frontmcp 0.8.0 → 0.9.0

package/README.md

@@ -7,15 +7,15 @@
 </picture>
 <hr>
 
-<strong>The TypeScript way to build MCP servers with decorators, DI, and Streamable HTTP.</strong>
-
-_Made with ❤️ for TypeScript developers_
+**The TypeScript way to build MCP servers with decorators, DI, and Streamable HTTP.**
 
 [![NPM - @frontmcp/sdk](https://img.shields.io/npm/v/@frontmcp/sdk.svg?v=2)](https://www.npmjs.com/package/@frontmcp/sdk)
 [![Node](https://img.shields.io/badge/node-%3E%3D22-339933?logo=node.js&logoColor=white)](https://nodejs.org)
 [![License](https://img.shields.io/github/license/agentfront/frontmcp.svg?v=1)](https://github.com/agentfront/frontmcp/blob/main/LICENSE)
 [![Snyk](https://snyk.io/test/github/agentfront/frontmcp/badge.svg)](https://snyk.io/test/github/agentfront/frontmcp)
 
+[Docs][docs-home] &bull; [Quickstart][docs-quickstart] &bull; [API Reference][docs-sdk-ref] &bull; [Discord](https://discord.gg/frontmcp)
+
 </div>
 
 ---
@@ -24,13 +24,12 @@ FrontMCP is a **TypeScript-first framework** for the [Model Context Protocol (MC
 You write clean, typed code; FrontMCP handles the protocol, transport, DI, session/auth, and execution flow.
 
 ```ts
-// src/main.ts
 import 'reflect-metadata';
 import { FrontMcp, LogLevel } from '@frontmcp/sdk';
 import HelloApp from './hello.app';
 
 @FrontMcp({
-  info: { name: 'Demo 🚀', version: '0.1.0' },
+  info: { name: 'Demo', version: '0.1.0' },
   apps: [HelloApp],
   http: { port: 3000 },
   logging: { level: LogLevel.Info },
@@ -38,424 +37,99 @@ import HelloApp from './hello.app';
 export default class Server {}
 ```
 
----
-
-<!-- omit in toc -->
-
-## Table of Contents
-
-- [Why FrontMCP?](#why-frontmcp)
-- [Installation](#installation)
-- [Quickstart](#quickstart)
-  - [1) Create Your FrontMCP Server](#1-create-your-frontmcp-server)
-  - [2) Define an App](#2-define-an-app)
-  - [3) Add Your First Tool](#3-add-your-first-tool)
-  - [4) Run It](#4-run-it)
-  - [Function and Class Tools](#function-and-class-tools)
-  - [Scripts & tsconfig](#scripts--tsconfig)
-  - [Inspector](#inspector)
-- [Core Concepts](#core-concepts)
-  - [Servers](#servers)
-  - [Apps](#apps)
-  - [Tools](#tools)
-  - [Resources](#resources)
-  - [Prompts](#prompts)
-  - [Providers / Adapters / Plugins](#providers--adapters--plugins)
-- [Authentication](#authentication)
-  - [Remote OAuth](#remote-oauth)
-  - [Local OAuth](#local-oauth)
-- [Sessions & Transport](#sessions--transport)
-- [Deployment](#deployment)
-  - [Local Dev](#local-dev)
-  - [Production](#production)
-- [Version Alignment](#version-alignment)
-- [Contributing](#contributing)
-- [License](#license)
-
----
-
-## Why FrontMCP?
-
-- **TypeScript-native DX** — decorators, Zod, and strong typing end-to-end
-- **Scoped invoker + DI** — secure, composable execution with hooks
-- **Adapters & Plugins** — extend your server without boilerplate
-- **Spec-aligned transport** — Streamable HTTP for modern MCP clients
-
----
-
 ## Installation
 
-**Prerequisites:**
-
-- **Node.js**: Minimum version 22 (LTS) | Recommended version 24 (Active LTS)
-  - _This framework is developed and tested on Node.js 24_
-- **npm**: ≥ 10 (or pnpm/yarn equivalent)
-
-For detailed setup instructions, see the [Installation Guide][1].
-
-### Option A — New project (recommended)
+**Node.js 22+** required (24 recommended).
 
 ```bash
+# New project (recommended)
 npx frontmcp create my-app
-```
-
-This scaffolds a FrontMCP project, writes a modern ESM `tsconfig.json` for decorators, adds helpful package scripts, and
-installs required dev deps. ([Installation - FrontMCP][1])
 
-### Option B — Add to an existing project
-
-```bash
+# Existing project
 npm i -D frontmcp @types/node@^22
 npx frontmcp init
 ```
 
-`init` adds scripts, verifies your `tsconfig.json`, and checks layout. No need to install `@frontmcp/sdk` directly—the
-CLI bundles a compatible SDK for you. ([Installation - FrontMCP][1])
-
----
-
-## Quickstart
-
-If you haven’t installed FrontMCP yet, follow the [installation guide][1] first.
-
-### 1) Create Your FrontMCP Server
-
-```ts
-// src/main.ts
-import { FrontMcp, LogLevel } from '@frontmcp/sdk';
-import HelloApp from './hello.app';
-
-@FrontMcp({
-  info: { name: 'Hello MCP', version: '0.1.0' },
-  apps: [HelloApp],
-  http: { port: 3000 },
-  logging: { level: LogLevel.INFO },
-})
-export default class HelloServer {}
-```
-
-### 2) Define an App
-
-```ts
-// src/hello.app.ts
-import { App } from '@frontmcp/sdk';
-import GreetTool from './tools/greet.tool';
-
-@App({
-  id: 'hello',
-  name: 'Hello App',
-  tools: [GreetTool],
-})
-export default class HelloApp {}
-```
-
-### 3) Add Your First Tool
-
-```ts
-// src/tools/greet.tool.ts
-import { Tool } from '@frontmcp/sdk';
-import { z } from 'zod';
-
-@Tool({
-  name: 'greet',
-  description: 'Greets a user by name',
-  inputSchema: { name: z.string() },
-})
-export default class GreetTool {
-  async execute({ name }: { name: string }) {
-    return `Hello, ${name}!`;
-  }
-}
-```
-
-### 4) Run It
-
-Add scripts (if you didn't use `frontmcp create`):
-
-```json
-{
-  "scripts": {
-    "dev": "frontmcp dev",
-    "build": "frontmcp build",
-    "start": "node dist/main.js"
-  }
-}
-```
-
-Then:
-
-```bash
-npm run dev
-# Server listening on http://localhost:3000
-```
-
-> **Tip:** FrontMCP speaks **MCP Streamable HTTP**. Connect any MCP-capable client and call `greet` with
-> `{"name": "Ada"}`. ([Quickstart - FrontMCP][2])
-
-### Function and Class Tools
-
-Tools are typed actions with Zod schemas. Implement them as classes with `@Tool({...})` or inline via `tool()`. Pass
-**Zod fields directly** (no `z.object({...})`). ([Tools - FrontMCP][4])
-
-**Function tool**
-
-```ts
-import { tool } from '@frontmcp/sdk';
-import { z } from 'zod';
-
-export default tool({
-  name: 'greet',
-  description: 'Greets a user by name',
-  inputSchema: { name: z.string() }, // shape, not z.object
-})(({ name }) => `Hello, ${name}!`);
-```
-
-**Class tool**
-
-```ts
-import { Tool } from '@frontmcp/sdk';
-import { z } from 'zod';
-
-@Tool({
-  name: 'add',
-  description: 'Add two numbers',
-  inputSchema: { a: z.number(), b: z.number() },
-})
-export default class AddTool {
-  async execute({ a, b }: { a: number; b: number }) {
-    return a + b;
-  }
-}
-```
-
-### Scripts & tsconfig
-
-After `create` or `init`, you’ll have:
-
-```json
-{
-  "scripts": {
-    "dev": "frontmcp dev",
-    "build": "frontmcp build",
-    "inspect": "frontmcp inspector",
-    "doctor": "frontmcp doctor"
-  }
-}
-```
-
-These map to dev watch, production build, zero‑setup Inspector launch, and environment checks. ([Installation -
-FrontMCP][1])
-
-**Recommended `tsconfig.json` (ESM + decorators)**
-
-```json
-{
-  "compilerOptions": {
-    "target": "es2021",
-    "module": "esnext",
-    "lib": ["es2021"],
-    "moduleResolution": "bundler",
-    "rootDir": "src",
-    "outDir": "dist",
-    "strict": true,
-    "esModuleInterop": true,
-    "resolveJsonModule": true,
-    "skipLibCheck": true,
-    "experimentalDecorators": true,
-    "emitDecoratorMetadata": true,
-    "sourceMap": true
-  },
-  "include": ["src/**/*.ts"],
-  "exclude": ["**/*.test.ts", "**/__tests__/**"]
-}
-```
-
-This mirrors what `init` writes for you. ([Local Dev Server - FrontMCP][3])
-
-**Optional `tsconfig.build.json`**
-
-```json
-{
-  "extends": "./tsconfig.json",
-  "compilerOptions": {
-    "declaration": true,
-    "sourceMap": false
-  },
-  "exclude": ["**/*.test.ts", "**/__tests__/**", "src/**/*.dev.ts"]
-}
-```
-
-### Inspector
-
-Run a browser UI to exercise tools and messages:
-
-```bash
-npm run inspect
-```
-
-This launches the MCP Inspector; point it at your local server (e.g., `http://localhost:3000`). ([Local Dev Server -
-FrontMCP][3])
-
----
-
-## Core Concepts
-
-### Servers
-
-The FrontMCP server is defined with a single decorator: `@FrontMcp({...})`. It configures **info**, **apps**, **http**,
-**logging**, **session**, and optional **auth**. Start minimal and scale up with providers and plugins.
-([The FrontMCP Server - FrontMCP][5])
-
-### Apps
-
-Apps are the **organizational units** for capabilities. Each app groups related **tools**, **resources**, and **prompts**
-into a cohesive domain, along with **providers**, **adapters**, and **plugins**. With `splitByApp: true`, apps get
-isolated scopes and auth surfaces. ([Apps - FrontMCP][6])
-
-### Tools
-
-Tools are **typed actions** that execute operations with side effects. They're the primary way to enable an AI model to
-interact with external systems—calling APIs, modifying data, performing calculations, or triggering workflows. Use the
-class `@Tool` decorator or inline `tool({...})(handler)` with Zod schemas. ([Tools - FrontMCP][4])
-
-### Resources
-
-Resources expose **readable data** to an AI model's context. Unlike tools that execute actions with side effects,
-resources are designed for read-only data retrieval—configuration files, user profiles, documents, or any content
-the model needs to reference. ([Resources - FrontMCP][7])
-
-### Prompts
-
-Prompts provide **reusable message templates** for AI interactions. They return MCP `GetPromptResult` with typed
-arguments, enabling consistent conversation patterns. ([Prompts - FrontMCP][8])
-
-### Providers / Adapters / Plugins
-
-Inject shared services, generate tools from OpenAPI specs, and add cross‑cutting behavior like caching and hooks.
-([Add OpenAPI Adapter - FrontMCP][9])
-
----
-
-## Authentication
-
-Configure auth at the **server** (shared) or **per app** (isolated). With `splitByApp: true`, define auth **per app**
-(server‑level `auth` is disallowed). ([Authentication - FrontMCP][10])
-
-### Remote OAuth
-
-```ts
-auth: {
-  type: 'remote',
-  name: 'frontegg',
-  baseUrl: 'https://idp.example.com',
-  dcrEnabled?: boolean,
-  clientId?: string | ((info: { clientId: string }) => string),
-  mode?: 'orchestrated' | 'transparent',
-  allowAnonymous?: boolean,
-  consent?: boolean,
-  scopes?: string[],
-  grantTypes?: ('authorization_code' | 'refresh_token')[],
-  authEndpoint?: string,
-  tokenEndpoint?: string,
-  registrationEndpoint?: string,
-  userInfoEndpoint?: string,
-  jwks?: JSONWebKeySet,
-  jwksUri?: string
-}
-```
-
-See **Authentication → Remote OAuth** for full details and DCR vs non‑DCR. ([Remote OAuth - FrontMCP][11])
-
-### Local OAuth
-
-```ts
-auth: {
-  type: 'local',
-  id: 'local',
-  name: 'Local Auth',
-  scopes?: string[],
-  grantTypes?: ('authorization_code' | 'refresh_token')[],
-  allowAnonymous?: boolean, // default true
-  consent?: boolean,
-  jwks?: JSONWebKeySet,
-  signKey?: JWK | Uint8Array
-}
-```
-
-Use per‑app when isolating scopes. ([Local OAuth - FrontMCP][12])
-
----
-
-## Sessions & Transport
-
-```ts
-session: {
-  sessionMode?: 'stateful' | 'stateless' | ((issuer) => ...), // default 'stateless'
-  transportIdMode?: 'uuid' | 'jwt' | ((issuer) => ...),       // default 'uuid'
-}
-```
-
-- **Stateful**: server‑side store (e.g., Redis); supports refresh; best for short‑lived upstream tokens.
-- **Stateless**: embeds session in JWT; simpler but no silent refresh.
-- **Transport IDs**: `uuid` (per node) or `jwt` (signed; distributed setups). ([The FrontMCP Server - FrontMCP][5])
-
----
-
-## Deployment
-
-### Local Dev
-
-```bash
-npm run dev
-```
-
-- Default HTTP port: `3000` unless configured
-- `npm run doctor` checks Node/npm versions, `tsconfig`, and scripts. ([Local Dev Server - FrontMCP][3])
-
-### Production
-
-```bash
-npm run build
-NODE_ENV=production PORT=8080 npm start
-```
-
-Builds to `dist/` (uses `tsconfig.build.json`). Consider a process manager and reverse proxy; align all `@frontmcp/*`
-versions. ([Production Build - FrontMCP][13])
-
----
+> Full setup guide: [Installation][docs-install]
+
+## Capabilities
+
+| Capability           | Description                                                                     | Docs                            |
+| -------------------- | ------------------------------------------------------------------------------- | ------------------------------- |
+| **@FrontMcp Server** | Decorator-configured server with info, apps, HTTP, logging, session, auth       | [Server][docs-server]           |
+| **@App**             | Organizational units grouping tools, resources, prompts with optional isolation | [Apps][docs-apps]               |
+| **@Tool**            | Typed actions with Zod schemas — class or function style                        | [Tools][docs-tools]             |
+| **@Resource**        | Read-only data exposure with static and template URIs                           | [Resources][docs-resources]     |
+| **@Prompt**          | Reusable message templates returning `GetPromptResult`                          | [Prompts][docs-prompts]         |
+| **@Agent**           | Orchestrated multi-step tool chains                                             | [Agents][docs-agents]           |
+| **Elicitation**      | Request structured user input mid-flow                                          | [Elicitation][docs-elicitation] |
+| **Skills**           | HTTP-discoverable tool manifests for agent marketplaces                         | [Skills][docs-skills]           |
+| **Discovery**        | Automatic capability advertisement for MCP clients                              | [Discovery][docs-discovery]     |
+| **Authentication**   | Remote OAuth, Local OAuth, JWKS, DCR, per-app auth                              | [Authentication][docs-auth]     |
+| **Sessions**         | Stateful/stateless session modes with JWT or UUID transport IDs                 | [Server][docs-server]           |
+| **Direct Client**    | In-process `create()`, `connect()`, `connectOpenAI()`, `connectClaude()`        | [Direct Client][docs-direct]    |
+| **Transport**        | Streamable HTTP + SSE with session headers                                      | [Transport][docs-transport]     |
+| **Ext-Apps**         | Mount external MCP servers as sub-apps                                          | [Ext-Apps][docs-ext-apps]       |
+| **Hooks**            | 5 hook families: tool, list-tools, HTTP, resource, prompt                       | [Hooks][docs-hooks]             |
+| **Providers / DI**   | Scoped dependency injection with GLOBAL and CONTEXT scopes                      | [Providers][docs-providers]     |
+| **Plugins**          | Cache, Remember, CodeCall, Dashboard — or build your own                        | [Plugins][docs-plugins]         |
+| **Adapters**         | Generate tools from OpenAPI specs                                               | [Adapters][docs-adapters]       |
+| **Testing**          | E2E fixtures, matchers, HTTP mocking for MCP servers                            | [Testing][docs-testing]         |
+| **UI Library**       | HTML/React widgets, SSR, MCP Bridge, web components                             | [UI][docs-ui]                   |
+| **CLI**              | `create`, `init`, `dev`, `build`, `inspector`, `doctor`                         | [CLI][docs-install]             |
+| **Deployment**       | Local dev, production builds, version alignment                                 | [Deployment][docs-deploy]       |
+
+## Packages
+
+| Package                               | Description                                            |
+| ------------------------------------- | ------------------------------------------------------ |
+| [`@frontmcp/sdk`](libs/sdk)           | Core framework — decorators, DI, flows, transport      |
+| [`@frontmcp/cli`](libs/cli)           | CLI tooling (`frontmcp create`, `dev`, `build`)        |
+| [`@frontmcp/auth`](libs/auth)         | Authentication, OAuth, JWKS, credential vault          |
+| [`@frontmcp/adapters`](libs/adapters) | OpenAPI adapter for auto-generating tools              |
+| [`@frontmcp/plugins`](libs/plugins)   | Official plugins: Cache, Remember, CodeCall, Dashboard |
+| [`@frontmcp/testing`](libs/testing)   | E2E test framework with fixtures and matchers          |
+| [`@frontmcp/ui`](libs/ui)             | React components, hooks, SSR renderers                 |
+| [`@frontmcp/uipack`](libs/uipack)     | React-free themes, build tools, platform adapters      |
+| [`@frontmcp/di`](libs/di)             | Dependency injection container (internal)              |
+| [`@frontmcp/utils`](libs/utils)       | Shared utilities — naming, URI, crypto, FS (internal)  |
 
 ## Version Alignment
 
-If versions drift, the runtime will throw a clear **“version mismatch”** at boot. Keep `@frontmcp/*` versions aligned.
-([Production Build - FrontMCP][13])
-
----
+Keep all `@frontmcp/*` packages on the same version. A clear **"version mismatch"** error is thrown at boot if versions drift. ([Production Build][docs-production])
 
 ## Contributing
 
-- PRs welcome! Read the full [CONTRIBUTING.md](./CONTRIBUTING.md) for workflow details, coding standards, and the PR
-  checklist.
-- Keep changes focused, add/adjust Jest specs, and update docs/snippets when behavior changes.
-- Before opening a PR run `yarn nx run-many -t lint,test,build`, `npx frontmcp doctor`, and verify the demo/Inspector
-  flows relevant to your change.
-- Align `@frontmcp/*` versions in examples to avoid runtime version mismatches.
-
----
+PRs welcome! See [CONTRIBUTING.md](./CONTRIBUTING.md) for workflow, coding standards, and the PR checklist.
 
 ## License
 
-See [LICENSE](./LICENSE).
-
-[1]: https://docs.agentfront.dev/docs/getting-started/installation 'Installation - FrontMCP'
-[2]: https://docs.agentfront.dev/docs/getting-started/quickstart 'Quickstart - FrontMCP'
-[3]: https://docs.agentfront.dev/docs/deployment/local-dev-server 'Local Dev Server - FrontMCP'
-[4]: https://docs.agentfront.dev/docs/servers/tools 'Tools - FrontMCP'
-[5]: https://docs.agentfront.dev/docs/servers/server 'The FrontMCP Server - FrontMCP'
-[6]: https://docs.agentfront.dev/docs/servers/apps 'Apps - FrontMCP'
-[7]: https://docs.agentfront.dev/docs/servers/resources 'Resources - FrontMCP'
-[8]: https://docs.agentfront.dev/docs/servers/prompts 'Prompts - FrontMCP'
-[9]: https://docs.agentfront.dev/docs/guides/add-openapi-adapter 'Add OpenAPI Adapter - FrontMCP'
-[10]: https://docs.agentfront.dev/docs/authentication/overview 'Authentication - FrontMCP'
-[11]: https://docs.agentfront.dev/docs/authentication/remote 'Remote OAuth - FrontMCP'
-[12]: https://docs.agentfront.dev/docs/authentication/local 'Local OAuth - FrontMCP'
-[13]: https://docs.agentfront.dev/docs/deployment/production-build 'Production Build - FrontMCP'
+[Apache-2.0](./LICENSE)
+
+<!-- docs links -->
+
+[docs-home]: https://docs.agentfront.dev/frontmcp 'FrontMCP Docs'
+[docs-install]: https://docs.agentfront.dev/frontmcp/getting-started/installation 'Installation'
+[docs-quickstart]: https://docs.agentfront.dev/frontmcp/getting-started/quickstart 'Quickstart'
+[docs-sdk-ref]: https://docs.agentfront.dev/frontmcp/sdk-reference/overview 'SDK Reference'
+[docs-server]: https://docs.agentfront.dev/frontmcp/servers/server 'The FrontMCP Server'
+[docs-apps]: https://docs.agentfront.dev/frontmcp/servers/apps 'Apps'
+[docs-tools]: https://docs.agentfront.dev/frontmcp/servers/tools 'Tools'
+[docs-resources]: https://docs.agentfront.dev/frontmcp/servers/resources 'Resources'
+[docs-prompts]: https://docs.agentfront.dev/frontmcp/servers/prompts 'Prompts'
+[docs-agents]: https://docs.agentfront.dev/frontmcp/servers/agents 'Agents'
+[docs-elicitation]: https://docs.agentfront.dev/frontmcp/servers/elicitation 'Elicitation'
+[docs-skills]: https://docs.agentfront.dev/frontmcp/servers/skills 'Skills'
+[docs-discovery]: https://docs.agentfront.dev/frontmcp/servers/discovery 'Discovery'
+[docs-auth]: https://docs.agentfront.dev/frontmcp/authentication/overview 'Authentication'
+[docs-direct]: https://docs.agentfront.dev/frontmcp/deployment/direct-client 'Direct Client'
+[docs-transport]: https://docs.agentfront.dev/frontmcp/deployment/transport 'Transport'
+[docs-ext-apps]: https://docs.agentfront.dev/frontmcp/servers/ext-apps 'Ext-Apps'
+[docs-hooks]: https://docs.agentfront.dev/frontmcp/extensibility/hooks 'Hooks'
+[docs-providers]: https://docs.agentfront.dev/frontmcp/extensibility/providers 'Providers'
+[docs-plugins]: https://docs.agentfront.dev/frontmcp/plugins/overview 'Plugins'
+[docs-adapters]: https://docs.agentfront.dev/frontmcp/adapters/overview 'Adapters'
+[docs-testing]: https://docs.agentfront.dev/frontmcp/testing/overview 'Testing'
+[docs-ui]: https://docs.agentfront.dev/frontmcp/ui/overview 'UI Library'
+[docs-deploy]: https://docs.agentfront.dev/frontmcp/deployment/local-dev-server 'Deployment'
+[docs-production]: https://docs.agentfront.dev/frontmcp/deployment/production-build 'Production Build'

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "frontmcp",
-  "version": "0.8.0",
+  "version": "0.9.0",
   "description": "FrontMCP command line interface",
   "author": "AgentFront <info@agentfront.dev>",
   "homepage": "https://docs.agentfront.dev",
@@ -29,7 +29,7 @@
     "node": ">=22.0.0"
   },
   "dependencies": {
-    "@frontmcp/utils": "0.8.0",
+    "@frontmcp/utils": "0.9.0",
     "tslib": "^2.3.0",
     "@rspack/core": "^1.3.12"
   },

package/src/templates/3rd-party-integration/src/http-client.js

@@ -49,10 +49,13 @@ class HttpClient {
             baseHeaders["Content-Type"] = baseHeaders["Content-Type"] ?? "application/json";
         }
         if (this.ctx.logDebug) {
+            // Redact sensitive headers to prevent credential leakage in logs
+            const SENSITIVE_HEADERS = ['authorization', 'x-api-key', 'cookie', 'x-auth-token'];
+            const sanitizedHeaders = Object.fromEntries(Object.entries(baseHeaders).map(([k, v]) => [k, SENSITIVE_HEADERS.includes(k.toLowerCase()) ? '[REDACTED]' : v]));
             console.debug("[HttpClient] Request", {
                 url: url.toString(),
                 method: options.method,
-                headers: baseHeaders,
+                headers: sanitizedHeaders,
                 body: options.bodyJson
             });
         }

package/src/templates/3rd-party-integration/src/http-client.js.map

@@ -1 +1 @@
-{"version":3,"file":"http-client.js","sourceRoot":"","sources":["../../../../../src/templates/3rd-party-integration/src/http-client.ts"],"names":[],"mappings":";;;AAiBA,MAAa,UAAU;IACD;IAApB,YAAoB,GAAmB;QAAnB,QAAG,GAAH,GAAG,CAAgB;IAAG,CAAC;IAEnC,iBAAiB;QACvB,MAAM,EAAE,IAAI,EAAE,GAAG,IAAI,CAAC,GAAG,CAAC;QAC1B,IAAI,IAAI,CAAC,MAAM,EAAE,WAAW,EAAE,CAAC;YAC7B,OAAO,EAAE,aAAa,EAAE,UAAU,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,EAAE,CAAC;QAChE,CAAC;QACD,IAAI,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC;YACvB,OAAO,EAAE,aAAa,EAAE,UAAU,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,EAAE,CAAC;QAC1D,CAAC;QACD,IAAI,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC;YACvB,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,IAAI,IAAI,WAAW,CAAC;YACnD,OAAO,EAAE,CAAC,UAAU,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;QAC7C,CAAC;QACD,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,OAA2B;QACvC,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,IAAI,KAAK,CAAC;QAC1C,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAEpD,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YAClB,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;gBACnD,IAAI,CAAC,KAAK,SAAS;oBAAE,SAAS;gBAC9B,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;YACrC,CAAC;QACH,CAAC;QAED,MAAM,WAAW,GAA2B;YAC1C,MAAM,EAAE,kBAAkB;YAC1B,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,cAAc,EAAE,IAAI,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACrE,GAAG,IAAI,CAAC,iBAAiB,EAAE;YAC3B,GAAG,CAAC,OAAO,CAAC,OAAO,IAAI,EAAE,CAAC;SAC3B,CAAC;QAEF,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;QACzC,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,SAAS,IAAI,KAAK,CAAC;QAC9C,MAAM,CAAC,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,SAAS,CAAC,CAAC;QAE1D,MAAM,IAAI,GAAgB;YACxB,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,OAAO,EAAE,WAAW;YACpB,MAAM,EAAE,UAAU,CAAC,MAAM;SAC1B,CAAC;QAEF,IAAI,OAAO,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;YACnC,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;YAC7C,WAAW,CAAC,cAAc,CAAC,GAAG,WAAW,CAAC,cAAc,CAAC,IAAI,kBAAkB,CAAC;QAClF,CAAC;QAED,IAAI,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC;YACtB,OAAO,CAAC,KAAK,CAAC,sBAAsB,EAAE;gBACpC,GAAG,EAAE,GAAG,CAAC,QAAQ,EAAE;gBACnB,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,OAAO,EAAE,WAAW;gBACpB,IAAI,EAAE,OAAO,CAAC,QAAQ;aACvB,CAAC,CAAC;QACL,CAAC;QAED,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE,IAAI,CAAC,CAAC;YAClD,MAAM,UAAU,GAAG,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC;YAE7D,IAAI,IAAqB,CAAC;YAC1B,IAAI,IAAwB,CAAC;YAC7B,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC;YAE1D,IAAI,WAAW,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE,CAAC;gBAC7C,IAAI,CAAC;oBACH,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;gBAC1B,CAAC;gBAAC,MAAM,CAAC;oBACP,IAAI,GAAG,SAAS,CAAC;gBACnB,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC;oBACH,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;gBAC1B,CAAC;gBAAC,MAAM,CAAC;oBACP,IAAI,GAAG,SAAS,CAAC;gBACnB,CAAC;YACH,CAAC;YAED,IAAI,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC;gBACtB,OAAO,CAAC,KAAK,CAAC,uBAAuB,EAAE;oBACrC,MAAM,EAAE,GAAG,CAAC,MAAM;oBAClB,OAAO,EAAE,UAAU;oBACnB,IAAI;oBACJ,IAAI;iBACL,CAAC,CAAC;YACL,CAAC;YAED,OAAO;gBACL,MAAM,EAAE,GAAG,CAAC,MAAM;gBAClB,OAAO,EAAE,UAAU;gBACnB,IAAI;gBACJ,IAAI;aACL,CAAC;QACJ,CAAC;gBAAS,CAAC;YACT,YAAY,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;CACF;AArGD,gCAqGC","sourcesContent":["import { ExecuteContext } from \"./mcp-http-types\";\n\nexport interface HttpRequestOptions {\n  method: string;\n  path: string; // already resolved (including path params)\n  query?: Record<string, string | number | boolean | undefined>;\n  headers?: Record<string, string>;\n  bodyJson?: unknown;\n}\n\nexport interface HttpResponseRaw {\n  status: number;\n  headers: Record<string, string>;\n  json?: any;\n  text?: string;\n}\n\nexport class HttpClient {\n  constructor(private ctx: ExecuteContext) {}\n\n  private resolveAuthHeader(): Record<string, string> {\n    const { auth } = this.ctx;\n    if (auth.oauth2?.accessToken) {\n      return { Authorization: `Bearer ${auth.oauth2.accessToken}` };\n    }\n    if (auth.bearer?.token) {\n      return { Authorization: `Bearer ${auth.bearer.token}` };\n    }\n    if (auth.apiKey?.value) {\n      const headerName = auth.apiKey.name ?? \"X-API-Key\";\n      return { [headerName]: auth.apiKey.value };\n    }\n    return {};\n  }\n\n  async request(options: HttpRequestOptions): Promise<HttpResponseRaw> {\n    const fetchImpl = this.ctx.fetch ?? fetch;\n    const url = new URL(options.path, this.ctx.baseUrl);\n\n    if (options.query) {\n      for (const [k, v] of Object.entries(options.query)) {\n        if (v === undefined) continue;\n        url.searchParams.set(k, String(v));\n      }\n    }\n\n    const baseHeaders: Record<string, string> = {\n      Accept: \"application/json\",\n      ...(this.ctx.requestId ? { \"X-Request-Id\": this.ctx.requestId } : {}),\n      ...this.resolveAuthHeader(),\n      ...(options.headers ?? {})\n    };\n\n    const controller = new AbortController();\n    const timeoutMs = this.ctx.timeoutMs ?? 15000;\n    const t = setTimeout(() => controller.abort(), timeoutMs);\n\n    const init: RequestInit = {\n      method: options.method,\n      headers: baseHeaders,\n      signal: controller.signal\n    };\n\n    if (options.bodyJson !== undefined) {\n      init.body = JSON.stringify(options.bodyJson);\n      baseHeaders[\"Content-Type\"] = baseHeaders[\"Content-Type\"] ?? \"application/json\";\n    }\n\n    if (this.ctx.logDebug) {\n      console.debug(\"[HttpClient] Request\", {\n        url: url.toString(),\n        method: options.method,\n        headers: baseHeaders,\n        body: options.bodyJson\n      });\n    }\n\n    try {\n      const res = await fetchImpl(url.toString(), init);\n      const headersObj = Object.fromEntries(res.headers.entries());\n\n      let json: any | undefined;\n      let text: string | undefined;\n      const contentType = res.headers.get(\"content-type\") || \"\";\n\n      if (contentType.includes(\"application/json\")) {\n        try {\n          json = await res.json();\n        } catch {\n          json = undefined;\n        }\n      } else {\n        try {\n          text = await res.text();\n        } catch {\n          text = undefined;\n        }\n      }\n\n      if (this.ctx.logDebug) {\n        console.debug(\"[HttpClient] Response\", {\n          status: res.status,\n          headers: headersObj,\n          json,\n          text\n        });\n      }\n\n      return {\n        status: res.status,\n        headers: headersObj,\n        json,\n        text\n      };\n    } finally {\n      clearTimeout(t);\n    }\n  }\n}\n"]}
+{"version":3,"file":"http-client.js","sourceRoot":"","sources":["../../../../../src/templates/3rd-party-integration/src/http-client.ts"],"names":[],"mappings":";;;AAiBA,MAAa,UAAU;IACD;IAApB,YAAoB,GAAmB;QAAnB,QAAG,GAAH,GAAG,CAAgB;IAAG,CAAC;IAEnC,iBAAiB;QACvB,MAAM,EAAE,IAAI,EAAE,GAAG,IAAI,CAAC,GAAG,CAAC;QAC1B,IAAI,IAAI,CAAC,MAAM,EAAE,WAAW,EAAE,CAAC;YAC7B,OAAO,EAAE,aAAa,EAAE,UAAU,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,EAAE,CAAC;QAChE,CAAC;QACD,IAAI,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC;YACvB,OAAO,EAAE,aAAa,EAAE,UAAU,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,EAAE,CAAC;QAC1D,CAAC;QACD,IAAI,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC;YACvB,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,IAAI,IAAI,WAAW,CAAC;YACnD,OAAO,EAAE,CAAC,UAAU,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;QAC7C,CAAC;QACD,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,OAA2B;QACvC,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,IAAI,KAAK,CAAC;QAC1C,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAEpD,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YAClB,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;gBACnD,IAAI,CAAC,KAAK,SAAS;oBAAE,SAAS;gBAC9B,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;YACrC,CAAC;QACH,CAAC;QAED,MAAM,WAAW,GAA2B;YAC1C,MAAM,EAAE,kBAAkB;YAC1B,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,cAAc,EAAE,IAAI,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACrE,GAAG,IAAI,CAAC,iBAAiB,EAAE;YAC3B,GAAG,CAAC,OAAO,CAAC,OAAO,IAAI,EAAE,CAAC;SAC3B,CAAC;QAEF,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;QACzC,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,SAAS,IAAI,KAAK,CAAC;QAC9C,MAAM,CAAC,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,SAAS,CAAC,CAAC;QAE1D,MAAM,IAAI,GAAgB;YACxB,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,OAAO,EAAE,WAAW;YACpB,MAAM,EAAE,UAAU,CAAC,MAAM;SAC1B,CAAC;QAEF,IAAI,OAAO,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;YACnC,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;YAC7C,WAAW,CAAC,cAAc,CAAC,GAAG,WAAW,CAAC,cAAc,CAAC,IAAI,kBAAkB,CAAC;QAClF,CAAC;QAED,IAAI,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC;YACtB,iEAAiE;YACjE,MAAM,iBAAiB,GAAG,CAAC,eAAe,EAAE,WAAW,EAAE,QAAQ,EAAE,cAAc,CAAC,CAAC;YACnF,MAAM,gBAAgB,GAAG,MAAM,CAAC,WAAW,CACzC,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CACzC,CAAC,CAAC,EAAE,iBAAiB,CAAC,QAAQ,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC,CACpE,CACF,CAAC;YACF,OAAO,CAAC,KAAK,CAAC,sBAAsB,EAAE;gBACpC,GAAG,EAAE,GAAG,CAAC,QAAQ,EAAE;gBACnB,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,OAAO,EAAE,gBAAgB;gBACzB,IAAI,EAAE,OAAO,CAAC,QAAQ;aACvB,CAAC,CAAC;QACL,CAAC;QAED,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE,IAAI,CAAC,CAAC;YAClD,MAAM,UAAU,GAAG,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC;YAE7D,IAAI,IAAqB,CAAC;YAC1B,IAAI,IAAwB,CAAC;YAC7B,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC;YAE1D,IAAI,WAAW,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE,CAAC;gBAC7C,IAAI,CAAC;oBACH,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;gBAC1B,CAAC;gBAAC,MAAM,CAAC;oBACP,IAAI,GAAG,SAAS,CAAC;gBACnB,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC;oBACH,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;gBAC1B,CAAC;gBAAC,MAAM,CAAC;oBACP,IAAI,GAAG,SAAS,CAAC;gBACnB,CAAC;YACH,CAAC;YAED,IAAI,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC;gBACtB,OAAO,CAAC,KAAK,CAAC,uBAAuB,EAAE;oBACrC,MAAM,EAAE,GAAG,CAAC,MAAM;oBAClB,OAAO,EAAE,UAAU;oBACnB,IAAI;oBACJ,IAAI;iBACL,CAAC,CAAC;YACL,CAAC;YAED,OAAO;gBACL,MAAM,EAAE,GAAG,CAAC,MAAM;gBAClB,OAAO,EAAE,UAAU;gBACnB,IAAI;gBACJ,IAAI;aACL,CAAC;QACJ,CAAC;gBAAS,CAAC;YACT,YAAY,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;CACF;AA5GD,gCA4GC","sourcesContent":["import { ExecuteContext } from \"./mcp-http-types\";\n\nexport interface HttpRequestOptions {\n  method: string;\n  path: string; // already resolved (including path params)\n  query?: Record<string, string | number | boolean | undefined>;\n  headers?: Record<string, string>;\n  bodyJson?: unknown;\n}\n\nexport interface HttpResponseRaw {\n  status: number;\n  headers: Record<string, string>;\n  json?: any;\n  text?: string;\n}\n\nexport class HttpClient {\n  constructor(private ctx: ExecuteContext) {}\n\n  private resolveAuthHeader(): Record<string, string> {\n    const { auth } = this.ctx;\n    if (auth.oauth2?.accessToken) {\n      return { Authorization: `Bearer ${auth.oauth2.accessToken}` };\n    }\n    if (auth.bearer?.token) {\n      return { Authorization: `Bearer ${auth.bearer.token}` };\n    }\n    if (auth.apiKey?.value) {\n      const headerName = auth.apiKey.name ?? \"X-API-Key\";\n      return { [headerName]: auth.apiKey.value };\n    }\n    return {};\n  }\n\n  async request(options: HttpRequestOptions): Promise<HttpResponseRaw> {\n    const fetchImpl = this.ctx.fetch ?? fetch;\n    const url = new URL(options.path, this.ctx.baseUrl);\n\n    if (options.query) {\n      for (const [k, v] of Object.entries(options.query)) {\n        if (v === undefined) continue;\n        url.searchParams.set(k, String(v));\n      }\n    }\n\n    const baseHeaders: Record<string, string> = {\n      Accept: \"application/json\",\n      ...(this.ctx.requestId ? { \"X-Request-Id\": this.ctx.requestId } : {}),\n      ...this.resolveAuthHeader(),\n      ...(options.headers ?? {})\n    };\n\n    const controller = new AbortController();\n    const timeoutMs = this.ctx.timeoutMs ?? 15000;\n    const t = setTimeout(() => controller.abort(), timeoutMs);\n\n    const init: RequestInit = {\n      method: options.method,\n      headers: baseHeaders,\n      signal: controller.signal\n    };\n\n    if (options.bodyJson !== undefined) {\n      init.body = JSON.stringify(options.bodyJson);\n      baseHeaders[\"Content-Type\"] = baseHeaders[\"Content-Type\"] ?? \"application/json\";\n    }\n\n    if (this.ctx.logDebug) {\n      // Redact sensitive headers to prevent credential leakage in logs\n      const SENSITIVE_HEADERS = ['authorization', 'x-api-key', 'cookie', 'x-auth-token'];\n      const sanitizedHeaders = Object.fromEntries(\n        Object.entries(baseHeaders).map(([k, v]) =>\n          [k, SENSITIVE_HEADERS.includes(k.toLowerCase()) ? '[REDACTED]' : v]\n        )\n      );\n      console.debug(\"[HttpClient] Request\", {\n        url: url.toString(),\n        method: options.method,\n        headers: sanitizedHeaders,\n        body: options.bodyJson\n      });\n    }\n\n    try {\n      const res = await fetchImpl(url.toString(), init);\n      const headersObj = Object.fromEntries(res.headers.entries());\n\n      let json: any | undefined;\n      let text: string | undefined;\n      const contentType = res.headers.get(\"content-type\") || \"\";\n\n      if (contentType.includes(\"application/json\")) {\n        try {\n          json = await res.json();\n        } catch {\n          json = undefined;\n        }\n      } else {\n        try {\n          text = await res.text();\n        } catch {\n          text = undefined;\n        }\n      }\n\n      if (this.ctx.logDebug) {\n        console.debug(\"[HttpClient] Response\", {\n          status: res.status,\n          headers: headersObj,\n          json,\n          text\n        });\n      }\n\n      return {\n        status: res.status,\n        headers: headersObj,\n        json,\n        text\n      };\n    } finally {\n      clearTimeout(t);\n    }\n  }\n}\n"]}