@payloadcms/plugin-mcp 3.80.0-internal.60d6f94 → 3.80.0-internal.bd498b0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/dist/endpoints/mcp.d.ts.map +1 -1
  2. package/dist/endpoints/mcp.js +23 -1
  3. package/dist/endpoints/mcp.js.map +1 -1
  4. package/package.json +5 -5
  5. package/src/endpoints/mcp.ts +21 -1
package/dist/endpoints/mcp.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"mcp.d.ts","sourceRoot":"","sources":["../../src/endpoints/mcp.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,KAAK,cAAc,EAAiD,MAAM,SAAS,CAAA;AAE5F,OAAO,KAAK,EAAqB,qBAAqB,EAAE,MAAM,aAAa,CAAA;AAK3E,eAAO,MAAM,oBAAoB,kBAAmB,qBAAqB,mBA8DxE,CAAA"}
1
+ {"version":3,"file":"mcp.d.ts","sourceRoot":"","sources":["../../src/endpoints/mcp.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,KAAK,cAAc,EAAiD,MAAM,SAAS,CAAA;AAE5F,OAAO,KAAK,EAAqB,qBAAqB,EAAE,MAAM,aAAa,CAAA;AAK3E,eAAO,MAAM,oBAAoB,kBAAmB,qBAAqB,mBAkFxE,CAAA"}
package/dist/endpoints/mcp.js CHANGED
@@ -39,9 +39,31 @@ export const initializeMCPHandler = (pluginOptions)=>{
39
39
  return docs[0];
40
40
  };
41
41
  const mcpAccessSettings = pluginOptions.overrideAuth ? await pluginOptions.overrideAuth(req, getDefaultMcpAccessSettings) : await getDefaultMcpAccessSettings();
42
+ // @modelcontextprotocol/sdk's StreamableHTTPServerTransport uses @hono/node-server's
43
+ // getRequestListener, which replaces global.Request and global.Response with Hono
44
+ // custom classes. Unfortunately, we cannot pass overrideGlobalObjects: false because the option is
45
+ // consumed inside the SDK transport and is not exposed to callers.
46
+ // Save originals here and restore after the handler resolves so that Next.js
47
+ // instanceof Response checks on subsequent route handlers keep working.
48
+ const globals = globalThis;
49
+ const originalResponse = globals['Response'];
50
+ const originalRequest = globals['Request'];
42
51
  const handler = getMCPHandler(pluginOptions, mcpAccessSettings, req);
43
52
  const request = createRequestFromPayloadRequest(req);
44
- return await handler(request);
53
+ try {
54
+ return await handler(request);
55
+ } finally{
56
+ if (globals['Response'] !== originalResponse) {
57
+ Object.defineProperty(globalThis, 'Response', {
58
+ value: originalResponse
59
+ });
60
+ }
61
+ if (globals['Request'] !== originalRequest) {
62
+ Object.defineProperty(globalThis, 'Request', {
63
+ value: originalRequest
64
+ });
65
+ }
66
+ }
45
67
  };
46
68
  return mcpHandler;
47
69
  };
package/dist/endpoints/mcp.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../src/endpoints/mcp.ts"],"sourcesContent":["import crypto from 'crypto'\nimport { type PayloadHandler, type TypedUser, UnauthorizedError, type Where } from 'payload'\n\nimport type { MCPAccessSettings, PluginMCPServerConfig } from '../types.js'\n\nimport { createRequestFromPayloadRequest } from '../mcp/createRequest.js'\nimport { getMCPHandler } from '../mcp/getMcpHandler.js'\n\nexport const initializeMCPHandler = (pluginOptions: PluginMCPServerConfig) => {\n const mcpHandler: PayloadHandler = async (req) => {\n const { payload } = req\n const MCPOptions = pluginOptions.mcp || {}\n const MCPHandlerOptions = MCPOptions.handlerOptions || {}\n const useVerboseLogs = MCPHandlerOptions.verboseLogs ?? false\n\n req.payloadAPI = 'MCP' as const\n\n const getDefaultMcpAccessSettings = async (overrideApiKey?: null | string) => {\n const apiKey =\n (overrideApiKey ?? req.headers.get('Authorization')?.startsWith('Bearer '))\n ? req.headers.get('Authorization')?.replace('Bearer ', '').trim()\n : null\n\n if (apiKey === null) {\n throw new UnauthorizedError()\n }\n\n const sha256APIKeyIndex = crypto\n .createHmac('sha256', payload.secret)\n .update(apiKey || '')\n .digest('hex')\n\n const where: Where = {\n apiKeyIndex: {\n equals: sha256APIKeyIndex,\n },\n }\n\n const { docs } = await payload.find({\n collection: 'payload-mcp-api-keys',\n depth: 1,\n limit: 1,\n pagination: false,\n where,\n })\n\n if (docs.length === 0) {\n throw new UnauthorizedError()\n }\n\n if (useVerboseLogs) {\n payload.logger.info('[payload-mcp] API Key is valid')\n }\n\n const user = docs[0]?.user as TypedUser\n user.collection = pluginOptions.userCollection as string\n user._strategy = 'mcp-api-key' as const\n\n return docs[0] as unknown as MCPAccessSettings\n }\n\n const mcpAccessSettings = pluginOptions.overrideAuth\n ? await pluginOptions.overrideAuth(req, getDefaultMcpAccessSettings)\n : await getDefaultMcpAccessSettings()\n\n const handler = getMCPHandler(pluginOptions, mcpAccessSettings, req)\n const request = createRequestFromPayloadRequest(req)\n return await handler(request)\n }\n return mcpHandler\n}\n"],"names":["crypto","UnauthorizedError","createRequestFromPayloadRequest","getMCPHandler","initializeMCPHandler","pluginOptions","mcpHandler","req","payload","MCPOptions","mcp","MCPHandlerOptions","handlerOptions","useVerboseLogs","verboseLogs","payloadAPI","getDefaultMcpAccessSettings","overrideApiKey","apiKey","headers","get","startsWith","replace","trim","sha256APIKeyIndex","createHmac","secret","update","digest","where","apiKeyIndex","equals","docs","find","collection","depth","limit","pagination","length","logger","info","user","userCollection","_strategy","mcpAccessSettings","overrideAuth","handler","request"],"mappings":"AAAA,OAAOA,YAAY,SAAQ;AAC3B,SAA8CC,iBAAiB,QAAoB,UAAS;AAI5F,SAASC,+BAA+B,QAAQ,0BAAyB;AACzE,SAASC,aAAa,QAAQ,0BAAyB;AAEvD,OAAO,MAAMC,uBAAuB,CAACC;IACnC,MAAMC,aAA6B,OAAOC;QACxC,MAAM,EAAEC,OAAO,EAAE,GAAGD;QACpB,MAAME,aAAaJ,cAAcK,GAAG,IAAI,CAAC;QACzC,MAAMC,oBAAoBF,WAAWG,cAAc,IAAI,CAAC;QACxD,MAAMC,iBAAiBF,kBAAkBG,WAAW,IAAI;QAExDP,IAAIQ,UAAU,GAAG;QAEjB,MAAMC,8BAA8B,OAAOC;YACzC,MAAMC,SACJ,AAACD,kBAAkBV,IAAIY,OAAO,CAACC,GAAG,CAAC,kBAAkBC,WAAW,aAC5Dd,IAAIY,OAAO,CAACC,GAAG,CAAC,kBAAkBE,QAAQ,WAAW,IAAIC,SACzD;YAEN,IAAIL,WAAW,MAAM;gBACnB,MAAM,IAAIjB;YACZ;YAEA,MAAMuB,oBAAoBxB,OACvByB,UAAU,CAAC,UAAUjB,QAAQkB,MAAM,EACnCC,MAAM,CAACT,UAAU,IACjBU,MAAM,CAAC;YAEV,MAAMC,QAAe;gBACnBC,aAAa;oBACXC,QAAQP;gBACV;YACF;YAEA,MAAM,EAAEQ,IAAI,EAAE,GAAG,MAAMxB,QAAQyB,IAAI,CAAC;gBAClCC,YAAY;gBACZC,OAAO;gBACPC,OAAO;gBACPC,YAAY;gBACZR;YACF;YAEA,IAAIG,KAAKM,MAAM,KAAK,GAAG;gBACrB,MAAM,IAAIrC;YACZ;YAEA,IAAIY,gBAAgB;gBAClBL,QAAQ+B,MAAM,CAACC,IAAI,CAAC;YACtB;YAEA,MAAMC,OAAOT,IAAI,CAAC,EAAE,EAAES;YACtBA,KAAKP,UAAU,GAAG7B,cAAcqC,cAAc;YAC9CD,KAAKE,SAAS,GAAG;YAEjB,OAAOX,IAAI,CAAC,EAAE;QAChB;QAEA,MAAMY,oBAAoBvC,cAAcwC,YAAY,GAChD,MAAMxC,cAAcwC,YAAY,CAACtC,KAAKS,+BACtC,MAAMA;QAEV,MAAM8B,UAAU3C,cAAcE,eAAeuC,mBAAmBrC;QAChE,MAAMwC,UAAU7C,gCAAgCK;QAChD,OAAO,MAAMuC,QAAQC;IACvB;IACA,OAAOzC;AACT,EAAC"}
1
+ {"version":3,"sources":["../../src/endpoints/mcp.ts"],"sourcesContent":["import crypto from 'crypto'\nimport { type PayloadHandler, type TypedUser, UnauthorizedError, type Where } from 'payload'\n\nimport type { MCPAccessSettings, PluginMCPServerConfig } from '../types.js'\n\nimport { createRequestFromPayloadRequest } from '../mcp/createRequest.js'\nimport { getMCPHandler } from '../mcp/getMcpHandler.js'\n\nexport const initializeMCPHandler = (pluginOptions: PluginMCPServerConfig) => {\n const mcpHandler: PayloadHandler = async (req) => {\n const { payload } = req\n const MCPOptions = pluginOptions.mcp || {}\n const MCPHandlerOptions = MCPOptions.handlerOptions || {}\n const useVerboseLogs = MCPHandlerOptions.verboseLogs ?? false\n\n req.payloadAPI = 'MCP' as const\n\n const getDefaultMcpAccessSettings = async (overrideApiKey?: null | string) => {\n const apiKey =\n (overrideApiKey ?? req.headers.get('Authorization')?.startsWith('Bearer '))\n ? req.headers.get('Authorization')?.replace('Bearer ', '').trim()\n : null\n\n if (apiKey === null) {\n throw new UnauthorizedError()\n }\n\n const sha256APIKeyIndex = crypto\n .createHmac('sha256', payload.secret)\n .update(apiKey || '')\n .digest('hex')\n\n const where: Where = {\n apiKeyIndex: {\n equals: sha256APIKeyIndex,\n },\n }\n\n const { docs } = await payload.find({\n collection: 'payload-mcp-api-keys',\n depth: 1,\n limit: 1,\n pagination: false,\n where,\n })\n\n if (docs.length === 0) {\n throw new UnauthorizedError()\n }\n\n if (useVerboseLogs) {\n payload.logger.info('[payload-mcp] API Key is valid')\n }\n\n const user = docs[0]?.user as TypedUser\n user.collection = pluginOptions.userCollection as string\n user._strategy = 'mcp-api-key' as const\n\n return docs[0] as unknown as MCPAccessSettings\n }\n\n const mcpAccessSettings = pluginOptions.overrideAuth\n ? await pluginOptions.overrideAuth(req, getDefaultMcpAccessSettings)\n : await getDefaultMcpAccessSettings()\n\n // @modelcontextprotocol/sdk's StreamableHTTPServerTransport uses @hono/node-server's\n // getRequestListener, which replaces global.Request and global.Response with Hono\n // custom classes. Unfortunately, we cannot pass overrideGlobalObjects: false because the option is\n // consumed inside the SDK transport and is not exposed to callers.\n // Save originals here and restore after the handler resolves so that Next.js\n // instanceof Response checks on subsequent route handlers keep working.\n const globals = globalThis as Record<string, unknown>\n const originalResponse = globals['Response']\n const originalRequest = globals['Request']\n\n const handler = getMCPHandler(pluginOptions, mcpAccessSettings, req)\n const request = createRequestFromPayloadRequest(req)\n\n try {\n return await handler(request)\n } finally {\n if (globals['Response'] !== originalResponse) {\n Object.defineProperty(globalThis, 'Response', { value: originalResponse })\n }\n if (globals['Request'] !== originalRequest) {\n Object.defineProperty(globalThis, 'Request', { value: originalRequest })\n }\n }\n }\n return mcpHandler\n}\n"],"names":["crypto","UnauthorizedError","createRequestFromPayloadRequest","getMCPHandler","initializeMCPHandler","pluginOptions","mcpHandler","req","payload","MCPOptions","mcp","MCPHandlerOptions","handlerOptions","useVerboseLogs","verboseLogs","payloadAPI","getDefaultMcpAccessSettings","overrideApiKey","apiKey","headers","get","startsWith","replace","trim","sha256APIKeyIndex","createHmac","secret","update","digest","where","apiKeyIndex","equals","docs","find","collection","depth","limit","pagination","length","logger","info","user","userCollection","_strategy","mcpAccessSettings","overrideAuth","globals","globalThis","originalResponse","originalRequest","handler","request","Object","defineProperty","value"],"mappings":"AAAA,OAAOA,YAAY,SAAQ;AAC3B,SAA8CC,iBAAiB,QAAoB,UAAS;AAI5F,SAASC,+BAA+B,QAAQ,0BAAyB;AACzE,SAASC,aAAa,QAAQ,0BAAyB;AAEvD,OAAO,MAAMC,uBAAuB,CAACC;IACnC,MAAMC,aAA6B,OAAOC;QACxC,MAAM,EAAEC,OAAO,EAAE,GAAGD;QACpB,MAAME,aAAaJ,cAAcK,GAAG,IAAI,CAAC;QACzC,MAAMC,oBAAoBF,WAAWG,cAAc,IAAI,CAAC;QACxD,MAAMC,iBAAiBF,kBAAkBG,WAAW,IAAI;QAExDP,IAAIQ,UAAU,GAAG;QAEjB,MAAMC,8BAA8B,OAAOC;YACzC,MAAMC,SACJ,AAACD,kBAAkBV,IAAIY,OAAO,CAACC,GAAG,CAAC,kBAAkBC,WAAW,aAC5Dd,IAAIY,OAAO,CAACC,GAAG,CAAC,kBAAkBE,QAAQ,WAAW,IAAIC,SACzD;YAEN,IAAIL,WAAW,MAAM;gBACnB,MAAM,IAAIjB;YACZ;YAEA,MAAMuB,oBAAoBxB,OACvByB,UAAU,CAAC,UAAUjB,QAAQkB,MAAM,EACnCC,MAAM,CAACT,UAAU,IACjBU,MAAM,CAAC;YAEV,MAAMC,QAAe;gBACnBC,aAAa;oBACXC,QAAQP;gBACV;YACF;YAEA,MAAM,EAAEQ,IAAI,EAAE,GAAG,MAAMxB,QAAQyB,IAAI,CAAC;gBAClCC,YAAY;gBACZC,OAAO;gBACPC,OAAO;gBACPC,YAAY;gBACZR;YACF;YAEA,IAAIG,KAAKM,MAAM,KAAK,GAAG;gBACrB,MAAM,IAAIrC;YACZ;YAEA,IAAIY,gBAAgB;gBAClBL,QAAQ+B,MAAM,CAACC,IAAI,CAAC;YACtB;YAEA,MAAMC,OAAOT,IAAI,CAAC,EAAE,EAAES;YACtBA,KAAKP,UAAU,GAAG7B,cAAcqC,cAAc;YAC9CD,KAAKE,SAAS,GAAG;YAEjB,OAAOX,IAAI,CAAC,EAAE;QAChB;QAEA,MAAMY,oBAAoBvC,cAAcwC,YAAY,GAChD,MAAMxC,cAAcwC,YAAY,CAACtC,KAAKS,+BACtC,MAAMA;QAEV,qFAAqF;QACrF,kFAAkF;QAClF,mGAAmG;QACnG,mEAAmE;QACnE,6EAA6E;QAC7E,wEAAwE;QACxE,MAAM8B,UAAUC;QAChB,MAAMC,mBAAmBF,OAAO,CAAC,WAAW;QAC5C,MAAMG,kBAAkBH,OAAO,CAAC,UAAU;QAE1C,MAAMI,UAAU/C,cAAcE,eAAeuC,mBAAmBrC;QAChE,MAAM4C,UAAUjD,gCAAgCK;QAEhD,IAAI;YACF,OAAO,MAAM2C,QAAQC;QACvB,SAAU;YACR,IAAIL,OAAO,CAAC,WAAW,KAAKE,kBAAkB;gBAC5CI,OAAOC,cAAc,CAACN,YAAY,YAAY;oBAAEO,OAAON;gBAAiB;YAC1E;YACA,IAAIF,OAAO,CAAC,UAAU,KAAKG,iBAAiB;gBAC1CG,OAAOC,cAAc,CAACN,YAAY,WAAW;oBAAEO,OAAOL;gBAAgB;YACxE;QACF;IACF;IACA,OAAO3C;AACT,EAAC"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@payloadcms/plugin-mcp",
3
- "version": "3.80.0-internal.60d6f94",
3
+ "version": "3.80.0-internal.bd498b0",
4
4
  "description": "MCP (Model Context Protocol) capabilities with Payload",
5
5
  "keywords": [
6
6
  "plugin",
@@ -37,18 +37,18 @@
37
37
  "dist"
38
38
  ],
39
39
  "dependencies": {
40
- "@modelcontextprotocol/sdk": "1.25.2",
40
+ "@modelcontextprotocol/sdk": "1.27.1",
41
41
  "@types/json-schema": "7.0.15",
42
42
  "json-schema-to-zod": "2.6.1",
43
43
  "mcp-handler": "^1.0.7",
44
44
  "zod": "^3.25.50"
45
45
  },
46
46
  "devDependencies": {
47
- "@payloadcms/eslint-config": "3.28.0",
48
- "payload": "3.80.0-internal.60d6f94"
47
+ "payload": "3.80.0-internal.bd498b0",
48
+ "@payloadcms/eslint-config": "3.28.0"
49
49
  },
50
50
  "peerDependencies": {
51
- "payload": "3.80.0-internal.60d6f94"
51
+ "payload": "3.80.0-internal.bd498b0"
52
52
  },
53
53
  "homepage:": "https://payloadcms.com",
54
54
  "scripts": {
package/src/endpoints/mcp.ts CHANGED
@@ -63,9 +63,29 @@ export const initializeMCPHandler = (pluginOptions: PluginMCPServerConfig) => {
63
63
  ? await pluginOptions.overrideAuth(req, getDefaultMcpAccessSettings)
64
64
  : await getDefaultMcpAccessSettings()
65
65
 
66
+ // @modelcontextprotocol/sdk's StreamableHTTPServerTransport uses @hono/node-server's
67
+ // getRequestListener, which replaces global.Request and global.Response with Hono
68
+ // custom classes. Unfortunately, we cannot pass overrideGlobalObjects: false because the option is
69
+ // consumed inside the SDK transport and is not exposed to callers.
70
+ // Save originals here and restore after the handler resolves so that Next.js
71
+ // instanceof Response checks on subsequent route handlers keep working.
72
+ const globals = globalThis as Record<string, unknown>
73
+ const originalResponse = globals['Response']
74
+ const originalRequest = globals['Request']
75
+
66
76
  const handler = getMCPHandler(pluginOptions, mcpAccessSettings, req)
67
77
  const request = createRequestFromPayloadRequest(req)
68
- return await handler(request)
78
+
79
+ try {
80
+ return await handler(request)
81
+ } finally {
82
+ if (globals['Response'] !== originalResponse) {
83
+ Object.defineProperty(globalThis, 'Response', { value: originalResponse })
84
+ }
85
+ if (globals['Request'] !== originalRequest) {
86
+ Object.defineProperty(globalThis, 'Request', { value: originalRequest })
87
+ }
88
+ }
69
89
  }
70
90
  return mcpHandler
71
91
  }