npm - @payloadcms/plugin-mcp - Versions diffs - 4.0.0-internal.38b7f1d → 4.0.0-internal.c2b57ce - Mend

@payloadcms/plugin-mcp 4.0.0-internal.38b7f1d → 4.0.0-internal.c2b57ce

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (328) hide show

package/bin.js +39 -0
package/dist/collection/getAccessField.d.ts +12 -0
package/dist/collection/getAccessField.d.ts.map +1 -0
package/dist/collection/getAccessField.js +57 -0
package/dist/collection/getAccessField.js.map +1 -0
package/dist/collection/index.d.ts +6 -0
package/dist/collection/index.d.ts.map +1 -0
package/dist/collection/index.js +59 -0
package/dist/collection/index.js.map +1 -0
package/dist/components/AccessField/index.client.d.ts +10 -0
package/dist/components/AccessField/index.client.d.ts.map +1 -0
package/dist/components/AccessField/index.client.js +305 -0
package/dist/components/AccessField/index.client.js.map +1 -0
package/dist/components/AccessField/index.css +93 -0
package/dist/defineTool.d.ts +26 -0
package/dist/defineTool.d.ts.map +1 -0
package/dist/defineTool.js +37 -0
package/dist/defineTool.js.map +1 -0
package/dist/endpoint/access.d.ts +10 -0
package/dist/endpoint/access.d.ts.map +1 -0
package/dist/endpoint/access.js +106 -0
package/dist/endpoint/access.js.map +1 -0
package/dist/endpoint/index.d.ts +3 -0
package/dist/endpoint/index.d.ts.map +1 -0
package/dist/endpoint/index.js +36 -0
package/dist/endpoint/index.js.map +1 -0
package/dist/exports/client.d.ts +2 -0
package/dist/exports/client.d.ts.map +1 -0
package/dist/exports/client.js +4 -0
package/dist/exports/client.js.map +1 -0
package/dist/index.d.ts +4 -7
package/dist/index.d.ts.map +1 -1
package/dist/index.js +44 -67
package/dist/index.js.map +1 -1
package/dist/mcp/buildMcpServer.d.ts +19 -0
package/dist/mcp/buildMcpServer.d.ts.map +1 -0
package/dist/mcp/buildMcpServer.js +163 -0
package/dist/mcp/buildMcpServer.js.map +1 -0
package/dist/mcp/builtin/collections/authTools.d.ts +7 -0
package/dist/mcp/builtin/collections/authTools.d.ts.map +1 -0
package/dist/mcp/builtin/collections/authTools.js +250 -0
package/dist/mcp/builtin/collections/authTools.js.map +1 -0
package/dist/mcp/builtin/collections/createTool.d.ts +2 -0
package/dist/mcp/builtin/collections/createTool.d.ts.map +1 -0
package/dist/mcp/builtin/collections/createTool.js +87 -0
package/dist/mcp/builtin/collections/createTool.js.map +1 -0
package/dist/mcp/builtin/collections/deleteTool.d.ts +2 -0
package/dist/mcp/builtin/collections/deleteTool.d.ts.map +1 -0
package/dist/mcp/builtin/collections/deleteTool.js +117 -0
package/dist/mcp/builtin/collections/deleteTool.js.map +1 -0
package/dist/mcp/builtin/collections/findTool.d.ts +2 -0
package/dist/mcp/builtin/collections/findTool.d.ts.map +1 -0
package/dist/mcp/builtin/collections/findTool.js +159 -0
package/dist/mcp/builtin/collections/findTool.js.map +1 -0
package/dist/mcp/builtin/collections/updateTool.d.ts +2 -0
package/dist/mcp/builtin/collections/updateTool.d.ts.map +1 -0
package/dist/mcp/builtin/collections/updateTool.js +187 -0
package/dist/mcp/builtin/collections/updateTool.js.map +1 -0
package/dist/mcp/builtin/globals/findTool.d.ts +2 -0
package/dist/mcp/builtin/globals/findTool.d.ts.map +1 -0
package/dist/mcp/builtin/globals/findTool.js +76 -0
package/dist/mcp/builtin/globals/findTool.js.map +1 -0
package/dist/mcp/builtin/globals/updateTool.d.ts +2 -0
package/dist/mcp/builtin/globals/updateTool.d.ts.map +1 -0
package/dist/mcp/builtin/globals/updateTool.js +92 -0
package/dist/mcp/builtin/globals/updateTool.js.map +1 -0
package/dist/mcp/builtinTools.d.ts +37 -0
package/dist/mcp/builtinTools.d.ts.map +1 -0
package/dist/mcp/builtinTools.js +64 -0
package/dist/mcp/builtinTools.js.map +1 -0
package/dist/mcp/sanitizeMCPConfig.d.ts +17 -0
package/dist/mcp/sanitizeMCPConfig.d.ts.map +1 -0
package/dist/mcp/sanitizeMCPConfig.js +167 -0
package/dist/mcp/sanitizeMCPConfig.js.map +1 -0
package/dist/stdio.d.ts +8 -0
package/dist/stdio.d.ts.map +1 -0
package/dist/stdio.js +89 -0
package/dist/stdio.js.map +1 -0
package/dist/types.d.ts +262 -455
package/dist/types.d.ts.map +1 -1
package/dist/types.js +6 -1
package/dist/types.js.map +1 -1
package/dist/utils/camelCase.d.ts.map +1 -1
package/dist/utils/getLogger.d.ts +10 -0
package/dist/utils/getLogger.d.ts.map +1 -0
package/dist/utils/getLogger.js +22 -0
package/dist/utils/getLogger.js.map +1 -0
package/dist/utils/getPluginConfig.d.ts +12 -0
package/dist/utils/getPluginConfig.d.ts.map +1 -0
package/dist/utils/getPluginConfig.js +15 -0
package/dist/utils/getPluginConfig.js.map +1 -0
package/dist/utils/localAPIDefaults.d.ts +20 -0
package/dist/utils/localAPIDefaults.d.ts.map +1 -0
package/dist/utils/localAPIDefaults.js +19 -0
package/dist/utils/localAPIDefaults.js.map +1 -0
package/dist/utils/resolveProjectRoot.d.ts +7 -0
package/dist/utils/resolveProjectRoot.d.ts.map +1 -0
package/dist/utils/resolveProjectRoot.js +15 -0
package/dist/utils/resolveProjectRoot.js.map +1 -0
package/dist/utils/schemaConversion/prepareCollectionSchema.d.ts +7 -0
package/dist/utils/schemaConversion/prepareCollectionSchema.d.ts.map +1 -0
package/dist/utils/schemaConversion/prepareCollectionSchema.js +37 -0
package/dist/utils/schemaConversion/prepareCollectionSchema.js.map +1 -0
package/dist/utils/schemaConversion/removeVirtualFieldsFromSchema.d.ts +2 -2
package/dist/utils/schemaConversion/removeVirtualFieldsFromSchema.d.ts.map +1 -1
package/dist/utils/schemaConversion/removeVirtualFieldsFromSchema.js.map +1 -1
package/dist/utils/schemaConversion/sanitizeJsonSchema.d.ts +2 -2
package/dist/utils/schemaConversion/sanitizeJsonSchema.d.ts.map +1 -1
package/dist/utils/schemaConversion/sanitizeJsonSchema.js.map +1 -1
package/dist/utils/schemaConversion/simplifyRelationshipFields.d.ts +2 -2
package/dist/utils/schemaConversion/simplifyRelationshipFields.d.ts.map +1 -1
package/dist/utils/schemaConversion/simplifyRelationshipFields.js +7 -4
package/dist/utils/schemaConversion/simplifyRelationshipFields.js.map +1 -1
package/dist/utils/schemaConversion/transformPointFields.d.ts +2 -2
package/dist/utils/schemaConversion/transformPointFields.d.ts.map +1 -1
package/dist/utils/schemaConversion/transformPointFields.js +7 -1
package/dist/utils/schemaConversion/transformPointFields.js.map +1 -1
package/dist/utils/toStandardSchema.d.ts +5 -0
package/dist/utils/toStandardSchema.d.ts.map +1 -0
package/dist/utils/toStandardSchema.js +4 -0
package/dist/utils/toStandardSchema.js.map +1 -0
package/package.json +35 -10
package/src/collection/getAccessField.ts +64 -0
package/src/collection/index.ts +63 -0
package/src/components/AccessField/index.client.tsx +344 -0
package/src/components/AccessField/index.css +93 -0
package/src/defineTool.ts +44 -0
package/src/endpoint/access.ts +132 -0
package/src/endpoint/index.ts +35 -0
package/src/exports/client.ts +2 -0
package/src/index.ts +35 -85
package/src/mcp/buildMcpServer.ts +224 -0
package/src/mcp/builtin/collections/authTools.ts +233 -0
package/src/mcp/builtin/collections/createTool.ts +116 -0
package/src/mcp/builtin/collections/deleteTool.ts +123 -0
package/src/mcp/builtin/collections/findTool.ts +187 -0
package/src/mcp/builtin/collections/updateTool.ts +205 -0
package/src/mcp/builtin/globals/findTool.ts +96 -0
package/src/mcp/builtin/globals/updateTool.ts +118 -0
package/src/mcp/builtinTools.ts +84 -0
package/src/mcp/sanitizeMCPConfig.ts +239 -0
package/src/stdio.ts +98 -0
package/src/types.ts +295 -490
package/src/utils/getLogger.ts +22 -0
package/src/utils/getPluginConfig.ts +24 -0
package/src/utils/localAPIDefaults.ts +22 -0
package/src/utils/resolveProjectRoot.ts +17 -0
package/src/utils/schemaConversion/prepareCollectionSchema.ts +39 -0
package/src/utils/schemaConversion/removeVirtualFieldsFromSchema.ts +3 -3
package/src/utils/schemaConversion/sanitizeJsonSchema.ts +4 -4
package/src/utils/schemaConversion/simplifyRelationshipFields.ts +11 -6
package/src/utils/schemaConversion/transformPointFields.ts +6 -5
package/src/utils/toStandardSchema.ts +9 -0
package/dist/collections/createApiKeysCollection.d.ts +0 -7
package/dist/collections/createApiKeysCollection.d.ts.map +0 -1
package/dist/collections/createApiKeysCollection.js +0 -317
package/dist/collections/createApiKeysCollection.js.map +0 -1
package/dist/defaults.d.ts +0 -4
package/dist/defaults.d.ts.map +0 -1
package/dist/defaults.js +0 -5
package/dist/defaults.js.map +0 -1
package/dist/endpoints/mcp.d.ts +0 -4
package/dist/endpoints/mcp.d.ts.map +0 -1
package/dist/endpoints/mcp.js +0 -71
package/dist/endpoints/mcp.js.map +0 -1
package/dist/mcp/createRequest.d.ts +0 -3
package/dist/mcp/createRequest.d.ts.map +0 -1
package/dist/mcp/createRequest.js +0 -14
package/dist/mcp/createRequest.js.map +0 -1
package/dist/mcp/getMcpHandler.d.ts +0 -4
package/dist/mcp/getMcpHandler.d.ts.map +0 -1
package/dist/mcp/getMcpHandler.js +0 -231
package/dist/mcp/getMcpHandler.js.map +0 -1
package/dist/mcp/helpers/config.d.ts +0 -22
package/dist/mcp/helpers/config.d.ts.map +0 -1
package/dist/mcp/helpers/config.js +0 -153
package/dist/mcp/helpers/config.js.map +0 -1
package/dist/mcp/helpers/fields.d.ts +0 -19
package/dist/mcp/helpers/fields.d.ts.map +0 -1
package/dist/mcp/helpers/fields.js +0 -102
package/dist/mcp/helpers/fields.js.map +0 -1
package/dist/mcp/helpers/fileValidation.d.ts +0 -67
package/dist/mcp/helpers/fileValidation.d.ts.map +0 -1
package/dist/mcp/helpers/fileValidation.js +0 -267
package/dist/mcp/helpers/fileValidation.js.map +0 -1
package/dist/mcp/registerTool.d.ts +0 -6
package/dist/mcp/registerTool.d.ts.map +0 -1
package/dist/mcp/registerTool.js +0 -18
package/dist/mcp/registerTool.js.map +0 -1
package/dist/mcp/tools/auth/auth.d.ts +0 -4
package/dist/mcp/tools/auth/auth.d.ts.map +0 -1
package/dist/mcp/tools/auth/auth.js +0 -57
package/dist/mcp/tools/auth/auth.js.map +0 -1
package/dist/mcp/tools/auth/forgotPassword.d.ts +0 -4
package/dist/mcp/tools/auth/forgotPassword.d.ts.map +0 -1
package/dist/mcp/tools/auth/forgotPassword.js +0 -48
package/dist/mcp/tools/auth/forgotPassword.js.map +0 -1
package/dist/mcp/tools/auth/login.d.ts +0 -4
package/dist/mcp/tools/auth/login.d.ts.map +0 -1
package/dist/mcp/tools/auth/login.js +0 -51
package/dist/mcp/tools/auth/login.js.map +0 -1
package/dist/mcp/tools/auth/resetPassword.d.ts +0 -4
package/dist/mcp/tools/auth/resetPassword.d.ts.map +0 -1
package/dist/mcp/tools/auth/resetPassword.js +0 -49
package/dist/mcp/tools/auth/resetPassword.js.map +0 -1
package/dist/mcp/tools/auth/unlock.d.ts +0 -4
package/dist/mcp/tools/auth/unlock.d.ts.map +0 -1
package/dist/mcp/tools/auth/unlock.js +0 -48
package/dist/mcp/tools/auth/unlock.js.map +0 -1
package/dist/mcp/tools/auth/verify.d.ts +0 -4
package/dist/mcp/tools/auth/verify.d.ts.map +0 -1
package/dist/mcp/tools/auth/verify.js +0 -45
package/dist/mcp/tools/auth/verify.js.map +0 -1
package/dist/mcp/tools/collection/create.d.ts +0 -10
package/dist/mcp/tools/collection/create.d.ts.map +0 -1
package/dist/mcp/tools/collection/create.js +0 -139
package/dist/mcp/tools/collection/create.js.map +0 -1
package/dist/mcp/tools/collection/delete.d.ts +0 -10
package/dist/mcp/tools/collection/delete.d.ts.map +0 -1
package/dist/mcp/tools/collection/delete.js +0 -154
package/dist/mcp/tools/collection/delete.js.map +0 -1
package/dist/mcp/tools/collection/find.d.ts +0 -10
package/dist/mcp/tools/collection/find.d.ts.map +0 -1
package/dist/mcp/tools/collection/find.js +0 -165
package/dist/mcp/tools/collection/find.js.map +0 -1
package/dist/mcp/tools/collection/update.d.ts +0 -10
package/dist/mcp/tools/collection/update.d.ts.map +0 -1
package/dist/mcp/tools/collection/update.js +0 -209
package/dist/mcp/tools/collection/update.js.map +0 -1
package/dist/mcp/tools/config/find.d.ts +0 -10
package/dist/mcp/tools/config/find.d.ts.map +0 -1
package/dist/mcp/tools/config/find.js +0 -97
package/dist/mcp/tools/config/find.js.map +0 -1
package/dist/mcp/tools/config/update.d.ts +0 -10
package/dist/mcp/tools/config/update.d.ts.map +0 -1
package/dist/mcp/tools/config/update.js +0 -215
package/dist/mcp/tools/config/update.js.map +0 -1
package/dist/mcp/tools/global/find.d.ts +0 -5
package/dist/mcp/tools/global/find.d.ts.map +0 -1
package/dist/mcp/tools/global/find.js +0 -82
package/dist/mcp/tools/global/find.js.map +0 -1
package/dist/mcp/tools/global/update.d.ts +0 -6
package/dist/mcp/tools/global/update.d.ts.map +0 -1
package/dist/mcp/tools/global/update.js +0 -124
package/dist/mcp/tools/global/update.js.map +0 -1
package/dist/mcp/tools/job/create.d.ts +0 -10
package/dist/mcp/tools/job/create.d.ts.map +0 -1
package/dist/mcp/tools/job/create.js +0 -293
package/dist/mcp/tools/job/create.js.map +0 -1
package/dist/mcp/tools/job/run.d.ts +0 -10
package/dist/mcp/tools/job/run.d.ts.map +0 -1
package/dist/mcp/tools/job/run.js +0 -129
package/dist/mcp/tools/job/run.js.map +0 -1
package/dist/mcp/tools/job/update.d.ts +0 -11
package/dist/mcp/tools/job/update.d.ts.map +0 -1
package/dist/mcp/tools/job/update.js +0 -186
package/dist/mcp/tools/job/update.js.map +0 -1
package/dist/mcp/tools/resource/create.d.ts +0 -6
package/dist/mcp/tools/resource/create.d.ts.map +0 -1
package/dist/mcp/tools/resource/create.js +0 -124
package/dist/mcp/tools/resource/create.js.map +0 -1
package/dist/mcp/tools/resource/delete.d.ts +0 -5
package/dist/mcp/tools/resource/delete.d.ts.map +0 -1
package/dist/mcp/tools/resource/delete.js +0 -151
package/dist/mcp/tools/resource/delete.js.map +0 -1
package/dist/mcp/tools/resource/find.d.ts +0 -5
package/dist/mcp/tools/resource/find.d.ts.map +0 -1
package/dist/mcp/tools/resource/find.js +0 -170
package/dist/mcp/tools/resource/find.js.map +0 -1
package/dist/mcp/tools/resource/update.d.ts +0 -6
package/dist/mcp/tools/resource/update.d.ts.map +0 -1
package/dist/mcp/tools/resource/update.js +0 -256
package/dist/mcp/tools/resource/update.js.map +0 -1
package/dist/mcp/tools/schemas.d.ts +0 -457
package/dist/mcp/tools/schemas.d.ts.map +0 -1
package/dist/mcp/tools/schemas.js +0 -243
package/dist/mcp/tools/schemas.js.map +0 -1
package/dist/utils/adminEntitySettings.d.ts +0 -17
package/dist/utils/adminEntitySettings.d.ts.map +0 -1
package/dist/utils/adminEntitySettings.js +0 -41
package/dist/utils/adminEntitySettings.js.map +0 -1
package/dist/utils/createApiKeyFields.d.ts +0 -15
package/dist/utils/createApiKeyFields.d.ts.map +0 -1
package/dist/utils/createApiKeyFields.js +0 -57
package/dist/utils/createApiKeyFields.js.map +0 -1
package/dist/utils/getEnabledSlugs.d.ts +0 -13
package/dist/utils/getEnabledSlugs.d.ts.map +0 -1
package/dist/utils/getEnabledSlugs.js +0 -32
package/dist/utils/getEnabledSlugs.js.map +0 -1
package/dist/utils/schemaConversion/convertCollectionSchemaToZod.d.ts +0 -3
package/dist/utils/schemaConversion/convertCollectionSchemaToZod.d.ts.map +0 -1
package/dist/utils/schemaConversion/convertCollectionSchemaToZod.js +0 -43
package/dist/utils/schemaConversion/convertCollectionSchemaToZod.js.map +0 -1
package/src/collections/createApiKeysCollection.ts +0 -373
package/src/defaults.ts +0 -3
package/src/endpoints/mcp.ts +0 -91
package/src/mcp/createRequest.ts +0 -13
package/src/mcp/getMcpHandler.ts +0 -545
package/src/mcp/helpers/config.ts +0 -213
package/src/mcp/helpers/fields.ts +0 -154
package/src/mcp/helpers/fileValidation.ts +0 -362
package/src/mcp/registerTool.ts +0 -22
package/src/mcp/tools/auth/auth.ts +0 -71
package/src/mcp/tools/auth/forgotPassword.ts +0 -70
package/src/mcp/tools/auth/login.ts +0 -72
package/src/mcp/tools/auth/resetPassword.ts +0 -61
package/src/mcp/tools/auth/unlock.ts +0 -64
package/src/mcp/tools/auth/verify.ts +0 -57
package/src/mcp/tools/collection/create.ts +0 -210
package/src/mcp/tools/collection/delete.ts +0 -211
package/src/mcp/tools/collection/find.ts +0 -224
package/src/mcp/tools/collection/update.ts +0 -290
package/src/mcp/tools/config/find.ts +0 -128
package/src/mcp/tools/config/update.ts +0 -280
package/src/mcp/tools/global/find.ts +0 -128
package/src/mcp/tools/global/update.ts +0 -207
package/src/mcp/tools/job/create.ts +0 -416
package/src/mcp/tools/job/run.ts +0 -167
package/src/mcp/tools/job/update.ts +0 -274
package/src/mcp/tools/resource/create.ts +0 -211
package/src/mcp/tools/resource/delete.ts +0 -218
package/src/mcp/tools/resource/find.ts +0 -246
package/src/mcp/tools/resource/update.ts +0 -383
package/src/mcp/tools/schemas.ts +0 -520
package/src/utils/adminEntitySettings.ts +0 -40
package/src/utils/createApiKeyFields.ts +0 -72
package/src/utils/getEnabledSlugs.ts +0 -42
package/src/utils/schemaConversion/convertCollectionSchemaToZod.ts +0 -52

package/dist/components/AccessField/index.css ADDED Viewed

@@ -0,0 +1,93 @@
+@layer payload-default {
+  .mcp-access-field {
+    display: flex;
+    flex-direction: column;
+    gap: var(--base);
+  }
+  .mcp-access-field__section {
+    display: flex;
+    flex-direction: column;
+    gap: calc(var(--base) / 2);
+    padding-bottom: var(--base);
+    /* Full-bleed separator: extend past the sidebar's horizontal gutter so the
+       border-block-end spans the entire sidebar width. */
+    margin-inline-start: calc(-1 * var(--sidebar-gutter-h-left, var(--gutter-h)));
+    margin-inline-end: calc(-1 * var(--sidebar-gutter-h-right, var(--gutter-h)));
+    padding-inline-start: var(--sidebar-gutter-h-left, var(--gutter-h));
+    padding-inline-end: var(--sidebar-gutter-h-right, var(--gutter-h));
+    border-block-end: 1px solid var(--theme-elevation-100);
+  }
+  .mcp-access-field__section:last-child {
+    border-block-end: none;
+  }
+  .mcp-access-field__section-header {
+    display: flex;
+    flex-direction: column;
+  }
+  .mcp-access-field__section-header h4 {
+    margin: 0;
+    color: var(--color-text);
+    font-family: var(--text-heading-small-font-family);
+    font-size: var(--text-heading-small-font-size);
+    font-weight: var(--text-heading-small-font-weight);
+    line-height: var(--text-heading-small-line-height);
+    letter-spacing: var(--text-heading-small-letter-spacing);
+  }
+  .mcp-access-field__section-header p {
+    margin: 0;
+    color: var(--color-text-secondary);
+    font-family: var(--text-body-medium-font-family);
+    font-size: var(--text-body-medium-font-size);
+    font-weight: var(--text-body-medium-font-weight);
+    line-height: var(--text-body-medium-line-height);
+    letter-spacing: var(--text-body-medium-letter-spacing);
+  }
+  .mcp-access-field__group {
+    margin-block-end: calc(var(--base) / 2);
+  }
+  .mcp-access-field__group-label {
+    font-weight: 600;
+  }
+  .mcp-access-field__group-actions {
+    display: flex;
+    align-items: center;
+    gap: calc(var(--base) / 6);
+  }
+  .mcp-access-field__action {
+    appearance: none;
+    background: none;
+    border: none;
+    color: var(--theme-elevation-500);
+    cursor: pointer;
+    font-size: 0.75rem;
+    padding: 0;
+  }
+  .mcp-access-field__action:hover {
+    color: var(--theme-text);
+    text-decoration: underline;
+  }
+  .mcp-access-field__action-sep {
+    color: var(--theme-elevation-300);
+    font-size: 0.75rem;
+  }
+  .mcp-access-field__list {
+    list-style: none;
+    margin: 0;
+    padding: 0;
+    display: flex;
+    flex-direction: column;
+    gap: calc(var(--base) / 3);
+  }
+}

package/dist/defineTool.d.ts ADDED Viewed

@@ -0,0 +1,26 @@
+import type { CollectionTool, GlobalTool, Prompt, Tool, ToolInputSchema } from './types.js';
+/**
+ * Two-stage builder: pass the schema/metadata first, then chain `.handler(fn)`. Splitting the
+ * call lets TypeScript resolve `TSchema` from `input` (call 1) before contextually typing the
+ * handler (call 2). A single-call API hit a TS limitation where property order in the literal
+ * decided whether `TSchema` was inferred or pinned to its default.
+ *
+ *     defineCollectionTool({ description, input })
+ *       .handler(({ input }) => …)   // ← input is fully typed here regardless of order
+ *
+ * Config and handler signatures are derived from `Tool` / `CollectionTool` / `GlobalTool` /
+ * `Prompt` via `Omit` + indexed access so there's no duplication with `types.ts`.
+ */
+export declare const defineTool: <TSchema extends ToolInputSchema | undefined = ToolInputSchema | undefined>(args: Omit<Tool<TSchema>, "handler">) => {
+    handler: (fn: Tool<TSchema>["handler"]) => Tool;
+};
+export declare const defineCollectionTool: <TSchema extends ToolInputSchema | undefined = ToolInputSchema | undefined>(args: Omit<CollectionTool<TSchema>, "handler">) => {
+    handler: (fn: CollectionTool<TSchema>["handler"]) => CollectionTool;
+};
+export declare const defineGlobalTool: <TSchema extends ToolInputSchema | undefined = ToolInputSchema | undefined>(args: Omit<GlobalTool<TSchema>, "handler">) => {
+    handler: (fn: GlobalTool<TSchema>["handler"]) => GlobalTool;
+};
+export declare const definePrompt: <TSchema extends ToolInputSchema = ToolInputSchema>(args: Omit<Prompt<TSchema>, "handler">) => {
+    handler: (fn: Prompt<TSchema>["handler"]) => Prompt;
+};
+//# sourceMappingURL=defineTool.d.ts.map

package/dist/defineTool.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"defineTool.d.ts","sourceRoot":"","sources":["../src/defineTool.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,UAAU,EAAE,MAAM,EAAE,IAAI,EAAE,eAAe,EAAE,MAAM,YAAY,CAAA;AAE3F;;;;;;;;;;;GAWG;AAEH,eAAO,MAAM,UAAU,GACrB,OAAO,SAAS,eAAe,GAAG,SAAS,GAAG,eAAe,GAAG,SAAS,EAEzE,MAAM,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,SAAS,CAAC,KACnC;IAAE,OAAO,EAAE,CAAC,EAAE,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,KAAK,IAAI,CAAA;CAElD,CAAA;AAEF,eAAO,MAAM,oBAAoB,GAC/B,OAAO,SAAS,eAAe,GAAG,SAAS,GAAG,eAAe,GAAG,SAAS,EAEzE,MAAM,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,EAAE,SAAS,CAAC,KAC7C;IAAE,OAAO,EAAE,CAAC,EAAE,EAAE,cAAc,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,KAAK,cAAc,CAAA;CAEtE,CAAA;AAEF,eAAO,MAAM,gBAAgB,GAC3B,OAAO,SAAS,eAAe,GAAG,SAAS,GAAG,eAAe,GAAG,SAAS,EAEzE,MAAM,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,SAAS,CAAC,KACzC;IAAE,OAAO,EAAE,CAAC,EAAE,EAAE,UAAU,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,KAAK,UAAU,CAAA;CAE9D,CAAA;AAEF,eAAO,MAAM,YAAY,GAAI,OAAO,SAAS,eAAe,GAAG,eAAe,EAC5E,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,SAAS,CAAC,KACrC;IAAE,OAAO,EAAE,CAAC,EAAE,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,KAAK,MAAM,CAAA;CAEtD,CAAA"}

package/dist/defineTool.js ADDED Viewed

@@ -0,0 +1,37 @@
+/**
+ * Two-stage builder: pass the schema/metadata first, then chain `.handler(fn)`. Splitting the
+ * call lets TypeScript resolve `TSchema` from `input` (call 1) before contextually typing the
+ * handler (call 2). A single-call API hit a TS limitation where property order in the literal
+ * decided whether `TSchema` was inferred or pinned to its default.
+ *
+ *     defineCollectionTool({ description, input })
+ *       .handler(({ input }) => …)   // ← input is fully typed here regardless of order
+ *
+ * Config and handler signatures are derived from `Tool` / `CollectionTool` / `GlobalTool` /
+ * `Prompt` via `Omit` + indexed access so there's no duplication with `types.ts`.
+ */ export const defineTool = (args)=>({
+        handler: (fn)=>({
+                ...args,
+                handler: fn
+            })
+    });
+export const defineCollectionTool = (args)=>({
+        handler: (fn)=>({
+                ...args,
+                handler: fn
+            })
+    });
+export const defineGlobalTool = (args)=>({
+        handler: (fn)=>({
+                ...args,
+                handler: fn
+            })
+    });
+export const definePrompt = (args)=>({
+        handler: (fn)=>({
+                ...args,
+                handler: fn
+            })
+    });
+//# sourceMappingURL=defineTool.js.map

package/dist/defineTool.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/defineTool.ts"],"sourcesContent":["import type { CollectionTool, GlobalTool, Prompt, Tool, ToolInputSchema } from './types.js'\n\n/**\n * Two-stage builder: pass the schema/metadata first, then chain `.handler(fn)`. Splitting the\n * call lets TypeScript resolve `TSchema` from `input` (call 1) before contextually typing the\n * handler (call 2). A single-call API hit a TS limitation where property order in the literal\n * decided whether `TSchema` was inferred or pinned to its default.\n *\n * defineCollectionTool({ description, input })\n * .handler(({ input }) => …) // ← input is fully typed here regardless of order\n *\n * Config and handler signatures are derived from `Tool` / `CollectionTool` / `GlobalTool` /\n * `Prompt` via `Omit` + indexed access so there's no duplication with `types.ts`.\n */\n\nexport const defineTool = <\n TSchema extends ToolInputSchema | undefined = ToolInputSchema | undefined,\n>(\n args: Omit<Tool<TSchema>, 'handler'>,\n): { handler: (fn: Tool<TSchema>['handler']) => Tool } => ({\n handler: (fn) => ({ ...args, handler: fn }) as unknown as Tool,\n})\n\nexport const defineCollectionTool = <\n TSchema extends ToolInputSchema | undefined = ToolInputSchema | undefined,\n>(\n args: Omit<CollectionTool<TSchema>, 'handler'>,\n): { handler: (fn: CollectionTool<TSchema>['handler']) => CollectionTool } => ({\n handler: (fn) => ({ ...args, handler: fn }) as unknown as CollectionTool,\n})\n\nexport const defineGlobalTool = <\n TSchema extends ToolInputSchema | undefined = ToolInputSchema | undefined,\n>(\n args: Omit<GlobalTool<TSchema>, 'handler'>,\n): { handler: (fn: GlobalTool<TSchema>['handler']) => GlobalTool } => ({\n handler: (fn) => ({ ...args, handler: fn }) as unknown as GlobalTool,\n})\n\nexport const definePrompt = <TSchema extends ToolInputSchema = ToolInputSchema>(\n args: Omit<Prompt<TSchema>, 'handler'>,\n): { handler: (fn: Prompt<TSchema>['handler']) => Prompt } => ({\n handler: (fn) => ({ ...args, handler: fn }) as unknown as Prompt,\n})\n"],"names":["defineTool","args","handler","fn","defineCollectionTool","defineGlobalTool","definePrompt"],"mappings":"AAEA;;;;;;;;;;;CAWC,GAED,OAAO,MAAMA,aAAa,CAGxBC,OACyD,CAAA;QACzDC,SAAS,CAACC,KAAQ,CAAA;gBAAE,GAAGF,IAAI;gBAAEC,SAASC;YAAG,CAAA;IAC3C,CAAA,EAAE;AAEF,OAAO,MAAMC,uBAAuB,CAGlCH,OAC6E,CAAA;QAC7EC,SAAS,CAACC,KAAQ,CAAA;gBAAE,GAAGF,IAAI;gBAAEC,SAASC;YAAG,CAAA;IAC3C,CAAA,EAAE;AAEF,OAAO,MAAME,mBAAmB,CAG9BJ,OACqE,CAAA;QACrEC,SAAS,CAACC,KAAQ,CAAA;gBAAE,GAAGF,IAAI;gBAAEC,SAASC;YAAG,CAAA;IAC3C,CAAA,EAAE;AAEF,OAAO,MAAMG,eAAe,CAC1BL,OAC6D,CAAA;QAC7DC,SAAS,CAACC,KAAQ,CAAA;gBAAE,GAAGF,IAAI;gBAAEC,SAASC;YAAG,CAAA;IAC3C,CAAA,EAAE"}

package/dist/endpoint/access.d.ts ADDED Viewed

@@ -0,0 +1,10 @@
+import type { PayloadRequest } from 'payload';
+import type { AuthorizedMCP } from '../types.js';
+/**
+ * Resolves the API key (or dev-mode session) and returns the items the caller
+ * may use. Denied items are dropped from the array.
+ */
+export declare const getAuthorizedMCP: (args: {
+    req: PayloadRequest;
+}) => Promise<AuthorizedMCP>;
+//# sourceMappingURL=access.d.ts.map

package/dist/endpoint/access.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"access.d.ts","sourceRoot":"","sources":["../../src/endpoint/access.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAyB,cAAc,EAAa,MAAM,SAAS,CAAA;AAK/E,OAAO,KAAK,EAAE,aAAa,EAAiB,MAAM,aAAa,CAAA;AAK/D;;;GAGG;AACH,eAAO,MAAM,gBAAgB,EAAE,CAAC,IAAI,EAAE;IAAE,GAAG,EAAE,cAAc,CAAA;CAAE,KAAK,OAAO,CAAC,aAAa,CAiDtF,CAAA"}

package/dist/endpoint/access.js ADDED Viewed

@@ -0,0 +1,106 @@
+import crypto from 'crypto';
+import { UnauthorizedError } from 'payload';
+import { getLogger } from '../utils/getLogger.js';
+import { getPluginConfig } from '../utils/getPluginConfig.js';
+/**
+ * Resolves the API key (or dev-mode session) and returns the items the caller
+ * may use. Denied items are dropped from the array.
+ */ export const getAuthorizedMCP = async ({ req })=>{
+    const logger = getLogger({
+        payload: req.payload
+    });
+    const pluginConfig = getPluginConfig({
+        config: req.payload.config
+    });
+    const authHeader = req.headers.get('Authorization');
+    const hasBearerToken = authHeader?.startsWith('Bearer ');
+    const buildAuthorized = (apiKeyDoc)=>({
+            items: pluginConfig.items.filter((item)=>{
+                switch(item.type){
+                    case 'collectionTool':
+                        return apiKeyDoc.access.collections?.[item.collectionSlug]?.[item.key] !== false;
+                    case 'globalTool':
+                        return apiKeyDoc.access.globals?.[item.globalSlug]?.[item.key] !== false;
+                    case 'prompt':
+                        return apiKeyDoc.access.prompts?.[item.key] !== false;
+                    case 'resource':
+                        return apiKeyDoc.access.resources?.[item.key] !== false;
+                    case 'tool':
+                        return apiKeyDoc.access.tools?.[item.key] !== false;
+                }
+            }),
+            overrideAccess: typeof apiKeyDoc.overrideAccess === 'boolean' ? apiKeyDoc.overrideAccess : false,
+            user: apiKeyDoc.user
+        });
+    if (pluginConfig.overrideAuth) {
+        return await pluginConfig.overrideAuth({
+            getAPIKeyDoc: (overrideApiKey)=>getAPIKeyDoc({
+                    logger,
+                    overrideApiKey,
+                    pluginConfig,
+                    req
+                }),
+            getAuthorizedMCP: ({ apiKeyDoc })=>buildAuthorized(apiKeyDoc),
+            pluginConfig,
+            req
+        });
+    }
+    if (process.env.NODE_ENV === 'development' && !hasBearerToken) {
+        logger.info('Dev mode: skipping API key check, using session user');
+        return buildAuthorized({
+            id: -1,
+            access: {},
+            overrideAccess: true,
+            user: req.user ?? null
+        });
+    }
+    return buildAuthorized(await getAPIKeyDoc({
+        logger,
+        pluginConfig,
+        req
+    }));
+};
+const getAPIKeyDoc = async ({ logger, overrideApiKey, pluginConfig, req })=>{
+    const authHeader = req.headers.get('Authorization');
+    const hasBearerToken = authHeader?.startsWith('Bearer ');
+    const apiKey = overrideApiKey ?? (hasBearerToken ? authHeader?.replace('Bearer ', '').trim() || null : null);
+    if (!apiKey) {
+        throw new UnauthorizedError();
+    }
+    const sha256APIKeyIndex = crypto.createHmac('sha256', req.payload.secret).update(apiKey).digest('hex');
+    const doc = await req.payload.db.findOne({
+        collection: 'payload-mcp-api-keys',
+        req,
+        where: {
+            apiKeyIndex: {
+                equals: sha256APIKeyIndex
+            }
+        }
+    });
+    if (!doc || !doc.user) {
+        throw new UnauthorizedError();
+    }
+    logger.info('API Key is valid');
+    const userRef = doc.user;
+    const userID = typeof userRef === 'object' && userRef !== null && 'id' in userRef ? userRef.id : userRef;
+    const user = await req.payload.findByID({
+        id: userID,
+        collection: pluginConfig.userCollection,
+        depth: 0,
+        disableErrors: true,
+        req
+    });
+    if (!user) {
+        throw new UnauthorizedError();
+    }
+    return {
+        ...doc,
+        user: {
+            ...user,
+            _strategy: 'mcp-api-key',
+            collection: pluginConfig.userCollection
+        }
+    };
+};
+//# sourceMappingURL=access.js.map

package/dist/endpoint/access.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../../src/endpoint/access.ts"],"sourcesContent":["import type { DefaultDocumentIDType, PayloadRequest, TypedUser } from 'payload'\n\nimport crypto from 'crypto'\nimport { UnauthorizedError } from 'payload'\n\nimport type { AuthorizedMCP, MCPAPIKeysDoc } from '../types.js'\n\nimport { getLogger } from '../utils/getLogger.js'\nimport { getPluginConfig } from '../utils/getPluginConfig.js'\n\n/**\n * Resolves the API key (or dev-mode session) and returns the items the caller\n * may use. Denied items are dropped from the array.\n */\nexport const getAuthorizedMCP: (args: { req: PayloadRequest }) => Promise<AuthorizedMCP> = async ({\n req,\n}) => {\n const logger = getLogger({ payload: req.payload })\n const pluginConfig = getPluginConfig({ config: req.payload.config })\n\n const authHeader = req.headers.get('Authorization')\n const hasBearerToken = authHeader?.startsWith('Bearer ')\n\n const buildAuthorized = (apiKeyDoc: MCPAPIKeysDoc): AuthorizedMCP => ({\n items: pluginConfig.items.filter((item) => {\n switch (item.type) {\n case 'collectionTool':\n return apiKeyDoc.access.collections?.[item.collectionSlug]?.[item.key] !== false\n case 'globalTool':\n return apiKeyDoc.access.globals?.[item.globalSlug]?.[item.key] !== false\n case 'prompt':\n return apiKeyDoc.access.prompts?.[item.key] !== false\n case 'resource':\n return apiKeyDoc.access.resources?.[item.key] !== false\n case 'tool':\n return apiKeyDoc.access.tools?.[item.key] !== false\n }\n }),\n overrideAccess:\n typeof apiKeyDoc.overrideAccess === 'boolean' ? apiKeyDoc.overrideAccess : false,\n user: apiKeyDoc.user,\n })\n\n if (pluginConfig.overrideAuth) {\n return await pluginConfig.overrideAuth({\n getAPIKeyDoc: (overrideApiKey) => getAPIKeyDoc({ logger, overrideApiKey, pluginConfig, req }),\n getAuthorizedMCP: ({ apiKeyDoc }) => buildAuthorized(apiKeyDoc),\n pluginConfig,\n req,\n })\n }\n\n if (process.env.NODE_ENV === 'development' && !hasBearerToken) {\n logger.info('Dev mode: skipping API key check, using session user')\n return buildAuthorized({\n id: -1,\n access: {},\n overrideAccess: true,\n user: req.user ?? null,\n })\n }\n\n return buildAuthorized(await getAPIKeyDoc({ logger, pluginConfig, req }))\n}\n\nconst getAPIKeyDoc = async ({\n logger,\n overrideApiKey,\n pluginConfig,\n req,\n}: {\n logger: ReturnType<typeof getLogger>\n overrideApiKey?: string\n pluginConfig: ReturnType<typeof getPluginConfig>\n req: PayloadRequest\n}): Promise<MCPAPIKeysDoc> => {\n const authHeader = req.headers.get('Authorization')\n const hasBearerToken = authHeader?.startsWith('Bearer ')\n\n const apiKey =\n overrideApiKey ?? (hasBearerToken ? authHeader?.replace('Bearer ', '').trim() || null : null)\n\n if (!apiKey) {\n throw new UnauthorizedError()\n }\n\n const sha256APIKeyIndex = crypto\n .createHmac('sha256', req.payload.secret)\n .update(apiKey)\n .digest('hex')\n\n const doc = await req.payload.db.findOne<MCPAPIKeysDoc>({\n collection: 'payload-mcp-api-keys',\n req,\n where: {\n apiKeyIndex: { equals: sha256APIKeyIndex },\n },\n })\n\n if (!doc || !doc.user) {\n throw new UnauthorizedError()\n }\n\n logger.info('API Key is valid')\n\n const userRef = doc.user\n const userID =\n typeof userRef === 'object' && userRef !== null && 'id' in userRef\n ? userRef.id\n : (userRef as unknown as DefaultDocumentIDType)\n\n const user = (await req.payload.findByID({\n id: userID,\n collection: pluginConfig.userCollection,\n depth: 0,\n disableErrors: true,\n req,\n })) as null | TypedUser\n\n if (!user) {\n throw new UnauthorizedError()\n }\n\n return {\n ...doc,\n user: {\n ...user,\n _strategy: 'mcp-api-key' as const,\n collection: pluginConfig.userCollection,\n },\n }\n}\n"],"names":["crypto","UnauthorizedError","getLogger","getPluginConfig","getAuthorizedMCP","req","logger","payload","pluginConfig","config","authHeader","headers","get","hasBearerToken","startsWith","buildAuthorized","apiKeyDoc","items","filter","item","type","access","collections","collectionSlug","key","globals","globalSlug","prompts","resources","tools","overrideAccess","user","overrideAuth","getAPIKeyDoc","overrideApiKey","process","env","NODE_ENV","info","id","apiKey","replace","trim","sha256APIKeyIndex","createHmac","secret","update","digest","doc","db","findOne","collection","where","apiKeyIndex","equals","userRef","userID","findByID","userCollection","depth","disableErrors","_strategy"],"mappings":"AAEA,OAAOA,YAAY,SAAQ;AAC3B,SAASC,iBAAiB,QAAQ,UAAS;AAI3C,SAASC,SAAS,QAAQ,wBAAuB;AACjD,SAASC,eAAe,QAAQ,8BAA6B;AAE7D;;;CAGC,GACD,OAAO,MAAMC,mBAA8E,OAAO,EAChGC,GAAG,EACJ;IACC,MAAMC,SAASJ,UAAU;QAAEK,SAASF,IAAIE,OAAO;IAAC;IAChD,MAAMC,eAAeL,gBAAgB;QAAEM,QAAQJ,IAAIE,OAAO,CAACE,MAAM;IAAC;IAElE,MAAMC,aAAaL,IAAIM,OAAO,CAACC,GAAG,CAAC;IACnC,MAAMC,iBAAiBH,YAAYI,WAAW;IAE9C,MAAMC,kBAAkB,CAACC,YAA6C,CAAA;YACpEC,OAAOT,aAAaS,KAAK,CAACC,MAAM,CAAC,CAACC;gBAChC,OAAQA,KAAKC,IAAI;oBACf,KAAK;wBACH,OAAOJ,UAAUK,MAAM,CAACC,WAAW,EAAE,CAACH,KAAKI,cAAc,CAAC,EAAE,CAACJ,KAAKK,GAAG,CAAC,KAAK;oBAC7E,KAAK;wBACH,OAAOR,UAAUK,MAAM,CAACI,OAAO,EAAE,CAACN,KAAKO,UAAU,CAAC,EAAE,CAACP,KAAKK,GAAG,CAAC,KAAK;oBACrE,KAAK;wBACH,OAAOR,UAAUK,MAAM,CAACM,OAAO,EAAE,CAACR,KAAKK,GAAG,CAAC,KAAK;oBAClD,KAAK;wBACH,OAAOR,UAAUK,MAAM,CAACO,SAAS,EAAE,CAACT,KAAKK,GAAG,CAAC,KAAK;oBACpD,KAAK;wBACH,OAAOR,UAAUK,MAAM,CAACQ,KAAK,EAAE,CAACV,KAAKK,GAAG,CAAC,KAAK;gBAClD;YACF;YACAM,gBACE,OAAOd,UAAUc,cAAc,KAAK,YAAYd,UAAUc,cAAc,GAAG;YAC7EC,MAAMf,UAAUe,IAAI;QACtB,CAAA;IAEA,IAAIvB,aAAawB,YAAY,EAAE;QAC7B,OAAO,MAAMxB,aAAawB,YAAY,CAAC;YACrCC,cAAc,CAACC,iBAAmBD,aAAa;oBAAE3B;oBAAQ4B;oBAAgB1B;oBAAcH;gBAAI;YAC3FD,kBAAkB,CAAC,EAAEY,SAAS,EAAE,GAAKD,gBAAgBC;YACrDR;YACAH;QACF;IACF;IAEA,IAAI8B,QAAQC,GAAG,CAACC,QAAQ,KAAK,iBAAiB,CAACxB,gBAAgB;QAC7DP,OAAOgC,IAAI,CAAC;QACZ,OAAOvB,gBAAgB;YACrBwB,IAAI,CAAC;YACLlB,QAAQ,CAAC;YACTS,gBAAgB;YAChBC,MAAM1B,IAAI0B,IAAI,IAAI;QACpB;IACF;IAEA,OAAOhB,gBAAgB,MAAMkB,aAAa;QAAE3B;QAAQE;QAAcH;IAAI;AACxE,EAAC;AAED,MAAM4B,eAAe,OAAO,EAC1B3B,MAAM,EACN4B,cAAc,EACd1B,YAAY,EACZH,GAAG,EAMJ;IACC,MAAMK,aAAaL,IAAIM,OAAO,CAACC,GAAG,CAAC;IACnC,MAAMC,iBAAiBH,YAAYI,WAAW;IAE9C,MAAM0B,SACJN,kBAAmBrB,CAAAA,iBAAiBH,YAAY+B,QAAQ,WAAW,IAAIC,UAAU,OAAO,IAAG;IAE7F,IAAI,CAACF,QAAQ;QACX,MAAM,IAAIvC;IACZ;IAEA,MAAM0C,oBAAoB3C,OACvB4C,UAAU,CAAC,UAAUvC,IAAIE,OAAO,CAACsC,MAAM,EACvCC,MAAM,CAACN,QACPO,MAAM,CAAC;IAEV,MAAMC,MAAM,MAAM3C,IAAIE,OAAO,CAAC0C,EAAE,CAACC,OAAO,CAAgB;QACtDC,YAAY;QACZ9C;QACA+C,OAAO;YACLC,aAAa;gBAAEC,QAAQX;YAAkB;QAC3C;IACF;IAEA,IAAI,CAACK,OAAO,CAACA,IAAIjB,IAAI,EAAE;QACrB,MAAM,IAAI9B;IACZ;IAEAK,OAAOgC,IAAI,CAAC;IAEZ,MAAMiB,UAAUP,IAAIjB,IAAI;IACxB,MAAMyB,SACJ,OAAOD,YAAY,YAAYA,YAAY,QAAQ,QAAQA,UACvDA,QAAQhB,EAAE,GACTgB;IAEP,MAAMxB,OAAQ,MAAM1B,IAAIE,OAAO,CAACkD,QAAQ,CAAC;QACvClB,IAAIiB;QACJL,YAAY3C,aAAakD,cAAc;QACvCC,OAAO;QACPC,eAAe;QACfvD;IACF;IAEA,IAAI,CAAC0B,MAAM;QACT,MAAM,IAAI9B;IACZ;IAEA,OAAO;QACL,GAAG+C,GAAG;QACNjB,MAAM;YACJ,GAAGA,IAAI;YACP8B,WAAW;YACXV,YAAY3C,aAAakD,cAAc;QACzC;IACF;AACF"}

package/dist/endpoint/index.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+import { type PayloadHandler } from 'payload';
+export declare const mcpEndpoint: PayloadHandler;
+//# sourceMappingURL=index.d.ts.map

package/dist/endpoint/index.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/endpoint/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAuB,KAAK,cAAc,EAAE,MAAM,SAAS,CAAA;AAMlE,eAAO,MAAM,WAAW,EAAE,cA2BzB,CAAA"}

package/dist/endpoint/index.js ADDED Viewed

@@ -0,0 +1,36 @@
+import { WebStandardStreamableHTTPServerTransport } from '@modelcontextprotocol/server';
+import { AuthenticationError } from 'payload';
+import { buildMcpServer } from '../mcp/buildMcpServer.js';
+import { getPluginConfig } from '../utils/getPluginConfig.js';
+import { getAuthorizedMCP } from './access.js';
+export const mcpEndpoint = async (req)=>{
+    if (!req.url) {
+        throw new AuthenticationError();
+    }
+    req.payloadAPI = 'MCP';
+    const pluginConfig = getPluginConfig({
+        config: req.payload.config
+    });
+    const authorizedMCP = await getAuthorizedMCP({
+        req
+    });
+    const server = buildMcpServer({
+        authorizedMCP,
+        pluginConfig,
+        req
+    });
+    const transport = new WebStandardStreamableHTTPServerTransport({
+        enableJsonResponse: true,
+        sessionIdGenerator: undefined
+    });
+    await server.connect(transport);
+    const mcpRequest = new Request(req.url, {
+        body: req.body,
+        duplex: 'half',
+        headers: req.headers,
+        method: req.method
+    });
+    return await transport.handleRequest(mcpRequest);
+};
+//# sourceMappingURL=index.js.map

package/dist/endpoint/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../../src/endpoint/index.ts"],"sourcesContent":["import { WebStandardStreamableHTTPServerTransport } from '@modelcontextprotocol/server'\nimport { AuthenticationError, type PayloadHandler } from 'payload'\n\nimport { buildMcpServer } from '../mcp/buildMcpServer.js'\nimport { getPluginConfig } from '../utils/getPluginConfig.js'\nimport { getAuthorizedMCP } from './access.js'\n\nexport const mcpEndpoint: PayloadHandler = async (req) => {\n if (!req.url) {\n throw new AuthenticationError()\n }\n\n req.payloadAPI = 'MCP' as const\n\n const pluginConfig = getPluginConfig({ config: req.payload.config })\n const authorizedMCP = await getAuthorizedMCP({ req })\n\n const server = buildMcpServer({ authorizedMCP, pluginConfig, req })\n\n const transport = new WebStandardStreamableHTTPServerTransport({\n enableJsonResponse: true,\n sessionIdGenerator: undefined, // stateless mode\n })\n\n await server.connect(transport)\n\n const mcpRequest = new Request(req.url, {\n body: req.body,\n duplex: 'half',\n headers: req.headers,\n method: req.method,\n } as { duplex: 'half' } & RequestInit)\n\n return await transport.handleRequest(mcpRequest)\n}\n"],"names":["WebStandardStreamableHTTPServerTransport","AuthenticationError","buildMcpServer","getPluginConfig","getAuthorizedMCP","mcpEndpoint","req","url","payloadAPI","pluginConfig","config","payload","authorizedMCP","server","transport","enableJsonResponse","sessionIdGenerator","undefined","connect","mcpRequest","Request","body","duplex","headers","method","handleRequest"],"mappings":"AAAA,SAASA,wCAAwC,QAAQ,+BAA8B;AACvF,SAASC,mBAAmB,QAA6B,UAAS;AAElE,SAASC,cAAc,QAAQ,2BAA0B;AACzD,SAASC,eAAe,QAAQ,8BAA6B;AAC7D,SAASC,gBAAgB,QAAQ,cAAa;AAE9C,OAAO,MAAMC,cAA8B,OAAOC;IAChD,IAAI,CAACA,IAAIC,GAAG,EAAE;QACZ,MAAM,IAAIN;IACZ;IAEAK,IAAIE,UAAU,GAAG;IAEjB,MAAMC,eAAeN,gBAAgB;QAAEO,QAAQJ,IAAIK,OAAO,CAACD,MAAM;IAAC;IAClE,MAAME,gBAAgB,MAAMR,iBAAiB;QAAEE;IAAI;IAEnD,MAAMO,SAASX,eAAe;QAAEU;QAAeH;QAAcH;IAAI;IAEjE,MAAMQ,YAAY,IAAId,yCAAyC;QAC7De,oBAAoB;QACpBC,oBAAoBC;IACtB;IAEA,MAAMJ,OAAOK,OAAO,CAACJ;IAErB,MAAMK,aAAa,IAAIC,QAAQd,IAAIC,GAAG,EAAE;QACtCc,MAAMf,IAAIe,IAAI;QACdC,QAAQ;QACRC,SAASjB,IAAIiB,OAAO;QACpBC,QAAQlB,IAAIkB,MAAM;IACpB;IAEA,OAAO,MAAMV,UAAUW,aAAa,CAACN;AACvC,EAAC"}

package/dist/exports/client.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export { AccessField } from '../components/AccessField/index.client.js';
2	+ //# sourceMappingURL=client.d.ts.map

package/dist/exports/client.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../src/exports/client.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,EAAE,MAAM,2CAA2C,CAAA"}

package/dist/exports/client.js ADDED Viewed

@@ -0,0 +1,4 @@
+'use client';
+export { AccessField } from '../components/AccessField/index.client.js';
+//# sourceMappingURL=client.js.map

package/dist/exports/client.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"sources":["../../src/exports/client.ts"],"sourcesContent":["'use client'\nexport { AccessField } from '../components/AccessField/index.client.js'\n"],"names":["AccessField"],"mappings":"AAAA;AACA,SAASA,WAAW,QAAQ,4CAA2C"}

package/dist/index.d.ts CHANGED Viewed

@@ -1,17 +1,14 @@
-import type { MCPAccessSettings, MCPPluginConfig } from './types.js';
+import type { AuthorizedMCP, MCPPluginConfig, SanitizedMCPPluginConfig } from './types.js';
 declare module 'payload' {
     interface PayloadRequest {
         payloadAPI: 'GraphQL' | 'local' | 'MCP' | 'REST';
     }
     interface RegisteredPlugins {
+        /** After the plugin's `plugin` callback runs, `options` holds the sanitized config. */
         '@payloadcms/plugin-mcp': MCPPluginConfig;
     }
 }
-export type { MCPAccessSettings, MCPPluginConfig };
-/**
- * The MCP Plugin for Payload. This plugin allows you to add MCP capabilities to your Payload project.
- *
- * @param pluginOptions - The options for the MCP plugin.
- */
+export type { AuthorizedMCP, MCPPluginConfig, SanitizedMCPPluginConfig };
+export { defineCollectionTool, defineGlobalTool, definePrompt, defineTool } from './defineTool.js';
 export declare const mcpPlugin: (options: MCPPluginConfig) => import("payload").Plugin;
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,~~iBAAiB~~,EAAE,eAAe,EAAE,MAAM,YAAY,CAAA;~~AAKpE~~,OAAO,QAAQ,SAAS,CAAC;IACvB,UAAiB,cAAc;QAC7B,UAAU,EAAE,SAAS,GAAG,OAAO,GAAG,KAAK,GAAG,MAAM,CAAA;KACjD;IACD,UAAU,iBAAiB;QACzB,wBAAwB,EAAE,eAAe,CAAA;KAC1C;CACF;~~AAID~~,YAAY,EAAE,~~iBAAiB~~,EAAE,eAAe,EAAE,CAAA;~~AAElD;;;;GAIG~~;~~AACH~~,eAAO,MAAM,SAAS,~~wDAuFpB~~,CAAA"}
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,aAAa,EAAE,eAAe,EAAE,wBAAwB,EAAE,MAAM,YAAY,CAAA;AAM1F,OAAO,QAAQ,SAAS,CAAC;IACvB,UAAiB,cAAc;QAC7B,UAAU,EAAE,SAAS,GAAG,OAAO,GAAG,KAAK,GAAG,MAAM,CAAA;KACjD;IACD,UAAU,iBAAiB;QACzB,uFAAuF;QACvF,wBAAwB,EAAE,eAAe,CAAA;KAC1C;CACF;AAED,YAAY,EAAE,aAAa,EAAE,eAAe,EAAE,wBAAwB,EAAE,CAAA;AAExE,OAAO,EAAE,oBAAoB,EAAE,gBAAgB,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAA;AAElG,eAAO,MAAM,SAAS,wDAwCpB,CAAA"}

package/dist/index.js CHANGED Viewed

@@ -1,76 +1,53 @@
-import { definePlugin } from 'payload';
-import { createAPIKeysCollection } from './collections/createApiKeysCollection.js';
-import { initializeMCPHandler } from './endpoints/mcp.js';
-import { defaults } from './defaults.js';
-/**
- * The MCP Plugin for Payload. This plugin allows you to add MCP capabilities to your Payload project.
- *
- * @param pluginOptions - The options for the MCP plugin.
- */ export const mcpPlugin = definePlugin({
+import { defaultUserCollection, definePlugin } from 'payload';
+import { getAPIKeysCollection } from './collection/index.js';
+import { mcpEndpoint } from './endpoint/index.js';
+import { sanitizeMCPConfig } from './mcp/sanitizeMCPConfig.js';
+export { defineCollectionTool, defineGlobalTool, definePrompt, defineTool } from './defineTool.js';
+export const mcpPlugin = definePlugin({
     slug: '@payloadcms/plugin-mcp',
     order: 10,
-    plugin: ({ config, plugins: _plugins, ...pluginOptions })=>{
-        if (!config.collections) {
-            config.collections = [];
+    plugin: ({ config, plugins, ...rawConfig })=>{
+        // Our `payload-mcp-api-keys` is auth-enabled; if it'd be the only auth
+        // collection, Payload's later sanitize would pick it as `admin.user`.
+        // Pre-seed the default user collection to prevent that.
+        if (!config.admin?.user) {
+            const firstCollectionWithAuth = (config.collections ?? []).find(({ auth })=>Boolean(auth));
+            if (!firstCollectionWithAuth) {
+                ;
+                (config.collections ??= []).push(defaultUserCollection);
+            }
         }
-        // Collections
-        const collections = pluginOptions.collections || {};
-        // Globals
-        const globals = pluginOptions.globals || {};
-        // Extract custom tools for the global config
-        const customTools = pluginOptions.mcp?.tools?.map((tool)=>({
-                name: tool.name,
-                description: tool.description
-            })) || [];
-        // User Collection
-        pluginOptions.userCollection = pluginOptions.userCollection ?? config?.admin?.user ?? defaults.userCollection;
-        const experimentalTools = pluginOptions?.experimental?.tools || {};
-        /**
-     * API Keys
-     * --------
-     * High resolution control over MCP capabilities is crucial when using Payload with LLMs.
-     *
-     * This API Keys collection has ways for admins to create API keys and allow or disallow the MCP capabilities.
-     * This is useful when Admins want to allow or disallow the use of the MCP capabilities in real time.
-     * For example:
-     *  - If a collection has all of its capabilities enabled, admins can allow or disallow the create, update, delete, and find capabilities on that collection.
-     *  - If a collection only has the find capability enabled, admins can only allow or disallow the find capability on that collection.
-     *  - If a global has all of its capabilities enabled, admins can allow or disallow the find and update capabilities on that global.
-     *  - If a custom tool has gone haywire, admins can disallow that tool.
-     *
-     */ const apiKeyCollection = createAPIKeysCollection(collections, globals, customTools, experimentalTools, pluginOptions);
-        if (pluginOptions.overrideApiKeyCollection) {
-            config.collections.push(pluginOptions.overrideApiKeyCollection(apiKeyCollection));
-        } else {
-            config.collections.push(apiKeyCollection);
+        const pluginConfig = sanitizeMCPConfig({
+            config,
+            pluginConfig: rawConfig
+        });
+        // Stash the sanitized config on plugin options so `getPluginConfig()` reads it.
+        const registered = plugins['@payloadcms/plugin-mcp'];
+        if (registered) {
+            // @ts-expect-error
+            registered.sanitizedOptions = pluginConfig;
         }
-        /**
-     * If the plugin is disabled, we still want to keep added collections/fields so the database schema is consistent which is important for migrations.
-     * If your plugin heavily modifies the database schema, you may want to remove this property.
-     */ if (pluginOptions.disabled) {
+        ;
+        (config.collections ??= []).push(getAPIKeysCollection({
+            pluginConfig
+        }));
+        // Keep the API-keys collection registered even when disabled, so DB schema
+        // and generated types don't drift between enabled/disabled environments.
+        if (pluginConfig.disabled) {
             return config;
         }
-        if (!config.endpoints) {
-            config.endpoints = [];
-        }
-        /**
-     * This is the primary MCP Server Endpoint.
-     * Payload will automatically add the /api prefix to the path, so the full path is `/api/mcp`
-     * NOTE: This is only transport method until we add full support for SSE which will be another endpoint at `/api/sse`
-     */ config.endpoints.push({
-            handler: initializeMCPHandler(pluginOptions),
-            method: 'post',
-            path: '/mcp'
-        });
-        /**
-     * The GET response is always: {"jsonrpc":"2.0","error":{"code":-32000,"message":"Method not allowed."},"id":null} -- even with an API key
-     * This is expected behavior and MCP clients should always use the POST endpoint.
-     */ config.endpoints.push({
-            handler: initializeMCPHandler(pluginOptions),
-            method: 'get',
-            path: '/mcp'
-        });
-        return config;
+        return {
+            ...config,
+            endpoints: [
+                ...config.endpoints ?? [],
+                // Payload prefixes /api, so the full path is /api/mcp.
+                {
+                    handler: mcpEndpoint,
+                    method: 'post',
+                    path: '/mcp'
+                }
+            ]
+        };
     }
 });

package/dist/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../src/index.ts"],"sourcesContent":["import { definePlugin } from 'payload'\n\nimport type { ~~MCPAccessSettings~~, MCPPluginConfig } from './types.js'\n\nimport { ~~createAPIKeysCollection~~ } from './~~collections~~/~~createApiKeysCollection~~.js'\nimport { ~~initializeMCPHandler~~ } from './~~endpoints~~/mcp.js'\n\ndeclare module 'payload' {\n export interface PayloadRequest {\n payloadAPI: 'GraphQL' \| 'local' \| 'MCP' \| 'REST'\n }\n interface RegisteredPlugins {\n '@payloadcms/plugin-mcp': MCPPluginConfig\n }\n}\n\~~nimport { defaults } from './defaults.js'\n\~~nexport type { ~~MCPAccessSettings~~, MCPPluginConfig }\n\~~n/*\n~~ ~~The~~ ~~MCP~~ ~~Plugin~~ ~~for~~ ~~Payload.~~ ~~This~~ ~~plugin allows you to add MCP capabilities to your Payload project.\~~n \n @param pluginOptions - The options for the MCP plugin.\n /\nexport const mcpPlugin = definePlugin<MCPPluginConfig>({\n slug: '@payloadcms/plugin-mcp',\n order: 10,\n plugin: ({ config, plugins~~: _plugins~~, ...~~pluginOptions~~ }) => {\n if ~~(!config.collections)~~ ~~{\n config.collections~~ = ~~[]\n }\n\n //~~ ~~Collections\n const~~ ~~collections~~ = ~~pluginOptions.collections~~ \|\| {}\n // ~~Globals\n const~~ ~~globals~~ = ~~pluginOptions.globals~~ \|\| ~~{}\~~n // ~~Extract~~ ~~custom~~ ~~tools~~ ~~for~~ ~~the~~ ~~global~~ ~~config\~~n ~~const~~ ~~customTools =\n pluginOptions~~.~~mcp~~?.~~tools?.map((tool~~) ~~=> (~~{\n ~~name:~~ ~~tool~~.~~name,\n description:~~ ~~tool~~.~~description,\n~~ })) \|\| []\n~~\n //~~ ~~User~~ ~~Collection~~\n ~~pluginOptions~~.~~userCollection~~ ~~=\n pluginOptions.userCollection~~ ~~?? config?.admin?.user ?? defaults~~.~~userCollection~~\n\n ~~const experimentalTools = pluginOptions?.experimental?.tools \|\| {~~}\n\n /\n ~~API~~ Keys\n * --------\n * ~~High~~ ~~resolution~~ ~~control~~ ~~over MCP capabilities is crucial when using Payload with LLMs.\~~n \n ~~This~~ ~~API~~ ~~Keys~~ ~~collection~~ ~~has~~ ~~ways~~ ~~for~~ ~~admins~~ to ~~create~~ ~~API keys and allow or disallow the MCP capabilities~~.\n * ~~This~~ is ~~useful when Admins want to allow or disallow the use of the MCP capabilities in real time.\~~n * ~~For~~ ~~example:\~~n * - If a collection has all of its capabilities enabled, admins can allow or disallow the create, update, delete, and find capabilities on that collection.\n * - If a collection only has the find capability enabled, admins can only allow or disallow the find capability on that collection.\n * - ~~If a global has all of its capabilities enabled, admins can allow or disallow the find and update capabilities on that global.\~~n * - If a ~~custom~~ ~~tool~~ ~~has~~ ~~gone~~ ~~haywire, admins can disallow that tool.\~~n \n /\n ~~const apiKeyCollection = createAPIKeysCollection(~~\n ~~collections,\n globals,\n customTools,\n experimentalTools,\n pluginOptions,\n )~~\n if (~~pluginOptions.overrideApiKeyCollection) {\n~~ config.collections.push(~~pluginOptions.overrideApiKeyCollection~~(~~apiKeyCollection))\n }~~ ~~else~~ ~~{\n config.collections.push(apiKeyCollection~~)\n }\n\n /*\n If the ~~plugin~~ is ~~disabled,~~ we ~~still~~ ~~want~~ ~~to keep added collections/fields~~ so ~~the~~ ~~database~~ schema ~~is consistent which is important for migrations.\~~n * If ~~your~~ ~~plugin~~ ~~heavily~~ ~~modifies~~ ~~the~~ ~~database~~ ~~schema, you may want to remove this property~~.\n /\n if (~~pluginOptions~~.disabled) {\n return config\n }\n\n if (!config.endpoints) {\n config.endpoints = []\n }\n\n /\n This is the primary MCP Server Endpoint.\n * Payload ~~will~~ ~~automatically add the~~ /api ~~prefix to the path~~, so the full path is `/api/mcp`\n * ~~NOTE~~: ~~This~~ ~~is only transport~~ method ~~until we add full support for SSE which will be another endpoint at `/api/sse`\n /\n config.endpoints.push({\n handler~~: ~~initializeMCPHandler(pluginOptions),\n method:~~ 'post'~~,\n~~ path: '/mcp',\n })\n\n /\n ~~The GET response is always: {\"jsonrpc\":\"2.0\",\"error\":{\"code\":-32000,\"message\":\"Method not allowed.\"~~},\~~"id\":null} -- even with an API key\~~n * This is expected behavior and MCP clients should always use the POST endpoint.\n */\n config.endpoints.push({\n ~~handler: initializeMCPHandler(pluginOptions)~~,\n ~~method: 'get',\n path: '/mcp',\n~~ })\n~~\n return config\n~~ },\n})\n"],"names":["~~definePlugin~~","~~createAPIKeysCollection~~","~~initializeMCPHandler~~","~~defaults~~","~~mcpPlugin~~","~~slug~~","~~order~~","~~plugin~~","~~config~~","~~plugins~~","~~_plugins~~","~~pluginOptions~~","~~collections~~","~~globals~~","~~customTools~~","~~mcp~~","~~tools~~","~~map~~","~~tool~~","~~name~~","~~description~~","~~userCollection~~","~~admin~~","~~user~~","~~experimentalTools~~","~~experimental~~","~~apiKeyCollection~~","~~overrideApiKeyCollection","push","~~disabled","endpoints","handler","method","path"],"mappings":"AAAA,SAASA,YAAY,QAAQ,UAAS;~~AAItC~~,SAASC,~~uBAAuB~~,QAAQ,~~2CAA0C~~;~~AAClF~~,SAASC,~~oBAAoB~~,QAAQ,~~qBAAoB~~;~~AAWzD~~,SAASC,QAAQ,QAAQ,~~gBAAe~~;~~AAIxC;;;;CAIC~~,~~GACD,~~OAAO,MAAMC,~~YAAYJ~~,aAA8B;~~IACrDK~~,MAAM;IACNC,OAAO;IACPC,QAAQ,CAAC,EAAEC,MAAM,EAAEC,~~SAASC~~,~~QAAQ,~~EAAE,GAAGC,~~eAAe~~;~~QACtD~~,~~IAAI~~,~~CAACH~~,~~OAAOI~~,~~WAAW~~,~~EAAE;YACvBJ~~,~~OAAOI~~,~~WAAW~~,~~GAAG~~,~~EAAE~~;~~QACzB;QAEA~~,~~cAAc;QACd~~,~~MAAMA~~,~~cAAcD~~,~~cAAcC~~,WAAW,IAAI,~~CAAC;QAClD~~,~~UAAU;QACV~~,~~MAAMC~~,~~UAAUF,cAAcE,OAAO,~~IAAI,CAAC~~;QAC1C~~,~~6CAA6C;QAC7C~~,~~MAAMC,cACJH,cAAcI,GAAG,~~EAAEC,~~OAAOC,~~IAAI,~~CAACC~~,~~OAAU~~,~~CAAA~~;~~gBACvCC~~,~~MAAMD~~,~~KAAKC~~,~~IAAI;gBACfC~~,~~aAAaF~~,~~KAAKE~~,WAAW~~;YAC/B~~,~~CAAA~~,~~MAAO,~~EAAE~~;QAEX~~,~~kBAAkB;QAClBT~~,~~cAAcU~~,~~cAAc~~,~~GAC1BV~~,~~cAAcU~~,~~cAAc~~,~~IAAIb,QAAQc,OAAOC,QAAQpB,SAASkB,cAAc~~;~~QAEhF~~,~~MAAMG,oBAAoBb,eAAec,~~cAAcT,~~SAAS,CAAC~~;~~QAEjE;;;;;;;;;;;;;KAaC~~,~~GACD,~~MAAMU,~~mBAAmBzB~~,~~wBACvBW~~,~~aACAC~~,~~SACAC~~,~~aACAU~~,~~mBACAb~~;~~QAEF~~,~~IAAIA~~,~~cAAcgB~~,~~wBAAwB~~,~~EAAE~~;~~YAC1CnB~~,~~OAAOI~~,WAAW,~~CAACgB~~,~~IAAI~~,~~CAACjB~~,~~cAAcgB~~,~~wBAAwB~~,~~CAACD~~;~~QACjE~~,~~OAAO~~;~~YACLlB~~,~~OAAOI,WAAW,CAACgB,IAAI,CAACF~~;~~QAC1B;QAEA;;;KAGC~~,~~GACD~~,~~IAAIf~~,~~cAAckB,~~QAAQ,EAAE;~~YAC1B~~,~~OAAOrB~~;QACT;QAEA,~~IAAI~~,~~CAACA~~,~~OAAOsB,SAAS,EAAE~~;~~YACrBtB~~,~~OAAOsB,SAAS,GAAG,EAAE~~;~~QACvB;QAEA;;;;KAIC~~,~~GACDtB~~,~~OAAOsB,~~SAAS,~~CAACF,~~IAAI,~~CAAC~~;~~YACpBG~~,~~SAAS7B,qBAAqBS~~;~~YAC9BqB,QAAQ~~;~~YACRC~~,~~MAAM~~;~~QACR;QAEA;;;KAGC~~,~~GACDzB,OAAOsB,SAAS,CAACF,IAAI,CAAC;YACpBG,SAAS7B,qBAAqBS;YAC9BqB,~~QAAQ;~~YACRC~~,MAAM;~~QACR~~;~~QAEA,OAAOzB~~;~~IACT~~;AACF,GAAE"}
1	+ {"version":3,"sources":["../src/index.ts"],"sourcesContent":["import { defaultUserCollection, definePlugin } from 'payload'\n\nimport type { AuthorizedMCP, MCPPluginConfig, SanitizedMCPPluginConfig } from './types.js'\n\nimport { getAPIKeysCollection } from './collection/index.js'\nimport { mcpEndpoint } from './endpoint/index.js'\nimport { sanitizeMCPConfig } from './mcp/sanitizeMCPConfig.js'\n\ndeclare module 'payload' {\n export interface PayloadRequest {\n payloadAPI: 'GraphQL' \| 'local' \| 'MCP' \| 'REST'\n }\n interface RegisteredPlugins {\n /** After the plugin's `plugin` callback runs, `options` holds the sanitized config. */\n '@payloadcms/plugin-mcp': MCPPluginConfig\n }\n}\n\nexport type { AuthorizedMCP, MCPPluginConfig, SanitizedMCPPluginConfig }\n\nexport { defineCollectionTool, defineGlobalTool, definePrompt, defineTool } from './defineTool.js'\n\nexport const mcpPlugin = definePlugin<MCPPluginConfig>({\n slug: '@payloadcms/plugin-mcp',\n order: 10,\n plugin: ({ config, plugins, ...rawConfig }) => {\n // Our `payload-mcp-api-keys` is auth-enabled; if it'd be the only auth\n // collection, Payload's later sanitize would pick it as `admin.user`.\n // Pre-seed the default user collection to prevent that.\n if (!config.admin?.user) {\n const firstCollectionWithAuth = (config.collections ?? []).find(({ auth }) => Boolean(auth))\n if (!firstCollectionWithAuth) {\n ;(config.collections ??= []).push(defaultUserCollection)\n }\n }\n\n const pluginConfig = sanitizeMCPConfig({ config, pluginConfig: rawConfig })\n\n // Stash the sanitized config on plugin options so `getPluginConfig()` reads it.\n const registered = plugins['@payloadcms/plugin-mcp']\n if (registered) {\n // @ts-expect-error\n registered.sanitizedOptions = pluginConfig as unknown as typeof registered.options\n }\n\n ;(config.collections ??= []).push(getAPIKeysCollection({ pluginConfig }))\n\n // Keep the API-keys collection registered even when disabled, so DB schema\n // and generated types don't drift between enabled/disabled environments.\n if (pluginConfig.disabled) {\n return config\n }\n\n return {\n ...config,\n endpoints: [\n ...(config.endpoints ?? []),\n // Payload prefixes /api, so the full path is /api/mcp.\n { handler: mcpEndpoint, method: 'post', path: '/mcp' },\n ],\n }\n },\n})\n"],"names":["defaultUserCollection","definePlugin","getAPIKeysCollection","mcpEndpoint","sanitizeMCPConfig","defineCollectionTool","defineGlobalTool","definePrompt","defineTool","mcpPlugin","slug","order","plugin","config","plugins","rawConfig","admin","user","firstCollectionWithAuth","collections","find","auth","Boolean","push","pluginConfig","registered","sanitizedOptions","disabled","endpoints","handler","method","path"],"mappings":"AAAA,SAASA,qBAAqB,EAAEC,YAAY,QAAQ,UAAS;AAI7D,SAASC,oBAAoB,QAAQ,wBAAuB;AAC5D,SAASC,WAAW,QAAQ,sBAAqB;AACjD,SAASC,iBAAiB,QAAQ,6BAA4B;AAc9D,SAASC,oBAAoB,EAAEC,gBAAgB,EAAEC,YAAY,EAAEC,UAAU,QAAQ,kBAAiB;AAElG,OAAO,MAAMC,YAAYR,aAA8B;IACrDS,MAAM;IACNC,OAAO;IACPC,QAAQ,CAAC,EAAEC,MAAM,EAAEC,OAAO,EAAE,GAAGC,WAAW;QACxC,uEAAuE;QACvE,sEAAsE;QACtE,wDAAwD;QACxD,IAAI,CAACF,OAAOG,KAAK,EAAEC,MAAM;YACvB,MAAMC,0BAA0B,AAACL,CAAAA,OAAOM,WAAW,IAAI,EAAE,AAAD,EAAGC,IAAI,CAAC,CAAC,EAAEC,IAAI,EAAE,GAAKC,QAAQD;YACtF,IAAI,CAACH,yBAAyB;;gBAC1BL,CAAAA,OAAOM,WAAW,KAAK,EAAE,AAAD,EAAGI,IAAI,CAACvB;YACpC;QACF;QAEA,MAAMwB,eAAepB,kBAAkB;YAAES;YAAQW,cAAcT;QAAU;QAEzE,gFAAgF;QAChF,MAAMU,aAAaX,OAAO,CAAC,yBAAyB;QACpD,IAAIW,YAAY;YACd,mBAAmB;YACnBA,WAAWC,gBAAgB,GAAGF;QAChC;;QAEEX,CAAAA,OAAOM,WAAW,KAAK,EAAE,AAAD,EAAGI,IAAI,CAACrB,qBAAqB;YAAEsB;QAAa;QAEtE,2EAA2E;QAC3E,yEAAyE;QACzE,IAAIA,aAAaG,QAAQ,EAAE;YACzB,OAAOd;QACT;QAEA,OAAO;YACL,GAAGA,MAAM;YACTe,WAAW;mBACLf,OAAOe,SAAS,IAAI,EAAE;gBAC1B,uDAAuD;gBACvD;oBAAEC,SAAS1B;oBAAa2B,QAAQ;oBAAQC,MAAM;gBAAO;aACtD;QACH;IACF;AACF,GAAE"}

package/dist/mcp/buildMcpServer.d.ts ADDED Viewed

@@ -0,0 +1,19 @@
+import { McpServer } from '@modelcontextprotocol/server';
+import { type PayloadRequest } from 'payload';
+import type { AuthorizedMCP, SanitizedMCPPluginConfig } from '../types.js';
+/**
+ * Transport-agnostic core: registers every authorized MCP item onto a fresh
+ * `McpServer` and returns it. The caller is responsible for picking a transport
+ * (`WebStandardStreamableHTTPServerTransport`, `StdioServerTransport`, …) and
+ * calling `server.connect(transport)`.
+ *
+ * `req` is the request context handlers see. For HTTP it's the live
+ * `PayloadRequest` derived from the incoming HTTP request; for stdio it's a
+ * synthesized one built via `createLocalReq`.
+ */
+export declare const buildMcpServer: ({ authorizedMCP, pluginConfig, req, }: {
+    authorizedMCP: AuthorizedMCP;
+    pluginConfig: SanitizedMCPPluginConfig;
+    req: PayloadRequest;
+}) => McpServer;
+//# sourceMappingURL=buildMcpServer.d.ts.map

package/dist/mcp/buildMcpServer.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"buildMcpServer.d.ts","sourceRoot":"","sources":["../../src/mcp/buildMcpServer.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAsB,MAAM,8BAA8B,CAAA;AAC5E,OAAO,EAAgC,KAAK,cAAc,EAAE,MAAM,SAAS,CAAA;AAE3E,OAAO,KAAK,EACV,aAAa,EAIb,wBAAwB,EACzB,MAAM,aAAa,CAAA;AAiBpB;;;;;;;;;GASG;AACH,eAAO,MAAM,cAAc,GAAI,uCAI5B;IACD,aAAa,EAAE,aAAa,CAAA;IAC5B,YAAY,EAAE,wBAAwB,CAAA;IACtC,GAAG,EAAE,cAAc,CAAA;CACpB,KAAG,SAmLH,CAAA"}