@withpica/mcp-server 2.52.0 → 2.53.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +66 -0
- package/dist/prompts/creator-question-atlas.d.ts +48 -0
- package/dist/prompts/creator-question-atlas.d.ts.map +1 -0
- package/dist/prompts/creator-question-atlas.js +618 -0
- package/dist/prompts/creator-question-atlas.js.map +1 -0
- package/dist/prompts/index.d.ts +32 -0
- package/dist/prompts/index.d.ts.map +1 -1
- package/dist/prompts/index.js +235 -0
- package/dist/prompts/index.js.map +1 -1
- package/dist/resources/index.d.ts +10 -0
- package/dist/resources/index.d.ts.map +1 -1
- package/dist/resources/index.js +134 -1
- package/dist/resources/index.js.map +1 -1
- package/dist/server-instructions.d.ts +4 -3
- package/dist/server-instructions.d.ts.map +1 -1
- package/dist/server-instructions.js +4 -1
- package/dist/server-instructions.js.map +1 -1
- package/dist/server.d.ts +26 -0
- package/dist/server.d.ts.map +1 -1
- package/dist/server.js +108 -10
- package/dist/server.js.map +1 -1
- package/dist/skills/index.d.ts +42 -0
- package/dist/skills/index.d.ts.map +1 -0
- package/dist/skills/index.js +59 -0
- package/dist/skills/index.js.map +1 -0
- package/dist/skills/skills.generated.d.ts +25 -0
- package/dist/skills/skills.generated.d.ts.map +1 -0
- package/dist/skills/skills.generated.js +86 -0
- package/dist/skills/skills.generated.js.map +1 -0
- package/dist/tools/access-simulate.d.ts +23 -0
- package/dist/tools/access-simulate.d.ts.map +1 -0
- package/dist/tools/access-simulate.js +165 -0
- package/dist/tools/access-simulate.js.map +1 -0
- package/dist/tools/agent-identity.d.ts.map +1 -1
- package/dist/tools/agent-identity.js +15 -0
- package/dist/tools/agent-identity.js.map +1 -1
- package/dist/tools/agreement-types.d.ts.map +1 -1
- package/dist/tools/agreement-types.js +24 -0
- package/dist/tools/agreement-types.js.map +1 -1
- package/dist/tools/agreements.d.ts.map +1 -1
- package/dist/tools/agreements.js +21 -3
- package/dist/tools/agreements.js.map +1 -1
- package/dist/tools/analytics.d.ts.map +1 -1
- package/dist/tools/analytics.js +19 -1
- package/dist/tools/analytics.js.map +1 -1
- package/dist/tools/app-tools.d.ts.map +1 -1
- package/dist/tools/app-tools.js +11 -2
- package/dist/tools/app-tools.js.map +1 -1
- package/dist/tools/assets.d.ts.map +1 -1
- package/dist/tools/assets.js +33 -0
- package/dist/tools/assets.js.map +1 -1
- package/dist/tools/audio-files.d.ts +5 -0
- package/dist/tools/audio-files.d.ts.map +1 -1
- package/dist/tools/audio-files.js +91 -0
- package/dist/tools/audio-files.js.map +1 -1
- package/dist/tools/audit.d.ts.map +1 -1
- package/dist/tools/audit.js +11 -2
- package/dist/tools/audit.js.map +1 -1
- package/dist/tools/auth.d.ts.map +1 -1
- package/dist/tools/auth.js +6 -0
- package/dist/tools/auth.js.map +1 -1
- package/dist/tools/bulk.d.ts +4 -0
- package/dist/tools/bulk.d.ts.map +1 -1
- package/dist/tools/bulk.js +304 -0
- package/dist/tools/bulk.js.map +1 -1
- package/dist/tools/calendar.d.ts.map +1 -1
- package/dist/tools/calendar.js +3 -0
- package/dist/tools/calendar.js.map +1 -1
- package/dist/tools/collaborators.d.ts.map +1 -1
- package/dist/tools/collaborators.js +24 -3
- package/dist/tools/collaborators.js.map +1 -1
- package/dist/tools/comparisons.d.ts.map +1 -1
- package/dist/tools/comparisons.js +6 -0
- package/dist/tools/comparisons.js.map +1 -1
- package/dist/tools/credits.d.ts +18 -0
- package/dist/tools/credits.d.ts.map +1 -1
- package/dist/tools/credits.js +344 -4
- package/dist/tools/credits.js.map +1 -1
- package/dist/tools/custody.d.ts.map +1 -1
- package/dist/tools/custody.js +23 -2
- package/dist/tools/custody.js.map +1 -1
- package/dist/tools/dashboard.d.ts.map +1 -1
- package/dist/tools/dashboard.js +43 -7
- package/dist/tools/dashboard.js.map +1 -1
- package/dist/tools/directory.d.ts.map +1 -1
- package/dist/tools/directory.js +3 -0
- package/dist/tools/directory.js.map +1 -1
- package/dist/tools/discovery.d.ts.map +1 -1
- package/dist/tools/discovery.js +99 -2
- package/dist/tools/discovery.js.map +1 -1
- package/dist/tools/disputes.d.ts.map +1 -1
- package/dist/tools/disputes.js +4 -1
- package/dist/tools/disputes.js.map +1 -1
- package/dist/tools/documents.d.ts.map +1 -1
- package/dist/tools/documents.js +3 -0
- package/dist/tools/documents.js.map +1 -1
- package/dist/tools/duplicates.d.ts.map +1 -1
- package/dist/tools/duplicates.js +6 -0
- package/dist/tools/duplicates.js.map +1 -1
- package/dist/tools/enrichment.d.ts.map +1 -1
- package/dist/tools/enrichment.js +33 -0
- package/dist/tools/enrichment.js.map +1 -1
- package/dist/tools/explainability.d.ts +24 -0
- package/dist/tools/explainability.d.ts.map +1 -0
- package/dist/tools/explainability.js +137 -0
- package/dist/tools/explainability.js.map +1 -0
- package/dist/tools/exports.d.ts.map +1 -1
- package/dist/tools/exports.js +18 -3
- package/dist/tools/exports.js.map +1 -1
- package/dist/tools/feedback.d.ts.map +1 -1
- package/dist/tools/feedback.js +3 -0
- package/dist/tools/feedback.js.map +1 -1
- package/dist/tools/files.d.ts.map +1 -1
- package/dist/tools/files.js +22 -0
- package/dist/tools/files.js.map +1 -1
- package/dist/tools/groups.d.ts.map +1 -1
- package/dist/tools/groups.js +12 -0
- package/dist/tools/groups.js.map +1 -1
- package/dist/tools/import-documents.d.ts.map +1 -1
- package/dist/tools/import-documents.js +10 -1
- package/dist/tools/import-documents.js.map +1 -1
- package/dist/tools/import.d.ts.map +1 -1
- package/dist/tools/import.js +36 -3
- package/dist/tools/import.js.map +1 -1
- package/dist/tools/index.d.ts +142 -6
- package/dist/tools/index.d.ts.map +1 -1
- package/dist/tools/index.js +289 -108
- package/dist/tools/index.js.map +1 -1
- package/dist/tools/integrations.d.ts.map +1 -1
- package/dist/tools/integrations.js +28 -8
- package/dist/tools/integrations.js.map +1 -1
- package/dist/tools/labels.d.ts.map +1 -1
- package/dist/tools/labels.js +3 -0
- package/dist/tools/labels.js.map +1 -1
- package/dist/tools/licensing.d.ts.map +1 -1
- package/dist/tools/licensing.js +15 -0
- package/dist/tools/licensing.js.map +1 -1
- package/dist/tools/memory.d.ts.map +1 -1
- package/dist/tools/memory.js +15 -3
- package/dist/tools/memory.js.map +1 -1
- package/dist/tools/metadata.d.ts.map +1 -1
- package/dist/tools/metadata.js +112 -0
- package/dist/tools/metadata.js.map +1 -1
- package/dist/tools/multimedia.d.ts.map +1 -1
- package/dist/tools/multimedia.js +15 -0
- package/dist/tools/multimedia.js.map +1 -1
- package/dist/tools/my-recent-questions.d.ts +25 -0
- package/dist/tools/my-recent-questions.d.ts.map +1 -0
- package/dist/tools/my-recent-questions.js +186 -0
- package/dist/tools/my-recent-questions.js.map +1 -0
- package/dist/tools/my-reported-issues.d.ts.map +1 -1
- package/dist/tools/my-reported-issues.js +3 -0
- package/dist/tools/my-reported-issues.js.map +1 -1
- package/dist/tools/notes.d.ts.map +1 -1
- package/dist/tools/notes.js +12 -0
- package/dist/tools/notes.js.map +1 -1
- package/dist/tools/notifications.d.ts.map +1 -1
- package/dist/tools/notifications.js +25 -1
- package/dist/tools/notifications.js.map +1 -1
- package/dist/tools/onboarding.d.ts.map +1 -1
- package/dist/tools/onboarding.js +3 -0
- package/dist/tools/onboarding.js.map +1 -1
- package/dist/tools/people.d.ts +4 -0
- package/dist/tools/people.d.ts.map +1 -1
- package/dist/tools/people.js +58 -1
- package/dist/tools/people.js.map +1 -1
- package/dist/tools/projects.d.ts.map +1 -1
- package/dist/tools/projects.js +18 -0
- package/dist/tools/projects.js.map +1 -1
- package/dist/tools/public-filter.d.ts.map +1 -1
- package/dist/tools/public-filter.js +6 -0
- package/dist/tools/public-filter.js.map +1 -1
- package/dist/tools/publishers.d.ts.map +1 -1
- package/dist/tools/publishers.js +6 -0
- package/dist/tools/publishers.js.map +1 -1
- package/dist/tools/recordings.d.ts.map +1 -1
- package/dist/tools/recordings.js +15 -0
- package/dist/tools/recordings.js.map +1 -1
- package/dist/tools/recovery-hints.d.ts.map +1 -1
- package/dist/tools/recovery-hints.js +105 -0
- package/dist/tools/recovery-hints.js.map +1 -1
- package/dist/tools/release-rich.d.ts.map +1 -1
- package/dist/tools/release-rich.js +4 -2
- package/dist/tools/release-rich.js.map +1 -1
- package/dist/tools/releases.d.ts.map +1 -1
- package/dist/tools/releases.js +55 -0
- package/dist/tools/releases.js.map +1 -1
- package/dist/tools/report-issue.d.ts.map +1 -1
- package/dist/tools/report-issue.js +3 -0
- package/dist/tools/report-issue.js.map +1 -1
- package/dist/tools/royalties.d.ts.map +1 -1
- package/dist/tools/royalties.js +18 -3
- package/dist/tools/royalties.js.map +1 -1
- package/dist/tools/search.d.ts.map +1 -1
- package/dist/tools/search.js +10 -1
- package/dist/tools/search.js.map +1 -1
- package/dist/tools/send.d.ts.map +1 -1
- package/dist/tools/send.js +9 -0
- package/dist/tools/send.js.map +1 -1
- package/dist/tools/sessions.d.ts.map +1 -1
- package/dist/tools/sessions.js +12 -0
- package/dist/tools/sessions.js.map +1 -1
- package/dist/tools/settings.d.ts.map +1 -1
- package/dist/tools/settings.js +30 -3
- package/dist/tools/settings.js.map +1 -1
- package/dist/tools/share-links.d.ts.map +1 -1
- package/dist/tools/share-links.js +15 -0
- package/dist/tools/share-links.js.map +1 -1
- package/dist/tools/share-send.d.ts +28 -0
- package/dist/tools/share-send.d.ts.map +1 -0
- package/dist/tools/share-send.js +131 -0
- package/dist/tools/share-send.js.map +1 -0
- package/dist/tools/sharing.d.ts +29 -0
- package/dist/tools/sharing.d.ts.map +1 -0
- package/dist/tools/sharing.js +131 -0
- package/dist/tools/sharing.js.map +1 -0
- package/dist/tools/signup.d.ts.map +1 -1
- package/dist/tools/signup.js +3 -0
- package/dist/tools/signup.js.map +1 -1
- package/dist/tools/skills.d.ts +25 -0
- package/dist/tools/skills.d.ts.map +1 -0
- package/dist/tools/skills.js +144 -0
- package/dist/tools/skills.js.map +1 -0
- package/dist/tools/split-sheets.d.ts.map +1 -1
- package/dist/tools/split-sheets.js +22 -1
- package/dist/tools/split-sheets.js.map +1 -1
- package/dist/tools/storage-config.d.ts.map +1 -1
- package/dist/tools/storage-config.js +6 -0
- package/dist/tools/storage-config.js.map +1 -1
- package/dist/tools/subscription.d.ts.map +1 -1
- package/dist/tools/subscription.js +9 -10
- package/dist/tools/subscription.js.map +1 -1
- package/dist/tools/sync-placements.d.ts.map +1 -1
- package/dist/tools/sync-placements.js +20 -2
- package/dist/tools/sync-placements.js.map +1 -1
- package/dist/tools/team.d.ts.map +1 -1
- package/dist/tools/team.js +15 -0
- package/dist/tools/team.js.map +1 -1
- package/dist/tools/telegram.d.ts.map +1 -1
- package/dist/tools/telegram.js +9 -0
- package/dist/tools/telegram.js.map +1 -1
- package/dist/tools/uploads.d.ts.map +1 -1
- package/dist/tools/uploads.js +6 -0
- package/dist/tools/uploads.js.map +1 -1
- package/dist/tools/works.d.ts +4 -0
- package/dist/tools/works.d.ts.map +1 -1
- package/dist/tools/works.js +83 -3
- package/dist/tools/works.js.map +1 -1
- package/package.json +7 -6
- package/scripts/build-skills.ts +229 -0
- package/server.json +2 -2
package/dist/tools/index.d.ts
CHANGED
|
@@ -40,8 +40,74 @@ export interface NextStepHint {
|
|
|
40
40
|
* lands so every tool is forced to declare its workflow at compile time.
|
|
41
41
|
*/
|
|
42
42
|
export type WorkflowTag = "work-required" | "recording-required" | "work-credits-required" | "recording-credits-required" | "person-required" | "audio-upload-required" | "enrichment-resolve-required" | "agreement-required" | "multimedia-required" | "export-required" | "claim-required" | "session-required" | "split-sheet-required" | "recording-splits-required" | "sync-placement-required" | "infrastructure";
|
|
43
|
+
/**
|
|
44
|
+
* ADR-226 Decision 2 — vernacular intent posture for every tool.
|
|
45
|
+
*
|
|
46
|
+
* - `creator-entry` — Atlas covers it; `Use when the user asks: '...'` block
|
|
47
|
+
* in the description is required (Phase 7 lint enforces).
|
|
48
|
+
* - `internal` — programmatic handoff between tools (e.g. presigned-PUT
|
|
49
|
+
* finalize step). Requires a one-line `vernacular_reason`.
|
|
50
|
+
* - `specialist` — mutating / destructive / not-yet-covered context;
|
|
51
|
+
* invoked by exact name. Requires a one-line `vernacular_reason`.
|
|
52
|
+
*
|
|
53
|
+
* Universal coverage: every tool declares its kind. Phase 7 lint promotes
|
|
54
|
+
* the field to a required-with-blocking check; Phase 3 (this commit)
|
|
55
|
+
* leaves it optional during the bulk-classification ramp and flips it to
|
|
56
|
+
* required in the same commit once all 244 tools have been populated by
|
|
57
|
+
* `scripts/bulk-classify-vernacular-kind.ts`.
|
|
58
|
+
*/
|
|
59
|
+
export type VernacularKind = "creator-entry" | "internal" | "specialist";
|
|
60
|
+
/**
|
|
61
|
+
* ADR-230 — authority tier declared on every tool definition.
|
|
62
|
+
*
|
|
63
|
+
* - `read` — pure query, no state mutation. Maps to readOnlyHint:true,
|
|
64
|
+
* risk_level:"safe", required scope `read:*` (or `write:*`
|
|
65
|
+
* via the read-implies-write rule in `hasScope`).
|
|
66
|
+
* - `draft` — produces a proposal/preview/hint without persisting
|
|
67
|
+
* state. Same hints as `write` (readOnlyHint:false,
|
|
68
|
+
* risk_level:"mutating"). No confirmation token.
|
|
69
|
+
* - `write` — persistent state change. May opt into per-tool
|
|
70
|
+
* confirmation via `previewMode: "two_step_token"`.
|
|
71
|
+
* - `destructive` — irreversible state change (delete / merge / send
|
|
72
|
+
* broadcast / disconnect). destructiveHint:true,
|
|
73
|
+
* risk_level:"destructive", confirmation token required,
|
|
74
|
+
* requires elevated `destructive:*` scope (admin satisfies).
|
|
75
|
+
*
|
|
76
|
+
* The 4-value `tier` is PICA's authority surface. The 3-value `risk_level`
|
|
77
|
+
* on `mcp_audit_log` is derived from `tier` (read→safe, draft|write→mutating,
|
|
78
|
+
* destructive→destructive) — sister of the MCP-standard `readOnlyHint` /
|
|
79
|
+
* `destructiveHint` fields, kept for ADR-199 client compatibility.
|
|
80
|
+
*/
|
|
81
|
+
export type Tier = "read" | "draft" | "write" | "destructive";
|
|
82
|
+
/**
|
|
83
|
+
* ADR-230 — derive the MCP-standard 3-value risk classification from the
|
|
84
|
+
* declared tier. Sourced once at registration and at audit-write time so
|
|
85
|
+
* the contract that hints, audit row, and confirmation requirement all
|
|
86
|
+
* agree is mechanical.
|
|
87
|
+
*/
|
|
88
|
+
export declare function tierToRiskLevel(tier: Tier): "safe" | "mutating" | "destructive";
|
|
89
|
+
/**
|
|
90
|
+
* ADR-230 — derive the required API-key scope from the declared tier.
|
|
91
|
+
*
|
|
92
|
+
* - `read` → `read:<resource>` (write:* satisfies via `hasScope`).
|
|
93
|
+
* - `draft|write` → `write:<resource>`.
|
|
94
|
+
* - `destructive` → `destructive:*` (admin satisfies via `hasScope`); the
|
|
95
|
+
* write:<resource> scope is also required for the
|
|
96
|
+
* underlying write surface.
|
|
97
|
+
*
|
|
98
|
+
* Returns the *additional* scope tier beyond per-resource. Resource scope
|
|
99
|
+
* is composed at call-site by `lib/services/mcp-scopes.ts`.
|
|
100
|
+
*/
|
|
101
|
+
export declare function tierToScopeKind(tier: Tier): "read" | "write" | "destructive";
|
|
43
102
|
export interface ToolDefinition {
|
|
44
103
|
name: string;
|
|
104
|
+
/**
|
|
105
|
+
* ADR-230 — authority tier. Required for every customer-facing tool.
|
|
106
|
+
* Sourced from per-tool declaration; drives MCP hints, audit-log
|
|
107
|
+
* `risk_level`, confirmation-token requirement, and required scope.
|
|
108
|
+
* See {@link Tier} above for semantics.
|
|
109
|
+
*/
|
|
110
|
+
tier: Tier;
|
|
45
111
|
description: string;
|
|
46
112
|
/**
|
|
47
113
|
* ADR-214 — workflow(s) this tool belongs to. See `WorkflowTag` above.
|
|
@@ -50,6 +116,21 @@ export interface ToolDefinition {
|
|
|
50
116
|
* part of any user-facing workflow.
|
|
51
117
|
*/
|
|
52
118
|
workflows: WorkflowTag | WorkflowTag[];
|
|
119
|
+
/**
|
|
120
|
+
* ADR-226 Decision 2 — vernacular intent posture. See `VernacularKind`
|
|
121
|
+
* above. Optional during Phase 3 ramp; Phase 7 lint flips it to a
|
|
122
|
+
* required-with-blocking check once every tool is populated.
|
|
123
|
+
*/
|
|
124
|
+
vernacular_kind?: VernacularKind;
|
|
125
|
+
/**
|
|
126
|
+
* ADR-226 Decision 2 — required when `vernacular_kind` is `'internal'`
|
|
127
|
+
* or `'specialist'`. One-line documentation of why the tool is not a
|
|
128
|
+
* creator-vernacular entry point (e.g. "Invoked after presigned PUT
|
|
129
|
+
* completes" or "Specialist context; not yet covered by the Creator
|
|
130
|
+
* Question Atlas"). Phase 7 lint enforces presence on non-`creator-entry`
|
|
131
|
+
* kinds.
|
|
132
|
+
*/
|
|
133
|
+
vernacular_reason?: string;
|
|
53
134
|
inputSchema: {
|
|
54
135
|
type: string;
|
|
55
136
|
properties: Record<string, any>;
|
|
@@ -118,6 +199,16 @@ export interface ToolDefinition {
|
|
|
118
199
|
export type ToolCategory = "catalog" | "enrichment" | "business" | "discovery" | "media" | "comms" | "settings";
|
|
119
200
|
export interface ToolMetadata {
|
|
120
201
|
category: ToolCategory;
|
|
202
|
+
/**
|
|
203
|
+
* @deprecated ADR-230 — use the declared `tier` on the tool
|
|
204
|
+
* definition (`ToolDefinition.tier` — required by lint Rule 13) as
|
|
205
|
+
* the source of truth. `risk` is retained as a quiet fallback for
|
|
206
|
+
* the unlikely case of a tool that bypasses lint (legacy tolerance
|
|
207
|
+
* inside `ToolRegistry.listTools`) and to drive the
|
|
208
|
+
* `injectMetadataIntoDescription` annotations + `retry_safe` hints
|
|
209
|
+
* exposed via `getToolMetadata`. Do NOT add new consumers; route
|
|
210
|
+
* tier-aware logic through the tool definition's declared `tier`.
|
|
211
|
+
*/
|
|
121
212
|
risk: "safe" | "mutating" | "destructive";
|
|
122
213
|
retry_safe: boolean;
|
|
123
214
|
display_name: string;
|
|
@@ -181,6 +272,35 @@ export interface ToolExecutorContext {
|
|
|
181
272
|
server?: Server;
|
|
182
273
|
}
|
|
183
274
|
export type ToolExecutor = (args: Record<string, any>, ctx?: ToolExecutorContext) => Promise<any>;
|
|
275
|
+
/**
|
|
276
|
+
* Sanitize tool parameters for `mcp_audit_log.parameters`. Pure function
|
|
277
|
+
* so it's directly testable; the registry's private method delegates here.
|
|
278
|
+
*
|
|
279
|
+
* Security audit 2026-05-11 P2. The audit log is queryable by anyone with
|
|
280
|
+
* team-portal access. Tools like `pica_sign_in`, `pica_share_links_*`,
|
|
281
|
+
* and `team_comms_send` previously landed bare emails / share tokens /
|
|
282
|
+
* OAuth refresh tokens in the log because the only redaction was a
|
|
283
|
+
* `delete sanitized.confirmation_token` + length truncation.
|
|
284
|
+
*
|
|
285
|
+
* Deny-list is keyed off the param name (case-insensitive substring
|
|
286
|
+
* match) — covers `password`, `api_key`, `token`, `secret`,
|
|
287
|
+
* `authorization`, plus `confirmation_token` via the `token` substring.
|
|
288
|
+
* Sister keys like `refresh_token` / `id_token` / `access_token` /
|
|
289
|
+
* `share_token` / `client_secret` also match.
|
|
290
|
+
*
|
|
291
|
+
* Email values (regardless of param key) get the local-part masked to
|
|
292
|
+
* the first two characters: `jane@example.com` → `ja***@example.com`.
|
|
293
|
+
* Locals ≤ 2 chars become all-asterisk.
|
|
294
|
+
*
|
|
295
|
+
* Strings > 500 chars are truncated to 500 + `...[truncated]`.
|
|
296
|
+
*
|
|
297
|
+
* Exported under `_internal` so test files can exercise the function
|
|
298
|
+
* without instantiating a `ToolRegistry`.
|
|
299
|
+
*/
|
|
300
|
+
declare function sanitizeAuditParams(args: Record<string, any>): Record<string, unknown>;
|
|
301
|
+
export declare const _internal: {
|
|
302
|
+
sanitizeAuditParams: typeof sanitizeAuditParams;
|
|
303
|
+
};
|
|
184
304
|
export declare class ToolRegistry {
|
|
185
305
|
private tools;
|
|
186
306
|
private pica;
|
|
@@ -192,14 +312,29 @@ export declare class ToolRegistry {
|
|
|
192
312
|
constructor(pica: PicaClient | null, config?: ServerConfig, reinitializeCallback?: (apiKey: string) => void, callerContext?: CallerContext, signOutCallback?: () => void);
|
|
193
313
|
setAuditLogger(logger: McpAuditLogger): void;
|
|
194
314
|
setCallerContext(context: CallerContext): void;
|
|
315
|
+
/**
|
|
316
|
+
* Read clientInfo from the MCP `initialize` handshake. SDK populates this
|
|
317
|
+
* on the per-request `Server` for HTTP and on the long-lived `Server` for
|
|
318
|
+
* stdio; either way getClientVersion() returns the same shape after the
|
|
319
|
+
* handshake completes. Returns empty when ctx is absent or the handshake
|
|
320
|
+
* hasn't run (lobby-mode dispatches that bypass the per-request transport).
|
|
321
|
+
*
|
|
322
|
+
* Stamped onto audit rows as provenance only — never used as a permission
|
|
323
|
+
* boundary, since clientInfo is self-declared by the client.
|
|
324
|
+
*/
|
|
325
|
+
private extractClientInfo;
|
|
195
326
|
/**
|
|
196
327
|
* Register all available tools
|
|
197
328
|
*/
|
|
198
329
|
private registerAllTools;
|
|
199
|
-
|
|
200
|
-
|
|
201
|
-
|
|
202
|
-
|
|
330
|
+
/**
|
|
331
|
+
* ADR-230 — declared tier lookup by tool name. Used by the HTTP MCP
|
|
332
|
+
* dispatcher (`app/api/mcp/route.ts`) to enforce the elevated
|
|
333
|
+
* `destructive:*` scope on top of the resource-level scope from
|
|
334
|
+
* `lib/services/mcp-scopes`. Returns undefined for unknown tools or
|
|
335
|
+
* tools that haven't declared tier yet (legacy tolerance).
|
|
336
|
+
*/
|
|
337
|
+
getToolTier(name: string): Tier | undefined;
|
|
203
338
|
/**
|
|
204
339
|
* List all available tools with write-safety prefixes injected.
|
|
205
340
|
* When discoveryMode is enabled, only the 5 handshake-visible tools are returned.
|
|
@@ -221,8 +356,8 @@ export declare class ToolRegistry {
|
|
|
221
356
|
*/
|
|
222
357
|
private buildDestructivePreview;
|
|
223
358
|
/**
|
|
224
|
-
* Sanitize tool parameters for audit logging
|
|
225
|
-
*
|
|
359
|
+
* Sanitize tool parameters for audit logging — delegates to the
|
|
360
|
+
* pure-function impl below so it can be exercised directly in tests.
|
|
226
361
|
*/
|
|
227
362
|
private sanitizeParams;
|
|
228
363
|
/**
|
|
@@ -290,4 +425,5 @@ export declare class ToolRegistry {
|
|
|
290
425
|
*/
|
|
291
426
|
executeTool(name: string, args: Record<string, any>, ctx?: ToolExecutorContext): Promise<any>;
|
|
292
427
|
}
|
|
428
|
+
export {};
|
|
293
429
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/tools/index.ts"],"names":[],"mappings":"AAEA;;;GAGG;AAEH,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,2CAA2C,CAAC;AACxE,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/tools/index.ts"],"names":[],"mappings":"AAEA;;;GAGG;AAEH,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,2CAA2C,CAAC;AACxE,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAmE/C,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAU5C,OAAO,EAAE,cAAc,EAAE,KAAK,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACzE,OAAO,EAIL,KAAK,YAAY,EAElB,MAAM,qBAAqB,CAAC;AAE7B;;;;;GAKG;AACH,MAAM,WAAW,YAAY;IAC3B,0EAA0E;IAC1E,IAAI,EAAE,MAAM,CAAC;IACb,iDAAiD;IACjD,MAAM,EAAE,MAAM,CAAC;IACf;;;;;OAKG;IACH,IAAI,EAAE,YAAY,GAAG,YAAY,GAAG,oBAAoB,CAAC;CAC1D;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,MAAM,WAAW,GACnB,eAAe,GACf,oBAAoB,GACpB,uBAAuB,GACvB,4BAA4B,GAC5B,iBAAiB,GACjB,uBAAuB,GACvB,6BAA6B,GAC7B,oBAAoB,GACpB,qBAAqB,GACrB,iBAAiB,GACjB,gBAAgB,GAChB,kBAAkB,GAClB,sBAAsB,GACtB,2BAA2B,GAC3B,yBAAyB,GACzB,gBAAgB,CAAC;AAErB;;;;;;;;;;;;;;;GAeG;AACH,MAAM,MAAM,cAAc,GAAG,eAAe,GAAG,UAAU,GAAG,YAAY,CAAC;AAEzE;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,MAAM,MAAM,IAAI,GAAG,MAAM,GAAG,OAAO,GAAG,OAAO,GAAG,aAAa,CAAC;AAE9D;;;;;GAKG;AACH,wBAAgB,eAAe,CAC7B,IAAI,EAAE,IAAI,GACT,MAAM,GAAG,UAAU,GAAG,aAAa,CAUrC;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,eAAe,CAAC,IAAI,EAAE,IAAI,GAAG,MAAM,GAAG,OAAO,GAAG,aAAa,CAU5E;AAED,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb;;;;;OAKG;IACH,IAAI,EAAE,IAAI,CAAC;IACX,WAAW,EAAE,MAAM,CAAC;IACpB;;;;;OAKG;IACH,SAAS,EAAE,WAAW,GAAG,WAAW,EAAE,CAAC;IACvC;;;;OAIG;IACH,eAAe,CAAC,EAAE,cAAc,CAAC;IACjC;;;;;;;OAOG;IACH,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,WAAW,EAAE;QACX,IAAI,EAAE,MAAM,CAAC;QACb,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;QAChC,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;QACpB,oBAAoB,CAAC,EAAE,OAAO,CAAC;KAChC,CAAC;IACF;;;OAGG;IACH,YAAY,CAAC,EAAE;QACb,IAAI,EAAE,MAAM,CAAC;QACb,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;QACjC,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;QACpB,oBAAoB,CAAC,EAAE,OAAO,CAAC;KAChC,CAAC;IACF;;;;OAIG;IACH,SAAS,CAAC,EAAE,YAAY,EAAE,CAAC;IAC3B;;;;;OAKG;IACH,oBAAoB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;IAChD;;;;;;;OAOG;IACH,WAAW,CAAC,EAAE,SAAS,GAAG,gBAAgB,GAAG,MAAM,CAAC;IACpD,WAAW,CAAC,EAAE;QACZ,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,YAAY,CAAC,EAAE,OAAO,CAAC;QACvB,eAAe,CAAC,EAAE,OAAO,CAAC;QAC1B,cAAc,CAAC,EAAE,OAAO,CAAC;QACzB,aAAa,CAAC,EAAE,OAAO,CAAC;QACxB;;;;WAIG;QACH,SAAS,CAAC,EAAE,MAAM,GAAG,UAAU,GAAG,aAAa,CAAC;QAChD,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,oBAAoB,CAAC,EAAE,OAAO,CAAC;QAC/B,iBAAiB,CAAC,EAAE,MAAM,CAAC;QAC3B,0BAA0B,CAAC,EAAE,OAAO,CAAC;QACrC,gBAAgB,CAAC,EAAE,OAAO,CAAC;QAC3B,0BAA0B,CAAC,EAAE,OAAO,CAAC;KACtC,CAAC;IACF,KAAK,CAAC,EAAE;QACN,EAAE,CAAC,EAAE;YACH,WAAW,EAAE,MAAM,CAAC;SACrB,CAAC;QACF,gBAAgB,CAAC,EAAE,MAAM,CAAC;QAC1B,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;KACxB,CAAC;CACH;AAED,MAAM,MAAM,YAAY,GACpB,SAAS,GACT,YAAY,GACZ,UAAU,GACV,WAAW,GACX,OAAO,GACP,OAAO,GACP,UAAU,CAAC;AAEf,MAAM,WAAW,YAAY;IAC3B,QAAQ,EAAE,YAAY,CAAC;IACvB;;;;;;;;;OASG;IACH,IAAI,EAAE,MAAM,GAAG,UAAU,GAAG,aAAa,CAAC;IAC1C,UAAU,EAAE,OAAO,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;CACtB;AAED;;;GAGG;AACH,wBAAgB,6BAA6B,CAC3C,WAAW,EAAE,MAAM,EACnB,QAAQ,EAAE,YAAY,GACrB,MAAM,CAKR;AAED,eAAO,MAAM,gBAAgB,EAAE,MAAM,CAAC,YAAY,EAAE,MAAM,CAQzD,CAAC;AAEF;;;;;;;GAOG;AACH,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,KAAK,CACV;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,GAC9B;QACE,IAAI,EAAE,eAAe,CAAC;QACtB,GAAG,EAAE,MAAM,CAAC;QACZ,IAAI,EAAE,MAAM,CAAC;QACb,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;KACnB,GACD;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,CAAC,EAAE,MAAM,CAAC;QAAC,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAA;KAAE,CAC1D,CAAC;IACF,iBAAiB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC5C,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB;;;;;;;;;;;OAWG;IACH,KAAK,CAAC,EAAE;QACN,aAAa,CAAC,EAAE,YAAY,CAAC;QAC7B,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;QACnB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;KACxB,CAAC;CACH;AAED;;;;;GAKG;AACH,MAAM,WAAW,mBAAmB;IAClC,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,MAAM,YAAY,GAAG,CACzB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EACzB,GAAG,CAAC,EAAE,mBAAmB,KACtB,OAAO,CAAC,GAAG,CAAC,CAAC;AAElB;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,iBAAS,mBAAmB,CAC1B,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GACxB,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAkCzB;AAED,eAAO,MAAM,SAAS;;CAA0B,CAAC;AAEjD,qBAAa,YAAY;IACvB,OAAO,CAAC,KAAK,CAOX;IACF,OAAO,CAAC,IAAI,CAAoB;IAChC,OAAO,CAAC,MAAM,CAAC,CAAe;IAC9B,OAAO,CAAC,oBAAoB,CAAC,CAA2B;IACxD,OAAO,CAAC,eAAe,CAAC,CAAa;IACrC,OAAO,CAAC,WAAW,CAAC,CAAiB;IACrC,OAAO,CAAC,aAAa,CAAgB;gBAGnC,IAAI,EAAE,UAAU,GAAG,IAAI,EACvB,MAAM,CAAC,EAAE,YAAY,EACrB,oBAAoB,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,IAAI,EAC/C,aAAa,CAAC,EAAE,aAAa,EAC7B,eAAe,CAAC,EAAE,MAAM,IAAI;IAc9B,cAAc,CAAC,MAAM,EAAE,cAAc,GAAG,IAAI;IAI5C,gBAAgB,CAAC,OAAO,EAAE,aAAa,GAAG,IAAI;IAI9C;;;;;;;;;OASG;IACH,OAAO,CAAC,iBAAiB;IAazB;;OAEG;IACH,OAAO,CAAC,gBAAgB;IA4cxB;;;;;;OAMG;IACH,WAAW,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS;IAI3C;;;;OAIG;IACH,SAAS,IAAI,cAAc,EAAE;IAyI7B;;;;;;;;OAQG;IACH,OAAO,CAAC,yBAAyB;IAiEjC;;OAEG;YACW,uBAAuB;IAgOrC;;;OAGG;IACH,OAAO,CAAC,cAAc;IAItB;;;;;;;;;;OAUG;IACH,OAAO,CAAC,kBAAkB;IAY1B;;;;;;;;;;;;;;;;OAgBG;IACH,OAAO,CAAC,kBAAkB,CAqDxB;IAEF;;;;;;;;;;;;;;;;OAgBG;IACH,OAAO,CAAC,iBAAiB;IAuBzB;;;;;;OAMG;YACW,kBAAkB;IA6BhC;;;;;;OAMG;IACG,WAAW,CACf,IAAI,EAAE,MAAM,EACZ,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EACzB,GAAG,CAAC,EAAE,mBAAmB,GACxB,OAAO,CAAC,GAAG,CAAC;CA0OhB"}
|