npm - @wootsup/yt-builder-mcp - Versions diffs - 0.2.0-alpha.2 - Mend

@wootsup/yt-builder-mcp 0.2.0-alpha.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (299) hide show

package/LICENSE +21 -0
package/README.md +221 -0
package/bin/yt-builder-mcp.js +59 -0
package/dist/auth.d.ts +39 -0
package/dist/auth.d.ts.map +1 -0
package/dist/auth.js +93 -0
package/dist/auth.js.map +1 -0
package/dist/client.d.ts +84 -0
package/dist/client.d.ts.map +1 -0
package/dist/client.js +151 -0
package/dist/client.js.map +1 -0
package/dist/clients/claude-code.d.ts +18 -0
package/dist/clients/claude-code.d.ts.map +1 -0
package/dist/clients/claude-code.js +53 -0
package/dist/clients/claude-code.js.map +1 -0
package/dist/clients/claude-desktop.d.ts +19 -0
package/dist/clients/claude-desktop.d.ts.map +1 -0
package/dist/clients/claude-desktop.js +56 -0
package/dist/clients/claude-desktop.js.map +1 -0
package/dist/clients/cline.d.ts +26 -0
package/dist/clients/cline.d.ts.map +1 -0
package/dist/clients/cline.js +80 -0
package/dist/clients/cline.js.map +1 -0
package/dist/clients/codex-cli.d.ts +42 -0
package/dist/clients/codex-cli.d.ts.map +1 -0
package/dist/clients/codex-cli.js +194 -0
package/dist/clients/codex-cli.js.map +1 -0
package/dist/clients/continue.d.ts +13 -0
package/dist/clients/continue.d.ts.map +1 -0
package/dist/clients/continue.js +52 -0
package/dist/clients/continue.js.map +1 -0
package/dist/clients/cursor.d.ts +12 -0
package/dist/clients/cursor.d.ts.map +1 -0
package/dist/clients/cursor.js +38 -0
package/dist/clients/cursor.js.map +1 -0
package/dist/clients/gemini-cli.d.ts +18 -0
package/dist/clients/gemini-cli.d.ts.map +1 -0
package/dist/clients/gemini-cli.js +44 -0
package/dist/clients/gemini-cli.js.map +1 -0
package/dist/clients/home.d.ts +14 -0
package/dist/clients/home.d.ts.map +1 -0
package/dist/clients/home.js +20 -0
package/dist/clients/home.js.map +1 -0
package/dist/clients/index.d.ts +52 -0
package/dist/clients/index.d.ts.map +1 -0
package/dist/clients/index.js +72 -0
package/dist/clients/index.js.map +1 -0
package/dist/clients/roo-code.d.ts +23 -0
package/dist/clients/roo-code.d.ts.map +1 -0
package/dist/clients/roo-code.js +69 -0
package/dist/clients/roo-code.js.map +1 -0
package/dist/clients/zed.d.ts +12 -0
package/dist/clients/zed.d.ts.map +1 -0
package/dist/clients/zed.js +41 -0
package/dist/clients/zed.js.map +1 -0
package/dist/errors/hints.d.ts +51 -0
package/dist/errors/hints.d.ts.map +1 -0
package/dist/errors/hints.js +95 -0
package/dist/errors/hints.js.map +1 -0
package/dist/errors/mask.d.ts +35 -0
package/dist/errors/mask.d.ts.map +1 -0
package/dist/errors/mask.js +49 -0
package/dist/errors/mask.js.map +1 -0
package/dist/errors/sanitize.d.ts +31 -0
package/dist/errors/sanitize.d.ts.map +1 -0
package/dist/errors/sanitize.js +90 -0
package/dist/errors/sanitize.js.map +1 -0
package/dist/errors.d.ts +42 -0
package/dist/errors.d.ts.map +1 -0
package/dist/errors.js +61 -0
package/dist/errors.js.map +1 -0
package/dist/gateway/advanced-tool/discovery.d.ts +19 -0
package/dist/gateway/advanced-tool/discovery.d.ts.map +1 -0
package/dist/gateway/advanced-tool/discovery.js +53 -0
package/dist/gateway/advanced-tool/discovery.js.map +1 -0
package/dist/gateway/advanced-tool/domains.d.ts +42 -0
package/dist/gateway/advanced-tool/domains.d.ts.map +1 -0
package/dist/gateway/advanced-tool/domains.js +88 -0
package/dist/gateway/advanced-tool/domains.js.map +1 -0
package/dist/gateway/advanced-tool/execute.d.ts +29 -0
package/dist/gateway/advanced-tool/execute.d.ts.map +1 -0
package/dist/gateway/advanced-tool/execute.js +54 -0
package/dist/gateway/advanced-tool/execute.js.map +1 -0
package/dist/gateway/advanced-tool/index.d.ts +36 -0
package/dist/gateway/advanced-tool/index.d.ts.map +1 -0
package/dist/gateway/advanced-tool/index.js +39 -0
package/dist/gateway/advanced-tool/index.js.map +1 -0
package/dist/gateway/advanced-tool/register.d.ts +18 -0
package/dist/gateway/advanced-tool/register.d.ts.map +1 -0
package/dist/gateway/advanced-tool/register.js +62 -0
package/dist/gateway/advanced-tool/register.js.map +1 -0
package/dist/gateway/advanced-tool.d.ts +13 -0
package/dist/gateway/advanced-tool.d.ts.map +1 -0
package/dist/gateway/advanced-tool.js +13 -0
package/dist/gateway/advanced-tool.js.map +1 -0
package/dist/gateway/capturing-server.d.ts +117 -0
package/dist/gateway/capturing-server.d.ts.map +1 -0
package/dist/gateway/capturing-server.js +103 -0
package/dist/gateway/capturing-server.js.map +1 -0
package/dist/gateway/essentials.d.ts +49 -0
package/dist/gateway/essentials.d.ts.map +1 -0
package/dist/gateway/essentials.js +62 -0
package/dist/gateway/essentials.js.map +1 -0
package/dist/gateway/test-support.d.ts +41 -0
package/dist/gateway/test-support.d.ts.map +1 -0
package/dist/gateway/test-support.js +60 -0
package/dist/gateway/test-support.js.map +1 -0
package/dist/index.d.ts +25 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +77 -0
package/dist/index.js.map +1 -0
package/dist/install-skill.d.ts +35 -0
package/dist/install-skill.d.ts.map +1 -0
package/dist/install-skill.js +107 -0
package/dist/install-skill.js.map +1 -0
package/dist/platform/index.d.ts +49 -0
package/dist/platform/index.d.ts.map +1 -0
package/dist/platform/index.js +38 -0
package/dist/platform/index.js.map +1 -0
package/dist/server.d.ts +50 -0
package/dist/server.d.ts.map +1 -0
package/dist/server.js +117 -0
package/dist/server.js.map +1 -0
package/dist/setup-cli.d.ts +100 -0
package/dist/setup-cli.d.ts.map +1 -0
package/dist/setup-cli.js +355 -0
package/dist/setup-cli.js.map +1 -0
package/dist/setup-prompts.d.ts +41 -0
package/dist/setup-prompts.d.ts.map +1 -0
package/dist/setup-prompts.js +142 -0
package/dist/setup-prompts.js.map +1 -0
package/dist/setup-token.d.ts +38 -0
package/dist/setup-token.d.ts.map +1 -0
package/dist/setup-token.js +106 -0
package/dist/setup-token.js.map +1 -0
package/dist/setup-wizard-defaults.d.ts +43 -0
package/dist/setup-wizard-defaults.d.ts.map +1 -0
package/dist/setup-wizard-defaults.js +160 -0
package/dist/setup-wizard-defaults.js.map +1 -0
package/dist/setup-wizard-handshake.d.ts +25 -0
package/dist/setup-wizard-handshake.d.ts.map +1 -0
package/dist/setup-wizard-handshake.js +103 -0
package/dist/setup-wizard-handshake.js.map +1 -0
package/dist/setup-wizard-types.d.ts +148 -0
package/dist/setup-wizard-types.d.ts.map +1 -0
package/dist/setup-wizard-types.js +11 -0
package/dist/setup-wizard-types.js.map +1 -0
package/dist/setup-wizard.d.ts +33 -0
package/dist/setup-wizard.d.ts.map +1 -0
package/dist/setup-wizard.js +166 -0
package/dist/setup-wizard.js.map +1 -0
package/dist/setup.d.ts +17 -0
package/dist/setup.d.ts.map +1 -0
package/dist/setup.js +33 -0
package/dist/setup.js.map +1 -0
package/dist/tools/elements/builders.d.ts +24 -0
package/dist/tools/elements/builders.d.ts.map +1 -0
package/dist/tools/elements/builders.js +150 -0
package/dist/tools/elements/builders.js.map +1 -0
package/dist/tools/elements/handlers-write.d.ts +48 -0
package/dist/tools/elements/handlers-write.d.ts.map +1 -0
package/dist/tools/elements/handlers-write.js +141 -0
package/dist/tools/elements/handlers-write.js.map +1 -0
package/dist/tools/elements/handlers.d.ts +56 -0
package/dist/tools/elements/handlers.d.ts.map +1 -0
package/dist/tools/elements/handlers.js +113 -0
package/dist/tools/elements/handlers.js.map +1 -0
package/dist/tools/elements/index.d.ts +28 -0
package/dist/tools/elements/index.d.ts.map +1 -0
package/dist/tools/elements/index.js +27 -0
package/dist/tools/elements/index.js.map +1 -0
package/dist/tools/elements.d.ts +13 -0
package/dist/tools/elements.d.ts.map +1 -0
package/dist/tools/elements.js +13 -0
package/dist/tools/elements.js.map +1 -0
package/dist/tools/elicitation.d.ts +87 -0
package/dist/tools/elicitation.d.ts.map +1 -0
package/dist/tools/elicitation.js +100 -0
package/dist/tools/elicitation.js.map +1 -0
package/dist/tools/format/elements-format.d.ts +34 -0
package/dist/tools/format/elements-format.d.ts.map +1 -0
package/dist/tools/format/elements-format.js +112 -0
package/dist/tools/format/elements-format.js.map +1 -0
package/dist/tools/format/health-format.d.ts +73 -0
package/dist/tools/format/health-format.d.ts.map +1 -0
package/dist/tools/format/health-format.js +178 -0
package/dist/tools/format/health-format.js.map +1 -0
package/dist/tools/format/inspection-format.d.ts +45 -0
package/dist/tools/format/inspection-format.d.ts.map +1 -0
package/dist/tools/format/inspection-format.js +125 -0
package/dist/tools/format/inspection-format.js.map +1 -0
package/dist/tools/format/pages-format.d.ts +39 -0
package/dist/tools/format/pages-format.d.ts.map +1 -0
package/dist/tools/format/pages-format.js +110 -0
package/dist/tools/format/pages-format.js.map +1 -0
package/dist/tools/format/sources-format.d.ts +25 -0
package/dist/tools/format/sources-format.d.ts.map +1 -0
package/dist/tools/format/sources-format.js +113 -0
package/dist/tools/format/sources-format.js.map +1 -0
package/dist/tools/health.d.ts +22 -0
package/dist/tools/health.d.ts.map +1 -0
package/dist/tools/health.js +147 -0
package/dist/tools/health.js.map +1 -0
package/dist/tools/index.d.ts +23 -0
package/dist/tools/index.d.ts.map +1 -0
package/dist/tools/index.js +23 -0
package/dist/tools/index.js.map +1 -0
package/dist/tools/inspection.d.ts +14 -0
package/dist/tools/inspection.d.ts.map +1 -0
package/dist/tools/inspection.js +115 -0
package/dist/tools/inspection.js.map +1 -0
package/dist/tools/layout-flatten.d.ts +63 -0
package/dist/tools/layout-flatten.d.ts.map +1 -0
package/dist/tools/layout-flatten.js +95 -0
package/dist/tools/layout-flatten.js.map +1 -0
package/dist/tools/pages/builders.d.ts +14 -0
package/dist/tools/pages/builders.d.ts.map +1 -0
package/dist/tools/pages/builders.js +97 -0
package/dist/tools/pages/builders.js.map +1 -0
package/dist/tools/pages/handlers-read.d.ts +24 -0
package/dist/tools/pages/handlers-read.d.ts.map +1 -0
package/dist/tools/pages/handlers-read.js +141 -0
package/dist/tools/pages/handlers-read.js.map +1 -0
package/dist/tools/pages/handlers-write.d.ts +21 -0
package/dist/tools/pages/handlers-write.d.ts.map +1 -0
package/dist/tools/pages/handlers-write.js +52 -0
package/dist/tools/pages/handlers-write.js.map +1 -0
package/dist/tools/pages/index.d.ts +17 -0
package/dist/tools/pages/index.d.ts.map +1 -0
package/dist/tools/pages/index.js +17 -0
package/dist/tools/pages/index.js.map +1 -0
package/dist/tools/pages/schemas.d.ts +30 -0
package/dist/tools/pages/schemas.d.ts.map +1 -0
package/dist/tools/pages/schemas.js +30 -0
package/dist/tools/pages/schemas.js.map +1 -0
package/dist/tools/pages.d.ts +13 -0
package/dist/tools/pages.d.ts.map +1 -0
package/dist/tools/pages.js +13 -0
package/dist/tools/pages.js.map +1 -0
package/dist/tools/progress-phases.d.ts +46 -0
package/dist/tools/progress-phases.d.ts.map +1 -0
package/dist/tools/progress-phases.js +48 -0
package/dist/tools/progress-phases.js.map +1 -0
package/dist/tools/shared-schemas.d.ts +15 -0
package/dist/tools/shared-schemas.d.ts.map +1 -0
package/dist/tools/shared-schemas.js +30 -0
package/dist/tools/shared-schemas.js.map +1 -0
package/dist/tools/sources/builders.d.ts +13 -0
package/dist/tools/sources/builders.d.ts.map +1 -0
package/dist/tools/sources/builders.js +88 -0
package/dist/tools/sources/builders.js.map +1 -0
package/dist/tools/sources/handlers-bind.d.ts +26 -0
package/dist/tools/sources/handlers-bind.d.ts.map +1 -0
package/dist/tools/sources/handlers-bind.js +123 -0
package/dist/tools/sources/handlers-bind.js.map +1 -0
package/dist/tools/sources/handlers.d.ts +45 -0
package/dist/tools/sources/handlers.d.ts.map +1 -0
package/dist/tools/sources/handlers.js +84 -0
package/dist/tools/sources/handlers.js.map +1 -0
package/dist/tools/sources/index.d.ts +19 -0
package/dist/tools/sources/index.d.ts.map +1 -0
package/dist/tools/sources/index.js +18 -0
package/dist/tools/sources/index.js.map +1 -0
package/dist/tools/sources.d.ts +14 -0
package/dist/tools/sources.d.ts.map +1 -0
package/dist/tools/sources.js +14 -0
package/dist/tools/sources.js.map +1 -0
package/dist/tools/sparse-fields.d.ts +80 -0
package/dist/tools/sparse-fields.d.ts.map +1 -0
package/dist/tools/sparse-fields.js +144 -0
package/dist/tools/sparse-fields.js.map +1 -0
package/dist/tools/tool-builder/annotations.d.ts +22 -0
package/dist/tools/tool-builder/annotations.d.ts.map +1 -0
package/dist/tools/tool-builder/annotations.js +35 -0
package/dist/tools/tool-builder/annotations.js.map +1 -0
package/dist/tools/tool-builder/define.d.ts +31 -0
package/dist/tools/tool-builder/define.d.ts.map +1 -0
package/dist/tools/tool-builder/define.js +31 -0
package/dist/tools/tool-builder/define.js.map +1 -0
package/dist/tools/tool-builder/index.d.ts +28 -0
package/dist/tools/tool-builder/index.d.ts.map +1 -0
package/dist/tools/tool-builder/index.js +27 -0
package/dist/tools/tool-builder/index.js.map +1 -0
package/dist/tools/tool-builder/results.d.ts +59 -0
package/dist/tools/tool-builder/results.d.ts.map +1 -0
package/dist/tools/tool-builder/results.js +125 -0
package/dist/tools/tool-builder/results.js.map +1 -0
package/dist/tools/tool-builder/types.d.ts +82 -0
package/dist/tools/tool-builder/types.d.ts.map +1 -0
package/dist/tools/tool-builder/types.js +9 -0
package/dist/tools/tool-builder/types.js.map +1 -0
package/dist/tools/tool-builder.d.ts +16 -0
package/dist/tools/tool-builder.d.ts.map +1 -0
package/dist/tools/tool-builder.js +16 -0
package/dist/tools/tool-builder.js.map +1 -0
package/icon.png +0 -0
package/manifest.json +63 -0
package/package.json +81 -0
package/skills/yootheme-builder/SKILL.md +582 -0

package/dist/clients/roo-code.js ADDED Viewed

@@ -0,0 +1,69 @@
+/**
+ * Roo Code MCP config writer.
+ *
+ * Roo Code (formerly Roo Cline) is the VS Code extension
+ * `rooveterinaryinc.roo-cline` — a fork of Cline. It follows the
+ * same VS Code globalStorage layout but its own settings file is
+ * named `mcp_settings.json` (without the legacy `cline_` prefix
+ * its parent uses).
+ *
+ *   <vsCodeUserDir>/globalStorage/rooveterinaryinc.roo-cline/settings/mcp_settings.json
+ *
+ * VS Code's `<vsCodeUserDir>` is:
+ *   macOS:    ~/Library/Application Support/Code/User
+ *   Linux:    ~/.config/Code/User
+ *   Windows:  %APPDATA%\Code\User
+ *
+ * Schema mirrors Claude Desktop's `mcpServers` map.
+ *
+ * @license MIT
+ */
+import { existsSync } from 'node:fs';
+import { platform } from 'node:os';
+import { join } from 'node:path';
+import { userHome } from './home.js';
+import { patchJsonFile } from './index.js';
+const EXTENSION_ID = 'rooveterinaryinc.roo-cline';
+const SETTINGS_FILENAME = 'mcp_settings.json';
+function vsCodeUserDir() {
+    const home = userHome();
+    switch (platform()) {
+        case 'darwin':
+            return join(home, 'Library', 'Application Support', 'Code', 'User');
+        case 'win32': {
+            const appData = process.env.APPDATA ?? join(home, 'AppData', 'Roaming');
+            return join(appData, 'Code', 'User');
+        }
+        default:
+            return join(home, '.config', 'Code', 'User');
+    }
+}
+function configPath() {
+    return join(vsCodeUserDir(), 'globalStorage', EXTENSION_ID, 'settings', SETTINGS_FILENAME);
+}
+function isDetected() {
+    const extDir = join(vsCodeUserDir(), 'globalStorage', EXTENSION_ID);
+    return existsSync(extDir) || existsSync(configPath());
+}
+export const rooCodeClient = {
+    id: 'roo-code',
+    label: 'Roo Code (VS Code)',
+    configPath,
+    isDetected,
+    apply: async (serverName, config) => {
+        await patchJsonFile(configPath(), (current) => {
+            const servers = current.mcpServers !== null &&
+                typeof current.mcpServers === 'object' &&
+                !Array.isArray(current.mcpServers)
+                ? { ...current.mcpServers }
+                : {};
+            servers[serverName] = {
+                command: config.command,
+                args: config.args,
+                env: config.env,
+            };
+            return { ...current, mcpServers: servers };
+        });
+    },
+};
+//# sourceMappingURL=roo-code.js.map

package/dist/clients/roo-code.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"roo-code.js","sourceRoot":"","sources":["../../src/clients/roo-code.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AACnC,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAEjC,OAAO,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC;AACrC,OAAO,EAAE,aAAa,EAA2C,MAAM,YAAY,CAAC;AAEpF,MAAM,YAAY,GAAG,4BAA4B,CAAC;AAClD,MAAM,iBAAiB,GAAG,mBAAmB,CAAC;AAE9C,SAAS,aAAa;IAClB,MAAM,IAAI,GAAG,QAAQ,EAAE,CAAC;IACxB,QAAQ,QAAQ,EAAE,EAAE,CAAC;QACjB,KAAK,QAAQ;YACT,OAAO,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,qBAAqB,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;QACxE,KAAK,OAAO,CAAC,CAAC,CAAC;YACX,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,IAAI,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;YACxE,OAAO,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;QACzC,CAAC;QACD;YACI,OAAO,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;IACrD,CAAC;AACL,CAAC;AAED,SAAS,UAAU;IACf,OAAO,IAAI,CACP,aAAa,EAAE,EACf,eAAe,EACf,YAAY,EACZ,UAAU,EACV,iBAAiB,CACpB,CAAC;AACN,CAAC;AAED,SAAS,UAAU;IACf,MAAM,MAAM,GAAG,IAAI,CAAC,aAAa,EAAE,EAAE,eAAe,EAAE,YAAY,CAAC,CAAC;IACpE,OAAO,UAAU,CAAC,MAAM,CAAC,IAAI,UAAU,CAAC,UAAU,EAAE,CAAC,CAAC;AAC1D,CAAC;AAED,MAAM,CAAC,MAAM,aAAa,GAAiB;IACvC,EAAE,EAAE,UAAU;IACd,KAAK,EAAE,oBAAoB;IAC3B,UAAU;IACV,UAAU;IACV,KAAK,EAAE,KAAK,EAAE,UAAkB,EAAE,MAAuB,EAAE,EAAE;QACzD,MAAM,aAAa,CAAC,UAAU,EAAE,EAAE,CAAC,OAAO,EAAE,EAAE;YAC1C,MAAM,OAAO,GACT,OAAO,CAAC,UAAU,KAAK,IAAI;gBAC3B,OAAO,OAAO,CAAC,UAAU,KAAK,QAAQ;gBACtC,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,UAAU,CAAC;gBAC9B,CAAC,CAAC,EAAE,GAAI,OAAO,CAAC,UAAsC,EAAE;gBACxD,CAAC,CAAC,EAAE,CAAC;YACb,OAAO,CAAC,UAAU,CAAC,GAAG;gBAClB,OAAO,EAAE,MAAM,CAAC,OAAO;gBACvB,IAAI,EAAE,MAAM,CAAC,IAAI;gBACjB,GAAG,EAAE,MAAM,CAAC,GAAG;aAClB,CAAC;YACF,OAAO,EAAE,GAAG,OAAO,EAAE,UAAU,EAAE,OAAO,EAAE,CAAC;QAC/C,CAAC,CAAC,CAAC;IACP,CAAC;CACJ,CAAC"}

package/dist/clients/zed.d.ts ADDED Viewed

@@ -0,0 +1,12 @@
+/**
+ * Zed MCP config writer.
+ *
+ *   Global: ~/.config/zed/settings.json  (JSONC; we treat as JSON for write)
+ *
+ * Schema: `context_servers` map (Zed-specific naming).
+ *
+ * @license MIT
+ */
+import { type ClientWriter } from './index.js';
+export declare const zedClient: ClientWriter;
+//# sourceMappingURL=zed.d.ts.map

package/dist/clients/zed.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"zed.d.ts","sourceRoot":"","sources":["../../src/clients/zed.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAMH,OAAO,EAAiB,KAAK,YAAY,EAAwB,MAAM,YAAY,CAAC;AAMpF,eAAO,MAAM,SAAS,EAAE,YAwBvB,CAAC"}

package/dist/clients/zed.js ADDED Viewed

@@ -0,0 +1,41 @@
+/**
+ * Zed MCP config writer.
+ *
+ *   Global: ~/.config/zed/settings.json  (JSONC; we treat as JSON for write)
+ *
+ * Schema: `context_servers` map (Zed-specific naming).
+ *
+ * @license MIT
+ */
+import { existsSync } from 'node:fs';
+import { join } from 'node:path';
+import { userHome } from './home.js';
+import { patchJsonFile } from './index.js';
+function configPath() {
+    return join(userHome(), '.config', 'zed', 'settings.json');
+}
+export const zedClient = {
+    id: 'zed',
+    label: 'Zed',
+    configPath,
+    isDetected: () => existsSync(join(userHome(), '.config', 'zed')),
+    apply: async (serverName, config) => {
+        await patchJsonFile(configPath(), (current) => {
+            const servers = current.context_servers !== null &&
+                typeof current.context_servers === 'object' &&
+                !Array.isArray(current.context_servers)
+                ? { ...current.context_servers }
+                : {};
+            servers[serverName] = {
+                command: {
+                    path: config.command,
+                    args: config.args,
+                    env: config.env,
+                },
+                settings: {},
+            };
+            return { ...current, context_servers: servers };
+        });
+    },
+};
+//# sourceMappingURL=zed.js.map

package/dist/clients/zed.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"zed.js","sourceRoot":"","sources":["../../src/clients/zed.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAEjC,OAAO,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC;AACrC,OAAO,EAAE,aAAa,EAA2C,MAAM,YAAY,CAAC;AAEpF,SAAS,UAAU;IACf,OAAO,IAAI,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,KAAK,EAAE,eAAe,CAAC,CAAC;AAC/D,CAAC;AAED,MAAM,CAAC,MAAM,SAAS,GAAiB;IACnC,EAAE,EAAE,KAAK;IACT,KAAK,EAAE,KAAK;IACZ,UAAU;IACV,UAAU,EAAE,GAAG,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,KAAK,CAAC,CAAC;IAChE,KAAK,EAAE,KAAK,EAAE,UAAkB,EAAE,MAAuB,EAAE,EAAE;QACzD,MAAM,aAAa,CAAC,UAAU,EAAE,EAAE,CAAC,OAAO,EAAE,EAAE;YAC1C,MAAM,OAAO,GACT,OAAO,CAAC,eAAe,KAAK,IAAI;gBAChC,OAAO,OAAO,CAAC,eAAe,KAAK,QAAQ;gBAC3C,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,eAAe,CAAC;gBACnC,CAAC,CAAC,EAAE,GAAI,OAAO,CAAC,eAA2C,EAAE;gBAC7D,CAAC,CAAC,EAAE,CAAC;YACb,OAAO,CAAC,UAAU,CAAC,GAAG;gBAClB,OAAO,EAAE;oBACL,IAAI,EAAE,MAAM,CAAC,OAAO;oBACpB,IAAI,EAAE,MAAM,CAAC,IAAI;oBACjB,GAAG,EAAE,MAAM,CAAC,GAAG;iBAClB;gBACD,QAAQ,EAAE,EAAE;aACf,CAAC;YACF,OAAO,EAAE,GAAG,OAAO,EAAE,eAAe,EAAE,OAAO,EAAE,CAAC;QACpD,CAAC,CAAC,CAAC;IACP,CAAC;CACJ,CAAC"}

package/dist/errors/hints.d.ts ADDED Viewed

@@ -0,0 +1,51 @@
+/**
+ * Error-code taxonomy + AI-friendly hint messages.
+ *
+ * `classify(status)` maps the HTTP status of a failed REST call into one
+ * of nine canonical `YtbErrorCode` values. `hintFor(code)` returns a
+ * recovery-oriented hint string the LLM can act on without re-reading the
+ * raw error message.
+ *
+ * Centralising the taxonomy means every tool's catch-block emits the
+ * same vocabulary, and the audit gate can pin the exact set of hints
+ * that ship.
+ *
+ * Reference: `apimapper-mcp/src/modules/apimapper/client.ts:hintFor`
+ * (Wave G.6.1 — same shape, ported for the YOOtheme Builder REST API).
+ *
+ * @license MIT
+ */
+/**
+ * Canonical YOOtheme-Builder-MCP error code union.
+ *
+ * Order is documentary only — `classify()` returns whichever applies.
+ */
+export type YtbErrorCode = 'auth_invalid' | 'auth_missing' | 'forbidden' | 'not_found' | 'conflict_etag' | 'validation_error' | 'rate_limit' | 'server_error' | 'network';
+/** Options for `classify()` — second-tier signals (e.g. response headers). */
+export interface ClassifyOptions {
+    /**
+     * Whether the response carried a `WWW-Authenticate` header. Used to
+     * distinguish `auth_missing` (no bearer sent → server didn't ask for one
+     * via WWW-Authenticate; misconfigured client) from `auth_invalid`
+     * (server rejected the bearer that WAS sent).
+     */
+    readonly hasWwwAuthenticate?: boolean;
+}
+/**
+ * Map an HTTP status into a `YtbErrorCode`.
+ *
+ * Special-cases:
+ *   - 401 with `hasWwwAuthenticate: false` → `auth_missing`
+ *   - 401 with `hasWwwAuthenticate: true`  → `auth_invalid` (default)
+ *   - 412 (Precondition Failed) is treated as `conflict_etag` alongside 409.
+ *   - Status 0 (no response) → `network`.
+ *   - Anything we don't recognise (incl. 2xx) → `server_error` so the agent
+ *     sees a non-empty hint rather than silently swallowing.
+ */
+export declare function classify(status: number, options?: ClassifyOptions): YtbErrorCode;
+/**
+ * Return a focused hint describing how the agent (or the user) can
+ * recover from a given error code. Always non-empty.
+ */
+export declare function hintFor(code: YtbErrorCode): string;
+//# sourceMappingURL=hints.d.ts.map

package/dist/errors/hints.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"hints.d.ts","sourceRoot":"","sources":["../../src/errors/hints.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH;;;;GAIG;AACH,MAAM,MAAM,YAAY,GAClB,cAAc,GACd,cAAc,GACd,WAAW,GACX,WAAW,GACX,eAAe,GACf,kBAAkB,GAClB,YAAY,GACZ,cAAc,GACd,SAAS,CAAC;AAEhB,8EAA8E;AAC9E,MAAM,WAAW,eAAe;IAC5B;;;;;OAKG;IACH,QAAQ,CAAC,kBAAkB,CAAC,EAAE,OAAO,CAAC;CACzC;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,QAAQ,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,GAAE,eAAoB,GAAG,YAAY,CAYpF;AAED;;;GAGG;AACH,wBAAgB,OAAO,CAAC,IAAI,EAAE,YAAY,GAAG,MAAM,CA2DlD"}

package/dist/errors/hints.js ADDED Viewed

@@ -0,0 +1,95 @@
+/**
+ * Error-code taxonomy + AI-friendly hint messages.
+ *
+ * `classify(status)` maps the HTTP status of a failed REST call into one
+ * of nine canonical `YtbErrorCode` values. `hintFor(code)` returns a
+ * recovery-oriented hint string the LLM can act on without re-reading the
+ * raw error message.
+ *
+ * Centralising the taxonomy means every tool's catch-block emits the
+ * same vocabulary, and the audit gate can pin the exact set of hints
+ * that ship.
+ *
+ * Reference: `apimapper-mcp/src/modules/apimapper/client.ts:hintFor`
+ * (Wave G.6.1 — same shape, ported for the YOOtheme Builder REST API).
+ *
+ * @license MIT
+ */
+/**
+ * Map an HTTP status into a `YtbErrorCode`.
+ *
+ * Special-cases:
+ *   - 401 with `hasWwwAuthenticate: false` → `auth_missing`
+ *   - 401 with `hasWwwAuthenticate: true`  → `auth_invalid` (default)
+ *   - 412 (Precondition Failed) is treated as `conflict_etag` alongside 409.
+ *   - Status 0 (no response) → `network`.
+ *   - Anything we don't recognise (incl. 2xx) → `server_error` so the agent
+ *     sees a non-empty hint rather than silently swallowing.
+ */
+export function classify(status, options = {}) {
+    if (status === 0)
+        return 'network';
+    if (status === 401) {
+        return options.hasWwwAuthenticate === false ? 'auth_missing' : 'auth_invalid';
+    }
+    if (status === 403)
+        return 'forbidden';
+    if (status === 404)
+        return 'not_found';
+    if (status === 409 || status === 412)
+        return 'conflict_etag';
+    if (status === 422)
+        return 'validation_error';
+    if (status === 429)
+        return 'rate_limit';
+    if (status >= 500)
+        return 'server_error';
+    return 'server_error';
+}
+/**
+ * Return a focused hint describing how the agent (or the user) can
+ * recover from a given error code. Always non-empty.
+ */
+export function hintFor(code) {
+    switch (code) {
+        case 'auth_invalid':
+            return ('Bearer key rejected (HTTP 401, key signature invalid or revoked). ' +
+                'Open wp-admin → Tools → "YT Builder MCP" → Bearer Keys, regenerate the ' +
+                'key, and update YTB_MCP_BEARER_TOKEN in your AI-client config. ' +
+                'Then restart the client.');
+        case 'auth_missing':
+            return ('No Bearer credential sent (HTTP 401 without WWW-Authenticate echo). ' +
+                'Set the YTB_MCP_BEARER_TOKEN environment variable in your AI-client ' +
+                'MCP configuration to a key generated by the plugin Settings page.');
+        case 'forbidden':
+            return ('Permission denied (HTTP 403). Your Bearer key lacks the required ' +
+                'scope for this operation. Regenerate a key with the correct ' +
+                'scope (read / write / admin) in the plugin Settings page.');
+        case 'not_found':
+            return ('Resource not found (HTTP 404). Use the matching `*_list` tool ' +
+                '(yootheme_builder_pages_list, yootheme_builder_element_list, …) ' +
+                'to discover valid IDs / paths. IDs are case-sensitive.');
+        case 'conflict_etag':
+            return ('Optimistic-lock failed (HTTP 409/412). Another writer changed ' +
+                'the state since you fetched it. Call yootheme_builder_get_etag ' +
+                'again to get the fresh ETag, then retry your write with that ETag.');
+        case 'validation_error':
+            return ('Request body failed validation (HTTP 422). Re-check the tool\'s ' +
+                'inputSchema and the element-type schema via ' +
+                'yootheme_builder_element_type_get_schema for valid `props` keys.');
+        case 'rate_limit':
+            return ('Rate limit reached (HTTP 429). This is likely Cloudflare or ' +
+                'another WAF in front of WordPress, not the plugin itself. Wait ' +
+                'a few seconds and retry. If persistent, check the WAF rate-limit ' +
+                'rule in your Cloudflare dashboard.');
+        case 'server_error':
+            return ('Upstream server error (HTTP 5xx or unexpected status). Retry ' +
+                'after a short delay; if it persists, check the WordPress error ' +
+                'log (wp-content/debug.log) for the underlying PHP exception.');
+        case 'network':
+            return ('Network or timeout error reaching WordPress. Verify ' +
+                'YTB_MCP_WP_URL is correct and reachable from this host (try ' +
+                '`curl <YTB_MCP_WP_URL>/wp-json/yt-builder-mcp/v1/health`).');
+    }
+}
+//# sourceMappingURL=hints.js.map

package/dist/errors/hints.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"hints.js","sourceRoot":"","sources":["../../src/errors/hints.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AA6BH;;;;;;;;;;GAUG;AACH,MAAM,UAAU,QAAQ,CAAC,MAAc,EAAE,UAA2B,EAAE;IAClE,IAAI,MAAM,KAAK,CAAC;QAAE,OAAO,SAAS,CAAC;IACnC,IAAI,MAAM,KAAK,GAAG,EAAE,CAAC;QACjB,OAAO,OAAO,CAAC,kBAAkB,KAAK,KAAK,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,cAAc,CAAC;IAClF,CAAC;IACD,IAAI,MAAM,KAAK,GAAG;QAAE,OAAO,WAAW,CAAC;IACvC,IAAI,MAAM,KAAK,GAAG;QAAE,OAAO,WAAW,CAAC;IACvC,IAAI,MAAM,KAAK,GAAG,IAAI,MAAM,KAAK,GAAG;QAAE,OAAO,eAAe,CAAC;IAC7D,IAAI,MAAM,KAAK,GAAG;QAAE,OAAO,kBAAkB,CAAC;IAC9C,IAAI,MAAM,KAAK,GAAG;QAAE,OAAO,YAAY,CAAC;IACxC,IAAI,MAAM,IAAI,GAAG;QAAE,OAAO,cAAc,CAAC;IACzC,OAAO,cAAc,CAAC;AAC1B,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,OAAO,CAAC,IAAkB;IACtC,QAAQ,IAAI,EAAE,CAAC;QACX,KAAK,cAAc;YACf,OAAO,CACH,oEAAoE;gBACpE,yEAAyE;gBACzE,iEAAiE;gBACjE,0BAA0B,CAC7B,CAAC;QACN,KAAK,cAAc;YACf,OAAO,CACH,sEAAsE;gBACtE,sEAAsE;gBACtE,mEAAmE,CACtE,CAAC;QACN,KAAK,WAAW;YACZ,OAAO,CACH,mEAAmE;gBACnE,8DAA8D;gBAC9D,2DAA2D,CAC9D,CAAC;QACN,KAAK,WAAW;YACZ,OAAO,CACH,gEAAgE;gBAChE,kEAAkE;gBAClE,wDAAwD,CAC3D,CAAC;QACN,KAAK,eAAe;YAChB,OAAO,CACH,gEAAgE;gBAChE,iEAAiE;gBACjE,oEAAoE,CACvE,CAAC;QACN,KAAK,kBAAkB;YACnB,OAAO,CACH,kEAAkE;gBAClE,8CAA8C;gBAC9C,kEAAkE,CACrE,CAAC;QACN,KAAK,YAAY;YACb,OAAO,CACH,8DAA8D;gBAC9D,iEAAiE;gBACjE,mEAAmE;gBACnE,oCAAoC,CACvC,CAAC;QACN,KAAK,cAAc;YACf,OAAO,CACH,+DAA+D;gBAC/D,iEAAiE;gBACjE,8DAA8D,CACjE,CAAC;QACN,KAAK,SAAS;YACV,OAAO,CACH,sDAAsD;gBACtD,8DAA8D;gBAC9D,4DAA4D,CAC/D,CAAC;IACV,CAAC;AACL,CAAC"}

package/dist/errors/mask.d.ts ADDED Viewed

@@ -0,0 +1,35 @@
+/**
+ * Secret-masking helpers — Wave G.6.2.
+ *
+ * `maskBearerToken` rewrites any `Bearer <token>` substring to
+ * `Bearer ***masked***`. `sanitizeForLogs` additionally truncates very
+ * long strings so a paste of a multi-MB stack trace can't blow the
+ * context budget.
+ *
+ * Defense-in-depth: this is the single choke-point for any string
+ * (error message, response body excerpt, log line) that crosses the
+ * MCP boundary into the LLM's view.
+ *
+ * @license MIT
+ */
+/** Maximum length for a sanitised log string. Anything longer is truncated. */
+export declare const LOG_TRUNCATION_LIMIT = 2000;
+/**
+ * Replace every `Bearer <opaque-token>` substring with `Bearer ***masked***`.
+ *
+ * Token-shape is intentionally permissive — we'd rather over-mask than
+ * leak. Any non-whitespace run following the literal `Bearer ` is treated
+ * as the token and replaced.
+ */
+export declare function maskBearerToken(input: string): string;
+/**
+ * Sanitise a string before it joins the LLM-visible output:
+ *   1. mask any Bearer tokens
+ *   2. truncate to `LOG_TRUNCATION_LIMIT` chars with a clear suffix
+ *
+ * Non-string inputs (null / undefined) collapse to an empty string —
+ * caller code typically passes `error?.message` and `?? ''` is a common
+ * upstream pattern.
+ */
+export declare function sanitizeForLogs(input: string): string;
+//# sourceMappingURL=mask.d.ts.map

package/dist/errors/mask.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"mask.d.ts","sourceRoot":"","sources":["../../src/errors/mask.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,+EAA+E;AAC/E,eAAO,MAAM,oBAAoB,OAAO,CAAC;AAEzC;;;;;;GAMG;AACH,wBAAgB,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAIrD;AAED;;;;;;;;GAQG;AACH,wBAAgB,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAMrD"}

package/dist/errors/mask.js ADDED Viewed

@@ -0,0 +1,49 @@
+/**
+ * Secret-masking helpers — Wave G.6.2.
+ *
+ * `maskBearerToken` rewrites any `Bearer <token>` substring to
+ * `Bearer ***masked***`. `sanitizeForLogs` additionally truncates very
+ * long strings so a paste of a multi-MB stack trace can't blow the
+ * context budget.
+ *
+ * Defense-in-depth: this is the single choke-point for any string
+ * (error message, response body excerpt, log line) that crosses the
+ * MCP boundary into the LLM's view.
+ *
+ * @license MIT
+ */
+/** Maximum length for a sanitised log string. Anything longer is truncated. */
+export const LOG_TRUNCATION_LIMIT = 2000;
+/**
+ * Replace every `Bearer <opaque-token>` substring with `Bearer ***masked***`.
+ *
+ * Token-shape is intentionally permissive — we'd rather over-mask than
+ * leak. Any non-whitespace run following the literal `Bearer ` is treated
+ * as the token and replaced.
+ */
+export function maskBearerToken(input) {
+    if (input === '')
+        return '';
+    // The `g` flag handles repeated occurrences in one string.
+    return input.replace(/Bearer\s+\S+/g, 'Bearer ***masked***');
+}
+/**
+ * Sanitise a string before it joins the LLM-visible output:
+ *   1. mask any Bearer tokens
+ *   2. truncate to `LOG_TRUNCATION_LIMIT` chars with a clear suffix
+ *
+ * Non-string inputs (null / undefined) collapse to an empty string —
+ * caller code typically passes `error?.message` and `?? ''` is a common
+ * upstream pattern.
+ */
+export function sanitizeForLogs(input) {
+    if (input === null || input === undefined)
+        return '';
+    if (input === '')
+        return '';
+    const masked = maskBearerToken(input);
+    if (masked.length <= LOG_TRUNCATION_LIMIT)
+        return masked;
+    return masked.slice(0, LOG_TRUNCATION_LIMIT) + '... [truncated]';
+}
+//# sourceMappingURL=mask.js.map

package/dist/errors/mask.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"mask.js","sourceRoot":"","sources":["../../src/errors/mask.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,+EAA+E;AAC/E,MAAM,CAAC,MAAM,oBAAoB,GAAG,IAAI,CAAC;AAEzC;;;;;;GAMG;AACH,MAAM,UAAU,eAAe,CAAC,KAAa;IACzC,IAAI,KAAK,KAAK,EAAE;QAAE,OAAO,EAAE,CAAC;IAC5B,2DAA2D;IAC3D,OAAO,KAAK,CAAC,OAAO,CAAC,eAAe,EAAE,qBAAqB,CAAC,CAAC;AACjE,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,eAAe,CAAC,KAAa;IACzC,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,SAAS;QAAE,OAAO,EAAE,CAAC;IACrD,IAAI,KAAK,KAAK,EAAE;QAAE,OAAO,EAAE,CAAC;IAC5B,MAAM,MAAM,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;IACtC,IAAI,MAAM,CAAC,MAAM,IAAI,oBAAoB;QAAE,OAAO,MAAM,CAAC;IACzD,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,oBAAoB,CAAC,GAAG,iBAAiB,CAAC;AACrE,CAAC"}

package/dist/errors/sanitize.d.ts ADDED Viewed

@@ -0,0 +1,31 @@
+/**
+ * `sanitizeSecrets` — recursive value-walker that swaps any value at a
+ * known-secret key for the sentinel `[REDACTED]`.
+ *
+ * Wave G.6.4. Pattern ported verbatim from
+ * `apimapper-mcp/src/modules/apimapper/credential-sanitizer.ts` because
+ * it's the same defense-in-depth shape and the apimapper version is
+ * audit-hardened (A4 round 1 + 2).
+ *
+ * Used on both the error-path (RestError.body excerpts) AND the
+ * success-path (jsonResult / structuredResult payloads in
+ * `tool-builder.ts`) so a regressing REST handler — or a logging path —
+ * can never leak `oauth_refresh_token` / `auth_data` / `bearer` etc.
+ * into the LLM's context.
+ *
+ * Key-list intentionally mirrors apimapper-mcp; review both together
+ * when extending.
+ *
+ * @license MIT
+ */
+/**
+ * Recursively walk any JSON-serialisable value and redact any nested
+ * value whose key matches a known-secret name. Returns a fresh tree —
+ * the input is never mutated.
+ *
+ * Primitives (string / number / boolean / null / undefined) pass through
+ * unchanged. Arrays are mapped element-wise. Objects are reconstructed
+ * with `[REDACTED]` substituted at any secret key.
+ */
+export declare function sanitizeSecrets<T>(input: T): T;
+//# sourceMappingURL=sanitize.d.ts.map

package/dist/errors/sanitize.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"sanitize.d.ts","sourceRoot":"","sources":["../../src/errors/sanitize.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AA6CH;;;;;;;;GAQG;AACH,wBAAgB,eAAe,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,GAAG,CAAC,CAgB9C"}

package/dist/errors/sanitize.js ADDED Viewed

@@ -0,0 +1,90 @@
+/**
+ * `sanitizeSecrets` — recursive value-walker that swaps any value at a
+ * known-secret key for the sentinel `[REDACTED]`.
+ *
+ * Wave G.6.4. Pattern ported verbatim from
+ * `apimapper-mcp/src/modules/apimapper/credential-sanitizer.ts` because
+ * it's the same defense-in-depth shape and the apimapper version is
+ * audit-hardened (A4 round 1 + 2).
+ *
+ * Used on both the error-path (RestError.body excerpts) AND the
+ * success-path (jsonResult / structuredResult payloads in
+ * `tool-builder.ts`) so a regressing REST handler — or a logging path —
+ * can never leak `oauth_refresh_token` / `auth_data` / `bearer` etc.
+ * into the LLM's context.
+ *
+ * Key-list intentionally mirrors apimapper-mcp; review both together
+ * when extending.
+ *
+ * @license MIT
+ */
+const SECRET_KEYS = new Set([
+    // Generic auth tokens
+    'token',
+    'bearer',
+    'bearer_token',
+    'bearerToken',
+    // Plugin-internal auth blob
+    'auth_data',
+    'authData',
+    // OAuth flows
+    'oauth_refresh_token',
+    'oauthRefreshToken',
+    'refresh_token',
+    'refreshToken',
+    'access_token',
+    'accessToken',
+    // App-secret pairs
+    'client_secret',
+    'clientSecret',
+    'api_key',
+    'apiKey',
+    'password',
+    'secret',
+    'secrets',
+    'raw_secret',
+    'rawSecret',
+    // Defense-in-depth additions (cf. apimapper A4 audit round 2)
+    'private_key',
+    'privateKey',
+    'signing_key',
+    'signingKey',
+    'webhook_secret',
+    'webhookSecret',
+    'consumer_secret',
+    'consumerSecret',
+    'consumer_key',
+    'consumerKey',
+    'session_token',
+    'sessionToken',
+    'id_token',
+    'idToken',
+]);
+/**
+ * Recursively walk any JSON-serialisable value and redact any nested
+ * value whose key matches a known-secret name. Returns a fresh tree —
+ * the input is never mutated.
+ *
+ * Primitives (string / number / boolean / null / undefined) pass through
+ * unchanged. Arrays are mapped element-wise. Objects are reconstructed
+ * with `[REDACTED]` substituted at any secret key.
+ */
+export function sanitizeSecrets(input) {
+    if (Array.isArray(input)) {
+        return input.map((item) => sanitizeSecrets(item));
+    }
+    if (input !== null && typeof input === 'object') {
+        const out = {};
+        for (const [k, v] of Object.entries(input)) {
+            if (SECRET_KEYS.has(k)) {
+                out[k] = '[REDACTED]';
+            }
+            else {
+                out[k] = sanitizeSecrets(v);
+            }
+        }
+        return out;
+    }
+    return input;
+}
+//# sourceMappingURL=sanitize.js.map

package/dist/errors/sanitize.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"sanitize.js","sourceRoot":"","sources":["../../src/errors/sanitize.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAEH,MAAM,WAAW,GAAG,IAAI,GAAG,CAAS;IAChC,sBAAsB;IACtB,OAAO;IACP,QAAQ;IACR,cAAc;IACd,aAAa;IACb,4BAA4B;IAC5B,WAAW;IACX,UAAU;IACV,cAAc;IACd,qBAAqB;IACrB,mBAAmB;IACnB,eAAe;IACf,cAAc;IACd,cAAc;IACd,aAAa;IACb,mBAAmB;IACnB,eAAe;IACf,cAAc;IACd,SAAS;IACT,QAAQ;IACR,UAAU;IACV,QAAQ;IACR,SAAS;IACT,YAAY;IACZ,WAAW;IACX,8DAA8D;IAC9D,aAAa;IACb,YAAY;IACZ,aAAa;IACb,YAAY;IACZ,gBAAgB;IAChB,eAAe;IACf,iBAAiB;IACjB,gBAAgB;IAChB,cAAc;IACd,aAAa;IACb,eAAe;IACf,cAAc;IACd,UAAU;IACV,SAAS;CACZ,CAAC,CAAC;AAEH;;;;;;;;GAQG;AACH,MAAM,UAAU,eAAe,CAAI,KAAQ;IACvC,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACvB,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,eAAe,CAAC,IAAI,CAAC,CAAiB,CAAC;IACtE,CAAC;IACD,IAAI,KAAK,KAAK,IAAI,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9C,MAAM,GAAG,GAA4B,EAAE,CAAC;QACxC,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAgC,CAAC,EAAE,CAAC;YACpE,IAAI,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;gBACrB,GAAG,CAAC,CAAC,CAAC,GAAG,YAAY,CAAC;YAC1B,CAAC;iBAAM,CAAC;gBACJ,GAAG,CAAC,CAAC,CAAC,GAAG,eAAe,CAAC,CAAC,CAAC,CAAC;YAChC,CAAC;QACL,CAAC;QACD,OAAO,GAAmB,CAAC;IAC/B,CAAC;IACD,OAAO,KAAK,CAAC;AACjB,CAAC"}

package/dist/errors.d.ts ADDED Viewed

@@ -0,0 +1,42 @@
+/**
+ * Error types for the YT Builder MCP package.
+ *
+ * `RestError` wraps non-2xx responses from the WP REST API with the
+ * status, the canonical WP_Error `code` (if present) and the human
+ * message. `ConfigError` is thrown when the server is missing
+ * environment configuration.
+ *
+ * Wave G.6.3: `body` is routed through `sanitizeSecrets` at construction
+ * time so any secret-bearing field returned by the upstream REST API
+ * (e.g. WP_Error data carrying `auth_data` or `oauth_refresh_token`)
+ * never lands in the LLM context — even if a future tool decides to
+ * echo `error.body` somewhere.
+ *
+ * @license MIT
+ */
+export interface RestErrorPayload {
+    readonly status: number;
+    readonly code?: string;
+    readonly message: string;
+    /** Original parsed JSON body (or null if the body was not JSON). */
+    readonly body: unknown;
+}
+export declare class RestError extends Error {
+    readonly status: number;
+    readonly code?: string;
+    readonly body: unknown;
+    constructor(payload: RestErrorPayload);
+}
+export declare class ConfigError extends Error {
+    constructor(message: string);
+}
+export interface NetworkErrorPayload {
+    readonly cause: unknown;
+    readonly url: string;
+}
+export declare class NetworkError extends Error {
+    readonly cause: unknown;
+    readonly url: string;
+    constructor(payload: NetworkErrorPayload);
+}
+//# sourceMappingURL=errors.d.ts.map

package/dist/errors.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAIH,MAAM,WAAW,gBAAgB;IAC7B,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,oEAAoE;IACpE,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC;CAC1B;AAED,qBAAa,SAAU,SAAQ,KAAK;IAChC,SAAgB,MAAM,EAAE,MAAM,CAAC;IAC/B,SAAgB,IAAI,CAAC,EAAE,MAAM,CAAC;IAC9B,SAAgB,IAAI,EAAE,OAAO,CAAC;gBAElB,OAAO,EAAE,gBAAgB;CAUxC;AAED,qBAAa,WAAY,SAAQ,KAAK;gBACtB,OAAO,EAAE,MAAM;CAI9B;AAED,MAAM,WAAW,mBAAmB;IAChC,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC;IACxB,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;CACxB;AAED,qBAAa,YAAa,SAAQ,KAAK;IACnC,SAAgB,KAAK,EAAE,OAAO,CAAC;IAC/B,SAAgB,GAAG,EAAE,MAAM,CAAC;gBAEhB,OAAO,EAAE,mBAAmB;CAM3C"}

package/dist/errors.js ADDED Viewed

@@ -0,0 +1,61 @@
+/**
+ * Error types for the YT Builder MCP package.
+ *
+ * `RestError` wraps non-2xx responses from the WP REST API with the
+ * status, the canonical WP_Error `code` (if present) and the human
+ * message. `ConfigError` is thrown when the server is missing
+ * environment configuration.
+ *
+ * Wave G.6.3: `body` is routed through `sanitizeSecrets` at construction
+ * time so any secret-bearing field returned by the upstream REST API
+ * (e.g. WP_Error data carrying `auth_data` or `oauth_refresh_token`)
+ * never lands in the LLM context — even if a future tool decides to
+ * echo `error.body` somewhere.
+ *
+ * @license MIT
+ */
+import { sanitizeSecrets } from './errors/sanitize.js';
+export class RestError extends Error {
+    status;
+    code;
+    body;
+    constructor(payload) {
+        super(payload.message);
+        this.name = 'RestError';
+        this.status = payload.status;
+        this.code = payload.code;
+        // Deep-walk redaction at construction time (Wave G.6.3). The
+        // input body is never mutated; sanitizeSecrets returns a fresh
+        // tree with redacted secret-keys.
+        this.body = sanitizeSecrets(payload.body);
+    }
+}
+export class ConfigError extends Error {
+    constructor(message) {
+        super(message);
+        this.name = 'ConfigError';
+    }
+}
+export class NetworkError extends Error {
+    cause;
+    url;
+    constructor(payload) {
+        super(`Network error contacting ${payload.url}: ${describeCause(payload.cause)}`);
+        this.name = 'NetworkError';
+        this.cause = payload.cause;
+        this.url = payload.url;
+    }
+}
+function describeCause(cause) {
+    if (cause instanceof Error)
+        return cause.message;
+    if (typeof cause === 'string')
+        return cause;
+    try {
+        return JSON.stringify(cause);
+    }
+    catch {
+        return String(cause);
+    }
+}
+//# sourceMappingURL=errors.js.map

package/dist/errors.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"errors.js","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAUvD,MAAM,OAAO,SAAU,SAAQ,KAAK;IAChB,MAAM,CAAS;IACf,IAAI,CAAU;IACd,IAAI,CAAU;IAE9B,YAAY,OAAyB;QACjC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QACvB,IAAI,CAAC,IAAI,GAAG,WAAW,CAAC;QACxB,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC7B,IAAI,CAAC,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;QACzB,6DAA6D;QAC7D,+DAA+D;QAC/D,kCAAkC;QAClC,IAAI,CAAC,IAAI,GAAG,eAAe,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IAC9C,CAAC;CACJ;AAED,MAAM,OAAO,WAAY,SAAQ,KAAK;IAClC,YAAY,OAAe;QACvB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,aAAa,CAAC;IAC9B,CAAC;CACJ;AAOD,MAAM,OAAO,YAAa,SAAQ,KAAK;IACnB,KAAK,CAAU;IACf,GAAG,CAAS;IAE5B,YAAY,OAA4B;QACpC,KAAK,CAAC,4BAA4B,OAAO,CAAC,GAAG,KAAK,aAAa,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QAClF,IAAI,CAAC,IAAI,GAAG,cAAc,CAAC;QAC3B,IAAI,CAAC,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;QAC3B,IAAI,CAAC,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC;IAC3B,CAAC;CACJ;AAED,SAAS,aAAa,CAAC,KAAc;IACjC,IAAI,KAAK,YAAY,KAAK;QAAE,OAAO,KAAK,CAAC,OAAO,CAAC;IACjD,IAAI,OAAO,KAAK,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IAC5C,IAAI,CAAC;QACD,OAAO,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;IACjC,CAAC;IAAC,MAAM,CAAC;QACL,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC;IACzB,CAAC;AACL,CAAC"}

package/dist/gateway/advanced-tool/discovery.d.ts ADDED Viewed

@@ -0,0 +1,19 @@
+/**
+ * Gateway discovery-mode dispatch — handles `{ tool }`-only invocations
+ * by returning the target tool's description, JSON-schema, and
+ * annotations. Never invokes the target handler.
+ *
+ * Round-2 (R2-A2-CRIT2) extracted from `gateway/advanced-tool.ts`.
+ *
+ * @license MIT
+ */
+import type { CallToolResult } from '@modelcontextprotocol/sdk/types.js';
+import { type ZodRawShape } from 'zod';
+import type { AdvancedToolEntry } from '../capturing-server.js';
+/** Reads the captured config's inputSchema as a Zod raw-shape (or empty). */
+export declare function shapeOf(entry: AdvancedToolEntry): ZodRawShape;
+/** Builds a JSON-schema for a captured tool's inputs, with a defensive fallback. */
+export declare function inputSchemaJson(entry: AdvancedToolEntry): unknown;
+/** Builds the discovery-mode result for a target tool. */
+export declare function discoveryResult(toolName: string, entry: AdvancedToolEntry): CallToolResult;
+//# sourceMappingURL=discovery.d.ts.map

package/dist/gateway/advanced-tool/discovery.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"discovery.d.ts","sourceRoot":"","sources":["../../../src/gateway/advanced-tool/discovery.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,oCAAoC,CAAC;AACzE,OAAO,EAAK,KAAK,WAAW,EAAE,MAAM,KAAK,CAAC;AAE1C,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAEhE,6EAA6E;AAC7E,wBAAgB,OAAO,CAAC,KAAK,EAAE,iBAAiB,GAAG,WAAW,CAI7D;AAED,oFAAoF;AACpF,wBAAgB,eAAe,CAAC,KAAK,EAAE,iBAAiB,GAAG,OAAO,CAQjE;AAED,0DAA0D;AAC1D,wBAAgB,eAAe,CAAC,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,iBAAiB,GAAG,cAAc,CA0B1F"}