closeOldestSessionForToken).call(this, authToken);
+                }
+                else {
+                    ws.send(JSON.stringify({
+                        type: 'authentication-failed',
+                        error: 'Session limit exceeded',
+                        code: SessionLimitExceededErrorCode
+                    }));
+                    ws.close(1008, 'Session limit exceeded');
+                    return;
+                }
+            }
+        }
+        const sessionData = {
+            ws,
+            authToken: message.authToken,
+            origin: message.origin,
+            pageTitle: message.pageTitle,
+            userAgent: message.userAgent,
+            connectedAt: Date.now(),
+            lastActivity: Date.now(),
+            tools: new Map()
+        };
+        __classPrivateFieldGet(this, _MCPWebBridge_sessions, "f").set(sessionId, sessionData);
+        // Track session for this token
+        const sessionIds = __classPrivateFieldGet(this, _MCPWebBridge_tokenSessionIds, "f").get(authToken) ?? new Set();
+        sessionIds.add(sessionId);
+        __classPrivateFieldGet(this, _MCPWebBridge_tokenSessionIds, "f").set(authToken, sessionIds);
+        ws.send(JSON.stringify({
+            type: 'authenticated',
+            // @ts-expect-error We know the port exists.
+            mcpPort: __classPrivateFieldGet(this, _MCPWebBridge_mcpServer, "f").address()?.port,
+            sessionId,
+            success: true
+        }));
+    }
+    handleToolRegistration(sessionId, message) {
+        const session = __classPrivateFieldGet(this, _MCPWebBridge_sessions, "f").get(sessionId);
+        if (!session) {
+            console.warn(`Tool registration for unknown session: ${sessionId}`);
+            return;
+        }
+        console.log('registering tool for session', sessionId, message);
+        session.tools.set(message.tool.name, message.tool);
+    }
+    handleActivity(sessionId, message) {
+        const session = __classPrivateFieldGet(this, _MCPWebBridge_sessions, "f").get(sessionId);
+        if (session) {
+            session.lastActivity = message.timestamp;
+        }
+    }
+    async handleQueryCancel(message) {
+        const cancelMessage = QueryCancelMessageSchema.parse(message);
+        const { uuid } = cancelMessage;
+        const query = __classPrivateFieldGet(this, _MCPWebBridge_queries, "f").get(uuid);
+        if (!query) {
+            console.warn(`Cancel requested for unknown query: ${uuid}`);
+            return;
+        }
+        // Mark query as cancelled
+        query.state = 'cancelled';
+        // Notify agent that query no longer exists (optional - agent may not implement DELETE)
+        if (__classPrivateFieldGet(this, _MCPWebBridge_config, "f").agentUrl) {
+            try {
+                await fetch(buildQueryUrl(__classPrivateFieldGet(this, _MCPWebBridge_config, "f").agentUrl, uuid), {
+                    method: 'DELETE',
+                    headers: { 'Content-Type': 'application/json' }
+                });
+            }
+            catch (error) {
+                // Agent may not implement DELETE endpoint, which is fine
+                console.debug(`Failed to notify agent of query deletion (optional): ${error instanceof Error ? error.message : String(error)}`);
+            }
+        }
+        __classPrivateFieldGet(this, _MCPWebBridge_instances, "m", _MCPWebBridge_decrementQueryCountForQuery).call(this, query);
+        __classPrivateFieldGet(this, _MCPWebBridge_queries, "f").delete(uuid);
+    }
+    async handleQuery(sessionId, message, ws) {
+        const { uuid, responseTool, tools, restrictTools } = message;
+        if (!__classPrivateFieldGet(this, _MCPWebBridge_config, "f").agentUrl) {
+            ws.send(JSON.stringify(QueryFailureMessageSchema.parse({
+                uuid,
+                error: 'Missing Agent URL'
+            })));
+            return;
+        }
+        // Get session for query limit checking
+        const session = __classPrivateFieldGet(this, _MCPWebBridge_sessions, "f").get(sessionId);
+        if (!session) {
+            ws.send(JSON.stringify(QueryFailureMessageSchema.parse({
+                uuid,
+                error: 'Session not found'
+            })));
+            return;
+        }
+        // Check query limit
+        if (__classPrivateFieldGet(this, _MCPWebBridge_config, "f").maxInFlightQueriesPerToken) {
+            const currentQueries = __classPrivateFieldGet(this, _MCPWebBridge_tokenQueryCounts, "f").get(session.authToken) ?? 0;
+            if (currentQueries >= __classPrivateFieldGet(this, _MCPWebBridge_config, "f").maxInFlightQueriesPerToken) {
+                ws.send(JSON.stringify(QueryFailureMessageSchema.parse({
+                    uuid,
+                    error: 'Query limit exceeded. Wait for existing queries to complete.',
+                    code: QueryLimitExceededErrorCode
+                })));
+                return;
+            }
+        }
+        // Increment query count for this token
+        __classPrivateFieldGet(this, _MCPWebBridge_tokenQueryCounts, "f").set(session.authToken, (__classPrivateFieldGet(this, _MCPWebBridge_tokenQueryCounts, "f").get(session.authToken) ?? 0) + 1);
+        try {
+            // Track this query
+            __classPrivateFieldGet(this, _MCPWebBridge_queries, "f").set(uuid, {
+                sessionId,
+                responseTool: responseTool?.name,
+                toolCalls: [],
+                ws,
+                state: 'active',
+                tools,
+                restrictTools
+            });
+            // Forward query to agent
+            const response = await fetch(buildQueryUrl(__classPrivateFieldGet(this, _MCPWebBridge_config, "f").agentUrl, uuid), {
+                method: 'PUT',
+                headers: {
+                    'Content-Type': 'application/json',
+                    ...(__classPrivateFieldGet(this, _MCPWebBridge_config, "f").authToken && { 'Authorization': `Bearer ${__classPrivateFieldGet(this, _MCPWebBridge_config, "f").authToken}` })
+                },
+                body: JSON.stringify(QueryMessageSchema.parse(message))
+            });
+            if (!response.ok) {
+                throw new Error(`Agent responded with ${response.status}: ${response.statusText}`);
+            }
+            // Send immediate acceptance back to frontend
+            ws.send(JSON.stringify(QueryAcceptedMessageSchema.parse({ uuid })));
+        }
+        catch (error) {
+            console.error(`Error forwarding query ${uuid}:`, error);
+            __classPrivateFieldGet(this, _MCPWebBridge_queries, "f").delete(uuid);
+            __classPrivateFieldGet(this, _MCPWebBridge_instances, "m", _MCPWebBridge_decrementQueryCount).call(this, session.authToken);
+            ws.send(JSON.stringify(QueryFailureMessageSchema.parse({
+                uuid,
+                error: `${error instanceof Error ? error.message : String(error)}`
+            })));
+        }
+    }
+    handleQueryProgressEndpoint(_req, res, uuid, body) {
+        try {
+            const message = JSON.parse(body);
+            const progressMessage = QueryProgressMessageSchema.parse({ uuid, ...message });
+            const query = __classPrivateFieldGet(this, _MCPWebBridge_queries, "f").get(uuid);
+            if (!query) {
+                res.writeHead(404, { 'Content-Type': 'application/json' });
+                res.end(JSON.stringify({ error: QueryNotFoundErrorCode }));
+                return;
+            }
+            // Forward progress to frontend
+            if (query.ws.readyState === WebSocket.OPEN) {
+                query.ws.send(JSON.stringify(progressMessage));
+            }
+            res.writeHead(200, { 'Content-Type': 'application/json' });
+            res.end(JSON.stringify({ success: true }));
+        }
+        catch (error) {
+            console.error('Error handling query progress:', error);
+            res.writeHead(400, { 'Content-Type': 'application/json' });
+            res.end(JSON.stringify({ error: 'Invalid request body' }));
+        }
+    }
+    handleQueryCompleteEndpoint(_req, res, uuid, body) {
+        try {
+            const message = JSON.parse(body);
+            const completeMessage = QueryCompleteClientMessageSchema.parse({ uuid, ...message });
+            const query = __classPrivateFieldGet(this, _MCPWebBridge_queries, "f").get(uuid);
+            if (!query) {
+                res.writeHead(404, { 'Content-Type': 'application/json' });
+                res.end(JSON.stringify({ error: QueryNotFoundErrorCode }));
+                return;
+            }
+            // Edge case: responseTool specified but agent called queryComplete()
+            if (query.responseTool) {
+                const errorMessage = QueryFailureMessageSchema.parse({
+                    uuid,
+                    error: `Query specified responseTool '${query.responseTool}' but agent called queryComplete() instead`
+                });
+                if (query.ws.readyState === WebSocket.OPEN) {
+                    query.ws.send(JSON.stringify(errorMessage));
+                }
+                __classPrivateFieldGet(this, _MCPWebBridge_instances, "m", _MCPWebBridge_decrementQueryCountForQuery).call(this, query);
+                __classPrivateFieldGet(this, _MCPWebBridge_queries, "f").delete(uuid);
+                res.writeHead(400, { 'Content-Type': 'application/json' });
+                res.end(JSON.stringify({ error: errorMessage.error }));
+                return;
+            }
+            // Mark query as completed
+            query.state = 'completed';
+            // Send completion with tracked tool calls
+            const bridgeMessage = QueryCompleteBridgeMessageSchema.parse({
+                uuid,
+                message: completeMessage.message,
+                toolCalls: query.toolCalls
+            });
+            if (query.ws.readyState === WebSocket.OPEN) {
+                query.ws.send(JSON.stringify(bridgeMessage));
+            }
+            __classPrivateFieldGet(this, _MCPWebBridge_instances, "m", _MCPWebBridge_decrementQueryCountForQuery).call(this, query);
+            __classPrivateFieldGet(this, _MCPWebBridge_queries, "f").delete(uuid);
+            res.writeHead(200, { 'Content-Type': 'application/json' });
+            res.end(JSON.stringify({ success: true }));
+        }
+        catch (error) {
+            console.error('Error handling query complete:', error);
+            res.writeHead(400, { 'Content-Type': 'application/json' });
+            res.end(JSON.stringify({ error: 'Invalid request body' }));
+        }
+    }
+    handleQueryFailEndpoint(_req, res, uuid, body) {
+        try {
+            const message = JSON.parse(body);
+            const failureMessage = QueryFailureMessageSchema.parse({ uuid, ...message });
+            const query = __classPrivateFieldGet(this, _MCPWebBridge_queries, "f").get(uuid);
+            if (!query) {
+                res.writeHead(404, { 'Content-Type': 'application/json' });
+                res.end(JSON.stringify({ error: QueryNotFoundErrorCode }));
+                return;
+            }
+            // Mark query as failed
+            query.state = 'failed';
+            // Send failure message to frontend
+            if (query.ws.readyState === WebSocket.OPEN) {
+                query.ws.send(JSON.stringify(failureMessage));
+            }
+            __classPrivateFieldGet(this, _MCPWebBridge_instances, "m", _MCPWebBridge_decrementQueryCountForQuery).call(this, query);
+            __classPrivateFieldGet(this, _MCPWebBridge_queries, "f").delete(uuid);
+            res.writeHead(200, { 'Content-Type': 'application/json' });
+            res.end(JSON.stringify({ success: true }));
+        }
+        catch (error) {
+            console.error('Error handling query fail:', error);
+            res.writeHead(400, { 'Content-Type': 'application/json' });
+            res.end(JSON.stringify({ error: 'Invalid request body' }));
+        }
+    }
+    handleQueryCancelEndpoint(_req, res, uuid, body) {
+        try {
+            const query = __classPrivateFieldGet(this, _MCPWebBridge_queries, "f").get(uuid);
+            if (!query) {
+                res.writeHead(404, { 'Content-Type': 'application/json' });
+                res.end(JSON.stringify({ error: QueryNotFoundErrorCode }));
+                return;
+            }
+            // Mark query as cancelled
+            query.state = 'cancelled';
+            // Send cancellation message to frontend (as a failure with specific message)
+            const cancellationMessage = QueryCancelMessageSchema.parse({
+                uuid,
+                reason: body ? JSON.parse(body).reason : undefined
+            });
+            if (query.ws.readyState === WebSocket.OPEN) {
+                query.ws.send(JSON.stringify(cancellationMessage));
+            }
+            __classPrivateFieldGet(this, _MCPWebBridge_instances, "m", _MCPWebBridge_decrementQueryCountForQuery).call(this, query);
+            __classPrivateFieldGet(this, _MCPWebBridge_queries, "f").delete(uuid);
+            res.writeHead(200, { 'Content-Type': 'application/json' });
+            res.end(JSON.stringify({ success: true }));
+        }
+        catch (error) {
+            console.error('Error handling query cancel:', error);
+            res.writeHead(400, { 'Content-Type': 'application/json' });
+            res.end(JSON.stringify({ error: 'Invalid request body' }));
+        }
+    }
+    async handleMCPRequest(req, res, body) {
+        try {
+            const mcpRequest = JSON.parse(body);
+            // Extract auth from header OR query context
+            const authHeader = req.headers.authorization;
+            const authToken = authHeader?.replace('Bearer ', '');
+            const queryId = mcpRequest.params?._meta?.queryId;
+            const sessions = new Map();
+            if (queryId) {
+                // Authenticate via query context
+                const query = __classPrivateFieldGet(this, _MCPWebBridge_queries, "f").get(queryId);
+                if (!query) {
+                    this.sendMCPError(res, mcpRequest.id, -32600, QueryNotFoundErrorCode);
+                    return;
+                }
+                if (query.state !== 'active') {
+                    this.sendMCPError(res, mcpRequest.id, -32600, QueryNotActiveErrorCode);
+                    return;
+                }
+                const session = __classPrivateFieldGet(this, _MCPWebBridge_sessions, "f").get(query.sessionId);
+                if (!session) {
+                    this.sendMCPError(res, mcpRequest.id, -32600, InvalidSessionErrorCode);
+                    return;
+                }
+                sessions.set(query.sessionId, session);
+            }
+            else if (authToken) {
+                // Traditional authentication
+                Array.from(__classPrivateFieldGet(this, _MCPWebBridge_sessions, "f").entries())
+                    .filter(([_, session]) => session.authToken === authToken)
+                    .forEach(([sessionId, session]) => {
+                    sessions.set(sessionId, session);
+                });
+            }
+            else {
+                this.sendMCPError(res, mcpRequest.id, -32600, MissingAuthenticationErrorCode);
+                return;
+            }
+            if (sessions.size === 0) {
+                this.sendMCPError(res, mcpRequest.id, -32600, NoSessionsFoundErrorCode);
+                return;
+            }
+            let result;
+            switch (mcpRequest.method) {
+                case 'initialize':
+                    result = await this.handleInitialize();
+                    break;
+                case 'tools/list':
+                    result = await this.handleToolsList(sessions, mcpRequest.params);
+                    break;
+                case 'tools/call':
+                    result = await this.handleToolCall(sessions, mcpRequest.params);
+                    break;
+                case 'resources/list':
+                    result = await this.handleResourcesList(sessions, mcpRequest.params);
+                    break;
+                case 'resources/read':
+                    result = await this.handleResourceRead(sessions, mcpRequest.params);
+                    break;
+                case 'prompts/list':
+                    result = await this.handlePromptsList(sessions, mcpRequest.params);
+                    break;
+                default: {
+                    this.sendMCPError(res, mcpRequest.id, -32601, UnknownMethodErrorCode);
+                    return;
+                }
+            }
+            // Check if result contains a fatal error (has error_is_fatal: true)
+            // Recoverable errors have isError: true with partial data and go in result
+            if (result && typeof result === 'object' && 'error_is_fatal' in result && result.error_is_fatal === true) {
+                const fatalError = result;
+                // Use -32602 (Invalid params) for client errors like missing sessionId
+                this.sendMCPError(res, mcpRequest.id, -32602, fatalError.error_message, fatalError);
+                return;
+            }
+            // Everything else (including soft errors with isError: true) goes in result
+            this.sendMCPResponse(res, mcpRequest.id, result);
+        }
+        catch (error) {
+            console.error('MCP request error:', error);
+            this.sendMCPError(res, 0, -32603, InternalErrorCode);
+        }
+    }
+    getVersion() {
+        try {
+            const __filename = fileURLToPath(import.meta.url);
+            const __dirname = dirname(__filename);
+            const packageJsonPath = join(__dirname, '..', 'package.json');
+            const packageJson = JSON.parse(readFileSync(packageJsonPath, 'utf-8'));
+            return packageJson.version || "1.0.0";
+        }
+        catch (error) {
+            console.warn('Failed to read version from package.json:', error);
+            return "1.0.0";
+        }
+    }
+    async handleInitialize() {
+        return {
+            protocolVersion: "2024-11-05",
+            capabilities: {
+                tools: {},
+                resources: {},
+                prompts: {}
+            },
+            serverInfo: {
+                name: __classPrivateFieldGet(this, _MCPWebBridge_config, "f").name,
+                description: __classPrivateFieldGet(this, _MCPWebBridge_config, "f").description,
+                version: this.getVersion(),
+                ...(__classPrivateFieldGet(this, _MCPWebBridge_config, "f").icon && { icon: __classPrivateFieldGet(this, _MCPWebBridge_config, "f").icon })
+            }
+        };
+    }
+    getSessionAndSessionId(sessions, sessionId) {
+        if (!sessionId) {
+            if (sessions.size === 1) {
+                sessionId = sessions.keys().next().value;
+                if (!sessionId) {
+                    return undefined;
+                }
+            }
+            else {
+                return undefined;
+            }
+        }
+        const session = sessions.get(sessionId);
+        if (!session) {
+            return undefined;
+        }
+        return [sessionId, session];
+    }
+    getSessionFromMetaParams(sessions, params) {
+        const sessionId = params?._meta?.sessionId;
+        return this.getSessionAndSessionId(sessions, sessionId)?.[1];
+    }
+    createSessionNotFoundError(sessions) {
+        if (sessions.size > 1) {
+            return {
+                error: SessionNotSpecifiedErrorCode,
+                error_message: SessionNotSpecifiedErrorDetails,
+                available_sessions: this.listSessions(sessions)
+            };
+        }
+        return { error: SessionNotFoundErrorCode };
+    }
+    async handleToolsList(sessions, params) {
+        const session = this.getSessionFromMetaParams(sessions, params);
+        const listSessionsTool = {
+            name: "list_sessions",
+            description: "List all browser sessions with their available tools",
+            inputSchema: {
+                type: "object",
+                properties: {},
+                required: []
+            }
+        };
+        // If no session found and multiple sessions exist, return list_sessions tool only with isError
+        if (!session && sessions.size > 1) {
+            return {
+                tools: [listSessionsTool],
+                isError: true,
+                error: SessionNotSpecifiedErrorCode,
+                error_message: SessionNotSpecifiedErrorDetails,
+                error_is_fatal: false,
+                available_sessions: this.listSessions(sessions)
+            };
+        }
+        // If no session at all (shouldn't happen with proper auth), return fatal error
+        if (!session) {
+            return {
+                error: SessionNotFoundErrorCode,
+                error_message: 'No session found for the provided authentication',
+                error_is_fatal: true
+            };
+        }
+        const tools = [listSessionsTool];
+        for (const tool of session.tools.values()) {
+            const sessionAwareTool = {
+                name: tool.name,
+                description: tool.description,
+                inputSchema: {
+                    type: "object",
+                    properties: {
+                        session_id: {
+                            type: "string",
+                            description: "Session ID (optional - will auto-select if only one session active)",
+                        },
+                        ...(tool.inputSchema?.properties || {})
+                    },
+                    required: tool.inputSchema?.required || []
+                }
+            };
+            tools.push(sessionAwareTool);
+        }
+        return { tools };
+    }
+    async handleToolCall(sessions, params) {
+        const { name: toolName, arguments: toolInput, _meta } = params || {};
+        if (!toolName) {
+            return { error: ToolNameRequiredErrorCode };
+        }
+        // Extract query ID from context if available
+        const queryId = _meta?.queryId;
+        // If this is part of a query, validate the query state and restrictions
+        if (queryId) {
+            const query = __classPrivateFieldGet(this, _MCPWebBridge_queries, "f").get(queryId);
+            if (!query) {
+                return { error: QueryNotFoundErrorCode };
+            }
+            if (query.state !== 'active') {
+                return { error: QueryNotActiveErrorCode };
+            }
+            // Check tool restrictions if query has them
+            if (query.restrictTools && query.tools) {
+                const allowed = query.tools.some(t => t.name === toolName);
+                if (!allowed) {
+                    return {
+                        error: ToolNotAllowedErrorCode,
+                        details: 'The query restricts the allowed tool calls. Use one of `allowed_tools`.',
+                        allowed_tools: query.tools.map(t => t.name)
+                    };
+                }
+            }
+        }
+        if (toolName === 'list_sessions') {
+            return { sessions: this.listSessions(sessions) };
+        }
+        // Handle session-specific tool
+        const [sessionId, session] = this.getSessionAndSessionId(sessions, toolInput?.session_id || _meta?.sessionId) || [];
+        if (!sessionId || !session) {
+            return this.createSessionNotFoundError(sessions);
+        }
+        // Check if tool exists in this session
+        if (!session.tools.has(toolName)) {
+            return {
+                error: ToolNotFoundErrorCode,
+                available_tools: Array.from(session.tools.keys())
+            };
+        }
+        // Forward tool call to frontend
+        return this.forwardToolCallToSession(sessionId, toolName, toolInput, queryId);
+    }
+    async handleResourcesList(sessions, params) {
+        const session = this.getSessionFromMetaParams(sessions, params);
+        // Built-in resource that provides session discovery (like list_sessions tool)
+        const sessionListResource = {
+            uri: "sessions://list",
+            name: "sessions",
+            title: "Active Browser Sessions",
+            description: "List of all active browser sessions for this authentication context",
+            mimeType: "application/json"
+        };
+        // If no session found and multiple sessions exist, return discovery resource only with isError
+        if (!session && sessions.size > 1) {
+            return {
+                resources: [sessionListResource],
+                isError: true,
+                error: SessionNotSpecifiedErrorCode,
+                error_message: SessionNotSpecifiedErrorDetails,
+                error_is_fatal: false,
+                available_sessions: this.listSessions(sessions)
+            };
+        }
+        // If no session at all (shouldn't happen with proper auth), return fatal error
+        if (!session) {
+            return {
+                error: SessionNotFoundErrorCode,
+                error_message: 'No session found for the provided authentication',
+                error_is_fatal: true
+            };
+        }
+        // TODO: Add session-specific resources
+        const resources = [
+            sessionListResource,
+            // ...session.resources (future)
+        ];
+        return { resources };
+    }
+    async handleResourceRead(sessions, params) {
+        const { uri } = params || {};
+        if (!uri) {
+            return { error: "Resource URI is required" };
+        }
+        // Handle built-in sessions resource
+        if (uri === "sessions://list") {
+            const sessionData = this.listSessions(sessions);
+            return {
+                contents: [{
+                        uri: "sessions://list",
+                        mimeType: "application/json",
+                        text: JSON.stringify(sessionData, null, 2)
+                    }]
+            };
+        }
+        // TODO: Handle session-specific resources
+        return { error: "Resource not found" };
+    }
+    listSessions(sessions) {
+        const sessionList = Array.from(sessions.entries()).map(([key, session]) => ({
+            session_id: key,
+            origin: session.origin,
+            page_title: session.pageTitle,
+            connected_at: new Date(session.connectedAt).toISOString(),
+            last_activity: new Date(session.lastActivity).toISOString(),
+            available_tools: Array.from(session.tools.keys())
+        }));
+        return sessionList;
+    }
+    async handlePromptsList(sessions, params) {
+        const session = this.getSessionFromMetaParams(sessions, params);
+        // If no session found and multiple sessions exist, return empty prompts with isError
+        if (!session && sessions.size > 1) {
+            return {
+                prompts: [],
+                isError: true,
+                error: SessionNotSpecifiedErrorCode,
+                error_message: SessionNotSpecifiedErrorDetails,
+                error_is_fatal: false,
+                available_sessions: this.listSessions(sessions),
+            };
+        }
+        // If no session at all (shouldn't happen with proper auth), return fatal error
+        if (!session) {
+            return {
+                error: SessionNotFoundErrorCode,
+                error_message: 'No session found for the provided authentication',
+                error_is_fatal: true
+            };
+        }
+        // TO DO: implement prompt exposure
+        return { prompts: [] };
+    }
+    async forwardToolCallToSession(sessionId, toolName, toolInput, queryId) {
+        const session = __classPrivateFieldGet(this, _MCPWebBridge_sessions, "f").get(sessionId);
+        if (!session || session.ws.readyState !== WebSocket.OPEN) {
+            return { error: "Session not available" };
+        }
+        // Generate request ID for tracking
+        const requestId = crypto.randomUUID();
+        // Send tool call to frontend
+        const toolCall = {
+            type: 'tool-call',
+            requestId,
+            toolName,
+            toolInput,
+            ...(queryId && { queryId })
+        };
+        return new Promise((resolve) => {
+            // Set up response handler
+            const timeout = setTimeout(() => {
+                resolve({ error: "Tool call timeout" });
+            }, 30000); // 30 second timeout
+            const handleResponse = (data) => {
+                try {
+                    const message = JSON.parse(data.toString());
+                    if (message.type === 'tool-response' && message.requestId === requestId) {
+                        clearTimeout(timeout);
+                        session.ws.removeListener('message', handleResponse);
+                        const toolResult = message.result;
+                        // Track tool call if part of a query
+                        if (queryId) {
+                            const query = __classPrivateFieldGet(this, _MCPWebBridge_queries, "f").get(queryId);
+                            if (query) {
+                                query.toolCalls.push({
+                                    tool: toolName,
+                                    arguments: toolInput,
+                                    result: toolResult
+                                });
+                                // Check if this was the responseTool - auto-complete query
+                                if (query.responseTool === toolName) {
+                                    // Check if tool call succeeded
+                                    if (!(toolResult && typeof toolResult === 'object' && 'error' in toolResult)) {
+                                        // Tool succeeded - auto-complete query
+                                        const bridgeMessage = QueryCompleteBridgeMessageSchema.parse({
+                                            uuid: queryId,
+                                            message: undefined,
+                                            toolCalls: query.toolCalls
+                                        });
+                                        if (query.ws.readyState === WebSocket.OPEN) {
+                                            query.ws.send(JSON.stringify(bridgeMessage));
+                                        }
+                                        // Only delete query on success
+                                        __classPrivateFieldGet(this, _MCPWebBridge_queries, "f").delete(queryId);
+                                    }
+                                }
+                            }
+                        }
+                        resolve(toolResult);
+                    }
+                }
+                catch (_error) {
+                    // Ignore invalid JSON
+                }
+            };
+            session.ws.addListener('message', handleResponse);
+            session.ws.send(JSON.stringify(toolCall));
+        });
+    }
+    sendMCPResponse(res, id, result) {
+        const response = {
+            jsonrpc: "2.0",
+            id,
+            result
+        };
+        res.writeHead(200, { 'Content-Type': 'application/json' });
+        res.end(JSON.stringify(response));
+    }
+    sendMCPError(res, id, code, message, data) {
+        const response = {
+            jsonrpc: "2.0",
+            id,
+            error: { code, message, data }
+        };
+        res.writeHead(200, { 'Content-Type': 'application/json' });
+        res.end(JSON.stringify(response));
+    }
+    /**
+     * Close the bridge servers and cleanup all connections
+     */
+    async close() {
+        // Stop session timeout checker
+        if (__classPrivateFieldGet(this, _MCPWebBridge_sessionTimeoutInterval, "f")) {
+            clearInterval(__classPrivateFieldGet(this, _MCPWebBridge_sessionTimeoutInterval, "f"));
+            __classPrivateFieldSet(this, _MCPWebBridge_sessionTimeoutInterval, undefined, "f");
+        }
+        // Close all WebSocket connections first
+        for (const session of __classPrivateFieldGet(this, _MCPWebBridge_sessions, "f").values()) {
+            if (session.ws.readyState === WebSocket.OPEN) {
+                session.ws.close(1000, 'Server shutting down');
+            }
+        }
+        __classPrivateFieldGet(this, _MCPWebBridge_sessions, "f").clear();
+        // Clear queries and tracking maps
+        __classPrivateFieldGet(this, _MCPWebBridge_queries, "f").clear();
+        __classPrivateFieldGet(this, _MCPWebBridge_tokenSessionIds, "f").clear();
+        __classPrivateFieldGet(this, _MCPWebBridge_tokenQueryCounts, "f").clear();
+        // Close servers with timeout to prevent hanging
+        const closeWithTimeout = (closePromise, timeoutMs = 1000) => {
+            return Promise.race([
+                closePromise,
+                new Promise((resolve) => setTimeout(resolve, timeoutMs))
+            ]);
+        };
+        // Close WebSocket server
+        if (__classPrivateFieldGet(this, _MCPWebBridge_wsServer, "f")) {
+            await closeWithTimeout(new Promise((resolve) => {
+                __classPrivateFieldGet(this, _MCPWebBridge_wsServer, "f")?.close(() => resolve());
+            }));
+        }
+        // Close MCP server
+        if (__classPrivateFieldGet(this, _MCPWebBridge_mcpServer, "f")) {
+            await closeWithTimeout(new Promise((resolve) => {
+                __classPrivateFieldGet(this, _MCPWebBridge_mcpServer, "f")?.close(() => resolve());
+            }));
+        }
+    }
+}
+_MCPWebBridge_sessions = new WeakMap(), _MCPWebBridge_queries = new WeakMap(), _MCPWebBridge_config = new WeakMap(), _MCPWebBridge_wsServer = new WeakMap(), _MCPWebBridge_mcpServer = new WeakMap(), _MCPWebBridge_tokenSessionIds = new WeakMap(), _MCPWebBridge_tokenQueryCounts = new WeakMap(), _MCPWebBridge_sessionTimeoutInterval = new WeakMap(), _MCPWebBridge_instances = new WeakSet(), _MCPWebBridge_decrementQueryCount = function _MCPWebBridge_decrementQueryCount(authToken) {
+    const count = __classPrivateFieldGet(this, _MCPWebBridge_tokenQueryCounts, "f").get(authToken) ?? 0;
+    if (count <= 1) {
+        __classPrivateFieldGet(this, _MCPWebBridge_tokenQueryCounts, "f").delete(authToken);
+    }
+    else {
+        __classPrivateFieldGet(this, _MCPWebBridge_tokenQueryCounts, "f").set(authToken, count - 1);
+    }
+}, _MCPWebBridge_decrementQueryCountForQuery = function _MCPWebBridge_decrementQueryCountForQuery(query) {
+    const session = __classPrivateFieldGet(this, _MCPWebBridge_sessions, "f").get(query.sessionId);
+    if (session) {
+        __classPrivateFieldGet(this, _MCPWebBridge_instances, "m", _MCPWebBridge_decrementQueryCount).call(this, session.authToken);
+    }
+}, _MCPWebBridge_closeOldestSessionForToken = function _MCPWebBridge_closeOldestSessionForToken(authToken) {
+    const sessionIds = __classPrivateFieldGet(this, _MCPWebBridge_tokenSessionIds, "f").get(authToken);
+    if (!sessionIds || sessionIds.size === 0)
+        return;
+    let oldest = null;
+    for (const sessionId of sessionIds) {
+        const session = __classPrivateFieldGet(this, _MCPWebBridge_sessions, "f").get(sessionId);
+        if (session && (!oldest || session.connectedAt < oldest.connectedAt)) {
+            oldest = { sessionId, connectedAt: session.connectedAt };
+        }
+    }
+    if (oldest) {
+        const session = __classPrivateFieldGet(this, _MCPWebBridge_sessions, "f").get(oldest.sessionId);
+        if (session) {
+            session.ws.send(JSON.stringify({
+                type: 'session-closed',
+                reason: 'Session limit exceeded, closing oldest session',
+                code: SessionLimitExceededErrorCode
+            }));
+            session.ws.close(1008, 'Session limit exceeded');
+        }
+    }
+}, _MCPWebBridge_cleanupSession = function _MCPWebBridge_cleanupSession(sessionId) {
+    const session = __classPrivateFieldGet(this, _MCPWebBridge_sessions, "f").get(sessionId);
+    if (session) {
+        // Remove from token tracking
+        const sessionIds = __classPrivateFieldGet(this, _MCPWebBridge_tokenSessionIds, "f").get(session.authToken);
+        if (sessionIds) {
+            sessionIds.delete(sessionId);
+            if (sessionIds.size === 0) {
+                __classPrivateFieldGet(this, _MCPWebBridge_tokenSessionIds, "f").delete(session.authToken);
+            }
+        }
+    }
+    __classPrivateFieldGet(this, _MCPWebBridge_sessions, "f").delete(sessionId);
+}, _MCPWebBridge_startSessionTimeoutChecker = function _MCPWebBridge_startSessionTimeoutChecker() {
+    const maxDuration = __classPrivateFieldGet(this, _MCPWebBridge_config, "f").sessionMaxDurationMs;
+    if (!maxDuration)
+        return;
+    __classPrivateFieldSet(this, _MCPWebBridge_sessionTimeoutInterval, setInterval(() => {
+        const now = Date.now();
+        for (const [_sessionId, session] of __classPrivateFieldGet(this, _MCPWebBridge_sessions, "f")) {
+            if (now - session.connectedAt > maxDuration) {
+                session.ws.send(JSON.stringify({
+                    type: 'session-expired',
+                    code: SessionExpiredErrorCode
+                }));
+                session.ws.close(1008, 'Session expired');
+                // Note: cleanup happens in the 'close' event handler
+            }
+        }
+    }, 60000), "f"); // Check every minute
+};
+//# sourceMappingURL=bridge.js.map