npm - drizzle-cube - Versions diffs - 0.4.53 → 0.5.1 - Mend

drizzle-cube 0.4.53 → 0.5.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (277) hide show

package/dist/adapters/mcp-transport.d.ts CHANGED Viewed

@@ -1,10 +1,12 @@
 import { SemanticLayerCompiler, SecurityContext } from '../server';
 import { MCPPrompt } from '../server/ai/mcp-prompts';
+import { McpAppConfig } from './utils';
+export type { McpAppConfig };
 export { type MCPPrompt };
 export declare const MCP_APP_RESOURCE_URI = "ui://drizzle-cube/visualization.html";
 export declare const MCP_APP_MIME_TYPE = "text/html;profile=mcp-app";
-/** Get the bundled MCP App HTML. Returns empty string if not yet built. */
-export declare function getMcpAppHtml(): string;
+/** Get the bundled MCP App HTML, optionally with locale config injected. Returns empty string if not yet built. */
+export declare function getMcpAppHtml(config?: McpAppConfig): string;
 export type JsonRpcId = string | number | null | undefined;
 export interface JsonRpcRequest {
     jsonrpc: '2.0';
@@ -32,6 +34,10 @@ export interface McpDispatchContext {
     prompts?: MCPPrompt[];
     /** Enable MCP App visualization for load tool */
     appEnabled?: boolean;
+    /** Locale configuration for the MCP App (only used when appEnabled is true) */
+    appConfig?: McpAppConfig;
+    /** Optional name for the MCP serverInfo.name field. Defaults to 'drizzle-cube'. */
+    serverName?: string;
 }
 export interface MCPResource {
     uri: string;
@@ -40,6 +46,8 @@ export interface MCPResource {
     mimeType: string;
     text: string;
 }
+export type MCPPromptResolver = MCPPrompt[] | ((defaults: MCPPrompt[]) => MCPPrompt[]);
+export type MCPResourceResolver = MCPResource[] | ((defaults: MCPResource[]) => MCPResource[]);
 export interface ProtocolNegotiation {
     ok: boolean;
     negotiated: string | null;
@@ -89,6 +97,17 @@ export declare function validateOriginHeader(origin: string | null | undefined,
     valid: false;
     reason: string;
 };
+/**
+ * Extract a Bearer token from an Authorization header.
+ * Returns the token string if present and well-formed, or null otherwise.
+ */
+export declare function extractBearerToken(authHeader: string | null | undefined): string | null;
+/**
+ * Build a WWW-Authenticate challenge header value per MCP / RFC 9728.
+ * Points the client to the Protected Resource Metadata document so it can
+ * discover the authorization server and begin the OAuth 2.1 flow.
+ */
+export declare function buildWwwAuthenticateChallenge(resourceMetadataUrl: string): string;
 export declare function serializeSseEvent(payload: unknown, eventId?: string, retryMs?: number): string;
 export declare function buildJsonRpcError(id: JsonRpcId, code: number, message: string, data?: unknown): JsonRpcResponse;
 export declare function buildJsonRpcResult(id: JsonRpcId, result: unknown): JsonRpcResponse;
@@ -111,3 +130,7 @@ export declare function buildToolList(options?: {
 }[];
 export declare function getDefaultResources(): MCPResource[];
 export declare function getDefaultPrompts(): MCPPrompt[];
+export declare function resolveMcpPrompts(prompts?: MCPPromptResolver): MCPPrompt[];
+export declare function resolveMcpResources(resources?: MCPResourceResolver): MCPResource[];
+export declare function buildMcpSchemaResource(semanticLayer: SemanticLayerCompiler): MCPResource;
+export declare function buildMcpResources(semanticLayer: SemanticLayerCompiler, resources?: MCPResourceResolver): MCPResource[];

package/dist/adapters/nextjs/index.cjs CHANGED Viewed

	@@ -1 +1 @@
1	- Object.defineProperty(exports,Symbol.toStringTag,{value:`Module`});const e=require(`../utils-CyBt-as9.cjs`),t=require(`../compiler-CRgLzmSn.cjs`),n=require(`../mcp-transport-DMhuYmFp.cjs`);let r=require(`next/server`);function i(e){let{cubes:n,drizzle:r,schema:i,engineType:a,cache:o,rlsSetup:s}=e;if(!n\|\|n.length===0)throw Error(`At least one cube must be provided in the cubes array`);let c=new t.t({drizzle:r,schema:i,engineType:a,cache:o,rlsSetup:s});return n.forEach(e=>{c.registerCube(e)}),c}function a(e,t){let n=e.headers.get(`origin`),r={};return t.origin&&(typeof t.origin==`string`?r[`Access-Control-Allow-Origin`]=t.origin:Array.isArray(t.origin)?n&&t.origin.includes(n)&&(r[`Access-Control-Allow-Origin`]=n):typeof t.origin==`function`&&n&&t.origin(n)&&(r[`Access-Control-Allow-Origin`]=n)),t.methods&&(r[`Access-Control-Allow-Methods`]=t.methods.join(`, `)),t.allowedHeaders&&(r[`Access-Control-Allow-Headers`]=t.allowedHeaders.join(`, `)),t.credentials&&(r[`Access-Control-Allow-Credentials`]=`true`),r}function o(e){return async function(t){let n=a(t,e);return new Response(null,{status:200,headers:n})}}function s(t){let{extractSecurityContext:n,cors:o}=t,s=i(t);return async function(t,i){try{let c;if(t.method===`POST`){let e=await t.json();c=e.query\|\|e}else if(t.method===`GET`){let n=t.nextUrl.searchParams.get(`query`);if(!n)return r.NextResponse.json(e.i(`Query parameter is required`,400),{status:400});try{c=JSON.parse(n)}catch{return r.NextResponse.json(e.i(`Invalid JSON in query parameter`,400),{status:400})}}else return r.NextResponse.json(e.i(`Method not allowed`,405),{status:405});let l=await n(t,i),u=s.validateQuery(c);if(!u.isValid)return r.NextResponse.json(e.i(`Query validation failed: ${u.errors.join(`, `)}`,400),{status:400});let d=t.headers.get(`x-cache-control`)===`no-cache`,f=await s.executeMultiCubeQuery(c,l,{skipCache:d}),p=e.r(c,f,s);return r.NextResponse.json(p,{headers:o?a(t,o):{}})}catch(t){return process.env.NODE_ENV!==`test`&&console.error(`Next.js load handler error:`,t),r.NextResponse.json(e.i(t instanceof Error?t.message:`Query execution failed`,500),{status:500})}}}function c(t){let{cors:n}=t,o=i(t);return async function(t,i){try{let i=e.a(o.getMetadata());return r.NextResponse.json(i,{headers:n?a(t,n):{}})}catch(t){return process.env.NODE_ENV!==`test`&&console.error(`Next.js meta handler error:`,t),r.NextResponse.json(e.i(t instanceof Error?t.message:`Failed to fetch metadata`,500),{status:500})}}}function l(t){let{extractSecurityContext:n,cors:o}=t,s=i(t);return async function(t,i){try{let c;if(t.method===`POST`){let e=await t.json();c=e.query\|\|e}else if(t.method===`GET`){let n=t.nextUrl.searchParams.get(`query`);if(!n)return r.NextResponse.json(e.i(`Query parameter is required`,400),{status:400});try{c=JSON.parse(n)}catch{return r.NextResponse.json(e.i(`Invalid JSON in query parameter`,400),{status:400})}}else return r.NextResponse.json(e.i(`Method not allowed`,405),{status:405});let l=await n(t,i),u=s.validateQuery(c);if(!u.isValid)return r.NextResponse.json(e.i(`Query validation failed: ${u.errors.join(`, `)}`,400),{status:400});let d=c.measures?.[0]\|\|c.dimensions?.[0];if(!d)return r.NextResponse.json(e.i(`No measures or dimensions specified`,400),{status:400});let f=d.split(`.`)[0],p=await s.generateSQL(f,c,l),m=e.o(c,p);return r.NextResponse.json(m,{headers:o?a(t,o):{}})}catch(t){return process.env.NODE_ENV!==`test`&&console.error(`Next.js SQL handler error:`,t),r.NextResponse.json(e.i(t instanceof Error?t.message:`SQL generation failed`,500),{status:500})}}}function u(t){let{extractSecurityContext:n,cors:o}=t,s=i(t);return async function(t,i){try{let c;if(t.method===`POST`){let e=await t.json();c=e.query\|\|e}else if(t.method===`GET`){let e=t.nextUrl.searchParams.get(`query`);if(!e)return r.NextResponse.json({error:`Query parameter is required`,valid:!1},{status:400});try{c=JSON.parse(e)}catch{return r.NextResponse.json({error:`Invalid JSON in query parameter`,valid:!1},{status:400})}}else return r.NextResponse.json({error:`Method not allowed`,valid:!1},{status:405});let l=await n(t,i),u=await e.f(c,l,s);return r.NextResponse.json(u,{headers:o?a(t,o):{}})}catch(e){return process.env.NODE_ENV!==`test`&&console.error(`Next.js dry-run handler error:`,e),r.NextResponse.json({error:e instanceof Error?e.message:`Dry-run validation failed`,valid:!1},{status:400})}}}function d(t){let{extractSecurityContext:n,cors:o}=t,s=i(t);return async function(t,i){try{if(t.method!==`POST`)return r.NextResponse.json(e.i(`Method not allowed - use POST`,405),{status:405});let{queries:c}=await t.json();if(!c\|\|!Array.isArray(c))return r.NextResponse.json(e.i(`Request body must contain a "queries" array`,400),{status:400});if(c.length===0)return r.NextResponse.json(e.i(`Queries array cannot be empty`,400),{status:400});let l=await e.u(c,await n(t,i),s,{skipCache:t.headers.get(`x-cache-control`)===`no-cache`});return r.NextResponse.json(l,{headers:o?a(t,o):{}})}catch(t){return process.env.NODE_ENV!==`test`&&console.error(`Next.js batch handler error:`,t),r.NextResponse.json(e.i(t instanceof Error?t.message:`Batch execution failed`,500),{status:500})}}}function f(e){let{extractSecurityContext:t,cors:n}=e,o=i(e);return async function(e,i){try{if(e.method!==`POST`)return r.NextResponse.json({error:`Method not allowed`},{status:405});let s=await e.json(),c=s.query\|\|s,l=s.options\|\|{},u=await t(e,i),d=o.validateQuery(c);if(!d.isValid)return r.NextResponse.json({error:`Query validation failed: ${d.errors.join(`, `)}`},{status:400});let f=await o.explainQuery(c,u,l);return r.NextResponse.json(f,{headers:n?a(e,n):{}})}catch(e){return process.env.NODE_ENV!==`test`&&console.error(`Next.js explain handler error:`,e),r.NextResponse.json({error:e instanceof Error?e.message:`Explain query failed`},{status:500})}}}function p(t){let{cors:n}=t,o=i(t);return async function(t,i){try{if(t.method!==`POST`)return r.NextResponse.json(e.i(`Method not allowed - use POST`,405),{status:405});let i=await e.d(o,await t.json());return r.NextResponse.json(i,{headers:n?a(t,n):{}})}catch(t){return process.env.NODE_ENV!==`test`&&console.error(`Next.js discover handler error:`,t),r.NextResponse.json(e.i(t instanceof Error?t.message:`Discovery failed`,500),{status:500})}}}function m(t){let{cors:n}=t,o=i(t);return async function(t,i){try{if(t.method!==`POST`)return r.NextResponse.json(e.i(`Method not allowed - use POST`,405),{status:405});let i=await t.json();if(!i.naturalLanguage)return r.NextResponse.json(e.i(`naturalLanguage field is required`,400),{status:400});let s=await e.m(o,i);return r.NextResponse.json(s,{headers:n?a(t,n):{}})}catch(t){return process.env.NODE_ENV!==`test`&&console.error(`Next.js suggest handler error:`,t),r.NextResponse.json(e.i(t instanceof Error?t.message:`Query suggestion failed`,500),{status:500})}}}function h(t){let{cors:n}=t,o=i(t);return async function(t,i){try{if(t.method!==`POST`)return r.NextResponse.json(e.i(`Method not allowed - use POST`,405),{status:405});let i=await t.json();if(!i.query)return r.NextResponse.json(e.i(`query field is required`,400),{status:400});let s=await e.h(o,i);return r.NextResponse.json(s,{headers:n?a(t,n):{}})}catch(t){return process.env.NODE_ENV!==`test`&&console.error(`Next.js validate handler error:`,t),r.NextResponse.json(e.i(t instanceof Error?t.message:`Query validation failed`,500),{status:500})}}}function g(t){let{extractSecurityContext:n,cors:o}=t,s=i(t);return async function(t,i){try{if(t.method!==`POST`)return r.NextResponse.json(e.i(`Method not allowed - use POST`,405),{status:405});let c=await t.json();if(!c.query)return r.NextResponse.json(e.i(`query field is required`,400),{status:400});let l=await e.p(s,await n(t,i),c);return r.NextResponse.json(l,{headers:o?a(t,o):{}})}catch(t){return process.env.NODE_ENV!==`test`&&console.error(`Next.js MCP load handler error:`,t),r.NextResponse.json(e.i(t instanceof Error?t.message:`Query execution failed`,500),{status:500})}}}function _(t){let{extractSecurityContext:o,cors:s,mcp:c={enabled:!0}}=t,l=i(t);return async function(t){if(t.method===`DELETE`)return r.NextResponse.json({error:`Session termination not supported`},{status:405});if(t.method===`GET`){let e=new TextEncoder,i=n.m(),o=new ReadableStream({start(t){t.enqueue(e.encode(n.h({jsonrpc:`2.0`,method:`mcp/ready`,params:{protocol:`streamable-http`}},i,15e3)))}}),c=new Headers({"Content-Type":`text/event-stream`,"Cache-Control":`no-cache`,Connection:`keep-alive`});if(s){let e=a(t,s);Object.entries(e).forEach(([e,t])=>c.set(e,t))}return new r.NextResponse(o,{status:200,headers:c})}if(t.method!==`POST`)return r.NextResponse.json(e.i(`Method not allowed - use POST`,405),{status:405});let i=n._(t.headers.get(`origin`),c.allowedOrigins?{allowedOrigins:c.allowedOrigins}:{});if(!i.valid)return r.NextResponse.json(n.i(null,-32600,i.reason),{status:403});let u=t.headers.get(`accept`);if(!n.g(u))return r.NextResponse.json(n.i(null,-32600,`Accept header must include both application/json and text/event-stream`),{status:400});let d=n.f(Object.fromEntries(t.headers.entries()));if(!d.ok)return r.NextResponse.json({error:`Unsupported MCP protocol version`,supported:d.supported},{status:426});let f;try{f=await t.json()}catch{f=null}let p=n.p(f);if(!p)return r.NextResponse.json(n.i(null,-32600,`Invalid JSON-RPC 2.0 request`),{status:400});let m=n.v(u),h=p.method===`initialize`,g=(e,n=200,i={})=>r.NextResponse.json(e,{status:n,headers:{...s?a(t,s):{},...i}});try{let e=await n.s(p.method,p.params,{semanticLayer:l,extractSecurityContext:e=>o(e),rawRequest:t,rawResponse:null,appEnabled:!!c.app});if(n.d(p))return new r.NextResponse(null,{status:202});let i=h&&e&&typeof e==`object`&&`sessionId`in e?e.sessionId:void 0,u={};i&&(u[n.r]=i);let d=n.a(p.id??null,e);if(m){let e=new TextEncoder,i=n.m(),o=new ReadableStream({start(t){t.enqueue(e.encode(`id: ${i}\n\n`)),t.enqueue(e.encode(n.h(d,i))),t.close()}}),c=new Headers({"Content-Type":`text/event-stream`,"Cache-Control":`no-cache`,Connection:`keep-alive`,...u});if(s){let e=a(t,s);Object.entries(e).forEach(([e,t])=>c.set(e,t))}return new r.NextResponse(o,{status:200,headers:c})}return g(d,200,u)}catch(e){if(n.d(p))return process.env.NODE_ENV!==`test`&&console.error(`Next.js MCP notification processing error:`,e),new r.NextResponse(null,{status:202});process.env.NODE_ENV!==`test`&&console.error(`Next.js MCP RPC handler error:`,e);let i=e?.code??-32603,o=e?.data,c=e.message\|\|`MCP request failed`,l=n.i(p.id??null,i,c,o);if(m){let e=new TextEncoder,i=n.m(),o=new ReadableStream({start(t){t.enqueue(e.encode(`id: ${i}\n\n`)),t.enqueue(e.encode(n.h(l,i))),t.close()}}),c=new Headers({"Content-Type":`text/event-stream`,"Cache-Control":`no-cache`,Connection:`keep-alive`});if(s){let e=a(t,s);Object.entries(e).forEach(([e,t])=>c.set(e,t))}return new r.NextResponse(o,{status:200,headers:c})}return g(l,200)}}}function v(e){let{extractSecurityContext:t,cors:n,agent:o}=e;if(!o)throw Error(`agent config is required for createAgentChatHandler`);let s=i(e);return async function(e,i){try{if(e.method!==`POST`)return r.NextResponse.json({error:`Method not allowed - use POST`},{status:405});let{handleAgentChat:c}=await Promise.resolve().then(()=>require(`../handler-DumFgnNM.cjs`)),{message:l,sessionId:u,history:d}=await e.json();if(!l\|\|typeof l!=`string`)return r.NextResponse.json({error:`message is required and must be a string`},{status:400});let f=(o.apiKey\|\|``).trim();if(o.allowClientApiKey){let t=e.headers.get(`x-agent-api-key`);t&&(f=t.trim())}if(!f)return r.NextResponse.json({error:`No API key configured. Set agent.apiKey in server config or send X-Agent-Api-Key header.`},{status:401});let p=o.allowClientApiKey&&e.headers.get(`x-agent-provider`)\|\|void 0,m=o.allowClientApiKey&&e.headers.get(`x-agent-model`)\|\|void 0,h=o.allowClientApiKey&&e.headers.get(`x-agent-provider-endpoint`)\|\|void 0,g=await t(e,i),_=o.buildSystemContext?.(g),v=new TextEncoder,y=new ReadableStream({async start(e){try{let t=c({message:l,sessionId:u,history:d,semanticLayer:s,securityContext:g,agentConfig:o,apiKey:f,systemContext:_,providerOverride:p,modelOverride:m,baseURLOverride:h});for await(let n of t){let t=`data: ${JSON.stringify(n)}\n\n`;e.enqueue(v.encode(t))}}catch(t){let n={type:`error`,data:{message:t instanceof Error?t.message:`Stream failed`}};e.enqueue(v.encode(`data: ${JSON.stringify(n)}\n\n`))}finally{e.close()}}}),b=new Headers({"Content-Type":`text/event-stream`,"Cache-Control":`no-cache`,Connection:`keep-alive`});if(n){let t=a(e,n);Object.entries(t).forEach(([e,t])=>b.set(e,t))}return new Response(y,{status:200,headers:b})}catch(e){return process.env.NODE_ENV!==`test`&&console.error(`Next.js agent chat handler error:`,e),r.NextResponse.json({error:e instanceof Error?e.message:`Agent chat failed`},{status:500})}}}function y(e){let{mcp:t={enabled:!0}}=e,n={load:s(e),meta:c(e),sql:l(e),dryRun:u(e),batch:d(e),explain:f(e)};return t.enabled!==!1&&(n.mcpRpc=_(e)),e.agent&&(n.agentChat=v(e)),n}exports.createAgentChatHandler=v,exports.createBatchHandler=d,exports.createCubeHandlers=y,exports.createDiscoverHandler=p,exports.createDryRunHandler=u,exports.createExplainHandler=f,exports.createLoadHandler=s,exports.createMcpLoadHandler=g,exports.createMcpRpcHandler=_,exports.createMetaHandler=c,exports.createOptionsHandler=o,exports.createSqlHandler=l,exports.createSuggestHandler=m,exports.createValidateHandler=h;
1	+ Object.defineProperty(exports,Symbol.toStringTag,{value:`Module`});const e=require(`../utils-DNrj-ryp.cjs`),t=require(`../locale-DueXjqMh.cjs`),n=require(`../mcp-transport-poPHl_2j.cjs`);let r=require(`next/server`);function i(e){let{cubes:n,drizzle:r,schema:i,engineType:a,cache:o,rlsSetup:s}=e;if(!n\|\|n.length===0)throw Error(`At least one cube must be provided in the cubes array`);let c=new t.i({drizzle:r,schema:i,engineType:a,cache:o,rlsSetup:s});return n.forEach(e=>{c.registerCube(e)}),c}function a(e){return{extractSecurityContext:async(n,r)=>t.r(await e.extractSecurityContext(n,r),t.n(e=>n.headers.get(e))),cors:e.cors?{...e.cors,allowedHeaders:t.t(e.cors.allowedHeaders)}:void 0}}function o(e,t){let n=e.headers.get(`origin`),r={};return t.origin&&(typeof t.origin==`string`?r[`Access-Control-Allow-Origin`]=t.origin:Array.isArray(t.origin)?n&&t.origin.includes(n)&&(r[`Access-Control-Allow-Origin`]=n):typeof t.origin==`function`&&n&&t.origin(n)&&(r[`Access-Control-Allow-Origin`]=n)),t.methods&&(r[`Access-Control-Allow-Methods`]=t.methods.join(`, `)),t.allowedHeaders&&(r[`Access-Control-Allow-Headers`]=t.allowedHeaders.join(`, `)),t.credentials&&(r[`Access-Control-Allow-Credentials`]=`true`),r}function s(e){return async function(n){let r=o(n,{...e,allowedHeaders:t.t(e.allowedHeaders)});return new Response(null,{status:200,headers:r})}}function c(t){let{extractSecurityContext:n,cors:s}=a(t),c=i(t);return async function(t,i){try{let a;if(t.method===`POST`){let e=await t.json();a=e.query\|\|e}else if(t.method===`GET`){let n=t.nextUrl.searchParams.get(`query`);if(!n)return r.NextResponse.json(e.i(`Query parameter is required`,400),{status:400});try{a=JSON.parse(n)}catch{return r.NextResponse.json(e.i(`Invalid JSON in query parameter`,400),{status:400})}}else return r.NextResponse.json(e.i(`Method not allowed`,405),{status:405});let l=await n(t,i),u=c.validateQuery(a);if(!u.isValid)return r.NextResponse.json(e.i(`Query validation failed: ${u.errors.join(`, `)}`,400),{status:400});let d=t.headers.get(`x-cache-control`)===`no-cache`,f=await c.executeMultiCubeQuery(a,l,{skipCache:d}),p=e.r(a,f,c);return r.NextResponse.json(p,{headers:s?o(t,s):{}})}catch(t){return process.env.NODE_ENV!==`test`&&console.error(`Next.js load handler error:`,t),r.NextResponse.json(e.i(t instanceof Error?t.message:`Query execution failed`,500),{status:500})}}}function l(t){let{cors:n}=a(t),s=i(t);return async function(t,i){try{let i=e.a(s.getMetadata());return r.NextResponse.json(i,{headers:n?o(t,n):{}})}catch(t){return process.env.NODE_ENV!==`test`&&console.error(`Next.js meta handler error:`,t),r.NextResponse.json(e.i(t instanceof Error?t.message:`Failed to fetch metadata`,500),{status:500})}}}function u(t){let{extractSecurityContext:n,cors:s}=a(t),c=i(t);return async function(t,i){try{let a;if(t.method===`POST`){let e=await t.json();a=e.query\|\|e}else if(t.method===`GET`){let n=t.nextUrl.searchParams.get(`query`);if(!n)return r.NextResponse.json(e.i(`Query parameter is required`,400),{status:400});try{a=JSON.parse(n)}catch{return r.NextResponse.json(e.i(`Invalid JSON in query parameter`,400),{status:400})}}else return r.NextResponse.json(e.i(`Method not allowed`,405),{status:405});let l=await n(t,i),u=c.validateQuery(a);if(!u.isValid)return r.NextResponse.json(e.i(`Query validation failed: ${u.errors.join(`, `)}`,400),{status:400});let d=a.measures?.[0]\|\|a.dimensions?.[0];if(!d)return r.NextResponse.json(e.i(`No measures or dimensions specified`,400),{status:400});let f=d.split(`.`)[0],p=await c.generateSQL(f,a,l),m=e.o(a,p);return r.NextResponse.json(m,{headers:s?o(t,s):{}})}catch(t){return process.env.NODE_ENV!==`test`&&console.error(`Next.js SQL handler error:`,t),r.NextResponse.json(e.i(t instanceof Error?t.message:`SQL generation failed`,500),{status:500})}}}function d(t){let{extractSecurityContext:n,cors:s}=a(t),c=i(t);return async function(t,i){try{let a;if(t.method===`POST`){let e=await t.json();a=e.query\|\|e}else if(t.method===`GET`){let e=t.nextUrl.searchParams.get(`query`);if(!e)return r.NextResponse.json({error:`Query parameter is required`,valid:!1},{status:400});try{a=JSON.parse(e)}catch{return r.NextResponse.json({error:`Invalid JSON in query parameter`,valid:!1},{status:400})}}else return r.NextResponse.json({error:`Method not allowed`,valid:!1},{status:405});let l=await n(t,i),u=await e.f(a,l,c);return r.NextResponse.json(u,{headers:s?o(t,s):{}})}catch(e){return process.env.NODE_ENV!==`test`&&console.error(`Next.js dry-run handler error:`,e),r.NextResponse.json({error:e instanceof Error?e.message:`Dry-run validation failed`,valid:!1},{status:400})}}}function f(t){let{extractSecurityContext:n,cors:s}=a(t),c=i(t);return async function(t,i){try{if(t.method!==`POST`)return r.NextResponse.json(e.i(`Method not allowed - use POST`,405),{status:405});let{queries:a}=await t.json();if(!a\|\|!Array.isArray(a))return r.NextResponse.json(e.i(`Request body must contain a "queries" array`,400),{status:400});if(a.length===0)return r.NextResponse.json(e.i(`Queries array cannot be empty`,400),{status:400});let l=await e.u(a,await n(t,i),c,{skipCache:t.headers.get(`x-cache-control`)===`no-cache`});return r.NextResponse.json(l,{headers:s?o(t,s):{}})}catch(t){return process.env.NODE_ENV!==`test`&&console.error(`Next.js batch handler error:`,t),r.NextResponse.json(e.i(t instanceof Error?t.message:`Batch execution failed`,500),{status:500})}}}function p(e){let{extractSecurityContext:t,cors:n}=a(e),s=i(e);return async function(e,i){try{if(e.method!==`POST`)return r.NextResponse.json({error:`Method not allowed`},{status:405});let a=await e.json(),c=a.query\|\|a,l=a.options\|\|{},u=await t(e,i),d=s.validateQuery(c);if(!d.isValid)return r.NextResponse.json({error:`Query validation failed: ${d.errors.join(`, `)}`},{status:400});let f=await s.explainQuery(c,u,l);return r.NextResponse.json(f,{headers:n?o(e,n):{}})}catch(e){return process.env.NODE_ENV!==`test`&&console.error(`Next.js explain handler error:`,e),r.NextResponse.json({error:e instanceof Error?e.message:`Explain query failed`},{status:500})}}}function m(t){let{cors:n}=a(t),s=i(t);return async function(t,i){try{if(t.method!==`POST`)return r.NextResponse.json(e.i(`Method not allowed - use POST`,405),{status:405});let i=await e.d(s,await t.json());return r.NextResponse.json(i,{headers:n?o(t,n):{}})}catch(t){return process.env.NODE_ENV!==`test`&&console.error(`Next.js discover handler error:`,t),r.NextResponse.json(e.i(t instanceof Error?t.message:`Discovery failed`,500),{status:500})}}}function h(t){let{cors:n}=a(t),s=i(t);return async function(t,i){try{if(t.method!==`POST`)return r.NextResponse.json(e.i(`Method not allowed - use POST`,405),{status:405});let i=await t.json();if(!i.naturalLanguage)return r.NextResponse.json(e.i(`naturalLanguage field is required`,400),{status:400});let a=await e.m(s,i);return r.NextResponse.json(a,{headers:n?o(t,n):{}})}catch(t){return process.env.NODE_ENV!==`test`&&console.error(`Next.js suggest handler error:`,t),r.NextResponse.json(e.i(t instanceof Error?t.message:`Query suggestion failed`,500),{status:500})}}}function g(t){let{cors:n}=a(t),s=i(t);return async function(t,i){try{if(t.method!==`POST`)return r.NextResponse.json(e.i(`Method not allowed - use POST`,405),{status:405});let i=await t.json();if(!i.query)return r.NextResponse.json(e.i(`query field is required`,400),{status:400});let a=await e.h(s,i);return r.NextResponse.json(a,{headers:n?o(t,n):{}})}catch(t){return process.env.NODE_ENV!==`test`&&console.error(`Next.js validate handler error:`,t),r.NextResponse.json(e.i(t instanceof Error?t.message:`Query validation failed`,500),{status:500})}}}function _(t){let{extractSecurityContext:n,cors:s}=a(t),c=i(t);return async function(t,i){try{if(t.method!==`POST`)return r.NextResponse.json(e.i(`Method not allowed - use POST`,405),{status:405});let a=await t.json();if(!a.query)return r.NextResponse.json(e.i(`query field is required`,400),{status:400});let l=await e.p(c,await n(t,i),a);return r.NextResponse.json(l,{headers:s?o(t,s):{}})}catch(t){return process.env.NODE_ENV!==`test`&&console.error(`Next.js MCP load handler error:`,t),r.NextResponse.json(e.i(t instanceof Error?t.message:`Query execution failed`,500),{status:500})}}}function v(t){let{extractSecurityContext:s,cors:c}=a(t),{mcp:l={enabled:!0}}=t,u=i(t),d=n.o(u,l.resources),f=n.v(l.prompts);return async function(t){if(l.resourceMetadataUrl&&!n.u(t.headers.get(`authorization`)))return r.NextResponse.json({error:`Bearer token required`},{status:401,headers:{"WWW-Authenticate":n.c(l.resourceMetadataUrl)}});if(t.method===`DELETE`)return r.NextResponse.json({error:`Session termination not supported`},{status:405});if(t.method===`GET`){let e=new TextEncoder,i=n._(),a=new ReadableStream({start(t){t.enqueue(e.encode(n.y({jsonrpc:`2.0`,method:`mcp/ready`,params:{protocol:`streamable-http`}},i,15e3)))}}),s=new Headers({"Content-Type":`text/event-stream`,"Cache-Control":`no-cache`,Connection:`keep-alive`});if(c){let e=o(t,c);Object.entries(e).forEach(([e,t])=>s.set(e,t))}return new r.NextResponse(a,{status:200,headers:s})}if(t.method!==`POST`)return r.NextResponse.json(e.i(`Method not allowed - use POST`,405),{status:405});let i=n.x(t.headers.get(`origin`),l.allowedOrigins?{allowedOrigins:l.allowedOrigins}:{});if(!i.valid)return r.NextResponse.json(n.i(null,-32600,i.reason),{status:403});let a=t.headers.get(`accept`);if(!n.b(a))return r.NextResponse.json(n.i(null,-32600,`Accept header must include both application/json and text/event-stream`),{status:400});let p=n.h(Object.fromEntries(t.headers.entries()));if(!p.ok)return r.NextResponse.json({error:`Unsupported MCP protocol version`,supported:p.supported},{status:426});let m;try{m=await t.json()}catch{m=null}let h=n.g(m);if(!h)return r.NextResponse.json(n.i(null,-32600,`Invalid JSON-RPC 2.0 request`),{status:400});let g=n.S(a),_=h.method===`initialize`,v=(e,n=200,i={})=>r.NextResponse.json(e,{status:n,headers:{...c?o(t,c):{},...i}});try{let e=await n.l(h.method,h.params,{semanticLayer:u,extractSecurityContext:e=>s(e),rawRequest:t,rawResponse:null,resources:d,prompts:f,appEnabled:!!l.app,appConfig:typeof l.app==`object`?l.app:void 0,serverName:l.serverName});if(n.m(h))return new r.NextResponse(null,{status:202});let i=_&&e&&typeof e==`object`&&`sessionId`in e?e.sessionId:void 0,a={};i&&(a[n.r]=i);let p=n.a(h.id??null,e);if(g){let e=new TextEncoder,i=n._(),s=new ReadableStream({start(t){t.enqueue(e.encode(`id: ${i}\n\n`)),t.enqueue(e.encode(n.y(p,i))),t.close()}}),l=new Headers({"Content-Type":`text/event-stream`,"Cache-Control":`no-cache`,Connection:`keep-alive`,...a});if(c){let e=o(t,c);Object.entries(e).forEach(([e,t])=>l.set(e,t))}return new r.NextResponse(s,{status:200,headers:l})}return v(p,200,a)}catch(e){if(n.m(h))return process.env.NODE_ENV!==`test`&&console.error(`Next.js MCP notification processing error:`,e),new r.NextResponse(null,{status:202});process.env.NODE_ENV!==`test`&&console.error(`Next.js MCP RPC handler error:`,e);let i=e?.code??-32603,a=e?.data,s=e.message\|\|`MCP request failed`,l=n.i(h.id??null,i,s,a);if(g){let e=new TextEncoder,i=n._(),a=new ReadableStream({start(t){t.enqueue(e.encode(`id: ${i}\n\n`)),t.enqueue(e.encode(n.y(l,i))),t.close()}}),s=new Headers({"Content-Type":`text/event-stream`,"Cache-Control":`no-cache`,Connection:`keep-alive`});if(c){let e=o(t,c);Object.entries(e).forEach(([e,t])=>s.set(e,t))}return new r.NextResponse(a,{status:200,headers:s})}return v(l,200)}}}function y(e){let{extractSecurityContext:t,cors:n}=a(e),{agent:s}=e;if(!s)throw Error(`agent config is required for createAgentChatHandler`);let c=i(e);return async function(e,i){try{if(e.method!==`POST`)return r.NextResponse.json({error:`Method not allowed - use POST`},{status:405});let{handleAgentChat:a}=await Promise.resolve().then(()=>require(`../handler-BzzbVpcl.cjs`)),{message:l,sessionId:u,history:d}=await e.json();if(!l\|\|typeof l!=`string`)return r.NextResponse.json({error:`message is required and must be a string`},{status:400});let f=(s.apiKey\|\|``).trim();if(s.allowClientApiKey){let t=e.headers.get(`x-agent-api-key`);t&&(f=t.trim())}if(!f)return r.NextResponse.json({error:`No API key configured. Set agent.apiKey in server config or send X-Agent-Api-Key header.`},{status:401});let p=s.allowClientApiKey&&e.headers.get(`x-agent-provider`)\|\|void 0,m=s.allowClientApiKey&&e.headers.get(`x-agent-model`)\|\|void 0,h=s.allowClientApiKey&&e.headers.get(`x-agent-provider-endpoint`)\|\|void 0,g=await t(e,i),_=s.buildSystemContext?.(g),v=new TextEncoder,y=new ReadableStream({async start(e){try{let t=a({message:l,sessionId:u,history:d,semanticLayer:c,securityContext:g,agentConfig:s,apiKey:f,systemContext:_,providerOverride:p,modelOverride:m,baseURLOverride:h});for await(let n of t){let t=`data: ${JSON.stringify(n)}\n\n`;e.enqueue(v.encode(t))}}catch(t){let n={type:`error`,data:{message:t instanceof Error?t.message:`Stream failed`}};e.enqueue(v.encode(`data: ${JSON.stringify(n)}\n\n`))}finally{e.close()}}}),b=new Headers({"Content-Type":`text/event-stream`,"Cache-Control":`no-cache`,Connection:`keep-alive`});if(n){let t=o(e,n);Object.entries(t).forEach(([e,t])=>b.set(e,t))}return new Response(y,{status:200,headers:b})}catch(e){return process.env.NODE_ENV!==`test`&&console.error(`Next.js agent chat handler error:`,e),r.NextResponse.json({error:e instanceof Error?e.message:`Agent chat failed`},{status:500})}}}function b(e){let{mcp:t={enabled:!0}}=e,n={load:c(e),meta:l(e),sql:u(e),dryRun:d(e),batch:f(e),explain:p(e)};return t.enabled!==!1&&(n.mcpRpc=v(e)),e.agent&&(n.agentChat=y(e)),n}exports.createAgentChatHandler=y,exports.createBatchHandler=f,exports.createCubeHandlers=b,exports.createDiscoverHandler=m,exports.createDryRunHandler=d,exports.createExplainHandler=p,exports.createLoadHandler=c,exports.createMcpLoadHandler=_,exports.createMcpRpcHandler=v,exports.createMetaHandler=l,exports.createOptionsHandler=s,exports.createSqlHandler=u,exports.createSuggestHandler=h,exports.createValidateHandler=g;

package/dist/adapters/nextjs/index.js CHANGED Viewed

@@ -1,9 +1,9 @@
-import { a as e, d as t, f as n, h as r, i, m as a, o, p as s, r as c, u as l } from "../utils-IH1ePsBd.js";
-import { t as u } from "../compiler-S6KHiOY6.js";
-import { _ as d, a as f, d as p, f as m, g as h, h as g, i as _, m as v, p as y, r as b, s as x, v as S } from "../mcp-transport-C6bsIOSV.js";
-import { NextResponse as C } from "next/server";
+import { a as e, d as t, f as n, h as r, i, m as a, o, p as s, r as c, u as l } from "../utils-DOg9oGdt.js";
+import { i as u, n as d, r as f, t as p } from "../locale-DTnJrxm1.js";
+import { S as m, _ as h, a as g, b as _, c as v, g as y, h as b, i as x, l as S, m as C, o as w, r as T, u as E, v as D, x as O, y as k } from "../mcp-transport-C7VLf4T5.js";
+import { NextResponse as A } from "next/server";
 //#region src/adapters/nextjs/index.ts
-function w(e) {
+function j(e) {
 	let { cubes: t, drizzle: n, schema: r, engineType: i, cache: a, rlsSetup: o } = e;
 	if (!t || t.length === 0) throw Error("At least one cube must be provided in the cubes array");
 	let s = new u({
@@ -17,21 +17,33 @@ function w(e) {
 		s.registerCube(e);
 	}), s;
 }
-function T(e, t) {
+function M(e) {
+	return {
+		extractSecurityContext: async (t, n) => f(await e.extractSecurityContext(t, n), d((e) => t.headers.get(e))),
+		cors: e.cors ? {
+			...e.cors,
+			allowedHeaders: p(e.cors.allowedHeaders)
+		} : void 0
+	};
+}
+function N(e, t) {
 	let n = e.headers.get("origin"), r = {};
 	return t.origin && (typeof t.origin == "string" ? r["Access-Control-Allow-Origin"] = t.origin : Array.isArray(t.origin) ? n && t.origin.includes(n) && (r["Access-Control-Allow-Origin"] = n) : typeof t.origin == "function" && n && t.origin(n) && (r["Access-Control-Allow-Origin"] = n)), t.methods && (r["Access-Control-Allow-Methods"] = t.methods.join(", ")), t.allowedHeaders && (r["Access-Control-Allow-Headers"] = t.allowedHeaders.join(", ")), t.credentials && (r["Access-Control-Allow-Credentials"] = "true"), r;
 }
-function E(e) {
+function P(e) {
 	return async function(t) {
-		let n = T(t, e);
+		let n = N(t, {
+			...e,
+			allowedHeaders: p(e.allowedHeaders)
+		});
 		return new Response(null, {
 			status: 200,
 			headers: n
 		});
 	};
 }
-function D(e) {
-	let { extractSecurityContext: t, cors: n } = e, r = w(e);
+function F(e) {
+	let { extractSecurityContext: t, cors: n } = M(e), r = j(e);
 	return async function(e, a) {
 		try {
 			let o;
@@ -40,35 +52,35 @@ function D(e) {
 				o = t.query || t;
 			} else if (e.method === "GET") {
 				let t = e.nextUrl.searchParams.get("query");
-				if (!t) return C.json(i("Query parameter is required", 400), { status: 400 });
+				if (!t) return A.json(i("Query parameter is required", 400), { status: 400 });
 				try {
 					o = JSON.parse(t);
 				} catch {
-					return C.json(i("Invalid JSON in query parameter", 400), { status: 400 });
+					return A.json(i("Invalid JSON in query parameter", 400), { status: 400 });
 				}
-			} else return C.json(i("Method not allowed", 405), { status: 405 });
+			} else return A.json(i("Method not allowed", 405), { status: 405 });
 			let s = await t(e, a), l = r.validateQuery(o);
-			if (!l.isValid) return C.json(i(`Query validation failed: ${l.errors.join(", ")}`, 400), { status: 400 });
+			if (!l.isValid) return A.json(i(`Query validation failed: ${l.errors.join(", ")}`, 400), { status: 400 });
 			let u = e.headers.get("x-cache-control") === "no-cache", d = await r.executeMultiCubeQuery(o, s, { skipCache: u }), f = c(o, d, r);
-			return C.json(f, { headers: n ? T(e, n) : {} });
+			return A.json(f, { headers: n ? N(e, n) : {} });
 		} catch (e) {
-			return process.env.NODE_ENV !== "test" && console.error("Next.js load handler error:", e), C.json(i(e instanceof Error ? e.message : "Query execution failed", 500), { status: 500 });
+			return process.env.NODE_ENV !== "test" && console.error("Next.js load handler error:", e), A.json(i(e instanceof Error ? e.message : "Query execution failed", 500), { status: 500 });
 		}
 	};
 }
-function O(t) {
-	let { cors: n } = t, r = w(t);
+function I(t) {
+	let { cors: n } = M(t), r = j(t);
 	return async function(t, a) {
 		try {
 			let i = e(r.getMetadata());
-			return C.json(i, { headers: n ? T(t, n) : {} });
+			return A.json(i, { headers: n ? N(t, n) : {} });
 		} catch (e) {
-			return process.env.NODE_ENV !== "test" && console.error("Next.js meta handler error:", e), C.json(i(e instanceof Error ? e.message : "Failed to fetch metadata", 500), { status: 500 });
+			return process.env.NODE_ENV !== "test" && console.error("Next.js meta handler error:", e), A.json(i(e instanceof Error ? e.message : "Failed to fetch metadata", 500), { status: 500 });
 		}
 	};
 }
-function k(e) {
-	let { extractSecurityContext: t, cors: n } = e, r = w(e);
+function L(e) {
+	let { extractSecurityContext: t, cors: n } = M(e), r = j(e);
 	return async function(e, a) {
 		try {
 			let s;
@@ -77,26 +89,26 @@ function k(e) {
 				s = t.query || t;
 			} else if (e.method === "GET") {
 				let t = e.nextUrl.searchParams.get("query");
-				if (!t) return C.json(i("Query parameter is required", 400), { status: 400 });
+				if (!t) return A.json(i("Query parameter is required", 400), { status: 400 });
 				try {
 					s = JSON.parse(t);
 				} catch {
-					return C.json(i("Invalid JSON in query parameter", 400), { status: 400 });
+					return A.json(i("Invalid JSON in query parameter", 400), { status: 400 });
 				}
-			} else return C.json(i("Method not allowed", 405), { status: 405 });
+			} else return A.json(i("Method not allowed", 405), { status: 405 });
 			let c = await t(e, a), l = r.validateQuery(s);
-			if (!l.isValid) return C.json(i(`Query validation failed: ${l.errors.join(", ")}`, 400), { status: 400 });
+			if (!l.isValid) return A.json(i(`Query validation failed: ${l.errors.join(", ")}`, 400), { status: 400 });
 			let u = s.measures?.[0] || s.dimensions?.[0];
-			if (!u) return C.json(i("No measures or dimensions specified", 400), { status: 400 });
+			if (!u) return A.json(i("No measures or dimensions specified", 400), { status: 400 });
 			let d = u.split(".")[0], f = await r.generateSQL(d, s, c), p = o(s, f);
-			return C.json(p, { headers: n ? T(e, n) : {} });
+			return A.json(p, { headers: n ? N(e, n) : {} });
 		} catch (e) {
-			return process.env.NODE_ENV !== "test" && console.error("Next.js SQL handler error:", e), C.json(i(e instanceof Error ? e.message : "SQL generation failed", 500), { status: 500 });
+			return process.env.NODE_ENV !== "test" && console.error("Next.js SQL handler error:", e), A.json(i(e instanceof Error ? e.message : "SQL generation failed", 500), { status: 500 });
 		}
 	};
 }
-function A(e) {
-	let { extractSecurityContext: t, cors: r } = e, i = w(e);
+function R(e) {
+	let { extractSecurityContext: t, cors: r } = M(e), i = j(e);
 	return async function(e, a) {
 		try {
 			let o;
@@ -105,122 +117,126 @@ function A(e) {
 				o = t.query || t;
 			} else if (e.method === "GET") {
 				let t = e.nextUrl.searchParams.get("query");
-				if (!t) return C.json({
+				if (!t) return A.json({
 					error: "Query parameter is required",
 					valid: !1
 				}, { status: 400 });
 				try {
 					o = JSON.parse(t);
 				} catch {
-					return C.json({
+					return A.json({
 						error: "Invalid JSON in query parameter",
 						valid: !1
 					}, { status: 400 });
 				}
-			} else return C.json({
+			} else return A.json({
 				error: "Method not allowed",
 				valid: !1
 			}, { status: 405 });
 			let s = await t(e, a), c = await n(o, s, i);
-			return C.json(c, { headers: r ? T(e, r) : {} });
+			return A.json(c, { headers: r ? N(e, r) : {} });
 		} catch (e) {
-			return process.env.NODE_ENV !== "test" && console.error("Next.js dry-run handler error:", e), C.json({
+			return process.env.NODE_ENV !== "test" && console.error("Next.js dry-run handler error:", e), A.json({
 				error: e instanceof Error ? e.message : "Dry-run validation failed",
 				valid: !1
 			}, { status: 400 });
 		}
 	};
 }
-function j(e) {
-	let { extractSecurityContext: t, cors: n } = e, r = w(e);
+function z(e) {
+	let { extractSecurityContext: t, cors: n } = M(e), r = j(e);
 	return async function(e, a) {
 		try {
-			if (e.method !== "POST") return C.json(i("Method not allowed - use POST", 405), { status: 405 });
+			if (e.method !== "POST") return A.json(i("Method not allowed - use POST", 405), { status: 405 });
 			let { queries: o } = await e.json();
-			if (!o || !Array.isArray(o)) return C.json(i("Request body must contain a \"queries\" array", 400), { status: 400 });
-			if (o.length === 0) return C.json(i("Queries array cannot be empty", 400), { status: 400 });
+			if (!o || !Array.isArray(o)) return A.json(i("Request body must contain a \"queries\" array", 400), { status: 400 });
+			if (o.length === 0) return A.json(i("Queries array cannot be empty", 400), { status: 400 });
 			let s = await l(o, await t(e, a), r, { skipCache: e.headers.get("x-cache-control") === "no-cache" });
-			return C.json(s, { headers: n ? T(e, n) : {} });
+			return A.json(s, { headers: n ? N(e, n) : {} });
 		} catch (e) {
-			return process.env.NODE_ENV !== "test" && console.error("Next.js batch handler error:", e), C.json(i(e instanceof Error ? e.message : "Batch execution failed", 500), { status: 500 });
+			return process.env.NODE_ENV !== "test" && console.error("Next.js batch handler error:", e), A.json(i(e instanceof Error ? e.message : "Batch execution failed", 500), { status: 500 });
 		}
 	};
 }
-function M(e) {
-	let { extractSecurityContext: t, cors: n } = e, r = w(e);
+function B(e) {
+	let { extractSecurityContext: t, cors: n } = M(e), r = j(e);
 	return async function(e, i) {
 		try {
-			if (e.method !== "POST") return C.json({ error: "Method not allowed" }, { status: 405 });
+			if (e.method !== "POST") return A.json({ error: "Method not allowed" }, { status: 405 });
 			let a = await e.json(), o = a.query || a, s = a.options || {}, c = await t(e, i), l = r.validateQuery(o);
-			if (!l.isValid) return C.json({ error: `Query validation failed: ${l.errors.join(", ")}` }, { status: 400 });
+			if (!l.isValid) return A.json({ error: `Query validation failed: ${l.errors.join(", ")}` }, { status: 400 });
 			let u = await r.explainQuery(o, c, s);
-			return C.json(u, { headers: n ? T(e, n) : {} });
+			return A.json(u, { headers: n ? N(e, n) : {} });
 		} catch (e) {
-			return process.env.NODE_ENV !== "test" && console.error("Next.js explain handler error:", e), C.json({ error: e instanceof Error ? e.message : "Explain query failed" }, { status: 500 });
+			return process.env.NODE_ENV !== "test" && console.error("Next.js explain handler error:", e), A.json({ error: e instanceof Error ? e.message : "Explain query failed" }, { status: 500 });
 		}
 	};
 }
-function N(e) {
-	let { cors: n } = e, r = w(e);
+function V(e) {
+	let { cors: n } = M(e), r = j(e);
 	return async function(e, a) {
 		try {
-			if (e.method !== "POST") return C.json(i("Method not allowed - use POST", 405), { status: 405 });
+			if (e.method !== "POST") return A.json(i("Method not allowed - use POST", 405), { status: 405 });
 			let a = await t(r, await e.json());
-			return C.json(a, { headers: n ? T(e, n) : {} });
+			return A.json(a, { headers: n ? N(e, n) : {} });
 		} catch (e) {
-			return process.env.NODE_ENV !== "test" && console.error("Next.js discover handler error:", e), C.json(i(e instanceof Error ? e.message : "Discovery failed", 500), { status: 500 });
+			return process.env.NODE_ENV !== "test" && console.error("Next.js discover handler error:", e), A.json(i(e instanceof Error ? e.message : "Discovery failed", 500), { status: 500 });
 		}
 	};
 }
-function P(e) {
-	let { cors: t } = e, n = w(e);
+function H(e) {
+	let { cors: t } = M(e), n = j(e);
 	return async function(e, r) {
 		try {
-			if (e.method !== "POST") return C.json(i("Method not allowed - use POST", 405), { status: 405 });
+			if (e.method !== "POST") return A.json(i("Method not allowed - use POST", 405), { status: 405 });
 			let r = await e.json();
-			if (!r.naturalLanguage) return C.json(i("naturalLanguage field is required", 400), { status: 400 });
+			if (!r.naturalLanguage) return A.json(i("naturalLanguage field is required", 400), { status: 400 });
 			let o = await a(n, r);
-			return C.json(o, { headers: t ? T(e, t) : {} });
+			return A.json(o, { headers: t ? N(e, t) : {} });
 		} catch (e) {
-			return process.env.NODE_ENV !== "test" && console.error("Next.js suggest handler error:", e), C.json(i(e instanceof Error ? e.message : "Query suggestion failed", 500), { status: 500 });
+			return process.env.NODE_ENV !== "test" && console.error("Next.js suggest handler error:", e), A.json(i(e instanceof Error ? e.message : "Query suggestion failed", 500), { status: 500 });
 		}
 	};
 }
-function F(e) {
-	let { cors: t } = e, n = w(e);
+function U(e) {
+	let { cors: t } = M(e), n = j(e);
 	return async function(e, a) {
 		try {
-			if (e.method !== "POST") return C.json(i("Method not allowed - use POST", 405), { status: 405 });
+			if (e.method !== "POST") return A.json(i("Method not allowed - use POST", 405), { status: 405 });
 			let a = await e.json();
-			if (!a.query) return C.json(i("query field is required", 400), { status: 400 });
+			if (!a.query) return A.json(i("query field is required", 400), { status: 400 });
 			let o = await r(n, a);
-			return C.json(o, { headers: t ? T(e, t) : {} });
+			return A.json(o, { headers: t ? N(e, t) : {} });
 		} catch (e) {
-			return process.env.NODE_ENV !== "test" && console.error("Next.js validate handler error:", e), C.json(i(e instanceof Error ? e.message : "Query validation failed", 500), { status: 500 });
+			return process.env.NODE_ENV !== "test" && console.error("Next.js validate handler error:", e), A.json(i(e instanceof Error ? e.message : "Query validation failed", 500), { status: 500 });
 		}
 	};
 }
-function I(e) {
-	let { extractSecurityContext: t, cors: n } = e, r = w(e);
+function W(e) {
+	let { extractSecurityContext: t, cors: n } = M(e), r = j(e);
 	return async function(e, a) {
 		try {
-			if (e.method !== "POST") return C.json(i("Method not allowed - use POST", 405), { status: 405 });
+			if (e.method !== "POST") return A.json(i("Method not allowed - use POST", 405), { status: 405 });
 			let o = await e.json();
-			if (!o.query) return C.json(i("query field is required", 400), { status: 400 });
+			if (!o.query) return A.json(i("query field is required", 400), { status: 400 });
 			let c = await s(r, await t(e, a), o);
-			return C.json(c, { headers: n ? T(e, n) : {} });
+			return A.json(c, { headers: n ? N(e, n) : {} });
 		} catch (e) {
-			return process.env.NODE_ENV !== "test" && console.error("Next.js MCP load handler error:", e), C.json(i(e instanceof Error ? e.message : "Query execution failed", 500), { status: 500 });
+			return process.env.NODE_ENV !== "test" && console.error("Next.js MCP load handler error:", e), A.json(i(e instanceof Error ? e.message : "Query execution failed", 500), { status: 500 });
 		}
 	};
 }
-function L(e) {
-	let { extractSecurityContext: t, cors: n, mcp: r = { enabled: !0 } } = e, a = w(e);
+function G(e) {
+	let { extractSecurityContext: t, cors: n } = M(e), { mcp: r = { enabled: !0 } } = e, a = j(e), o = w(a, r.resources), s = D(r.prompts);
 	return async function(e) {
-		if (e.method === "DELETE") return C.json({ error: "Session termination not supported" }, { status: 405 });
+		if (r.resourceMetadataUrl && !E(e.headers.get("authorization"))) return A.json({ error: "Bearer token required" }, {
+			status: 401,
+			headers: { "WWW-Authenticate": v(r.resourceMetadataUrl) }
+		});
+		if (e.method === "DELETE") return A.json({ error: "Session termination not supported" }, { status: 405 });
 		if (e.method === "GET") {
-			let t = new TextEncoder(), r = v(), i = new ReadableStream({ start(e) {
-				e.enqueue(t.encode(g({
+			let t = new TextEncoder(), r = h(), i = new ReadableStream({ start(e) {
+				e.enqueue(t.encode(k({
 					jsonrpc: "2.0",
 					method: "mcp/ready",
 					params: { protocol: "streamable-http" }
@@ -231,87 +247,91 @@ function L(e) {
 				Connection: "keep-alive"
 			});
 			if (n) {
-				let t = T(e, n);
+				let t = N(e, n);
 				Object.entries(t).forEach(([e, t]) => a.set(e, t));
 			}
-			return new C(i, {
+			return new A(i, {
 				status: 200,
 				headers: a
 			});
 		}
-		if (e.method !== "POST") return C.json(i("Method not allowed - use POST", 405), { status: 405 });
-		let o = d(e.headers.get("origin"), r.allowedOrigins ? { allowedOrigins: r.allowedOrigins } : {});
-		if (!o.valid) return C.json(_(null, -32600, o.reason), { status: 403 });
-		let s = e.headers.get("accept");
-		if (!h(s)) return C.json(_(null, -32600, "Accept header must include both application/json and text/event-stream"), { status: 400 });
-		let c = m(Object.fromEntries(e.headers.entries()));
-		if (!c.ok) return C.json({
+		if (e.method !== "POST") return A.json(i("Method not allowed - use POST", 405), { status: 405 });
+		let c = O(e.headers.get("origin"), r.allowedOrigins ? { allowedOrigins: r.allowedOrigins } : {});
+		if (!c.valid) return A.json(x(null, -32600, c.reason), { status: 403 });
+		let l = e.headers.get("accept");
+		if (!_(l)) return A.json(x(null, -32600, "Accept header must include both application/json and text/event-stream"), { status: 400 });
+		let u = b(Object.fromEntries(e.headers.entries()));
+		if (!u.ok) return A.json({
 			error: "Unsupported MCP protocol version",
-			supported: c.supported
+			supported: u.supported
 		}, { status: 426 });
-		let l;
+		let d;
 		try {
-			l = await e.json();
+			d = await e.json();
 		} catch {
-			l = null;
+			d = null;
 		}
-		let u = y(l);
-		if (!u) return C.json(_(null, -32600, "Invalid JSON-RPC 2.0 request"), { status: 400 });
-		let w = S(s), E = u.method === "initialize", D = (t, r = 200, i = {}) => C.json(t, {
+		let f = y(d);
+		if (!f) return A.json(x(null, -32600, "Invalid JSON-RPC 2.0 request"), { status: 400 });
+		let p = m(l), w = f.method === "initialize", D = (t, r = 200, i = {}) => A.json(t, {
 			status: r,
 			headers: {
-				...n ? T(e, n) : {},
+				...n ? N(e, n) : {},
 				...i
 			}
 		});
 		try {
-			let i = await x(u.method, u.params, {
+			let i = await S(f.method, f.params, {
 				semanticLayer: a,
 				extractSecurityContext: (e) => t(e),
 				rawRequest: e,
 				rawResponse: null,
-				appEnabled: !!r.app
+				resources: o,
+				prompts: s,
+				appEnabled: !!r.app,
+				appConfig: typeof r.app == "object" ? r.app : void 0,
+				serverName: r.serverName
 			});
-			if (p(u)) return new C(null, { status: 202 });
-			let o = E && i && typeof i == "object" && "sessionId" in i ? i.sessionId : void 0, s = {};
-			o && (s[b] = o);
-			let c = f(u.id ?? null, i);
-			if (w) {
-				let t = new TextEncoder(), r = v(), i = new ReadableStream({ start(e) {
-					e.enqueue(t.encode(`id: ${r}\n\n`)), e.enqueue(t.encode(g(c, r))), e.close();
+			if (C(f)) return new A(null, { status: 202 });
+			let c = w && i && typeof i == "object" && "sessionId" in i ? i.sessionId : void 0, l = {};
+			c && (l[T] = c);
+			let u = g(f.id ?? null, i);
+			if (p) {
+				let t = new TextEncoder(), r = h(), i = new ReadableStream({ start(e) {
+					e.enqueue(t.encode(`id: ${r}\n\n`)), e.enqueue(t.encode(k(u, r))), e.close();
 				} }), a = new Headers({
 					"Content-Type": "text/event-stream",
 					"Cache-Control": "no-cache",
 					Connection: "keep-alive",
-					...s
+					...l
 				});
 				if (n) {
-					let t = T(e, n);
+					let t = N(e, n);
 					Object.entries(t).forEach(([e, t]) => a.set(e, t));
 				}
-				return new C(i, {
+				return new A(i, {
 					status: 200,
 					headers: a
 				});
 			}
-			return D(c, 200, s);
+			return D(u, 200, l);
 		} catch (t) {
-			if (p(u)) return process.env.NODE_ENV !== "test" && console.error("Next.js MCP notification processing error:", t), new C(null, { status: 202 });
+			if (C(f)) return process.env.NODE_ENV !== "test" && console.error("Next.js MCP notification processing error:", t), new A(null, { status: 202 });
 			process.env.NODE_ENV !== "test" && console.error("Next.js MCP RPC handler error:", t);
-			let r = t?.code ?? -32603, i = t?.data, a = t.message || "MCP request failed", o = _(u.id ?? null, r, a, i);
-			if (w) {
-				let t = new TextEncoder(), r = v(), i = new ReadableStream({ start(e) {
-					e.enqueue(t.encode(`id: ${r}\n\n`)), e.enqueue(t.encode(g(o, r))), e.close();
+			let r = t?.code ?? -32603, i = t?.data, a = t.message || "MCP request failed", o = x(f.id ?? null, r, a, i);
+			if (p) {
+				let t = new TextEncoder(), r = h(), i = new ReadableStream({ start(e) {
+					e.enqueue(t.encode(`id: ${r}\n\n`)), e.enqueue(t.encode(k(o, r))), e.close();
 				} }), a = new Headers({
 					"Content-Type": "text/event-stream",
 					"Cache-Control": "no-cache",
 					Connection: "keep-alive"
 				});
 				if (n) {
-					let t = T(e, n);
+					let t = N(e, n);
 					Object.entries(t).forEach(([e, t]) => a.set(e, t));
 				}
-				return new C(i, {
+				return new A(i, {
 					status: 200,
 					headers: a
 				});
@@ -320,21 +340,21 @@ function L(e) {
 		}
 	};
 }
-function R(e) {
-	let { extractSecurityContext: t, cors: n, agent: r } = e;
+function K(e) {
+	let { extractSecurityContext: t, cors: n } = M(e), { agent: r } = e;
 	if (!r) throw Error("agent config is required for createAgentChatHandler");
-	let i = w(e);
+	let i = j(e);
 	return async function(e, a) {
 		try {
-			if (e.method !== "POST") return C.json({ error: "Method not allowed - use POST" }, { status: 405 });
-			let { handleAgentChat: o } = await import("../handler-RItnSaEl.js"), { message: s, sessionId: c, history: l } = await e.json();
-			if (!s || typeof s != "string") return C.json({ error: "message is required and must be a string" }, { status: 400 });
+			if (e.method !== "POST") return A.json({ error: "Method not allowed - use POST" }, { status: 405 });
+			let { handleAgentChat: o } = await import("../handler-3LGcjLtr.js"), { message: s, sessionId: c, history: l } = await e.json();
+			if (!s || typeof s != "string") return A.json({ error: "message is required and must be a string" }, { status: 400 });
 			let u = (r.apiKey || "").trim();
 			if (r.allowClientApiKey) {
 				let t = e.headers.get("x-agent-api-key");
 				t && (u = t.trim());
 			}
-			if (!u) return C.json({ error: "No API key configured. Set agent.apiKey in server config or send X-Agent-Api-Key header." }, { status: 401 });
+			if (!u) return A.json({ error: "No API key configured. Set agent.apiKey in server config or send X-Agent-Api-Key header." }, { status: 401 });
 			let d = r.allowClientApiKey && e.headers.get("x-agent-provider") || void 0, f = r.allowClientApiKey && e.headers.get("x-agent-model") || void 0, p = r.allowClientApiKey && e.headers.get("x-agent-provider-endpoint") || void 0, m = await t(e, a), h = r.buildSystemContext?.(m), g = new TextEncoder(), _ = new ReadableStream({ async start(e) {
 				try {
 					let t = o({
@@ -369,7 +389,7 @@ function R(e) {
 				Connection: "keep-alive"
 			});
 			if (n) {
-				let t = T(e, n);
+				let t = N(e, n);
 				Object.entries(t).forEach(([e, t]) => v.set(e, t));
 			}
 			return new Response(_, {
@@ -377,20 +397,20 @@ function R(e) {
 				headers: v
 			});
 		} catch (e) {
-			return process.env.NODE_ENV !== "test" && console.error("Next.js agent chat handler error:", e), C.json({ error: e instanceof Error ? e.message : "Agent chat failed" }, { status: 500 });
+			return process.env.NODE_ENV !== "test" && console.error("Next.js agent chat handler error:", e), A.json({ error: e instanceof Error ? e.message : "Agent chat failed" }, { status: 500 });
 		}
 	};
 }
-function z(e) {
+function q(e) {
 	let { mcp: t = { enabled: !0 } } = e, n = {
-		load: D(e),
-		meta: O(e),
-		sql: k(e),
-		dryRun: A(e),
-		batch: j(e),
-		explain: M(e)
+		load: F(e),
+		meta: I(e),
+		sql: L(e),
+		dryRun: R(e),
+		batch: z(e),
+		explain: B(e)
 	};
-	return t.enabled !== !1 && (n.mcpRpc = L(e)), e.agent && (n.agentChat = R(e)), n;
+	return t.enabled !== !1 && (n.mcpRpc = G(e)), e.agent && (n.agentChat = K(e)), n;
 }
 //#endregion
-export { R as createAgentChatHandler, j as createBatchHandler, z as createCubeHandlers, N as createDiscoverHandler, A as createDryRunHandler, M as createExplainHandler, D as createLoadHandler, I as createMcpLoadHandler, L as createMcpRpcHandler, O as createMetaHandler, E as createOptionsHandler, k as createSqlHandler, P as createSuggestHandler, F as createValidateHandler };
+export { K as createAgentChatHandler, z as createBatchHandler, q as createCubeHandlers, V as createDiscoverHandler, R as createDryRunHandler, B as createExplainHandler, F as createLoadHandler, W as createMcpLoadHandler, G as createMcpRpcHandler, I as createMetaHandler, P as createOptionsHandler, L as createSqlHandler, H as createSuggestHandler, U as createValidateHandler };