@portel/photon 1.4.0 → 1.5.1

package/dist/serv/vault/token-vault.js

@@ -0,0 +1,177 @@
+/**
+ * Token Vault
+ *
+ * Secure encrypted storage for OAuth tokens with per-tenant encryption keys
+ * Uses AES-256-GCM for authenticated encryption
+ */
+import { createCipheriv, createDecipheriv, randomBytes, scryptSync } from 'crypto';
+// ============================================================================
+// Local Token Vault (Development/Single-Instance)
+// ============================================================================
+/**
+ * Simple token vault using derived keys from a master key
+ * Suitable for development or single-instance deployments
+ *
+ * For production multi-instance, use KmsTokenVault with AWS KMS/GCP KMS/HashiCorp Vault
+ */
+export class LocalTokenVault {
+    masterKey;
+    salt;
+    keyCache = new Map();
+    iterations;
+    constructor(config) {
+        if (config.masterKey.length < 32) {
+            throw new Error('Master key must be at least 32 characters');
+        }
+        this.masterKey = Buffer.from(config.masterKey, 'utf-8');
+        this.salt = Buffer.from(config.salt ?? 'serv-token-vault-salt', 'utf-8');
+        this.iterations = config.iterations ?? 100000;
+    }
+    async encrypt(tenantId, plaintext) {
+        const key = this.deriveKey(tenantId);
+        const iv = randomBytes(12); // 96 bits for GCM
+        const cipher = createCipheriv('aes-256-gcm', key, iv);
+        const encrypted = Buffer.concat([cipher.update(plaintext, 'utf-8'), cipher.final()]);
+        const authTag = cipher.getAuthTag();
+        // Format: base64(iv + authTag + ciphertext)
+        const result = Buffer.concat([iv, authTag, encrypted]);
+        return result.toString('base64');
+    }
+    async decrypt(tenantId, ciphertext) {
+        const key = this.deriveKey(tenantId);
+        const data = Buffer.from(ciphertext, 'base64');
+        // Extract components
+        const iv = data.subarray(0, 12);
+        const authTag = data.subarray(12, 28);
+        const encrypted = data.subarray(28);
+        const decipher = createDecipheriv('aes-256-gcm', key, iv);
+        decipher.setAuthTag(authTag);
+        const decrypted = Buffer.concat([decipher.update(encrypted), decipher.final()]);
+        return decrypted.toString('utf-8');
+    }
+    /**
+     * Derive a tenant-specific key from the master key
+     */
+    deriveKey(tenantId) {
+        const cacheKey = tenantId;
+        if (this.keyCache.has(cacheKey)) {
+            return this.keyCache.get(cacheKey);
+        }
+        // Derive a unique key for this tenant using scrypt
+        const tenantSalt = Buffer.concat([this.salt, Buffer.from(tenantId, 'utf-8')]);
+        const key = scryptSync(this.masterKey, tenantSalt, 32, {
+            N: 16384,
+            r: 8,
+            p: 1,
+        });
+        this.keyCache.set(cacheKey, key);
+        return key;
+    }
+    /**
+     * Clear the key cache (call after key rotation)
+     */
+    clearCache() {
+        this.keyCache.clear();
+    }
+}
+/**
+ * Token vault using external KMS (AWS KMS, GCP KMS, etc.)
+ * Uses envelope encryption for efficiency
+ */
+export class KmsTokenVault {
+    kms;
+    getKeyId;
+    dataKeyCache = new Map();
+    constructor(config) {
+        this.kms = config.kms;
+        this.getKeyId = config.getKeyId;
+    }
+    async encrypt(tenantId, plaintext) {
+        const { dataKey, encryptedDataKey } = await this.getDataKey(tenantId);
+        // Encrypt with data key
+        const iv = randomBytes(12);
+        const cipher = createCipheriv('aes-256-gcm', dataKey, iv);
+        const encrypted = Buffer.concat([cipher.update(plaintext, 'utf-8'), cipher.final()]);
+        const authTag = cipher.getAuthTag();
+        // Format: base64(encryptedDataKeyLen(2) + encryptedDataKey + iv + authTag + ciphertext)
+        const edkLen = Buffer.alloc(2);
+        edkLen.writeUInt16BE(encryptedDataKey.length);
+        const result = Buffer.concat([edkLen, encryptedDataKey, iv, authTag, encrypted]);
+        return result.toString('base64');
+    }
+    async decrypt(tenantId, ciphertext) {
+        const data = Buffer.from(ciphertext, 'base64');
+        // Extract encrypted data key
+        const edkLen = data.readUInt16BE(0);
+        const encryptedDataKey = data.subarray(2, 2 + edkLen);
+        const iv = data.subarray(2 + edkLen, 2 + edkLen + 12);
+        const authTag = data.subarray(2 + edkLen + 12, 2 + edkLen + 28);
+        const encrypted = data.subarray(2 + edkLen + 28);
+        // Decrypt data key
+        const keyId = await this.getKeyId(tenantId);
+        const dataKey = await this.kms.decrypt(keyId, encryptedDataKey);
+        // Decrypt content
+        const decipher = createDecipheriv('aes-256-gcm', dataKey, iv);
+        decipher.setAuthTag(authTag);
+        const decrypted = Buffer.concat([decipher.update(encrypted), decipher.final()]);
+        return decrypted.toString('utf-8');
+    }
+    async rotateKey(tenantId) {
+        // Clear cached data key to force regeneration with new KMS key
+        this.dataKeyCache.delete(tenantId);
+    }
+    /**
+     * Get or generate a data key for envelope encryption
+     */
+    async getDataKey(tenantId) {
+        const cached = this.dataKeyCache.get(tenantId);
+        // Cache data keys for 1 hour
+        if (cached && cached.expires > Date.now()) {
+            return { dataKey: cached.key, encryptedDataKey: cached.encrypted };
+        }
+        // Generate new data key
+        const keyId = await this.getKeyId(tenantId);
+        const { plaintext, ciphertext } = await this.kms.generateDataKey(keyId);
+        // Cache it
+        this.dataKeyCache.set(tenantId, {
+            key: plaintext,
+            encrypted: ciphertext,
+            expires: Date.now() + 60 * 60 * 1000, // 1 hour
+        });
+        return { dataKey: plaintext, encryptedDataKey: ciphertext };
+    }
+}
+export function createTokenVault(options) {
+    switch (options.type) {
+        case 'local':
+            if (!options.masterKey) {
+                throw new Error('Master key required for local token vault');
+            }
+            return new LocalTokenVault({ masterKey: options.masterKey });
+        case 'kms':
+            if (!options.kms || !options.getKeyId) {
+                throw new Error('KMS client and getKeyId function required for KMS token vault');
+            }
+            return new KmsTokenVault({
+                kms: options.kms,
+                getKeyId: options.getKeyId,
+            });
+        default:
+            throw new Error(`Unknown token vault type: ${options.type}`);
+    }
+}
+// ============================================================================
+// Singleton Instance
+// ============================================================================
+let tokenVaultInstance = null;
+export function getTokenVault() {
+    if (!tokenVaultInstance) {
+        throw new Error('Token vault not initialized. Call initTokenVault first.');
+    }
+    return tokenVaultInstance;
+}
+export function initTokenVault(options) {
+    tokenVaultInstance = createTokenVault(options);
+    return tokenVaultInstance;
+}
+//# sourceMappingURL=token-vault.js.map

package/dist/serv/vault/token-vault.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"token-vault.js","sourceRoot":"","sources":["../../../src/serv/vault/token-vault.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,cAAc,EAAE,gBAAgB,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AAoCnF,+EAA+E;AAC/E,kDAAkD;AAClD,+EAA+E;AAE/E;;;;;GAKG;AACH,MAAM,OAAO,eAAe;IAClB,SAAS,CAAS;IAClB,IAAI,CAAS;IACb,QAAQ,GAAwB,IAAI,GAAG,EAAE,CAAC;IAC1C,UAAU,CAAS;IAE3B,YAAY,MAAwB;QAClC,IAAI,MAAM,CAAC,SAAS,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;YACjC,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;QAC/D,CAAC;QAED,IAAI,CAAC,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;QACxD,IAAI,CAAC,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,IAAI,uBAAuB,EAAE,OAAO,CAAC,CAAC;QACzE,IAAI,CAAC,UAAU,GAAG,MAAM,CAAC,UAAU,IAAI,MAAM,CAAC;IAChD,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,QAAgB,EAAE,SAAiB;QAC/C,MAAM,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;QACrC,MAAM,EAAE,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC,kBAAkB;QAE9C,MAAM,MAAM,GAAG,cAAc,CAAC,aAAa,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;QACtD,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;QACrF,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QAEpC,4CAA4C;QAC5C,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC,CAAC;QACvD,OAAO,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACnC,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,QAAgB,EAAE,UAAkB;QAChD,MAAM,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;QACrC,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;QAE/C,qBAAqB;QACrB,MAAM,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAChC,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;QACtC,MAAM,SAAS,GAAG,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;QAEpC,MAAM,QAAQ,GAAG,gBAAgB,CAAC,aAAa,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;QAC1D,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QAE7B,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;QAEhF,OAAO,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;IACrC,CAAC;IAED;;OAEG;IACK,SAAS,CAAC,QAAgB;QAChC,MAAM,QAAQ,GAAG,QAAQ,CAAC;QAC1B,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;YAChC,OAAO,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAE,CAAC;QACtC,CAAC;QAED,mDAAmD;QACnD,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC;QAC9E,MAAM,GAAG,GAAG,UAAU,CAAC,IAAI,CAAC,SAAS,EAAE,UAAU,EAAE,EAAE,EAAE;YACrD,CAAC,EAAE,KAAK;YACR,CAAC,EAAE,CAAC;YACJ,CAAC,EAAE,CAAC;SACL,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;QACjC,OAAO,GAAG,CAAC;IACb,CAAC;IAED;;OAEG;IACH,UAAU;QACR,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC;IACxB,CAAC;CACF;AAiCD;;;GAGG;AACH,MAAM,OAAO,aAAa;IAChB,GAAG,CAAY;IACf,QAAQ,CAAwC;IAChD,YAAY,GAClB,IAAI,GAAG,EAAE,CAAC;IAEZ,YAAY,MAA2B;QACrC,IAAI,CAAC,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC;QACtB,IAAI,CAAC,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;IAClC,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,QAAgB,EAAE,SAAiB;QAC/C,MAAM,EAAE,OAAO,EAAE,gBAAgB,EAAE,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;QAEtE,wBAAwB;QACxB,MAAM,EAAE,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;QAC3B,MAAM,MAAM,GAAG,cAAc,CAAC,aAAa,EAAE,OAAO,EAAE,EAAE,CAAC,CAAC;QAC1D,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;QACrF,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QAEpC,wFAAwF;QACxF,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAC/B,MAAM,CAAC,aAAa,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC;QAE9C,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,gBAAgB,EAAE,EAAE,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC,CAAC;QACjF,OAAO,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACnC,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,QAAgB,EAAE,UAAkB;QAChD,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;QAE/C,6BAA6B;QAC7B,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QACpC,MAAM,gBAAgB,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,CAAC;QACtD,MAAM,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC,GAAG,MAAM,EAAE,CAAC,GAAG,MAAM,GAAG,EAAE,CAAC,CAAC;QACtD,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC,GAAG,MAAM,GAAG,EAAE,EAAE,CAAC,GAAG,MAAM,GAAG,EAAE,CAAC,CAAC;QAChE,MAAM,SAAS,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC,GAAG,MAAM,GAAG,EAAE,CAAC,CAAC;QAEjD,mBAAmB;QACnB,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAC5C,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,EAAE,gBAAgB,CAAC,CAAC;QAEhE,kBAAkB;QAClB,MAAM,QAAQ,GAAG,gBAAgB,CAAC,aAAa,EAAE,OAAO,EAAE,EAAE,CAAC,CAAC;QAC9D,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QAE7B,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;QAEhF,OAAO,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;IACrC,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,QAAgB;QAC9B,+DAA+D;QAC/D,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACrC,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,UAAU,CACtB,QAAgB;QAEhB,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAE/C,6BAA6B;QAC7B,IAAI,MAAM,IAAI,MAAM,CAAC,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;YAC1C,OAAO,EAAE,OAAO,EAAE,MAAM,CAAC,GAAG,EAAE,gBAAgB,EAAE,MAAM,CAAC,SAAS,EAAE,CAAC;QACrE,CAAC;QAED,wBAAwB;QACxB,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAC5C,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;QAExE,WAAW;QACX,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,EAAE;YAC9B,GAAG,EAAE,SAAS;YACd,SAAS,EAAE,UAAU;YACrB,OAAO,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,SAAS;SAChD,CAAC,CAAC;QAEH,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,gBAAgB,EAAE,UAAU,EAAE,CAAC;IAC9D,CAAC;CACF;AAeD,MAAM,UAAU,gBAAgB,CAAC,OAAgC;IAC/D,QAAQ,OAAO,CAAC,IAAI,EAAE,CAAC;QACrB,KAAK,OAAO;YACV,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC;gBACvB,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;YAC/D,CAAC;YACD,OAAO,IAAI,eAAe,CAAC,EAAE,SAAS,EAAE,OAAO,CAAC,SAAS,EAAE,CAAC,CAAC;QAE/D,KAAK,KAAK;YACR,IAAI,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC;gBACtC,MAAM,IAAI,KAAK,CAAC,+DAA+D,CAAC,CAAC;YACnF,CAAC;YACD,OAAO,IAAI,aAAa,CAAC;gBACvB,GAAG,EAAE,OAAO,CAAC,GAAG;gBAChB,QAAQ,EAAE,OAAO,CAAC,QAAQ;aAC3B,CAAC,CAAC;QAEL;YACE,MAAM,IAAI,KAAK,CAAC,6BAA6B,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;IACjE,CAAC;AACH,CAAC;AAED,+EAA+E;AAC/E,qBAAqB;AACrB,+EAA+E;AAE/E,IAAI,kBAAkB,GAAsB,IAAI,CAAC;AAEjD,MAAM,UAAU,aAAa;IAC3B,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACxB,MAAM,IAAI,KAAK,CAAC,yDAAyD,CAAC,CAAC;IAC7E,CAAC;IACD,OAAO,kBAAkB,CAAC;AAC5B,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,OAAgC;IAC7D,kBAAkB,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;IAC/C,OAAO,kBAAkB,CAAC;AAC5B,CAAC"}

package/dist/server.d.ts

@@ -2,17 +2,114 @@
  * Photon MCP Server
  *
  * Wraps a .photon.ts file as an MCP server using @modelcontextprotocol/sdk
+ * Supports both stdio and SSE transports
  */
+import type { Marketplace, PhotonMetadata } from './marketplace-manager.js';
+import { Logger, LoggerOptions } from './shared/logger.js';
+export declare class HotReloadDisabledError extends Error {
+    constructor(message: string);
+}
+export type TransportType = 'stdio' | 'sse';
+/**
+ * UI format types for client compatibility
+ * - 'sep-1865': SEP-1865 standard (Anthropic + OpenAI unified format)
+ * - 'photon': Legacy Photon format
+ * - 'none': Text-only, no UI support
+ */
+export type UIFormat = 'sep-1865' | 'photon' | 'none';
+export interface UnresolvedPhoton {
+    name: string;
+    workingDir: string;
+    sources: Array<{
+        marketplace: Marketplace;
+        metadata?: PhotonMetadata;
+    }>;
+    recommendation?: string;
+}
 export interface PhotonServerOptions {
     filePath: string;
     devMode?: boolean;
+    transport?: TransportType;
+    port?: number;
+    logOptions?: LoggerOptions;
+    unresolvedPhoton?: UnresolvedPhoton;
 }
 export declare class PhotonServer {
     private loader;
     private mcp;
     private server;
     private options;
+    private mcpClientFactory;
+    private httpServer;
+    private sseSessions;
+    private devMode;
+    private hotReloadDisabled;
+    private lastReloadError?;
+    private statusClients;
+    private channelUnsubscribers;
+    private daemonName;
+    private currentStatus;
+    private logger;
     constructor(options: PhotonServerOptions);
+    createScopedLogger(scope: string): Logger;
+    getLogger(): Logger;
+    private log;
+    /**
+     * Detect UI format based on client capabilities
+     *
+     * SEP-1865 clients advertise ui capability in experimental or root capabilities.
+     * Legacy Photon clients may not have explicit UI capability but support photon:// URIs.
+     * Text-only clients have no UI support.
+     *
+     * @param server - Optional server instance (for SSE sessions), defaults to main server
+     */
+    private getUIFormat;
+    /**
+     * Build UI resource URI based on detected format
+     *
+     * @param uiId - UI template identifier
+     * @param server - Optional server instance (for SSE sessions)
+     */
+    private buildUIResourceUri;
+    /**
+     * Build tool metadata for UI based on detected format
+     *
+     * @param uiId - UI template identifier
+     * @param server - Optional server instance (for SSE sessions)
+     */
+    private buildUIToolMeta;
+    /**
+     * Get UI mimeType based on detected format
+     *
+     * @param server - Optional server instance (for SSE sessions)
+     */
+    private getUIMimeType;
+    /**
+     * Check if client supports elicitation
+     *
+     * Elicitation is a client capability declared during initialization.
+     * The server can use elicitInput() when the client supports it.
+     */
+    private clientSupportsElicitation;
+    /**
+     * Create an MCP-aware input provider for generator ask yields
+     *
+     * Uses MCP elicitInput() when client supports elicitation,
+     * otherwise falls back to readline prompts.
+     */
+    private createMCPInputProvider;
+    /**
+     * Build MCP elicit request params from a Photon ask yield
+     */
+    private buildElicitParams;
+    /**
+     * Extract value from elicitation response content
+     */
+    private extractElicitValue;
+    /**
+     * Get default value for an ask when elicitation is not available or declined
+     */
+    private getDefaultForAsk;
     /**
      * Set up MCP protocol handlers
      */
@@ -49,14 +146,90 @@ export declare class PhotonServer {
      * Provides structured, actionable error messages
      */
     private formatError;
+    /**
+     * Build placeholder tools from unresolved photon manifest metadata
+     */
+    private buildPlaceholderTools;
+    /**
+     * Resolve an unresolved photon (deferred conflict resolution)
+     *
+     * If the client supports elicitation, presents marketplace choices.
+     * Otherwise, auto-picks the recommendation.
+     */
+    private resolveUnresolvedPhoton;
+    /**
+     * Download a photon from a marketplace source, save to workingDir, and load it
+     */
+    private downloadAndLoadPhoton;
+    /**
+     * Attempt config elicitation to resolve missing env vars, then retry tool call
+     */
+    private attemptConfigElicitation;
     /**
      * Initialize and start the server
      */
     start(): Promise<void>;
+    /**
+     * Subscribe to daemon channels for cross-process notifications
+     * This enables real-time updates when other processes (e.g., Beam UI, other MCP clients) modify data
+     */
+    private subscribeToChannels;
+    /**
+     * Handle incoming channel messages and forward as MCP notifications
+     */
+    private handleChannelMessage;
+    /**
+     * Start server with stdio transport
+     */
+    private startStdio;
+    /**
+     * Start server with SSE transport (HTTP)
+     */
+    private startSSE;
+    /**
+     * List all photons in the .photon directory
+     */
+    private listAllPhotons;
+    /**
+     * Generate playground HTML for interactive testing
+     */
+    private getPlaygroundHTML;
+    /**
+     * Handle new SSE connection
+     */
+    private handleSSEConnection;
+    /**
+     * Handle incoming SSE message
+     */
+    private handleSSEMessage;
+    /**
+     * Set up handlers for a session-specific MCP server
+     * This duplicates handlers from the main server to each session
+     */
+    private setupSessionHandlers;
+    /**
+     * Handle asset read (for both stdio and SSE handlers)
+     */
+    /**
+     * Handle SEP-1865 ui:// resource read
+     */
+    private handleUIAssetRead;
+    /**
+     * Handle legacy photon:// asset read
+     */
+    private handleAssetRead;
+    /**
+     * Handle static resource read (for both stdio and SSE handlers)
+     */
+    private handleStaticRead;
     /**
      * Stop the server
      */
     stop(): Promise<void>;
+    private buildStatusSnapshot;
+    private handleStatusStream;
+    private broadcastReloadStatus;
+    private pushStatusUpdate;
     /**
      * Reload the MCP file (for dev mode hot reload)
      */

package/dist/server.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAmBH,MAAM,WAAW,mBAAmB;IAClC,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED,qBAAa,YAAY;IACvB,OAAO,CAAC,MAAM,CAAe;IAC7B,OAAO,CAAC,GAAG,CAAuC;IAClD,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,OAAO,CAAsB;gBAEzB,OAAO,EAAE,mBAAmB;IA6BxC;;OAEG;IACH,OAAO,CAAC,aAAa;IAoKrB;;OAEG;IACH,OAAO,CAAC,YAAY;IAoBpB;;OAEG;IACH,OAAO,CAAC,oBAAoB;IAuB5B;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAa1B;;OAEG;IACH,OAAO,CAAC,aAAa;IAIrB;;;OAGG;IACH,OAAO,CAAC,eAAe;IAQvB;;;;OAIG;IACH,OAAO,CAAC,cAAc;IA2BtB;;;OAGG;IACH,OAAO,CAAC,WAAW;IA+DnB;;OAEG;IACG,KAAK;IAuBX;;OAEG;IACG,IAAI;IAcV;;OAEG;IACH,OAAO,CAAC,kBAAkB,CAAK;IAC/B,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAK;IACzC,OAAO,CAAC,kBAAkB,CAAC,CAAiB;IAEtC,MAAM;IAuEZ;;;OAGG;YACW,kBAAkB;CAuBjC"}
+{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAmBH,OAAO,KAAK,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAG5E,OAAO,EAAgB,MAAM,EAAE,aAAa,EAAY,MAAM,oBAAoB,CAAC;AAenF,qBAAa,sBAAuB,SAAQ,KAAK;gBACnC,OAAO,EAAE,MAAM;CAI5B;AAED,MAAM,MAAM,aAAa,GAAG,OAAO,GAAG,KAAK,CAAC;AAE5C;;;;;GAKG;AACH,MAAM,MAAM,QAAQ,GAAG,UAAU,GAAG,QAAQ,GAAG,MAAM,CAAC;AAEtD,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,KAAK,CAAC;QAAE,WAAW,EAAE,WAAW,CAAC;QAAC,QAAQ,CAAC,EAAE,cAAc,CAAA;KAAE,CAAC,CAAC;IACxE,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAED,MAAM,WAAW,mBAAmB;IAClC,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,SAAS,CAAC,EAAE,aAAa,CAAC;IAC1B,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,UAAU,CAAC,EAAE,aAAa,CAAC;IAC3B,gBAAgB,CAAC,EAAE,gBAAgB,CAAC;CACrC;AAQD,qBAAa,YAAY;IACvB,OAAO,CAAC,MAAM,CAAe;IAC7B,OAAO,CAAC,GAAG,CAAuC;IAClD,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,OAAO,CAAsB;IACrC,OAAO,CAAC,gBAAgB,CAA2C;IACnE,OAAO,CAAC,UAAU,CAAgD;IAClE,OAAO,CAAC,WAAW,CAAsC;IACzD,OAAO,CAAC,OAAO,CAAU;IACzB,OAAO,CAAC,iBAAiB,CAAS;IAClC,OAAO,CAAC,eAAe,CAAC,CAKtB;IACF,OAAO,CAAC,aAAa,CAAkC;IACvD,OAAO,CAAC,oBAAoB,CAAyB;IACrD,OAAO,CAAC,UAAU,CAAuB;IACzC,OAAO,CAAC,aAAa,CAQnB;IACF,OAAO,CAAC,MAAM,CAAS;gBAEX,OAAO,EAAE,mBAAmB;IAmEjC,kBAAkB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM;IAIzC,SAAS,IAAI,MAAM;IAI1B,OAAO,CAAC,GAAG;IAIX;;;;;;;;OAQG;IACH,OAAO,CAAC,WAAW;IA8BnB;;;;;OAKG;IACH,OAAO,CAAC,kBAAkB;IAa1B;;;;;OAKG;IACH,OAAO,CAAC,eAAe;IAcvB;;;;OAIG;IACH,OAAO,CAAC,aAAa;IAKrB;;;;;OAKG;IACH,OAAO,CAAC,yBAAyB;IAYjC;;;;;OAKG;IACH,OAAO,CAAC,sBAAsB;IAuC9B;;OAEG;IACH,OAAO,CAAC,iBAAiB;IA8HzB;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAW1B;;OAEG;IACH,OAAO,CAAC,gBAAgB;IAmBxB;;OAEG;IACH,OAAO,CAAC,aAAa;IAqRrB;;OAEG;IACH,OAAO,CAAC,YAAY;IAoBpB;;OAEG;IACH,OAAO,CAAC,oBAAoB;IAuB5B;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAa1B;;OAEG;IACH,OAAO,CAAC,aAAa;IAIrB;;;OAGG;IACH,OAAO,CAAC,eAAe;IAQvB;;;;OAIG;IACH,OAAO,CAAC,cAAc;IA2BtB;;;OAGG;IACH,OAAO,CAAC,WAAW;IAiEnB;;OAEG;IACH,OAAO,CAAC,qBAAqB;IAgC7B;;;;;OAKG;YACW,uBAAuB;IAsDrC;;OAEG;YACW,qBAAqB;IAmDnC;;OAEG;YACW,wBAAwB;IAoFtC;;OAEG;IACG,KAAK;IA6EX;;;OAGG;YACW,mBAAmB;IAqBjC;;OAEG;YACW,oBAAoB;IAgClC;;OAEG;YACW,UAAU;IAMxB;;OAEG;YACW,QAAQ;IAsStB;;OAEG;YACW,cAAc;IAgC5B;;OAEG;YACW,iBAAiB;IAK/B;;OAEG;YACW,mBAAmB;IA2DjC;;OAEG;YACW,gBAAgB;IA+B9B;;;OAGG;IACH,OAAO,CAAC,oBAAoB;IAmM5B;;OAEG;IACH;;OAEG;YACW,iBAAiB;IAY/B;;OAEG;YACW,eAAe;IAoC7B;;OAEG;YACW,gBAAgB;IAa9B;;OAEG;IACG,IAAI;IAsCV,OAAO,CAAC,mBAAmB;IA+B3B,OAAO,CAAC,kBAAkB;YAmBZ,qBAAqB;IAwBnC,OAAO,CAAC,gBAAgB;IAOxB;;OAEG;IACH,OAAO,CAAC,kBAAkB,CAAK;IAC/B,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAK;IACzC,OAAO,CAAC,kBAAkB,CAAC,CAAiB;IAEtC,MAAM;IAgHZ;;;OAGG;YACW,kBAAkB;CAyBjC"}