npm - mcp4openapi - Versions diffs - 0.2.8 → 0.3.0 - Mend

mcp4openapi 0.2.8 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (310) hide show

package/README.md +143 -63
package/dist/scripts/validate-profile.js +3 -3
package/dist/scripts/validate-profile.js.map +1 -1
package/dist/src/{oauth-provider.d.ts → auth/oauth-provider.d.ts} +7 -2
package/dist/src/auth/oauth-provider.d.ts.map +1 -0
package/dist/src/{oauth-provider.js → auth/oauth-provider.js} +30 -2
package/dist/src/auth/oauth-provider.js.map +1 -0
package/dist/src/core/cli-config.d.ts +9 -0
package/dist/src/core/cli-config.d.ts.map +1 -0
package/dist/src/core/cli-config.js +124 -0
package/dist/src/core/cli-config.js.map +1 -0
package/dist/src/{constants.d.ts → core/constants.d.ts} +1 -0
package/dist/src/core/constants.d.ts.map +1 -0
package/dist/src/{constants.js → core/constants.js} +1 -0
package/dist/src/core/constants.js.map +1 -0
package/dist/src/{errors.d.ts → core/errors.d.ts} +6 -0
package/dist/src/core/errors.d.ts.map +1 -0
package/dist/src/{errors.js → core/errors.js} +15 -6
package/dist/src/core/errors.js.map +1 -0
package/dist/src/core/filtering.d.ts +19 -0
package/dist/src/core/filtering.d.ts.map +1 -0
package/dist/src/core/filtering.js +292 -0
package/dist/src/core/filtering.js.map +1 -0
package/dist/src/core/index.d.ts +26 -0
package/dist/src/core/index.d.ts.map +1 -0
package/dist/src/core/index.js +275 -0
package/dist/src/core/index.js.map +1 -0
package/dist/src/core/lib.d.ts +8 -0
package/dist/src/core/lib.d.ts.map +1 -0
package/dist/src/core/lib.js +7 -0
package/dist/src/core/lib.js.map +1 -0
package/dist/src/{logger.d.ts → core/logger.d.ts} +6 -1
package/dist/src/core/logger.d.ts.map +1 -0
package/dist/src/{logger.js → core/logger.js} +30 -2
package/dist/src/core/logger.js.map +1 -0
package/dist/src/{metrics.d.ts → core/metrics.d.ts} +11 -0
package/dist/src/core/metrics.d.ts.map +1 -0
package/dist/src/{metrics.js → core/metrics.js} +61 -0
package/dist/src/core/metrics.js.map +1 -0
package/dist/src/core/naming-warnings.d.ts.map +1 -0
package/dist/src/core/naming-warnings.js.map +1 -0
package/dist/src/core/naming.d.ts.map +1 -0
package/dist/src/core/naming.js.map +1 -0
package/dist/src/generated-schemas.d.ts +245 -79
package/dist/src/generated-schemas.d.ts.map +1 -1
package/dist/src/generated-schemas.js +14 -2
package/dist/src/generated-schemas.js.map +1 -1
package/dist/src/index.d.ts +1 -6
package/dist/src/index.d.ts.map +1 -1
package/dist/src/index.js +1 -170
package/dist/src/index.js.map +1 -1
package/dist/src/lib.d.ts +1 -7
package/dist/src/lib.d.ts.map +1 -1
package/dist/src/lib.js +1 -6
package/dist/src/lib.js.map +1 -1
package/dist/src/mcp/mcp-server-manager.d.ts +20 -0
package/dist/src/mcp/mcp-server-manager.d.ts.map +1 -0
package/dist/src/mcp/mcp-server-manager.js +38 -0
package/dist/src/mcp/mcp-server-manager.js.map +1 -0
package/dist/src/{mcp-server.d.ts → mcp/mcp-server.d.ts} +31 -1
package/dist/src/mcp/mcp-server.d.ts.map +1 -0
package/dist/src/{mcp-server.js → mcp/mcp-server.js} +547 -146
package/dist/src/mcp/mcp-server.js.map +1 -0
package/dist/src/{openapi-parser.d.ts → openapi/openapi-parser.d.ts} +1 -1
package/dist/src/openapi/openapi-parser.d.ts.map +1 -0
package/dist/src/{openapi-parser.js → openapi/openapi-parser.js} +2 -2
package/dist/src/openapi/openapi-parser.js.map +1 -0
package/dist/src/{profile-loader.d.ts → profile/profile-loader.d.ts} +3 -2
package/dist/src/profile/profile-loader.d.ts.map +1 -0
package/dist/src/{profile-loader.js → profile/profile-loader.js} +17 -6
package/dist/src/profile/profile-loader.js.map +1 -0
package/dist/src/profile/profile-registry.d.ts +18 -0
package/dist/src/profile/profile-registry.d.ts.map +1 -0
package/dist/src/profile/profile-registry.js +26 -0
package/dist/src/profile/profile-registry.js.map +1 -0
package/dist/src/profile/profile-resolver.d.ts +25 -0
package/dist/src/profile/profile-resolver.d.ts.map +1 -0
package/dist/src/profile/profile-resolver.js +204 -0
package/dist/src/profile/profile-resolver.js.map +1 -0
package/dist/src/profile/startup-profile.d.ts +17 -0
package/dist/src/profile/startup-profile.d.ts.map +1 -0
package/dist/src/profile/startup-profile.js +30 -0
package/dist/src/profile/startup-profile.js.map +1 -0
package/dist/src/profile/startup-validation.d.ts +11 -0
package/dist/src/profile/startup-validation.d.ts.map +1 -0
package/dist/src/profile/startup-validation.js +21 -0
package/dist/src/profile/startup-validation.js.map +1 -0
package/dist/src/testing/dynamic-mock-server.d.ts +24 -0
package/dist/src/testing/dynamic-mock-server.d.ts.map +1 -0
package/dist/src/testing/dynamic-mock-server.js +138 -0
package/dist/src/testing/dynamic-mock-server.js.map +1 -0
package/dist/src/testing/request-assertions.d.ts +5 -0
package/dist/src/testing/request-assertions.d.ts.map +1 -0
package/dist/src/testing/request-assertions.js +165 -0
package/dist/src/testing/request-assertions.js.map +1 -0
package/dist/src/testing/template-utils.d.ts +10 -0
package/dist/src/testing/template-utils.d.ts.map +1 -0
package/dist/src/testing/template-utils.js +72 -0
package/dist/src/testing/template-utils.js.map +1 -0
package/dist/src/testing/test-http-utils.d.ts +1 -1
package/dist/src/testing/test-http-utils.d.ts.map +1 -1
package/dist/src/testing/test-http-utils.js +1 -1
package/dist/src/testing/test-http-utils.js.map +1 -1
package/dist/src/testing/test-loader.d.ts +6 -0
package/dist/src/testing/test-loader.d.ts.map +1 -0
package/dist/src/testing/test-loader.js +212 -0
package/dist/src/testing/test-loader.js.map +1 -0
package/dist/src/testing/test-schema.d.ts +1270 -0
package/dist/src/testing/test-schema.d.ts.map +1 -0
package/dist/src/testing/test-schema.js +76 -0
package/dist/src/testing/test-schema.js.map +1 -0
package/dist/src/tool-filter/compat.d.ts +49 -0
package/dist/src/tool-filter/compat.d.ts.map +1 -0
package/dist/src/tool-filter/compat.js +72 -0
package/dist/src/tool-filter/compat.js.map +1 -0
package/dist/src/tool-filter/config/env-config-parser.d.ts +38 -0
package/dist/src/tool-filter/config/env-config-parser.d.ts.map +1 -0
package/dist/src/tool-filter/config/env-config-parser.js +103 -0
package/dist/src/tool-filter/config/env-config-parser.js.map +1 -0
package/dist/src/tool-filter/config/header-config-parser.d.ts +37 -0
package/dist/src/tool-filter/config/header-config-parser.d.ts.map +1 -0
package/dist/src/tool-filter/config/header-config-parser.js +118 -0
package/dist/src/tool-filter/config/header-config-parser.js.map +1 -0
package/dist/src/tool-filter/errors.d.ts +18 -0
package/dist/src/tool-filter/errors.d.ts.map +1 -0
package/dist/src/tool-filter/errors.js +21 -0
package/dist/src/tool-filter/errors.js.map +1 -0
package/dist/src/tool-filter/filter/filter-engine.d.ts +45 -0
package/dist/src/tool-filter/filter/filter-engine.d.ts.map +1 -0
package/dist/src/tool-filter/filter/filter-engine.js +94 -0
package/dist/src/tool-filter/filter/filter-engine.js.map +1 -0
package/dist/src/tool-filter/filter/filter-rules.d.ts +44 -0
package/dist/src/tool-filter/filter/filter-rules.d.ts.map +1 -0
package/dist/src/tool-filter/filter/filter-rules.js +72 -0
package/dist/src/tool-filter/filter/filter-rules.js.map +1 -0
package/dist/src/tool-filter/filter/global-tool-filter.d.ts +40 -0
package/dist/src/tool-filter/filter/global-tool-filter.d.ts.map +1 -0
package/dist/src/tool-filter/filter/global-tool-filter.js +92 -0
package/dist/src/tool-filter/filter/global-tool-filter.js.map +1 -0
package/dist/src/tool-filter/filter/session-tool-filter.d.ts +29 -0
package/dist/src/tool-filter/filter/session-tool-filter.d.ts.map +1 -0
package/dist/src/tool-filter/filter/session-tool-filter.js +69 -0
package/dist/src/tool-filter/filter/session-tool-filter.js.map +1 -0
package/dist/src/tool-filter/index.d.ts +25 -0
package/dist/src/tool-filter/index.d.ts.map +1 -0
package/dist/src/tool-filter/index.js +30 -0
package/dist/src/tool-filter/index.js.map +1 -0
package/dist/src/tool-filter/integration/tool-filter-service.d.ts +44 -0
package/dist/src/tool-filter/integration/tool-filter-service.d.ts.map +1 -0
package/dist/src/tool-filter/integration/tool-filter-service.js +68 -0
package/dist/src/tool-filter/integration/tool-filter-service.js.map +1 -0
package/dist/src/tool-filter/operation/operation-classifier.d.ts +20 -0
package/dist/src/tool-filter/operation/operation-classifier.d.ts.map +1 -0
package/dist/src/tool-filter/operation/operation-classifier.js +26 -0
package/dist/src/tool-filter/operation/operation-classifier.js.map +1 -0
package/dist/src/tool-filter/operation/operation-detector.d.ts +30 -0
package/dist/src/tool-filter/operation/operation-detector.d.ts.map +1 -0
package/dist/src/tool-filter/operation/operation-detector.js +96 -0
package/dist/src/tool-filter/operation/operation-detector.js.map +1 -0
package/dist/src/tool-filter/operation/operation-resolver.d.ts +22 -0
package/dist/src/tool-filter/operation/operation-resolver.d.ts.map +1 -0
package/dist/src/tool-filter/operation/operation-resolver.js +32 -0
package/dist/src/tool-filter/operation/operation-resolver.js.map +1 -0
package/dist/src/tool-filter/regex/regex-compiler.d.ts +22 -0
package/dist/src/tool-filter/regex/regex-compiler.d.ts.map +1 -0
package/dist/src/tool-filter/regex/regex-compiler.js +56 -0
package/dist/src/tool-filter/regex/regex-compiler.js.map +1 -0
package/dist/src/tool-filter/regex/regex-validator.d.ts +24 -0
package/dist/src/tool-filter/regex/regex-validator.d.ts.map +1 -0
package/dist/src/tool-filter/regex/regex-validator.js +58 -0
package/dist/src/tool-filter/regex/regex-validator.js.map +1 -0
package/dist/src/tool-filter/types.d.ts +92 -0
package/dist/src/tool-filter/types.d.ts.map +1 -0
package/dist/src/tool-filter/types.js +5 -0
package/dist/src/tool-filter/types.js.map +1 -0
package/dist/src/tool-filter/utils.d.ts +11 -0
package/dist/src/tool-filter/utils.d.ts.map +1 -0
package/dist/src/tool-filter/utils.js +13 -0
package/dist/src/tool-filter/utils.js.map +1 -0
package/dist/src/{composite-executor.d.ts → tooling/composite-executor.d.ts} +3 -3
package/dist/src/tooling/composite-executor.d.ts.map +1 -0
package/dist/src/{composite-executor.js → tooling/composite-executor.js} +1 -1
package/dist/src/tooling/composite-executor.js.map +1 -0
package/dist/src/{dag-executor.d.ts → tooling/dag-executor.d.ts} +1 -1
package/dist/src/tooling/dag-executor.d.ts.map +1 -0
package/dist/src/tooling/dag-executor.js.map +1 -0
package/dist/src/{proxy-executor.d.ts → tooling/proxy-executor.d.ts} +2 -2
package/dist/src/tooling/proxy-executor.d.ts.map +1 -0
package/dist/src/{proxy-executor.js → tooling/proxy-executor.js} +8 -1
package/dist/src/tooling/proxy-executor.js.map +1 -0
package/dist/src/{tool-generator.d.ts → tooling/tool-generator.d.ts} +4 -3
package/dist/src/tooling/tool-generator.d.ts.map +1 -0
package/dist/src/{tool-generator.js → tooling/tool-generator.js} +23 -7
package/dist/src/tooling/tool-generator.js.map +1 -0
package/dist/src/{http-client-factory.d.ts → transport/http-client-factory.d.ts} +4 -1
package/dist/src/transport/http-client-factory.d.ts.map +1 -0
package/dist/src/{http-client-factory.js → transport/http-client-factory.js} +13 -3
package/dist/src/transport/http-client-factory.js.map +1 -0
package/dist/src/transport/http-transport-config.d.ts +6 -0
package/dist/src/transport/http-transport-config.d.ts.map +1 -0
package/dist/src/transport/http-transport-config.js +62 -0
package/dist/src/transport/http-transport-config.js.map +1 -0
package/dist/src/{http-transport.d.ts → transport/http-transport.d.ts} +72 -14
package/dist/src/transport/http-transport.d.ts.map +1 -0
package/dist/src/{http-transport.js → transport/http-transport.js} +1166 -493
package/dist/src/transport/http-transport.js.map +1 -0
package/dist/src/{interceptors.d.ts → transport/interceptors.d.ts} +6 -2
package/dist/src/transport/interceptors.d.ts.map +1 -0
package/dist/src/{interceptors.js → transport/interceptors.js} +72 -41
package/dist/src/transport/interceptors.js.map +1 -0
package/dist/src/types/http-transport.d.ts +25 -0
package/dist/src/types/http-transport.d.ts.map +1 -1
package/dist/src/types/profile.d.ts +13 -1
package/dist/src/types/profile.d.ts.map +1 -1
package/dist/src/validation/argument-normalizer.d.ts +6 -0
package/dist/src/validation/argument-normalizer.d.ts.map +1 -0
package/dist/src/validation/argument-normalizer.js +70 -0
package/dist/src/validation/argument-normalizer.js.map +1 -0
package/dist/src/validation/jsonrpc-validator.d.ts.map +1 -0
package/dist/src/validation/jsonrpc-validator.js.map +1 -0
package/dist/src/{schema-validator.d.ts → validation/schema-validator.d.ts} +2 -2
package/dist/src/validation/schema-validator.d.ts.map +1 -0
package/dist/src/validation/schema-validator.js.map +1 -0
package/dist/src/validation/validation-utils.d.ts.map +1 -0
package/dist/src/validation/validation-utils.js.map +1 -0
package/package.json +9 -3
package/profile-schema.json +63 -3
package/profiles/gitlab/developer-profile-oauth.json +1520 -0
package/profiles/gitlab/developer-profile-oauth.test.json +3432 -0
package/profiles/gitlab/openapi.yaml +6891 -0
package/profiles/n8n/openapi.yaml +2441 -0
package/profiles/n8n/profile-optimized.json +965 -0
package/profiles/n8n/profile-optimized.test.json +1078 -0
package/profiles/n8n/profile.json +1033 -0
package/profiles/n8n/profile.test.json +983 -0
package/profiles/n8n-nodes/openapi.yaml +24 -0
package/profiles/n8n-nodes/profile-nodes.json +44 -0
package/profiles/n8n-nodes/profile-nodes.test.json +91 -0
package/profiles/semgrep/openapi.yaml +4706 -0
package/profiles/semgrep/profile.json +692 -0
package/profiles/semgrep/profile.test.json +471 -0
package/profiles/youtrack/openapi.json +16976 -0
package/profiles/youtrack/profile.json +608 -0
package/profiles/youtrack/profile.test.json +1926 -0
package/dist/src/composite-executor.d.ts.map +0 -1
package/dist/src/composite-executor.js.map +0 -1
package/dist/src/constants.d.ts.map +0 -1
package/dist/src/constants.js.map +0 -1
package/dist/src/dag-executor.d.ts.map +0 -1
package/dist/src/dag-executor.js.map +0 -1
package/dist/src/errors.d.ts.map +0 -1
package/dist/src/errors.js.map +0 -1
package/dist/src/http-client-factory.d.ts.map +0 -1
package/dist/src/http-client-factory.js.map +0 -1
package/dist/src/http-transport.d.ts.map +0 -1
package/dist/src/http-transport.js.map +0 -1
package/dist/src/interceptors.d.ts.map +0 -1
package/dist/src/interceptors.js.map +0 -1
package/dist/src/jsonrpc-validator.d.ts.map +0 -1
package/dist/src/jsonrpc-validator.js.map +0 -1
package/dist/src/logger.d.ts.map +0 -1
package/dist/src/logger.js.map +0 -1
package/dist/src/mcp-server.d.ts.map +0 -1
package/dist/src/mcp-server.js.map +0 -1
package/dist/src/metrics.d.ts.map +0 -1
package/dist/src/metrics.js.map +0 -1
package/dist/src/naming-warnings.d.ts.map +0 -1
package/dist/src/naming-warnings.js.map +0 -1
package/dist/src/naming.d.ts.map +0 -1
package/dist/src/naming.js.map +0 -1
package/dist/src/oauth-provider.d.ts.map +0 -1
package/dist/src/oauth-provider.js.map +0 -1
package/dist/src/openapi-parser.d.ts.map +0 -1
package/dist/src/openapi-parser.js.map +0 -1
package/dist/src/profile-loader.d.ts.map +0 -1
package/dist/src/profile-loader.js.map +0 -1
package/dist/src/proxy-executor.d.ts.map +0 -1
package/dist/src/proxy-executor.js.map +0 -1
package/dist/src/schema-validator.d.ts.map +0 -1
package/dist/src/schema-validator.js.map +0 -1
package/dist/src/testing/fixtures.d.ts +0 -684
package/dist/src/testing/fixtures.d.ts.map +0 -1
package/dist/src/testing/fixtures.js +0 -528
package/dist/src/testing/fixtures.js.map +0 -1
package/dist/src/testing/mock-gitlab-server.d.ts +0 -43
package/dist/src/testing/mock-gitlab-server.d.ts.map +0 -1
package/dist/src/testing/mock-gitlab-server.js +0 -1026
package/dist/src/testing/mock-gitlab-server.js.map +0 -1
package/dist/src/testing/mock-semgrep-server.d.ts +0 -32
package/dist/src/testing/mock-semgrep-server.d.ts.map +0 -1
package/dist/src/testing/mock-semgrep-server.js +0 -213
package/dist/src/testing/mock-semgrep-server.js.map +0 -1
package/dist/src/testing/mock-youtrack-server.d.ts +0 -11
package/dist/src/testing/mock-youtrack-server.d.ts.map +0 -1
package/dist/src/testing/mock-youtrack-server.js +0 -152
package/dist/src/testing/mock-youtrack-server.js.map +0 -1
package/dist/src/tool-generator.d.ts.map +0 -1
package/dist/src/tool-generator.js.map +0 -1
package/dist/src/validation-utils.d.ts.map +0 -1
package/dist/src/validation-utils.js.map +0 -1
/package/dist/src/{naming-warnings.d.ts → core/naming-warnings.d.ts} +0 -0
/package/dist/src/{naming-warnings.js → core/naming-warnings.js} +0 -0
/package/dist/src/{naming.d.ts → core/naming.d.ts} +0 -0
/package/dist/src/{naming.js → core/naming.js} +0 -0
/package/dist/src/{dag-executor.js → tooling/dag-executor.js} +0 -0
/package/dist/src/{jsonrpc-validator.d.ts → validation/jsonrpc-validator.d.ts} +0 -0
/package/dist/src/{jsonrpc-validator.js → validation/jsonrpc-validator.js} +0 -0
/package/dist/src/{schema-validator.js → validation/schema-validator.js} +0 -0
/package/dist/src/{validation-utils.d.ts → validation/validation-utils.d.ts} +0 -0
/package/dist/src/{validation-utils.js → validation/validation-utils.js} +0 -0

package/dist/src/tool-filter/integration/tool-filter-service.js ADDED Viewed

@@ -0,0 +1,68 @@
+/**
+ * Tool Filter Service - orchestrates all filtering components
+ */
+import { GlobalToolFilter } from '../filter/global-tool-filter.js';
+import { SessionToolFilter } from '../filter/session-tool-filter.js';
+/**
+ * Service that orchestrates tool filtering from environment and headers
+ */
+export class ToolFilterService {
+    constructor(envParser, headerParser, logger, detector) {
+        this.envParser = envParser;
+        this.headerParser = headerParser;
+        this.logger = logger;
+        this.detector = detector;
+    }
+    /**
+     * Apply global filtering based on environment variables
+     *
+     * @param tools - Tools to filter
+     * @param env - Environment variables (process.env)
+     * @returns Filtered tools (or original if no config)
+     */
+    applyGlobalFilter(tools, env) {
+        const config = this.envParser.parse(env);
+        if (!config) {
+            return tools;
+        }
+        const filter = new GlobalToolFilter(config, this.logger, this.detector);
+        const result = filter.apply(tools);
+        this.logger.info('Global tool filter applied', {
+            original: result.summary.originalCount,
+            allowed: result.summary.allowedCount,
+            removed: result.summary.removedCount
+        });
+        return result.allowed;
+    }
+    /**
+     * Apply session filtering based on X-Mcp4-Tools header
+     *
+     * @param tools - Tools to filter (typically after global filtering)
+     * @param headerValue - X-Mcp4-Tools header value
+     * @returns Session filter result with allowed tool names
+     */
+    applySessionFilter(tools, headerValue) {
+        const request = this.headerParser.parse(headerValue);
+        const filter = new SessionToolFilter(request, this.detector);
+        const result = filter.apply(tools);
+        if (request.hasRules) {
+            this.logger.info('Session tool filter applied', {
+                header: request.normalizedHeader,
+                available: tools.length,
+                allowed: result.allowedToolNames.size
+            });
+        }
+        return result;
+    }
+    /**
+     * Check if tool is allowed in session
+     *
+     * @param toolName - Tool name to check
+     * @param sessionResult - Session filter result
+     * @returns true if tool is allowed
+     */
+    isToolAllowed(toolName, sessionResult) {
+        return sessionResult.allowedToolNames.has(toolName);
+    }
+}
+//# sourceMappingURL=tool-filter-service.js.map

package/dist/src/tool-filter/integration/tool-filter-service.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"tool-filter-service.js","sourceRoot":"","sources":["../../../../src/tool-filter/integration/tool-filter-service.ts"],"names":[],"mappings":"AAAA;;GAEG;AAQH,OAAO,EAAE,gBAAgB,EAAE,MAAM,iCAAiC,CAAC;AACnE,OAAO,EAAE,iBAAiB,EAAE,MAAM,kCAAkC,CAAC;AAErE;;GAEG;AACH,MAAM,OAAO,iBAAiB;IAC5B,YACU,SAA0B,EAC1B,YAAgC,EAChC,MAAc,EACd,QAA4B;QAH5B,cAAS,GAAT,SAAS,CAAiB;QAC1B,iBAAY,GAAZ,YAAY,CAAoB;QAChC,WAAM,GAAN,MAAM,CAAQ;QACd,aAAQ,GAAR,QAAQ,CAAoB;IACnC,CAAC;IAEJ;;;;;;OAMG;IACH,iBAAiB,CACf,KAAuB,EACvB,GAAsB;QAEtB,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAEzC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,MAAM,GAAG,IAAI,gBAAgB,CAAC,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;QACxE,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAEnC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,4BAA4B,EAAE;YAC7C,QAAQ,EAAE,MAAM,CAAC,OAAO,CAAC,aAAa;YACtC,OAAO,EAAE,MAAM,CAAC,OAAO,CAAC,YAAY;YACpC,OAAO,EAAE,MAAM,CAAC,OAAO,CAAC,YAAY;SACrC,CAAC,CAAC;QAEH,OAAO,MAAM,CAAC,OAAO,CAAC;IACxB,CAAC;IAED;;;;;;OAMG;IACH,kBAAkB,CAChB,KAAuB,EACvB,WAAmB;QAEnB,MAAM,OAAO,GAAG,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;QACrD,MAAM,MAAM,GAAG,IAAI,iBAAiB,CAAC,OAAO,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC7D,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAEnC,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;YACrB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,6BAA6B,EAAE;gBAC9C,MAAM,EAAE,OAAO,CAAC,gBAAgB;gBAChC,SAAS,EAAE,KAAK,CAAC,MAAM;gBACvB,OAAO,EAAE,MAAM,CAAC,gBAAgB,CAAC,IAAI;aACtC,CAAC,CAAC;QACL,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;;;;;OAMG;IACH,aAAa,CAAC,QAAgB,EAAE,aAAsC;QACpE,OAAO,aAAa,CAAC,gBAAgB,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACtD,CAAC;CACF"}

package/dist/src/tool-filter/operation/operation-classifier.d.ts ADDED Viewed

@@ -0,0 +1,20 @@
+/**
+ * Operation classifier - categorizes operations as list/read/modify
+ */
+import type { OperationInfo } from '../../types/openapi.js';
+import type { OperationCategory } from '../types.js';
+/**
+ * Classifies operations into categories based on HTTP method and parameters
+ */
+export declare class OperationClassifier {
+    /**
+     * Classify an operation as list, read, or modify
+     *
+     * Rules:
+     * - GET without path params → list
+     * - GET with path params → read
+     * - All other methods → modify
+     */
+    classify(operation: OperationInfo): OperationCategory;
+}
+//# sourceMappingURL=operation-classifier.d.ts.map

package/dist/src/tool-filter/operation/operation-classifier.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"operation-classifier.d.ts","sourceRoot":"","sources":["../../../../src/tool-filter/operation/operation-classifier.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AAC5D,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAErD;;GAEG;AACH,qBAAa,mBAAmB;IAC9B;;;;;;;OAOG;IACH,QAAQ,CAAC,SAAS,EAAE,aAAa,GAAG,iBAAiB;CAWtD"}

package/dist/src/tool-filter/operation/operation-classifier.js ADDED Viewed

@@ -0,0 +1,26 @@
+/**
+ * Operation classifier - categorizes operations as list/read/modify
+ */
+/**
+ * Classifies operations into categories based on HTTP method and parameters
+ */
+export class OperationClassifier {
+    /**
+     * Classify an operation as list, read, or modify
+     *
+     * Rules:
+     * - GET without path params → list
+     * - GET with path params → read
+     * - All other methods → modify
+     */
+    classify(operation) {
+        const method = operation.method.toLowerCase();
+        if (method !== 'get') {
+            return 'modify';
+        }
+        // GET operation - check for path parameters
+        const hasPathParams = operation.parameters.some(param => param.in === 'path');
+        return hasPathParams ? 'read' : 'list';
+    }
+}
+//# sourceMappingURL=operation-classifier.js.map

package/dist/src/tool-filter/operation/operation-classifier.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"operation-classifier.js","sourceRoot":"","sources":["../../../../src/tool-filter/operation/operation-classifier.ts"],"names":[],"mappings":"AAAA;;GAEG;AAKH;;GAEG;AACH,MAAM,OAAO,mBAAmB;IAC9B;;;;;;;OAOG;IACH,QAAQ,CAAC,SAAwB;QAC/B,MAAM,MAAM,GAAG,SAAS,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;QAE9C,IAAI,MAAM,KAAK,KAAK,EAAE,CAAC;YACrB,OAAO,QAAQ,CAAC;QAClB,CAAC;QAED,4CAA4C;QAC5C,MAAM,aAAa,GAAG,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,CAAC,EAAE,KAAK,MAAM,CAAC,CAAC;QAC9E,OAAO,aAAa,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC;IACzC,CAAC;CACF"}

package/dist/src/tool-filter/operation/operation-detector.d.ts ADDED Viewed

@@ -0,0 +1,30 @@
+/**
+ * Operation detector - detects tool categories
+ */
+import type { ToolDefinition } from '../../types/profile.js';
+import type { OperationResolver, ToolCategories } from '../types.js';
+import type { OperationClassifier } from './operation-classifier.js';
+/**
+ * Detects categories (list/read) for tools
+ */
+export declare class OperationDetector {
+    private classifier;
+    private resolver;
+    constructor(classifier: OperationClassifier, resolver: OperationResolver);
+    /**
+     * Detect whether tool is list-only and/or read-only
+     *
+     * For simple tools: checks all operations
+     * For composite tools: ALL steps must be same category (strict)
+     */
+    detectCategories(tool: ToolDefinition): ToolCategories;
+    /**
+     * Detect composite tool categories (strict: ALL steps must be same)
+     */
+    private detectCompositeCategories;
+    /**
+     * Detect simple tool categories
+     */
+    private detectSimpleToolCategories;
+}
+//# sourceMappingURL=operation-detector.d.ts.map

package/dist/src/tool-filter/operation/operation-detector.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"operation-detector.d.ts","sourceRoot":"","sources":["../../../../src/tool-filter/operation/operation-detector.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAC;AAC7D,OAAO,KAAK,EAAE,iBAAiB,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AACrE,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAErE;;GAEG;AACH,qBAAa,iBAAiB;IAE1B,OAAO,CAAC,UAAU;IAClB,OAAO,CAAC,QAAQ;gBADR,UAAU,EAAE,mBAAmB,EAC/B,QAAQ,EAAE,iBAAiB;IAGrC;;;;;OAKG;IACH,gBAAgB,CAAC,IAAI,EAAE,cAAc,GAAG,cAAc;IAYtD;;OAEG;IACH,OAAO,CAAC,yBAAyB;IAmCjC;;OAEG;IACH,OAAO,CAAC,0BAA0B;CAsCnC"}

package/dist/src/tool-filter/operation/operation-detector.js ADDED Viewed

@@ -0,0 +1,96 @@
+/**
+ * Operation detector - detects tool categories
+ */
+/**
+ * Detects categories (list/read) for tools
+ */
+export class OperationDetector {
+    constructor(classifier, resolver) {
+        this.classifier = classifier;
+        this.resolver = resolver;
+    }
+    /**
+     * Detect whether tool is list-only and/or read-only
+     *
+     * For simple tools: checks all operations
+     * For composite tools: ALL steps must be same category (strict)
+     */
+    detectCategories(tool) {
+        if (tool.composite && tool.steps) {
+            return this.detectCompositeCategories(tool);
+        }
+        if (tool.operations) {
+            return this.detectSimpleToolCategories(tool);
+        }
+        return { isList: false, isRead: false };
+    }
+    /**
+     * Detect composite tool categories (strict: ALL steps must be same)
+     */
+    detectCompositeCategories(tool) {
+        if (!tool.steps || tool.steps.length === 0) {
+            return { isList: false, isRead: false };
+        }
+        let hasAny = false;
+        let allList = true;
+        let allRead = true;
+        for (const step of tool.steps) {
+            const operation = this.resolver.getOperationForCall(step.call);
+            if (!operation) {
+                // Can't resolve - treat as unsafe (modify)
+                allList = false;
+                allRead = false;
+                continue;
+            }
+            hasAny = true;
+            const category = this.classifier.classify(operation);
+            if (category !== 'list') {
+                allList = false;
+            }
+            if (category !== 'read') {
+                allRead = false;
+            }
+        }
+        return {
+            isList: hasAny && allList,
+            isRead: hasAny && allRead
+        };
+    }
+    /**
+     * Detect simple tool categories
+     */
+    detectSimpleToolCategories(tool) {
+        if (!tool.operations) {
+            return { isList: false, isRead: false };
+        }
+        let isList = false;
+        let isRead = false;
+        for (const [action, operationId] of Object.entries(tool.operations)) {
+            if (typeof operationId !== 'string') {
+                continue;
+            }
+            // Try to resolve operation
+            const operation = this.resolver.getOperationById(operationId);
+            if (operation) {
+                const category = this.classifier.classify(operation);
+                if (category === 'list') {
+                    isList = true;
+                }
+                if (category === 'read') {
+                    isRead = true;
+                }
+                continue;
+            }
+            // Fallback: detect from action name
+            const actionLower = action.toLowerCase();
+            if (actionLower === 'list' || actionLower === 'search') {
+                isList = true;
+            }
+            if (actionLower === 'get' || actionLower === 'read') {
+                isRead = true;
+            }
+        }
+        return { isList, isRead };
+    }
+}
+//# sourceMappingURL=operation-detector.js.map

package/dist/src/tool-filter/operation/operation-detector.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"operation-detector.js","sourceRoot":"","sources":["../../../../src/tool-filter/operation/operation-detector.ts"],"names":[],"mappings":"AAAA;;GAEG;AAMH;;GAEG;AACH,MAAM,OAAO,iBAAiB;IAC5B,YACU,UAA+B,EAC/B,QAA2B;QAD3B,eAAU,GAAV,UAAU,CAAqB;QAC/B,aAAQ,GAAR,QAAQ,CAAmB;IAClC,CAAC;IAEJ;;;;;OAKG;IACH,gBAAgB,CAAC,IAAoB;QACnC,IAAI,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACjC,OAAO,IAAI,CAAC,yBAAyB,CAAC,IAAI,CAAC,CAAC;QAC9C,CAAC;QAED,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YACpB,OAAO,IAAI,CAAC,0BAA0B,CAAC,IAAI,CAAC,CAAC;QAC/C,CAAC;QAED,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;IAC1C,CAAC;IAED;;OAEG;IACK,yBAAyB,CAAC,IAAoB;QACpD,IAAI,CAAC,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC3C,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;QAC1C,CAAC;QAED,IAAI,MAAM,GAAG,KAAK,CAAC;QACnB,IAAI,OAAO,GAAG,IAAI,CAAC;QACnB,IAAI,OAAO,GAAG,IAAI,CAAC;QAEnB,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YAC9B,MAAM,SAAS,GAAG,IAAI,CAAC,QAAQ,CAAC,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC/D,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,2CAA2C;gBAC3C,OAAO,GAAG,KAAK,CAAC;gBAChB,OAAO,GAAG,KAAK,CAAC;gBAChB,SAAS;YACX,CAAC;YAED,MAAM,GAAG,IAAI,CAAC;YACd,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;YAErD,IAAI,QAAQ,KAAK,MAAM,EAAE,CAAC;gBACxB,OAAO,GAAG,KAAK,CAAC;YAClB,CAAC;YACD,IAAI,QAAQ,KAAK,MAAM,EAAE,CAAC;gBACxB,OAAO,GAAG,KAAK,CAAC;YAClB,CAAC;QACH,CAAC;QAED,OAAO;YACL,MAAM,EAAE,MAAM,IAAI,OAAO;YACzB,MAAM,EAAE,MAAM,IAAI,OAAO;SAC1B,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,0BAA0B,CAAC,IAAoB;QACrD,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;YACrB,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;QAC1C,CAAC;QAED,IAAI,MAAM,GAAG,KAAK,CAAC;QACnB,IAAI,MAAM,GAAG,KAAK,CAAC;QAEnB,KAAK,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;YACpE,IAAI,OAAO,WAAW,KAAK,QAAQ,EAAE,CAAC;gBACpC,SAAS;YACX,CAAC;YAED,2BAA2B;YAC3B,MAAM,SAAS,GAAG,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,WAAW,CAAC,CAAC;YAC9D,IAAI,SAAS,EAAE,CAAC;gBACd,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;gBACrD,IAAI,QAAQ,KAAK,MAAM,EAAE,CAAC;oBACxB,MAAM,GAAG,IAAI,CAAC;gBAChB,CAAC;gBACD,IAAI,QAAQ,KAAK,MAAM,EAAE,CAAC;oBACxB,MAAM,GAAG,IAAI,CAAC;gBAChB,CAAC;gBACD,SAAS;YACX,CAAC;YAED,oCAAoC;YACpC,MAAM,WAAW,GAAG,MAAM,CAAC,WAAW,EAAE,CAAC;YACzC,IAAI,WAAW,KAAK,MAAM,IAAI,WAAW,KAAK,QAAQ,EAAE,CAAC;gBACvD,MAAM,GAAG,IAAI,CAAC;YAChB,CAAC;YACD,IAAI,WAAW,KAAK,KAAK,IAAI,WAAW,KAAK,MAAM,EAAE,CAAC;gBACpD,MAAM,GAAG,IAAI,CAAC;YAChB,CAAC;QACH,CAAC;QAED,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;IAC5B,CAAC;CACF"}

package/dist/src/tool-filter/operation/operation-resolver.d.ts ADDED Viewed

@@ -0,0 +1,22 @@
+/**
+ * Operation resolver - resolves operations from OpenAPI spec
+ */
+import type { OpenAPIParser } from '../../openapi/openapi-parser.js';
+import type { OperationInfo } from '../../types/openapi.js';
+import type { OperationResolver } from '../types.js';
+/**
+ * Resolves operations from OpenAPI specification
+ */
+export declare class OpenAPIOperationResolver implements OperationResolver {
+    private parser;
+    constructor(parser: OpenAPIParser);
+    /**
+     * Get operation by operation ID
+     */
+    getOperationById(operationId: string): OperationInfo | undefined;
+    /**
+     * Get operation from call string (e.g., "GET /users/{id}")
+     */
+    getOperationForCall(call: string): OperationInfo | undefined;
+}
+//# sourceMappingURL=operation-resolver.d.ts.map

package/dist/src/tool-filter/operation/operation-resolver.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"operation-resolver.d.ts","sourceRoot":"","sources":["../../../../src/tool-filter/operation/operation-resolver.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,iCAAiC,CAAC;AACrE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AAC5D,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAErD;;GAEG;AACH,qBAAa,wBAAyB,YAAW,iBAAiB;IACpD,OAAO,CAAC,MAAM;gBAAN,MAAM,EAAE,aAAa;IAEzC;;OAEG;IACH,gBAAgB,CAAC,WAAW,EAAE,MAAM,GAAG,aAAa,GAAG,SAAS;IAIhE;;OAEG;IACH,mBAAmB,CAAC,IAAI,EAAE,MAAM,GAAG,aAAa,GAAG,SAAS;CAa7D"}

package/dist/src/tool-filter/operation/operation-resolver.js ADDED Viewed

@@ -0,0 +1,32 @@
+/**
+ * Operation resolver - resolves operations from OpenAPI spec
+ */
+/**
+ * Resolves operations from OpenAPI specification
+ */
+export class OpenAPIOperationResolver {
+    constructor(parser) {
+        this.parser = parser;
+    }
+    /**
+     * Get operation by operation ID
+     */
+    getOperationById(operationId) {
+        return this.parser.getOperation(operationId);
+    }
+    /**
+     * Get operation from call string (e.g., "GET /users/{id}")
+     */
+    getOperationForCall(call) {
+        const [method, path] = call.split(' ', 2);
+        if (!method || !path) {
+            return undefined;
+        }
+        const pathInfo = this.parser.getPath(path);
+        if (!pathInfo) {
+            return undefined;
+        }
+        return pathInfo.operations[method.toLowerCase()];
+    }
+}
+//# sourceMappingURL=operation-resolver.js.map

package/dist/src/tool-filter/operation/operation-resolver.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"operation-resolver.js","sourceRoot":"","sources":["../../../../src/tool-filter/operation/operation-resolver.ts"],"names":[],"mappings":"AAAA;;GAEG;AAMH;;GAEG;AACH,MAAM,OAAO,wBAAwB;IACnC,YAAoB,MAAqB;QAArB,WAAM,GAAN,MAAM,CAAe;IAAG,CAAC;IAE7C;;OAEG;IACH,gBAAgB,CAAC,WAAmB;QAClC,OAAO,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,WAAW,CAAC,CAAC;IAC/C,CAAC;IAED;;OAEG;IACH,mBAAmB,CAAC,IAAY;QAC9B,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;QAC1C,IAAI,CAAC,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;YACrB,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,MAAM,QAAQ,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QAC3C,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,OAAO,QAAQ,CAAC,UAAU,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC,CAAC;IACnD,CAAC;CACF"}

package/dist/src/tool-filter/regex/regex-compiler.d.ts ADDED Viewed

@@ -0,0 +1,22 @@
+/**
+ * Regex compiler with auto-anchoring support
+ */
+import type { CompiledRegex } from '../types.js';
+import type { RegexValidator } from './regex-validator.js';
+/**
+ * Compiles regex patterns with validation and auto-anchoring
+ */
+export declare class RegexCompiler {
+    private validator;
+    constructor(validator: RegexValidator);
+    /**
+     * Compile a regex pattern with validation and auto-anchoring
+     * @throws InvalidRegexError if pattern is invalid or unsafe
+     */
+    compile(pattern: string, context: string): CompiledRegex;
+    /**
+     * Auto-anchor pattern with ^ and $ if not already present
+     */
+    private autoAnchor;
+}
+//# sourceMappingURL=regex-compiler.d.ts.map

package/dist/src/tool-filter/regex/regex-compiler.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"regex-compiler.d.ts","sourceRoot":"","sources":["../../../../src/tool-filter/regex/regex-compiler.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AACjD,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAkB3D;;GAEG;AACH,qBAAa,aAAa;IACZ,OAAO,CAAC,SAAS;gBAAT,SAAS,EAAE,cAAc;IAE7C;;;OAGG;IACH,OAAO,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,aAAa;IAoBxD;;OAEG;IACH,OAAO,CAAC,UAAU;CAKnB"}

package/dist/src/tool-filter/regex/regex-compiler.js ADDED Viewed

@@ -0,0 +1,56 @@
+/**
+ * Regex compiler with auto-anchoring support
+ */
+import { InvalidRegexError } from '../errors.js';
+/**
+ * Compiled regex implementation
+ */
+class CompiledRegexImpl {
+    constructor(regex, original, anchored) {
+        this.regex = regex;
+        this.original = original;
+        this.anchored = anchored;
+    }
+    test(value) {
+        return this.regex.test(value);
+    }
+}
+/**
+ * Compiles regex patterns with validation and auto-anchoring
+ */
+export class RegexCompiler {
+    constructor(validator) {
+        this.validator = validator;
+    }
+    /**
+     * Compile a regex pattern with validation and auto-anchoring
+     * @throws InvalidRegexError if pattern is invalid or unsafe
+     */
+    compile(pattern, context) {
+        const trimmed = pattern.trim();
+        const anchored = this.autoAnchor(trimmed);
+        // Validate for safety
+        const validation = this.validator.validate(anchored);
+        if (!validation.valid) {
+            throw new InvalidRegexError(context, pattern, validation.error);
+        }
+        // Try to compile
+        try {
+            const regex = new RegExp(anchored);
+            return new CompiledRegexImpl(regex, pattern, anchored);
+        }
+        catch (error) {
+            const message = error instanceof Error ? error.message : String(error);
+            throw new InvalidRegexError(context, pattern, message);
+        }
+    }
+    /**
+     * Auto-anchor pattern with ^ and $ if not already present
+     */
+    autoAnchor(pattern) {
+        const withStart = pattern.startsWith('^') ? pattern : `^${pattern}`;
+        const withEnd = withStart.endsWith('$') ? withStart : `${withStart}$`;
+        return withEnd;
+    }
+}
+//# sourceMappingURL=regex-compiler.js.map

package/dist/src/tool-filter/regex/regex-compiler.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"regex-compiler.js","sourceRoot":"","sources":["../../../../src/tool-filter/regex/regex-compiler.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH,OAAO,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AAEjD;;GAEG;AACH,MAAM,iBAAiB;IACrB,YACkB,KAAa,EACb,QAAgB,EAChB,QAAgB;QAFhB,UAAK,GAAL,KAAK,CAAQ;QACb,aAAQ,GAAR,QAAQ,CAAQ;QAChB,aAAQ,GAAR,QAAQ,CAAQ;IAC/B,CAAC;IAEJ,IAAI,CAAC,KAAa;QAChB,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAChC,CAAC;CACF;AAED;;GAEG;AACH,MAAM,OAAO,aAAa;IACxB,YAAoB,SAAyB;QAAzB,cAAS,GAAT,SAAS,CAAgB;IAAG,CAAC;IAEjD;;;OAGG;IACH,OAAO,CAAC,OAAe,EAAE,OAAe;QACtC,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC;QAC/B,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QAE1C,sBAAsB;QACtB,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QACrD,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC;YACtB,MAAM,IAAI,iBAAiB,CAAC,OAAO,EAAE,OAAO,EAAE,UAAU,CAAC,KAAM,CAAC,CAAC;QACnE,CAAC;QAED,iBAAiB;QACjB,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,QAAQ,CAAC,CAAC;YACnC,OAAO,IAAI,iBAAiB,CAAC,KAAK,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;QACzD,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACvE,MAAM,IAAI,iBAAiB,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;QACzD,CAAC;IACH,CAAC;IAED;;OAEG;IACK,UAAU,CAAC,OAAe;QAChC,MAAM,SAAS,GAAG,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,OAAO,EAAE,CAAC;QACpE,MAAM,OAAO,GAAG,SAAS,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,SAAS,GAAG,CAAC;QACtE,OAAO,OAAO,CAAC;IACjB,CAAC;CACF"}

package/dist/src/tool-filter/regex/regex-validator.d.ts ADDED Viewed

@@ -0,0 +1,24 @@
+/**
+ * Regex pattern validator with ReDoS protection
+ */
+import type { ValidationResult } from '../types.js';
+/**
+ * Validates regex patterns for ReDoS vulnerabilities
+ */
+export declare class RegexValidator {
+    private readonly maxLength;
+    constructor(maxLength?: number);
+    /**
+     * Validate regex pattern for safety
+     */
+    validate(pattern: string): ValidationResult;
+    /**
+     * Detect nested quantifiers like (a+)+ which cause exponential backtracking
+     */
+    private hasNestedQuantifiers;
+    /**
+     * Detect alternation groups with quantifiers which can cause backtracking
+     */
+    private hasAmbiguousAlternation;
+}
+//# sourceMappingURL=regex-validator.d.ts.map

package/dist/src/tool-filter/regex/regex-validator.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"regex-validator.d.ts","sourceRoot":"","sources":["../../../../src/tool-filter/regex/regex-validator.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAIpD;;GAEG;AACH,qBAAa,cAAc;IACzB,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAS;gBAEvB,SAAS,GAAE,MAA2B;IAIlD;;OAEG;IACH,QAAQ,CAAC,OAAO,EAAE,MAAM,GAAG,gBAAgB;IA4B3C;;OAEG;IACH,OAAO,CAAC,oBAAoB;IAO5B;;OAEG;IACH,OAAO,CAAC,uBAAuB;CAMhC"}

package/dist/src/tool-filter/regex/regex-validator.js ADDED Viewed

@@ -0,0 +1,58 @@
+/**
+ * Regex pattern validator with ReDoS protection
+ */
+const DEFAULT_MAX_LENGTH = 100;
+/**
+ * Validates regex patterns for ReDoS vulnerabilities
+ */
+export class RegexValidator {
+    constructor(maxLength = DEFAULT_MAX_LENGTH) {
+        this.maxLength = maxLength;
+    }
+    /**
+     * Validate regex pattern for safety
+     */
+    validate(pattern) {
+        // Check length
+        if (pattern.length > this.maxLength) {
+            return {
+                valid: false,
+                error: `Pattern exceeds ${this.maxLength} characters`
+            };
+        }
+        // Check for nested quantifiers (ReDoS risk)
+        if (this.hasNestedQuantifiers(pattern)) {
+            return {
+                valid: false,
+                error: 'Pattern contains nested quantifiers'
+            };
+        }
+        // Check for ambiguous alternation (ReDoS risk)
+        if (this.hasAmbiguousAlternation(pattern)) {
+            return {
+                valid: false,
+                error: 'Pattern contains alternation with quantifier'
+            };
+        }
+        return { valid: true };
+    }
+    /**
+     * Detect nested quantifiers like (a+)+ which cause exponential backtracking
+     */
+    hasNestedQuantifiers(pattern) {
+        // Match: group with quantifier inside, followed by quantifier outside
+        // Example: (a+)+ or (x*)* or (y{2,3})+
+        const nestedPattern = /\((?:[^\\]|\\.)*?[+*{](?:[^\\]|\\.)*?\)[+*{]/;
+        return nestedPattern.test(pattern);
+    }
+    /**
+     * Detect alternation groups with quantifiers which can cause backtracking
+     */
+    hasAmbiguousAlternation(pattern) {
+        // Match: group with alternation (|), followed by quantifier
+        // Example: (a|aa)+ or (foo|foobar)*
+        const alternationPattern = /\((?:[^\\]|\\.)*?\|(?:[^\\]|\\.)*?\)[+*{]/;
+        return alternationPattern.test(pattern);
+    }
+}
+//# sourceMappingURL=regex-validator.js.map

package/dist/src/tool-filter/regex/regex-validator.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"regex-validator.js","sourceRoot":"","sources":["../../../../src/tool-filter/regex/regex-validator.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH,MAAM,kBAAkB,GAAG,GAAG,CAAC;AAE/B;;GAEG;AACH,MAAM,OAAO,cAAc;IAGzB,YAAY,YAAoB,kBAAkB;QAChD,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;IAC7B,CAAC;IAED;;OAEG;IACH,QAAQ,CAAC,OAAe;QACtB,eAAe;QACf,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;YACpC,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,KAAK,EAAE,mBAAmB,IAAI,CAAC,SAAS,aAAa;aACtD,CAAC;QACJ,CAAC;QAED,4CAA4C;QAC5C,IAAI,IAAI,CAAC,oBAAoB,CAAC,OAAO,CAAC,EAAE,CAAC;YACvC,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,KAAK,EAAE,qCAAqC;aAC7C,CAAC;QACJ,CAAC;QAED,+CAA+C;QAC/C,IAAI,IAAI,CAAC,uBAAuB,CAAC,OAAO,CAAC,EAAE,CAAC;YAC1C,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,KAAK,EAAE,8CAA8C;aACtD,CAAC;QACJ,CAAC;QAED,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;IACzB,CAAC;IAED;;OAEG;IACK,oBAAoB,CAAC,OAAe;QAC1C,sEAAsE;QACtE,uCAAuC;QACvC,MAAM,aAAa,GAAG,8CAA8C,CAAC;QACrE,OAAO,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACrC,CAAC;IAED;;OAEG;IACK,uBAAuB,CAAC,OAAe;QAC7C,4DAA4D;QAC5D,oCAAoC;QACpC,MAAM,kBAAkB,GAAG,2CAA2C,CAAC;QACvE,OAAO,kBAAkB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAC1C,CAAC;CACF"}

package/dist/src/tool-filter/types.d.ts ADDED Viewed

@@ -0,0 +1,92 @@
+/**
+ * Shared types for tool-filter module
+ */
+import type { ToolDefinition } from '../types/profile.js';
+import type { OperationInfo } from '../types/openapi.js';
+/**
+ * Result of regex pattern validation
+ */
+export interface ValidationResult {
+    valid: boolean;
+    error?: string;
+}
+/**
+ * Compiled regex with metadata
+ */
+export interface CompiledRegex {
+    readonly regex: RegExp;
+    readonly original: string;
+    readonly anchored: string;
+    test(value: string): boolean;
+}
+/**
+ * Tool filter configuration from environment variables
+ */
+export interface ToolFilterConfig {
+    allowList: Set<string>;
+    denyList: Set<string>;
+    allowRegex: CompiledRegex[];
+    denyRegex: CompiledRegex[];
+    allowCategories: Set<ToolFilterCategory>;
+    hasAllowRules: boolean;
+    sources: {
+        allowList: string[];
+        allowRegex: string[];
+        denyList: string[];
+        denyRegex: string[];
+        allowCategories: string[];
+    };
+}
+/**
+ * Result of applying tool filter
+ */
+export interface ToolFilterResult {
+    allowed: ToolDefinition[];
+    removed: ToolDefinition[];
+    reasons: Map<string, string[]>;
+}
+/**
+ * Session tool filter request (parsed from header)
+ */
+export interface SessionToolFilterRequest {
+    exactNames: Set<string>;
+    regexPatterns: CompiledRegex[];
+    allowCategories: Set<ToolFilterCategory>;
+    normalizedHeader: string;
+    rawEntries: string[];
+    hasRules: boolean;
+}
+/**
+ * Session tool filter result
+ */
+export interface SessionToolFilter {
+    allowedToolNames: Set<string>;
+    reasons: Map<string, string[]>;
+    patterns: {
+        allow: CompiledRegex[];
+    };
+    normalizedHeader: string;
+}
+/**
+ * Operation resolver interface (strong contract)
+ */
+export interface OperationResolver {
+    getOperationById(operationId: string): OperationInfo | undefined;
+    getOperationForCall(call: string): OperationInfo | undefined;
+}
+/**
+ * Operation category
+ */
+export type OperationCategory = 'list' | 'read' | 'modify';
+/**
+ * Allowed tool filter category (excludes 'modify')
+ */
+export type ToolFilterCategory = 'list' | 'read';
+/**
+ * Tool categories detection result
+ */
+export interface ToolCategories {
+    isList: boolean;
+    isRead: boolean;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/src/tool-filter/types.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/tool-filter/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AAC1D,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAEzD;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,KAAK,EAAE,OAAO,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,IAAI,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC;CAC9B;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,SAAS,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IACvB,QAAQ,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IACtB,UAAU,EAAE,aAAa,EAAE,CAAC;IAC5B,SAAS,EAAE,aAAa,EAAE,CAAC;IAC3B,eAAe,EAAE,GAAG,CAAC,kBAAkB,CAAC,CAAC;IACzC,aAAa,EAAE,OAAO,CAAC;IACvB,OAAO,EAAE;QACP,SAAS,EAAE,MAAM,EAAE,CAAC;QACpB,UAAU,EAAE,MAAM,EAAE,CAAC;QACrB,QAAQ,EAAE,MAAM,EAAE,CAAC;QACnB,SAAS,EAAE,MAAM,EAAE,CAAC;QACpB,eAAe,EAAE,MAAM,EAAE,CAAC;KAC3B,CAAC;CACH;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,cAAc,EAAE,CAAC;IAC1B,OAAO,EAAE,cAAc,EAAE,CAAC;IAC1B,OAAO,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;CAChC;AAED;;GAEG;AACH,MAAM,WAAW,wBAAwB;IACvC,UAAU,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IACxB,aAAa,EAAE,aAAa,EAAE,CAAC;IAC/B,eAAe,EAAE,GAAG,CAAC,kBAAkB,CAAC,CAAC;IACzC,gBAAgB,EAAE,MAAM,CAAC;IACzB,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,QAAQ,EAAE,OAAO,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,gBAAgB,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IAC9B,OAAO,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;IAC/B,QAAQ,EAAE;QAAE,KAAK,EAAE,aAAa,EAAE,CAAA;KAAE,CAAC;IACrC,gBAAgB,EAAE,MAAM,CAAC;CAC1B;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,gBAAgB,CAAC,WAAW,EAAE,MAAM,GAAG,aAAa,GAAG,SAAS,CAAC;IACjE,mBAAmB,CAAC,IAAI,EAAE,MAAM,GAAG,aAAa,GAAG,SAAS,CAAC;CAC9D;AAED;;GAEG;AACH,MAAM,MAAM,iBAAiB,GAAG,MAAM,GAAG,MAAM,GAAG,QAAQ,CAAC;AAE3D;;GAEG;AACH,MAAM,MAAM,kBAAkB,GAAG,MAAM,GAAG,MAAM,CAAC;AAEjD;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,MAAM,EAAE,OAAO,CAAC;IAChB,MAAM,EAAE,OAAO,CAAC;CACjB"}

package/dist/src/tool-filter/types.js ADDED Viewed

@@ -0,0 +1,5 @@
+/**
+ * Shared types for tool-filter module
+ */
+export {};
+//# sourceMappingURL=types.js.map

package/dist/src/tool-filter/types.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/tool-filter/types.ts"],"names":[],"mappings":"AAAA;;GAEG"}

package/dist/src/tool-filter/utils.d.ts ADDED Viewed

@@ -0,0 +1,11 @@
+/**
+ * Utility functions for tool filtering
+ */
+/**
+ * Normalize tool name using Unicode NFC normalization
+ *
+ * Why: Ensures consistent matching across different Unicode representations
+ * Example: "café" (composed) vs "café" (decomposed) match correctly
+ */
+export declare function normalizeToolName(name: string): string;
+//# sourceMappingURL=utils.d.ts.map

package/dist/src/tool-filter/utils.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../../src/tool-filter/utils.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH;;;;;GAKG;AACH,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAEtD"}

package/dist/src/tool-filter/utils.js ADDED Viewed

@@ -0,0 +1,13 @@
+/**
+ * Utility functions for tool filtering
+ */
+/**
+ * Normalize tool name using Unicode NFC normalization
+ *
+ * Why: Ensures consistent matching across different Unicode representations
+ * Example: "café" (composed) vs "café" (decomposed) match correctly
+ */
+export function normalizeToolName(name) {
+    return name.normalize('NFC');
+}
+//# sourceMappingURL=utils.js.map

package/dist/src/tool-filter/utils.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"utils.js","sourceRoot":"","sources":["../../../src/tool-filter/utils.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH;;;;;GAKG;AACH,MAAM,UAAU,iBAAiB,CAAC,IAAY;IAC5C,OAAO,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;AAC/B,CAAC"}