@muzikanto/nestjs-mcp 1.1.0 → 1.1.1

package/CHANGELOG.md

@@ -1,5 +1,11 @@
 # @muzikanto/nestjs-mcp
 
+## 1.1.1
+
+### Patch Changes
+
+- add guard authorization check
+
 ## 1.1.0
 
 ### Minor Changes

package/README.md

@@ -18,6 +18,9 @@ NestJS MCP (Model Context Protocol) module — allows you to create “tools”
   - [Create MCP prompt](#create-mcp-prompt)
   - [Calling MCP tools via HTTP](#calling-mcp-tools-via-http)
   - [Obtaining all tools](#obtaining-all-tools)
+  - [Obtaining all prompts](#obtaining-all-prompts)
+  - [Obtain prompt](#obtain-prompt)
+  - [Auth guard](#auth-guard)
   - [Integration with OpenAI Function Calls](#integration-with-openai-function-calls)
 
 ## Features
@@ -231,6 +234,31 @@ Response
 }
 ```
 
+### Auth guard
+```ts
+import { McpModule } from '@muzikanto/nestjs-mcp';
+import { Module, CanActivate, ExecutionContext, Injectable } from "@nestjs/common";
+
+@Injectable()
+export class TestGuard implements CanActivate {
+    canActivate(context: ExecutionContext): Promise<boolean> {
+      const request = context.switchToHttp().getRequest();
+      const authHeader = request.headers['authorization'];
+    
+      return true;
+    }
+}
+
+@Module({
+  imports: [
+    McpModule.forRoot({
+      guard: TestGuard
+    }),
+  ],
+})
+export class AppModule {}
+```
+
 ### Integration with OpenAI Function Calls
 
 ```ts

package/dist/decorators/mcp-tool.decorator.d.ts

@@ -1,9 +1,12 @@
 import "reflect-metadata";
+export type IMcpToolContext = {
+    request: any;
+};
 export interface IMcpTool<Payload = any, Result = any> {
     name: string;
     description?: string;
     inputSchema?: object | object[];
-    execute(input: Payload): Promise<Result>;
+    execute(input: Payload, context: IMcpToolContext): Promise<Result>;
 }
 export declare const MCP_TOOL_METADATA = "mcp:tool-class";
 /**

package/dist/dto/McpMessage.dto.js

@@ -17,10 +17,10 @@ class McpMessageDto {
 }
 exports.McpMessageDto = McpMessageDto;
 __decorate([
-    (0, swagger_1.ApiProperty)({ type: 'string', description: 'Tool name' }),
+    (0, swagger_1.ApiProperty)({ type: "string", description: "Tool name" }),
     __metadata("design:type", String)
 ], McpMessageDto.prototype, "type", void 0);
 __decorate([
-    (0, swagger_1.ApiProperty)({ description: 'Tool handler payload' }),
+    (0, swagger_1.ApiProperty)({ description: "Tool handler payload" }),
     __metadata("design:type", Object)
 ], McpMessageDto.prototype, "payload", void 0);

package/dist/dto/McpPrompt.dto.js

@@ -17,10 +17,14 @@ class McpPromptDto {
 }
 exports.McpPromptDto = McpPromptDto;
 __decorate([
-    (0, swagger_1.ApiProperty)({ type: 'string', description: 'Propmt name' }),
+    (0, swagger_1.ApiProperty)({ type: "string", description: "Propmt name" }),
     __metadata("design:type", String)
 ], McpPromptDto.prototype, "name", void 0);
 __decorate([
-    (0, swagger_1.ApiProperty)({ type: 'string', description: 'Propmt description', nullable: true }),
+    (0, swagger_1.ApiProperty)({
+        type: "string",
+        description: "Propmt description",
+        nullable: true,
+    }),
     __metadata("design:type", String)
 ], McpPromptDto.prototype, "description", void 0);

package/dist/dto/McpPromptMessage.js

@@ -18,14 +18,23 @@ class McpPromptMessageDto {
 }
 exports.McpPromptMessageDto = McpPromptMessageDto;
 __decorate([
-    (0, swagger_1.ApiProperty)({ type: 'string', description: 'AI role' }),
+    (0, swagger_1.ApiProperty)({ type: "string", description: "AI role" }),
     __metadata("design:type", String)
 ], McpPromptMessageDto.prototype, "role", void 0);
 __decorate([
-    (0, swagger_1.ApiProperty)({ type: 'string', description: 'Request ai message', nullable: true }),
+    (0, swagger_1.ApiProperty)({
+        type: "string",
+        description: "Request ai message",
+        nullable: true,
+    }),
     __metadata("design:type", String)
 ], McpPromptMessageDto.prototype, "content", void 0);
 __decorate([
-    (0, swagger_1.ApiProperty)({ type: 'object', description: 'Tool call context', nullable: true, additionalProperties: false }),
+    (0, swagger_1.ApiProperty)({
+        type: "object",
+        description: "Tool call context",
+        nullable: true,
+        additionalProperties: false,
+    }),
     __metadata("design:type", Object)
 ], McpPromptMessageDto.prototype, "tool_call", void 0);

package/dist/dto/McpPromptMessages.dto.js

@@ -17,6 +17,10 @@ class McpPromptMessagesDto {
 }
 exports.McpPromptMessagesDto = McpPromptMessagesDto;
 __decorate([
-    (0, swagger_1.ApiProperty)({ type: McpPromptMessage_1.McpPromptMessageDto, isArray: true, description: 'Messages list' }),
+    (0, swagger_1.ApiProperty)({
+        type: McpPromptMessage_1.McpPromptMessageDto,
+        isArray: true,
+        description: "Messages list",
+    }),
     __metadata("design:type", Array)
 ], McpPromptMessagesDto.prototype, "messages", void 0);

package/dist/dto/McpPrompts.dto.js

@@ -17,6 +17,10 @@ class McpPromptsDto {
 }
 exports.McpPromptsDto = McpPromptsDto;
 __decorate([
-    (0, swagger_1.ApiProperty)({ type: McpPrompt_dto_1.McpPromptDto, isArray: true, description: 'Prompts list' }),
+    (0, swagger_1.ApiProperty)({
+        type: McpPrompt_dto_1.McpPromptDto,
+        isArray: true,
+        description: "Prompts list",
+    }),
     __metadata("design:type", Array)
 ], McpPromptsDto.prototype, "prompts", void 0);

package/dist/dto/McpTool.dto.js

@@ -18,14 +18,23 @@ class McpToolDto {
 }
 exports.McpToolDto = McpToolDto;
 __decorate([
-    (0, swagger_1.ApiProperty)({ type: 'string', description: 'Tool name' }),
+    (0, swagger_1.ApiProperty)({ type: "string", description: "Tool name" }),
     __metadata("design:type", String)
 ], McpToolDto.prototype, "name", void 0);
 __decorate([
-    (0, swagger_1.ApiProperty)({ type: 'string', description: 'Tool description', nullable: true }),
+    (0, swagger_1.ApiProperty)({
+        type: "string",
+        description: "Tool description",
+        nullable: true,
+    }),
     __metadata("design:type", String)
 ], McpToolDto.prototype, "description", void 0);
 __decorate([
-    (0, swagger_1.ApiProperty)({ type: 'object', description: 'Tool validation schema', nullable: true, additionalProperties: false }),
+    (0, swagger_1.ApiProperty)({
+        type: "object",
+        description: "Tool validation schema",
+        nullable: true,
+        additionalProperties: false,
+    }),
     __metadata("design:type", Object)
 ], McpToolDto.prototype, "parameters", void 0);

package/dist/dto/McpTools.dto.js

@@ -17,6 +17,6 @@ class McpToolsDto {
 }
 exports.McpToolsDto = McpToolsDto;
 __decorate([
-    (0, swagger_1.ApiProperty)({ type: McpTool_dto_1.McpToolDto, isArray: true, description: 'Tools list' }),
+    (0, swagger_1.ApiProperty)({ type: McpTool_dto_1.McpToolDto, isArray: true, description: "Tools list" }),
     __metadata("design:type", Array)
 ], McpToolsDto.prototype, "tools", void 0);

package/dist/mcp.controller.d.ts

@@ -1,3 +1,4 @@
+import { ExecutionContext, CanActivate } from "@nestjs/common";
 import { McpService } from "./mcp.service";
 import { McpMessageDto } from "./dto/McpMessage.dto";
 import { McpToolsDto } from "./dto/McpTools.dto";
@@ -5,8 +6,9 @@ import { McpPromptsDto } from "./dto/McpPrompts.dto";
 import { McpPromptMessagesDto } from "./dto/McpPromptMessages.dto";
 export declare class McpController {
     private readonly service;
-    constructor(service: McpService);
-    handle(body: McpMessageDto): Promise<{
+    private readonly guard;
+    constructor(service: McpService, guard: CanActivate);
+    handle(body: McpMessageDto, request: any, context: ExecutionContext): Promise<{
         success: boolean;
         data: any;
         error?: undefined;
@@ -15,7 +17,8 @@ export declare class McpController {
         error: any;
         data?: undefined;
     }>;
-    getTools(): Promise<McpToolsDto>;
-    getPrompts(): Promise<McpPromptsDto>;
-    getPrompt(name: string, body: object): Promise<McpPromptMessagesDto>;
+    getTools(context: ExecutionContext): Promise<McpToolsDto>;
+    getPrompts(context: ExecutionContext): Promise<McpPromptsDto>;
+    getPrompt(name: string, body: object, context: ExecutionContext): Promise<McpPromptMessagesDto>;
+    private checkGuard;
 }

package/dist/mcp.controller.js

@@ -20,103 +20,134 @@ const swagger_1 = require("@nestjs/swagger");
 const McpTools_dto_1 = require("./dto/McpTools.dto");
 const McpPrompts_dto_1 = require("./dto/McpPrompts.dto");
 const McpPromptMessages_dto_1 = require("./dto/McpPromptMessages.dto");
+const context_decorator_1 = require("./utils/context.decorator");
+const inject_tokens_1 = require("./utils/inject-tokens");
 let McpController = class McpController {
     service;
-    constructor(service) {
+    guard;
+    constructor(service, guard) {
         this.service = service;
+        this.guard = guard;
     }
-    async handle(body) {
-        return this.service.sendMessage(body);
+    async handle(body, request, context) {
+        await this.checkGuard(context);
+        return this.service.sendMessage(body, { request });
     }
-    async getTools() {
+    async getTools(context) {
+        await this.checkGuard(context);
         const tools = this.service.listTools();
         return { tools };
     }
-    async getPrompts() {
+    async getPrompts(context) {
+        await this.checkGuard(context);
         const prompts = this.service.listPrompts();
         return { prompts };
     }
-    async getPrompt(name, body) {
+    async getPrompt(name, body, context) {
+        await this.checkGuard(context);
         const messages = await this.service.getPrompt(name, body);
         return {
             messages,
         };
     }
+    async checkGuard(context) {
+        if (!(await this.guard.canActivate(context))) {
+            throw new common_1.ForbiddenException();
+        }
+    }
 };
 exports.McpController = McpController;
 __decorate([
     (0, common_1.Post)(),
     (0, common_1.Header)("Content-Type", "application/json"),
     (0, swagger_1.ApiOperation)({
-        summary: 'Request tool',
+        summary: "Request tool",
     }),
     (0, swagger_1.ApiResponse)({
         status: 200,
-        description: 'Tool execution result',
+        description: "Tool execution result",
     }),
     (0, swagger_1.ApiBadRequestResponse)({
-        description: 'Invalid request body',
+        description: "Invalid request body",
+    }),
+    (0, swagger_1.ApiForbiddenResponse)({
+        description: "No access to method",
     }),
     __param(0, (0, common_1.Body)()),
+    __param(1, (0, common_1.Request)()),
+    __param(2, (0, context_decorator_1.Context)()),
     __metadata("design:type", Function),
-    __metadata("design:paramtypes", [McpMessage_dto_1.McpMessageDto]),
+    __metadata("design:paramtypes", [McpMessage_dto_1.McpMessageDto, Object, Object]),
     __metadata("design:returntype", Promise)
 ], McpController.prototype, "handle", null);
 __decorate([
     (0, common_1.Get)("tools"),
     (0, swagger_1.ApiOperation)({
-        summary: 'Get tool list',
+        summary: "Get tool list",
     }),
     (0, swagger_1.ApiResponse)({
         status: 200,
-        description: 'Tools list',
+        description: "Tools list",
         type: McpTools_dto_1.McpToolsDto,
     }),
+    (0, swagger_1.ApiForbiddenResponse)({
+        description: "No access to method",
+    }),
+    __param(0, (0, context_decorator_1.Context)()),
     __metadata("design:type", Function),
-    __metadata("design:paramtypes", []),
+    __metadata("design:paramtypes", [Object]),
     __metadata("design:returntype", Promise)
 ], McpController.prototype, "getTools", null);
 __decorate([
     (0, common_1.Get)("prompts"),
     (0, swagger_1.ApiOperation)({
-        summary: 'Get prompt list',
+        summary: "Get prompt list",
     }),
     (0, swagger_1.ApiResponse)({
         status: 200,
-        description: 'Prompts list',
+        description: "Prompts list",
         type: McpPrompts_dto_1.McpPromptsDto,
     }),
+    (0, swagger_1.ApiForbiddenResponse)({
+        description: "No access to method",
+    }),
+    __param(0, (0, context_decorator_1.Context)()),
     __metadata("design:type", Function),
-    __metadata("design:paramtypes", []),
+    __metadata("design:paramtypes", [Object]),
     __metadata("design:returntype", Promise)
 ], McpController.prototype, "getPrompts", null);
 __decorate([
     (0, common_1.Post)("prompts/:name"),
     (0, swagger_1.ApiOperation)({
-        summary: 'Generate messages by prompt name',
+        summary: "Generate messages by prompt name",
     }),
     (0, swagger_1.ApiBody)({
-        description: 'Any body structure',
+        description: "Any body structure",
         type: Object, // Указываем, что тело может быть любым объектом
     }),
     (0, swagger_1.ApiResponse)({
         status: 200,
-        description: 'Prompt messages',
+        description: "Prompt messages",
         type: McpPromptMessages_dto_1.McpPromptMessagesDto,
     }),
     (0, swagger_1.ApiNotFoundResponse)({
-        description: 'Not found prompt',
+        description: "Not found prompt",
     }),
     (0, swagger_1.ApiBadRequestResponse)({
-        description: 'Invalid prompt arguments',
+        description: "Invalid prompt arguments",
+    }),
+    (0, swagger_1.ApiForbiddenResponse)({
+        description: "No access to method",
     }),
-    __param(0, (0, common_1.Param)('name')),
+    __param(0, (0, common_1.Param)("name")),
     __param(1, (0, common_1.Body)()),
+    __param(2, (0, context_decorator_1.Context)()),
     __metadata("design:type", Function),
-    __metadata("design:paramtypes", [String, Object]),
+    __metadata("design:paramtypes", [String, Object, Object]),
     __metadata("design:returntype", Promise)
 ], McpController.prototype, "getPrompt", null);
 exports.McpController = McpController = __decorate([
     (0, common_1.Controller)("mcp"),
-    __metadata("design:paramtypes", [mcp_service_1.McpService])
+    __param(1, (0, common_1.Inject)(inject_tokens_1.MCP_GUARD)),
+    __metadata("design:paramtypes", [mcp_service_1.McpService, Object])
 ], McpController);

package/dist/mcp.module.d.ts

@@ -1,5 +1,7 @@
-import { DynamicModule, ModuleMetadata } from "@nestjs/common";
-type Metadata = Pick<ModuleMetadata, 'providers' | 'imports' | 'exports'>;
+import { CanActivate, DynamicModule, ModuleMetadata, Provider } from "@nestjs/common";
+type Metadata = Pick<ModuleMetadata, "providers" | "imports" | "exports"> & {
+    guard?: Provider<CanActivate>;
+};
 export declare class McpModule {
     static forRoot(metadata?: Metadata): DynamicModule;
 }

package/dist/mcp.module.js

@@ -13,13 +13,27 @@ const core_1 = require("@nestjs/core");
 const mcp_service_1 = require("./mcp.service");
 const mcp_explorer_1 = require("./mcp.explorer");
 const mcp_controller_1 = require("./mcp.controller");
+const inject_tokens_1 = require("./utils/inject-tokens");
+const publicGuard = { canActivate: () => Promise.resolve(true) };
 let McpModule = McpModule_1 = class McpModule {
     static forRoot(metadata = {}) {
+        const guardProvider = metadata.guard
+            ? { provide: inject_tokens_1.MCP_GUARD, useExisting: metadata.guard }
+            : {
+                provide: inject_tokens_1.MCP_GUARD,
+                useValue: publicGuard,
+            };
         return {
             module: McpModule_1,
             imports: [core_1.DiscoveryModule, ...(metadata.imports || [])],
-            providers: [mcp_service_1.McpService, mcp_explorer_1.McpExplorer, ...(metadata.providers || [])],
-            exports: [mcp_service_1.McpService, ...(metadata.providers || [])],
+            providers: [
+                mcp_service_1.McpService,
+                mcp_explorer_1.McpExplorer,
+                guardProvider,
+                ...(metadata.guard ? [metadata.guard] : []),
+                ...(metadata.providers || []),
+            ],
+            exports: [mcp_service_1.McpService, ...(metadata.exports || [])],
             controllers: [mcp_controller_1.McpController],
         };
     }

package/dist/mcp.service.d.ts

@@ -1,5 +1,5 @@
 import { OnModuleInit } from "@nestjs/common";
-import { IMcpTool } from "./decorators/mcp-tool.decorator";
+import { IMcpTool, IMcpToolContext } from "./decorators/mcp-tool.decorator";
 import { IMcpPrompt } from "./decorators/mcp-prompt.decorator";
 export interface McpMessage {
     type: string;
@@ -36,7 +36,7 @@ export declare class McpService implements OnModuleInit {
     sendMessage(msg: {
         type: string;
         payload: any;
-    }): Promise<{
+    }, context: IMcpToolContext): Promise<{
         success: boolean;
         data: any;
         error?: undefined;

package/dist/mcp.service.js

@@ -40,7 +40,7 @@ let McpService = class McpService {
     }
     getPrompt(name, payload) {
         if (!this.prompts.has(name)) {
-            throw new common_1.NotFoundException('Not found prompt');
+            throw new common_1.NotFoundException("Not found prompt");
         }
         const prompt = this.prompts.get(name);
         // Валидация через AJV, если есть inputSchema
@@ -48,7 +48,7 @@ let McpService = class McpService {
             const validate = this.ajv.compile(prompt.inputSchema);
             const valid = validate(payload);
             if (!valid) {
-                throw new common_1.NotFoundException('Invalid prompt arguments');
+                throw new common_1.NotFoundException("Invalid prompt arguments");
             }
         }
         return prompt.execute(payload);
@@ -56,7 +56,7 @@ let McpService = class McpService {
     /**
      * Отправить сообщение в MCP "сервер"
      */
-    async sendMessage(msg) {
+    async sendMessage(msg, context) {
         const tool = this.tools.get(msg.type);
         if (!tool) {
             return { success: false, error: `Unknown tool: "${msg.type}"` };
@@ -70,7 +70,7 @@ let McpService = class McpService {
             }
         }
         try {
-            const result = await tool.execute(msg.payload);
+            const result = await tool.execute(msg.payload, context);
             return { success: true, data: result };
         }
         catch (err) {

package/dist/utils/context.decorator.d.ts

@@ -0,0 +1 @@
+export declare const Context: (...dataOrPipes: unknown[]) => ParameterDecorator;

package/dist/utils/context.decorator.js

@@ -0,0 +1,5 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Context = void 0;
+const common_1 = require("@nestjs/common");
+exports.Context = (0, common_1.createParamDecorator)((data, context) => context);

package/dist/utils/inject-tokens.d.ts

@@ -0,0 +1 @@
+export declare const MCP_GUARD = "MCP:guard";

package/dist/utils/inject-tokens.js

@@ -0,0 +1,4 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MCP_GUARD = void 0;
+exports.MCP_GUARD = "MCP:guard";

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@muzikanto/nestjs-mcp",
-  "version": "1.1.0",
+  "version": "1.1.1",
   "description": "NestJS MCP (Model Context Protocol) module for creating tools for LLM or HTTP with validation, decorators, and OpenAI Function Calls integration.",
   "keywords": [
     "nestjs",