@unraid-toolkit/mcp 0.2.0

package/dist/tools/confirm.js

@@ -0,0 +1,17 @@
+/**
+ * Shared MCP input fragment for the confirmation-token gate.
+ *
+ * Destructive tools accept an optional `confirm_token`. On a client without
+ * elicitation, the first call returns a token; the caller re-invokes with it to
+ * proceed. Elicitation-capable clients ignore this field (approval happens
+ * interactively).
+ */
+import { z } from 'zod';
+/** Adds the optional `confirm_token` field to a destructive tool's input. */
+export const CONFIRM_TOKEN_INPUT = {
+    confirm_token: z
+        .string()
+        .optional()
+        .describe('Confirmation token from a prior call (token-gate fallback for clients without elicitation). Omit on the first call; re-invoke with the returned token to approve.'),
+};
+//# sourceMappingURL=confirm.js.map

package/dist/tools/confirm.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"confirm.js","sourceRoot":"","sources":["../../src/tools/confirm.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,6EAA6E;AAC7E,MAAM,CAAC,MAAM,mBAAmB,GAAG;IACjC,aAAa,EAAE,CAAC;SACb,MAAM,EAAE;SACR,QAAQ,EAAE;SACV,QAAQ,CACP,mKAAmK,CACpK;CACJ,CAAC"}

package/dist/tools/destructive.d.ts

@@ -0,0 +1,34 @@
+/**
+ * Orchestrates a destructive (Phase 3) MCP tool call through both safety layers
+ * and the audit log, so individual tools stay declarative.
+ *
+ * Flow per call:
+ *  1. Layer 1 (policy floor): read-only, deny-list, blast-radius — refuse hard.
+ *  2. Layer 2 (approval): elicitation when supported, else a token gate bound to
+ *     the enumerated target set (confused-deputy guard).
+ *  3. On approval, run the SDK op and format its envelope.
+ *  4. Every branch writes an audit entry.
+ */
+import type { CallToolResult } from '@modelcontextprotocol/sdk/types.js';
+import type { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
+import type { UnraidResult } from '@unraid-toolkit/sdk';
+import type { ServerContext } from '../server.js';
+/** Spec for a single destructive operation invocation. */
+export interface DestructiveCall<T> {
+    /** The MCP tool name (binds audit + approval token). */
+    readonly tool: string;
+    /** Human sentence describing the impact, e.g. "Stop the array". */
+    readonly summary: string;
+    /** Enumerated targets the op affects (ids/names); drives caps, deny, hashing. */
+    readonly targets: readonly string[];
+    /** Caller-supplied confirmation token from a prior call, if any. */
+    readonly token?: string | undefined;
+    /** The SDK operation to run once approved. */
+    readonly run: () => Promise<UnraidResult<T>>;
+}
+/**
+ * Run a destructive operation through Layer 1 → Layer 2 → execute, auditing
+ * each outcome. Tools call this instead of touching the SDK directly.
+ */
+export declare function runDestructive<T>(server: McpServer, ctx: ServerContext, call: DestructiveCall<T>): Promise<CallToolResult>;
+//# sourceMappingURL=destructive.d.ts.map

package/dist/tools/destructive.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"destructive.d.ts","sourceRoot":"","sources":["../../src/tools/destructive.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,oCAAoC,CAAC;AACzE,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACzE,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AAIxD,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAElD,0DAA0D;AAC1D,MAAM,WAAW,eAAe,CAAC,CAAC;IAChC,wDAAwD;IACxD,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,mEAAmE;IACnE,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,iFAAiF;IACjF,QAAQ,CAAC,OAAO,EAAE,SAAS,MAAM,EAAE,CAAC;IACpC,oEAAoE;IACpE,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IACpC,8CAA8C;IAC9C,QAAQ,CAAC,GAAG,EAAE,MAAM,OAAO,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC;CAC9C;AAWD;;;GAGG;AACH,wBAAsB,cAAc,CAAC,CAAC,EACpC,MAAM,EAAE,SAAS,EACjB,GAAG,EAAE,aAAa,EAClB,IAAI,EAAE,eAAe,CAAC,CAAC,CAAC,GACvB,OAAO,CAAC,cAAc,CAAC,CA6DzB"}

package/dist/tools/destructive.js

@@ -0,0 +1,84 @@
+/**
+ * Orchestrates a destructive (Phase 3) MCP tool call through both safety layers
+ * and the audit log, so individual tools stay declarative.
+ *
+ * Flow per call:
+ *  1. Layer 1 (policy floor): read-only, deny-list, blast-radius — refuse hard.
+ *  2. Layer 2 (approval): elicitation when supported, else a token gate bound to
+ *     the enumerated target set (confused-deputy guard).
+ *  3. On approval, run the SDK op and format its envelope.
+ *  4. Every branch writes an audit entry.
+ */
+import { formatResult } from '../format.js';
+import { layer1Block } from './policy.js';
+import { resolveApproval } from '../approval.js';
+/** Build a structured refusal `CallToolResult` (SDK envelope shape). */
+function refusal(code, message) {
+    const envelope = { success: false, data: null, error: { code, message } };
+    return {
+        content: [{ type: 'text', text: JSON.stringify(envelope, null, 2) }],
+        isError: true,
+    };
+}
+/**
+ * Run a destructive operation through Layer 1 → Layer 2 → execute, auditing
+ * each outcome. Tools call this instead of touching the SDK directly.
+ */
+export async function runDestructive(server, ctx, call) {
+    const stamp = () => new Date().toISOString();
+    // Layer 1 — policy floor.
+    const blocked = layer1Block(ctx, call.targets);
+    if (blocked) {
+        const detail = blocked.content[0];
+        await ctx.audit.record({
+            timestamp: stamp(),
+            tool: call.tool,
+            targets: call.targets,
+            approval: 'none',
+            outcome: 'refused',
+            detail: detail && 'text' in detail ? detail.text : 'policy refusal',
+        });
+        return blocked;
+    }
+    // Layer 2 — approval.
+    const decision = await resolveApproval(server, ctx.tokens, {
+        tool: call.tool,
+        summary: call.summary,
+        targets: call.targets,
+        token: call.token,
+    });
+    if (decision.status === 'declined') {
+        await ctx.audit.record({
+            timestamp: stamp(),
+            tool: call.tool,
+            targets: call.targets,
+            approval: 'elicitation',
+            outcome: 'refused',
+            detail: decision.reason,
+        });
+        return refusal('APPROVAL_DECLINED', decision.reason);
+    }
+    if (decision.status === 'needs-token') {
+        await ctx.audit.record({
+            timestamp: stamp(),
+            tool: call.tool,
+            targets: call.targets,
+            approval: 'token',
+            outcome: 'refused',
+            detail: 'confirmation token issued; awaiting re-invocation',
+        });
+        return refusal('CONFIRMATION_REQUIRED', decision.message);
+    }
+    // Approved — execute.
+    const result = await call.run();
+    await ctx.audit.record({
+        timestamp: stamp(),
+        tool: call.tool,
+        targets: call.targets,
+        approval: decision.source,
+        outcome: result.success ? 'succeeded' : 'failed',
+        ...(result.success ? {} : { detail: result.error.message }),
+    });
+    return formatResult(result);
+}
+//# sourceMappingURL=destructive.js.map

package/dist/tools/destructive.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"destructive.js","sourceRoot":"","sources":["../../src/tools/destructive.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAKH,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAC5C,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AAiBjD,wEAAwE;AACxE,SAAS,OAAO,CAAC,IAAY,EAAE,OAAe;IAC5C,MAAM,QAAQ,GAAG,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,CAAC;IAC1E,OAAO;QACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC;QAC7E,OAAO,EAAE,IAAI;KACd,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,MAAiB,EACjB,GAAkB,EAClB,IAAwB;IAExB,MAAM,KAAK,GAAG,GAAW,EAAE,CAAC,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAErD,0BAA0B;IAC1B,MAAM,OAAO,GAAG,WAAW,CAAC,GAAG,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC;IAC/C,IAAI,OAAO,EAAE,CAAC;QACZ,MAAM,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;QAClC,MAAM,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC;YACrB,SAAS,EAAE,KAAK,EAAE;YAClB,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,QAAQ,EAAE,MAAM;YAChB,OAAO,EAAE,SAAS;YAClB,MAAM,EAAE,MAAM,IAAI,MAAM,IAAI,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,gBAAgB;SACpE,CAAC,CAAC;QACH,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,sBAAsB;IACtB,MAAM,QAAQ,GAAG,MAAM,eAAe,CAAC,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE;QACzD,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,OAAO,EAAE,IAAI,CAAC,OAAO;QACrB,OAAO,EAAE,IAAI,CAAC,OAAO;QACrB,KAAK,EAAE,IAAI,CAAC,KAAK;KAClB,CAAC,CAAC;IAEH,IAAI,QAAQ,CAAC,MAAM,KAAK,UAAU,EAAE,CAAC;QACnC,MAAM,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC;YACrB,SAAS,EAAE,KAAK,EAAE;YAClB,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,QAAQ,EAAE,aAAa;YACvB,OAAO,EAAE,SAAS;YAClB,MAAM,EAAE,QAAQ,CAAC,MAAM;SACxB,CAAC,CAAC;QACH,OAAO,OAAO,CAAC,mBAAmB,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC;IACvD,CAAC;IAED,IAAI,QAAQ,CAAC,MAAM,KAAK,aAAa,EAAE,CAAC;QACtC,MAAM,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC;YACrB,SAAS,EAAE,KAAK,EAAE;YAClB,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,QAAQ,EAAE,OAAO;YACjB,OAAO,EAAE,SAAS;YAClB,MAAM,EAAE,mDAAmD;SAC5D,CAAC,CAAC;QACH,OAAO,OAAO,CAAC,uBAAuB,EAAE,QAAQ,CAAC,OAAO,CAAC,CAAC;IAC5D,CAAC;IAED,sBAAsB;IACtB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,GAAG,EAAE,CAAC;IAChC,MAAM,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC;QACrB,SAAS,EAAE,KAAK,EAAE;QAClB,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,OAAO,EAAE,IAAI,CAAC,OAAO;QACrB,QAAQ,EAAE,QAAQ,CAAC,MAAM;QACzB,OAAO,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,QAAQ;QAChD,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC;KAC5D,CAAC,CAAC;IACH,OAAO,YAAY,CAAC,MAAM,CAAC,CAAC;AAC9B,CAAC"}

package/dist/tools/disks.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Disk tools. Thin adapter over the SDK disk operations.
+ */
+import type { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
+import type { ServerContext } from '../server.js';
+/** Register disk tools on the given server. */
+export declare function registerDiskTools(server: McpServer, ctx: ServerContext): void;
+//# sourceMappingURL=disks.d.ts.map

package/dist/tools/disks.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"disks.d.ts","sourceRoot":"","sources":["../../src/tools/disks.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAKzE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAElD,+CAA+C;AAC/C,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,SAAS,EAAE,GAAG,EAAE,aAAa,GAAG,IAAI,CAW7E"}

package/dist/tools/disks.js

@@ -0,0 +1,17 @@
+/**
+ * Disk tools. Thin adapter over the SDK disk operations.
+ */
+import { listDisks } from '@unraid-toolkit/sdk';
+import { formatResult } from '../format.js';
+import { READ_ONLY_ANNOTATIONS } from './annotations.js';
+import { PAGINATION_INPUT } from './pagination.js';
+/** Register disk tools on the given server. */
+export function registerDiskTools(server, ctx) {
+    server.registerTool('unraid_list_disks', {
+        title: 'List Unraid Physical Disks',
+        description: `List the physical disks attached to the server: device path, model/vendor, size (bytes), interface (SATA/SAS/NVMe/USB), SMART status, temperature, and spin state. Use limit/offset to page.`,
+        inputSchema: { ...PAGINATION_INPUT },
+        annotations: READ_ONLY_ANNOTATIONS,
+    }, async ({ limit, offset }) => formatResult(await listDisks(ctx.client, { limit, offset })));
+}
+//# sourceMappingURL=disks.js.map

package/dist/tools/disks.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"disks.js","sourceRoot":"","sources":["../../src/tools/disks.ts"],"names":[],"mappings":"AAAA;;GAEG;AAGH,OAAO,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAC;AAChD,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAC5C,OAAO,EAAE,qBAAqB,EAAE,MAAM,kBAAkB,CAAC;AACzD,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AAGnD,+CAA+C;AAC/C,MAAM,UAAU,iBAAiB,CAAC,MAAiB,EAAE,GAAkB;IACrE,MAAM,CAAC,YAAY,CACjB,mBAAmB,EACnB;QACE,KAAK,EAAE,4BAA4B;QACnC,WAAW,EAAE,8LAA8L;QAC3M,WAAW,EAAE,EAAE,GAAG,gBAAgB,EAAE;QACpC,WAAW,EAAE,qBAAqB;KACnC,EACD,KAAK,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC,YAAY,CAAC,MAAM,SAAS,CAAC,GAAG,CAAC,MAAM,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC,CAC1F,CAAC;AACJ,CAAC"}

package/dist/tools/docker.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Docker tools. Thin adapters over the SDK Docker operations.
+ */
+import type { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
+import type { ServerContext } from '../server.js';
+/** Register Docker tools on the given server. */
+export declare function registerDockerTools(server: McpServer, ctx: ServerContext): void;
+//# sourceMappingURL=docker.d.ts.map

package/dist/tools/docker.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"docker.d.ts","sourceRoot":"","sources":["../../src/tools/docker.ts"],"names":[],"mappings":"AAAA;;GAEG;AAGH,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AA2BzE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAoClD,iDAAiD;AACjD,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,SAAS,EAAE,GAAG,EAAE,aAAa,GAAG,IAAI,CAoG/E"}

package/dist/tools/docker.js

@@ -0,0 +1,105 @@
+/**
+ * Docker tools. Thin adapters over the SDK Docker operations.
+ */
+import { z } from 'zod';
+import { listContainers, getContainer, getContainerLogs, getUpdateStatuses, startContainer, stopContainer, pauseContainer, unpauseContainer, updateContainer, updateAllContainers, removeContainer, } from '@unraid-toolkit/sdk';
+import { formatResult } from '../format.js';
+import { READ_ONLY_ANNOTATIONS, SAFE_WRITE_ANNOTATIONS, DESTRUCTIVE_ANNOTATIONS, } from './annotations.js';
+import { PAGINATION_INPUT } from './pagination.js';
+import { CONFIRM_TOKEN_INPUT } from './confirm.js';
+import { readOnlyBlock } from './policy.js';
+import { runDestructive } from './destructive.js';
+/** Phase 2 single-container lifecycle controls, each a `(client, id)` op. */
+const CONTAINER_ACTIONS = [
+    {
+        tool: 'unraid_docker_start',
+        title: 'Start Unraid Container',
+        verb: 'Start',
+        op: startContainer,
+    },
+    { tool: 'unraid_docker_stop', title: 'Stop Unraid Container', verb: 'Stop', op: stopContainer },
+    {
+        tool: 'unraid_docker_pause',
+        title: 'Pause Unraid Container',
+        verb: 'Pause (suspend)',
+        op: pauseContainer,
+    },
+    {
+        tool: 'unraid_docker_unpause',
+        title: 'Unpause Unraid Container',
+        verb: 'Unpause (resume)',
+        op: unpauseContainer,
+    },
+    {
+        tool: 'unraid_docker_update',
+        title: 'Update Unraid Container',
+        verb: 'Pull the latest image for and recreate',
+        op: updateContainer,
+    },
+];
+/** Register Docker tools on the given server. */
+export function registerDockerTools(server, ctx) {
+    server.registerTool('unraid_list_containers', {
+        title: 'List Unraid Docker Containers',
+        description: `List Docker containers with name, image, state (running/exited/paused), status text, autostart settings, update availability, and published ports. Use limit/offset to page.`,
+        inputSchema: { ...PAGINATION_INPUT },
+        annotations: READ_ONLY_ANNOTATIONS,
+    }, async ({ limit, offset }) => formatResult(await listContainers(ctx.client, { limit, offset })));
+    server.registerTool('unraid_get_container', {
+        title: 'Get Unraid Docker Container',
+        description: `Get detailed information about a single Docker container by id, including image, command, sizes, network mode, ports, autostart, template path, and WebUI/support URLs. Fails with NOT_FOUND if no container has that id.`,
+        inputSchema: { id: z.string().describe('The container id (PrefixedID)') },
+        annotations: READ_ONLY_ANNOTATIONS,
+    }, async ({ id }) => formatResult(await getContainer(ctx.client, id)));
+    server.registerTool('unraid_container_logs', {
+        title: 'Get Unraid Docker Container Logs',
+        description: `Fetch recent log lines for a container. Use 'tail' to limit to the last N lines and 'since' (ISO timestamp or cursor) to resume. Output is size-capped; 'truncated' indicates older lines were dropped to fit.`,
+        inputSchema: {
+            id: z.string().describe('The container id (PrefixedID)'),
+            tail: z.number().int().optional().describe('Return only the last N lines'),
+            since: z
+                .string()
+                .optional()
+                .describe('Only return lines after this ISO timestamp / cursor'),
+        },
+        annotations: READ_ONLY_ANNOTATIONS,
+    }, async ({ id, tail, since }) => formatResult(await getContainerLogs(ctx.client, { id, tail, since })));
+    server.registerTool('unraid_container_update_statuses', {
+        title: 'Get Unraid Container Update Statuses',
+        description: `Report per-container update availability (UP_TO_DATE / UPDATE_AVAILABLE / REBUILD_READY / UNKNOWN). Use limit/offset to page.`,
+        inputSchema: { ...PAGINATION_INPUT },
+        annotations: READ_ONLY_ANNOTATIONS,
+    }, async ({ limit, offset }) => formatResult(await getUpdateStatuses(ctx.client, { limit, offset })));
+    for (const { tool, title, verb, op } of CONTAINER_ACTIONS) {
+        server.registerTool(tool, {
+            title,
+            description: `${verb} the Docker container with the given id. Returns the container's resulting state.`,
+            inputSchema: { id: z.string().describe('The container id (PrefixedID)') },
+            annotations: SAFE_WRITE_ANNOTATIONS,
+        }, async ({ id }) => readOnlyBlock(ctx) ?? formatResult(await op(ctx.client, id)));
+    }
+    server.registerTool('unraid_docker_update_all', {
+        title: 'Update All Unraid Containers',
+        description: `Update every Docker container that has an available image update. Returns the resulting state of each updated container.`,
+        inputSchema: {},
+        annotations: SAFE_WRITE_ANNOTATIONS,
+    }, async () => readOnlyBlock(ctx) ?? formatResult(await updateAllContainers(ctx.client)));
+    // --- Phase 3: destructive container control ---
+    server.registerTool('unraid_docker_remove', {
+        title: 'Remove Unraid Container',
+        description: `Remove a Docker container, optionally deleting its backing image (withImage). Irreversible and destructive — requires human approval.`,
+        inputSchema: {
+            id: z.string().describe('The container id (PrefixedID)'),
+            withImage: z.boolean().optional().describe('Also remove the backing image (default false)'),
+            ...CONFIRM_TOKEN_INPUT,
+        },
+        annotations: DESTRUCTIVE_ANNOTATIONS,
+    }, async ({ id, withImage, confirm_token }) => runDestructive(server, ctx, {
+        tool: 'unraid_docker_remove',
+        summary: `Remove container ${id}${withImage === true ? ' and its image' : ''}`,
+        targets: [id],
+        token: confirm_token,
+        run: () => removeContainer(ctx.client, id, withImage ?? false),
+    }));
+}
+//# sourceMappingURL=docker.js.map

package/dist/tools/docker.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"docker.js","sourceRoot":"","sources":["../../src/tools/docker.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,OAAO,EACL,cAAc,EACd,YAAY,EACZ,gBAAgB,EAChB,iBAAiB,EACjB,cAAc,EACd,aAAa,EACb,cAAc,EACd,gBAAgB,EAChB,eAAe,EACf,mBAAmB,EACnB,eAAe,GAIhB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAC5C,OAAO,EACL,qBAAqB,EACrB,sBAAsB,EACtB,uBAAuB,GACxB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACnD,OAAO,EAAE,mBAAmB,EAAE,MAAM,cAAc,CAAC;AACnD,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAC5C,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAGlD,6EAA6E;AAC7E,MAAM,iBAAiB,GAAG;IACxB;QACE,IAAI,EAAE,qBAAqB;QAC3B,KAAK,EAAE,wBAAwB;QAC/B,IAAI,EAAE,OAAO;QACb,EAAE,EAAE,cAAc;KACnB;IACD,EAAE,IAAI,EAAE,oBAAoB,EAAE,KAAK,EAAE,uBAAuB,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,aAAa,EAAE;IAC/F;QACE,IAAI,EAAE,qBAAqB;QAC3B,KAAK,EAAE,wBAAwB;QAC/B,IAAI,EAAE,iBAAiB;QACvB,EAAE,EAAE,cAAc;KACnB;IACD;QACE,IAAI,EAAE,uBAAuB;QAC7B,KAAK,EAAE,0BAA0B;QACjC,IAAI,EAAE,kBAAkB;QACxB,EAAE,EAAE,gBAAgB;KACrB;IACD;QACE,IAAI,EAAE,sBAAsB;QAC5B,KAAK,EAAE,yBAAyB;QAChC,IAAI,EAAE,wCAAwC;QAC9C,EAAE,EAAE,eAAe;KACpB;CAMA,CAAC;AAEJ,iDAAiD;AACjD,MAAM,UAAU,mBAAmB,CAAC,MAAiB,EAAE,GAAkB;IACvE,MAAM,CAAC,YAAY,CACjB,wBAAwB,EACxB;QACE,KAAK,EAAE,+BAA+B;QACtC,WAAW,EAAE,8KAA8K;QAC3L,WAAW,EAAE,EAAE,GAAG,gBAAgB,EAAE;QACpC,WAAW,EAAE,qBAAqB;KACnC,EACD,KAAK,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC,YAAY,CAAC,MAAM,cAAc,CAAC,GAAG,CAAC,MAAM,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC,CAC/F,CAAC;IAEF,MAAM,CAAC,YAAY,CACjB,sBAAsB,EACtB;QACE,KAAK,EAAE,6BAA6B;QACpC,WAAW,EAAE,2NAA2N;QACxO,WAAW,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,+BAA+B,CAAC,EAAE;QACzE,WAAW,EAAE,qBAAqB;KACnC,EACD,KAAK,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,YAAY,CAAC,MAAM,YAAY,CAAC,GAAG,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,CACnE,CAAC;IAEF,MAAM,CAAC,YAAY,CACjB,uBAAuB,EACvB;QACE,KAAK,EAAE,kCAAkC;QACzC,WAAW,EAAE,gNAAgN;QAC7N,WAAW,EAAE;YACX,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,+BAA+B,CAAC;YACxD,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,8BAA8B,CAAC;YAC1E,KAAK,EAAE,CAAC;iBACL,MAAM,EAAE;iBACR,QAAQ,EAAE;iBACV,QAAQ,CAAC,qDAAqD,CAAC;SACnE;QACD,WAAW,EAAE,qBAAqB;KACnC,EACD,KAAK,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,EAAE,CAC5B,YAAY,CAAC,MAAM,gBAAgB,CAAC,GAAG,CAAC,MAAM,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC,CACxE,CAAC;IAEF,MAAM,CAAC,YAAY,CACjB,kCAAkC,EAClC;QACE,KAAK,EAAE,sCAAsC;QAC7C,WAAW,EAAE,+HAA+H;QAC5I,WAAW,EAAE,EAAE,GAAG,gBAAgB,EAAE;QACpC,WAAW,EAAE,qBAAqB;KACnC,EACD,KAAK,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,EAAE,EAAE,CAC1B,YAAY,CAAC,MAAM,iBAAiB,CAAC,GAAG,CAAC,MAAM,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC,CACvE,CAAC;IAEF,KAAK,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE,EAAE,IAAI,iBAAiB,EAAE,CAAC;QAC1D,MAAM,CAAC,YAAY,CACjB,IAAI,EACJ;YACE,KAAK;YACL,WAAW,EAAE,GAAG,IAAI,mFAAmF;YACvG,WAAW,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,+BAA+B,CAAC,EAAE;YACzE,WAAW,EAAE,sBAAsB;SACpC,EACD,KAAK,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,aAAa,CAAC,GAAG,CAAC,IAAI,YAAY,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,CAC/E,CAAC;IACJ,CAAC;IAED,MAAM,CAAC,YAAY,CACjB,0BAA0B,EAC1B;QACE,KAAK,EAAE,8BAA8B;QACrC,WAAW,EAAE,0HAA0H;QACvI,WAAW,EAAE,EAAE;QACf,WAAW,EAAE,sBAAsB;KACpC,EACD,KAAK,IAAI,EAAE,CAAC,aAAa,CAAC,GAAG,CAAC,IAAI,YAAY,CAAC,MAAM,mBAAmB,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CACtF,CAAC;IAEF,iDAAiD;IACjD,MAAM,CAAC,YAAY,CACjB,sBAAsB,EACtB;QACE,KAAK,EAAE,yBAAyB;QAChC,WAAW,EAAE,uIAAuI;QACpJ,WAAW,EAAE;YACX,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,+BAA+B,CAAC;YACxD,SAAS,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,+CAA+C,CAAC;YAC3F,GAAG,mBAAmB;SACvB;QACD,WAAW,EAAE,uBAAuB;KACrC,EACD,KAAK,EAAE,EAAE,EAAE,EAAE,SAAS,EAAE,aAAa,EAAE,EAAE,EAAE,CACzC,cAAc,CAAC,MAAM,EAAE,GAAG,EAAE;QAC1B,IAAI,EAAE,sBAAsB;QAC5B,OAAO,EAAE,oBAAoB,EAAE,GAAG,SAAS,KAAK,IAAI,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,EAAE,EAAE;QAC9E,OAAO,EAAE,CAAC,EAAE,CAAC;QACb,KAAK,EAAE,aAAa;QACpB,GAAG,EAAE,GAAG,EAAE,CAAC,eAAe,CAAC,GAAG,CAAC,MAAM,EAAE,EAAE,EAAE,SAAS,IAAI,KAAK,CAAC;KAC/D,CAAC,CACL,CAAC;AACJ,CAAC"}

package/dist/tools/index.d.ts

@@ -0,0 +1,9 @@
+/**
+ * Tool registration dispatcher. Each domain has its own `register*Tools`
+ * function; this wires them all onto the server.
+ */
+import type { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
+import type { ServerContext } from '../server.js';
+/** Register every tool group on the given server. */
+export declare function registerAllTools(server: McpServer, ctx: ServerContext): void;
+//# sourceMappingURL=index.d.ts.map

package/dist/tools/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/tools/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACzE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAUlD,qDAAqD;AACrD,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,SAAS,EAAE,GAAG,EAAE,aAAa,GAAG,IAAI,CAS5E"}

package/dist/tools/index.js

@@ -0,0 +1,24 @@
+/**
+ * Tool registration dispatcher. Each domain has its own `register*Tools`
+ * function; this wires them all onto the server.
+ */
+import { registerSystemTools } from './system.js';
+import { registerArrayTools } from './array.js';
+import { registerDiskTools } from './disks.js';
+import { registerDockerTools } from './docker.js';
+import { registerVmTools } from './vm.js';
+import { registerShareTools } from './shares.js';
+import { registerNotificationTools } from './notifications.js';
+import { registerUpsTools } from './ups.js';
+/** Register every tool group on the given server. */
+export function registerAllTools(server, ctx) {
+    registerSystemTools(server, ctx);
+    registerArrayTools(server, ctx);
+    registerDiskTools(server, ctx);
+    registerDockerTools(server, ctx);
+    registerVmTools(server, ctx);
+    registerShareTools(server, ctx);
+    registerNotificationTools(server, ctx);
+    registerUpsTools(server, ctx);
+}
+//# sourceMappingURL=index.js.map

package/dist/tools/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/tools/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAIH,OAAO,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAClD,OAAO,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAC;AAChD,OAAO,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAC/C,OAAO,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAClD,OAAO,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;AAC1C,OAAO,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AACjD,OAAO,EAAE,yBAAyB,EAAE,MAAM,oBAAoB,CAAC;AAC/D,OAAO,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAC;AAE5C,qDAAqD;AACrD,MAAM,UAAU,gBAAgB,CAAC,MAAiB,EAAE,GAAkB;IACpE,mBAAmB,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IACjC,kBAAkB,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAChC,iBAAiB,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAC/B,mBAAmB,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IACjC,eAAe,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAC7B,kBAAkB,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAChC,yBAAyB,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IACvC,gBAAgB,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;AAChC,CAAC"}

package/dist/tools/notifications.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Notification tools. Thin adapters over the SDK notification operations.
+ */
+import type { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
+import type { ServerContext } from '../server.js';
+/** Register notification tools on the given server. */
+export declare function registerNotificationTools(server: McpServer, ctx: ServerContext): void;
+//# sourceMappingURL=notifications.d.ts.map

package/dist/tools/notifications.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"notifications.d.ts","sourceRoot":"","sources":["../../src/tools/notifications.ts"],"names":[],"mappings":"AAAA;;GAEG;AAGH,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAYzE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAElD,uDAAuD;AACvD,wBAAgB,yBAAyB,CAAC,MAAM,EAAE,SAAS,EAAE,GAAG,EAAE,aAAa,GAAG,IAAI,CA6ErF"}

package/dist/tools/notifications.js

@@ -0,0 +1,60 @@
+/**
+ * Notification tools. Thin adapters over the SDK notification operations.
+ */
+import { z } from 'zod';
+import { listNotifications, getNotificationOverview, createNotification, archiveNotification, unarchiveNotification, } from '@unraid-toolkit/sdk';
+import { formatResult } from '../format.js';
+import { READ_ONLY_ANNOTATIONS, SAFE_WRITE_ANNOTATIONS } from './annotations.js';
+import { PAGINATION_INPUT } from './pagination.js';
+import { readOnlyBlock } from './policy.js';
+/** Register notification tools on the given server. */
+export function registerNotificationTools(server, ctx) {
+    server.registerTool('unraid_list_notifications', {
+        title: 'List Unraid Notifications',
+        description: `List notifications filtered by queue ('UNREAD' default, or 'ARCHIVE') and optional severity ('INFO'/'WARNING'/'ALERT'). Use limit/offset to page. For aggregate counts use unraid_notifications_overview.`,
+        inputSchema: {
+            type: z
+                .enum(['UNREAD', 'ARCHIVE'])
+                .optional()
+                .describe('Which queue to read (default UNREAD)'),
+            importance: z
+                .enum(['INFO', 'WARNING', 'ALERT'])
+                .optional()
+                .describe('Filter to a single severity'),
+            ...PAGINATION_INPUT,
+        },
+        annotations: READ_ONLY_ANNOTATIONS,
+    }, async ({ type, importance, limit, offset }) => formatResult(await listNotifications(ctx.client, { type, importance, limit, offset })));
+    server.registerTool('unraid_notifications_overview', {
+        title: 'Get Unraid Notifications Overview',
+        description: `Get unread and archived notification counts broken down by severity (info/warning/alert/total). A fast way to check whether the server needs attention.`,
+        inputSchema: {},
+        annotations: READ_ONLY_ANNOTATIONS,
+    }, async () => formatResult(await getNotificationOverview(ctx.client)));
+    server.registerTool('unraid_create_notification', {
+        title: 'Create Unraid Notification',
+        description: `Create a notification on the server. Requires title, subject, description, and importance (INFO/WARNING/ALERT); link is optional.`,
+        inputSchema: {
+            title: z.string().describe('Short event title'),
+            subject: z.string().describe('Notification subject line'),
+            description: z.string().describe('Body text'),
+            importance: z.enum(['INFO', 'WARNING', 'ALERT']).describe('Severity'),
+            link: z.string().optional().describe('Optional link to more detail'),
+        },
+        annotations: SAFE_WRITE_ANNOTATIONS,
+    }, async ({ title, subject, description, importance, link }) => readOnlyBlock(ctx) ??
+        formatResult(await createNotification(ctx.client, { title, subject, description, importance, link })));
+    server.registerTool('unraid_archive_notification', {
+        title: 'Archive Unraid Notification',
+        description: `Archive a single notification by id (moves it out of the unread queue).`,
+        inputSchema: { id: z.string().describe('The notification id (PrefixedID)') },
+        annotations: SAFE_WRITE_ANNOTATIONS,
+    }, async ({ id }) => readOnlyBlock(ctx) ?? formatResult(await archiveNotification(ctx.client, id)));
+    server.registerTool('unraid_unarchive_notification', {
+        title: 'Unarchive Unraid Notification',
+        description: `Unarchive a single notification by id — marks it unread, moving it back to the unread queue.`,
+        inputSchema: { id: z.string().describe('The notification id (PrefixedID)') },
+        annotations: SAFE_WRITE_ANNOTATIONS,
+    }, async ({ id }) => readOnlyBlock(ctx) ?? formatResult(await unarchiveNotification(ctx.client, id)));
+}
+//# sourceMappingURL=notifications.js.map

package/dist/tools/notifications.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"notifications.js","sourceRoot":"","sources":["../../src/tools/notifications.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,OAAO,EACL,iBAAiB,EACjB,uBAAuB,EACvB,kBAAkB,EAClB,mBAAmB,EACnB,qBAAqB,GACtB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAC5C,OAAO,EAAE,qBAAqB,EAAE,sBAAsB,EAAE,MAAM,kBAAkB,CAAC;AACjF,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACnD,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAG5C,uDAAuD;AACvD,MAAM,UAAU,yBAAyB,CAAC,MAAiB,EAAE,GAAkB;IAC7E,MAAM,CAAC,YAAY,CACjB,2BAA2B,EAC3B;QACE,KAAK,EAAE,2BAA2B;QAClC,WAAW,EAAE,2MAA2M;QACxN,WAAW,EAAE;YACX,IAAI,EAAE,CAAC;iBACJ,IAAI,CAAC,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;iBAC3B,QAAQ,EAAE;iBACV,QAAQ,CAAC,sCAAsC,CAAC;YACnD,UAAU,EAAE,CAAC;iBACV,IAAI,CAAC,CAAC,MAAM,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC;iBAClC,QAAQ,EAAE;iBACV,QAAQ,CAAC,6BAA6B,CAAC;YAC1C,GAAG,gBAAgB;SACpB;QACD,WAAW,EAAE,qBAAqB;KACnC,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,KAAK,EAAE,MAAM,EAAE,EAAE,EAAE,CAC5C,YAAY,CAAC,MAAM,iBAAiB,CAAC,GAAG,CAAC,MAAM,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC,CACzF,CAAC;IAEF,MAAM,CAAC,YAAY,CACjB,+BAA+B,EAC/B;QACE,KAAK,EAAE,mCAAmC;QAC1C,WAAW,EAAE,yJAAyJ;QACtK,WAAW,EAAE,EAAE;QACf,WAAW,EAAE,qBAAqB;KACnC,EACD,KAAK,IAAI,EAAE,CAAC,YAAY,CAAC,MAAM,uBAAuB,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CACpE,CAAC;IAEF,MAAM,CAAC,YAAY,CACjB,4BAA4B,EAC5B;QACE,KAAK,EAAE,4BAA4B;QACnC,WAAW,EAAE,mIAAmI;QAChJ,WAAW,EAAE;YACX,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,mBAAmB,CAAC;YAC/C,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,2BAA2B,CAAC;YACzD,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,WAAW,CAAC;YAC7C,UAAU,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC;YACrE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,8BAA8B,CAAC;SACrE;QACD,WAAW,EAAE,sBAAsB;KACpC,EACD,KAAK,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,IAAI,EAAE,EAAE,EAAE,CAC1D,aAAa,CAAC,GAAG,CAAC;QAClB,YAAY,CACV,MAAM,kBAAkB,CAAC,GAAG,CAAC,MAAM,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC,CACxF,CACJ,CAAC;IAEF,MAAM,CAAC,YAAY,CACjB,6BAA6B,EAC7B;QACE,KAAK,EAAE,6BAA6B;QACpC,WAAW,EAAE,yEAAyE;QACtF,WAAW,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,kCAAkC,CAAC,EAAE;QAC5E,WAAW,EAAE,sBAAsB;KACpC,EACD,KAAK,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,aAAa,CAAC,GAAG,CAAC,IAAI,YAAY,CAAC,MAAM,mBAAmB,CAAC,GAAG,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,CAChG,CAAC;IAEF,MAAM,CAAC,YAAY,CACjB,+BAA+B,EAC/B;QACE,KAAK,EAAE,+BAA+B;QACtC,WAAW,EAAE,8FAA8F;QAC3G,WAAW,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,kCAAkC,CAAC,EAAE;QAC5E,WAAW,EAAE,sBAAsB;KACpC,EACD,KAAK,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,CACf,aAAa,CAAC,GAAG,CAAC,IAAI,YAAY,CAAC,MAAM,qBAAqB,CAAC,GAAG,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,CAClF,CAAC;AACJ,CAAC"}

package/dist/tools/pagination.d.ts

@@ -0,0 +1,14 @@
+/**
+ * Shared MCP input-schema fragment for paginated tools.
+ *
+ * Wrappers only parse the *shape* of input; semantic validation (positive
+ * limit, non-negative offset) is owned by the SDK, which returns a structured
+ * `VALIDATION_ERROR` envelope.
+ */
+import { z } from 'zod';
+/** Raw-shape fragment adding `limit`/`offset` to a tool's input schema. */
+export declare const PAGINATION_INPUT: {
+    limit: z.ZodOptional<z.ZodNumber>;
+    offset: z.ZodOptional<z.ZodNumber>;
+};
+//# sourceMappingURL=pagination.d.ts.map

package/dist/tools/pagination.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"pagination.d.ts","sourceRoot":"","sources":["../../src/tools/pagination.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,2EAA2E;AAC3E,eAAO,MAAM,gBAAgB;;;CAG5B,CAAC"}

package/dist/tools/pagination.js

@@ -0,0 +1,14 @@
+/**
+ * Shared MCP input-schema fragment for paginated tools.
+ *
+ * Wrappers only parse the *shape* of input; semantic validation (positive
+ * limit, non-negative offset) is owned by the SDK, which returns a structured
+ * `VALIDATION_ERROR` envelope.
+ */
+import { z } from 'zod';
+/** Raw-shape fragment adding `limit`/`offset` to a tool's input schema. */
+export const PAGINATION_INPUT = {
+    limit: z.number().int().optional().describe('Maximum number of items to return'),
+    offset: z.number().int().optional().describe('Number of items to skip from the start'),
+};
+//# sourceMappingURL=pagination.js.map

package/dist/tools/pagination.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"pagination.js","sourceRoot":"","sources":["../../src/tools/pagination.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,2EAA2E;AAC3E,MAAM,CAAC,MAAM,gBAAgB,GAAG;IAC9B,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,mCAAmC,CAAC;IAChF,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,wCAAwC,CAAC;CACvF,CAAC"}

package/dist/tools/policy.d.ts

@@ -0,0 +1,39 @@
+/**
+ * Layer-1 policy floor for control tools (client- and model-independent).
+ *
+ * These guards run before any SDK call and cannot be bypassed by the LLM or a
+ * permissive client:
+ *  - `MCP_READ_ONLY` disables every mutation.
+ *  - the deny-list refuses named/patterned targets (e.g. protect `*-appdata`).
+ *  - the blast-radius cap refuses batches larger than `MCP_MAX_BATCH`.
+ *  - an audit log records every attempted mutation and its outcome.
+ *
+ * Each guard returns a refusal `CallToolResult` (so the caller can `?? proceed`)
+ * or `null` to allow the operation.
+ */
+import type { CallToolResult } from '@modelcontextprotocol/sdk/types.js';
+import type { ServerContext } from '../server.js';
+/**
+ * If the server is in read-only mode, return a refusal `CallToolResult`;
+ * otherwise return `null` so the caller proceeds with the mutation.
+ *
+ * Usage: `return readOnlyBlock(ctx) ?? formatResult(await op(...));`
+ */
+export declare function readOnlyBlock(ctx: ServerContext): CallToolResult | null;
+/**
+ * Refuse if any of `targets` matches the configured deny-list
+ * (`MCP_DENY_TOOLS`, reused here as protected resource patterns). Returns `null`
+ * when all targets are allowed.
+ */
+export declare function denyListBlock(ctx: ServerContext, targets: readonly string[]): CallToolResult | null;
+/**
+ * Refuse if a destructive batch affects more than `MCP_MAX_BATCH` items,
+ * regardless of approval. Returns `null` when within the cap.
+ */
+export declare function blastRadiusBlock(ctx: ServerContext, count: number): CallToolResult | null;
+/**
+ * Run all Layer-1 guards for a destructive operation in order: read-only, then
+ * deny-list, then blast-radius. Returns the first refusal, or `null` to proceed.
+ */
+export declare function layer1Block(ctx: ServerContext, targets: readonly string[]): CallToolResult | null;
+//# sourceMappingURL=policy.d.ts.map

package/dist/tools/policy.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy.d.ts","sourceRoot":"","sources":["../../src/tools/policy.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,oCAAoC,CAAC;AACzE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAWlD;;;;;GAKG;AACH,wBAAgB,aAAa,CAAC,GAAG,EAAE,aAAa,GAAG,cAAc,GAAG,IAAI,CAMvE;AAYD;;;;GAIG;AACH,wBAAgB,aAAa,CAC3B,GAAG,EAAE,aAAa,EAClB,OAAO,EAAE,SAAS,MAAM,EAAE,GACzB,cAAc,GAAG,IAAI,CAWvB;AAED;;;GAGG;AACH,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,aAAa,EAAE,KAAK,EAAE,MAAM,GAAG,cAAc,GAAG,IAAI,CAMzF;AAED;;;GAGG;AACH,wBAAgB,WAAW,CAAC,GAAG,EAAE,aAAa,EAAE,OAAO,EAAE,SAAS,MAAM,EAAE,GAAG,cAAc,GAAG,IAAI,CAEjG"}

package/dist/tools/policy.js

@@ -0,0 +1,72 @@
+/**
+ * Layer-1 policy floor for control tools (client- and model-independent).
+ *
+ * These guards run before any SDK call and cannot be bypassed by the LLM or a
+ * permissive client:
+ *  - `MCP_READ_ONLY` disables every mutation.
+ *  - the deny-list refuses named/patterned targets (e.g. protect `*-appdata`).
+ *  - the blast-radius cap refuses batches larger than `MCP_MAX_BATCH`.
+ *  - an audit log records every attempted mutation and its outcome.
+ *
+ * Each guard returns a refusal `CallToolResult` (so the caller can `?? proceed`)
+ * or `null` to allow the operation.
+ */
+/** Build a failure envelope `CallToolResult` mirroring the SDK error shape. */
+function refusal(code, message) {
+    const envelope = { success: false, data: null, error: { code, message } };
+    return {
+        content: [{ type: 'text', text: JSON.stringify(envelope, null, 2) }],
+        isError: true,
+    };
+}
+/**
+ * If the server is in read-only mode, return a refusal `CallToolResult`;
+ * otherwise return `null` so the caller proceeds with the mutation.
+ *
+ * Usage: `return readOnlyBlock(ctx) ?? formatResult(await op(...));`
+ */
+export function readOnlyBlock(ctx) {
+    if (!ctx.config.readOnly)
+        return null;
+    return refusal('READ_ONLY', 'Server is in read-only mode (MCP_READ_ONLY); control operations are disabled. Unset MCP_READ_ONLY to enable writes.');
+}
+/**
+ * Convert a deny-list entry to a matcher. An entry is a literal string, or a
+ * glob using `*` (matched case-insensitively against the whole target).
+ */
+function denyMatches(pattern, target) {
+    // Escape regex metacharacters except `*`, then turn `*` into `.*`.
+    const escaped = pattern.replace(/[.+?^${}()|[\]\\]/g, '\\$&').replace(/\*/g, '.*');
+    return new RegExp(`^${escaped}$`, 'i').test(target);
+}
+/**
+ * Refuse if any of `targets` matches the configured deny-list
+ * (`MCP_DENY_TOOLS`, reused here as protected resource patterns). Returns `null`
+ * when all targets are allowed.
+ */
+export function denyListBlock(ctx, targets) {
+    const patterns = ctx.config.denyTools;
+    if (patterns.length === 0)
+        return null;
+    const blocked = targets.filter((t) => patterns.some((p) => denyMatches(p, t)));
+    if (blocked.length === 0)
+        return null;
+    return refusal('DENIED', `Target(s) ${blocked.map((t) => `"${t}"`).join(', ')} are protected by the deny-list (MCP_DENY_TOOLS) and cannot be modified.`);
+}
+/**
+ * Refuse if a destructive batch affects more than `MCP_MAX_BATCH` items,
+ * regardless of approval. Returns `null` when within the cap.
+ */
+export function blastRadiusBlock(ctx, count) {
+    if (count <= ctx.config.maxBatch)
+        return null;
+    return refusal('BLAST_RADIUS_EXCEEDED', `This operation affects ${String(count)} items, exceeding the blast-radius cap of ${String(ctx.config.maxBatch)} (MCP_MAX_BATCH). Reduce the batch or raise the cap deliberately.`);
+}
+/**
+ * Run all Layer-1 guards for a destructive operation in order: read-only, then
+ * deny-list, then blast-radius. Returns the first refusal, or `null` to proceed.
+ */
+export function layer1Block(ctx, targets) {
+    return readOnlyBlock(ctx) ?? denyListBlock(ctx, targets) ?? blastRadiusBlock(ctx, targets.length);
+}
+//# sourceMappingURL=policy.js.map

package/dist/tools/policy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy.js","sourceRoot":"","sources":["../../src/tools/policy.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAKH,+EAA+E;AAC/E,SAAS,OAAO,CAAC,IAAY,EAAE,OAAe;IAC5C,MAAM,QAAQ,GAAG,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,CAAC;IAC1E,OAAO;QACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC;QAC7E,OAAO,EAAE,IAAI;KACd,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,aAAa,CAAC,GAAkB;IAC9C,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ;QAAE,OAAO,IAAI,CAAC;IACtC,OAAO,OAAO,CACZ,WAAW,EACX,qHAAqH,CACtH,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,SAAS,WAAW,CAAC,OAAe,EAAE,MAAc;IAClD,mEAAmE;IACnE,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,oBAAoB,EAAE,MAAM,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;IACnF,OAAO,IAAI,MAAM,CAAC,IAAI,OAAO,GAAG,EAAE,GAAG,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;AACtD,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,aAAa,CAC3B,GAAkB,EAClB,OAA0B;IAE1B,MAAM,QAAQ,GAAG,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC;IACtC,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAEvC,MAAM,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,WAAW,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;IAC/E,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAEtC,OAAO,OAAO,CACZ,QAAQ,EACR,aAAa,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,0EAA0E,CAC/H,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,gBAAgB,CAAC,GAAkB,EAAE,KAAa;IAChE,IAAI,KAAK,IAAI,GAAG,CAAC,MAAM,CAAC,QAAQ;QAAE,OAAO,IAAI,CAAC;IAC9C,OAAO,OAAO,CACZ,uBAAuB,EACvB,0BAA0B,MAAM,CAAC,KAAK,CAAC,6CAA6C,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,mEAAmE,CACnL,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,WAAW,CAAC,GAAkB,EAAE,OAA0B;IACxE,OAAO,aAAa,CAAC,GAAG,CAAC,IAAI,aAAa,CAAC,GAAG,EAAE,OAAO,CAAC,IAAI,gBAAgB,CAAC,GAAG,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;AACpG,CAAC"}

package/dist/tools/shares.d.ts

@@ -0,0 +1,8 @@
+/**
+ * User-share tools. Thin adapter over the SDK share operations.
+ */
+import type { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
+import type { ServerContext } from '../server.js';
+/** Register user-share tools on the given server. */
+export declare function registerShareTools(server: McpServer, ctx: ServerContext): void;
+//# sourceMappingURL=shares.d.ts.map

package/dist/tools/shares.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"shares.d.ts","sourceRoot":"","sources":["../../src/tools/shares.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAKzE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAElD,qDAAqD;AACrD,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,SAAS,EAAE,GAAG,EAAE,aAAa,GAAG,IAAI,CAW9E"}