acf-mcp 1.0.0

package/dist/lib/rate-limit.d.ts

@@ -0,0 +1,24 @@
+interface RateLimitTier {
+    key: string;
+    perIpLimit: number;
+    globalLimit: number;
+}
+declare const RATE_LIMIT_TIERS: Record<string, RateLimitTier>;
+interface ToolPickInput {
+    method: string;
+    toolName?: string;
+    uri?: string;
+}
+declare function pickRateLimitConfig(input: ToolPickInput): RateLimitTier;
+interface RateLimitCheckInput extends RateLimitTier {
+    windowMs: number;
+}
+interface RateLimitCheckResult {
+    allowed: boolean;
+    retryAfter?: number;
+    reason?: "per_ip" | "global";
+}
+declare function checkRateLimit(ip: string, input: RateLimitCheckInput): RateLimitCheckResult;
+declare function _resetForTests(): void;
+
+export { RATE_LIMIT_TIERS, type RateLimitCheckInput, type RateLimitCheckResult, type RateLimitTier, type ToolPickInput, _resetForTests, checkRateLimit, pickRateLimitConfig };

package/dist/lib/rate-limit.js

@@ -0,0 +1,89 @@
+// src/lib/rate-limit.ts
+var RATE_LIMIT_TIERS = {
+  "mcp.search": { key: "mcp.search", perIpLimit: 60, globalLimit: 1e3 },
+  "mcp.fiche": { key: "mcp.fiche", perIpLimit: 60, globalLimit: 1e3 },
+  "mcp.reason": { key: "mcp.reason", perIpLimit: 30, globalLimit: 500 },
+  "mcp.heavy-read": { key: "mcp.heavy-read", perIpLimit: 15, globalLimit: 200 }
+};
+var REASON_TOOLS = /* @__PURE__ */ new Set([
+  "acf.advisor",
+  "acf.classify-agent",
+  "acf.assess-autonomy",
+  "acf.identify-governance-gaps",
+  "acf.map-ai-act-obligations",
+  "acf.assign-ddao-controls",
+  "acf.evaluate-agent-mandate"
+]);
+var FICHE_TOOLS = /* @__PURE__ */ new Set([
+  "acf.fiche.lookup",
+  "acf.glossary.define",
+  "acf.cite",
+  "acf.regulation.article"
+]);
+var HEAVY_READ_URI_PATTERNS = [
+  /^acf:\/\/whitepaper(?:\?|$)/,
+  // full whitepaper
+  /^acf:\/\/manual(?:\?|$)/,
+  /^acf:\/\/guide\/[a-z0-9-]+(?:\?|$)/
+];
+function pickRateLimitConfig(input) {
+  if (input.method === "tools/call" && input.toolName) {
+    if (REASON_TOOLS.has(input.toolName)) return RATE_LIMIT_TIERS["mcp.reason"];
+    if (FICHE_TOOLS.has(input.toolName)) return RATE_LIMIT_TIERS["mcp.fiche"];
+    if (input.toolName === "acf.search") return RATE_LIMIT_TIERS["mcp.search"];
+  }
+  if (input.method === "resources/read" && input.uri) {
+    if (HEAVY_READ_URI_PATTERNS.some((p) => p.test(input.uri))) {
+      return RATE_LIMIT_TIERS["mcp.heavy-read"];
+    }
+    return RATE_LIMIT_TIERS["mcp.fiche"];
+  }
+  return RATE_LIMIT_TIERS["mcp.search"];
+}
+var perIpBuckets = /* @__PURE__ */ new Map();
+var globalBuckets = /* @__PURE__ */ new Map();
+function consume(bucketMap, bucketKey, limit, windowMs, now) {
+  const existing = bucketMap.get(bucketKey);
+  if (!existing || now - existing.windowStart > windowMs) {
+    bucketMap.set(bucketKey, { count: 1, windowStart: now });
+    return true;
+  }
+  if (existing.count >= limit) return false;
+  existing.count += 1;
+  return true;
+}
+function checkRateLimit(ip, input) {
+  const now = Date.now();
+  const ipKey = `${input.key}|${ip}`;
+  const ipOk = consume(perIpBuckets, ipKey, input.perIpLimit, input.windowMs, now);
+  if (!ipOk) {
+    return {
+      allowed: false,
+      retryAfter: Math.ceil(input.windowMs / 1e3),
+      reason: "per_ip"
+    };
+  }
+  const globalOk = consume(
+    globalBuckets,
+    input.key,
+    input.globalLimit,
+    input.windowMs,
+    now
+  );
+  if (!globalOk) {
+    return {
+      allowed: false,
+      retryAfter: Math.ceil(input.windowMs / 1e3),
+      reason: "global"
+    };
+  }
+  return { allowed: true };
+}
+function _resetForTests() {
+  perIpBuckets.clear();
+  globalBuckets.clear();
+}
+
+export { RATE_LIMIT_TIERS, _resetForTests, checkRateLimit, pickRateLimitConfig };
+//# sourceMappingURL=rate-limit.js.map
+//# sourceMappingURL=rate-limit.js.map

package/dist/lib/rate-limit.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/lib/rate-limit.ts"],"names":[],"mappings":";AAMO,IAAM,gBAAA,GAAkD;AAAA,EAC7D,cAAc,EAAE,GAAA,EAAK,cAAc,UAAA,EAAY,EAAA,EAAI,aAAa,GAAA,EAAK;AAAA,EACrE,aAAa,EAAE,GAAA,EAAK,aAAa,UAAA,EAAY,EAAA,EAAI,aAAa,GAAA,EAAK;AAAA,EACnE,cAAc,EAAE,GAAA,EAAK,cAAc,UAAA,EAAY,EAAA,EAAI,aAAa,GAAA,EAAI;AAAA,EACpE,kBAAkB,EAAE,GAAA,EAAK,kBAAkB,UAAA,EAAY,EAAA,EAAI,aAAa,GAAA;AAC1E;AAEA,IAAM,YAAA,uBAAmB,GAAA,CAAI;AAAA,EAC3B,aAAA;AAAA,EACA,oBAAA;AAAA,EACA,qBAAA;AAAA,EACA,8BAAA;AAAA,EACA,4BAAA;AAAA,EACA,0BAAA;AAAA,EACA;AACF,CAAC,CAAA;AAED,IAAM,WAAA,uBAAkB,GAAA,CAAI;AAAA,EAC1B,kBAAA;AAAA,EAAoB,qBAAA;AAAA,EAAuB,UAAA;AAAA,EAAY;AACzD,CAAC,CAAA;AAED,IAAM,uBAAA,GAA0B;AAAA,EAC9B,6BAAA;AAAA;AAAA,EACA,yBAAA;AAAA,EACA;AACF,CAAA;AAQO,SAAS,oBAAoB,KAAA,EAAqC;AACvE,EAAA,IAAI,KAAA,CAAM,MAAA,KAAW,YAAA,IAAgB,KAAA,CAAM,QAAA,EAAU;AACnD,IAAA,IAAI,aAAa,GAAA,CAAI,KAAA,CAAM,QAAQ,CAAA,EAAG,OAAO,iBAAiB,YAAY,CAAA;AAC1E,IAAA,IAAI,YAAY,GAAA,CAAI,KAAA,CAAM,QAAQ,CAAA,EAAG,OAAO,iBAAiB,WAAW,CAAA;AACxE,IAAA,IAAI,KAAA,CAAM,QAAA,KAAa,YAAA,EAAc,OAAO,iBAAiB,YAAY,CAAA;AAAA,EAC3E;AACA,EAAA,IAAI,KAAA,CAAM,MAAA,KAAW,gBAAA,IAAoB,KAAA,CAAM,GAAA,EAAK;AAClD,IAAA,IAAI,uBAAA,CAAwB,KAAK,CAAC,CAAA,KAAM,EAAE,IAAA,CAAK,KAAA,CAAM,GAAI,CAAC,CAAA,EAAG;AAC3D,MAAA,OAAO,iBAAiB,gBAAgB,CAAA;AAAA,IAC1C;AACA,IAAA,OAAO,iBAAiB,WAAW,CAAA;AAAA,EACrC;AACA,EAAA,OAAO,iBAAiB,YAAY,CAAA;AACtC;AAOA,IAAM,YAAA,uBAAmB,GAAA,EAAoB;AAC7C,IAAM,aAAA,uBAAoB,GAAA,EAAoB;AAY9C,SAAS,OAAA,CACP,SAAA,EACA,SAAA,EACA,KAAA,EACA,UACA,GAAA,EACS;AACT,EAAA,MAAM,QAAA,GAAW,SAAA,CAAU,GAAA,CAAI,SAAS,CAAA;AACxC,EAAA,IAAI,CAAC,QAAA,IAAY,GAAA,GAAM,QAAA,CAAS,cAAc,QAAA,EAAU;AACtD,IAAA,SAAA,CAAU,IAAI,SAAA,EAAW,EAAE,OAAO,CAAA,EAAG,WAAA,EAAa,KAAK,CAAA;AACvD,IAAA,OAAO,IAAA;AAAA,EACT;AACA,EAAA,IAAI,QAAA,CAAS,KAAA,IAAS,KAAA,EAAO,OAAO,KAAA;AACpC,EAAA,QAAA,CAAS,KAAA,IAAS,CAAA;AAClB,EAAA,OAAO,IAAA;AACT;AAEO,SAAS,cAAA,CACd,IACA,KAAA,EACsB;AACtB,EAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AACrB,EAAA,MAAM,KAAA,GAAQ,CAAA,EAAG,KAAA,CAAM,GAAG,IAAI,EAAE,CAAA,CAAA;AAChC,EAAA,MAAM,IAAA,GAAO,QAAQ,YAAA,EAAc,KAAA,EAAO,MAAM,UAAA,EAAY,KAAA,CAAM,UAAU,GAAG,CAAA;AAC/E,EAAA,IAAI,CAAC,IAAA,EAAM;AACT,IAAA,OAAO;AAAA,MACL,OAAA,EAAS,KAAA;AAAA,MACT,UAAA,EAAY,IAAA,CAAK,IAAA,CAAK,KAAA,CAAM,WAAW,GAAI,CAAA;AAAA,MAC3C,MAAA,EAAQ;AAAA,KACV;AAAA,EACF;AACA,EAAA,MAAM,QAAA,GAAW,OAAA;AAAA,IACf,aAAA;AAAA,IAAe,KAAA,CAAM,GAAA;AAAA,IAAK,KAAA,CAAM,WAAA;AAAA,IAAa,KAAA,CAAM,QAAA;AAAA,IAAU;AAAA,GAC/D;AACA,EAAA,IAAI,CAAC,QAAA,EAAU;AACb,IAAA,OAAO;AAAA,MACL,OAAA,EAAS,KAAA;AAAA,MACT,UAAA,EAAY,IAAA,CAAK,IAAA,CAAK,KAAA,CAAM,WAAW,GAAI,CAAA;AAAA,MAC3C,MAAA,EAAQ;AAAA,KACV;AAAA,EACF;AACA,EAAA,OAAO,EAAE,SAAS,IAAA,EAAK;AACzB;AAEO,SAAS,cAAA,GAAiB;AAC/B,EAAA,YAAA,CAAa,KAAA,EAAM;AACnB,EAAA,aAAA,CAAc,KAAA,EAAM;AACtB","file":"rate-limit.js","sourcesContent":["export interface RateLimitTier {\n  key: string;\n  perIpLimit: number;\n  globalLimit: number;\n}\n\nexport const RATE_LIMIT_TIERS: Record<string, RateLimitTier> = {\n  \"mcp.search\": { key: \"mcp.search\", perIpLimit: 60, globalLimit: 1000 },\n  \"mcp.fiche\": { key: \"mcp.fiche\", perIpLimit: 60, globalLimit: 1000 },\n  \"mcp.reason\": { key: \"mcp.reason\", perIpLimit: 30, globalLimit: 500 },\n  \"mcp.heavy-read\": { key: \"mcp.heavy-read\", perIpLimit: 15, globalLimit: 200 },\n};\n\nconst REASON_TOOLS = new Set([\n  \"acf.advisor\",\n  \"acf.classify-agent\",\n  \"acf.assess-autonomy\",\n  \"acf.identify-governance-gaps\",\n  \"acf.map-ai-act-obligations\",\n  \"acf.assign-ddao-controls\",\n  \"acf.evaluate-agent-mandate\",\n]);\n\nconst FICHE_TOOLS = new Set([\n  \"acf.fiche.lookup\", \"acf.glossary.define\", \"acf.cite\", \"acf.regulation.article\",\n]);\n\nconst HEAVY_READ_URI_PATTERNS = [\n  /^acf:\\/\\/whitepaper(?:\\?|$)/, // full whitepaper\n  /^acf:\\/\\/manual(?:\\?|$)/,\n  /^acf:\\/\\/guide\\/[a-z0-9-]+(?:\\?|$)/,\n];\n\nexport interface ToolPickInput {\n  method: string;\n  toolName?: string;\n  uri?: string;\n}\n\nexport function pickRateLimitConfig(input: ToolPickInput): RateLimitTier {\n  if (input.method === \"tools/call\" && input.toolName) {\n    if (REASON_TOOLS.has(input.toolName)) return RATE_LIMIT_TIERS[\"mcp.reason\"]!;\n    if (FICHE_TOOLS.has(input.toolName)) return RATE_LIMIT_TIERS[\"mcp.fiche\"]!;\n    if (input.toolName === \"acf.search\") return RATE_LIMIT_TIERS[\"mcp.search\"]!;\n  }\n  if (input.method === \"resources/read\" && input.uri) {\n    if (HEAVY_READ_URI_PATTERNS.some((p) => p.test(input.uri!))) {\n      return RATE_LIMIT_TIERS[\"mcp.heavy-read\"]!;\n    }\n    return RATE_LIMIT_TIERS[\"mcp.fiche\"]!;\n  }\n  return RATE_LIMIT_TIERS[\"mcp.search\"]!;\n}\n\ninterface Bucket {\n  count: number;\n  windowStart: number;\n}\n\nconst perIpBuckets = new Map<string, Bucket>();\nconst globalBuckets = new Map<string, Bucket>();\n\nexport interface RateLimitCheckInput extends RateLimitTier {\n  windowMs: number;\n}\n\nexport interface RateLimitCheckResult {\n  allowed: boolean;\n  retryAfter?: number;\n  reason?: \"per_ip\" | \"global\";\n}\n\nfunction consume(\n  bucketMap: Map<string, Bucket>,\n  bucketKey: string,\n  limit: number,\n  windowMs: number,\n  now: number,\n): boolean {\n  const existing = bucketMap.get(bucketKey);\n  if (!existing || now - existing.windowStart > windowMs) {\n    bucketMap.set(bucketKey, { count: 1, windowStart: now });\n    return true;\n  }\n  if (existing.count >= limit) return false;\n  existing.count += 1;\n  return true;\n}\n\nexport function checkRateLimit(\n  ip: string,\n  input: RateLimitCheckInput,\n): RateLimitCheckResult {\n  const now = Date.now();\n  const ipKey = `${input.key}|${ip}`;\n  const ipOk = consume(perIpBuckets, ipKey, input.perIpLimit, input.windowMs, now);\n  if (!ipOk) {\n    return {\n      allowed: false,\n      retryAfter: Math.ceil(input.windowMs / 1000),\n      reason: \"per_ip\",\n    };\n  }\n  const globalOk = consume(\n    globalBuckets, input.key, input.globalLimit, input.windowMs, now,\n  );\n  if (!globalOk) {\n    return {\n      allowed: false,\n      retryAfter: Math.ceil(input.windowMs / 1000),\n      reason: \"global\",\n    };\n  }\n  return { allowed: true };\n}\n\nexport function _resetForTests() {\n  perIpBuckets.clear();\n  globalBuckets.clear();\n}\n"]}