mcp-aiven 0.1.5

package/dist/tools/pg/query.js

@@ -0,0 +1,120 @@
+import { randomUUID, createHash } from 'node:crypto';
+import { PgQueryMode, toolSuccess, toolError } from '../../types.js';
+import { errorMessage } from '../../errors.js';
+import { redactSensitiveData } from '../../security.js';
+import { UNTRUSTED_DATA_WARNING } from '../../prompts.js';
+import { connectToService } from './connection.js';
+import { validateReadQuery, validateWriteQuery } from './validation.js';
+export const MAX_ROWS = 1000;
+export const DEFAULT_LIMIT = 100;
+const MAX_CELL_LENGTH = 4096;
+const STATEMENT_TIMEOUT_MS = 30000;
+const RATE_LIMIT_MAX = 100;
+const RATE_LIMIT_WINDOW_MS = 60_000;
+const rateLimitBuckets = new Map();
+function hashToken(token) {
+    return createHash('sha256').update(token).digest('hex');
+}
+function checkRateLimit(token) {
+    const key = token ? hashToken(token) : '__stdio__';
+    const now = Date.now();
+    const cutoff = now - RATE_LIMIT_WINDOW_MS;
+    let timestamps = rateLimitBuckets.get(key);
+    if (timestamps) {
+        while (timestamps.length > 0 && (timestamps[0] ?? 0) <= cutoff) {
+            timestamps.shift();
+        }
+        if (timestamps.length === 0) {
+            rateLimitBuckets.delete(key);
+            timestamps = undefined;
+        }
+    }
+    if (timestamps && timestamps.length >= RATE_LIMIT_MAX) {
+        return `Rate limit exceeded: maximum ${RATE_LIMIT_MAX} queries per ${RATE_LIMIT_WINDOW_MS / 1000} seconds. Please wait before issuing more queries.`;
+    }
+    if (!timestamps) {
+        timestamps = [];
+        rateLimitBuckets.set(key, timestamps);
+    }
+    timestamps.push(now);
+    return null;
+}
+function truncateCells(row) {
+    const result = {};
+    for (const [key, value] of Object.entries(row)) {
+        if (typeof value === 'string' && value.length > MAX_CELL_LENGTH) {
+            result[key] = value.slice(0, MAX_CELL_LENGTH) + '... (truncated)';
+        }
+        else {
+            result[key] = value;
+        }
+    }
+    return result;
+}
+function sanitizePgError(err) {
+    if (!(err instanceof Error))
+        return 'PostgreSQL query error: query execution failed';
+    const code = 'code' in err && typeof err.code === 'string' ? ` [${err.code}]` : '';
+    return `PostgreSQL error${code}: ${err.message}`;
+}
+function wrapInBoundary(data) {
+    const uuid = randomUUID();
+    const redacted = redactSensitiveData(data);
+    return [
+        UNTRUSTED_DATA_WARNING,
+        `<untrusted-query-result-${uuid}>`,
+        JSON.stringify(redacted, null, 2),
+        `</untrusted-query-result-${uuid}>`,
+    ].join('\n');
+}
+export async function executePgQuery(client, options) {
+    const { project, service_name, query, database, mode, limit = DEFAULT_LIMIT, offset = 0, token, } = options;
+    const validation = mode === PgQueryMode.ReadOnly
+        ? await validateReadQuery(query)
+        : await validateWriteQuery(query);
+    if (!validation.valid) {
+        return toolError(validation.error);
+    }
+    const rateLimitError = checkRateLimit(token);
+    if (rateLimitError)
+        return toolError(rateLimitError);
+    const apiOpts = { token, mcpClient: options.mcpClient, toolName: options.toolName };
+    let pgClient;
+    try {
+        pgClient = await connectToService(client, project, service_name, database, apiOpts);
+    }
+    catch (err) {
+        return toolError(errorMessage(err));
+    }
+    try {
+        await pgClient.query(mode === PgQueryMode.ReadOnly ? 'BEGIN READ ONLY' : 'BEGIN');
+        await pgClient.query(`SET LOCAL statement_timeout = '${String(STATEMENT_TIMEOUT_MS)}'`);
+        const result = await pgClient.query(query);
+        await pgClient.query('COMMIT');
+        const allRows = result.rows.slice(0, MAX_ROWS);
+        const paged = allRows.slice(offset, offset + limit);
+        const truncatedRows = paged.map((row) => truncateCells(row));
+        const meta = {
+            rowCount: result.rowCount ?? 0,
+            returnedRows: paged.length,
+            totalRowsCapped: allRows.length,
+            truncated: (result.rowCount ?? 0) > MAX_ROWS,
+            offset,
+            limit,
+            hasMore: offset + limit < allRows.length,
+            fields: result.fields.map((f) => f.name),
+        };
+        if (mode === PgQueryMode.ReadWrite) {
+            meta['command'] = result['command'];
+        }
+        return toolSuccess(wrapInBoundary({ meta, rows: truncatedRows }));
+    }
+    catch (err) {
+        await pgClient.query('ROLLBACK').catch(() => { });
+        return toolError(sanitizePgError(err));
+    }
+    finally {
+        await pgClient.end();
+    }
+}
+//# sourceMappingURL=query.js.map

package/dist/tools/pg/query.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"query.js","sourceRoot":"","sources":["../../../src/tools/pg/query.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAGrD,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AACrE,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC/C,OAAO,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAC;AACxD,OAAO,EAAE,sBAAsB,EAAE,MAAM,kBAAkB,CAAC;AAC1D,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACnD,OAAO,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAC;AAExE,MAAM,CAAC,MAAM,QAAQ,GAAG,IAAI,CAAC;AAC7B,MAAM,CAAC,MAAM,aAAa,GAAG,GAAG,CAAC;AACjC,MAAM,eAAe,GAAG,IAAI,CAAC;AAC7B,MAAM,oBAAoB,GAAG,KAAK,CAAC;AAEnC,MAAM,cAAc,GAAG,GAAG,CAAC;AAC3B,MAAM,oBAAoB,GAAG,MAAM,CAAC;AACpC,MAAM,gBAAgB,GAAG,IAAI,GAAG,EAAoB,CAAC;AAErD,SAAS,SAAS,CAAC,KAAa;IAC9B,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAC1D,CAAC;AAED,SAAS,cAAc,CAAC,KAAc;IACpC,MAAM,GAAG,GAAG,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC;IACnD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,MAAM,MAAM,GAAG,GAAG,GAAG,oBAAoB,CAAC;IAE1C,IAAI,UAAU,GAAG,gBAAgB,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAC3C,IAAI,UAAU,EAAE,CAAC;QACf,OAAO,UAAU,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,MAAM,EAAE,CAAC;YAC/D,UAAU,CAAC,KAAK,EAAE,CAAC;QACrB,CAAC;QACD,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC5B,gBAAgB,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAC7B,UAAU,GAAG,SAAS,CAAC;QACzB,CAAC;IACH,CAAC;IAED,IAAI,UAAU,IAAI,UAAU,CAAC,MAAM,IAAI,cAAc,EAAE,CAAC;QACtD,OAAO,gCAAgC,cAAc,gBAAgB,oBAAoB,GAAG,IAAI,oDAAoD,CAAC;IACvJ,CAAC;IAED,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,UAAU,GAAG,EAAE,CAAC;QAChB,gBAAgB,CAAC,GAAG,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC;IACxC,CAAC;IACD,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACrB,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,aAAa,CAAC,GAA4B;IACjD,MAAM,MAAM,GAA4B,EAAE,CAAC;IAC3C,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QAC/C,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,MAAM,GAAG,eAAe,EAAE,CAAC;YAChE,MAAM,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,eAAe,CAAC,GAAG,iBAAiB,CAAC;QACpE,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;QACtB,CAAC;IACH,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,eAAe,CAAC,GAAY;IACnC,IAAI,CAAC,CAAC,GAAG,YAAY,KAAK,CAAC;QAAE,OAAO,gDAAgD,CAAC;IACrF,MAAM,IAAI,GAAG,MAAM,IAAI,GAAG,IAAI,OAAO,GAAG,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;IACnF,OAAO,mBAAmB,IAAI,KAAK,GAAG,CAAC,OAAO,EAAE,CAAC;AACnD,CAAC;AAED,SAAS,cAAc,CAAC,IAAa;IACnC,MAAM,IAAI,GAAG,UAAU,EAAE,CAAC;IAC1B,MAAM,QAAQ,GAAG,mBAAmB,CAAC,IAAI,CAAC,CAAC;IAC3C,OAAO;QACL,sBAAsB;QACtB,2BAA2B,IAAI,GAAG;QAClC,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;QACjC,4BAA4B,IAAI,GAAG;KACpC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACf,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,MAAmB,EACnB,OAA8B;IAE9B,MAAM,EACJ,OAAO,EACP,YAAY,EACZ,KAAK,EACL,QAAQ,EACR,IAAI,EACJ,KAAK,GAAG,aAAa,EACrB,MAAM,GAAG,CAAC,EACV,KAAK,GACN,GAAG,OAAO,CAAC;IAEZ,MAAM,UAAU,GACd,IAAI,KAAK,WAAW,CAAC,QAAQ;QAC3B,CAAC,CAAC,MAAM,iBAAiB,CAAC,KAAK,CAAC;QAChC,CAAC,CAAC,MAAM,kBAAkB,CAAC,KAAK,CAAC,CAAC;IACtC,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC;QACtB,OAAO,SAAS,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;IACrC,CAAC;IAED,MAAM,cAAc,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;IAC7C,IAAI,cAAc;QAAE,OAAO,SAAS,CAAC,cAAc,CAAC,CAAC;IAErD,MAAM,OAAO,GAAG,EAAE,KAAK,EAAE,SAAS,EAAE,OAAO,CAAC,SAAS,EAAE,QAAQ,EAAE,OAAO,CAAC,QAAQ,EAAE,CAAC;IAEpF,IAAI,QAAQ,CAAC;IACb,IAAI,CAAC;QACH,QAAQ,GAAG,MAAM,gBAAgB,CAAC,MAAM,EAAE,OAAO,EAAE,YAAY,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;IACtF,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,SAAS,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC;IACtC,CAAC;IAED,IAAI,CAAC;QACH,MAAM,QAAQ,CAAC,KAAK,CAAC,IAAI,KAAK,WAAW,CAAC,QAAQ,CAAC,CAAC,CAAC,iBAAiB,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;QAClF,MAAM,QAAQ,CAAC,KAAK,CAAC,kCAAkC,MAAM,CAAC,oBAAoB,CAAC,GAAG,CAAC,CAAC;QAExF,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAC3C,MAAM,QAAQ,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;QAE/B,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;QAC/C,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,MAAM,EAAE,MAAM,GAAG,KAAK,CAAC,CAAC;QACpD,MAAM,aAAa,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,GAA4B,EAAE,EAAE,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC;QAEtF,MAAM,IAAI,GAA4B;YACpC,QAAQ,EAAE,MAAM,CAAC,QAAQ,IAAI,CAAC;YAC9B,YAAY,EAAE,KAAK,CAAC,MAAM;YAC1B,eAAe,EAAE,OAAO,CAAC,MAAM;YAC/B,SAAS,EAAE,CAAC,MAAM,CAAC,QAAQ,IAAI,CAAC,CAAC,GAAG,QAAQ;YAC5C,MAAM;YACN,KAAK;YACL,OAAO,EAAE,MAAM,GAAG,KAAK,GAAG,OAAO,CAAC,MAAM;YACxC,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;SACzC,CAAC;QAEF,IAAI,IAAI,KAAK,WAAW,CAAC,SAAS,EAAE,CAAC;YACnC,IAAI,CAAC,SAAS,CAAC,GAAG,MAAM,CAAC,SAAS,CAAC,CAAC;QACtC,CAAC;QAED,OAAO,WAAW,CAAC,cAAc,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,aAAa,EAAE,CAAC,CAAC,CAAC;IACpE,CAAC;IAAC,OAAO,GAAY,EAAE,CAAC;QACtB,MAAM,QAAQ,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;QACjD,OAAO,SAAS,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC;IACzC,CAAC;YAAS,CAAC;QACT,MAAM,QAAQ,CAAC,GAAG,EAAE,CAAC;IACvB,CAAC;AACH,CAAC"}

package/dist/tools/pg/schemas.d.ts

@@ -0,0 +1,59 @@
+import { z } from 'zod';
+export declare const optimizeQueryInput: z.ZodObject<{
+    account_id: z.ZodString;
+    query: z.ZodString;
+    pg_version: z.ZodDefault<z.ZodEnum<["18", "17", "16", "15", "14", "13", "12", "11", "10", "9"]>>;
+}, "strict", z.ZodTypeAny, {
+    account_id: string;
+    query: string;
+    pg_version: "18" | "17" | "16" | "15" | "14" | "13" | "12" | "11" | "10" | "9";
+}, {
+    account_id: string;
+    query: string;
+    pg_version?: "18" | "17" | "16" | "15" | "14" | "13" | "12" | "11" | "10" | "9" | undefined;
+}>;
+export declare const pgQueryInput: z.ZodObject<{
+    project: z.ZodString;
+    service_name: z.ZodString;
+    query: z.ZodString;
+    database: z.ZodOptional<z.ZodString>;
+    limit: z.ZodOptional<z.ZodNumber>;
+    offset: z.ZodOptional<z.ZodNumber>;
+}, "strict", z.ZodTypeAny, {
+    project: string;
+    service_name: string;
+    query: string;
+    database?: string | undefined;
+    limit?: number | undefined;
+    offset?: number | undefined;
+}, {
+    project: string;
+    service_name: string;
+    query: string;
+    database?: string | undefined;
+    limit?: number | undefined;
+    offset?: number | undefined;
+}>;
+export declare const pgExecuteQueryInput: z.ZodObject<{
+    project: z.ZodString;
+    service_name: z.ZodString;
+    query: z.ZodString;
+    database: z.ZodOptional<z.ZodString>;
+    limit: z.ZodOptional<z.ZodNumber>;
+    offset: z.ZodOptional<z.ZodNumber>;
+}, "strict", z.ZodTypeAny, {
+    project: string;
+    service_name: string;
+    query: string;
+    database?: string | undefined;
+    limit?: number | undefined;
+    offset?: number | undefined;
+}, {
+    project: string;
+    service_name: string;
+    query: string;
+    database?: string | undefined;
+    limit?: number | undefined;
+    offset?: number | undefined;
+}>;
+//# sourceMappingURL=schemas.d.ts.map

package/dist/tools/pg/schemas.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"schemas.d.ts","sourceRoot":"","sources":["../../../src/tools/pg/schemas.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAGxB,eAAO,MAAM,kBAAkB;;;;;;;;;;;;EAapB,CAAC;AAEZ,eAAO,MAAM,YAAY;;;;;;;;;;;;;;;;;;;;;EA+Bd,CAAC;AAEZ,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;;;;;;;;EA+BrB,CAAC"}

package/dist/tools/pg/schemas.js

@@ -0,0 +1,69 @@
+import { z } from 'zod';
+import { MAX_ROWS, DEFAULT_LIMIT } from './query.js';
+export const optimizeQueryInput = z
+    .object({
+    account_id: z
+        .string()
+        .describe('Aiven account ID. Get this from get_project response at project.account_id'),
+    query: z
+        .string()
+        .describe('SQL query to optimize (plain text, will be base64 encoded automatically)'),
+    pg_version: z
+        .enum(['18', '17', '16', '15', '14', '13', '12', '11', '10', '9'])
+        .default('16')
+        .describe('PostgreSQL version'),
+})
+    .strict();
+export const pgQueryInput = z
+    .object({
+    project: z.string().describe('Aiven project name — use aiven_project_list to get valid names'),
+    service_name: z.string().describe('Aiven PostgreSQL service name'),
+    query: z
+        .string()
+        .describe('Read-only SQL query to execute. Only SELECT and similar read operations are allowed.'),
+    database: z
+        .string()
+        .optional()
+        .describe('Database name to connect to (default: service default, usually "defaultdb")'),
+    limit: z
+        .number()
+        .int()
+        .min(1)
+        .max(MAX_ROWS)
+        .optional()
+        .describe(`Maximum number of rows to return per page (default: ${DEFAULT_LIMIT}, max: ${MAX_ROWS}). Use with offset for pagination.`),
+    offset: z
+        .number()
+        .int()
+        .min(0)
+        .optional()
+        .describe('Number of rows to skip before returning results (default: 0). Use with limit for pagination.'),
+})
+    .strict();
+export const pgExecuteQueryInput = z
+    .object({
+    project: z.string().describe('Aiven project name — use aiven_project_list to get valid names'),
+    service_name: z.string().describe('Aiven PostgreSQL service name'),
+    query: z
+        .string()
+        .describe('SQL statement to execute. Allows DML (INSERT, UPDATE, DELETE) and DDL (CREATE TABLE, ALTER TABLE, CREATE INDEX). Blocks DROP, TRUNCATE, GRANT, and REVOKE.'),
+    database: z
+        .string()
+        .optional()
+        .describe('Database name to connect to (default: service default, usually "defaultdb")'),
+    limit: z
+        .number()
+        .int()
+        .min(1)
+        .max(MAX_ROWS)
+        .optional()
+        .describe(`Maximum number of rows to return per page (default: ${DEFAULT_LIMIT}, max: ${MAX_ROWS}). Use with offset for pagination.`),
+    offset: z
+        .number()
+        .int()
+        .min(0)
+        .optional()
+        .describe('Number of rows to skip before returning results (default: 0). Use with limit for pagination.'),
+})
+    .strict();
+//# sourceMappingURL=schemas.js.map

package/dist/tools/pg/schemas.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"schemas.js","sourceRoot":"","sources":["../../../src/tools/pg/schemas.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,QAAQ,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAErD,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAAC;KAChC,MAAM,CAAC;IACN,UAAU,EAAE,CAAC;SACV,MAAM,EAAE;SACR,QAAQ,CAAC,4EAA4E,CAAC;IACzF,KAAK,EAAE,CAAC;SACL,MAAM,EAAE;SACR,QAAQ,CAAC,0EAA0E,CAAC;IACvF,UAAU,EAAE,CAAC;SACV,IAAI,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,CAAC,CAAC;SACjE,OAAO,CAAC,IAAI,CAAC;SACb,QAAQ,CAAC,oBAAoB,CAAC;CAClC,CAAC;KACD,MAAM,EAAE,CAAC;AAEZ,MAAM,CAAC,MAAM,YAAY,GAAG,CAAC;KAC1B,MAAM,CAAC;IACN,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,gEAAgE,CAAC;IAC9F,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,+BAA+B,CAAC;IAClE,KAAK,EAAE,CAAC;SACL,MAAM,EAAE;SACR,QAAQ,CACP,sFAAsF,CACvF;IACH,QAAQ,EAAE,CAAC;SACR,MAAM,EAAE;SACR,QAAQ,EAAE;SACV,QAAQ,CAAC,6EAA6E,CAAC;IAC1F,KAAK,EAAE,CAAC;SACL,MAAM,EAAE;SACR,GAAG,EAAE;SACL,GAAG,CAAC,CAAC,CAAC;SACN,GAAG,CAAC,QAAQ,CAAC;SACb,QAAQ,EAAE;SACV,QAAQ,CACP,uDAAuD,aAAa,UAAU,QAAQ,oCAAoC,CAC3H;IACH,MAAM,EAAE,CAAC;SACN,MAAM,EAAE;SACR,GAAG,EAAE;SACL,GAAG,CAAC,CAAC,CAAC;SACN,QAAQ,EAAE;SACV,QAAQ,CACP,8FAA8F,CAC/F;CACJ,CAAC;KACD,MAAM,EAAE,CAAC;AAEZ,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC;KACjC,MAAM,CAAC;IACN,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,gEAAgE,CAAC;IAC9F,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,+BAA+B,CAAC;IAClE,KAAK,EAAE,CAAC;SACL,MAAM,EAAE;SACR,QAAQ,CACP,4JAA4J,CAC7J;IACH,QAAQ,EAAE,CAAC;SACR,MAAM,EAAE;SACR,QAAQ,EAAE;SACV,QAAQ,CAAC,6EAA6E,CAAC;IAC1F,KAAK,EAAE,CAAC;SACL,MAAM,EAAE;SACR,GAAG,EAAE;SACL,GAAG,CAAC,CAAC,CAAC;SACN,GAAG,CAAC,QAAQ,CAAC;SACb,QAAQ,EAAE;SACV,QAAQ,CACP,uDAAuD,aAAa,UAAU,QAAQ,oCAAoC,CAC3H;IACH,MAAM,EAAE,CAAC;SACN,MAAM,EAAE;SACR,GAAG,EAAE;SACL,GAAG,CAAC,CAAC,CAAC;SACN,QAAQ,EAAE;SACV,QAAQ,CACP,8FAA8F,CAC/F;CACJ,CAAC;KACD,MAAM,EAAE,CAAC"}

package/dist/tools/pg/validation.d.ts

@@ -0,0 +1,10 @@
+export type SqlValidationResult = {
+    valid: true;
+    stmtType: string;
+} | {
+    valid: false;
+    error: string;
+};
+export declare function validateReadQuery(query: string): Promise<SqlValidationResult>;
+export declare function validateWriteQuery(query: string): Promise<SqlValidationResult>;
+//# sourceMappingURL=validation.d.ts.map

package/dist/tools/pg/validation.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"validation.d.ts","sourceRoot":"","sources":["../../../src/tools/pg/validation.ts"],"names":[],"mappings":"AAoCA,MAAM,MAAM,mBAAmB,GAC3B;IAAE,KAAK,EAAE,IAAI,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,GACjC;IAAE,KAAK,EAAE,KAAK,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,CAAC;AAsBpC,wBAAsB,iBAAiB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,mBAAmB,CAAC,CAYnF;AAED,wBAAsB,kBAAkB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,mBAAmB,CAAC,CAepF"}

package/dist/tools/pg/validation.js

@@ -0,0 +1,77 @@
+import { loadModule, parseSync } from 'libpg-query';
+// WASM module must be loaded once before parseSync can be used
+let moduleLoaded = false;
+async function ensurePgQueryLoaded() {
+    if (!moduleLoaded) {
+        await loadModule();
+        moduleLoaded = true;
+    }
+}
+// Read-only tool: only allow SELECT and EXPLAIN
+const READONLY_ALLOWED = new Set(['SelectStmt', 'ExplainStmt']);
+// Write tool: block dangerous DDL + SET/transaction injection
+const WRITE_BLOCKED = new Set([
+    'DropStmt',
+    'DropRoleStmt',
+    'DropdbStmt',
+    'DropTableSpaceStmt',
+    'DropSubscriptionStmt',
+    'DropOwnedStmt',
+    'TruncateStmt',
+    'GrantStmt', // also covers REVOKE
+    'ReassignOwnedStmt',
+    'SecLabelStmt',
+    'DoStmt',
+    'CreateFunctionStmt',
+    'VariableSetStmt',
+    'TransactionStmt',
+]);
+function extractStmtType(query) {
+    let ast;
+    try {
+        ast = parseSync(query);
+    }
+    catch {
+        throw new Error('SQL parse error: the query could not be parsed as valid PostgreSQL.');
+    }
+    if (ast.stmts.length !== 1) {
+        throw new Error('Multiple SQL statements are not allowed. Please send one query at a time.');
+    }
+    const stmtType = Object.keys(ast.stmts[0]?.stmt ?? {})[0];
+    if (!stmtType) {
+        throw new Error('Empty statement.');
+    }
+    return stmtType;
+}
+export async function validateReadQuery(query) {
+    await ensurePgQueryLoaded();
+    let stmtType;
+    try {
+        stmtType = extractStmtType(query);
+    }
+    catch (err) {
+        return { valid: false, error: err.message };
+    }
+    if (!READONLY_ALLOWED.has(stmtType)) {
+        return { valid: false, error: `Only SELECT and EXPLAIN statements are allowed in read-only mode.` };
+    }
+    return { valid: true, stmtType };
+}
+export async function validateWriteQuery(query) {
+    await ensurePgQueryLoaded();
+    let stmtType;
+    try {
+        stmtType = extractStmtType(query);
+    }
+    catch (err) {
+        return { valid: false, error: err.message };
+    }
+    if (WRITE_BLOCKED.has(stmtType)) {
+        return {
+            valid: false,
+            error: `Blocked statement type: ${stmtType}. DROP, TRUNCATE, GRANT, REVOKE, DO, CREATE FUNCTION, SET, and transaction control statements are not allowed through this tool.`,
+        };
+    }
+    return { valid: true, stmtType };
+}
+//# sourceMappingURL=validation.js.map

package/dist/tools/pg/validation.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"validation.js","sourceRoot":"","sources":["../../../src/tools/pg/validation.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAMpD,+DAA+D;AAC/D,IAAI,YAAY,GAAG,KAAK,CAAC;AACzB,KAAK,UAAU,mBAAmB;IAChC,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,MAAM,UAAU,EAAE,CAAC;QACnB,YAAY,GAAG,IAAI,CAAC;IACtB,CAAC;AACH,CAAC;AAED,gDAAgD;AAChD,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC,CAAC,YAAY,EAAE,aAAa,CAAC,CAAC,CAAC;AAEhE,8DAA8D;AAC9D,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC;IAC5B,UAAU;IACV,cAAc;IACd,YAAY;IACZ,oBAAoB;IACpB,sBAAsB;IACtB,eAAe;IACf,cAAc;IACd,WAAW,EAAE,qBAAqB;IAClC,mBAAmB;IACnB,cAAc;IACd,QAAQ;IACR,oBAAoB;IACpB,iBAAiB;IACjB,iBAAiB;CAClB,CAAC,CAAC;AAMH,SAAS,eAAe,CAAC,KAAa;IACpC,IAAI,GAAU,CAAC;IACf,IAAI,CAAC;QACH,GAAG,GAAG,SAAS,CAAC,KAAK,CAAU,CAAC;IAClC,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,KAAK,CAAC,qEAAqE,CAAC,CAAC;IACzF,CAAC;IAED,IAAI,GAAG,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,KAAK,CAAC,2EAA2E,CAAC,CAAC;IAC/F,CAAC;IAED,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,IAAI,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;IAC1D,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC;IACtC,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,KAAa;IACnD,MAAM,mBAAmB,EAAE,CAAC;IAC5B,IAAI,QAAgB,CAAC;IACrB,IAAI,CAAC;QACH,QAAQ,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;IACpC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAG,GAAa,CAAC,OAAO,EAAE,CAAC;IACzD,CAAC;IACD,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QACpC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,mEAAmE,EAAE,CAAC;IACtG,CAAC;IACD,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;AACnC,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,KAAa;IACpD,MAAM,mBAAmB,EAAE,CAAC;IAC5B,IAAI,QAAgB,CAAC;IACrB,IAAI,CAAC;QACH,QAAQ,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;IACpC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAG,GAAa,CAAC,OAAO,EAAE,CAAC;IACzD,CAAC;IACD,IAAI,aAAa,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QAChC,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,KAAK,EAAE,2BAA2B,QAAQ,kIAAkI;SAC7K,CAAC;IACJ,CAAC;IACD,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;AACnC,CAAC"}

package/dist/tools/registry.d.ts

@@ -0,0 +1,4 @@
+import type { AivenClient } from '../client.js';
+import type { ToolDefinition } from '../types.js';
+export declare function loadApiTools(client: AivenClient): ToolDefinition[];
+//# sourceMappingURL=registry.d.ts.map

package/dist/tools/registry.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"registry.d.ts","sourceRoot":"","sources":["../../src/tools/registry.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAChD,OAAO,KAAK,EACV,cAAc,EAOf,MAAM,aAAa,CAAC;AAgIrB,wBAAgB,YAAY,CAAC,MAAM,EAAE,WAAW,GAAG,cAAc,EAAE,CAmDlE"}

package/dist/tools/registry.js

@@ -0,0 +1,120 @@
+import * as fs from 'node:fs';
+import * as path from 'node:path';
+import { parse as parseYaml } from 'yaml';
+import { ServiceCategory, READ_ONLY_ANNOTATIONS, CREATE_ANNOTATIONS, UPDATE_ANNOTATIONS, DELETE_ANNOTATIONS, } from '../types.js';
+import { jsonSchemaToZod } from './json-schema-to-zod.js';
+import { createApiTool } from './api-tool.js';
+import { createRequire } from 'node:module';
+import { TOOL_LIST_PICKER_SUFFIX } from '../prompts.js';
+const CATEGORY_MAP = {
+    core: ServiceCategory.Core,
+    pg: ServiceCategory.Pg,
+    kafka: ServiceCategory.Kafka,
+    integrations: ServiceCategory.Integrations,
+};
+function toCategory(cat) {
+    const mapped = CATEGORY_MAP[cat];
+    if (!mapped)
+        throw new Error(`Unknown category: ${cat}`);
+    return mapped;
+}
+function deriveAnnotations(method, readOnly, destructive) {
+    if (readOnly)
+        return READ_ONLY_ANNOTATIONS;
+    const base = (() => {
+        switch (method.toUpperCase()) {
+            case 'GET':
+                return READ_ONLY_ANNOTATIONS;
+            case 'DELETE':
+                return DELETE_ANNOTATIONS;
+            case 'PUT':
+            case 'PATCH':
+                return UPDATE_ANNOTATIONS;
+            default:
+                return CREATE_ANNOTATIONS;
+        }
+    })();
+    if (destructive && !base.destructiveHint) {
+        return { ...base, destructiveHint: true };
+    }
+    return base;
+}
+function loadManifests() {
+    const manifestDir = path.join(path.dirname(new URL(import.meta.url).pathname), '..', 'manifests');
+    // eslint-disable-next-line security/detect-non-literal-fs-filename -- trusted internal path
+    const files = fs
+        .readdirSync(manifestDir)
+        .filter((f) => f.endsWith('.yaml'))
+        .sort();
+    const entries = [];
+    for (const file of files) {
+        // eslint-disable-next-line security/detect-non-literal-fs-filename -- trusted internal path
+        const content = fs.readFileSync(path.join(manifestDir, file), 'utf-8');
+        const manifest = parseYaml(content);
+        entries.push(...manifest.tools);
+    }
+    return entries;
+}
+function loadSchemas() {
+    const require = createRequire(import.meta.url);
+    return require('../../generator/schemas/api-schemas.json');
+}
+async function resolveFreePlanCloud(params, client, token) {
+    if (typeof params['plan'] !== 'string' || !params['plan'].startsWith('free'))
+        return;
+    try {
+        const opts = token ? { token } : undefined;
+        const res = await client.get('/console/free-plan-availability', opts);
+        const providers = res.free_plan_cloud_providers;
+        const cloud = params['cloud'];
+        const isValid = cloud && providers.some((p) => cloud.startsWith(`${p}-`));
+        if (!isValid && res.free_plan_cloud_preferences.length > 0) {
+            params['cloud'] = res.free_plan_cloud_preferences.reduce((a, b) => b.weight > a.weight ? b : a).cloud_name;
+        }
+    }
+    catch {
+        // ignore free-plan availability lookup failures
+    }
+}
+export function loadApiTools(client) {
+    const manifests = loadManifests();
+    const schemas = loadSchemas();
+    const tools = [];
+    for (const entry of manifests) {
+        const category = toCategory(entry.category);
+        const schemaEntry = schemas[entry.name];
+        if (!schemaEntry) {
+            console.error(`mcp-aiven: No schema found for tool ${entry.name}, skipping`);
+            continue;
+        }
+        let description = entry.description ?? schemaEntry.description;
+        if (entry.append_list_picker_hint) {
+            description = `${description}\n\n${TOOL_LIST_PICKER_SUFFIX}`;
+        }
+        const inputSchema = jsonSchemaToZod(schemaEntry.schema, schemaEntry.strict);
+        const tool = createApiTool({
+            name: entry.name,
+            title: schemaEntry.title,
+            description,
+            category,
+            method: entry.method,
+            path: entry.path,
+            inputSchema,
+            annotations: deriveAnnotations(entry.method, entry.readOnly, entry.destructive),
+            defaults: entry.defaults,
+            responseFilter: entry.response_filter,
+        }, client);
+        // Resolve free plan cloud for aiven_service_create
+        if (entry.name === 'aiven_service_create') {
+            const originalHandler = tool.handler;
+            tool.handler = async (params, context) => {
+                const args = params;
+                await resolveFreePlanCloud(args, client, context?.token);
+                return originalHandler(params, context);
+            };
+        }
+        tools.push(tool);
+    }
+    return tools;
+}
+//# sourceMappingURL=registry.js.map

package/dist/tools/registry.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"registry.js","sourceRoot":"","sources":["../../src/tools/registry.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,EAAE,KAAK,IAAI,SAAS,EAAE,MAAM,MAAM,CAAC;AAW1C,OAAO,EACL,eAAe,EACf,qBAAqB,EACrB,kBAAkB,EAClB,kBAAkB,EAClB,kBAAkB,GACnB,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAC9C,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAC5C,OAAO,EAAE,uBAAuB,EAAE,MAAM,eAAe,CAAC;AA4BxD,MAAM,YAAY,GAAoC;IACpD,IAAI,EAAE,eAAe,CAAC,IAAI;IAC1B,EAAE,EAAE,eAAe,CAAC,EAAE;IACtB,KAAK,EAAE,eAAe,CAAC,KAAK;IAC5B,YAAY,EAAE,eAAe,CAAC,YAAY;CAC3C,CAAC;AAEF,SAAS,UAAU,CAAC,GAAW;IAC7B,MAAM,MAAM,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC;IACjC,IAAI,CAAC,MAAM;QAAE,MAAM,IAAI,KAAK,CAAC,qBAAqB,GAAG,EAAE,CAAC,CAAC;IACzD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,iBAAiB,CACxB,MAAc,EACd,QAAkB,EAClB,WAAqB;IAErB,IAAI,QAAQ;QAAE,OAAO,qBAAqB,CAAC;IAC3C,MAAM,IAAI,GAAG,CAAC,GAAoB,EAAE;QAClC,QAAQ,MAAM,CAAC,WAAW,EAAE,EAAE,CAAC;YAC7B,KAAK,KAAK;gBACR,OAAO,qBAAqB,CAAC;YAC/B,KAAK,QAAQ;gBACX,OAAO,kBAAkB,CAAC;YAC5B,KAAK,KAAK,CAAC;YACX,KAAK,OAAO;gBACV,OAAO,kBAAkB,CAAC;YAC5B;gBACE,OAAO,kBAAkB,CAAC;QAC9B,CAAC;IACH,CAAC,CAAC,EAAE,CAAC;IACL,IAAI,WAAW,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,CAAC;QACzC,OAAO,EAAE,GAAG,IAAI,EAAE,eAAe,EAAE,IAAI,EAAE,CAAC;IAC5C,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,aAAa;IACpB,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,EAAE,IAAI,EAAE,WAAW,CAAC,CAAC;IAClG,4FAA4F;IAC5F,MAAM,KAAK,GAAG,EAAE;SACb,WAAW,CAAC,WAAW,CAAC;SACxB,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;SAClC,IAAI,EAAE,CAAC;IAEV,MAAM,OAAO,GAAoB,EAAE,CAAC;IACpC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,4FAA4F;QAC5F,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,EAAE,OAAO,CAAC,CAAC;QACvE,MAAM,QAAQ,GAAG,SAAS,CAAC,OAAO,CAAiB,CAAC;QACpD,OAAO,CAAC,IAAI,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;IAClC,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,WAAW;IAClB,MAAM,OAAO,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC/C,OAAO,OAAO,CAAC,0CAA0C,CAAc,CAAC;AAC1E,CAAC;AAED,KAAK,UAAU,oBAAoB,CACjC,MAA+B,EAC/B,MAAmB,EACnB,KAAc;IAEd,IAAI,OAAO,MAAM,CAAC,MAAM,CAAC,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC;QAAE,OAAO;IAErF,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;QAC3C,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,GAAG,CAGzB,iCAAiC,EAAE,IAAI,CAAC,CAAC;QAE5C,MAAM,SAAS,GAAG,GAAG,CAAC,yBAAyB,CAAC;QAChD,MAAM,KAAK,GAAG,MAAM,CAAC,OAAO,CAAuB,CAAC;QACpD,MAAM,OAAO,GAAG,KAAK,IAAI,SAAS,CAAC,IAAI,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;QAElF,IAAI,CAAC,OAAO,IAAI,GAAG,CAAC,2BAA2B,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC3D,MAAM,CAAC,OAAO,CAAC,GAAG,GAAG,CAAC,2BAA2B,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAChE,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAC5B,CAAC,UAAU,CAAC;QACf,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,gDAAgD;IAClD,CAAC;AACH,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,MAAmB;IAC9C,MAAM,SAAS,GAAG,aAAa,EAAE,CAAC;IAClC,MAAM,OAAO,GAAG,WAAW,EAAE,CAAC;IAE9B,MAAM,KAAK,GAAqB,EAAE,CAAC;IAEnC,KAAK,MAAM,KAAK,IAAI,SAAS,EAAE,CAAC;QAC9B,MAAM,QAAQ,GAAG,UAAU,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;QAE5C,MAAM,WAAW,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACxC,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAO,CAAC,KAAK,CAAC,uCAAuC,KAAK,CAAC,IAAI,YAAY,CAAC,CAAC;YAC7E,SAAS;QACX,CAAC;QAED,IAAI,WAAW,GAAG,KAAK,CAAC,WAAW,IAAI,WAAW,CAAC,WAAW,CAAC;QAC/D,IAAI,KAAK,CAAC,uBAAuB,EAAE,CAAC;YAClC,WAAW,GAAG,GAAG,WAAW,OAAO,uBAAuB,EAAE,CAAC;QAC/D,CAAC;QACD,MAAM,WAAW,GAAG,eAAe,CAAC,WAAW,CAAC,MAAM,EAAE,WAAW,CAAC,MAAM,CAAC,CAAC;QAE5E,MAAM,IAAI,GAAG,aAAa,CACxB;YACE,IAAI,EAAE,KAAK,CAAC,IAAI;YAChB,KAAK,EAAE,WAAW,CAAC,KAAK;YACxB,WAAW;YACX,QAAQ;YACR,MAAM,EAAE,KAAK,CAAC,MAAoB;YAClC,IAAI,EAAE,KAAK,CAAC,IAAI;YAChB,WAAW;YACX,WAAW,EAAE,iBAAiB,CAAC,KAAK,CAAC,MAAM,EAAE,KAAK,CAAC,QAAQ,EAAE,KAAK,CAAC,WAAW,CAAC;YAC/E,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,cAAc,EAAE,KAAK,CAAC,eAAe;SACtC,EACD,MAAM,CACP,CAAC;QAEF,mDAAmD;QACnD,IAAI,KAAK,CAAC,IAAI,KAAK,sBAAsB,EAAE,CAAC;YAC1C,MAAM,eAAe,GAAG,IAAI,CAAC,OAAO,CAAC;YACrC,IAAI,CAAC,OAAO,GAAG,KAAK,EAAE,MAAM,EAAE,OAAwB,EAAuB,EAAE;gBAC7E,MAAM,IAAI,GAAG,MAAiC,CAAC;gBAC/C,MAAM,oBAAoB,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;gBACzD,OAAO,eAAe,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;YAC1C,CAAC,CAAC;QACJ,CAAC;QAED,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACnB,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC"}

package/dist/tools/response-filter.d.ts

@@ -0,0 +1,3 @@
+import type { ResponseFilterConfig } from '../types.js';
+export declare function applyResponseFilter(data: Record<string, unknown>, config: ResponseFilterConfig): Record<string, unknown>;
+//# sourceMappingURL=response-filter.d.ts.map

package/dist/tools/response-filter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"response-filter.d.ts","sourceRoot":"","sources":["../../src/tools/response-filter.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;AASxD,wBAAgB,mBAAmB,CACjC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC7B,MAAM,EAAE,oBAAoB,GAC3B,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAiBzB"}

package/dist/tools/response-filter.js

@@ -0,0 +1,19 @@
+function pickFields(item, allowlist) {
+    return Object.fromEntries(Object.entries(item).filter(([key]) => allowlist.has(key)));
+}
+export function applyResponseFilter(data, config) {
+    const value = data[config.key];
+    const allowlist = new Set(config.fields);
+    if (Array.isArray(value)) {
+        return {
+            [config.key]: value.map((item) => pickFields(item, allowlist)),
+        };
+    }
+    if (typeof value === 'object' && value !== null) {
+        return {
+            [config.key]: pickFields(value, allowlist),
+        };
+    }
+    return data;
+}
+//# sourceMappingURL=response-filter.js.map

package/dist/tools/response-filter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"response-filter.js","sourceRoot":"","sources":["../../src/tools/response-filter.ts"],"names":[],"mappings":"AAEA,SAAS,UAAU,CACjB,IAA6B,EAC7B,SAAsB;IAEtB,OAAO,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;AACxF,CAAC;AAED,MAAM,UAAU,mBAAmB,CACjC,IAA6B,EAC7B,MAA4B;IAE5B,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAC/B,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAEzC,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO;YACL,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,IAA6B,EAAE,EAAE,CAAC,UAAU,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;SACxF,CAAC;IACJ,CAAC;IAED,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QAChD,OAAO;YACL,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,UAAU,CAAC,KAAgC,EAAE,SAAS,CAAC;SACtE,CAAC;IACJ,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC"}

package/dist/transport.d.ts

@@ -0,0 +1,14 @@
+import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
+import type { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
+import type { HttpMcpRateLimitConfig } from './config.js';
+export declare function createStdioTransport(): StdioServerTransport;
+interface HttpServerConfig {
+    port: number;
+    apiOrigin: string;
+    scopes: string[];
+    rateLimit: HttpMcpRateLimitConfig;
+    trustProxy: boolean;
+}
+export declare function startHttpServer(createServer: () => McpServer, config: HttpServerConfig): void;
+export {};
+//# sourceMappingURL=transport.d.ts.map

package/dist/transport.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"transport.d.ts","sourceRoot":"","sources":["../src/transport.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AAEjF,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAIzE,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,aAAa,CAAC;AAE1D,wBAAgB,oBAAoB,IAAI,oBAAoB,CAE3D;AAED,UAAU,gBAAgB;IACxB,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,SAAS,EAAE,sBAAsB,CAAC;IAClC,UAAU,EAAE,OAAO,CAAC;CACrB;AAgED,wBAAgB,eAAe,CAC7B,YAAY,EAAE,MAAM,SAAS,EAC7B,MAAM,EAAE,gBAAgB,GACvB,IAAI,CAwDN"}