@vinkius-core/mcp-fusion-api-key 1.0.0

package/dist/ApiKeyManager.d.ts

@@ -0,0 +1,108 @@
+/**
+ * API Key Manager — Validation & Hashing
+ *
+ * Validates API keys using multiple strategies:
+ * - Static key set (in-memory)
+ * - SHA-256 hash comparison (for safe storage)
+ * - Async validator function (database lookup)
+ *
+ * All comparisons use timing-safe operations to prevent timing attacks.
+ *
+ * @example
+ * ```ts
+ * import { ApiKeyManager } from '@vinkius-core/mcp-fusion-api-key';
+ *
+ * // Static keys
+ * const manager = new ApiKeyManager({
+ *     keys: ['sk_live_abc123', 'sk_live_def456'],
+ * });
+ *
+ * // Hash-based (for DB storage)
+ * const hash = ApiKeyManager.hashKey('sk_live_abc123');
+ * const manager = new ApiKeyManager({ hashedKeys: [hash] });
+ *
+ * // Async validator (DB lookup)
+ * const manager = new ApiKeyManager({
+ *     validator: async (key) => {
+ *         const record = await db.apiKeys.findByKey(key);
+ *         return record ? { valid: true, metadata: { userId: record.userId } } : { valid: false };
+ *     },
+ * });
+ * ```
+ */
+export interface ApiKeyManagerConfig {
+    /** Static set of valid API keys (plaintext). */
+    readonly keys?: readonly string[];
+    /** Set of pre-hashed keys (SHA-256 hex). Use `ApiKeyManager.hashKey()` to generate. */
+    readonly hashedKeys?: readonly string[];
+    /**
+     * Async validator function for dynamic key lookup (e.g., database).
+     * Takes priority over `keys` and `hashedKeys` when provided.
+     */
+    readonly validator?: (key: string) => Promise<ApiKeyValidationResult>;
+    /** Prefix required on API keys (e.g., 'sk_live_'). Optional. */
+    readonly prefix?: string;
+    /** Minimum key length. Default: 16 */
+    readonly minLength?: number;
+}
+export interface ApiKeyValidationResult {
+    /** Whether the key is valid. */
+    readonly valid: boolean;
+    /** Optional metadata about the key owner (userId, scopes, etc.). */
+    readonly metadata?: Record<string, unknown>;
+    /** Reason for rejection (only when valid is false). */
+    readonly reason?: string;
+}
+export declare class ApiKeyManager {
+    private readonly _config;
+    private readonly _minLength;
+    private readonly _keyHashes;
+    constructor(config: ApiKeyManagerConfig);
+    /**
+     * Validate an API key.
+     *
+     * @param key - Raw API key string
+     * @returns Validation result with optional metadata
+     */
+    validate(key: string): Promise<ApiKeyValidationResult>;
+    /**
+     * Quick boolean check without detailed result.
+     */
+    isValid(key: string): Promise<boolean>;
+    /**
+     * Hash an API key using SHA-256 for safe storage.
+     *
+     * @param rawKey - Plaintext API key
+     * @returns Hex-encoded SHA-256 hash
+     */
+    static hashKey(rawKey: string): string;
+    /**
+     * Compare a raw key against a stored hash using timing-safe comparison.
+     *
+     * @param rawKey - Plaintext API key
+     * @param storedHash - SHA-256 hex hash to compare against
+     * @returns Whether the key matches the hash
+     */
+    static matchKey(rawKey: string, storedHash: string): boolean;
+    /**
+     * Generate a random API key with optional prefix.
+     *
+     * @param options - Generation options
+     * @returns Random API key string
+     */
+    static generateKey(options?: {
+        prefix?: string;
+        length?: number;
+    }): string;
+    /**
+     * Check if a hash exists in the pre-computed set using timing-safe comparison.
+     * @internal
+     */
+    private _isHashInSet;
+    /**
+     * Timing-safe string comparison to prevent timing attacks.
+     * @internal
+     */
+    private static _timingSafeCompare;
+}
+//# sourceMappingURL=ApiKeyManager.d.ts.map

package/dist/ApiKeyManager.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ApiKeyManager.d.ts","sourceRoot":"","sources":["../src/ApiKeyManager.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AAQH,MAAM,WAAW,mBAAmB;IAChC,gDAAgD;IAChD,QAAQ,CAAC,IAAI,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IAElC,uFAAuF;IACvF,QAAQ,CAAC,UAAU,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IAExC;;;OAGG;IACH,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,OAAO,CAAC,sBAAsB,CAAC,CAAC;IAEtE,gEAAgE;IAChE,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IAEzB,sCAAsC;IACtC,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;CAC/B;AAED,MAAM,WAAW,sBAAsB;IACnC,gCAAgC;IAChC,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC;IAExB,oEAAoE;IACpE,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAE5C,uDAAuD;IACvD,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;CAC5B;AAMD,qBAAa,aAAa;IACtB,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAsB;IAC9C,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAS;IACpC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAc;gBAE7B,MAAM,EAAE,mBAAmB;IAuBvC;;;;;OAKG;IACG,QAAQ,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,sBAAsB,CAAC;IA4B5D;;OAEG;IACG,OAAO,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAO5C;;;;;OAKG;IACH,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM;IAItC;;;;;;OAMG;IACH,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO;IAK5D;;;;;OAKG;IACH,MAAM,CAAC,WAAW,CAAC,OAAO,CAAC,EAAE;QAAE,MAAM,CAAC,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,MAAM;IAS1E;;;OAGG;IACH,OAAO,CAAC,YAAY;IASpB;;;OAGG;IACH,OAAO,CAAC,MAAM,CAAC,kBAAkB;CAQpC"}

package/dist/ApiKeyManager.js

@@ -0,0 +1,157 @@
+/**
+ * API Key Manager — Validation & Hashing
+ *
+ * Validates API keys using multiple strategies:
+ * - Static key set (in-memory)
+ * - SHA-256 hash comparison (for safe storage)
+ * - Async validator function (database lookup)
+ *
+ * All comparisons use timing-safe operations to prevent timing attacks.
+ *
+ * @example
+ * ```ts
+ * import { ApiKeyManager } from '@vinkius-core/mcp-fusion-api-key';
+ *
+ * // Static keys
+ * const manager = new ApiKeyManager({
+ *     keys: ['sk_live_abc123', 'sk_live_def456'],
+ * });
+ *
+ * // Hash-based (for DB storage)
+ * const hash = ApiKeyManager.hashKey('sk_live_abc123');
+ * const manager = new ApiKeyManager({ hashedKeys: [hash] });
+ *
+ * // Async validator (DB lookup)
+ * const manager = new ApiKeyManager({
+ *     validator: async (key) => {
+ *         const record = await db.apiKeys.findByKey(key);
+ *         return record ? { valid: true, metadata: { userId: record.userId } } : { valid: false };
+ *     },
+ * });
+ * ```
+ */
+import * as crypto from 'node:crypto';
+// ============================================================================
+// ApiKeyManager
+// ============================================================================
+export class ApiKeyManager {
+    _config;
+    _minLength;
+    _keyHashes;
+    constructor(config) {
+        if (!config.keys?.length && !config.hashedKeys?.length && !config.validator) {
+            throw new Error('ApiKeyManager requires at least one of: keys, hashedKeys, validator');
+        }
+        this._config = config;
+        this._minLength = config.minLength ?? 16;
+        // Pre-hash static keys for timing-safe comparison
+        this._keyHashes = new Set();
+        if (config.keys) {
+            for (const key of config.keys) {
+                this._keyHashes.add(ApiKeyManager.hashKey(key));
+            }
+        }
+        if (config.hashedKeys) {
+            for (const hash of config.hashedKeys) {
+                this._keyHashes.add(hash);
+            }
+        }
+    }
+    // ── Public API ───────────────────────────────────────
+    /**
+     * Validate an API key.
+     *
+     * @param key - Raw API key string
+     * @returns Validation result with optional metadata
+     */
+    async validate(key) {
+        // Format checks
+        if (!key || typeof key !== 'string') {
+            return { valid: false, reason: 'API key is empty or not a string' };
+        }
+        if (key.length < this._minLength) {
+            return { valid: false, reason: `API key too short (min ${this._minLength} chars)` };
+        }
+        if (this._config.prefix && !key.startsWith(this._config.prefix)) {
+            return { valid: false, reason: `API key must start with '${this._config.prefix}'` };
+        }
+        // Async validator takes priority
+        if (this._config.validator) {
+            return this._config.validator(key);
+        }
+        // Hash-based comparison (timing-safe)
+        const keyHash = ApiKeyManager.hashKey(key);
+        const isValid = this._isHashInSet(keyHash);
+        return isValid
+            ? { valid: true }
+            : { valid: false, reason: 'Invalid API key' };
+    }
+    /**
+     * Quick boolean check without detailed result.
+     */
+    async isValid(key) {
+        const result = await this.validate(key);
+        return result.valid;
+    }
+    // ── Static Utilities ─────────────────────────────────
+    /**
+     * Hash an API key using SHA-256 for safe storage.
+     *
+     * @param rawKey - Plaintext API key
+     * @returns Hex-encoded SHA-256 hash
+     */
+    static hashKey(rawKey) {
+        return crypto.createHash('sha256').update(rawKey).digest('hex');
+    }
+    /**
+     * Compare a raw key against a stored hash using timing-safe comparison.
+     *
+     * @param rawKey - Plaintext API key
+     * @param storedHash - SHA-256 hex hash to compare against
+     * @returns Whether the key matches the hash
+     */
+    static matchKey(rawKey, storedHash) {
+        const keyHash = ApiKeyManager.hashKey(rawKey);
+        return ApiKeyManager._timingSafeCompare(keyHash, storedHash);
+    }
+    /**
+     * Generate a random API key with optional prefix.
+     *
+     * @param options - Generation options
+     * @returns Random API key string
+     */
+    static generateKey(options) {
+        const prefix = options?.prefix ?? 'sk_';
+        const length = options?.length ?? 32;
+        const random = crypto.randomBytes(length).toString('base64url').slice(0, length);
+        return `${prefix}${random}`;
+    }
+    // ── Private Helpers ──────────────────────────────────
+    /**
+     * Check if a hash exists in the pre-computed set using timing-safe comparison.
+     * @internal
+     */
+    _isHashInSet(hash) {
+        for (const stored of this._keyHashes) {
+            if (ApiKeyManager._timingSafeCompare(hash, stored)) {
+                return true;
+            }
+        }
+        return false;
+    }
+    /**
+     * Timing-safe string comparison to prevent timing attacks.
+     * @internal
+     */
+    static _timingSafeCompare(a, b) {
+        if (a.length !== b.length)
+            return false;
+        try {
+            return crypto.timingSafeEqual(Buffer.from(a), Buffer.from(b));
+        }
+        catch {
+            return false;
+        }
+    }
+}
+//# sourceMappingURL=ApiKeyManager.js.map

package/dist/ApiKeyManager.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ApiKeyManager.js","sourceRoot":"","sources":["../src/ApiKeyManager.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AAEH,OAAO,KAAK,MAAM,MAAM,aAAa,CAAC;AAqCtC,+EAA+E;AAC/E,gBAAgB;AAChB,+EAA+E;AAE/E,MAAM,OAAO,aAAa;IACL,OAAO,CAAsB;IAC7B,UAAU,CAAS;IACnB,UAAU,CAAc;IAEzC,YAAY,MAA2B;QACnC,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;YAC1E,MAAM,IAAI,KAAK,CAAC,qEAAqE,CAAC,CAAC;QAC3F,CAAC;QACD,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC;QACtB,IAAI,CAAC,UAAU,GAAG,MAAM,CAAC,SAAS,IAAI,EAAE,CAAC;QAEzC,kDAAkD;QAClD,IAAI,CAAC,UAAU,GAAG,IAAI,GAAG,EAAU,CAAC;QACpC,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC;YACd,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC;gBAC5B,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,aAAa,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC;YACpD,CAAC;QACL,CAAC;QACD,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;YACpB,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;gBACnC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YAC9B,CAAC;QACL,CAAC;IACL,CAAC;IAED,wDAAwD;IAExD;;;;;OAKG;IACH,KAAK,CAAC,QAAQ,CAAC,GAAW;QACtB,gBAAgB;QAChB,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YAClC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,kCAAkC,EAAE,CAAC;QACxE,CAAC;QAED,IAAI,GAAG,CAAC,MAAM,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;YAC/B,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,0BAA0B,IAAI,CAAC,UAAU,SAAS,EAAE,CAAC;QACxF,CAAC;QAED,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;YAC9D,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,4BAA4B,IAAI,CAAC,OAAO,CAAC,MAAM,GAAG,EAAE,CAAC;QACxF,CAAC;QAED,iCAAiC;QACjC,IAAI,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC;YACzB,OAAO,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QACvC,CAAC;QAED,sCAAsC;QACtC,MAAM,OAAO,GAAG,aAAa,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAC3C,MAAM,OAAO,GAAG,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;QAE3C,OAAO,OAAO;YACV,CAAC,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE;YACjB,CAAC,CAAC,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,iBAAiB,EAAE,CAAC;IACtD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,OAAO,CAAC,GAAW;QACrB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;QACxC,OAAO,MAAM,CAAC,KAAK,CAAC;IACxB,CAAC;IAED,wDAAwD;IAExD;;;;;OAKG;IACH,MAAM,CAAC,OAAO,CAAC,MAAc;QACzB,OAAO,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACpE,CAAC;IAED;;;;;;OAMG;IACH,MAAM,CAAC,QAAQ,CAAC,MAAc,EAAE,UAAkB;QAC9C,MAAM,OAAO,GAAG,aAAa,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC9C,OAAO,aAAa,CAAC,kBAAkB,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;IACjE,CAAC;IAED;;;;;OAKG;IACH,MAAM,CAAC,WAAW,CAAC,OAA8C;QAC7D,MAAM,MAAM,GAAG,OAAO,EAAE,MAAM,IAAI,KAAK,CAAC;QACxC,MAAM,MAAM,GAAG,OAAO,EAAE,MAAM,IAAI,EAAE,CAAC;QACrC,MAAM,MAAM,GAAG,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;QACjF,OAAO,GAAG,MAAM,GAAG,MAAM,EAAE,CAAC;IAChC,CAAC;IAED,wDAAwD;IAExD;;;OAGG;IACK,YAAY,CAAC,IAAY;QAC7B,KAAK,MAAM,MAAM,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YACnC,IAAI,aAAa,CAAC,kBAAkB,CAAC,IAAI,EAAE,MAAM,CAAC,EAAE,CAAC;gBACjD,OAAO,IAAI,CAAC;YAChB,CAAC;QACL,CAAC;QACD,OAAO,KAAK,CAAC;IACjB,CAAC;IAED;;;OAGG;IACK,MAAM,CAAC,kBAAkB,CAAC,CAAS,EAAE,CAAS;QAClD,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM;YAAE,OAAO,KAAK,CAAC;QACxC,IAAI,CAAC;YACD,OAAO,MAAM,CAAC,eAAe,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;QAClE,CAAC;QAAC,MAAM,CAAC;YACL,OAAO,KAAK,CAAC;QACjB,CAAC;IACL,CAAC;CACJ"}

package/dist/createApiKeyTool.d.ts

@@ -0,0 +1,38 @@
+/**
+ * API Key Auth Tool Factory — Pre-built API Key Validation Tool
+ *
+ * Creates a complete mcp-fusion tool with validate and status actions.
+ *
+ * @example
+ * ```ts
+ * import { createApiKeyTool } from '@vinkius-core/mcp-fusion-api-key';
+ *
+ * const apiKeyTool = createApiKeyTool({
+ *     keys: ['sk_live_abc123'],
+ * });
+ * ```
+ */
+import type { ApiKeyManagerConfig } from './ApiKeyManager.js';
+export interface ApiKeyToolConfig<TContext = unknown> extends ApiKeyManagerConfig {
+    /** Tool name in MCP. Default: 'api_key_auth' */
+    readonly toolName?: string;
+    /** Tool description for the LLM. */
+    readonly description?: string;
+    /** Tags for selective tool exposure. */
+    readonly tags?: string[];
+    /** Extract API key from context for the `status` action. */
+    readonly extractKey?: (ctx: TContext) => string | null | undefined;
+}
+/**
+ * Creates a complete API key auth tool with validate and status actions.
+ *
+ * Actions:
+ * - `validate` — Validate an API key and return metadata
+ * - `status` — Check if API key is present/valid
+ */
+export declare function createApiKeyTool<TContext = unknown>(config: ApiKeyToolConfig<TContext>): import("@vinkius-core/mcp-fusion").GroupedToolBuilder<TContext, Record<string, never>, string, Record<string, never> & {
+    [x: `${string}.validate`]: Record<string, unknown>;
+} & {
+    [x: `${string}.status`]: Record<string, unknown>;
+}>;
+//# sourceMappingURL=createApiKeyTool.d.ts.map

package/dist/createApiKeyTool.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"createApiKeyTool.d.ts","sourceRoot":"","sources":["../src/createApiKeyTool.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAKH,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAM9D,MAAM,WAAW,gBAAgB,CAAC,QAAQ,GAAG,OAAO,CAAE,SAAQ,mBAAmB;IAC7E,gDAAgD;IAChD,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAE3B,oCAAoC;IACpC,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;IAE9B,wCAAwC;IACxC,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAEzB,4DAA4D;IAC5D,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC,GAAG,EAAE,QAAQ,KAAK,MAAM,GAAG,IAAI,GAAG,SAAS,CAAC;CACtE;AAkBD;;;;;;GAMG;AACH,wBAAgB,gBAAgB,CAAC,QAAQ,GAAG,OAAO,EAAE,MAAM,EAAE,gBAAgB,CAAC,QAAQ,CAAC;;;;GAkEtF"}

package/dist/createApiKeyTool.js

@@ -0,0 +1,94 @@
+/**
+ * API Key Auth Tool Factory — Pre-built API Key Validation Tool
+ *
+ * Creates a complete mcp-fusion tool with validate and status actions.
+ *
+ * @example
+ * ```ts
+ * import { createApiKeyTool } from '@vinkius-core/mcp-fusion-api-key';
+ *
+ * const apiKeyTool = createApiKeyTool({
+ *     keys: ['sk_live_abc123'],
+ * });
+ * ```
+ */
+import { createTool } from '@vinkius-core/mcp-fusion';
+import { ApiKeyManager } from './ApiKeyManager.js';
+// ============================================================================
+// Response Helpers
+// ============================================================================
+function ok(data) {
+    return { content: [{ type: 'text', text: JSON.stringify(data, null, 2) }] };
+}
+function fail(data) {
+    return { content: [{ type: 'text', text: JSON.stringify(data, null, 2) }], isError: true };
+}
+// ============================================================================
+// Factory
+// ============================================================================
+/**
+ * Creates a complete API key auth tool with validate and status actions.
+ *
+ * Actions:
+ * - `validate` — Validate an API key and return metadata
+ * - `status` — Check if API key is present/valid
+ */
+export function createApiKeyTool(config) {
+    const manager = new ApiKeyManager(config);
+    const toolName = config.toolName ?? 'api_key_auth';
+    const description = config.description ?? 'API key authentication — validate keys and check status';
+    const extractKey = config.extractKey;
+    const tool = createTool(toolName);
+    if (config.tags?.length) {
+        tool.tags(...config.tags);
+    }
+    return tool
+        .action({
+        name: 'validate',
+        description: 'Validate an API key',
+        handler: async (_ctx, args) => {
+            const key = args['key'];
+            if (!key) {
+                return fail({ message: 'API key is required' });
+            }
+            const result = await manager.validate(key);
+            if (!result.valid) {
+                return fail({
+                    message: `Validation failed: ${result.reason}`,
+                    valid: false,
+                });
+            }
+            return ok({
+                valid: true,
+                metadata: result.metadata,
+            });
+        },
+    })
+        .action({
+        name: 'status',
+        description: 'Check API key authentication status from context',
+        handler: async (ctx) => {
+            if (!extractKey) {
+                return ok({
+                    available: false,
+                    reason: 'No key extractor configured',
+                });
+            }
+            const key = extractKey(ctx);
+            if (!key) {
+                return ok({
+                    authenticated: false,
+                    reason: 'No API key found in context',
+                });
+            }
+            const result = await manager.validate(key);
+            return ok({
+                authenticated: result.valid,
+                valid: result.valid,
+                reason: result.reason,
+                metadata: result.metadata,
+            });
+        },
+    });
+}
+//# sourceMappingURL=createApiKeyTool.js.map

package/dist/createApiKeyTool.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"createApiKeyTool.js","sourceRoot":"","sources":["../src/createApiKeyTool.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,0BAA0B,CAAC;AAEtD,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAqBnD,+EAA+E;AAC/E,mBAAmB;AACnB,+EAA+E;AAE/E,SAAS,EAAE,CAAC,IAA6B;IACrC,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC;AACzF,CAAC;AAED,SAAS,IAAI,CAAC,IAA6B;IACvC,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;AACxG,CAAC;AAED,+EAA+E;AAC/E,UAAU;AACV,+EAA+E;AAE/E;;;;;;GAMG;AACH,MAAM,UAAU,gBAAgB,CAAqB,MAAkC;IACnF,MAAM,OAAO,GAAG,IAAI,aAAa,CAAC,MAAM,CAAC,CAAC;IAC1C,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,IAAI,cAAc,CAAC;IACnD,MAAM,WAAW,GAAG,MAAM,CAAC,WAAW,IAAI,yDAAyD,CAAC;IACpG,MAAM,UAAU,GAAG,MAAM,CAAC,UAAU,CAAC;IAErC,MAAM,IAAI,GAAG,UAAU,CAAW,QAAQ,CAAC,CAAC;IAE5C,IAAI,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,CAAC;QACtB,IAAI,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC;IAC9B,CAAC;IAED,OAAO,IAAI;SACN,MAAM,CAAC;QACJ,IAAI,EAAE,UAAU;QAChB,WAAW,EAAE,qBAAqB;QAClC,OAAO,EAAE,KAAK,EAAE,IAAc,EAAE,IAA6B,EAAyB,EAAE;YACpF,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAuB,CAAC;YAC9C,IAAI,CAAC,GAAG,EAAE,CAAC;gBACP,OAAO,IAAI,CAAC,EAAE,OAAO,EAAE,qBAAqB,EAAE,CAAC,CAAC;YACpD,CAAC;YAED,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;YAE3C,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;gBAChB,OAAO,IAAI,CAAC;oBACR,OAAO,EAAE,sBAAsB,MAAM,CAAC,MAAM,EAAE;oBAC9C,KAAK,EAAE,KAAK;iBACf,CAAC,CAAC;YACP,CAAC;YAED,OAAO,EAAE,CAAC;gBACN,KAAK,EAAE,IAAI;gBACX,QAAQ,EAAE,MAAM,CAAC,QAAQ;aAC5B,CAAC,CAAC;QACP,CAAC;KACJ,CAAC;SACD,MAAM,CAAC;QACJ,IAAI,EAAE,QAAQ;QACd,WAAW,EAAE,kDAAkD;QAC/D,OAAO,EAAE,KAAK,EAAE,GAAa,EAAyB,EAAE;YACpD,IAAI,CAAC,UAAU,EAAE,CAAC;gBACd,OAAO,EAAE,CAAC;oBACN,SAAS,EAAE,KAAK;oBAChB,MAAM,EAAE,6BAA6B;iBACxC,CAAC,CAAC;YACP,CAAC;YAED,MAAM,GAAG,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC;YAC5B,IAAI,CAAC,GAAG,EAAE,CAAC;gBACP,OAAO,EAAE,CAAC;oBACN,aAAa,EAAE,KAAK;oBACpB,MAAM,EAAE,6BAA6B;iBACxC,CAAC,CAAC;YACP,CAAC;YAED,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;YAE3C,OAAO,EAAE,CAAC;gBACN,aAAa,EAAE,MAAM,CAAC,KAAK;gBAC3B,KAAK,EAAE,MAAM,CAAC,KAAK;gBACnB,MAAM,EAAE,MAAM,CAAC,MAAM;gBACrB,QAAQ,EAAE,MAAM,CAAC,QAAQ;aAC5B,CAAC,CAAC;QACP,CAAC;KACJ,CAAC,CAAC;AACX,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,32 @@
+/**
+ * @vinkius-core/mcp-fusion-api-key — API Key Validation for MCP Servers
+ *
+ * Timing-safe API key validation with SHA-256 hashing,
+ * async validators, and mcp-fusion middleware integration.
+ * Zero external dependencies — uses native Node.js crypto.
+ *
+ * @example
+ * ```ts
+ * import { ApiKeyManager, requireApiKey, createApiKeyTool } from '@vinkius-core/mcp-fusion-api-key';
+ *
+ * // Middleware
+ * const projects = createTool('projects')
+ *     .use(requireApiKey({ keys: ['sk_live_abc123'] }))
+ *     .action({ name: 'list', handler: async () => success([]) });
+ *
+ * // Standalone
+ * const manager = new ApiKeyManager({ keys: ['sk_live_abc123'] });
+ * const result = await manager.validate('sk_live_abc123');
+ * ```
+ *
+ * @module @vinkius-core/mcp-fusion-api-key
+ * @author Vinkius Labs
+ * @license Apache-2.0
+ */
+export { ApiKeyManager } from './ApiKeyManager.js';
+export type { ApiKeyManagerConfig, ApiKeyValidationResult, } from './ApiKeyManager.js';
+export { createApiKeyTool } from './createApiKeyTool.js';
+export type { ApiKeyToolConfig } from './createApiKeyTool.js';
+export { requireApiKey } from './middleware.js';
+export type { RequireApiKeyOptions } from './middleware.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AAEH,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACnD,YAAY,EACR,mBAAmB,EACnB,sBAAsB,GACzB,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AACzD,YAAY,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAE9D,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAChD,YAAY,EAAE,oBAAoB,EAAE,MAAM,iBAAiB,CAAC"}

package/dist/index.js

@@ -0,0 +1,29 @@
+/**
+ * @vinkius-core/mcp-fusion-api-key — API Key Validation for MCP Servers
+ *
+ * Timing-safe API key validation with SHA-256 hashing,
+ * async validators, and mcp-fusion middleware integration.
+ * Zero external dependencies — uses native Node.js crypto.
+ *
+ * @example
+ * ```ts
+ * import { ApiKeyManager, requireApiKey, createApiKeyTool } from '@vinkius-core/mcp-fusion-api-key';
+ *
+ * // Middleware
+ * const projects = createTool('projects')
+ *     .use(requireApiKey({ keys: ['sk_live_abc123'] }))
+ *     .action({ name: 'list', handler: async () => success([]) });
+ *
+ * // Standalone
+ * const manager = new ApiKeyManager({ keys: ['sk_live_abc123'] });
+ * const result = await manager.validate('sk_live_abc123');
+ * ```
+ *
+ * @module @vinkius-core/mcp-fusion-api-key
+ * @author Vinkius Labs
+ * @license Apache-2.0
+ */
+export { ApiKeyManager } from './ApiKeyManager.js';
+export { createApiKeyTool } from './createApiKeyTool.js';
+export { requireApiKey } from './middleware.js';
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AAEH,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAMnD,OAAO,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAGzD,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC"}

package/dist/middleware.d.ts

@@ -0,0 +1,45 @@
+/**
+ * API Key Auth Middleware — requireApiKey()
+ *
+ * mcp-fusion middleware that ensures requests carry a valid API key.
+ * Extracts the key, validates it via ApiKeyManager, and rejects
+ * invalid/missing keys with self-healing error responses.
+ *
+ * @example
+ * ```ts
+ * import { requireApiKey } from '@vinkius-core/mcp-fusion-api-key';
+ *
+ * const projects = createTool('projects')
+ *     .use(requireApiKey({ keys: ['sk_live_abc123'] }))
+ *     .action({ name: 'list', handler: async (ctx) => { ... } });
+ * ```
+ */
+import type { ToolResponse } from '@vinkius-core/mcp-fusion';
+import type { ApiKeyManagerConfig } from './ApiKeyManager.js';
+export interface RequireApiKeyOptions extends ApiKeyManagerConfig {
+    /**
+     * Custom function to extract the API key from the context.
+     * Default: checks `ctx.apiKey`, `ctx.headers['x-api-key']`,
+     * `ctx.headers.authorization` (ApiKey/Bearer prefix).
+     */
+    readonly extractKey?: (ctx: unknown) => string | null | undefined;
+    /**
+     * Callback invoked after successful validation.
+     * Use this to inject key metadata into the context.
+     */
+    readonly onValidated?: (ctx: unknown, metadata?: Record<string, unknown>) => void;
+    /** Error code for toolError response. Default: 'APIKEY_INVALID' */
+    readonly errorCode?: string;
+    /** Recovery hint for the LLM. Default: 'Provide a valid API key' */
+    readonly recoveryHint?: string;
+    /** Recovery action name. Default: 'auth' */
+    readonly recoveryAction?: string;
+}
+/**
+ * Creates a mcp-fusion middleware that validates API keys.
+ *
+ * Returns `toolError('APIKEY_INVALID')` with self-healing hints
+ * when no valid key is found.
+ */
+export declare function requireApiKey(options: RequireApiKeyOptions): (ctx: unknown, _args: Record<string, unknown>, next: () => Promise<ToolResponse>) => Promise<ToolResponse>;
+//# sourceMappingURL=middleware.d.ts.map

package/dist/middleware.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../src/middleware.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAGH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AAE7D,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAM9D,MAAM,WAAW,oBAAqB,SAAQ,mBAAmB;IAC7D;;;;OAIG;IACH,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC,GAAG,EAAE,OAAO,KAAK,MAAM,GAAG,IAAI,GAAG,SAAS,CAAC;IAElE;;;OAGG;IACH,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC,GAAG,EAAE,OAAO,EAAE,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,IAAI,CAAC;IAElF,mEAAmE;IACnE,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAE5B,oEAAoE;IACpE,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;IAE/B,4CAA4C;IAC5C,QAAQ,CAAC,cAAc,CAAC,EAAE,MAAM,CAAC;CACpC;AAMD;;;;;GAKG;AACH,wBAAgB,aAAa,CAAC,OAAO,EAAE,oBAAoB,IAQzC,KAAK,OAAO,EAAE,OAAO,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,MAAM,OAAO,CAAC,YAAY,CAAC,KAAG,OAAO,CAAC,YAAY,CAAC,CA2BxH"}

package/dist/middleware.js

@@ -0,0 +1,94 @@
+/**
+ * API Key Auth Middleware — requireApiKey()
+ *
+ * mcp-fusion middleware that ensures requests carry a valid API key.
+ * Extracts the key, validates it via ApiKeyManager, and rejects
+ * invalid/missing keys with self-healing error responses.
+ *
+ * @example
+ * ```ts
+ * import { requireApiKey } from '@vinkius-core/mcp-fusion-api-key';
+ *
+ * const projects = createTool('projects')
+ *     .use(requireApiKey({ keys: ['sk_live_abc123'] }))
+ *     .action({ name: 'list', handler: async (ctx) => { ... } });
+ * ```
+ */
+import { toolError } from '@vinkius-core/mcp-fusion';
+import { ApiKeyManager } from './ApiKeyManager.js';
+// ============================================================================
+// Middleware Factory
+// ============================================================================
+/**
+ * Creates a mcp-fusion middleware that validates API keys.
+ *
+ * Returns `toolError('APIKEY_INVALID')` with self-healing hints
+ * when no valid key is found.
+ */
+export function requireApiKey(options) {
+    const manager = new ApiKeyManager(options);
+    const extractKey = options.extractKey ?? defaultExtractKey;
+    const errorCode = options.errorCode ?? 'APIKEY_INVALID';
+    const recoveryHint = options.recoveryHint ?? 'Provide a valid API key';
+    const recoveryAction = options.recoveryAction ?? 'auth';
+    const onValidated = options.onValidated;
+    return async (ctx, _args, next) => {
+        const raw = extractKey(ctx);
+        if (!raw) {
+            return toolError(errorCode, {
+                message: 'API key authentication required',
+                suggestion: recoveryHint,
+                availableActions: [recoveryAction],
+            });
+        }
+        const result = await manager.validate(raw);
+        if (!result.valid) {
+            return toolError(errorCode, {
+                message: `API key validation failed: ${result.reason}`,
+                suggestion: recoveryHint,
+                availableActions: [recoveryAction],
+            });
+        }
+        if (onValidated) {
+            onValidated(ctx, result.metadata);
+        }
+        return next();
+    };
+}
+// ============================================================================
+// Default Key Extractor
+// ============================================================================
+/**
+ * Default API key extractor — checks common patterns:
+ * - `ctx.apiKey`
+ * - `ctx.headers['x-api-key']`
+ * - `ctx.headers.authorization` with `ApiKey ` or `Bearer ` prefix
+ */
+function defaultExtractKey(ctx) {
+    if (!ctx || typeof ctx !== 'object')
+        return null;
+    const obj = ctx;
+    // Direct apiKey property
+    if (typeof obj['apiKey'] === 'string' && obj['apiKey']) {
+        return obj['apiKey'];
+    }
+    // Headers
+    const headers = obj['headers'];
+    if (headers) {
+        // x-api-key header
+        if (typeof headers['x-api-key'] === 'string' && headers['x-api-key']) {
+            return headers['x-api-key'];
+        }
+        // Authorization header with ApiKey or Bearer prefix
+        const auth = headers['authorization'];
+        if (typeof auth === 'string' && auth) {
+            if (auth.startsWith('ApiKey '))
+                return auth.slice(7);
+            if (auth.startsWith('Bearer '))
+                return auth.slice(7);
+            return auth;
+        }
+    }
+    return null;
+}
+//# sourceMappingURL=middleware.js.map

package/dist/middleware.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"middleware.js","sourceRoot":"","sources":["../src/middleware.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,EAAE,SAAS,EAAE,MAAM,0BAA0B,CAAC;AAErD,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AA+BnD,+EAA+E;AAC/E,qBAAqB;AACrB,+EAA+E;AAE/E;;;;;GAKG;AACH,MAAM,UAAU,aAAa,CAAC,OAA6B;IACvD,MAAM,OAAO,GAAG,IAAI,aAAa,CAAC,OAAO,CAAC,CAAC;IAC3C,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,iBAAiB,CAAC;IAC3D,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,gBAAgB,CAAC;IACxD,MAAM,YAAY,GAAG,OAAO,CAAC,YAAY,IAAI,yBAAyB,CAAC;IACvE,MAAM,cAAc,GAAG,OAAO,CAAC,cAAc,IAAI,MAAM,CAAC;IACxD,MAAM,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC;IAExC,OAAO,KAAK,EAAE,GAAY,EAAE,KAA8B,EAAE,IAAiC,EAAyB,EAAE;QACpH,MAAM,GAAG,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC;QAE5B,IAAI,CAAC,GAAG,EAAE,CAAC;YACP,OAAO,SAAS,CAAC,SAAS,EAAE;gBACxB,OAAO,EAAE,iCAAiC;gBAC1C,UAAU,EAAE,YAAY;gBACxB,gBAAgB,EAAE,CAAC,cAAc,CAAC;aACrC,CAAC,CAAC;QACP,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;QAE3C,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;YAChB,OAAO,SAAS,CAAC,SAAS,EAAE;gBACxB,OAAO,EAAE,8BAA8B,MAAM,CAAC,MAAM,EAAE;gBACtD,UAAU,EAAE,YAAY;gBACxB,gBAAgB,EAAE,CAAC,cAAc,CAAC;aACrC,CAAC,CAAC;QACP,CAAC;QAED,IAAI,WAAW,EAAE,CAAC;YACd,WAAW,CAAC,GAAG,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC;QACtC,CAAC;QAED,OAAO,IAAI,EAAE,CAAC;IAClB,CAAC,CAAC;AACN,CAAC;AAED,+EAA+E;AAC/E,wBAAwB;AACxB,+EAA+E;AAE/E;;;;;GAKG;AACH,SAAS,iBAAiB,CAAC,GAAY;IACnC,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IAEjD,MAAM,GAAG,GAAG,GAA8B,CAAC;IAE3C,yBAAyB;IACzB,IAAI,OAAO,GAAG,CAAC,QAAQ,CAAC,KAAK,QAAQ,IAAI,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QACrD,OAAO,GAAG,CAAC,QAAQ,CAAW,CAAC;IACnC,CAAC;IAED,UAAU;IACV,MAAM,OAAO,GAAG,GAAG,CAAC,SAAS,CAAwC,CAAC;IACtE,IAAI,OAAO,EAAE,CAAC;QACV,mBAAmB;QACnB,IAAI,OAAO,OAAO,CAAC,WAAW,CAAC,KAAK,QAAQ,IAAI,OAAO,CAAC,WAAW,CAAC,EAAE,CAAC;YACnE,OAAO,OAAO,CAAC,WAAW,CAAW,CAAC;QAC1C,CAAC;QAED,oDAAoD;QACpD,MAAM,IAAI,GAAG,OAAO,CAAC,eAAe,CAAC,CAAC;QACtC,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,EAAE,CAAC;YACnC,IAAI,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC;gBAAE,OAAO,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YACrD,IAAI,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC;gBAAE,OAAO,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YACrD,OAAO,IAAI,CAAC;QAChB,CAAC;IACL,CAAC;IAED,OAAO,IAAI,CAAC;AAChB,CAAC"}

package/package.json

@@ -0,0 +1,52 @@
+{
+    "name": "@vinkius-core/mcp-fusion-api-key",
+    "version": "1.0.0",
+    "description": "API key validation middleware for MCP servers built with mcp-fusion. Timing-safe comparison, SHA-256 hashing, async validators, and self-healing error responses.",
+    "type": "module",
+    "main": "dist/index.js",
+    "types": "dist/index.d.ts",
+    "exports": {
+        ".": {
+            "import": "./dist/index.js",
+            "types": "./dist/index.d.ts"
+        }
+    },
+    "scripts": {
+        "build": "tsc",
+        "test": "vitest run",
+        "prepublishOnly": "npm run build"
+    },
+    "keywords": [
+        "mcp",
+        "mcp-fusion",
+        "api-key",
+        "authentication",
+        "middleware",
+        "ai",
+        "llm"
+    ],
+    "author": "Vinkius Labs",
+    "repository": {
+        "type": "git",
+        "url": "git+https://github.com/vinkius-labs/mcp-fusion.git",
+        "directory": "packages/api-key"
+    },
+    "bugs": {
+        "url": "https://github.com/vinkius-labs/mcp-fusion/issues"
+    },
+    "homepage": "https://mcp-fusion.vinkius.com/",
+    "files": [
+        "dist",
+        "README.md"
+    ],
+    "engines": {
+        "node": ">=18.0.0"
+    },
+    "publishConfig": {
+        "access": "public"
+    },
+    "peerDependencies": {
+        "@vinkius-core/mcp-fusion": "^2.0.0"
+    },
+    "license": "Apache-2.0"
+}