mcp4openapi 0.2.8 → 0.3.1

package/dist/src/mcp-server.js

@@ -10,10 +10,12 @@ import { CallToolRequestSchema, ListToolsRequestSchema, } from '@modelcontextpro
 import { OpenAPIParser } from './openapi-parser.js';
 import { ProfileLoader } from './profile-loader.js';
 import { ToolGenerator } from './tool-generator.js';
+import { normalizeArguments } from './argument-normalizer.js';
 import { CompositeExecutor } from './composite-executor.js';
 import { ProxyDownloadExecutor } from './proxy-executor.js';
-import { ConfigurationError, OperationNotFoundError, ValidationError, AuthenticationError, AuthorizationError, RateLimitError, NetworkError, generateCorrelationId } from './errors.js';
-import { TIMEOUTS, OAUTH_RATE_LIMIT } from './constants.js';
+import { enforceFiltering, parseFilteringHeader } from './filtering.js';
+import { ConfigurationError, OperationNotFoundError, ResourceNotFoundError, ValidationError, AuthenticationError, AuthorizationError, RateLimitError, NetworkError, generateCorrelationId } from './errors.js';
+import { OAUTH_RATE_LIMIT } from './constants.js';
 import { HttpClientFactory } from './http-client-factory.js';
 import { SchemaValidator } from './schema-validator.js';
 import { ConsoleLogger, JsonLogger } from './logger.js';
@@ -21,7 +23,25 @@ import { isInitializeRequest, isToolCallRequest } from './jsonrpc-validator.js';
 import { generateNameWarnings } from './naming-warnings.js';
 import { NamingStrategy } from './naming.js';
 import { isSafePropertyName } from './validation-utils.js';
+import { ToolFilterService, EnvConfigParser, HeaderConfigParser, RegexCompiler, RegexValidator, OperationClassifier, OpenAPIOperationResolver, OperationDetector, applySessionToolFilter, } from './tool-filter/index.js';
+import { buildHttpTransportBaseConfig } from './http-transport-config.js';
 export class MCPServer {
+    /**
+     * Execute a tools/call request via the JSON-RPC handler.
+     * Intended for internal use and tests to avoid accessing private methods.
+     */
+    async callToolRpc(name, args, sessionId, requestId = 1) {
+        const message = {
+            jsonrpc: '2.0',
+            id: requestId,
+            method: 'tools/call',
+            params: {
+                name,
+                arguments: args,
+            },
+        };
+        return this.handleToolCall(message, sessionId);
+    }
     /**
      * Filter response payload to include only specified fields.
      *
@@ -177,6 +197,9 @@ export class MCPServer {
         if (error instanceof OperationNotFoundError) {
             return `Operation not found: ${error.message} (correlation ID: ${correlationId})`;
         }
+        if (error instanceof ResourceNotFoundError) {
+            return `${error.message} (correlation ID: ${correlationId})`;
+        }
         // Configuration errors - safe to show (helps admin fix setup)
         if (error instanceof ConfigurationError) {
             return `Configuration error: ${error.message} (correlation ID: ${correlationId})`;
@@ -223,6 +246,7 @@ export class MCPServer {
             // Check if we should warn about long names
             this.checkToolNameLengths();
         }
+        this.applyGlobalToolFiltering();
         // Re-create logger with auth config for token redaction
         const authConfigs = this.getAuthConfigs();
         if (authConfigs.length > 0) {
@@ -346,6 +370,59 @@ export class MCPServer {
         const oauthConfig = configs.find(c => c.type === 'oauth');
         return oauthConfig?.oauth_config;
     }
+    buildOAuthConfigWithAllowedRedirectHosts(oauthConfig) {
+        if (!oauthConfig) {
+            return undefined;
+        }
+        return {
+            ...oauthConfig,
+            allowed_redirect_hosts: oauthConfig.allowed_redirect_hosts
+                || (process.env.MCP4_ALLOWED_ORIGINS
+                    ? this.extractHostsFromOrigins(process.env.MCP4_ALLOWED_ORIGINS)
+                    : undefined),
+        };
+    }
+    getProfileIdValue() {
+        if (!this.profile) {
+            throw new ConfigurationError('Profile not initialized. Call initialize() first.');
+        }
+        const profileId = this.profile.profile_id?.trim() || this.profile.profile_name;
+        if (!profileId) {
+            throw new ConfigurationError('Profile is missing profile_id and profile_name.');
+        }
+        return profileId;
+    }
+    getOAuthRateLimitConfig() {
+        const authConfigs = this.getAuthConfigs();
+        const oauthAuthConfig = authConfigs.find(c => c.type === 'oauth');
+        const oauthRateLimit = oauthAuthConfig?.oauth_rate_limit;
+        const max = oauthRateLimit?.max_requests
+            || parseInt(process.env.MCP4_OAUTH_RATE_LIMIT_MAX || String(OAUTH_RATE_LIMIT.MAX_REQUESTS), 10);
+        const windowMs = oauthRateLimit?.window_ms
+            || parseInt(process.env.MCP4_OAUTH_RATE_LIMIT_WINDOW_MS || String(OAUTH_RATE_LIMIT.WINDOW_MS), 10);
+        return { max, windowMs };
+    }
+    getHttpProfileContext() {
+        if (!this.profile) {
+            throw new ConfigurationError('Profile not initialized. Call initialize() first.');
+        }
+        const authConfigs = this.getAuthConfigs();
+        const baseUrl = this.getBaseUrl();
+        const oauthConfig = this.buildOAuthConfigWithAllowedRedirectHosts(this.getOAuthConfig());
+        const resourceMetadata = this.parser.getResourceMetadata();
+        const oauthRateLimit = this.getOAuthRateLimitConfig();
+        return {
+            profileId: this.getProfileIdValue(),
+            oauthConfig,
+            authConfigs,
+            baseUrl,
+            rateLimitOAuthMax: oauthRateLimit.max,
+            rateLimitOAuthWindowMs: oauthRateLimit.windowMs,
+            resourceName: this.profile.resource_name || resourceMetadata.name || 'MCP Server',
+            resourceDocumentation: this.profile.resource_documentation || resourceMetadata.documentation,
+            parser: this.parser,
+        };
+    }
     /**
      * Extract hostnames from origin patterns for OAuth redirect validation
      * e.g., "http://localhost:*,https://app.example.com" -> ["localhost", "app.example.com"]
@@ -385,7 +462,7 @@ export class MCPServer {
     /**
      * Get or create HTTP client for session
      */
-    async getHttpClientForSession(sessionId) {
+    async getHttpClientForSession(sessionId, profileId) {
         if (!sessionId) {
             // Fallback to global client for stdio transport
             if (!this.httpClientFactory.hasGlobalClient()) {
@@ -408,7 +485,7 @@ export class MCPServer {
             throw new ConfigurationError('Profile not initialized. Call initialize() first.');
         }
         // Get auth token from session (ensures token is valid/refreshed)
-        const authToken = await this.getAuthTokenFromSession(sessionId);
+        const authToken = await this.getAuthTokenFromSession(sessionId, profileId);
         // Create or get session client using factory
         return this.httpClientFactory.getOrCreateSessionClient(sessionId, {
             profile: this.profile,
@@ -420,7 +497,7 @@ export class MCPServer {
      * Get auth token from HTTP transport session
      * Ensures token is valid (refreshes if expired) before returning
      */
-    async getAuthTokenFromSession(sessionId) {
+    async getAuthTokenFromSession(sessionId, profileId) {
         // Early return if sessionId is missing/empty
         // Prevents misleading warn logs with empty sessionId
         if (!sessionId) {
@@ -430,23 +507,24 @@ export class MCPServer {
             return undefined;
         }
         // Ensure token is valid (refresh if expired)
-        const isValid = await this.httpTransport.ensureValidSessionToken(sessionId);
+        const effectiveProfileId = profileId || this.getProfileIdValue();
+        const isValid = await this.httpTransport.ensureValidSessionToken(effectiveProfileId, sessionId);
         if (!isValid) {
-            this.logger.warn('Session token validation/refresh failed', { sessionId });
+            this.logger.warn('Session token validation/refresh failed', { profileId: effectiveProfileId, sessionId });
             // Still return token if available - let the API call fail with proper error
         }
         // Use public API instead of type casting
-        return this.httpTransport.getSessionToken(sessionId);
+        return this.httpTransport.getSessionToken(effectiveProfileId, sessionId);
     }
     /**
      * Cleanup HTTP client for destroyed session
      *
      * Why: Prevent memory leak - sessions expire but cached clients stay forever
      */
-    cleanupSessionClient(sessionId) {
+    cleanupSessionClient(profileId, sessionId) {
         const removed = this.httpClientFactory.cleanupSessionClient(sessionId);
         if (removed) {
-            this.logger.info('Cleaned up session HTTP client', { sessionId });
+            this.logger.info('Cleaned up session HTTP client', { profileId, sessionId });
         }
     }
     /**
@@ -530,15 +608,16 @@ export class MCPServer {
      * Why separate: Simple tools map directly to single OpenAPI operation.
      * No result aggregation needed.
      */
-    async executeSimpleTool(toolDef, args, sessionId) {
+    async executeSimpleTool(toolDef, args, sessionId, profileId) {
+        const normalizedArgs = normalizeArguments(toolDef, args);
         this.logger.debug('Executing simple tool', {
             toolName: toolDef.name,
-            action: args['action'],
-            resourceType: args['resource_type'],
+            action: normalizedArgs['action'],
+            resourceType: normalizedArgs['resource_type'],
             sessionId
         });
         // Get operation definition (can be string or ProxyDownloadOperation)
-        const operationDef = this.toolGenerator.getOperationDefinition(toolDef, args);
+        const operationDef = this.toolGenerator.getOperationDefinition(toolDef, normalizedArgs);
         if (!operationDef) {
             throw new ValidationError(`Could not map tool action to operation`, {
                 toolName: toolDef.name,
@@ -549,7 +628,7 @@ export class MCPServer {
         }
         // Check if this is a proxy download operation
         if (typeof operationDef === 'object' && operationDef.type === 'proxy_download') {
-            return this.executeProxyDownload(operationDef, args, sessionId);
+            return this.executeProxyDownload(operationDef, normalizedArgs, sessionId, profileId);
         }
         // Regular string operation
         const operationId = operationDef;
@@ -558,9 +637,9 @@ export class MCPServer {
             throw new OperationNotFoundError(operationId);
         }
         // Build request
-        const path = this.resolvePath(operation.path, args);
-        const queryParams = this.extractQueryParams(operation, args);
-        const body = this.extractBody(operation, args, toolDef);
+        const path = this.resolvePath(operation.path, normalizedArgs);
+        const queryParams = this.extractQueryParams(operation, normalizedArgs);
+        const body = this.extractBody(operation, normalizedArgs, toolDef);
         this.logger.debug('Executing HTTP request', {
             operationId,
             method: operation.method,
@@ -579,9 +658,9 @@ export class MCPServer {
             }
         }
         // Execute with session-specific client
-        const httpClient = await this.getHttpClientForSession(sessionId);
+        const httpClient = await this.getHttpClientForSession(sessionId, profileId);
         // Set fields parameter if response_fields are configured for this action AND enabled
-        const action = args.action;
+        const action = normalizedArgs.action;
         if (toolDef.send_response_fields_as_param && toolDef.response_fields && action && toolDef.response_fields[action]) {
             const fields = toolDef.response_fields[action];
             queryParams.fields = fields.join(',');
@@ -594,7 +673,7 @@ export class MCPServer {
         // Apply response field filtering if configured
         let result = response.body;
         if (toolDef.response_fields) {
-            const action = args.action;
+            const action = normalizedArgs.action;
             if (action && toolDef.response_fields[action]) {
                 const fields = toolDef.response_fields[action];
                 result = this.filterFields(result, fields);
@@ -608,7 +687,7 @@ export class MCPServer {
      * Why: Some APIs return authenticated URLs that LLMs cannot fetch directly.
      * This proxies the download through the MCP server.
      */
-    async executeProxyDownload(operation, args, sessionId) {
+    async executeProxyDownload(operation, args, sessionId, profileId) {
         this.logger.debug('Executing proxy download', {
             metadataEndpoint: operation.metadata_endpoint,
             urlField: operation.url_field,
@@ -634,7 +713,7 @@ export class MCPServer {
             };
         }
         // Get auth credentials for download
-        const httpClient = await this.getHttpClientForSession(sessionId);
+        const httpClient = await this.getHttpClientForSession(sessionId, profileId);
         const authCredentials = httpClient.getAuthCredentials();
         // Execute proxy download
         const proxyExecutor = new ProxyDownloadExecutor(httpClient, this.logger);
@@ -781,75 +860,25 @@ export class MCPServer {
      */
     async runHttp(host, port) {
         const { HttpTransport } = await import('./http-transport.js');
-        // Get OAuth config from profile (supports multi-auth)
-        const oauthConfig = this.getOAuthConfig();
-        if (oauthConfig) {
+        const profileContext = this.getHttpProfileContext();
+        if (profileContext.oauthConfig) {
             this.logger.info('OAuth authentication enabled for HTTP transport');
         }
-        // Get auth configs for token validation
-        const authConfigs = this.getAuthConfigs();
-        const baseUrl = this.getBaseUrl();
-        // Extract OAuth rate limit from profile (if configured)
-        const oauthAuthConfig = authConfigs.find(c => c.type === 'oauth');
-        const oauthRateLimit = oauthAuthConfig?.oauth_rate_limit;
-        // Extract resource metadata from OpenAPI spec or profile
-        const resourceMetadata = this.parser.getResourceMetadata();
+        const baseConfig = buildHttpTransportBaseConfig(host, port);
         const config = {
-            host,
-            port,
-            sessionTimeoutMs: parseInt(process.env.MCP4_SESSION_TIMEOUT_MS || String(TIMEOUTS.SESSION_TIMEOUT_MS), 10),
-            heartbeatEnabled: process.env.MCP4_HEARTBEAT_ENABLED === 'true',
-            heartbeatIntervalMs: parseInt(process.env.MCP4_HEARTBEAT_INTERVAL_MS || String(TIMEOUTS.HEARTBEAT_INTERVAL_MS), 10),
-            metricsEnabled: process.env.MCP4_METRICS_ENABLED === 'true',
-            metricsPath: process.env.MCP4_METRICS_PATH || '/metrics',
-            allowedOrigins: process.env.MCP4_ALLOWED_ORIGINS
-                ? process.env.MCP4_ALLOWED_ORIGINS.split(',').map(o => o.trim())
-                : undefined,
-            rateLimitEnabled: process.env.MCP4_HTTP_RATE_LIMIT_ENABLED !== 'false', // default: true
-            rateLimitWindowMs: parseInt(process.env.MCP4_HTTP_RATE_LIMIT_WINDOW_MS || String(TIMEOUTS.RATE_LIMIT_WINDOW_MS), 10),
-            rateLimitMaxRequests: parseInt(process.env.MCP4_HTTP_RATE_LIMIT_MAX_REQUESTS || '100', 10),
-            rateLimitMetricsMax: parseInt(process.env.MCP4_HTTP_RATE_LIMIT_METRICS_MAX || '10', 10),
+            ...baseConfig,
+            profileRoutingEnabled: false,
+            defaultProfileId: profileContext.profileId,
             // OAuth rate limiting (priority: profile > env vars > defaults)
-            rateLimitOAuthMax: oauthRateLimit?.max_requests
-                || parseInt(process.env.MCP4_OAUTH_RATE_LIMIT_MAX || String(OAUTH_RATE_LIMIT.MAX_REQUESTS), 10),
-            rateLimitOAuthWindowMs: oauthRateLimit?.window_ms
-                || parseInt(process.env.MCP4_OAUTH_RATE_LIMIT_WINDOW_MS || String(OAUTH_RATE_LIMIT.WINDOW_MS), 10),
-            maxTokenLength: process.env.MCP4_TOKEN_MAX_LENGTH
-                ? parseInt(process.env.MCP4_TOKEN_MAX_LENGTH, 10)
-                : undefined, // Uses default from http-transport.ts if undefined
-            // Pass OAuth config with allowed_redirect_hosts derived from MCP4_ALLOWED_ORIGINS
-            oauthConfig: oauthConfig ? {
-                ...oauthConfig,
-                allowed_redirect_hosts: oauthConfig.allowed_redirect_hosts
-                    || (process.env.MCP4_ALLOWED_ORIGINS
-                        ? this.extractHostsFromOrigins(process.env.MCP4_ALLOWED_ORIGINS)
-                        : undefined),
-            } : undefined,
-            baseUrl, // Pass base URL for token validation
-            authConfigs, // Pass auth configs for token validation
-            // OAuth resource metadata (priority: profile > OpenAPI > fallback)
-            resourceName: this.profile?.resource_name || resourceMetadata.name || 'MCP Server',
-            resourceDocumentation: this.profile?.resource_documentation || resourceMetadata.documentation,
-            sslCertFile: process.env.MCP4_SSL_CERT_FILE,
-            sslKeyFile: process.env.MCP4_SSL_KEY_FILE,
-            oauthSessionTimeoutMs: (() => {
-                if (process.env.MCP4_OAUTH_SESSION_TIMEOUT_MS === undefined)
-                    return undefined;
-                const parsed = parseInt(process.env.MCP4_OAUTH_SESSION_TIMEOUT_MS, 10);
-                if (Number.isNaN(parsed)) {
-                    throw new ConfigurationError(`Invalid MCP4_OAUTH_SESSION_TIMEOUT_MS: expected integer milliseconds, got '${process.env.MCP4_OAUTH_SESSION_TIMEOUT_MS}'`);
-                }
-                return parsed;
-            })(),
-            oauthRefreshThresholdMs: (() => {
-                if (process.env.MCP4_OAUTH_REFRESH_THRESHOLD_MS === undefined)
-                    return undefined;
-                const parsed = parseInt(process.env.MCP4_OAUTH_REFRESH_THRESHOLD_MS, 10);
-                if (Number.isNaN(parsed)) {
-                    throw new ConfigurationError(`Invalid MCP4_OAUTH_REFRESH_THRESHOLD_MS: expected integer milliseconds, got '${process.env.MCP4_OAUTH_REFRESH_THRESHOLD_MS}'`);
-                }
-                return parsed;
-            })(),
+            rateLimitOAuthMax: profileContext.rateLimitOAuthMax,
+            rateLimitOAuthWindowMs: profileContext.rateLimitOAuthWindowMs,
+            // OAuth config already merged with allowed_redirect_hosts
+            oauthConfig: profileContext.oauthConfig,
+            baseUrl: profileContext.baseUrl,
+            authConfigs: profileContext.authConfigs,
+            resourceName: profileContext.resourceName,
+            resourceDocumentation: profileContext.resourceDocumentation,
+            parser: profileContext.parser,
         };
         // Warn if binding to non-localhost without explicit MCP4_ALLOWED_ORIGINS
         const isLocalhost = host === 'localhost' || host === '127.0.0.1' || host === '::1';
@@ -858,37 +887,58 @@ export class MCPServer {
             this.logger.warn('Binding to non-localhost with empty MCP4_ALLOWED_ORIGINS. Set MCP4_ALLOWED_ORIGINS or bind to localhost.');
         }
         this.httpTransport = new HttpTransport(config, this.logger);
+        this.recordGlobalToolFilterMetrics();
         // Set message handler to process JSON-RPC messages
-        this.httpTransport.setMessageHandler(async (message, sessionId) => {
-            return await this.handleJsonRpcMessage(message, sessionId);
+        this.httpTransport.setMessageHandler(async (message, sessionId, profileId) => {
+            return await this.handleJsonRpcMessage(message, sessionId, profileId);
         });
         // Register cleanup listener for session destruction (memory leak prevention)
-        this.httpTransport.onSessionDestroyed((sessionId) => {
-            this.cleanupSessionClient(sessionId);
+        this.httpTransport.onSessionDestroyed((profileId, sessionId) => {
+            this.cleanupSessionClient(profileId, sessionId);
         });
         await this.httpTransport.start();
         this.logger.info('MCP server running on HTTP', { host, port });
     }
+    attachHttpTransport(transport) {
+        this.httpTransport = transport;
+    }
+    handleSessionDestroyed(profileId, sessionId) {
+        this.cleanupSessionClient(profileId, sessionId);
+    }
     /**
      * Handle JSON-RPC message from HTTP transport
      *
      * Why: Unified message handling for both stdio and HTTP transports
      */
-    async handleJsonRpcMessage(message, sessionId) {
+    async handleJsonRpcMessage(message, sessionId, profileId) {
         // Handle initialize
         if (isInitializeRequest(message)) {
-            return this.handleInitialize(message, sessionId);
+            return this.handleInitialize(message, sessionId, profileId);
         }
         // Handle tool calls
         if (isToolCallRequest(message)) {
-            return await this.handleToolCall(message, sessionId);
+            return await this.handleToolCall(message, sessionId, profileId);
         }
         // Handle other JSON-RPC requests
         // (tools/list, prompts/list, etc.)
-        return await this.handleOtherRequest(message, sessionId);
+        return await this.handleOtherRequest(message, sessionId, profileId);
     }
-    handleInitialize(message, sessionId) {
+    async handleHttpMessage(message, sessionId, profileId) {
+        return this.handleJsonRpcMessage(message, sessionId, profileId);
+    }
+    handleInitialize(message, sessionId, profileId) {
         const req = message;
+        const params = req.params;
+        if (!this.httpTransport && params?.filtering !== undefined) {
+            if (typeof params.filtering !== 'string') {
+                throw new ValidationError('Invalid X-Mcp4-Params header. Expected comma-separated key=value pairs.');
+            }
+            const parsed = parseFilteringHeader(params.filtering);
+            this.stdioFiltering = parsed.filtering;
+        }
+        if (this.httpTransport && sessionId) {
+            this.applySessionToolFiltering(sessionId, profileId);
+        }
         const result = {
             protocolVersion: '2025-03-26',
             serverInfo: {
@@ -911,14 +961,14 @@ export class MCPServer {
             result,
         };
     }
-    async handleToolCall(message, sessionId) {
+    async handleToolCall(message, sessionId, profileId) {
         const req = message;
         const params = req.params;
         const toolName = params.name;
         const args = params.arguments;
         // Check OAuth authentication for tool operations
-        if (this.httpTransport && this.httpTransport.hasOAuthProvider()) {
-            const authToken = await this.getAuthTokenFromSession(sessionId || '');
+        if (this.httpTransport && this.httpTransport.hasOAuthProvider(profileId)) {
+            const authToken = await this.getAuthTokenFromSession(sessionId || '', profileId);
             if (!authToken) {
                 // Return OAuth required error with WWW-Authenticate header
                 // This should trigger the OAuth flow in the client
@@ -930,7 +980,7 @@ export class MCPServer {
                         message: 'Authentication required. Please authorize via OAuth.',
                         data: {
                             oauth_required: true,
-                            resource_metadata: `${this.httpTransport.getServerUrl()}/.well-known/oauth-protected-resource/mcp`,
+                            resource_metadata: this.httpTransport.getOAuthProtectedResourceUrl(profileId),
                             scope: 'api'
                         }
                     }
@@ -942,12 +992,30 @@ export class MCPServer {
             // Find tool definition
             const toolDef = this.profile?.tools.find(t => t.name === toolName);
             if (!toolDef) {
-                throw new OperationNotFoundError(toolName);
+                throw new ResourceNotFoundError(toolName, 'Tool');
+            }
+            const toolFilter = this.getToolFilterForSession(sessionId, profileId);
+            if (toolFilter && !toolFilter.allowedToolNames.has(toolName)) {
+                this.recordToolFilterRejection(toolName, 'session');
+                const reason = toolFilter.reasons.get(toolName)?.[0];
+                const reasonSuffix = reason ? ` Blocked by: ${reason}.` : '';
+                throw new AuthorizationError(`Tool '${toolName}' not allowed by X-Mcp4-Tools filter.${reasonSuffix}`);
+            }
+            const filtering = this.getFilteringForSession(sessionId, profileId);
+            if (filtering) {
+                const operation = this.getFilteringOperationInfo(toolDef, args);
+                enforceFiltering({
+                    filtering,
+                    toolDef,
+                    args,
+                    parameterAliases: this.profile?.parameter_aliases,
+                    operation,
+                });
             }
             // Execute tool (reuse existing execution logic)
             let result;
             if (toolDef.composite && toolDef.steps) {
-                const httpClient = await this.getHttpClientForSession(sessionId);
+                const httpClient = await this.getHttpClientForSession(sessionId, profileId);
                 const compositeResult = await this.compositeExecutor.execute(toolDef.steps, args, toolDef.partial_results || false, httpClient);
                 result = {
                     data: compositeResult.data,
@@ -958,7 +1026,7 @@ export class MCPServer {
                 };
             }
             else {
-                result = await this.executeSimpleTool(toolDef, args, sessionId);
+                result = await this.executeSimpleTool(toolDef, args, sessionId, profileId);
             }
             return {
                 jsonrpc: '2.0',
@@ -1003,6 +1071,9 @@ export class MCPServer {
             else if (error instanceof OperationNotFoundError) {
                 errorCode = -32601; // Method not found
             }
+            else if (error instanceof ResourceNotFoundError) {
+                errorCode = -32601; // Method not found
+            }
             return {
                 jsonrpc: '2.0',
                 id: req.id,
@@ -1013,11 +1084,35 @@ export class MCPServer {
             };
         }
     }
-    async handleOtherRequest(message, sessionId) {
+    getFilteringForSession(sessionId, profileId) {
+        if (this.httpTransport && sessionId) {
+            const effectiveProfileId = profileId || this.getProfileIdValue();
+            return this.httpTransport.getSessionFiltering(effectiveProfileId, sessionId);
+        }
+        return this.stdioFiltering;
+    }
+    getToolFilterForSession(sessionId, profileId) {
+        if (this.httpTransport && sessionId && typeof this.httpTransport.getSessionToolFilter === 'function') {
+            const effectiveProfileId = profileId || this.getProfileIdValue();
+            return this.httpTransport.getSessionToolFilter(effectiveProfileId, sessionId);
+        }
+        return undefined;
+    }
+    getFilteringOperationInfo(toolDef, args) {
+        if (toolDef.composite) {
+            return undefined;
+        }
+        const operationId = this.toolGenerator.mapActionToOperation(toolDef, args);
+        if (!operationId) {
+            return undefined;
+        }
+        return this.parser.getOperation(operationId);
+    }
+    async handleOtherRequest(message, sessionId, profileId) {
         const req = message;
         // Check OAuth authentication for other operations (like tools/list)
-        if (this.httpTransport && this.httpTransport.hasOAuthProvider()) {
-            const authToken = await this.getAuthTokenFromSession(sessionId || '');
+        if (this.httpTransport && this.httpTransport.hasOAuthProvider(profileId)) {
+            const authToken = await this.getAuthTokenFromSession(sessionId || '', profileId);
             if (!authToken) {
                 // Return OAuth required error with WWW-Authenticate header
                 // This should trigger the OAuth flow in the client
@@ -1029,7 +1124,7 @@ export class MCPServer {
                         message: 'Authentication required. Please authorize via OAuth.',
                         data: {
                             oauth_required: true,
-                            resource_metadata: `${this.httpTransport.getServerUrl()}/.well-known/oauth-protected-resource/mcp`,
+                            resource_metadata: this.httpTransport.getOAuthProtectedResourceUrl(profileId),
                             scope: 'api'
                         }
                     }
@@ -1039,7 +1134,11 @@ export class MCPServer {
         }
         // Handle tools/list
         if (req.method === 'tools/list') {
-            const tools = this.profile?.tools.map(toolDef => this.toolGenerator.generateTool(toolDef)) || [];
+            const sessionFilter = this.getToolFilterForSession(sessionId, profileId);
+            const allowedSet = sessionFilter?.allowedToolNames;
+            const tools = this.profile?.tools
+                .filter(toolDef => !allowedSet || allowedSet.has(toolDef.name))
+                .map(toolDef => this.toolGenerator.generateTool(toolDef)) || [];
             return {
                 jsonrpc: '2.0',
                 id: req.id,
@@ -1058,6 +1157,204 @@ export class MCPServer {
             },
         };
     }
+    applyGlobalToolFiltering() {
+        if (!this.profile) {
+            return;
+        }
+        // Initialize ToolFilterService if not already done
+        if (!this.toolFilterService) {
+            const validator = new RegexValidator();
+            const compiler = new RegexCompiler(validator);
+            const envParser = new EnvConfigParser(compiler);
+            const headerParser = new HeaderConfigParser(compiler);
+            // Create OperationDetector for category filtering
+            const classifier = new OperationClassifier();
+            const resolver = new OpenAPIOperationResolver(this.parser);
+            const detector = new OperationDetector(classifier, resolver);
+            this.toolFilterService = new ToolFilterService(envParser, headerParser, this.logger, detector);
+        }
+        const originalTools = this.profile.tools;
+        const originalCount = originalTools.length;
+        // Apply filtering using new service
+        const filteredTools = this.toolFilterService.applyGlobalFilter(originalTools, process.env);
+        const allowedCount = filteredTools.length;
+        const removedCount = originalCount - allowedCount;
+        // Early return if no filtering config present (service returned same tools)
+        if (filteredTools === originalTools) {
+            return;
+        }
+        // Validation: check if filter has no effect
+        if (originalCount > 0 && allowedCount === originalCount && removedCount === 0) {
+            throw new ConfigurationError(`Tool filter configuration has no effect. Original tool count: ${originalCount}, filtered: ${allowedCount}. Check MCP4_TOOL_FILTER_* patterns.`);
+        }
+        // Validation: check if all tools filtered
+        if (originalCount > 0 && allowedCount === 0) {
+            throw new ConfigurationError(`All tools filtered out (original: ${originalCount}). Check MCP4_TOOL_FILTER_* settings.`);
+        }
+        // Validate composite tools against filtered operations
+        const resolver = this.buildToolFilterResolver();
+        this.validateCompositeToolsAgainstFilteredOperations(originalTools, filteredTools, resolver);
+        // Update profile
+        this.profile.tools = filteredTools;
+        // Record summary for metrics
+        this.globalToolFilterSummary = {
+            originalCount,
+            allowedCount,
+            removedCount,
+            patternCounts: {
+                // Note: counts not available from new service, using simplified version
+                filtered: removedCount
+            }
+        };
+        // Warn if high percentage filtered
+        const warnThreshold = this.getToolFilterWarnThresholdPct();
+        if (originalCount > 0) {
+            const percentFiltered = (removedCount / originalCount) * 100;
+            if (percentFiltered >= warnThreshold) {
+                this.logger.warn('Tool filter removed high percentage of tools', {
+                    original: originalCount,
+                    surviving: allowedCount,
+                    threshold_pct: warnThreshold,
+                    removed_count: removedCount
+                });
+            }
+        }
+        if (this.httpTransport) {
+            this.recordGlobalToolFilterMetrics();
+        }
+    }
+    applySessionToolFiltering(sessionId, profileId) {
+        if (!this.httpTransport || !this.profile) {
+            return;
+        }
+        if (typeof this.httpTransport.getSessionToolFilterRequest !== 'function') {
+            return;
+        }
+        const effectiveProfileId = profileId || this.getProfileIdValue();
+        const request = this.httpTransport.getSessionToolFilterRequest(effectiveProfileId, sessionId);
+        if (!request) {
+            return;
+        }
+        const originalCount = this.profile.tools.length;
+        const resolver = this.buildToolFilterResolver();
+        const sessionFilter = applySessionToolFilter(this.profile.tools, request, resolver);
+        const allowedCount = sessionFilter.allowedToolNames.size;
+        if (allowedCount === originalCount) {
+            throw new ValidationError(`X-Mcp4-Tools filter has no effect for this session. Available tools: ${originalCount}, after filter: ${allowedCount}. Check patterns.`);
+        }
+        if (originalCount > 0 && allowedCount === 0) {
+            const sources = request.rawEntries.length > 0 ? request.rawEntries.join(', ') : 'none';
+            throw new ValidationError(`X-Mcp4-Tools filtered out all tools (original: ${originalCount}). Removed by: ${sources}. Check session filter configuration.`);
+        }
+        this.httpTransport.setSessionToolFilter(effectiveProfileId, sessionId, sessionFilter);
+        this.logger.info('Session tool filter applied', {
+            sessionId,
+            originalCount,
+            allowedCount,
+            patterns: request.rawEntries,
+        });
+        this.recordSessionToolFilterMetrics(sessionId, allowedCount, request);
+    }
+    buildToolFilterResolver() {
+        return {
+            getOperationById: (operationId) => this.parser.getOperation(operationId),
+            getOperationForCall: (call) => {
+                const [method, path] = call.split(' ');
+                if (!method || !path) {
+                    return undefined;
+                }
+                const pathInfo = this.parser.getPath(path);
+                return pathInfo?.operations[method.toLowerCase()];
+            },
+        };
+    }
+    validateCompositeToolsAgainstFilteredOperations(originalTools, allowedTools, resolver) {
+        const operationToTools = new Map();
+        for (const tool of originalTools) {
+            if (!tool.operations) {
+                continue;
+            }
+            for (const operationId of Object.values(tool.operations)) {
+                if (typeof operationId !== 'string') {
+                    continue;
+                }
+                const names = operationToTools.get(operationId) ?? [];
+                names.push(tool.name);
+                operationToTools.set(operationId, names);
+            }
+        }
+        const allowedOperationIds = new Set();
+        for (const tool of allowedTools) {
+            if (!tool.operations) {
+                continue;
+            }
+            for (const operationId of Object.values(tool.operations)) {
+                if (typeof operationId !== 'string') {
+                    continue;
+                }
+                allowedOperationIds.add(operationId);
+            }
+        }
+        for (const tool of allowedTools) {
+            if (!tool.composite || !tool.steps) {
+                continue;
+            }
+            for (const step of tool.steps) {
+                const operation = resolver.getOperationForCall(step.call);
+                if (!operation) {
+                    continue;
+                }
+                if (allowedOperationIds.has(operation.operationId)) {
+                    continue;
+                }
+                const removedTools = operationToTools.get(operation.operationId);
+                if (!removedTools || removedTools.length === 0) {
+                    continue;
+                }
+                const removedList = removedTools.join(', ');
+                throw new ConfigurationError(`Composite tool '${tool.name}' step '${step.call}' calls filtered tool '${removedList}'. ` +
+                    `Add '${removedList}' to filter or include _allow_list or _allow_read if it is a list or read operation.`);
+            }
+        }
+    }
+    getToolFilterWarnThresholdPct() {
+        const raw = process.env.MCP4_TOOL_FILTER_WARN_THRESHOLD_PCT;
+        if (raw === undefined) {
+            return 90;
+        }
+        const parsed = Number(raw);
+        if (Number.isNaN(parsed) || parsed <= 0) {
+            throw new ConfigurationError(`Invalid MCP4_TOOL_FILTER_WARN_THRESHOLD_PCT: expected positive number, got '${raw}'.`);
+        }
+        return parsed;
+    }
+    recordGlobalToolFilterMetrics() {
+        if (!this.httpTransport || !this.globalToolFilterSummary) {
+            return;
+        }
+        if (typeof this.httpTransport.recordGlobalToolFilterMetrics !== 'function') {
+            return;
+        }
+        this.httpTransport.recordGlobalToolFilterMetrics(this.globalToolFilterSummary);
+    }
+    recordSessionToolFilterMetrics(sessionId, allowedCount, request) {
+        if (!this.httpTransport) {
+            return;
+        }
+        if (typeof this.httpTransport.recordSessionToolFilterMetrics !== 'function') {
+            return;
+        }
+        this.httpTransport.recordSessionToolFilterMetrics(sessionId, allowedCount, request);
+    }
+    recordToolFilterRejection(toolName, source) {
+        if (!this.httpTransport) {
+            return;
+        }
+        if (typeof this.httpTransport.recordToolFilterRejection !== 'function') {
+            return;
+        }
+        this.httpTransport.recordToolFilterRejection(toolName, source);
+    }
     /**
      * Stop the MCP server gracefully
      *