@tankpkg/mcp-server 0.15.6 → 0.15.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/dist/index.js +85 -71
  2. package/dist/index.js.map +1 -1
  3. package/package.json +13 -7
package/dist/index.js CHANGED
@@ -209,6 +209,45 @@ z.enum([
209
209
  "org.member.remove",
210
210
  "org.delete"
211
211
  ]);
212
+ const commandSchema$1 = z.string().min(1, "command must not be empty");
213
+ const argSchema$1 = z.array(z.string()).default([]);
214
+ const envSchema$1 = z.record(z.string(), z.string()).optional();
215
+ const remoteUrlSchema$1 = z.string().url("remote must be a valid URL");
216
+ const localMcpServerSchema = z.object({
217
+ command: commandSchema$1,
218
+ args: argSchema$1,
219
+ env: envSchema$1,
220
+ requires_auth: z.literal(false).optional()
221
+ }).strict();
222
+ const remoteMcpServerSchema = z.object({
223
+ remote: remoteUrlSchema$1,
224
+ requires_auth: z.boolean().default(false),
225
+ env: envSchema$1
226
+ }).strict();
227
+ const mcpServerSchema$1 = z.union([localMcpServerSchema, remoteMcpServerSchema]);
228
+ const baseManifestFields$1 = {
229
+ name: z.string().min(1, "Name must not be empty").max(214, `Name must be 214 characters or fewer`).regex(/^@[a-z0-9-]+\/[a-z0-9][a-z0-9-]*$/, "Name must be scoped (@org/name), lowercase alphanumeric and hyphens"),
230
+ version: z.string().regex(/^\d+\.\d+\.\d+(-[a-zA-Z0-9.-]+)?(\+[a-zA-Z0-9.-]+)?$/, "Version must be valid semver"),
231
+ description: z.string().max(500, `Description must be 500 characters or fewer`).optional(),
232
+ skills: z.record(z.string(), z.string()).optional(),
233
+ permissions: permissionsSchema$1.optional(),
234
+ repository: z.string().url("Repository must be a valid URL").optional(),
235
+ visibility: z.enum(["public", "private"]).optional(),
236
+ audit: z.object({ min_score: z.number().min(0).max(10) }).strict().optional(),
237
+ mcp_server: mcpServerSchema$1.optional()
238
+ };
239
+ /** Legacy skills.json schema — strict, no atoms. Used for backward-compatible consumers. */
240
+ const skillsJsonSchema = z.object(baseManifestFields$1).strict();
241
+ const publishConfigSchema$1 = z.object({
242
+ build: z.string().min(1, "publish.build must be a non-empty shell command").optional(),
243
+ files: z.array(z.string().min(1)).optional()
244
+ }).strict();
245
+ z.object({
246
+ ...baseManifestFields$1,
247
+ atoms: z.array(z.record(z.string(), z.unknown())).optional(),
248
+ includes: z.array(z.string()).optional(),
249
+ publish: publishConfigSchema$1.optional()
250
+ }).strict();
212
251
  const promptIRSchema$1 = z.object({
213
252
  kind: z.literal("prompt"),
214
253
  name: z.string().min(1, "Prompt name must not be empty"),
@@ -247,8 +286,9 @@ const mcpServerConfigSchema$1 = z.object({
247
286
  args: z.array(z.string()).optional(),
248
287
  env: z.record(z.string(), z.string()).optional(),
249
288
  runtime: z.string().min(1).optional(),
250
- entry: z.string().min(1).optional()
251
- }).strict().refine((data) => data.command || data.runtime && data.entry, "MCP config must have either \"command\" or both \"runtime\" and \"entry\"");
289
+ entry: z.string().min(1).optional(),
290
+ package: z.string().min(1).optional()
291
+ }).strict().refine((data) => Boolean(data.command) || Boolean(data.runtime && (data.entry || data.package)), "MCP config must have either \"command\" or \"runtime\" plus one of \"entry\"/\"package\"");
252
292
  const toolIRSchema$1 = z.object({
253
293
  kind: z.literal("tool"),
254
294
  name: z.string().min(1, "Tool name must not be empty"),
@@ -277,24 +317,9 @@ z.object({
277
317
  permissions: permissionsSchema$1.optional(),
278
318
  repository: z.string().url("Repository must be a valid URL").optional(),
279
319
  visibility: z.enum(["public", "private"]).optional(),
280
- audit: z.object({ min_score: z.number().min(0).max(10) }).strict().optional()
281
- }).strict();
282
- const commandSchema$1 = z.string().min(1, "command must not be empty");
283
- const argSchema$1 = z.array(z.string()).default([]);
284
- const envSchema$1 = z.record(z.string(), z.string()).optional();
285
- const remoteUrlSchema$1 = z.string().url("remote must be a valid URL");
286
- const localMcpServerSchema = z.object({
287
- command: commandSchema$1,
288
- args: argSchema$1,
289
- env: envSchema$1,
290
- requires_auth: z.literal(false).optional()
291
- }).strict();
292
- const remoteMcpServerSchema = z.object({
293
- remote: remoteUrlSchema$1,
294
- requires_auth: z.boolean().default(false),
295
- env: envSchema$1
320
+ audit: z.object({ min_score: z.number().min(0).max(10) }).strict().optional(),
321
+ publish: publishConfigSchema$1.optional()
296
322
  }).strict();
297
- const mcpServerSchema$1 = z.union([localMcpServerSchema, remoteMcpServerSchema]);
298
323
  const perToolOverrideSchema$1 = z.object({
299
324
  scan: z.boolean().optional(),
300
325
  blockOnMatch: z.boolean().optional()
@@ -305,24 +330,6 @@ z.object({
305
330
  resetPinsOnMismatch: z.boolean().optional(),
306
331
  perTool: z.record(z.string(), perToolOverrideSchema$1).optional()
307
332
  }).strict();
308
- const baseManifestFields$1 = {
309
- name: z.string().min(1, "Name must not be empty").max(214, `Name must be 214 characters or fewer`).regex(/^@[a-z0-9-]+\/[a-z0-9][a-z0-9-]*$/, "Name must be scoped (@org/name), lowercase alphanumeric and hyphens"),
310
- version: z.string().regex(/^\d+\.\d+\.\d+(-[a-zA-Z0-9.-]+)?(\+[a-zA-Z0-9.-]+)?$/, "Version must be valid semver"),
311
- description: z.string().max(500, `Description must be 500 characters or fewer`).optional(),
312
- skills: z.record(z.string(), z.string()).optional(),
313
- permissions: permissionsSchema$1.optional(),
314
- repository: z.string().url("Repository must be a valid URL").optional(),
315
- visibility: z.enum(["public", "private"]).optional(),
316
- audit: z.object({ min_score: z.number().min(0).max(10) }).strict().optional(),
317
- mcp_server: mcpServerSchema$1.optional()
318
- };
319
- /** Legacy skills.json schema — strict, no atoms. Used for backward-compatible consumers. */
320
- const skillsJsonSchema = z.object(baseManifestFields$1).strict();
321
- z.object({
322
- ...baseManifestFields$1,
323
- atoms: z.array(z.record(z.string(), z.unknown())).optional(),
324
- includes: z.array(z.string()).optional()
325
- }).strict();
326
333
  const SKILL_SOURCES$1 = [
327
334
  "registry",
328
335
  "github",
@@ -4467,6 +4474,42 @@ _enum([
4467
4474
  "org.member.remove",
4468
4475
  "org.delete"
4469
4476
  ]);
4477
+ const commandSchema = string().min(1, "command must not be empty");
4478
+ const argSchema = array(string()).default([]);
4479
+ const envSchema = record(string(), string()).optional();
4480
+ const remoteUrlSchema = string().url("remote must be a valid URL");
4481
+ const mcpServerSchema = union([object({
4482
+ command: commandSchema,
4483
+ args: argSchema,
4484
+ env: envSchema,
4485
+ requires_auth: literal(false).optional()
4486
+ }).strict(), object({
4487
+ remote: remoteUrlSchema,
4488
+ requires_auth: boolean().default(false),
4489
+ env: envSchema
4490
+ }).strict()]);
4491
+ const baseManifestFields = {
4492
+ name: string().min(1, "Name must not be empty").max(214, `Name must be 214 characters or fewer`).regex(/^@[a-z0-9-]+\/[a-z0-9][a-z0-9-]*$/, "Name must be scoped (@org/name), lowercase alphanumeric and hyphens"),
4493
+ version: string().regex(/^\d+\.\d+\.\d+(-[a-zA-Z0-9.-]+)?(\+[a-zA-Z0-9.-]+)?$/, "Version must be valid semver"),
4494
+ description: string().max(500, `Description must be 500 characters or fewer`).optional(),
4495
+ skills: record(string(), string()).optional(),
4496
+ permissions: permissionsSchema.optional(),
4497
+ repository: string().url("Repository must be a valid URL").optional(),
4498
+ visibility: _enum(["public", "private"]).optional(),
4499
+ audit: object({ min_score: number().min(0).max(10) }).strict().optional(),
4500
+ mcp_server: mcpServerSchema.optional()
4501
+ };
4502
+ object(baseManifestFields).strict();
4503
+ const publishConfigSchema = object({
4504
+ build: string().min(1, "publish.build must be a non-empty shell command").optional(),
4505
+ files: array(string().min(1)).optional()
4506
+ }).strict();
4507
+ object({
4508
+ ...baseManifestFields,
4509
+ atoms: array(record(string(), unknown())).optional(),
4510
+ includes: array(string()).optional(),
4511
+ publish: publishConfigSchema.optional()
4512
+ }).strict();
4470
4513
  const promptIRSchema = object({
4471
4514
  kind: literal("prompt"),
4472
4515
  name: string().min(1, "Prompt name must not be empty"),
@@ -4505,8 +4548,9 @@ const mcpServerConfigSchema = object({
4505
4548
  args: array(string()).optional(),
4506
4549
  env: record(string(), string()).optional(),
4507
4550
  runtime: string().min(1).optional(),
4508
- entry: string().min(1).optional()
4509
- }).strict().refine((data) => data.command || data.runtime && data.entry, "MCP config must have either \"command\" or both \"runtime\" and \"entry\"");
4551
+ entry: string().min(1).optional(),
4552
+ package: string().min(1).optional()
4553
+ }).strict().refine((data) => Boolean(data.command) || Boolean(data.runtime && (data.entry || data.package)), "MCP config must have either \"command\" or \"runtime\" plus one of \"entry\"/\"package\"");
4510
4554
  const toolIRSchema = object({
4511
4555
  kind: literal("tool"),
4512
4556
  name: string().min(1, "Tool name must not be empty"),
@@ -4535,22 +4579,9 @@ object({
4535
4579
  permissions: permissionsSchema.optional(),
4536
4580
  repository: string().url("Repository must be a valid URL").optional(),
4537
4581
  visibility: _enum(["public", "private"]).optional(),
4538
- audit: object({ min_score: number().min(0).max(10) }).strict().optional()
4582
+ audit: object({ min_score: number().min(0).max(10) }).strict().optional(),
4583
+ publish: publishConfigSchema.optional()
4539
4584
  }).strict();
4540
- const commandSchema = string().min(1, "command must not be empty");
4541
- const argSchema = array(string()).default([]);
4542
- const envSchema = record(string(), string()).optional();
4543
- const remoteUrlSchema = string().url("remote must be a valid URL");
4544
- const mcpServerSchema = union([object({
4545
- command: commandSchema,
4546
- args: argSchema,
4547
- env: envSchema,
4548
- requires_auth: literal(false).optional()
4549
- }).strict(), object({
4550
- remote: remoteUrlSchema,
4551
- requires_auth: boolean().default(false),
4552
- env: envSchema
4553
- }).strict()]);
4554
4585
  const perToolOverrideSchema = object({
4555
4586
  scan: boolean().optional(),
4556
4587
  blockOnMatch: boolean().optional()
@@ -4561,23 +4592,6 @@ object({
4561
4592
  resetPinsOnMismatch: boolean().optional(),
4562
4593
  perTool: record(string(), perToolOverrideSchema).optional()
4563
4594
  }).strict();
4564
- const baseManifestFields = {
4565
- name: string().min(1, "Name must not be empty").max(214, `Name must be 214 characters or fewer`).regex(/^@[a-z0-9-]+\/[a-z0-9][a-z0-9-]*$/, "Name must be scoped (@org/name), lowercase alphanumeric and hyphens"),
4566
- version: string().regex(/^\d+\.\d+\.\d+(-[a-zA-Z0-9.-]+)?(\+[a-zA-Z0-9.-]+)?$/, "Version must be valid semver"),
4567
- description: string().max(500, `Description must be 500 characters or fewer`).optional(),
4568
- skills: record(string(), string()).optional(),
4569
- permissions: permissionsSchema.optional(),
4570
- repository: string().url("Repository must be a valid URL").optional(),
4571
- visibility: _enum(["public", "private"]).optional(),
4572
- audit: object({ min_score: number().min(0).max(10) }).strict().optional(),
4573
- mcp_server: mcpServerSchema.optional()
4574
- };
4575
- object(baseManifestFields).strict();
4576
- object({
4577
- ...baseManifestFields,
4578
- atoms: array(record(string(), unknown())).optional(),
4579
- includes: array(string()).optional()
4580
- }).strict();
4581
4595
  const SKILL_SOURCES = [
4582
4596
  "registry",
4583
4597
  "github",