@phake/mcp 0.0.1

package/dist/mcp-server.d.ts

@@ -0,0 +1,18 @@
+/**
+ * MCP Server factory.
+ * Creates a configured server for different runtimes.
+ */
+import type { SharedToolDefinition } from "./shared/tools/types.js";
+export interface MCPServerOptions {
+    /** Runtime adapter: 'worker' (Cloudflare Workers) or 'node' (Hono/Node.js) */
+    adapter: "worker" | "node";
+    /** Array of tools to register */
+    tools?: SharedToolDefinition<any>[];
+}
+export interface MCPServer {
+    fetch: (request: Request, env: unknown) => Promise<Response>;
+}
+/**
+ * Create an MCP server instance.
+ */
+export declare function createMCPServer(options: MCPServerOptions): MCPServer;

package/dist/runtime/node/capabilities.d.ts

@@ -0,0 +1,2 @@
+import type { ServerCapabilities } from "@modelcontextprotocol/sdk/types.js";
+export declare function buildCapabilities(): ServerCapabilities;

package/dist/runtime/node/context.d.ts

@@ -0,0 +1,29 @@
+import { AsyncLocalStorage } from "node:async_hooks";
+import type { RequestContext } from "../../shared/types/context.js";
+import type { CancellationToken } from "../../shared/utils/cancellation.js";
+export declare const authContextStorage: AsyncLocalStorage<RequestContext>;
+export declare function getCurrentAuthContext(): RequestContext | undefined;
+declare class ContextRegistry {
+    private contexts;
+    create(requestId: string | number, sessionId?: string, authData?: {
+        authStrategy?: RequestContext["authStrategy"];
+        authHeaders?: RequestContext["authHeaders"];
+        resolvedHeaders?: RequestContext["resolvedHeaders"];
+        rsToken?: string;
+        providerToken?: string;
+        provider?: RequestContext["provider"];
+        serviceToken?: string;
+    }): RequestContext;
+    get(requestId: string | number): RequestContext | undefined;
+    getCancellationToken(requestId: string | number): CancellationToken | undefined;
+    cancel(requestId: string | number, _reason?: string): boolean;
+    delete(requestId: string | number): boolean;
+    deleteBySession(sessionId: string): number;
+    get size(): number;
+    cleanupExpired(maxAgeMs?: number): number;
+    clear(): void;
+}
+export declare const contextRegistry: ContextRegistry;
+export declare function startContextCleanup(intervalMs?: number, maxAgeMs?: number): void;
+export declare function stopContextCleanup(): void;
+export {};

package/dist/runtime/node/index.d.ts

@@ -0,0 +1,5 @@
+export * from "./capabilities.js";
+export * from "./context.js";
+export * from "./mcp.js";
+export * from "./storage/file.js";
+export * from "./storage/sqlite.js";

package/dist/runtime/node/index.js

@@ -0,0 +1,27 @@
+// @bun
+import {
+  FileTokenStore,
+  SqliteSessionStore,
+  buildServer,
+  sessions
+} from "../../index-1zyem3xr.js";
+import {
+  authContextStorage,
+  buildCapabilities,
+  contextRegistry,
+  getCurrentAuthContext,
+  startContextCleanup,
+  stopContextCleanup
+} from "../../index-4f4xvtt9.js";
+export {
+  stopContextCleanup,
+  startContextCleanup,
+  sessions,
+  getCurrentAuthContext,
+  contextRegistry,
+  buildServer,
+  buildCapabilities,
+  authContextStorage,
+  SqliteSessionStore,
+  FileTokenStore
+};

package/dist/runtime/node/mcp.d.ts

@@ -0,0 +1,28 @@
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+import { type ContextResolver } from "../../shared/tools/registry.js";
+export interface ServerOptions {
+    name: string;
+    version: string;
+    instructions?: string;
+    /** Instructions fallback if not provided */
+    defaultInstructions?: string;
+    /**
+     * Called when initialization is complete (after client sends notifications/initialized).
+     * Per review finding #3: This fires AFTER transport.onsessioninitialized.
+     *
+     * Guaranteed ordering:
+     * 1. transport.onsessioninitialized(sid) - session ID assigned
+     * 2. server.oninitialized() - client confirmed ready
+     *
+     * At this point, you can safely:
+     * - Access client capabilities via server.server.getClientCapabilities()
+     * - Send server→client requests (sampling, elicitation, roots)
+     */
+    oninitialized?: () => void;
+    /**
+     * Optional resolver to look up auth context by requestId.
+     * Required for tools to receive authentication data.
+     */
+    contextResolver?: ContextResolver;
+}
+export declare function buildServer(options: ServerOptions): McpServer;

package/dist/runtime/node/storage/file.d.ts

@@ -0,0 +1,44 @@
+import type { ProviderTokens, RsRecord, TokenStore, Transaction } from "../../../shared/storage/interface.js";
+export declare class FileTokenStore implements TokenStore {
+    private memory;
+    private persistPath;
+    private encryptor;
+    private saveDebounceTimer;
+    private pendingSave;
+    /**
+     * Create a file-backed token store.
+     *
+     * @param persistPath - Path to the JSON file for persistence
+     * @param encryptionKey - Base64url-encoded 32-byte key for AES-256-GCM encryption
+     */
+    constructor(persistPath?: string, encryptionKey?: string);
+    private loadAsync;
+    private scheduleSave;
+    private saveAsync;
+    storeRsMapping(rsAccess: string, provider: ProviderTokens, rsRefresh?: string): Promise<RsRecord>;
+    getByRsAccess(rsAccess: string): Promise<RsRecord | null>;
+    getByRsRefresh(rsRefresh: string): Promise<RsRecord | null>;
+    updateByRsRefresh(rsRefresh: string, provider: ProviderTokens, maybeNewRsAccess?: string): Promise<RsRecord | null>;
+    saveTransaction(txnId: string, txn: Transaction, ttlSeconds?: number): Promise<void>;
+    getTransaction(txnId: string): Promise<Transaction | null>;
+    deleteTransaction(txnId: string): Promise<void>;
+    saveCode(code: string, txnId: string, ttlSeconds?: number): Promise<void>;
+    getTxnIdByCode(code: string): Promise<string | null>;
+    deleteCode(code: string): Promise<void>;
+    /**
+     * Force immediate save (useful before shutdown).
+     */
+    flush(): Promise<void>;
+    /**
+     * Stop cleanup intervals.
+     */
+    stopCleanup(): void;
+    /**
+     * Get store statistics.
+     */
+    getStats(): {
+        rsTokens: number;
+        transactions: number;
+        codes: number;
+    };
+}

package/dist/runtime/node/storage/sqlite.d.ts

@@ -0,0 +1,213 @@
+import type { SessionRecord, SessionStore } from "../../../shared/storage/interface.js";
+export declare const sessions: import("drizzle-orm/sqlite-core").SQLiteTableWithColumns<{
+    name: "sessions";
+    schema: undefined;
+    columns: {
+        sessionId: import("drizzle-orm/sqlite-core").SQLiteColumn<{
+            name: "session_id";
+            tableName: "sessions";
+            dataType: "string";
+            columnType: "SQLiteText";
+            data: string;
+            driverParam: string;
+            notNull: true;
+            hasDefault: false;
+            isPrimaryKey: true;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: [string, ...string[]];
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {
+            length: number | undefined;
+        }>;
+        apiKey: import("drizzle-orm/sqlite-core").SQLiteColumn<{
+            name: "api_key";
+            tableName: "sessions";
+            dataType: "string";
+            columnType: "SQLiteText";
+            data: string;
+            driverParam: string;
+            notNull: false;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: [string, ...string[]];
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {
+            length: number | undefined;
+        }>;
+        rsAccessToken: import("drizzle-orm/sqlite-core").SQLiteColumn<{
+            name: "rs_access_token";
+            tableName: "sessions";
+            dataType: "string";
+            columnType: "SQLiteText";
+            data: string;
+            driverParam: string;
+            notNull: false;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: [string, ...string[]];
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {
+            length: number | undefined;
+        }>;
+        rsRefreshToken: import("drizzle-orm/sqlite-core").SQLiteColumn<{
+            name: "rs_refresh_token";
+            tableName: "sessions";
+            dataType: "string";
+            columnType: "SQLiteText";
+            data: string;
+            driverParam: string;
+            notNull: false;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: [string, ...string[]];
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {
+            length: number | undefined;
+        }>;
+        providerJson: import("drizzle-orm/sqlite-core").SQLiteColumn<{
+            name: "provider_json";
+            tableName: "sessions";
+            dataType: "string";
+            columnType: "SQLiteText";
+            data: string;
+            driverParam: string;
+            notNull: false;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: [string, ...string[]];
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {
+            length: number | undefined;
+        }>;
+        createdAt: import("drizzle-orm/sqlite-core").SQLiteColumn<{
+            name: "created_at";
+            tableName: "sessions";
+            dataType: "number";
+            columnType: "SQLiteInteger";
+            data: number;
+            driverParam: number;
+            notNull: true;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: undefined;
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {}>;
+        lastAccessed: import("drizzle-orm/sqlite-core").SQLiteColumn<{
+            name: "last_accessed";
+            tableName: "sessions";
+            dataType: "number";
+            columnType: "SQLiteInteger";
+            data: number;
+            driverParam: number;
+            notNull: true;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: undefined;
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {}>;
+        initialized: import("drizzle-orm/sqlite-core").SQLiteColumn<{
+            name: "initialized";
+            tableName: "sessions";
+            dataType: "number";
+            columnType: "SQLiteInteger";
+            data: number;
+            driverParam: number;
+            notNull: false;
+            hasDefault: true;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: undefined;
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {}>;
+        protocolVersion: import("drizzle-orm/sqlite-core").SQLiteColumn<{
+            name: "protocol_version";
+            tableName: "sessions";
+            dataType: "string";
+            columnType: "SQLiteText";
+            data: string;
+            driverParam: string;
+            notNull: false;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: [string, ...string[]];
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {
+            length: number | undefined;
+        }>;
+    };
+    dialect: "sqlite";
+}>;
+export type SessionRow = typeof sessions.$inferSelect;
+/**
+ * SQLite-based session store using Drizzle ORM.
+ * Provides persistent session storage with multi-tenant support.
+ */
+export declare class SqliteSessionStore implements SessionStore {
+    private db;
+    private sqlite;
+    private createSessionTxn;
+    constructor(dbPath?: string);
+    private initSchema;
+    create(sessionId: string, apiKey: string): Promise<SessionRecord>;
+    get(sessionId: string): Promise<SessionRecord | null>;
+    update(sessionId: string, data: Partial<SessionRecord>): Promise<void>;
+    delete(sessionId: string): Promise<void>;
+    getByApiKey(apiKey: string): Promise<SessionRecord[]>;
+    countByApiKey(apiKey: string): Promise<number>;
+    deleteOldestByApiKey(apiKey: string): Promise<void>;
+    ensure(sessionId: string): Promise<void>;
+    put(sessionId: string, value: SessionRecord): Promise<void>;
+    /**
+     * Close the database connection.
+     * Call this on graceful shutdown.
+     */
+    close(): void;
+    /**
+     * Clean up expired sessions (older than TTL).
+     * Call periodically or on startup.
+     *
+     * @param ttlMs - Time-to-live in milliseconds (default: 24 hours)
+     * @returns Number of deleted sessions
+     */
+    cleanup(ttlMs?: number): Promise<number>;
+    /**
+     * Get store statistics for monitoring/debugging.
+     */
+    getStats(): Promise<{
+        sessions: number;
+    }>;
+}

package/dist/runtime/worker/index.d.ts

@@ -0,0 +1 @@
+export * from "../../adapters/http-worker/index.js";

package/dist/runtime/worker/index.js

@@ -0,0 +1,12 @@
+// @bun
+import {
+  createWorkerRouter,
+  initializeWorkerStorage,
+  shimProcessEnv
+} from "../../index-sbqy8kgq.js";
+import"../../index-4f4xvtt9.js";
+export {
+  shimProcessEnv,
+  initializeWorkerStorage,
+  createWorkerRouter
+};

package/dist/shared/auth/index.d.ts

@@ -0,0 +1 @@
+export * from "./strategy.js";

package/dist/shared/auth/strategy.d.ts

@@ -0,0 +1,71 @@
+import type { AuthStrategy } from "../types/auth.js";
+export type { AuthStrategy as AuthStrategyType } from "../types/auth.js";
+/**
+ * Resolved auth headers to inject into tool context.
+ */
+export interface ResolvedAuth {
+    /** Auth strategy used */
+    strategy: AuthStrategy;
+    /** Headers to pass to API calls */
+    headers: Record<string, string>;
+    /** Raw access token (if bearer/oauth) */
+    accessToken?: string;
+    /** Provider tokens (oauth only) */
+    provider?: {
+        accessToken: string;
+        refreshToken?: string;
+        expiresAt?: number;
+    };
+}
+/**
+ * Strategy configuration parsed from env.
+ */
+export interface AuthStrategyConfig {
+    type: AuthStrategy;
+    /** For api_key: header name (default: x-api-key) */
+    headerName?: string;
+    /** For api_key/bearer: the token/key value */
+    value?: string;
+    /** For custom: map of header name → value */
+    customHeaders?: Record<string, string>;
+}
+/**
+ * Parse auth strategy from config.
+ *
+ * Reads from:
+ * - AUTH_STRATEGY: 'oauth' | 'bearer' | 'api_key' | 'custom' | 'none'
+ * - API_KEY: The API key value (for api_key strategy)
+ * - API_KEY_HEADER: Header name (default: x-api-key)
+ * - BEARER_TOKEN: Static bearer token (for bearer strategy)
+ * - CUSTOM_HEADERS: "Header1:value1,Header2:value2" format
+ */
+export declare function parseAuthStrategy(env: Record<string, unknown>): AuthStrategyConfig;
+/**
+ * Build auth headers from strategy config.
+ * Used for non-OAuth strategies where headers are static.
+ */
+export declare function buildAuthHeaders(strategyConfig: AuthStrategyConfig): Record<string, string>;
+/**
+ * Resolve auth for a request.
+ *
+ * For OAuth: requires incoming RS token to be mapped
+ * For other strategies: uses static config values
+ */
+export declare function resolveStaticAuth(strategyConfig: AuthStrategyConfig): ResolvedAuth;
+/**
+ * Merge incoming request headers with strategy headers.
+ * Strategy headers take precedence (they're the "real" auth).
+ */
+export declare function mergeAuthHeaders(incoming: Record<string, string>, strategy: Record<string, string>): Record<string, string>;
+/**
+ * Check if auth strategy requires OAuth flow.
+ */
+export declare function isOAuthStrategy(config: AuthStrategyConfig): boolean;
+/**
+ * Check if auth strategy requires any authentication.
+ */
+export declare function requiresAuth(config: AuthStrategyConfig): boolean;
+/**
+ * Validate that required config values are present for the strategy.
+ */
+export declare function validateAuthConfig(config: AuthStrategyConfig): string[];

package/dist/shared/config/env.d.ts

@@ -0,0 +1,52 @@
+import type { AuthStrategyType } from "../auth/strategy.js";
+export type UnifiedConfig = {
+    HOST: string;
+    PORT: number;
+    NODE_ENV: "development" | "production" | "test";
+    MCP_TITLE: string;
+    MCP_INSTRUCTIONS: string;
+    MCP_VERSION: string;
+    MCP_PROTOCOL_VERSION: string;
+    MCP_ACCEPT_HEADERS: string[];
+    AUTH_STRATEGY: AuthStrategyType;
+    AUTH_ENABLED: boolean;
+    AUTH_REQUIRE_RS: boolean;
+    AUTH_ALLOW_DIRECT_BEARER: boolean;
+    AUTH_RESOURCE_URI?: string;
+    AUTH_DISCOVERY_URL?: string;
+    API_KEY?: string;
+    API_KEY_HEADER: string;
+    BEARER_TOKEN?: string;
+    CUSTOM_HEADERS?: string;
+    OAUTH_CLIENT_ID?: string;
+    OAUTH_CLIENT_SECRET?: string;
+    OAUTH_SCOPES: string;
+    OAUTH_AUTHORIZATION_URL?: string;
+    OAUTH_TOKEN_URL?: string;
+    OAUTH_REVOCATION_URL?: string;
+    OAUTH_REDIRECT_URI: string;
+    OAUTH_REDIRECT_ALLOWLIST: string[];
+    OAUTH_REDIRECT_ALLOW_ALL: boolean;
+    OAUTH_EXTRA_AUTH_PARAMS?: string;
+    CIMD_ENABLED: boolean;
+    CIMD_FETCH_TIMEOUT_MS: number;
+    CIMD_MAX_RESPONSE_BYTES: number;
+    /** Comma-separated list of allowed domains for CIMD client_ids */
+    CIMD_ALLOWED_DOMAINS: string[];
+    PROVIDER_CLIENT_ID?: string;
+    PROVIDER_CLIENT_SECRET?: string;
+    PROVIDER_API_URL?: string;
+    PROVIDER_ACCOUNTS_URL?: string;
+    BASE_URL?: string;
+    RS_TOKENS_FILE?: string;
+    /** Base64url-encoded 32-byte key for encrypting tokens at rest */
+    RS_TOKENS_ENC_KEY?: string;
+    RPS_LIMIT: number;
+    CONCURRENCY_LIMIT: number;
+    LOG_LEVEL: "debug" | "info" | "warning" | "error";
+};
+/**
+ * Parse environment variables into a unified config object
+ * Works for both process.env (Node.js) and Workers env bindings
+ */
+export declare function parseConfig(env: Record<string, unknown>): UnifiedConfig;

package/dist/shared/config/index.d.ts

@@ -0,0 +1,2 @@
+export type { UnifiedConfig } from "./env.js";
+export * from "./env.js";

package/dist/shared/config/metadata.d.ts

@@ -0,0 +1,5 @@
+export declare const serverMetadata: {
+    title: string;
+    version: string;
+    instructions: string;
+};

package/dist/shared/crypto/aes-gcm.d.ts

@@ -0,0 +1,37 @@
+/**
+ * AES-256-GCM encryption/decryption using Web Crypto API.
+ * Works in both Cloudflare Workers and Node.js 18+.
+ */
+/**
+ * Encrypt plaintext string using AES-256-GCM.
+ *
+ * @param plaintext - String to encrypt
+ * @param secret - Base64url-encoded 32-byte secret key
+ * @returns Base64url-encoded ciphertext (IV prepended)
+ */
+export declare function encrypt(plaintext: string, secret: string): Promise<string>;
+/**
+ * Decrypt ciphertext string using AES-256-GCM.
+ *
+ * @param ciphertext - Base64url-encoded ciphertext (IV prepended)
+ * @param secret - Base64url-encoded 32-byte secret key
+ * @returns Decrypted plaintext string
+ */
+export declare function decrypt(ciphertext: string, secret: string): Promise<string>;
+/**
+ * Generate a random 32-byte (256-bit) key suitable for AES-256.
+ * Returns base64url-encoded string.
+ */
+export declare function generateKey(): string;
+/**
+ * Encryptor interface for encrypt/decrypt operations.
+ */
+export interface Encryptor {
+    encrypt: (plaintext: string) => Promise<string>;
+    decrypt: (ciphertext: string) => Promise<string>;
+}
+/**
+ * Create encryption/decryption functions bound to a specific key.
+ * Useful for initializing KV stores and file stores.
+ */
+export declare function createEncryptor(secret: string): Encryptor;

package/dist/shared/crypto/index.d.ts

@@ -0,0 +1 @@
+export * from "./aes-gcm.js";

package/dist/shared/http/cors.d.ts

@@ -0,0 +1,20 @@
+export interface CorsOptions {
+    origin?: string;
+    methods?: string[];
+    headers?: string[];
+    credentials?: boolean;
+    maxAge?: number;
+}
+/**
+ * Apply CORS headers to a Response object.
+ * Works with both Node.js and Cloudflare Workers.
+ */
+export declare function withCors(response: Response, options?: CorsOptions): Response;
+/**
+ * Create a preflight (OPTIONS) response with CORS headers.
+ */
+export declare function corsPreflightResponse(options?: CorsOptions): Response;
+/**
+ * Build CORS headers object (for frameworks that need headers separately).
+ */
+export declare function buildCorsHeaders(options?: CorsOptions): Record<string, string>;

package/dist/shared/http/index.d.ts

@@ -0,0 +1,2 @@
+export * from "./cors.js";
+export * from "./response.js";

package/dist/shared/http/response.d.ts

@@ -0,0 +1,52 @@
+import { type CorsOptions } from "./cors.js";
+/**
+ * Create a JSON response with proper headers.
+ */
+export declare function jsonResponse(data: unknown, options?: {
+    status?: number;
+    headers?: Record<string, string>;
+    cors?: boolean | CorsOptions;
+}): Response;
+/**
+ * Create a JSON-RPC error response.
+ */
+export declare function jsonRpcError(code: number, message: string, id?: string | number | null, options?: {
+    status?: number;
+    cors?: boolean | CorsOptions;
+}): Response;
+/**
+ * Create a JSON-RPC success response.
+ */
+export declare function jsonRpcSuccess(result: unknown, id: string | number | null, options?: {
+    headers?: Record<string, string>;
+    cors?: boolean | CorsOptions;
+}): Response;
+/**
+ * Create a text error response.
+ */
+export declare function textError(message: string, options?: {
+    status?: number;
+    cors?: boolean | CorsOptions;
+}): Response;
+/**
+ * Create an OAuth error response.
+ */
+export declare function oauthError(error: string, description?: string, options?: {
+    status?: number;
+    cors?: boolean | CorsOptions;
+}): Response;
+/**
+ * Create a redirect response.
+ */
+export declare function redirectResponse(url: string, status?: 301 | 302 | 303 | 307 | 308): Response;
+/**
+ * Standard JSON-RPC error codes
+ */
+export declare const JsonRpcErrorCode: {
+    readonly ParseError: -32700;
+    readonly InvalidRequest: -32600;
+    readonly MethodNotFound: -32601;
+    readonly InvalidParams: -32602;
+    readonly InternalError: -32603;
+    readonly ServerError: -32000;
+};