gitlab-mcp 1.1.0 → 1.2.1

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 unadlib
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -275,7 +275,7 @@ docker run -d \
 
 - `GITLAB_PROJECT_ID` is not a supported environment variable in this repository.
 - To set an effective default project, use `GITLAB_ALLOWED_PROJECT_IDS` with one project ID, or pass `project_id` in tool arguments.
-- CLI argument overrides such as `--token` or `--api-url` are not implemented.
+- CLI argument overrides such as `--token` or `--api-url` are not implemented (`--env-file` is supported).
 - JSON config files do not support comments (`//`).
 
 ## MCP Server Configuration
@@ -292,6 +292,10 @@ pnpm start
 
 # streamable HTTP server (http://127.0.0.1:3333/mcp)
 pnpm start:http
+
+# optional: load a specific env file
+pnpm start -- --env-file .env.local
+pnpm start:http -- --env-file .env.local
 ```
 
 ### Transport and entrypoint
@@ -361,6 +365,13 @@ USE_GITLAB_WIKI=false
 
 All configuration is done through environment variables. Key settings:
 
+For file-based loading, `.env` is loaded by default. You can override it with:
+
+```bash
+node dist/index.js --env-file .env.local
+node dist/http.js --env-file=.env.production
+```
+
 | Area            | Variable                                  | Default                     | Description                                                                         |
 | --------------- | ----------------------------------------- | --------------------------- | ----------------------------------------------------------------------------------- |
 | GitLab API      | `GITLAB_API_URL`                          | `https://gitlab.com/api/v4` | Base API URL. Supports comma-separated multi-instance URLs.                         |

package/dist/config/dotenv.d.ts

@@ -0,0 +1,2 @@
+export declare function resolveEnvFilePathFromArgv(argv: readonly string[]): string | undefined;
+export declare function loadDotenvFromArgv(argv?: readonly string[], processEnv?: NodeJS.ProcessEnv): void;

package/dist/config/dotenv.js

@@ -0,0 +1,40 @@
+import { config } from "dotenv";
+const ENV_FILE_FLAG = "--env-file";
+export function resolveEnvFilePathFromArgv(argv) {
+    let envFilePath;
+    for (let index = 2; index < argv.length; index += 1) {
+        const arg = argv[index];
+        if (!arg) {
+            continue;
+        }
+        if (arg === ENV_FILE_FLAG) {
+            const next = argv[index + 1];
+            if (!next) {
+                throw new Error(`${ENV_FILE_FLAG} requires a file path`);
+            }
+            envFilePath = next;
+            index += 1;
+            continue;
+        }
+        if (arg.startsWith(`${ENV_FILE_FLAG}=`)) {
+            const value = arg.slice(ENV_FILE_FLAG.length + 1).trim();
+            if (!value) {
+                throw new Error(`${ENV_FILE_FLAG} requires a file path`);
+            }
+            envFilePath = value;
+        }
+    }
+    return envFilePath;
+}
+export function loadDotenvFromArgv(argv = process.argv, processEnv = process.env) {
+    const envFilePath = resolveEnvFilePathFromArgv(argv);
+    if (!envFilePath) {
+        config({ processEnv, quiet: true });
+        return;
+    }
+    const result = config({ path: envFilePath, processEnv, quiet: true });
+    if (result.error) {
+        throw new Error(`Failed to load ${ENV_FILE_FLAG} '${envFilePath}': ${result.error.message}`);
+    }
+}
+//# sourceMappingURL=dotenv.js.map

package/dist/config/dotenv.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"dotenv.js","sourceRoot":"","sources":["../../src/config/dotenv.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAEhC,MAAM,aAAa,GAAG,YAAY,CAAC;AAEnC,MAAM,UAAU,0BAA0B,CAAC,IAAuB;IAChE,IAAI,WAA+B,CAAC;IAEpC,KAAK,IAAI,KAAK,GAAG,CAAC,EAAE,KAAK,GAAG,IAAI,CAAC,MAAM,EAAE,KAAK,IAAI,CAAC,EAAE,CAAC;QACpD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC;QAExB,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,SAAS;QACX,CAAC;QAED,IAAI,GAAG,KAAK,aAAa,EAAE,CAAC;YAC1B,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC;YAC7B,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,MAAM,IAAI,KAAK,CAAC,GAAG,aAAa,uBAAuB,CAAC,CAAC;YAC3D,CAAC;YACD,WAAW,GAAG,IAAI,CAAC;YACnB,KAAK,IAAI,CAAC,CAAC;YACX,SAAS;QACX,CAAC;QAED,IAAI,GAAG,CAAC,UAAU,CAAC,GAAG,aAAa,GAAG,CAAC,EAAE,CAAC;YACxC,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YACzD,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,MAAM,IAAI,KAAK,CAAC,GAAG,aAAa,uBAAuB,CAAC,CAAC;YAC3D,CAAC;YACD,WAAW,GAAG,KAAK,CAAC;QACtB,CAAC;IACH,CAAC;IAED,OAAO,WAAW,CAAC;AACrB,CAAC;AAED,MAAM,UAAU,kBAAkB,CAChC,OAA0B,OAAO,CAAC,IAAI,EACtC,aAAgC,OAAO,CAAC,GAAG;IAE3C,MAAM,WAAW,GAAG,0BAA0B,CAAC,IAAI,CAAC,CAAC;IAErD,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,MAAM,CAAC,EAAE,UAAU,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QACpC,OAAO;IACT,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,CAAC,EAAE,IAAI,EAAE,WAAW,EAAE,UAAU,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IAEtE,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CAAC,kBAAkB,aAAa,KAAK,WAAW,MAAM,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;IAC/F,CAAC;AACH,CAAC"}

package/dist/config/env.d.ts

@@ -0,0 +1,55 @@
+export declare const env: {
+    GITLAB_READ_ONLY_MODE: boolean;
+    GITLAB_ERROR_DETAIL_MODE: "safe" | "full";
+    GITLAB_USE_OAUTH: boolean;
+    GITLAB_OAUTH_AUTO_OPEN_BROWSER: boolean;
+    GITLAB_CLOUDFLARE_BYPASS: boolean;
+    GITLAB_ALLOW_INSECURE_TOKEN_FILE: boolean;
+    GITLAB_ALLOW_INSECURE_TLS: boolean;
+    USE_GITLAB_WIKI: boolean;
+    USE_MILESTONE: boolean;
+    USE_PIPELINE: boolean;
+    USE_RELEASE: boolean;
+    REMOTE_AUTHORIZATION: boolean;
+    ENABLE_DYNAMIC_API_URL: boolean;
+    HTTP_JSON_ONLY: boolean;
+    SSE: boolean;
+    GITLAB_ALLOWED_PROJECT_IDS: string[];
+    GITLAB_ALLOWED_TOOLS: string[];
+    GITLAB_ALLOW_GRAPHQL_WITH_PROJECT_SCOPE: boolean;
+    GITLAB_API_URLS: string[];
+    GITLAB_API_URL: string;
+    NODE_ENV: "development" | "test" | "production";
+    LOG_LEVEL: "fatal" | "error" | "warn" | "info" | "debug" | "trace" | "silent";
+    MCP_SERVER_NAME: string;
+    MCP_SERVER_VERSION: string;
+    GITLAB_OAUTH_SCOPES: string;
+    GITLAB_RESPONSE_MODE: "json" | "compact-json" | "yaml";
+    GITLAB_MAX_RESPONSE_BYTES: number;
+    GITLAB_HTTP_TIMEOUT_MS: number;
+    GITLAB_COOKIE_WARMUP_PATH: string;
+    GITLAB_TOKEN_SCRIPT_TIMEOUT_MS: number;
+    GITLAB_TOKEN_CACHE_SECONDS: number;
+    SESSION_TIMEOUT_SECONDS: number;
+    MAX_SESSIONS: number;
+    MAX_REQUESTS_PER_MINUTE: number;
+    HTTP_HOST: string;
+    HTTP_PORT: number;
+    GITLAB_PERSONAL_ACCESS_TOKEN?: string | undefined;
+    GITLAB_OAUTH_CLIENT_ID?: string | undefined;
+    GITLAB_OAUTH_CLIENT_SECRET?: string | undefined;
+    GITLAB_OAUTH_GITLAB_URL?: string | undefined;
+    GITLAB_OAUTH_REDIRECT_URI?: string | undefined;
+    GITLAB_OAUTH_TOKEN_PATH?: string | undefined;
+    GITLAB_DENIED_TOOLS_REGEX?: string | undefined;
+    GITLAB_AUTH_COOKIE_PATH?: string | undefined;
+    GITLAB_USER_AGENT?: string | undefined;
+    GITLAB_ACCEPT_LANGUAGE?: string | undefined;
+    GITLAB_TOKEN_SCRIPT?: string | undefined;
+    GITLAB_TOKEN_FILE?: string | undefined;
+    NODE_TLS_REJECT_UNAUTHORIZED?: string | undefined;
+    GITLAB_CA_CERT_PATH?: string | undefined;
+    HTTP_PROXY?: string | undefined;
+    HTTPS_PROXY?: string | undefined;
+};
+export type AppEnv = typeof env;

package/dist/config/env.js

@@ -0,0 +1,164 @@
+import { readFileSync } from "node:fs";
+import { z } from "zod";
+import { loadDotenvFromArgv } from "./dotenv.js";
+loadDotenvFromArgv();
+const logLevelSchema = z.enum(["fatal", "error", "warn", "info", "debug", "trace", "silent"]);
+const DEFAULT_SERVER_VERSION = resolveDefaultServerVersion();
+const responseModeSchema = z.enum(["json", "compact-json", "yaml"]);
+const errorDetailModeSchema = z.enum(["safe", "full"]);
+function parseBoolean(value, fallback) {
+    if (value === undefined) {
+        return fallback;
+    }
+    return value.toLowerCase() === "true";
+}
+function parseCsv(value) {
+    if (!value) {
+        return [];
+    }
+    return value
+        .split(",")
+        .map((item) => item.trim())
+        .filter((item) => item.length > 0);
+}
+const envSchema = z.object({
+    NODE_ENV: z.enum(["development", "test", "production"]).default("development"),
+    LOG_LEVEL: logLevelSchema.default("info"),
+    MCP_SERVER_NAME: z.string().min(1).default("gitlab-mcp"),
+    MCP_SERVER_VERSION: z.string().min(1).default(DEFAULT_SERVER_VERSION),
+    GITLAB_API_URL: z.string().min(1).default("https://gitlab.com/api/v4"),
+    GITLAB_PERSONAL_ACCESS_TOKEN: z.string().min(1).optional(),
+    GITLAB_USE_OAUTH: z.enum(["true", "false"]).default("false"),
+    GITLAB_OAUTH_CLIENT_ID: z.string().optional(),
+    GITLAB_OAUTH_CLIENT_SECRET: z.string().optional(),
+    GITLAB_OAUTH_GITLAB_URL: z.string().optional(),
+    GITLAB_OAUTH_REDIRECT_URI: z.string().url().optional(),
+    GITLAB_OAUTH_SCOPES: z.string().default("api"),
+    GITLAB_OAUTH_TOKEN_PATH: z.string().optional(),
+    GITLAB_OAUTH_AUTO_OPEN_BROWSER: z.enum(["true", "false"]).default("true"),
+    GITLAB_READ_ONLY_MODE: z
+        .enum(["true", "false"])
+        .default("false")
+        .transform((value) => value === "true"),
+    GITLAB_ALLOWED_PROJECT_IDS: z.string().optional(),
+    GITLAB_ALLOWED_TOOLS: z.string().optional(),
+    GITLAB_DENIED_TOOLS_REGEX: z.string().optional(),
+    GITLAB_ALLOW_GRAPHQL_WITH_PROJECT_SCOPE: z.enum(["true", "false"]).default("false"),
+    GITLAB_RESPONSE_MODE: responseModeSchema.default("json"),
+    GITLAB_MAX_RESPONSE_BYTES: z.coerce.number().int().min(1024).max(2_000_000).default(200_000),
+    GITLAB_HTTP_TIMEOUT_MS: z.coerce.number().int().min(1_000).max(120_000).default(20_000),
+    GITLAB_ERROR_DETAIL_MODE: errorDetailModeSchema.optional(),
+    GITLAB_AUTH_COOKIE_PATH: z.string().optional(),
+    GITLAB_COOKIE_WARMUP_PATH: z.string().default("/user"),
+    GITLAB_CLOUDFLARE_BYPASS: z.enum(["true", "false"]).default("false"),
+    GITLAB_USER_AGENT: z.string().optional(),
+    GITLAB_ACCEPT_LANGUAGE: z.string().optional(),
+    GITLAB_TOKEN_SCRIPT: z.string().optional(),
+    GITLAB_TOKEN_SCRIPT_TIMEOUT_MS: z.coerce.number().int().min(500).max(120_000).default(10_000),
+    GITLAB_TOKEN_CACHE_SECONDS: z.coerce.number().int().min(0).max(86_400).default(300),
+    GITLAB_TOKEN_FILE: z.string().optional(),
+    GITLAB_ALLOW_INSECURE_TOKEN_FILE: z.enum(["true", "false"]).default("false"),
+    GITLAB_ALLOW_INSECURE_TLS: z.enum(["true", "false"]).default("false"),
+    NODE_TLS_REJECT_UNAUTHORIZED: z.string().optional(),
+    GITLAB_CA_CERT_PATH: z.string().optional(),
+    HTTP_PROXY: z.string().optional(),
+    HTTPS_PROXY: z.string().optional(),
+    USE_GITLAB_WIKI: z.enum(["true", "false"]).default("true"),
+    USE_MILESTONE: z.enum(["true", "false"]).default("true"),
+    USE_PIPELINE: z.enum(["true", "false"]).default("true"),
+    USE_RELEASE: z.enum(["true", "false"]).default("true"),
+    REMOTE_AUTHORIZATION: z.enum(["true", "false"]).default("false"),
+    ENABLE_DYNAMIC_API_URL: z.enum(["true", "false"]).default("false"),
+    SESSION_TIMEOUT_SECONDS: z.coerce.number().int().min(1).max(86_400).default(3_600),
+    MAX_SESSIONS: z.coerce.number().int().min(1).max(10_000).default(1_000),
+    MAX_REQUESTS_PER_MINUTE: z.coerce.number().int().min(1).max(10_000).default(300),
+    HTTP_HOST: z.string().min(1).default("127.0.0.1"),
+    HTTP_PORT: z.coerce.number().int().min(1).max(65_535).default(3333),
+    HTTP_JSON_ONLY: z.enum(["true", "false"]).default("false"),
+    SSE: z.enum(["true", "false"]).default("false")
+});
+const parsed = envSchema.safeParse(process.env);
+if (!parsed.success) {
+    const issues = parsed.error.issues
+        .map((issue) => `- ${issue.path.join(".") || "(root)"}: ${issue.message}`)
+        .join("\n");
+    throw new Error(`Invalid environment variables:\n${issues}`);
+}
+const data = parsed.data;
+const rawApiUrls = parseCsv(data.GITLAB_API_URL);
+if (rawApiUrls.length === 0) {
+    throw new Error("GITLAB_API_URL must contain at least one URL");
+}
+const normalizedApiUrls = rawApiUrls.map((item) => {
+    try {
+        return normalizeApiUrl(item);
+    }
+    catch {
+        throw new Error(`Invalid GITLAB_API_URL entry: '${item}'`);
+    }
+});
+if (data.ENABLE_DYNAMIC_API_URL === "true" && data.REMOTE_AUTHORIZATION !== "true") {
+    throw new Error("ENABLE_DYNAMIC_API_URL=true requires REMOTE_AUTHORIZATION=true");
+}
+if (data.GITLAB_USE_OAUTH === "true" && !data.GITLAB_OAUTH_CLIENT_ID) {
+    throw new Error("GITLAB_USE_OAUTH=true requires GITLAB_OAUTH_CLIENT_ID");
+}
+if (data.SSE === "true" && data.REMOTE_AUTHORIZATION === "true") {
+    throw new Error("SSE=true is not compatible with REMOTE_AUTHORIZATION=true");
+}
+if (data.NODE_TLS_REJECT_UNAUTHORIZED === "0" && data.GITLAB_ALLOW_INSECURE_TLS !== "true") {
+    throw new Error("NODE_TLS_REJECT_UNAUTHORIZED=0 requires GITLAB_ALLOW_INSECURE_TLS=true acknowledgment");
+}
+export const env = {
+    ...data,
+    GITLAB_READ_ONLY_MODE: data.GITLAB_READ_ONLY_MODE,
+    GITLAB_ERROR_DETAIL_MODE: data.GITLAB_ERROR_DETAIL_MODE ?? (data.NODE_ENV === "production" ? "safe" : "full"),
+    GITLAB_USE_OAUTH: parseBoolean(data.GITLAB_USE_OAUTH, false),
+    GITLAB_OAUTH_AUTO_OPEN_BROWSER: parseBoolean(data.GITLAB_OAUTH_AUTO_OPEN_BROWSER, true),
+    GITLAB_CLOUDFLARE_BYPASS: parseBoolean(data.GITLAB_CLOUDFLARE_BYPASS, false),
+    GITLAB_ALLOW_INSECURE_TOKEN_FILE: parseBoolean(data.GITLAB_ALLOW_INSECURE_TOKEN_FILE, false),
+    GITLAB_ALLOW_INSECURE_TLS: parseBoolean(data.GITLAB_ALLOW_INSECURE_TLS, false),
+    USE_GITLAB_WIKI: parseBoolean(data.USE_GITLAB_WIKI, true),
+    USE_MILESTONE: parseBoolean(data.USE_MILESTONE, true),
+    USE_PIPELINE: parseBoolean(data.USE_PIPELINE, true),
+    USE_RELEASE: parseBoolean(data.USE_RELEASE, true),
+    REMOTE_AUTHORIZATION: parseBoolean(data.REMOTE_AUTHORIZATION, false),
+    ENABLE_DYNAMIC_API_URL: parseBoolean(data.ENABLE_DYNAMIC_API_URL, false),
+    HTTP_JSON_ONLY: parseBoolean(data.HTTP_JSON_ONLY, false),
+    SSE: parseBoolean(data.SSE, false),
+    GITLAB_ALLOWED_PROJECT_IDS: parseCsv(data.GITLAB_ALLOWED_PROJECT_IDS),
+    GITLAB_ALLOWED_TOOLS: parseCsv(data.GITLAB_ALLOWED_TOOLS),
+    GITLAB_ALLOW_GRAPHQL_WITH_PROJECT_SCOPE: parseBoolean(data.GITLAB_ALLOW_GRAPHQL_WITH_PROJECT_SCOPE, false),
+    GITLAB_API_URLS: normalizedApiUrls,
+    GITLAB_API_URL: normalizedApiUrls[0] ?? normalizeApiUrl("https://gitlab.com/api/v4")
+};
+function normalizeApiUrl(rawUrl) {
+    const url = new URL(rawUrl);
+    if (!isHttpUrl(url)) {
+        throw new Error(`Invalid protocol in GITLAB_API_URL entry: '${rawUrl}'`);
+    }
+    const pathname = url.pathname.replace(/\/+$/, "");
+    if (pathname.endsWith("/api/v4")) {
+        url.pathname = pathname;
+        return url.toString();
+    }
+    url.pathname = `${pathname}/api/v4`.replace(/\/\//g, "/");
+    return url.toString();
+}
+function isHttpUrl(url) {
+    return url.protocol === "http:" || url.protocol === "https:";
+}
+function resolveDefaultServerVersion() {
+    try {
+        const packageJsonUrl = new URL("../../package.json", import.meta.url);
+        const packageJson = JSON.parse(readFileSync(packageJsonUrl, "utf8"));
+        if (typeof packageJson.version === "string" && packageJson.version.trim().length > 0) {
+            return packageJson.version.trim();
+        }
+    }
+    catch {
+        // Fallback to static version when package metadata is unavailable.
+    }
+    return "0.1.0";
+}
+//# sourceMappingURL=env.js.map

package/dist/config/env.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"env.js","sourceRoot":"","sources":["../../src/config/env.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAEvC,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,OAAO,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AAEjD,kBAAkB,EAAE,CAAC;AAErB,MAAM,cAAc,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC;AAC9F,MAAM,sBAAsB,GAAG,2BAA2B,EAAE,CAAC;AAE7D,MAAM,kBAAkB,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,cAAc,EAAE,MAAM,CAAC,CAAC,CAAC;AACpE,MAAM,qBAAqB,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;AAEvD,SAAS,YAAY,CAAC,KAAyB,EAAE,QAAiB;IAChE,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;QACxB,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,OAAO,KAAK,CAAC,WAAW,EAAE,KAAK,MAAM,CAAC;AACxC,CAAC;AAED,SAAS,QAAQ,CAAC,KAAyB;IACzC,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,OAAO,KAAK;SACT,KAAK,CAAC,GAAG,CAAC;SACV,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;SAC1B,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;AACvC,CAAC;AAED,MAAM,SAAS,GAAG,CAAC,CAAC,MAAM,CAAC;IACzB,QAAQ,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,aAAa,EAAE,MAAM,EAAE,YAAY,CAAC,CAAC,CAAC,OAAO,CAAC,aAAa,CAAC;IAC9E,SAAS,EAAE,cAAc,CAAC,OAAO,CAAC,MAAM,CAAC;IACzC,eAAe,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC;IACxD,kBAAkB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,sBAAsB,CAAC;IACrE,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,2BAA2B,CAAC;IACtE,4BAA4B,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IAC1D,gBAAgB,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC;IAC5D,sBAAsB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC7C,0BAA0B,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACjD,uBAAuB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC9C,yBAAyB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IACtD,mBAAmB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;IAC9C,uBAAuB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC9C,8BAA8B,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC;IACzE,qBAAqB,EAAE,CAAC;SACrB,IAAI,CAAC,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;SACvB,OAAO,CAAC,OAAO,CAAC;SAChB,SAAS,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,KAAK,MAAM,CAAC;IACzC,0BAA0B,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACjD,oBAAoB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC3C,yBAAyB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAChD,uCAAuC,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC;IACnF,oBAAoB,EAAE,kBAAkB,CAAC,OAAO,CAAC,MAAM,CAAC;IACxD,yBAAyB,EAAE,CAAC,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC;IAC5F,sBAAsB,EAAE,CAAC,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC;IACvF,wBAAwB,EAAE,qBAAqB,CAAC,QAAQ,EAAE;IAC1D,uBAAuB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC9C,yBAAyB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC;IACtD,wBAAwB,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC;IACpE,iBAAiB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACxC,sBAAsB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC7C,mBAAmB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC1C,8BAA8B,EAAE,CAAC,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC;IAC7F,0BAA0B,EAAE,CAAC,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC;IACnF,iBAAiB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACxC,gCAAgC,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC;IAC5E,yBAAyB,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC;IACrE,4BAA4B,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACnD,mBAAmB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC1C,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACjC,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAClC,eAAe,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC;IAC1D,aAAa,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC;IACxD,YAAY,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC;IACvD,WAAW,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC;IACtD,oBAAoB,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC;IAChE,sBAAsB,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC;IAClE,uBAAuB,EAAE,CAAC,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC;IAClF,YAAY,EAAE,CAAC,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC;IACvE,uBAAuB,EAAE,CAAC,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC;IAChF,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC;IACjD,SAAS,EAAE,CAAC,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC;IACnE,cAAc,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC;IAC1D,GAAG,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC;CAChD,CAAC,CAAC;AAEH,MAAM,MAAM,GAAG,SAAS,CAAC,SAAS,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;AAEhD,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;IACpB,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM;SAC/B,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,QAAQ,KAAK,KAAK,CAAC,OAAO,EAAE,CAAC;SACzE,IAAI,CAAC,IAAI,CAAC,CAAC;IAEd,MAAM,IAAI,KAAK,CAAC,mCAAmC,MAAM,EAAE,CAAC,CAAC;AAC/D,CAAC;AAED,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC;AACzB,MAAM,UAAU,GAAG,QAAQ,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;AAEjD,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;IAC5B,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;AAClE,CAAC;AAED,MAAM,iBAAiB,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE;IAChD,IAAI,CAAC;QACH,OAAO,eAAe,CAAC,IAAI,CAAC,CAAC;IAC/B,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,KAAK,CAAC,kCAAkC,IAAI,GAAG,CAAC,CAAC;IAC7D,CAAC;AACH,CAAC,CAAC,CAAC;AAEH,IAAI,IAAI,CAAC,sBAAsB,KAAK,MAAM,IAAI,IAAI,CAAC,oBAAoB,KAAK,MAAM,EAAE,CAAC;IACnF,MAAM,IAAI,KAAK,CAAC,gEAAgE,CAAC,CAAC;AACpF,CAAC;AAED,IAAI,IAAI,CAAC,gBAAgB,KAAK,MAAM,IAAI,CAAC,IAAI,CAAC,sBAAsB,EAAE,CAAC;IACrE,MAAM,IAAI,KAAK,CAAC,uDAAuD,CAAC,CAAC;AAC3E,CAAC;AAED,IAAI,IAAI,CAAC,GAAG,KAAK,MAAM,IAAI,IAAI,CAAC,oBAAoB,KAAK,MAAM,EAAE,CAAC;IAChE,MAAM,IAAI,KAAK,CAAC,2DAA2D,CAAC,CAAC;AAC/E,CAAC;AAED,IAAI,IAAI,CAAC,4BAA4B,KAAK,GAAG,IAAI,IAAI,CAAC,yBAAyB,KAAK,MAAM,EAAE,CAAC;IAC3F,MAAM,IAAI,KAAK,CACb,uFAAuF,CACxF,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,MAAM,GAAG,GAAG;IACjB,GAAG,IAAI;IACP,qBAAqB,EAAE,IAAI,CAAC,qBAAqB;IACjD,wBAAwB,EACtB,IAAI,CAAC,wBAAwB,IAAI,CAAC,IAAI,CAAC,QAAQ,KAAK,YAAY,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC;IACrF,gBAAgB,EAAE,YAAY,CAAC,IAAI,CAAC,gBAAgB,EAAE,KAAK,CAAC;IAC5D,8BAA8B,EAAE,YAAY,CAAC,IAAI,CAAC,8BAA8B,EAAE,IAAI,CAAC;IACvF,wBAAwB,EAAE,YAAY,CAAC,IAAI,CAAC,wBAAwB,EAAE,KAAK,CAAC;IAC5E,gCAAgC,EAAE,YAAY,CAAC,IAAI,CAAC,gCAAgC,EAAE,KAAK,CAAC;IAC5F,yBAAyB,EAAE,YAAY,CAAC,IAAI,CAAC,yBAAyB,EAAE,KAAK,CAAC;IAC9E,eAAe,EAAE,YAAY,CAAC,IAAI,CAAC,eAAe,EAAE,IAAI,CAAC;IACzD,aAAa,EAAE,YAAY,CAAC,IAAI,CAAC,aAAa,EAAE,IAAI,CAAC;IACrD,YAAY,EAAE,YAAY,CAAC,IAAI,CAAC,YAAY,EAAE,IAAI,CAAC;IACnD,WAAW,EAAE,YAAY,CAAC,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC;IACjD,oBAAoB,EAAE,YAAY,CAAC,IAAI,CAAC,oBAAoB,EAAE,KAAK,CAAC;IACpE,sBAAsB,EAAE,YAAY,CAAC,IAAI,CAAC,sBAAsB,EAAE,KAAK,CAAC;IACxE,cAAc,EAAE,YAAY,CAAC,IAAI,CAAC,cAAc,EAAE,KAAK,CAAC;IACxD,GAAG,EAAE,YAAY,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC;IAClC,0BAA0B,EAAE,QAAQ,CAAC,IAAI,CAAC,0BAA0B,CAAC;IACrE,oBAAoB,EAAE,QAAQ,CAAC,IAAI,CAAC,oBAAoB,CAAC;IACzD,uCAAuC,EAAE,YAAY,CACnD,IAAI,CAAC,uCAAuC,EAC5C,KAAK,CACN;IACD,eAAe,EAAE,iBAAiB;IAClC,cAAc,EAAE,iBAAiB,CAAC,CAAC,CAAC,IAAI,eAAe,CAAC,2BAA2B,CAAC;CACrF,CAAC;AAIF,SAAS,eAAe,CAAC,MAAc;IACrC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC;IAC5B,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC;QACpB,MAAM,IAAI,KAAK,CAAC,8CAA8C,MAAM,GAAG,CAAC,CAAC;IAC3E,CAAC;IACD,MAAM,QAAQ,GAAG,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IAElD,IAAI,QAAQ,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;QACjC,GAAG,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACxB,OAAO,GAAG,CAAC,QAAQ,EAAE,CAAC;IACxB,CAAC;IAED,GAAG,CAAC,QAAQ,GAAG,GAAG,QAAQ,SAAS,CAAC,OAAO,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;IAE1D,OAAO,GAAG,CAAC,QAAQ,EAAE,CAAC;AACxB,CAAC;AAED,SAAS,SAAS,CAAC,GAAQ;IACzB,OAAO,GAAG,CAAC,QAAQ,KAAK,OAAO,IAAI,GAAG,CAAC,QAAQ,KAAK,QAAQ,CAAC;AAC/D,CAAC;AAED,SAAS,2BAA2B;IAClC,IAAI,CAAC;QACH,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,oBAAoB,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACtE,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,cAAc,EAAE,MAAM,CAAC,CAA0B,CAAC;QAC9F,IAAI,OAAO,WAAW,CAAC,OAAO,KAAK,QAAQ,IAAI,WAAW,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACrF,OAAO,WAAW,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;QACpC,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,mEAAmE;IACrE,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC"}

package/dist/http-app.d.ts

@@ -0,0 +1,45 @@
+import type { Server as HttpServer } from "node:http";
+import type { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+import { SSEServerTransport } from "@modelcontextprotocol/sdk/server/sse.js";
+import { StreamableHTTPServerTransport } from "@modelcontextprotocol/sdk/server/streamableHttp.js";
+import type { Express } from "express";
+import { type SessionAuth } from "./lib/auth-context.js";
+import type { AppContext } from "./types/context.js";
+interface SessionState {
+    sessionId?: string;
+    server: McpServer;
+    transport: StreamableHTTPServerTransport;
+    lastAccessAt: number;
+    queue: Promise<void>;
+    activeRequests: number;
+    closed: boolean;
+    auth?: SessionAuth;
+    rateLimit: {
+        windowStart: number;
+        count: number;
+    };
+}
+interface SseSessionState {
+    sessionId: string;
+    server: McpServer;
+    transport: SSEServerTransport;
+    lastAccessAt: number;
+    closed: boolean;
+}
+export interface SetupMcpHttpAppDeps {
+    context: AppContext;
+    env: AppContext["env"];
+    logger: AppContext["logger"];
+}
+export interface SetupMcpHttpAppResult {
+    app: Express;
+    sessions: Map<string, SessionState>;
+    pendingSessions: Set<SessionState>;
+    sseSessions: Map<string, SseSessionState>;
+    closeSession: (sessionId: string, reason: "transport-close" | "idle-timeout" | "shutdown") => Promise<void>;
+    closeSseSession: (sessionId: string, reason: "client-close" | "connect-error" | "idle-timeout" | "shutdown") => Promise<void>;
+    garbageCollectSessions: () => Promise<void>;
+    shutdown: (httpServer: HttpServer, gcInterval: ReturnType<typeof setInterval>) => Promise<void>;
+}
+export declare function setupMcpHttpApp(deps: SetupMcpHttpAppDeps): SetupMcpHttpAppResult;
+export {};