npm - @studiometa/forge-mcp - Versions diffs - 0.0.1 → 0.2.0 - Mend

@studiometa/forge-mcp 0.0.1 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (91) hide show

package/README.md +152 -0
package/dist/auth.d.ts +15 -0
package/dist/auth.d.ts.map +1 -0
package/dist/auth.js +18 -0
package/dist/auth.js.map +1 -0
package/dist/errors.d.ts +36 -0
package/dist/errors.d.ts.map +1 -0
package/dist/formatters.d.ts +187 -0
package/dist/formatters.d.ts.map +1 -0
package/dist/handlers/backups.d.ts +2 -0
package/dist/handlers/backups.d.ts.map +1 -0
package/dist/handlers/certificates.d.ts +2 -0
package/dist/handlers/certificates.d.ts.map +1 -0
package/dist/handlers/commands.d.ts +2 -0
package/dist/handlers/commands.d.ts.map +1 -0
package/dist/handlers/daemons.d.ts +2 -0
package/dist/handlers/daemons.d.ts.map +1 -0
package/dist/handlers/database-users.d.ts +2 -0
package/dist/handlers/database-users.d.ts.map +1 -0
package/dist/handlers/databases.d.ts +2 -0
package/dist/handlers/databases.d.ts.map +1 -0
package/dist/handlers/deployments.d.ts +9 -0
package/dist/handlers/deployments.d.ts.map +1 -0
package/dist/handlers/env.d.ts +2 -0
package/dist/handlers/env.d.ts.map +1 -0
package/dist/handlers/factory.d.ts +71 -0
package/dist/handlers/factory.d.ts.map +1 -0
package/dist/handlers/firewall-rules.d.ts +2 -0
package/dist/handlers/firewall-rules.d.ts.map +1 -0
package/dist/handlers/help.d.ts +16 -0
package/dist/handlers/help.d.ts.map +1 -0
package/dist/handlers/index.d.ts +20 -0
package/dist/handlers/index.d.ts.map +1 -0
package/dist/handlers/monitors.d.ts +2 -0
package/dist/handlers/monitors.d.ts.map +1 -0
package/dist/handlers/nginx-config.d.ts +2 -0
package/dist/handlers/nginx-config.d.ts.map +1 -0
package/dist/handlers/nginx-templates.d.ts +2 -0
package/dist/handlers/nginx-templates.d.ts.map +1 -0
package/dist/handlers/recipes.d.ts +2 -0
package/dist/handlers/recipes.d.ts.map +1 -0
package/dist/handlers/redirect-rules.d.ts +2 -0
package/dist/handlers/redirect-rules.d.ts.map +1 -0
package/dist/handlers/scheduled-jobs.d.ts +2 -0
package/dist/handlers/scheduled-jobs.d.ts.map +1 -0
package/dist/handlers/schema.d.ts +16 -0
package/dist/handlers/schema.d.ts.map +1 -0
package/dist/handlers/security-rules.d.ts +2 -0
package/dist/handlers/security-rules.d.ts.map +1 -0
package/dist/handlers/servers.d.ts +2 -0
package/dist/handlers/servers.d.ts.map +1 -0
package/dist/handlers/sites.d.ts +2 -0
package/dist/handlers/sites.d.ts.map +1 -0
package/dist/handlers/ssh-keys.d.ts +2 -0
package/dist/handlers/ssh-keys.d.ts.map +1 -0
package/dist/handlers/types.d.ts +38 -0
package/dist/handlers/types.d.ts.map +1 -0
package/dist/handlers/user.d.ts +2 -0
package/dist/handlers/user.d.ts.map +1 -0
package/dist/handlers/utils.d.ts +29 -0
package/dist/handlers/utils.d.ts.map +1 -0
package/dist/hints.d.ts +60 -0
package/dist/hints.d.ts.map +1 -0
package/dist/http-CfjqK_e4.js +277 -0
package/dist/http-CfjqK_e4.js.map +1 -0
package/dist/http.d.ts +55 -0
package/dist/http.d.ts.map +1 -0
package/dist/http.js +3 -0
package/dist/index.d.ts +44 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +4 -0
package/dist/instructions.d.ts +11 -0
package/dist/instructions.d.ts.map +1 -0
package/dist/server.d.ts +35 -0
package/dist/server.d.ts.map +1 -0
package/dist/server.js +76 -0
package/dist/server.js.map +1 -0
package/dist/sessions.d.ts +64 -0
package/dist/sessions.d.ts.map +1 -0
package/dist/src-BdwavqrN.js +189 -0
package/dist/src-BdwavqrN.js.map +1 -0
package/dist/stdio.d.ts +36 -0
package/dist/stdio.d.ts.map +1 -0
package/dist/tools.d.ts +47 -0
package/dist/tools.d.ts.map +1 -0
package/dist/version-DaD5zvGh.js +3470 -0
package/dist/version-DaD5zvGh.js.map +1 -0
package/dist/version.d.ts +2 -0
package/dist/version.d.ts.map +1 -0
package/package.json +53 -1
package/skills/SKILL.md +219 -0

package/dist/handlers/nginx-templates.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export declare const handleNginxTemplates: (action: string, args: import("./types.ts").CommonArgs, ctx: import("./types.ts").HandlerContext) => Promise<import("./types.ts").ToolResult>;
2	+ //# sourceMappingURL=nginx-templates.d.ts.map

package/dist/handlers/nginx-templates.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"nginx-templates.d.ts","sourceRoot":"","sources":["../../src/handlers/nginx-templates.ts"],"names":[],"mappings":"AAcA,eAAO,MAAM,oBAAoB,+IAsC/B,CAAC"}

package/dist/handlers/recipes.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export declare const handleRecipes: (action: string, args: import("./types.ts").CommonArgs, ctx: import("./types.ts").HandlerContext) => Promise<import("./types.ts").ToolResult>;
2	+ //# sourceMappingURL=recipes.d.ts.map

package/dist/handlers/recipes.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"recipes.d.ts","sourceRoot":"","sources":["../../src/handlers/recipes.ts"],"names":[],"mappings":"AAcA,eAAO,MAAM,aAAa,+IAqCxB,CAAC"}

package/dist/handlers/redirect-rules.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export declare const handleRedirectRules: (action: string, args: import("./types.ts").CommonArgs, ctx: import("./types.ts").HandlerContext) => Promise<import("./types.ts").ToolResult>;
2	+ //# sourceMappingURL=redirect-rules.d.ts.map

package/dist/handlers/redirect-rules.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"redirect-rules.d.ts","sourceRoot":"","sources":["../../src/handlers/redirect-rules.ts"],"names":[],"mappings":"AAYA,eAAO,MAAM,mBAAmB,+IA8B9B,CAAC"}

package/dist/handlers/scheduled-jobs.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export declare const handleScheduledJobs: (action: string, args: import("./types.ts").CommonArgs, ctx: import("./types.ts").HandlerContext) => Promise<import("./types.ts").ToolResult>;
2	+ //# sourceMappingURL=scheduled-jobs.d.ts.map

package/dist/handlers/scheduled-jobs.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"scheduled-jobs.d.ts","sourceRoot":"","sources":["../../src/handlers/scheduled-jobs.ts"],"names":[],"mappings":"AAYA,eAAO,MAAM,mBAAmB,+IA8B9B,CAAC"}

package/dist/handlers/schema.d.ts ADDED Viewed

@@ -0,0 +1,16 @@
+/**
+ * Schema handler — compact, machine-readable resource specifications.
+ *
+ * More concise than action=help, optimized for LLM consumption when only
+ * field metadata is needed (actions, required params, field descriptions).
+ */
+import type { ToolResult } from "./types.ts";
+/**
+ * Handle schema action — returns compact spec for a specific resource.
+ */
+export declare function handleSchema(resource: string): ToolResult;
+/**
+ * Get schema overview for all resources.
+ */
+export declare function handleSchemaOverview(): ToolResult;
+//# sourceMappingURL=schema.d.ts.map

package/dist/handlers/schema.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"schema.d.ts","sourceRoot":"","sources":["../../src/handlers/schema.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAsU7C;;GAEG;AACH,wBAAgB,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,UAAU,CAWzD;AAED;;GAEG;AACH,wBAAgB,oBAAoB,IAAI,UAAU,CAWjD"}

package/dist/handlers/security-rules.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export declare const handleSecurityRules: (action: string, args: import("./types.ts").CommonArgs, ctx: import("./types.ts").HandlerContext) => Promise<import("./types.ts").ToolResult>;
2	+ //# sourceMappingURL=security-rules.d.ts.map

package/dist/handlers/security-rules.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"security-rules.d.ts","sourceRoot":"","sources":["../../src/handlers/security-rules.ts"],"names":[],"mappings":"AAYA,eAAO,MAAM,mBAAmB,+IA8B9B,CAAC"}

package/dist/handlers/servers.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export declare const handleServers: (action: string, args: import("./types.ts").CommonArgs, ctx: import("./types.ts").HandlerContext) => Promise<import("./types.ts").ToolResult>;
2	+ //# sourceMappingURL=servers.d.ts.map

package/dist/handlers/servers.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"servers.d.ts","sourceRoot":"","sources":["../../src/handlers/servers.ts"],"names":[],"mappings":"AAcA,eAAO,MAAM,aAAa,+IAwDxB,CAAC"}

package/dist/handlers/sites.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export declare const handleSites: (action: string, args: import("./types.ts").CommonArgs, ctx: import("./types.ts").HandlerContext) => Promise<import("./types.ts").ToolResult>;
2	+ //# sourceMappingURL=sites.d.ts.map

package/dist/handlers/sites.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"sites.d.ts","sourceRoot":"","sources":["../../src/handlers/sites.ts"],"names":[],"mappings":"AAQA,eAAO,MAAM,WAAW,+IAsDtB,CAAC"}

package/dist/handlers/ssh-keys.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export declare const handleSshKeys: (action: string, args: import("./types.ts").CommonArgs, ctx: import("./types.ts").HandlerContext) => Promise<import("./types.ts").ToolResult>;
2	+ //# sourceMappingURL=ssh-keys.d.ts.map

package/dist/handlers/ssh-keys.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"ssh-keys.d.ts","sourceRoot":"","sources":["../../src/handlers/ssh-keys.ts"],"names":[],"mappings":"AAQA,eAAO,MAAM,aAAa,+IAkCxB,CAAC"}

package/dist/handlers/types.d.ts ADDED Viewed

@@ -0,0 +1,38 @@
+import type { ExecutorContext } from "@studiometa/forge-core";
+/**
+ * Result from MCP tool handlers.
+ *
+ * - `content` — human-readable text (always present)
+ * - `structuredContent` — machine-readable data matching the tool's `outputSchema`
+ * - `isError` — true when the result represents an error
+ */
+export interface ToolResult {
+    content: Array<{
+        type: "text";
+        text: string;
+    }>;
+    structuredContent?: Record<string, unknown>;
+    isError?: boolean;
+}
+/**
+ * Handler context — wraps ExecutorContext with MCP-specific options.
+ */
+export interface HandlerContext {
+    executorContext: ExecutorContext;
+    compact: boolean;
+    /** Whether to include contextual hints in get responses (default: false) */
+    includeHints?: boolean;
+}
+/**
+ * Common args present in all tool calls.
+ */
+export interface CommonArgs {
+    resource: string;
+    action: string;
+    id?: string;
+    server_id?: string;
+    site_id?: string;
+    compact?: boolean;
+    [key: string]: unknown;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/handlers/types.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/handlers/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AAE9D;;;;;;GAMG;AACH,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAC/C,iBAAiB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC5C,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,eAAe,EAAE,eAAe,CAAC;IACjC,OAAO,EAAE,OAAO,CAAC;IACjB,4EAA4E;IAC5E,YAAY,CAAC,EAAE,OAAO,CAAC;CACxB;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB"}

package/dist/handlers/user.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export declare const handleUser: (action: string, args: import("./types.ts").CommonArgs, ctx: import("./types.ts").HandlerContext) => Promise<import("./types.ts").ToolResult>;
2	+ //# sourceMappingURL=user.d.ts.map

package/dist/handlers/user.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"user.d.ts","sourceRoot":"","sources":["../../src/handlers/user.ts"],"names":[],"mappings":"AAOA,eAAO,MAAM,UAAU,+IASrB,CAAC"}

package/dist/handlers/utils.d.ts ADDED Viewed

@@ -0,0 +1,29 @@
+import type { ToolResult } from "./types.ts";
+import { UserInputError } from "../errors.ts";
+/**
+ * Create a successful result with both human-readable text and structured content.
+ *
+ * - When `data` is a string, `structuredContent` wraps it as `{ result: data }`.
+ * - When `data` is an object/array, `structuredContent` is `{ result: data }` and
+ *   the text representation is the JSON-serialized form.
+ */
+export declare function jsonResult(data: string | Record<string, unknown> | unknown): ToolResult;
+/**
+ * Validate an ID-like value (must be alphanumeric/dashes only).
+ * Prevents path traversal via `../` in URL segments.
+ *
+ * @returns true if the value is safe, false otherwise.
+ */
+export declare function sanitizeId(value: string): boolean;
+/**
+ * Create an error result with structured error content.
+ */
+export declare function errorResult(message: string): ToolResult;
+/**
+ * Create an input error result from a UserInputError or a plain message with an optional suggestion.
+ *
+ * When a UserInputError is passed, its formatted message (including hints) is used.
+ * When a plain string is passed, the optional suggestion is appended.
+ */
+export declare function inputErrorResult(error: UserInputError | string, suggestion?: string): ToolResult;
+//# sourceMappingURL=utils.d.ts.map

package/dist/handlers/utils.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../src/handlers/utils.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAE7C,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAE9C;;;;;;GAMG;AACH,wBAAgB,UAAU,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,OAAO,GAAG,UAAU,CAMvF;AAED;;;;;GAKG;AACH,wBAAgB,UAAU,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAEjD;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,OAAO,EAAE,MAAM,GAAG,UAAU,CAMvD;AAED;;;;;GAKG;AACH,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,cAAc,GAAG,MAAM,EAAE,UAAU,CAAC,EAAE,MAAM,GAAG,UAAU,CAehG"}

package/dist/hints.d.ts ADDED Viewed

@@ -0,0 +1,60 @@
+/**
+ * Contextual hints for AI agents.
+ *
+ * After get/list actions, suggests related resources and common next steps
+ * to help agents discover what's available.
+ */
+interface ResourceHint {
+    resource: string;
+    description: string;
+    example: Record<string, unknown>;
+}
+export interface ContextualHints {
+    related_resources?: ResourceHint[];
+    common_actions?: {
+        action: string;
+        example: Record<string, unknown>;
+    }[];
+}
+/**
+ * Hints after getting a server.
+ */
+export declare function getServerHints(serverId: string): ContextualHints;
+/**
+ * Hints after getting a site.
+ */
+export declare function getSiteHints(serverId: string, siteId: string): ContextualHints;
+/**
+ * Hints after getting a database.
+ */
+export declare function getDatabaseHints(serverId: string, databaseId: string): ContextualHints;
+/**
+ * Hints after getting a database user.
+ */
+export declare function getDatabaseUserHints(serverId: string, userId: string): ContextualHints;
+/**
+ * Hints after getting a daemon.
+ */
+export declare function getDaemonHints(serverId: string, daemonId: string): ContextualHints;
+/**
+ * Hints after getting a certificate.
+ */
+export declare function getCertificateHints(serverId: string, siteId: string, certificateId: string): ContextualHints;
+/**
+ * Hints after getting a firewall rule.
+ */
+export declare function getFirewallRuleHints(serverId: string, ruleId: string): ContextualHints;
+/**
+ * Hints after getting an SSH key.
+ */
+export declare function getSshKeyHints(serverId: string, keyId: string): ContextualHints;
+/**
+ * Hints after getting a recipe.
+ */
+export declare function getRecipeHints(recipeId: string): ContextualHints;
+/**
+ * Hints after getting an nginx template.
+ */
+export declare function getNginxTemplateHints(serverId: string, templateId: string): ContextualHints;
+export {};
+//# sourceMappingURL=hints.d.ts.map

package/dist/hints.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"hints.d.ts","sourceRoot":"","sources":["../src/hints.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,UAAU,YAAY;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAClC;AAED,MAAM,WAAW,eAAe;IAC9B,iBAAiB,CAAC,EAAE,YAAY,EAAE,CAAC;IACnC,cAAc,CAAC,EAAE;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;KAAE,EAAE,CAAC;CACzE;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,QAAQ,EAAE,MAAM,GAAG,eAAe,CAoChE;AAED;;GAEG;AACH,wBAAgB,YAAY,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,eAAe,CAoC9E;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,QAAQ,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,eAAe,CAgBtF;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,eAAe,CA0BtF;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,eAAe,CAoBlF;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CACjC,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,MAAM,GACpB,eAAe,CAqCjB;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,eAAe,CAqBtF;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,eAAe,CAgB/E;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,QAAQ,EAAE,MAAM,GAAG,eAAe,CAoBhE;AAED;;GAEG;AACH,wBAAgB,qBAAqB,CAAC,QAAQ,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,eAAe,CA+B3F"}

package/dist/http-CfjqK_e4.js ADDED Viewed

@@ -0,0 +1,277 @@
+import { a as INSTRUCTIONS, i as getTools, n as executeToolWithCredentials, t as VERSION } from "./version-DaD5zvGh.js";
+import { parseAuthHeader } from "./auth.js";
+import { Server } from "@modelcontextprotocol/sdk/server/index.js";
+import { CallToolRequestSchema, ListToolsRequestSchema } from "@modelcontextprotocol/sdk/types.js";
+import { randomUUID } from "node:crypto";
+import { StreamableHTTPServerTransport } from "@modelcontextprotocol/sdk/server/streamableHttp.js";
+import { createApp, defineEventHandler } from "h3";
+var DEFAULT_TTL = 1800 * 1e3;
+var DEFAULT_SWEEP_INTERVAL = 60 * 1e3;
+var SessionManager = class {
+	sessions = /* @__PURE__ */ new Map();
+	sweepTimer;
+	ttl;
+	constructor(options) {
+		this.ttl = options?.ttl ?? DEFAULT_TTL;
+		if (this.ttl > 0) {
+			const interval = options?.sweepInterval ?? DEFAULT_SWEEP_INTERVAL;
+			this.sweepTimer = setInterval(() => {
+				this.sweep();
+			}, interval);
+			this.sweepTimer.unref();
+		}
+	}
+	/**
+	* Register a session after its ID has been assigned by the transport.
+	*/
+	register(transport, server) {
+		const sessionId = transport.sessionId;
+		if (sessionId) {
+			const now = Date.now();
+			this.sessions.set(sessionId, {
+				transport,
+				server,
+				createdAt: now,
+				lastActiveAt: now
+			});
+		}
+	}
+	/**
+	* Look up a session by its ID and refresh its activity timestamp.
+	*/
+	get(sessionId) {
+		const session = this.sessions.get(sessionId);
+		if (session) session.lastActiveAt = Date.now();
+		return session;
+	}
+	/**
+	* Remove a session and close its transport + server.
+	*/
+	async remove(sessionId) {
+		const session = this.sessions.get(sessionId);
+		if (session) {
+			this.sessions.delete(sessionId);
+			await session.transport.close();
+			await session.server.close();
+		}
+	}
+	/**
+	* Get the number of active sessions.
+	*/
+	get size() {
+		return this.sessions.size;
+	}
+	/**
+	* Sweep expired sessions. Called automatically by the sweep timer.
+	* Returns the number of sessions reaped.
+	*/
+	sweep() {
+		if (this.ttl <= 0) return 0;
+		const now = Date.now();
+		const expired = [];
+		for (const [id, session] of this.sessions) if (now - session.lastActiveAt > this.ttl) expired.push(id);
+		for (const id of expired)
+ /* v8 ignore start */
+		this.remove(id).catch(() => {});
+		return expired.length;
+	}
+	/**
+	* Close all sessions, stop the sweep timer, and clean up.
+	*/
+	async closeAll() {
+		if (this.sweepTimer) {
+			clearInterval(this.sweepTimer);
+			this.sweepTimer = void 0;
+		}
+		const promises = [];
+		for (const [, session] of this.sessions) {
+			promises.push(session.transport.close());
+			promises.push(session.server.close());
+		}
+		await Promise.all(promises);
+		this.sessions.clear();
+	}
+};
+/**
+* Streamable HTTP transport for Forge MCP Server
+*
+* Implements the official MCP Streamable HTTP transport specification (2025-03-26)
+* using the SDK's StreamableHTTPServerTransport.
+*
+* Architecture:
+* - Stateful mode with per-session transport+server pairs (multi-tenant)
+* - Auth via Bearer token → authInfo.token → handler extra.authInfo
+* - Session manager (injected) maps session IDs to transport+server instances
+* - Health/status endpoints handled by h3, MCP endpoint by the SDK transport
+*/
+/**
+* Create a configured MCP Server instance for HTTP transport.
+*
+* Unlike stdio, HTTP mode does NOT include forge_configure/forge_get_config
+* because credentials come from the Authorization header per-request.
+*/
+function createMcpServer(options) {
+	const readOnly = options?.readOnly ?? false;
+	const tools = getTools({ readOnly });
+	const server = new Server({
+		name: "forge-mcp",
+		version: VERSION
+	}, {
+		capabilities: { tools: {} },
+		instructions: INSTRUCTIONS
+	});
+	server.setRequestHandler(ListToolsRequestSchema, async () => {
+		return { tools };
+	});
+	server.setRequestHandler(CallToolRequestSchema, async (request, extra) => {
+		const { name, arguments: args } = request.params;
+		const token = extra.authInfo?.token;
+		/* v8 ignore start */
+		if (!token) return {
+			content: [{
+				type: "text",
+				text: "Error: Authentication required. No token found in request."
+			}],
+			structuredContent: {
+				success: false,
+				error: "Authentication required. No token found in request."
+			},
+			isError: true
+		};
+		/* v8 ignore stop */
+		if (readOnly && name === "forge_write") return {
+			content: [{
+				type: "text",
+				text: "Error: Server is running in read-only mode. Write operations are disabled."
+			}],
+			structuredContent: {
+				success: false,
+				error: "Server is running in read-only mode. Write operations are disabled."
+			},
+			isError: true
+		};
+		try {
+			return await executeToolWithCredentials(
+				name,
+				/* v8 ignore next */
+				args ?? {},
+				{ apiToken: token }
+			);
+		} catch (error) {
+			/* v8 ignore start */
+			const message = error instanceof Error ? error.message : String(error);
+			/* v8 ignore stop */
+			return {
+				content: [{
+					type: "text",
+					text: `Error: ${message}`
+				}],
+				structuredContent: {
+					success: false,
+					error: message
+				},
+				isError: true
+			};
+		}
+	});
+	return server;
+}
+/**
+* Handle an MCP request using the Streamable HTTP transport.
+*
+* Routes requests based on whether they have a session ID:
+* - No session ID + initialize request → create new session
+* - Has session ID → route to existing session's transport
+*
+* @param req - Node.js IncomingMessage
+* @param res - Node.js ServerResponse
+* @param sessions - Session manager instance (injected)
+* @param options - Server options (read-only mode, etc.)
+*/
+async function handleMcpRequest(req, res, sessions, options) {
+	const authHeader = req.headers.authorization;
+	const credentials = parseAuthHeader(authHeader);
+	if (!credentials) {
+		res.writeHead(401, { "Content-Type": "application/json" });
+		res.end(JSON.stringify({
+			jsonrpc: "2.0",
+			error: {
+				code: -32001,
+				message: "Authentication required. Provide a Bearer token with your Forge API token."
+			},
+			id: null
+		}));
+		return;
+	}
+	const authenticatedReq = req;
+	authenticatedReq.auth = {
+		token: credentials.apiToken,
+		clientId: "forge-http-client",
+		scopes: []
+	};
+	const sessionId = req.headers["mcp-session-id"];
+	if (sessionId) {
+		const session = sessions.get(sessionId);
+		if (!session) {
+			res.writeHead(404, { "Content-Type": "application/json" });
+			res.end(JSON.stringify({
+				jsonrpc: "2.0",
+				error: {
+					code: -32e3,
+					message: "Session not found. The session may have expired or been terminated."
+				},
+				id: null
+			}));
+			return;
+		}
+		await session.transport.handleRequest(authenticatedReq, res);
+		return;
+	}
+	const transport = new StreamableHTTPServerTransport({ sessionIdGenerator: () => randomUUID() });
+	const server = createMcpServer(options);
+	await server.connect(transport);
+	transport.onclose = () => {
+		const sid = transport.sessionId;
+		/* v8 ignore start */
+		if (sid) sessions.remove(sid).catch(() => {});
+		/* v8 ignore stop */
+	};
+	await transport.handleRequest(authenticatedReq, res);
+	/* v8 ignore start */
+	if (transport.sessionId) sessions.register(transport, server);
+	else {
+		await transport.close();
+		await server.close();
+	}
+	/* v8 ignore stop */
+}
+/**
+* Create a request handler bound to a SessionManager instance.
+* Convenience factory for server.ts.
+*/
+function createMcpRequestHandler(sessions, options) {
+	/* v8 ignore start */
+	return (req, res) => handleMcpRequest(req, res, sessions, options);
+	/* v8 ignore stop */
+}
+/**
+* Create h3 app for health check and service info endpoints.
+* The MCP endpoint is handled separately by handleMcpRequest.
+*/
+function createHealthApp() {
+	const app = createApp();
+	app.get("/", defineEventHandler(() => {
+		return {
+			status: "ok",
+			service: "forge-mcp",
+			version: VERSION
+		};
+	}));
+	app.get("/health", defineEventHandler(() => {
+		return { status: "ok" };
+	}));
+	return app;
+}
+export { SessionManager as a, handleMcpRequest as i, createMcpRequestHandler as n, createMcpServer as r, createHealthApp as t };
+//# sourceMappingURL=http-CfjqK_e4.js.map

package/dist/http-CfjqK_e4.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"http-CfjqK_e4.js","names":[],"sources":["../src/sessions.ts","../src/http.ts"],"sourcesContent":["/**\n * Session manager for multi-tenant Streamable HTTP transport.\n *\n * Each MCP client session gets its own transport + server pair.\n * Sessions are identified by UUID and tracked in a Map.\n *\n * Supports automatic TTL-based cleanup of idle sessions to prevent\n * memory leaks from abandoned clients.\n */\n\nimport type { Server } from \"@modelcontextprotocol/sdk/server/index.js\";\nimport type { StreamableHTTPServerTransport } from \"@modelcontextprotocol/sdk/server/streamableHttp.js\";\n\n/**\n * A managed session: transport + MCP server pair.\n */\nexport interface ManagedSession {\n transport: StreamableHTTPServerTransport;\n server: Server;\n createdAt: number;\n lastActiveAt: number;\n}\n\nexport interface SessionManagerOptions {\n /**\n * Maximum idle time in milliseconds before a session is reaped.\n * Default: 30 minutes. Set to 0 to disable automatic cleanup.\n */\n ttl?: number;\n\n /**\n * How often to check for expired sessions, in milliseconds.\n * Default: 60 seconds.\n */\n sweepInterval?: number;\n}\n\nconst DEFAULT_TTL = 30 * 60 * 1000; // 30 minutes\nconst DEFAULT_SWEEP_INTERVAL = 60 * 1000; // 60 seconds\n\nexport class SessionManager {\n private sessions = new Map<string, ManagedSession>();\n private sweepTimer: ReturnType<typeof setInterval> | undefined;\n private readonly ttl: number;\n\n constructor(options?: SessionManagerOptions) {\n this.ttl = options?.ttl ?? DEFAULT_TTL;\n\n if (this.ttl > 0) {\n const interval = options?.sweepInterval ?? DEFAULT_SWEEP_INTERVAL;\n this.sweepTimer = setInterval(() => {\n this.sweep();\n }, interval);\n // Don't keep the process alive just for the sweep timer\n this.sweepTimer.unref();\n }\n }\n\n /**\n * Register a session after its ID has been assigned by the transport.\n */\n register(transport: StreamableHTTPServerTransport, server: Server): void {\n const sessionId = transport.sessionId;\n if (sessionId) {\n const now = Date.now();\n this.sessions.set(sessionId, {\n transport,\n server,\n createdAt: now,\n lastActiveAt: now,\n });\n }\n }\n\n /**\n * Look up a session by its ID and refresh its activity timestamp.\n */\n get(sessionId: string): ManagedSession | undefined {\n const session = this.sessions.get(sessionId);\n if (session) {\n session.lastActiveAt = Date.now();\n }\n return session;\n }\n\n /**\n * Remove a session and close its transport + server.\n */\n async remove(sessionId: string): Promise<void> {\n const session = this.sessions.get(sessionId);\n if (session) {\n this.sessions.delete(sessionId);\n await session.transport.close();\n await session.server.close();\n }\n }\n\n /**\n * Get the number of active sessions.\n */\n get size(): number {\n return this.sessions.size;\n }\n\n /**\n * Sweep expired sessions. Called automatically by the sweep timer.\n * Returns the number of sessions reaped.\n */\n sweep(): number {\n if (this.ttl <= 0) return 0;\n\n const now = Date.now();\n const expired: string[] = [];\n\n for (const [id, session] of this.sessions) {\n if (now - session.lastActiveAt > this.ttl) {\n expired.push(id);\n }\n }\n\n for (const id of expired) {\n // Fire-and-forget cleanup — don't block the sweep\n /* v8 ignore start */\n this.remove(id).catch(() => {});\n /* v8 ignore stop */\n }\n\n return expired.length;\n }\n\n /**\n * Close all sessions, stop the sweep timer, and clean up.\n */\n async closeAll(): Promise<void> {\n if (this.sweepTimer) {\n clearInterval(this.sweepTimer);\n this.sweepTimer = undefined;\n }\n\n const promises: Promise<void>[] = [];\n for (const [, session] of this.sessions) {\n promises.push(session.transport.close());\n promises.push(session.server.close());\n }\n await Promise.all(promises);\n this.sessions.clear();\n }\n}\n","/**\n * Streamable HTTP transport for Forge MCP Server\n *\n * Implements the official MCP Streamable HTTP transport specification (2025-03-26)\n * using the SDK's StreamableHTTPServerTransport.\n *\n * Architecture:\n * - Stateful mode with per-session transport+server pairs (multi-tenant)\n * - Auth via Bearer token → authInfo.token → handler extra.authInfo\n * - Session manager (injected) maps session IDs to transport+server instances\n * - Health/status endpoints handled by h3, MCP endpoint by the SDK transport\n */\n\nimport { randomUUID } from \"node:crypto\";\nimport type { IncomingMessage, ServerResponse } from \"node:http\";\n\nimport { Server } from \"@modelcontextprotocol/sdk/server/index.js\";\nimport { StreamableHTTPServerTransport } from \"@modelcontextprotocol/sdk/server/streamableHttp.js\";\nimport { CallToolRequestSchema, ListToolsRequestSchema } from \"@modelcontextprotocol/sdk/types.js\";\nimport { createApp, defineEventHandler, type H3 } from \"h3\";\n\nimport { parseAuthHeader } from \"./auth.ts\";\nimport { executeToolWithCredentials } from \"./handlers/index.ts\";\nimport { INSTRUCTIONS } from \"./instructions.ts\";\nimport { SessionManager } from \"./sessions.ts\";\nimport { getTools } from \"./tools.ts\";\nimport { VERSION } from \"./version.ts\";\n\nexport { SessionManager } from \"./sessions.ts\";\n\n/**\n * Options for the HTTP MCP server.\n */\nexport interface HttpServerOptions {\n /** When true, forge_write tool is not registered and write operations are rejected. */\n readOnly?: boolean;\n}\n\n/**\n * Create a configured MCP Server instance for HTTP transport.\n *\n * Unlike stdio, HTTP mode does NOT include forge_configure/forge_get_config\n * because credentials come from the Authorization header per-request.\n */\nexport function createMcpServer(options?: HttpServerOptions): Server {\n const readOnly = options?.readOnly ?? false;\n const tools = getTools({ readOnly });\n\n const server = new Server(\n {\n name: \"forge-mcp\",\n version: VERSION,\n },\n {\n capabilities: {\n tools: {},\n },\n instructions: INSTRUCTIONS,\n },\n );\n\n server.setRequestHandler(ListToolsRequestSchema, async () => {\n return { tools };\n });\n\n server.setRequestHandler(CallToolRequestSchema, async (request, extra) => {\n const { name, arguments: args } = request.params;\n const token = extra.authInfo?.token;\n\n /* v8 ignore start */\n if (!token) {\n return {\n content: [\n {\n type: \"text\" as const,\n text: \"Error: Authentication required. No token found in request.\",\n },\n ],\n structuredContent: {\n success: false,\n error: \"Authentication required. No token found in request.\",\n },\n isError: true,\n };\n }\n /* v8 ignore stop */\n\n // Reject write operations in read-only mode\n if (readOnly && name === \"forge_write\") {\n return {\n content: [\n {\n type: \"text\" as const,\n text: \"Error: Server is running in read-only mode. Write operations are disabled.\",\n },\n ],\n structuredContent: {\n success: false,\n error: \"Server is running in read-only mode. Write operations are disabled.\",\n },\n isError: true,\n };\n }\n\n try {\n const result = await executeToolWithCredentials(\n name,\n /* v8 ignore next */ (args as Record<string, unknown>) ?? {},\n { apiToken: token },\n );\n return result as unknown as Record<string, unknown>;\n } catch (error) {\n /* v8 ignore start */\n const message = error instanceof Error ? error.message : String(error);\n /* v8 ignore stop */\n return {\n content: [{ type: \"text\" as const, text: `Error: ${message}` }],\n structuredContent: { success: false, error: message },\n isError: true,\n };\n }\n });\n\n return server;\n}\n\n/**\n * Handle an MCP request using the Streamable HTTP transport.\n *\n * Routes requests based on whether they have a session ID:\n * - No session ID + initialize request → create new session\n * - Has session ID → route to existing session's transport\n *\n * @param req - Node.js IncomingMessage\n * @param res - Node.js ServerResponse\n * @param sessions - Session manager instance (injected)\n * @param options - Server options (read-only mode, etc.)\n */\nexport async function handleMcpRequest(\n req: IncomingMessage,\n res: ServerResponse,\n sessions: SessionManager,\n options?: HttpServerOptions,\n): Promise<void> {\n // Extract and validate auth\n const authHeader = req.headers.authorization;\n const credentials = parseAuthHeader(authHeader);\n\n if (!credentials) {\n res.writeHead(401, { \"Content-Type\": \"application/json\" });\n res.end(\n JSON.stringify({\n jsonrpc: \"2.0\",\n error: {\n code: -32001,\n message: \"Authentication required. Provide a Bearer token with your Forge API token.\",\n },\n id: null,\n }),\n );\n return;\n }\n\n // Inject auth info for the SDK transport\n const authenticatedReq = req as IncomingMessage & {\n auth?: { token: string; clientId: string; scopes: string[] };\n };\n authenticatedReq.auth = {\n token: credentials.apiToken,\n clientId: \"forge-http-client\",\n scopes: [],\n };\n\n const sessionId = req.headers[\"mcp-session-id\"] as string | undefined;\n\n if (sessionId) {\n // Existing session — route to its transport\n const session = sessions.get(sessionId);\n if (!session) {\n res.writeHead(404, { \"Content-Type\": \"application/json\" });\n res.end(\n JSON.stringify({\n jsonrpc: \"2.0\",\n error: {\n code: -32000,\n message: \"Session not found. The session may have expired or been terminated.\",\n },\n id: null,\n }),\n );\n return;\n }\n\n await session.transport.handleRequest(authenticatedReq, res);\n return;\n }\n\n // No session ID — this should be an initialize request.\n // Create a new transport + server pair.\n const transport = new StreamableHTTPServerTransport({\n sessionIdGenerator: () => randomUUID(),\n });\n\n const server = createMcpServer(options);\n await server.connect(transport);\n\n // Set up cleanup on close\n transport.onclose = () => {\n const sid = transport.sessionId;\n /* v8 ignore start */\n if (sid) {\n sessions.remove(sid).catch(() => {\n // Ignore cleanup errors\n });\n }\n /* v8 ignore stop */\n };\n\n // Handle the request (this will set transport.sessionId during initialize)\n await transport.handleRequest(authenticatedReq, res);\n\n // After handling, register the session if the transport got a session ID\n /* v8 ignore start */\n if (transport.sessionId) {\n sessions.register(transport, server);\n } else {\n // No session was created (e.g., invalid request) — clean up\n await transport.close();\n await server.close();\n }\n /* v8 ignore stop */\n}\n\n/**\n * Create a request handler bound to a SessionManager instance.\n * Convenience factory for server.ts.\n */\nexport function createMcpRequestHandler(\n sessions: SessionManager,\n options?: HttpServerOptions,\n): (req: IncomingMessage, res: ServerResponse) => Promise<void> {\n /* v8 ignore start */\n return (req, res) => handleMcpRequest(req, res, sessions, options);\n /* v8 ignore stop */\n}\n\n/**\n * Create h3 app for health check and service info endpoints.\n * The MCP endpoint is handled separately by handleMcpRequest.\n */\nexport function createHealthApp(): H3 {\n const app = createApp();\n\n app.get(\n \"/\",\n defineEventHandler(() => {\n return { status: \"ok\", service: \"forge-mcp\", version: VERSION };\n }),\n );\n\n app.get(\n \"/health\",\n defineEventHandler(() => {\n return { status: \"ok\" };\n }),\n );\n\n return app;\n}\n"],"mappings":";;;;;;;AAqCA,IAAM,cAAc,OAAU;AAC9B,IAAM,yBAAyB,KAAK;AAEpC,IAAa,iBAAb,MAA4B;CAC1B,2BAAmB,IAAI,KAA6B;CACpD;CACA;CAEA,YAAY,SAAiC;AAC3C,OAAK,MAAM,SAAS,OAAO;AAE3B,MAAI,KAAK,MAAM,GAAG;GAChB,MAAM,WAAW,SAAS,iBAAiB;AAC3C,QAAK,aAAa,kBAAkB;AAClC,SAAK,OAAO;MACX,SAAS;AAEZ,QAAK,WAAW,OAAO;;;;;;CAO3B,SAAS,WAA0C,QAAsB;EACvE,MAAM,YAAY,UAAU;AAC5B,MAAI,WAAW;GACb,MAAM,MAAM,KAAK,KAAK;AACtB,QAAK,SAAS,IAAI,WAAW;IAC3B;IACA;IACA,WAAW;IACX,cAAc;IACf,CAAC;;;;;;CAON,IAAI,WAA+C;EACjD,MAAM,UAAU,KAAK,SAAS,IAAI,UAAU;AAC5C,MAAI,QACF,SAAQ,eAAe,KAAK,KAAK;AAEnC,SAAO;;;;;CAMT,MAAM,OAAO,WAAkC;EAC7C,MAAM,UAAU,KAAK,SAAS,IAAI,UAAU;AAC5C,MAAI,SAAS;AACX,QAAK,SAAS,OAAO,UAAU;AAC/B,SAAM,QAAQ,UAAU,OAAO;AAC/B,SAAM,QAAQ,OAAO,OAAO;;;;;;CAOhC,IAAI,OAAe;AACjB,SAAO,KAAK,SAAS;;;;;;CAOvB,QAAgB;AACd,MAAI,KAAK,OAAO,EAAG,QAAO;EAE1B,MAAM,MAAM,KAAK,KAAK;EACtB,MAAM,UAAoB,EAAE;AAE5B,OAAK,MAAM,CAAC,IAAI,YAAY,KAAK,SAC/B,KAAI,MAAM,QAAQ,eAAe,KAAK,IACpC,SAAQ,KAAK,GAAG;AAIpB,OAAK,MAAM,MAAM;;AAGf,OAAK,OAAO,GAAG,CAAC,YAAY,GAAG;AAIjC,SAAO,QAAQ;;;;;CAMjB,MAAM,WAA0B;AAC9B,MAAI,KAAK,YAAY;AACnB,iBAAc,KAAK,WAAW;AAC9B,QAAK,aAAa,KAAA;;EAGpB,MAAM,WAA4B,EAAE;AACpC,OAAK,MAAM,GAAG,YAAY,KAAK,UAAU;AACvC,YAAS,KAAK,QAAQ,UAAU,OAAO,CAAC;AACxC,YAAS,KAAK,QAAQ,OAAO,OAAO,CAAC;;AAEvC,QAAM,QAAQ,IAAI,SAAS;AAC3B,OAAK,SAAS,OAAO;;;;;;;;;;;;;;;;;;;;;ACrGzB,SAAgB,gBAAgB,SAAqC;CACnE,MAAM,WAAW,SAAS,YAAY;CACtC,MAAM,QAAQ,SAAS,EAAE,UAAU,CAAC;CAEpC,MAAM,SAAS,IAAI,OACjB;EACE,MAAM;EACN,SAAS;EACV,EACD;EACE,cAAc,EACZ,OAAO,EAAE,EACV;EACD,cAAc;EACf,CACF;AAED,QAAO,kBAAkB,wBAAwB,YAAY;AAC3D,SAAO,EAAE,OAAO;GAChB;AAEF,QAAO,kBAAkB,uBAAuB,OAAO,SAAS,UAAU;EACxE,MAAM,EAAE,MAAM,WAAW,SAAS,QAAQ;EAC1C,MAAM,QAAQ,MAAM,UAAU;;AAG9B,MAAI,CAAC,MACH,QAAO;GACL,SAAS,CACP;IACE,MAAM;IACN,MAAM;IACP,CACF;GACD,mBAAmB;IACjB,SAAS;IACT,OAAO;IACR;GACD,SAAS;GACV;;AAKH,MAAI,YAAY,SAAS,cACvB,QAAO;GACL,SAAS,CACP;IACE,MAAM;IACN,MAAM;IACP,CACF;GACD,mBAAmB;IACjB,SAAS;IACT,OAAO;IACR;GACD,SAAS;GACV;AAGH,MAAI;AAMF,UALe,MAAM;IACnB;;IACsB,QAAoC,EAAE;IAC5D,EAAE,UAAU,OAAO;IACpB;WAEM,OAAO;;GAEd,MAAM,UAAU,iBAAiB,QAAQ,MAAM,UAAU,OAAO,MAAM;;AAEtE,UAAO;IACL,SAAS,CAAC;KAAE,MAAM;KAAiB,MAAM,UAAU;KAAW,CAAC;IAC/D,mBAAmB;KAAE,SAAS;KAAO,OAAO;KAAS;IACrD,SAAS;IACV;;GAEH;AAEF,QAAO;;;;;;;;;;;;;;AAeT,eAAsB,iBACpB,KACA,KACA,UACA,SACe;CAEf,MAAM,aAAa,IAAI,QAAQ;CAC/B,MAAM,cAAc,gBAAgB,WAAW;AAE/C,KAAI,CAAC,aAAa;AAChB,MAAI,UAAU,KAAK,EAAE,gBAAgB,oBAAoB,CAAC;AAC1D,MAAI,IACF,KAAK,UAAU;GACb,SAAS;GACT,OAAO;IACL,MAAM;IACN,SAAS;IACV;GACD,IAAI;GACL,CAAC,CACH;AACD;;CAIF,MAAM,mBAAmB;AAGzB,kBAAiB,OAAO;EACtB,OAAO,YAAY;EACnB,UAAU;EACV,QAAQ,EAAE;EACX;CAED,MAAM,YAAY,IAAI,QAAQ;AAE9B,KAAI,WAAW;EAEb,MAAM,UAAU,SAAS,IAAI,UAAU;AACvC,MAAI,CAAC,SAAS;AACZ,OAAI,UAAU,KAAK,EAAE,gBAAgB,oBAAoB,CAAC;AAC1D,OAAI,IACF,KAAK,UAAU;IACb,SAAS;IACT,OAAO;KACL,MAAM;KACN,SAAS;KACV;IACD,IAAI;IACL,CAAC,CACH;AACD;;AAGF,QAAM,QAAQ,UAAU,cAAc,kBAAkB,IAAI;AAC5D;;CAKF,MAAM,YAAY,IAAI,8BAA8B,EAClD,0BAA0B,YAAY,EACvC,CAAC;CAEF,MAAM,SAAS,gBAAgB,QAAQ;AACvC,OAAM,OAAO,QAAQ,UAAU;AAG/B,WAAU,gBAAgB;EACxB,MAAM,MAAM,UAAU;;AAEtB,MAAI,IACF,UAAS,OAAO,IAAI,CAAC,YAAY,GAE/B;;;AAMN,OAAM,UAAU,cAAc,kBAAkB,IAAI;;AAIpD,KAAI,UAAU,UACZ,UAAS,SAAS,WAAW,OAAO;MAC/B;AAEL,QAAM,UAAU,OAAO;AACvB,QAAM,OAAO,OAAO;;;;;;;;AASxB,SAAgB,wBACd,UACA,SAC8D;;AAE9D,SAAQ,KAAK,QAAQ,iBAAiB,KAAK,KAAK,UAAU,QAAQ;;;;;;;AAQpE,SAAgB,kBAAsB;CACpC,MAAM,MAAM,WAAW;AAEvB,KAAI,IACF,KACA,yBAAyB;AACvB,SAAO;GAAE,QAAQ;GAAM,SAAS;GAAa,SAAS;GAAS;GAC/D,CACH;AAED,KAAI,IACF,WACA,yBAAyB;AACvB,SAAO,EAAE,QAAQ,MAAM;GACvB,CACH;AAED,QAAO"}

package/dist/http.d.ts ADDED Viewed

@@ -0,0 +1,55 @@
+/**
+ * Streamable HTTP transport for Forge MCP Server
+ *
+ * Implements the official MCP Streamable HTTP transport specification (2025-03-26)
+ * using the SDK's StreamableHTTPServerTransport.
+ *
+ * Architecture:
+ * - Stateful mode with per-session transport+server pairs (multi-tenant)
+ * - Auth via Bearer token → authInfo.token → handler extra.authInfo
+ * - Session manager (injected) maps session IDs to transport+server instances
+ * - Health/status endpoints handled by h3, MCP endpoint by the SDK transport
+ */
+import type { IncomingMessage, ServerResponse } from "node:http";
+import { Server } from "@modelcontextprotocol/sdk/server/index.js";
+import { type H3 } from "h3";
+import { SessionManager } from "./sessions.ts";
+export { SessionManager } from "./sessions.ts";
+/**
+ * Options for the HTTP MCP server.
+ */
+export interface HttpServerOptions {
+    /** When true, forge_write tool is not registered and write operations are rejected. */
+    readOnly?: boolean;
+}
+/**
+ * Create a configured MCP Server instance for HTTP transport.
+ *
+ * Unlike stdio, HTTP mode does NOT include forge_configure/forge_get_config
+ * because credentials come from the Authorization header per-request.
+ */
+export declare function createMcpServer(options?: HttpServerOptions): Server;
+/**
+ * Handle an MCP request using the Streamable HTTP transport.
+ *
+ * Routes requests based on whether they have a session ID:
+ * - No session ID + initialize request → create new session
+ * - Has session ID → route to existing session's transport
+ *
+ * @param req - Node.js IncomingMessage
+ * @param res - Node.js ServerResponse
+ * @param sessions - Session manager instance (injected)
+ * @param options - Server options (read-only mode, etc.)
+ */
+export declare function handleMcpRequest(req: IncomingMessage, res: ServerResponse, sessions: SessionManager, options?: HttpServerOptions): Promise<void>;
+/**
+ * Create a request handler bound to a SessionManager instance.
+ * Convenience factory for server.ts.
+ */
+export declare function createMcpRequestHandler(sessions: SessionManager, options?: HttpServerOptions): (req: IncomingMessage, res: ServerResponse) => Promise<void>;
+/**
+ * Create h3 app for health check and service info endpoints.
+ * The MCP endpoint is handled separately by handleMcpRequest.
+ */
+export declare function createHealthApp(): H3;
+//# sourceMappingURL=http.d.ts.map

package/dist/http.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"http.d.ts","sourceRoot":"","sources":["../src/http.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAGH,OAAO,KAAK,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AAEjE,OAAO,EAAE,MAAM,EAAE,MAAM,2CAA2C,CAAC;AAGnE,OAAO,EAAiC,KAAK,EAAE,EAAE,MAAM,IAAI,CAAC;AAK5D,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAI/C,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAE/C;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,uFAAuF;IACvF,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAED;;;;;GAKG;AACH,wBAAgB,eAAe,CAAC,OAAO,CAAC,EAAE,iBAAiB,GAAG,MAAM,CAgFnE;AAED;;;;;;;;;;;GAWG;AACH,wBAAsB,gBAAgB,CACpC,GAAG,EAAE,eAAe,EACpB,GAAG,EAAE,cAAc,EACnB,QAAQ,EAAE,cAAc,EACxB,OAAO,CAAC,EAAE,iBAAiB,GAC1B,OAAO,CAAC,IAAI,CAAC,CAwFf;AAED;;;GAGG;AACH,wBAAgB,uBAAuB,CACrC,QAAQ,EAAE,cAAc,EACxB,OAAO,CAAC,EAAE,iBAAiB,GAC1B,CAAC,GAAG,EAAE,eAAe,EAAE,GAAG,EAAE,cAAc,KAAK,OAAO,CAAC,IAAI,CAAC,CAI9D;AAED;;;GAGG;AACH,wBAAgB,eAAe,IAAI,EAAE,CAkBpC"}

package/dist/http.js ADDED Viewed

@@ -0,0 +1,3 @@
+import "./version-DaD5zvGh.js";
+import { a as SessionManager, i as handleMcpRequest, n as createMcpRequestHandler, r as createMcpServer, t as createHealthApp } from "./http-CfjqK_e4.js";
+export { SessionManager, createHealthApp, createMcpRequestHandler, createMcpServer, handleMcpRequest };