fa-mcp-sdk 0.4.13 → 0.4.14

package/cli-template/CLAUDE.md

@@ -133,7 +133,7 @@ agentTester:
 
 **IMPORTANT for Claude Code**: When the development prompt or instructions mention testing with Headless API or Agent Tester, run `npm run check-llm` before starting any Agent Tester work. This script validates that the OpenAI API key is configured and functional. If it fails (exit code 1 = key missing, exit code 2 = key invalid or API error), inform the user about the issue and ask them to fix the configuration before proceeding with Agent Tester tests. See `08-agent-tester-and-headless-api.md` → "LLM Availability Check" for details.
 
-**Disabled state**: If `agentTester.enabled` is `false`, the server returns HTTP 403 on any `/agent-tester/*` request (including the Headless API) with a JSON message explaining how to enable it. When you receive this 403 response, do **NOT** enable Agent Tester yourself — only inform the developer that Agent Tester is currently disabled, and that it can be enabled via `agentTester.enabled: true` in `config/local.yaml` or ENV `AGENT_TESTER_ENABLED=true`. The developer decides whether to enable it. However, if the developer's prompt or instructions explicitly state that you should not mention Agent Tester enablement, respect that and do not bring it up.
+**Disabled state**: If `agentTester.enabled` is `false`, the server returns HTTP 404 on any `/agent-tester/*` request (including the Headless API). When you receive this 404 response, do **NOT** enable Agent Tester yourself — only inform the developer that Agent Tester may be disabled, and that it can be enabled via `agentTester.enabled: true` in `config/local.yaml` or ENV `AGENT_TESTER_ENABLED=true`. The developer decides whether to enable it. However, if the developer's prompt or instructions explicitly state that you should not mention Agent Tester enablement, respect that and do not bring it up.
 
 ### What Gets Tested
 

package/cli-template/FA-MCP-SDK-DOC/00-FA-MCP-SDK-index.md

@@ -20,7 +20,7 @@ npm install fa-mcp-sdk
 | [05-ad-authorization](05-ad-authorization.md) | AD group authorization at HTTP/tool levels | AD group restrictions |
 | [06-utilities](06-utilities.md) | `ServerError`, `normalizeHeaders`, logging, Consul, graceful shutdown | Error handling, utilities |
 | [07-testing-and-operations](07-testing-and-operations.md) | Test clients (STDIO, HTTP, SSE, Streamable HTTP) | Testing, deployment |
-| [08-agent-tester-and-headless-api](08-agent-tester-and-headless-api.md) | Agent Tester, Headless API, structured logging, automated testing | Agent-driven tool development, CLI automation |
+| [08-agent-tester-and-headless-api](08-agent-tester-and-headless-api.md) | Agent Tester, Headless API, structured logging, automated testing, UI `data-testid` reference | Agent-driven tool development, CLI automation, UI E2E tests |
 
 ## Key Exports
 

package/cli-template/FA-MCP-SDK-DOC/01-getting-started.md

@@ -125,6 +125,7 @@ const dbEnabled = appConfig.isMainDBUsed;
 | `logger` | Logging config |
 | `ad` | Active Directory config |
 | `consul` | Service discovery settings |
+| `homePage` | Home page footer settings (help link) |
 
 ### getProjectData(): McpServerData
 

package/cli-template/FA-MCP-SDK-DOC/03-configuration.md

@@ -119,6 +119,11 @@ swagger:
     - url: https://{{mcp.domain}}
       description: "PROD server"
 
+homePage:
+  helpLink:
+    url: ''          # If empty — help link is not shown in footer
+    label: 'Help'    # Link text (default: "Help")
+
 uiColor:
   # Font color of the header and a number of interface elements on the HOME page
   primary: '#0f65dc'

package/cli-template/FA-MCP-SDK-DOC/04-authentication.md

@@ -150,6 +150,25 @@ const serviceHeadersValidator: CustomAuthValidator = (req) => {
 > `authInfo` is **not** set on `req` when the validator runs — it is set by the middleware only after
 > successful authentication completes.
 
+## Agent Tester Authentication
+
+Protect the Agent Tester (`/agent-tester/*`) with `agentTester.useAuth`:
+
+```yaml
+agentTester:
+  useAuth: true   # Require authentication for Agent Tester
+webServer:
+  auth:
+    enabled: true
+    permanentServerTokens: ['my-secret-token']
+```
+
+Or via ENV: `AGENT_TESTER_USE_AUTH=true`
+
+When `useAuth` is `true`, the full multi-auth middleware is applied to Agent Tester routes — the same authentication used for MCP endpoints (`permanentServerTokens` / `basic` / `jwtToken` / `custom`). Browser users see a login dialog; headless clients pass `Authorization` header directly.
+
+See [Agent Tester docs](08-agent-tester-and-headless-api.md#authentication-agenttesteruseauth) for details on the login flow, session management, and API endpoints.
+
 ## AD Group Checking
 
 ### Configuration

package/cli-template/FA-MCP-SDK-DOC/08-agent-tester-and-headless-api.md

@@ -49,17 +49,114 @@ Root cause categories:
 - **Handler logic** — tool results confuse the LLM
 - **Error messages** — failures produce unhelpful responses
 
+## Authentication (`agentTester.useAuth`)
+
+When `agentTester.useAuth` is `true`, the Agent Tester is protected by the full multi-auth middleware — the same authentication chain used for MCP endpoints (`permanentServerTokens` / `basic` / `jwtToken` / `custom`).
+
+### How It Works
+
+**Browser access:** When a user opens `/agent-tester` in a browser, the page loads normally (static assets are served without auth). The frontend checks `GET /api/auth/status` and displays a **login dialog** if the user is not authenticated. The dialog adapts to configured auth methods:
+
+- If `permanentServerTokens` or `jwtToken` is configured — shows a "Token" input
+- If `basic` auth is configured — shows "Username" + "Password" inputs
+- If both are configured — shows tabs to switch between methods
+
+After successful login via `POST /api/auth/login`, the server issues an httpOnly session cookie (`__at_sid`). All subsequent API requests from the browser include this cookie automatically. The session is valid for the configured TTL (default: 8 hours — see [Session Lifetime](#session-lifetime) below). A logout button appears in the header.
+
+**Headless / CLI access:** Headless API consumers (curl, scripts, Claude Code) bypass the login dialog entirely. They pass an `Authorization` header with each request, which is validated by the standard `authMW`. No session cookie is needed.
+
+### Configuration
+
+```yaml
+agentTester:
+  useAuth: true              # Show login screen for browser, require auth for API
+  sessionTtlMs: 28800000     # Browser session lifetime in ms (default: 8h)
+
+webServer:
+  auth:
+    enabled: true
+    permanentServerTokens: ['my-secret-token']
+    # and/or basic, jwtToken — any configured method will be available
+```
+
+Environment variables:
+
+- `AGENT_TESTER_USE_AUTH=true`
+- `AGENT_TESTER_SESSION_TTL_MS=28800000`
+
+When `useAuth` is `false` (default), the Agent Tester is accessible without any authentication and `sessionTtlMs` has no effect.
+
+### Session Lifetime
+
+When `useAuth` is `true`, a successful browser login creates a server-side session and sets an httpOnly cookie (`__at_sid`) scoped to `/agent-tester`. Both the in-memory entry and the cookie's `Max-Age` use the same TTL from `agentTester.sessionTtlMs`.
+
+**Where sessions live**: an in-memory `Map` inside the server process (`src/core/auth/agent-tester-auth.ts`). There is no disk or Redis persistence — this is intentional because Agent Tester is a development tool, not a production auth system.
+
+**Default TTL**: 8 hours (`28_800_000` ms). Override by setting `agentTester.sessionTtlMs` in `config/default.yaml` (or any environment-specific override file), or via `AGENT_TESTER_SESSION_TTL_MS`. Values are in milliseconds; any non-positive or non-finite value falls back to the 8h default.
+
+**Cleanup**: a background sweep runs every 30 minutes and drops expired entries from the map. Expired entries are also evicted lazily on access.
+
+**Impact of closing the browser or restarting the server**:
+
+| Scenario | Re-login required? |
+|---|---|
+| Close tab, reopen within TTL | No — cookie is persistent, server session still live |
+| Close entire browser, reopen within TTL | No — cookie is persistent, server session still live |
+| TTL elapsed since last login | Yes — server drops the entry, responds 401 |
+| Server restart (Ctrl+C, deploy, crash) | Yes — in-memory map is cleared; browser presents an unknown `__at_sid` and the login overlay reappears |
+| User clicks the Logout button | Yes — `POST /api/auth/logout` deletes the entry and clears the cookie |
+
+**Tuning guidance**:
+
+- **Shorter TTL (e.g. 1 hour = `3600000`)**: more frequent logins, smaller exposure if a workstation is left unlocked.
+- **Longer TTL (e.g. 24 hours = `86400000`)**: fewer interruptions during long development sessions.
+- **Do not set TTL to 0 or a negative value** — the server will silently fall back to the 8h default.
+
+> **Note**: the TTL only affects the browser login flow. Headless API access via `Authorization` header is stateless and completely bypasses sessions; it is unaffected by `sessionTtlMs`.
+
+### Auth API Endpoints
+
+| Endpoint | Method | Description |
+|----------|--------|-------------|
+| `/api/auth/status` | GET | Returns `{ authRequired, authenticated, methods }` |
+| `/api/auth/login` | POST | Validates credentials, sets session cookie |
+| `/api/auth/logout` | POST | Destroys session, clears cookie |
+
+**Login request body:**
+
+```json
+// Token-based (permanent token or JWT)
+{ "token": "my-secret-token" }
+
+// Basic auth
+{ "username": "admin", "password": "secret" }
+```
+
+### Headless Client Example
+
+```bash
+# Access Agent Tester API with token (no login needed)
+curl -H "Authorization: Bearer my-secret-token" http://localhost:9876/agent-tester/api/mcp/status
+
+# Headless test with token
+curl -X POST http://localhost:9876/agent-tester/api/chat/test \
+  -H "Authorization: Bearer my-secret-token" \
+  -H "Content-Type: application/json" \
+  -d '{"message":"Hello","mcpConfig":{"url":"http://localhost:9876/mcp","transport":"http"}}'
+```
+
 ## Disabled State
 
-When `agentTester.enabled` is `false` (or not set), all `/agent-tester/*` endpoints — including the Headless API — return HTTP 403:
+When `agentTester.enabled` is `false` (or not set), all `/agent-tester/*` endpoints — including the Headless API — return HTTP 404:
 
 ```json
 {
-  "error": "Agent Tester is disabled",
-  "message": "The Agent Tester and Headless API are not available because agentTester.enabled is set to false..."
+  "error": "Not found"
 }
 ```
 
+This prevents disclosing the existence of the Agent Tester to external users.
+
 To enable, developer can use one of:
 
 - **ENV**: `AGENT_TESTER_ENABLED=true`
@@ -69,7 +166,19 @@ To enable, developer can use one of:
     enabled: true
   ```
 
-**For Claude Code**: When you receive this 403 response, do **not** enable Agent Tester yourself — only inform the developer that it is disabled and how to enable it. The developer decides whether to turn it on. If the developer's prompt or instructions explicitly say not to mention Agent Tester enablement, respect that and stay silent.
+### Hiding Footer Link Without Disabling Tester
+
+To keep the Agent Tester functional (accessible directly by URL) but hide the link from the home page footer, use `showFooterLink: false`:
+
+```yaml
+agentTester:
+  enabled: true
+  showFooterLink: false   # Tester works, but footer link is hidden
+```
+
+When `showFooterLink` is omitted or `true` (default), the footer link is shown as usual.
+
+**For Claude Code**: When you receive a 404 response on `/agent-tester/*`, the Agent Tester may be disabled. Inform the developer and suggest enabling it via `agentTester.enabled: true` in `config/local.yaml` or ENV `AGENT_TESTER_ENABLED=true`. The developer decides whether to turn it on. If the developer's prompt or instructions explicitly say not to mention Agent Tester enablement, respect that and stay silent.
 
 ## LLM Availability Check
 
@@ -269,17 +378,25 @@ Compare `system_prompt_sent` and agent responses between variations to find the
 
 The headless API shares sessions with the chat UI. To start a fresh conversation, omit `sessionId`. To continue an existing conversation, pass `sessionId` from a previous response.
 
-## Structured JSON Logging
+## Structured JSON Logging (`agentTester.logJson`)
+
+When `agentTester.logJson` is `true`, each agent event is emitted as a single-line JSON object on stdout — useful for real-time monitoring, debugging, and log aggregation.
+
+Enable via config, CLI flag, or environment variable:
 
-For real-time monitoring of agent events during testing, start the server with the `--log-json` flag:
+```yaml
+# config/local.yaml
+agentTester:
+  logJson: true
+```
 
 ```bash
 npm start -- --log-json
-# or via environment variable:
+# or
 AGENT_TESTER_LOG_JSON=true npm start
 ```
 
-Each agent event is emitted as a single-line JSON object on stdout:
+Event types emitted:
 
 ```
 {"event":"tool_call","name":"get_currency_rate","arguments":{"quoteCurrency":"EUR"},"timestamp":"2025-08-15T14:32:00.000Z"}
@@ -322,3 +439,189 @@ The Headless API is designed for CLI automation tools like Claude Code. The typi
 The Agent Tester also provides a web UI at `/agent-tester` for interactive testing. The UI auto-connects to the local MCP server and auto-fills auth headers if configured.
 
 The chat UI uses `POST /api/chat/message` (which returns only the final response). The headless API uses `POST /api/chat/test` (which returns the response plus full trace data). Both share the same underlying agent logic and session storage.
+
+## UI Test Selectors (`data-testid`)
+
+For UI automation (Playwright, Cypress, Selenium) the Agent Tester page is annotated with stable `data-testid` attributes. Prefer these over CSS classes, DOM IDs, or label text — they are the documented contract and won't change with styling or copy edits.
+
+### Naming Convention
+
+All selectors use the `at-` prefix (short for "agent tester") in kebab-case:
+
+```
+at-<area>-<element>[-<modifier>]
+```
+
+Example: `at-auth-token-input`, `at-server-url`, `at-message-user`, `at-toast-success`.
+
+Dynamic elements that map 1:1 to runtime data append the runtime key:
+
+```
+at-header-row-<headerName>     e.g. at-header-row-Authorization
+at-header-input-<headerName>   e.g. at-header-input-X-Session-Id
+at-message-<sender>            e.g. at-message-user, at-message-assistant
+at-toast-<type>                e.g. at-toast-success, at-toast-error
+```
+
+### Selector Reference
+
+**Auth overlay (shown when `agentTester.useAuth: true`)**
+
+| testid | Element |
+|---|---|
+| `at-auth-overlay` | Root login overlay container |
+| `at-auth-tabs` | Tab switcher (only rendered when multiple methods configured) |
+| `at-auth-tab-token` | "Token" tab button |
+| `at-auth-tab-basic` | "Login" tab button |
+| `at-auth-token-form` | Token login form |
+| `at-auth-token-input` | Token input field |
+| `at-auth-token-submit` | Token submit button |
+| `at-auth-basic-form` | Basic auth form |
+| `at-auth-username` | Username input |
+| `at-auth-password` | Password input |
+| `at-auth-basic-submit` | Basic submit button |
+| `at-auth-error` | Error message container |
+
+**App shell**
+
+| testid | Element |
+|---|---|
+| `at-app` | Root app container (hidden until authenticated) |
+| `at-sidebar` | Sidebar (configuration panel) |
+| `at-main` | Main chat area |
+| `at-chat-header` | Chat header bar |
+
+**Sidebar — connection form**
+
+| testid | Element |
+|---|---|
+| `at-connection-form` | MCP connection form |
+| `at-server-url` | MCP server URL input |
+| `at-server-url-dropdown` | Saved URLs dropdown toggle |
+| `at-server-url-dropdown-list` | Saved URLs dropdown panel |
+| `at-server-url-add-new` | "Add new URL" menu item |
+| `at-saved-urls-list` | Container for saved URL items |
+| `at-saved-url-item` | Each saved URL row (dynamic) |
+| `at-saved-url-text` | Clickable URL text within a row |
+| `at-saved-url-delete` | Delete button for a saved URL |
+| `at-transport` | Transport `<select>` (http / sse) |
+| `at-connect-btn` | Connect button |
+| `at-connected-servers` | Connection status bar container |
+| `at-server-status-row` | Status row (dynamic, rendered after connect attempt) |
+| `at-server-status-connected` | "X tools connected" badge |
+| `at-server-status-disconnected` | "Disconnected" badge |
+| `at-disconnect-btn` | Disconnect button |
+| `at-reconnect-btn` | Reconnect button |
+
+**Sidebar — HTTP headers section**
+
+| testid | Element |
+|---|---|
+| `at-headers-section` | Headers section container |
+| `at-dynamic-headers` | Headers list container |
+| `at-header-row-<name>` | Row for a specific header (e.g. `at-header-row-Authorization`) |
+| `at-header-input-<name>` | Input for a specific header value |
+
+**Sidebar — model settings**
+
+| testid | Element |
+|---|---|
+| `at-model-section` | Model section container |
+| `at-model-select` | Model `<select>` |
+| `at-custom-model-settings` | "Other..." custom model panel |
+| `at-custom-base-url` | Custom base URL input |
+| `at-custom-api-key` | Custom API key input |
+| `at-custom-model-name` | Custom model name input |
+| `at-model-temperature` | Temperature input |
+| `at-model-max-tokens` | Max tokens input |
+| `at-model-max-turns` | Max turns input |
+| `at-tool-result-limit` | Tool result char limit input |
+
+**Sidebar — prompts**
+
+| testid | Element |
+|---|---|
+| `at-system-prompt` | Agent (system) prompt `<textarea>` |
+| `at-system-prompt-enlarge` | Enlarge button for agent prompt |
+| `at-custom-prompt` | Custom prompt `<textarea>` |
+| `at-custom-prompt-enlarge` | Enlarge button for custom prompt |
+
+**Chat header**
+
+| testid | Element |
+|---|---|
+| `at-sidebar-toggle-mobile` | Mobile sidebar toggle |
+| `at-default-format` | Default display format `<select>` (HTML / MD) |
+| `at-theme-toggle` | Light/dark theme toggle |
+| `at-clear-chat` | Clear chat button |
+| `at-logout-btn` | Logout button (visible only when `useAuth` is true) |
+
+**Chat area**
+
+| testid | Element |
+|---|---|
+| `at-chat-messages` | Messages scroll container |
+| `at-welcome-message` | Initial welcome card |
+| `at-message-user` | User message bubble (one per message) |
+| `at-message-assistant` | Assistant message bubble |
+| `at-message-text-user` | Inner text element of a user message |
+| `at-message-text-assistant` | Inner text element of an assistant message |
+| `at-message-format-toggle` | HTML/MD format toggle on an assistant message |
+| `at-typing-indicator` | Typing indicator (shown during LLM response) |
+| `at-message-input` | Chat input `<textarea>` |
+| `at-char-count` | Character counter span |
+| `at-send-btn` | Send button |
+
+**Modals and overlays**
+
+| testid | Element |
+|---|---|
+| `at-prompt-modal` | Prompt enlarge modal overlay |
+| `at-prompt-modal-title` | Modal title |
+| `at-prompt-modal-textarea` | Modal text area |
+| `at-prompt-modal-save` | Apply button |
+| `at-prompt-modal-close` | Close button |
+| `at-loading-overlay` | Global loading overlay |
+| `at-header-tooltip` | Floating header description tooltip |
+| `at-toast-container` | Toast notifications container |
+| `at-toast-success` / `at-toast-error` / `at-toast-warning` / `at-toast-info` | Individual toast (dynamic) |
+
+### Usage Examples
+
+**Playwright**
+
+```js
+await page.goto('http://localhost:9876/agent-tester');
+
+// Login when useAuth is enabled
+await page.getByTestId('at-auth-token-input').fill(process.env.MCP_TOKEN);
+await page.getByTestId('at-auth-token-submit').click();
+
+// Wait for main app
+await page.getByTestId('at-app').waitFor();
+
+// Send a chat message
+await page.getByTestId('at-message-input').fill('List all tools');
+await page.getByTestId('at-send-btn').click();
+
+// Assert an assistant reply appeared
+await page.getByTestId('at-message-assistant').first().waitFor();
+```
+
+**Cypress**
+
+```js
+cy.visit('/agent-tester');
+cy.get('[data-testid=at-auth-token-input]').type(Cypress.env('MCP_TOKEN'));
+cy.get('[data-testid=at-auth-token-submit]').click();
+cy.get('[data-testid=at-server-status-connected]').should('be.visible');
+```
+
+### Stability Guarantee
+
+These test-ids are part of the public contract of the Agent Tester UI. Once added, a given id is not renamed or removed without a changelog entry. New elements are added with new ids as the UI grows. When authoring tests, prefer `data-testid` over:
+
+- DOM `id` (may be shared with form `<label for>` pairs and collide across scopes)
+- CSS class names (used for styling — may be renamed or removed during refactors)
+- Visible text (localized / editable copy — changes break tests)
+- XPath or positional selectors (brittle to layout changes)

package/cli-template/package.json

@@ -50,7 +50,7 @@
   "dependencies": {
     "@modelcontextprotocol/sdk": "^1.29.0",
     "dotenv": "^17.4.1",
-    "fa-mcp-sdk": "^0.4.13"
+    "fa-mcp-sdk": "^0.4.14"
   },
   "devDependencies": {
     "@types/express": "^5.0.6",

package/config/_local.yaml

@@ -14,10 +14,17 @@ ad:
 
 agentTester:
   enabled: true
-  useAuth: false
+  showFooterLink: true  # true (default) — show Agent Tester link in home page footer; false — hide link without disabling tester
+  useAuth: false  # true — apply full multi-auth middleware (permanentTokens/basic/JWT/custom) to /agent-tester routes, same as MCP endpoints
+  sessionTtlMs: 28800000  # Browser login session lifetime in milliseconds. Default: 28800000 (8 hours). Applies only when useAuth is true. Sessions are in-memory on the server — lost on restart.
+  logJson: false  # true — emit structured JSON events (tool_call, tool_result, llm_response, response) to stdout during agent execution
   openAi:
-    apiKey: '***'
-    # baseURL:
+    apiKey: ''
+    # baseURL: ''
+  httpHeaders:
+  # Key-value pairs for HTTP requests that should be auto-populated in agentTester
+  # Example: X-User-Id: 12345
+
 
 # --------------------------------------------------
 # CACHING Reduces API calls by caching responses
@@ -61,6 +68,11 @@ db:
 #        usedExtensions:
 #          - pgvector
 
+homePage:
+  helpLink:
+    url: ''          # If empty — help link is not shown in footer
+    label: 'Help'    # Link text (default: "Help")
+
 logger:
   level: info
   useFileLogger: {{logger.useFileLogger}} # To use or not to use logging to a file

package/config/custom-environment-variables.yaml

@@ -1,6 +1,9 @@
 agentTester:
   enabled: AGENT_TESTER_ENABLED
   useAuth: AGENT_TESTER_USE_AUTH
+  sessionTtlMs:
+    __name: AGENT_TESTER_SESSION_TTL_MS
+    __format: number
   openAi:
     apiKey: AGENT_TESTER_OPENAI_API_KEY
     baseURL: AGENT_TESTER_OPENAI_BASE_URL

package/config/default.yaml

@@ -35,7 +35,10 @@ ad:
 
 agentTester:
   enabled: true
-  useAuth: false
+  showFooterLink: true  # true (default) — show Agent Tester link in home page footer; false — hide link without disabling tester
+  useAuth: false  # true — protect Agent Tester with full multi-auth (permanentTokens/basic/JWT/custom); browser users see a login dialog, headless clients pass Authorization header
+  sessionTtlMs: 28800000  # Browser login session lifetime in milliseconds. Default: 28800000 (8 hours). Applies only when useAuth is true. Sessions are in-memory on the server — lost on restart.
+  logJson: false  # true — emit structured JSON events (tool_call, tool_result, llm_response, response) to stdout during agent execution
   openAi:
     apiKey: ''
     # baseURL: ''
@@ -138,6 +141,11 @@ swagger:
     - url: https://{{mcp.domain}}
       description: "PROD server"
 
+homePage:
+  helpLink:
+    url: ''     # If empty — help link is not shown in footer
+    label: 'Help'  # Link text (default: "Help")
+
 uiColor:
   # Font color of the header and a number of interface elements on the HOME page
   primary: '#0f65dc'
@@ -201,3 +209,4 @@ webServer:
     # For permanentServerTokens, basic, jwtToken - uses credentials from webServer.auth section
     # For ntlm - uses AD configuration from ad.domains section (no additional credentials needed)
     type: 'basic'
+

package/config/local_.yaml

@@ -0,0 +1,112 @@
+---
+agentTester:
+  enabled: true
+  showFooterLink: true  # true (default) — show Agent Tester link in home page footer; false — hide link without disabling tester
+  useAuth: true
+  openAi:
+    apiKey: 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
+    apiKeyName: oai-aite-vvmakarov
+    baseURL: ''
+
+ad:
+  domains:
+    OFFICE:
+      controllers:
+        - 'ldap://prdc1.office.finam.ru'
+        - 'ldap://prdc2.office.finam.ru'
+      default: true
+      password: International2025%
+      username: aite01-ldap-s
+    WTE:
+      controllers:
+        - 'ldap://prdc1.corp.whotrades.eu'
+        - 'ldap://prdc2.corp.whotrades.eu'
+      password: International2025%
+      username: aite01-ldap-s
+
+consul:
+  agent:
+    dev:
+      dc: 'dc-dev'
+      host: 'consul.entapp.work'
+      token: db56c39b-4b3f-f995-f2e6-6b7c5ab76fa8
+    prd:
+      dc: 'dc-prd'
+      host: 'consul.entapp.work'
+      token: 4701c873-9af3-e9a5-cd81-3a0184a5d898
+    reg:
+      host: MSK-AITE01-AP01.office.finam.ru
+      # host: MSK-AITR01-AP01.office.finam.ru
+      token: db56c39b-4b3f-f995-f2e6-6b7c5ab76fa8
+  service:
+    enable: false
+    instance: ws1170
+  envCode: # Used to generate the service ID
+    prod: aitr01
+    dev: aite01
+
+db:
+  postgres:
+    dbs:
+      main:
+        label: 'znayka_dev on DEV-1'
+        host: 127.0.0.1
+        database: znayka_dev
+        port: 5432
+        password: Glaui46X49
+        user: znayka_dev
+        powerPassword: mCyDLHUZhbyj
+        powerUser: postgres
+        usedExtensions:
+          - pgvector
+        ssh:
+          host: MSK-AITE01-AP01
+          port: 22
+          username: root
+          privateKey: 'C:\Users\vv\.ssh\id_rsa_finam_vvmakarov'
+
+homePage:
+  helpLink:
+    url: 'https://znayka.finam.ru'     # If empty — help link is not shown in footer
+    label: 'znayka'  # Link text (default: "Help")
+
+logger:
+  level: info
+  useFileLogger: false # To use or not to use logging to a file
+  dir: ''
+
+mcp:
+  transportType: http # 'stdio' or 'http'
+  toolAnswerAs: text # text | structuredContent
+
+swagger:
+  servers:  # An array of servers that will be added to swagger docs
+    - url: http://localhost:9876
+      description: "Local server"
+
+webServer:
+  port: 9876
+  auth:
+    enabled: true
+    # An array of fixed tokens that pass to the MCP (use only for MCPs with green data or for development)
+    permanentServerTokens: ['test-perm-token']
+    jwtToken:
+      # Symmetric encryption key to generate a token for this MCP
+      encryptKey: '66666666-7777-8888-9999-000000000000'
+      # If webServer.auth.enabled and the parameter true, the service name and the service specified in the token will be checked
+      checkMCPName: true
+    basic:
+      username: vpupkin
+      password: '1'
+
+  # ========================================================================
+  # ADMIN PANEL AUTHENTICATION
+  # Token generation page available at /admin endpoint
+  # Supports 4 authentication methods: permanentServerTokens, basic, jwtToken, ntlm
+  # ========================================================================
+  adminAuth:
+    enabled: false
+    # Authentication type for admin panel: 'permanentServerTokens' | 'basic' | 'jwtToken' | 'ntlm'
+    # For permanentServerTokens, basic, jwtToken - uses credentials from webServer.auth section
+    # For ntlm - uses AD configuration from ad.domains section (no additional credentials needed)
+    type: 'jwtToken'

package/dist/core/_types_/config.d.ts

@@ -54,13 +54,23 @@ interface ISwaggerConfig {
 interface IAgentTesterConfig {
     agentTester?: {
         enabled: boolean;
+        showFooterLink?: boolean;
         useAuth: boolean;
+        sessionTtlMs?: number;
+        logJson?: boolean;
         openAi?: {
             apiKey: string;
             baseURL?: string;
         };
         httpHeaders?: Record<string, string>;
-        logJson?: boolean;
+    };
+}
+interface IHomePageConfig {
+    homePage?: {
+        helpLink?: {
+            url: string;
+            label?: string;
+        };
     };
 }
 interface ICacheConfig {
@@ -69,7 +79,7 @@ interface ICacheConfig {
         maxItems: 1000;
     };
 }
-export interface AppConfig extends IADConfig, ICacheConfig, ILoggerConfig, IAFDatabasesConfig, IWebServerConfig, IMCPConfig, ISwaggerConfig, IAgentTesterConfig {
+export interface AppConfig extends IADConfig, ICacheConfig, ILoggerConfig, IAFDatabasesConfig, IWebServerConfig, IMCPConfig, ISwaggerConfig, IAgentTesterConfig, IHomePageConfig {
     isMainDBUsed: boolean;
     name: string;
     shortName: string;

package/dist/core/_types_/config.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../../src/core/_types_/config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,UAAU,CAAC;AAC9C,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAC7C,OAAO,EAAE,eAAe,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AAE3D,OAAO,EAAE,SAAS,EAAE,MAAM,8BAA8B,CAAC;AAGzD,UAAU,gBAAgB;IACxB,SAAS,EAAE;QACT,IAAI,EAAE,MAAM,CAAC;QACb,IAAI,EAAE,MAAM,CAAC;QACb,WAAW,EAAE,MAAM,EAAE,CAAC;QACtB,IAAI,EAAE;YACJ,OAAO,EAAE,OAAO,CAAC;YACjB,KAAK,CAAC,EAAE;gBACN,QAAQ,EAAE,MAAM,CAAC;gBACjB,QAAQ,EAAE,MAAM,CAAC;aAClB,CAAC;YACF,QAAQ,EAAE;gBACR,UAAU,EAAE,MAAM,CAAC;gBACnB,YAAY,EAAE,OAAO,CAAC;gBACtB,SAAS,EAAE,OAAO,CAAC;aACpB,CAAA;YACD,qBAAqB,EAAE,MAAM,EAAE,CAAC;SACjC,CAAC;QACF,SAAS,EAAE;YACT,OAAO,EAAE,OAAO,CAAC;YACjB,IAAI,EAAE,uBAAuB,GAAG,OAAO,GAAG,UAAU,GAAG,MAAM,CAAC;SAC/D,CAAC;KACH,CAAA;CACF;AAGD,UAAU,aAAa;IACrB,MAAM,EAAE;QACN,KAAK,EAAE,aAAa,CAAC;QACrB,aAAa,EAAE,OAAO,CAAC;QACvB,GAAG,CAAC,EAAE,MAAM,CAAC;KACd,CAAA;CACF;AAED,UAAU,UAAU;IAClB,GAAG,EAAE;QACH,SAAS,EAAE;YACT,WAAW,EAAE,MAAM,CAAC;YACpB,QAAQ,EAAE,MAAM,CAAC;SAClB,CAAC;QACF,YAAY,EAAE,MAAM,GAAG,mBAAmB,CAAA;QAC1C,aAAa,EAAE,OAAO,GAAG,MAAM,CAAC;KACjC,CAAA;CACF;AAED,UAAU,cAAc;IACtB,OAAO,EAAE;QACP,OAAO,CAAC,EAAE;YACR,GAAG,EAAE,MAAM,CAAC;YACZ,WAAW,EAAE,MAAM,CAAC;SACrB,EAAE,CAAC;KACL,CAAA;CACF;AAED,UAAU,kBAAkB;IAC1B,WAAW,CAAC,EAAE;QACZ,OAAO,EAAE,OAAO,CAAC;QACjB,OAAO,EAAE,OAAO,CAAC;QACjB,MAAM,CAAC,EAAE;YACP,MAAM,EAAE,MAAM,CAAC;YACf,OAAO,CAAC,EAAE,MAAM,CAAC;SAClB,CAAC;QACF,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACrC,OAAO,CAAC,EAAE,OAAO,CAAC;KACnB,CAAA;CACF;AAED,UAAU,YAAY;IACpB,KAAK,EAAE;QACL,UAAU,EAAE,GAAG,CAAC;QAChB,QAAQ,EAAE,IAAI,CAAC;KAChB,CAAA;CACF;AAED,MAAM,WAAW,SAAU,SAAQ,SAAS,EAC1C,YAAY,EACZ,aAAa,EACb,kBAAkB,EAClB,gBAAgB,EAChB,UAAU,EACV,cAAc,EACd,kBAAkB;IAElB,YAAY,EAAE,OAAO,CAAC;IAEtB,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IAEpB,YAAY,EAAE,aAAa,CAAC;IAC5B,MAAM,EAAE,eAAe,GAAG;QACxB,OAAO,EAAE;YACP,IAAI,EAAE,MAAM,CAAC;YACb,GAAG,EAAE,MAAM,CAAC;SACb,CAAC;KACH,CAAC;IACF,OAAO,EAAE;QACP,OAAO,EAAE,MAAM,CAAC;KACjB,CAAA;CACF"}
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../../src/core/_types_/config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,UAAU,CAAC;AAC9C,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAC7C,OAAO,EAAE,eAAe,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AAE3D,OAAO,EAAE,SAAS,EAAE,MAAM,8BAA8B,CAAC;AAGzD,UAAU,gBAAgB;IACxB,SAAS,EAAE;QACT,IAAI,EAAE,MAAM,CAAC;QACb,IAAI,EAAE,MAAM,CAAC;QACb,WAAW,EAAE,MAAM,EAAE,CAAC;QACtB,IAAI,EAAE;YACJ,OAAO,EAAE,OAAO,CAAC;YACjB,KAAK,CAAC,EAAE;gBACN,QAAQ,EAAE,MAAM,CAAC;gBACjB,QAAQ,EAAE,MAAM,CAAC;aAClB,CAAC;YACF,QAAQ,EAAE;gBACR,UAAU,EAAE,MAAM,CAAC;gBACnB,YAAY,EAAE,OAAO,CAAC;gBACtB,SAAS,EAAE,OAAO,CAAC;aACpB,CAAA;YACD,qBAAqB,EAAE,MAAM,EAAE,CAAC;SACjC,CAAC;QACF,SAAS,EAAE;YACT,OAAO,EAAE,OAAO,CAAC;YACjB,IAAI,EAAE,uBAAuB,GAAG,OAAO,GAAG,UAAU,GAAG,MAAM,CAAC;SAC/D,CAAC;KACH,CAAA;CACF;AAGD,UAAU,aAAa;IACrB,MAAM,EAAE;QACN,KAAK,EAAE,aAAa,CAAC;QACrB,aAAa,EAAE,OAAO,CAAC;QACvB,GAAG,CAAC,EAAE,MAAM,CAAC;KACd,CAAA;CACF;AAED,UAAU,UAAU;IAClB,GAAG,EAAE;QACH,SAAS,EAAE;YACT,WAAW,EAAE,MAAM,CAAC;YACpB,QAAQ,EAAE,MAAM,CAAC;SAClB,CAAC;QACF,YAAY,EAAE,MAAM,GAAG,mBAAmB,CAAA;QAC1C,aAAa,EAAE,OAAO,GAAG,MAAM,CAAC;KACjC,CAAA;CACF;AAED,UAAU,cAAc;IACtB,OAAO,EAAE;QACP,OAAO,CAAC,EAAE;YACR,GAAG,EAAE,MAAM,CAAC;YACZ,WAAW,EAAE,MAAM,CAAC;SACrB,EAAE,CAAC;KACL,CAAA;CACF;AAED,UAAU,kBAAkB;IAC1B,WAAW,CAAC,EAAE;QACZ,OAAO,EAAE,OAAO,CAAC;QACjB,cAAc,CAAC,EAAE,OAAO,CAAC;QACzB,OAAO,EAAE,OAAO,CAAC;QACjB,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,OAAO,CAAC,EAAE,OAAO,CAAC;QAClB,MAAM,CAAC,EAAE;YACP,MAAM,EAAE,MAAM,CAAC;YACf,OAAO,CAAC,EAAE,MAAM,CAAC;SAClB,CAAC;QACF,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;KACtC,CAAA;CACF;AAED,UAAU,eAAe;IACvB,QAAQ,CAAC,EAAE;QACT,QAAQ,CAAC,EAAE;YACT,GAAG,EAAE,MAAM,CAAC;YACZ,KAAK,CAAC,EAAE,MAAM,CAAC;SAChB,CAAC;KACH,CAAC;CACH;AAED,UAAU,YAAY;IACpB,KAAK,EAAE;QACL,UAAU,EAAE,GAAG,CAAC;QAChB,QAAQ,EAAE,IAAI,CAAC;KAChB,CAAA;CACF;AAED,MAAM,WAAW,SAAU,SAAQ,SAAS,EAC1C,YAAY,EACZ,aAAa,EACb,kBAAkB,EAClB,gBAAgB,EAChB,UAAU,EACV,cAAc,EACd,kBAAkB,EAClB,eAAe;IAEf,YAAY,EAAE,OAAO,CAAC;IAEtB,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IAEpB,YAAY,EAAE,aAAa,CAAC;IAC5B,MAAM,EAAE,eAAe,GAAG;QACxB,OAAO,EAAE;YACP,IAAI,EAAE,MAAM,CAAC;YACb,GAAG,EAAE,MAAM,CAAC;SACb,CAAC;KACH,CAAC;IACF,OAAO,EAAE;QACP,OAAO,EAAE,MAAM,CAAC;KACjB,CAAA;CACF"}