npm - mcp-server-framework - Versions diffs - 1.0.0 - Mend

mcp-server-framework 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (673) hide show

package/CHANGELOG.md +174 -0
package/LICENSE-GPL.md +219 -0
package/LICENSE.md +187 -0
package/README.md +439 -0
package/build/config/config-cache.d.ts +120 -0
package/build/config/config-cache.d.ts.map +1 -0
package/build/config/config-cache.js +310 -0
package/build/config/config-cache.js.map +1 -0
package/build/config/env.d.ts +476 -0
package/build/config/env.d.ts.map +1 -0
package/build/config/env.js +441 -0
package/build/config/env.js.map +1 -0
package/build/config/extensions.d.ts +107 -0
package/build/config/extensions.d.ts.map +1 -0
package/build/config/extensions.js +152 -0
package/build/config/extensions.js.map +1 -0
package/build/config/file/index.d.ts +8 -0
package/build/config/file/index.d.ts.map +1 -0
package/build/config/file/index.js +10 -0
package/build/config/file/index.js.map +1 -0
package/build/config/file/loader.d.ts +31 -0
package/build/config/file/loader.d.ts.map +1 -0
package/build/config/file/loader.js +313 -0
package/build/config/file/loader.js.map +1 -0
package/build/config/file/schema.d.ts +583 -0
package/build/config/file/schema.d.ts.map +1 -0
package/build/config/file/schema.js +388 -0
package/build/config/file/schema.js.map +1 -0
package/build/config/index.d.ts +15 -0
package/build/config/index.d.ts.map +1 -0
package/build/config/index.js +27 -0
package/build/config/index.js.map +1 -0
package/build/config/startup-warnings.d.ts +46 -0
package/build/config/startup-warnings.d.ts.map +1 -0
package/build/config/startup-warnings.js +61 -0
package/build/config/startup-warnings.js.map +1 -0
package/build/connection/connection-state.d.ts +196 -0
package/build/connection/connection-state.d.ts.map +1 -0
package/build/connection/connection-state.js +426 -0
package/build/connection/connection-state.js.map +1 -0
package/build/connection/core/base.d.ts +43 -0
package/build/connection/core/base.d.ts.map +1 -0
package/build/connection/core/base.js +82 -0
package/build/connection/core/base.js.map +1 -0
package/build/connection/core/constants.d.ts +121 -0
package/build/connection/core/constants.d.ts.map +1 -0
package/build/connection/core/constants.js +151 -0
package/build/connection/core/constants.js.map +1 -0
package/build/connection/core/index.d.ts +13 -0
package/build/connection/core/index.d.ts.map +1 -0
package/build/connection/core/index.js +14 -0
package/build/connection/core/index.js.map +1 -0
package/build/connection/core/types.d.ts +102 -0
package/build/connection/core/types.d.ts.map +1 -0
package/build/connection/core/types.js +31 -0
package/build/connection/core/types.js.map +1 -0
package/build/connection/index.d.ts +19 -0
package/build/connection/index.d.ts.map +1 -0
package/build/connection/index.js +22 -0
package/build/connection/index.js.map +1 -0
package/build/connection/types.d.ts +125 -0
package/build/connection/types.d.ts.map +1 -0
package/build/connection/types.js +39 -0
package/build/connection/types.js.map +1 -0
package/build/errors/categories/auth.d.ts +59 -0
package/build/errors/categories/auth.d.ts.map +1 -0
package/build/errors/categories/auth.js +111 -0
package/build/errors/categories/auth.js.map +1 -0
package/build/errors/categories/connection.d.ts +70 -0
package/build/errors/categories/connection.d.ts.map +1 -0
package/build/errors/categories/connection.js +120 -0
package/build/errors/categories/connection.js.map +1 -0
package/build/errors/categories/index.d.ts +14 -0
package/build/errors/categories/index.d.ts.map +1 -0
package/build/errors/categories/index.js +20 -0
package/build/errors/categories/index.js.map +1 -0
package/build/errors/categories/operation.d.ts +83 -0
package/build/errors/categories/operation.d.ts.map +1 -0
package/build/errors/categories/operation.js +149 -0
package/build/errors/categories/operation.js.map +1 -0
package/build/errors/categories/protocol.d.ts +68 -0
package/build/errors/categories/protocol.d.ts.map +1 -0
package/build/errors/categories/protocol.js +135 -0
package/build/errors/categories/protocol.js.map +1 -0
package/build/errors/categories/session.d.ts +50 -0
package/build/errors/categories/session.d.ts.map +1 -0
package/build/errors/categories/session.js +97 -0
package/build/errors/categories/session.js.map +1 -0
package/build/errors/categories/system.d.ts +95 -0
package/build/errors/categories/system.d.ts.map +1 -0
package/build/errors/categories/system.js +190 -0
package/build/errors/categories/system.js.map +1 -0
package/build/errors/categories/transport.d.ts +70 -0
package/build/errors/categories/transport.d.ts.map +1 -0
package/build/errors/categories/transport.js +148 -0
package/build/errors/categories/transport.js.map +1 -0
package/build/errors/categories/validation.d.ts +140 -0
package/build/errors/categories/validation.d.ts.map +1 -0
package/build/errors/categories/validation.js +311 -0
package/build/errors/categories/validation.js.map +1 -0
package/build/errors/core/base.d.ts +103 -0
package/build/errors/core/base.d.ts.map +1 -0
package/build/errors/core/base.js +219 -0
package/build/errors/core/base.js.map +1 -0
package/build/errors/core/constants.d.ts +40 -0
package/build/errors/core/constants.d.ts.map +1 -0
package/build/errors/core/constants.js +49 -0
package/build/errors/core/constants.js.map +1 -0
package/build/errors/core/error-codes.d.ts +72 -0
package/build/errors/core/error-codes.d.ts.map +1 -0
package/build/errors/core/error-codes.js +88 -0
package/build/errors/core/error-codes.js.map +1 -0
package/build/errors/core/http.d.ts +69 -0
package/build/errors/core/http.d.ts.map +1 -0
package/build/errors/core/http.js +106 -0
package/build/errors/core/http.js.map +1 -0
package/build/errors/core/index.d.ts +23 -0
package/build/errors/core/index.d.ts.map +1 -0
package/build/errors/core/index.js +41 -0
package/build/errors/core/index.js.map +1 -0
package/build/errors/core/json-rpc.d.ts +69 -0
package/build/errors/core/json-rpc.d.ts.map +1 -0
package/build/errors/core/json-rpc.js +79 -0
package/build/errors/core/json-rpc.js.map +1 -0
package/build/errors/core/messages.d.ts +51 -0
package/build/errors/core/messages.d.ts.map +1 -0
package/build/errors/core/messages.js +59 -0
package/build/errors/core/messages.js.map +1 -0
package/build/errors/core/types.d.ts +80 -0
package/build/errors/core/types.d.ts.map +1 -0
package/build/errors/core/types.js +10 -0
package/build/errors/core/types.js.map +1 -0
package/build/errors/factory.d.ts +199 -0
package/build/errors/factory.d.ts.map +1 -0
package/build/errors/factory.js +244 -0
package/build/errors/factory.js.map +1 -0
package/build/errors/index.d.ts +35 -0
package/build/errors/index.d.ts.map +1 -0
package/build/errors/index.js +67 -0
package/build/errors/index.js.map +1 -0
package/build/index.d.ts +93 -0
package/build/index.d.ts.map +1 -0
package/build/index.js +107 -0
package/build/index.js.map +1 -0
package/build/logger/core/constants.d.ts +143 -0
package/build/logger/core/constants.d.ts.map +1 -0
package/build/logger/core/constants.js +206 -0
package/build/logger/core/constants.js.map +1 -0
package/build/logger/core/context.d.ts +170 -0
package/build/logger/core/context.d.ts.map +1 -0
package/build/logger/core/context.js +237 -0
package/build/logger/core/context.js.map +1 -0
package/build/logger/core/errors.d.ts +101 -0
package/build/logger/core/errors.d.ts.map +1 -0
package/build/logger/core/errors.js +128 -0
package/build/logger/core/errors.js.map +1 -0
package/build/logger/core/format.d.ts +40 -0
package/build/logger/core/format.d.ts.map +1 -0
package/build/logger/core/format.js +47 -0
package/build/logger/core/format.js.map +1 -0
package/build/logger/core/index.d.ts +19 -0
package/build/logger/core/index.d.ts.map +1 -0
package/build/logger/core/index.js +47 -0
package/build/logger/core/index.js.map +1 -0
package/build/logger/core/trace-context.d.ts +51 -0
package/build/logger/core/trace-context.d.ts.map +1 -0
package/build/logger/core/trace-context.js +42 -0
package/build/logger/core/trace-context.js.map +1 -0
package/build/logger/core/types.d.ts +233 -0
package/build/logger/core/types.d.ts.map +1 -0
package/build/logger/core/types.js +10 -0
package/build/logger/core/types.js.map +1 -0
package/build/logger/factory.d.ts +150 -0
package/build/logger/factory.d.ts.map +1 -0
package/build/logger/factory.js +236 -0
package/build/logger/factory.js.map +1 -0
package/build/logger/formatters/index.d.ts +12 -0
package/build/logger/formatters/index.d.ts.map +1 -0
package/build/logger/formatters/index.js +15 -0
package/build/logger/formatters/index.js.map +1 -0
package/build/logger/formatters/json-formatter.d.ts +54 -0
package/build/logger/formatters/json-formatter.d.ts.map +1 -0
package/build/logger/formatters/json-formatter.js +80 -0
package/build/logger/formatters/json-formatter.js.map +1 -0
package/build/logger/formatters/schema.d.ts +230 -0
package/build/logger/formatters/schema.d.ts.map +1 -0
package/build/logger/formatters/schema.js +278 -0
package/build/logger/formatters/schema.js.map +1 -0
package/build/logger/formatters/text-formatter.d.ts +50 -0
package/build/logger/formatters/text-formatter.d.ts.map +1 -0
package/build/logger/formatters/text-formatter.js +93 -0
package/build/logger/formatters/text-formatter.js.map +1 -0
package/build/logger/index.d.ts +39 -0
package/build/logger/index.d.ts.map +1 -0
package/build/logger/index.js +43 -0
package/build/logger/index.js.map +1 -0
package/build/logger/logger.d.ts +278 -0
package/build/logger/logger.d.ts.map +1 -0
package/build/logger/logger.js +459 -0
package/build/logger/logger.js.map +1 -0
package/build/logger/mcp-logger.d.ts +177 -0
package/build/logger/mcp-logger.d.ts.map +1 -0
package/build/logger/mcp-logger.js +294 -0
package/build/logger/mcp-logger.js.map +1 -0
package/build/logger/scrubbing/index.d.ts +14 -0
package/build/logger/scrubbing/index.d.ts.map +1 -0
package/build/logger/scrubbing/index.js +16 -0
package/build/logger/scrubbing/index.js.map +1 -0
package/build/logger/scrubbing/injection-guard.d.ts +69 -0
package/build/logger/scrubbing/injection-guard.d.ts.map +1 -0
package/build/logger/scrubbing/injection-guard.js +102 -0
package/build/logger/scrubbing/injection-guard.js.map +1 -0
package/build/logger/scrubbing/secret-scrubber.d.ts +72 -0
package/build/logger/scrubbing/secret-scrubber.d.ts.map +1 -0
package/build/logger/scrubbing/secret-scrubber.js +177 -0
package/build/logger/scrubbing/secret-scrubber.js.map +1 -0
package/build/logger/writers/base-writer.d.ts +45 -0
package/build/logger/writers/base-writer.d.ts.map +1 -0
package/build/logger/writers/base-writer.js +41 -0
package/build/logger/writers/base-writer.js.map +1 -0
package/build/logger/writers/composite-writer.d.ts +83 -0
package/build/logger/writers/composite-writer.d.ts.map +1 -0
package/build/logger/writers/composite-writer.js +121 -0
package/build/logger/writers/composite-writer.js.map +1 -0
package/build/logger/writers/console-writer.d.ts +59 -0
package/build/logger/writers/console-writer.d.ts.map +1 -0
package/build/logger/writers/console-writer.js +73 -0
package/build/logger/writers/console-writer.js.map +1 -0
package/build/logger/writers/file-writer.d.ts +160 -0
package/build/logger/writers/file-writer.d.ts.map +1 -0
package/build/logger/writers/file-writer.js +345 -0
package/build/logger/writers/file-writer.js.map +1 -0
package/build/logger/writers/index.d.ts +15 -0
package/build/logger/writers/index.d.ts.map +1 -0
package/build/logger/writers/index.js +19 -0
package/build/logger/writers/index.js.map +1 -0
package/build/mcp/capabilities/apps/define-app.d.ts +68 -0
package/build/mcp/capabilities/apps/define-app.d.ts.map +1 -0
package/build/mcp/capabilities/apps/define-app.js +127 -0
package/build/mcp/capabilities/apps/define-app.js.map +1 -0
package/build/mcp/capabilities/apps/index.d.ts +10 -0
package/build/mcp/capabilities/apps/index.d.ts.map +1 -0
package/build/mcp/capabilities/apps/index.js +10 -0
package/build/mcp/capabilities/apps/index.js.map +1 -0
package/build/mcp/capabilities/capabilities.d.ts +24 -0
package/build/mcp/capabilities/capabilities.d.ts.map +1 -0
package/build/mcp/capabilities/capabilities.js +50 -0
package/build/mcp/capabilities/capabilities.js.map +1 -0
package/build/mcp/capabilities/index.d.ts +17 -0
package/build/mcp/capabilities/index.d.ts.map +1 -0
package/build/mcp/capabilities/index.js +20 -0
package/build/mcp/capabilities/index.js.map +1 -0
package/build/mcp/capabilities/prompts/define-prompt.d.ts +95 -0
package/build/mcp/capabilities/prompts/define-prompt.d.ts.map +1 -0
package/build/mcp/capabilities/prompts/define-prompt.js +109 -0
package/build/mcp/capabilities/prompts/define-prompt.js.map +1 -0
package/build/mcp/capabilities/prompts/index.d.ts +10 -0
package/build/mcp/capabilities/prompts/index.d.ts.map +1 -0
package/build/mcp/capabilities/prompts/index.js +10 -0
package/build/mcp/capabilities/prompts/index.js.map +1 -0
package/build/mcp/capabilities/registry/base-registry.d.ts +95 -0
package/build/mcp/capabilities/registry/base-registry.d.ts.map +1 -0
package/build/mcp/capabilities/registry/base-registry.js +149 -0
package/build/mcp/capabilities/registry/base-registry.js.map +1 -0
package/build/mcp/capabilities/registry/index.d.ts +16 -0
package/build/mcp/capabilities/registry/index.d.ts.map +1 -0
package/build/mcp/capabilities/registry/index.js +34 -0
package/build/mcp/capabilities/registry/index.js.map +1 -0
package/build/mcp/capabilities/registry/prompt-registry.d.ts +116 -0
package/build/mcp/capabilities/registry/prompt-registry.d.ts.map +1 -0
package/build/mcp/capabilities/registry/prompt-registry.js +232 -0
package/build/mcp/capabilities/registry/prompt-registry.js.map +1 -0
package/build/mcp/capabilities/registry/reset.d.ts +30 -0
package/build/mcp/capabilities/registry/reset.d.ts.map +1 -0
package/build/mcp/capabilities/registry/reset.js +48 -0
package/build/mcp/capabilities/registry/reset.js.map +1 -0
package/build/mcp/capabilities/registry/resource-registry.d.ts +152 -0
package/build/mcp/capabilities/registry/resource-registry.d.ts.map +1 -0
package/build/mcp/capabilities/registry/resource-registry.js +430 -0
package/build/mcp/capabilities/registry/resource-registry.js.map +1 -0
package/build/mcp/capabilities/registry/scope-enforcement.d.ts +48 -0
package/build/mcp/capabilities/registry/scope-enforcement.d.ts.map +1 -0
package/build/mcp/capabilities/registry/scope-enforcement.js +62 -0
package/build/mcp/capabilities/registry/scope-enforcement.js.map +1 -0
package/build/mcp/capabilities/registry/task-tool-registry.d.ts +96 -0
package/build/mcp/capabilities/registry/task-tool-registry.d.ts.map +1 -0
package/build/mcp/capabilities/registry/task-tool-registry.js +190 -0
package/build/mcp/capabilities/registry/task-tool-registry.js.map +1 -0
package/build/mcp/capabilities/registry/tool-registry.d.ts +100 -0
package/build/mcp/capabilities/registry/tool-registry.d.ts.map +1 -0
package/build/mcp/capabilities/registry/tool-registry.js +242 -0
package/build/mcp/capabilities/registry/tool-registry.js.map +1 -0
package/build/mcp/capabilities/resources/define-resource.d.ts +103 -0
package/build/mcp/capabilities/resources/define-resource.d.ts.map +1 -0
package/build/mcp/capabilities/resources/define-resource.js +137 -0
package/build/mcp/capabilities/resources/define-resource.js.map +1 -0
package/build/mcp/capabilities/resources/index.d.ts +10 -0
package/build/mcp/capabilities/resources/index.d.ts.map +1 -0
package/build/mcp/capabilities/resources/index.js +10 -0
package/build/mcp/capabilities/resources/index.js.map +1 -0
package/build/mcp/capabilities/server-capabilities.d.ts +33 -0
package/build/mcp/capabilities/server-capabilities.d.ts.map +1 -0
package/build/mcp/capabilities/server-capabilities.js +16 -0
package/build/mcp/capabilities/server-capabilities.js.map +1 -0
package/build/mcp/capabilities/tasks/define-task.d.ts +75 -0
package/build/mcp/capabilities/tasks/define-task.d.ts.map +1 -0
package/build/mcp/capabilities/tasks/define-task.js +93 -0
package/build/mcp/capabilities/tasks/define-task.js.map +1 -0
package/build/mcp/capabilities/tasks/index.d.ts +11 -0
package/build/mcp/capabilities/tasks/index.d.ts.map +1 -0
package/build/mcp/capabilities/tasks/index.js +11 -0
package/build/mcp/capabilities/tasks/index.js.map +1 -0
package/build/mcp/capabilities/tools/define-tool.d.ts +62 -0
package/build/mcp/capabilities/tools/define-tool.d.ts.map +1 -0
package/build/mcp/capabilities/tools/define-tool.js +73 -0
package/build/mcp/capabilities/tools/define-tool.js.map +1 -0
package/build/mcp/capabilities/tools/index.d.ts +10 -0
package/build/mcp/capabilities/tools/index.d.ts.map +1 -0
package/build/mcp/capabilities/tools/index.js +10 -0
package/build/mcp/capabilities/tools/index.js.map +1 -0
package/build/mcp/handlers/index.d.ts +19 -0
package/build/mcp/handlers/index.d.ts.map +1 -0
package/build/mcp/handlers/index.js +26 -0
package/build/mcp/handlers/index.js.map +1 -0
package/build/mcp/handlers/ping.d.ts +27 -0
package/build/mcp/handlers/ping.d.ts.map +1 -0
package/build/mcp/handlers/ping.js +61 -0
package/build/mcp/handlers/ping.js.map +1 -0
package/build/mcp/handlers/progress.d.ts +41 -0
package/build/mcp/handlers/progress.d.ts.map +1 -0
package/build/mcp/handlers/progress.js +79 -0
package/build/mcp/handlers/progress.js.map +1 -0
package/build/mcp/index.d.ts +28 -0
package/build/mcp/index.d.ts.map +1 -0
package/build/mcp/index.js +34 -0
package/build/mcp/index.js.map +1 -0
package/build/mcp/responses/helpers.d.ts +146 -0
package/build/mcp/responses/helpers.d.ts.map +1 -0
package/build/mcp/responses/helpers.js +197 -0
package/build/mcp/responses/helpers.js.map +1 -0
package/build/mcp/responses/index.d.ts +9 -0
package/build/mcp/responses/index.d.ts.map +1 -0
package/build/mcp/responses/index.js +12 -0
package/build/mcp/responses/index.js.map +1 -0
package/build/mcp/types/context.d.ts +371 -0
package/build/mcp/types/context.d.ts.map +1 -0
package/build/mcp/types/context.js +17 -0
package/build/mcp/types/context.js.map +1 -0
package/build/mcp/types/definition.d.ts +727 -0
package/build/mcp/types/definition.d.ts.map +1 -0
package/build/mcp/types/definition.js +29 -0
package/build/mcp/types/definition.js.map +1 -0
package/build/mcp/types/handler.d.ts +58 -0
package/build/mcp/types/handler.d.ts.map +1 -0
package/build/mcp/types/handler.js +10 -0
package/build/mcp/types/handler.js.map +1 -0
package/build/mcp/types/index.d.ts +21 -0
package/build/mcp/types/index.d.ts.map +1 -0
package/build/mcp/types/index.js +18 -0
package/build/mcp/types/index.js.map +1 -0
package/build/mcp/types/response.d.ts +79 -0
package/build/mcp/types/response.d.ts.map +1 -0
package/build/mcp/types/response.js +10 -0
package/build/mcp/types/response.js.map +1 -0
package/build/server/auth/auth-context.d.ts +52 -0
package/build/server/auth/auth-context.d.ts.map +1 -0
package/build/server/auth/auth-context.js +45 -0
package/build/server/auth/auth-context.js.map +1 -0
package/build/server/auth/guards.d.ts +72 -0
package/build/server/auth/guards.d.ts.map +1 -0
package/build/server/auth/guards.js +103 -0
package/build/server/auth/guards.js.map +1 -0
package/build/server/auth/index.d.ts +21 -0
package/build/server/auth/index.d.ts.map +1 -0
package/build/server/auth/index.js +20 -0
package/build/server/auth/index.js.map +1 -0
package/build/server/auth/oidc-discovery.d.ts +68 -0
package/build/server/auth/oidc-discovery.d.ts.map +1 -0
package/build/server/auth/oidc-discovery.js +234 -0
package/build/server/auth/oidc-discovery.js.map +1 -0
package/build/server/auth/oidc-provider.d.ts +96 -0
package/build/server/auth/oidc-provider.d.ts.map +1 -0
package/build/server/auth/oidc-provider.js +126 -0
package/build/server/auth/oidc-provider.js.map +1 -0
package/build/server/auth/types.d.ts +204 -0
package/build/server/auth/types.d.ts.map +1 -0
package/build/server/auth/types.js +29 -0
package/build/server/auth/types.js.map +1 -0
package/build/server/auth/upstream-provider.d.ts +161 -0
package/build/server/auth/upstream-provider.d.ts.map +1 -0
package/build/server/auth/upstream-provider.js +411 -0
package/build/server/auth/upstream-provider.js.map +1 -0
package/build/server/builder/constants.d.ts +45 -0
package/build/server/builder/constants.d.ts.map +1 -0
package/build/server/builder/constants.js +54 -0
package/build/server/builder/constants.js.map +1 -0
package/build/server/builder/index.d.ts +24 -0
package/build/server/builder/index.d.ts.map +1 -0
package/build/server/builder/index.js +25 -0
package/build/server/builder/index.js.map +1 -0
package/build/server/builder/primitive-collector.d.ts +24 -0
package/build/server/builder/primitive-collector.d.ts.map +1 -0
package/build/server/builder/primitive-collector.js +89 -0
package/build/server/builder/primitive-collector.js.map +1 -0
package/build/server/builder/server-builder.d.ts +53 -0
package/build/server/builder/server-builder.d.ts.map +1 -0
package/build/server/builder/server-builder.js +132 -0
package/build/server/builder/server-builder.js.map +1 -0
package/build/server/builder/types.d.ts +93 -0
package/build/server/builder/types.d.ts.map +1 -0
package/build/server/builder/types.js +25 -0
package/build/server/builder/types.js.map +1 -0
package/build/server/builder/validation.d.ts +36 -0
package/build/server/builder/validation.d.ts.map +1 -0
package/build/server/builder/validation.js +44 -0
package/build/server/builder/validation.js.map +1 -0
package/build/server/create-server.d.ts +57 -0
package/build/server/create-server.d.ts.map +1 -0
package/build/server/create-server.js +104 -0
package/build/server/create-server.js.map +1 -0
package/build/server/http/express-app.d.ts +103 -0
package/build/server/http/express-app.d.ts.map +1 -0
package/build/server/http/express-app.js +391 -0
package/build/server/http/express-app.js.map +1 -0
package/build/server/http/http-server.d.ts +67 -0
package/build/server/http/http-server.d.ts.map +1 -0
package/build/server/http/http-server.js +188 -0
package/build/server/http/http-server.js.map +1 -0
package/build/server/http/http-transport.d.ts +33 -0
package/build/server/http/http-transport.d.ts.map +1 -0
package/build/server/http/http-transport.js +84 -0
package/build/server/http/http-transport.js.map +1 -0
package/build/server/http/index.d.ts +15 -0
package/build/server/http/index.d.ts.map +1 -0
package/build/server/http/index.js +11 -0
package/build/server/http/index.js.map +1 -0
package/build/server/index.d.ts +25 -0
package/build/server/index.d.ts.map +1 -0
package/build/server/index.js +41 -0
package/build/server/index.js.map +1 -0
package/build/server/lifecycle.d.ts +114 -0
package/build/server/lifecycle.d.ts.map +1 -0
package/build/server/lifecycle.js +30 -0
package/build/server/lifecycle.js.map +1 -0
package/build/server/middleware/bearer-auth.d.ts +43 -0
package/build/server/middleware/bearer-auth.d.ts.map +1 -0
package/build/server/middleware/bearer-auth.js +75 -0
package/build/server/middleware/bearer-auth.js.map +1 -0
package/build/server/middleware/custom-header-auth.d.ts +40 -0
package/build/server/middleware/custom-header-auth.d.ts.map +1 -0
package/build/server/middleware/custom-header-auth.js +90 -0
package/build/server/middleware/custom-header-auth.js.map +1 -0
package/build/server/middleware/dns-rebinding.d.ts +25 -0
package/build/server/middleware/dns-rebinding.d.ts.map +1 -0
package/build/server/middleware/dns-rebinding.js +94 -0
package/build/server/middleware/dns-rebinding.js.map +1 -0
package/build/server/middleware/index.d.ts +69 -0
package/build/server/middleware/index.d.ts.map +1 -0
package/build/server/middleware/index.js +68 -0
package/build/server/middleware/index.js.map +1 -0
package/build/server/middleware/logging.d.ts +21 -0
package/build/server/middleware/logging.d.ts.map +1 -0
package/build/server/middleware/logging.js +36 -0
package/build/server/middleware/logging.js.map +1 -0
package/build/server/middleware/oauth-router.d.ts +50 -0
package/build/server/middleware/oauth-router.d.ts.map +1 -0
package/build/server/middleware/oauth-router.js +53 -0
package/build/server/middleware/oauth-router.js.map +1 -0
package/build/server/middleware/protocol-version.d.ts +13 -0
package/build/server/middleware/protocol-version.d.ts.map +1 -0
package/build/server/middleware/protocol-version.js +48 -0
package/build/server/middleware/protocol-version.js.map +1 -0
package/build/server/middleware/rate-limit.d.ts +47 -0
package/build/server/middleware/rate-limit.d.ts.map +1 -0
package/build/server/middleware/rate-limit.js +109 -0
package/build/server/middleware/rate-limit.js.map +1 -0
package/build/server/middleware/trust-proxy.d.ts +37 -0
package/build/server/middleware/trust-proxy.d.ts.map +1 -0
package/build/server/middleware/trust-proxy.js +154 -0
package/build/server/middleware/trust-proxy.js.map +1 -0
package/build/server/option-overrides.d.ts +25 -0
package/build/server/option-overrides.d.ts.map +1 -0
package/build/server/option-overrides.js +85 -0
package/build/server/option-overrides.js.map +1 -0
package/build/server/routes/health.d.ts +87 -0
package/build/server/routes/health.d.ts.map +1 -0
package/build/server/routes/health.js +183 -0
package/build/server/routes/health.js.map +1 -0
package/build/server/routes/index.d.ts +16 -0
package/build/server/routes/index.d.ts.map +1 -0
package/build/server/routes/index.js +18 -0
package/build/server/routes/index.js.map +1 -0
package/build/server/routes/metrics.d.ts +40 -0
package/build/server/routes/metrics.d.ts.map +1 -0
package/build/server/routes/metrics.js +81 -0
package/build/server/routes/metrics.js.map +1 -0
package/build/server/routes/oauth-router.d.ts +50 -0
package/build/server/routes/oauth-router.d.ts.map +1 -0
package/build/server/routes/oauth-router.js +53 -0
package/build/server/routes/oauth-router.js.map +1 -0
package/build/server/routes/readiness-status.d.ts +25 -0
package/build/server/routes/readiness-status.d.ts.map +1 -0
package/build/server/routes/readiness-status.js +27 -0
package/build/server/routes/readiness-status.js.map +1 -0
package/build/server/routes/sse-router.d.ts +43 -0
package/build/server/routes/sse-router.d.ts.map +1 -0
package/build/server/routes/sse-router.js +92 -0
package/build/server/routes/sse-router.js.map +1 -0
package/build/server/routes/streamable-http-router.d.ts +36 -0
package/build/server/routes/streamable-http-router.d.ts.map +1 -0
package/build/server/routes/streamable-http-router.js +59 -0
package/build/server/routes/streamable-http-router.js.map +1 -0
package/build/server/server-instance.d.ts +185 -0
package/build/server/server-instance.d.ts.map +1 -0
package/build/server/server-instance.js +615 -0
package/build/server/server-instance.js.map +1 -0
package/build/server/server-options.d.ts +411 -0
package/build/server/server-options.d.ts.map +1 -0
package/build/server/server-options.js +17 -0
package/build/server/server-options.js.map +1 -0
package/build/server/session/in-memory-store.d.ts +128 -0
package/build/server/session/in-memory-store.d.ts.map +1 -0
package/build/server/session/in-memory-store.js +312 -0
package/build/server/session/in-memory-store.js.map +1 -0
package/build/server/session/index.d.ts +43 -0
package/build/server/session/index.d.ts.map +1 -0
package/build/server/session/index.js +47 -0
package/build/server/session/index.js.map +1 -0
package/build/server/session/mcp-session.d.ts +210 -0
package/build/server/session/mcp-session.d.ts.map +1 -0
package/build/server/session/mcp-session.js +428 -0
package/build/server/session/mcp-session.js.map +1 -0
package/build/server/session/session-factory.d.ts +119 -0
package/build/server/session/session-factory.d.ts.map +1 -0
package/build/server/session/session-factory.js +131 -0
package/build/server/session/session-factory.js.map +1 -0
package/build/server/session/session-housekeeper.d.ts +100 -0
package/build/server/session/session-housekeeper.d.ts.map +1 -0
package/build/server/session/session-housekeeper.js +217 -0
package/build/server/session/session-housekeeper.js.map +1 -0
package/build/server/session/session-manager.d.ts +227 -0
package/build/server/session/session-manager.d.ts.map +1 -0
package/build/server/session/session-manager.js +282 -0
package/build/server/session/session-manager.js.map +1 -0
package/build/server/session/session-store.d.ts +95 -0
package/build/server/session/session-store.d.ts.map +1 -0
package/build/server/session/session-store.js +13 -0
package/build/server/session/session-store.js.map +1 -0
package/build/server/session/session.d.ts +132 -0
package/build/server/session/session.d.ts.map +1 -0
package/build/server/session/session.js +61 -0
package/build/server/session/session.js.map +1 -0
package/build/server/transport/constants.d.ts +85 -0
package/build/server/transport/constants.d.ts.map +1 -0
package/build/server/transport/constants.js +103 -0
package/build/server/transport/constants.js.map +1 -0
package/build/server/transport/index.d.ts +21 -0
package/build/server/transport/index.d.ts.map +1 -0
package/build/server/transport/index.js +28 -0
package/build/server/transport/index.js.map +1 -0
package/build/server/transport/sse/handler.d.ts +46 -0
package/build/server/transport/sse/handler.d.ts.map +1 -0
package/build/server/transport/sse/handler.js +189 -0
package/build/server/transport/sse/handler.js.map +1 -0
package/build/server/transport/sse/index.d.ts +15 -0
package/build/server/transport/sse/index.d.ts.map +1 -0
package/build/server/transport/sse/index.js +14 -0
package/build/server/transport/sse/index.js.map +1 -0
package/build/server/transport/sse/transport.d.ts +94 -0
package/build/server/transport/sse/transport.d.ts.map +1 -0
package/build/server/transport/sse/transport.js +175 -0
package/build/server/transport/sse/transport.js.map +1 -0
package/build/server/transport/stdio-transport.d.ts +23 -0
package/build/server/transport/stdio-transport.d.ts.map +1 -0
package/build/server/transport/stdio-transport.js +59 -0
package/build/server/transport/stdio-transport.js.map +1 -0
package/build/server/transport/streamable-http/index.d.ts +9 -0
package/build/server/transport/streamable-http/index.d.ts.map +1 -0
package/build/server/transport/streamable-http/index.js +9 -0
package/build/server/transport/streamable-http/index.js.map +1 -0
package/build/server/transport/streamable-http/stateful-handler.d.ts +41 -0
package/build/server/transport/streamable-http/stateful-handler.d.ts.map +1 -0
package/build/server/transport/streamable-http/stateful-handler.js +264 -0
package/build/server/transport/streamable-http/stateful-handler.js.map +1 -0
package/build/server/transport/streamable-http/stateless-handler.d.ts +28 -0
package/build/server/transport/streamable-http/stateless-handler.d.ts.map +1 -0
package/build/server/transport/streamable-http/stateless-handler.js +81 -0
package/build/server/transport/streamable-http/stateless-handler.js.map +1 -0
package/build/server/transport/streamable-http/transport.d.ts +110 -0
package/build/server/transport/streamable-http/transport.d.ts.map +1 -0
package/build/server/transport/streamable-http/transport.js +118 -0
package/build/server/transport/streamable-http/transport.js.map +1 -0
package/build/server/transport/transport-context.d.ts +67 -0
package/build/server/transport/transport-context.d.ts.map +1 -0
package/build/server/transport/transport-context.js +38 -0
package/build/server/transport/transport-context.js.map +1 -0
package/build/server/transport/types.d.ts +56 -0
package/build/server/transport/types.d.ts.map +1 -0
package/build/server/transport/types.js +11 -0
package/build/server/transport/types.js.map +1 -0
package/build/server/transport-options.d.ts +248 -0
package/build/server/transport-options.d.ts.map +1 -0
package/build/server/transport-options.js +18 -0
package/build/server/transport-options.js.map +1 -0
package/build/server/types.d.ts +172 -0
package/build/server/types.d.ts.map +1 -0
package/build/server/types.js +9 -0
package/build/server/types.js.map +1 -0
package/build/telemetry/connection-telemetry-bridge.d.ts +30 -0
package/build/telemetry/connection-telemetry-bridge.d.ts.map +1 -0
package/build/telemetry/connection-telemetry-bridge.js +54 -0
package/build/telemetry/connection-telemetry-bridge.js.map +1 -0
package/build/telemetry/core/config.d.ts +38 -0
package/build/telemetry/core/config.d.ts.map +1 -0
package/build/telemetry/core/config.js +54 -0
package/build/telemetry/core/config.js.map +1 -0
package/build/telemetry/core/constants.d.ts +183 -0
package/build/telemetry/core/constants.d.ts.map +1 -0
package/build/telemetry/core/constants.js +207 -0
package/build/telemetry/core/constants.js.map +1 -0
package/build/telemetry/core/diag-logger.d.ts +35 -0
package/build/telemetry/core/diag-logger.d.ts.map +1 -0
package/build/telemetry/core/diag-logger.js +54 -0
package/build/telemetry/core/diag-logger.js.map +1 -0
package/build/telemetry/core/index.d.ts +12 -0
package/build/telemetry/core/index.d.ts.map +1 -0
package/build/telemetry/core/index.js +32 -0
package/build/telemetry/core/index.js.map +1 -0
package/build/telemetry/core/types.d.ts +106 -0
package/build/telemetry/core/types.d.ts.map +1 -0
package/build/telemetry/core/types.js +10 -0
package/build/telemetry/core/types.js.map +1 -0
package/build/telemetry/index.d.ts +59 -0
package/build/telemetry/index.d.ts.map +1 -0
package/build/telemetry/index.js +79 -0
package/build/telemetry/index.js.map +1 -0
package/build/telemetry/metrics.d.ts +127 -0
package/build/telemetry/metrics.d.ts.map +1 -0
package/build/telemetry/metrics.js +337 -0
package/build/telemetry/metrics.js.map +1 -0
package/build/telemetry/sdk.d.ts +110 -0
package/build/telemetry/sdk.d.ts.map +1 -0
package/build/telemetry/sdk.js +547 -0
package/build/telemetry/sdk.js.map +1 -0
package/build/telemetry/tracing.d.ts +78 -0
package/build/telemetry/tracing.d.ts.map +1 -0
package/build/telemetry/tracing.js +257 -0
package/build/telemetry/tracing.js.map +1 -0
package/build/utils/env-helpers.d.ts +46 -0
package/build/utils/env-helpers.d.ts.map +1 -0
package/build/utils/env-helpers.js +54 -0
package/build/utils/env-helpers.js.map +1 -0
package/build/utils/index.d.ts +14 -0
package/build/utils/index.d.ts.map +1 -0
package/build/utils/index.js +19 -0
package/build/utils/index.js.map +1 -0
package/build/utils/sensitive-keys.d.ts +48 -0
package/build/utils/sensitive-keys.d.ts.map +1 -0
package/build/utils/sensitive-keys.js +131 -0
package/build/utils/sensitive-keys.js.map +1 -0
package/build/utils/string-helpers.d.ts +126 -0
package/build/utils/string-helpers.d.ts.map +1 -0
package/build/utils/string-helpers.js +189 -0
package/build/utils/string-helpers.js.map +1 -0
package/build/utils/validation.d.ts +84 -0
package/build/utils/validation.d.ts.map +1 -0
package/build/utils/validation.js +111 -0
package/build/utils/validation.js.map +1 -0
package/build/utils/zod-helpers.d.ts +92 -0
package/build/utils/zod-helpers.d.ts.map +1 -0
package/build/utils/zod-helpers.js +120 -0
package/build/utils/zod-helpers.js.map +1 -0
package/package.json +133 -0

package/build/server/create-server.js ADDED Viewed

@@ -0,0 +1,104 @@
+/**
+ * Create Server Function
+ *
+ * High-level API for creating MCP servers with minimal boilerplate.
+ * Automatically uses tools, resources, and prompts from the global registries.
+ *
+ * @module server/create-server
+ */
+import { McpServerBuilder } from "./builder/index.js";
+import { DEFAULT_SERVER_NAME, DEFAULT_SERVER_VERSION } from "./builder/index.js";
+import { getTelemetryConfig } from "../telemetry/core/index.js";
+import { logger as baseLogger } from "../logger/index.js";
+import { globalToolRegistry, globalResourceRegistry, globalPromptRegistry, globalTaskToolRegistry, } from "../mcp/capabilities/registry/index.js";
+// ============================================================================
+// Create Server Function
+// ============================================================================
+/**
+ * Create an MCP server with automatic tool, resource, and prompt registration.
+ *
+ * This is the recommended way to create servers in the framework.
+ * It automatically discovers and registers all items defined with
+ * `defineTool()`, `defineResource()`, `defineResourceTemplate()`, and `definePrompt()`.
+ *
+ * @param options - Server configuration options
+ * @returns Server instance with start() and stop() methods
+ *
+ * @example
+ * ```typescript
+ * // Minimal server with stdio transport
+ * import { createServer, defineTool, text } from 'mcp-server-framework';
+ * import { z } from 'zod';
+ *
+ * // This tool is auto-registered when the module loads
+ * export const greetTool = defineTool({
+ *   name: 'greet',
+ *   description: 'Greet a user',
+ *   input: z.object({ name: z.string() }),
+ *   handler: async ({ name }) => text(`Hello, ${name}!`),
+ * });
+ *
+ * // Create and start server
+ * const server = createServer({
+ *   name: 'greeting-server',
+ *   version: '1.0.0',
+ *   transport: { mode: 'stdio' },
+ * });
+ *
+ * await server.start();
+ * ```
+ *
+ * @example
+ * ```typescript
+ * // Server with HTTP transport
+ * const server = createServer({
+ *   name: 'http-server',
+ *   version: '1.0.0',
+ *   transport: { mode: 'http', port: 3000 },
+ * });
+ *
+ * await server.start();
+ * ```
+ */
+export function createServer(options) {
+    const logger = baseLogger.child({ component: "create-server" });
+    // Build server using McpServerBuilder
+    const builder = new McpServerBuilder();
+    // Warn when using default server identity — these should be set explicitly in production
+    if (!options.name || !options.version) {
+        logger.warn("Server using default identity: name=%s version=%s — set name and version explicitly for production", options.name ?? DEFAULT_SERVER_NAME, options.version ?? DEFAULT_SERVER_VERSION);
+    }
+    // Configure server options
+    builder.withOptions({
+        name: options.name ?? DEFAULT_SERVER_NAME,
+        version: options.version ?? DEFAULT_SERVER_VERSION,
+        transport: options.transport,
+        capabilities: options.capabilities,
+        lifecycle: options.lifecycle,
+        shutdown: options.shutdown,
+        health: options.health,
+        session: options.session,
+        auth: options.auth,
+        telemetryEnabled: options.telemetry ?? getTelemetryConfig().enabled,
+        onBeforeTelemetryInit: options.onBeforeTelemetryInit,
+    });
+    // Register global registries as providers.
+    // The registries implement Provider interfaces directly.
+    builder.withToolProvider(globalToolRegistry);
+    builder.withResourceProvider(globalResourceRegistry);
+    builder.withPromptProvider(globalPromptRegistry);
+    builder.withTaskToolProvider(globalTaskToolRegistry);
+    // Build the server instance
+    const instance = builder.build();
+    // Return simplified interface
+    return {
+        start: () => instance.start(),
+        stop: () => instance.stop(),
+        initTelemetry: () => instance.initTelemetry(),
+        notifyToolListChanged: () => instance.notifyToolListChanged(),
+        notifyResourceListChanged: () => instance.notifyResourceListChanged(),
+        notifyPromptListChanged: () => instance.notifyPromptListChanged(),
+        notifyResourceUpdated: (uri) => instance.notifyResourceUpdated(uri),
+    };
+}
+//# sourceMappingURL=create-server.js.map

package/build/server/create-server.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"create-server.js","sourceRoot":"","sources":["../../src/server/create-server.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,EAAE,mBAAmB,EAAE,sBAAsB,EAAE,MAAM,oBAAoB,CAAC;AACjF,OAAO,EAAE,kBAAkB,EAAE,MAAM,4BAA4B,CAAC;AAChE,OAAO,EAAE,MAAM,IAAI,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAE1D,OAAO,EACL,kBAAkB,EAClB,sBAAsB,EACtB,oBAAoB,EACpB,sBAAsB,GACvB,MAAM,uCAAuC,CAAC;AAI/C,+EAA+E;AAC/E,yBAAyB;AACzB,+EAA+E;AAE/E;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6CG;AACH,MAAM,UAAU,YAAY,CAAC,OAA4B;IACvD,MAAM,MAAM,GAAG,UAAU,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,eAAe,EAAE,CAAC,CAAC;IAEhE,sCAAsC;IACtC,MAAM,OAAO,GAAG,IAAI,gBAAgB,EAAE,CAAC;IAEvC,yFAAyF;IACzF,IAAI,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;QACtC,MAAM,CAAC,IAAI,CACT,oGAAoG,EACpG,OAAO,CAAC,IAAI,IAAI,mBAAmB,EACnC,OAAO,CAAC,OAAO,IAAI,sBAAsB,CAC1C,CAAC;IACJ,CAAC;IAED,2BAA2B;IAC3B,OAAO,CAAC,WAAW,CAAC;QAClB,IAAI,EAAE,OAAO,CAAC,IAAI,IAAI,mBAAmB;QACzC,OAAO,EAAE,OAAO,CAAC,OAAO,IAAI,sBAAsB;QAClD,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,YAAY,EAAE,OAAO,CAAC,YAAY;QAClC,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,OAAO,EAAE,OAAO,CAAC,OAAO;QACxB,IAAI,EAAE,OAAO,CAAC,IAAI;QAClB,gBAAgB,EAAE,OAAO,CAAC,SAAS,IAAI,kBAAkB,EAAE,CAAC,OAAO;QACnE,qBAAqB,EAAE,OAAO,CAAC,qBAAqB;KACrD,CAAC,CAAC;IAEH,2CAA2C;IAC3C,yDAAyD;IACzD,OAAO,CAAC,gBAAgB,CAAC,kBAAkB,CAAC,CAAC;IAC7C,OAAO,CAAC,oBAAoB,CAAC,sBAAsB,CAAC,CAAC;IACrD,OAAO,CAAC,kBAAkB,CAAC,oBAAoB,CAAC,CAAC;IACjD,OAAO,CAAC,oBAAoB,CAAC,sBAAsB,CAAC,CAAC;IAErD,4BAA4B;IAC5B,MAAM,QAAQ,GAAG,OAAO,CAAC,KAAK,EAAE,CAAC;IAEjC,8BAA8B;IAC9B,OAAO;QACL,KAAK,EAAE,GAAG,EAAE,CAAC,QAAQ,CAAC,KAAK,EAAE;QAC7B,IAAI,EAAE,GAAG,EAAE,CAAC,QAAQ,CAAC,IAAI,EAAE;QAC3B,aAAa,EAAE,GAAG,EAAE,CAAC,QAAQ,CAAC,aAAa,EAAE;QAC7C,qBAAqB,EAAE,GAAG,EAAE,CAAC,QAAQ,CAAC,qBAAqB,EAAE;QAC7D,yBAAyB,EAAE,GAAG,EAAE,CAAC,QAAQ,CAAC,yBAAyB,EAAE;QACrE,uBAAuB,EAAE,GAAG,EAAE,CAAC,QAAQ,CAAC,uBAAuB,EAAE;QACjE,qBAAqB,EAAE,CAAC,GAAW,EAAE,EAAE,CAAC,QAAQ,CAAC,qBAAqB,CAAC,GAAG,CAAC;KAC5E,CAAC;AACJ,CAAC"}

package/build/server/http/express-app.d.ts ADDED Viewed

@@ -0,0 +1,103 @@
+/**
+ * Express Application Factory
+ *
+ * Creates and configures the Express application as a security gateway
+ * for the MCP server. Express handles routing and security middleware,
+ * while MCP protocol handling is fully delegated to the SDK via the
+ * StreamableHttpTransport.
+ *
+ * Layer responsibilities:
+ *   Express App:              Security middleware, routing, health checks
+ *   StreamableHttpTransport:  Session lifecycle, transport instance management
+ *   SDK Transport:            MCP protocol (JSON-RPC, SSE, session headers, Content-Type, Accept)
+ *   McpServer:                Business logic (tools, resources, prompts)
+ *
+ * Security middleware stack (applied at Express level):
+ * 1. DNS Rebinding Protection (MUST — not handled by SDK)
+ * 2. Rate Limiting (not handled by SDK)
+ * 3. Protocol Version Validation (early rejection before SDK)
+ *
+ * Protocol validation handled by SDK (removed from Express stack):
+ * - Content-Type validation
+ * - Accept header validation
+ * - JSON-RPC structure validation
+ *
+ * @module server/http/express-app
+ */
+import express from "express";
+import type { SessionManager } from "../session/index.js";
+import type { AuthOptions } from "../auth/types.js";
+import type { SessionFactory } from "../transport/types.js";
+import type { HealthConfig } from "../server-options.js";
+import type { EventStore } from "@modelcontextprotocol/sdk/server/streamableHttp.js";
+/**
+ * Options for Express application creation.
+ */
+export interface ExpressAppOptions {
+    /** Operate in stateless mode (no session IDs). Default: false */
+    readonly stateless?: boolean | undefined;
+    /** Event store for stream resumability (stateful only) */
+    readonly eventStore?: EventStore | undefined;
+    /** Prefer JSON responses over SSE for simple request-response. Default: true */
+    readonly enableJsonResponse?: boolean | undefined;
+    /** Health endpoint configuration for API connectivity monitoring */
+    readonly health?: HealthConfig | undefined;
+    /**
+     * Resolved trust proxy value for Express.
+     * - `number` for hop count
+     * - `string` for IP/CIDR/keyword (possibly comma-separated)
+     * - `undefined` when disabled
+     */
+    readonly trustProxy?: (string | number) | undefined;
+    /**
+     * CORS allowed origins.
+     * - `undefined` — CORS disabled (no Access-Control headers)
+     * - `string[]` — List of allowed origins (e.g. `['https://app.example.com']`)
+     * - Use `['*']` to allow all origins (not recommended for production)
+     */
+    readonly corsOrigin?: readonly string[] | undefined;
+    /** Allow credentials in CORS requests. Only effective when corsOrigin is set. */
+    readonly corsCredentials?: boolean | undefined;
+    /** Enable HSTS header. Default: false (managed by reverse proxy) */
+    readonly helmetHsts?: boolean | undefined;
+    /**
+     * Content Security Policy.
+     * - `undefined` — Helmet default CSP
+     * - `'false'` — Disable CSP
+     * - Custom string — CSP directives
+     */
+    readonly helmetCsp?: string | undefined;
+    /**
+     * Maximum request body size for `express.json()` middleware.
+     * Accepts Express size strings (e.g. `'1mb'`, `'500kb'`, `'2mb'`).
+     * @default '1mb'
+     */
+    readonly bodyLimit?: string | undefined;
+    /**
+     * X-Frame-Options header.
+     * - `'DENY'` — Never allow framing (default)
+     * - `'SAMEORIGIN'` — Allow from same origin
+     * - `'false'` — Disable X-Frame-Options
+     */
+    readonly helmetFrameOptions?: ("DENY" | "SAMEORIGIN" | "false") | undefined;
+    /**
+     * Authentication configuration.
+     * When provided, enables OAuth 2.1 endpoints and/or bearer token validation.
+     * Health and metrics endpoints remain unauthenticated for probe access.
+     */
+    readonly auth?: AuthOptions | undefined;
+}
+/**
+ * Creates and configures the Express application.
+ *
+ * The returned app is fully configured with security middleware
+ * and route handlers. MCP protocol validation (Content-Type, Accept,
+ * JSON-RPC) is delegated to the SDK transport via StreamableHttpTransport.
+ *
+ * @param sessionFactory - Factory to create McpSession instances
+ * @param sessionManager - Unified session manager (owned by McpServer)
+ * @param options - Application configuration options
+ * @returns Configured Express application
+ */
+export declare function createExpressApp(sessionFactory: SessionFactory, sessionManager: SessionManager, options?: ExpressAppOptions): express.Application;
+//# sourceMappingURL=express-app.d.ts.map

package/build/server/http/express-app.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"express-app.d.ts","sourceRoot":"","sources":["../../../src/server/http/express-app.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AAEH,OAAO,OAAO,MAAM,SAAS,CAAC;AAM9B,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AAY1D,OAAO,KAAK,EAAE,WAAW,EAAuB,MAAM,kBAAkB,CAAC;AAczE,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AAE5D,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AACzD,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,oDAAoD,CAAC;AAuDrF;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,iEAAiE;IACjE,QAAQ,CAAC,SAAS,CAAC,EAAE,OAAO,GAAG,SAAS,CAAC;IAEzC,0DAA0D;IAC1D,QAAQ,CAAC,UAAU,CAAC,EAAE,UAAU,GAAG,SAAS,CAAC;IAE7C,gFAAgF;IAChF,QAAQ,CAAC,kBAAkB,CAAC,EAAE,OAAO,GAAG,SAAS,CAAC;IAElD,oEAAoE;IACpE,QAAQ,CAAC,MAAM,CAAC,EAAE,YAAY,GAAG,SAAS,CAAC;IAE3C;;;;;OAKG;IACH,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC,MAAM,GAAG,MAAM,CAAC,GAAG,SAAS,CAAC;IAEpD;;;;;OAKG;IACH,QAAQ,CAAC,UAAU,CAAC,EAAE,SAAS,MAAM,EAAE,GAAG,SAAS,CAAC;IAEpD,iFAAiF;IACjF,QAAQ,CAAC,eAAe,CAAC,EAAE,OAAO,GAAG,SAAS,CAAC;IAE/C,oEAAoE;IACpE,QAAQ,CAAC,UAAU,CAAC,EAAE,OAAO,GAAG,SAAS,CAAC;IAE1C;;;;;OAKG;IACH,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAExC;;;;OAIG;IACH,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAExC;;;;;OAKG;IACH,QAAQ,CAAC,kBAAkB,CAAC,EAAE,CAAC,MAAM,GAAG,YAAY,GAAG,OAAO,CAAC,GAAG,SAAS,CAAC;IAE5E;;;;OAIG;IACH,QAAQ,CAAC,IAAI,CAAC,EAAE,WAAW,GAAG,SAAS,CAAC;CACzC;AAyRD;;;;;;;;;;;GAWG;AACH,wBAAgB,gBAAgB,CAC9B,cAAc,EAAE,cAAc,EAC9B,cAAc,EAAE,cAAc,EAC9B,OAAO,CAAC,EAAE,iBAAiB,GAC1B,OAAO,CAAC,WAAW,CAoErB"}

package/build/server/http/express-app.js ADDED Viewed

@@ -0,0 +1,391 @@
+/**
+ * Express Application Factory
+ *
+ * Creates and configures the Express application as a security gateway
+ * for the MCP server. Express handles routing and security middleware,
+ * while MCP protocol handling is fully delegated to the SDK via the
+ * StreamableHttpTransport.
+ *
+ * Layer responsibilities:
+ *   Express App:              Security middleware, routing, health checks
+ *   StreamableHttpTransport:  Session lifecycle, transport instance management
+ *   SDK Transport:            MCP protocol (JSON-RPC, SSE, session headers, Content-Type, Accept)
+ *   McpServer:                Business logic (tools, resources, prompts)
+ *
+ * Security middleware stack (applied at Express level):
+ * 1. DNS Rebinding Protection (MUST — not handled by SDK)
+ * 2. Rate Limiting (not handled by SDK)
+ * 3. Protocol Version Validation (early rejection before SDK)
+ *
+ * Protocol validation handled by SDK (removed from Express stack):
+ * - Content-Type validation
+ * - Accept header validation
+ * - JSON-RPC structure validation
+ *
+ * @module server/http/express-app
+ */
+import express from "express";
+import helmet from "helmet";
+import cors from "cors";
+import { logger as baseLogger } from "../../logger/index.js";
+// Security Middleware (SDK handles Content-Type, Accept, JSON-RPC)
+import { createRateLimiter, validateProtocolVersion, dnsRebindingProtection, createBearerAuth, createCustomHeaderAuth, } from "../middleware/index.js";
+import { isFullOAuthProvider } from "../auth/types.js";
+// Routes
+import { createHealthRouter, createMetricsRouter, createOAuthRouter } from "../routes/index.js";
+import { createStreamableHttpRouter } from "../routes/streamable-http-router.js";
+import { createSseRouter, isSseEnabled, getSseSessionCount } from "../routes/sse-router.js";
+import { SseRequestHandler } from "../transport/sse/handler.js";
+import { TRANSPORT_LOG_COMPONENTS, TRANSPORT_ROUTES, MCP_HEADERS, SESSION_ID_QUERY_PARAMS, } from "../transport/constants.js";
+const logger = baseLogger.child({
+    component: TRANSPORT_LOG_COMPONENTS.HTTP_SERVER,
+});
+const LogMessages = {
+    SSE_ENDPOINTS_MOUNTED: "Mounting SSE endpoints at %s, %s and %s",
+    UNHANDLED_MIDDLEWARE_ERROR: "Unhandled Express middleware error: %s",
+    CORS_HTTP_CREDENTIALS: "CORS credentials enabled with non-localhost HTTP origin(s): %s — credentials over plain HTTP expose tokens to network sniffing",
+};
+/**
+ * Known W3C Content Security Policy directive names.
+ * Used to validate user-provided CSP strings against typos and injection.
+ * @see https://www.w3.org/TR/CSP3/
+ */
+const KNOWN_CSP_DIRECTIVES = new Set([
+    "default-src",
+    "script-src",
+    "script-src-elem",
+    "script-src-attr",
+    "style-src",
+    "style-src-elem",
+    "style-src-attr",
+    "img-src",
+    "font-src",
+    "connect-src",
+    "media-src",
+    "object-src",
+    "frame-src",
+    "child-src",
+    "worker-src",
+    "manifest-src",
+    "prefetch-src",
+    "frame-ancestors",
+    "form-action",
+    "base-uri",
+    "navigate-to",
+    "sandbox",
+    "report-uri",
+    "report-to",
+    "plugin-types",
+    "block-all-mixed-content",
+    "upgrade-insecure-requests",
+    "require-sri-for",
+    "require-trusted-types-for",
+    "trusted-types",
+]);
+// ============================================================================
+// Private Setup Helpers
+// ============================================================================
+/**
+ * Configures security headers (Helmet), CORS, and JSON body parser.
+ */
+function setupSecurityMiddleware(app, options) {
+    // ── Helmet (Security Headers) ──────────────────────────────────────────
+    // Build CSP option
+    let cspOption;
+    if (options?.helmetCsp === "false") {
+        cspOption = false;
+        logger.warn("Content Security Policy (CSP) is disabled via configuration — this reduces XSS protection");
+    }
+    else if (options?.helmetCsp) {
+        // Parse directive string: "default-src 'self'; script-src 'none'" → object
+        const directives = {};
+        for (const part of options.helmetCsp.split(";")) {
+            const trimmed = part.trim();
+            if (!trimmed)
+                continue;
+            const [name, ...values] = trimmed.split(/\s+/);
+            if (name) {
+                if (!KNOWN_CSP_DIRECTIVES.has(name)) {
+                    logger.warn('Unknown CSP directive "%s" — skipping. Check for typos in MCP_HELMET_CSP.', name);
+                    continue;
+                }
+                directives[name] = values;
+            }
+        }
+        cspOption = { directives };
+    }
+    // Build frameguard option
+    let frameguardOption;
+    if (options?.helmetFrameOptions === "false") {
+        frameguardOption = false;
+    }
+    else if (options?.helmetFrameOptions === "SAMEORIGIN") {
+        frameguardOption = { action: "sameorigin" };
+    }
+    else {
+        frameguardOption = { action: "deny" };
+    }
+    app.use(helmet({
+        strictTransportSecurity: options?.helmetHsts === true ? { maxAge: 15552000, includeSubDomains: true } : false,
+        ...(cspOption !== undefined && { contentSecurityPolicy: cspOption }),
+        frameguard: frameguardOption,
+        referrerPolicy: { policy: "strict-origin-when-cross-origin" },
+    }));
+    // ── CORS ────────────────────────────────────────────────────────────────
+    if (options?.corsOrigin && options.corsOrigin.length > 0) {
+        // CORS spec: credentials=true is invalid with origin='*'
+        if (options.corsCredentials && options.corsOrigin.includes("*")) {
+            throw new Error('Invalid CORS configuration: credentials cannot be used with wildcard origin "*". ' +
+                "Set MCP_CORS_ORIGIN to specific origins when MCP_CORS_CREDENTIALS=true.");
+        }
+        // Warn about HTTP origins with credentials (tokens exposed to network sniffing)
+        if (options.corsCredentials) {
+            const insecureOrigins = options.corsOrigin.filter((origin) => {
+                try {
+                    const url = new URL(origin);
+                    if (url.protocol !== "http:")
+                        return false;
+                    const host = url.hostname;
+                    return host !== "localhost" && host !== "127.0.0.1" && host !== "::1";
+                }
+                catch {
+                    return false;
+                }
+            });
+            if (insecureOrigins.length > 0) {
+                logger.warn(LogMessages.CORS_HTTP_CREDENTIALS, insecureOrigins.join(", "));
+            }
+        }
+        const origin = options.corsOrigin.includes("*") ? "*" : [...options.corsOrigin];
+        app.use(cors({
+            origin,
+            credentials: options.corsCredentials ?? false,
+        }));
+    }
+    app.use(express.json({ limit: options?.bodyLimit ?? "1mb" }));
+}
+/**
+ * Validates a redirect_uri for OAuth auto-registration.
+ *
+ * Rejects dangerous URI schemes (javascript:, data:, file:, etc.) and
+ * ensures only http: (localhost only) or https: are accepted.
+ * This prevents open-redirect attacks (CWE-601) and XSS via crafted URIs.
+ *
+ * @returns `true` if the URI is safe, `false` otherwise
+ */
+function isValidRedirectUri(uri) {
+    let parsed;
+    try {
+        parsed = new URL(uri);
+    }
+    catch {
+        return false;
+    }
+    // Only allow http: for localhost (development) and https: for everything else
+    if (parsed.protocol === "http:") {
+        const isLocalhost = parsed.hostname === "localhost" || parsed.hostname === "127.0.0.1" || parsed.hostname === "::1";
+        return isLocalhost;
+    }
+    return parsed.protocol === "https:";
+}
+/**
+ * Creates middleware that auto-registers unknown OAuth clients at /authorize.
+ *
+ * Handles two common scenarios:
+ * 1. Clients that skip Dynamic Client Registration (e.g., VS Code with cached credentials)
+ * 2. Stale client_ids after server restart (in-memory store cleared)
+ *
+ * Security constraints:
+ * - redirect_uri must use https: (or http: for localhost only)
+ * - Dangerous schemes (javascript:, data:, file:) are rejected
+ * - This is safe because /register already allows open registration — this middleware
+ *   does the same thing lazily. The SDK authorize handler then finds the client and
+ *   proceeds normally.
+ */
+function createClientAutoRegistration(provider) {
+    return async (req, _res, next) => {
+        try {
+            const clientId = req.query.client_id;
+            const redirectUri = req.query.redirect_uri;
+            if (!clientId || !redirectUri || !provider.clientsStore.registerClient) {
+                next();
+                return;
+            }
+            // Validate redirect_uri scheme to prevent open-redirect attacks (CWE-601)
+            if (!isValidRedirectUri(redirectUri)) {
+                logger.warn("Rejected auto-registration for client %s: invalid redirect_uri scheme", clientId);
+                next();
+                return;
+            }
+            const existing = await provider.clientsStore.getClient(clientId);
+            if (!existing) {
+                // Unknown client — auto-register with the requested redirect_uri
+                // @type-narrowing: constructing minimal OAuthClientInformationFull
+                await provider.clientsStore.registerClient({
+                    client_id: clientId,
+                    redirect_uris: [redirectUri],
+                    client_id_issued_at: Math.floor(Date.now() / 1000),
+                });
+                logger.info("Auto-registered unknown client %s at /authorize", clientId);
+            }
+            else if (!existing.redirect_uris.includes(redirectUri)) {
+                // Known client but new redirect_uri (e.g., VS Code with different port) — update
+                await provider.clientsStore.registerClient({
+                    ...existing,
+                    redirect_uris: [...existing.redirect_uris, redirectUri],
+                });
+                logger.debug("Updated client %s redirect_uris at /authorize", clientId);
+            }
+        }
+        catch (err) {
+            // Non-fatal — let the SDK handler deal with the original request
+            logger.debug("Client auto-registration failed: %s", err instanceof Error ? err.message : "unknown error");
+        }
+        next();
+    };
+}
+/**
+ * Mounts MCP transport routes: Legacy SSE, security middleware stack,
+ * SSE fallback on /mcp, and Streamable HTTP router.
+ */
+function setupMcpRoutes(app, sessionFactory, sessionManager, options) {
+    // ===== Legacy SSE Transport Routes (optional) =====
+    // Mount BEFORE the MCP middleware stack to avoid Streamable HTTP validation
+    // Deprecated HTTP+SSE transport from protocol 2024-11-05
+    if (isSseEnabled()) {
+        logger.trace(LogMessages.SSE_ENDPOINTS_MOUNTED, TRANSPORT_ROUTES.MCP_MESSAGE, TRANSPORT_ROUTES.SSE, TRANSPORT_ROUTES.SSE_MESSAGE);
+    }
+    // Always mount the router — returns 501 if feature is disabled
+    // Apply DNS rebinding protection to SSE routes (MCP spec MUST requirement)
+    app.use([TRANSPORT_ROUTES.SSE, TRANSPORT_ROUTES.SSE_MESSAGE, TRANSPORT_ROUTES.MCP_MESSAGE], dnsRebindingProtection);
+    app.use(createSseRouter(sessionFactory, sessionManager));
+    // ===== MCP Transport Routes =====
+    // Streamable HTTP transport on /mcp endpoint
+    // Security middleware (Express level — not handled by SDK)
+    app.use(TRANSPORT_ROUTES.MCP, dnsRebindingProtection); // 1. DNS Rebinding Protection (MUST)
+    // 2. Bearer Auth / Custom Header Auth (only when auth is configured)
+    if (options?.auth) {
+        if (options.auth.headerName && !isFullOAuthProvider(options.auth.provider)) {
+            // Custom header auth (e.g. X-API-Key) — only with TokenVerifier
+            app.use(TRANSPORT_ROUTES.MCP, createCustomHeaderAuth({
+                headerName: options.auth.headerName,
+                verifier: options.auth.provider,
+                requiredScopes: options.auth.requiredScopes,
+            }));
+        }
+        else {
+            // Auto-derive resourceMetadataUrl from issuerUrl when using a full OAuth provider (RFC 9728)
+            const resourceMetadataUrl = options.auth.resourceMetadataUrl ??
+                (isFullOAuthProvider(options.auth.provider) && options.auth.issuerUrl
+                    ? `${options.auth.issuerUrl.origin}/.well-known/oauth-protected-resource`
+                    : undefined);
+            // Standard Bearer auth (OAuth or TokenVerifier without custom header)
+            app.use(TRANSPORT_ROUTES.MCP, createBearerAuth({
+                provider: options.auth.provider,
+                requiredScopes: options.auth.requiredScopes,
+                resourceMetadataUrl,
+            }));
+        }
+    }
+    app.use(TRANSPORT_ROUTES.MCP, createRateLimiter({
+        trustProxyConfigured: options?.trustProxy !== undefined,
+    })); // 3. Rate Limiting
+    app.use(TRANSPORT_ROUTES.MCP, validateProtocolVersion); // 4. Protocol Version (early rejection)
+    // Note: Content-Type, Accept, and JSON-RPC validation are handled by the SDK
+    // transport internally — no need to duplicate here.
+    // ===== Legacy SSE Fallback on /mcp (behind security middleware) =====
+    // Intercepts GET /mcp with Accept: text/event-stream and no session ID.
+    // Must be BEFORE the Streamable HTTP router so legacy SSE clients are handled
+    // before the SDK transport sees the request.
+    if (isSseEnabled()) {
+        const sseHandler = new SseRequestHandler(sessionFactory, sessionManager);
+        app.get(TRANSPORT_ROUTES.MCP, (req, res, next) => {
+            const hasSession = req.headers[MCP_HEADERS.SESSION_ID] || SESSION_ID_QUERY_PARAMS.some((p) => req.query[p]);
+            const wantsSSE = (req.headers.accept || "").includes("text/event-stream");
+            if (!hasSession && wantsSSE) {
+                void sseHandler.handleConnection(req, res, TRANSPORT_ROUTES.MCP_MESSAGE);
+            }
+            else {
+                next();
+            }
+        });
+    }
+    // MCP route handler — delegates to SDK via StreamableHttpTransport
+    const handlerOptions = {
+        stateless: options?.stateless,
+        eventStore: options?.eventStore,
+        enableJsonResponse: options?.enableJsonResponse,
+    };
+    app.use(TRANSPORT_ROUTES.MCP, createStreamableHttpRouter(sessionFactory, sessionManager, handlerOptions));
+}
+// ============================================================================
+// Public API
+// ============================================================================
+/**
+ * Creates and configures the Express application.
+ *
+ * The returned app is fully configured with security middleware
+ * and route handlers. MCP protocol validation (Content-Type, Accept,
+ * JSON-RPC) is delegated to the SDK transport via StreamableHttpTransport.
+ *
+ * @param sessionFactory - Factory to create McpSession instances
+ * @param sessionManager - Unified session manager (owned by McpServer)
+ * @param options - Application configuration options
+ * @returns Configured Express application
+ */
+export function createExpressApp(sessionFactory, sessionManager, options) {
+    const app = express();
+    // Trust Proxy — must be set BEFORE any middleware that reads req.ip or req.protocol
+    if (options?.trustProxy !== undefined) {
+        app.set("trust proxy", options.trustProxy);
+    }
+    setupSecurityMiddleware(app, options);
+    // ===== OAuth Router (before health routes, needs express.json()) =====
+    if (options?.auth && isFullOAuthProvider(options.auth.provider)) {
+        if (!options.auth.issuerUrl) {
+            throw new Error("issuerUrl is required when using a full OAuth provider");
+        }
+        // Auto-register unknown clients at /authorize (before SDK router handles it).
+        // Handles clients with cached credentials that skip /register.
+        app.get("/authorize", createClientAutoRegistration(options.auth.provider));
+        app.use(createOAuthRouter({
+            provider: options.auth.provider,
+            issuerUrl: options.auth.issuerUrl,
+            scopesSupported: options.auth.requiredScopes,
+        }));
+        // Optional callback handler for server-side OAuth callbacks
+        // (e.g., GitHub redirects back to MCP server, not directly to client)
+        if (options.auth.callbackHandler) {
+            app.get("/callback", options.auth.callbackHandler);
+        }
+    }
+    // ===== Health & Metrics Routes (exempt from auth and rate limiting) =====
+    app.use(createHealthRouter({
+        sessionManager,
+        connectionManager: options?.health?.connectionManager,
+        isApiConfigured: options?.health?.isApiConfigured,
+        apiLabel: options?.health?.apiLabel,
+        sseInfo: {
+            enabled: isSseEnabled(),
+            getSessionCount: getSseSessionCount,
+        },
+    }));
+    app.use(createMetricsRouter());
+    setupMcpRoutes(app, sessionFactory, sessionManager, options);
+    // ===== Global Error Handler (must be LAST) =====
+    // Express identifies error handlers by the 4-parameter signature.
+    app.use((err, _req, res, _next) => {
+        logger.error(LogMessages.UNHANDLED_MIDDLEWARE_ERROR, err.stack ?? err.message);
+        if (!res.headersSent) {
+            res.status(500).json({
+                jsonrpc: "2.0",
+                error: {
+                    code: -32603,
+                    message: "Internal server error",
+                },
+            });
+        }
+    });
+    return app;
+}
+//# sourceMappingURL=express-app.js.map

package/build/server/http/express-app.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"express-app.js","sourceRoot":"","sources":["../../../src/server/http/express-app.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AAEH,OAAO,OAAO,MAAM,SAAS,CAAC;AAC9B,OAAO,MAAM,MAAM,QAAQ,CAAC;AAC5B,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,EAAE,MAAM,IAAI,UAAU,EAAE,MAAM,uBAAuB,CAAC;AAK7D,mEAAmE;AACnE,OAAO,EACL,iBAAiB,EACjB,uBAAuB,EACvB,sBAAsB,EACtB,gBAAgB,EAChB,sBAAsB,GACvB,MAAM,wBAAwB,CAAC;AAIhC,OAAO,EAAE,mBAAmB,EAAE,MAAM,kBAAkB,CAAC;AAEvD,SAAS;AACT,OAAO,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AAChG,OAAO,EAAE,0BAA0B,EAAE,MAAM,qCAAqC,CAAC;AACjF,OAAO,EAAE,eAAe,EAAE,YAAY,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAC5F,OAAO,EAAE,iBAAiB,EAAE,MAAM,6BAA6B,CAAC;AAChE,OAAO,EACL,wBAAwB,EACxB,gBAAgB,EAChB,WAAW,EACX,uBAAuB,GACxB,MAAM,2BAA2B,CAAC;AAMnC,MAAM,MAAM,GAAG,UAAU,CAAC,KAAK,CAAC;IAC9B,SAAS,EAAE,wBAAwB,CAAC,WAAW;CAChD,CAAC,CAAC;AAEH,MAAM,WAAW,GAAG;IAClB,qBAAqB,EAAE,yCAAyC;IAChE,0BAA0B,EAAE,wCAAwC;IACpE,qBAAqB,EACnB,gIAAgI;CAC1H,CAAC;AAEX;;;;GAIG;AACH,MAAM,oBAAoB,GAAG,IAAI,GAAG,CAAC;IACnC,aAAa;IACb,YAAY;IACZ,iBAAiB;IACjB,iBAAiB;IACjB,WAAW;IACX,gBAAgB;IAChB,gBAAgB;IAChB,SAAS;IACT,UAAU;IACV,aAAa;IACb,WAAW;IACX,YAAY;IACZ,WAAW;IACX,WAAW;IACX,YAAY;IACZ,cAAc;IACd,cAAc;IACd,iBAAiB;IACjB,aAAa;IACb,UAAU;IACV,aAAa;IACb,SAAS;IACT,YAAY;IACZ,WAAW;IACX,cAAc;IACd,yBAAyB;IACzB,2BAA2B;IAC3B,iBAAiB;IACjB,2BAA2B;IAC3B,eAAe;CAChB,CAAC,CAAC;AA2EH,+EAA+E;AAC/E,wBAAwB;AACxB,+EAA+E;AAE/E;;GAEG;AACH,SAAS,uBAAuB,CAAC,GAAwB,EAAE,OAA2B;IACpF,0EAA0E;IAC1E,mBAAmB;IACnB,IAAI,SAAyE,CAAC;IAC9E,IAAI,OAAO,EAAE,SAAS,KAAK,OAAO,EAAE,CAAC;QACnC,SAAS,GAAG,KAAK,CAAC;QAClB,MAAM,CAAC,IAAI,CAAC,2FAA2F,CAAC,CAAC;IAC3G,CAAC;SAAM,IAAI,OAAO,EAAE,SAAS,EAAE,CAAC;QAC9B,2EAA2E;QAC3E,MAAM,UAAU,GAA6B,EAAE,CAAC;QAChD,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;YAChD,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;YAC5B,IAAI,CAAC,OAAO;gBAAE,SAAS;YACvB,MAAM,CAAC,IAAI,EAAE,GAAG,MAAM,CAAC,GAAG,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YAC/C,IAAI,IAAI,EAAE,CAAC;gBACT,IAAI,CAAC,oBAAoB,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;oBACpC,MAAM,CAAC,IAAI,CAAC,2EAA2E,EAAE,IAAI,CAAC,CAAC;oBAC/F,SAAS;gBACX,CAAC;gBACD,UAAU,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC;YAC5B,CAAC;QACH,CAAC;QACD,SAAS,GAAG,EAAE,UAAU,EAAE,CAAC;IAC7B,CAAC;IAED,0BAA0B;IAC1B,IAAI,gBAA6D,CAAC;IAClE,IAAI,OAAO,EAAE,kBAAkB,KAAK,OAAO,EAAE,CAAC;QAC5C,gBAAgB,GAAG,KAAK,CAAC;IAC3B,CAAC;SAAM,IAAI,OAAO,EAAE,kBAAkB,KAAK,YAAY,EAAE,CAAC;QACxD,gBAAgB,GAAG,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC;IAC9C,CAAC;SAAM,CAAC;QACN,gBAAgB,GAAG,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;IACxC,CAAC;IAED,GAAG,CAAC,GAAG,CACL,MAAM,CAAC;QACL,uBAAuB,EAAE,OAAO,EAAE,UAAU,KAAK,IAAI,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,iBAAiB,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,KAAK;QAC7G,GAAG,CAAC,SAAS,KAAK,SAAS,IAAI,EAAE,qBAAqB,EAAE,SAAS,EAAE,CAAC;QACpE,UAAU,EAAE,gBAAgB;QAC5B,cAAc,EAAE,EAAE,MAAM,EAAE,iCAAiC,EAAE;KAC9D,CAAC,CACH,CAAC;IAEF,2EAA2E;IAC3E,IAAI,OAAO,EAAE,UAAU,IAAI,OAAO,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACzD,yDAAyD;QACzD,IAAI,OAAO,CAAC,eAAe,IAAI,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YAChE,MAAM,IAAI,KAAK,CACb,mFAAmF;gBACjF,yEAAyE,CAC5E,CAAC;QACJ,CAAC;QAED,gFAAgF;QAChF,IAAI,OAAO,CAAC,eAAe,EAAE,CAAC;YAC5B,MAAM,eAAe,GAAG,OAAO,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,EAAE;gBAC3D,IAAI,CAAC;oBACH,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC;oBAC5B,IAAI,GAAG,CAAC,QAAQ,KAAK,OAAO;wBAAE,OAAO,KAAK,CAAC;oBAC3C,MAAM,IAAI,GAAG,GAAG,CAAC,QAAQ,CAAC;oBAC1B,OAAO,IAAI,KAAK,WAAW,IAAI,IAAI,KAAK,WAAW,IAAI,IAAI,KAAK,KAAK,CAAC;gBACxE,CAAC;gBAAC,MAAM,CAAC;oBACP,OAAO,KAAK,CAAC;gBACf,CAAC;YACH,CAAC,CAAC,CAAC;YACH,IAAI,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC/B,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,qBAAqB,EAAE,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;YAC7E,CAAC;QACH,CAAC;QAED,MAAM,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;QAChF,GAAG,CAAC,GAAG,CACL,IAAI,CAAC;YACH,MAAM;YACN,WAAW,EAAE,OAAO,CAAC,eAAe,IAAI,KAAK;SAC9C,CAAC,CACH,CAAC;IACJ,CAAC;IAED,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,SAAS,IAAI,KAAK,EAAE,CAAC,CAAC,CAAC;AAChE,CAAC;AAED;;;;;;;;GAQG;AACH,SAAS,kBAAkB,CAAC,GAAW;IACrC,IAAI,MAAW,CAAC;IAChB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;IACxB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;IAED,8EAA8E;IAC9E,IAAI,MAAM,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;QAChC,MAAM,WAAW,GAAG,MAAM,CAAC,QAAQ,KAAK,WAAW,IAAI,MAAM,CAAC,QAAQ,KAAK,WAAW,IAAI,MAAM,CAAC,QAAQ,KAAK,KAAK,CAAC;QACpH,OAAO,WAAW,CAAC;IACrB,CAAC;IAED,OAAO,MAAM,CAAC,QAAQ,KAAK,QAAQ,CAAC;AACtC,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,SAAS,4BAA4B,CAAC,QAA6B;IACjE,OAAO,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE;QAC/B,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,GAAG,CAAC,KAAK,CAAC,SAA+B,CAAC;YAC3D,MAAM,WAAW,GAAG,GAAG,CAAC,KAAK,CAAC,YAAkC,CAAC;YAEjE,IAAI,CAAC,QAAQ,IAAI,CAAC,WAAW,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC,cAAc,EAAE,CAAC;gBACvE,IAAI,EAAE,CAAC;gBACP,OAAO;YACT,CAAC;YAED,0EAA0E;YAC1E,IAAI,CAAC,kBAAkB,CAAC,WAAW,CAAC,EAAE,CAAC;gBACrC,MAAM,CAAC,IAAI,CAAC,uEAAuE,EAAE,QAAQ,CAAC,CAAC;gBAC/F,IAAI,EAAE,CAAC;gBACP,OAAO;YACT,CAAC;YAED,MAAM,QAAQ,GAAG,MAAM,QAAQ,CAAC,YAAY,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;YAEjE,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,iEAAiE;gBACjE,mEAAmE;gBACnE,MAAM,QAAQ,CAAC,YAAY,CAAC,cAAc,CAAC;oBACzC,SAAS,EAAE,QAAQ;oBACnB,aAAa,EAAE,CAAC,WAAW,CAAC;oBAC5B,mBAAmB,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;iBACW,CAAC,CAAC;gBACjE,MAAM,CAAC,IAAI,CAAC,iDAAiD,EAAE,QAAQ,CAAC,CAAC;YAC3E,CAAC;iBAAM,IAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;gBACzD,iFAAiF;gBACjF,MAAM,QAAQ,CAAC,YAAY,CAAC,cAAc,CAAC;oBACzC,GAAG,QAAQ;oBACX,aAAa,EAAE,CAAC,GAAG,QAAQ,CAAC,aAAa,EAAE,WAAW,CAAC;iBACxD,CAAC,CAAC;gBACH,MAAM,CAAC,KAAK,CAAC,+CAA+C,EAAE,QAAQ,CAAC,CAAC;YAC1E,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,iEAAiE;YACjE,MAAM,CAAC,KAAK,CAAC,qCAAqC,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC;QAC5G,CAAC;QACD,IAAI,EAAE,CAAC;IACT,CAAC,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,SAAS,cAAc,CACrB,GAAwB,EACxB,cAA8B,EAC9B,cAA8B,EAC9B,OAA2B;IAE3B,qDAAqD;IACrD,4EAA4E;IAC5E,yDAAyD;IACzD,IAAI,YAAY,EAAE,EAAE,CAAC;QACnB,MAAM,CAAC,KAAK,CACV,WAAW,CAAC,qBAAqB,EACjC,gBAAgB,CAAC,WAAW,EAC5B,gBAAgB,CAAC,GAAG,EACpB,gBAAgB,CAAC,WAAW,CAC7B,CAAC;IACJ,CAAC;IACD,+DAA+D;IAC/D,2EAA2E;IAC3E,GAAG,CAAC,GAAG,CAAC,CAAC,gBAAgB,CAAC,GAAG,EAAE,gBAAgB,CAAC,WAAW,EAAE,gBAAgB,CAAC,WAAW,CAAC,EAAE,sBAAsB,CAAC,CAAC;IACpH,GAAG,CAAC,GAAG,CAAC,eAAe,CAAC,cAAc,EAAE,cAAc,CAAC,CAAC,CAAC;IAEzD,mCAAmC;IACnC,6CAA6C;IAC7C,2DAA2D;IAC3D,GAAG,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,EAAE,sBAAsB,CAAC,CAAC,CAAC,qCAAqC;IAE5F,qEAAqE;IACrE,IAAI,OAAO,EAAE,IAAI,EAAE,CAAC;QAClB,IAAI,OAAO,CAAC,IAAI,CAAC,UAAU,IAAI,CAAC,mBAAmB,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC3E,gEAAgE;YAChE,GAAG,CAAC,GAAG,CACL,gBAAgB,CAAC,GAAG,EACpB,sBAAsB,CAAC;gBACrB,UAAU,EAAE,OAAO,CAAC,IAAI,CAAC,UAAU;gBACnC,QAAQ,EAAE,OAAO,CAAC,IAAI,CAAC,QAAQ;gBAC/B,cAAc,EAAE,OAAO,CAAC,IAAI,CAAC,cAAc;aAC5C,CAAC,CACH,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,6FAA6F;YAC7F,MAAM,mBAAmB,GACvB,OAAO,CAAC,IAAI,CAAC,mBAAmB;gBAChC,CAAC,mBAAmB,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,SAAS;oBACnE,CAAC,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,uCAAuC;oBACzE,CAAC,CAAC,SAAS,CAAC,CAAC;YAEjB,sEAAsE;YACtE,GAAG,CAAC,GAAG,CACL,gBAAgB,CAAC,GAAG,EACpB,gBAAgB,CAAC;gBACf,QAAQ,EAAE,OAAO,CAAC,IAAI,CAAC,QAAQ;gBAC/B,cAAc,EAAE,OAAO,CAAC,IAAI,CAAC,cAAc;gBAC3C,mBAAmB;aACpB,CAAC,CACH,CAAC;QACJ,CAAC;IACH,CAAC;IAED,GAAG,CAAC,GAAG,CACL,gBAAgB,CAAC,GAAG,EACpB,iBAAiB,CAAC;QAChB,oBAAoB,EAAE,OAAO,EAAE,UAAU,KAAK,SAAS;KACxD,CAAC,CACH,CAAC,CAAC,mBAAmB;IACtB,GAAG,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,EAAE,uBAAuB,CAAC,CAAC,CAAC,wCAAwC;IAChG,6EAA6E;IAC7E,oDAAoD;IAEpD,uEAAuE;IACvE,wEAAwE;IACxE,8EAA8E;IAC9E,6CAA6C;IAC7C,IAAI,YAAY,EAAE,EAAE,CAAC;QACnB,MAAM,UAAU,GAAG,IAAI,iBAAiB,CAAC,cAAc,EAAE,cAAc,CAAC,CAAC;QACzE,GAAG,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;YAC/C,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,WAAW,CAAC,UAAU,CAAC,IAAI,uBAAuB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;YAC5G,MAAM,QAAQ,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,QAAQ,CAAC,mBAAmB,CAAC,CAAC;YAE1E,IAAI,CAAC,UAAU,IAAI,QAAQ,EAAE,CAAC;gBAC5B,KAAK,UAAU,CAAC,gBAAgB,CAAC,GAAG,EAAE,GAAG,EAAE,gBAAgB,CAAC,WAAW,CAAC,CAAC;YAC3E,CAAC;iBAAM,CAAC;gBACN,IAAI,EAAE,CAAC;YACT,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED,mEAAmE;IACnE,MAAM,cAAc,GAAmC;QACrD,SAAS,EAAE,OAAO,EAAE,SAAS;QAC7B,UAAU,EAAE,OAAO,EAAE,UAAU;QAC/B,kBAAkB,EAAE,OAAO,EAAE,kBAAkB;KAChD,CAAC;IACF,GAAG,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,EAAE,0BAA0B,CAAC,cAAc,EAAE,cAAc,EAAE,cAAc,CAAC,CAAC,CAAC;AAC5G,CAAC;AAED,+EAA+E;AAC/E,aAAa;AACb,+EAA+E;AAE/E;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,gBAAgB,CAC9B,cAA8B,EAC9B,cAA8B,EAC9B,OAA2B;IAE3B,MAAM,GAAG,GAAG,OAAO,EAAE,CAAC;IAEtB,oFAAoF;IACpF,IAAI,OAAO,EAAE,UAAU,KAAK,SAAS,EAAE,CAAC;QACtC,GAAG,CAAC,GAAG,CAAC,aAAa,EAAE,OAAO,CAAC,UAAU,CAAC,CAAC;IAC7C,CAAC;IAED,uBAAuB,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;IAEtC,wEAAwE;IACxE,IAAI,OAAO,EAAE,IAAI,IAAI,mBAAmB,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;QAChE,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;YAC5B,MAAM,IAAI,KAAK,CAAC,wDAAwD,CAAC,CAAC;QAC5E,CAAC;QAED,8EAA8E;QAC9E,+DAA+D;QAC/D,GAAG,CAAC,GAAG,CAAC,YAAY,EAAE,4BAA4B,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;QAE3E,GAAG,CAAC,GAAG,CACL,iBAAiB,CAAC;YAChB,QAAQ,EAAE,OAAO,CAAC,IAAI,CAAC,QAAQ;YAC/B,SAAS,EAAE,OAAO,CAAC,IAAI,CAAC,SAAS;YACjC,eAAe,EAAE,OAAO,CAAC,IAAI,CAAC,cAAc;SAC7C,CAAC,CACH,CAAC;QAEF,4DAA4D;QAC5D,sEAAsE;QACtE,IAAI,OAAO,CAAC,IAAI,CAAC,eAAe,EAAE,CAAC;YACjC,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,OAAO,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QACrD,CAAC;IACH,CAAC;IAED,2EAA2E;IAC3E,GAAG,CAAC,GAAG,CACL,kBAAkB,CAAC;QACjB,cAAc;QACd,iBAAiB,EAAE,OAAO,EAAE,MAAM,EAAE,iBAAiB;QACrD,eAAe,EAAE,OAAO,EAAE,MAAM,EAAE,eAAe;QACjD,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ;QACnC,OAAO,EAAE;YACP,OAAO,EAAE,YAAY,EAAE;YACvB,eAAe,EAAE,kBAAkB;SACpC;KACF,CAAC,CACH,CAAC;IACF,GAAG,CAAC,GAAG,CAAC,mBAAmB,EAAE,CAAC,CAAC;IAE/B,cAAc,CAAC,GAAG,EAAE,cAAc,EAAE,cAAc,EAAE,OAAO,CAAC,CAAC;IAE7D,kDAAkD;IAClD,kEAAkE;IAClE,GAAG,CAAC,GAAG,CAAC,CAAC,GAAU,EAAE,IAAqB,EAAE,GAAqB,EAAE,KAA2B,EAAE,EAAE;QAChG,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,0BAA0B,EAAE,GAAG,CAAC,KAAK,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC;QAC/E,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;YACrB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE;oBACL,IAAI,EAAE,CAAC,KAAK;oBACZ,OAAO,EAAE,uBAAuB;iBACjC;aACF,CAAC,CAAC;QACL,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,OAAO,GAAG,CAAC;AACb,CAAC"}