@rekog/mcp-nest 1.9.10 → 2.0.0-alpha.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +76 -29
- package/dist/index.d.ts +0 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +0 -1
- package/dist/index.js.map +1 -1
- package/dist/mcp/decorators/constants.d.ts +1 -0
- package/dist/mcp/decorators/constants.d.ts.map +1 -1
- package/dist/mcp/decorators/constants.js +2 -1
- package/dist/mcp/decorators/constants.js.map +1 -1
- package/dist/mcp/decorators/index.d.ts +3 -1
- package/dist/mcp/decorators/index.d.ts.map +1 -1
- package/dist/mcp/decorators/index.js +3 -1
- package/dist/mcp/decorators/index.js.map +1 -1
- package/dist/mcp/decorators/mcp-controller.decorator.d.ts +6 -0
- package/dist/mcp/decorators/mcp-controller.decorator.d.ts.map +1 -0
- package/dist/mcp/decorators/mcp-controller.decorator.js +43 -0
- package/dist/mcp/decorators/mcp-controller.decorator.js.map +1 -0
- package/dist/mcp/decorators/mcp-message-pattern.d.ts +3 -0
- package/dist/mcp/decorators/mcp-message-pattern.d.ts.map +1 -0
- package/dist/mcp/decorators/mcp-message-pattern.js +13 -0
- package/dist/mcp/decorators/mcp-message-pattern.js.map +1 -0
- package/dist/mcp/decorators/prompt.decorator.d.ts +1 -1
- package/dist/mcp/decorators/prompt.decorator.d.ts.map +1 -1
- package/dist/mcp/decorators/prompt.decorator.js +2 -1
- package/dist/mcp/decorators/prompt.decorator.js.map +1 -1
- package/dist/mcp/decorators/public.decorator.js.map +1 -1
- package/dist/mcp/decorators/raw-request.decorator.d.ts +2 -0
- package/dist/mcp/decorators/raw-request.decorator.d.ts.map +1 -0
- package/dist/mcp/decorators/raw-request.decorator.js +6 -0
- package/dist/mcp/decorators/raw-request.decorator.js.map +1 -0
- package/dist/mcp/decorators/resource-template.decorator.d.ts +1 -1
- package/dist/mcp/decorators/resource-template.decorator.d.ts.map +1 -1
- package/dist/mcp/decorators/resource-template.decorator.js +2 -1
- package/dist/mcp/decorators/resource-template.decorator.js.map +1 -1
- package/dist/mcp/decorators/resource.decorator.d.ts +1 -1
- package/dist/mcp/decorators/resource.decorator.d.ts.map +1 -1
- package/dist/mcp/decorators/resource.decorator.js +2 -1
- package/dist/mcp/decorators/resource.decorator.js.map +1 -1
- package/dist/mcp/decorators/tool.decorator.d.ts +1 -3
- package/dist/mcp/decorators/tool.decorator.d.ts.map +1 -1
- package/dist/mcp/decorators/tool.decorator.js +2 -1
- package/dist/mcp/decorators/tool.decorator.js.map +1 -1
- package/dist/mcp/filters/mcp-exception.filter.d.ts +6 -0
- package/dist/mcp/filters/mcp-exception.filter.d.ts.map +1 -0
- package/dist/mcp/filters/mcp-exception.filter.js +26 -0
- package/dist/mcp/filters/mcp-exception.filter.js.map +1 -0
- package/dist/mcp/index.d.ts +11 -7
- package/dist/mcp/index.d.ts.map +1 -1
- package/dist/mcp/index.js +11 -7
- package/dist/mcp/index.js.map +1 -1
- package/dist/mcp/interfaces/authenticated-user.interface.d.ts +9 -0
- package/dist/mcp/interfaces/authenticated-user.interface.d.ts.map +1 -0
- package/dist/{authz/interfaces/request-with-user.js → mcp/interfaces/authenticated-user.interface.js} +1 -1
- package/dist/mcp/interfaces/authenticated-user.interface.js.map +1 -0
- package/dist/mcp/interfaces/dynamic-prompt.interface.d.ts +1 -1
- package/dist/mcp/interfaces/dynamic-prompt.interface.d.ts.map +1 -1
- package/dist/mcp/interfaces/dynamic-prompt.interface.js.map +1 -1
- package/dist/mcp/interfaces/dynamic-resource.interface.d.ts +1 -1
- package/dist/mcp/interfaces/dynamic-resource.interface.d.ts.map +1 -1
- package/dist/mcp/interfaces/dynamic-resource.interface.js.map +1 -1
- package/dist/mcp/interfaces/dynamic-tool.interface.d.ts +1 -1
- package/dist/mcp/interfaces/dynamic-tool.interface.d.ts.map +1 -1
- package/dist/mcp/interfaces/dynamic-tool.interface.js.map +1 -1
- package/dist/mcp/interfaces/index.d.ts +2 -2
- package/dist/mcp/interfaces/index.d.ts.map +1 -1
- package/dist/mcp/interfaces/index.js +0 -3
- package/dist/mcp/interfaces/index.js.map +1 -1
- package/dist/mcp/services/tool-authorization.service.d.ts +7 -5
- package/dist/mcp/services/tool-authorization.service.d.ts.map +1 -1
- package/dist/mcp/services/tool-authorization.service.js +9 -6
- package/dist/mcp/services/tool-authorization.service.js.map +1 -1
- package/dist/mcp/transport/mcp-context.d.ts +34 -0
- package/dist/mcp/transport/mcp-context.d.ts.map +1 -0
- package/dist/mcp/transport/mcp-context.js +74 -0
- package/dist/mcp/transport/mcp-context.js.map +1 -0
- package/dist/mcp/transport/mcp-http-handler.d.ts +7 -0
- package/dist/mcp/transport/mcp-http-handler.d.ts.map +1 -0
- package/dist/mcp/transport/mcp-http-handler.js +5 -0
- package/dist/mcp/transport/mcp-http-handler.js.map +1 -0
- package/dist/mcp/transport/mcp-server-options.interface.d.ts +23 -0
- package/dist/mcp/transport/mcp-server-options.interface.d.ts.map +1 -0
- package/dist/{authz/providers/oauth-provider.interface.js → mcp/transport/mcp-server-options.interface.js} +1 -1
- package/dist/mcp/transport/mcp-server-options.interface.js.map +1 -0
- package/dist/mcp/transport/mcp-transport.constants.d.ts +19 -0
- package/dist/mcp/transport/mcp-transport.constants.d.ts.map +1 -0
- package/dist/mcp/transport/mcp-transport.constants.js +21 -0
- package/dist/mcp/transport/mcp-transport.constants.js.map +1 -0
- package/dist/mcp/transport/mcp-transport.interface.d.ts +17 -0
- package/dist/mcp/transport/mcp-transport.interface.d.ts.map +1 -0
- package/dist/{authz/interfaces/oauth-common.interface.js → mcp/transport/mcp-transport.interface.js} +1 -1
- package/dist/mcp/transport/mcp-transport.interface.js.map +1 -0
- package/dist/mcp/transport/mcp.strategy.d.ts +56 -0
- package/dist/mcp/transport/mcp.strategy.d.ts.map +1 -0
- package/dist/mcp/transport/mcp.strategy.js +446 -0
- package/dist/mcp/transport/mcp.strategy.js.map +1 -0
- package/dist/mcp/transport/resource-matcher.d.ts +13 -0
- package/dist/mcp/transport/resource-matcher.d.ts.map +1 -0
- package/dist/mcp/transport/resource-matcher.js +83 -0
- package/dist/mcp/transport/resource-matcher.js.map +1 -0
- package/dist/mcp/transport/streamable-http.controller.d.ts +16 -0
- package/dist/mcp/transport/streamable-http.controller.d.ts.map +1 -0
- package/dist/mcp/transport/streamable-http.controller.js +98 -0
- package/dist/mcp/transport/streamable-http.controller.js.map +1 -0
- package/dist/mcp/transport/transports/index.d.ts +3 -0
- package/dist/mcp/transport/transports/index.d.ts.map +1 -0
- package/dist/{authz → mcp/transport/transports}/index.js +2 -10
- package/dist/mcp/transport/transports/index.js.map +1 -0
- package/dist/mcp/transport/transports/read-body.d.ts +3 -0
- package/dist/mcp/transport/transports/read-body.d.ts.map +1 -0
- package/dist/mcp/transport/transports/read-body.js +32 -0
- package/dist/mcp/transport/transports/read-body.js.map +1 -0
- package/dist/mcp/transport/transports/stdio.transport.d.ts +9 -0
- package/dist/mcp/transport/transports/stdio.transport.d.ts.map +1 -0
- package/dist/mcp/transport/transports/stdio.transport.js +27 -0
- package/dist/mcp/transport/transports/stdio.transport.js.map +1 -0
- package/dist/mcp/transport/transports/streamable-http.transport.d.ts +33 -0
- package/dist/mcp/transport/transports/streamable-http.transport.d.ts.map +1 -0
- package/dist/mcp/transport/transports/streamable-http.transport.js +216 -0
- package/dist/mcp/transport/transports/streamable-http.transport.js.map +1 -0
- package/dist/mcp/utils/mcp-logger.factory.d.ts +6 -2
- package/dist/mcp/utils/mcp-logger.factory.d.ts.map +1 -1
- package/dist/mcp/utils/mcp-logger.factory.js.map +1 -1
- package/package.json +3 -66
- package/src/index.ts +0 -1
- package/src/mcp/decorators/constants.ts +1 -0
- package/src/mcp/decorators/index.ts +3 -1
- package/src/mcp/decorators/mcp-controller.decorator.ts +126 -0
- package/src/mcp/decorators/mcp-message-pattern.ts +38 -0
- package/src/mcp/decorators/prompt.decorator.ts +6 -2
- package/src/mcp/decorators/public.decorator.ts +3 -3
- package/src/mcp/decorators/raw-request.decorator.ts +32 -0
- package/src/mcp/decorators/resource-template.decorator.ts +6 -2
- package/src/mcp/decorators/resource.decorator.ts +6 -2
- package/src/mcp/decorators/tool.decorator.ts +6 -3
- package/src/mcp/filters/mcp-exception.filter.ts +47 -0
- package/src/mcp/index.ts +13 -7
- package/src/mcp/interfaces/authenticated-user.interface.ts +22 -0
- package/src/mcp/interfaces/dynamic-prompt.interface.ts +1 -1
- package/src/mcp/interfaces/dynamic-resource.interface.ts +1 -1
- package/src/mcp/interfaces/dynamic-tool.interface.ts +2 -2
- package/src/mcp/interfaces/index.ts +3 -7
- package/src/mcp/services/tool-authorization.service.ts +52 -72
- package/src/mcp/transport/mcp-context.ts +138 -0
- package/src/mcp/transport/mcp-http-handler.ts +32 -0
- package/src/mcp/transport/mcp-server-options.interface.ts +75 -0
- package/src/mcp/transport/mcp-transport.constants.ts +99 -0
- package/src/mcp/transport/mcp-transport.interface.ts +50 -0
- package/src/mcp/transport/mcp.strategy.ts +752 -0
- package/src/mcp/transport/resource-matcher.ts +107 -0
- package/src/mcp/transport/streamable-http.controller.ts +114 -0
- package/src/mcp/transport/transports/index.ts +2 -0
- package/src/mcp/transport/transports/read-body.ts +39 -0
- package/src/mcp/transport/transports/stdio.transport.ts +35 -0
- package/src/mcp/transport/transports/streamable-http.transport.ts +384 -0
- package/src/mcp/utils/mcp-logger.factory.spec.ts +8 -22
- package/src/mcp/utils/mcp-logger.factory.ts +13 -2
- package/dist/authz/guards/jwt-auth.guard.d.ts +0 -19
- package/dist/authz/guards/jwt-auth.guard.d.ts.map +0 -1
- package/dist/authz/guards/jwt-auth.guard.js +0 -108
- package/dist/authz/guards/jwt-auth.guard.js.map +0 -1
- package/dist/authz/index.d.ts +0 -11
- package/dist/authz/index.d.ts.map +0 -1
- package/dist/authz/index.js.map +0 -1
- package/dist/authz/interfaces/oauth-common.interface.d.ts +0 -21
- package/dist/authz/interfaces/oauth-common.interface.d.ts.map +0 -1
- package/dist/authz/interfaces/oauth-common.interface.js.map +0 -1
- package/dist/authz/interfaces/request-with-user.d.ts +0 -13
- package/dist/authz/interfaces/request-with-user.d.ts.map +0 -1
- package/dist/authz/interfaces/request-with-user.js.map +0 -1
- package/dist/authz/mcp-oauth.controller.d.ts +0 -81
- package/dist/authz/mcp-oauth.controller.d.ts.map +0 -1
- package/dist/authz/mcp-oauth.controller.js +0 -540
- package/dist/authz/mcp-oauth.controller.js.map +0 -1
- package/dist/authz/mcp-oauth.module.d.ts +0 -12
- package/dist/authz/mcp-oauth.module.d.ts.map +0 -1
- package/dist/authz/mcp-oauth.module.js +0 -271
- package/dist/authz/mcp-oauth.module.js.map +0 -1
- package/dist/authz/providers/azure-ad.provider.d.ts +0 -3
- package/dist/authz/providers/azure-ad.provider.d.ts.map +0 -1
- package/dist/authz/providers/azure-ad.provider.js +0 -37
- package/dist/authz/providers/azure-ad.provider.js.map +0 -1
- package/dist/authz/providers/github.provider.d.ts +0 -3
- package/dist/authz/providers/github.provider.d.ts.map +0 -1
- package/dist/authz/providers/github.provider.js +0 -24
- package/dist/authz/providers/github.provider.js.map +0 -1
- package/dist/authz/providers/google.provider.d.ts +0 -3
- package/dist/authz/providers/google.provider.d.ts.map +0 -1
- package/dist/authz/providers/google.provider.js +0 -25
- package/dist/authz/providers/google.provider.js.map +0 -1
- package/dist/authz/providers/oauth-provider.interface.d.ts +0 -107
- package/dist/authz/providers/oauth-provider.interface.d.ts.map +0 -1
- package/dist/authz/providers/oauth-provider.interface.js.map +0 -1
- package/dist/authz/services/client.service.d.ts +0 -12
- package/dist/authz/services/client.service.d.ts.map +0 -1
- package/dist/authz/services/client.service.js +0 -81
- package/dist/authz/services/client.service.js.map +0 -1
- package/dist/authz/services/jwt-token.service.d.ts +0 -37
- package/dist/authz/services/jwt-token.service.d.ts.map +0 -1
- package/dist/authz/services/jwt-token.service.js +0 -182
- package/dist/authz/services/jwt-token.service.js.map +0 -1
- package/dist/authz/services/oauth-strategy.service.d.ts +0 -13
- package/dist/authz/services/oauth-strategy.service.d.ts.map +0 -1
- package/dist/authz/services/oauth-strategy.service.js +0 -71
- package/dist/authz/services/oauth-strategy.service.js.map +0 -1
- package/dist/authz/stores/memory-store.service.d.ts +0 -27
- package/dist/authz/stores/memory-store.service.d.ts.map +0 -1
- package/dist/authz/stores/memory-store.service.js +0 -107
- package/dist/authz/stores/memory-store.service.js.map +0 -1
- package/dist/authz/stores/oauth-store.interface.d.ts +0 -61
- package/dist/authz/stores/oauth-store.interface.d.ts.map +0 -1
- package/dist/authz/stores/oauth-store.interface.js +0 -5
- package/dist/authz/stores/oauth-store.interface.js.map +0 -1
- package/dist/authz/stores/typeorm/constants.d.ts +0 -3
- package/dist/authz/stores/typeorm/constants.d.ts.map +0 -1
- package/dist/authz/stores/typeorm/constants.js +0 -6
- package/dist/authz/stores/typeorm/constants.js.map +0 -1
- package/dist/authz/stores/typeorm/entities/authorization-code.entity.d.ts +0 -15
- package/dist/authz/stores/typeorm/entities/authorization-code.entity.d.ts.map +0 -1
- package/dist/authz/stores/typeorm/entities/authorization-code.entity.js +0 -69
- package/dist/authz/stores/typeorm/entities/authorization-code.entity.js.map +0 -1
- package/dist/authz/stores/typeorm/entities/index.d.ts +0 -5
- package/dist/authz/stores/typeorm/entities/index.d.ts.map +0 -1
- package/dist/authz/stores/typeorm/entities/index.js +0 -12
- package/dist/authz/stores/typeorm/entities/index.js.map +0 -1
- package/dist/authz/stores/typeorm/entities/oauth-client.entity.d.ts +0 -17
- package/dist/authz/stores/typeorm/entities/oauth-client.entity.d.ts.map +0 -1
- package/dist/authz/stores/typeorm/entities/oauth-client.entity.js +0 -77
- package/dist/authz/stores/typeorm/entities/oauth-client.entity.js.map +0 -1
- package/dist/authz/stores/typeorm/entities/oauth-session.entity.d.ts +0 -14
- package/dist/authz/stores/typeorm/entities/oauth-session.entity.d.ts.map +0 -1
- package/dist/authz/stores/typeorm/entities/oauth-session.entity.js +0 -65
- package/dist/authz/stores/typeorm/entities/oauth-session.entity.js.map +0 -1
- package/dist/authz/stores/typeorm/entities/user-profile.entity.d.ts +0 -13
- package/dist/authz/stores/typeorm/entities/user-profile.entity.d.ts.map +0 -1
- package/dist/authz/stores/typeorm/entities/user-profile.entity.js +0 -62
- package/dist/authz/stores/typeorm/entities/user-profile.entity.js.map +0 -1
- package/dist/authz/stores/typeorm/typeorm-store.service.d.ts +0 -28
- package/dist/authz/stores/typeorm/typeorm-store.service.d.ts.map +0 -1
- package/dist/authz/stores/typeorm/typeorm-store.service.js +0 -138
- package/dist/authz/stores/typeorm/typeorm-store.service.js.map +0 -1
- package/dist/mcp/constants/feature-registration.constants.d.ts +0 -7
- package/dist/mcp/constants/feature-registration.constants.d.ts.map +0 -1
- package/dist/mcp/constants/feature-registration.constants.js +0 -5
- package/dist/mcp/constants/feature-registration.constants.js.map +0 -1
- package/dist/mcp/decorators/tool-guards.decorator.d.ts +0 -12
- package/dist/mcp/decorators/tool-guards.decorator.d.ts.map +0 -1
- package/dist/mcp/decorators/tool-guards.decorator.js +0 -13
- package/dist/mcp/decorators/tool-guards.decorator.js.map +0 -1
- package/dist/mcp/interfaces/mcp-options.interface.d.ts +0 -53
- package/dist/mcp/interfaces/mcp-options.interface.d.ts.map +0 -1
- package/dist/mcp/interfaces/mcp-options.interface.js +0 -10
- package/dist/mcp/interfaces/mcp-options.interface.js.map +0 -1
- package/dist/mcp/mcp.module.d.ts +0 -15
- package/dist/mcp/mcp.module.d.ts.map +0 -1
- package/dist/mcp/mcp.module.js +0 -248
- package/dist/mcp/mcp.module.js.map +0 -1
- package/dist/mcp/services/handlers/mcp-handler.base.d.ts +0 -117
- package/dist/mcp/services/handlers/mcp-handler.base.d.ts.map +0 -1
- package/dist/mcp/services/handlers/mcp-handler.base.js +0 -125
- package/dist/mcp/services/handlers/mcp-handler.base.js.map +0 -1
- package/dist/mcp/services/handlers/mcp-prompts.handler.d.ts +0 -12
- package/dist/mcp/services/handlers/mcp-prompts.handler.d.ts.map +0 -1
- package/dist/mcp/services/handlers/mcp-prompts.handler.js +0 -98
- package/dist/mcp/services/handlers/mcp-prompts.handler.js.map +0 -1
- package/dist/mcp/services/handlers/mcp-resources.handler.d.ts +0 -13
- package/dist/mcp/services/handlers/mcp-resources.handler.d.ts.map +0 -1
- package/dist/mcp/services/handlers/mcp-resources.handler.js +0 -117
- package/dist/mcp/services/handlers/mcp-resources.handler.js.map +0 -1
- package/dist/mcp/services/handlers/mcp-tools.handler.d.ts +0 -22
- package/dist/mcp/services/handlers/mcp-tools.handler.d.ts.map +0 -1
- package/dist/mcp/services/handlers/mcp-tools.handler.js +0 -258
- package/dist/mcp/services/handlers/mcp-tools.handler.js.map +0 -1
- package/dist/mcp/services/mcp-dynamic-registry.service.d.ts +0 -26
- package/dist/mcp/services/mcp-dynamic-registry.service.d.ts.map +0 -1
- package/dist/mcp/services/mcp-dynamic-registry.service.js +0 -133
- package/dist/mcp/services/mcp-dynamic-registry.service.js.map +0 -1
- package/dist/mcp/services/mcp-executor.service.d.ts +0 -15
- package/dist/mcp/services/mcp-executor.service.d.ts.map +0 -1
- package/dist/mcp/services/mcp-executor.service.js +0 -47
- package/dist/mcp/services/mcp-executor.service.js.map +0 -1
- package/dist/mcp/services/mcp-registry-discovery.service.d.ts +0 -63
- package/dist/mcp/services/mcp-registry-discovery.service.d.ts.map +0 -1
- package/dist/mcp/services/mcp-registry-discovery.service.js +0 -397
- package/dist/mcp/services/mcp-registry-discovery.service.js.map +0 -1
- package/dist/mcp/services/mcp-sse.service.d.ts +0 -20
- package/dist/mcp/services/mcp-sse.service.d.ts.map +0 -1
- package/dist/mcp/services/mcp-sse.service.js +0 -91
- package/dist/mcp/services/mcp-sse.service.js.map +0 -1
- package/dist/mcp/services/mcp-streamable-http.service.d.ts +0 -32
- package/dist/mcp/services/mcp-streamable-http.service.d.ts.map +0 -1
- package/dist/mcp/services/mcp-streamable-http.service.js +0 -327
- package/dist/mcp/services/mcp-streamable-http.service.js.map +0 -1
- package/dist/mcp/services/sse-ping.service.d.ts +0 -23
- package/dist/mcp/services/sse-ping.service.d.ts.map +0 -1
- package/dist/mcp/services/sse-ping.service.js +0 -99
- package/dist/mcp/services/sse-ping.service.js.map +0 -1
- package/dist/mcp/transport/sse.controller.factory.d.ts +0 -14
- package/dist/mcp/transport/sse.controller.factory.d.ts.map +0 -1
- package/dist/mcp/transport/sse.controller.factory.js +0 -67
- package/dist/mcp/transport/sse.controller.factory.js.map +0 -1
- package/dist/mcp/transport/stdio.service.d.ts +0 -14
- package/dist/mcp/transport/stdio.service.d.ts.map +0 -1
- package/dist/mcp/transport/stdio.service.js +0 -66
- package/dist/mcp/transport/stdio.service.js.map +0 -1
- package/dist/mcp/transport/streamable-http.controller.factory.d.ts +0 -14
- package/dist/mcp/transport/streamable-http.controller.factory.d.ts.map +0 -1
- package/dist/mcp/transport/streamable-http.controller.factory.js +0 -74
- package/dist/mcp/transport/streamable-http.controller.factory.js.map +0 -1
- package/dist/mcp/utils/capabilities-builder.d.ts +0 -5
- package/dist/mcp/utils/capabilities-builder.d.ts.map +0 -1
- package/dist/mcp/utils/capabilities-builder.js +0 -25
- package/dist/mcp/utils/capabilities-builder.js.map +0 -1
- package/dist/mcp/utils/mcp-server.factory.d.ts +0 -6
- package/dist/mcp/utils/mcp-server.factory.d.ts.map +0 -1
- package/dist/mcp/utils/mcp-server.factory.js +0 -22
- package/dist/mcp/utils/mcp-server.factory.js.map +0 -1
- package/src/authz/guards/jwt-auth.guard.ts +0 -127
- package/src/authz/index.ts +0 -10
- package/src/authz/interfaces/oauth-common.interface.ts +0 -21
- package/src/authz/interfaces/request-with-user.ts +0 -16
- package/src/authz/mcp-oauth.controller.ts +0 -860
- package/src/authz/mcp-oauth.module.ts +0 -384
- package/src/authz/providers/azure-ad.provider.ts +0 -40
- package/src/authz/providers/github.provider.ts +0 -22
- package/src/authz/providers/google.provider.ts +0 -23
- package/src/authz/providers/oauth-provider.interface.ts +0 -147
- package/src/authz/services/client.service.ts +0 -125
- package/src/authz/services/jwt-token.service.spec.ts +0 -67
- package/src/authz/services/jwt-token.service.ts +0 -188
- package/src/authz/services/oauth-strategy.service.ts +0 -64
- package/src/authz/stores/memory-store.service.spec.ts +0 -475
- package/src/authz/stores/memory-store.service.ts +0 -141
- package/src/authz/stores/oauth-store.interface.ts +0 -131
- package/src/authz/stores/typeorm/README.md +0 -140
- package/src/authz/stores/typeorm/constants.ts +0 -6
- package/src/authz/stores/typeorm/entities/authorization-code.entity.ts +0 -41
- package/src/authz/stores/typeorm/entities/index.ts +0 -4
- package/src/authz/stores/typeorm/entities/oauth-client.entity.ts +0 -53
- package/src/authz/stores/typeorm/entities/oauth-session.entity.ts +0 -38
- package/src/authz/stores/typeorm/entities/user-profile.entity.ts +0 -46
- package/src/authz/stores/typeorm/typeorm-store.service.spec.ts +0 -494
- package/src/authz/stores/typeorm/typeorm-store.service.ts +0 -165
- package/src/mcp/constants/feature-registration.constants.ts +0 -24
- package/src/mcp/decorators/tool-guards.decorator.ts +0 -82
- package/src/mcp/interfaces/mcp-options.interface.ts +0 -95
- package/src/mcp/mcp.module.ts +0 -349
- package/src/mcp/services/handlers/mcp-handler.base.ts +0 -203
- package/src/mcp/services/handlers/mcp-prompts.handler.ts +0 -143
- package/src/mcp/services/handlers/mcp-resources.handler.ts +0 -183
- package/src/mcp/services/handlers/mcp-tools.handler.spec.ts +0 -41
- package/src/mcp/services/handlers/mcp-tools.handler.ts +0 -436
- package/src/mcp/services/mcp-dynamic-registry.service.ts +0 -236
- package/src/mcp/services/mcp-executor.service.ts +0 -64
- package/src/mcp/services/mcp-registry-discovery.service.spec.ts +0 -306
- package/src/mcp/services/mcp-registry-discovery.service.ts +0 -849
- package/src/mcp/services/mcp-sse.service.ts +0 -124
- package/src/mcp/services/mcp-streamable-http.service.ts +0 -472
- package/src/mcp/services/sse-ping.service.ts +0 -144
- package/src/mcp/transport/custom-decorator.spec.ts +0 -75
- package/src/mcp/transport/sse.controller.factory.ts +0 -84
- package/src/mcp/transport/stdio.service.ts +0 -75
- package/src/mcp/transport/streamable-http.controller.factory.ts +0 -80
- package/src/mcp/utils/capabilities-builder.ts +0 -43
- package/src/mcp/utils/mcp-server.factory.ts +0 -33
package/dist/mcp/index.d.ts
CHANGED
|
@@ -1,10 +1,14 @@
|
|
|
1
1
|
export * from './decorators';
|
|
2
2
|
export * from './interfaces';
|
|
3
|
-
export * from './
|
|
4
|
-
export * from './
|
|
5
|
-
export * from './
|
|
6
|
-
export * from './
|
|
7
|
-
export * from './
|
|
8
|
-
export * from './
|
|
9
|
-
export * from './
|
|
3
|
+
export * from './services/tool-authorization.service';
|
|
4
|
+
export * from './filters/mcp-exception.filter';
|
|
5
|
+
export * from './utils/normalize-endpoint';
|
|
6
|
+
export * from './transport/mcp-transport.constants';
|
|
7
|
+
export * from './transport/mcp-context';
|
|
8
|
+
export * from './transport/mcp-server-options.interface';
|
|
9
|
+
export * from './transport/mcp-transport.interface';
|
|
10
|
+
export * from './transport/mcp-http-handler';
|
|
11
|
+
export * from './transport/mcp.strategy';
|
|
12
|
+
export * from './transport/streamable-http.controller';
|
|
13
|
+
export * from './transport/transports';
|
|
10
14
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/mcp/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/mcp/index.ts"],"names":[],"mappings":"AAAA,cAAc,cAAc,CAAC;AAC7B,cAAc,cAAc,CAAC;AAC7B,cAAc,cAAc,CAAC;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/mcp/index.ts"],"names":[],"mappings":"AAAA,cAAc,cAAc,CAAC;AAC7B,cAAc,cAAc,CAAC;AAC7B,cAAc,uCAAuC,CAAC;AACtD,cAAc,gCAAgC,CAAC;AAC/C,cAAc,4BAA4B,CAAC;AAG3C,cAAc,qCAAqC,CAAC;AACpD,cAAc,yBAAyB,CAAC;AACxC,cAAc,0CAA0C,CAAC;AACzD,cAAc,qCAAqC,CAAC;AACpD,cAAc,8BAA8B,CAAC;AAC7C,cAAc,0BAA0B,CAAC;AACzC,cAAc,wCAAwC,CAAC;AACvD,cAAc,wBAAwB,CAAC"}
|
package/dist/mcp/index.js
CHANGED
|
@@ -16,11 +16,15 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
|
16
16
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
17
|
__exportStar(require("./decorators"), exports);
|
|
18
18
|
__exportStar(require("./interfaces"), exports);
|
|
19
|
-
__exportStar(require("./
|
|
20
|
-
__exportStar(require("./
|
|
21
|
-
__exportStar(require("./
|
|
22
|
-
__exportStar(require("./
|
|
23
|
-
__exportStar(require("./
|
|
24
|
-
__exportStar(require("./
|
|
25
|
-
__exportStar(require("./
|
|
19
|
+
__exportStar(require("./services/tool-authorization.service"), exports);
|
|
20
|
+
__exportStar(require("./filters/mcp-exception.filter"), exports);
|
|
21
|
+
__exportStar(require("./utils/normalize-endpoint"), exports);
|
|
22
|
+
__exportStar(require("./transport/mcp-transport.constants"), exports);
|
|
23
|
+
__exportStar(require("./transport/mcp-context"), exports);
|
|
24
|
+
__exportStar(require("./transport/mcp-server-options.interface"), exports);
|
|
25
|
+
__exportStar(require("./transport/mcp-transport.interface"), exports);
|
|
26
|
+
__exportStar(require("./transport/mcp-http-handler"), exports);
|
|
27
|
+
__exportStar(require("./transport/mcp.strategy"), exports);
|
|
28
|
+
__exportStar(require("./transport/streamable-http.controller"), exports);
|
|
29
|
+
__exportStar(require("./transport/transports"), exports);
|
|
26
30
|
//# sourceMappingURL=index.js.map
|
package/dist/mcp/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/mcp/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,+CAA6B;AAC7B,+CAA6B;AAC7B
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/mcp/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,+CAA6B;AAC7B,+CAA6B;AAC7B,wEAAsD;AACtD,iEAA+C;AAC/C,6DAA2C;AAG3C,sEAAoD;AACpD,0DAAwC;AACxC,2EAAyD;AACzD,sEAAoD;AACpD,+DAA6C;AAC7C,2DAAyC;AACzC,yEAAuD;AACvD,yDAAuC","sourcesContent":["export * from './decorators';\nexport * from './interfaces';\nexport * from './services/tool-authorization.service';\nexport * from './filters/mcp-exception.filter';\nexport * from './utils/normalize-endpoint';\n\n// Microservice transport strategy API\nexport * from './transport/mcp-transport.constants';\nexport * from './transport/mcp-context';\nexport * from './transport/mcp-server-options.interface';\nexport * from './transport/mcp-transport.interface';\nexport * from './transport/mcp-http-handler';\nexport * from './transport/mcp.strategy';\nexport * from './transport/streamable-http.controller';\nexport * from './transport/transports';\n"]}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"authenticated-user.interface.d.ts","sourceRoot":"","sources":["../../../src/mcp/interfaces/authenticated-user.interface.ts"],"names":[],"mappings":"AAYA,MAAM,WAAW,iBAAiB;IAEhC,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IAEjB,SAAS,CAAC,EAAE;QAAE,KAAK,CAAC,EAAE,MAAM,EAAE,CAAA;KAAE,GAAG,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAEvD,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAC;CACpB"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"authenticated-user.interface.js","sourceRoot":"","sources":["../../../src/mcp/interfaces/authenticated-user.interface.ts"],"names":[],"mappings":"","sourcesContent":["/**\n * Minimal shape of an authenticated principal as far as the core per-tool\n * authorization logic is concerned.\n *\n * The core module never authenticates anyone itself — a guard or transport-level\n * auth middleware resolves the user and places it on `req.user`. Per-tool checks\n * (`@ToolScopes()`, `@ToolRoles()`) only read scopes and roles off that object, so\n * core depends on this structural type rather than on any concrete token payload.\n *\n * The auth package's richer `JwtPayload` is structurally compatible with this\n * interface, so no coupling back to `@rekog/mcp-nest-auth` is required.\n */\nexport interface AuthenticatedUser {\n /** OAuth 2.0 space-delimited scope string. */\n scope?: string;\n /** Roles carried directly on the principal. */\n roles?: string[];\n /** Provider-specific user data; may carry roles. */\n user_data?: { roles?: string[] } & Record<string, any>;\n /** Allow additional, provider-specific claims without widening the read surface. */\n [key: string]: any;\n}\n"]}
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import { ZodObject } from 'zod';
|
|
2
2
|
import { Context } from './mcp-tool.interface';
|
|
3
3
|
import type { PromptArgsRawShape } from '../decorators/prompt.decorator';
|
|
4
|
-
export type DynamicPromptHandler = (args: Record<string, string> | undefined, context: Context, request: any) =>
|
|
4
|
+
export type DynamicPromptHandler = (args: Record<string, string> | undefined, context: Context, request: any) => any;
|
|
5
5
|
export interface DynamicPromptDefinition {
|
|
6
6
|
name: string;
|
|
7
7
|
description: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"dynamic-prompt.interface.d.ts","sourceRoot":"","sources":["../../../src/mcp/interfaces/dynamic-prompt.interface.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,KAAK,CAAC;AAChC,OAAO,EAAE,OAAO,EAAE,MAAM,sBAAsB,CAAC;AAC/C,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,gCAAgC,CAAC;AAEzE,MAAM,MAAM,oBAAoB,GAAG,CACjC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,SAAS,EACxC,OAAO,EAAE,OAAO,EAChB,OAAO,EAAE,GAAG,KACT,
|
|
1
|
+
{"version":3,"file":"dynamic-prompt.interface.d.ts","sourceRoot":"","sources":["../../../src/mcp/interfaces/dynamic-prompt.interface.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,KAAK,CAAC;AAChC,OAAO,EAAE,OAAO,EAAE,MAAM,sBAAsB,CAAC;AAC/C,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,gCAAgC,CAAC;AAEzE,MAAM,MAAM,oBAAoB,GAAG,CACjC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,SAAS,EACxC,OAAO,EAAE,OAAO,EAChB,OAAO,EAAE,GAAG,KACT,GAAG,CAAC;AAET,MAAM,WAAW,uBAAuB;IAEtC,IAAI,EAAE,MAAM,CAAC;IAEb,WAAW,EAAE,MAAM,CAAC;IAEpB,UAAU,CAAC,EAAE,SAAS,CAAC,kBAAkB,CAAC,CAAC;IAE3C,OAAO,EAAE,oBAAoB,CAAC;CAC/B"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"dynamic-prompt.interface.js","sourceRoot":"","sources":["../../../src/mcp/interfaces/dynamic-prompt.interface.ts"],"names":[],"mappings":"","sourcesContent":["import { ZodObject } from 'zod';\nimport { Context } from './mcp-tool.interface';\nimport type { PromptArgsRawShape } from '../decorators/prompt.decorator';\n\nexport type DynamicPromptHandler = (\n args: Record<string, string> | undefined,\n context: Context,\n request: any,\n) =>
|
|
1
|
+
{"version":3,"file":"dynamic-prompt.interface.js","sourceRoot":"","sources":["../../../src/mcp/interfaces/dynamic-prompt.interface.ts"],"names":[],"mappings":"","sourcesContent":["import { ZodObject } from 'zod';\nimport { Context } from './mcp-tool.interface';\nimport type { PromptArgsRawShape } from '../decorators/prompt.decorator';\n\nexport type DynamicPromptHandler = (\n args: Record<string, string> | undefined,\n context: Context,\n request: any,\n) => any;\n\nexport interface DynamicPromptDefinition {\n /** Unique name for the prompt */\n name: string;\n /** Description shown to the LLM */\n description: string;\n /** Zod schema describing the prompt arguments */\n parameters?: ZodObject<PromptArgsRawShape>;\n /** Handler function that returns the prompt messages */\n handler: DynamicPromptHandler;\n}\n"]}
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { Context } from './mcp-tool.interface';
|
|
2
|
-
export type DynamicResourceHandler = (params: Record<string, unknown>, context: Context, request: any) =>
|
|
2
|
+
export type DynamicResourceHandler = (params: Record<string, unknown>, context: Context, request: any) => any;
|
|
3
3
|
export interface DynamicResourceDefinition {
|
|
4
4
|
uri: string;
|
|
5
5
|
name?: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"dynamic-resource.interface.d.ts","sourceRoot":"","sources":["../../../src/mcp/interfaces/dynamic-resource.interface.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,sBAAsB,CAAC;AAE/C,MAAM,MAAM,sBAAsB,GAAG,CACnC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC/B,OAAO,EAAE,OAAO,EAChB,OAAO,EAAE,GAAG,KACT,
|
|
1
|
+
{"version":3,"file":"dynamic-resource.interface.d.ts","sourceRoot":"","sources":["../../../src/mcp/interfaces/dynamic-resource.interface.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,sBAAsB,CAAC;AAE/C,MAAM,MAAM,sBAAsB,GAAG,CACnC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC/B,OAAO,EAAE,OAAO,EAChB,OAAO,EAAE,GAAG,KACT,GAAG,CAAC;AAET,MAAM,WAAW,yBAAyB;IAExC,GAAG,EAAE,MAAM,CAAC;IAEZ,IAAI,CAAC,EAAE,MAAM,CAAC;IAEd,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAE5B,OAAO,EAAE,sBAAsB,CAAC;CACjC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"dynamic-resource.interface.js","sourceRoot":"","sources":["../../../src/mcp/interfaces/dynamic-resource.interface.ts"],"names":[],"mappings":"","sourcesContent":["import { Context } from './mcp-tool.interface';\n\nexport type DynamicResourceHandler = (\n params: Record<string, unknown>,\n context: Context,\n request: any,\n) =>
|
|
1
|
+
{"version":3,"file":"dynamic-resource.interface.js","sourceRoot":"","sources":["../../../src/mcp/interfaces/dynamic-resource.interface.ts"],"names":[],"mappings":"","sourcesContent":["import { Context } from './mcp-tool.interface';\n\nexport type DynamicResourceHandler = (\n params: Record<string, unknown>,\n context: Context,\n request: any,\n) => any;\n\nexport interface DynamicResourceDefinition {\n /** URI that uniquely identifies this resource */\n uri: string;\n /** Human-readable name (defaults to uri if omitted) */\n name?: string;\n /** Optional description shown to the LLM */\n description?: string;\n /** Optional MIME type of the resource content */\n mimeType?: string;\n /** Additional metadata */\n _meta?: Record<string, any>;\n /** Handler function that returns the resource content */\n handler: DynamicResourceHandler;\n}\n"]}
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import { z } from 'zod';
|
|
2
2
|
import { Context } from './mcp-tool.interface';
|
|
3
3
|
import { ToolAnnotations } from '../decorators/tool.decorator';
|
|
4
|
-
export type DynamicToolHandler = (args: Record<string, unknown>, context: Context, request: any) =>
|
|
4
|
+
export type DynamicToolHandler = (args: Record<string, unknown>, context: Context, request: any) => any;
|
|
5
5
|
export interface DynamicToolDefinition {
|
|
6
6
|
name: string;
|
|
7
7
|
description: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"dynamic-tool.interface.d.ts","sourceRoot":"","sources":["../../../src/mcp/interfaces/dynamic-tool.interface.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,OAAO,EAAE,MAAM,sBAAsB,CAAC;AAC/C,OAAO,EAAE,eAAe,EAAE,MAAM,8BAA8B,CAAC;AAM/D,MAAM,MAAM,kBAAkB,GAAG,CAC/B,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC7B,OAAO,EAAE,OAAO,EAChB,OAAO,EAAE,GAAG,KACT,
|
|
1
|
+
{"version":3,"file":"dynamic-tool.interface.d.ts","sourceRoot":"","sources":["../../../src/mcp/interfaces/dynamic-tool.interface.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,OAAO,EAAE,MAAM,sBAAsB,CAAC;AAC/C,OAAO,EAAE,eAAe,EAAE,MAAM,8BAA8B,CAAC;AAM/D,MAAM,MAAM,kBAAkB,GAAG,CAC/B,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC7B,OAAO,EAAE,OAAO,EAChB,OAAO,EAAE,GAAG,KACT,GAAG,CAAC;AAmBT,MAAM,WAAW,qBAAqB;IAEpC,IAAI,EAAE,MAAM,CAAC;IAEb,WAAW,EAAE,MAAM,CAAC;IAEpB,UAAU,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC;IAEvB,YAAY,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC;IAEzB,WAAW,CAAC,EAAE,eAAe,CAAC;IAE9B,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAE5B,OAAO,EAAE,kBAAkB,CAAC;IAE5B,QAAQ,CAAC,EAAE,OAAO,CAAC;IAEnB,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAE1B,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;CAC1B"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"dynamic-tool.interface.js","sourceRoot":"","sources":["../../../src/mcp/interfaces/dynamic-tool.interface.ts"],"names":[],"mappings":"","sourcesContent":["import { z } from 'zod';\nimport { Context } from './mcp-tool.interface';\nimport { ToolAnnotations } from '../decorators/tool.decorator';\n\n/**\n * Handler function signature for dynamically registered tools.\n * Receives the same arguments as decorator-based tools.\n */\nexport type DynamicToolHandler = (\n args: Record<string, unknown>,\n context: Context,\n request: any,\n) =>
|
|
1
|
+
{"version":3,"file":"dynamic-tool.interface.js","sourceRoot":"","sources":["../../../src/mcp/interfaces/dynamic-tool.interface.ts"],"names":[],"mappings":"","sourcesContent":["import { z } from 'zod';\nimport { Context } from './mcp-tool.interface';\nimport { ToolAnnotations } from '../decorators/tool.decorator';\n\n/**\n * Handler function signature for dynamically registered tools.\n * Receives the same arguments as decorator-based tools.\n */\nexport type DynamicToolHandler = (\n args: Record<string, unknown>,\n context: Context,\n request: any,\n) => any;\n\n/**\n * Definition for a dynamically registered tool.\n * Use this with `McpStrategy.registerTool()` to register tools at runtime.\n *\n * @example\n * ```typescript\n * registry.registerTool({\n * name: 'search-knowledge',\n * description: 'Search the knowledge base',\n * parameters: z.object({ query: z.string() }),\n * handler: async (args, context) => {\n * const results = await searchService.search(args.query);\n * return { content: [{ type: 'text', text: JSON.stringify(results) }] };\n * },\n * });\n * ```\n */\nexport interface DynamicToolDefinition {\n /** Unique name for the tool */\n name: string;\n /** Description shown to the LLM */\n description: string;\n /** Zod schema for input validation */\n parameters?: z.ZodType;\n /** Zod schema for output validation */\n outputSchema?: z.ZodType;\n /** MCP tool annotations */\n annotations?: ToolAnnotations;\n /** Additional metadata */\n _meta?: Record<string, any>;\n /** Handler function that executes the tool */\n handler: DynamicToolHandler;\n /** Mark as public (accessible without authentication) */\n isPublic?: boolean;\n /** Required OAuth scopes */\n requiredScopes?: string[];\n /** Required user roles */\n requiredRoles?: string[];\n}\n"]}
|
|
@@ -1,7 +1,7 @@
|
|
|
1
|
-
export {
|
|
2
|
-
export type { McpOptions, McpAsyncOptions, McpOptionsFactory, McpModuleAsyncOptions, } from './mcp-options.interface';
|
|
1
|
+
export type { Icon } from '@modelcontextprotocol/sdk/types.js';
|
|
3
2
|
export type { Literal, SerializableValue, McpRequestSchema, McpRequest, Context, } from './mcp-tool.interface';
|
|
4
3
|
export type { HttpRequest } from './http-adapter.interface';
|
|
4
|
+
export type { AuthenticatedUser } from './authenticated-user.interface';
|
|
5
5
|
export type { DynamicToolDefinition, DynamicToolHandler, } from './dynamic-tool.interface';
|
|
6
6
|
export type { DynamicResourceDefinition, DynamicResourceHandler, } from './dynamic-resource.interface';
|
|
7
7
|
export type { DynamicPromptDefinition, DynamicPromptHandler, } from './dynamic-prompt.interface';
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/mcp/interfaces/index.ts"],"names":[],"mappings":"AAAA,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/mcp/interfaces/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,IAAI,EAAE,MAAM,oCAAoC,CAAC;AAE/D,YAAY,EACV,OAAO,EACP,iBAAiB,EACjB,gBAAgB,EAChB,UAAU,EACV,OAAO,GACR,MAAM,sBAAsB,CAAC;AAE9B,YAAY,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AAE5D,YAAY,EAAE,iBAAiB,EAAE,MAAM,gCAAgC,CAAC;AAExE,YAAY,EACV,qBAAqB,EACrB,kBAAkB,GACnB,MAAM,0BAA0B,CAAC;AAElC,YAAY,EACV,yBAAyB,EACzB,sBAAsB,GACvB,MAAM,8BAA8B,CAAC;AAEtC,YAAY,EACV,uBAAuB,EACvB,oBAAoB,GACrB,MAAM,4BAA4B,CAAC"}
|
|
@@ -1,6 +1,3 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.McpTransportType = void 0;
|
|
4
|
-
var mcp_options_interface_1 = require("./mcp-options.interface");
|
|
5
|
-
Object.defineProperty(exports, "McpTransportType", { enumerable: true, get: function () { return mcp_options_interface_1.McpTransportType; } });
|
|
6
3
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/mcp/interfaces/index.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/mcp/interfaces/index.ts"],"names":[],"mappings":"","sourcesContent":["export type { Icon } from '@modelcontextprotocol/sdk/types.js';\n\nexport type {\n Literal,\n SerializableValue,\n McpRequestSchema,\n McpRequest,\n Context,\n} from './mcp-tool.interface';\n\nexport type { HttpRequest } from './http-adapter.interface';\n\nexport type { AuthenticatedUser } from './authenticated-user.interface';\n\nexport type {\n DynamicToolDefinition,\n DynamicToolHandler,\n} from './dynamic-tool.interface';\n\nexport type {\n DynamicResourceDefinition,\n DynamicResourceHandler,\n} from './dynamic-resource.interface';\n\nexport type {\n DynamicPromptDefinition,\n DynamicPromptHandler,\n} from './dynamic-prompt.interface';\n"]}
|
|
@@ -1,10 +1,12 @@
|
|
|
1
|
-
import { DiscoveredCapability } from './mcp-registry-discovery.service';
|
|
2
1
|
import { ToolMetadata, SecurityScheme } from '../decorators/tool.decorator';
|
|
3
|
-
import {
|
|
2
|
+
import { AuthenticatedUser } from '../interfaces/authenticated-user.interface';
|
|
3
|
+
export interface AuthorizableTool {
|
|
4
|
+
metadata: ToolMetadata;
|
|
5
|
+
}
|
|
4
6
|
export declare class ToolAuthorizationService {
|
|
5
|
-
generateSecuritySchemes(tool:
|
|
6
|
-
canAccessTool(user:
|
|
7
|
-
validateToolAccess(user:
|
|
7
|
+
generateSecuritySchemes(tool: AuthorizableTool, freemiumMode: boolean): SecurityScheme[];
|
|
8
|
+
canAccessTool(user: AuthenticatedUser | undefined, tool: AuthorizableTool, allowUnauthenticatedAccess?: boolean): boolean;
|
|
9
|
+
validateToolAccess(user: AuthenticatedUser | undefined, tool: AuthorizableTool, allowUnauthenticatedAccess?: boolean): void;
|
|
8
10
|
private hasRequiredScopes;
|
|
9
11
|
private hasRequiredRoles;
|
|
10
12
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"tool-authorization.service.d.ts","sourceRoot":"","sources":["../../../src/mcp/services/tool-authorization.service.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"tool-authorization.service.d.ts","sourceRoot":"","sources":["../../../src/mcp/services/tool-authorization.service.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,YAAY,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AAC5E,OAAO,EAAE,iBAAiB,EAAE,MAAM,4CAA4C,CAAC;AAG/E,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,EAAE,YAAY,CAAC;CACxB;AAeD,qBACa,wBAAwB;IAYnC,uBAAuB,CACrB,IAAI,EAAE,gBAAgB,EACtB,YAAY,EAAE,OAAO,GACpB,cAAc,EAAE;IAsCnB,aAAa,CACX,IAAI,EAAE,iBAAiB,GAAG,SAAS,EACnC,IAAI,EAAE,gBAAgB,EACtB,0BAA0B,GAAE,OAAe,GAC1C,OAAO;IAuDV,kBAAkB,CAChB,IAAI,EAAE,iBAAiB,GAAG,SAAS,EACnC,IAAI,EAAE,gBAAgB,EACtB,0BAA0B,GAAE,OAAe,GAC1C,IAAI;IA0DP,OAAO,CAAC,iBAAiB;IA8BzB,OAAO,CAAC,gBAAgB;CAwBzB"}
|
|
@@ -10,7 +10,7 @@ exports.ToolAuthorizationService = void 0;
|
|
|
10
10
|
const common_1 = require("@nestjs/common");
|
|
11
11
|
const types_js_1 = require("@modelcontextprotocol/sdk/types.js");
|
|
12
12
|
let ToolAuthorizationService = class ToolAuthorizationService {
|
|
13
|
-
generateSecuritySchemes(tool,
|
|
13
|
+
generateSecuritySchemes(tool, freemiumMode) {
|
|
14
14
|
const metadata = tool.metadata;
|
|
15
15
|
const schemes = [];
|
|
16
16
|
if (metadata.isPublic) {
|
|
@@ -19,7 +19,10 @@ let ToolAuthorizationService = class ToolAuthorizationService {
|
|
|
19
19
|
if (metadata.requiredScopes && metadata.requiredScopes.length > 0) {
|
|
20
20
|
schemes.push({ type: 'oauth2', scopes: metadata.requiredScopes });
|
|
21
21
|
}
|
|
22
|
-
else if (
|
|
22
|
+
else if (metadata.requiredRoles && metadata.requiredRoles.length > 0) {
|
|
23
|
+
schemes.push({ type: 'oauth2' });
|
|
24
|
+
}
|
|
25
|
+
else if (freemiumMode && !metadata.isPublic) {
|
|
23
26
|
schemes.push({ type: 'oauth2' });
|
|
24
27
|
}
|
|
25
28
|
if (schemes.length === 0) {
|
|
@@ -27,7 +30,7 @@ let ToolAuthorizationService = class ToolAuthorizationService {
|
|
|
27
30
|
}
|
|
28
31
|
return schemes;
|
|
29
32
|
}
|
|
30
|
-
canAccessTool(user, tool,
|
|
33
|
+
canAccessTool(user, tool, allowUnauthenticatedAccess = false) {
|
|
31
34
|
const metadata = tool.metadata;
|
|
32
35
|
if (metadata.isPublic) {
|
|
33
36
|
return true;
|
|
@@ -47,12 +50,12 @@ let ToolAuthorizationService = class ToolAuthorizationService {
|
|
|
47
50
|
return false;
|
|
48
51
|
}
|
|
49
52
|
}
|
|
50
|
-
if (allowUnauthenticatedAccess &&
|
|
53
|
+
if (allowUnauthenticatedAccess && !user) {
|
|
51
54
|
return false;
|
|
52
55
|
}
|
|
53
56
|
return true;
|
|
54
57
|
}
|
|
55
|
-
validateToolAccess(user, tool,
|
|
58
|
+
validateToolAccess(user, tool, allowUnauthenticatedAccess = false) {
|
|
56
59
|
const metadata = tool.metadata;
|
|
57
60
|
const toolName = metadata.name;
|
|
58
61
|
if (metadata.isPublic) {
|
|
@@ -73,7 +76,7 @@ let ToolAuthorizationService = class ToolAuthorizationService {
|
|
|
73
76
|
throw new types_js_1.McpError(types_js_1.ErrorCode.InvalidRequest, `Tool '${toolName}' requires roles: ${metadata.requiredRoles.join(', ')}`);
|
|
74
77
|
}
|
|
75
78
|
}
|
|
76
|
-
if (allowUnauthenticatedAccess &&
|
|
79
|
+
if (allowUnauthenticatedAccess && !user) {
|
|
77
80
|
throw new types_js_1.McpError(types_js_1.ErrorCode.InvalidRequest, `Tool '${toolName}' requires authentication`);
|
|
78
81
|
}
|
|
79
82
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"tool-authorization.service.js","sourceRoot":"","sources":["../../../src/mcp/services/tool-authorization.service.ts"],"names":[],"mappings":";;;;;;;;;AAAA,2CAA4C;AAC5C,iEAAyE;AASlE,IAAM,wBAAwB,GAA9B,MAAM,wBAAwB;IAQnC,uBAAuB,CACrB,IAAwC,EACxC,eAAwB;QAExB,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC;QAC/B,MAAM,OAAO,GAAqB,EAAE,CAAC;QAGrC,IAAI,QAAQ,CAAC,QAAQ,EAAE,CAAC;YACtB,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC;QACnC,CAAC;QAGD,IAAI,QAAQ,CAAC,cAAc,IAAI,QAAQ,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAClE,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,CAAC,cAAc,EAAE,CAAC,CAAC;QACpE,CAAC;aAEI,IAAI,eAAe,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC;YAC/C,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC;QACnC,CAAC;QAGD,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACzB,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC;QACnC,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAWD,aAAa,CACX,IAA4B,EAC5B,IAAwC,EACxC,eAAwB,EACxB,6BAAsC,KAAK;QAE3C,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC;QAG/B,IAAI,QAAQ,CAAC,QAAQ,EAAE,CAAC;YACtB,OAAO,IAAI,CAAC;QACd,CAAC;QAGD,MAAM,uBAAuB,GAC3B,CAAC,QAAQ,CAAC,cAAc,IAAI,QAAQ,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,CAAC;YAC/D,CAAC,QAAQ,CAAC,aAAa,IAAI,QAAQ,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QAEhE,IAAI,uBAAuB,IAAI,CAAC,IAAI,EAAE,CAAC;YACrC,OAAO,KAAK,CAAC;QACf,CAAC;QAGD,IAAI,QAAQ,CAAC,cAAc,IAAI,QAAQ,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAClE,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,IAAI,EAAE,QAAQ,CAAC,cAAc,CAAC,EAAE,CAAC;gBAC3D,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QAGD,IAAI,QAAQ,CAAC,aAAa,IAAI,QAAQ,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAChE,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,IAAI,EAAE,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;gBACzD,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QAoBD,IAAI,0BAA0B,IAAI,eAAe,IAAI,CAAC,IAAI,EAAE,CAAC;YAG3D,OAAO,KAAK,CAAC;QACf,CAAC;QAMD,OAAO,IAAI,CAAC;IACd,CAAC;IAWD,kBAAkB,CAChB,IAA4B,EAC5B,IAAwC,EACxC,eAAwB,EACxB,6BAAsC,KAAK;QAE3C,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC;QAC/B,MAAM,QAAQ,GAAG,QAAQ,CAAC,IAAI,CAAC;QAG/B,IAAI,QAAQ,CAAC,QAAQ,EAAE,CAAC;YACtB,OAAO;QACT,CAAC;QAGD,MAAM,uBAAuB,GAC3B,CAAC,QAAQ,CAAC,cAAc,IAAI,QAAQ,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,CAAC;YAC/D,CAAC,QAAQ,CAAC,aAAa,IAAI,QAAQ,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QAEhE,IAAI,uBAAuB,IAAI,CAAC,IAAI,EAAE,CAAC;YACrC,MAAM,IAAI,mBAAQ,CAChB,oBAAS,CAAC,cAAc,EACxB,SAAS,QAAQ,2BAA2B,CAC7C,CAAC;QACJ,CAAC;QAGD,IAAI,QAAQ,CAAC,cAAc,IAAI,QAAQ,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAClE,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,IAAI,EAAE,QAAQ,CAAC,cAAc,CAAC,EAAE,CAAC;gBAC3D,MAAM,IAAI,mBAAQ,CAChB,oBAAS,CAAC,cAAc,EACxB,SAAS,QAAQ,sBAAsB,QAAQ,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAC5E,CAAC;YACJ,CAAC;QACH,CAAC;QAGD,IAAI,QAAQ,CAAC,aAAa,IAAI,QAAQ,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAChE,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,IAAI,EAAE,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;gBACzD,MAAM,IAAI,mBAAQ,CAChB,oBAAS,CAAC,cAAc,EACxB,SAAS,QAAQ,qBAAqB,QAAQ,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAC1E,CAAC;YACJ,CAAC;QACH,CAAC;QAoBD,IAAI,0BAA0B,IAAI,eAAe,IAAI,CAAC,IAAI,EAAE,CAAC;YAG3D,MAAM,IAAI,mBAAQ,CAChB,oBAAS,CAAC,cAAc,EACxB,SAAS,QAAQ,2BAA2B,CAC7C,CAAC;QACJ,CAAC;IAMH,CAAC;IASO,iBAAiB,CACvB,IAA4B,EAC5B,cAAwB;QAExB,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,KAAK,CAAC;QACf,CAAC;QAGD,IAAI,UAAU,GAAa,EAAE,CAAC;QAE9B,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YAEf,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QACjE,CAAC;aAAM,IAAK,IAAY,CAAC,MAAM,IAAI,KAAK,CAAC,OAAO,CAAE,IAAY,CAAC,MAAM,CAAC,EAAE,CAAC;YAEvE,UAAU,GAAI,IAAY,CAAC,MAAM,CAAC;QACpC,CAAC;QAGD,OAAO,cAAc,CAAC,KAAK,CAAC,CAAC,QAAQ,EAAE,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC3E,CAAC;IASO,gBAAgB,CACtB,IAA4B,EAC5B,aAAuB;QAEvB,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,KAAK,CAAC;QACf,CAAC;QAGD,IAAI,SAAS,GAAa,EAAE,CAAC;QAE7B,IAAK,IAAY,CAAC,KAAK,IAAI,KAAK,CAAC,OAAO,CAAE,IAAY,CAAC,KAAK,CAAC,EAAE,CAAC;YAC9D,SAAS,GAAI,IAAY,CAAC,KAAK,CAAC;QAClC,CAAC;aAAM,IACL,IAAI,CAAC,SAAS;YACd,IAAI,CAAC,SAAS,CAAC,KAAK;YACpB,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,EACnC,CAAC;YACD,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC;QACnC,CAAC;QAGD,OAAO,aAAa,CAAC,KAAK,CAAC,CAAC,QAAQ,EAAE,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;IACzE,CAAC;CACF,CAAA;AAtQY,4DAAwB;mCAAxB,wBAAwB;IADpC,IAAA,mBAAU,GAAE;GACA,wBAAwB,CAsQpC","sourcesContent":["import { Injectable } from '@nestjs/common';\nimport { McpError, ErrorCode } from '@modelcontextprotocol/sdk/types.js';\nimport { DiscoveredCapability } from './mcp-registry-discovery.service';\nimport { ToolMetadata, SecurityScheme } from '../decorators/tool.decorator';\nimport { JwtPayload } from '../../authz/services/jwt-token.service';\n\n/**\n * Service responsible for tool-level authorization logic\n */\n@Injectable()\nexport class ToolAuthorizationService {\n /**\n * Generate security schemes for a tool based on its metadata and module configuration\n *\n * @param tool - The discovered tool\n * @param moduleHasGuards - Whether the module has guards configured\n * @returns Array of security schemes for the tool\n */\n generateSecuritySchemes(\n tool: DiscoveredCapability<ToolMetadata>,\n moduleHasGuards: boolean,\n ): SecurityScheme[] {\n const metadata = tool.metadata;\n const schemes: SecurityScheme[] = [];\n\n // If tool is marked as @PublicTool(), it can be accessed without auth\n if (metadata.isPublic) {\n schemes.push({ type: 'noauth' });\n }\n\n // If tool has required scopes, add oauth2 scheme with those scopes\n if (metadata.requiredScopes && metadata.requiredScopes.length > 0) {\n schemes.push({ type: 'oauth2', scopes: metadata.requiredScopes });\n }\n // Else if module has guards and tool is not public, require oauth2\n else if (moduleHasGuards && !metadata.isPublic) {\n schemes.push({ type: 'oauth2' });\n }\n\n // If no schemes were added, tool is accessible without authentication\n if (schemes.length === 0) {\n schemes.push({ type: 'noauth' });\n }\n\n return schemes;\n }\n\n /**\n * Check if a user can access a tool based on security requirements\n *\n * @param user - The authenticated user (may be undefined)\n * @param tool - The discovered tool\n * @param moduleHasGuards - Whether the module has guards configured\n * @param allowUnauthenticatedAccess - Whether unauthenticated access is allowed (freemium mode)\n * @returns true if user can access the tool, false otherwise\n */\n canAccessTool(\n user: JwtPayload | undefined,\n tool: DiscoveredCapability<ToolMetadata>,\n moduleHasGuards: boolean,\n allowUnauthenticatedAccess: boolean = false,\n ): boolean {\n const metadata = tool.metadata;\n\n // If tool is public, always allow access\n if (metadata.isPublic) {\n return true;\n }\n\n // If tool has specific scope/role requirements, user MUST be authenticated\n const hasSpecificRequirements =\n (metadata.requiredScopes && metadata.requiredScopes.length > 0) ||\n (metadata.requiredRoles && metadata.requiredRoles.length > 0);\n\n if (hasSpecificRequirements && !user) {\n return false;\n }\n\n // If tool has specific scopes, validate them\n if (metadata.requiredScopes && metadata.requiredScopes.length > 0) {\n if (!this.hasRequiredScopes(user, metadata.requiredScopes)) {\n return false;\n }\n }\n\n // If tool has specific roles, validate them\n if (metadata.requiredRoles && metadata.requiredRoles.length > 0) {\n if (!this.hasRequiredRoles(user, metadata.requiredRoles)) {\n return false;\n }\n }\n\n // At this point:\n // - Tool is not public\n // - Tool has no specific scope/role requirements (or they passed)\n //\n // Decision logic based on allowUnauthenticatedAccess:\n //\n // allowUnauthenticatedAccess = false (default, standard auth mode):\n // - Guards are expected to fully authorize requests (via JWT, API keys, etc)\n // - If guard let request through AND there's no user object:\n // * Guard used non-JWT auth mechanism (API key, IP whitelist, etc)\n // * Trust the guard's decision to authorize\n // - If no guards configured, allow access (no auth required)\n //\n // allowUnauthenticatedAccess = true (freemium mode):\n // - Guards may let unauthenticated requests through for per-tool auth\n // - Only @PublicTool or tools with specific scopes/roles accessible\n // - Tools without decorators require authentication (user must be present)\n //\n if (allowUnauthenticatedAccess && moduleHasGuards && !user) {\n // Freemium mode: unauthenticated access only for @PublicTool or specific scopes\n // This tool has no decorators, so it requires authentication\n return false;\n }\n\n // Standard mode: If we're here, either:\n // - No guards (open access)\n // - Guards authorized it (trust guard decision, even without user object)\n // - User is present and passed all checks\n return true;\n }\n\n /**\n * Validate that a user can access a tool, throwing an error if not authorized\n *\n * @param user - The authenticated user (may be undefined)\n * @param tool - The discovered tool\n * @param moduleHasGuards - Whether the module has guards configured\n * @param allowUnauthenticatedAccess - Whether unauthenticated access is allowed (freemium mode)\n * @throws McpError if user is not authorized to access the tool\n */\n validateToolAccess(\n user: JwtPayload | undefined,\n tool: DiscoveredCapability<ToolMetadata>,\n moduleHasGuards: boolean,\n allowUnauthenticatedAccess: boolean = false,\n ): void {\n const metadata = tool.metadata;\n const toolName = metadata.name;\n\n // If tool is public, allow access\n if (metadata.isPublic) {\n return;\n }\n\n // Check if tool has specific scope/role requirements\n const hasSpecificRequirements =\n (metadata.requiredScopes && metadata.requiredScopes.length > 0) ||\n (metadata.requiredRoles && metadata.requiredRoles.length > 0);\n\n if (hasSpecificRequirements && !user) {\n throw new McpError(\n ErrorCode.InvalidRequest,\n `Tool '${toolName}' requires authentication`,\n );\n }\n\n // Validate scopes if required\n if (metadata.requiredScopes && metadata.requiredScopes.length > 0) {\n if (!this.hasRequiredScopes(user, metadata.requiredScopes)) {\n throw new McpError(\n ErrorCode.InvalidRequest,\n `Tool '${toolName}' requires scopes: ${metadata.requiredScopes.join(', ')}`,\n );\n }\n }\n\n // Validate roles if required\n if (metadata.requiredRoles && metadata.requiredRoles.length > 0) {\n if (!this.hasRequiredRoles(user, metadata.requiredRoles)) {\n throw new McpError(\n ErrorCode.InvalidRequest,\n `Tool '${toolName}' requires roles: ${metadata.requiredRoles.join(', ')}`,\n );\n }\n }\n\n // At this point:\n // - Tool is not public\n // - Tool has no specific scope/role requirements (or they passed)\n //\n // Decision logic based on allowUnauthenticatedAccess:\n //\n // allowUnauthenticatedAccess = false (default, standard auth mode):\n // - Guards are expected to fully authorize requests (via JWT, API keys, etc)\n // - If guard let request through AND there's no user object:\n // * Guard used non-JWT auth mechanism (API key, IP whitelist, etc)\n // * Trust the guard's decision to authorize\n // - If no guards configured, allow access (no auth required)\n //\n // allowUnauthenticatedAccess = true (freemium mode):\n // - Guards may let unauthenticated requests through for per-tool auth\n // - Only @PublicTool or tools with specific scopes/roles accessible\n // - Tools without decorators require authentication (user must be present)\n //\n if (allowUnauthenticatedAccess && moduleHasGuards && !user) {\n // Freemium mode: unauthenticated access only for @PublicTool or specific scopes\n // This tool has no decorators, so it requires authentication\n throw new McpError(\n ErrorCode.InvalidRequest,\n `Tool '${toolName}' requires authentication`,\n );\n }\n\n // Standard mode: If we're here, either:\n // - No guards (open access)\n // - Guards authorized it (trust guard decision, even without user object)\n // - User is present and passed all checks\n }\n\n /**\n * Check if user has all required scopes\n *\n * @param user - The authenticated user (may be undefined)\n * @param requiredScopes - Array of required scope strings\n * @returns true if user has all required scopes\n */\n private hasRequiredScopes(\n user: JwtPayload | undefined,\n requiredScopes: string[],\n ): boolean {\n if (!user) {\n return false;\n }\n\n // Get user scopes - could be in 'scope' (space-delimited string) or 'scopes' (array)\n let userScopes: string[] = [];\n\n if (user.scope) {\n // OAuth 2.0 standard: space-delimited string\n userScopes = user.scope.split(' ').filter((s) => s.length > 0);\n } else if ((user as any).scopes && Array.isArray((user as any).scopes)) {\n // Alternative: array of scopes\n userScopes = (user as any).scopes;\n }\n\n // Check if user has ALL required scopes\n return requiredScopes.every((required) => userScopes.includes(required));\n }\n\n /**\n * Check if user has all required roles\n *\n * @param user - The authenticated user (may be undefined)\n * @param requiredRoles - Array of required role strings\n * @returns true if user has all required roles\n */\n private hasRequiredRoles(\n user: JwtPayload | undefined,\n requiredRoles: string[],\n ): boolean {\n if (!user) {\n return false;\n }\n\n // Get user roles from user data\n let userRoles: string[] = [];\n\n if ((user as any).roles && Array.isArray((user as any).roles)) {\n userRoles = (user as any).roles;\n } else if (\n user.user_data &&\n user.user_data.roles &&\n Array.isArray(user.user_data.roles)\n ) {\n userRoles = user.user_data.roles;\n }\n\n // Check if user has ALL required roles\n return requiredRoles.every((required) => userRoles.includes(required));\n }\n}\n"]}
|
|
1
|
+
{"version":3,"file":"tool-authorization.service.js","sourceRoot":"","sources":["../../../src/mcp/services/tool-authorization.service.ts"],"names":[],"mappings":";;;;;;;;;AAAA,2CAA4C;AAC5C,iEAAyE;AAuBlE,IAAM,wBAAwB,GAA9B,MAAM,wBAAwB;IAYnC,uBAAuB,CACrB,IAAsB,EACtB,YAAqB;QAErB,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC;QAC/B,MAAM,OAAO,GAAqB,EAAE,CAAC;QAGrC,IAAI,QAAQ,CAAC,QAAQ,EAAE,CAAC;YACtB,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC;QACnC,CAAC;QAGD,IAAI,QAAQ,CAAC,cAAc,IAAI,QAAQ,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAClE,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,CAAC,cAAc,EAAE,CAAC,CAAC;QACpE,CAAC;aAEI,IAAI,QAAQ,CAAC,aAAa,IAAI,QAAQ,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACrE,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC;QACnC,CAAC;aAEI,IAAI,YAAY,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC;YAC5C,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC;QACnC,CAAC;QAGD,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACzB,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC;QACnC,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAUD,aAAa,CACX,IAAmC,EACnC,IAAsB,EACtB,6BAAsC,KAAK;QAE3C,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC;QAG/B,IAAI,QAAQ,CAAC,QAAQ,EAAE,CAAC;YACtB,OAAO,IAAI,CAAC;QACd,CAAC;QAGD,MAAM,uBAAuB,GAC3B,CAAC,QAAQ,CAAC,cAAc,IAAI,QAAQ,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,CAAC;YAC/D,CAAC,QAAQ,CAAC,aAAa,IAAI,QAAQ,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QAEhE,IAAI,uBAAuB,IAAI,CAAC,IAAI,EAAE,CAAC;YACrC,OAAO,KAAK,CAAC;QACf,CAAC;QAGD,IAAI,QAAQ,CAAC,cAAc,IAAI,QAAQ,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAClE,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,IAAI,EAAE,QAAQ,CAAC,cAAc,CAAC,EAAE,CAAC;gBAC3D,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QAGD,IAAI,QAAQ,CAAC,aAAa,IAAI,QAAQ,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAChE,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,IAAI,EAAE,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;gBACzD,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QAWD,IAAI,0BAA0B,IAAI,CAAC,IAAI,EAAE,CAAC;YACxC,OAAO,KAAK,CAAC;QACf,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAUD,kBAAkB,CAChB,IAAmC,EACnC,IAAsB,EACtB,6BAAsC,KAAK;QAE3C,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC;QAC/B,MAAM,QAAQ,GAAG,QAAQ,CAAC,IAAI,CAAC;QAG/B,IAAI,QAAQ,CAAC,QAAQ,EAAE,CAAC;YACtB,OAAO;QACT,CAAC;QAGD,MAAM,uBAAuB,GAC3B,CAAC,QAAQ,CAAC,cAAc,IAAI,QAAQ,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,CAAC;YAC/D,CAAC,QAAQ,CAAC,aAAa,IAAI,QAAQ,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QAEhE,IAAI,uBAAuB,IAAI,CAAC,IAAI,EAAE,CAAC;YACrC,MAAM,IAAI,mBAAQ,CAChB,oBAAS,CAAC,cAAc,EACxB,SAAS,QAAQ,2BAA2B,CAC7C,CAAC;QACJ,CAAC;QAGD,IAAI,QAAQ,CAAC,cAAc,IAAI,QAAQ,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAClE,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,IAAI,EAAE,QAAQ,CAAC,cAAc,CAAC,EAAE,CAAC;gBAC3D,MAAM,IAAI,mBAAQ,CAChB,oBAAS,CAAC,cAAc,EACxB,SAAS,QAAQ,sBAAsB,QAAQ,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAC5E,CAAC;YACJ,CAAC;QACH,CAAC;QAGD,IAAI,QAAQ,CAAC,aAAa,IAAI,QAAQ,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAChE,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,IAAI,EAAE,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;gBACzD,MAAM,IAAI,mBAAQ,CAChB,oBAAS,CAAC,cAAc,EACxB,SAAS,QAAQ,qBAAqB,QAAQ,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAC1E,CAAC;YACJ,CAAC;QACH,CAAC;QAID,IAAI,0BAA0B,IAAI,CAAC,IAAI,EAAE,CAAC;YACxC,MAAM,IAAI,mBAAQ,CAChB,oBAAS,CAAC,cAAc,EACxB,SAAS,QAAQ,2BAA2B,CAC7C,CAAC;QACJ,CAAC;IACH,CAAC;IASO,iBAAiB,CACvB,IAAmC,EACnC,cAAwB;QAExB,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,KAAK,CAAC;QACf,CAAC;QAGD,IAAI,UAAU,GAAa,EAAE,CAAC;QAE9B,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YAEf,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QACjE,CAAC;aAAM,IAAK,IAAY,CAAC,MAAM,IAAI,KAAK,CAAC,OAAO,CAAE,IAAY,CAAC,MAAM,CAAC,EAAE,CAAC;YAEvE,UAAU,GAAI,IAAY,CAAC,MAAM,CAAC;QACpC,CAAC;QAGD,OAAO,cAAc,CAAC,KAAK,CAAC,CAAC,QAAQ,EAAE,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC3E,CAAC;IASO,gBAAgB,CACtB,IAAmC,EACnC,aAAuB;QAEvB,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,KAAK,CAAC;QACf,CAAC;QAGD,IAAI,SAAS,GAAa,EAAE,CAAC;QAE7B,IAAK,IAAY,CAAC,KAAK,IAAI,KAAK,CAAC,OAAO,CAAE,IAAY,CAAC,KAAK,CAAC,EAAE,CAAC;YAC9D,SAAS,GAAI,IAAY,CAAC,KAAK,CAAC;QAClC,CAAC;aAAM,IACL,IAAI,CAAC,SAAS;YACd,IAAI,CAAC,SAAS,CAAC,KAAK;YACpB,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,EACnC,CAAC;YACD,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC;QACnC,CAAC;QAGD,OAAO,aAAa,CAAC,KAAK,CAAC,CAAC,QAAQ,EAAE,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;IACzE,CAAC;CACF,CAAA;AApOY,4DAAwB;mCAAxB,wBAAwB;IADpC,IAAA,mBAAU,GAAE;GACA,wBAAwB,CAoOpC","sourcesContent":["import { Injectable } from '@nestjs/common';\nimport { McpError, ErrorCode } from '@modelcontextprotocol/sdk/types.js';\nimport { ToolMetadata, SecurityScheme } from '../decorators/tool.decorator';\nimport { AuthenticatedUser } from '../interfaces/authenticated-user.interface';\n\n/** Minimal shape the authorization logic needs: a capability carrying tool metadata. */\nexport interface AuthorizableTool {\n metadata: ToolMetadata;\n}\n\n/**\n * Per-tool authorization.\n *\n * This service powers `tools/list` filtering and the `tools/call` access check\n * based purely on the per-tool decorators (`@PublicTool()`, `@ToolScopes()`,\n * `@ToolRoles()`) and the user resolved off the raw request (`req.user`, set by\n * a guard or by transport-level auth middleware).\n *\n * It is intentionally NOT an authentication mechanism: real enforcement is the\n * job of standard NestJS `@UseGuards()` (which run inside the RPC pipeline at\n * call time) and/or auth middleware on the HTTP routes. This service only\n * decides which tools a *known* principal may see and invoke.\n */\n@Injectable()\nexport class ToolAuthorizationService {\n /**\n * Generate security schemes for a tool, advertised to clients (e.g. ChatGPT)\n * via the OpenAI `securitySchemes` spec so they know which tools need auth.\n *\n * @param tool - The discovered tool\n * @param freemiumMode - Whether the server runs in freemium mode\n * (`allowUnauthenticatedAccess`). In freemium mode an undecorated,\n * non-public tool still requires authentication, so it is advertised as\n * `oauth2`.\n * @returns Array of security schemes for the tool\n */\n generateSecuritySchemes(\n tool: AuthorizableTool,\n freemiumMode: boolean,\n ): SecurityScheme[] {\n const metadata = tool.metadata;\n const schemes: SecurityScheme[] = [];\n\n // If tool is marked as @PublicTool(), it can be accessed without auth\n if (metadata.isPublic) {\n schemes.push({ type: 'noauth' });\n }\n\n // If tool has required scopes, add oauth2 scheme with those scopes\n if (metadata.requiredScopes && metadata.requiredScopes.length > 0) {\n schemes.push({ type: 'oauth2', scopes: metadata.requiredScopes });\n }\n // Else if tool requires specific roles, advertise that auth is needed\n else if (metadata.requiredRoles && metadata.requiredRoles.length > 0) {\n schemes.push({ type: 'oauth2' });\n }\n // Else, in freemium mode a non-public tool still requires authentication\n else if (freemiumMode && !metadata.isPublic) {\n schemes.push({ type: 'oauth2' });\n }\n\n // If no schemes were added, tool is accessible without authentication\n if (schemes.length === 0) {\n schemes.push({ type: 'noauth' });\n }\n\n return schemes;\n }\n\n /**\n * Check if a user can access a tool based on its per-tool requirements.\n *\n * @param user - The authenticated user (may be undefined)\n * @param tool - The discovered tool\n * @param allowUnauthenticatedAccess - Whether unauthenticated access is allowed (freemium mode)\n * @returns true if the user can access the tool, false otherwise\n */\n canAccessTool(\n user: AuthenticatedUser | undefined,\n tool: AuthorizableTool,\n allowUnauthenticatedAccess: boolean = false,\n ): boolean {\n const metadata = tool.metadata;\n\n // If tool is public, always allow access\n if (metadata.isPublic) {\n return true;\n }\n\n // If tool has specific scope/role requirements, user MUST be authenticated\n const hasSpecificRequirements =\n (metadata.requiredScopes && metadata.requiredScopes.length > 0) ||\n (metadata.requiredRoles && metadata.requiredRoles.length > 0);\n\n if (hasSpecificRequirements && !user) {\n return false;\n }\n\n // If tool has specific scopes, validate them\n if (metadata.requiredScopes && metadata.requiredScopes.length > 0) {\n if (!this.hasRequiredScopes(user, metadata.requiredScopes)) {\n return false;\n }\n }\n\n // If tool has specific roles, validate them\n if (metadata.requiredRoles && metadata.requiredRoles.length > 0) {\n if (!this.hasRequiredRoles(user, metadata.requiredRoles)) {\n return false;\n }\n }\n\n // At this point the tool is not public and has no (or satisfied) scope/role\n // requirements. The only remaining question is the undecorated tool:\n //\n // - Freemium mode (allowUnauthenticatedAccess = true): anonymous callers may\n // only reach @PublicTool() (or specifically-scoped) tools, so an\n // undecorated tool requires a user.\n // - Standard mode (default): real enforcement is delegated to @UseGuards /\n // auth middleware, so we trust that decision and allow access. (On stdio\n // there is no request and no user — all undecorated tools are reachable.)\n if (allowUnauthenticatedAccess && !user) {\n return false;\n }\n\n return true;\n }\n\n /**\n * Validate that a user can access a tool, throwing an error if not authorized.\n *\n * @param user - The authenticated user (may be undefined)\n * @param tool - The discovered tool\n * @param allowUnauthenticatedAccess - Whether unauthenticated access is allowed (freemium mode)\n * @throws McpError if user is not authorized to access the tool\n */\n validateToolAccess(\n user: AuthenticatedUser | undefined,\n tool: AuthorizableTool,\n allowUnauthenticatedAccess: boolean = false,\n ): void {\n const metadata = tool.metadata;\n const toolName = metadata.name;\n\n // If tool is public, allow access\n if (metadata.isPublic) {\n return;\n }\n\n // Check if tool has specific scope/role requirements\n const hasSpecificRequirements =\n (metadata.requiredScopes && metadata.requiredScopes.length > 0) ||\n (metadata.requiredRoles && metadata.requiredRoles.length > 0);\n\n if (hasSpecificRequirements && !user) {\n throw new McpError(\n ErrorCode.InvalidRequest,\n `Tool '${toolName}' requires authentication`,\n );\n }\n\n // Validate scopes if required\n if (metadata.requiredScopes && metadata.requiredScopes.length > 0) {\n if (!this.hasRequiredScopes(user, metadata.requiredScopes)) {\n throw new McpError(\n ErrorCode.InvalidRequest,\n `Tool '${toolName}' requires scopes: ${metadata.requiredScopes.join(', ')}`,\n );\n }\n }\n\n // Validate roles if required\n if (metadata.requiredRoles && metadata.requiredRoles.length > 0) {\n if (!this.hasRequiredRoles(user, metadata.requiredRoles)) {\n throw new McpError(\n ErrorCode.InvalidRequest,\n `Tool '${toolName}' requires roles: ${metadata.requiredRoles.join(', ')}`,\n );\n }\n }\n\n // Freemium mode: an undecorated, non-public tool still requires a user.\n // Standard mode trusts @UseGuards / auth middleware (see canAccessTool).\n if (allowUnauthenticatedAccess && !user) {\n throw new McpError(\n ErrorCode.InvalidRequest,\n `Tool '${toolName}' requires authentication`,\n );\n }\n }\n\n /**\n * Check if user has all required scopes\n *\n * @param user - The authenticated user (may be undefined)\n * @param requiredScopes - Array of required scope strings\n * @returns true if user has all required scopes\n */\n private hasRequiredScopes(\n user: AuthenticatedUser | undefined,\n requiredScopes: string[],\n ): boolean {\n if (!user) {\n return false;\n }\n\n // Get user scopes - could be in 'scope' (space-delimited string) or 'scopes' (array)\n let userScopes: string[] = [];\n\n if (user.scope) {\n // OAuth 2.0 standard: space-delimited string\n userScopes = user.scope.split(' ').filter((s) => s.length > 0);\n } else if ((user as any).scopes && Array.isArray((user as any).scopes)) {\n // Alternative: array of scopes\n userScopes = (user as any).scopes;\n }\n\n // Check if user has ALL required scopes\n return requiredScopes.every((required) => userScopes.includes(required));\n }\n\n /**\n * Check if user has all required roles\n *\n * @param user - The authenticated user (may be undefined)\n * @param requiredRoles - Array of required role strings\n * @returns true if user has all required roles\n */\n private hasRequiredRoles(\n user: AuthenticatedUser | undefined,\n requiredRoles: string[],\n ): boolean {\n if (!user) {\n return false;\n }\n\n // Get user roles from user data\n let userRoles: string[] = [];\n\n if ((user as any).roles && Array.isArray((user as any).roles)) {\n userRoles = (user as any).roles;\n } else if (\n user.user_data &&\n user.user_data.roles &&\n Array.isArray(user.user_data.roles)\n ) {\n userRoles = user.user_data.roles;\n }\n\n // Check if user has ALL required roles\n return requiredRoles.every((required) => userRoles.includes(required));\n }\n}\n"]}
|
|
@@ -0,0 +1,34 @@
|
|
|
1
|
+
import { Logger } from '@nestjs/common';
|
|
2
|
+
import { BaseRpcContext } from '@nestjs/microservices';
|
|
3
|
+
import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
|
|
4
|
+
import { Progress } from '@modelcontextprotocol/sdk/types.js';
|
|
5
|
+
import { Context, McpRequest } from '../interfaces';
|
|
6
|
+
export type McpTransportKind = 'stdio' | 'streamable-http';
|
|
7
|
+
export interface McpSessionInfo {
|
|
8
|
+
sessionId?: string;
|
|
9
|
+
transport: McpTransportKind;
|
|
10
|
+
stateless: boolean;
|
|
11
|
+
}
|
|
12
|
+
type McpContextArgs = [
|
|
13
|
+
mcpServer: McpServer,
|
|
14
|
+
mcpRequest: McpRequest,
|
|
15
|
+
session: McpSessionInfo,
|
|
16
|
+
rawRequest: unknown
|
|
17
|
+
];
|
|
18
|
+
export declare class McpContext extends BaseRpcContext<McpContextArgs> implements Context {
|
|
19
|
+
private readonly logger?;
|
|
20
|
+
readonly reportProgress: (progress: Progress) => Promise<void>;
|
|
21
|
+
readonly log: Context['log'];
|
|
22
|
+
constructor(args: McpContextArgs, logger?: Logger | undefined);
|
|
23
|
+
get mcpServer(): McpServer;
|
|
24
|
+
get mcpRequest(): McpRequest;
|
|
25
|
+
getSession(): McpSessionInfo;
|
|
26
|
+
getRawRequest<T = unknown>(): T | undefined;
|
|
27
|
+
private get progressToken();
|
|
28
|
+
private createReportProgress;
|
|
29
|
+
private createLog;
|
|
30
|
+
private createStatelessReportProgress;
|
|
31
|
+
private createStatelessLog;
|
|
32
|
+
}
|
|
33
|
+
export {};
|
|
34
|
+
//# sourceMappingURL=mcp-context.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"mcp-context.d.ts","sourceRoot":"","sources":["../../../src/mcp/transport/mcp-context.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,gBAAgB,CAAC;AACxC,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AACvD,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACpE,OAAO,EAAE,QAAQ,EAAE,MAAM,oCAAoC,CAAC;AAC9D,OAAO,EAAE,OAAO,EAAE,UAAU,EAAqB,MAAM,eAAe,CAAC;AAEvE,MAAM,MAAM,gBAAgB,GAAG,OAAO,GAAG,iBAAiB,CAAC;AAE3D,MAAM,WAAW,cAAc;IAE7B,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB,SAAS,EAAE,gBAAgB,CAAC;IAM5B,SAAS,EAAE,OAAO,CAAC;CACpB;AAED,KAAK,cAAc,GAAG;IACpB,SAAS,EAAE,SAAS;IACpB,UAAU,EAAE,UAAU;IACtB,OAAO,EAAE,cAAc;IACvB,UAAU,EAAE,OAAO;CACpB,CAAC;AAYF,qBAAa,UACX,SAAQ,cAAc,CAAC,cAAc,CACrC,YAAW,OAAO;IAOhB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC;IAL1B,SAAgB,cAAc,EAAE,CAAC,QAAQ,EAAE,QAAQ,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACtE,SAAgB,GAAG,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;gBAGlC,IAAI,EAAE,cAAc,EACH,MAAM,CAAC,EAAE,MAAM,YAAA;IAYlC,IAAI,SAAS,IAAI,SAAS,CAEzB;IAGD,IAAI,UAAU,IAAI,UAAU,CAE3B;IAGD,UAAU,IAAI,cAAc;IAK5B,aAAa,CAAC,CAAC,GAAG,OAAO,KAAK,CAAC,GAAG,SAAS;IAI3C,OAAO,KAAK,aAAa,GAExB;IAED,OAAO,CAAC,oBAAoB;IAa5B,OAAO,CAAC,SAAS;IAmBjB,OAAO,CAAC,6BAA6B;IAWrC,OAAO,CAAC,kBAAkB;CAY3B"}
|
|
@@ -0,0 +1,74 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.McpContext = void 0;
|
|
4
|
+
const microservices_1 = require("@nestjs/microservices");
|
|
5
|
+
class McpContext extends microservices_1.BaseRpcContext {
|
|
6
|
+
constructor(args, logger) {
|
|
7
|
+
super(args);
|
|
8
|
+
this.logger = logger;
|
|
9
|
+
this.reportProgress = this.getSession().stateless
|
|
10
|
+
? this.createStatelessReportProgress()
|
|
11
|
+
: this.createReportProgress();
|
|
12
|
+
this.log = this.getSession().stateless
|
|
13
|
+
? this.createStatelessLog()
|
|
14
|
+
: this.createLog();
|
|
15
|
+
}
|
|
16
|
+
get mcpServer() {
|
|
17
|
+
return this.args[0];
|
|
18
|
+
}
|
|
19
|
+
get mcpRequest() {
|
|
20
|
+
return this.args[1];
|
|
21
|
+
}
|
|
22
|
+
getSession() {
|
|
23
|
+
return this.args[2];
|
|
24
|
+
}
|
|
25
|
+
getRawRequest() {
|
|
26
|
+
return this.args[3];
|
|
27
|
+
}
|
|
28
|
+
get progressToken() {
|
|
29
|
+
return this.mcpRequest.params?._meta?.progressToken;
|
|
30
|
+
}
|
|
31
|
+
createReportProgress() {
|
|
32
|
+
return async (progress) => {
|
|
33
|
+
const progressToken = this.progressToken;
|
|
34
|
+
if (progressToken === undefined) {
|
|
35
|
+
return;
|
|
36
|
+
}
|
|
37
|
+
await this.mcpServer.server.notification({
|
|
38
|
+
method: 'notifications/progress',
|
|
39
|
+
params: { ...progress, progressToken },
|
|
40
|
+
});
|
|
41
|
+
};
|
|
42
|
+
}
|
|
43
|
+
createLog() {
|
|
44
|
+
const send = (level, message, context) => {
|
|
45
|
+
void this.mcpServer.server.sendLoggingMessage({
|
|
46
|
+
level,
|
|
47
|
+
data: { message, context },
|
|
48
|
+
});
|
|
49
|
+
};
|
|
50
|
+
return {
|
|
51
|
+
debug: (message, context) => send('debug', message, context),
|
|
52
|
+
info: (message, context) => send('info', message, context),
|
|
53
|
+
warn: (message, context) => send('warning', message, context),
|
|
54
|
+
error: (message, context) => send('error', message, context),
|
|
55
|
+
};
|
|
56
|
+
}
|
|
57
|
+
createStatelessReportProgress() {
|
|
58
|
+
return () => {
|
|
59
|
+
this.logger?.warn("Stateless context: 'reportProgress' is not supported.");
|
|
60
|
+
return Promise.resolve();
|
|
61
|
+
};
|
|
62
|
+
}
|
|
63
|
+
createStatelessLog() {
|
|
64
|
+
const warn = () => this.logger?.warn('Stateless context: server-side logging is not supported.');
|
|
65
|
+
return {
|
|
66
|
+
debug: () => warn(),
|
|
67
|
+
info: () => warn(),
|
|
68
|
+
warn: () => warn(),
|
|
69
|
+
error: () => warn(),
|
|
70
|
+
};
|
|
71
|
+
}
|
|
72
|
+
}
|
|
73
|
+
exports.McpContext = McpContext;
|
|
74
|
+
//# sourceMappingURL=mcp-context.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"mcp-context.js","sourceRoot":"","sources":["../../../src/mcp/transport/mcp-context.ts"],"names":[],"mappings":";;;AACA,yDAAuD;AAqCvD,MAAa,UACX,SAAQ,8BAA8B;IAMtC,YACE,IAAoB,EACH,MAAe;QAEhC,KAAK,CAAC,IAAI,CAAC,CAAC;QAFK,WAAM,GAAN,MAAM,CAAS;QAGhC,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC,SAAS;YAC/C,CAAC,CAAC,IAAI,CAAC,6BAA6B,EAAE;YACtC,CAAC,CAAC,IAAI,CAAC,oBAAoB,EAAE,CAAC;QAChC,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC,SAAS;YACpC,CAAC,CAAC,IAAI,CAAC,kBAAkB,EAAE;YAC3B,CAAC,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;IACvB,CAAC;IAGD,IAAI,SAAS;QACX,OAAO,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACtB,CAAC;IAGD,IAAI,UAAU;QACZ,OAAO,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACtB,CAAC;IAGD,UAAU;QACR,OAAO,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACtB,CAAC;IAGD,aAAa;QACX,OAAO,IAAI,CAAC,IAAI,CAAC,CAAC,CAAkB,CAAC;IACvC,CAAC;IAED,IAAY,aAAa;QACvB,OAAO,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,KAAK,EAAE,aAAa,CAAC;IACtD,CAAC;IAEO,oBAAoB;QAC1B,OAAO,KAAK,EAAE,QAAkB,EAAE,EAAE;YAClC,MAAM,aAAa,GAAG,IAAI,CAAC,aAAa,CAAC;YACzC,IAAI,aAAa,KAAK,SAAS,EAAE,CAAC;gBAChC,OAAO;YACT,CAAC;YACD,MAAM,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,YAAY,CAAC;gBACvC,MAAM,EAAE,wBAAwB;gBAChC,MAAM,EAAE,EAAE,GAAG,QAAQ,EAAE,aAAa,EAAc;aACnD,CAAC,CAAC;QACL,CAAC,CAAC;IACJ,CAAC;IAEO,SAAS;QACf,MAAM,IAAI,GAAG,CACX,KAA6C,EAC7C,OAAe,EACf,OAA2B,EAC3B,EAAE;YACF,KAAK,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,kBAAkB,CAAC;gBAC5C,KAAK;gBACL,IAAI,EAAE,EAAE,OAAO,EAAE,OAAO,EAAE;aAC3B,CAAC,CAAC;QACL,CAAC,CAAC;QACF,OAAO;YACL,KAAK,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,EAAE,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC;YAC5D,IAAI,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,EAAE,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC;YAC1D,IAAI,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,EAAE,CAAC,IAAI,CAAC,SAAS,EAAE,OAAO,EAAE,OAAO,CAAC;YAC7D,KAAK,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,EAAE,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC;SAC7D,CAAC;IACJ,CAAC;IAEO,6BAA6B;QAGnC,OAAO,GAAG,EAAE;YACV,IAAI,CAAC,MAAM,EAAE,IAAI,CACf,uDAAuD,CACxD,CAAC;YACF,OAAO,OAAO,CAAC,OAAO,EAAE,CAAC;QAC3B,CAAC,CAAC;IACJ,CAAC;IAEO,kBAAkB;QACxB,MAAM,IAAI,GAAG,GAAG,EAAE,CAChB,IAAI,CAAC,MAAM,EAAE,IAAI,CACf,0DAA0D,CAC3D,CAAC;QACJ,OAAO;YACL,KAAK,EAAE,GAAG,EAAE,CAAC,IAAI,EAAE;YACnB,IAAI,EAAE,GAAG,EAAE,CAAC,IAAI,EAAE;YAClB,IAAI,EAAE,GAAG,EAAE,CAAC,IAAI,EAAE;YAClB,KAAK,EAAE,GAAG,EAAE,CAAC,IAAI,EAAE;SACpB,CAAC;IACJ,CAAC;CACF;AAnGD,gCAmGC","sourcesContent":["import { Logger } from '@nestjs/common';\nimport { BaseRpcContext } from '@nestjs/microservices';\nimport { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';\nimport { Progress } from '@modelcontextprotocol/sdk/types.js';\nimport { Context, McpRequest, SerializableValue } from '../interfaces';\n\nexport type McpTransportKind = 'stdio' | 'streamable-http';\n\nexport interface McpSessionInfo {\n /** The MCP session id, when the transport is session-aware. */\n sessionId?: string;\n /** Which transport delivered this request. */\n transport: McpTransportKind;\n /**\n * `true` only for the per-request streamable-HTTP stateless mode, where the\n * server cannot push notifications/progress back to the client. stdio and\n * stateful streamable-HTTP are both session-aware (`false`).\n */\n stateless: boolean;\n}\n\ntype McpContextArgs = [\n mcpServer: McpServer,\n mcpRequest: McpRequest,\n session: McpSessionInfo,\n rawRequest: unknown,\n];\n\n/**\n * Execution context handed to every MCP capability handler via `@Ctx()`.\n *\n * Extends NestJS's {@link BaseRpcContext} so it is resolved as the RPC context\n * argument (the strategy invokes handlers as `handler(payload, mcpContext)`),\n * and implements the library's {@link Context} surface (`reportProgress`, `log`,\n * `mcpServer`, `mcpRequest`) so existing handler code keeps working.\n *\n * Additional accessors expose the session and the raw transport request.\n */\nexport class McpContext\n extends BaseRpcContext<McpContextArgs>\n implements Context\n{\n public readonly reportProgress: (progress: Progress) => Promise<void>;\n public readonly log: Context['log'];\n\n constructor(\n args: McpContextArgs,\n private readonly logger?: Logger,\n ) {\n super(args);\n this.reportProgress = this.getSession().stateless\n ? this.createStatelessReportProgress()\n : this.createReportProgress();\n this.log = this.getSession().stateless\n ? this.createStatelessLog()\n : this.createLog();\n }\n\n /** The underlying MCP SDK server instance. */\n get mcpServer(): McpServer {\n return this.args[0];\n }\n\n /** The parsed JSON-RPC request (tools/call, resources/read, prompts/get, ...). */\n get mcpRequest(): McpRequest {\n return this.args[1];\n }\n\n /** Session metadata for this request. */\n getSession(): McpSessionInfo {\n return this.args[2];\n }\n\n /** The raw transport request (Express/Fastify request for HTTP; `undefined` for stdio). */\n getRawRequest<T = unknown>(): T | undefined {\n return this.args[3] as T | undefined;\n }\n\n private get progressToken(): string | number | undefined {\n return this.mcpRequest.params?._meta?.progressToken;\n }\n\n private createReportProgress(): (progress: Progress) => Promise<void> {\n return async (progress: Progress) => {\n const progressToken = this.progressToken;\n if (progressToken === undefined) {\n return;\n }\n await this.mcpServer.server.notification({\n method: 'notifications/progress',\n params: { ...progress, progressToken } as Progress,\n });\n };\n }\n\n private createLog(): Context['log'] {\n const send = (\n level: 'debug' | 'info' | 'warning' | 'error',\n message: string,\n context?: SerializableValue,\n ) => {\n void this.mcpServer.server.sendLoggingMessage({\n level,\n data: { message, context },\n });\n };\n return {\n debug: (message, context) => send('debug', message, context),\n info: (message, context) => send('info', message, context),\n warn: (message, context) => send('warning', message, context),\n error: (message, context) => send('error', message, context),\n };\n }\n\n private createStatelessReportProgress(): (\n progress: Progress,\n ) => Promise<void> {\n return () => {\n this.logger?.warn(\n \"Stateless context: 'reportProgress' is not supported.\",\n );\n return Promise.resolve();\n };\n }\n\n private createStatelessLog(): Context['log'] {\n const warn = () =>\n this.logger?.warn(\n 'Stateless context: server-side logging is not supported.',\n );\n return {\n debug: () => warn(),\n info: () => warn(),\n warn: () => warn(),\n error: () => warn(),\n };\n }\n}\n"]}
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
export interface McpHttpHandler {
|
|
2
|
+
handlePost(req: unknown, res: unknown): Promise<void> | void;
|
|
3
|
+
handleGet(req: unknown, res: unknown): Promise<void> | void;
|
|
4
|
+
handleDelete(req: unknown, res: unknown): Promise<void> | void;
|
|
5
|
+
}
|
|
6
|
+
export declare const MCP_HTTP_HANDLER: unique symbol;
|
|
7
|
+
//# sourceMappingURL=mcp-http-handler.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"mcp-http-handler.d.ts","sourceRoot":"","sources":["../../../src/mcp/transport/mcp-http-handler.ts"],"names":[],"mappings":"AAgBA,MAAM,WAAW,cAAc;IAC7B,UAAU,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;IAC7D,SAAS,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;IAC5D,YAAY,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;CAChE;AAWD,eAAO,MAAM,gBAAgB,eAA6B,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"mcp-http-handler.js","sourceRoot":"","sources":["../../../src/mcp/transport/mcp-http-handler.ts"],"names":[],"mappings":";;;AA+Ba,QAAA,gBAAgB,GAAG,MAAM,CAAC,kBAAkB,CAAC,CAAC","sourcesContent":["/**\n * The HTTP verb handlers a streamable-HTTP MCP endpoint needs: one per method\n * the transport mounts (`POST` messages, `GET` SSE stream, `DELETE` session\n * teardown). This is the seam for \"bring your own controller\" setups.\n *\n * The transport owns the implementation (session handling, streaming, raw-body\n * reading); you only decide HOW the route is mounted:\n *\n * - Do nothing — the transport self-mounts the route (no guards possible).\n * - Extend {@link StreamableHttpController} (or write your own `@Controller`)\n * and delegate to these handlers, so the route is a real Nest route that\n * `@UseGuards()` / `@UseInterceptors()` / `@Version()` apply to.\n *\n * Obtain an instance from a transport via `transport.httpHandlers` and provide\n * it under {@link MCP_HTTP_HANDLER} so the controller can inject it.\n */\nexport interface McpHttpHandler {\n handlePost(req: unknown, res: unknown): Promise<void> | void;\n handleGet(req: unknown, res: unknown): Promise<void> | void;\n handleDelete(req: unknown, res: unknown): Promise<void> | void;\n}\n\n/**\n * DI token for an {@link McpHttpHandler}. Provide a transport's `httpHandlers`\n * under this token so {@link StreamableHttpController} (or your own controller)\n * can inject it:\n *\n * ```ts\n * { provide: MCP_HTTP_HANDLER, useValue: mcpTransport.httpHandlers }\n * ```\n */\nexport const MCP_HTTP_HANDLER = Symbol('MCP_HTTP_HANDLER');\n"]}
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
import { Icon, ServerCapabilities } from '@modelcontextprotocol/sdk/types.js';
|
|
2
|
+
import { HttpServer } from '@nestjs/common';
|
|
3
|
+
import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
|
|
4
|
+
import { McpTransport } from './mcp-transport.interface';
|
|
5
|
+
export interface McpServerOptions {
|
|
6
|
+
name: string;
|
|
7
|
+
version: string;
|
|
8
|
+
server?: string;
|
|
9
|
+
title?: string;
|
|
10
|
+
description?: string;
|
|
11
|
+
websiteUrl?: string;
|
|
12
|
+
icons?: Icon[];
|
|
13
|
+
capabilities?: ServerCapabilities;
|
|
14
|
+
instructions?: string;
|
|
15
|
+
serverMutator?: (server: McpServer) => McpServer;
|
|
16
|
+
transports: McpTransport[];
|
|
17
|
+
httpAdapter?: HttpServer;
|
|
18
|
+
allowUnauthenticatedAccess?: boolean;
|
|
19
|
+
logging?: false | {
|
|
20
|
+
level: ('log' | 'error' | 'warn' | 'debug' | 'verbose')[];
|
|
21
|
+
};
|
|
22
|
+
}
|
|
23
|
+
//# sourceMappingURL=mcp-server-options.interface.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"mcp-server-options.interface.d.ts","sourceRoot":"","sources":["../../../src/mcp/transport/mcp-server-options.interface.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,kBAAkB,EAAE,MAAM,oCAAoC,CAAC;AAC9E,OAAO,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAC5C,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACpE,OAAO,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;AASzD,MAAM,WAAW,gBAAgB;IAE/B,IAAI,EAAE,MAAM,CAAC;IAEb,OAAO,EAAE,MAAM,CAAC;IAMhB,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB,UAAU,CAAC,EAAE,MAAM,CAAC;IAEpB,KAAK,CAAC,EAAE,IAAI,EAAE,CAAC;IAEf,YAAY,CAAC,EAAE,kBAAkB,CAAC;IAElC,YAAY,CAAC,EAAE,MAAM,CAAC;IAEtB,aAAa,CAAC,EAAE,CAAC,MAAM,EAAE,SAAS,KAAK,SAAS,CAAC;IAMjD,UAAU,EAAE,YAAY,EAAE,CAAC;IAQ3B,WAAW,CAAC,EAAE,UAAU,CAAC;IAYzB,0BAA0B,CAAC,EAAE,OAAO,CAAC;IAOrC,OAAO,CAAC,EACJ,KAAK,GACL;QACE,KAAK,EAAE,CAAC,KAAK,GAAG,OAAO,GAAG,MAAM,GAAG,OAAO,GAAG,SAAS,CAAC,EAAE,CAAC;KAC3D,CAAC;CACP"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"mcp-server-options.interface.js","sourceRoot":"","sources":["../../../src/mcp/transport/mcp-server-options.interface.ts"],"names":[],"mappings":"","sourcesContent":["import { Icon, ServerCapabilities } from '@modelcontextprotocol/sdk/types.js';\nimport { HttpServer } from '@nestjs/common';\nimport { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';\nimport { McpTransport } from './mcp-transport.interface';\n\n/**\n * Configuration for an {@link McpStrategy} — the NestJS microservice transport\n * strategy that powers an MCP server. Pass an instance to\n * `app.connectMicroservice({ strategy: new McpStrategy(options) })`, set the HTTP\n * adapter for HTTP transports, and declare your `@McpController` classes in a\n * module's `controllers` array. No `McpModule` is required.\n */\nexport interface McpServerOptions {\n /** Server name (MCP `Implementation.name`). */\n name: string;\n /** Server version (MCP `Implementation.version`). */\n version: string;\n /**\n * Logical server name used for multi-server isolation. Only\n * `@McpController({ server: <name> })` classes bind to this strategy. Omit for\n * the default server (binds to plain `@McpController()` classes).\n */\n server?: string;\n /** Human-readable display name. */\n title?: string;\n /** Short description of what this server does. */\n description?: string;\n /** URL of the website associated with this server. */\n websiteUrl?: string;\n /** Icons representing this server. */\n icons?: Icon[];\n /** Extra MCP server capabilities merged with the auto-derived ones. */\n capabilities?: ServerCapabilities;\n /** Server instructions sent to clients on initialize. */\n instructions?: string;\n /** Mutate the SDK server right after creation (instrumentation, etc.). */\n serverMutator?: (server: McpServer) => McpServer;\n\n /**\n * The integrations this server exposes. Provide one entry per transport,\n * e.g. `[new StreamableHttpTransport(), new StdioTransport()]`.\n */\n transports: McpTransport[];\n\n /**\n * The Nest HTTP adapter, required for HTTP-based transports. Either pass it\n * here (`new McpStrategy({ ..., httpAdapter: app.getHttpAdapter() })`) or set\n * it later via `strategy.setHttpAdapter(app.getHttpAdapter())`. Not needed for\n * stdio-only servers.\n */\n httpAdapter?: HttpServer;\n\n /**\n * Freemium mode. When `true`, anonymous (unauthenticated) sessions may reach\n * `@PublicTool()` tools, while every other tool still requires a resolved\n * `req.user`. When `false` (default), per-tool listing/visibility trusts the\n * server's own authentication — `@UseGuards()` on `@McpController` classes or\n * methods (run by the NestJS RPC pipeline at call time) and/or auth middleware\n * on the HTTP routes.\n *\n * @default false\n */\n allowUnauthenticatedAccess?: boolean;\n /**\n * Logging configuration.\n * - `false` to disable MCP logging\n * - `{ level: [...] }` to filter levels\n * - `undefined` (default) for standard NestJS logging\n */\n logging?:\n | false\n | {\n level: ('log' | 'error' | 'warn' | 'debug' | 'verbose')[];\n };\n}\n"]}
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
export declare const MCP_TRANSPORT: unique symbol;
|
|
2
|
+
export declare const mcpTransportFor: (server?: string) => symbol;
|
|
3
|
+
export declare const MCP_SERVER_NAME_METADATA_KEY = "mcp:server-name";
|
|
4
|
+
export type McpCapabilityType = 'tool' | 'resource' | 'resource-template' | 'prompt';
|
|
5
|
+
export interface McpPattern {
|
|
6
|
+
mcp: McpCapabilityType;
|
|
7
|
+
name: string;
|
|
8
|
+
[key: string]: string;
|
|
9
|
+
}
|
|
10
|
+
export type McpMethodRef = (...args: any[]) => any;
|
|
11
|
+
export interface McpHandlerExtras {
|
|
12
|
+
mcpType: McpCapabilityType;
|
|
13
|
+
mcpName: string;
|
|
14
|
+
mcpMethodKey: string;
|
|
15
|
+
mcpMethodRef: McpMethodRef;
|
|
16
|
+
}
|
|
17
|
+
export declare function buildMcpPattern(type: McpCapabilityType, name: string): McpPattern;
|
|
18
|
+
export declare function buildMcpHandlerExtras(type: McpCapabilityType, name: string, methodKey: string, methodRef: McpMethodRef): McpHandlerExtras;
|
|
19
|
+
//# sourceMappingURL=mcp-transport.constants.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"mcp-transport.constants.d.ts","sourceRoot":"","sources":["../../../src/mcp/transport/mcp-transport.constants.ts"],"names":[],"mappings":"AAgBA,eAAO,MAAM,aAAa,eAA0C,CAAC;AAerE,eAAO,MAAM,eAAe,GAAI,SAAS,MAAM,KAAG,MAC0B,CAAC;AAO7E,eAAO,MAAM,4BAA4B,oBAAoB,CAAC;AAE9D,MAAM,MAAM,iBAAiB,GACzB,MAAM,GACN,UAAU,GACV,mBAAmB,GACnB,QAAQ,CAAC;AAQb,MAAM,WAAW,UAAU;IACzB,GAAG,EAAE,iBAAiB,CAAC;IACvB,IAAI,EAAE,MAAM,CAAC;IAEb,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAC;CACvB;AAYD,MAAM,MAAM,YAAY,GAAG,CAAC,GAAG,IAAI,EAAE,GAAG,EAAE,KAAK,GAAG,CAAC;AAEnD,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,iBAAiB,CAAC;IAC3B,OAAO,EAAE,MAAM,CAAC;IAChB,YAAY,EAAE,MAAM,CAAC;IACrB,YAAY,EAAE,YAAY,CAAC;CAC5B;AAED,wBAAgB,eAAe,CAC7B,IAAI,EAAE,iBAAiB,EACvB,IAAI,EAAE,MAAM,GACX,UAAU,CAEZ;AAED,wBAAgB,qBAAqB,CACnC,IAAI,EAAE,iBAAiB,EACvB,IAAI,EAAE,MAAM,EACZ,SAAS,EAAE,MAAM,EACjB,SAAS,EAAE,YAAY,GACtB,gBAAgB,CAOlB"}
|