@studiometa/forge-mcp 0.1.0 → 0.2.0

package/dist/server.d.ts

@@ -9,6 +9,8 @@
  *
  * Usage:
  *   forge-mcp-server
+ *   forge-mcp-server --read-only
+ *   FORGE_READ_ONLY=true forge-mcp-server
  *   PORT=3000 forge-mcp-server
  *
  * Endpoints:
@@ -19,8 +21,15 @@
  *   GET  /health - Health check
  */
 import { type Server } from "node:http";
+/**
+ * Options for the HTTP server.
+ */
+export interface HttpStartOptions {
+    /** When true, forge_write tool is not registered. */
+    readOnly?: boolean;
+}
 /**
  * Start the HTTP server with Streamable HTTP transport.
  */
-export declare function startHttpServer(port?: number, host?: string): Promise<Server>;
+export declare function startHttpServer(port?: number, host?: string, options?: HttpStartOptions): Promise<Server>;
 //# sourceMappingURL=server.d.ts.map

package/dist/server.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":";AAEA;;;;;;;;;;;;;;;;;;GAkBG;AAGH,OAAO,EAAgB,KAAK,MAAM,EAAE,MAAM,WAAW,CAAC;AAStD;;GAEG;AACH,wBAAgB,eAAe,CAC7B,IAAI,GAAE,MAAqB,EAC3B,IAAI,GAAE,MAAqB,GAC1B,OAAO,CAAC,MAAM,CAAC,CAwCjB"}
+{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":";AAEA;;;;;;;;;;;;;;;;;;;;GAoBG;AAGH,OAAO,EAAgB,KAAK,MAAM,EAAE,MAAM,WAAW,CAAC;AAUtD;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,qDAAqD;IACrD,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAED;;GAEG;AACH,wBAAgB,eAAe,CAC7B,IAAI,GAAE,MAAqB,EAC3B,IAAI,GAAE,MAAqB,EAC3B,OAAO,CAAC,EAAE,gBAAgB,GACzB,OAAO,CAAC,MAAM,CAAC,CA8CjB"}

package/dist/server.js

@@ -1,6 +1,7 @@
 #!/usr/bin/env node
-import { t as VERSION } from "./version-Cw8OGt4r.js";
-import { a as SessionManager, n as createMcpRequestHandler, t as createHealthApp } from "./http-BJUKoZdb.js";
+import { t as VERSION } from "./version-DaD5zvGh.js";
+import { n as parseReadOnlyFlag } from "./src-BdwavqrN.js";
+import { a as SessionManager, n as createMcpRequestHandler, t as createHealthApp } from "./http-CfjqK_e4.js";
 import { toNodeHandler } from "h3/node";
 import { createServer } from "node:http";
 /**
@@ -13,6 +14,8 @@ import { createServer } from "node:http";
 *
 * Usage:
 *   forge-mcp-server
+*   forge-mcp-server --read-only
+*   FORGE_READ_ONLY=true forge-mcp-server
 *   PORT=3000 forge-mcp-server
 *
 * Endpoints:
@@ -27,9 +30,10 @@ var DEFAULT_HOST = "0.0.0.0";
 /**
 * Start the HTTP server with Streamable HTTP transport.
 */
-function startHttpServer(port = DEFAULT_PORT, host = DEFAULT_HOST) {
+function startHttpServer(port = DEFAULT_PORT, host = DEFAULT_HOST, options) {
 	return new Promise((resolve) => {
-		const handleMcp = createMcpRequestHandler(new SessionManager());
+		const readOnly = options?.readOnly ?? false;
+		const handleMcp = createMcpRequestHandler(new SessionManager(), { readOnly });
 		const healthHandler = toNodeHandler(createHealthApp());
 		const server = createServer(async (req, res) => {
 			const url = req.url ?? "/";
@@ -41,7 +45,8 @@ function startHttpServer(port = DEFAULT_PORT, host = DEFAULT_HOST) {
 		});
 		server.listen(port, host, () => {
 			const displayHost = host === "0.0.0.0" ? "localhost" : host;
-			console.log(`Forge MCP server v${VERSION}`);
+			const mode = readOnly ? " (read-only)" : "";
+			console.log(`Forge MCP server v${VERSION}${mode}`);
 			console.log(`Node.js ${process.version}`);
 			console.log("");
 			console.log(`Running at http://${displayHost}:${port}`);
@@ -53,12 +58,16 @@ function startHttpServer(port = DEFAULT_PORT, host = DEFAULT_HOST) {
 			console.log("Authentication:");
 			console.log("  Bearer token in Authorization header");
 			console.log("  Token format: your raw Forge API token");
+			if (readOnly) {
+				console.log("");
+				console.log("Mode: READ-ONLY (write operations disabled)");
+			}
 			console.log("");
 			resolve(server);
 		});
 	});
 }
-if (import.meta.url === `file://${process.argv[1]}` || process.argv[1]?.endsWith("/forge-mcp-server") || process.argv[1]?.endsWith("\\forge-mcp-server")) startHttpServer(Number.parseInt(process.env.PORT || String(DEFAULT_PORT), 10), process.env.HOST || DEFAULT_HOST).catch((error) => {
+if (import.meta.url === `file://${process.argv[1]}` || process.argv[1]?.endsWith("/forge-mcp-server") || process.argv[1]?.endsWith("\\forge-mcp-server")) startHttpServer(Number.parseInt(process.env.PORT || String(DEFAULT_PORT), 10), process.env.HOST || DEFAULT_HOST, { readOnly: parseReadOnlyFlag() }).catch((error) => {
 	console.error("Fatal error:", error);
 	process.exit(1);
 });

package/dist/server.js.map

@@ -1 +1 @@
-{"version":3,"file":"server.js","names":[],"sources":["../src/server.ts"],"sourcesContent":["#!/usr/bin/env node\n\n/**\n * Forge MCP Server - HTTP Transport (Streamable HTTP)\n *\n * Implements the official MCP Streamable HTTP transport specification.\n * Credentials are passed via Bearer token in the Authorization header.\n *\n * Token format: raw Forge API token\n *\n * Usage:\n *   forge-mcp-server\n *   PORT=3000 forge-mcp-server\n *\n * Endpoints:\n *   POST /mcp   - MCP Streamable HTTP (JSON-RPC messages)\n *   GET  /mcp   - MCP Streamable HTTP (SSE stream for server notifications)\n *   DELETE /mcp - MCP Streamable HTTP (session termination)\n *   GET  /       - Service info\n *   GET  /health - Health check\n */\n\nimport { toNodeHandler } from \"h3/node\";\nimport { createServer, type Server } from \"node:http\";\n\nimport { createHealthApp, createMcpRequestHandler } from \"./http.ts\";\nimport { SessionManager } from \"./sessions.ts\";\nimport { VERSION } from \"./version.ts\";\n\nconst DEFAULT_PORT = 3000;\nconst DEFAULT_HOST = \"0.0.0.0\";\n\n/**\n * Start the HTTP server with Streamable HTTP transport.\n */\nexport function startHttpServer(\n  port: number = DEFAULT_PORT,\n  host: string = DEFAULT_HOST,\n): Promise<Server> {\n  return new Promise((resolve) => {\n    const sessions = new SessionManager();\n    const handleMcp = createMcpRequestHandler(sessions);\n    const healthApp = createHealthApp();\n    const healthHandler = toNodeHandler(healthApp);\n\n    const server = createServer(async (req, res) => {\n      const url = req.url ?? \"/\";\n\n      // Route /mcp to MCP Streamable HTTP transport\n      if (url === \"/mcp\" || url.startsWith(\"/mcp?\")) {\n        await handleMcp(req, res);\n        return;\n      }\n\n      // Everything else goes to h3 (health checks, service info)\n      healthHandler(req, res);\n    });\n\n    server.listen(port, host, () => {\n      const displayHost = host === \"0.0.0.0\" ? \"localhost\" : host;\n      console.log(`Forge MCP server v${VERSION}`);\n      console.log(`Node.js ${process.version}`);\n      console.log(\"\");\n      console.log(`Running at http://${displayHost}:${port}`);\n      console.log(\"\");\n      console.log(\"Endpoints:\");\n      console.log(\n        `  POST/GET/DELETE http://${displayHost}:${port}/mcp - MCP Streamable HTTP endpoint`,\n      );\n      console.log(`  GET  http://${displayHost}:${port}/health - Health check`);\n      console.log(\"\");\n      console.log(\"Authentication:\");\n      console.log(\"  Bearer token in Authorization header\");\n      console.log(\"  Token format: your raw Forge API token\");\n      console.log(\"\");\n      resolve(server);\n    });\n  });\n}\n\n// Start server when run directly\nconst isMainModule =\n  import.meta.url === `file://${process.argv[1]}` ||\n  process.argv[1]?.endsWith(\"/forge-mcp-server\") ||\n  process.argv[1]?.endsWith(\"\\\\forge-mcp-server\");\n\nif (isMainModule) {\n  const port = Number.parseInt(process.env.PORT || String(DEFAULT_PORT), 10);\n  const host = process.env.HOST || DEFAULT_HOST;\n\n  startHttpServer(port, host).catch((error) => {\n    console.error(\"Fatal error:\", error);\n    process.exit(1);\n  });\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AA6BA,IAAM,eAAe;AACrB,IAAM,eAAe;;;;AAKrB,SAAgB,gBACd,OAAe,cACf,OAAe,cACE;AACjB,QAAO,IAAI,SAAS,YAAY;EAE9B,MAAM,YAAY,wBADD,IAAI,gBAAgB,CACc;EAEnD,MAAM,gBAAgB,cADJ,iBAAiB,CACW;EAE9C,MAAM,SAAS,aAAa,OAAO,KAAK,QAAQ;GAC9C,MAAM,MAAM,IAAI,OAAO;AAGvB,OAAI,QAAQ,UAAU,IAAI,WAAW,QAAQ,EAAE;AAC7C,UAAM,UAAU,KAAK,IAAI;AACzB;;AAIF,iBAAc,KAAK,IAAI;IACvB;AAEF,SAAO,OAAO,MAAM,YAAY;GAC9B,MAAM,cAAc,SAAS,YAAY,cAAc;AACvD,WAAQ,IAAI,qBAAqB,UAAU;AAC3C,WAAQ,IAAI,WAAW,QAAQ,UAAU;AACzC,WAAQ,IAAI,GAAG;AACf,WAAQ,IAAI,qBAAqB,YAAY,GAAG,OAAO;AACvD,WAAQ,IAAI,GAAG;AACf,WAAQ,IAAI,aAAa;AACzB,WAAQ,IACN,4BAA4B,YAAY,GAAG,KAAK,qCACjD;AACD,WAAQ,IAAI,iBAAiB,YAAY,GAAG,KAAK,wBAAwB;AACzE,WAAQ,IAAI,GAAG;AACf,WAAQ,IAAI,kBAAkB;AAC9B,WAAQ,IAAI,yCAAyC;AACrD,WAAQ,IAAI,2CAA2C;AACvD,WAAQ,IAAI,GAAG;AACf,WAAQ,OAAO;IACf;GACF;;AASJ,IAJE,OAAO,KAAK,QAAQ,UAAU,QAAQ,KAAK,QAC3C,QAAQ,KAAK,IAAI,SAAS,oBAAoB,IAC9C,QAAQ,KAAK,IAAI,SAAS,qBAAqB,CAM/C,iBAHa,OAAO,SAAS,QAAQ,IAAI,QAAQ,OAAO,aAAa,EAAE,GAAG,EAC7D,QAAQ,IAAI,QAAQ,aAEN,CAAC,OAAO,UAAU;AAC3C,SAAQ,MAAM,gBAAgB,MAAM;AACpC,SAAQ,KAAK,EAAE;EACf"}
+{"version":3,"file":"server.js","names":[],"sources":["../src/server.ts"],"sourcesContent":["#!/usr/bin/env node\n\n/**\n * Forge MCP Server - HTTP Transport (Streamable HTTP)\n *\n * Implements the official MCP Streamable HTTP transport specification.\n * Credentials are passed via Bearer token in the Authorization header.\n *\n * Token format: raw Forge API token\n *\n * Usage:\n *   forge-mcp-server\n *   forge-mcp-server --read-only\n *   FORGE_READ_ONLY=true forge-mcp-server\n *   PORT=3000 forge-mcp-server\n *\n * Endpoints:\n *   POST /mcp   - MCP Streamable HTTP (JSON-RPC messages)\n *   GET  /mcp   - MCP Streamable HTTP (SSE stream for server notifications)\n *   DELETE /mcp - MCP Streamable HTTP (session termination)\n *   GET  /       - Service info\n *   GET  /health - Health check\n */\n\nimport { toNodeHandler } from \"h3/node\";\nimport { createServer, type Server } from \"node:http\";\n\nimport { createHealthApp, createMcpRequestHandler } from \"./http.ts\";\nimport { parseReadOnlyFlag } from \"./index.ts\";\nimport { SessionManager } from \"./sessions.ts\";\nimport { VERSION } from \"./version.ts\";\n\nconst DEFAULT_PORT = 3000;\nconst DEFAULT_HOST = \"0.0.0.0\";\n\n/**\n * Options for the HTTP server.\n */\nexport interface HttpStartOptions {\n  /** When true, forge_write tool is not registered. */\n  readOnly?: boolean;\n}\n\n/**\n * Start the HTTP server with Streamable HTTP transport.\n */\nexport function startHttpServer(\n  port: number = DEFAULT_PORT,\n  host: string = DEFAULT_HOST,\n  options?: HttpStartOptions,\n): Promise<Server> {\n  return new Promise((resolve) => {\n    const readOnly = options?.readOnly ?? false;\n    const sessions = new SessionManager();\n    const handleMcp = createMcpRequestHandler(sessions, { readOnly });\n    const healthApp = createHealthApp();\n    const healthHandler = toNodeHandler(healthApp);\n\n    const server = createServer(async (req, res) => {\n      const url = req.url ?? \"/\";\n\n      // Route /mcp to MCP Streamable HTTP transport\n      if (url === \"/mcp\" || url.startsWith(\"/mcp?\")) {\n        await handleMcp(req, res);\n        return;\n      }\n\n      // Everything else goes to h3 (health checks, service info)\n      healthHandler(req, res);\n    });\n\n    server.listen(port, host, () => {\n      const displayHost = host === \"0.0.0.0\" ? \"localhost\" : host;\n      const mode = readOnly ? \" (read-only)\" : \"\";\n      console.log(`Forge MCP server v${VERSION}${mode}`);\n      console.log(`Node.js ${process.version}`);\n      console.log(\"\");\n      console.log(`Running at http://${displayHost}:${port}`);\n      console.log(\"\");\n      console.log(\"Endpoints:\");\n      console.log(\n        `  POST/GET/DELETE http://${displayHost}:${port}/mcp - MCP Streamable HTTP endpoint`,\n      );\n      console.log(`  GET  http://${displayHost}:${port}/health - Health check`);\n      console.log(\"\");\n      console.log(\"Authentication:\");\n      console.log(\"  Bearer token in Authorization header\");\n      console.log(\"  Token format: your raw Forge API token\");\n      if (readOnly) {\n        console.log(\"\");\n        console.log(\"Mode: READ-ONLY (write operations disabled)\");\n      }\n      console.log(\"\");\n      resolve(server);\n    });\n  });\n}\n\n// Start server when run directly\nconst isMainModule =\n  import.meta.url === `file://${process.argv[1]}` ||\n  process.argv[1]?.endsWith(\"/forge-mcp-server\") ||\n  process.argv[1]?.endsWith(\"\\\\forge-mcp-server\");\n\nif (isMainModule) {\n  const port = Number.parseInt(process.env.PORT || String(DEFAULT_PORT), 10);\n  const host = process.env.HOST || DEFAULT_HOST;\n  const readOnly = parseReadOnlyFlag();\n\n  startHttpServer(port, host, { readOnly }).catch((error) => {\n    console.error(\"Fatal error:\", error);\n    process.exit(1);\n  });\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;AAgCA,IAAM,eAAe;AACrB,IAAM,eAAe;;;;AAarB,SAAgB,gBACd,OAAe,cACf,OAAe,cACf,SACiB;AACjB,QAAO,IAAI,SAAS,YAAY;EAC9B,MAAM,WAAW,SAAS,YAAY;EAEtC,MAAM,YAAY,wBADD,IAAI,gBAAgB,EACe,EAAE,UAAU,CAAC;EAEjE,MAAM,gBAAgB,cADJ,iBAAiB,CACW;EAE9C,MAAM,SAAS,aAAa,OAAO,KAAK,QAAQ;GAC9C,MAAM,MAAM,IAAI,OAAO;AAGvB,OAAI,QAAQ,UAAU,IAAI,WAAW,QAAQ,EAAE;AAC7C,UAAM,UAAU,KAAK,IAAI;AACzB;;AAIF,iBAAc,KAAK,IAAI;IACvB;AAEF,SAAO,OAAO,MAAM,YAAY;GAC9B,MAAM,cAAc,SAAS,YAAY,cAAc;GACvD,MAAM,OAAO,WAAW,iBAAiB;AACzC,WAAQ,IAAI,qBAAqB,UAAU,OAAO;AAClD,WAAQ,IAAI,WAAW,QAAQ,UAAU;AACzC,WAAQ,IAAI,GAAG;AACf,WAAQ,IAAI,qBAAqB,YAAY,GAAG,OAAO;AACvD,WAAQ,IAAI,GAAG;AACf,WAAQ,IAAI,aAAa;AACzB,WAAQ,IACN,4BAA4B,YAAY,GAAG,KAAK,qCACjD;AACD,WAAQ,IAAI,iBAAiB,YAAY,GAAG,KAAK,wBAAwB;AACzE,WAAQ,IAAI,GAAG;AACf,WAAQ,IAAI,kBAAkB;AAC9B,WAAQ,IAAI,yCAAyC;AACrD,WAAQ,IAAI,2CAA2C;AACvD,OAAI,UAAU;AACZ,YAAQ,IAAI,GAAG;AACf,YAAQ,IAAI,8CAA8C;;AAE5D,WAAQ,IAAI,GAAG;AACf,WAAQ,OAAO;IACf;GACF;;AASJ,IAJE,OAAO,KAAK,QAAQ,UAAU,QAAQ,KAAK,QAC3C,QAAQ,KAAK,IAAI,SAAS,oBAAoB,IAC9C,QAAQ,KAAK,IAAI,SAAS,qBAAqB,CAO/C,iBAJa,OAAO,SAAS,QAAQ,IAAI,QAAQ,OAAO,aAAa,EAAE,GAAG,EAC7D,QAAQ,IAAI,QAAQ,cAGL,EAAE,UAFb,mBAAmB,EAEI,CAAC,CAAC,OAAO,UAAU;AACzD,SAAQ,MAAM,gBAAgB,MAAM;AACpC,SAAQ,KAAK,EAAE;EACf"}

package/dist/src-BdwavqrN.js

@@ -0,0 +1,189 @@
+import { a as INSTRUCTIONS, i as getTools, n as executeToolWithCredentials, r as STDIO_ONLY_TOOLS, t as VERSION } from "./version-DaD5zvGh.js";
+import { Server } from "@modelcontextprotocol/sdk/server/index.js";
+import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
+import { CallToolRequestSchema, ListToolsRequestSchema } from "@modelcontextprotocol/sdk/types.js";
+import { getToken, setToken } from "@studiometa/forge-api";
+/**
+* Get all available tools (including stdio-only configuration tools).
+*
+* @param options - Optional filtering. When `readOnly` is true, forge_write is excluded.
+*/
+function getAvailableTools(options) {
+	return [...getTools(options), ...STDIO_ONLY_TOOLS];
+}
+/**
+* Handle the forge_configure tool.
+*/
+function handleConfigureTool(args) {
+	if (!args.apiToken || typeof args.apiToken !== "string" || args.apiToken.trim().length === 0) return {
+		content: [{
+			type: "text",
+			text: "Error: apiToken is required and must be a non-empty string."
+		}],
+		structuredContent: {
+			success: false,
+			error: "apiToken is required and must be a non-empty string."
+		},
+		isError: true
+	};
+	setToken(args.apiToken);
+	const data = {
+		success: true,
+		message: "Laravel Forge API token configured successfully",
+		apiToken: `***${args.apiToken.slice(-4)}`
+	};
+	return {
+		content: [{
+			type: "text",
+			text: JSON.stringify(data, null, 2)
+		}],
+		structuredContent: data
+	};
+}
+/**
+* Handle the forge_get_config tool.
+*/
+function handleGetConfigTool() {
+	const token = getToken();
+	const data = {
+		apiToken: token ? `***${token.slice(-4)}` : "not configured",
+		configured: !!token
+	};
+	return {
+		content: [{
+			type: "text",
+			text: JSON.stringify(data, null, 2)
+		}],
+		structuredContent: data
+	};
+}
+/**
+* Handle a tool call request.
+*
+* Routes to the appropriate handler based on tool name:
+* - forge_configure / forge_get_config — stdio-only config tools
+* - forge — read-only operations (list, get, help, schema)
+* - forge_write — write operations (create, update, delete, deploy, etc.)
+*/
+async function handleToolCall(name, args, options) {
+	if (name === "forge_configure") return handleConfigureTool(args);
+	if (name === "forge_get_config") return handleGetConfigTool();
+	if (name === "forge_write" && options?.readOnly) return {
+		content: [{
+			type: "text",
+			text: "Error: Server is running in read-only mode. Write operations are disabled."
+		}],
+		structuredContent: {
+			success: false,
+			error: "Server is running in read-only mode. Write operations are disabled."
+		},
+		isError: true
+	};
+	if (name === "forge" || name === "forge_write") {
+		const apiToken = getToken();
+		if (!apiToken) return {
+			content: [{
+				type: "text",
+				text: "Error: Forge API token not configured. Use \"forge_configure\" tool or set FORGE_API_TOKEN environment variable."
+			}],
+			structuredContent: {
+				success: false,
+				error: "Forge API token not configured. Use \"forge_configure\" tool or set FORGE_API_TOKEN environment variable."
+			},
+			isError: true
+		};
+		return executeToolWithCredentials(name, args, { apiToken });
+	}
+	return {
+		content: [{
+			type: "text",
+			text: `Error: Unknown tool "${name}".`
+		}],
+		structuredContent: {
+			success: false,
+			error: `Unknown tool "${name}".`
+		},
+		isError: true
+	};
+}
+/**
+* Forge MCP Server — Stdio Transport
+*
+* This is the local execution mode using stdio transport.
+* For remote HTTP deployment, use server.ts instead.
+*
+* Usage:
+*   npx @studiometa/forge-mcp
+*   npx @studiometa/forge-mcp --read-only
+*   FORGE_READ_ONLY=true npx @studiometa/forge-mcp
+*
+* Or in Claude Desktop config:
+*   {
+*     "mcpServers": {
+*       "forge": {
+*         "command": "forge-mcp",
+*         "args": ["--read-only"],
+*         "env": { "FORGE_API_TOKEN": "your-token" }
+*       }
+*     }
+*   }
+*/
+/**
+* Parse read-only flag from process.argv and environment.
+*/
+function parseReadOnlyFlag() {
+	return process.argv.includes("--read-only") || process.env.FORGE_READ_ONLY === "true";
+}
+/**
+* Create and configure the MCP server.
+*/
+function createStdioServer(options) {
+	const readOnly = options?.readOnly ?? false;
+	const server = new Server({
+		name: "forge-mcp",
+		version: VERSION
+	}, {
+		capabilities: { tools: {} },
+		instructions: INSTRUCTIONS
+	});
+	server.setRequestHandler(ListToolsRequestSchema, async () => {
+		return { tools: getAvailableTools({ readOnly }) };
+	});
+	server.setRequestHandler(CallToolRequestSchema, async (request) => {
+		const { name, arguments: args } = request.params;
+		try {
+			return await handleToolCall(name, args ?? {}, { readOnly });
+		} catch (error) {
+			const message = error instanceof Error ? error.message : String(error);
+			return {
+				content: [{
+					type: "text",
+					text: `Error: ${message}`
+				}],
+				structuredContent: {
+					success: false,
+					error: message
+				},
+				isError: true
+			};
+		}
+	});
+	return server;
+}
+/**
+* Start the stdio server.
+*/
+async function startStdioServer(options) {
+	const server = createStdioServer(options);
+	const transport = new StdioServerTransport();
+	await server.connect(transport);
+	const mode = options?.readOnly ? " (read-only)" : "";
+	console.error(`Forge MCP server v${VERSION} running on stdio${mode}`);
+}
+if (import.meta.url === `file://${process.argv[1]}` || process.argv[1]?.endsWith("/forge-mcp") || process.argv[1]?.endsWith("\\forge-mcp")) startStdioServer({ readOnly: parseReadOnlyFlag() }).catch((error) => {
+	console.error("Fatal error:", error);
+	process.exit(1);
+});
+export { parseReadOnlyFlag as n, startStdioServer as r, createStdioServer as t };
+
+//# sourceMappingURL=src-BdwavqrN.js.map

package/dist/src-BdwavqrN.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"src-BdwavqrN.js","names":[],"sources":["../src/stdio.ts","../src/index.ts"],"sourcesContent":["import { getToken, setToken } from \"@studiometa/forge-api\";\n\nimport type { ToolResult } from \"./handlers/types.ts\";\n\nimport { executeToolWithCredentials } from \"./handlers/index.ts\";\nimport { getTools, STDIO_ONLY_TOOLS } from \"./tools.ts\";\nimport type { GetToolsOptions } from \"./tools.ts\";\n\nexport type { ToolResult };\n\n/**\n * Get all available tools (including stdio-only configuration tools).\n *\n * @param options - Optional filtering. When `readOnly` is true, forge_write is excluded.\n */\n// eslint-disable-next-line @typescript-eslint/no-explicit-any\nexport function getAvailableTools(options?: GetToolsOptions): any[] {\n  return [...getTools(options), ...STDIO_ONLY_TOOLS];\n}\n\n/**\n * Handle the forge_configure tool.\n */\nexport function handleConfigureTool(args: { apiToken: string }): ToolResult {\n  if (!args.apiToken || typeof args.apiToken !== \"string\" || args.apiToken.trim().length === 0) {\n    return {\n      content: [\n        {\n          type: \"text\",\n          text: \"Error: apiToken is required and must be a non-empty string.\",\n        },\n      ],\n      structuredContent: {\n        success: false,\n        error: \"apiToken is required and must be a non-empty string.\",\n      },\n      isError: true,\n    };\n  }\n\n  setToken(args.apiToken);\n\n  const maskedToken = `***${args.apiToken.slice(-4)}`;\n  const data = {\n    success: true,\n    message: \"Laravel Forge API token configured successfully\",\n    apiToken: maskedToken,\n  };\n\n  return {\n    content: [\n      {\n        type: \"text\",\n        text: JSON.stringify(data, null, 2),\n      },\n    ],\n    structuredContent: data,\n  };\n}\n\n/**\n * Handle the forge_get_config tool.\n */\nexport function handleGetConfigTool(): ToolResult {\n  const token = getToken();\n\n  const data = {\n    apiToken: token ? `***${token.slice(-4)}` : \"not configured\",\n    configured: !!token,\n  };\n\n  return {\n    content: [\n      {\n        type: \"text\",\n        text: JSON.stringify(data, null, 2),\n      },\n    ],\n    structuredContent: data,\n  };\n}\n\n/**\n * Options for handleToolCall.\n */\nexport interface HandleToolCallOptions {\n  /** When true, forge_write is rejected with an error. */\n  readOnly?: boolean;\n}\n\n/**\n * Handle a tool call request.\n *\n * Routes to the appropriate handler based on tool name:\n * - forge_configure / forge_get_config — stdio-only config tools\n * - forge — read-only operations (list, get, help, schema)\n * - forge_write — write operations (create, update, delete, deploy, etc.)\n */\nexport async function handleToolCall(\n  name: string,\n  args: Record<string, unknown>,\n  options?: HandleToolCallOptions,\n): Promise<ToolResult> {\n  if (name === \"forge_configure\") {\n    return handleConfigureTool(args as { apiToken: string });\n  }\n\n  if (name === \"forge_get_config\") {\n    return handleGetConfigTool();\n  }\n\n  // Reject forge_write in read-only mode\n  if (name === \"forge_write\" && options?.readOnly) {\n    return {\n      content: [\n        {\n          type: \"text\",\n          text: \"Error: Server is running in read-only mode. Write operations are disabled.\",\n        },\n      ],\n      structuredContent: {\n        success: false,\n        error: \"Server is running in read-only mode. Write operations are disabled.\",\n      },\n      isError: true,\n    };\n  }\n\n  // Both forge and forge_write require authentication\n  if (name === \"forge\" || name === \"forge_write\") {\n    const apiToken = getToken();\n    if (!apiToken) {\n      return {\n        content: [\n          {\n            type: \"text\",\n            text: 'Error: Forge API token not configured. Use \"forge_configure\" tool or set FORGE_API_TOKEN environment variable.',\n          },\n        ],\n        structuredContent: {\n          success: false,\n          error:\n            'Forge API token not configured. Use \"forge_configure\" tool or set FORGE_API_TOKEN environment variable.',\n        },\n        isError: true,\n      };\n    }\n\n    return executeToolWithCredentials(name, args, { apiToken });\n  }\n\n  return {\n    content: [\n      {\n        type: \"text\",\n        text: `Error: Unknown tool \"${name}\".`,\n      },\n    ],\n    structuredContent: { success: false, error: `Unknown tool \"${name}\".` },\n    isError: true,\n  };\n}\n","#!/usr/bin/env node\n\n/**\n * Forge MCP Server — Stdio Transport\n *\n * This is the local execution mode using stdio transport.\n * For remote HTTP deployment, use server.ts instead.\n *\n * Usage:\n *   npx @studiometa/forge-mcp\n *   npx @studiometa/forge-mcp --read-only\n *   FORGE_READ_ONLY=true npx @studiometa/forge-mcp\n *\n * Or in Claude Desktop config:\n *   {\n *     \"mcpServers\": {\n *       \"forge\": {\n *         \"command\": \"forge-mcp\",\n *         \"args\": [\"--read-only\"],\n *         \"env\": { \"FORGE_API_TOKEN\": \"your-token\" }\n *       }\n *     }\n *   }\n */\n\nimport { Server } from \"@modelcontextprotocol/sdk/server/index.js\";\nimport { StdioServerTransport } from \"@modelcontextprotocol/sdk/server/stdio.js\";\nimport { CallToolRequestSchema, ListToolsRequestSchema } from \"@modelcontextprotocol/sdk/types.js\";\n\nimport { INSTRUCTIONS } from \"./instructions.ts\";\nimport { getAvailableTools, handleToolCall } from \"./stdio.ts\";\nimport { VERSION } from \"./version.ts\";\n\n/**\n * Options for the stdio MCP server.\n */\nexport interface StdioServerOptions {\n  /** When true, forge_write tool is not registered and write operations are rejected. */\n  readOnly?: boolean;\n}\n\n/**\n * Parse read-only flag from process.argv and environment.\n */\nexport function parseReadOnlyFlag(): boolean {\n  return process.argv.includes(\"--read-only\") || process.env.FORGE_READ_ONLY === \"true\";\n}\n\n/**\n * Create and configure the MCP server.\n */\nexport function createStdioServer(options?: StdioServerOptions): Server {\n  const readOnly = options?.readOnly ?? false;\n\n  const server = new Server(\n    {\n      name: \"forge-mcp\",\n      version: VERSION,\n    },\n    {\n      capabilities: {\n        tools: {},\n      },\n      instructions: INSTRUCTIONS,\n    },\n  );\n\n  server.setRequestHandler(ListToolsRequestSchema, async () => {\n    return { tools: getAvailableTools({ readOnly }) };\n  });\n\n  server.setRequestHandler(CallToolRequestSchema, async (request) => {\n    const { name, arguments: args } = request.params;\n\n    try {\n      const result = await handleToolCall(name, (args as Record<string, unknown>) ?? {}, {\n        readOnly,\n      });\n      return result as unknown as Record<string, unknown>;\n    } catch (error) {\n      const message = error instanceof Error ? error.message : String(error);\n      return {\n        content: [{ type: \"text\" as const, text: `Error: ${message}` }],\n        structuredContent: { success: false, error: message },\n        isError: true,\n      };\n    }\n  });\n\n  return server;\n}\n\n/**\n * Start the stdio server.\n */\nexport async function startStdioServer(options?: StdioServerOptions): Promise<void> {\n  const server = createStdioServer(options);\n  const transport = new StdioServerTransport();\n  await server.connect(transport);\n  const mode = options?.readOnly ? \" (read-only)\" : \"\";\n  console.error(`Forge MCP server v${VERSION} running on stdio${mode}`);\n}\n\n// Start server when run directly\nconst isMainModule =\n  import.meta.url === `file://${process.argv[1]}` ||\n  process.argv[1]?.endsWith(\"/forge-mcp\") ||\n  process.argv[1]?.endsWith(\"\\\\forge-mcp\");\n\nif (isMainModule) {\n  const readOnly = parseReadOnlyFlag();\n  startStdioServer({ readOnly }).catch((error) => {\n    console.error(\"Fatal error:\", error);\n    process.exit(1);\n  });\n}\n"],"mappings":";;;;;;;;;;AAgBA,SAAgB,kBAAkB,SAAkC;AAClE,QAAO,CAAC,GAAG,SAAS,QAAQ,EAAE,GAAG,iBAAiB;;;;;AAMpD,SAAgB,oBAAoB,MAAwC;AAC1E,KAAI,CAAC,KAAK,YAAY,OAAO,KAAK,aAAa,YAAY,KAAK,SAAS,MAAM,CAAC,WAAW,EACzF,QAAO;EACL,SAAS,CACP;GACE,MAAM;GACN,MAAM;GACP,CACF;EACD,mBAAmB;GACjB,SAAS;GACT,OAAO;GACR;EACD,SAAS;EACV;AAGH,UAAS,KAAK,SAAS;CAGvB,MAAM,OAAO;EACX,SAAS;EACT,SAAS;EACT,UAJkB,MAAM,KAAK,SAAS,MAAM,GAAG;EAKhD;AAED,QAAO;EACL,SAAS,CACP;GACE,MAAM;GACN,MAAM,KAAK,UAAU,MAAM,MAAM,EAAE;GACpC,CACF;EACD,mBAAmB;EACpB;;;;;AAMH,SAAgB,sBAAkC;CAChD,MAAM,QAAQ,UAAU;CAExB,MAAM,OAAO;EACX,UAAU,QAAQ,MAAM,MAAM,MAAM,GAAG,KAAK;EAC5C,YAAY,CAAC,CAAC;EACf;AAED,QAAO;EACL,SAAS,CACP;GACE,MAAM;GACN,MAAM,KAAK,UAAU,MAAM,MAAM,EAAE;GACpC,CACF;EACD,mBAAmB;EACpB;;;;;;;;;;AAmBH,eAAsB,eACpB,MACA,MACA,SACqB;AACrB,KAAI,SAAS,kBACX,QAAO,oBAAoB,KAA6B;AAG1D,KAAI,SAAS,mBACX,QAAO,qBAAqB;AAI9B,KAAI,SAAS,iBAAiB,SAAS,SACrC,QAAO;EACL,SAAS,CACP;GACE,MAAM;GACN,MAAM;GACP,CACF;EACD,mBAAmB;GACjB,SAAS;GACT,OAAO;GACR;EACD,SAAS;EACV;AAIH,KAAI,SAAS,WAAW,SAAS,eAAe;EAC9C,MAAM,WAAW,UAAU;AAC3B,MAAI,CAAC,SACH,QAAO;GACL,SAAS,CACP;IACE,MAAM;IACN,MAAM;IACP,CACF;GACD,mBAAmB;IACjB,SAAS;IACT,OACE;IACH;GACD,SAAS;GACV;AAGH,SAAO,2BAA2B,MAAM,MAAM,EAAE,UAAU,CAAC;;AAG7D,QAAO;EACL,SAAS,CACP;GACE,MAAM;GACN,MAAM,wBAAwB,KAAK;GACpC,CACF;EACD,mBAAmB;GAAE,SAAS;GAAO,OAAO,iBAAiB,KAAK;GAAK;EACvE,SAAS;EACV;;;;;;;;;;;;;;;;;;;;;;;;;;;ACpHH,SAAgB,oBAA6B;AAC3C,QAAO,QAAQ,KAAK,SAAS,cAAc,IAAI,QAAQ,IAAI,oBAAoB;;;;;AAMjF,SAAgB,kBAAkB,SAAsC;CACtE,MAAM,WAAW,SAAS,YAAY;CAEtC,MAAM,SAAS,IAAI,OACjB;EACE,MAAM;EACN,SAAS;EACV,EACD;EACE,cAAc,EACZ,OAAO,EAAE,EACV;EACD,cAAc;EACf,CACF;AAED,QAAO,kBAAkB,wBAAwB,YAAY;AAC3D,SAAO,EAAE,OAAO,kBAAkB,EAAE,UAAU,CAAC,EAAE;GACjD;AAEF,QAAO,kBAAkB,uBAAuB,OAAO,YAAY;EACjE,MAAM,EAAE,MAAM,WAAW,SAAS,QAAQ;AAE1C,MAAI;AAIF,UAHe,MAAM,eAAe,MAAO,QAAoC,EAAE,EAAE,EACjF,UACD,CAAC;WAEK,OAAO;GACd,MAAM,UAAU,iBAAiB,QAAQ,MAAM,UAAU,OAAO,MAAM;AACtE,UAAO;IACL,SAAS,CAAC;KAAE,MAAM;KAAiB,MAAM,UAAU;KAAW,CAAC;IAC/D,mBAAmB;KAAE,SAAS;KAAO,OAAO;KAAS;IACrD,SAAS;IACV;;GAEH;AAEF,QAAO;;;;;AAMT,eAAsB,iBAAiB,SAA6C;CAClF,MAAM,SAAS,kBAAkB,QAAQ;CACzC,MAAM,YAAY,IAAI,sBAAsB;AAC5C,OAAM,OAAO,QAAQ,UAAU;CAC/B,MAAM,OAAO,SAAS,WAAW,iBAAiB;AAClD,SAAQ,MAAM,qBAAqB,QAAQ,mBAAmB,OAAO;;AASvE,IAJE,OAAO,KAAK,QAAQ,UAAU,QAAQ,KAAK,QAC3C,QAAQ,KAAK,IAAI,SAAS,aAAa,IACvC,QAAQ,KAAK,IAAI,SAAS,cAAc,CAIxC,kBAAiB,EAAE,UADF,mBAAmB,EACP,CAAC,CAAC,OAAO,UAAU;AAC9C,SAAQ,MAAM,gBAAgB,MAAM;AACpC,SAAQ,KAAK,EAAE;EACf"}

package/dist/stdio.d.ts

@@ -1,9 +1,12 @@
 import type { ToolResult } from "./handlers/types.ts";
+import type { GetToolsOptions } from "./tools.ts";
 export type { ToolResult };
 /**
  * Get all available tools (including stdio-only configuration tools).
+ *
+ * @param options - Optional filtering. When `readOnly` is true, forge_write is excluded.
  */
-export declare function getAvailableTools(): any[];
+export declare function getAvailableTools(options?: GetToolsOptions): any[];
 /**
  * Handle the forge_configure tool.
  */
@@ -14,8 +17,20 @@ export declare function handleConfigureTool(args: {
  * Handle the forge_get_config tool.
  */
 export declare function handleGetConfigTool(): ToolResult;
+/**
+ * Options for handleToolCall.
+ */
+export interface HandleToolCallOptions {
+    /** When true, forge_write is rejected with an error. */
+    readOnly?: boolean;
+}
 /**
  * Handle a tool call request.
+ *
+ * Routes to the appropriate handler based on tool name:
+ * - forge_configure / forge_get_config — stdio-only config tools
+ * - forge — read-only operations (list, get, help, schema)
+ * - forge_write — write operations (create, update, delete, deploy, etc.)
  */
-export declare function handleToolCall(name: string, args: Record<string, unknown>): Promise<ToolResult>;
+export declare function handleToolCall(name: string, args: Record<string, unknown>, options?: HandleToolCallOptions): Promise<ToolResult>;
 //# sourceMappingURL=stdio.d.ts.map

package/dist/stdio.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"stdio.d.ts","sourceRoot":"","sources":["../src/stdio.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAKtD,YAAY,EAAE,UAAU,EAAE,CAAC;AAE3B;;GAEG;AAEH,wBAAgB,iBAAiB,IAAI,GAAG,EAAE,CAEzC;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,IAAI,EAAE;IAAE,QAAQ,EAAE,MAAM,CAAA;CAAE,GAAG,UAAU,CA+B1E;AAED;;GAEG;AACH,wBAAgB,mBAAmB,IAAI,UAAU,CAkBhD;AAED;;GAEG;AACH,wBAAsB,cAAc,CAClC,IAAI,EAAE,MAAM,EACZ,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAC5B,OAAO,CAAC,UAAU,CAAC,CAwBrB"}
+{"version":3,"file":"stdio.d.ts","sourceRoot":"","sources":["../src/stdio.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAItD,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAElD,YAAY,EAAE,UAAU,EAAE,CAAC;AAE3B;;;;GAIG;AAEH,wBAAgB,iBAAiB,CAAC,OAAO,CAAC,EAAE,eAAe,GAAG,GAAG,EAAE,CAElE;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,IAAI,EAAE;IAAE,QAAQ,EAAE,MAAM,CAAA;CAAE,GAAG,UAAU,CAmC1E;AAED;;GAEG;AACH,wBAAgB,mBAAmB,IAAI,UAAU,CAiBhD;AAED;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,wDAAwD;IACxD,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAED;;;;;;;GAOG;AACH,wBAAsB,cAAc,CAClC,IAAI,EAAE,MAAM,EACZ,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC7B,OAAO,CAAC,EAAE,qBAAqB,GAC9B,OAAO,CAAC,UAAU,CAAC,CA2DrB"}

package/dist/tools.d.ts

@@ -1,22 +1,47 @@
+import type { Tool } from "@modelcontextprotocol/sdk/types.js";
 /**
- * Tool type matching MCP SDK expectations.
+ * Read-only actions — safe operations that don't modify server state.
  */
-interface Tool {
-    name: string;
-    description: string;
-    annotations?: Record<string, unknown>;
-    inputSchema: Record<string, unknown>;
-}
+export declare const READ_ACTIONS: readonly ["list", "get", "help", "schema"];
+/**
+ * Write actions — operations that modify server state.
+ * These are separated into the `forge_write` tool for safety.
+ */
+export declare const WRITE_ACTIONS: readonly ["create", "update", "delete", "deploy", "reboot", "restart", "activate", "run"];
+export type ReadAction = (typeof READ_ACTIONS)[number];
+export type WriteAction = (typeof WRITE_ACTIONS)[number];
+/**
+ * Check if an action is a write action.
+ */
+export declare function isWriteAction(action: string): action is WriteAction;
+/**
+ * Check if an action is a read action.
+ */
+export declare function isReadAction(action: string): action is ReadAction;
 /**
- * Single consolidated tool for Laravel Forge MCP server.
+ * Core tools available in both stdio and HTTP transports.
  *
- * The resource/action enums and description are derived from
- * the shared constants in forge-core — the single source of truth.
+ * Split into two tools for safety:
+ * - `forge` — read-only operations (auto-approvable by MCP clients)
+ * - `forge_write` — write operations (always requires confirmation)
  */
 export declare const TOOLS: Tool[];
+/**
+ * Options for filtering available tools.
+ */
+export interface GetToolsOptions {
+    /** When true, only read-only tools are returned (forge_write is excluded). */
+    readOnly?: boolean;
+}
+/**
+ * Get the list of core tools, optionally filtered.
+ *
+ * In read-only mode, forge_write is excluded entirely — it won't appear
+ * in the tool listing and cannot be called.
+ */
+export declare function getTools(options?: GetToolsOptions): Tool[];
 /**
  * Additional tools only available in stdio mode.
  */
 export declare const STDIO_ONLY_TOOLS: Tool[];
-export {};
 //# sourceMappingURL=tools.d.ts.map

package/dist/tools.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"tools.d.ts","sourceRoot":"","sources":["../src/tools.ts"],"names":[],"mappings":"AAEA;;GAEG;AACH,UAAU,IAAI;IACZ,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACtC,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACtC;AAgBD;;;;;GAKG;AACH,eAAO,MAAM,KAAK,EAAE,IAAI,EA2EvB,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,gBAAgB,EAAE,IAAI,EAkClC,CAAC"}
+{"version":3,"file":"tools.d.ts","sourceRoot":"","sources":["../src/tools.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,oCAAoC,CAAC;AAI/D;;GAEG;AACH,eAAO,MAAM,YAAY,4CAA6C,CAAC;AAEvE;;;GAGG;AACH,eAAO,MAAM,aAAa,2FAShB,CAAC;AAEX,MAAM,MAAM,UAAU,GAAG,CAAC,OAAO,YAAY,CAAC,CAAC,MAAM,CAAC,CAAC;AACvD,MAAM,MAAM,WAAW,GAAG,CAAC,OAAO,aAAa,CAAC,CAAC,MAAM,CAAC,CAAC;AAEzD;;GAEG;AACH,wBAAgB,aAAa,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,IAAI,WAAW,CAEnE;AAED;;GAEG;AACH,wBAAgB,YAAY,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,IAAI,UAAU,CAEjE;AA0OD;;;;;;GAMG;AACH,eAAO,MAAM,KAAK,EAAE,IAAI,EAAwC,CAAC;AAEjE;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,8EAA8E;IAC9E,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAED;;;;;GAKG;AACH,wBAAgB,QAAQ,CAAC,OAAO,CAAC,EAAE,eAAe,GAAG,IAAI,EAAE,CAK1D;AAED;;GAEG;AACH,eAAO,MAAM,gBAAgB,EAAE,IAAI,EAsDlC,CAAC"}