mcp4openapi 0.1.0

package/dist/src/generated-schemas.js

@@ -0,0 +1,66 @@
+// Generated by ts-to-zod
+import { z } from "zod";
+export const compositeStepSchema = z.object({
+    call: z.string(),
+    store_as: z.string(),
+    depends_on: z.array(z.string()).optional()
+});
+export const parameterDefinitionSchema = z.object({
+    type: z.union([z.literal("string"), z.literal("integer"), z.literal("number"), z.literal("boolean"), z.literal("array"), z.literal("object")]),
+    description: z.string(),
+    required: z.boolean().optional(),
+    required_for: z.array(z.string()).optional(),
+    enum: z.array(z.string()).optional(),
+    items: z.object({
+        type: z.string()
+    }).optional(),
+    default: z.unknown().optional(),
+    example: z.unknown().optional()
+});
+export const authInterceptorSchema = z.object({
+    type: z.union([z.literal("bearer"), z.literal("query"), z.literal("custom-header")]),
+    header_name: z.string().optional(),
+    query_param: z.string().optional(),
+    value_from_env: z.string()
+});
+export const baseUrlConfigSchema = z.object({
+    value_from_env: z.string(),
+    default: z.string().optional()
+});
+export const rateLimitConfigSchema = z.object({
+    max_requests_per_minute: z.number(),
+    overrides: z.record(z.string(), z.object({
+        max_requests_per_minute: z.number()
+    })).optional()
+});
+export const retryConfigSchema = z.object({
+    max_attempts: z.number(),
+    backoff_ms: z.array(z.number()),
+    retry_on_status: z.array(z.number())
+});
+export const toolDefinitionSchema = z.object({
+    name: z.string(),
+    description: z.string(),
+    operations: z.union([z.record(z.string(), z.string()), z.record(z.string(), z.string())]).optional(),
+    composite: z.boolean().optional(),
+    steps: z.array(compositeStepSchema).optional(),
+    partial_results: z.boolean().optional(),
+    parameters: z.record(z.string(), parameterDefinitionSchema),
+    metadata_params: z.array(z.string()).optional(),
+    response_fields: z.record(z.string(), z.array(z.string())).optional()
+});
+export const interceptorConfigSchema = z.object({
+    auth: authInterceptorSchema.optional(),
+    base_url: baseUrlConfigSchema.optional(),
+    rate_limit: rateLimitConfigSchema.optional(),
+    retry: retryConfigSchema.optional(),
+    array_format: z.union([z.literal("brackets"), z.literal("indices"), z.literal("repeat"), z.literal("comma")]).optional()
+});
+export const profileSchema = z.object({
+    profile_name: z.string(),
+    description: z.string().optional(),
+    tools: z.array(toolDefinitionSchema),
+    interceptors: interceptorConfigSchema.optional(),
+    parameter_aliases: z.record(z.string(), z.array(z.string())).optional()
+});
+//# sourceMappingURL=generated-schemas.js.map

package/dist/src/generated-schemas.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"generated-schemas.js","sourceRoot":"","sources":["../../src/generated-schemas.ts"],"names":[],"mappings":"AAAA,yBAAyB;AACzB,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC,CAAC,MAAM,CAAC;IACxC,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;IAChB,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE;IACpB,UAAU,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;CAC7C,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,yBAAyB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC9C,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC9I,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE;IACvB,QAAQ,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAChC,YAAY,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAC5C,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACpC,KAAK,EAAE,CAAC,CAAC,MAAM,CAAC;QACZ,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;KACnB,CAAC,CAAC,QAAQ,EAAE;IACb,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAC/B,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;CAClC,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,qBAAqB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC1C,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC;IACpF,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAClC,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAClC,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE;CAC7B,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC,CAAC,MAAM,CAAC;IACxC,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE;IAC1B,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACjC,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,qBAAqB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC1C,uBAAuB,EAAE,CAAC,CAAC,MAAM,EAAE;IACnC,SAAS,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,MAAM,CAAC;QACrC,uBAAuB,EAAE,CAAC,CAAC,MAAM,EAAE;KACtC,CAAC,CAAC,CAAC,QAAQ,EAAE;CACjB,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,CAAC,MAAM,CAAC;IACtC,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE;IACxB,UAAU,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;IAC/B,eAAe,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;CACvC,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAAC,CAAC,MAAM,CAAC;IACzC,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;IAChB,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE;IACvB,UAAU,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IACpG,SAAS,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACjC,KAAK,EAAE,CAAC,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAC,QAAQ,EAAE;IAC9C,eAAe,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACvC,UAAU,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,yBAAyB,CAAC;IAC3D,eAAe,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAC/C,eAAe,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,QAAQ,EAAE;CACxE,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,uBAAuB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC5C,IAAI,EAAE,qBAAqB,CAAC,QAAQ,EAAE;IACtC,QAAQ,EAAE,mBAAmB,CAAC,QAAQ,EAAE;IACxC,UAAU,EAAE,qBAAqB,CAAC,QAAQ,EAAE;IAC5C,KAAK,EAAE,iBAAiB,CAAC,QAAQ,EAAE;IACnC,YAAY,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;CAC3H,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,aAAa,GAAG,CAAC,CAAC,MAAM,CAAC;IAClC,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE;IACxB,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAClC,KAAK,EAAE,CAAC,CAAC,KAAK,CAAC,oBAAoB,CAAC;IACpC,YAAY,EAAE,uBAAuB,CAAC,QAAQ,EAAE;IAChD,iBAAiB,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,QAAQ,EAAE;CAC1E,CAAC,CAAC"}

package/dist/src/http-client-factory.d.ts

@@ -0,0 +1,62 @@
+/**
+ * HTTP Client Factory - unified HTTP client management
+ *
+ * Why: Eliminates code duplication in HTTP client creation and management
+ * Provides consistent client lifecycle, auth handling, and caching
+ */
+import { HttpClient } from './interceptors.js';
+import type { Profile } from './types/profile.js';
+export interface HttpClientConfig {
+    profile: Profile;
+    baseUrl: string;
+    sessionToken?: string;
+}
+/**
+ * Factory for creating and managing HTTP clients
+ * Handles both global and session-specific clients
+ */
+export declare class HttpClientFactory {
+    private globalClient?;
+    private sessionClients;
+    /**
+     * Create global HTTP client (for stdio transport)
+     */
+    createGlobalClient(config: HttpClientConfig): HttpClient;
+    /**
+     * Get or create session-specific HTTP client
+     */
+    getOrCreateSessionClient(sessionId: string, config: HttpClientConfig): HttpClient;
+    /**
+     * Get global client (throws if not initialized)
+     */
+    getGlobalClient(): HttpClient;
+    /**
+     * Get session client (throws if not exists)
+     */
+    getSessionClient(sessionId: string): HttpClient;
+    /**
+     * Cleanup session client
+     */
+    cleanupSessionClient(sessionId: string): boolean;
+    /**
+     * Check if global client exists
+     */
+    hasGlobalClient(): boolean;
+    /**
+     * Check if session client exists
+     */
+    hasSessionClient(sessionId: string): boolean;
+    /**
+     * Get auth token for client creation
+     */
+    private getAuthToken;
+    /**
+     * Create interceptor chain for client
+     */
+    private createInterceptorChain;
+    /**
+     * Validate client configuration
+     */
+    validateClientConfig(config: HttpClientConfig): void;
+}
+//# sourceMappingURL=http-client-factory.d.ts.map

package/dist/src/http-client-factory.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"http-client-factory.d.ts","sourceRoot":"","sources":["../../src/http-client-factory.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAoB,UAAU,EAAE,MAAM,mBAAmB,CAAC;AACjE,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,oBAAoB,CAAC;AAGlD,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED;;;GAGG;AACH,qBAAa,iBAAiB;IAC5B,OAAO,CAAC,YAAY,CAAC,CAAa;IAClC,OAAO,CAAC,cAAc,CAAiC;IAEvD;;OAEG;IACH,kBAAkB,CAAC,MAAM,EAAE,gBAAgB,GAAG,UAAU;IAOxD;;OAEG;IACH,wBAAwB,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,gBAAgB,GAAG,UAAU;IAsBjF;;OAEG;IACH,eAAe,IAAI,UAAU;IAO7B;;OAEG;IACH,gBAAgB,CAAC,SAAS,EAAE,MAAM,GAAG,UAAU;IAQ/C;;OAEG;IACH,oBAAoB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO;IAIhD;;OAEG;IACH,eAAe,IAAI,OAAO;IAI1B;;OAEG;IACH,gBAAgB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO;IAI5C;;OAEG;IACH,OAAO,CAAC,YAAY;IAapB;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAK9B;;OAEG;IACH,oBAAoB,CAAC,MAAM,EAAE,gBAAgB,GAAG,IAAI;CAmBrD"}

package/dist/src/http-client-factory.js

@@ -0,0 +1,121 @@
+/**
+ * HTTP Client Factory - unified HTTP client management
+ *
+ * Why: Eliminates code duplication in HTTP client creation and management
+ * Provides consistent client lifecycle, auth handling, and caching
+ */
+import { InterceptorChain, HttpClient } from './interceptors.js';
+import { ConfigurationError, AuthenticationError } from './errors.js';
+/**
+ * Factory for creating and managing HTTP clients
+ * Handles both global and session-specific clients
+ */
+export class HttpClientFactory {
+    globalClient;
+    sessionClients = new Map();
+    /**
+     * Create global HTTP client (for stdio transport)
+     */
+    createGlobalClient(config) {
+        const interceptors = this.createInterceptorChain(config);
+        const client = new HttpClient(config.baseUrl, interceptors);
+        this.globalClient = client;
+        return client;
+    }
+    /**
+     * Get or create session-specific HTTP client
+     */
+    getOrCreateSessionClient(sessionId, config) {
+        // Check cache first
+        let client = this.sessionClients.get(sessionId);
+        if (client) {
+            return client;
+        }
+        // Create new client for session
+        const interceptors = this.createInterceptorChain(config);
+        const newClient = new HttpClient(config.baseUrl, interceptors);
+        // Double-check for race condition
+        const existingClient = this.sessionClients.get(sessionId);
+        if (existingClient) {
+            return existingClient;
+        }
+        // Cache and return
+        this.sessionClients.set(sessionId, newClient);
+        return newClient;
+    }
+    /**
+     * Get global client (throws if not initialized)
+     */
+    getGlobalClient() {
+        if (!this.globalClient) {
+            throw new ConfigurationError('Global HTTP client not initialized');
+        }
+        return this.globalClient;
+    }
+    /**
+     * Get session client (throws if not exists)
+     */
+    getSessionClient(sessionId) {
+        const client = this.sessionClients.get(sessionId);
+        if (!client) {
+            throw new ConfigurationError(`Session HTTP client not found for session: ${sessionId}`);
+        }
+        return client;
+    }
+    /**
+     * Cleanup session client
+     */
+    cleanupSessionClient(sessionId) {
+        return this.sessionClients.delete(sessionId);
+    }
+    /**
+     * Check if global client exists
+     */
+    hasGlobalClient() {
+        return !!this.globalClient;
+    }
+    /**
+     * Check if session client exists
+     */
+    hasSessionClient(sessionId) {
+        return this.sessionClients.has(sessionId);
+    }
+    /**
+     * Get auth token for client creation
+     */
+    getAuthToken(config) {
+        // Priority: session token > environment token
+        if (config.sessionToken) {
+            return config.sessionToken;
+        }
+        if (config.profile.interceptors?.auth) {
+            return process.env[config.profile.interceptors.auth.value_from_env];
+        }
+        return undefined;
+    }
+    /**
+     * Create interceptor chain for client
+     */
+    createInterceptorChain(config) {
+        const token = this.getAuthToken(config);
+        return new InterceptorChain(config.profile.interceptors || {}, token);
+    }
+    /**
+     * Validate client configuration
+     */
+    validateClientConfig(config) {
+        if (!config.baseUrl) {
+            throw new ConfigurationError('Base URL is required for HTTP client');
+        }
+        if (!config.profile) {
+            throw new ConfigurationError('Profile is required for HTTP client');
+        }
+        // Check if we have any auth token available
+        const hasToken = this.getAuthToken(config);
+        if (!hasToken && config.profile.interceptors?.auth) {
+            const envVar = config.profile.interceptors.auth.value_from_env;
+            throw new AuthenticationError(`No auth token available. Expected token in Authorization header or ${envVar} env var`, { envVar });
+        }
+    }
+}
+//# sourceMappingURL=http-client-factory.js.map

package/dist/src/http-client-factory.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"http-client-factory.js","sourceRoot":"","sources":["../../src/http-client-factory.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,gBAAgB,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAEjE,OAAO,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAQtE;;;GAGG;AACH,MAAM,OAAO,iBAAiB;IACpB,YAAY,CAAc;IAC1B,cAAc,GAAG,IAAI,GAAG,EAAsB,CAAC;IAEvD;;OAEG;IACH,kBAAkB,CAAC,MAAwB;QACzC,MAAM,YAAY,GAAG,IAAI,CAAC,sBAAsB,CAAC,MAAM,CAAC,CAAC;QACzD,MAAM,MAAM,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QAC5D,IAAI,CAAC,YAAY,GAAG,MAAM,CAAC;QAC3B,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,wBAAwB,CAAC,SAAiB,EAAE,MAAwB;QAClE,oBAAoB;QACpB,IAAI,MAAM,GAAG,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAChD,IAAI,MAAM,EAAE,CAAC;YACX,OAAO,MAAM,CAAC;QAChB,CAAC;QAED,gCAAgC;QAChC,MAAM,YAAY,GAAG,IAAI,CAAC,sBAAsB,CAAC,MAAM,CAAC,CAAC;QACzD,MAAM,SAAS,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QAE/D,kCAAkC;QAClC,MAAM,cAAc,GAAG,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC1D,IAAI,cAAc,EAAE,CAAC;YACnB,OAAO,cAAc,CAAC;QACxB,CAAC;QAED,mBAAmB;QACnB,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;QAC9C,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;OAEG;IACH,eAAe;QACb,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;YACvB,MAAM,IAAI,kBAAkB,CAAC,oCAAoC,CAAC,CAAC;QACrE,CAAC;QACD,OAAO,IAAI,CAAC,YAAY,CAAC;IAC3B,CAAC;IAED;;OAEG;IACH,gBAAgB,CAAC,SAAiB;QAChC,MAAM,MAAM,GAAG,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAClD,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,kBAAkB,CAAC,8CAA8C,SAAS,EAAE,CAAC,CAAC;QAC1F,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,oBAAoB,CAAC,SAAiB;QACpC,OAAO,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IAC/C,CAAC;IAED;;OAEG;IACH,eAAe;QACb,OAAO,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC;IAC7B,CAAC;IAED;;OAEG;IACH,gBAAgB,CAAC,SAAiB;QAChC,OAAO,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IAC5C,CAAC;IAED;;OAEG;IACK,YAAY,CAAC,MAAwB;QAC3C,8CAA8C;QAC9C,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;YACxB,OAAO,MAAM,CAAC,YAAY,CAAC;QAC7B,CAAC;QAED,IAAI,MAAM,CAAC,OAAO,CAAC,YAAY,EAAE,IAAI,EAAE,CAAC;YACtC,OAAO,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QACtE,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;OAEG;IACK,sBAAsB,CAAC,MAAwB;QACrD,MAAM,KAAK,GAAG,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;QACxC,OAAO,IAAI,gBAAgB,CAAC,MAAM,CAAC,OAAO,CAAC,YAAY,IAAI,EAAE,EAAE,KAAK,CAAC,CAAC;IACxE,CAAC;IAED;;OAEG;IACH,oBAAoB,CAAC,MAAwB;QAC3C,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACpB,MAAM,IAAI,kBAAkB,CAAC,sCAAsC,CAAC,CAAC;QACvE,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACpB,MAAM,IAAI,kBAAkB,CAAC,qCAAqC,CAAC,CAAC;QACtE,CAAC;QAED,4CAA4C;QAC5C,MAAM,QAAQ,GAAG,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;QAC3C,IAAI,CAAC,QAAQ,IAAI,MAAM,CAAC,OAAO,CAAC,YAAY,EAAE,IAAI,EAAE,CAAC;YACnD,MAAM,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,IAAI,CAAC,cAAc,CAAC;YAC/D,MAAM,IAAI,mBAAmB,CAC3B,sEAAsE,MAAM,UAAU,EACtF,EAAE,MAAM,EAAE,CACX,CAAC;QACJ,CAAC;IACH,CAAC;CACF"}

package/dist/src/http-transport.d.ts

@@ -0,0 +1,194 @@
+/**
+ * HTTP Streamable Transport for MCP
+ *
+ * Implements MCP Specification 2025-03-26
+ * https://modelcontextprotocol.io/specification/2025-03-26/basic/transports
+ *
+ * Why: Enables remote MCP server access with SSE streaming, session management,
+ * and resumability for reliable communication over HTTP.
+ */
+import type { Logger } from './logger.js';
+import type { HttpTransportConfig } from './types/http-transport.js';
+export declare class HttpTransport {
+    private app;
+    private server;
+    private sessions;
+    private config;
+    private logger;
+    private metrics;
+    private cleanupInterval;
+    private messageHandler;
+    constructor(config: HttpTransportConfig, logger: Logger);
+    /**
+     * Setup Express middleware
+     *
+     * Why: Security (Origin validation, rate limiting), JSON parsing, session extraction, metrics
+     */
+    private setupMiddleware;
+    private hasWarnedAboutBinding;
+    /**
+     * Check if origin is allowed
+     *
+     * Why: Prevent DNS rebinding attacks
+     *
+     * Supports:
+     * - Exact hostname: 'example.com', 'api.example.com'
+     * - Wildcard subdomain: '*.example.com'
+     * - IPv4 CIDR: '192.168.1.0/24', '10.0.0.0/8'
+     * - IPv4 exact: '192.168.1.100'
+     */
+    private isAllowedOrigin;
+    /**
+     * Match hostname against allowed origin pattern
+     *
+     * Supports:
+     * - Exact match: 'example.com' === 'example.com'
+     * - Wildcard: '*.example.com' matches 'api.example.com', 'web.example.com'
+     * - CIDR: '192.168.1.0/24' matches '192.168.1.1' through '192.168.1.254'
+     */
+    private matchOrigin;
+    /**
+     * Check if IP address is within CIDR range
+     *
+     * Example: '192.168.1.50' matches '192.168.1.0/24'
+     */
+    private matchCIDR;
+    /**
+     * Convert IPv4 address to 32-bit integer
+     *
+     * Example: '192.168.1.1' -> 3232235777
+     */
+    private ipToInt;
+    /**
+     * Setup MCP endpoint routes
+     *
+     * Why: Single endpoint for POST (client→server) and GET (SSE stream)
+     */
+    private setupRoutes;
+    /**
+     * Handle metrics endpoint
+     *
+     * Why: Prometheus scraping endpoint
+     */
+    private handleMetrics;
+    /**
+     * Validate token format and length
+     *
+     * Why centralized: Single source of truth for token validation rules
+     *
+     * Relaxed validation: Allow common API token characters including colons,
+     * to support various token formats (GitLab glpat-, YouTrack perm:, etc.)
+     */
+    private validateToken;
+    /**
+     * Extract and validate auth token from request headers
+     *
+     * Supports:
+     * - Authorization: Bearer <token>
+     * - X-API-Token: <token>
+     *
+     * Why strict validation: Prevents header injection attacks
+     */
+    private extractAuthToken;
+    /**
+     * Handle POST requests - Client sending messages to server
+     *
+     * MCP Spec: POST can contain requests, notifications, or responses
+     */
+    private handlePost;
+    /**
+     * Handle GET requests - Client opening SSE stream for server messages
+     *
+     * MCP Spec: GET opens SSE stream for server-initiated requests/notifications
+     */
+    private handleGet;
+    /**
+     * Handle DELETE requests - Client terminating session
+     *
+     * MCP Spec: DELETE explicitly terminates session
+     */
+    private handleDelete;
+    /**
+     * Start SSE response for a POST request
+     *
+     * Why: Returns response via SSE stream, allows server-initiated messages
+     */
+    private startSSEResponse;
+    /**
+     * Start SSE stream for GET request
+     *
+     * Why: Allows server to send requests/notifications to client
+     */
+    private startSSEStream;
+    /**
+     * Replay messages after Last-Event-ID
+     *
+     * Why: Resumability - client can reconnect and receive missed messages
+     */
+    private replayMessages;
+    /**
+     * Send message to client via SSE
+     *
+     * Why: Server-initiated requests/notifications
+     */
+    sendToClient(sessionId: string, message: unknown): void;
+    /**
+     * Determine message type (request, notification, response)
+     */
+    private getMessageType;
+    /**
+     * Create new session
+     *
+     * Why: Stateful sessions for MCP protocol
+     */
+    private createSession;
+    /**
+     * Update session activity timestamp
+     */
+    private updateSessionActivity;
+    /**
+     * Destroy session and cleanup resources
+     *
+     * Why: Free memory, close streams
+     */
+    private destroySession;
+    /**
+     * Session destruction listeners for cleanup in other components
+     */
+    private sessionDestroyedListeners;
+    /**
+     * Register listener for session destruction events
+     *
+     * Why: Allows MCPServer to cleanup per-session HTTP clients
+     */
+    onSessionDestroyed(listener: (sessionId: string) => void): void;
+    /**
+     * Notify all listeners about session destruction
+     */
+    private notifySessionDestroyed;
+    /**
+     * Cleanup expired sessions
+     *
+     * Why: Prevent memory leaks, enforce session timeout
+     */
+    private cleanupExpiredSessions;
+    /**
+     * Get auth token from session
+     *
+     * Why public: Allows MCPServer to securely access session tokens without breaking encapsulation
+     */
+    getSessionToken(sessionId: string): string | undefined;
+    /**
+     * Set message handler for processing incoming JSON-RPC messages
+     */
+    setMessageHandler(handler: (message: unknown, sessionId?: string) => Promise<unknown>): void;
+    /**
+     * Start HTTP server
+     */
+    start(): Promise<void>;
+    /**
+     * Stop HTTP server
+     */
+    stop(): Promise<void>;
+}
+//# sourceMappingURL=http-transport.d.ts.map

package/dist/src/http-transport.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"http-transport.d.ts","sourceRoot":"","sources":["../../src/http-transport.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAMH,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,KAAK,EAIV,mBAAmB,EAEpB,MAAM,2BAA2B,CAAC;AAOnC,qBAAa,aAAa;IACxB,OAAO,CAAC,GAAG,CAAsB;IACjC,OAAO,CAAC,MAAM,CAAuB;IACrC,OAAO,CAAC,QAAQ,CAAuC;IACvD,OAAO,CAAC,MAAM,CAAsB;IACpC,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,OAAO,CAAiC;IAChD,OAAO,CAAC,eAAe,CAA+B;IACtD,OAAO,CAAC,cAAc,CAA6E;gBAEvF,MAAM,EAAE,mBAAmB,EAAE,MAAM,EAAE,MAAM;IAiBvD;;;;OAIG;IACH,OAAO,CAAC,eAAe;IA+CvB,OAAO,CAAC,qBAAqB,CAAS;IAEtC;;;;;;;;;;OAUG;IACH,OAAO,CAAC,eAAe;IA8BvB;;;;;;;OAOG;IACH,OAAO,CAAC,WAAW;IAoBnB;;;;OAIG;IACH,OAAO,CAAC,SAAS;IAyBjB;;;;OAIG;IACH,OAAO,CAAC,OAAO;IAmBf;;;;OAIG;IACH,OAAO,CAAC,WAAW;IA6GnB;;;;OAIG;YACW,aAAa;IAoB3B;;;;;;;OAOG;IACH,OAAO,CAAC,aAAa;IAgBrB;;;;;;;;OAQG;IACH,OAAO,CAAC,gBAAgB;IA2BxB;;;;OAIG;YACW,UAAU;IA4FxB;;;;OAIG;YACW,SAAS;IAkDvB;;;;OAIG;IACH,OAAO,CAAC,YAAY;IAmCpB;;;;OAIG;IACH,OAAO,CAAC,gBAAgB;IAuBxB;;;;OAIG;IACH,OAAO,CAAC,cAAc;IA6CtB;;;;OAIG;IACH,OAAO,CAAC,cAAc;IAatB;;;;OAIG;IACI,YAAY,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,GAAG,IAAI;IA6B9D;;OAEG;IACH,OAAO,CAAC,cAAc;IAuBtB;;;;OAIG;IACH,OAAO,CAAC,aAAa;IAyBrB;;OAEG;IACH,OAAO,CAAC,qBAAqB;IAO7B;;;;OAIG;IACH,OAAO,CAAC,cAAc;IA+BtB;;OAEG;IACH,OAAO,CAAC,yBAAyB,CAA0C;IAE3E;;;;OAIG;IACI,kBAAkB,CAAC,QAAQ,EAAE,CAAC,SAAS,EAAE,MAAM,KAAK,IAAI,GAAG,IAAI;IAItE;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAU9B;;;;OAIG;IACH,OAAO,CAAC,sBAAsB;IAqB9B;;;;OAIG;IACI,eAAe,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS;IAK7D;;OAEG;IACI,iBAAiB,CAAC,OAAO,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,SAAS,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,OAAO,CAAC,GAAG,IAAI;IAInG;;OAEG;IACU,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IA2BnC;;OAEG;IACU,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;CAuBnC"}