npm - @wootsup/mcp - Versions diffs - 0.1.0-rc.9 → 0.3.0 - Mend

@wootsup/mcp 0.1.0-rc.9 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (240) hide show

package/CHANGELOG.md +148 -83
package/README.md +36 -32
package/SECURITY.md +15 -6
package/dist/auth/keychain.d.ts +27 -1
package/dist/auth/keychain.js +48 -2
package/dist/auth/keychain.js.map +1 -1
package/dist/cli-hint.d.ts +22 -0
package/dist/cli-hint.js +55 -0
package/dist/cli-hint.js.map +1 -0
package/dist/index.d.ts +19 -0
package/dist/index.js +163 -22
package/dist/index.js.map +1 -1
package/dist/install-skill.js +1 -1
package/dist/modules/apimapper/cache.d.ts +2 -2
package/dist/modules/apimapper/cache.js +119 -29
package/dist/modules/apimapper/cache.js.map +1 -1
package/dist/modules/apimapper/client.d.ts +102 -1
package/dist/modules/apimapper/client.js +631 -297
package/dist/modules/apimapper/client.js.map +1 -1
package/dist/modules/apimapper/connections-format.d.ts +51 -0
package/dist/modules/apimapper/connections-format.js +261 -0
package/dist/modules/apimapper/connections-format.js.map +1 -0
package/dist/modules/apimapper/connections-trim.d.ts +82 -0
package/dist/modules/apimapper/connections-trim.js +224 -0
package/dist/modules/apimapper/connections-trim.js.map +1 -0
package/dist/modules/apimapper/connections.d.ts +14 -2
package/dist/modules/apimapper/connections.js +612 -153
package/dist/modules/apimapper/connections.js.map +1 -1
package/dist/modules/apimapper/credential-sanitizer.d.ts +5 -0
package/dist/modules/apimapper/credential-sanitizer.js +60 -1
package/dist/modules/apimapper/credential-sanitizer.js.map +1 -1
package/dist/modules/apimapper/credentials-format.d.ts +21 -0
package/dist/modules/apimapper/credentials-format.js +145 -0
package/dist/modules/apimapper/credentials-format.js.map +1 -0
package/dist/modules/apimapper/credentials.d.ts +12 -2
package/dist/modules/apimapper/credentials.js +226 -73
package/dist/modules/apimapper/credentials.js.map +1 -1
package/dist/modules/apimapper/diagnose.d.ts +54 -2
package/dist/modules/apimapper/diagnose.js +213 -12
package/dist/modules/apimapper/diagnose.js.map +1 -1
package/dist/modules/apimapper/elicitation.d.ts +54 -0
package/dist/modules/apimapper/elicitation.js +90 -0
package/dist/modules/apimapper/elicitation.js.map +1 -0
package/dist/modules/apimapper/flows-format.d.ts +50 -0
package/dist/modules/apimapper/flows-format.js +318 -0
package/dist/modules/apimapper/flows-format.js.map +1 -0
package/dist/modules/apimapper/flows.d.ts +13 -2
package/dist/modules/apimapper/flows.js +312 -122
package/dist/modules/apimapper/flows.js.map +1 -1
package/dist/modules/apimapper/gateway/advanced-tool.d.ts +9 -0
package/dist/modules/apimapper/gateway/advanced-tool.js +265 -0
package/dist/modules/apimapper/gateway/advanced-tool.js.map +1 -0
package/dist/modules/apimapper/gateway/capturing-server.d.ts +81 -0
package/dist/modules/apimapper/gateway/capturing-server.js +87 -0
package/dist/modules/apimapper/gateway/capturing-server.js.map +1 -0
package/dist/modules/apimapper/gateway/essentials.d.ts +4 -0
package/dist/modules/apimapper/gateway/essentials.js +35 -0
package/dist/modules/apimapper/gateway/essentials.js.map +1 -0
package/dist/modules/apimapper/gateway/test-support.d.ts +17 -0
package/dist/modules/apimapper/gateway/test-support.js +43 -0
package/dist/modules/apimapper/gateway/test-support.js.map +1 -0
package/dist/modules/apimapper/get-skill.d.ts +3 -3
package/dist/modules/apimapper/get-skill.js +47 -7
package/dist/modules/apimapper/get-skill.js.map +1 -1
package/dist/modules/apimapper/graph-builder.js +1 -1
package/dist/modules/apimapper/graph-builder.js.map +1 -1
package/dist/modules/apimapper/graph.d.ts +2 -2
package/dist/modules/apimapper/graph.js +170 -35
package/dist/modules/apimapper/graph.js.map +1 -1
package/dist/modules/apimapper/index.d.ts +17 -1
package/dist/modules/apimapper/index.js +68 -17
package/dist/modules/apimapper/index.js.map +1 -1
package/dist/modules/apimapper/inspect.d.ts +3 -2
package/dist/modules/apimapper/inspect.js +97 -13
package/dist/modules/apimapper/inspect.js.map +1 -1
package/dist/modules/apimapper/library.d.ts +2 -2
package/dist/modules/apimapper/library.js +665 -80
package/dist/modules/apimapper/library.js.map +1 -1
package/dist/modules/apimapper/license-format.d.ts +22 -0
package/dist/modules/apimapper/license-format.js +149 -0
package/dist/modules/apimapper/license-format.js.map +1 -0
package/dist/modules/apimapper/license.d.ts +16 -2
package/dist/modules/apimapper/license.js +62 -38
package/dist/modules/apimapper/license.js.map +1 -1
package/dist/modules/apimapper/local-sources.d.ts +2 -2
package/dist/modules/apimapper/local-sources.js +44 -30
package/dist/modules/apimapper/local-sources.js.map +1 -1
package/dist/modules/apimapper/misc.d.ts +30 -2
package/dist/modules/apimapper/misc.js +114 -49
package/dist/modules/apimapper/misc.js.map +1 -1
package/dist/modules/apimapper/node-schema.d.ts +52 -0
package/dist/modules/apimapper/node-schema.js +70 -2
package/dist/modules/apimapper/node-schema.js.map +1 -1
package/dist/modules/apimapper/normalizers.d.ts +1 -0
package/dist/modules/apimapper/normalizers.js +51 -0
package/dist/modules/apimapper/normalizers.js.map +1 -1
package/dist/modules/apimapper/onboarding.d.ts +78 -3
package/dist/modules/apimapper/onboarding.js +428 -26
package/dist/modules/apimapper/onboarding.js.map +1 -1
package/dist/modules/apimapper/read-cache.d.ts +31 -2
package/dist/modules/apimapper/read-cache.js +20 -6
package/dist/modules/apimapper/read-cache.js.map +1 -1
package/dist/modules/apimapper/render/_shared.d.ts +24 -0
package/dist/modules/apimapper/render/_shared.js +84 -0
package/dist/modules/apimapper/render/_shared.js.map +1 -0
package/dist/modules/apimapper/render/dag.d.ts +18 -0
package/dist/modules/apimapper/render/dag.js +70 -0
package/dist/modules/apimapper/render/dag.js.map +1 -0
package/dist/modules/apimapper/render/index.d.ts +2 -0
package/dist/modules/apimapper/render/index.js +112 -0
package/dist/modules/apimapper/render/index.js.map +1 -0
package/dist/modules/apimapper/render/renderers/chart-bar.d.ts +2 -0
package/dist/modules/apimapper/render/renderers/chart-bar.js +70 -0
package/dist/modules/apimapper/render/renderers/chart-bar.js.map +1 -0
package/dist/modules/apimapper/render/renderers/chart-line.d.ts +2 -0
package/dist/modules/apimapper/render/renderers/chart-line.js +71 -0
package/dist/modules/apimapper/render/renderers/chart-line.js.map +1 -0
package/dist/modules/apimapper/render/renderers/diff.d.ts +2 -0
package/dist/modules/apimapper/render/renderers/diff.js +154 -0
package/dist/modules/apimapper/render/renderers/diff.js.map +1 -0
package/dist/modules/apimapper/render/renderers/flow-diagram.d.ts +1 -0
package/dist/modules/apimapper/render/renderers/flow-diagram.js +180 -0
package/dist/modules/apimapper/render/renderers/flow-diagram.js.map +1 -0
package/dist/modules/apimapper/render/renderers/json-tree.d.ts +2 -0
package/dist/modules/apimapper/render/renderers/json-tree.js +87 -0
package/dist/modules/apimapper/render/renderers/json-tree.js.map +1 -0
package/dist/modules/apimapper/render/renderers/schema-diagram.d.ts +2 -0
package/dist/modules/apimapper/render/renderers/schema-diagram.js +83 -0
package/dist/modules/apimapper/render/renderers/schema-diagram.js.map +1 -0
package/dist/modules/apimapper/render/renderers/table.d.ts +2 -0
package/dist/modules/apimapper/render/renderers/table.js +75 -0
package/dist/modules/apimapper/render/renderers/table.js.map +1 -0
package/dist/modules/apimapper/render/schemas.d.ts +23 -0
package/dist/modules/apimapper/render/schemas.js +56 -0
package/dist/modules/apimapper/render/schemas.js.map +1 -0
package/dist/modules/apimapper/render/secret-masking.d.ts +5 -0
package/dist/modules/apimapper/render/secret-masking.js +51 -0
package/dist/modules/apimapper/render/secret-masking.js.map +1 -0
package/dist/modules/apimapper/render/sidecar.d.ts +21 -0
package/dist/modules/apimapper/render/sidecar.js +66 -0
package/dist/modules/apimapper/render/sidecar.js.map +1 -0
package/dist/modules/apimapper/render/token-cap.d.ts +21 -0
package/dist/modules/apimapper/render/token-cap.js +57 -0
package/dist/modules/apimapper/render/token-cap.js.map +1 -0
package/dist/modules/apimapper/schema.d.ts +2 -2
package/dist/modules/apimapper/schema.js +92 -33
package/dist/modules/apimapper/schema.js.map +1 -1
package/dist/modules/apimapper/settings-format.d.ts +23 -0
package/dist/modules/apimapper/settings-format.js +135 -0
package/dist/modules/apimapper/settings-format.js.map +1 -0
package/dist/modules/apimapper/settings.d.ts +2 -2
package/dist/modules/apimapper/settings.js +100 -42
package/dist/modules/apimapper/settings.js.map +1 -1
package/dist/modules/apimapper/sites-tools.d.ts +29 -0
package/dist/modules/apimapper/sites-tools.js +165 -0
package/dist/modules/apimapper/sites-tools.js.map +1 -0
package/dist/modules/apimapper/skill-resources.d.ts +2 -2
package/dist/modules/apimapper/skill-resources.js.map +1 -1
package/dist/modules/apimapper/token-baseline.harness.d.ts +91 -0
package/dist/modules/apimapper/token-baseline.harness.js +291 -0
package/dist/modules/apimapper/token-baseline.harness.js.map +1 -0
package/dist/modules/apimapper/tool-result.d.ts +46 -0
package/dist/modules/apimapper/tool-result.js +63 -0
package/dist/modules/apimapper/tool-result.js.map +1 -0
package/dist/modules/apimapper/toolslist-size.d.ts +56 -0
package/dist/modules/apimapper/toolslist-size.js +192 -0
package/dist/modules/apimapper/toolslist-size.js.map +1 -0
package/dist/modules/apimapper/types.d.ts +44 -8
package/dist/modules/apimapper/types.js +26 -1
package/dist/modules/apimapper/types.js.map +1 -1
package/dist/modules/apimapper/use-profile.d.ts +21 -0
package/dist/modules/apimapper/use-profile.js +56 -2
package/dist/modules/apimapper/use-profile.js.map +1 -1
package/dist/modules/apimapper/whitelist-drift.d.ts +85 -0
package/dist/modules/apimapper/whitelist-drift.js +360 -0
package/dist/modules/apimapper/whitelist-drift.js.map +1 -0
package/dist/modules/apimapper/workflows.d.ts +2 -2
package/dist/modules/apimapper/workflows.js +202 -20
package/dist/modules/apimapper/workflows.js.map +1 -1
package/dist/modules/apimapper/yootheme-binding.d.ts +35 -0
package/dist/modules/apimapper/yootheme-binding.js +186 -0
package/dist/modules/apimapper/yootheme-binding.js.map +1 -0
package/dist/platform/index.d.ts +56 -0
package/dist/platform/index.js +195 -7
package/dist/platform/index.js.map +1 -1
package/dist/setup/detect-clients.d.ts +40 -1
package/dist/setup/detect-clients.js +148 -1
package/dist/setup/detect-clients.js.map +1 -1
package/dist/setup/probe-handshake.js +40 -7
package/dist/setup/probe-handshake.js.map +1 -1
package/dist/setup/remove-config.d.ts +8 -0
package/dist/setup/remove-config.js +145 -0
package/dist/setup/remove-config.js.map +1 -0
package/dist/setup/uninstall.d.ts +34 -0
package/dist/setup/uninstall.js +147 -0
package/dist/setup/uninstall.js.map +1 -0
package/dist/setup-cli.d.ts +60 -0
package/dist/setup-cli.js +155 -5
package/dist/setup-cli.js.map +1 -1
package/dist/sites/loader.d.ts +41 -0
package/dist/sites/loader.js +119 -0
package/dist/sites/loader.js.map +1 -0
package/dist/sites/schema.d.ts +69 -0
package/dist/sites/schema.js +71 -0
package/dist/sites/schema.js.map +1 -0
package/dist/sites/secret-resolver.d.ts +47 -0
package/dist/sites/secret-resolver.js +150 -0
package/dist/sites/secret-resolver.js.map +1 -0
package/dist/skill-instructions.d.ts +1 -1
package/dist/skill-instructions.js +5 -0
package/dist/skill-instructions.js.map +1 -1
package/dist/transports/stdio.js +4 -4
package/dist/transports/stdio.js.map +1 -1
package/dist/uninstall-skill.d.ts +27 -0
package/dist/uninstall-skill.js +89 -0
package/dist/uninstall-skill.js.map +1 -0
package/docs/architecture.md +22 -22
package/docs/customgraph-internal-migration.md +4 -4
package/docs/security.md +2 -21
package/docs/tools.md +40 -12
package/manifest.json +77 -70
package/package.json +68 -60
package/skills/apimapper/SKILL.md +53 -7
package/skills/apimapper/reference/conditional-style-multi-items.md +114 -0
package/skills/apimapper/reference/jmespath-pitfalls.md +108 -0
package/skills/apimapper/reference/joomla.md +1 -1
package/skills/apimapper/reference/library-template-discovery.md +65 -0
package/skills/apimapper/reference/merge-two-sources-on-key.md +99 -0
package/skills/apimapper/reference/render.md +132 -0
package/skills/apimapper/reference/troubleshooting.md +21 -1
package/skills/apimapper/reference/yootheme.md +1 -1
package/dist/auth/oauth-provider.d.ts +0 -68
package/dist/auth/oauth-provider.js +0 -232
package/dist/auth/oauth-provider.js.map +0 -1
package/dist/server-http.d.ts +0 -22
package/dist/server-http.js +0 -159
package/dist/server-http.js.map +0 -1
package/dist/transports/http.d.ts +0 -29
package/dist/transports/http.js +0 -267
package/dist/transports/http.js.map +0 -1

package/skills/apimapper/reference/library-template-discovery.md ADDED Viewed

@@ -0,0 +1,65 @@
+# Library template discovery
+Inspect a library template's contract BEFORE you activate it, so the connection
+lands fully configured the first time.
+## Why this matters
+The library is the mandatory first stop for any new API (see the library-first
+guard below). But before you call `apimapper_library_activate`, you want to know
+what the template actually declares: which base URL and endpoints it ships, which
+auth scheme it needs, and which placeholder values (`extra_fields`) you must pass.
+Activating blind is the single most common cause of an empty source that is hard
+to debug from downstream tool calls.
+## The discovery sequence
+```
+apimapper_library_featured({})                       # 1. the curated short-list
+apimapper_library_list({ query: '<api-name>' })      # 2. search the full catalog by name
+apimapper_library_connection_detail({ id: '<id>' })  # 3. read the template's full contract
+apimapper_credential_list({})                        # 4. find a matching credential (auth-protected templates)
+apimapper_library_activate({ id, credential_id, extra_fields })  # 5. activate, fully configured
+```
+Steps 1-2 are routed first-class; step 3 routes through the gateway:
+`apimapper_advanced({ tool: 'apimapper_library_connection_detail', arguments: { id } })`.
+## What `library_connection_detail` tells you
+Read these fields off the returned template before activating:
+| Field | What to do with it |
+|-------|--------------------|
+| `base_url` | The upstream host. Confirms which API the template targets. |
+| `endpoints` | The named requests the template ships (list/detail/search). The activated connection exposes these. |
+| `auth` scheme | `none`, `bearer`, `api_key`, or `oauth`. Tells you whether step 4 (credential) is required. |
+| `extra_fields` | The placeholder values YOU must supply at activation time (e.g. `spreadsheet_id` for Google Sheets, `api_key` for Pexels). Required `extra_fields` left unset land a broken connection. |
+## Then activate, not create
+Once you have read the contract:
+- **Auth-protected template** (Google Sheets, Notion, Airtable, Pexels,
+  OpenWeatherMap, Calendly, GitHub, ...): call `apimapper_credential_list({})`
+  first, then pass the right `credential_id` explicitly to `library_activate`.
+  The activation auto-links a credential only when exactly ONE matching one
+  exists for the provider; otherwise it returns a structured
+  `credential_required` / `credential_ambiguous` error listing the candidates.
+- Pass any required `extra_fields` the template declared in step 3.
+## The library-first guard (why you discover instead of hand-rolling)
+`apimapper_connection_create` is the fallback for niche or unknown APIs ONLY. The
+server enforces this: a custom `connection_create` whose endpoint host is covered
+by a curated template is rejected with HTTP 409 `error_code:
+library_template_available`. The error names the template and the exact
+`apimapper_library_activate({ id })` call to run instead, with a structured
+`library_suggestion`. Always inspect-then-activate before reaching for a custom
+connection.
+## Cross-references
+- `apimapper_get_skill({ topic: 'getting-started' })` — Step 1 (mandatory): check the library first.
+- `apimapper_get_skill({ topic: 'oauth' })` — wiring OAuth-protected templates.
+- `apimapper_library_connection_detail` — the tool this topic is about.

package/skills/apimapper/reference/merge-two-sources-on-key.md ADDED Viewed

@@ -0,0 +1,99 @@
+# Merge two sources on a shared key
+Join items from two sources on a shared key, optionally filter the join, surface the result as one Source for YOOtheme.
+## When to use
+- You have two APIs whose rows belong together but live behind separate endpoints (orders + customers, Calendly slots + Sheet schedule, GitHub issues + sprint planning).
+- The keys you want to join on either (a) are already string-equal, or (b) need a small Transform to be made comparable (e.g. ISO datetime → weekday name).
+## The canonical recipe
+```
+Source-A  ─┐
+            ├─►  Merge (mode: join, key: <field>)  ─►  Filter  ─►  Output
+Source-B  ─┘
+```
+1. Drag both Source nodes onto the canvas, wire them up.
+2. Drag a Merge node between them. Set:
+   - `mode: join` — emit one row per Source-A item, with Source-B fields nested under `b`.
+   - `key`: the field name present on BOTH sides (e.g. `weekday`).
+3. (Optional) drag a Filter node after Merge — typical predicate uses both A- and B-side fields.
+4. Wire to Output (YOOtheme Source) and Publish.
+## When the keys aren't string-equal — date-primitive bridging
+This is the case Cold-AI #5 walk-through hit: Calendly emits `start_time` as ISO-UTC (`"2026-06-04T09:00:00+00:00"`), but the customer's Sheet schedule is keyed on weekday names (`"Wednesday"`). The keys aren't comparable as-is.
+**Fix:** insert a Transform node BEFORE Merge on the Calendly side that derives a Sheet-compatible key.
+### Maria's flow (Calendly + Google Sheet schedule)
+```
+Calendly available_times  ─► Transform (project day+local_time) ─┐
+                                                                  ├─► Merge (key: day)  ─► Filter ─► Output
+Google Sheet schedule      ──────────────────────────────────────┘
+```
+#### Step 1 — Transform on the Calendly side
+```
+[].{
+  day: date_weekday(start_time, 'Europe/Berlin'),
+  local_time: date_iso_to_time(start_time, 'Europe/Berlin'),
+  start_time: start_time
+}
+```
+Each Calendly row now carries:
+| field | value |
+|-------|-------|
+| `day` | `"Wednesday"` — Sheet-comparable |
+| `local_time` | `"09:00"` — comparable to Sheet's `open`/`close` |
+| `start_time` | original ISO datetime (preserved for downstream rendering) |
+#### Step 2 — Merge on `day`
+Merge mode `join`, key `day`. Sheet row arrives as `b` on each Calendly row:
+```json
+{
+  "day": "Wednesday",
+  "local_time": "09:00",
+  "start_time": "2026-06-03T07:00:00+00:00",
+  "b": { "weekday": "Wednesday", "open": "09:00", "close": "17:00" }
+}
+```
+#### Step 3 — Filter to slots inside business hours
+```
+[?time_in_window(local_time, b.open, b.close)]
+```
+`time_in_window` is left-closed, right-open ([from, to)) — a 17:00 close-time does NOT include a 17:00 slot. Cross-midnight windows (e.g. bar `22:00..02:00`) are also handled.
+#### Step 4 — Output
+Wire to a YOOtheme Output. Slots that survive Steps 1-3 become the rows of a YOOtheme Source named e.g. `BookableSlots`.
+## Other date-bridge patterns
+| Customer scenario | Source-A key | Source-B key | Bridge |
+|-------------------|--------------|--------------|--------|
+| HubSpot meetings ↔ office-hours | ISO datetime | weekday name | `date_weekday(@.start, tz)` |
+| Stripe invoices ↔ month-rollup | ISO datetime | `"YYYY-MM"` | `substring(date_iso_to_date(@.created, tz), 0, 7)` |
+| GitHub issues ↔ daily-standup notes | ISO datetime | `"YYYY-MM-DD"` | `date_iso_to_date(@.updated_at, tz)` |
+## Pitfalls
+- **Timezone matters.** A slot at `2026-06-04T23:30:00Z` is Wednesday in UTC but Thursday in Berlin. Always supply the second `tz` arg matching the customer's business timezone.
+- **`null` rows propagate.** A Calendly row with a malformed `start_time` projects to `{day: null, local_time: null, start_time: <bad>}`. The Merge will silently emit it under a `null` key — pre-filter with `[?day]` if you need to drop them.
+- **Depth limit.** Don't try to do the whole projection + merge + filter inside ONE expression. JMESPath caps depth at 10. Two transform nodes piped is cleaner and stays under the limit.
+## See also
+- `jmespath-pitfalls` — full pitfall catalogue + date-primitive function reference.
+- `yootheme` — how the published Source appears in YOOtheme Builder.

package/skills/apimapper/reference/render.md ADDED Viewed

@@ -0,0 +1,132 @@
+# Render
+`apimapper_render` delivers a ready-to-display text visualization of API Mapper data — tables, charts, diagrams, trees, and diffs. It is a pure function: deterministic, no network, no side-effects. The returned text is ready to show the user as-is in any MCP client, and you are free to enrich it however your client allows (artifacts, inline images, diagram-markdown, charts — whatever renders best).
+## The two-step pattern
+`apimapper_render` does not fetch data. The pattern is always: fetch with the matching source tool, then pass that result as `data`.
+```
+apimapper_render({ type, data, options? })
+```
+| Field | Shape | Notes |
+|-------|-------|-------|
+| `type` | one of the 7 viz-types below | required |
+| `data` | shape depends on `type` | required |
+| `options` | object — see Options | optional |
+## The 7 viz-types
+Each type expects a specific `data` shape and pairs with a prerequisite source tool.
+### `table`
+Renders an array of objects as an aligned text table.
+- **`data`**: an array of objects — `[{ ... }, { ... }]`.
+- **Fetch with**: `apimapper_connection_data` (live REST rows) or `apimapper_graph_preview` (rows after a pipeline runs) or `apimapper_flow_trace` (per-node row samples).
+```
+const rows = apimapper_connection_data({ connection_id: "conn_xyz" });
+apimapper_render({ type: "table", data: rows });
+```
+### `chart-bar`
+Renders a horizontal bar chart.
+- **`data`**: `{ labels: string[], values: number[] }` — `labels` and `values` are equal length.
+- **Fetch with**: any tool that yields parallel label/value arrays — typically derived from `apimapper_connection_data` or `apimapper_graph_preview` rows.
+### `chart-line`
+Renders a line chart (sparkline-style trend).
+- **`data`**: `{ labels: string[], values: number[] }` — equal length, same shape as `chart-bar`.
+- **Fetch with**: time-series or sequential numeric data from `apimapper_connection_data` / `apimapper_graph_preview`.
+### `schema-diagram`
+Renders a source's field structure as a typed schema diagram.
+- **`data`**: a schema profile carrying a `fields[]` array.
+- **Fetch with**: `apimapper_schema_profile` — pass its result straight through.
+```
+const profile = apimapper_schema_profile({ connection_id: "conn_xyz" });
+apimapper_render({ type: "schema-diagram", data: profile });
+```
+### `flow-diagram`
+Renders a flow's node/edge graph as an ASCII pipeline diagram (Source → Filter → Transform → Output).
+- **`data`**: a flow object carrying `nodes[]` and `edges[]`.
+- **Fetch with**: `apimapper_flow_get` — pass the returned flow object.
+```
+const flow = apimapper_flow_get({ flow_id: "flow_abc" });
+apimapper_render({ type: "flow-diagram", data: flow });
+```
+### `json-tree`
+Renders any JSON value as an indented tree, with a depth cap.
+- **`data`**: any JSON value — object, array, or primitive.
+- **Fetch with**: any tool. Pass the fetched payload directly; this is the catch-all for inspecting an unfamiliar response shape.
+### `diff`
+Renders a side-by-side comparison of two datasets.
+- **`data`**: `{ old: ..., new: ... }` — both halves are JSON values of any shape.
+- **Fetch with**: fetch both datasets first, e.g. two `apimapper_schema_profile` calls to compare a source's schema before and after an upstream change.
+## Options
+`options` tunes the output per render. Every field is optional with a sensible default.
+| Option | Applies to | Default | Effect |
+|--------|-----------|---------|--------|
+| `title` | all types | none | Title shown above the visualization (max 200 chars) |
+| `max_rows` | `table`, `json-tree` | 50 | Caps rows/items rendered (1–500) |
+| `columns` | `table` | auto-detect | Field whitelist — render only these columns |
+| `depth` | `json-tree` | 3 | Depth cap for nested structures (1–8) |
+| `mask_secrets` | `diff` | true | Masks values for sensitive field names |
+```
+apimapper_render({
+  type: "table",
+  data: rows,
+  options: { title: "Marketing OKRs", max_rows: 20, columns: ["title", "status"] }
+})
+```
+## The `_visualization` sidecar
+Flow-mutation tools attach a flow diagram automatically — there is no separate call to make.
+`apimapper_flow_create`, `apimapper_flow_update`, and `apimapper_graph_validate` each include a `_visualization` field in their response:
+```
+_visualization: {
+  diagram: "<ready-to-show ASCII flow diagram>",
+  display_hint: "Show this flow diagram to the user."
+}
+```
+The `diagram` is a ready-to-show ASCII preview of the flow you just created or validated — surface it to the user directly. For flows larger than the inline preview, call `apimapper_render({ type: "flow-diagram", data: flow })` for the complete diagram.
+The sidecar is opt-out via the `APIMAPPER_AUTO_VISUALIZE_FLOWS="false"` environment variable; it is on by default.
+## Common pairings
+| Goal | Sequence |
+|------|----------|
+| Show live connection rows | `apimapper_connection_data` → `apimapper_render` type `table` |
+| Show a flow's pipeline shape | `apimapper_flow_get` → `apimapper_render` type `flow-diagram` |
+| Show a source's field structure | `apimapper_schema_profile` → `apimapper_render` type `schema-diagram` |
+| Inspect an unfamiliar response | any fetch → `apimapper_render` type `json-tree` |
+| Compare schema before/after | two `apimapper_schema_profile` calls → `apimapper_render` type `diff` |

package/skills/apimapper/reference/troubleshooting.md CHANGED Viewed

@@ -79,6 +79,26 @@ If `apimapper_diagnose` is unavailable in your version, run the manual checks be
 ### "Source not appearing in YOOtheme Builder"
 - Flow is saved but not **published**. See `skill://apimapper/yootheme` step 4.
+### "YOOtheme Builder source list missing newly-published flow"
+Symptom: A flow was just published with `apimapper_flow_full_recompile_publish`, but
+YOOtheme Builder's source dropdown (or `yootheme_builder_sources_list` from the
+sibling MCP) doesn't show it. The schema cache went stale.
+Fix (one of):
+- `apimapper_cache_invalidate({ scope: "yootheme.schema" })` — explicit flush of the
+  YOOtheme GraphQL schema cache files (`schema-*.{php,gql,error.gql}`). Direct-file
+  surface, bypasses the InvalidationBus.
+- `apimapper_flow_full_recompile_publish({ id: ..., autofix: true })` — re-publish
+  with autofix. Since 2.0.8 (Wave-12 F8) this clears the schema-`.php`/`.gql`/`.error.gql`
+  triplets correctly.
+Root cause was a glob-pattern gap in `YOOthemeSchemaCacheBuster` pre-2.0.8 — the
+`.gql` file was the source-of-truth for YT's `LoadSourceSchema::handle()`, but only
+`.php` files were unlinked. The `yootheme.schema` scope is the manual escape hatch
+for customers still on cached state from before the fix landed.
 ### "Source shows but fields are empty"
 - Field-name case mismatch. YOOtheme expects lowercase keys.
 - Fix: Transform projection should lowercase: `[*].{title: name, image: cover_url}`.
@@ -120,4 +140,4 @@ ssh deploy@dev.wootsup.com "tail -200 /var/www/dev.wootsup.com/joomla/administra
 `apimapper_diagnose` first. If still stuck:
 1. Capture the full request + response (use the tool's `raw=true` flag where available).
 2. Note the platform, version (`apimapper_health`), license tier.
-3. Open a support ticket at `docs.wootsup.com/support` with that bundle.
+3. Open a support ticket at `wootsup.com/contact/` with that bundle.

package/skills/apimapper/reference/yootheme.md CHANGED Viewed

@@ -81,7 +81,7 @@ Same flow can ALSO emit a Shortcode output (`output_type="shortcode"`). Use this
 - Using outside YOOtheme (page builders, plugins)
 - Quick previews in admin
-Shortcode currently supports a subset of the YOOtheme render-time features. Document at `docs.wootsup.com/mcp/yootheme/shortcode`.
+Shortcode currently supports a subset of the YOOtheme render-time features. See `https://wootsup.com/docs/mcp/api-mapper/` (the shortcode subpage will land in a later release).
 ## Common pitfalls

package/dist/auth/oauth-provider.d.ts DELETED Viewed

@@ -1,68 +0,0 @@
-export interface OAuthClientRegistration {
-    client_id: string;
-    client_id_issued_at: number;
-    redirect_uris: string[];
-    client_name?: string;
-    token_endpoint_auth_method: "none";
-    grant_types: ["authorization_code", "refresh_token"];
-    response_types: ["code"];
-}
-export interface IssueCodeArgs {
-    client_id: string;
-    redirect_uri: string;
-    code_challenge: string;
-    code_challenge_method: "S256" | "plain";
-    scope: string;
-    state?: string;
-}
-export interface ExchangeCodeArgs {
-    client_id: string;
-    code: string;
-    redirect_uri: string;
-    code_verifier: string;
-}
-export interface RefreshArgs {
-    client_id: string;
-    refresh_token: string;
-}
-export interface TokenResponse {
-    access_token: string;
-    token_type: "Bearer";
-    expires_in: number;
-    refresh_token: string;
-    scope: string;
-}
-export interface AccessTokenInfo {
-    client_id: string;
-    scope: string;
-    expires_at: number;
-}
-export interface OAuthProviderOptions {
-    /** Clock function returning unix seconds. Default: Date.now()/1000. */
-    now?: () => number;
-    /** Authorization code TTL (default 600s = 10 min). */
-    codeTtlSeconds?: number;
-    /** Access token TTL (default 86400s = 24 h). */
-    tokenTtlSeconds?: number;
-    /** Refresh token TTL (default 604800s = 7 d). */
-    refreshTtlSeconds?: number;
-}
-export interface OAuthProvider {
-    registerClient(args: {
-        redirect_uris: string[];
-        client_name?: string;
-    }): OAuthClientRegistration;
-    getClient(client_id: string): OAuthClientRegistration | null;
-    issueCode(args: IssueCodeArgs): string;
-    exchangeCode(args: ExchangeCodeArgs): TokenResponse;
-    refreshToken(args: RefreshArgs): TokenResponse;
-    verifyAccessToken(token: string): AccessTokenInfo | null;
-    sweep(): number;
-    stats(): {
-        clients: number;
-        codes: number;
-        tokens: number;
-        refreshes: number;
-    };
-}
-export declare function createOAuthProvider(options?: OAuthProviderOptions): OAuthProvider;

package/dist/auth/oauth-provider.js DELETED Viewed

@@ -1,232 +0,0 @@
-// src/auth/oauth-provider.ts — Phase 9.2.
-//
-// Minimal in-memory OAuth 2.0 Authorization-Code + PKCE + Dynamic Client
-// Registration (DCR) provider for the remote HTTP MCP transport.
-//
-// References:
-// - RFC 6749 (OAuth 2.0)
-// - RFC 7636 (PKCE)
-// - RFC 7591 (Dynamic Client Registration)
-// - workers-oauth-provider (Cloudflare reference, in-memory variant)
-//
-// Storage backend is process-local Maps with TTL-based expiry — the
-// hosted production service (mcp.wootsup.com) is expected to swap in a
-// persistent backend, but for unit/integration tests + the local DXT
-// bundle, in-memory is sufficient.
-//
-// Security notes:
-// - Tokens are 32 random bytes hex-encoded (no JWT — keeps the surface
-//   tiny and prevents misuse of unverified payloads).
-// - Authorization codes are 32 random bytes hex; single-use; bound to
-//   client_id + redirect_uri + code_challenge.
-// - PKCE S256 is REQUIRED; "plain" is rejected.
-// - On refresh, the old refresh token is invalidated (rotation).
-import { randomBytes, createHash, timingSafeEqual } from "node:crypto";
-// ── Helpers ────────────────────────────────────────────────────────────
-function randomId(prefix) {
-    return `${prefix}${randomBytes(12).toString("hex")}`;
-}
-function randomOpaque() {
-    return randomBytes(32).toString("hex");
-}
-/** Constant-time compare to thwart timing oracles on token / verifier lookups. */
-function safeEquals(a, b) {
-    const ba = Buffer.from(a);
-    const bb = Buffer.from(b);
-    if (ba.length !== bb.length)
-        return false;
-    return timingSafeEqual(ba, bb);
-}
-function s256(input) {
-    return createHash("sha256").update(input).digest("base64url");
-}
-// ── Factory ────────────────────────────────────────────────────────────
-export function createOAuthProvider(options = {}) {
-    const now = options.now ?? (() => Math.floor(Date.now() / 1000));
-    const codeTtl = options.codeTtlSeconds ?? 600;
-    const tokenTtl = options.tokenTtlSeconds ?? 86_400;
-    const refreshTtl = options.refreshTtlSeconds ?? 7 * 86_400;
-    const clients = new Map();
-    const codes = new Map();
-    const tokens = new Map();
-    const refreshes = new Map();
-    function registerClient(args) {
-        if (!Array.isArray(args.redirect_uris) || args.redirect_uris.length === 0) {
-            throw new Error("invalid_redirect_uri: at least one redirect_uri required");
-        }
-        for (const uri of args.redirect_uris) {
-            if (typeof uri !== "string" || uri.length === 0) {
-                throw new Error("invalid_redirect_uri");
-            }
-        }
-        const reg = {
-            client_id: randomId("cli_"),
-            client_id_issued_at: now(),
-            redirect_uris: [...args.redirect_uris],
-            client_name: args.client_name,
-            token_endpoint_auth_method: "none", // public client (mobile/native/AI)
-            grant_types: ["authorization_code", "refresh_token"],
-            response_types: ["code"],
-        };
-        clients.set(reg.client_id, reg);
-        return reg;
-    }
-    function getClient(client_id) {
-        return clients.get(client_id) ?? null;
-    }
-    function issueCode(args) {
-        const client = clients.get(args.client_id);
-        if (!client)
-            throw new Error("unknown_client");
-        if (!client.redirect_uris.includes(args.redirect_uri)) {
-            throw new Error("invalid_redirect_uri");
-        }
-        if (!args.code_challenge || typeof args.code_challenge !== "string") {
-            throw new Error("invalid_request: code_challenge required");
-        }
-        if (args.code_challenge_method !== "S256") {
-            // Reject "plain" — S256 is mandatory for safety.
-            throw new Error("invalid_request: code_challenge_method must be S256");
-        }
-        const code = randomId("code_");
-        codes.set(code, {
-            client_id: args.client_id,
-            redirect_uri: args.redirect_uri,
-            code_challenge: args.code_challenge,
-            code_challenge_method: args.code_challenge_method,
-            scope: args.scope,
-            expires_at: now() + codeTtl,
-            used: false,
-        });
-        return code;
-    }
-    function exchangeCode(args) {
-        const rec = codes.get(args.code);
-        if (!rec)
-            throw new Error("invalid_grant: code not found");
-        if (rec.used)
-            throw new Error("invalid_grant: code already used");
-        if (rec.expires_at < now())
-            throw new Error("invalid_grant: code expired");
-        if (rec.client_id !== args.client_id) {
-            throw new Error("invalid_grant: client_id mismatch");
-        }
-        if (rec.redirect_uri !== args.redirect_uri) {
-            throw new Error("invalid_grant: redirect_uri mismatch");
-        }
-        const challengeFromVerifier = s256(args.code_verifier);
-        if (!safeEquals(challengeFromVerifier, rec.code_challenge)) {
-            throw new Error("invalid_grant: code_verifier mismatch");
-        }
-        rec.used = true;
-        const accessToken = randomOpaque();
-        const refreshToken = randomOpaque();
-        tokens.set(accessToken, {
-            client_id: rec.client_id,
-            scope: rec.scope,
-            expires_at: now() + tokenTtl,
-        });
-        refreshes.set(refreshToken, {
-            client_id: rec.client_id,
-            scope: rec.scope,
-            expires_at: now() + refreshTtl,
-            revoked: false,
-        });
-        return {
-            access_token: accessToken,
-            refresh_token: refreshToken,
-            token_type: "Bearer",
-            expires_in: tokenTtl,
-            scope: rec.scope,
-        };
-    }
-    function refreshToken(args) {
-        const rec = refreshes.get(args.refresh_token);
-        if (!rec)
-            throw new Error("invalid_grant: refresh_token not found");
-        if (rec.revoked)
-            throw new Error("invalid_grant: refresh_token revoked");
-        if (rec.expires_at < now()) {
-            throw new Error("invalid_grant: refresh_token expired");
-        }
-        if (rec.client_id !== args.client_id) {
-            throw new Error("invalid_grant: client_id mismatch");
-        }
-        // Rotate: revoke the old refresh token, mint a new pair.
-        rec.revoked = true;
-        const accessToken = randomOpaque();
-        const newRefresh = randomOpaque();
-        tokens.set(accessToken, {
-            client_id: rec.client_id,
-            scope: rec.scope,
-            expires_at: now() + tokenTtl,
-        });
-        refreshes.set(newRefresh, {
-            client_id: rec.client_id,
-            scope: rec.scope,
-            expires_at: now() + refreshTtl,
-            revoked: false,
-        });
-        return {
-            access_token: accessToken,
-            refresh_token: newRefresh,
-            token_type: "Bearer",
-            expires_in: tokenTtl,
-            scope: rec.scope,
-        };
-    }
-    function verifyAccessToken(token) {
-        const rec = tokens.get(token);
-        if (!rec)
-            return null;
-        if (rec.expires_at < now())
-            return null;
-        return {
-            client_id: rec.client_id,
-            scope: rec.scope,
-            expires_at: rec.expires_at,
-        };
-    }
-    function sweep() {
-        const t = now();
-        let evicted = 0;
-        for (const [k, v] of codes) {
-            if (v.expires_at < t || v.used) {
-                codes.delete(k);
-                evicted++;
-            }
-        }
-        for (const [k, v] of tokens) {
-            if (v.expires_at < t) {
-                tokens.delete(k);
-                evicted++;
-            }
-        }
-        for (const [k, v] of refreshes) {
-            if (v.expires_at < t || v.revoked) {
-                refreshes.delete(k);
-                evicted++;
-            }
-        }
-        return evicted;
-    }
-    function stats() {
-        return {
-            clients: clients.size,
-            codes: codes.size,
-            tokens: tokens.size,
-            refreshes: refreshes.size,
-        };
-    }
-    return {
-        registerClient,
-        getClient,
-        issueCode,
-        exchangeCode,
-        refreshToken,
-        verifyAccessToken,
-        sweep,
-        stats,
-    };
-}
-//# sourceMappingURL=oauth-provider.js.map

package/dist/auth/oauth-provider.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"oauth-provider.js","sourceRoot":"","sources":["../../src/auth/oauth-provider.ts"],"names":[],"mappings":"AAAA,0CAA0C;AAC1C,EAAE;AACF,yEAAyE;AACzE,iEAAiE;AACjE,EAAE;AACF,cAAc;AACd,yBAAyB;AACzB,oBAAoB;AACpB,2CAA2C;AAC3C,qEAAqE;AACrE,EAAE;AACF,oEAAoE;AACpE,uEAAuE;AACvE,qEAAqE;AACrE,mCAAmC;AACnC,EAAE;AACF,kBAAkB;AAClB,uEAAuE;AACvE,sDAAsD;AACtD,sEAAsE;AACtE,+CAA+C;AAC/C,gDAAgD;AAChD,iEAAiE;AAEjE,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAmGvE,0EAA0E;AAE1E,SAAS,QAAQ,CAAC,MAAc;IAC9B,OAAO,GAAG,MAAM,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;AACvD,CAAC;AAED,SAAS,YAAY;IACnB,OAAO,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AACzC,CAAC;AAED,kFAAkF;AAClF,SAAS,UAAU,CAAC,CAAS,EAAE,CAAS;IACtC,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC1B,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC1B,IAAI,EAAE,CAAC,MAAM,KAAK,EAAE,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IAC1C,OAAO,eAAe,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;AACjC,CAAC;AAED,SAAS,IAAI,CAAC,KAAa;IACzB,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;AAChE,CAAC;AAED,0EAA0E;AAE1E,MAAM,UAAU,mBAAmB,CACjC,UAAgC,EAAE;IAElC,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC;IACjE,MAAM,OAAO,GAAG,OAAO,CAAC,cAAc,IAAI,GAAG,CAAC;IAC9C,MAAM,QAAQ,GAAG,OAAO,CAAC,eAAe,IAAI,MAAM,CAAC;IACnD,MAAM,UAAU,GAAG,OAAO,CAAC,iBAAiB,IAAI,CAAC,GAAG,MAAM,CAAC;IAE3D,MAAM,OAAO,GAAG,IAAI,GAAG,EAAmC,CAAC;IAC3D,MAAM,KAAK,GAAG,IAAI,GAAG,EAAsB,CAAC;IAC5C,MAAM,MAAM,GAAG,IAAI,GAAG,EAAuB,CAAC;IAC9C,MAAM,SAAS,GAAG,IAAI,GAAG,EAAyB,CAAC;IAEnD,SAAS,cAAc,CAAC,IAGvB;QACC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,aAAa,CAAC,IAAI,IAAI,CAAC,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC1E,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;QAC9E,CAAC;QACD,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;YACrC,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAChD,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;YAC1C,CAAC;QACH,CAAC;QACD,MAAM,GAAG,GAA4B;YACnC,SAAS,EAAE,QAAQ,CAAC,MAAM,CAAC;YAC3B,mBAAmB,EAAE,GAAG,EAAE;YAC1B,aAAa,EAAE,CAAC,GAAG,IAAI,CAAC,aAAa,CAAC;YACtC,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,0BAA0B,EAAE,MAAM,EAAE,mCAAmC;YACvE,WAAW,EAAE,CAAC,oBAAoB,EAAE,eAAe,CAAC;YACpD,cAAc,EAAE,CAAC,MAAM,CAAC;SACzB,CAAC;QACF,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC;QAChC,OAAO,GAAG,CAAC;IACb,CAAC;IAED,SAAS,SAAS,CAAC,SAAiB;QAClC,OAAO,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,IAAI,CAAC;IACxC,CAAC;IAED,SAAS,SAAS,CAAC,IAAmB;QACpC,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAC3C,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,KAAK,CAAC,gBAAgB,CAAC,CAAC;QAC/C,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC;YACtD,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;QAC1C,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,cAAc,IAAI,OAAO,IAAI,CAAC,cAAc,KAAK,QAAQ,EAAE,CAAC;YACpE,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;QAC9D,CAAC;QACD,IAAI,IAAI,CAAC,qBAAqB,KAAK,MAAM,EAAE,CAAC;YAC1C,iDAAiD;YACjD,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC,CAAC;QACzE,CAAC;QACD,MAAM,IAAI,GAAG,QAAQ,CAAC,OAAO,CAAC,CAAC;QAC/B,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE;YACd,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,YAAY,EAAE,IAAI,CAAC,YAAY;YAC/B,cAAc,EAAE,IAAI,CAAC,cAAc;YACnC,qBAAqB,EAAE,IAAI,CAAC,qBAAqB;YACjD,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,UAAU,EAAE,GAAG,EAAE,GAAG,OAAO;YAC3B,IAAI,EAAE,KAAK;SACZ,CAAC,CAAC;QACH,OAAO,IAAI,CAAC;IACd,CAAC;IAED,SAAS,YAAY,CAAC,IAAsB;QAC1C,MAAM,GAAG,GAAG,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACjC,IAAI,CAAC,GAAG;YAAE,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;QAC3D,IAAI,GAAG,CAAC,IAAI;YAAE,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;QAClE,IAAI,GAAG,CAAC,UAAU,GAAG,GAAG,EAAE;YAAE,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;QAC3E,IAAI,GAAG,CAAC,SAAS,KAAK,IAAI,CAAC,SAAS,EAAE,CAAC;YACrC,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;QACvD,CAAC;QACD,IAAI,GAAG,CAAC,YAAY,KAAK,IAAI,CAAC,YAAY,EAAE,CAAC;YAC3C,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;QAC1D,CAAC;QACD,MAAM,qBAAqB,GAAG,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QACvD,IAAI,CAAC,UAAU,CAAC,qBAAqB,EAAE,GAAG,CAAC,cAAc,CAAC,EAAE,CAAC;YAC3D,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;QAC3D,CAAC;QACD,GAAG,CAAC,IAAI,GAAG,IAAI,CAAC;QAEhB,MAAM,WAAW,GAAG,YAAY,EAAE,CAAC;QACnC,MAAM,YAAY,GAAG,YAAY,EAAE,CAAC;QACpC,MAAM,CAAC,GAAG,CAAC,WAAW,EAAE;YACtB,SAAS,EAAE,GAAG,CAAC,SAAS;YACxB,KAAK,EAAE,GAAG,CAAC,KAAK;YAChB,UAAU,EAAE,GAAG,EAAE,GAAG,QAAQ;SAC7B,CAAC,CAAC;QACH,SAAS,CAAC,GAAG,CAAC,YAAY,EAAE;YAC1B,SAAS,EAAE,GAAG,CAAC,SAAS;YACxB,KAAK,EAAE,GAAG,CAAC,KAAK;YAChB,UAAU,EAAE,GAAG,EAAE,GAAG,UAAU;YAC9B,OAAO,EAAE,KAAK;SACf,CAAC,CAAC;QAEH,OAAO;YACL,YAAY,EAAE,WAAW;YACzB,aAAa,EAAE,YAAY;YAC3B,UAAU,EAAE,QAAQ;YACpB,UAAU,EAAE,QAAQ;YACpB,KAAK,EAAE,GAAG,CAAC,KAAK;SACjB,CAAC;IACJ,CAAC;IAED,SAAS,YAAY,CAAC,IAAiB;QACrC,MAAM,GAAG,GAAG,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QAC9C,IAAI,CAAC,GAAG;YAAE,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;QACpE,IAAI,GAAG,CAAC,OAAO;YAAE,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;QACzE,IAAI,GAAG,CAAC,UAAU,GAAG,GAAG,EAAE,EAAE,CAAC;YAC3B,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;QAC1D,CAAC;QACD,IAAI,GAAG,CAAC,SAAS,KAAK,IAAI,CAAC,SAAS,EAAE,CAAC;YACrC,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;QACvD,CAAC;QACD,yDAAyD;QACzD,GAAG,CAAC,OAAO,GAAG,IAAI,CAAC;QAEnB,MAAM,WAAW,GAAG,YAAY,EAAE,CAAC;QACnC,MAAM,UAAU,GAAG,YAAY,EAAE,CAAC;QAClC,MAAM,CAAC,GAAG,CAAC,WAAW,EAAE;YACtB,SAAS,EAAE,GAAG,CAAC,SAAS;YACxB,KAAK,EAAE,GAAG,CAAC,KAAK;YAChB,UAAU,EAAE,GAAG,EAAE,GAAG,QAAQ;SAC7B,CAAC,CAAC;QACH,SAAS,CAAC,GAAG,CAAC,UAAU,EAAE;YACxB,SAAS,EAAE,GAAG,CAAC,SAAS;YACxB,KAAK,EAAE,GAAG,CAAC,KAAK;YAChB,UAAU,EAAE,GAAG,EAAE,GAAG,UAAU;YAC9B,OAAO,EAAE,KAAK;SACf,CAAC,CAAC;QACH,OAAO;YACL,YAAY,EAAE,WAAW;YACzB,aAAa,EAAE,UAAU;YACzB,UAAU,EAAE,QAAQ;YACpB,UAAU,EAAE,QAAQ;YACpB,KAAK,EAAE,GAAG,CAAC,KAAK;SACjB,CAAC;IACJ,CAAC;IAED,SAAS,iBAAiB,CAAC,KAAa;QACtC,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QAC9B,IAAI,CAAC,GAAG;YAAE,OAAO,IAAI,CAAC;QACtB,IAAI,GAAG,CAAC,UAAU,GAAG,GAAG,EAAE;YAAE,OAAO,IAAI,CAAC;QACxC,OAAO;YACL,SAAS,EAAE,GAAG,CAAC,SAAS;YACxB,KAAK,EAAE,GAAG,CAAC,KAAK;YAChB,UAAU,EAAE,GAAG,CAAC,UAAU;SAC3B,CAAC;IACJ,CAAC;IAED,SAAS,KAAK;QACZ,MAAM,CAAC,GAAG,GAAG,EAAE,CAAC;QAChB,IAAI,OAAO,GAAG,CAAC,CAAC;QAChB,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,KAAK,EAAE,CAAC;YAC3B,IAAI,CAAC,CAAC,UAAU,GAAG,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC;gBAC/B,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;gBAChB,OAAO,EAAE,CAAC;YACZ,CAAC;QACH,CAAC;QACD,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,EAAE,CAAC;YAC5B,IAAI,CAAC,CAAC,UAAU,GAAG,CAAC,EAAE,CAAC;gBACrB,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;gBACjB,OAAO,EAAE,CAAC;YACZ,CAAC;QACH,CAAC;QACD,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,SAAS,EAAE,CAAC;YAC/B,IAAI,CAAC,CAAC,UAAU,GAAG,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,CAAC;gBAClC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;gBACpB,OAAO,EAAE,CAAC;YACZ,CAAC;QACH,CAAC;QACD,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,SAAS,KAAK;QACZ,OAAO;YACL,OAAO,EAAE,OAAO,CAAC,IAAI;YACrB,KAAK,EAAE,KAAK,CAAC,IAAI;YACjB,MAAM,EAAE,MAAM,CAAC,IAAI;YACnB,SAAS,EAAE,SAAS,CAAC,IAAI;SAC1B,CAAC;IACJ,CAAC;IAED,OAAO;QACL,cAAc;QACd,SAAS;QACT,SAAS;QACT,YAAY;QACZ,YAAY;QACZ,iBAAiB;QACjB,KAAK;QACL,KAAK;KACN,CAAC;AACJ,CAAC"}

package/dist/server-http.d.ts DELETED Viewed

@@ -1,22 +0,0 @@
-#!/usr/bin/env node
-import type { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
-import { type ModuleStatus } from "@getimo/mcp-toolkit";
-import { type McpHandler, type HttpTransportServer } from "./transports/http.js";
-import { type OAuthProvider } from "./auth/oauth-provider.js";
-export interface BootOptions {
-    /** TCP port. Default: process.env.APIMAPPER_HTTP_PORT or 8901. */
-    port?: number;
-    /** Public URL hint for OAuth metadata. */
-    publicBaseUrl?: string;
-    /** Pluggable MCP handler — defaults to a stub that returns the original JSON-RPC id with an empty result. */
-    mcpHandler?: McpHandler;
-}
-export interface BootedHttpServer extends HttpTransportServer {
-    oauth: OAuthProvider;
-}
-/** Test-only — exposes the server + module load status for assertions. */
-export declare function _testGetMcpServer(): {
-    server: McpServer | null;
-    modules: ModuleStatus[];
-};
-export declare function bootHttpServer(options?: BootOptions): Promise<BootedHttpServer>;