agent-task-manager-mcp 1.0.0 → 1.0.1

package/README.md

@@ -4,7 +4,7 @@
 
 [![TypeScript](https://img.shields.io/badge/TypeScript-5.5-blue.svg)](https://www.typescriptlang.org/)
 [![MCP](https://img.shields.io/badge/MCP-1.0-green.svg)](https://modelcontextprotocol.io/)
-[![MongoDB](https://img.shields.io/badge/MongoDB-ODM-green.svg)](https://mongoosejs.com/)
+[![Storage](https://img.shields.io/badge/Storage-MongoDB%20%7C%20PostgreSQL%20%7C%20SQLite%20%7C%20JSON-green.svg)]()
 
 ```bash
 npm install -g agent-task-manager-mcp
@@ -93,7 +93,7 @@ AI agents operate within a fixed **context window** (e.g., 100K–200K tokens).
 │                                   │                                              │
 │                                   ▼                                              │
 │                    ┌───────────────────────────────┐                             │
-│                    │         MongoDB               │                             │
+│                    │         Storage (MongoDB/SQLite/JSON) │                     │
 │                    │  Tasks • Subtasks • Sessions  │                             │
 │                    │  Checkpoints • Progress       │                             │
 │                    └───────────────────────────────┘                             │
@@ -120,11 +120,11 @@ flowchart TB
     end
 
     subgraph Storage["Persistence"]
-        MongoDB[(MongoDB)]
+        DB[(MongoDB / SQLite / JSON)]
     end
 
-    Agent <-->|stdio/JSON-RPC| Server
-    Server <-->|Mongoose| MongoDB
+    Agent <-->|stdio or HTTP| Server
+    Server <-->|Storage Adapter| DB
 
     subgraph ToolsDetail["Tool Categories"]
         T1[task_*]
@@ -238,7 +238,7 @@ flowchart LR
 ## Features
 
 - **14 MCP tools** for full task lifecycle
-- **MongoDB persistence** with Mongoose ODM
+- **MongoDB, SQLite, or JSON file** storage (configurable)
 - **Zod validation** on all tool inputs
 - **Task locking** for multi-agent coordination
 - **Evidence-based verification** (no passing without proof)
@@ -252,8 +252,8 @@ flowchart LR
 ### Prerequisites
 
 - **Node.js** 18+
-- **MongoDB** 6+ (local, remote IP, or Atlas)
-- **MCP-compatible client** (Claude Desktop, Cursor, etc.)
+- **Storage backend** (choose one): MongoDB 6+, PostgreSQL 12+, SQLite (file-based), or JSON file
+- **MCP-compatible client** (Claude Desktop, Cursor, ChatGPT Desktop, etc.)
 
 ### Installation
 
@@ -265,11 +265,9 @@ npm install
 
 ### Environment Setup
 
-(optional and can be define in MCP config of the agent in MONGODB_URI)
-
 ```bash
 cp .env.example .env
-# Edit .env and set MONGODB_URI
+# Edit .env and set STORAGE (mongodb | postgres | sqlite | json) and the corresponding backend config
 ```
 
 ### Run
@@ -277,18 +275,66 @@ cp .env.example .env
 ```bash
 # Production (compiled)
 npm run build
+
+# Stdio mode (default) — for Claude Desktop, Cursor
 npm start
+node dist/index.js
+
+# HTTP mode (default 8000; auto-finds free port if busy)
+npm run start:http
+node dist/index.js --http
+
+# HTTPS mode (default 8443; auto-finds free port if busy)
+npm run start:https
+node dist/index.js --https
+
+# Custom port (node directly — npm eats --port)
+node dist/index.js --http --port=3000
+
+# HTTPS with user-provided cert and key (separate files)
+agent-task-manager-mcp --https --cert=./certs/cert.pem --key=./certs/key.pem
+
+# HTTPS with combined cert+key file (mkcert, or single PEM with both blocks)
+agent-task-manager-mcp --https --cert-key=./certs/localhost.pem
+agent-task-manager-mcp --https --cert=./certs/combined.pem
 ```
 
 ---
 
 ## Configuration
 
+### Storage Backends
+
+| `STORAGE` | Use when | Config |
+|-----------|----------|--------|
+| `mongodb` | Production, multi-agent, document store | `MONGODB_URI` required |
+| `postgres` | Enterprise, high concurrency, swarm of agents | `POSTGRES_URL` or `DATABASE_URL` required |
+| `sqlite` | Local dev, no server, single-file | `SQLITE_PATH` (default: `./data/agent-tasks.db`) |
+| `json` | Quick testing, single agent | `JSON_STORAGE_PATH` (default: `./data/agent-tasks.json`) |
+
+### Choosing a Backend
+
+| Scenario | Recommended |
+|----------|-------------|
+| Swarm of agents, production | `postgres` or `mongodb` |
+| Single agent, local dev | `sqlite` |
+| Quick test, no DB setup | `json` |
+| Existing MongoDB/Postgres infra | Use matching backend |
+
+### Swarm / Multi-Agent
+
+For multiple agents working on tasks concurrently: use **PostgreSQL** or **MongoDB**. Both support task locking and concurrent writes. SQLite and JSON are single-writer; fine for one agent but may conflict with multiple.
+
 ### Environment Variables
 
-| Variable      | Required | Description               | Example                                 |
-| ------------- | -------- | ------------------------- | --------------------------------------- |
-| `MONGODB_URI` | Yes      | MongoDB connection string | `mongodb://localhost:27017/agent-tasks` |
+| Variable | Required when | Description | Example |
+|----------|---------------|-------------|---------|
+| `STORAGE` | No | Backend: `mongodb` \| `postgres` \| `sqlite` \| `json` (default: `mongodb`) | `postgres` |
+| `MONGODB_URI` | `STORAGE=mongodb` | MongoDB connection string | `mongodb://localhost:27017/agent-tasks` |
+| `POSTGRES_URL` or `DATABASE_URL` | `STORAGE=postgres` | PostgreSQL connection string | `postgresql://user:pass@localhost:5432/agent_tasks` |
+| `SQLITE_PATH` | `STORAGE=sqlite` | SQLite database file path | `./data/agent-tasks.db` |
+| `JSON_STORAGE_PATH` | `STORAGE=json` | JSON file path | `./data/agent-tasks.json` |
+| `MCP_ALLOWED_HOSTS` | No | Comma-separated hosts for HTTP/HTTPS (ngrok, etc) | `myapp.ngrok.io,custom.local` |
 
 ### MongoDB URI Examples
 
@@ -303,15 +349,27 @@ MONGODB_URI=mongodb://user:password@IP2:27017/agent-tasks?authSource=admin
 MONGODB_URI=mongodb+srv://user:password@cluster.mongodb.net/agent-tasks?retryWrites=true&w=majority
 ```
 
+### PostgreSQL URI Examples
+
+```env
+# Local
+POSTGRES_URL=postgresql://user:password@localhost:5432/agent_tasks
+
+# Supabase, Neon, Railway, etc.
+DATABASE_URL=postgresql://user:password@host:5432/dbname?sslmode=require
+```
+
 > **Note:** URL-encode special characters in passwords (e.g., `@` → `%40`).
 
 ---
 
 ## Integration
 
-### Claude Desktop
+### Option 1: Global install (recommended)
+
+After `npm install -g agent-task-manager-mcp`, use the binary name. No path or `npx` needed.
 
-Add to `claude_desktop_config.json`:
+**Claude Desktop** — add to `claude_desktop_config.json`:
 
 **macOS:** `~/Library/Application Support/Claude/claude_desktop_config.json`  
 **Windows:** `%APPDATA%\Claude\claude_desktop_config.json`
@@ -320,9 +378,10 @@ Add to `claude_desktop_config.json`:
 {
 	"mcpServers": {
 		"agent-task-manager-mcp": {
-			"command": "npx",
-			"args": ["tsx", "C:/path/to/agent-task-manager-mcp/src/index.ts"],
+			"command": "agent-task-manager-mcp",
+			"args": [],
 			"env": {
+				"STORAGE": "mongodb",
 				"MONGODB_URI": "mongodb://localhost:27017/agent-tasks"
 			}
 		}
@@ -330,9 +389,80 @@ Add to `claude_desktop_config.json`:
 }
 ```
 
-### Cursor
+**Cursor** — add to MCP settings or `.cursor/mcp.json`:
+
+```json
+{
+	"mcpServers": {
+		"agent-task-manager-mcp": {
+			"command": "agent-task-manager-mcp",
+			"args": [],
+			"env": {
+				"STORAGE": "sqlite",
+				"SQLITE_PATH": "./data/agent-tasks.db"
+			}
+		}
+	}
+}
+```
+
+**PostgreSQL** (swarm of agents, production):
+
+```json
+{
+	"mcpServers": {
+		"agent-task-manager-mcp": {
+			"command": "agent-task-manager-mcp",
+			"args": [],
+			"env": {
+				"STORAGE": "postgres",
+				"POSTGRES_URL": "postgresql://user:password@localhost:5432/agent_tasks"
+			}
+		}
+	}
+}
+```
+
+**No DB server?** Use SQLite or JSON:
+
+```json
+{
+	"mcpServers": {
+		"agent-task-manager-mcp": {
+			"command": "agent-task-manager-mcp",
+			"args": [],
+			"env": {
+				"STORAGE": "json",
+				"JSON_STORAGE_PATH": "./data/agent-tasks.json"
+			}
+		}
+	}
+}
+```
+
+See **[docs/STORAGE.md](docs/STORAGE.md)** for per-backend setup, migration, and troubleshooting.
+
+---
+
+### Option 2: From path
+
+**Production (compiled)** — run `npm run build` first, then use `node`:
+
+```json
+{
+	"mcpServers": {
+		"agent-task-manager-mcp": {
+			"command": "node",
+			"args": ["C:/path/to/agent-task-manager-mcp/dist/index.js"],
+			"env": {
+				"MONGODB_URI": "mongodb://localhost:27017/agent-tasks"
+			}
+		}
+	}
+}
+```
 
-Add to Cursor MCP settings (or `.cursor/mcp.json`):
+**Development (source)** — no build; uses `tsx` to run TypeScript directly:
 
 ```json
 {
@@ -350,6 +480,39 @@ Add to Cursor MCP settings (or `.cursor/mcp.json`):
 
 ---
 
+### Option 3: HTTP/HTTPS mode (ChatGPT Desktop, ngrok)
+
+MCP Server URL requires an HTTP(S) endpoint. Supports HTTP, HTTPS, self-signed, mkcert, and user-provided certs.
+
+**HTTP (with ngrok):**
+```bash
+agent-task-manager-mcp --http
+ngrok http 8000
+# Connector URL: https://<subdomain>.ngrok.app/mcp
+```
+
+**HTTPS (local, no ngrok):**
+```bash
+# Auto-generated self-signed cert
+agent-task-manager-mcp --https
+# Connector URL: https://localhost:8443/mcp
+
+# With mkcert (locally trusted)
+mkcert -install && mkcert localhost 127.0.0.1
+agent-task-manager-mcp --https --cert-key=./localhost+1.pem
+
+# With your own cert and key
+agent-task-manager-mcp --https --cert=./cert.pem --key=./key.pem
+```
+
+**Host validation:** localhost, 127.0.0.1, ngrok domains (`*.ngrok-free.app`, `*.ngrok.app`), and `MCP_ALLOWED_HOSTS` (comma-separated env var).
+
+**ChatGPT Desktop** — Settings → Apps & Connectors → Create:
+- **Connector URL:** `https://localhost:8443/mcp` (HTTPS) or `https://<ngrok-subdomain>.ngrok.app/mcp` (HTTP + ngrok)
+- **Authentication:** None
+
+---
+
 ## Tool Reference
 
 ### Task Tools (7)
@@ -433,7 +596,8 @@ Checkpoint
 
 | Issue                         | Check                                                                    |
 | ----------------------------- | ------------------------------------------------------------------------ |
-| `MONGODB_URI is not set`      | Ensure `.env` exists and is loaded; verify env in MCP config             |
+| `MONGODB_URI is not set`      | When `STORAGE=mongodb`; or switch to `STORAGE=sqlite` or `STORAGE=json`   |
+| `Unknown STORAGE type`        | Use `mongodb`, `sqlite`, or `json`                                       |
 | Connection refused            | MongoDB running? Correct host/port?                                      |
 | Auth failed                   | Verify username/password; URL-encode special chars                       |
 | Tool returns `success: false` | Inspect `error` field in JSON response                                   |
@@ -447,7 +611,8 @@ Checkpoint
 agent-task-manager-mcp/
 ├── src/
 │   ├── index.ts           # MCP server entry point
-│   ├── db.ts              # MongoDB connection
+│   ├── db.ts              # MongoDB connection (when STORAGE=mongodb)
+│   ├── storage/           # Storage abstraction (MongoDB, SQLite, JSON)
 │   ├── models/
 │   │   ├── Task.ts
 │   │   ├── Subtask.ts

package/dist/certs.d.ts

@@ -0,0 +1,11 @@
+export type CertKeyPair = {
+    cert: string;
+    key: string;
+};
+export declare const loadCertKey: (opts: {
+    cert?: string;
+    key?: string;
+    certKey?: string;
+}) => CertKeyPair;
+export declare const generateSelfSigned: () => Promise<CertKeyPair>;
+//# sourceMappingURL=certs.d.ts.map

package/dist/certs.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"certs.d.ts","sourceRoot":"","sources":["../src/certs.ts"],"names":[],"mappings":"AAKA,MAAM,MAAM,WAAW,GAAG;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,GAAG,EAAE,MAAM,CAAA;CAAE,CAAA;AAkBvD,eAAO,MAAM,WAAW,GAAI,MAAM;IAChC,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,GAAG,CAAC,EAAE,MAAM,CAAA;IACZ,OAAO,CAAC,EAAE,MAAM,CAAA;CACjB,KAAG,WAmBH,CAAA;AAED,eAAO,MAAM,kBAAkB,QAAa,OAAO,CAAC,WAAW,CAU9D,CAAA"}

package/dist/certs.js

@@ -0,0 +1,56 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.generateSelfSigned = exports.loadCertKey = void 0;
+const node_fs_1 = require("node:fs");
+const node_fs_2 = require("node:fs");
+const node_path_1 = require("node:path");
+const selfsigned_1 = __importDefault(require("selfsigned"));
+const PEM_PRIVATE_KEY = /-----BEGIN\s+(?:(?:RSA|EC)\s+)?PRIVATE KEY-----[\s\S]+?-----END\s+(?:(?:RSA|EC)\s+)?PRIVATE KEY-----/;
+const PEM_CERTIFICATE = /-----BEGIN CERTIFICATE-----[\s\S]+?-----END CERTIFICATE-----/;
+const loadFile = (path) => {
+    const resolved = (0, node_path_1.resolve)(path);
+    if (!(0, node_fs_2.existsSync)(resolved))
+        throw new Error(`File not found: ${resolved}`);
+    return (0, node_fs_1.readFileSync)(resolved, 'utf8');
+};
+const parseCombinedPem = (content) => {
+    const keyMatch = content.match(PEM_PRIVATE_KEY);
+    const certMatch = content.match(PEM_CERTIFICATE);
+    if (keyMatch && certMatch)
+        return { key: keyMatch[0], cert: certMatch[0] };
+    return null;
+};
+const loadCertKey = (opts) => {
+    const { cert, key, certKey } = opts;
+    if (cert && key) {
+        return { cert: loadFile(cert), key: loadFile(key) };
+    }
+    const path = certKey ?? cert;
+    if (path) {
+        const content = loadFile(path);
+        const parsed = parseCombinedPem(content);
+        if (parsed)
+            return parsed;
+        if (key)
+            return { cert: content, key: loadFile(key) };
+        throw new Error(`File ${path} must contain both PRIVATE KEY and CERTIFICATE PEM blocks, or use --key for separate key file`);
+    }
+    throw new Error('Certificate required for HTTPS. Use --cert, --key, or --cert-key');
+};
+exports.loadCertKey = loadCertKey;
+const generateSelfSigned = async () => {
+    const attrs = [{ name: 'commonName', value: 'localhost' }];
+    const notAfter = new Date();
+    notAfter.setFullYear(notAfter.getFullYear() + 1);
+    const pems = await selfsigned_1.default.generate(attrs, {
+        keySize: 2048,
+        algorithm: 'sha256',
+        notAfterDate: notAfter,
+    });
+    return { cert: pems.cert, key: pems.private };
+};
+exports.generateSelfSigned = generateSelfSigned;
+//# sourceMappingURL=certs.js.map

package/dist/certs.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"certs.js","sourceRoot":"","sources":["../src/certs.ts"],"names":[],"mappings":";;;;;;AAAA,qCAAsC;AACtC,qCAAoC;AACpC,yCAAmC;AACnC,4DAAmC;AAInC,MAAM,eAAe,GAAG,sGAAsG,CAAA;AAC9H,MAAM,eAAe,GAAG,8DAA8D,CAAA;AAEtF,MAAM,QAAQ,GAAG,CAAC,IAAY,EAAU,EAAE;IACxC,MAAM,QAAQ,GAAG,IAAA,mBAAO,EAAC,IAAI,CAAC,CAAA;IAC9B,IAAI,CAAC,IAAA,oBAAU,EAAC,QAAQ,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,mBAAmB,QAAQ,EAAE,CAAC,CAAA;IACzE,OAAO,IAAA,sBAAY,EAAC,QAAQ,EAAE,MAAM,CAAC,CAAA;AACvC,CAAC,CAAA;AAED,MAAM,gBAAgB,GAAG,CAAC,OAAe,EAAsB,EAAE;IAC/D,MAAM,QAAQ,GAAG,OAAO,CAAC,KAAK,CAAC,eAAe,CAAC,CAAA;IAC/C,MAAM,SAAS,GAAG,OAAO,CAAC,KAAK,CAAC,eAAe,CAAC,CAAA;IAChD,IAAI,QAAQ,IAAI,SAAS;QAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,SAAS,CAAC,CAAC,CAAC,EAAE,CAAA;IAC1E,OAAO,IAAI,CAAA;AACb,CAAC,CAAA;AAEM,MAAM,WAAW,GAAG,CAAC,IAI3B,EAAe,EAAE;IAChB,MAAM,EAAE,IAAI,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,IAAI,CAAA;IAEnC,IAAI,IAAI,IAAI,GAAG,EAAE,CAAC;QAChB,OAAO,EAAE,IAAI,EAAE,QAAQ,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAA;IACrD,CAAC;IAED,MAAM,IAAI,GAAG,OAAO,IAAI,IAAI,CAAA;IAC5B,IAAI,IAAI,EAAE,CAAC;QACT,MAAM,OAAO,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAA;QAC9B,MAAM,MAAM,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAA;QACxC,IAAI,MAAM;YAAE,OAAO,MAAM,CAAA;QACzB,IAAI,GAAG;YAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAA;QACrD,MAAM,IAAI,KAAK,CACb,QAAQ,IAAI,+FAA+F,CAC5G,CAAA;IACH,CAAC;IAED,MAAM,IAAI,KAAK,CAAC,kEAAkE,CAAC,CAAA;AACrF,CAAC,CAAA;AAvBY,QAAA,WAAW,eAuBvB;AAEM,MAAM,kBAAkB,GAAG,KAAK,IAA0B,EAAE;IACjE,MAAM,KAAK,GAAG,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,KAAK,EAAE,WAAW,EAAE,CAAC,CAAA;IAC1D,MAAM,QAAQ,GAAG,IAAI,IAAI,EAAE,CAAA;IAC3B,QAAQ,CAAC,WAAW,CAAC,QAAQ,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC,CAAA;IAChD,MAAM,IAAI,GAAG,MAAM,oBAAU,CAAC,QAAQ,CAAC,KAAK,EAAE;QAC5C,OAAO,EAAE,IAAI;QACb,SAAS,EAAE,QAAQ;QACnB,YAAY,EAAE,QAAQ;KACvB,CAAC,CAAA;IACF,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,GAAG,EAAE,IAAI,CAAC,OAAO,EAAE,CAAA;AAC/C,CAAC,CAAA;AAVY,QAAA,kBAAkB,sBAU9B"}

package/dist/cli.d.ts

@@ -0,0 +1,14 @@
+export type CliOptions = {
+    stdio: boolean;
+    http: boolean;
+    https: boolean;
+    port?: number;
+    cert?: string;
+    key?: string;
+    certKey?: string;
+};
+declare const DEFAULT_HTTP_PORT = 8000;
+declare const DEFAULT_HTTPS_PORT = 8443;
+export declare const parseCli: () => CliOptions;
+export { DEFAULT_HTTP_PORT, DEFAULT_HTTPS_PORT };
+//# sourceMappingURL=cli.d.ts.map

package/dist/cli.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":"AAOA,MAAM,MAAM,UAAU,GAAG;IACvB,KAAK,EAAE,OAAO,CAAA;IACd,IAAI,EAAE,OAAO,CAAA;IACb,KAAK,EAAE,OAAO,CAAA;IACd,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,GAAG,CAAC,EAAE,MAAM,CAAA;IACZ,OAAO,CAAC,EAAE,MAAM,CAAA;CACjB,CAAA;AAED,QAAA,MAAM,iBAAiB,OAAO,CAAA;AAC9B,QAAA,MAAM,kBAAkB,OAAO,CAAA;AAE/B,eAAO,MAAM,QAAQ,QAAO,UAsB3B,CAAA;AAED,OAAO,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,CAAA"}

package/dist/cli.js

@@ -0,0 +1,35 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DEFAULT_HTTPS_PORT = exports.DEFAULT_HTTP_PORT = exports.parseCli = void 0;
+const getArg = (name) => {
+    const arg = process.argv.find((a) => a.startsWith(`${name}=`));
+    return arg?.slice(name.length + 1);
+};
+const hasArg = (name) => process.argv.includes(name);
+const DEFAULT_HTTP_PORT = 8000;
+exports.DEFAULT_HTTP_PORT = DEFAULT_HTTP_PORT;
+const DEFAULT_HTTPS_PORT = 8443;
+exports.DEFAULT_HTTPS_PORT = DEFAULT_HTTPS_PORT;
+const parseCli = () => {
+    const httpMode = hasArg('--http');
+    const httpsMode = hasArg('--https');
+    const portArg = getArg('--port');
+    const port = portArg ? parseInt(portArg, 10) : undefined;
+    const cert = getArg('--cert');
+    const key = getArg('--key');
+    const certKey = getArg('--cert-key');
+    const stdio = !httpMode && !httpsMode;
+    const http = httpMode || httpsMode;
+    const https = httpsMode;
+    return {
+        stdio,
+        http,
+        https,
+        port,
+        cert,
+        key,
+        certKey,
+    };
+};
+exports.parseCli = parseCli;
+//# sourceMappingURL=cli.js.map

package/dist/cli.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";;;AAAA,MAAM,MAAM,GAAG,CAAC,IAAY,EAAsB,EAAE;IAClD,MAAM,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,IAAI,GAAG,CAAC,CAAC,CAAA;IAC9D,OAAO,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAA;AACpC,CAAC,CAAA;AAED,MAAM,MAAM,GAAG,CAAC,IAAY,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;AAY5D,MAAM,iBAAiB,GAAG,IAAI,CAAA;AA2BrB,8CAAiB;AA1B1B,MAAM,kBAAkB,GAAG,IAAI,CAAA;AA0BH,gDAAkB;AAxBvC,MAAM,QAAQ,GAAG,GAAe,EAAE;IACvC,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC,CAAA;IACjC,MAAM,SAAS,GAAG,MAAM,CAAC,SAAS,CAAC,CAAA;IACnC,MAAM,OAAO,GAAG,MAAM,CAAC,QAAQ,CAAC,CAAA;IAChC,MAAM,IAAI,GAAG,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;IACxD,MAAM,IAAI,GAAG,MAAM,CAAC,QAAQ,CAAC,CAAA;IAC7B,MAAM,GAAG,GAAG,MAAM,CAAC,OAAO,CAAC,CAAA;IAC3B,MAAM,OAAO,GAAG,MAAM,CAAC,YAAY,CAAC,CAAA;IAEpC,MAAM,KAAK,GAAG,CAAC,QAAQ,IAAI,CAAC,SAAS,CAAA;IACrC,MAAM,IAAI,GAAG,QAAQ,IAAI,SAAS,CAAA;IAClC,MAAM,KAAK,GAAG,SAAS,CAAA;IAEvB,OAAO;QACL,KAAK;QACL,IAAI;QACJ,KAAK;QACL,IAAI;QACJ,IAAI;QACJ,GAAG;QACH,OAAO;KACR,CAAA;AACH,CAAC,CAAA;AAtBY,QAAA,QAAQ,YAsBpB"}

package/dist/hostValidation.d.ts

@@ -0,0 +1,3 @@
+import type { Request, Response, NextFunction } from 'express';
+export declare const hostValidationMiddleware: (req: Request, res: Response, next: NextFunction) => void;
+//# sourceMappingURL=hostValidation.d.ts.map

package/dist/hostValidation.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"hostValidation.d.ts","sourceRoot":"","sources":["../src/hostValidation.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,SAAS,CAAA;AAsB9D,eAAO,MAAM,wBAAwB,GACnC,KAAK,OAAO,EACZ,KAAK,QAAQ,EACb,MAAM,YAAY,SA+BnB,CAAA"}

package/dist/hostValidation.js

@@ -0,0 +1,58 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.hostValidationMiddleware = void 0;
+const LOCALHOST_HOSTS = new Set(['localhost', '127.0.0.1', '[::1]']);
+const NGROK_SUFFIXES = ['.ngrok-free.app', '.ngrok.app', '.ngrok.io'];
+const getAllowedHosts = () => {
+    const extra = process.env.MCP_ALLOWED_HOSTS;
+    if (!extra)
+        return LOCALHOST_HOSTS;
+    const hosts = new Set(LOCALHOST_HOSTS);
+    for (const h of extra.split(',').map((s) => s.trim()).filter(Boolean)) {
+        hosts.add(h);
+    }
+    return hosts;
+};
+const isHostAllowed = (hostname) => {
+    if (LOCALHOST_HOSTS.has(hostname))
+        return true;
+    if (NGROK_SUFFIXES.some((s) => hostname.endsWith(s)))
+        return true;
+    if (getAllowedHosts().has(hostname))
+        return true;
+    return false;
+};
+const hostValidationMiddleware = (req, res, next) => {
+    const hostHeader = req.headers.host;
+    if (!hostHeader) {
+        res.status(403).json({
+            jsonrpc: '2.0',
+            error: { code: -32000, message: 'Missing Host header' },
+            id: null,
+        });
+        return;
+    }
+    let hostname;
+    try {
+        hostname = new URL(`http://${hostHeader}`).hostname;
+    }
+    catch {
+        res.status(403).json({
+            jsonrpc: '2.0',
+            error: { code: -32000, message: `Invalid Host header: ${hostHeader}` },
+            id: null,
+        });
+        return;
+    }
+    if (!isHostAllowed(hostname)) {
+        res.status(403).json({
+            jsonrpc: '2.0',
+            error: { code: -32000, message: `Invalid Host: ${hostname}` },
+            id: null,
+        });
+        return;
+    }
+    next();
+};
+exports.hostValidationMiddleware = hostValidationMiddleware;
+//# sourceMappingURL=hostValidation.js.map

package/dist/hostValidation.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"hostValidation.js","sourceRoot":"","sources":["../src/hostValidation.ts"],"names":[],"mappings":";;;AAEA,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC,CAAC,WAAW,EAAE,WAAW,EAAE,OAAO,CAAC,CAAC,CAAA;AACpE,MAAM,cAAc,GAAG,CAAC,iBAAiB,EAAE,YAAY,EAAE,WAAW,CAAC,CAAA;AAErE,MAAM,eAAe,GAAG,GAAgB,EAAE;IACxC,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAA;IAC3C,IAAI,CAAC,KAAK;QAAE,OAAO,eAAe,CAAA;IAClC,MAAM,KAAK,GAAG,IAAI,GAAG,CAAC,eAAe,CAAC,CAAA;IACtC,KAAK,MAAM,CAAC,IAAI,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC;QACtE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAA;IACd,CAAC;IACD,OAAO,KAAK,CAAA;AACd,CAAC,CAAA;AAED,MAAM,aAAa,GAAG,CAAC,QAAgB,EAAW,EAAE;IAClD,IAAI,eAAe,CAAC,GAAG,CAAC,QAAQ,CAAC;QAAE,OAAO,IAAI,CAAA;IAC9C,IAAI,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;QAAE,OAAO,IAAI,CAAA;IACjE,IAAI,eAAe,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC;QAAE,OAAO,IAAI,CAAA;IAChD,OAAO,KAAK,CAAA;AACd,CAAC,CAAA;AAEM,MAAM,wBAAwB,GAAG,CACtC,GAAY,EACZ,GAAa,EACb,IAAkB,EAClB,EAAE;IACF,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,CAAA;IACnC,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;YACnB,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,qBAAqB,EAAE;YACvD,EAAE,EAAE,IAAI;SACT,CAAC,CAAA;QACF,OAAM;IACR,CAAC;IACD,IAAI,QAAgB,CAAA;IACpB,IAAI,CAAC;QACH,QAAQ,GAAG,IAAI,GAAG,CAAC,UAAU,UAAU,EAAE,CAAC,CAAC,QAAQ,CAAA;IACrD,CAAC;IAAC,MAAM,CAAC;QACP,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;YACnB,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,wBAAwB,UAAU,EAAE,EAAE;YACtE,EAAE,EAAE,IAAI;SACT,CAAC,CAAA;QACF,OAAM;IACR,CAAC;IACD,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC7B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;YACnB,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,iBAAiB,QAAQ,EAAE,EAAE;YAC7D,EAAE,EAAE,IAAI;SACT,CAAC,CAAA;QACF,OAAM;IACR,CAAC;IACD,IAAI,EAAE,CAAA;AACR,CAAC,CAAA;AAlCY,QAAA,wBAAwB,4BAkCpC"}

package/dist/http.server.d.ts

@@ -0,0 +1,13 @@
+declare const DEFAULT_HTTP_PORT = 8000;
+declare const DEFAULT_HTTPS_PORT = 8443;
+declare const findAvailablePort: (startPort: number) => Promise<number>;
+export type HttpServerOptions = {
+    port?: number;
+    https?: boolean;
+    cert?: string;
+    key?: string;
+    certKey?: string;
+};
+declare const runHttpServer: (opts?: HttpServerOptions) => Promise<void>;
+export { findAvailablePort, runHttpServer, DEFAULT_HTTP_PORT, DEFAULT_HTTPS_PORT };
+//# sourceMappingURL=http.server.d.ts.map

package/dist/http.server.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"http.server.d.ts","sourceRoot":"","sources":["../src/http.server.ts"],"names":[],"mappings":"AAaA,QAAA,MAAM,iBAAiB,OAAO,CAAA;AAC9B,QAAA,MAAM,kBAAkB,OAAO,CAAA;AAK/B,QAAA,MAAM,iBAAiB,GAAI,WAAW,MAAM,KAAG,OAAO,CAAC,MAAM,CAyBzD,CAAA;AAOJ,MAAM,MAAM,iBAAiB,GAAG;IAC9B,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,KAAK,CAAC,EAAE,OAAO,CAAA;IACf,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,GAAG,CAAC,EAAE,MAAM,CAAA;IACZ,OAAO,CAAC,EAAE,MAAM,CAAA;CACjB,CAAA;AASD,QAAA,MAAM,aAAa,GAAU,OAAM,iBAAsB,kBAkJxD,CAAA;AAED,OAAO,EAAE,iBAAiB,EAAE,aAAa,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,CAAA"}