@payloadcms/plugin-mcp 4.0.0-internal.40de3ec → 4.0.0-internal.4804abd
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/defaultAccess.d.ts +3 -0
- package/dist/defaultAccess.d.ts.map +1 -0
- package/dist/defaultAccess.js +3 -0
- package/dist/defaultAccess.js.map +1 -0
- package/dist/endpoint/access.d.ts +17 -5
- package/dist/endpoint/access.d.ts.map +1 -1
- package/dist/endpoint/access.js +82 -88
- package/dist/endpoint/access.js.map +1 -1
- package/dist/endpoint/index.d.ts.map +1 -1
- package/dist/endpoint/index.js +11 -0
- package/dist/endpoint/index.js.map +1 -1
- package/dist/exports/client.d.ts +1 -1
- package/dist/exports/client.d.ts.map +1 -1
- package/dist/exports/client.js +1 -1
- package/dist/exports/client.js.map +1 -1
- package/dist/exports/internal.d.ts +2 -0
- package/dist/exports/internal.d.ts.map +1 -0
- package/dist/exports/internal.js +3 -0
- package/dist/exports/internal.js.map +1 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +13 -18
- package/dist/index.js.map +1 -1
- package/dist/mcp/buildMcpServer.d.ts.map +1 -1
- package/dist/mcp/buildMcpServer.js +102 -71
- package/dist/mcp/buildMcpServer.js.map +1 -1
- package/dist/mcp/builtin/collections/authTools.d.ts.map +1 -1
- package/dist/mcp/builtin/collections/authTools.js +44 -6
- package/dist/mcp/builtin/collections/authTools.js.map +1 -1
- package/dist/mcp/builtin/collections/countTool.d.ts +2 -0
- package/dist/mcp/builtin/collections/countTool.d.ts.map +1 -0
- package/dist/mcp/builtin/collections/countTool.js +69 -0
- package/dist/mcp/builtin/collections/countTool.js.map +1 -0
- package/dist/mcp/builtin/collections/countVersionsTool.d.ts +2 -0
- package/dist/mcp/builtin/collections/countVersionsTool.d.ts.map +1 -0
- package/dist/mcp/builtin/collections/countVersionsTool.js +65 -0
- package/dist/mcp/builtin/collections/countVersionsTool.js.map +1 -0
- package/dist/mcp/builtin/collections/createTool.d.ts +1 -1
- package/dist/mcp/builtin/collections/createTool.d.ts.map +1 -1
- package/dist/mcp/builtin/collections/createTool.js +38 -42
- package/dist/mcp/builtin/collections/createTool.js.map +1 -1
- package/dist/mcp/builtin/collections/deleteTool.d.ts +1 -1
- package/dist/mcp/builtin/collections/deleteTool.d.ts.map +1 -1
- package/dist/mcp/builtin/collections/deleteTool.js +14 -20
- package/dist/mcp/builtin/collections/deleteTool.js.map +1 -1
- package/dist/mcp/builtin/collections/duplicateTool.d.ts +2 -0
- package/dist/mcp/builtin/collections/duplicateTool.d.ts.map +1 -0
- package/dist/mcp/builtin/collections/duplicateTool.js +97 -0
- package/dist/mcp/builtin/collections/duplicateTool.js.map +1 -0
- package/dist/mcp/builtin/collections/findDistinctTool.d.ts +2 -0
- package/dist/mcp/builtin/collections/findDistinctTool.d.ts.map +1 -0
- package/dist/mcp/builtin/collections/findDistinctTool.js +93 -0
- package/dist/mcp/builtin/collections/findDistinctTool.js.map +1 -0
- package/dist/mcp/builtin/collections/findTool.d.ts +1 -1
- package/dist/mcp/builtin/collections/findTool.d.ts.map +1 -1
- package/dist/mcp/builtin/collections/findTool.js +49 -43
- package/dist/mcp/builtin/collections/findTool.js.map +1 -1
- package/dist/mcp/builtin/collections/findVersionByIDTool.d.ts +2 -0
- package/dist/mcp/builtin/collections/findVersionByIDTool.d.ts.map +1 -0
- package/dist/mcp/builtin/collections/findVersionByIDTool.js +84 -0
- package/dist/mcp/builtin/collections/findVersionByIDTool.js.map +1 -0
- package/dist/mcp/builtin/collections/findVersionsTool.d.ts +2 -0
- package/dist/mcp/builtin/collections/findVersionsTool.d.ts.map +1 -0
- package/dist/mcp/builtin/collections/findVersionsTool.js +99 -0
- package/dist/mcp/builtin/collections/findVersionsTool.js.map +1 -0
- package/dist/mcp/builtin/collections/formatCollectionError.d.ts +9 -0
- package/dist/mcp/builtin/collections/formatCollectionError.d.ts.map +1 -0
- package/dist/mcp/builtin/collections/formatCollectionError.js +60 -0
- package/dist/mcp/builtin/collections/formatCollectionError.js.map +1 -0
- package/dist/mcp/builtin/collections/getCollectionSchemaTool.d.ts +2 -0
- package/dist/mcp/builtin/collections/getCollectionSchemaTool.d.ts.map +1 -0
- package/dist/mcp/builtin/collections/getCollectionSchemaTool.js +47 -0
- package/dist/mcp/builtin/collections/getCollectionSchemaTool.js.map +1 -0
- package/dist/mcp/builtin/collections/restoreVersionTool.d.ts +2 -0
- package/dist/mcp/builtin/collections/restoreVersionTool.d.ts.map +1 -0
- package/dist/mcp/builtin/collections/restoreVersionTool.js +82 -0
- package/dist/mcp/builtin/collections/restoreVersionTool.js.map +1 -0
- package/dist/mcp/builtin/collections/updateTool.d.ts +1 -1
- package/dist/mcp/builtin/collections/updateTool.d.ts.map +1 -1
- package/dist/mcp/builtin/collections/updateTool.js +87 -86
- package/dist/mcp/builtin/collections/updateTool.js.map +1 -1
- package/dist/mcp/builtin/getConfigInfoTool.d.ts +2 -0
- package/dist/mcp/builtin/getConfigInfoTool.d.ts.map +1 -0
- package/dist/mcp/builtin/getConfigInfoTool.js +71 -0
- package/dist/mcp/builtin/getConfigInfoTool.js.map +1 -0
- package/dist/mcp/builtin/globals/countVersionsTool.d.ts +2 -0
- package/dist/mcp/builtin/globals/countVersionsTool.d.ts.map +1 -0
- package/dist/mcp/builtin/globals/countVersionsTool.js +65 -0
- package/dist/mcp/builtin/globals/countVersionsTool.js.map +1 -0
- package/dist/mcp/builtin/globals/findTool.d.ts.map +1 -1
- package/dist/mcp/builtin/globals/findTool.js +18 -21
- package/dist/mcp/builtin/globals/findTool.js.map +1 -1
- package/dist/mcp/builtin/globals/findVersionByIDTool.d.ts +2 -0
- package/dist/mcp/builtin/globals/findVersionByIDTool.d.ts.map +1 -0
- package/dist/mcp/builtin/globals/findVersionByIDTool.js +80 -0
- package/dist/mcp/builtin/globals/findVersionByIDTool.js.map +1 -0
- package/dist/mcp/builtin/globals/findVersionsTool.d.ts +2 -0
- package/dist/mcp/builtin/globals/findVersionsTool.d.ts.map +1 -0
- package/dist/mcp/builtin/globals/findVersionsTool.js +95 -0
- package/dist/mcp/builtin/globals/findVersionsTool.js.map +1 -0
- package/dist/mcp/builtin/globals/getGlobalSchemaTool.d.ts +2 -0
- package/dist/mcp/builtin/globals/getGlobalSchemaTool.d.ts.map +1 -0
- package/dist/mcp/builtin/globals/getGlobalSchemaTool.js +47 -0
- package/dist/mcp/builtin/globals/getGlobalSchemaTool.js.map +1 -0
- package/dist/mcp/builtin/globals/restoreVersionTool.d.ts +2 -0
- package/dist/mcp/builtin/globals/restoreVersionTool.d.ts.map +1 -0
- package/dist/mcp/builtin/globals/restoreVersionTool.js +78 -0
- package/dist/mcp/builtin/globals/restoreVersionTool.js.map +1 -0
- package/dist/mcp/builtin/globals/updateTool.d.ts.map +1 -1
- package/dist/mcp/builtin/globals/updateTool.js +31 -40
- package/dist/mcp/builtin/globals/updateTool.js.map +1 -1
- package/dist/mcp/builtin/validateEntityData.d.ts +14 -0
- package/dist/mcp/builtin/validateEntityData.d.ts.map +1 -0
- package/dist/mcp/builtin/validateEntityData.js +82 -0
- package/dist/mcp/builtin/validateEntityData.js.map +1 -0
- package/dist/mcp/builtinTools.d.ts +144 -19
- package/dist/mcp/builtinTools.d.ts.map +1 -1
- package/dist/mcp/builtinTools.js +119 -20
- package/dist/mcp/builtinTools.js.map +1 -1
- package/dist/mcp/sanitizeMCPConfig.d.ts +0 -1
- package/dist/mcp/sanitizeMCPConfig.d.ts.map +1 -1
- package/dist/mcp/sanitizeMCPConfig.js +120 -58
- package/dist/mcp/sanitizeMCPConfig.js.map +1 -1
- package/dist/stdio.d.ts +3 -2
- package/dist/stdio.d.ts.map +1 -1
- package/dist/stdio.js +27 -8
- package/dist/stdio.js.map +1 -1
- package/dist/types.d.ts +62 -108
- package/dist/types.d.ts.map +1 -1
- package/dist/types.js +4 -4
- package/dist/types.js.map +1 -1
- package/dist/utils/getPluginConfig.d.ts +1 -1
- package/dist/utils/getPluginConfig.js +1 -1
- package/dist/utils/getPluginConfig.js.map +1 -1
- package/dist/utils/schemaConversion/getEntityInputSchema.d.ts +11 -0
- package/dist/utils/schemaConversion/getEntityInputSchema.d.ts.map +1 -0
- package/dist/utils/schemaConversion/getEntityInputSchema.js +32 -0
- package/dist/utils/schemaConversion/getEntityInputSchema.js.map +1 -0
- package/dist/utils/schemaConversion/sanitizeEntitySchema.d.ts +5 -10
- package/dist/utils/schemaConversion/sanitizeEntitySchema.d.ts.map +1 -1
- package/dist/utils/schemaConversion/sanitizeEntitySchema.js +15 -95
- package/dist/utils/schemaConversion/sanitizeEntitySchema.js.map +1 -1
- package/dist/utils/schemaConversion/sanitizeEntitySchema.spec.js +15 -40
- package/dist/utils/schemaConversion/sanitizeEntitySchema.spec.js.map +1 -1
- package/dist/utils/whereSchema.d.ts +9 -0
- package/dist/utils/whereSchema.d.ts.map +1 -0
- package/dist/utils/whereSchema.js +13 -0
- package/dist/utils/whereSchema.js.map +1 -0
- package/package.json +8 -11
- package/src/defaultAccess.ts +3 -0
- package/src/endpoint/access.ts +88 -101
- package/src/endpoint/index.ts +14 -1
- package/src/exports/client.ts +2 -1
- package/src/exports/internal.ts +1 -0
- package/src/index.ts +8 -16
- package/src/mcp/buildMcpServer.ts +131 -96
- package/src/mcp/builtin/collections/authTools.ts +45 -9
- package/src/mcp/builtin/collections/countTool.ts +74 -0
- package/src/mcp/builtin/collections/countVersionsTool.ts +70 -0
- package/src/mcp/builtin/collections/createTool.ts +55 -59
- package/src/mcp/builtin/collections/deleteTool.ts +19 -16
- package/src/mcp/builtin/collections/duplicateTool.ts +135 -0
- package/src/mcp/builtin/collections/findDistinctTool.ts +120 -0
- package/src/mcp/builtin/collections/findTool.ts +63 -33
- package/src/mcp/builtin/collections/findVersionByIDTool.ts +110 -0
- package/src/mcp/builtin/collections/findVersionsTool.ts +155 -0
- package/src/mcp/builtin/collections/formatCollectionError.ts +84 -0
- package/src/mcp/builtin/collections/getCollectionSchemaTool.ts +46 -0
- package/src/mcp/builtin/collections/restoreVersionTool.ts +108 -0
- package/src/mcp/builtin/collections/updateTool.ts +111 -110
- package/src/mcp/builtin/getConfigInfoTool.ts +69 -0
- package/src/mcp/builtin/globals/countVersionsTool.ts +69 -0
- package/src/mcp/builtin/globals/findTool.ts +26 -17
- package/src/mcp/builtin/globals/findVersionByIDTool.ts +104 -0
- package/src/mcp/builtin/globals/findVersionsTool.ts +148 -0
- package/src/mcp/builtin/globals/getGlobalSchemaTool.ts +41 -0
- package/src/mcp/builtin/globals/restoreVersionTool.ts +100 -0
- package/src/mcp/builtin/globals/updateTool.ts +50 -55
- package/src/mcp/builtin/validateEntityData.ts +132 -0
- package/src/mcp/builtinTools.ts +111 -41
- package/src/mcp/sanitizeMCPConfig.ts +116 -78
- package/src/stdio.ts +23 -8
- package/src/types.ts +77 -112
- package/src/utils/getPluginConfig.ts +1 -1
- package/src/utils/schemaConversion/getEntityInputSchema.ts +62 -0
- package/src/utils/schemaConversion/sanitizeEntitySchema.spec.ts +12 -19
- package/src/utils/schemaConversion/sanitizeEntitySchema.ts +17 -114
- package/src/utils/whereSchema.ts +24 -0
- package/dist/collection/getAccessField.d.ts +0 -12
- package/dist/collection/getAccessField.d.ts.map +0 -1
- package/dist/collection/getAccessField.js +0 -57
- package/dist/collection/getAccessField.js.map +0 -1
- package/dist/collection/index.d.ts +0 -6
- package/dist/collection/index.d.ts.map +0 -1
- package/dist/collection/index.js +0 -60
- package/dist/collection/index.js.map +0 -1
- package/dist/components/AccessField/index.client.d.ts +0 -10
- package/dist/components/AccessField/index.client.d.ts.map +0 -1
- package/dist/components/AccessField/index.client.js +0 -305
- package/dist/components/AccessField/index.client.js.map +0 -1
- package/dist/components/AccessField/index.css +0 -93
- package/dist/utils/schemaConversion/buildToolInput.d.ts +0 -29
- package/dist/utils/schemaConversion/buildToolInput.d.ts.map +0 -1
- package/dist/utils/schemaConversion/buildToolInput.js +0 -51
- package/dist/utils/schemaConversion/buildToolInput.js.map +0 -1
- package/dist/utils/schemaConversion/removeVirtualFieldsFromSchema.d.ts +0 -7
- package/dist/utils/schemaConversion/removeVirtualFieldsFromSchema.d.ts.map +0 -1
- package/dist/utils/schemaConversion/removeVirtualFieldsFromSchema.js +0 -20
- package/dist/utils/schemaConversion/removeVirtualFieldsFromSchema.js.map +0 -1
- package/src/collection/getAccessField.ts +0 -64
- package/src/collection/index.ts +0 -64
- package/src/components/AccessField/index.client.tsx +0 -344
- package/src/components/AccessField/index.css +0 -93
- package/src/utils/schemaConversion/buildToolInput.ts +0 -68
- package/src/utils/schemaConversion/removeVirtualFieldsFromSchema.ts +0 -27
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"defaultAccess.d.ts","sourceRoot":"","sources":["../src/defaultAccess.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,YAAY,CAAA;AAE/C,eAAO,MAAM,aAAa,GAAI,SAAS,aAAa,KAAG,OAA4B,CAAA"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../src/defaultAccess.ts"],"sourcesContent":["import type { MCPAccessArgs } from './types.js'\n\nexport const defaultAccess = ({ req }: MCPAccessArgs): boolean => Boolean(req.user)\n"],"names":["defaultAccess","req","Boolean","user"],"mappings":"AAEA,OAAO,MAAMA,gBAAgB,CAAC,EAAEC,GAAG,EAAiB,GAAcC,QAAQD,IAAIE,IAAI,EAAC"}
|
|
@@ -1,10 +1,22 @@
|
|
|
1
1
|
import type { PayloadRequest } from 'payload';
|
|
2
|
-
import type { AuthorizedMCP } from '../types.js';
|
|
2
|
+
import type { AuthorizedMCP, MCPItem } from '../types.js';
|
|
3
|
+
export type GetAuthorizedMCPArgs = {
|
|
4
|
+
overrideAccess: boolean;
|
|
5
|
+
req: PayloadRequest;
|
|
6
|
+
};
|
|
3
7
|
/**
|
|
4
|
-
* Resolves the
|
|
5
|
-
*
|
|
8
|
+
* Resolves the MCP caller and returns the MCP surface authorized for that request.
|
|
9
|
+
*
|
|
10
|
+
* Authorization has two layers:
|
|
11
|
+
* 1. Payload collection/global permissions determine whether built-in operation tools are shown.
|
|
12
|
+
* 2. MCP `access` callbacks can further hide any configured tool, prompt, or resource.
|
|
13
|
+
*
|
|
14
|
+
* Like Payload core operations, `overrideAccess` skips both layers.
|
|
6
15
|
*/
|
|
7
|
-
export declare const getAuthorizedMCP: (args:
|
|
16
|
+
export declare const getAuthorizedMCP: (args: GetAuthorizedMCPArgs) => Promise<AuthorizedMCP>;
|
|
17
|
+
export declare const filterMCPItems: ({ items, overrideAccess, req, }: {
|
|
18
|
+
items: MCPItem[];
|
|
19
|
+
overrideAccess: boolean;
|
|
8
20
|
req: PayloadRequest;
|
|
9
|
-
}) => Promise<
|
|
21
|
+
}) => Promise<MCPItem[]>;
|
|
10
22
|
//# sourceMappingURL=access.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"access.d.ts","sourceRoot":"","sources":["../../src/endpoint/access.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,
|
|
1
|
+
{"version":3,"file":"access.d.ts","sourceRoot":"","sources":["../../src/endpoint/access.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAwB,MAAM,SAAS,CAAA;AAInE,OAAO,KAAK,EAAE,aAAa,EAAE,OAAO,EAAE,MAAM,aAAa,CAAA;AAIzD,MAAM,MAAM,oBAAoB,GAAG;IACjC,cAAc,EAAE,OAAO,CAAA;IACvB,GAAG,EAAE,cAAc,CAAA;CACpB,CAAA;AAED;;;;;;;;GAQG;AACH,eAAO,MAAM,gBAAgB,EAAE,CAAC,IAAI,EAAE,oBAAoB,KAAK,OAAO,CAAC,aAAa,CAmCnF,CAAA;AAED,eAAO,MAAM,cAAc,GAAU,iCAIlC;IACD,KAAK,EAAE,OAAO,EAAE,CAAA;IAChB,cAAc,EAAE,OAAO,CAAA;IACvB,GAAG,EAAE,cAAc,CAAA;CACpB,KAAG,OAAO,CAAC,OAAO,EAAE,CAmBpB,CAAA"}
|
package/dist/endpoint/access.js
CHANGED
|
@@ -1,106 +1,100 @@
|
|
|
1
|
-
import
|
|
2
|
-
import { UnauthorizedError } from 'payload';
|
|
3
|
-
import { getLogger } from '../utils/getLogger.js';
|
|
1
|
+
import { getAccessResults, UnauthorizedError } from 'payload';
|
|
4
2
|
import { getPluginConfig } from '../utils/getPluginConfig.js';
|
|
5
3
|
/**
|
|
6
|
-
* Resolves the
|
|
7
|
-
*
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
4
|
+
* Resolves the MCP caller and returns the MCP surface authorized for that request.
|
|
5
|
+
*
|
|
6
|
+
* Authorization has two layers:
|
|
7
|
+
* 1. Payload collection/global permissions determine whether built-in operation tools are shown.
|
|
8
|
+
* 2. MCP `access` callbacks can further hide any configured tool, prompt, or resource.
|
|
9
|
+
*
|
|
10
|
+
* Like Payload core operations, `overrideAccess` skips both layers.
|
|
11
|
+
*/ export const getAuthorizedMCP = async ({ overrideAccess, req })=>{
|
|
12
12
|
const pluginConfig = getPluginConfig({
|
|
13
13
|
config: req.payload.config
|
|
14
14
|
});
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
items: pluginConfig.items.filter((item)=>{
|
|
19
|
-
switch(item.type){
|
|
20
|
-
case 'collectionTool':
|
|
21
|
-
return apiKeyDoc.access.collections?.[item.collectionSlug]?.[item.key] !== false;
|
|
22
|
-
case 'globalTool':
|
|
23
|
-
return apiKeyDoc.access.globals?.[item.globalSlug]?.[item.key] !== false;
|
|
24
|
-
case 'prompt':
|
|
25
|
-
return apiKeyDoc.access.prompts?.[item.key] !== false;
|
|
26
|
-
case 'resource':
|
|
27
|
-
return apiKeyDoc.access.resources?.[item.key] !== false;
|
|
28
|
-
case 'tool':
|
|
29
|
-
return apiKeyDoc.access.tools?.[item.key] !== false;
|
|
30
|
-
}
|
|
31
|
-
}),
|
|
32
|
-
overrideAccess: typeof apiKeyDoc.overrideAccess === 'boolean' ? apiKeyDoc.overrideAccess : false,
|
|
33
|
-
user: apiKeyDoc.user
|
|
34
|
-
});
|
|
35
|
-
if (pluginConfig.overrideAuth) {
|
|
36
|
-
return await pluginConfig.overrideAuth({
|
|
37
|
-
getAPIKeyDoc: (overrideApiKey)=>getAPIKeyDoc({
|
|
38
|
-
logger,
|
|
39
|
-
overrideApiKey,
|
|
40
|
-
pluginConfig,
|
|
41
|
-
req
|
|
42
|
-
}),
|
|
43
|
-
getAuthorizedMCP: ({ apiKeyDoc })=>buildAuthorized(apiKeyDoc),
|
|
15
|
+
if (pluginConfig.overrideGetAuthorizedMCP) {
|
|
16
|
+
return await pluginConfig.overrideGetAuthorizedMCP({
|
|
17
|
+
overrideAccess,
|
|
44
18
|
pluginConfig,
|
|
45
19
|
req
|
|
46
20
|
});
|
|
47
21
|
}
|
|
48
|
-
if (
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
});
|
|
22
|
+
if (req.headers) {
|
|
23
|
+
const headers = new Headers(req.headers);
|
|
24
|
+
const hasAuthorization = headers.has('Authorization');
|
|
25
|
+
headers.set('DisableAutologin', 'true');
|
|
26
|
+
req.user = (await req.payload.auth({
|
|
27
|
+
headers,
|
|
28
|
+
req
|
|
29
|
+
})).user;
|
|
30
|
+
if (hasAuthorization && !req.user) {
|
|
31
|
+
throw new UnauthorizedError(req.t);
|
|
32
|
+
}
|
|
56
33
|
}
|
|
57
|
-
return
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
34
|
+
return {
|
|
35
|
+
items: await filterMCPItems({
|
|
36
|
+
items: pluginConfig.items,
|
|
37
|
+
overrideAccess,
|
|
38
|
+
req
|
|
39
|
+
}),
|
|
40
|
+
overrideAccess,
|
|
41
|
+
user: req.user
|
|
42
|
+
};
|
|
62
43
|
};
|
|
63
|
-
const
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
throw new UnauthorizedError();
|
|
69
|
-
}
|
|
70
|
-
const sha256APIKeyIndex = crypto.createHmac('sha256', req.payload.secret).update(apiKey).digest('hex');
|
|
71
|
-
const doc = await req.payload.db.findOne({
|
|
72
|
-
collection: 'payload-mcp-api-keys',
|
|
73
|
-
req,
|
|
74
|
-
where: {
|
|
75
|
-
apiKeyIndex: {
|
|
76
|
-
equals: sha256APIKeyIndex
|
|
77
|
-
}
|
|
78
|
-
}
|
|
79
|
-
});
|
|
80
|
-
if (!doc || !doc.user) {
|
|
81
|
-
throw new UnauthorizedError();
|
|
44
|
+
export const filterMCPItems = async ({ items, overrideAccess, req })=>{
|
|
45
|
+
// Match Payload core: overrideAccess bypasses access evaluation instead of
|
|
46
|
+
// forcing each access function to return true.
|
|
47
|
+
if (overrideAccess) {
|
|
48
|
+
return items;
|
|
82
49
|
}
|
|
83
|
-
|
|
84
|
-
const
|
|
85
|
-
const userID = typeof userRef === 'object' && userRef !== null && 'id' in userRef ? userRef.id : userRef;
|
|
86
|
-
const user = await req.payload.findByID({
|
|
87
|
-
id: userID,
|
|
88
|
-
collection: pluginConfig.userCollection,
|
|
89
|
-
depth: 0,
|
|
90
|
-
disableErrors: true,
|
|
50
|
+
const authorizedItems = [];
|
|
51
|
+
const permissions = await getAccessResults({
|
|
91
52
|
req
|
|
92
53
|
});
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
_strategy: 'mcp-api-key',
|
|
101
|
-
collection: pluginConfig.userCollection
|
|
54
|
+
for (const item of items){
|
|
55
|
+
if (!await checkItemAccess({
|
|
56
|
+
item,
|
|
57
|
+
permissions,
|
|
58
|
+
req
|
|
59
|
+
})) {
|
|
60
|
+
continue;
|
|
102
61
|
}
|
|
103
|
-
|
|
62
|
+
authorizedItems.push(item);
|
|
63
|
+
}
|
|
64
|
+
return authorizedItems;
|
|
65
|
+
};
|
|
66
|
+
/**
|
|
67
|
+
* Runs MCP item access callbacks
|
|
68
|
+
*/ const checkItemAccess = async ({ item, permissions, req })=>{
|
|
69
|
+
switch(item.type){
|
|
70
|
+
case 'collectionTool':
|
|
71
|
+
return !item.tool.access || await item.tool.access({
|
|
72
|
+
collectionSlug: item.collectionSlug,
|
|
73
|
+
permissions,
|
|
74
|
+
req
|
|
75
|
+
});
|
|
76
|
+
case 'globalTool':
|
|
77
|
+
return !item.tool.access || await item.tool.access({
|
|
78
|
+
globalSlug: item.globalSlug,
|
|
79
|
+
permissions,
|
|
80
|
+
req
|
|
81
|
+
});
|
|
82
|
+
case 'prompt':
|
|
83
|
+
return !item.prompt.access || await item.prompt.access({
|
|
84
|
+
permissions,
|
|
85
|
+
req
|
|
86
|
+
});
|
|
87
|
+
case 'resource':
|
|
88
|
+
return !item.resource.access || await item.resource.access({
|
|
89
|
+
permissions,
|
|
90
|
+
req
|
|
91
|
+
});
|
|
92
|
+
case 'tool':
|
|
93
|
+
return !item.tool.access || await item.tool.access({
|
|
94
|
+
permissions,
|
|
95
|
+
req
|
|
96
|
+
});
|
|
97
|
+
}
|
|
104
98
|
};
|
|
105
99
|
|
|
106
100
|
//# sourceMappingURL=access.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../src/endpoint/access.ts"],"sourcesContent":["import type {
|
|
1
|
+
{"version":3,"sources":["../../src/endpoint/access.ts"],"sourcesContent":["import type { PayloadRequest, SanitizedPermissions } from 'payload'\n\nimport { getAccessResults, UnauthorizedError } from 'payload'\n\nimport type { AuthorizedMCP, MCPItem } from '../types.js'\n\nimport { getPluginConfig } from '../utils/getPluginConfig.js'\n\nexport type GetAuthorizedMCPArgs = {\n overrideAccess: boolean\n req: PayloadRequest\n}\n\n/**\n * Resolves the MCP caller and returns the MCP surface authorized for that request.\n *\n * Authorization has two layers:\n * 1. Payload collection/global permissions determine whether built-in operation tools are shown.\n * 2. MCP `access` callbacks can further hide any configured tool, prompt, or resource.\n *\n * Like Payload core operations, `overrideAccess` skips both layers.\n */\nexport const getAuthorizedMCP: (args: GetAuthorizedMCPArgs) => Promise<AuthorizedMCP> = async ({\n overrideAccess,\n req,\n}) => {\n const pluginConfig = getPluginConfig({ config: req.payload.config })\n\n if (pluginConfig.overrideGetAuthorizedMCP) {\n return await pluginConfig.overrideGetAuthorizedMCP({\n overrideAccess,\n pluginConfig,\n req,\n })\n }\n\n if (req.headers) {\n const headers = new Headers(req.headers)\n const hasAuthorization = headers.has('Authorization')\n\n headers.set('DisableAutologin', 'true')\n req.user = (await req.payload.auth({ headers, req })).user\n\n if (hasAuthorization && !req.user) {\n throw new UnauthorizedError(req.t)\n }\n }\n\n return {\n items: await filterMCPItems({\n items: pluginConfig.items,\n overrideAccess,\n req,\n }),\n overrideAccess,\n user: req.user,\n }\n}\n\nexport const filterMCPItems = async ({\n items,\n overrideAccess,\n req,\n}: {\n items: MCPItem[]\n overrideAccess: boolean\n req: PayloadRequest\n}): Promise<MCPItem[]> => {\n // Match Payload core: overrideAccess bypasses access evaluation instead of\n // forcing each access function to return true.\n if (overrideAccess) {\n return items\n }\n\n const authorizedItems: MCPItem[] = []\n\n const permissions = await getAccessResults({ req })\n\n for (const item of items) {\n if (!(await checkItemAccess({ item, permissions, req }))) {\n continue\n }\n authorizedItems.push(item)\n }\n\n return authorizedItems\n}\n\n/**\n * Runs MCP item access callbacks\n */\nconst checkItemAccess = async ({\n item,\n permissions,\n req,\n}: {\n item: MCPItem\n permissions?: SanitizedPermissions\n req: PayloadRequest\n}): Promise<boolean> => {\n switch (item.type) {\n case 'collectionTool':\n return (\n !item.tool.access ||\n (await item.tool.access({ collectionSlug: item.collectionSlug, permissions, req }))\n )\n case 'globalTool':\n return (\n !item.tool.access ||\n (await item.tool.access({ globalSlug: item.globalSlug, permissions, req }))\n )\n case 'prompt':\n return !item.prompt.access || (await item.prompt.access({ permissions, req }))\n case 'resource':\n return !item.resource.access || (await item.resource.access({ permissions, req }))\n case 'tool':\n return !item.tool.access || (await item.tool.access({ permissions, req }))\n }\n}\n"],"names":["getAccessResults","UnauthorizedError","getPluginConfig","getAuthorizedMCP","overrideAccess","req","pluginConfig","config","payload","overrideGetAuthorizedMCP","headers","Headers","hasAuthorization","has","set","user","auth","t","items","filterMCPItems","authorizedItems","permissions","item","checkItemAccess","push","type","tool","access","collectionSlug","globalSlug","prompt","resource"],"mappings":"AAEA,SAASA,gBAAgB,EAAEC,iBAAiB,QAAQ,UAAS;AAI7D,SAASC,eAAe,QAAQ,8BAA6B;AAO7D;;;;;;;;CAQC,GACD,OAAO,MAAMC,mBAA2E,OAAO,EAC7FC,cAAc,EACdC,GAAG,EACJ;IACC,MAAMC,eAAeJ,gBAAgB;QAAEK,QAAQF,IAAIG,OAAO,CAACD,MAAM;IAAC;IAElE,IAAID,aAAaG,wBAAwB,EAAE;QACzC,OAAO,MAAMH,aAAaG,wBAAwB,CAAC;YACjDL;YACAE;YACAD;QACF;IACF;IAEA,IAAIA,IAAIK,OAAO,EAAE;QACf,MAAMA,UAAU,IAAIC,QAAQN,IAAIK,OAAO;QACvC,MAAME,mBAAmBF,QAAQG,GAAG,CAAC;QAErCH,QAAQI,GAAG,CAAC,oBAAoB;QAChCT,IAAIU,IAAI,GAAG,AAAC,CAAA,MAAMV,IAAIG,OAAO,CAACQ,IAAI,CAAC;YAAEN;YAASL;QAAI,EAAC,EAAGU,IAAI;QAE1D,IAAIH,oBAAoB,CAACP,IAAIU,IAAI,EAAE;YACjC,MAAM,IAAId,kBAAkBI,IAAIY,CAAC;QACnC;IACF;IAEA,OAAO;QACLC,OAAO,MAAMC,eAAe;YAC1BD,OAAOZ,aAAaY,KAAK;YACzBd;YACAC;QACF;QACAD;QACAW,MAAMV,IAAIU,IAAI;IAChB;AACF,EAAC;AAED,OAAO,MAAMI,iBAAiB,OAAO,EACnCD,KAAK,EACLd,cAAc,EACdC,GAAG,EAKJ;IACC,2EAA2E;IAC3E,+CAA+C;IAC/C,IAAID,gBAAgB;QAClB,OAAOc;IACT;IAEA,MAAME,kBAA6B,EAAE;IAErC,MAAMC,cAAc,MAAMrB,iBAAiB;QAAEK;IAAI;IAEjD,KAAK,MAAMiB,QAAQJ,MAAO;QACxB,IAAI,CAAE,MAAMK,gBAAgB;YAAED;YAAMD;YAAahB;QAAI,IAAK;YACxD;QACF;QACAe,gBAAgBI,IAAI,CAACF;IACvB;IAEA,OAAOF;AACT,EAAC;AAED;;CAEC,GACD,MAAMG,kBAAkB,OAAO,EAC7BD,IAAI,EACJD,WAAW,EACXhB,GAAG,EAKJ;IACC,OAAQiB,KAAKG,IAAI;QACf,KAAK;YACH,OACE,CAACH,KAAKI,IAAI,CAACC,MAAM,IAChB,MAAML,KAAKI,IAAI,CAACC,MAAM,CAAC;gBAAEC,gBAAgBN,KAAKM,cAAc;gBAAEP;gBAAahB;YAAI;QAEpF,KAAK;YACH,OACE,CAACiB,KAAKI,IAAI,CAACC,MAAM,IAChB,MAAML,KAAKI,IAAI,CAACC,MAAM,CAAC;gBAAEE,YAAYP,KAAKO,UAAU;gBAAER;gBAAahB;YAAI;QAE5E,KAAK;YACH,OAAO,CAACiB,KAAKQ,MAAM,CAACH,MAAM,IAAK,MAAML,KAAKQ,MAAM,CAACH,MAAM,CAAC;gBAAEN;gBAAahB;YAAI;QAC7E,KAAK;YACH,OAAO,CAACiB,KAAKS,QAAQ,CAACJ,MAAM,IAAK,MAAML,KAAKS,QAAQ,CAACJ,MAAM,CAAC;gBAAEN;gBAAahB;YAAI;QACjF,KAAK;YACH,OAAO,CAACiB,KAAKI,IAAI,CAACC,MAAM,IAAK,MAAML,KAAKI,IAAI,CAACC,MAAM,CAAC;gBAAEN;gBAAahB;YAAI;IAC3E;AACF"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/endpoint/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAY,KAAK,cAAc,EAAE,MAAM,SAAS,CAAA;AAMvD,eAAO,MAAM,WAAW,EAAE,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/endpoint/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAY,KAAK,cAAc,EAAE,MAAM,SAAS,CAAA;AAMvD,eAAO,MAAM,WAAW,EAAE,cAwCzB,CAAA"}
|
package/dist/endpoint/index.js
CHANGED
|
@@ -11,7 +11,18 @@ export const mcpEndpoint = async (req)=>{
|
|
|
11
11
|
const pluginConfig = getPluginConfig({
|
|
12
12
|
config: req.payload.config
|
|
13
13
|
});
|
|
14
|
+
const overrideAccessParam = new URL(req.url).searchParams.get('overrideAccess');
|
|
15
|
+
if (overrideAccessParam !== null && process.env.NODE_ENV !== 'development') {
|
|
16
|
+
throw new APIError('MCP overrideAccess is only available in development.', 400);
|
|
17
|
+
}
|
|
18
|
+
let overrideAccess = false;
|
|
19
|
+
if (overrideAccessParam === 'true') {
|
|
20
|
+
overrideAccess = true;
|
|
21
|
+
} else if (overrideAccessParam !== null && overrideAccessParam !== 'false') {
|
|
22
|
+
throw new APIError('MCP overrideAccess must be "true" or "false".', 400);
|
|
23
|
+
}
|
|
14
24
|
const authorizedMCP = await getAuthorizedMCP({
|
|
25
|
+
overrideAccess,
|
|
15
26
|
req
|
|
16
27
|
});
|
|
17
28
|
const server = buildMcpServer({
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../src/endpoint/index.ts"],"sourcesContent":["import { WebStandardStreamableHTTPServerTransport } from '@modelcontextprotocol/server'\nimport { APIError, type PayloadHandler } from 'payload'\n\nimport { buildMcpServer } from '../mcp/buildMcpServer.js'\nimport { getPluginConfig } from '../utils/getPluginConfig.js'\nimport { getAuthorizedMCP } from './access.js'\n\nexport const mcpEndpoint: PayloadHandler = async (req) => {\n if (!req.url) {\n throw new APIError('Missing request URL', 400)\n }\n\n req.payloadAPI = 'MCP' as const\n\n const pluginConfig = getPluginConfig({ config: req.payload.config })\n const authorizedMCP = await getAuthorizedMCP({ req })\n\n const server = buildMcpServer({ authorizedMCP, pluginConfig, req })\n\n const transport = new WebStandardStreamableHTTPServerTransport({\n enableJsonResponse: true,\n sessionIdGenerator: undefined, // stateless mode\n })\n\n await server.connect(transport)\n\n const mcpRequest = new Request(req.url, {\n body: req.body,\n duplex: 'half',\n headers: req.headers,\n method: req.method,\n } as { duplex: 'half' } & RequestInit)\n\n return await transport.handleRequest(mcpRequest)\n}\n"],"names":["WebStandardStreamableHTTPServerTransport","APIError","buildMcpServer","getPluginConfig","getAuthorizedMCP","mcpEndpoint","req","url","payloadAPI","pluginConfig","config","payload","authorizedMCP","server","transport","enableJsonResponse","sessionIdGenerator","undefined","connect","mcpRequest","Request","body","duplex","headers","method","handleRequest"],"mappings":"AAAA,SAASA,wCAAwC,QAAQ,+BAA8B;AACvF,SAASC,QAAQ,QAA6B,UAAS;AAEvD,SAASC,cAAc,QAAQ,2BAA0B;AACzD,SAASC,eAAe,QAAQ,8BAA6B;AAC7D,SAASC,gBAAgB,QAAQ,cAAa;AAE9C,OAAO,MAAMC,cAA8B,OAAOC;IAChD,IAAI,CAACA,IAAIC,GAAG,EAAE;QACZ,MAAM,IAAIN,SAAS,uBAAuB;IAC5C;IAEAK,IAAIE,UAAU,GAAG;IAEjB,MAAMC,eAAeN,gBAAgB;QAAEO,QAAQJ,IAAIK,OAAO,CAACD,MAAM;IAAC;IAClE,MAAME,gBAAgB,
|
|
1
|
+
{"version":3,"sources":["../../src/endpoint/index.ts"],"sourcesContent":["import { WebStandardStreamableHTTPServerTransport } from '@modelcontextprotocol/server'\nimport { APIError, type PayloadHandler } from 'payload'\n\nimport { buildMcpServer } from '../mcp/buildMcpServer.js'\nimport { getPluginConfig } from '../utils/getPluginConfig.js'\nimport { getAuthorizedMCP } from './access.js'\n\nexport const mcpEndpoint: PayloadHandler = async (req) => {\n if (!req.url) {\n throw new APIError('Missing request URL', 400)\n }\n\n req.payloadAPI = 'MCP' as const\n\n const pluginConfig = getPluginConfig({ config: req.payload.config })\n const overrideAccessParam = new URL(req.url).searchParams.get('overrideAccess')\n\n if (overrideAccessParam !== null && process.env.NODE_ENV !== 'development') {\n throw new APIError('MCP overrideAccess is only available in development.', 400)\n }\n\n let overrideAccess = false\n if (overrideAccessParam === 'true') {\n overrideAccess = true\n } else if (overrideAccessParam !== null && overrideAccessParam !== 'false') {\n throw new APIError('MCP overrideAccess must be \"true\" or \"false\".', 400)\n }\n\n const authorizedMCP = await getAuthorizedMCP({ overrideAccess, req })\n\n const server = buildMcpServer({ authorizedMCP, pluginConfig, req })\n\n const transport = new WebStandardStreamableHTTPServerTransport({\n enableJsonResponse: true,\n sessionIdGenerator: undefined, // stateless mode\n })\n\n await server.connect(transport)\n\n const mcpRequest = new Request(req.url, {\n body: req.body,\n duplex: 'half',\n headers: req.headers,\n method: req.method,\n } as { duplex: 'half' } & RequestInit)\n\n return await transport.handleRequest(mcpRequest)\n}\n"],"names":["WebStandardStreamableHTTPServerTransport","APIError","buildMcpServer","getPluginConfig","getAuthorizedMCP","mcpEndpoint","req","url","payloadAPI","pluginConfig","config","payload","overrideAccessParam","URL","searchParams","get","process","env","NODE_ENV","overrideAccess","authorizedMCP","server","transport","enableJsonResponse","sessionIdGenerator","undefined","connect","mcpRequest","Request","body","duplex","headers","method","handleRequest"],"mappings":"AAAA,SAASA,wCAAwC,QAAQ,+BAA8B;AACvF,SAASC,QAAQ,QAA6B,UAAS;AAEvD,SAASC,cAAc,QAAQ,2BAA0B;AACzD,SAASC,eAAe,QAAQ,8BAA6B;AAC7D,SAASC,gBAAgB,QAAQ,cAAa;AAE9C,OAAO,MAAMC,cAA8B,OAAOC;IAChD,IAAI,CAACA,IAAIC,GAAG,EAAE;QACZ,MAAM,IAAIN,SAAS,uBAAuB;IAC5C;IAEAK,IAAIE,UAAU,GAAG;IAEjB,MAAMC,eAAeN,gBAAgB;QAAEO,QAAQJ,IAAIK,OAAO,CAACD,MAAM;IAAC;IAClE,MAAME,sBAAsB,IAAIC,IAAIP,IAAIC,GAAG,EAAEO,YAAY,CAACC,GAAG,CAAC;IAE9D,IAAIH,wBAAwB,QAAQI,QAAQC,GAAG,CAACC,QAAQ,KAAK,eAAe;QAC1E,MAAM,IAAIjB,SAAS,wDAAwD;IAC7E;IAEA,IAAIkB,iBAAiB;IACrB,IAAIP,wBAAwB,QAAQ;QAClCO,iBAAiB;IACnB,OAAO,IAAIP,wBAAwB,QAAQA,wBAAwB,SAAS;QAC1E,MAAM,IAAIX,SAAS,iDAAiD;IACtE;IAEA,MAAMmB,gBAAgB,MAAMhB,iBAAiB;QAAEe;QAAgBb;IAAI;IAEnE,MAAMe,SAASnB,eAAe;QAAEkB;QAAeX;QAAcH;IAAI;IAEjE,MAAMgB,YAAY,IAAItB,yCAAyC;QAC7DuB,oBAAoB;QACpBC,oBAAoBC;IACtB;IAEA,MAAMJ,OAAOK,OAAO,CAACJ;IAErB,MAAMK,aAAa,IAAIC,QAAQtB,IAAIC,GAAG,EAAE;QACtCsB,MAAMvB,IAAIuB,IAAI;QACdC,QAAQ;QACRC,SAASzB,IAAIyB,OAAO;QACpBC,QAAQ1B,IAAI0B,MAAM;IACpB;IAEA,OAAO,MAAMV,UAAUW,aAAa,CAACN;AACvC,EAAC"}
|
package/dist/exports/client.d.ts
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
export {
|
|
1
|
+
export {};
|
|
2
2
|
//# sourceMappingURL=client.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../src/exports/client.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../src/exports/client.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,CAAA"}
|
package/dist/exports/client.js
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../src/exports/client.ts"],"sourcesContent":["'use client'\nexport {
|
|
1
|
+
{"version":3,"sources":["../../src/exports/client.ts"],"sourcesContent":["'use client'\n\nexport {}\n"],"names":[],"mappings":"AAAA;AAEA,WAAS"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"internal.d.ts","sourceRoot":"","sources":["../../src/exports/internal.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAA"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../../src/exports/internal.ts"],"sourcesContent":["export { filterMCPItems, getAuthorizedMCP } from '../endpoint/access.js'\n"],"names":["filterMCPItems","getAuthorizedMCP"],"mappings":"AAAA,SAASA,cAAc,EAAEC,gBAAgB,QAAQ,wBAAuB"}
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,aAAa,EAAE,eAAe,EAAE,wBAAwB,EAAE,MAAM,YAAY,CAAA;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,aAAa,EAAE,eAAe,EAAE,wBAAwB,EAAE,MAAM,YAAY,CAAA;AAK1F,OAAO,QAAQ,SAAS,CAAC;IACvB,UAAiB,cAAc;QAC7B,UAAU,EAAE,SAAS,GAAG,OAAO,GAAG,KAAK,GAAG,MAAM,CAAA;KACjD;IACD,UAAU,iBAAiB;QACzB,uFAAuF;QACvF,wBAAwB,EAAE,eAAe,CAAA;KAC1C;CACF;AAED,YAAY,EAAE,aAAa,EAAE,eAAe,EAAE,wBAAwB,EAAE,CAAA;AAExE,OAAO,EAAE,oBAAoB,EAAE,gBAAgB,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAA;AAElG,eAAO,MAAM,SAAS,wDAiCpB,CAAA"}
|
package/dist/index.js
CHANGED
|
@@ -1,5 +1,4 @@
|
|
|
1
|
-
import {
|
|
2
|
-
import { getAPIKeysCollection } from './collection/index.js';
|
|
1
|
+
import { definePlugin } from 'payload';
|
|
3
2
|
import { mcpEndpoint } from './endpoint/index.js';
|
|
4
3
|
import { sanitizeMCPConfig } from './mcp/sanitizeMCPConfig.js';
|
|
5
4
|
export { defineCollectionTool, defineGlobalTool, definePrompt, defineTool } from './defineTool.js';
|
|
@@ -7,16 +6,6 @@ export const mcpPlugin = definePlugin({
|
|
|
7
6
|
slug: '@payloadcms/plugin-mcp',
|
|
8
7
|
order: 10,
|
|
9
8
|
plugin: ({ config, plugins, ...rawConfig })=>{
|
|
10
|
-
// Our `payload-mcp-api-keys` is auth-enabled; if it'd be the only auth
|
|
11
|
-
// collection, Payload's later sanitize would pick it as `admin.user`.
|
|
12
|
-
// Pre-seed the default user collection to prevent that.
|
|
13
|
-
if (!config.admin?.user) {
|
|
14
|
-
const firstCollectionWithAuth = (config.collections ?? []).find(({ auth })=>Boolean(auth));
|
|
15
|
-
if (!firstCollectionWithAuth) {
|
|
16
|
-
;
|
|
17
|
-
(config.collections ??= []).push(defaultUserCollection);
|
|
18
|
-
}
|
|
19
|
-
}
|
|
20
9
|
const pluginConfig = sanitizeMCPConfig({
|
|
21
10
|
config,
|
|
22
11
|
pluginConfig: rawConfig
|
|
@@ -27,12 +16,6 @@ export const mcpPlugin = definePlugin({
|
|
|
27
16
|
// @ts-expect-error
|
|
28
17
|
registered.sanitizedOptions = pluginConfig;
|
|
29
18
|
}
|
|
30
|
-
;
|
|
31
|
-
(config.collections ??= []).push(getAPIKeysCollection({
|
|
32
|
-
pluginConfig
|
|
33
|
-
}));
|
|
34
|
-
// Keep the API-keys collection registered even when disabled, so DB schema
|
|
35
|
-
// and generated types don't drift between enabled/disabled environments.
|
|
36
19
|
if (pluginConfig.disabled) {
|
|
37
20
|
return config;
|
|
38
21
|
}
|
|
@@ -45,6 +28,18 @@ export const mcpPlugin = definePlugin({
|
|
|
45
28
|
handler: mcpEndpoint,
|
|
46
29
|
method: 'post',
|
|
47
30
|
path: '/mcp'
|
|
31
|
+
},
|
|
32
|
+
// Streamable HTTP's optional server=>client GET stream. We don't offer
|
|
33
|
+
// one, so answer 405 per spec-— clients then skip it cleanly
|
|
34
|
+
{
|
|
35
|
+
handler: ()=>new Response(null, {
|
|
36
|
+
headers: {
|
|
37
|
+
Allow: 'POST'
|
|
38
|
+
},
|
|
39
|
+
status: 405
|
|
40
|
+
}),
|
|
41
|
+
method: 'get',
|
|
42
|
+
path: '/mcp'
|
|
48
43
|
}
|
|
49
44
|
]
|
|
50
45
|
};
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/index.ts"],"sourcesContent":["import {
|
|
1
|
+
{"version":3,"sources":["../src/index.ts"],"sourcesContent":["import { definePlugin } from 'payload'\n\nimport type { AuthorizedMCP, MCPPluginConfig, SanitizedMCPPluginConfig } from './types.js'\n\nimport { mcpEndpoint } from './endpoint/index.js'\nimport { sanitizeMCPConfig } from './mcp/sanitizeMCPConfig.js'\n\ndeclare module 'payload' {\n export interface PayloadRequest {\n payloadAPI: 'GraphQL' | 'local' | 'MCP' | 'REST'\n }\n interface RegisteredPlugins {\n /** After the plugin's `plugin` callback runs, `options` holds the sanitized config. */\n '@payloadcms/plugin-mcp': MCPPluginConfig\n }\n}\n\nexport type { AuthorizedMCP, MCPPluginConfig, SanitizedMCPPluginConfig }\n\nexport { defineCollectionTool, defineGlobalTool, definePrompt, defineTool } from './defineTool.js'\n\nexport const mcpPlugin = definePlugin<MCPPluginConfig>({\n slug: '@payloadcms/plugin-mcp',\n order: 10,\n plugin: ({ config, plugins, ...rawConfig }) => {\n const pluginConfig = sanitizeMCPConfig({ config, pluginConfig: rawConfig })\n\n // Stash the sanitized config on plugin options so `getPluginConfig()` reads it.\n const registered = plugins['@payloadcms/plugin-mcp']\n if (registered) {\n // @ts-expect-error\n registered.sanitizedOptions = pluginConfig as unknown as typeof registered.options\n }\n\n if (pluginConfig.disabled) {\n return config\n }\n\n return {\n ...config,\n endpoints: [\n ...(config.endpoints ?? []),\n // Payload prefixes /api, so the full path is /api/mcp.\n { handler: mcpEndpoint, method: 'post', path: '/mcp' },\n // Streamable HTTP's optional server=>client GET stream. We don't offer\n // one, so answer 405 per spec-— clients then skip it cleanly\n {\n handler: () => new Response(null, { headers: { Allow: 'POST' }, status: 405 }),\n method: 'get',\n path: '/mcp',\n },\n ],\n }\n },\n})\n"],"names":["definePlugin","mcpEndpoint","sanitizeMCPConfig","defineCollectionTool","defineGlobalTool","definePrompt","defineTool","mcpPlugin","slug","order","plugin","config","plugins","rawConfig","pluginConfig","registered","sanitizedOptions","disabled","endpoints","handler","method","path","Response","headers","Allow","status"],"mappings":"AAAA,SAASA,YAAY,QAAQ,UAAS;AAItC,SAASC,WAAW,QAAQ,sBAAqB;AACjD,SAASC,iBAAiB,QAAQ,6BAA4B;AAc9D,SAASC,oBAAoB,EAAEC,gBAAgB,EAAEC,YAAY,EAAEC,UAAU,QAAQ,kBAAiB;AAElG,OAAO,MAAMC,YAAYP,aAA8B;IACrDQ,MAAM;IACNC,OAAO;IACPC,QAAQ,CAAC,EAAEC,MAAM,EAAEC,OAAO,EAAE,GAAGC,WAAW;QACxC,MAAMC,eAAeZ,kBAAkB;YAAES;YAAQG,cAAcD;QAAU;QAEzE,gFAAgF;QAChF,MAAME,aAAaH,OAAO,CAAC,yBAAyB;QACpD,IAAIG,YAAY;YACd,mBAAmB;YACnBA,WAAWC,gBAAgB,GAAGF;QAChC;QAEA,IAAIA,aAAaG,QAAQ,EAAE;YACzB,OAAON;QACT;QAEA,OAAO;YACL,GAAGA,MAAM;YACTO,WAAW;mBACLP,OAAOO,SAAS,IAAI,EAAE;gBAC1B,uDAAuD;gBACvD;oBAAEC,SAASlB;oBAAamB,QAAQ;oBAAQC,MAAM;gBAAO;gBACrD,uEAAuE;gBACvE,6DAA6D;gBAC7D;oBACEF,SAAS,IAAM,IAAIG,SAAS,MAAM;4BAAEC,SAAS;gCAAEC,OAAO;4BAAO;4BAAGC,QAAQ;wBAAI;oBAC5EL,QAAQ;oBACRC,MAAM;gBACR;aACD;QACH;IACF;AACF,GAAE"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"buildMcpServer.d.ts","sourceRoot":"","sources":["../../src/mcp/buildMcpServer.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAsB,MAAM,8BAA8B,CAAA;AAC5E,OAAO,
|
|
1
|
+
{"version":3,"file":"buildMcpServer.d.ts","sourceRoot":"","sources":["../../src/mcp/buildMcpServer.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAsB,MAAM,8BAA8B,CAAA;AAC5E,OAAO,EAAY,KAAK,cAAc,EAAE,MAAM,SAAS,CAAA;AAGvD,OAAO,KAAK,EACV,aAAa,EAMb,wBAAwB,EAEzB,MAAM,aAAa,CAAA;AAKpB;;;;;;;;;GASG;AACH,eAAO,MAAM,cAAc,GAAI,uCAI5B;IACD,aAAa,EAAE,aAAa,CAAA;IAC5B,YAAY,EAAE,wBAAwB,CAAA;IACtC,GAAG,EAAE,cAAc,CAAA;CACpB,KAAG,SA8LH,CAAA"}
|