npm - @mondaydotcomorg/atp-server - Versions diffs - 0.24.4 → 0.25.0 - Mend

@mondaydotcomorg/atp-server 0.24.4 → 0.25.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (19) hide show

package/dist/create-server.d.ts.map +1 -1
package/dist/create-server.js +2 -2
package/dist/create-server.js.map +1 -1
package/dist/handlers/execute.handler.d.ts +2 -2
package/dist/handlers/execute.handler.d.ts.map +1 -1
package/dist/handlers/execute.handler.js +5 -2
package/dist/handlers/execute.handler.js.map +1 -1
package/dist/handlers/explorer.handler.d.ts +2 -1
package/dist/handlers/explorer.handler.d.ts.map +1 -1
package/dist/handlers/explorer.handler.js +8 -4
package/dist/handlers/explorer.handler.js.map +1 -1
package/dist/index.cjs +11 -8
package/dist/index.cjs.map +1 -1
package/dist/index.js +11 -8
package/dist/index.js.map +1 -1
package/package.json +6 -6
package/src/create-server.ts +3 -2
package/src/handlers/execute.handler.ts +7 -3
package/src/handlers/explorer.handler.ts +12 -4

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
 	"name": "@mondaydotcomorg/atp-server",
-	"version": "0.24.4",
+	"version": "0.25.0",
 	"description": "Server implementation for Agent Tool Protocol",
 	"type": "module",
 	"main": "./dist/index.cjs",
@@ -49,11 +49,11 @@
 		"@babel/parser": "^7.26.0",
 		"@babel/traverse": "^7.26.0",
 		"@babel/types": "^7.26.0",
-		"@mondaydotcomorg/atp-compiler": "0.22.2",
-		"@mondaydotcomorg/atp-protocol": "0.22.2",
-		"@mondaydotcomorg/atp-provenance": "0.22.2",
-		"@mondaydotcomorg/atp-providers": "0.22.2",
-		"@mondaydotcomorg/atp-runtime": "0.22.2",
+		"@mondaydotcomorg/atp-compiler": "0.23.0",
+		"@mondaydotcomorg/atp-protocol": "0.22.3",
+		"@mondaydotcomorg/atp-provenance": "0.22.3",
+		"@mondaydotcomorg/atp-providers": "0.22.3",
+		"@mondaydotcomorg/atp-runtime": "0.22.3",
 		"@opentelemetry/api": "^1.9.0",
 		"@opentelemetry/auto-instrumentations-node": "^0.66.0",
 		"@opentelemetry/core": "^2.2.0",

package/src/create-server.ts CHANGED Viewed

@@ -580,7 +580,7 @@ export class AgentToolProtocolServer {
 	async handleExplore(ctx: RequestContext): Promise<unknown> {
 		if (!this.explorerService) ctx.throw(503, 'Explorer not initialized');
-		return await handleExplore(ctx, this.explorerService);
+		return await handleExplore(ctx, this.explorerService, this.toolRulesProvider);
 	}
 	async handleExecute(ctx: RequestContext): Promise<unknown> {
@@ -593,7 +593,8 @@ export class AgentToolProtocolServer {
 			this.stateManager,
 			this.config,
 			this.auditSink,
-			this.sessionManager
+			this.sessionManager,
+			this.toolRulesProvider
 		);
 	}

package/src/handlers/execute.handler.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import type { RequestContext, ResolvedServerConfig } from '../core/config.js';
+import type { RequestContext, ResolvedServerConfig, ToolRulesProvider } from '../core/config.js';
 import type { SandboxExecutor } from '../executor/index.js';
 import type { ExecutionStateManager } from '../execution-state/index.js';
 import type { ClientSessionManager } from '../client-sessions.js';
@@ -45,7 +45,8 @@ export async function handleExecute(
 	stateManager: ExecutionStateManager,
 	config: ResolvedServerConfig,
 	auditSink?: AuditSink,
-	sessionManager?: ClientSessionManager
+	sessionManager?: ClientSessionManager,
+	toolRulesProvider?: ToolRulesProvider
 ): Promise<unknown> {
 	const request = ctx.body as any;
 	const code = request.code || '';
@@ -134,7 +135,10 @@ export async function handleExecute(
 		},
 		onToolCall,
 		eventCallback: requestConfig.eventCallback,
-		toolRules: requestConfig.toolRules,
+		// Rule source precedence: explicit requestConfig.toolRules first, then
+		// server-level provider (e.g. reads a header). Lets in-process callers
+		// and HTTP callers converge on the same provider mechanism.
+		toolRules: requestConfig.toolRules ?? toolRulesProvider?.(ctx),
 	};
 	// Verify provenance hints if provided

package/src/handlers/explorer.handler.ts CHANGED Viewed

@@ -1,15 +1,23 @@
 import type { RequestContext } from '../core/config.js';
+import type { ToolRulesProvider } from '../core/config.js';
 import type { ExplorerService } from '../explorer/index.js';
 import type { ApiGroupRules } from '@mondaydotcomorg/atp-protocol';
 import { runInRequestScope, getRequestScope } from '../core/request-scope.js';
 export async function handleExplore(
 	ctx: RequestContext,
-	explorerService: ExplorerService
+	explorerService: ExplorerService,
+	toolRulesProvider?: ToolRulesProvider
 ): Promise<unknown> {
 	const body = ctx.body as { path?: string; toolRules?: ApiGroupRules };
 	const path = body.path || '/';
-	const { toolRules } = body;
+	// Rule source precedence (highest to lowest):
+	//   1. body.toolRules                          — explicit per-call override
+	//   2. toolRulesProvider(ctx)                  — server-level policy (e.g. read a header)
+	//   3. existing request scope                  — already wrapped by caller
+	const effectiveToolRules: ApiGroupRules | undefined =
+		body.toolRules ?? (toolRulesProvider ? toolRulesProvider(ctx) : undefined);
 	const executeExplore = () => {
 		const result = explorerService.explore(path);
@@ -21,8 +29,8 @@ export async function handleExplore(
 		return result;
 	};
-	if (toolRules && !getRequestScope()?.toolRules) {
-		return runInRequestScope({ toolRules }, executeExplore);
+	if (effectiveToolRules && !getRequestScope()?.toolRules) {
+		return runInRequestScope({ toolRules: effectiveToolRules }, executeExplore);
 	}
 	return executeExplore();