npm - mcp-server-framework - Versions diffs - 1.0.0 - Mend

mcp-server-framework 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (673) hide show

package/CHANGELOG.md +174 -0
package/LICENSE-GPL.md +219 -0
package/LICENSE.md +187 -0
package/README.md +439 -0
package/build/config/config-cache.d.ts +120 -0
package/build/config/config-cache.d.ts.map +1 -0
package/build/config/config-cache.js +310 -0
package/build/config/config-cache.js.map +1 -0
package/build/config/env.d.ts +476 -0
package/build/config/env.d.ts.map +1 -0
package/build/config/env.js +441 -0
package/build/config/env.js.map +1 -0
package/build/config/extensions.d.ts +107 -0
package/build/config/extensions.d.ts.map +1 -0
package/build/config/extensions.js +152 -0
package/build/config/extensions.js.map +1 -0
package/build/config/file/index.d.ts +8 -0
package/build/config/file/index.d.ts.map +1 -0
package/build/config/file/index.js +10 -0
package/build/config/file/index.js.map +1 -0
package/build/config/file/loader.d.ts +31 -0
package/build/config/file/loader.d.ts.map +1 -0
package/build/config/file/loader.js +313 -0
package/build/config/file/loader.js.map +1 -0
package/build/config/file/schema.d.ts +583 -0
package/build/config/file/schema.d.ts.map +1 -0
package/build/config/file/schema.js +388 -0
package/build/config/file/schema.js.map +1 -0
package/build/config/index.d.ts +15 -0
package/build/config/index.d.ts.map +1 -0
package/build/config/index.js +27 -0
package/build/config/index.js.map +1 -0
package/build/config/startup-warnings.d.ts +46 -0
package/build/config/startup-warnings.d.ts.map +1 -0
package/build/config/startup-warnings.js +61 -0
package/build/config/startup-warnings.js.map +1 -0
package/build/connection/connection-state.d.ts +196 -0
package/build/connection/connection-state.d.ts.map +1 -0
package/build/connection/connection-state.js +426 -0
package/build/connection/connection-state.js.map +1 -0
package/build/connection/core/base.d.ts +43 -0
package/build/connection/core/base.d.ts.map +1 -0
package/build/connection/core/base.js +82 -0
package/build/connection/core/base.js.map +1 -0
package/build/connection/core/constants.d.ts +121 -0
package/build/connection/core/constants.d.ts.map +1 -0
package/build/connection/core/constants.js +151 -0
package/build/connection/core/constants.js.map +1 -0
package/build/connection/core/index.d.ts +13 -0
package/build/connection/core/index.d.ts.map +1 -0
package/build/connection/core/index.js +14 -0
package/build/connection/core/index.js.map +1 -0
package/build/connection/core/types.d.ts +102 -0
package/build/connection/core/types.d.ts.map +1 -0
package/build/connection/core/types.js +31 -0
package/build/connection/core/types.js.map +1 -0
package/build/connection/index.d.ts +19 -0
package/build/connection/index.d.ts.map +1 -0
package/build/connection/index.js +22 -0
package/build/connection/index.js.map +1 -0
package/build/connection/types.d.ts +125 -0
package/build/connection/types.d.ts.map +1 -0
package/build/connection/types.js +39 -0
package/build/connection/types.js.map +1 -0
package/build/errors/categories/auth.d.ts +59 -0
package/build/errors/categories/auth.d.ts.map +1 -0
package/build/errors/categories/auth.js +111 -0
package/build/errors/categories/auth.js.map +1 -0
package/build/errors/categories/connection.d.ts +70 -0
package/build/errors/categories/connection.d.ts.map +1 -0
package/build/errors/categories/connection.js +120 -0
package/build/errors/categories/connection.js.map +1 -0
package/build/errors/categories/index.d.ts +14 -0
package/build/errors/categories/index.d.ts.map +1 -0
package/build/errors/categories/index.js +20 -0
package/build/errors/categories/index.js.map +1 -0
package/build/errors/categories/operation.d.ts +83 -0
package/build/errors/categories/operation.d.ts.map +1 -0
package/build/errors/categories/operation.js +149 -0
package/build/errors/categories/operation.js.map +1 -0
package/build/errors/categories/protocol.d.ts +68 -0
package/build/errors/categories/protocol.d.ts.map +1 -0
package/build/errors/categories/protocol.js +135 -0
package/build/errors/categories/protocol.js.map +1 -0
package/build/errors/categories/session.d.ts +50 -0
package/build/errors/categories/session.d.ts.map +1 -0
package/build/errors/categories/session.js +97 -0
package/build/errors/categories/session.js.map +1 -0
package/build/errors/categories/system.d.ts +95 -0
package/build/errors/categories/system.d.ts.map +1 -0
package/build/errors/categories/system.js +190 -0
package/build/errors/categories/system.js.map +1 -0
package/build/errors/categories/transport.d.ts +70 -0
package/build/errors/categories/transport.d.ts.map +1 -0
package/build/errors/categories/transport.js +148 -0
package/build/errors/categories/transport.js.map +1 -0
package/build/errors/categories/validation.d.ts +140 -0
package/build/errors/categories/validation.d.ts.map +1 -0
package/build/errors/categories/validation.js +311 -0
package/build/errors/categories/validation.js.map +1 -0
package/build/errors/core/base.d.ts +103 -0
package/build/errors/core/base.d.ts.map +1 -0
package/build/errors/core/base.js +219 -0
package/build/errors/core/base.js.map +1 -0
package/build/errors/core/constants.d.ts +40 -0
package/build/errors/core/constants.d.ts.map +1 -0
package/build/errors/core/constants.js +49 -0
package/build/errors/core/constants.js.map +1 -0
package/build/errors/core/error-codes.d.ts +72 -0
package/build/errors/core/error-codes.d.ts.map +1 -0
package/build/errors/core/error-codes.js +88 -0
package/build/errors/core/error-codes.js.map +1 -0
package/build/errors/core/http.d.ts +69 -0
package/build/errors/core/http.d.ts.map +1 -0
package/build/errors/core/http.js +106 -0
package/build/errors/core/http.js.map +1 -0
package/build/errors/core/index.d.ts +23 -0
package/build/errors/core/index.d.ts.map +1 -0
package/build/errors/core/index.js +41 -0
package/build/errors/core/index.js.map +1 -0
package/build/errors/core/json-rpc.d.ts +69 -0
package/build/errors/core/json-rpc.d.ts.map +1 -0
package/build/errors/core/json-rpc.js +79 -0
package/build/errors/core/json-rpc.js.map +1 -0
package/build/errors/core/messages.d.ts +51 -0
package/build/errors/core/messages.d.ts.map +1 -0
package/build/errors/core/messages.js +59 -0
package/build/errors/core/messages.js.map +1 -0
package/build/errors/core/types.d.ts +80 -0
package/build/errors/core/types.d.ts.map +1 -0
package/build/errors/core/types.js +10 -0
package/build/errors/core/types.js.map +1 -0
package/build/errors/factory.d.ts +199 -0
package/build/errors/factory.d.ts.map +1 -0
package/build/errors/factory.js +244 -0
package/build/errors/factory.js.map +1 -0
package/build/errors/index.d.ts +35 -0
package/build/errors/index.d.ts.map +1 -0
package/build/errors/index.js +67 -0
package/build/errors/index.js.map +1 -0
package/build/index.d.ts +93 -0
package/build/index.d.ts.map +1 -0
package/build/index.js +107 -0
package/build/index.js.map +1 -0
package/build/logger/core/constants.d.ts +143 -0
package/build/logger/core/constants.d.ts.map +1 -0
package/build/logger/core/constants.js +206 -0
package/build/logger/core/constants.js.map +1 -0
package/build/logger/core/context.d.ts +170 -0
package/build/logger/core/context.d.ts.map +1 -0
package/build/logger/core/context.js +237 -0
package/build/logger/core/context.js.map +1 -0
package/build/logger/core/errors.d.ts +101 -0
package/build/logger/core/errors.d.ts.map +1 -0
package/build/logger/core/errors.js +128 -0
package/build/logger/core/errors.js.map +1 -0
package/build/logger/core/format.d.ts +40 -0
package/build/logger/core/format.d.ts.map +1 -0
package/build/logger/core/format.js +47 -0
package/build/logger/core/format.js.map +1 -0
package/build/logger/core/index.d.ts +19 -0
package/build/logger/core/index.d.ts.map +1 -0
package/build/logger/core/index.js +47 -0
package/build/logger/core/index.js.map +1 -0
package/build/logger/core/trace-context.d.ts +51 -0
package/build/logger/core/trace-context.d.ts.map +1 -0
package/build/logger/core/trace-context.js +42 -0
package/build/logger/core/trace-context.js.map +1 -0
package/build/logger/core/types.d.ts +233 -0
package/build/logger/core/types.d.ts.map +1 -0
package/build/logger/core/types.js +10 -0
package/build/logger/core/types.js.map +1 -0
package/build/logger/factory.d.ts +150 -0
package/build/logger/factory.d.ts.map +1 -0
package/build/logger/factory.js +236 -0
package/build/logger/factory.js.map +1 -0
package/build/logger/formatters/index.d.ts +12 -0
package/build/logger/formatters/index.d.ts.map +1 -0
package/build/logger/formatters/index.js +15 -0
package/build/logger/formatters/index.js.map +1 -0
package/build/logger/formatters/json-formatter.d.ts +54 -0
package/build/logger/formatters/json-formatter.d.ts.map +1 -0
package/build/logger/formatters/json-formatter.js +80 -0
package/build/logger/formatters/json-formatter.js.map +1 -0
package/build/logger/formatters/schema.d.ts +230 -0
package/build/logger/formatters/schema.d.ts.map +1 -0
package/build/logger/formatters/schema.js +278 -0
package/build/logger/formatters/schema.js.map +1 -0
package/build/logger/formatters/text-formatter.d.ts +50 -0
package/build/logger/formatters/text-formatter.d.ts.map +1 -0
package/build/logger/formatters/text-formatter.js +93 -0
package/build/logger/formatters/text-formatter.js.map +1 -0
package/build/logger/index.d.ts +39 -0
package/build/logger/index.d.ts.map +1 -0
package/build/logger/index.js +43 -0
package/build/logger/index.js.map +1 -0
package/build/logger/logger.d.ts +278 -0
package/build/logger/logger.d.ts.map +1 -0
package/build/logger/logger.js +459 -0
package/build/logger/logger.js.map +1 -0
package/build/logger/mcp-logger.d.ts +177 -0
package/build/logger/mcp-logger.d.ts.map +1 -0
package/build/logger/mcp-logger.js +294 -0
package/build/logger/mcp-logger.js.map +1 -0
package/build/logger/scrubbing/index.d.ts +14 -0
package/build/logger/scrubbing/index.d.ts.map +1 -0
package/build/logger/scrubbing/index.js +16 -0
package/build/logger/scrubbing/index.js.map +1 -0
package/build/logger/scrubbing/injection-guard.d.ts +69 -0
package/build/logger/scrubbing/injection-guard.d.ts.map +1 -0
package/build/logger/scrubbing/injection-guard.js +102 -0
package/build/logger/scrubbing/injection-guard.js.map +1 -0
package/build/logger/scrubbing/secret-scrubber.d.ts +72 -0
package/build/logger/scrubbing/secret-scrubber.d.ts.map +1 -0
package/build/logger/scrubbing/secret-scrubber.js +177 -0
package/build/logger/scrubbing/secret-scrubber.js.map +1 -0
package/build/logger/writers/base-writer.d.ts +45 -0
package/build/logger/writers/base-writer.d.ts.map +1 -0
package/build/logger/writers/base-writer.js +41 -0
package/build/logger/writers/base-writer.js.map +1 -0
package/build/logger/writers/composite-writer.d.ts +83 -0
package/build/logger/writers/composite-writer.d.ts.map +1 -0
package/build/logger/writers/composite-writer.js +121 -0
package/build/logger/writers/composite-writer.js.map +1 -0
package/build/logger/writers/console-writer.d.ts +59 -0
package/build/logger/writers/console-writer.d.ts.map +1 -0
package/build/logger/writers/console-writer.js +73 -0
package/build/logger/writers/console-writer.js.map +1 -0
package/build/logger/writers/file-writer.d.ts +160 -0
package/build/logger/writers/file-writer.d.ts.map +1 -0
package/build/logger/writers/file-writer.js +345 -0
package/build/logger/writers/file-writer.js.map +1 -0
package/build/logger/writers/index.d.ts +15 -0
package/build/logger/writers/index.d.ts.map +1 -0
package/build/logger/writers/index.js +19 -0
package/build/logger/writers/index.js.map +1 -0
package/build/mcp/capabilities/apps/define-app.d.ts +68 -0
package/build/mcp/capabilities/apps/define-app.d.ts.map +1 -0
package/build/mcp/capabilities/apps/define-app.js +127 -0
package/build/mcp/capabilities/apps/define-app.js.map +1 -0
package/build/mcp/capabilities/apps/index.d.ts +10 -0
package/build/mcp/capabilities/apps/index.d.ts.map +1 -0
package/build/mcp/capabilities/apps/index.js +10 -0
package/build/mcp/capabilities/apps/index.js.map +1 -0
package/build/mcp/capabilities/capabilities.d.ts +24 -0
package/build/mcp/capabilities/capabilities.d.ts.map +1 -0
package/build/mcp/capabilities/capabilities.js +50 -0
package/build/mcp/capabilities/capabilities.js.map +1 -0
package/build/mcp/capabilities/index.d.ts +17 -0
package/build/mcp/capabilities/index.d.ts.map +1 -0
package/build/mcp/capabilities/index.js +20 -0
package/build/mcp/capabilities/index.js.map +1 -0
package/build/mcp/capabilities/prompts/define-prompt.d.ts +95 -0
package/build/mcp/capabilities/prompts/define-prompt.d.ts.map +1 -0
package/build/mcp/capabilities/prompts/define-prompt.js +109 -0
package/build/mcp/capabilities/prompts/define-prompt.js.map +1 -0
package/build/mcp/capabilities/prompts/index.d.ts +10 -0
package/build/mcp/capabilities/prompts/index.d.ts.map +1 -0
package/build/mcp/capabilities/prompts/index.js +10 -0
package/build/mcp/capabilities/prompts/index.js.map +1 -0
package/build/mcp/capabilities/registry/base-registry.d.ts +95 -0
package/build/mcp/capabilities/registry/base-registry.d.ts.map +1 -0
package/build/mcp/capabilities/registry/base-registry.js +149 -0
package/build/mcp/capabilities/registry/base-registry.js.map +1 -0
package/build/mcp/capabilities/registry/index.d.ts +16 -0
package/build/mcp/capabilities/registry/index.d.ts.map +1 -0
package/build/mcp/capabilities/registry/index.js +34 -0
package/build/mcp/capabilities/registry/index.js.map +1 -0
package/build/mcp/capabilities/registry/prompt-registry.d.ts +116 -0
package/build/mcp/capabilities/registry/prompt-registry.d.ts.map +1 -0
package/build/mcp/capabilities/registry/prompt-registry.js +232 -0
package/build/mcp/capabilities/registry/prompt-registry.js.map +1 -0
package/build/mcp/capabilities/registry/reset.d.ts +30 -0
package/build/mcp/capabilities/registry/reset.d.ts.map +1 -0
package/build/mcp/capabilities/registry/reset.js +48 -0
package/build/mcp/capabilities/registry/reset.js.map +1 -0
package/build/mcp/capabilities/registry/resource-registry.d.ts +152 -0
package/build/mcp/capabilities/registry/resource-registry.d.ts.map +1 -0
package/build/mcp/capabilities/registry/resource-registry.js +430 -0
package/build/mcp/capabilities/registry/resource-registry.js.map +1 -0
package/build/mcp/capabilities/registry/scope-enforcement.d.ts +48 -0
package/build/mcp/capabilities/registry/scope-enforcement.d.ts.map +1 -0
package/build/mcp/capabilities/registry/scope-enforcement.js +62 -0
package/build/mcp/capabilities/registry/scope-enforcement.js.map +1 -0
package/build/mcp/capabilities/registry/task-tool-registry.d.ts +96 -0
package/build/mcp/capabilities/registry/task-tool-registry.d.ts.map +1 -0
package/build/mcp/capabilities/registry/task-tool-registry.js +190 -0
package/build/mcp/capabilities/registry/task-tool-registry.js.map +1 -0
package/build/mcp/capabilities/registry/tool-registry.d.ts +100 -0
package/build/mcp/capabilities/registry/tool-registry.d.ts.map +1 -0
package/build/mcp/capabilities/registry/tool-registry.js +242 -0
package/build/mcp/capabilities/registry/tool-registry.js.map +1 -0
package/build/mcp/capabilities/resources/define-resource.d.ts +103 -0
package/build/mcp/capabilities/resources/define-resource.d.ts.map +1 -0
package/build/mcp/capabilities/resources/define-resource.js +137 -0
package/build/mcp/capabilities/resources/define-resource.js.map +1 -0
package/build/mcp/capabilities/resources/index.d.ts +10 -0
package/build/mcp/capabilities/resources/index.d.ts.map +1 -0
package/build/mcp/capabilities/resources/index.js +10 -0
package/build/mcp/capabilities/resources/index.js.map +1 -0
package/build/mcp/capabilities/server-capabilities.d.ts +33 -0
package/build/mcp/capabilities/server-capabilities.d.ts.map +1 -0
package/build/mcp/capabilities/server-capabilities.js +16 -0
package/build/mcp/capabilities/server-capabilities.js.map +1 -0
package/build/mcp/capabilities/tasks/define-task.d.ts +75 -0
package/build/mcp/capabilities/tasks/define-task.d.ts.map +1 -0
package/build/mcp/capabilities/tasks/define-task.js +93 -0
package/build/mcp/capabilities/tasks/define-task.js.map +1 -0
package/build/mcp/capabilities/tasks/index.d.ts +11 -0
package/build/mcp/capabilities/tasks/index.d.ts.map +1 -0
package/build/mcp/capabilities/tasks/index.js +11 -0
package/build/mcp/capabilities/tasks/index.js.map +1 -0
package/build/mcp/capabilities/tools/define-tool.d.ts +62 -0
package/build/mcp/capabilities/tools/define-tool.d.ts.map +1 -0
package/build/mcp/capabilities/tools/define-tool.js +73 -0
package/build/mcp/capabilities/tools/define-tool.js.map +1 -0
package/build/mcp/capabilities/tools/index.d.ts +10 -0
package/build/mcp/capabilities/tools/index.d.ts.map +1 -0
package/build/mcp/capabilities/tools/index.js +10 -0
package/build/mcp/capabilities/tools/index.js.map +1 -0
package/build/mcp/handlers/index.d.ts +19 -0
package/build/mcp/handlers/index.d.ts.map +1 -0
package/build/mcp/handlers/index.js +26 -0
package/build/mcp/handlers/index.js.map +1 -0
package/build/mcp/handlers/ping.d.ts +27 -0
package/build/mcp/handlers/ping.d.ts.map +1 -0
package/build/mcp/handlers/ping.js +61 -0
package/build/mcp/handlers/ping.js.map +1 -0
package/build/mcp/handlers/progress.d.ts +41 -0
package/build/mcp/handlers/progress.d.ts.map +1 -0
package/build/mcp/handlers/progress.js +79 -0
package/build/mcp/handlers/progress.js.map +1 -0
package/build/mcp/index.d.ts +28 -0
package/build/mcp/index.d.ts.map +1 -0
package/build/mcp/index.js +34 -0
package/build/mcp/index.js.map +1 -0
package/build/mcp/responses/helpers.d.ts +146 -0
package/build/mcp/responses/helpers.d.ts.map +1 -0
package/build/mcp/responses/helpers.js +197 -0
package/build/mcp/responses/helpers.js.map +1 -0
package/build/mcp/responses/index.d.ts +9 -0
package/build/mcp/responses/index.d.ts.map +1 -0
package/build/mcp/responses/index.js +12 -0
package/build/mcp/responses/index.js.map +1 -0
package/build/mcp/types/context.d.ts +371 -0
package/build/mcp/types/context.d.ts.map +1 -0
package/build/mcp/types/context.js +17 -0
package/build/mcp/types/context.js.map +1 -0
package/build/mcp/types/definition.d.ts +727 -0
package/build/mcp/types/definition.d.ts.map +1 -0
package/build/mcp/types/definition.js +29 -0
package/build/mcp/types/definition.js.map +1 -0
package/build/mcp/types/handler.d.ts +58 -0
package/build/mcp/types/handler.d.ts.map +1 -0
package/build/mcp/types/handler.js +10 -0
package/build/mcp/types/handler.js.map +1 -0
package/build/mcp/types/index.d.ts +21 -0
package/build/mcp/types/index.d.ts.map +1 -0
package/build/mcp/types/index.js +18 -0
package/build/mcp/types/index.js.map +1 -0
package/build/mcp/types/response.d.ts +79 -0
package/build/mcp/types/response.d.ts.map +1 -0
package/build/mcp/types/response.js +10 -0
package/build/mcp/types/response.js.map +1 -0
package/build/server/auth/auth-context.d.ts +52 -0
package/build/server/auth/auth-context.d.ts.map +1 -0
package/build/server/auth/auth-context.js +45 -0
package/build/server/auth/auth-context.js.map +1 -0
package/build/server/auth/guards.d.ts +72 -0
package/build/server/auth/guards.d.ts.map +1 -0
package/build/server/auth/guards.js +103 -0
package/build/server/auth/guards.js.map +1 -0
package/build/server/auth/index.d.ts +21 -0
package/build/server/auth/index.d.ts.map +1 -0
package/build/server/auth/index.js +20 -0
package/build/server/auth/index.js.map +1 -0
package/build/server/auth/oidc-discovery.d.ts +68 -0
package/build/server/auth/oidc-discovery.d.ts.map +1 -0
package/build/server/auth/oidc-discovery.js +234 -0
package/build/server/auth/oidc-discovery.js.map +1 -0
package/build/server/auth/oidc-provider.d.ts +96 -0
package/build/server/auth/oidc-provider.d.ts.map +1 -0
package/build/server/auth/oidc-provider.js +126 -0
package/build/server/auth/oidc-provider.js.map +1 -0
package/build/server/auth/types.d.ts +204 -0
package/build/server/auth/types.d.ts.map +1 -0
package/build/server/auth/types.js +29 -0
package/build/server/auth/types.js.map +1 -0
package/build/server/auth/upstream-provider.d.ts +161 -0
package/build/server/auth/upstream-provider.d.ts.map +1 -0
package/build/server/auth/upstream-provider.js +411 -0
package/build/server/auth/upstream-provider.js.map +1 -0
package/build/server/builder/constants.d.ts +45 -0
package/build/server/builder/constants.d.ts.map +1 -0
package/build/server/builder/constants.js +54 -0
package/build/server/builder/constants.js.map +1 -0
package/build/server/builder/index.d.ts +24 -0
package/build/server/builder/index.d.ts.map +1 -0
package/build/server/builder/index.js +25 -0
package/build/server/builder/index.js.map +1 -0
package/build/server/builder/primitive-collector.d.ts +24 -0
package/build/server/builder/primitive-collector.d.ts.map +1 -0
package/build/server/builder/primitive-collector.js +89 -0
package/build/server/builder/primitive-collector.js.map +1 -0
package/build/server/builder/server-builder.d.ts +53 -0
package/build/server/builder/server-builder.d.ts.map +1 -0
package/build/server/builder/server-builder.js +132 -0
package/build/server/builder/server-builder.js.map +1 -0
package/build/server/builder/types.d.ts +93 -0
package/build/server/builder/types.d.ts.map +1 -0
package/build/server/builder/types.js +25 -0
package/build/server/builder/types.js.map +1 -0
package/build/server/builder/validation.d.ts +36 -0
package/build/server/builder/validation.d.ts.map +1 -0
package/build/server/builder/validation.js +44 -0
package/build/server/builder/validation.js.map +1 -0
package/build/server/create-server.d.ts +57 -0
package/build/server/create-server.d.ts.map +1 -0
package/build/server/create-server.js +104 -0
package/build/server/create-server.js.map +1 -0
package/build/server/http/express-app.d.ts +103 -0
package/build/server/http/express-app.d.ts.map +1 -0
package/build/server/http/express-app.js +391 -0
package/build/server/http/express-app.js.map +1 -0
package/build/server/http/http-server.d.ts +67 -0
package/build/server/http/http-server.d.ts.map +1 -0
package/build/server/http/http-server.js +188 -0
package/build/server/http/http-server.js.map +1 -0
package/build/server/http/http-transport.d.ts +33 -0
package/build/server/http/http-transport.d.ts.map +1 -0
package/build/server/http/http-transport.js +84 -0
package/build/server/http/http-transport.js.map +1 -0
package/build/server/http/index.d.ts +15 -0
package/build/server/http/index.d.ts.map +1 -0
package/build/server/http/index.js +11 -0
package/build/server/http/index.js.map +1 -0
package/build/server/index.d.ts +25 -0
package/build/server/index.d.ts.map +1 -0
package/build/server/index.js +41 -0
package/build/server/index.js.map +1 -0
package/build/server/lifecycle.d.ts +114 -0
package/build/server/lifecycle.d.ts.map +1 -0
package/build/server/lifecycle.js +30 -0
package/build/server/lifecycle.js.map +1 -0
package/build/server/middleware/bearer-auth.d.ts +43 -0
package/build/server/middleware/bearer-auth.d.ts.map +1 -0
package/build/server/middleware/bearer-auth.js +75 -0
package/build/server/middleware/bearer-auth.js.map +1 -0
package/build/server/middleware/custom-header-auth.d.ts +40 -0
package/build/server/middleware/custom-header-auth.d.ts.map +1 -0
package/build/server/middleware/custom-header-auth.js +90 -0
package/build/server/middleware/custom-header-auth.js.map +1 -0
package/build/server/middleware/dns-rebinding.d.ts +25 -0
package/build/server/middleware/dns-rebinding.d.ts.map +1 -0
package/build/server/middleware/dns-rebinding.js +94 -0
package/build/server/middleware/dns-rebinding.js.map +1 -0
package/build/server/middleware/index.d.ts +69 -0
package/build/server/middleware/index.d.ts.map +1 -0
package/build/server/middleware/index.js +68 -0
package/build/server/middleware/index.js.map +1 -0
package/build/server/middleware/logging.d.ts +21 -0
package/build/server/middleware/logging.d.ts.map +1 -0
package/build/server/middleware/logging.js +36 -0
package/build/server/middleware/logging.js.map +1 -0
package/build/server/middleware/oauth-router.d.ts +50 -0
package/build/server/middleware/oauth-router.d.ts.map +1 -0
package/build/server/middleware/oauth-router.js +53 -0
package/build/server/middleware/oauth-router.js.map +1 -0
package/build/server/middleware/protocol-version.d.ts +13 -0
package/build/server/middleware/protocol-version.d.ts.map +1 -0
package/build/server/middleware/protocol-version.js +48 -0
package/build/server/middleware/protocol-version.js.map +1 -0
package/build/server/middleware/rate-limit.d.ts +47 -0
package/build/server/middleware/rate-limit.d.ts.map +1 -0
package/build/server/middleware/rate-limit.js +109 -0
package/build/server/middleware/rate-limit.js.map +1 -0
package/build/server/middleware/trust-proxy.d.ts +37 -0
package/build/server/middleware/trust-proxy.d.ts.map +1 -0
package/build/server/middleware/trust-proxy.js +154 -0
package/build/server/middleware/trust-proxy.js.map +1 -0
package/build/server/option-overrides.d.ts +25 -0
package/build/server/option-overrides.d.ts.map +1 -0
package/build/server/option-overrides.js +85 -0
package/build/server/option-overrides.js.map +1 -0
package/build/server/routes/health.d.ts +87 -0
package/build/server/routes/health.d.ts.map +1 -0
package/build/server/routes/health.js +183 -0
package/build/server/routes/health.js.map +1 -0
package/build/server/routes/index.d.ts +16 -0
package/build/server/routes/index.d.ts.map +1 -0
package/build/server/routes/index.js +18 -0
package/build/server/routes/index.js.map +1 -0
package/build/server/routes/metrics.d.ts +40 -0
package/build/server/routes/metrics.d.ts.map +1 -0
package/build/server/routes/metrics.js +81 -0
package/build/server/routes/metrics.js.map +1 -0
package/build/server/routes/oauth-router.d.ts +50 -0
package/build/server/routes/oauth-router.d.ts.map +1 -0
package/build/server/routes/oauth-router.js +53 -0
package/build/server/routes/oauth-router.js.map +1 -0
package/build/server/routes/readiness-status.d.ts +25 -0
package/build/server/routes/readiness-status.d.ts.map +1 -0
package/build/server/routes/readiness-status.js +27 -0
package/build/server/routes/readiness-status.js.map +1 -0
package/build/server/routes/sse-router.d.ts +43 -0
package/build/server/routes/sse-router.d.ts.map +1 -0
package/build/server/routes/sse-router.js +92 -0
package/build/server/routes/sse-router.js.map +1 -0
package/build/server/routes/streamable-http-router.d.ts +36 -0
package/build/server/routes/streamable-http-router.d.ts.map +1 -0
package/build/server/routes/streamable-http-router.js +59 -0
package/build/server/routes/streamable-http-router.js.map +1 -0
package/build/server/server-instance.d.ts +185 -0
package/build/server/server-instance.d.ts.map +1 -0
package/build/server/server-instance.js +615 -0
package/build/server/server-instance.js.map +1 -0
package/build/server/server-options.d.ts +411 -0
package/build/server/server-options.d.ts.map +1 -0
package/build/server/server-options.js +17 -0
package/build/server/server-options.js.map +1 -0
package/build/server/session/in-memory-store.d.ts +128 -0
package/build/server/session/in-memory-store.d.ts.map +1 -0
package/build/server/session/in-memory-store.js +312 -0
package/build/server/session/in-memory-store.js.map +1 -0
package/build/server/session/index.d.ts +43 -0
package/build/server/session/index.d.ts.map +1 -0
package/build/server/session/index.js +47 -0
package/build/server/session/index.js.map +1 -0
package/build/server/session/mcp-session.d.ts +210 -0
package/build/server/session/mcp-session.d.ts.map +1 -0
package/build/server/session/mcp-session.js +428 -0
package/build/server/session/mcp-session.js.map +1 -0
package/build/server/session/session-factory.d.ts +119 -0
package/build/server/session/session-factory.d.ts.map +1 -0
package/build/server/session/session-factory.js +131 -0
package/build/server/session/session-factory.js.map +1 -0
package/build/server/session/session-housekeeper.d.ts +100 -0
package/build/server/session/session-housekeeper.d.ts.map +1 -0
package/build/server/session/session-housekeeper.js +217 -0
package/build/server/session/session-housekeeper.js.map +1 -0
package/build/server/session/session-manager.d.ts +227 -0
package/build/server/session/session-manager.d.ts.map +1 -0
package/build/server/session/session-manager.js +282 -0
package/build/server/session/session-manager.js.map +1 -0
package/build/server/session/session-store.d.ts +95 -0
package/build/server/session/session-store.d.ts.map +1 -0
package/build/server/session/session-store.js +13 -0
package/build/server/session/session-store.js.map +1 -0
package/build/server/session/session.d.ts +132 -0
package/build/server/session/session.d.ts.map +1 -0
package/build/server/session/session.js +61 -0
package/build/server/session/session.js.map +1 -0
package/build/server/transport/constants.d.ts +85 -0
package/build/server/transport/constants.d.ts.map +1 -0
package/build/server/transport/constants.js +103 -0
package/build/server/transport/constants.js.map +1 -0
package/build/server/transport/index.d.ts +21 -0
package/build/server/transport/index.d.ts.map +1 -0
package/build/server/transport/index.js +28 -0
package/build/server/transport/index.js.map +1 -0
package/build/server/transport/sse/handler.d.ts +46 -0
package/build/server/transport/sse/handler.d.ts.map +1 -0
package/build/server/transport/sse/handler.js +189 -0
package/build/server/transport/sse/handler.js.map +1 -0
package/build/server/transport/sse/index.d.ts +15 -0
package/build/server/transport/sse/index.d.ts.map +1 -0
package/build/server/transport/sse/index.js +14 -0
package/build/server/transport/sse/index.js.map +1 -0
package/build/server/transport/sse/transport.d.ts +94 -0
package/build/server/transport/sse/transport.d.ts.map +1 -0
package/build/server/transport/sse/transport.js +175 -0
package/build/server/transport/sse/transport.js.map +1 -0
package/build/server/transport/stdio-transport.d.ts +23 -0
package/build/server/transport/stdio-transport.d.ts.map +1 -0
package/build/server/transport/stdio-transport.js +59 -0
package/build/server/transport/stdio-transport.js.map +1 -0
package/build/server/transport/streamable-http/index.d.ts +9 -0
package/build/server/transport/streamable-http/index.d.ts.map +1 -0
package/build/server/transport/streamable-http/index.js +9 -0
package/build/server/transport/streamable-http/index.js.map +1 -0
package/build/server/transport/streamable-http/stateful-handler.d.ts +41 -0
package/build/server/transport/streamable-http/stateful-handler.d.ts.map +1 -0
package/build/server/transport/streamable-http/stateful-handler.js +264 -0
package/build/server/transport/streamable-http/stateful-handler.js.map +1 -0
package/build/server/transport/streamable-http/stateless-handler.d.ts +28 -0
package/build/server/transport/streamable-http/stateless-handler.d.ts.map +1 -0
package/build/server/transport/streamable-http/stateless-handler.js +81 -0
package/build/server/transport/streamable-http/stateless-handler.js.map +1 -0
package/build/server/transport/streamable-http/transport.d.ts +110 -0
package/build/server/transport/streamable-http/transport.d.ts.map +1 -0
package/build/server/transport/streamable-http/transport.js +118 -0
package/build/server/transport/streamable-http/transport.js.map +1 -0
package/build/server/transport/transport-context.d.ts +67 -0
package/build/server/transport/transport-context.d.ts.map +1 -0
package/build/server/transport/transport-context.js +38 -0
package/build/server/transport/transport-context.js.map +1 -0
package/build/server/transport/types.d.ts +56 -0
package/build/server/transport/types.d.ts.map +1 -0
package/build/server/transport/types.js +11 -0
package/build/server/transport/types.js.map +1 -0
package/build/server/transport-options.d.ts +248 -0
package/build/server/transport-options.d.ts.map +1 -0
package/build/server/transport-options.js +18 -0
package/build/server/transport-options.js.map +1 -0
package/build/server/types.d.ts +172 -0
package/build/server/types.d.ts.map +1 -0
package/build/server/types.js +9 -0
package/build/server/types.js.map +1 -0
package/build/telemetry/connection-telemetry-bridge.d.ts +30 -0
package/build/telemetry/connection-telemetry-bridge.d.ts.map +1 -0
package/build/telemetry/connection-telemetry-bridge.js +54 -0
package/build/telemetry/connection-telemetry-bridge.js.map +1 -0
package/build/telemetry/core/config.d.ts +38 -0
package/build/telemetry/core/config.d.ts.map +1 -0
package/build/telemetry/core/config.js +54 -0
package/build/telemetry/core/config.js.map +1 -0
package/build/telemetry/core/constants.d.ts +183 -0
package/build/telemetry/core/constants.d.ts.map +1 -0
package/build/telemetry/core/constants.js +207 -0
package/build/telemetry/core/constants.js.map +1 -0
package/build/telemetry/core/diag-logger.d.ts +35 -0
package/build/telemetry/core/diag-logger.d.ts.map +1 -0
package/build/telemetry/core/diag-logger.js +54 -0
package/build/telemetry/core/diag-logger.js.map +1 -0
package/build/telemetry/core/index.d.ts +12 -0
package/build/telemetry/core/index.d.ts.map +1 -0
package/build/telemetry/core/index.js +32 -0
package/build/telemetry/core/index.js.map +1 -0
package/build/telemetry/core/types.d.ts +106 -0
package/build/telemetry/core/types.d.ts.map +1 -0
package/build/telemetry/core/types.js +10 -0
package/build/telemetry/core/types.js.map +1 -0
package/build/telemetry/index.d.ts +59 -0
package/build/telemetry/index.d.ts.map +1 -0
package/build/telemetry/index.js +79 -0
package/build/telemetry/index.js.map +1 -0
package/build/telemetry/metrics.d.ts +127 -0
package/build/telemetry/metrics.d.ts.map +1 -0
package/build/telemetry/metrics.js +337 -0
package/build/telemetry/metrics.js.map +1 -0
package/build/telemetry/sdk.d.ts +110 -0
package/build/telemetry/sdk.d.ts.map +1 -0
package/build/telemetry/sdk.js +547 -0
package/build/telemetry/sdk.js.map +1 -0
package/build/telemetry/tracing.d.ts +78 -0
package/build/telemetry/tracing.d.ts.map +1 -0
package/build/telemetry/tracing.js +257 -0
package/build/telemetry/tracing.js.map +1 -0
package/build/utils/env-helpers.d.ts +46 -0
package/build/utils/env-helpers.d.ts.map +1 -0
package/build/utils/env-helpers.js +54 -0
package/build/utils/env-helpers.js.map +1 -0
package/build/utils/index.d.ts +14 -0
package/build/utils/index.d.ts.map +1 -0
package/build/utils/index.js +19 -0
package/build/utils/index.js.map +1 -0
package/build/utils/sensitive-keys.d.ts +48 -0
package/build/utils/sensitive-keys.d.ts.map +1 -0
package/build/utils/sensitive-keys.js +131 -0
package/build/utils/sensitive-keys.js.map +1 -0
package/build/utils/string-helpers.d.ts +126 -0
package/build/utils/string-helpers.d.ts.map +1 -0
package/build/utils/string-helpers.js +189 -0
package/build/utils/string-helpers.js.map +1 -0
package/build/utils/validation.d.ts +84 -0
package/build/utils/validation.d.ts.map +1 -0
package/build/utils/validation.js +111 -0
package/build/utils/validation.js.map +1 -0
package/build/utils/zod-helpers.d.ts +92 -0
package/build/utils/zod-helpers.d.ts.map +1 -0
package/build/utils/zod-helpers.js +120 -0
package/build/utils/zod-helpers.js.map +1 -0
package/package.json +133 -0

package/build/server/middleware/oauth-router.d.ts ADDED Viewed

@@ -0,0 +1,50 @@
+/**
+ * OAuth Router Middleware
+ *
+ * Wraps the SDK's `mcpAuthRouter()` to mount OAuth 2.1 endpoints
+ * when a full OAuth provider is configured.
+ *
+ * Routes mounted:
+ * - `GET /authorize` — Authorization endpoint
+ * - `POST /token` — Token endpoint
+ * - `POST /register` — Dynamic client registration
+ * - `POST /revoke` — Token revocation
+ * - `GET /.well-known/oauth-authorization-server` — Authorization Server Metadata (RFC 8414)
+ * - `GET /.well-known/oauth-protected-resource` — Protected Resource Metadata (RFC 9728)
+ *
+ * Only created when the provider is a full `OAuthServerProvider`
+ * (detected via {@link isFullOAuthProvider}).
+ *
+ * @module server/middleware/oauth-router
+ */
+import type { RequestHandler } from "express";
+import type { OAuthServerProvider } from "@modelcontextprotocol/sdk/server/auth/provider.js";
+/**
+ * Options for creating the OAuth router.
+ */
+export interface OAuthRouterOptions {
+    /** Full OAuth server provider (must have `clientsStore`) */
+    readonly provider: OAuthServerProvider;
+    /**
+     * OAuth issuer URL (Authorization Server identifier).
+     * Required by the MCP SDK for Authorization Server Metadata (RFC 8414).
+     */
+    readonly issuerUrl: URL;
+    /**
+     * Scopes supported by this authorization server.
+     * Advertised in the Authorization Server Metadata document.
+     */
+    readonly scopesSupported?: readonly string[];
+}
+/**
+ * Creates an Express router with OAuth 2.1 endpoints.
+ *
+ * Delegates to the SDK's `mcpAuthRouter()` for the actual endpoint
+ * implementation. The router handles authorization, token exchange,
+ * client registration, and discovery metadata.
+ *
+ * @param options - OAuth router configuration
+ * @returns Express request handler (router) with OAuth endpoints
+ */
+export declare function createOAuthRouter(options: OAuthRouterOptions): RequestHandler;
+//# sourceMappingURL=oauth-router.d.ts.map

package/build/server/middleware/oauth-router.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"oauth-router.d.ts","sourceRoot":"","sources":["../../../src/server/middleware/oauth-router.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAC9C,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,mDAAmD,CAAC;AAqB7F;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,4DAA4D;IAC5D,QAAQ,CAAC,QAAQ,EAAE,mBAAmB,CAAC;IAEvC;;;OAGG;IACH,QAAQ,CAAC,SAAS,EAAE,GAAG,CAAC;IAExB;;;OAGG;IACH,QAAQ,CAAC,eAAe,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;CAC9C;AAMD;;;;;;;;;GASG;AACH,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,kBAAkB,GAAG,cAAc,CAY7E"}

package/build/server/middleware/oauth-router.js ADDED Viewed

@@ -0,0 +1,53 @@
+/**
+ * OAuth Router Middleware
+ *
+ * Wraps the SDK's `mcpAuthRouter()` to mount OAuth 2.1 endpoints
+ * when a full OAuth provider is configured.
+ *
+ * Routes mounted:
+ * - `GET /authorize` — Authorization endpoint
+ * - `POST /token` — Token endpoint
+ * - `POST /register` — Dynamic client registration
+ * - `POST /revoke` — Token revocation
+ * - `GET /.well-known/oauth-authorization-server` — Authorization Server Metadata (RFC 8414)
+ * - `GET /.well-known/oauth-protected-resource` — Protected Resource Metadata (RFC 9728)
+ *
+ * Only created when the provider is a full `OAuthServerProvider`
+ * (detected via {@link isFullOAuthProvider}).
+ *
+ * @module server/middleware/oauth-router
+ */
+import { mcpAuthRouter } from "@modelcontextprotocol/sdk/server/auth/router.js";
+import { logger as baseLogger } from "../../logger/index.js";
+// ============================================================================
+// Logger
+// ============================================================================
+const LOG_COMPONENT = "oauth-router";
+const LogMessages = {
+    MOUNTED: "OAuth router mounted (issuer: %s)",
+};
+const logger = baseLogger.child({ component: LOG_COMPONENT });
+// ============================================================================
+// Factory
+// ============================================================================
+/**
+ * Creates an Express router with OAuth 2.1 endpoints.
+ *
+ * Delegates to the SDK's `mcpAuthRouter()` for the actual endpoint
+ * implementation. The router handles authorization, token exchange,
+ * client registration, and discovery metadata.
+ *
+ * @param options - OAuth router configuration
+ * @returns Express request handler (router) with OAuth endpoints
+ */
+export function createOAuthRouter(options) {
+    const { provider, issuerUrl, scopesSupported } = options;
+    const routerOptions = {
+        provider,
+        issuerUrl,
+        ...(scopesSupported && { scopesSupported: [...scopesSupported] }),
+    };
+    logger.info(LogMessages.MOUNTED, issuerUrl.toString());
+    return mcpAuthRouter(routerOptions);
+}
+//# sourceMappingURL=oauth-router.js.map

package/build/server/middleware/oauth-router.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"oauth-router.js","sourceRoot":"","sources":["../../../src/server/middleware/oauth-router.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAIH,OAAO,EAAE,aAAa,EAA0B,MAAM,iDAAiD,CAAC;AAExG,OAAO,EAAE,MAAM,IAAI,UAAU,EAAE,MAAM,uBAAuB,CAAC;AAE7D,+EAA+E;AAC/E,SAAS;AACT,+EAA+E;AAE/E,MAAM,aAAa,GAAG,cAAc,CAAC;AAErC,MAAM,WAAW,GAAG;IAClB,OAAO,EAAE,mCAAmC;CACpC,CAAC;AAEX,MAAM,MAAM,GAAG,UAAU,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,aAAa,EAAE,CAAC,CAAC;AA0B9D,+EAA+E;AAC/E,UAAU;AACV,+EAA+E;AAE/E;;;;;;;;;GASG;AACH,MAAM,UAAU,iBAAiB,CAAC,OAA2B;IAC3D,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,eAAe,EAAE,GAAG,OAAO,CAAC;IAEzD,MAAM,aAAa,GAAsB;QACvC,QAAQ;QACR,SAAS;QACT,GAAG,CAAC,eAAe,IAAI,EAAE,eAAe,EAAE,CAAC,GAAG,eAAe,CAAC,EAAE,CAAC;KAClE,CAAC;IAEF,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,SAAS,CAAC,QAAQ,EAAE,CAAC,CAAC;IAEvD,OAAO,aAAa,CAAC,aAAa,CAAC,CAAC;AACtC,CAAC"}

package/build/server/middleware/protocol-version.d.ts ADDED Viewed

@@ -0,0 +1,13 @@
+/**
+ * MCP Protocol Version validation middleware
+ * MCP Spec 2025-06-18 MUST requirement
+ *
+ * @module server/middleware/protocol-version
+ */
+import type { Request, Response, NextFunction } from "express";
+/**
+ * Validates MCP-Protocol-Version header
+ * Server MUST respond with 400 Bad Request if version is invalid/unsupported
+ */
+export declare function validateProtocolVersion(req: Request, res: Response, next: NextFunction): void;
+//# sourceMappingURL=protocol-version.d.ts.map

package/build/server/middleware/protocol-version.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"protocol-version.d.ts","sourceRoot":"","sources":["../../../src/server/middleware/protocol-version.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAwB/D;;;GAGG;AACH,wBAAgB,uBAAuB,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE,YAAY,GAAG,IAAI,CA0B7F"}

package/build/server/middleware/protocol-version.js ADDED Viewed

@@ -0,0 +1,48 @@
+/**
+ * MCP Protocol Version validation middleware
+ * MCP Spec 2025-06-18 MUST requirement
+ *
+ * @module server/middleware/protocol-version
+ */
+import { sanitizeForLog } from "./logging.js";
+import { logger as baseLogger } from "../../logger/index.js";
+import { HttpStatus, createJsonRpcError, JsonRpcErrorCode } from "../../errors/index.js";
+import { MCP_HEADERS } from "../transport/index.js";
+import { SUPPORTED_PROTOCOL_VERSIONS } from "@modelcontextprotocol/sdk/types.js";
+// ============================================================================
+// Protocol Version Configuration
+// ============================================================================
+/**
+ * Fallback protocol version for backwards compatibility
+ * Used when client doesn't send MCP-Protocol-Version header
+ */
+const FALLBACK_PROTOCOL_VERSION = "2024-11-05";
+const logger = baseLogger.child({ component: "ProtocolVersion" });
+/** @internal Log messages for protocol version validation */
+const LogMessages = {
+    PROTOCOL_VERSION_UNSUPPORTED: "Unsupported protocol version: %s",
+};
+/**
+ * Validates MCP-Protocol-Version header
+ * Server MUST respond with 400 Bad Request if version is invalid/unsupported
+ */
+export function validateProtocolVersion(req, res, next) {
+    const rawVersion = req.headers[MCP_HEADERS.PROTOCOL_VERSION];
+    const protocolVersion = typeof rawVersion === "string" ? rawVersion : undefined;
+    if (!protocolVersion) {
+        // Spec: For backwards compatibility, assume fallback version if no header present
+        req.headers[MCP_HEADERS.PROTOCOL_VERSION] = FALLBACK_PROTOCOL_VERSION;
+        next();
+        return;
+    }
+    // SUPPORTED_PROTOCOL_VERSIONS is imported from the MCP SDK — always in sync with the SDK version
+    if (!SUPPORTED_PROTOCOL_VERSIONS.includes(protocolVersion)) {
+        logger.warn(LogMessages.PROTOCOL_VERSION_UNSUPPORTED, sanitizeForLog(protocolVersion));
+        res
+            .status(HttpStatus.BAD_REQUEST)
+            .json(createJsonRpcError(JsonRpcErrorCode.INVALID_REQUEST, `Unsupported MCP-Protocol-Version: ${sanitizeForLog(protocolVersion)}. Supported versions: ${SUPPORTED_PROTOCOL_VERSIONS.join(", ")}`));
+        return;
+    }
+    next();
+}
+//# sourceMappingURL=protocol-version.js.map

package/build/server/middleware/protocol-version.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"protocol-version.js","sourceRoot":"","sources":["../../../src/server/middleware/protocol-version.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAC9C,OAAO,EAAE,MAAM,IAAI,UAAU,EAAE,MAAM,uBAAuB,CAAC;AAC7D,OAAO,EAAE,UAAU,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AACzF,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AACpD,OAAO,EAAE,2BAA2B,EAAE,MAAM,oCAAoC,CAAC;AAEjF,+EAA+E;AAC/E,iCAAiC;AACjC,+EAA+E;AAE/E;;;GAGG;AACH,MAAM,yBAAyB,GAAG,YAAY,CAAC;AAE/C,MAAM,MAAM,GAAG,UAAU,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,iBAAiB,EAAE,CAAC,CAAC;AAElE,6DAA6D;AAC7D,MAAM,WAAW,GAAG;IAClB,4BAA4B,EAAE,kCAAkC;CACxD,CAAC;AAEX;;;GAGG;AACH,MAAM,UAAU,uBAAuB,CAAC,GAAY,EAAE,GAAa,EAAE,IAAkB;IACrF,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,WAAW,CAAC,gBAAgB,CAAC,CAAC;IAC7D,MAAM,eAAe,GAAG,OAAO,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC;IAEhF,IAAI,CAAC,eAAe,EAAE,CAAC;QACrB,kFAAkF;QAClF,GAAG,CAAC,OAAO,CAAC,WAAW,CAAC,gBAAgB,CAAC,GAAG,yBAAyB,CAAC;QACtE,IAAI,EAAE,CAAC;QACP,OAAO;IACT,CAAC;IAED,iGAAiG;IACjG,IAAI,CAAC,2BAA2B,CAAC,QAAQ,CAAC,eAAe,CAAC,EAAE,CAAC;QAC3D,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,4BAA4B,EAAE,cAAc,CAAC,eAAe,CAAC,CAAC,CAAC;QACvF,GAAG;aACA,MAAM,CAAC,UAAU,CAAC,WAAW,CAAC;aAC9B,IAAI,CACH,kBAAkB,CAChB,gBAAgB,CAAC,eAAe,EAChC,qCAAqC,cAAc,CAAC,eAAe,CAAC,yBAAyB,2BAA2B,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACtI,CACF,CAAC;QACJ,OAAO;IACT,CAAC;IAED,IAAI,EAAE,CAAC;AACT,CAAC"}

package/build/server/middleware/rate-limit.d.ts ADDED Viewed

@@ -0,0 +1,47 @@
+/**
+ * Rate limiting middleware
+ * Prevents abuse and DoS attacks
+ *
+ * @module server/middleware/rate-limit
+ */
+import { type RateLimitRequestHandler } from "express-rate-limit";
+/**
+ * Rate limiter configuration options.
+ */
+export interface RateLimiterOptions {
+    /** Time window in milliseconds (default: 900000 = 15 minutes) */
+    windowMs?: number;
+    /** Maximum requests per window (default: 1000) */
+    max?: number;
+    /**
+     * Whether Express trust proxy is configured.
+     *
+     * When `true`, the rate limiter uses `req.ip` (correctly resolved by Express
+     * via `X-Forwarded-For`). When `false` and `X-Forwarded-For` is detected,
+     * all clients behind the proxy share a single rate-limit bucket
+     * (keyed by proxy IP), and a one-time warning is logged.
+     */
+    trustProxyConfigured?: boolean;
+}
+/**
+ * Resets the cached rate limiter.
+ * Called by the central config reset to maintain cache coherence.
+ *
+ * @internal
+ */
+export declare function resetRateLimiterCache(): void;
+/**
+ * Creates or returns cached rate limiter for MCP endpoint.
+ *
+ * Uses lazy initialization to avoid circular dependency issues.
+ * The config is read when the function is first called, not at module load.
+ *
+ * Configurable via environment variables:
+ * - MCP_RATE_LIMIT_WINDOW_MS: Time window in ms (default: 900000 = 15 minutes)
+ * - MCP_RATE_LIMIT_MAX: Max requests per window (default: 1000)
+ *
+ * @param options - Optional override for rate limit settings
+ * @returns Express rate limiter middleware
+ */
+export declare function createRateLimiter(options?: RateLimiterOptions): RateLimitRequestHandler;
+//# sourceMappingURL=rate-limit.d.ts.map

package/build/server/middleware/rate-limit.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"rate-limit.d.ts","sourceRoot":"","sources":["../../../src/server/middleware/rate-limit.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAkB,EAAE,KAAK,uBAAuB,EAAE,MAAM,oBAAoB,CAAC;AAwB7E;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,iEAAiE;IACjE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,kDAAkD;IAClD,GAAG,CAAC,EAAE,MAAM,CAAC;IACb;;;;;;;OAOG;IACH,oBAAoB,CAAC,EAAE,OAAO,CAAC;CAChC;AAQD;;;;;GAKG;AACH,wBAAgB,qBAAqB,IAAI,IAAI,CAE5C;AAED;;;;;;;;;;;;GAYG;AACH,wBAAgB,iBAAiB,CAAC,OAAO,CAAC,EAAE,kBAAkB,GAAG,uBAAuB,CAmEvF"}

package/build/server/middleware/rate-limit.js ADDED Viewed

@@ -0,0 +1,109 @@
+/**
+ * Rate limiting middleware
+ * Prevents abuse and DoS attacks
+ *
+ * @module server/middleware/rate-limit
+ */
+import rateLimit, {} from "express-rate-limit";
+import { TransportErrorMessage, createJsonRpcError, HttpStatus, JsonRpcErrorCode } from "../../errors/index.js";
+import { getFrameworkConfig, registerCacheReset } from "../../config/index.js";
+import { logger as baseLogger } from "../../logger/index.js";
+// ============================================================================
+// Logger
+// ============================================================================
+const LOG_COMPONENT = "rate-limit";
+const LogMessages = {
+    CONFIGURED: "Rate limiter configured: max %d requests per %ds window",
+    EXCEEDED: "Rate limit exceeded from %s",
+    TRUST_PROXY_MISSING: "X-Forwarded-For header detected but MCP_TRUST_PROXY is not configured — " +
+        "all clients behind the reverse proxy share a single rate-limit bucket. " +
+        "Configure MCP_TRUST_PROXY for correct per-client rate limiting.",
+    PROXY_REJECTED: "Rejected proxied request from %s — MCP_TRUST_PROXY not configured",
+};
+const logger = baseLogger.child({ component: LOG_COMPONENT });
+/** Cached rate limiter instance (lazy initialization) */
+let cachedRateLimiter;
+// Self-register for central cache reset
+registerCacheReset(resetRateLimiterCache);
+/**
+ * Resets the cached rate limiter.
+ * Called by the central config reset to maintain cache coherence.
+ *
+ * @internal
+ */
+export function resetRateLimiterCache() {
+    cachedRateLimiter = undefined;
+}
+/**
+ * Creates or returns cached rate limiter for MCP endpoint.
+ *
+ * Uses lazy initialization to avoid circular dependency issues.
+ * The config is read when the function is first called, not at module load.
+ *
+ * Configurable via environment variables:
+ * - MCP_RATE_LIMIT_WINDOW_MS: Time window in ms (default: 900000 = 15 minutes)
+ * - MCP_RATE_LIMIT_MAX: Max requests per window (default: 1000)
+ *
+ * @param options - Optional override for rate limit settings
+ * @returns Express rate limiter middleware
+ */
+export function createRateLimiter(options) {
+    if (cachedRateLimiter && !options) {
+        return cachedRateLimiter;
+    }
+    // Lazy load config to avoid circular dependency
+    const config = getFrameworkConfig();
+    const windowMs = options?.windowMs ?? config.MCP_RATE_LIMIT_WINDOW_MS;
+    const max = options?.max ?? config.MCP_RATE_LIMIT_MAX;
+    // Trust proxy warning: detect reverse proxy without trust proxy config.
+    // Without trust proxy, req.ip is the TCP connection IP (proxy IP) — not spoofable,
+    // but all clients behind the same proxy share one rate-limit bucket.
+    // This is the safest default: a custom keyGenerator using X-Forwarded-For would
+    // allow attackers to create unlimited buckets by spoofing the header.
+    const trustProxyActive = options?.trustProxyConfigured ?? false;
+    let trustProxyWarningLogged = false;
+    const limiter = rateLimit({
+        windowMs,
+        max,
+        message: TransportErrorMessage.RATE_LIMIT_EXCEEDED,
+        standardHeaders: true, // Return rate limit info in the `RateLimit-*` headers
+        legacyHeaders: false, // Disable the `X-RateLimit-*` headers
+        handler: (req, res) => {
+            // Log one-time warning when X-Forwarded-For detected without trust proxy
+            if (!trustProxyActive && !trustProxyWarningLogged && req.headers["x-forwarded-for"]) {
+                logger.warn(LogMessages.TRUST_PROXY_MISSING);
+                trustProxyWarningLogged = true;
+            }
+            logger.warn(LogMessages.EXCEEDED, req.ip ?? "unknown");
+            res
+                .status(HttpStatus.TOO_MANY_REQUESTS)
+                .json(createJsonRpcError(JsonRpcErrorCode.SERVER_ERROR, TransportErrorMessage.RATE_LIMIT_EXCEEDED));
+        },
+    });
+    logger.debug(LogMessages.CONFIGURED, max, Math.round(windowMs / 1000));
+    // When trust proxy is not configured, reject requests that arrive via a reverse proxy.
+    // Without trust proxy, req.ip resolves to the proxy IP — rate limiting and IP-based
+    // security would apply to the proxy, not individual clients. Reject with 502 so the
+    // operator notices the misconfiguration.
+    if (!trustProxyActive) {
+        const guardedLimiter = ((req, res, next) => {
+            if (req.headers["x-forwarded-for"]) {
+                logger.warn(LogMessages.PROXY_REJECTED, req.ip ?? "unknown");
+                res
+                    .status(HttpStatus.BAD_GATEWAY)
+                    .json(createJsonRpcError(JsonRpcErrorCode.SERVER_ERROR, TransportErrorMessage.PROXY_NOT_CONFIGURED));
+                return;
+            }
+            limiter(req, res, next);
+        });
+        if (!options) {
+            cachedRateLimiter = guardedLimiter;
+        }
+        return guardedLimiter;
+    }
+    if (!options) {
+        cachedRateLimiter = limiter;
+    }
+    return limiter;
+}
+//# sourceMappingURL=rate-limit.js.map

package/build/server/middleware/rate-limit.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"rate-limit.js","sourceRoot":"","sources":["../../../src/server/middleware/rate-limit.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,SAAS,EAAE,EAAgC,MAAM,oBAAoB,CAAC;AAE7E,OAAO,EAAE,qBAAqB,EAAE,kBAAkB,EAAE,UAAU,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAChH,OAAO,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,MAAM,uBAAuB,CAAC;AAC/E,OAAO,EAAE,MAAM,IAAI,UAAU,EAAE,MAAM,uBAAuB,CAAC;AAE7D,+EAA+E;AAC/E,SAAS;AACT,+EAA+E;AAE/E,MAAM,aAAa,GAAG,YAAY,CAAC;AAEnC,MAAM,WAAW,GAAG;IAClB,UAAU,EAAE,yDAAyD;IACrE,QAAQ,EAAE,6BAA6B;IACvC,mBAAmB,EACjB,0EAA0E;QAC1E,yEAAyE;QACzE,iEAAiE;IACnE,cAAc,EAAE,mEAAmE;CAC3E,CAAC;AAEX,MAAM,MAAM,GAAG,UAAU,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,aAAa,EAAE,CAAC,CAAC;AAqB9D,yDAAyD;AACzD,IAAI,iBAAsD,CAAC;AAE3D,wCAAwC;AACxC,kBAAkB,CAAC,qBAAqB,CAAC,CAAC;AAE1C;;;;;GAKG;AACH,MAAM,UAAU,qBAAqB;IACnC,iBAAiB,GAAG,SAAS,CAAC;AAChC,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,iBAAiB,CAAC,OAA4B;IAC5D,IAAI,iBAAiB,IAAI,CAAC,OAAO,EAAE,CAAC;QAClC,OAAO,iBAAiB,CAAC;IAC3B,CAAC;IAED,gDAAgD;IAChD,MAAM,MAAM,GAAG,kBAAkB,EAAE,CAAC;IAEpC,MAAM,QAAQ,GAAG,OAAO,EAAE,QAAQ,IAAI,MAAM,CAAC,wBAAwB,CAAC;IACtE,MAAM,GAAG,GAAG,OAAO,EAAE,GAAG,IAAI,MAAM,CAAC,kBAAkB,CAAC;IAEtD,wEAAwE;IACxE,mFAAmF;IACnF,qEAAqE;IACrE,gFAAgF;IAChF,sEAAsE;IACtE,MAAM,gBAAgB,GAAG,OAAO,EAAE,oBAAoB,IAAI,KAAK,CAAC;IAChE,IAAI,uBAAuB,GAAG,KAAK,CAAC;IAEpC,MAAM,OAAO,GAAG,SAAS,CAAC;QACxB,QAAQ;QACR,GAAG;QACH,OAAO,EAAE,qBAAqB,CAAC,mBAAmB;QAClD,eAAe,EAAE,IAAI,EAAE,sDAAsD;QAC7E,aAAa,EAAE,KAAK,EAAE,sCAAsC;QAC5D,OAAO,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;YACpB,yEAAyE;YACzE,IAAI,CAAC,gBAAgB,IAAI,CAAC,uBAAuB,IAAI,GAAG,CAAC,OAAO,CAAC,iBAAiB,CAAC,EAAE,CAAC;gBACpF,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,mBAAmB,CAAC,CAAC;gBAC7C,uBAAuB,GAAG,IAAI,CAAC;YACjC,CAAC;YACD,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,GAAG,CAAC,EAAE,IAAI,SAAS,CAAC,CAAC;YACvD,GAAG;iBACA,MAAM,CAAC,UAAU,CAAC,iBAAiB,CAAC;iBACpC,IAAI,CAAC,kBAAkB,CAAC,gBAAgB,CAAC,YAAY,EAAE,qBAAqB,CAAC,mBAAmB,CAAC,CAAC,CAAC;QACxG,CAAC;KACF,CAAC,CAAC;IAEH,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,UAAU,EAAE,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,QAAQ,GAAG,IAAI,CAAC,CAAC,CAAC;IAEvE,uFAAuF;IACvF,oFAAoF;IACpF,oFAAoF;IACpF,yCAAyC;IACzC,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACtB,MAAM,cAAc,GAAG,CAAC,CAAC,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAE,EAAE;YAC1E,IAAI,GAAG,CAAC,OAAO,CAAC,iBAAiB,CAAC,EAAE,CAAC;gBACnC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,cAAc,EAAE,GAAG,CAAC,EAAE,IAAI,SAAS,CAAC,CAAC;gBAC7D,GAAG;qBACA,MAAM,CAAC,UAAU,CAAC,WAAW,CAAC;qBAC9B,IAAI,CAAC,kBAAkB,CAAC,gBAAgB,CAAC,YAAY,EAAE,qBAAqB,CAAC,oBAAoB,CAAC,CAAC,CAAC;gBACvG,OAAO;YACT,CAAC;YACD,OAAO,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;QAC1B,CAAC,CAA4B,CAAC;QAE9B,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,iBAAiB,GAAG,cAAc,CAAC;QACrC,CAAC;QACD,OAAO,cAAc,CAAC;IACxB,CAAC;IAED,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,iBAAiB,GAAG,OAAO,CAAC;IAC9B,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC"}

package/build/server/middleware/trust-proxy.d.ts ADDED Viewed

@@ -0,0 +1,37 @@
+/**
+ * Trust Proxy Resolution
+ *
+ * Validates and resolves the `MCP_TRUST_PROXY` configuration value into
+ * a type-safe Express-compatible trust proxy setting.
+ *
+ * Supported value formats:
+ * - **Hop count**: Integer string (`'1'`, `'2'`) → `number` for Express
+ * - **Express keywords**: `'loopback'`, `'linklocal'`, `'uniquelocal'`
+ * - **IP addresses**: IPv4 or IPv6 (`'10.0.0.1'`, `'::1'`)
+ * - **CIDR ranges**: `'10.0.0.0/8'`, `'172.16.0.0/12'`
+ * - **DNS hostnames**: Resolved to IP at startup (`'proxy.example.com'`)
+ * - **Comma-separated lists**: `'loopback, 10.0.0.1, proxy.internal'`
+ *
+ * Invalid values or unresolvable hostnames throw `ConfigurationError`.
+ * `undefined` or empty string → `undefined` (trust proxy disabled).
+ *
+ * @module server/middleware/trust-proxy
+ */
+/** Express built-in trust proxy keywords. */
+declare const TRUST_PROXY_KEYWORDS: ReadonlySet<string>;
+/**
+ * Resolve a raw trust proxy config string into an Express-compatible value.
+ *
+ * This function validates each segment of the (possibly comma-separated)
+ * value. DNS hostnames are resolved to IP addresses at startup time.
+ *
+ * @param value - Raw config string from `MCP_TRUST_PROXY`
+ * @returns Resolved value for `app.set('trust proxy', ...)`:
+ *   - `number` for hop-count values
+ *   - `string` for IP/CIDR/keyword (possibly comma-separated)
+ *   - `undefined` when trust proxy is disabled
+ * @throws {ConfigurationError} if a segment is invalid or DNS resolution fails
+ */
+export declare function resolveTrustProxy(value: string | undefined): Promise<string | number | undefined>;
+export { TRUST_PROXY_KEYWORDS };
+//# sourceMappingURL=trust-proxy.d.ts.map

package/build/server/middleware/trust-proxy.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"trust-proxy.d.ts","sourceRoot":"","sources":["../../../src/server/middleware/trust-proxy.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAcH,6CAA6C;AAC7C,QAAA,MAAM,oBAAoB,EAAE,WAAW,CAAC,MAAM,CAAqD,CAAC;AAgBpG;;;;;;;;;;;;GAYG;AACH,wBAAsB,iBAAiB,CAAC,KAAK,EAAE,MAAM,GAAG,SAAS,GAAG,OAAO,CAAC,MAAM,GAAG,MAAM,GAAG,SAAS,CAAC,CAuCvG;AAED,OAAO,EAAE,oBAAoB,EAAE,CAAC"}

package/build/server/middleware/trust-proxy.js ADDED Viewed

@@ -0,0 +1,154 @@
+/**
+ * Trust Proxy Resolution
+ *
+ * Validates and resolves the `MCP_TRUST_PROXY` configuration value into
+ * a type-safe Express-compatible trust proxy setting.
+ *
+ * Supported value formats:
+ * - **Hop count**: Integer string (`'1'`, `'2'`) → `number` for Express
+ * - **Express keywords**: `'loopback'`, `'linklocal'`, `'uniquelocal'`
+ * - **IP addresses**: IPv4 or IPv6 (`'10.0.0.1'`, `'::1'`)
+ * - **CIDR ranges**: `'10.0.0.0/8'`, `'172.16.0.0/12'`
+ * - **DNS hostnames**: Resolved to IP at startup (`'proxy.example.com'`)
+ * - **Comma-separated lists**: `'loopback, 10.0.0.1, proxy.internal'`
+ *
+ * Invalid values or unresolvable hostnames throw `ConfigurationError`.
+ * `undefined` or empty string → `undefined` (trust proxy disabled).
+ *
+ * @module server/middleware/trust-proxy
+ */
+import { isIP } from "node:net";
+import { promises as dns } from "node:dns";
+import { ConfigurationError } from "../../errors/index.js";
+import { logger as baseLogger } from "../../logger/index.js";
+// ============================================================================
+// Constants
+// ============================================================================
+const ENV_VAR = "MCP_TRUST_PROXY";
+/** Express built-in trust proxy keywords. */
+const TRUST_PROXY_KEYWORDS = new Set(["loopback", "linklocal", "uniquelocal"]);
+/** Pattern for CIDR notation: IP address followed by /prefix-length. */
+const CIDR_PATTERN = /^.+\/\d{1,3}$/;
+const logger = baseLogger.child({ component: "trust-proxy" });
+const TrustProxyLogMessages = {
+    RESOLVED_HOSTNAME: "Resolved trust proxy hostname %s → %s",
+    TRUST_PROXY_ACTIVE: "Trust proxy enabled: %s",
+};
+// ============================================================================
+// Public API
+// ============================================================================
+/**
+ * Resolve a raw trust proxy config string into an Express-compatible value.
+ *
+ * This function validates each segment of the (possibly comma-separated)
+ * value. DNS hostnames are resolved to IP addresses at startup time.
+ *
+ * @param value - Raw config string from `MCP_TRUST_PROXY`
+ * @returns Resolved value for `app.set('trust proxy', ...)`:
+ *   - `number` for hop-count values
+ *   - `string` for IP/CIDR/keyword (possibly comma-separated)
+ *   - `undefined` when trust proxy is disabled
+ * @throws {ConfigurationError} if a segment is invalid or DNS resolution fails
+ */
+export async function resolveTrustProxy(value) {
+    if (value === undefined || value.trim() === "") {
+        return undefined;
+    }
+    const trimmed = value.trim();
+    // ── Hop count (pure integer) ─────────────────────────────────────────
+    const asNumber = Number(trimmed);
+    if (Number.isInteger(asNumber) && asNumber >= 1) {
+        logger.info(TrustProxyLogMessages.TRUST_PROXY_ACTIVE, String(asNumber));
+        return asNumber;
+    }
+    // Guard: "0" or negative integers are not valid hop counts
+    if (Number.isInteger(asNumber) && asNumber <= 0) {
+        throw ConfigurationError.invalidEnvVar(ENV_VAR, `Hop count must be ≥ 1, got ${trimmed}`);
+    }
+    // ── Segment-wise validation (comma-separated) ───────────────────────
+    const rawSegments = trimmed.split(",");
+    const resolvedSegments = [];
+    for (const raw of rawSegments) {
+        const segment = raw.trim();
+        if (segment === "")
+            continue;
+        const resolved = await resolveSegment(segment);
+        resolvedSegments.push(resolved);
+    }
+    if (resolvedSegments.length === 0) {
+        return undefined;
+    }
+    const result = resolvedSegments.length === 1 ? resolvedSegments[0] : resolvedSegments.join(", ");
+    logger.info(TrustProxyLogMessages.TRUST_PROXY_ACTIVE, result);
+    return result;
+}
+export { TRUST_PROXY_KEYWORDS };
+// ============================================================================
+// Internal Helpers
+// ============================================================================
+/**
+ * Validate and resolve a single trust proxy segment.
+ *
+ * Order of checks:
+ * 1. Express keyword (`loopback`, `linklocal`, `uniquelocal`)
+ * 2. IP address (IPv4 or IPv6)
+ * 3. CIDR range (IP/prefix)
+ * 4. DNS hostname → resolve to IP
+ */
+async function resolveSegment(segment) {
+    // 1. Express keyword
+    if (TRUST_PROXY_KEYWORDS.has(segment)) {
+        return segment;
+    }
+    // 2. Plain IP address
+    if (isIP(segment) !== 0) {
+        return segment;
+    }
+    // 3. CIDR notation — validate the IP part
+    if (CIDR_PATTERN.test(segment)) {
+        const slashIndex = segment.lastIndexOf("/");
+        const ipPart = segment.substring(0, slashIndex);
+        const prefixStr = segment.substring(slashIndex + 1);
+        const prefix = Number(prefixStr);
+        if (isIP(ipPart) === 0) {
+            throw ConfigurationError.invalidEnvVar(ENV_VAR, `Invalid IP in CIDR notation: '${segment}'`);
+        }
+        const maxPrefix = isIP(ipPart) === 4 ? 32 : 128;
+        if (prefix < 0 || prefix > maxPrefix) {
+            throw ConfigurationError.invalidEnvVar(ENV_VAR, `CIDR prefix out of range (0–${String(maxPrefix)}): '${segment}'`);
+        }
+        return segment;
+    }
+    // 4. DNS hostname — resolve at startup
+    return resolveHostname(segment);
+}
+/**
+ * Resolve a DNS hostname to an IP address.
+ *
+ * Uses `dns.promises.lookup()` which respects the OS resolver configuration
+ * (including `/etc/hosts`). Only the first resolved address is used.
+ *
+ * @throws {ConfigurationError} if DNS resolution fails or the hostname
+ *   contains invalid characters
+ */
+async function resolveHostname(hostname) {
+    // Basic hostname validation (RFC 1123)
+    if (!/^[a-zA-Z0-9]([a-zA-Z0-9-]*[a-zA-Z0-9])?(\.[a-zA-Z0-9]([a-zA-Z0-9-]*[a-zA-Z0-9])?)*$/.test(hostname)) {
+        throw ConfigurationError.invalidEnvVar(ENV_VAR, `Invalid trust proxy value: '${hostname}' (not a keyword, IP, CIDR, or valid hostname)`);
+    }
+    const DNS_TIMEOUT_MS = 5_000;
+    try {
+        const lookup = dns.lookup(hostname);
+        const timeout = new Promise((_, reject) => {
+            const timer = setTimeout(() => reject(new Error("DNS lookup timed out")), DNS_TIMEOUT_MS);
+            timer.unref();
+        });
+        const { address } = await Promise.race([lookup, timeout]);
+        logger.info(TrustProxyLogMessages.RESOLVED_HOSTNAME, hostname, address);
+        return address;
+    }
+    catch (_cause) {
+        throw ConfigurationError.invalidEnvVar(ENV_VAR, `Cannot resolve hostname '${hostname}': DNS lookup failed`);
+    }
+}
+//# sourceMappingURL=trust-proxy.js.map

package/build/server/middleware/trust-proxy.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"trust-proxy.js","sourceRoot":"","sources":["../../../src/server/middleware/trust-proxy.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,UAAU,CAAC;AAChC,OAAO,EAAE,QAAQ,IAAI,GAAG,EAAE,MAAM,UAAU,CAAC;AAE3C,OAAO,EAAE,kBAAkB,EAAE,MAAM,uBAAuB,CAAC;AAC3D,OAAO,EAAE,MAAM,IAAI,UAAU,EAAE,MAAM,uBAAuB,CAAC;AAE7D,+EAA+E;AAC/E,YAAY;AACZ,+EAA+E;AAE/E,MAAM,OAAO,GAAG,iBAAiB,CAAC;AAElC,6CAA6C;AAC7C,MAAM,oBAAoB,GAAwB,IAAI,GAAG,CAAC,CAAC,UAAU,EAAE,WAAW,EAAE,aAAa,CAAC,CAAC,CAAC;AAEpG,wEAAwE;AACxE,MAAM,YAAY,GAAG,eAAe,CAAC;AAErC,MAAM,MAAM,GAAG,UAAU,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,aAAa,EAAE,CAAC,CAAC;AAE9D,MAAM,qBAAqB,GAAG;IAC5B,iBAAiB,EAAE,uCAAuC;IAC1D,kBAAkB,EAAE,yBAAyB;CACrC,CAAC;AAEX,+EAA+E;AAC/E,aAAa;AACb,+EAA+E;AAE/E;;;;;;;;;;;;GAYG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,KAAyB;IAC/D,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;QAC/C,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;IAE7B,wEAAwE;IACxE,MAAM,QAAQ,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC;IACjC,IAAI,MAAM,CAAC,SAAS,CAAC,QAAQ,CAAC,IAAI,QAAQ,IAAI,CAAC,EAAE,CAAC;QAChD,MAAM,CAAC,IAAI,CAAC,qBAAqB,CAAC,kBAAkB,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;QACxE,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,2DAA2D;IAC3D,IAAI,MAAM,CAAC,SAAS,CAAC,QAAQ,CAAC,IAAI,QAAQ,IAAI,CAAC,EAAE,CAAC;QAChD,MAAM,kBAAkB,CAAC,aAAa,CAAC,OAAO,EAAE,8BAA8B,OAAO,EAAE,CAAC,CAAC;IAC3F,CAAC;IAED,uEAAuE;IACvE,MAAM,WAAW,GAAG,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACvC,MAAM,gBAAgB,GAAa,EAAE,CAAC;IAEtC,KAAK,MAAM,GAAG,IAAI,WAAW,EAAE,CAAC;QAC9B,MAAM,OAAO,GAAG,GAAG,CAAC,IAAI,EAAE,CAAC;QAC3B,IAAI,OAAO,KAAK,EAAE;YAAE,SAAS;QAE7B,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,OAAO,CAAC,CAAC;QAC/C,gBAAgB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAClC,CAAC;IAED,IAAI,gBAAgB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAClC,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,MAAM,GAAG,gBAAgB,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAEjG,MAAM,CAAC,IAAI,CAAC,qBAAqB,CAAC,kBAAkB,EAAE,MAAM,CAAC,CAAC;IAC9D,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,OAAO,EAAE,oBAAoB,EAAE,CAAC;AAEhC,+EAA+E;AAC/E,mBAAmB;AACnB,+EAA+E;AAE/E;;;;;;;;GAQG;AACH,KAAK,UAAU,cAAc,CAAC,OAAe;IAC3C,qBAAqB;IACrB,IAAI,oBAAoB,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;QACtC,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,sBAAsB;IACtB,IAAI,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACxB,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,0CAA0C;IAC1C,IAAI,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QAC/B,MAAM,UAAU,GAAG,OAAO,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;QAC5C,MAAM,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC;QAChD,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC,UAAU,GAAG,CAAC,CAAC,CAAC;QACpD,MAAM,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC,CAAC;QAEjC,IAAI,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;YACvB,MAAM,kBAAkB,CAAC,aAAa,CAAC,OAAO,EAAE,iCAAiC,OAAO,GAAG,CAAC,CAAC;QAC/F,CAAC;QAED,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC;QAChD,IAAI,MAAM,GAAG,CAAC,IAAI,MAAM,GAAG,SAAS,EAAE,CAAC;YACrC,MAAM,kBAAkB,CAAC,aAAa,CACpC,OAAO,EACP,+BAA+B,MAAM,CAAC,SAAS,CAAC,OAAO,OAAO,GAAG,CAClE,CAAC;QACJ,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,uCAAuC;IACvC,OAAO,eAAe,CAAC,OAAO,CAAC,CAAC;AAClC,CAAC;AAED;;;;;;;;GAQG;AACH,KAAK,UAAU,eAAe,CAAC,QAAgB;IAC7C,uCAAuC;IACvC,IAAI,CAAC,qFAAqF,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC1G,MAAM,kBAAkB,CAAC,aAAa,CACpC,OAAO,EACP,+BAA+B,QAAQ,gDAAgD,CACxF,CAAC;IACJ,CAAC;IAED,MAAM,cAAc,GAAG,KAAK,CAAC;IAC7B,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QACpC,MAAM,OAAO,GAAG,IAAI,OAAO,CAAQ,CAAC,CAAC,EAAE,MAAM,EAAE,EAAE;YAC/C,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;YAC1F,KAAK,CAAC,KAAK,EAAE,CAAC;QAChB,CAAC,CAAC,CAAC;QACH,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;QAC1D,MAAM,CAAC,IAAI,CAAC,qBAAqB,CAAC,iBAAiB,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;QACxE,OAAO,OAAO,CAAC;IACjB,CAAC;IAAC,OAAO,MAAM,EAAE,CAAC;QAChB,MAAM,kBAAkB,CAAC,aAAa,CAAC,OAAO,EAAE,4BAA4B,QAAQ,sBAAsB,CAAC,CAAC;IAC9G,CAAC;AACH,CAAC"}

package/build/server/option-overrides.d.ts ADDED Viewed

@@ -0,0 +1,25 @@
+/**
+ * Programmatic Option → Config Overrides
+ *
+ * Pure mapping function that bridges programmatic ServerOptions into
+ * FrameworkEnvConfig overrides. Extracted from McpServerInstance for
+ * testability and to reduce class complexity.
+ *
+ * @module server/option-overrides
+ * @internal
+ */
+import type { ServerOptions } from "./server-options.js";
+import type { FrameworkEnvConfig } from "../config/index.js";
+/**
+ * Maps programmatic server options to config override entries.
+ *
+ * This is a pure function — it reads `currentConfig` only to check
+ * whether OTEL_SERVICE_NAME is already set (avoiding accidental override).
+ *
+ * @param options - The server options from createServer() or McpServerBuilder
+ * @param currentConfig - The current resolved framework config
+ * @returns Partial config overrides to apply (empty object if none)
+ * @internal
+ */
+export declare function mapServerOptionsToOverrides(options: ServerOptions, currentConfig: FrameworkEnvConfig): Partial<FrameworkEnvConfig>;
+//# sourceMappingURL=option-overrides.d.ts.map

package/build/server/option-overrides.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"option-overrides.d.ts","sourceRoot":"","sources":["../../src/server/option-overrides.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAEzD,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAE7D;;;;;;;;;;GAUG;AACH,wBAAgB,2BAA2B,CACzC,OAAO,EAAE,aAAa,EACtB,aAAa,EAAE,kBAAkB,GAChC,OAAO,CAAC,kBAAkB,CAAC,CAkE7B"}