hvip-mcp-server 0.2.45 → 0.2.47

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/dist/index.js +1554 -67
  2. package/package.json +1 -1
package/dist/index.js CHANGED
@@ -4238,8 +4238,8 @@ var require_core = __commonJS({
4238
4238
  return this;
4239
4239
  }
4240
4240
  case "object": {
4241
- const cacheKey = schemaKeyRef;
4242
- this._cache.delete(cacheKey);
4241
+ const cacheKey2 = schemaKeyRef;
4242
+ this._cache.delete(cacheKey2);
4243
4243
  let id = schemaKeyRef[this.opts.schemaId];
4244
4244
  if (id) {
4245
4245
  id = (0, resolve_1.normalizeId)(id);
@@ -9138,7 +9138,7 @@ var require_websocket = __commonJS({
9138
9138
  var net = require("net");
9139
9139
  var tls = require("tls");
9140
9140
  var { randomBytes, createHash } = require("crypto");
9141
- var { Duplex, Readable } = require("stream");
9141
+ var { Duplex, Readable: Readable2 } = require("stream");
9142
9142
  var { URL: URL2 } = require("url");
9143
9143
  var PerMessageDeflate2 = require_permessage_deflate();
9144
9144
  var Receiver2 = require_receiver();
@@ -10576,15 +10576,15 @@ __export(wrapper_exports, {
10576
10576
  Sender: () => import_sender.default,
10577
10577
  WebSocket: () => import_websocket.default,
10578
10578
  WebSocketServer: () => import_websocket_server.default,
10579
- createWebSocketStream: () => import_stream.default,
10579
+ createWebSocketStream: () => import_stream2.default,
10580
10580
  default: () => wrapper_default,
10581
10581
  extension: () => import_extension.default,
10582
10582
  subprotocol: () => import_subprotocol.default
10583
10583
  });
10584
- var import_stream, import_extension, import_permessage_deflate, import_receiver, import_sender, import_subprotocol, import_websocket, import_websocket_server, wrapper_default;
10584
+ var import_stream2, import_extension, import_permessage_deflate, import_receiver, import_sender, import_subprotocol, import_websocket, import_websocket_server, wrapper_default;
10585
10585
  var init_wrapper = __esm({
10586
10586
  "node_modules/ws/wrapper.mjs"() {
10587
- import_stream = __toESM(require_stream(), 1);
10587
+ import_stream2 = __toESM(require_stream(), 1);
10588
10588
  import_extension = __toESM(require_extension(), 1);
10589
10589
  import_permessage_deflate = __toESM(require_permessage_deflate(), 1);
10590
10590
  import_receiver = __toESM(require_receiver(), 1);
@@ -10596,6 +10596,9 @@ var init_wrapper = __esm({
10596
10596
  }
10597
10597
  });
10598
10598
 
10599
+ // src/index.ts
10600
+ var import_node_http = require("node:http");
10601
+
10599
10602
  // node_modules/zod/v3/external.js
10600
10603
  var external_exports = {};
10601
10604
  __export(external_exports, {
@@ -19327,6 +19330,7 @@ config(en_default2());
19327
19330
 
19328
19331
  // node_modules/@modelcontextprotocol/sdk/dist/esm/types.js
19329
19332
  var LATEST_PROTOCOL_VERSION = "2025-11-25";
19333
+ var DEFAULT_NEGOTIATED_PROTOCOL_VERSION = "2025-03-26";
19330
19334
  var SUPPORTED_PROTOCOL_VERSIONS = [LATEST_PROTOCOL_VERSION, "2025-06-18", "2025-03-26", "2024-11-05", "2024-10-07"];
19331
19335
  var RELATED_TASK_META_KEY = "io.modelcontextprotocol/related-task";
19332
19336
  var JSONRPC_VERSION = "2.0";
@@ -19655,6 +19659,7 @@ var InitializeRequestSchema = RequestSchema.extend({
19655
19659
  method: literal("initialize"),
19656
19660
  params: InitializeRequestParamsSchema
19657
19661
  });
19662
+ var isInitializeRequest = (value) => InitializeRequestSchema.safeParse(value).success;
19658
19663
  var ServerCapabilitiesSchema = object2({
19659
19664
  /**
19660
19665
  * Experimental, non-standard capabilities that the server supports.
@@ -24808,6 +24813,1331 @@ var StdioServerTransport = class {
24808
24813
  }
24809
24814
  };
24810
24815
 
24816
+ // node_modules/@hono/node-server/dist/index.mjs
24817
+ var import_http2 = require("http2");
24818
+ var import_http22 = require("http2");
24819
+ var import_stream = require("stream");
24820
+ var import_crypto = __toESM(require("crypto"), 1);
24821
+ var RequestError = class extends Error {
24822
+ constructor(message, options) {
24823
+ super(message, options);
24824
+ this.name = "RequestError";
24825
+ }
24826
+ };
24827
+ var toRequestError = (e) => {
24828
+ if (e instanceof RequestError) {
24829
+ return e;
24830
+ }
24831
+ return new RequestError(e.message, { cause: e });
24832
+ };
24833
+ var GlobalRequest = global.Request;
24834
+ var Request = class extends GlobalRequest {
24835
+ constructor(input, options) {
24836
+ if (typeof input === "object" && getRequestCache in input) {
24837
+ input = input[getRequestCache]();
24838
+ }
24839
+ if (typeof options?.body?.getReader !== "undefined") {
24840
+ ;
24841
+ options.duplex ??= "half";
24842
+ }
24843
+ super(input, options);
24844
+ }
24845
+ };
24846
+ var newHeadersFromIncoming = (incoming) => {
24847
+ const headerRecord = [];
24848
+ const rawHeaders = incoming.rawHeaders;
24849
+ for (let i = 0; i < rawHeaders.length; i += 2) {
24850
+ const { [i]: key, [i + 1]: value } = rawHeaders;
24851
+ if (key.charCodeAt(0) !== /*:*/
24852
+ 58) {
24853
+ headerRecord.push([key, value]);
24854
+ }
24855
+ }
24856
+ return new Headers(headerRecord);
24857
+ };
24858
+ var wrapBodyStream = /* @__PURE__ */ Symbol("wrapBodyStream");
24859
+ var newRequestFromIncoming = (method, url, headers, incoming, abortController) => {
24860
+ const init = {
24861
+ method,
24862
+ headers,
24863
+ signal: abortController.signal
24864
+ };
24865
+ if (method === "TRACE") {
24866
+ init.method = "GET";
24867
+ const req = new Request(url, init);
24868
+ Object.defineProperty(req, "method", {
24869
+ get() {
24870
+ return "TRACE";
24871
+ }
24872
+ });
24873
+ return req;
24874
+ }
24875
+ if (!(method === "GET" || method === "HEAD")) {
24876
+ if ("rawBody" in incoming && incoming.rawBody instanceof Buffer) {
24877
+ init.body = new ReadableStream({
24878
+ start(controller) {
24879
+ controller.enqueue(incoming.rawBody);
24880
+ controller.close();
24881
+ }
24882
+ });
24883
+ } else if (incoming[wrapBodyStream]) {
24884
+ let reader;
24885
+ init.body = new ReadableStream({
24886
+ async pull(controller) {
24887
+ try {
24888
+ reader ||= import_stream.Readable.toWeb(incoming).getReader();
24889
+ const { done, value } = await reader.read();
24890
+ if (done) {
24891
+ controller.close();
24892
+ } else {
24893
+ controller.enqueue(value);
24894
+ }
24895
+ } catch (error2) {
24896
+ controller.error(error2);
24897
+ }
24898
+ }
24899
+ });
24900
+ } else {
24901
+ init.body = import_stream.Readable.toWeb(incoming);
24902
+ }
24903
+ }
24904
+ return new Request(url, init);
24905
+ };
24906
+ var getRequestCache = /* @__PURE__ */ Symbol("getRequestCache");
24907
+ var requestCache = /* @__PURE__ */ Symbol("requestCache");
24908
+ var incomingKey = /* @__PURE__ */ Symbol("incomingKey");
24909
+ var urlKey = /* @__PURE__ */ Symbol("urlKey");
24910
+ var headersKey = /* @__PURE__ */ Symbol("headersKey");
24911
+ var abortControllerKey = /* @__PURE__ */ Symbol("abortControllerKey");
24912
+ var getAbortController = /* @__PURE__ */ Symbol("getAbortController");
24913
+ var requestPrototype = {
24914
+ get method() {
24915
+ return this[incomingKey].method || "GET";
24916
+ },
24917
+ get url() {
24918
+ return this[urlKey];
24919
+ },
24920
+ get headers() {
24921
+ return this[headersKey] ||= newHeadersFromIncoming(this[incomingKey]);
24922
+ },
24923
+ [getAbortController]() {
24924
+ this[getRequestCache]();
24925
+ return this[abortControllerKey];
24926
+ },
24927
+ [getRequestCache]() {
24928
+ this[abortControllerKey] ||= new AbortController();
24929
+ return this[requestCache] ||= newRequestFromIncoming(
24930
+ this.method,
24931
+ this[urlKey],
24932
+ this.headers,
24933
+ this[incomingKey],
24934
+ this[abortControllerKey]
24935
+ );
24936
+ }
24937
+ };
24938
+ [
24939
+ "body",
24940
+ "bodyUsed",
24941
+ "cache",
24942
+ "credentials",
24943
+ "destination",
24944
+ "integrity",
24945
+ "mode",
24946
+ "redirect",
24947
+ "referrer",
24948
+ "referrerPolicy",
24949
+ "signal",
24950
+ "keepalive"
24951
+ ].forEach((k) => {
24952
+ Object.defineProperty(requestPrototype, k, {
24953
+ get() {
24954
+ return this[getRequestCache]()[k];
24955
+ }
24956
+ });
24957
+ });
24958
+ ["arrayBuffer", "blob", "clone", "formData", "json", "text"].forEach((k) => {
24959
+ Object.defineProperty(requestPrototype, k, {
24960
+ value: function() {
24961
+ return this[getRequestCache]()[k]();
24962
+ }
24963
+ });
24964
+ });
24965
+ Object.defineProperty(requestPrototype, /* @__PURE__ */ Symbol.for("nodejs.util.inspect.custom"), {
24966
+ value: function(depth, options, inspectFn) {
24967
+ const props = {
24968
+ method: this.method,
24969
+ url: this.url,
24970
+ headers: this.headers,
24971
+ nativeRequest: this[requestCache]
24972
+ };
24973
+ return `Request (lightweight) ${inspectFn(props, { ...options, depth: depth == null ? null : depth - 1 })}`;
24974
+ }
24975
+ });
24976
+ Object.setPrototypeOf(requestPrototype, Request.prototype);
24977
+ var newRequest = (incoming, defaultHostname) => {
24978
+ const req = Object.create(requestPrototype);
24979
+ req[incomingKey] = incoming;
24980
+ const incomingUrl = incoming.url || "";
24981
+ if (incomingUrl[0] !== "/" && // short-circuit for performance. most requests are relative URL.
24982
+ (incomingUrl.startsWith("http://") || incomingUrl.startsWith("https://"))) {
24983
+ if (incoming instanceof import_http22.Http2ServerRequest) {
24984
+ throw new RequestError("Absolute URL for :path is not allowed in HTTP/2");
24985
+ }
24986
+ try {
24987
+ const url2 = new URL(incomingUrl);
24988
+ req[urlKey] = url2.href;
24989
+ } catch (e) {
24990
+ throw new RequestError("Invalid absolute URL", { cause: e });
24991
+ }
24992
+ return req;
24993
+ }
24994
+ const host = (incoming instanceof import_http22.Http2ServerRequest ? incoming.authority : incoming.headers.host) || defaultHostname;
24995
+ if (!host) {
24996
+ throw new RequestError("Missing host header");
24997
+ }
24998
+ let scheme;
24999
+ if (incoming instanceof import_http22.Http2ServerRequest) {
25000
+ scheme = incoming.scheme;
25001
+ if (!(scheme === "http" || scheme === "https")) {
25002
+ throw new RequestError("Unsupported scheme");
25003
+ }
25004
+ } else {
25005
+ scheme = incoming.socket && incoming.socket.encrypted ? "https" : "http";
25006
+ }
25007
+ const url = new URL(`${scheme}://${host}${incomingUrl}`);
25008
+ if (url.hostname.length !== host.length && url.hostname !== host.replace(/:\d+$/, "")) {
25009
+ throw new RequestError("Invalid host header");
25010
+ }
25011
+ req[urlKey] = url.href;
25012
+ return req;
25013
+ };
25014
+ var responseCache = /* @__PURE__ */ Symbol("responseCache");
25015
+ var getResponseCache = /* @__PURE__ */ Symbol("getResponseCache");
25016
+ var cacheKey = /* @__PURE__ */ Symbol("cache");
25017
+ var GlobalResponse = global.Response;
25018
+ var Response2 = class _Response {
25019
+ #body;
25020
+ #init;
25021
+ [getResponseCache]() {
25022
+ delete this[cacheKey];
25023
+ return this[responseCache] ||= new GlobalResponse(this.#body, this.#init);
25024
+ }
25025
+ constructor(body, init) {
25026
+ let headers;
25027
+ this.#body = body;
25028
+ if (init instanceof _Response) {
25029
+ const cachedGlobalResponse = init[responseCache];
25030
+ if (cachedGlobalResponse) {
25031
+ this.#init = cachedGlobalResponse;
25032
+ this[getResponseCache]();
25033
+ return;
25034
+ } else {
25035
+ this.#init = init.#init;
25036
+ headers = new Headers(init.#init.headers);
25037
+ }
25038
+ } else {
25039
+ this.#init = init;
25040
+ }
25041
+ if (typeof body === "string" || typeof body?.getReader !== "undefined" || body instanceof Blob || body instanceof Uint8Array) {
25042
+ ;
25043
+ this[cacheKey] = [init?.status || 200, body, headers || init?.headers];
25044
+ }
25045
+ }
25046
+ get headers() {
25047
+ const cache = this[cacheKey];
25048
+ if (cache) {
25049
+ if (!(cache[2] instanceof Headers)) {
25050
+ cache[2] = new Headers(
25051
+ cache[2] || { "content-type": "text/plain; charset=UTF-8" }
25052
+ );
25053
+ }
25054
+ return cache[2];
25055
+ }
25056
+ return this[getResponseCache]().headers;
25057
+ }
25058
+ get status() {
25059
+ return this[cacheKey]?.[0] ?? this[getResponseCache]().status;
25060
+ }
25061
+ get ok() {
25062
+ const status = this.status;
25063
+ return status >= 200 && status < 300;
25064
+ }
25065
+ };
25066
+ ["body", "bodyUsed", "redirected", "statusText", "trailers", "type", "url"].forEach((k) => {
25067
+ Object.defineProperty(Response2.prototype, k, {
25068
+ get() {
25069
+ return this[getResponseCache]()[k];
25070
+ }
25071
+ });
25072
+ });
25073
+ ["arrayBuffer", "blob", "clone", "formData", "json", "text"].forEach((k) => {
25074
+ Object.defineProperty(Response2.prototype, k, {
25075
+ value: function() {
25076
+ return this[getResponseCache]()[k]();
25077
+ }
25078
+ });
25079
+ });
25080
+ Object.defineProperty(Response2.prototype, /* @__PURE__ */ Symbol.for("nodejs.util.inspect.custom"), {
25081
+ value: function(depth, options, inspectFn) {
25082
+ const props = {
25083
+ status: this.status,
25084
+ headers: this.headers,
25085
+ ok: this.ok,
25086
+ nativeResponse: this[responseCache]
25087
+ };
25088
+ return `Response (lightweight) ${inspectFn(props, { ...options, depth: depth == null ? null : depth - 1 })}`;
25089
+ }
25090
+ });
25091
+ Object.setPrototypeOf(Response2, GlobalResponse);
25092
+ Object.setPrototypeOf(Response2.prototype, GlobalResponse.prototype);
25093
+ async function readWithoutBlocking(readPromise) {
25094
+ return Promise.race([readPromise, Promise.resolve().then(() => Promise.resolve(void 0))]);
25095
+ }
25096
+ function writeFromReadableStreamDefaultReader(reader, writable, currentReadPromise) {
25097
+ const cancel = (error2) => {
25098
+ reader.cancel(error2).catch(() => {
25099
+ });
25100
+ };
25101
+ writable.on("close", cancel);
25102
+ writable.on("error", cancel);
25103
+ (currentReadPromise ?? reader.read()).then(flow, handleStreamError);
25104
+ return reader.closed.finally(() => {
25105
+ writable.off("close", cancel);
25106
+ writable.off("error", cancel);
25107
+ });
25108
+ function handleStreamError(error2) {
25109
+ if (error2) {
25110
+ writable.destroy(error2);
25111
+ }
25112
+ }
25113
+ function onDrain() {
25114
+ reader.read().then(flow, handleStreamError);
25115
+ }
25116
+ function flow({ done, value }) {
25117
+ try {
25118
+ if (done) {
25119
+ writable.end();
25120
+ } else if (!writable.write(value)) {
25121
+ writable.once("drain", onDrain);
25122
+ } else {
25123
+ return reader.read().then(flow, handleStreamError);
25124
+ }
25125
+ } catch (e) {
25126
+ handleStreamError(e);
25127
+ }
25128
+ }
25129
+ }
25130
+ function writeFromReadableStream(stream, writable) {
25131
+ if (stream.locked) {
25132
+ throw new TypeError("ReadableStream is locked.");
25133
+ } else if (writable.destroyed) {
25134
+ return;
25135
+ }
25136
+ return writeFromReadableStreamDefaultReader(stream.getReader(), writable);
25137
+ }
25138
+ var buildOutgoingHttpHeaders = (headers) => {
25139
+ const res = {};
25140
+ if (!(headers instanceof Headers)) {
25141
+ headers = new Headers(headers ?? void 0);
25142
+ }
25143
+ const cookies = [];
25144
+ for (const [k, v] of headers) {
25145
+ if (k === "set-cookie") {
25146
+ cookies.push(v);
25147
+ } else {
25148
+ res[k] = v;
25149
+ }
25150
+ }
25151
+ if (cookies.length > 0) {
25152
+ res["set-cookie"] = cookies;
25153
+ }
25154
+ res["content-type"] ??= "text/plain; charset=UTF-8";
25155
+ return res;
25156
+ };
25157
+ var X_ALREADY_SENT = "x-hono-already-sent";
25158
+ if (typeof global.crypto === "undefined") {
25159
+ global.crypto = import_crypto.default;
25160
+ }
25161
+ var outgoingEnded = /* @__PURE__ */ Symbol("outgoingEnded");
25162
+ var incomingDraining = /* @__PURE__ */ Symbol("incomingDraining");
25163
+ var DRAIN_TIMEOUT_MS = 500;
25164
+ var MAX_DRAIN_BYTES = 64 * 1024 * 1024;
25165
+ var drainIncoming = (incoming) => {
25166
+ const incomingWithDrainState = incoming;
25167
+ if (incoming.destroyed || incomingWithDrainState[incomingDraining]) {
25168
+ return;
25169
+ }
25170
+ incomingWithDrainState[incomingDraining] = true;
25171
+ if (incoming instanceof import_http2.Http2ServerRequest) {
25172
+ try {
25173
+ ;
25174
+ incoming.stream?.close?.(import_http2.constants.NGHTTP2_NO_ERROR);
25175
+ } catch {
25176
+ }
25177
+ return;
25178
+ }
25179
+ let bytesRead = 0;
25180
+ const cleanup = () => {
25181
+ clearTimeout(timer);
25182
+ incoming.off("data", onData);
25183
+ incoming.off("end", cleanup);
25184
+ incoming.off("error", cleanup);
25185
+ };
25186
+ const forceClose = () => {
25187
+ cleanup();
25188
+ const socket = incoming.socket;
25189
+ if (socket && !socket.destroyed) {
25190
+ socket.destroySoon();
25191
+ }
25192
+ };
25193
+ const timer = setTimeout(forceClose, DRAIN_TIMEOUT_MS);
25194
+ timer.unref?.();
25195
+ const onData = (chunk) => {
25196
+ bytesRead += chunk.length;
25197
+ if (bytesRead > MAX_DRAIN_BYTES) {
25198
+ forceClose();
25199
+ }
25200
+ };
25201
+ incoming.on("data", onData);
25202
+ incoming.on("end", cleanup);
25203
+ incoming.on("error", cleanup);
25204
+ incoming.resume();
25205
+ };
25206
+ var handleRequestError = () => new Response(null, {
25207
+ status: 400
25208
+ });
25209
+ var handleFetchError = (e) => new Response(null, {
25210
+ status: e instanceof Error && (e.name === "TimeoutError" || e.constructor.name === "TimeoutError") ? 504 : 500
25211
+ });
25212
+ var handleResponseError = (e, outgoing) => {
25213
+ const err = e instanceof Error ? e : new Error("unknown error", { cause: e });
25214
+ if (err.code === "ERR_STREAM_PREMATURE_CLOSE") {
25215
+ console.info("The user aborted a request.");
25216
+ } else {
25217
+ console.error(e);
25218
+ if (!outgoing.headersSent) {
25219
+ outgoing.writeHead(500, { "Content-Type": "text/plain" });
25220
+ }
25221
+ outgoing.end(`Error: ${err.message}`);
25222
+ outgoing.destroy(err);
25223
+ }
25224
+ };
25225
+ var flushHeaders = (outgoing) => {
25226
+ if ("flushHeaders" in outgoing && outgoing.writable) {
25227
+ outgoing.flushHeaders();
25228
+ }
25229
+ };
25230
+ var responseViaCache = async (res, outgoing) => {
25231
+ let [status, body, header] = res[cacheKey];
25232
+ let hasContentLength = false;
25233
+ if (!header) {
25234
+ header = { "content-type": "text/plain; charset=UTF-8" };
25235
+ } else if (header instanceof Headers) {
25236
+ hasContentLength = header.has("content-length");
25237
+ header = buildOutgoingHttpHeaders(header);
25238
+ } else if (Array.isArray(header)) {
25239
+ const headerObj = new Headers(header);
25240
+ hasContentLength = headerObj.has("content-length");
25241
+ header = buildOutgoingHttpHeaders(headerObj);
25242
+ } else {
25243
+ for (const key in header) {
25244
+ if (key.length === 14 && key.toLowerCase() === "content-length") {
25245
+ hasContentLength = true;
25246
+ break;
25247
+ }
25248
+ }
25249
+ }
25250
+ if (!hasContentLength) {
25251
+ if (typeof body === "string") {
25252
+ header["Content-Length"] = Buffer.byteLength(body);
25253
+ } else if (body instanceof Uint8Array) {
25254
+ header["Content-Length"] = body.byteLength;
25255
+ } else if (body instanceof Blob) {
25256
+ header["Content-Length"] = body.size;
25257
+ }
25258
+ }
25259
+ outgoing.writeHead(status, header);
25260
+ if (typeof body === "string" || body instanceof Uint8Array) {
25261
+ outgoing.end(body);
25262
+ } else if (body instanceof Blob) {
25263
+ outgoing.end(new Uint8Array(await body.arrayBuffer()));
25264
+ } else {
25265
+ flushHeaders(outgoing);
25266
+ await writeFromReadableStream(body, outgoing)?.catch(
25267
+ (e) => handleResponseError(e, outgoing)
25268
+ );
25269
+ }
25270
+ ;
25271
+ outgoing[outgoingEnded]?.();
25272
+ };
25273
+ var isPromise = (res) => typeof res.then === "function";
25274
+ var responseViaResponseObject = async (res, outgoing, options = {}) => {
25275
+ if (isPromise(res)) {
25276
+ if (options.errorHandler) {
25277
+ try {
25278
+ res = await res;
25279
+ } catch (err) {
25280
+ const errRes = await options.errorHandler(err);
25281
+ if (!errRes) {
25282
+ return;
25283
+ }
25284
+ res = errRes;
25285
+ }
25286
+ } else {
25287
+ res = await res.catch(handleFetchError);
25288
+ }
25289
+ }
25290
+ if (cacheKey in res) {
25291
+ return responseViaCache(res, outgoing);
25292
+ }
25293
+ const resHeaderRecord = buildOutgoingHttpHeaders(res.headers);
25294
+ if (res.body) {
25295
+ const reader = res.body.getReader();
25296
+ const values = [];
25297
+ let done = false;
25298
+ let currentReadPromise = void 0;
25299
+ if (resHeaderRecord["transfer-encoding"] !== "chunked") {
25300
+ let maxReadCount = 2;
25301
+ for (let i = 0; i < maxReadCount; i++) {
25302
+ currentReadPromise ||= reader.read();
25303
+ const chunk = await readWithoutBlocking(currentReadPromise).catch((e) => {
25304
+ console.error(e);
25305
+ done = true;
25306
+ });
25307
+ if (!chunk) {
25308
+ if (i === 1) {
25309
+ await new Promise((resolve) => setTimeout(resolve));
25310
+ maxReadCount = 3;
25311
+ continue;
25312
+ }
25313
+ break;
25314
+ }
25315
+ currentReadPromise = void 0;
25316
+ if (chunk.value) {
25317
+ values.push(chunk.value);
25318
+ }
25319
+ if (chunk.done) {
25320
+ done = true;
25321
+ break;
25322
+ }
25323
+ }
25324
+ if (done && !("content-length" in resHeaderRecord)) {
25325
+ resHeaderRecord["content-length"] = values.reduce((acc, value) => acc + value.length, 0);
25326
+ }
25327
+ }
25328
+ outgoing.writeHead(res.status, resHeaderRecord);
25329
+ values.forEach((value) => {
25330
+ ;
25331
+ outgoing.write(value);
25332
+ });
25333
+ if (done) {
25334
+ outgoing.end();
25335
+ } else {
25336
+ if (values.length === 0) {
25337
+ flushHeaders(outgoing);
25338
+ }
25339
+ await writeFromReadableStreamDefaultReader(reader, outgoing, currentReadPromise);
25340
+ }
25341
+ } else if (resHeaderRecord[X_ALREADY_SENT]) {
25342
+ } else {
25343
+ outgoing.writeHead(res.status, resHeaderRecord);
25344
+ outgoing.end();
25345
+ }
25346
+ ;
25347
+ outgoing[outgoingEnded]?.();
25348
+ };
25349
+ var getRequestListener = (fetchCallback, options = {}) => {
25350
+ const autoCleanupIncoming = options.autoCleanupIncoming ?? true;
25351
+ if (options.overrideGlobalObjects !== false && global.Request !== Request) {
25352
+ Object.defineProperty(global, "Request", {
25353
+ value: Request
25354
+ });
25355
+ Object.defineProperty(global, "Response", {
25356
+ value: Response2
25357
+ });
25358
+ }
25359
+ return async (incoming, outgoing) => {
25360
+ let res, req;
25361
+ try {
25362
+ req = newRequest(incoming, options.hostname);
25363
+ let incomingEnded = !autoCleanupIncoming || incoming.method === "GET" || incoming.method === "HEAD";
25364
+ if (!incomingEnded) {
25365
+ ;
25366
+ incoming[wrapBodyStream] = true;
25367
+ incoming.on("end", () => {
25368
+ incomingEnded = true;
25369
+ });
25370
+ if (incoming instanceof import_http2.Http2ServerRequest) {
25371
+ ;
25372
+ outgoing[outgoingEnded] = () => {
25373
+ if (!incomingEnded) {
25374
+ setTimeout(() => {
25375
+ if (!incomingEnded) {
25376
+ setTimeout(() => {
25377
+ drainIncoming(incoming);
25378
+ });
25379
+ }
25380
+ });
25381
+ }
25382
+ };
25383
+ }
25384
+ outgoing.on("finish", () => {
25385
+ if (!incomingEnded) {
25386
+ drainIncoming(incoming);
25387
+ }
25388
+ });
25389
+ }
25390
+ outgoing.on("close", () => {
25391
+ const abortController = req[abortControllerKey];
25392
+ if (abortController) {
25393
+ if (incoming.errored) {
25394
+ req[abortControllerKey].abort(incoming.errored.toString());
25395
+ } else if (!outgoing.writableFinished) {
25396
+ req[abortControllerKey].abort("Client connection prematurely closed.");
25397
+ }
25398
+ }
25399
+ if (!incomingEnded) {
25400
+ setTimeout(() => {
25401
+ if (!incomingEnded) {
25402
+ setTimeout(() => {
25403
+ drainIncoming(incoming);
25404
+ });
25405
+ }
25406
+ });
25407
+ }
25408
+ });
25409
+ res = fetchCallback(req, { incoming, outgoing });
25410
+ if (cacheKey in res) {
25411
+ return responseViaCache(res, outgoing);
25412
+ }
25413
+ } catch (e) {
25414
+ if (!res) {
25415
+ if (options.errorHandler) {
25416
+ res = await options.errorHandler(req ? e : toRequestError(e));
25417
+ if (!res) {
25418
+ return;
25419
+ }
25420
+ } else if (!req) {
25421
+ res = handleRequestError();
25422
+ } else {
25423
+ res = handleFetchError(e);
25424
+ }
25425
+ } else {
25426
+ return handleResponseError(e, outgoing);
25427
+ }
25428
+ }
25429
+ try {
25430
+ return await responseViaResponseObject(res, outgoing, options);
25431
+ } catch (e) {
25432
+ return handleResponseError(e, outgoing);
25433
+ }
25434
+ };
25435
+ };
25436
+
25437
+ // node_modules/@modelcontextprotocol/sdk/dist/esm/server/webStandardStreamableHttp.js
25438
+ var WebStandardStreamableHTTPServerTransport = class {
25439
+ constructor(options = {}) {
25440
+ this._started = false;
25441
+ this._hasHandledRequest = false;
25442
+ this._streamMapping = /* @__PURE__ */ new Map();
25443
+ this._requestToStreamMapping = /* @__PURE__ */ new Map();
25444
+ this._requestResponseMap = /* @__PURE__ */ new Map();
25445
+ this._initialized = false;
25446
+ this._enableJsonResponse = false;
25447
+ this._standaloneSseStreamId = "_GET_stream";
25448
+ this.sessionIdGenerator = options.sessionIdGenerator;
25449
+ this._enableJsonResponse = options.enableJsonResponse ?? false;
25450
+ this._eventStore = options.eventStore;
25451
+ this._onsessioninitialized = options.onsessioninitialized;
25452
+ this._onsessionclosed = options.onsessionclosed;
25453
+ this._allowedHosts = options.allowedHosts;
25454
+ this._allowedOrigins = options.allowedOrigins;
25455
+ this._enableDnsRebindingProtection = options.enableDnsRebindingProtection ?? false;
25456
+ this._retryInterval = options.retryInterval;
25457
+ }
25458
+ /**
25459
+ * Starts the transport. This is required by the Transport interface but is a no-op
25460
+ * for the Streamable HTTP transport as connections are managed per-request.
25461
+ */
25462
+ async start() {
25463
+ if (this._started) {
25464
+ throw new Error("Transport already started");
25465
+ }
25466
+ this._started = true;
25467
+ }
25468
+ /**
25469
+ * Helper to create a JSON error response
25470
+ */
25471
+ createJsonErrorResponse(status, code, message, options) {
25472
+ const error2 = { code, message };
25473
+ if (options?.data !== void 0) {
25474
+ error2.data = options.data;
25475
+ }
25476
+ return new Response(JSON.stringify({
25477
+ jsonrpc: "2.0",
25478
+ error: error2,
25479
+ id: null
25480
+ }), {
25481
+ status,
25482
+ headers: {
25483
+ "Content-Type": "application/json",
25484
+ ...options?.headers
25485
+ }
25486
+ });
25487
+ }
25488
+ /**
25489
+ * Validates request headers for DNS rebinding protection.
25490
+ * @returns Error response if validation fails, undefined if validation passes.
25491
+ */
25492
+ validateRequestHeaders(req) {
25493
+ if (!this._enableDnsRebindingProtection) {
25494
+ return void 0;
25495
+ }
25496
+ if (this._allowedHosts && this._allowedHosts.length > 0) {
25497
+ const hostHeader = req.headers.get("host");
25498
+ if (!hostHeader || !this._allowedHosts.includes(hostHeader)) {
25499
+ const error2 = `Invalid Host header: ${hostHeader}`;
25500
+ this.onerror?.(new Error(error2));
25501
+ return this.createJsonErrorResponse(403, -32e3, error2);
25502
+ }
25503
+ }
25504
+ if (this._allowedOrigins && this._allowedOrigins.length > 0) {
25505
+ const originHeader = req.headers.get("origin");
25506
+ if (originHeader && !this._allowedOrigins.includes(originHeader)) {
25507
+ const error2 = `Invalid Origin header: ${originHeader}`;
25508
+ this.onerror?.(new Error(error2));
25509
+ return this.createJsonErrorResponse(403, -32e3, error2);
25510
+ }
25511
+ }
25512
+ return void 0;
25513
+ }
25514
+ /**
25515
+ * Handles an incoming HTTP request, whether GET, POST, or DELETE
25516
+ * Returns a Response object (Web Standard)
25517
+ */
25518
+ async handleRequest(req, options) {
25519
+ if (!this.sessionIdGenerator && this._hasHandledRequest) {
25520
+ throw new Error("Stateless transport cannot be reused across requests. Create a new transport per request.");
25521
+ }
25522
+ this._hasHandledRequest = true;
25523
+ const validationError = this.validateRequestHeaders(req);
25524
+ if (validationError) {
25525
+ return validationError;
25526
+ }
25527
+ switch (req.method) {
25528
+ case "POST":
25529
+ return this.handlePostRequest(req, options);
25530
+ case "GET":
25531
+ return this.handleGetRequest(req);
25532
+ case "DELETE":
25533
+ return this.handleDeleteRequest(req);
25534
+ default:
25535
+ return this.handleUnsupportedRequest();
25536
+ }
25537
+ }
25538
+ /**
25539
+ * Writes a priming event to establish resumption capability.
25540
+ * Only sends if eventStore is configured (opt-in for resumability) and
25541
+ * the client's protocol version supports empty SSE data (>= 2025-11-25).
25542
+ */
25543
+ async writePrimingEvent(controller, encoder, streamId, protocolVersion) {
25544
+ if (!this._eventStore) {
25545
+ return;
25546
+ }
25547
+ if (protocolVersion < "2025-11-25") {
25548
+ return;
25549
+ }
25550
+ const primingEventId = await this._eventStore.storeEvent(streamId, {});
25551
+ let primingEvent = `id: ${primingEventId}
25552
+ data:
25553
+
25554
+ `;
25555
+ if (this._retryInterval !== void 0) {
25556
+ primingEvent = `id: ${primingEventId}
25557
+ retry: ${this._retryInterval}
25558
+ data:
25559
+
25560
+ `;
25561
+ }
25562
+ controller.enqueue(encoder.encode(primingEvent));
25563
+ }
25564
+ /**
25565
+ * Handles GET requests for SSE stream
25566
+ */
25567
+ async handleGetRequest(req) {
25568
+ const acceptHeader = req.headers.get("accept");
25569
+ if (!acceptHeader?.includes("text/event-stream")) {
25570
+ this.onerror?.(new Error("Not Acceptable: Client must accept text/event-stream"));
25571
+ return this.createJsonErrorResponse(406, -32e3, "Not Acceptable: Client must accept text/event-stream");
25572
+ }
25573
+ const sessionError = this.validateSession(req);
25574
+ if (sessionError) {
25575
+ return sessionError;
25576
+ }
25577
+ const protocolError = this.validateProtocolVersion(req);
25578
+ if (protocolError) {
25579
+ return protocolError;
25580
+ }
25581
+ if (this._eventStore) {
25582
+ const lastEventId = req.headers.get("last-event-id");
25583
+ if (lastEventId) {
25584
+ return this.replayEvents(lastEventId);
25585
+ }
25586
+ }
25587
+ if (this._streamMapping.get(this._standaloneSseStreamId) !== void 0) {
25588
+ this.onerror?.(new Error("Conflict: Only one SSE stream is allowed per session"));
25589
+ return this.createJsonErrorResponse(409, -32e3, "Conflict: Only one SSE stream is allowed per session");
25590
+ }
25591
+ const encoder = new TextEncoder();
25592
+ let streamController;
25593
+ const readable = new ReadableStream({
25594
+ start: (controller) => {
25595
+ streamController = controller;
25596
+ },
25597
+ cancel: () => {
25598
+ this._streamMapping.delete(this._standaloneSseStreamId);
25599
+ }
25600
+ });
25601
+ const headers = {
25602
+ "Content-Type": "text/event-stream",
25603
+ "Cache-Control": "no-cache, no-transform",
25604
+ Connection: "keep-alive"
25605
+ };
25606
+ if (this.sessionId !== void 0) {
25607
+ headers["mcp-session-id"] = this.sessionId;
25608
+ }
25609
+ this._streamMapping.set(this._standaloneSseStreamId, {
25610
+ controller: streamController,
25611
+ encoder,
25612
+ cleanup: () => {
25613
+ this._streamMapping.delete(this._standaloneSseStreamId);
25614
+ try {
25615
+ streamController.close();
25616
+ } catch {
25617
+ }
25618
+ }
25619
+ });
25620
+ return new Response(readable, { headers });
25621
+ }
25622
+ /**
25623
+ * Replays events that would have been sent after the specified event ID
25624
+ * Only used when resumability is enabled
25625
+ */
25626
+ async replayEvents(lastEventId) {
25627
+ if (!this._eventStore) {
25628
+ this.onerror?.(new Error("Event store not configured"));
25629
+ return this.createJsonErrorResponse(400, -32e3, "Event store not configured");
25630
+ }
25631
+ try {
25632
+ let streamId;
25633
+ if (this._eventStore.getStreamIdForEventId) {
25634
+ streamId = await this._eventStore.getStreamIdForEventId(lastEventId);
25635
+ if (!streamId) {
25636
+ this.onerror?.(new Error("Invalid event ID format"));
25637
+ return this.createJsonErrorResponse(400, -32e3, "Invalid event ID format");
25638
+ }
25639
+ if (this._streamMapping.get(streamId) !== void 0) {
25640
+ this.onerror?.(new Error("Conflict: Stream already has an active connection"));
25641
+ return this.createJsonErrorResponse(409, -32e3, "Conflict: Stream already has an active connection");
25642
+ }
25643
+ }
25644
+ const headers = {
25645
+ "Content-Type": "text/event-stream",
25646
+ "Cache-Control": "no-cache, no-transform",
25647
+ Connection: "keep-alive"
25648
+ };
25649
+ if (this.sessionId !== void 0) {
25650
+ headers["mcp-session-id"] = this.sessionId;
25651
+ }
25652
+ const encoder = new TextEncoder();
25653
+ let streamController;
25654
+ const readable = new ReadableStream({
25655
+ start: (controller) => {
25656
+ streamController = controller;
25657
+ },
25658
+ cancel: () => {
25659
+ }
25660
+ });
25661
+ const replayedStreamId = await this._eventStore.replayEventsAfter(lastEventId, {
25662
+ send: async (eventId, message) => {
25663
+ const success = this.writeSSEEvent(streamController, encoder, message, eventId);
25664
+ if (!success) {
25665
+ this.onerror?.(new Error("Failed replay events"));
25666
+ try {
25667
+ streamController.close();
25668
+ } catch {
25669
+ }
25670
+ }
25671
+ }
25672
+ });
25673
+ this._streamMapping.set(replayedStreamId, {
25674
+ controller: streamController,
25675
+ encoder,
25676
+ cleanup: () => {
25677
+ this._streamMapping.delete(replayedStreamId);
25678
+ try {
25679
+ streamController.close();
25680
+ } catch {
25681
+ }
25682
+ }
25683
+ });
25684
+ return new Response(readable, { headers });
25685
+ } catch (error2) {
25686
+ this.onerror?.(error2);
25687
+ return this.createJsonErrorResponse(500, -32e3, "Error replaying events");
25688
+ }
25689
+ }
25690
+ /**
25691
+ * Writes an event to an SSE stream via controller with proper formatting
25692
+ */
25693
+ writeSSEEvent(controller, encoder, message, eventId) {
25694
+ try {
25695
+ let eventData = `event: message
25696
+ `;
25697
+ if (eventId) {
25698
+ eventData += `id: ${eventId}
25699
+ `;
25700
+ }
25701
+ eventData += `data: ${JSON.stringify(message)}
25702
+
25703
+ `;
25704
+ controller.enqueue(encoder.encode(eventData));
25705
+ return true;
25706
+ } catch (error2) {
25707
+ this.onerror?.(error2);
25708
+ return false;
25709
+ }
25710
+ }
25711
+ /**
25712
+ * Handles unsupported requests (PUT, PATCH, etc.)
25713
+ */
25714
+ handleUnsupportedRequest() {
25715
+ this.onerror?.(new Error("Method not allowed."));
25716
+ return new Response(JSON.stringify({
25717
+ jsonrpc: "2.0",
25718
+ error: {
25719
+ code: -32e3,
25720
+ message: "Method not allowed."
25721
+ },
25722
+ id: null
25723
+ }), {
25724
+ status: 405,
25725
+ headers: {
25726
+ Allow: "GET, POST, DELETE",
25727
+ "Content-Type": "application/json"
25728
+ }
25729
+ });
25730
+ }
25731
+ /**
25732
+ * Handles POST requests containing JSON-RPC messages
25733
+ */
25734
+ async handlePostRequest(req, options) {
25735
+ try {
25736
+ const acceptHeader = req.headers.get("accept");
25737
+ if (!acceptHeader?.includes("application/json") || !acceptHeader.includes("text/event-stream")) {
25738
+ this.onerror?.(new Error("Not Acceptable: Client must accept both application/json and text/event-stream"));
25739
+ return this.createJsonErrorResponse(406, -32e3, "Not Acceptable: Client must accept both application/json and text/event-stream");
25740
+ }
25741
+ const ct = req.headers.get("content-type");
25742
+ if (!ct || !ct.includes("application/json")) {
25743
+ this.onerror?.(new Error("Unsupported Media Type: Content-Type must be application/json"));
25744
+ return this.createJsonErrorResponse(415, -32e3, "Unsupported Media Type: Content-Type must be application/json");
25745
+ }
25746
+ const requestInfo = {
25747
+ headers: Object.fromEntries(req.headers.entries()),
25748
+ url: new URL(req.url)
25749
+ };
25750
+ let rawMessage;
25751
+ if (options?.parsedBody !== void 0) {
25752
+ rawMessage = options.parsedBody;
25753
+ } else {
25754
+ try {
25755
+ rawMessage = await req.json();
25756
+ } catch {
25757
+ this.onerror?.(new Error("Parse error: Invalid JSON"));
25758
+ return this.createJsonErrorResponse(400, -32700, "Parse error: Invalid JSON");
25759
+ }
25760
+ }
25761
+ let messages;
25762
+ try {
25763
+ if (Array.isArray(rawMessage)) {
25764
+ messages = rawMessage.map((msg) => JSONRPCMessageSchema.parse(msg));
25765
+ } else {
25766
+ messages = [JSONRPCMessageSchema.parse(rawMessage)];
25767
+ }
25768
+ } catch {
25769
+ this.onerror?.(new Error("Parse error: Invalid JSON-RPC message"));
25770
+ return this.createJsonErrorResponse(400, -32700, "Parse error: Invalid JSON-RPC message");
25771
+ }
25772
+ const isInitializationRequest = messages.some(isInitializeRequest);
25773
+ if (isInitializationRequest) {
25774
+ if (this._initialized && this.sessionId !== void 0) {
25775
+ this.onerror?.(new Error("Invalid Request: Server already initialized"));
25776
+ return this.createJsonErrorResponse(400, -32600, "Invalid Request: Server already initialized");
25777
+ }
25778
+ if (messages.length > 1) {
25779
+ this.onerror?.(new Error("Invalid Request: Only one initialization request is allowed"));
25780
+ return this.createJsonErrorResponse(400, -32600, "Invalid Request: Only one initialization request is allowed");
25781
+ }
25782
+ this.sessionId = this.sessionIdGenerator?.();
25783
+ this._initialized = true;
25784
+ if (this.sessionId && this._onsessioninitialized) {
25785
+ await Promise.resolve(this._onsessioninitialized(this.sessionId));
25786
+ }
25787
+ }
25788
+ if (!isInitializationRequest) {
25789
+ const sessionError = this.validateSession(req);
25790
+ if (sessionError) {
25791
+ return sessionError;
25792
+ }
25793
+ const protocolError = this.validateProtocolVersion(req);
25794
+ if (protocolError) {
25795
+ return protocolError;
25796
+ }
25797
+ }
25798
+ const hasRequests = messages.some(isJSONRPCRequest);
25799
+ if (!hasRequests) {
25800
+ for (const message of messages) {
25801
+ this.onmessage?.(message, { authInfo: options?.authInfo, requestInfo });
25802
+ }
25803
+ return new Response(null, { status: 202 });
25804
+ }
25805
+ const streamId = crypto.randomUUID();
25806
+ const initRequest = messages.find((m) => isInitializeRequest(m));
25807
+ const clientProtocolVersion = initRequest ? initRequest.params.protocolVersion : req.headers.get("mcp-protocol-version") ?? DEFAULT_NEGOTIATED_PROTOCOL_VERSION;
25808
+ if (this._enableJsonResponse) {
25809
+ return new Promise((resolve) => {
25810
+ this._streamMapping.set(streamId, {
25811
+ resolveJson: resolve,
25812
+ cleanup: () => {
25813
+ this._streamMapping.delete(streamId);
25814
+ }
25815
+ });
25816
+ for (const message of messages) {
25817
+ if (isJSONRPCRequest(message)) {
25818
+ this._requestToStreamMapping.set(message.id, streamId);
25819
+ }
25820
+ }
25821
+ for (const message of messages) {
25822
+ this.onmessage?.(message, { authInfo: options?.authInfo, requestInfo });
25823
+ }
25824
+ });
25825
+ }
25826
+ const encoder = new TextEncoder();
25827
+ let streamController;
25828
+ const readable = new ReadableStream({
25829
+ start: (controller) => {
25830
+ streamController = controller;
25831
+ },
25832
+ cancel: () => {
25833
+ this._streamMapping.delete(streamId);
25834
+ }
25835
+ });
25836
+ const headers = {
25837
+ "Content-Type": "text/event-stream",
25838
+ "Cache-Control": "no-cache",
25839
+ Connection: "keep-alive"
25840
+ };
25841
+ if (this.sessionId !== void 0) {
25842
+ headers["mcp-session-id"] = this.sessionId;
25843
+ }
25844
+ for (const message of messages) {
25845
+ if (isJSONRPCRequest(message)) {
25846
+ this._streamMapping.set(streamId, {
25847
+ controller: streamController,
25848
+ encoder,
25849
+ cleanup: () => {
25850
+ this._streamMapping.delete(streamId);
25851
+ try {
25852
+ streamController.close();
25853
+ } catch {
25854
+ }
25855
+ }
25856
+ });
25857
+ this._requestToStreamMapping.set(message.id, streamId);
25858
+ }
25859
+ }
25860
+ await this.writePrimingEvent(streamController, encoder, streamId, clientProtocolVersion);
25861
+ for (const message of messages) {
25862
+ let closeSSEStream;
25863
+ let closeStandaloneSSEStream;
25864
+ if (isJSONRPCRequest(message) && this._eventStore && clientProtocolVersion >= "2025-11-25") {
25865
+ closeSSEStream = () => {
25866
+ this.closeSSEStream(message.id);
25867
+ };
25868
+ closeStandaloneSSEStream = () => {
25869
+ this.closeStandaloneSSEStream();
25870
+ };
25871
+ }
25872
+ this.onmessage?.(message, { authInfo: options?.authInfo, requestInfo, closeSSEStream, closeStandaloneSSEStream });
25873
+ }
25874
+ return new Response(readable, { status: 200, headers });
25875
+ } catch (error2) {
25876
+ this.onerror?.(error2);
25877
+ return this.createJsonErrorResponse(400, -32700, "Parse error", { data: String(error2) });
25878
+ }
25879
+ }
25880
+ /**
25881
+ * Handles DELETE requests to terminate sessions
25882
+ */
25883
+ async handleDeleteRequest(req) {
25884
+ const sessionError = this.validateSession(req);
25885
+ if (sessionError) {
25886
+ return sessionError;
25887
+ }
25888
+ const protocolError = this.validateProtocolVersion(req);
25889
+ if (protocolError) {
25890
+ return protocolError;
25891
+ }
25892
+ await Promise.resolve(this._onsessionclosed?.(this.sessionId));
25893
+ await this.close();
25894
+ return new Response(null, { status: 200 });
25895
+ }
25896
+ /**
25897
+ * Validates session ID for non-initialization requests.
25898
+ * Returns Response error if invalid, undefined otherwise
25899
+ */
25900
+ validateSession(req) {
25901
+ if (this.sessionIdGenerator === void 0) {
25902
+ return void 0;
25903
+ }
25904
+ if (!this._initialized) {
25905
+ this.onerror?.(new Error("Bad Request: Server not initialized"));
25906
+ return this.createJsonErrorResponse(400, -32e3, "Bad Request: Server not initialized");
25907
+ }
25908
+ const sessionId = req.headers.get("mcp-session-id");
25909
+ if (!sessionId) {
25910
+ this.onerror?.(new Error("Bad Request: Mcp-Session-Id header is required"));
25911
+ return this.createJsonErrorResponse(400, -32e3, "Bad Request: Mcp-Session-Id header is required");
25912
+ }
25913
+ if (sessionId !== this.sessionId) {
25914
+ this.onerror?.(new Error("Session not found"));
25915
+ return this.createJsonErrorResponse(404, -32001, "Session not found");
25916
+ }
25917
+ return void 0;
25918
+ }
25919
+ /**
25920
+ * Validates the MCP-Protocol-Version header on incoming requests.
25921
+ *
25922
+ * For initialization: Version negotiation handles unknown versions gracefully
25923
+ * (server responds with its supported version).
25924
+ *
25925
+ * For subsequent requests with MCP-Protocol-Version header:
25926
+ * - Accept if in supported list
25927
+ * - 400 if unsupported
25928
+ *
25929
+ * For HTTP requests without the MCP-Protocol-Version header:
25930
+ * - Accept and default to the version negotiated at initialization
25931
+ */
25932
+ validateProtocolVersion(req) {
25933
+ const protocolVersion = req.headers.get("mcp-protocol-version");
25934
+ if (protocolVersion !== null && !SUPPORTED_PROTOCOL_VERSIONS.includes(protocolVersion)) {
25935
+ this.onerror?.(new Error(`Bad Request: Unsupported protocol version: ${protocolVersion} (supported versions: ${SUPPORTED_PROTOCOL_VERSIONS.join(", ")})`));
25936
+ return this.createJsonErrorResponse(400, -32e3, `Bad Request: Unsupported protocol version: ${protocolVersion} (supported versions: ${SUPPORTED_PROTOCOL_VERSIONS.join(", ")})`);
25937
+ }
25938
+ return void 0;
25939
+ }
25940
+ async close() {
25941
+ this._streamMapping.forEach(({ cleanup }) => {
25942
+ cleanup();
25943
+ });
25944
+ this._streamMapping.clear();
25945
+ this._requestResponseMap.clear();
25946
+ this.onclose?.();
25947
+ }
25948
+ /**
25949
+ * Close an SSE stream for a specific request, triggering client reconnection.
25950
+ * Use this to implement polling behavior during long-running operations -
25951
+ * client will reconnect after the retry interval specified in the priming event.
25952
+ */
25953
+ closeSSEStream(requestId) {
25954
+ const streamId = this._requestToStreamMapping.get(requestId);
25955
+ if (!streamId)
25956
+ return;
25957
+ const stream = this._streamMapping.get(streamId);
25958
+ if (stream) {
25959
+ stream.cleanup();
25960
+ }
25961
+ }
25962
+ /**
25963
+ * Close the standalone GET SSE stream, triggering client reconnection.
25964
+ * Use this to implement polling behavior for server-initiated notifications.
25965
+ */
25966
+ closeStandaloneSSEStream() {
25967
+ const stream = this._streamMapping.get(this._standaloneSseStreamId);
25968
+ if (stream) {
25969
+ stream.cleanup();
25970
+ }
25971
+ }
25972
+ async send(message, options) {
25973
+ let requestId = options?.relatedRequestId;
25974
+ if (isJSONRPCResultResponse(message) || isJSONRPCErrorResponse(message)) {
25975
+ requestId = message.id;
25976
+ }
25977
+ if (requestId === void 0) {
25978
+ if (isJSONRPCResultResponse(message) || isJSONRPCErrorResponse(message)) {
25979
+ throw new Error("Cannot send a response on a standalone SSE stream unless resuming a previous client request");
25980
+ }
25981
+ let eventId;
25982
+ if (this._eventStore) {
25983
+ eventId = await this._eventStore.storeEvent(this._standaloneSseStreamId, message);
25984
+ }
25985
+ const standaloneSse = this._streamMapping.get(this._standaloneSseStreamId);
25986
+ if (standaloneSse === void 0) {
25987
+ return;
25988
+ }
25989
+ if (standaloneSse.controller && standaloneSse.encoder) {
25990
+ this.writeSSEEvent(standaloneSse.controller, standaloneSse.encoder, message, eventId);
25991
+ }
25992
+ return;
25993
+ }
25994
+ const streamId = this._requestToStreamMapping.get(requestId);
25995
+ if (!streamId) {
25996
+ throw new Error(`No connection established for request ID: ${String(requestId)}`);
25997
+ }
25998
+ const stream = this._streamMapping.get(streamId);
25999
+ if (!this._enableJsonResponse && stream?.controller && stream?.encoder) {
26000
+ let eventId;
26001
+ if (this._eventStore) {
26002
+ eventId = await this._eventStore.storeEvent(streamId, message);
26003
+ }
26004
+ this.writeSSEEvent(stream.controller, stream.encoder, message, eventId);
26005
+ }
26006
+ if (isJSONRPCResultResponse(message) || isJSONRPCErrorResponse(message)) {
26007
+ this._requestResponseMap.set(requestId, message);
26008
+ const relatedIds = Array.from(this._requestToStreamMapping.entries()).filter(([_, sid]) => sid === streamId).map(([id]) => id);
26009
+ const allResponsesReady = relatedIds.every((id) => this._requestResponseMap.has(id));
26010
+ if (allResponsesReady) {
26011
+ if (!stream) {
26012
+ throw new Error(`No connection established for request ID: ${String(requestId)}`);
26013
+ }
26014
+ if (this._enableJsonResponse && stream.resolveJson) {
26015
+ const headers = {
26016
+ "Content-Type": "application/json"
26017
+ };
26018
+ if (this.sessionId !== void 0) {
26019
+ headers["mcp-session-id"] = this.sessionId;
26020
+ }
26021
+ const responses = relatedIds.map((id) => this._requestResponseMap.get(id));
26022
+ if (responses.length === 1) {
26023
+ stream.resolveJson(new Response(JSON.stringify(responses[0]), { status: 200, headers }));
26024
+ } else {
26025
+ stream.resolveJson(new Response(JSON.stringify(responses), { status: 200, headers }));
26026
+ }
26027
+ } else {
26028
+ stream.cleanup();
26029
+ }
26030
+ for (const id of relatedIds) {
26031
+ this._requestResponseMap.delete(id);
26032
+ this._requestToStreamMapping.delete(id);
26033
+ }
26034
+ }
26035
+ }
26036
+ }
26037
+ };
26038
+
26039
+ // node_modules/@modelcontextprotocol/sdk/dist/esm/server/streamableHttp.js
26040
+ var StreamableHTTPServerTransport = class {
26041
+ constructor(options = {}) {
26042
+ this._requestContext = /* @__PURE__ */ new WeakMap();
26043
+ this._webStandardTransport = new WebStandardStreamableHTTPServerTransport(options);
26044
+ this._requestListener = getRequestListener(async (webRequest) => {
26045
+ const context = this._requestContext.get(webRequest);
26046
+ return this._webStandardTransport.handleRequest(webRequest, {
26047
+ authInfo: context?.authInfo,
26048
+ parsedBody: context?.parsedBody
26049
+ });
26050
+ }, { overrideGlobalObjects: false });
26051
+ }
26052
+ /**
26053
+ * Gets the session ID for this transport instance.
26054
+ */
26055
+ get sessionId() {
26056
+ return this._webStandardTransport.sessionId;
26057
+ }
26058
+ /**
26059
+ * Sets callback for when the transport is closed.
26060
+ */
26061
+ set onclose(handler) {
26062
+ this._webStandardTransport.onclose = handler;
26063
+ }
26064
+ get onclose() {
26065
+ return this._webStandardTransport.onclose;
26066
+ }
26067
+ /**
26068
+ * Sets callback for transport errors.
26069
+ */
26070
+ set onerror(handler) {
26071
+ this._webStandardTransport.onerror = handler;
26072
+ }
26073
+ get onerror() {
26074
+ return this._webStandardTransport.onerror;
26075
+ }
26076
+ /**
26077
+ * Sets callback for incoming messages.
26078
+ */
26079
+ set onmessage(handler) {
26080
+ this._webStandardTransport.onmessage = handler;
26081
+ }
26082
+ get onmessage() {
26083
+ return this._webStandardTransport.onmessage;
26084
+ }
26085
+ /**
26086
+ * Starts the transport. This is required by the Transport interface but is a no-op
26087
+ * for the Streamable HTTP transport as connections are managed per-request.
26088
+ */
26089
+ async start() {
26090
+ return this._webStandardTransport.start();
26091
+ }
26092
+ /**
26093
+ * Closes the transport and all active connections.
26094
+ */
26095
+ async close() {
26096
+ return this._webStandardTransport.close();
26097
+ }
26098
+ /**
26099
+ * Sends a JSON-RPC message through the transport.
26100
+ */
26101
+ async send(message, options) {
26102
+ return this._webStandardTransport.send(message, options);
26103
+ }
26104
+ /**
26105
+ * Handles an incoming HTTP request, whether GET or POST.
26106
+ *
26107
+ * This method converts Node.js HTTP objects to Web Standard Request/Response
26108
+ * and delegates to the underlying WebStandardStreamableHTTPServerTransport.
26109
+ *
26110
+ * @param req - Node.js IncomingMessage, optionally with auth property from middleware
26111
+ * @param res - Node.js ServerResponse
26112
+ * @param parsedBody - Optional pre-parsed body from body-parser middleware
26113
+ */
26114
+ async handleRequest(req, res, parsedBody) {
26115
+ const authInfo = req.auth;
26116
+ const handler = getRequestListener(async (webRequest) => {
26117
+ return this._webStandardTransport.handleRequest(webRequest, {
26118
+ authInfo,
26119
+ parsedBody
26120
+ });
26121
+ }, { overrideGlobalObjects: false });
26122
+ await handler(req, res);
26123
+ }
26124
+ /**
26125
+ * Close an SSE stream for a specific request, triggering client reconnection.
26126
+ * Use this to implement polling behavior during long-running operations -
26127
+ * client will reconnect after the retry interval specified in the priming event.
26128
+ */
26129
+ closeSSEStream(requestId) {
26130
+ this._webStandardTransport.closeSSEStream(requestId);
26131
+ }
26132
+ /**
26133
+ * Close the standalone GET SSE stream, triggering client reconnection.
26134
+ * Use this to implement polling behavior for server-initiated notifications.
26135
+ */
26136
+ closeStandaloneSSEStream() {
26137
+ this._webStandardTransport.closeStandaloneSSEStream();
26138
+ }
26139
+ };
26140
+
24811
26141
  // src/adapters/okx.ts
24812
26142
  var import_node_crypto = __toESM(require("node:crypto"));
24813
26143
  var BASE = "https://www.okx.com";
@@ -25298,7 +26628,41 @@ var INST_TYPE_CONTRACTS = ["SWAP", "FUTURES", "OPTION"];
25298
26628
  var INST_TYPE_SWAP_FUT = ["SWAP", "FUTURES"];
25299
26629
  var INST_TYPE_MARGIN_PUB = ["MARGIN", "SWAP", "FUTURES", "OPTION"];
25300
26630
  var INST_TYPE_RUBIK = ["SPOT", "CONTRACTS"];
26631
+ function autoSummary(data) {
26632
+ if (Array.isArray(data)) {
26633
+ const n = data.length;
26634
+ if (n === 0) return "\u8FD4\u56DE\u7A7A\u5217\u8868";
26635
+ const first = data[0];
26636
+ if (first?.instId && first?.last) return `\u8FD4\u56DE ${n} \u4E2A\u4EA7\u54C1\u884C\u60C5`;
26637
+ if (first?.instId && first?.pos) return `\u8FD4\u56DE ${n} \u4E2A\u6301\u4ED3`;
26638
+ if (first?.ccy) return `\u8FD4\u56DE ${n} \u4E2A\u5E01\u79CD\u4FE1\u606F`;
26639
+ if (first?.ordId) return `\u8FD4\u56DE ${n} \u7B14\u8BA2\u5355`;
26640
+ if (first?.ts) return `\u8FD4\u56DE ${n} \u6761\u65F6\u95F4\u5E8F\u5217\u6570\u636E`;
26641
+ if (first?.name) return `\u8FD4\u56DE ${n} \u6761\u8BB0\u5F55`;
26642
+ return `\u8FD4\u56DE ${n} \u6761\u8BB0\u5F55`;
26643
+ }
26644
+ if (typeof data === "object" && data !== null) {
26645
+ const d = data;
26646
+ if (d.ok === true && d.message) return d.message;
26647
+ if (d._summary) return void 0;
26648
+ if (d.data && Array.isArray(d.data)) return `\u8FD4\u56DE ${d.data.length} \u6761\u8BB0\u5F55`;
26649
+ }
26650
+ return void 0;
26651
+ }
25301
26652
  function toResult(data) {
26653
+ if (Array.isArray(data)) {
26654
+ const summary = autoSummary(data);
26655
+ const wrapper = { list: data };
26656
+ if (summary) wrapper._summary = summary;
26657
+ return { content: [{ type: "text", text: JSON.stringify(wrapper, null, 2) }] };
26658
+ }
26659
+ if (typeof data === "object" && data !== null && !data._summary) {
26660
+ const summary = autoSummary(data);
26661
+ if (summary) {
26662
+ const enriched = { _summary: summary, ...data };
26663
+ return { content: [{ type: "text", text: JSON.stringify(enriched, null, 2) }] };
26664
+ }
26665
+ }
25302
26666
  return { content: [{ type: "text", text: JSON.stringify(data, null, 2) }] };
25303
26667
  }
25304
26668
  function classifyError(msg) {
@@ -32214,10 +33578,10 @@ function registerAgentUtils(server, auth) {
32214
33578
  );
32215
33579
  const CATALOG = {
32216
33580
  _instruction: [
32217
- "\u4F60\u662F hvip MCP Server \u7684 Agent\u3002\u672C\u76EE\u5F55\u5E2E\u4F60\u6309\u7528\u6237\u610F\u56FE\u5FEB\u901F\u5B9A\u4F4D\u5DE5\u5177\uFF0C\u65E0\u9700\u626B\u63CF\u5168\u90E8 350+ \u4E2A\u5DE5\u5177\u63CF\u8FF0\u3002",
32218
- "\u7528\u6CD5: 1) \u6839\u636E\u7528\u6237\u8BF4\u7684\u8BDD\u5339\u914D\u4E0B\u65B9\u67D0\u4E2A\u57DF\u7684 when \u89E6\u53D1\u8BCD \u2192 2) \u8C03\u7528\u8BE5\u57DF\u7684 go_to \u5DE5\u5177 \u2192 3) \u5982\u9700\u6DF1\u5165\u518D\u8C03\u7528 also \u5217\u8868\u4E2D\u7684\u5DE5\u5177\u3002",
33581
+ "\u4F60\u662F hvip MCP Server \u7684 AI Agent\u3002\u6536\u5230\u672C\u76EE\u5F55\u540E\uFF0C\u4F60\u5DF2\u7ECF\u638C\u63E1\u5168\u90E8\u5FC5\u8981\u4FE1\u606F\uFF0C\u65E0\u9700\u518D\u626B\u63CF tools/list\u3002",
33582
+ "\u5DE5\u4F5C\u6D41: 1) \u770B _setup \u4E86\u89E3\u8FDE\u63A5\u72B6\u6001 -> 2) _onboarding \u51B3\u5B9A\u7B2C\u4E00\u6B65 -> 3) \u5339\u914D\u7528\u6237\u610F\u56FE\u5230\u57DF -> 4) \u7528 go_to_params \u76F4\u63A5\u8C03\u76EE\u6807\u5DE5\u5177\u3002",
32219
33583
  "\u4E0D\u786E\u5B9A\u57DF\u65F6\u8C03\u7528 agent_catalog_detail { domain } \u67E5\u770B\u8BE5\u57DF\u7684\u8BE6\u7EC6\u5DE5\u5177\u6E05\u5355\u3002",
32220
- "\u6CE8\u610F: \u6240\u6709 WRITE/ADMIN \u7EA7\u522B\u7684\u5DE5\u5177\u9700\u7528\u6237\u786E\u8BA4\u540E\u624D\u80FD\u8C03\u7528\u3002"
33584
+ "\u6240\u6709 WRITE/FUND_TRANSFER/ADMIN \u5DE5\u5177\u9700\u7528\u6237\u786E\u8BA4\u540E\u8C03\u7528\uFF0C\u4E0D\u53EF\u81EA\u52A8\u53D1\u8D77\u3002"
32221
33585
  ].join(" "),
32222
33586
  domains: [
32223
33587
  {
@@ -32433,10 +33797,10 @@ function registerAgentUtils(server, auth) {
32433
33797
  }
32434
33798
  ],
32435
33799
  _tips: [
32436
- "Agent \u6700\u4F73\u5B9E\u8DF5\uFF1A\u6BCF\u4E2A\u65B0\u4F1A\u8BDD\u5148\u8C03 agent_get_preference \u6062\u590D\u7528\u6237\u504F\u597D",
32437
- "\u9700\u8981 API Key \u7684\u5DE5\u5177\uFF08\u8D26\u6237/\u4EA4\u6613\u7C7B\uFF09\u9700\u7528\u6237\u5148\u914D\u7F6E OKX_API_KEY / OKX_SECRET_KEY / OKX_PASSPHRASE \u73AF\u5883\u53D8\u91CF",
32438
- "WRITE \u7EA7\u522B\u5DE5\u5177\u4F1A\u4FEE\u6539\u7528\u6237\u8D26\u6237\uFF0C\u8C03\u7528\u524D Agent \u5FC5\u987B\u5411\u7528\u6237\u786E\u8BA4",
32439
- "\u6DF1\u5EA6\u8C03\u7814\u67D0\u4E2A\u57DF\u65F6\u8C03 agent_catalog_detail { domain } \u83B7\u53D6\u8BE5\u57DF\u5168\u90E8\u5DE5\u5177\u8BE6\u60C5",
33800
+ "\u6BCF\u4E2A\u65B0\u4F1A\u8BDD\u5148\u8C03 agent_get_preference \u6062\u590D\u7528\u6237\u504F\u597D(\u9ED8\u8BA4\u4EA4\u6613\u5BF9/\u98CE\u9669\u504F\u597D/\u4ED3\u4F4D\u5360\u6BD4)",
33801
+ "\u9700\u8981 API Key \u65F6\u544A\u8BC9\u7528\u6237\u53BB OKX \u5B98\u7F51\u521B\u5EFA\uFF0C\u5F00\u901A\u8BFB\u53D6+\u4EA4\u6613\u6743\u9650",
33802
+ "\u5148\u6A21\u62DF\u540E\u4EA4\u6613: agent_simulate_order \u9884\u4F30 -> \u786E\u8BA4 -> agent_quick_trade \u4E0B\u5355",
33803
+ "WRITE \u5DE5\u5177\u4F1A\u4FEE\u6539\u8D26\u6237\uFF0C\u8C03\u7528\u524D\u5FC5\u987B\u5411\u7528\u6237\u786E\u8BA4\uFF0C\u4E0D\u53EF\u81EA\u52A8\u53D1\u8D77",
32440
33804
  "\u6280\u672F\u6307\u6807\u7528 okx_indicator \u5355\u4E2A\u8BA1\u7B97\u6216 okx_indicator_batch \u6279\u91CF\uFF0C\u652F\u6301 RSI/MACD/\u5E03\u6797\u5E26\u7B49 17 \u79CD",
32441
33805
  "\u806A\u660E\u94B1\u5206\u6790\u7528 okx_smart_leaderboard \u627E\u9876\u5C16\u4EA4\u6613\u5458 \u2192 okx_smart_sentiment \u770B\u5E02\u573A\u60C5\u7EEA"
32442
33806
  ]
@@ -32447,9 +33811,53 @@ function registerAgentUtils(server, auth) {
32447
33811
  {},
32448
33812
  async () => {
32449
33813
  try {
33814
+ const hasAuth = auth !== null;
33815
+ const setup = {
33816
+ hasApiKey: hasAuth,
33817
+ readOnly: process.env.OKX_READ_ONLY === "true",
33818
+ mode: hasAuth ? process.env.OKX_READ_ONLY === "true" ? "\u53EA\u8BFB\uFF08WRITE \u5DE5\u5177\u5DF2\u9690\u85CF\uFF09" : "\u5B8C\u6574\u4EA4\u6613\uFF08\u6240\u6709\u5DE5\u5177\u53EF\u7528\uFF09" : "\u672A\u914D\u7F6E API Key\uFF08\u4EC5\u516C\u5F00\u5DE5\u5177\u53EF\u7528\uFF09"
33819
+ };
33820
+ if (!hasAuth) {
33821
+ setup.howToConfigure = {
33822
+ required: ["OKX_API_KEY", "OKX_SECRET_KEY", "OKX_PASSPHRASE"],
33823
+ where: "OKX \u5B98\u7F51 -> \u4E2A\u4EBA\u4E2D\u5FC3 -> API -> \u521B\u5EFA API Key\uFF08\u5F00\u901A \u8BFB\u53D6+\u4EA4\u6613 \u6743\u9650\uFF09",
33824
+ quickStart: "npx hvip-mcp setup --client claude-code"
33825
+ };
33826
+ setup.whatYouCanDoNow = "\u5F53\u524D\u65E0 API Key\uFF0C\u4F46\u4EE5\u4E0B\u57DF\u7684\u5DE5\u5177\u53EF\u7ACB\u5373\u4F7F\u7528: \u884C\u60C5\u770B\u76D8 / \u6280\u672F\u6307\u6807 / \u5E02\u573A\u626B\u63CF / \u806A\u660E\u94B1 / \u9884\u6D4B\u5E02\u573A\uFF08\u516C\u5F00\u67E5\u8BE2\uFF09/ WebSocket \u5B9E\u65F6 / \u7CFB\u7EDF\u5DE5\u5177";
33827
+ }
33828
+ const onboarding = hasAuth ? "API Key \u5DF2\u914D\u7F6E\u3002\u5EFA\u8BAE\u7B2C\u4E00\u6B65: agent_get_preference \u6062\u590D\u504F\u597D -> okx_account_overview \u4E86\u89E3\u8D26\u6237\u5168\u666F -> \u6839\u636E\u7528\u6237\u610F\u56FE\u5339\u914D\u57DF go_to \u5DE5\u5177" : "\u6B22\u8FCE\uFF01hvip MCP \u5DF2\u8FDE\u63A5\u4F46\u5C1A\u672A\u914D\u7F6E API Key\u3002\u544A\u8BC9\u7528\u6237\uFF1A\u60F3\u770B\u884C\u60C5\u548C\u6307\u6807\u73B0\u5728\u5C31\u80FD\u770B\uFF0C\u60F3\u770B\u8D26\u6237\u548C\u4EA4\u6613\u8BF7\u5148\u914D Key\u3002\u914D\u597D\u540E\u91CD\u8FDE MCP \u5373\u53EF\u3002";
33829
+ const paramsHints = {
33830
+ "okx_account_overview": "\u65E0\u9700\u53C2\u6570",
33831
+ "okx_quick_market": "instId (\u5982 BTC-USDT\u3001ETH-USDT-SWAP)",
33832
+ "okx_preflight_check": "instId, tdMode (cash|cross|isolated), sz, px?, side?, ordType?",
33833
+ "agent_quick_trade": "instId, side (buy|sell), sz, tdMode (cash|cross|isolated), px?, ordType?",
33834
+ "agent_risk_overview": "\u65E0\u9700\u53C2\u6570",
33835
+ "agent_market_scan": "instType? (\u9ED8\u8BA4SWAP), topN?, sortBy? (change|vol|fundingRate)",
33836
+ "agent_pnl_report": "days? (\u9ED8\u8BA47)",
33837
+ "okx_get_balance": "ccy? (\u5982 BTC\uFF0C\u4E0D\u586B\u5168\u90E8)",
33838
+ "agent_simulate_order": "instId, side, sz, tdMode, px?",
33839
+ "okx_indicator": "instId, indicator (rsi|macd|bb|atr|stoch \u7B4917\u79CD), period?, bar? (\u9ED8\u8BA41H)",
33840
+ "okx_indicator_batch": "instId, indicators (\u9017\u53F7\u5206\u9694\u5982 rsi,macd,bb), bar?",
33841
+ "okx_smart_leaderboard": "instType?, sortBy?, topN?",
33842
+ "okx_smart_trader_detail": "uniqueCode (\u4EA4\u6613\u5458\u7801), instType?",
33843
+ "okx_smart_sentiment": "instFamily? (\u9ED8\u8BA4BTC-USD)",
33844
+ "agent_get_preference": "key? (\u4E0D\u586B\u8FD4\u56DE\u5168\u90E8)",
33845
+ "agent_set_preference": "key, value",
33846
+ "okx_event_instruments": "eventType? (\u4E0D\u586B\u8FD4\u56DE\u5168\u90E8)",
33847
+ "okx_ws_subscribe": "channels (JSON\u6570\u7EC4)",
33848
+ "okx_get_grid_ai_param": "instType, algoOrdType"
33849
+ };
33850
+ const enrichedDomains = CATALOG.domains.map((d) => ({
33851
+ ...d,
33852
+ go_to_params: paramsHints[d.go_to] || "\u89C1 agent_catalog_detail"
33853
+ }));
32450
33854
  return toResult({
32451
33855
  tsIso: (/* @__PURE__ */ new Date()).toISOString(),
32452
- ...CATALOG
33856
+ _setup: setup,
33857
+ _onboarding: onboarding,
33858
+ _instruction: CATALOG._instruction,
33859
+ domains: enrichedDomains,
33860
+ _tips: CATALOG._tips
32453
33861
  });
32454
33862
  } catch (e) {
32455
33863
  return toError(e);
@@ -34661,20 +36069,28 @@ function registerAgentHubTools(server) {
34661
36069
  }
34662
36070
 
34663
36071
  // src/index.ts
34664
- async function main() {
34665
- const VERSION = "0.2.45";
34666
- const server = new McpServer({
34667
- name: "hvip-mcp",
34668
- version: VERSION,
34669
- description: "hvip MCP Server \u2014 362 \u5DE5\u5177\u8986\u76D6 97.7% OKX REST API\uFF0C\u542B\u4EA4\u6613/\u884C\u60C5/\u8D44\u91D1/\u7B56\u7565/\u9884\u6D4B\u5E02\u573A/\u6280\u672F\u6307\u6807/Smart Money\uFF08\u975E OKX \u5B98\u65B9\u4EA7\u54C1\uFF09\u3002\u4ED3\u5E93: https://github.com/okx-wallet-H/hvip-mcp"
34670
- });
34671
- const auth = getAuth();
34672
- const READ_ONLY = process.env.OKX_READ_ONLY === "true";
36072
+ function resolveExecutionMode() {
36073
+ if (process.env.MCP_EXECUTION_ENABLED === "false") {
36074
+ return { readOnly: true, reason: "MCP_EXECUTION_ENABLED=false" };
36075
+ }
36076
+ if (process.env.OKX_READ_ONLY === "true" || process.env.MCP_READONLY_MODE === "true") {
36077
+ return { readOnly: true, reason: "\u53EA\u8BFB\u6A21\u5F0F\u5DF2\u542F\u7528 (OKX_READ_ONLY / MCP_READONLY_MODE)" };
36078
+ }
36079
+ return { readOnly: false, reason: "" };
36080
+ }
36081
+ function resolveTransportMode() {
36082
+ const argv = process.argv.slice(2);
36083
+ const arg = argv[0] || "";
36084
+ if (arg === "start:http") return "http";
36085
+ if (arg === "start:stdio" || arg === "" || arg.startsWith("-")) return "stdio";
36086
+ return "stdio";
36087
+ }
36088
+ function registerAllTools(server, auth, readOnly) {
34673
36089
  let skipped = 0;
34674
36090
  const skipLog = [];
34675
- function createReadOnlyProxy(s) {
34676
- const orig = s.tool?.bind?.(s) ?? s.tool.bind(s);
34677
- s.tool = function(name, ...args) {
36091
+ if (readOnly) {
36092
+ const orig = server.tool.bind(server);
36093
+ server.tool = function(name, ...args) {
34678
36094
  const risk = classifyRisk(name);
34679
36095
  if (risk !== "READ") {
34680
36096
  skipped++;
@@ -34683,64 +36099,135 @@ async function main() {
34683
36099
  }
34684
36100
  return orig(name, ...args);
34685
36101
  };
34686
- return s;
34687
- }
34688
- const effectiveServer = READ_ONLY ? createReadOnlyProxy(server) : server;
34689
- registerMarketTools(effectiveServer);
34690
- registerPublicTools(effectiveServer, auth);
34691
- registerStatsTools(effectiveServer);
34692
- registerSpreadTools(effectiveServer, auth);
34693
- registerOutcomesTools(effectiveServer);
34694
- registerAccountTools(effectiveServer, auth);
34695
- registerTradingTools(effectiveServer, auth);
34696
- registerAlgoTools(effectiveServer, auth);
34697
- registerBotTools(effectiveServer, auth);
34698
- registerCopyTools(effectiveServer, auth);
34699
- registerSignalTools(effectiveServer, auth);
34700
- registerFundingTools(effectiveServer, auth);
34701
- registerSubAccountTools(effectiveServer, auth);
34702
- registerFinanceTools(effectiveServer, auth);
34703
- registerAffiliateTools(effectiveServer, auth);
34704
- registerFiatTools(effectiveServer, auth);
34705
- registerRfqTools(effectiveServer, auth);
34706
- registerAgentUtils(effectiveServer, auth);
34707
- registerIndicatorTools(effectiveServer);
34708
- registerSmartMoneyTools(effectiveServer, auth);
34709
- registerXLayerWSTools(effectiveServer);
34710
- registerWsTools(effectiveServer);
34711
- registerAgentHubTools(effectiveServer);
34712
- if (READ_ONLY) {
34713
- let authStatus = "\u672A\u914D\u7F6E";
34714
- if (auth) {
34715
- try {
34716
- authStatus = "\u5DF2\u914D\u7F6E\uFF08\u53EA\u8BFB\u6A21\u5F0F\uFF0C\u4EC5\u66B4\u9732 READ \u7EA7\u522B\u5DE5\u5177\uFF09";
34717
- } catch {
34718
- authStatus = "\u5DF2\u914D\u7F6E";
34719
- }
36102
+ }
36103
+ registerMarketTools(server);
36104
+ registerPublicTools(server, auth);
36105
+ registerStatsTools(server);
36106
+ registerSpreadTools(server, auth);
36107
+ registerOutcomesTools(server);
36108
+ registerAccountTools(server, auth);
36109
+ registerTradingTools(server, auth);
36110
+ registerAlgoTools(server, auth);
36111
+ registerBotTools(server, auth);
36112
+ registerCopyTools(server, auth);
36113
+ registerSignalTools(server, auth);
36114
+ registerFundingTools(server, auth);
36115
+ registerSubAccountTools(server, auth);
36116
+ registerFinanceTools(server, auth);
36117
+ registerAffiliateTools(server, auth);
36118
+ registerFiatTools(server, auth);
36119
+ registerRfqTools(server, auth);
36120
+ registerAgentUtils(server, auth);
36121
+ registerIndicatorTools(server);
36122
+ registerSmartMoneyTools(server, auth);
36123
+ registerXLayerWSTools(server);
36124
+ registerWsTools(server);
36125
+ registerAgentHubTools(server);
36126
+ return { skipped, skipLog };
36127
+ }
36128
+ async function startHttp(server, version2, auth, readOnly, skipped) {
36129
+ const port = parseInt(process.env.PORT || "3000", 10);
36130
+ const transport = new StreamableHTTPServerTransport({
36131
+ sessionIdGenerator: void 0
36132
+ // stateless
36133
+ });
36134
+ await server.connect(transport);
36135
+ const httpServer = (0, import_node_http.createServer)(async (req, res) => {
36136
+ res.setHeader("Access-Control-Allow-Origin", "*");
36137
+ res.setHeader("Access-Control-Allow-Methods", "GET, POST, OPTIONS");
36138
+ res.setHeader("Access-Control-Allow-Headers", "Content-Type, Mcp-Session-Id");
36139
+ if (req.method === "OPTIONS") {
36140
+ res.writeHead(204);
36141
+ res.end();
36142
+ return;
34720
36143
  }
34721
- process.stderr.write(`[hvip] \u53EA\u8BFB\u6A21\u5F0F\u5DF2\u542F\u7528 | API Key: ${authStatus} | \u5199\u5165\u5DE5\u5177\u5DF2\u8DF3\u8FC7: ${skipped}
36144
+ if (req.method === "GET" && req.url === "/health") {
36145
+ res.writeHead(200, { "Content-Type": "application/json" });
36146
+ res.end(JSON.stringify({
36147
+ status: "ok",
36148
+ name: "hvip-mcp",
36149
+ version: version2,
36150
+ mode: readOnly ? "read-only" : "full",
36151
+ auth: !!auth,
36152
+ skippedTools: skipped,
36153
+ uptime: process.uptime(),
36154
+ tsIso: (/* @__PURE__ */ new Date()).toISOString()
36155
+ }));
36156
+ return;
36157
+ }
36158
+ if (req.method === "POST" && req.url === "/mcp") {
36159
+ const chunks = [];
36160
+ req.on("data", (chunk) => chunks.push(chunk));
36161
+ req.on("end", async () => {
36162
+ try {
36163
+ const body = Buffer.concat(chunks).toString("utf-8");
36164
+ const parsed = body ? JSON.parse(body) : void 0;
36165
+ await transport.handleRequest(req, res, parsed);
36166
+ } catch {
36167
+ res.writeHead(400, { "Content-Type": "application/json" });
36168
+ res.end(JSON.stringify({ jsonrpc: "2.0", error: { code: -32700, message: "Parse error" }, id: null }));
36169
+ }
36170
+ });
36171
+ return;
36172
+ }
36173
+ res.writeHead(404, { "Content-Type": "application/json" });
36174
+ res.end(JSON.stringify({ error: "Not Found" }));
36175
+ });
36176
+ httpServer.listen(port, "0.2.47.0", () => {
36177
+ process.stderr.write([
36178
+ `\u2554\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2557`,
36179
+ `\u2551 hvip-mcp v${version2} HTTP \u6A21\u5F0F \u2551`,
36180
+ `\u2551 POST http://0.2.47.0:${port}/mcp \u2551`,
36181
+ `\u2551 GET http://0.2.47.0:${port}/health \u2551`,
36182
+ `\u2551 \u6A21\u5F0F: ${readOnly ? "\u53EA\u8BFB" : "\u5B8C\u6574"} | \u5DE5\u5177: ${readOnly ? "READ only" : "\u5168\u90E8"} \u2551`,
36183
+ `\u255A\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u255D`
36184
+ ].join("\n") + "\n");
36185
+ });
36186
+ }
36187
+ async function startStdio(server, version2, auth, readOnly, skipped, skipLog) {
36188
+ if (readOnly) {
36189
+ const authStatus = auth ? "\u5DF2\u914D\u7F6E\uFF08\u4EC5 READ \u5DE5\u5177\uFF09" : "\u672A\u914D\u7F6E";
36190
+ process.stderr.write(`[hvip] \u53EA\u8BFB\u6A21\u5F0F | API Key: ${authStatus} | \u8DF3\u8FC7 ${skipped} \u4E2A\u975E READ \u5DE5\u5177
34722
36191
  `);
34723
36192
  if (skipLog.length > 0 && process.env.NODE_ENV !== "production") {
34724
36193
  const sample = skipLog.slice(0, 8).join(", ");
34725
- process.stderr.write(`[hvip] \u8DF3\u8FC7\u793A\u4F8B: ${sample}${skipLog.length > 8 ? ` +${skipLog.length - 8} \u4E2A` : ""}
36194
+ process.stderr.write(`[hvip] \u8DF3\u8FC7: ${sample}${skipLog.length > 8 ? ` +${skipLog.length - 8}` : ""}
34726
36195
  `);
34727
36196
  }
34728
36197
  } else if (auth) {
34729
36198
  try {
34730
36199
  const cfg = await privateApi.getAccountConfig(auth);
34731
36200
  const uid = cfg?.[0]?.uid ?? "?";
34732
- process.stderr.write(`[hvip] API Key \u5DF2\u9A8C\u8BC1 | UID: ${uid} | \u5B8C\u6574\u6A21\u5F0F\uFF08\u5168\u90E8 357 \u5DE5\u5177\uFF09
36201
+ process.stderr.write(`[hvip] API Key \u5DF2\u9A8C\u8BC1 | UID: ${uid} | \u5B8C\u6574\u6A21\u5F0F (v${version2})
34733
36202
  `);
34734
36203
  } catch {
34735
- process.stderr.write(`[hvip] API Key \u9A8C\u8BC1\u5931\u8D25 | \u5C06\u4EE5\u672A\u8BA4\u8BC1\u6A21\u5F0F\u542F\u52A8\uFF08\u516C\u5F00\u5DE5\u5177\u53EF\u7528\uFF09
36204
+ process.stderr.write(`[hvip] API Key \u9A8C\u8BC1\u5931\u8D25 | \u964D\u7EA7\u4E3A\u672A\u8BA4\u8BC1\u6A21\u5F0F
34736
36205
  `);
34737
36206
  }
34738
36207
  } else {
34739
- process.stderr.write(`[hvip] \u672A\u914D\u7F6E API Key | \u4EC5\u516C\u5F00\u5DE5\u5177\u53EF\u7528
36208
+ process.stderr.write(`[hvip] \u672A\u914D\u7F6E API Key | \u4EC5\u516C\u5F00\u5DE5\u5177\u53EF\u7528 (v${version2})
34740
36209
  `);
34741
36210
  }
34742
- startAgentHub(parseInt(process.env.WS_AGENT_PORT || "9321"), "0.2.45.0", VERSION);
36211
+ startAgentHub(parseInt(process.env.WS_AGENT_PORT || "9321"), "0.2.47.0", version2);
34743
36212
  const transport = new StdioServerTransport();
34744
- await effectiveServer.connect(transport);
36213
+ await server.connect(transport);
36214
+ }
36215
+ async function main() {
36216
+ const VERSION = "0.2.47";
36217
+ const auth = getAuth();
36218
+ const mode = resolveTransportMode();
36219
+ const exec = resolveExecutionMode();
36220
+ const readOnly = exec.readOnly || !auth;
36221
+ const server = new McpServer({
36222
+ name: "hvip-mcp",
36223
+ version: VERSION,
36224
+ description: "hvip MCP Server \u2014 362 \u5DE5\u5177\u8986\u76D6 97.7% OKX REST API\uFF0C\u542B\u4EA4\u6613/\u884C\u60C5/\u8D44\u91D1/\u7B56\u7565/\u9884\u6D4B\u5E02\u573A/\u6280\u672F\u6307\u6807/Smart Money\uFF08\u975E OKX \u5B98\u65B9\u4EA7\u54C1\uFF09\u3002\u4ED3\u5E93: https://github.com/okx-wallet-H/hvip-mcp"
36225
+ });
36226
+ const { skipped, skipLog } = registerAllTools(server, auth, readOnly);
36227
+ if (mode === "http") {
36228
+ await startHttp(server, VERSION, auth, readOnly, skipped);
36229
+ } else {
36230
+ await startStdio(server, VERSION, auth, readOnly, skipped, skipLog);
36231
+ }
34745
36232
  }
34746
36233
  main();