npm - @strapi/core - Versions diffs - 5.46.1 → 5.47.0 - Mend

@strapi/core 5.46.1 → 5.47.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (200) hide show

package/dist/services/mcp/tool-registry.js ADDED Viewed

@@ -0,0 +1,102 @@
+'use strict';
+var McpCapabilityRegistry = require('./internal/McpCapabilityRegistry.js');
+var wrapCapabilityHandlerForMetrics = require('./metrics/wrapCapabilityHandlerForMetrics.js');
+var createSafeCapabilityRegistration = require('./utils/createSafeCapabilityRegistration.js');
+// eslint-disable-next-line import/extensions
+function _class_private_field_loose_base(receiver, privateKey) {
+    if (!Object.prototype.hasOwnProperty.call(receiver, privateKey)) {
+        throw new TypeError("attempted to use private field on non-instance");
+    }
+    return receiver;
+}
+var id = 0;
+function _class_private_field_loose_key(name) {
+    return "__private_" + id++ + "_" + name;
+}
+function makeMcpToolDefinition(tool) {
+    return tool;
+}
+var _strapi = /*#__PURE__*/ _class_private_field_loose_key("_strapi"), _ability = /*#__PURE__*/ _class_private_field_loose_key("_ability"), _user = /*#__PURE__*/ _class_private_field_loose_key("_user");
+class McpToolRegistry extends McpCapabilityRegistry.McpCapabilityRegistryBase {
+    bind(mcpServer) {
+        const strapi = _class_private_field_loose_base(this, _strapi)[_strapi];
+        super.register((definition)=>{
+            const { name, title, description, resolveInputSchema, resolveOutputSchema, createHandler } = definition;
+            // Bind the session ability and token owner into the handler context so handlers can enforce
+            // field-level and entity-level permission checks and set creator fields.
+            const context = {
+                userAbility: _class_private_field_loose_base(this, _ability)[_ability],
+                user: _class_private_field_loose_base(this, _user)[_user]
+            };
+            const createHandlerWithContext = (strapi)=>createHandler(strapi, context);
+            return createSafeCapabilityRegistration.createSafeCapabilityRegistration({
+                strapi,
+                capabilityType: 'Tool',
+                name,
+                createHandler: createHandlerWithContext,
+                createFallbackHandler (errorMessage) {
+                    return async ()=>({
+                            content: [
+                                {
+                                    type: 'text',
+                                    text: `Tool "${name}" failed to initialize: ${errorMessage}`
+                                }
+                            ],
+                            isError: true
+                        });
+                },
+                createErrorResult (error) {
+                    return {
+                        content: [
+                            {
+                                type: 'text',
+                                text: `Tool "${name}" execution failed: ${error.message}`
+                            }
+                        ],
+                        isError: true
+                    };
+                },
+                registerWithSdk (safeHandler) {
+                    const inputSchema = resolveInputSchema !== undefined ? resolveInputSchema(context) : undefined;
+                    const outputSchema = resolveOutputSchema(context);
+                    // Adapt from our object-literal handler `({ args, extra })` to
+                    // the MCP SDK's positional form `(args, extra)` / `(extra)`.
+                    const baseHandler = inputSchema !== undefined ? (args, extra)=>safeHandler({
+                            args,
+                            extra
+                        }) : (extra)=>safeHandler({
+                            extra
+                        });
+                    const sdkHandler = wrapCapabilityHandlerForMetrics.wrapCapabilityHandlerForMetrics(strapi, 'tool', name, definition.telemetry, baseHandler);
+                    return mcpServer.registerTool(name, {
+                        title,
+                        description,
+                        inputSchema,
+                        outputSchema
+                    }, sdkHandler);
+                }
+            });
+        });
+    }
+    constructor(ctx){
+        super(ctx.definitions), Object.defineProperty(this, _strapi, {
+            writable: true,
+            value: void 0
+        }), Object.defineProperty(this, _ability, {
+            writable: true,
+            value: void 0
+        }), Object.defineProperty(this, _user, {
+            writable: true,
+            value: void 0
+        });
+        _class_private_field_loose_base(this, _strapi)[_strapi] = ctx.strapi;
+        _class_private_field_loose_base(this, _ability)[_ability] = ctx.ability;
+        _class_private_field_loose_base(this, _user)[_user] = ctx.user;
+    }
+}
+exports.McpToolRegistry = McpToolRegistry;
+exports.makeMcpToolDefinition = makeMcpToolDefinition;
+//# sourceMappingURL=tool-registry.js.map

package/dist/services/mcp/tool-registry.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"tool-registry.js","sources":["../../../src/services/mcp/tool-registry.ts"],"sourcesContent":["// eslint-disable-next-line import/extensions\nimport type { McpServer, RegisteredTool } from '@modelcontextprotocol/sdk/server/mcp.js';\nimport type { Core, Modules } from '@strapi/types';\nimport { z } from '@strapi/utils';\nimport { McpCapabilityDefinitionRegistry } from './internal/McpCapabilityDefinitionRegistry';\nimport {\n type McpCapabilityRegistry,\n McpCapabilityRegistryBase,\n} from './internal/McpCapabilityRegistry';\nimport { wrapCapabilityHandlerForMetrics } from './metrics/wrapCapabilityHandlerForMetrics';\nimport { createSafeCapabilityRegistration } from './utils/createSafeCapabilityRegistration';\nimport type { McpAdminTokenAbility } from './authentication';\n\nexport function makeMcpToolDefinition<\n Name extends string,\n Title extends string,\n Description extends string,\n OutputSchema extends z.ZodObject<z.ZodRawShape>,\n InputSchema extends z.ZodObject<z.ZodRawShape> | undefined = undefined,\n Access extends Modules.MCP.McpCapabilityAccess = Modules.MCP.McpCapabilityAccess,\n>(\n tool: {\n name: Name;\n title: Title;\n description: Description;\n resolveInputSchema?: (context: Modules.MCP.McpHandlerContext) => InputSchema;\n resolveOutputSchema: (context: Modules.MCP.McpHandlerContext) => OutputSchema;\n createHandler: (\n strapi: Core.Strapi,\n context: Modules.MCP.McpHandlerContext\n ) => Modules.MCP.McpToolHandler<NoInfer<InputSchema>, NoInfer<OutputSchema>>;\n } & Access\n): Modules.MCP.McpToolDefinition<Name, InputSchema, OutputSchema, Title, Description> & Access {\n return tool as Modules.MCP.McpToolDefinition<\n Name,\n InputSchema,\n OutputSchema,\n Title,\n Description\n > &\n Access;\n}\n\nexport class McpToolRegistry\n extends McpCapabilityRegistryBase<'tool', Modules.MCP.McpToolDefinition, RegisteredTool>\n implements McpCapabilityRegistry\n{\n #strapi: Core.Strapi;\n\n #ability: McpAdminTokenAbility;\n\n #user: Modules.MCP.McpHandlerContext['user'];\n\n constructor(ctx: {\n strapi: Core.Strapi;\n definitions: McpCapabilityDefinitionRegistry<'tool', Modules.MCP.McpToolDefinition>;\n ability: McpAdminTokenAbility;\n user: Modules.MCP.McpHandlerContext['user'];\n }) {\n super(ctx.definitions);\n this.#strapi = ctx.strapi;\n this.#ability = ctx.ability;\n this.#user = ctx.user;\n }\n\n bind(mcpServer: McpServer) {\n const strapi = this.#strapi;\n\n super.register((definition) => {\n const { name, title, description, resolveInputSchema, resolveOutputSchema, createHandler } =\n definition;\n\n // Bind the session ability and token owner into the handler context so handlers can enforce\n // field-level and entity-level permission checks and set creator fields.\n const context: Modules.MCP.McpHandlerContext = {\n userAbility: this.#ability,\n user: this.#user,\n };\n const createHandlerWithContext = (strapi: Core.Strapi) => createHandler(strapi, context);\n\n return createSafeCapabilityRegistration({\n strapi,\n capabilityType: 'Tool',\n name,\n createHandler: createHandlerWithContext,\n createFallbackHandler(errorMessage) {\n return async () => ({\n content: [\n {\n type: 'text' as const,\n text: `Tool \"${name}\" failed to initialize: ${errorMessage}`,\n },\n ],\n isError: true,\n });\n },\n createErrorResult(error) {\n return {\n content: [\n {\n type: 'text' as const,\n text: `Tool \"${name}\" execution failed: ${error.message}`,\n },\n ],\n isError: true,\n };\n },\n registerWithSdk(safeHandler) {\n const inputSchema =\n resolveInputSchema !== undefined ? resolveInputSchema(context) : undefined;\n const outputSchema = resolveOutputSchema(context);\n\n // Adapt from our object-literal handler `({ args, extra })` to\n // the MCP SDK's positional form `(args, extra)` / `(extra)`.\n const baseHandler =\n inputSchema !== undefined\n ? (args: unknown, extra: unknown) =>\n safeHandler({ args, extra } as Parameters<typeof safeHandler>[0])\n : (extra: unknown) => safeHandler({ extra } as Parameters<typeof safeHandler>[0]);\n\n const sdkHandler = wrapCapabilityHandlerForMetrics(\n strapi,\n 'tool',\n name,\n definition.telemetry,\n baseHandler\n );\n\n return mcpServer.registerTool(\n name,\n { title, description, inputSchema, outputSchema },\n sdkHandler\n );\n },\n });\n });\n }\n}\n"],"names":["makeMcpToolDefinition","tool","McpToolRegistry","McpCapabilityRegistryBase","bind","mcpServer","strapi","register","definition","name","title","description","resolveInputSchema","resolveOutputSchema","createHandler","context","userAbility","user","createHandlerWithContext","createSafeCapabilityRegistration","capabilityType","createFallbackHandler","errorMessage","content","type","text","isError","createErrorResult","error","message","registerWithSdk","safeHandler","inputSchema","undefined","outputSchema","baseHandler","args","extra","sdkHandler","wrapCapabilityHandlerForMetrics","telemetry","registerTool","ctx","definitions","ability"],"mappings":";;;;;;AAAA;;;;;;;;;;;AAaO,SAASA,sBAQdC,IAUU,EAAA;IAEV,OAAOA,IAAAA;AAQT;AAME,IAAA,OAAA,iBAAA,8BAAA,CAAA,SAAA,CAAA,EAEA,QAAA,iBAAA,8BAAA,CAAA,UAAA,CAAA,EAEA,KAAA,iBAAA,8BAAA,CAAA,OAAA,CAAA;AARK,MAAMC,eAAAA,SACHC,+CAAAA,CAAAA;AAqBRC,IAAAA,IAAAA,CAAKC,SAAoB,EAAE;AACzB,QAAA,MAAMC,MAAAA,GAAS,+BAAA,CAAA,IAAI,EAAC,OAAA,CAAA,CAAA,OAAA,CAAA;QAEpB,KAAK,CAACC,SAAS,CAACC,UAAAA,GAAAA;AACd,YAAA,MAAM,EAAEC,IAAI,EAAEC,KAAK,EAAEC,WAAW,EAAEC,kBAAkB,EAAEC,mBAAmB,EAAEC,aAAa,EAAE,GACxFN,UAAAA;;;AAIF,YAAA,MAAMO,OAAAA,GAAyC;AAC7CC,gBAAAA,WAAW,EAAE,+BAAA,CAAA,IAAI,EAAC,QAAA,CAAA,CAAA,QAAA,CAAA;AAClBC,gBAAAA,IAAI,EAAE,+BAAA,CAAA,IAAI,EAAC,KAAA,CAAA,CAAA,KAAA;AACb,aAAA;AACA,YAAA,MAAMC,wBAAAA,GAA2B,CAACZ,MAAAA,GAAwBQ,aAAAA,CAAcR,MAAAA,EAAQS,OAAAA,CAAAA;AAEhF,YAAA,OAAOI,iEAAAA,CAAiC;AACtCb,gBAAAA,MAAAA;gBACAc,cAAAA,EAAgB,MAAA;AAChBX,gBAAAA,IAAAA;gBACAK,aAAAA,EAAeI,wBAAAA;AACfG,gBAAAA,qBAAAA,CAAAA,CAAsBC,YAAY,EAAA;AAChC,oBAAA,OAAO,WAAa;4BAClBC,OAAAA,EAAS;AACP,gCAAA;oCACEC,IAAAA,EAAM,MAAA;AACNC,oCAAAA,IAAAA,EAAM,CAAC,MAAM,EAAEhB,IAAAA,CAAK,wBAAwB,EAAEa,YAAAA,CAAAA;AAChD;AACD,6BAAA;4BACDI,OAAAA,EAAS;yBACX,CAAA;AACF,gBAAA,CAAA;AACAC,gBAAAA,iBAAAA,CAAAA,CAAkBC,KAAK,EAAA;oBACrB,OAAO;wBACLL,OAAAA,EAAS;AACP,4BAAA;gCACEC,IAAAA,EAAM,MAAA;gCACNC,IAAAA,EAAM,CAAC,MAAM,EAAEhB,IAAAA,CAAK,oBAAoB,EAAEmB,KAAAA,CAAMC,OAAO,CAAA;AACzD;AACD,yBAAA;wBACDH,OAAAA,EAAS;AACX,qBAAA;AACF,gBAAA,CAAA;AACAI,gBAAAA,eAAAA,CAAAA,CAAgBC,WAAW,EAAA;AACzB,oBAAA,MAAMC,WAAAA,GACJpB,kBAAAA,KAAuBqB,SAAAA,GAAYrB,kBAAAA,CAAmBG,OAAAA,CAAAA,GAAWkB,SAAAA;AACnE,oBAAA,MAAMC,eAAerB,mBAAAA,CAAoBE,OAAAA,CAAAA;;;AAIzC,oBAAA,MAAMoB,cACJH,WAAAA,KAAgBC,SAAAA,GACZ,CAACG,IAAAA,EAAeC,QACdN,WAAAA,CAAY;AAAEK,4BAAAA,IAAAA;AAAMC,4BAAAA;yBAAM,CAAA,GAC5B,CAACA,QAAmBN,WAAAA,CAAY;AAAEM,4BAAAA;AAAM,yBAAA,CAAA;AAE9C,oBAAA,MAAMC,aAAaC,+DAAAA,CACjBjC,MAAAA,EACA,QACAG,IAAAA,EACAD,UAAAA,CAAWgC,SAAS,EACpBL,WAAAA,CAAAA;oBAGF,OAAO9B,SAAAA,CAAUoC,YAAY,CAC3BhC,IAAAA,EACA;AAAEC,wBAAAA,KAAAA;AAAOC,wBAAAA,WAAAA;AAAaqB,wBAAAA,WAAAA;AAAaE,wBAAAA;qBAAa,EAChDI,UAAAA,CAAAA;AAEJ,gBAAA;AACF,aAAA,CAAA;AACF,QAAA,CAAA,CAAA;AACF,IAAA;AAnFA,IAAA,WAAA,CAAYI,GAKX,CAAE;AACD,QAAA,KAAK,CAACA,GAAAA,CAAIC,WAAW,CAAA,EAZvB,MAAA,CAAA,cAAA,CAAA,IAAA,EAAA,OAAA,EAAA;;mBAAA;YAEA,MAAA,CAAA,cAAA,CAAA,IAAA,EAAA,QAAA,EAAA;;mBAAA;YAEA,MAAA,CAAA,cAAA,CAAA,IAAA,EAAA,KAAA,EAAA;;mBAAA;;AASE,QAAA,+BAAA,CAAA,IAAI,EAAC,OAAA,CAAA,CAAA,OAAA,CAAA,GAAUD,IAAIpC,MAAM;AACzB,QAAA,+BAAA,CAAA,IAAI,EAAC,QAAA,CAAA,CAAA,QAAA,CAAA,GAAWoC,IAAIE,OAAO;AAC3B,QAAA,+BAAA,CAAA,IAAI,EAAC,KAAA,CAAA,CAAA,KAAA,CAAA,GAAQF,IAAIzB,IAAI;AACvB,IAAA;AA0EF;;;;;"}

package/dist/services/mcp/tool-registry.mjs ADDED Viewed

@@ -0,0 +1,99 @@
+import { McpCapabilityRegistryBase } from './internal/McpCapabilityRegistry.mjs';
+import { wrapCapabilityHandlerForMetrics } from './metrics/wrapCapabilityHandlerForMetrics.mjs';
+import { createSafeCapabilityRegistration } from './utils/createSafeCapabilityRegistration.mjs';
+// eslint-disable-next-line import/extensions
+function _class_private_field_loose_base(receiver, privateKey) {
+    if (!Object.prototype.hasOwnProperty.call(receiver, privateKey)) {
+        throw new TypeError("attempted to use private field on non-instance");
+    }
+    return receiver;
+}
+var id = 0;
+function _class_private_field_loose_key(name) {
+    return "__private_" + id++ + "_" + name;
+}
+function makeMcpToolDefinition(tool) {
+    return tool;
+}
+var _strapi = /*#__PURE__*/ _class_private_field_loose_key("_strapi"), _ability = /*#__PURE__*/ _class_private_field_loose_key("_ability"), _user = /*#__PURE__*/ _class_private_field_loose_key("_user");
+class McpToolRegistry extends McpCapabilityRegistryBase {
+    bind(mcpServer) {
+        const strapi = _class_private_field_loose_base(this, _strapi)[_strapi];
+        super.register((definition)=>{
+            const { name, title, description, resolveInputSchema, resolveOutputSchema, createHandler } = definition;
+            // Bind the session ability and token owner into the handler context so handlers can enforce
+            // field-level and entity-level permission checks and set creator fields.
+            const context = {
+                userAbility: _class_private_field_loose_base(this, _ability)[_ability],
+                user: _class_private_field_loose_base(this, _user)[_user]
+            };
+            const createHandlerWithContext = (strapi)=>createHandler(strapi, context);
+            return createSafeCapabilityRegistration({
+                strapi,
+                capabilityType: 'Tool',
+                name,
+                createHandler: createHandlerWithContext,
+                createFallbackHandler (errorMessage) {
+                    return async ()=>({
+                            content: [
+                                {
+                                    type: 'text',
+                                    text: `Tool "${name}" failed to initialize: ${errorMessage}`
+                                }
+                            ],
+                            isError: true
+                        });
+                },
+                createErrorResult (error) {
+                    return {
+                        content: [
+                            {
+                                type: 'text',
+                                text: `Tool "${name}" execution failed: ${error.message}`
+                            }
+                        ],
+                        isError: true
+                    };
+                },
+                registerWithSdk (safeHandler) {
+                    const inputSchema = resolveInputSchema !== undefined ? resolveInputSchema(context) : undefined;
+                    const outputSchema = resolveOutputSchema(context);
+                    // Adapt from our object-literal handler `({ args, extra })` to
+                    // the MCP SDK's positional form `(args, extra)` / `(extra)`.
+                    const baseHandler = inputSchema !== undefined ? (args, extra)=>safeHandler({
+                            args,
+                            extra
+                        }) : (extra)=>safeHandler({
+                            extra
+                        });
+                    const sdkHandler = wrapCapabilityHandlerForMetrics(strapi, 'tool', name, definition.telemetry, baseHandler);
+                    return mcpServer.registerTool(name, {
+                        title,
+                        description,
+                        inputSchema,
+                        outputSchema
+                    }, sdkHandler);
+                }
+            });
+        });
+    }
+    constructor(ctx){
+        super(ctx.definitions), Object.defineProperty(this, _strapi, {
+            writable: true,
+            value: void 0
+        }), Object.defineProperty(this, _ability, {
+            writable: true,
+            value: void 0
+        }), Object.defineProperty(this, _user, {
+            writable: true,
+            value: void 0
+        });
+        _class_private_field_loose_base(this, _strapi)[_strapi] = ctx.strapi;
+        _class_private_field_loose_base(this, _ability)[_ability] = ctx.ability;
+        _class_private_field_loose_base(this, _user)[_user] = ctx.user;
+    }
+}
+export { McpToolRegistry, makeMcpToolDefinition };
+//# sourceMappingURL=tool-registry.mjs.map

package/dist/services/mcp/tool-registry.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"tool-registry.mjs","sources":["../../../src/services/mcp/tool-registry.ts"],"sourcesContent":["// eslint-disable-next-line import/extensions\nimport type { McpServer, RegisteredTool } from '@modelcontextprotocol/sdk/server/mcp.js';\nimport type { Core, Modules } from '@strapi/types';\nimport { z } from '@strapi/utils';\nimport { McpCapabilityDefinitionRegistry } from './internal/McpCapabilityDefinitionRegistry';\nimport {\n type McpCapabilityRegistry,\n McpCapabilityRegistryBase,\n} from './internal/McpCapabilityRegistry';\nimport { wrapCapabilityHandlerForMetrics } from './metrics/wrapCapabilityHandlerForMetrics';\nimport { createSafeCapabilityRegistration } from './utils/createSafeCapabilityRegistration';\nimport type { McpAdminTokenAbility } from './authentication';\n\nexport function makeMcpToolDefinition<\n Name extends string,\n Title extends string,\n Description extends string,\n OutputSchema extends z.ZodObject<z.ZodRawShape>,\n InputSchema extends z.ZodObject<z.ZodRawShape> | undefined = undefined,\n Access extends Modules.MCP.McpCapabilityAccess = Modules.MCP.McpCapabilityAccess,\n>(\n tool: {\n name: Name;\n title: Title;\n description: Description;\n resolveInputSchema?: (context: Modules.MCP.McpHandlerContext) => InputSchema;\n resolveOutputSchema: (context: Modules.MCP.McpHandlerContext) => OutputSchema;\n createHandler: (\n strapi: Core.Strapi,\n context: Modules.MCP.McpHandlerContext\n ) => Modules.MCP.McpToolHandler<NoInfer<InputSchema>, NoInfer<OutputSchema>>;\n } & Access\n): Modules.MCP.McpToolDefinition<Name, InputSchema, OutputSchema, Title, Description> & Access {\n return tool as Modules.MCP.McpToolDefinition<\n Name,\n InputSchema,\n OutputSchema,\n Title,\n Description\n > &\n Access;\n}\n\nexport class McpToolRegistry\n extends McpCapabilityRegistryBase<'tool', Modules.MCP.McpToolDefinition, RegisteredTool>\n implements McpCapabilityRegistry\n{\n #strapi: Core.Strapi;\n\n #ability: McpAdminTokenAbility;\n\n #user: Modules.MCP.McpHandlerContext['user'];\n\n constructor(ctx: {\n strapi: Core.Strapi;\n definitions: McpCapabilityDefinitionRegistry<'tool', Modules.MCP.McpToolDefinition>;\n ability: McpAdminTokenAbility;\n user: Modules.MCP.McpHandlerContext['user'];\n }) {\n super(ctx.definitions);\n this.#strapi = ctx.strapi;\n this.#ability = ctx.ability;\n this.#user = ctx.user;\n }\n\n bind(mcpServer: McpServer) {\n const strapi = this.#strapi;\n\n super.register((definition) => {\n const { name, title, description, resolveInputSchema, resolveOutputSchema, createHandler } =\n definition;\n\n // Bind the session ability and token owner into the handler context so handlers can enforce\n // field-level and entity-level permission checks and set creator fields.\n const context: Modules.MCP.McpHandlerContext = {\n userAbility: this.#ability,\n user: this.#user,\n };\n const createHandlerWithContext = (strapi: Core.Strapi) => createHandler(strapi, context);\n\n return createSafeCapabilityRegistration({\n strapi,\n capabilityType: 'Tool',\n name,\n createHandler: createHandlerWithContext,\n createFallbackHandler(errorMessage) {\n return async () => ({\n content: [\n {\n type: 'text' as const,\n text: `Tool \"${name}\" failed to initialize: ${errorMessage}`,\n },\n ],\n isError: true,\n });\n },\n createErrorResult(error) {\n return {\n content: [\n {\n type: 'text' as const,\n text: `Tool \"${name}\" execution failed: ${error.message}`,\n },\n ],\n isError: true,\n };\n },\n registerWithSdk(safeHandler) {\n const inputSchema =\n resolveInputSchema !== undefined ? resolveInputSchema(context) : undefined;\n const outputSchema = resolveOutputSchema(context);\n\n // Adapt from our object-literal handler `({ args, extra })` to\n // the MCP SDK's positional form `(args, extra)` / `(extra)`.\n const baseHandler =\n inputSchema !== undefined\n ? (args: unknown, extra: unknown) =>\n safeHandler({ args, extra } as Parameters<typeof safeHandler>[0])\n : (extra: unknown) => safeHandler({ extra } as Parameters<typeof safeHandler>[0]);\n\n const sdkHandler = wrapCapabilityHandlerForMetrics(\n strapi,\n 'tool',\n name,\n definition.telemetry,\n baseHandler\n );\n\n return mcpServer.registerTool(\n name,\n { title, description, inputSchema, outputSchema },\n sdkHandler\n );\n },\n });\n });\n }\n}\n"],"names":["makeMcpToolDefinition","tool","McpToolRegistry","McpCapabilityRegistryBase","bind","mcpServer","strapi","register","definition","name","title","description","resolveInputSchema","resolveOutputSchema","createHandler","context","userAbility","user","createHandlerWithContext","createSafeCapabilityRegistration","capabilityType","createFallbackHandler","errorMessage","content","type","text","isError","createErrorResult","error","message","registerWithSdk","safeHandler","inputSchema","undefined","outputSchema","baseHandler","args","extra","sdkHandler","wrapCapabilityHandlerForMetrics","telemetry","registerTool","ctx","definitions","ability"],"mappings":";;;;AAAA;;;;;;;;;;;AAaO,SAASA,sBAQdC,IAUU,EAAA;IAEV,OAAOA,IAAAA;AAQT;AAME,IAAA,OAAA,iBAAA,8BAAA,CAAA,SAAA,CAAA,EAEA,QAAA,iBAAA,8BAAA,CAAA,UAAA,CAAA,EAEA,KAAA,iBAAA,8BAAA,CAAA,OAAA,CAAA;AARK,MAAMC,eAAAA,SACHC,yBAAAA,CAAAA;AAqBRC,IAAAA,IAAAA,CAAKC,SAAoB,EAAE;AACzB,QAAA,MAAMC,MAAAA,GAAS,+BAAA,CAAA,IAAI,EAAC,OAAA,CAAA,CAAA,OAAA,CAAA;QAEpB,KAAK,CAACC,SAAS,CAACC,UAAAA,GAAAA;AACd,YAAA,MAAM,EAAEC,IAAI,EAAEC,KAAK,EAAEC,WAAW,EAAEC,kBAAkB,EAAEC,mBAAmB,EAAEC,aAAa,EAAE,GACxFN,UAAAA;;;AAIF,YAAA,MAAMO,OAAAA,GAAyC;AAC7CC,gBAAAA,WAAW,EAAE,+BAAA,CAAA,IAAI,EAAC,QAAA,CAAA,CAAA,QAAA,CAAA;AAClBC,gBAAAA,IAAI,EAAE,+BAAA,CAAA,IAAI,EAAC,KAAA,CAAA,CAAA,KAAA;AACb,aAAA;AACA,YAAA,MAAMC,wBAAAA,GAA2B,CAACZ,MAAAA,GAAwBQ,aAAAA,CAAcR,MAAAA,EAAQS,OAAAA,CAAAA;AAEhF,YAAA,OAAOI,gCAAAA,CAAiC;AACtCb,gBAAAA,MAAAA;gBACAc,cAAAA,EAAgB,MAAA;AAChBX,gBAAAA,IAAAA;gBACAK,aAAAA,EAAeI,wBAAAA;AACfG,gBAAAA,qBAAAA,CAAAA,CAAsBC,YAAY,EAAA;AAChC,oBAAA,OAAO,WAAa;4BAClBC,OAAAA,EAAS;AACP,gCAAA;oCACEC,IAAAA,EAAM,MAAA;AACNC,oCAAAA,IAAAA,EAAM,CAAC,MAAM,EAAEhB,IAAAA,CAAK,wBAAwB,EAAEa,YAAAA,CAAAA;AAChD;AACD,6BAAA;4BACDI,OAAAA,EAAS;yBACX,CAAA;AACF,gBAAA,CAAA;AACAC,gBAAAA,iBAAAA,CAAAA,CAAkBC,KAAK,EAAA;oBACrB,OAAO;wBACLL,OAAAA,EAAS;AACP,4BAAA;gCACEC,IAAAA,EAAM,MAAA;gCACNC,IAAAA,EAAM,CAAC,MAAM,EAAEhB,IAAAA,CAAK,oBAAoB,EAAEmB,KAAAA,CAAMC,OAAO,CAAA;AACzD;AACD,yBAAA;wBACDH,OAAAA,EAAS;AACX,qBAAA;AACF,gBAAA,CAAA;AACAI,gBAAAA,eAAAA,CAAAA,CAAgBC,WAAW,EAAA;AACzB,oBAAA,MAAMC,WAAAA,GACJpB,kBAAAA,KAAuBqB,SAAAA,GAAYrB,kBAAAA,CAAmBG,OAAAA,CAAAA,GAAWkB,SAAAA;AACnE,oBAAA,MAAMC,eAAerB,mBAAAA,CAAoBE,OAAAA,CAAAA;;;AAIzC,oBAAA,MAAMoB,cACJH,WAAAA,KAAgBC,SAAAA,GACZ,CAACG,IAAAA,EAAeC,QACdN,WAAAA,CAAY;AAAEK,4BAAAA,IAAAA;AAAMC,4BAAAA;yBAAM,CAAA,GAC5B,CAACA,QAAmBN,WAAAA,CAAY;AAAEM,4BAAAA;AAAM,yBAAA,CAAA;AAE9C,oBAAA,MAAMC,aAAaC,+BAAAA,CACjBjC,MAAAA,EACA,QACAG,IAAAA,EACAD,UAAAA,CAAWgC,SAAS,EACpBL,WAAAA,CAAAA;oBAGF,OAAO9B,SAAAA,CAAUoC,YAAY,CAC3BhC,IAAAA,EACA;AAAEC,wBAAAA,KAAAA;AAAOC,wBAAAA,WAAAA;AAAaqB,wBAAAA,WAAAA;AAAaE,wBAAAA;qBAAa,EAChDI,UAAAA,CAAAA;AAEJ,gBAAA;AACF,aAAA,CAAA;AACF,QAAA,CAAA,CAAA;AACF,IAAA;AAnFA,IAAA,WAAA,CAAYI,GAKX,CAAE;AACD,QAAA,KAAK,CAACA,GAAAA,CAAIC,WAAW,CAAA,EAZvB,MAAA,CAAA,cAAA,CAAA,IAAA,EAAA,OAAA,EAAA;;mBAAA;YAEA,MAAA,CAAA,cAAA,CAAA,IAAA,EAAA,QAAA,EAAA;;mBAAA;YAEA,MAAA,CAAA,cAAA,CAAA,IAAA,EAAA,KAAA,EAAA;;mBAAA;;AASE,QAAA,+BAAA,CAAA,IAAI,EAAC,OAAA,CAAA,CAAA,OAAA,CAAA,GAAUD,IAAIpC,MAAM;AACzB,QAAA,+BAAA,CAAA,IAAI,EAAC,QAAA,CAAA,CAAA,QAAA,CAAA,GAAWoC,IAAIE,OAAO;AAC3B,QAAA,+BAAA,CAAA,IAAI,EAAC,KAAA,CAAA,CAAA,KAAA,CAAA,GAAQF,IAAIzB,IAAI;AACvB,IAAA;AA0EF;;;;"}

package/dist/services/mcp/tools/log.d.ts ADDED Viewed

@@ -0,0 +1,87 @@
+import { z } from '@strapi/utils';
+export declare const logToolDefinition: {
+    name: "log";
+    telemetry?: import("@strapi/types/dist/modules/mcp").McpCapabilityTelemetry | undefined;
+} & {
+    devModeOnly: true;
+    auth?: undefined;
+} & {
+    title: "Strapi Log";
+    description: "Logs a message to the Strapi logger with specified level";
+    resolveInputSchema?: import("@strapi/types/dist/modules/mcp").McpToolSchemaResolver<z.ZodObject<{
+        message: z.ZodString;
+        level: z.ZodDefault<z.ZodEnum<{
+            http: "http";
+            info: "info";
+            error: "error";
+            log: "log";
+            warn: "warn";
+        }>>;
+    }, z.core.$strip>> | undefined;
+    resolveOutputSchema: import("@strapi/types/dist/modules/mcp").McpToolSchemaResolver<z.ZodObject<{
+        status: z.ZodString;
+        message: z.ZodString;
+        level: z.ZodString;
+        timestamp: z.ZodString;
+    }, z.core.$strip>>;
+    createHandler: (strapi: import("@strapi/types/dist/core").Strapi, context: import("@strapi/types/dist/modules/mcp").McpHandlerContext) => import("@strapi/types/dist/modules/mcp").McpToolHandler<NoInfer<z.ZodObject<{
+        message: z.ZodString;
+        level: z.ZodDefault<z.ZodEnum<{
+            http: "http";
+            info: "info";
+            error: "error";
+            log: "log";
+            warn: "warn";
+        }>>;
+    }, z.core.$strip>>, NoInfer<z.ZodObject<{
+        status: z.ZodString;
+        message: z.ZodString;
+        level: z.ZodString;
+        timestamp: z.ZodString;
+    }, z.core.$strip>>>;
+} & {
+    name: "log";
+    title: "Strapi Log";
+    description: "Logs a message to the Strapi logger with specified level";
+    resolveInputSchema: () => z.ZodObject<{
+        message: z.ZodString;
+        level: z.ZodDefault<z.ZodEnum<{
+            http: "http";
+            info: "info";
+            error: "error";
+            log: "log";
+            warn: "warn";
+        }>>;
+    }, z.core.$strip>;
+    resolveOutputSchema: () => z.ZodObject<{
+        status: z.ZodString;
+        message: z.ZodString;
+        level: z.ZodString;
+        timestamp: z.ZodString;
+    }, z.core.$strip>;
+    telemetry: {
+        source: string;
+        name: string;
+    };
+    devModeOnly: true;
+    createHandler: (strapi: import("@strapi/types/dist/core").Strapi) => ({ args }: {
+        extra: import("@modelcontextprotocol/sdk/shared/protocol").RequestHandlerExtra<import("@modelcontextprotocol/sdk/types").ServerRequest, import("@modelcontextprotocol/sdk/types").ServerNotification>;
+    } & {
+        args: {
+            message: string;
+            level: "http" | "info" | "error" | "log" | "warn";
+        };
+    }) => Promise<{
+        content: {
+            type: "text";
+            text: string;
+        }[];
+        structuredContent: {
+            status: string;
+            message: string;
+            level: "http" | "info" | "error" | "log" | "warn";
+            timestamp: string;
+        };
+    }>;
+};
+//# sourceMappingURL=log.d.ts.map

package/dist/services/mcp/tools/log.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"log.d.ts","sourceRoot":"","sources":["../../../../src/services/mcp/tools/log.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,eAAe,CAAC;AAmBlC,eAAO,MAAM,iBAAiB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAwE5B,CAAC"}

package/dist/services/mcp/tools/log.js ADDED Viewed

@@ -0,0 +1,88 @@
+'use strict';
+var strapiUtils = require('@strapi/utils');
+var toolRegistry = require('../tool-registry.js');
+const inputSchema = strapiUtils.z.object({
+    message: strapiUtils.z.string().describe('Message to log'),
+    level: strapiUtils.z.enum([
+        'info',
+        'http',
+        'warn',
+        'error',
+        'log'
+    ]).default('info').describe('Log level (default: info)')
+});
+const outputSchema = strapiUtils.z.object({
+    status: strapiUtils.z.string(),
+    message: strapiUtils.z.string(),
+    level: strapiUtils.z.string(),
+    timestamp: strapiUtils.z.string()
+});
+const logToolDefinition = toolRegistry.makeMcpToolDefinition({
+    name: 'log',
+    title: 'Strapi Log',
+    description: 'Logs a message to the Strapi logger with specified level',
+    resolveInputSchema: ()=>inputSchema,
+    resolveOutputSchema: ()=>outputSchema,
+    telemetry: {
+        source: 'core',
+        name: 'log'
+    },
+    devModeOnly: true,
+    createHandler: (strapi)=>async ({ args })=>{
+            const { message, level } = args;
+            // Security: Sanitize message to prevent log injection
+            // 1. Limit length to prevent log spam (10KB max)
+            const MAX_MESSAGE_LENGTH = 10 * 1024;
+            let sanitizedMessage = message.length > MAX_MESSAGE_LENGTH ? `${message.substring(0, MAX_MESSAGE_LENGTH)}...[truncated]` : message;
+            // 2. Remove control characters (including ANSI escape codes)
+            // This regex matches: \x00-\x1F (C0 controls), \x7F (DEL), \x80-\x9F (C1 controls)
+            // and ANSI escape sequences (\x1B[ followed by parameters and command)
+            sanitizedMessage = sanitizedMessage// eslint-disable-next-line no-control-regex
+            .replace(/\x1B\[[0-9;]*[A-Za-z]/g, '') // Remove ANSI escape sequences
+            // eslint-disable-next-line no-control-regex
+            .replace(/[\x00-\x1F\x7F-\x9F]/g, ''); // Remove control characters
+            // 3. Replace newlines with spaces to prevent fake log entry injection
+            sanitizedMessage = sanitizedMessage.replace(/[\r\n]+/g, ' ');
+            // 4. Trim whitespace
+            sanitizedMessage = sanitizedMessage.trim();
+            // Map level to appropriate logger method
+            switch(level){
+                case 'http':
+                    strapi.log.http(`[MCP] ${sanitizedMessage}`);
+                    break;
+                case 'warn':
+                    strapi.log.warn(`[MCP] ${sanitizedMessage}`);
+                    break;
+                case 'error':
+                    strapi.log.error(`[MCP] ${sanitizedMessage}`);
+                    break;
+                case 'log':
+                    strapi.log.info(`[MCP] ${sanitizedMessage}`);
+                    break;
+                case 'info':
+                default:
+                    strapi.log.info(`[MCP] ${sanitizedMessage}`);
+                    break;
+            }
+            const result = {
+                status: 'logged',
+                message: sanitizedMessage,
+                level,
+                timestamp: new Date().toISOString()
+            };
+            return {
+                content: [
+                    {
+                        type: 'text',
+                        text: JSON.stringify(result, null, 2)
+                    }
+                ],
+                structuredContent: result
+            };
+        }
+});
+exports.logToolDefinition = logToolDefinition;
+//# sourceMappingURL=log.js.map

package/dist/services/mcp/tools/log.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"log.js","sources":["../../../../src/services/mcp/tools/log.ts"],"sourcesContent":["import { z } from '@strapi/utils';\n\nimport { makeMcpToolDefinition } from '../tool-registry';\n\nconst inputSchema = z.object({\n message: z.string().describe('Message to log'),\n level: z\n .enum(['info', 'http', 'warn', 'error', 'log'])\n .default('info')\n .describe('Log level (default: info)'),\n});\n\nconst outputSchema = z.object({\n status: z.string(),\n message: z.string(),\n level: z.string(),\n timestamp: z.string(),\n});\n\nexport const logToolDefinition = makeMcpToolDefinition({\n name: 'log',\n title: 'Strapi Log',\n description: 'Logs a message to the Strapi logger with specified level',\n resolveInputSchema: () => inputSchema,\n resolveOutputSchema: () => outputSchema,\n telemetry: { source: 'core', name: 'log' },\n devModeOnly: true,\n createHandler:\n (strapi) =>\n async ({ args }) => {\n const { message, level } = args;\n\n // Security: Sanitize message to prevent log injection\n // 1. Limit length to prevent log spam (10KB max)\n const MAX_MESSAGE_LENGTH = 10 * 1024;\n let sanitizedMessage =\n message.length > MAX_MESSAGE_LENGTH\n ? `${message.substring(0, MAX_MESSAGE_LENGTH)}...[truncated]`\n : message;\n\n // 2. Remove control characters (including ANSI escape codes)\n // This regex matches: \\x00-\\x1F (C0 controls), \\x7F (DEL), \\x80-\\x9F (C1 controls)\n // and ANSI escape sequences (\\x1B[ followed by parameters and command)\n sanitizedMessage = sanitizedMessage\n // eslint-disable-next-line no-control-regex\n .replace(/\\x1B\\[[0-9;]*[A-Za-z]/g, '') // Remove ANSI escape sequences\n // eslint-disable-next-line no-control-regex\n .replace(/[\\x00-\\x1F\\x7F-\\x9F]/g, ''); // Remove control characters\n\n // 3. Replace newlines with spaces to prevent fake log entry injection\n sanitizedMessage = sanitizedMessage.replace(/[\\r\\n]+/g, ' ');\n\n // 4. Trim whitespace\n sanitizedMessage = sanitizedMessage.trim();\n\n // Map level to appropriate logger method\n switch (level) {\n case 'http':\n strapi.log.http(`[MCP] ${sanitizedMessage}`);\n break;\n case 'warn':\n strapi.log.warn(`[MCP] ${sanitizedMessage}`);\n break;\n case 'error':\n strapi.log.error(`[MCP] ${sanitizedMessage}`);\n break;\n case 'log':\n strapi.log.info(`[MCP] ${sanitizedMessage}`);\n break;\n case 'info':\n default:\n strapi.log.info(`[MCP] ${sanitizedMessage}`);\n break;\n }\n\n const result = {\n status: 'logged',\n message: sanitizedMessage,\n level,\n timestamp: new Date().toISOString(),\n };\n return {\n content: [\n {\n type: 'text' as const,\n text: JSON.stringify(result, null, 2),\n },\n ],\n structuredContent: result,\n };\n },\n});\n"],"names":["inputSchema","z","object","message","string","describe","level","enum","default","outputSchema","status","timestamp","logToolDefinition","makeMcpToolDefinition","name","title","description","resolveInputSchema","resolveOutputSchema","telemetry","source","devModeOnly","createHandler","strapi","args","MAX_MESSAGE_LENGTH","sanitizedMessage","length","substring","replace","trim","log","http","warn","error","info","result","Date","toISOString","content","type","text","JSON","stringify","structuredContent"],"mappings":";;;;;AAIA,MAAMA,WAAAA,GAAcC,aAAAA,CAAEC,MAAM,CAAC;AAC3BC,IAAAA,OAAAA,EAASF,aAAAA,CAAEG,MAAM,EAAA,CAAGC,QAAQ,CAAC,gBAAA,CAAA;IAC7BC,KAAAA,EAAOL,aAAAA,CACJM,IAAI,CAAC;AAAC,QAAA,MAAA;AAAQ,QAAA,MAAA;AAAQ,QAAA,MAAA;AAAQ,QAAA,OAAA;AAAS,QAAA;AAAM,KAAA,CAAA,CAC7CC,OAAO,CAAC,MAAA,CAAA,CACRH,QAAQ,CAAC,2BAAA;AACd,CAAA,CAAA;AAEA,MAAMI,YAAAA,GAAeR,aAAAA,CAAEC,MAAM,CAAC;AAC5BQ,IAAAA,MAAAA,EAAQT,cAAEG,MAAM,EAAA;AAChBD,IAAAA,OAAAA,EAASF,cAAEG,MAAM,EAAA;AACjBE,IAAAA,KAAAA,EAAOL,cAAEG,MAAM,EAAA;AACfO,IAAAA,SAAAA,EAAWV,cAAEG,MAAM;AACrB,CAAA,CAAA;AAEO,MAAMQ,oBAAoBC,kCAAAA,CAAsB;IACrDC,IAAAA,EAAM,KAAA;IACNC,KAAAA,EAAO,YAAA;IACPC,WAAAA,EAAa,0DAAA;AACbC,IAAAA,kBAAAA,EAAoB,IAAMjB,WAAAA;AAC1BkB,IAAAA,mBAAAA,EAAqB,IAAMT,YAAAA;IAC3BU,SAAAA,EAAW;QAAEC,MAAAA,EAAQ,MAAA;QAAQN,IAAAA,EAAM;AAAM,KAAA;IACzCO,WAAAA,EAAa,IAAA;AACbC,IAAAA,aAAAA,EACE,CAACC,MAAAA,GACD,OAAO,EAAEC,IAAI,EAAE,GAAA;AACb,YAAA,MAAM,EAAErB,OAAO,EAAEG,KAAK,EAAE,GAAGkB,IAAAA;;;AAI3B,YAAA,MAAMC,qBAAqB,EAAA,GAAK,IAAA;AAChC,YAAA,IAAIC,gBAAAA,GACFvB,OAAAA,CAAQwB,MAAM,GAAGF,kBAAAA,GACb,CAAA,EAAGtB,OAAAA,CAAQyB,SAAS,CAAC,CAAA,EAAGH,kBAAAA,CAAAA,CAAoB,cAAc,CAAC,GAC3DtB,OAAAA;;;;AAKNuB,YAAAA,gBAAAA,GAAmBA,gBACjB;aACCG,OAAO,CAAC,wBAAA,EAA0B,EAAA,CAAA;;aAElCA,OAAO,CAAC,uBAAA,EAAyB,EAAA,CAAA,CAAA;;YAGpCH,gBAAAA,GAAmBA,gBAAAA,CAAiBG,OAAO,CAAC,UAAA,EAAY,GAAA,CAAA;;AAGxDH,YAAAA,gBAAAA,GAAmBA,iBAAiBI,IAAI,EAAA;;YAGxC,OAAQxB,KAAAA;gBACN,KAAK,MAAA;AACHiB,oBAAAA,MAAAA,CAAOQ,GAAG,CAACC,IAAI,CAAC,CAAC,MAAM,EAAEN,gBAAAA,CAAAA,CAAkB,CAAA;AAC3C,oBAAA;gBACF,KAAK,MAAA;AACHH,oBAAAA,MAAAA,CAAOQ,GAAG,CAACE,IAAI,CAAC,CAAC,MAAM,EAAEP,gBAAAA,CAAAA,CAAkB,CAAA;AAC3C,oBAAA;gBACF,KAAK,OAAA;AACHH,oBAAAA,MAAAA,CAAOQ,GAAG,CAACG,KAAK,CAAC,CAAC,MAAM,EAAER,gBAAAA,CAAAA,CAAkB,CAAA;AAC5C,oBAAA;gBACF,KAAK,KAAA;AACHH,oBAAAA,MAAAA,CAAOQ,GAAG,CAACI,IAAI,CAAC,CAAC,MAAM,EAAET,gBAAAA,CAAAA,CAAkB,CAAA;AAC3C,oBAAA;gBACF,KAAK,MAAA;AACL,gBAAA;AACEH,oBAAAA,MAAAA,CAAOQ,GAAG,CAACI,IAAI,CAAC,CAAC,MAAM,EAAET,gBAAAA,CAAAA,CAAkB,CAAA;AAC3C,oBAAA;AACJ;AAEA,YAAA,MAAMU,MAAAA,GAAS;gBACb1B,MAAAA,EAAQ,QAAA;gBACRP,OAAAA,EAASuB,gBAAAA;AACTpB,gBAAAA,KAAAA;gBACAK,SAAAA,EAAW,IAAI0B,OAAOC,WAAW;AACnC,aAAA;YACA,OAAO;gBACLC,OAAAA,EAAS;AACP,oBAAA;wBACEC,IAAAA,EAAM,MAAA;AACNC,wBAAAA,IAAAA,EAAMC,IAAAA,CAAKC,SAAS,CAACP,MAAAA,EAAQ,IAAA,EAAM,CAAA;AACrC;AACD,iBAAA;gBACDQ,iBAAAA,EAAmBR;AACrB,aAAA;AACF,QAAA;AACJ,CAAA;;;;"}

package/dist/services/mcp/tools/log.mjs ADDED Viewed

@@ -0,0 +1,86 @@
+import { z } from '@strapi/utils';
+import { makeMcpToolDefinition } from '../tool-registry.mjs';
+const inputSchema = z.object({
+    message: z.string().describe('Message to log'),
+    level: z.enum([
+        'info',
+        'http',
+        'warn',
+        'error',
+        'log'
+    ]).default('info').describe('Log level (default: info)')
+});
+const outputSchema = z.object({
+    status: z.string(),
+    message: z.string(),
+    level: z.string(),
+    timestamp: z.string()
+});
+const logToolDefinition = makeMcpToolDefinition({
+    name: 'log',
+    title: 'Strapi Log',
+    description: 'Logs a message to the Strapi logger with specified level',
+    resolveInputSchema: ()=>inputSchema,
+    resolveOutputSchema: ()=>outputSchema,
+    telemetry: {
+        source: 'core',
+        name: 'log'
+    },
+    devModeOnly: true,
+    createHandler: (strapi)=>async ({ args })=>{
+            const { message, level } = args;
+            // Security: Sanitize message to prevent log injection
+            // 1. Limit length to prevent log spam (10KB max)
+            const MAX_MESSAGE_LENGTH = 10 * 1024;
+            let sanitizedMessage = message.length > MAX_MESSAGE_LENGTH ? `${message.substring(0, MAX_MESSAGE_LENGTH)}...[truncated]` : message;
+            // 2. Remove control characters (including ANSI escape codes)
+            // This regex matches: \x00-\x1F (C0 controls), \x7F (DEL), \x80-\x9F (C1 controls)
+            // and ANSI escape sequences (\x1B[ followed by parameters and command)
+            sanitizedMessage = sanitizedMessage// eslint-disable-next-line no-control-regex
+            .replace(/\x1B\[[0-9;]*[A-Za-z]/g, '') // Remove ANSI escape sequences
+            // eslint-disable-next-line no-control-regex
+            .replace(/[\x00-\x1F\x7F-\x9F]/g, ''); // Remove control characters
+            // 3. Replace newlines with spaces to prevent fake log entry injection
+            sanitizedMessage = sanitizedMessage.replace(/[\r\n]+/g, ' ');
+            // 4. Trim whitespace
+            sanitizedMessage = sanitizedMessage.trim();
+            // Map level to appropriate logger method
+            switch(level){
+                case 'http':
+                    strapi.log.http(`[MCP] ${sanitizedMessage}`);
+                    break;
+                case 'warn':
+                    strapi.log.warn(`[MCP] ${sanitizedMessage}`);
+                    break;
+                case 'error':
+                    strapi.log.error(`[MCP] ${sanitizedMessage}`);
+                    break;
+                case 'log':
+                    strapi.log.info(`[MCP] ${sanitizedMessage}`);
+                    break;
+                case 'info':
+                default:
+                    strapi.log.info(`[MCP] ${sanitizedMessage}`);
+                    break;
+            }
+            const result = {
+                status: 'logged',
+                message: sanitizedMessage,
+                level,
+                timestamp: new Date().toISOString()
+            };
+            return {
+                content: [
+                    {
+                        type: 'text',
+                        text: JSON.stringify(result, null, 2)
+                    }
+                ],
+                structuredContent: result
+            };
+        }
+});
+export { logToolDefinition };
+//# sourceMappingURL=log.mjs.map

package/dist/services/mcp/tools/log.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"log.mjs","sources":["../../../../src/services/mcp/tools/log.ts"],"sourcesContent":["import { z } from '@strapi/utils';\n\nimport { makeMcpToolDefinition } from '../tool-registry';\n\nconst inputSchema = z.object({\n message: z.string().describe('Message to log'),\n level: z\n .enum(['info', 'http', 'warn', 'error', 'log'])\n .default('info')\n .describe('Log level (default: info)'),\n});\n\nconst outputSchema = z.object({\n status: z.string(),\n message: z.string(),\n level: z.string(),\n timestamp: z.string(),\n});\n\nexport const logToolDefinition = makeMcpToolDefinition({\n name: 'log',\n title: 'Strapi Log',\n description: 'Logs a message to the Strapi logger with specified level',\n resolveInputSchema: () => inputSchema,\n resolveOutputSchema: () => outputSchema,\n telemetry: { source: 'core', name: 'log' },\n devModeOnly: true,\n createHandler:\n (strapi) =>\n async ({ args }) => {\n const { message, level } = args;\n\n // Security: Sanitize message to prevent log injection\n // 1. Limit length to prevent log spam (10KB max)\n const MAX_MESSAGE_LENGTH = 10 * 1024;\n let sanitizedMessage =\n message.length > MAX_MESSAGE_LENGTH\n ? `${message.substring(0, MAX_MESSAGE_LENGTH)}...[truncated]`\n : message;\n\n // 2. Remove control characters (including ANSI escape codes)\n // This regex matches: \\x00-\\x1F (C0 controls), \\x7F (DEL), \\x80-\\x9F (C1 controls)\n // and ANSI escape sequences (\\x1B[ followed by parameters and command)\n sanitizedMessage = sanitizedMessage\n // eslint-disable-next-line no-control-regex\n .replace(/\\x1B\\[[0-9;]*[A-Za-z]/g, '') // Remove ANSI escape sequences\n // eslint-disable-next-line no-control-regex\n .replace(/[\\x00-\\x1F\\x7F-\\x9F]/g, ''); // Remove control characters\n\n // 3. Replace newlines with spaces to prevent fake log entry injection\n sanitizedMessage = sanitizedMessage.replace(/[\\r\\n]+/g, ' ');\n\n // 4. Trim whitespace\n sanitizedMessage = sanitizedMessage.trim();\n\n // Map level to appropriate logger method\n switch (level) {\n case 'http':\n strapi.log.http(`[MCP] ${sanitizedMessage}`);\n break;\n case 'warn':\n strapi.log.warn(`[MCP] ${sanitizedMessage}`);\n break;\n case 'error':\n strapi.log.error(`[MCP] ${sanitizedMessage}`);\n break;\n case 'log':\n strapi.log.info(`[MCP] ${sanitizedMessage}`);\n break;\n case 'info':\n default:\n strapi.log.info(`[MCP] ${sanitizedMessage}`);\n break;\n }\n\n const result = {\n status: 'logged',\n message: sanitizedMessage,\n level,\n timestamp: new Date().toISOString(),\n };\n return {\n content: [\n {\n type: 'text' as const,\n text: JSON.stringify(result, null, 2),\n },\n ],\n structuredContent: result,\n };\n },\n});\n"],"names":["inputSchema","z","object","message","string","describe","level","enum","default","outputSchema","status","timestamp","logToolDefinition","makeMcpToolDefinition","name","title","description","resolveInputSchema","resolveOutputSchema","telemetry","source","devModeOnly","createHandler","strapi","args","MAX_MESSAGE_LENGTH","sanitizedMessage","length","substring","replace","trim","log","http","warn","error","info","result","Date","toISOString","content","type","text","JSON","stringify","structuredContent"],"mappings":";;;AAIA,MAAMA,WAAAA,GAAcC,CAAAA,CAAEC,MAAM,CAAC;AAC3BC,IAAAA,OAAAA,EAASF,CAAAA,CAAEG,MAAM,EAAA,CAAGC,QAAQ,CAAC,gBAAA,CAAA;IAC7BC,KAAAA,EAAOL,CAAAA,CACJM,IAAI,CAAC;AAAC,QAAA,MAAA;AAAQ,QAAA,MAAA;AAAQ,QAAA,MAAA;AAAQ,QAAA,OAAA;AAAS,QAAA;AAAM,KAAA,CAAA,CAC7CC,OAAO,CAAC,MAAA,CAAA,CACRH,QAAQ,CAAC,2BAAA;AACd,CAAA,CAAA;AAEA,MAAMI,YAAAA,GAAeR,CAAAA,CAAEC,MAAM,CAAC;AAC5BQ,IAAAA,MAAAA,EAAQT,EAAEG,MAAM,EAAA;AAChBD,IAAAA,OAAAA,EAASF,EAAEG,MAAM,EAAA;AACjBE,IAAAA,KAAAA,EAAOL,EAAEG,MAAM,EAAA;AACfO,IAAAA,SAAAA,EAAWV,EAAEG,MAAM;AACrB,CAAA,CAAA;AAEO,MAAMQ,oBAAoBC,qBAAAA,CAAsB;IACrDC,IAAAA,EAAM,KAAA;IACNC,KAAAA,EAAO,YAAA;IACPC,WAAAA,EAAa,0DAAA;AACbC,IAAAA,kBAAAA,EAAoB,IAAMjB,WAAAA;AAC1BkB,IAAAA,mBAAAA,EAAqB,IAAMT,YAAAA;IAC3BU,SAAAA,EAAW;QAAEC,MAAAA,EAAQ,MAAA;QAAQN,IAAAA,EAAM;AAAM,KAAA;IACzCO,WAAAA,EAAa,IAAA;AACbC,IAAAA,aAAAA,EACE,CAACC,MAAAA,GACD,OAAO,EAAEC,IAAI,EAAE,GAAA;AACb,YAAA,MAAM,EAAErB,OAAO,EAAEG,KAAK,EAAE,GAAGkB,IAAAA;;;AAI3B,YAAA,MAAMC,qBAAqB,EAAA,GAAK,IAAA;AAChC,YAAA,IAAIC,gBAAAA,GACFvB,OAAAA,CAAQwB,MAAM,GAAGF,kBAAAA,GACb,CAAA,EAAGtB,OAAAA,CAAQyB,SAAS,CAAC,CAAA,EAAGH,kBAAAA,CAAAA,CAAoB,cAAc,CAAC,GAC3DtB,OAAAA;;;;AAKNuB,YAAAA,gBAAAA,GAAmBA,gBACjB;aACCG,OAAO,CAAC,wBAAA,EAA0B,EAAA,CAAA;;aAElCA,OAAO,CAAC,uBAAA,EAAyB,EAAA,CAAA,CAAA;;YAGpCH,gBAAAA,GAAmBA,gBAAAA,CAAiBG,OAAO,CAAC,UAAA,EAAY,GAAA,CAAA;;AAGxDH,YAAAA,gBAAAA,GAAmBA,iBAAiBI,IAAI,EAAA;;YAGxC,OAAQxB,KAAAA;gBACN,KAAK,MAAA;AACHiB,oBAAAA,MAAAA,CAAOQ,GAAG,CAACC,IAAI,CAAC,CAAC,MAAM,EAAEN,gBAAAA,CAAAA,CAAkB,CAAA;AAC3C,oBAAA;gBACF,KAAK,MAAA;AACHH,oBAAAA,MAAAA,CAAOQ,GAAG,CAACE,IAAI,CAAC,CAAC,MAAM,EAAEP,gBAAAA,CAAAA,CAAkB,CAAA;AAC3C,oBAAA;gBACF,KAAK,OAAA;AACHH,oBAAAA,MAAAA,CAAOQ,GAAG,CAACG,KAAK,CAAC,CAAC,MAAM,EAAER,gBAAAA,CAAAA,CAAkB,CAAA;AAC5C,oBAAA;gBACF,KAAK,KAAA;AACHH,oBAAAA,MAAAA,CAAOQ,GAAG,CAACI,IAAI,CAAC,CAAC,MAAM,EAAET,gBAAAA,CAAAA,CAAkB,CAAA;AAC3C,oBAAA;gBACF,KAAK,MAAA;AACL,gBAAA;AACEH,oBAAAA,MAAAA,CAAOQ,GAAG,CAACI,IAAI,CAAC,CAAC,MAAM,EAAET,gBAAAA,CAAAA,CAAkB,CAAA;AAC3C,oBAAA;AACJ;AAEA,YAAA,MAAMU,MAAAA,GAAS;gBACb1B,MAAAA,EAAQ,QAAA;gBACRP,OAAAA,EAASuB,gBAAAA;AACTpB,gBAAAA,KAAAA;gBACAK,SAAAA,EAAW,IAAI0B,OAAOC,WAAW;AACnC,aAAA;YACA,OAAO;gBACLC,OAAAA,EAAS;AACP,oBAAA;wBACEC,IAAAA,EAAM,MAAA;AACNC,wBAAAA,IAAAA,EAAMC,IAAAA,CAAKC,SAAS,CAACP,MAAAA,EAAQ,IAAA,EAAM,CAAA;AACrC;AACD,iBAAA;gBACDQ,iBAAAA,EAAmBR;AACrB,aAAA;AACF,QAAA;AACJ,CAAA;;;;"}

package/dist/services/mcp/utils/createSafeCapabilityRegistration.d.ts ADDED Viewed

@@ -0,0 +1,36 @@
+import type { Core } from '@strapi/types';
+import type { RegisteredCapability } from '../internal/McpCapabilityRegistry';
+/**
+ * A no-op registered capability used as fallback when SDK registration fails.
+ *
+ * This prevents one broken capability from aborting the entire registration loop.
+ * The capability will appear as "disabled" and cannot be enabled.
+ */
+export declare const FAILED_REGISTERED_CAPABILITY: RegisteredCapability;
+/**
+ * Configuration for creating a safe capability registration
+ */
+export type SafeCapabilityRegistrationConfig<THandler, TErrorResult, TRegistered> = {
+    strapi: Core.Strapi;
+    capabilityType: string;
+    name: string;
+    createHandler: (strapi: Core.Strapi) => THandler;
+    createFallbackHandler: (errorMessage: string) => NoInfer<THandler>;
+    createErrorResult: (error: Error, args: unknown[]) => TErrorResult;
+    registerWithSdk: (safeHandler: THandler) => TRegistered;
+};
+/**
+ * Creates a safe capability registration that protects Strapi core from user callback errors
+ * at three levels:
+ *
+ * - Level 1: Catch factory invocation errors (createHandler throws)
+ * - Level 2: Catch runtime execution errors (handler throws during invocation)
+ * - Level 3: Catch MCP SDK registration errors (SDK rejects the registration)
+ *
+ * This prevents one broken capability from:
+ * - Aborting the entire registration loop
+ * - Crashing the MCP server
+ * - Leaking unhandled errors to the user
+ */
+export declare const createSafeCapabilityRegistration: <THandler, TErrorResult, TRegistered>(config: SafeCapabilityRegistrationConfig<THandler, TErrorResult, TRegistered>) => TRegistered;
+//# sourceMappingURL=createSafeCapabilityRegistration.d.ts.map

package/dist/services/mcp/utils/createSafeCapabilityRegistration.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"createSafeCapabilityRegistration.d.ts","sourceRoot":"","sources":["../../../../src/services/mcp/utils/createSafeCapabilityRegistration.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;AAC1C,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,mCAAmC,CAAC;AAG9E;;;;;GAKG;AACH,eAAO,MAAM,4BAA4B,EAAE,oBAKzC,CAAC;AAEH;;GAEG;AACH,MAAM,MAAM,gCAAgC,CAAC,QAAQ,EAAE,YAAY,EAAE,WAAW,IAAI;IAClF,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC;IACpB,cAAc,EAAE,MAAM,CAAC;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,aAAa,EAAE,CAAC,MAAM,EAAE,IAAI,CAAC,MAAM,KAAK,QAAQ,CAAC;IACjD,qBAAqB,EAAE,CAAC,YAAY,EAAE,MAAM,KAAK,OAAO,CAAC,QAAQ,CAAC,CAAC;IACnE,iBAAiB,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,YAAY,CAAC;IACnE,eAAe,EAAE,CAAC,WAAW,EAAE,QAAQ,KAAK,WAAW,CAAC;CACzD,CAAC;AAEF;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,gCAAgC,gDACnC,iCAAiC,QAAQ,EAAE,YAAY,EAAE,WAAW,CAAC,KAC5E,WA4CF,CAAC"}

package/dist/services/mcp/utils/createSafeCapabilityRegistration.js ADDED Viewed

@@ -0,0 +1,59 @@
+'use strict';
+var safeHandlerWrapper = require('./safeHandlerWrapper.js');
+/**
+ * A no-op registered capability used as fallback when SDK registration fails.
+ *
+ * This prevents one broken capability from aborting the entire registration loop.
+ * The capability will appear as "disabled" and cannot be enabled.
+ */ const FAILED_REGISTERED_CAPABILITY = Object.freeze({
+    enabled: false,
+    enable () {},
+    disable () {},
+    remove () {}
+});
+/**
+ * Creates a safe capability registration that protects Strapi core from user callback errors
+ * at three levels:
+ *
+ * - Level 1: Catch factory invocation errors (createHandler throws)
+ * - Level 2: Catch runtime execution errors (handler throws during invocation)
+ * - Level 3: Catch MCP SDK registration errors (SDK rejects the registration)
+ *
+ * This prevents one broken capability from:
+ * - Aborting the entire registration loop
+ * - Crashing the MCP server
+ * - Leaking unhandled errors to the user
+ */ const createSafeCapabilityRegistration = (config)=>{
+    const { strapi, capabilityType, name, createHandler, createFallbackHandler, createErrorResult, registerWithSdk } = config;
+    try {
+        // Level 1: Safe factory invocation — catch errors from user's createHandler
+        let rawHandler;
+        try {
+            rawHandler = createHandler(strapi);
+        } catch (error) {
+            const message = error instanceof Error ? error.message : String(error);
+            strapi.log.error(`[MCP] ${capabilityType} "${name}" handler factory threw during initialization: ${message}`);
+            // Substitute a fallback handler that always returns an error to the MCP client
+            rawHandler = createFallbackHandler(message);
+        }
+        // Level 2: Safe runtime wrapping — catch errors from user's handler during execution
+        const safeHandler = safeHandlerWrapper.wrapSafeHandler(rawHandler, {
+            strapi,
+            capabilityType,
+            name,
+            createErrorResult
+        });
+        return registerWithSdk(safeHandler);
+    } catch (error) {
+        // Level 3: Catch MCP SDK registration errors — prevent one broken capability from aborting all others
+        const message = error instanceof Error ? error.message : String(error);
+        strapi.log.error(`[MCP] Failed to register ${capabilityType.toLowerCase()} "${name}" with MCP server: ${message}`);
+        return FAILED_REGISTERED_CAPABILITY;
+    }
+};
+exports.FAILED_REGISTERED_CAPABILITY = FAILED_REGISTERED_CAPABILITY;
+exports.createSafeCapabilityRegistration = createSafeCapabilityRegistration;
+//# sourceMappingURL=createSafeCapabilityRegistration.js.map