mcp4openapi 0.3.1 → 0.3.4

package/dist/src/http-client-factory.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"http-client-factory.js","sourceRoot":"","sources":["../../src/http-client-factory.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,gBAAgB,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAEjE,OAAO,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAQtE;;;GAGG;AACH,MAAM,OAAO,iBAAiB;IAA9B;QAEU,mBAAc,GAAG,IAAI,GAAG,EAAsB,CAAC;IA0IzD,CAAC;IAxIC;;OAEG;IACH,kBAAkB,CAAC,MAAwB;QACzC,MAAM,YAAY,GAAG,IAAI,CAAC,sBAAsB,CAAC,MAAM,CAAC,CAAC;QACzD,MAAM,MAAM,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QAC5D,IAAI,CAAC,YAAY,GAAG,MAAM,CAAC;QAC3B,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,wBAAwB,CAAC,SAAiB,EAAE,MAAwB;QAClE,oBAAoB;QACpB,IAAI,MAAM,GAAG,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAChD,IAAI,MAAM,EAAE,CAAC;YACX,OAAO,MAAM,CAAC;QAChB,CAAC;QAED,gCAAgC;QAChC,MAAM,YAAY,GAAG,IAAI,CAAC,sBAAsB,CAAC,MAAM,CAAC,CAAC;QACzD,MAAM,SAAS,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QAE/D,kCAAkC;QAClC,MAAM,cAAc,GAAG,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC1D,IAAI,cAAc,EAAE,CAAC;YACnB,OAAO,cAAc,CAAC;QACxB,CAAC;QAED,mBAAmB;QACnB,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;QAC9C,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;OAEG;IACH,eAAe;QACb,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;YACvB,MAAM,IAAI,kBAAkB,CAAC,oCAAoC,CAAC,CAAC;QACrE,CAAC;QACD,OAAO,IAAI,CAAC,YAAY,CAAC;IAC3B,CAAC;IAED;;OAEG;IACH,gBAAgB,CAAC,SAAiB;QAChC,MAAM,MAAM,GAAG,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAClD,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,kBAAkB,CAAC,8CAA8C,SAAS,EAAE,CAAC,CAAC;QAC1F,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,oBAAoB,CAAC,SAAiB;QACpC,OAAO,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IAC/C,CAAC;IAED;;OAEG;IACH,eAAe;QACb,OAAO,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC;IAC7B,CAAC;IAED;;OAEG;IACH,gBAAgB,CAAC,SAAiB;QAChC,OAAO,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IAC5C,CAAC;IAED;;OAEG;IACK,YAAY,CAAC,MAAwB;QAC3C,8CAA8C;QAC9C,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;YACxB,OAAO,MAAM,CAAC,YAAY,CAAC;QAC7B,CAAC;QAED,MAAM,aAAa,GAAG,MAAM,CAAC,OAAO,CAAC,YAAY,EAAE,IAAI,CAAC;QACxD,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,kDAAkD;QAClD,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC;QACnF,MAAM,aAAa,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,CAAC,CAAC;QACxF,MAAM,UAAU,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,OAAO,CAAC,CAAC;QAE/D,IAAI,UAAU,IAAI,UAAU,CAAC,cAAc,EAAE,CAAC;YAC5C,OAAO,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,cAAc,CAAC,CAAC;QAChD,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;OAEG;IACK,sBAAsB,CAAC,MAAwB;QACrD,MAAM,KAAK,GAAG,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;QACxC,OAAO,IAAI,gBAAgB,CAAC,MAAM,CAAC,OAAO,CAAC,YAAY,IAAI,EAAE,EAAE,KAAK,CAAC,CAAC;IACxE,CAAC;IAED;;OAEG;IACH,oBAAoB,CAAC,MAAwB;QAC3C,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACpB,MAAM,IAAI,kBAAkB,CAAC,sCAAsC,CAAC,CAAC;QACvE,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACpB,MAAM,IAAI,kBAAkB,CAAC,qCAAqC,CAAC,CAAC;QACtE,CAAC;QAED,4CAA4C;QAC5C,MAAM,QAAQ,GAAG,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;QAC3C,IAAI,CAAC,QAAQ,IAAI,MAAM,CAAC,OAAO,CAAC,YAAY,EAAE,IAAI,EAAE,CAAC;YACnD,MAAM,aAAa,GAAG,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,IAAI,CAAC;YACvD,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC;YACnF,MAAM,cAAc,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,OAAO,CAAC,CAAC;YACjE,MAAM,MAAM,GAAG,cAAc,EAAE,cAAc,IAAI,gBAAgB,CAAC;YAClE,MAAM,IAAI,mBAAmB,CAC3B,sEAAsE,MAAM,UAAU,EACtF,EAAE,MAAM,EAAE,CACX,CAAC;QACJ,CAAC;IACH,CAAC;CACF"}

package/dist/src/http-transport-config.d.ts

@@ -1,6 +0,0 @@
-/**
- * Build base HTTP transport configuration from environment variables.
- */
-import type { HttpTransportConfig } from './types/http-transport.js';
-export declare function buildHttpTransportBaseConfig(host: string, port: number): HttpTransportConfig;
-//# sourceMappingURL=http-transport-config.d.ts.map

package/dist/src/http-transport-config.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"http-transport-config.d.ts","sourceRoot":"","sources":["../../src/http-transport-config.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAErE,wBAAgB,4BAA4B,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,mBAAmB,CA0C5F"}

package/dist/src/http-transport-config.js

@@ -1,47 +0,0 @@
-/**
- * Build base HTTP transport configuration from environment variables.
- */
-import { TIMEOUTS } from './constants.js';
-import { ConfigurationError } from './errors.js';
-export function buildHttpTransportBaseConfig(host, port) {
-    return {
-        host,
-        port,
-        sessionTimeoutMs: parseInt(process.env.MCP4_SESSION_TIMEOUT_MS || String(TIMEOUTS.SESSION_TIMEOUT_MS), 10),
-        heartbeatEnabled: process.env.MCP4_HEARTBEAT_ENABLED === 'true',
-        heartbeatIntervalMs: parseInt(process.env.MCP4_HEARTBEAT_INTERVAL_MS || String(TIMEOUTS.HEARTBEAT_INTERVAL_MS), 10),
-        metricsEnabled: process.env.MCP4_METRICS_ENABLED === 'true',
-        metricsPath: process.env.MCP4_METRICS_PATH || '/metrics',
-        allowedOrigins: process.env.MCP4_ALLOWED_ORIGINS
-            ? process.env.MCP4_ALLOWED_ORIGINS.split(',').map(o => o.trim())
-            : undefined,
-        rateLimitEnabled: process.env.MCP4_HTTP_RATE_LIMIT_ENABLED !== 'false', // default: true
-        rateLimitWindowMs: parseInt(process.env.MCP4_HTTP_RATE_LIMIT_WINDOW_MS || String(TIMEOUTS.RATE_LIMIT_WINDOW_MS), 10),
-        rateLimitMaxRequests: parseInt(process.env.MCP4_HTTP_RATE_LIMIT_MAX_REQUESTS || '100', 10),
-        rateLimitMetricsMax: parseInt(process.env.MCP4_HTTP_RATE_LIMIT_METRICS_MAX || '10', 10),
-        maxTokenLength: process.env.MCP4_TOKEN_MAX_LENGTH
-            ? parseInt(process.env.MCP4_TOKEN_MAX_LENGTH, 10)
-            : undefined,
-        sslCertFile: process.env.MCP4_SSL_CERT_FILE,
-        sslKeyFile: process.env.MCP4_SSL_KEY_FILE,
-        oauthSessionTimeoutMs: (() => {
-            if (process.env.MCP4_OAUTH_SESSION_TIMEOUT_MS === undefined)
-                return undefined;
-            const parsed = parseInt(process.env.MCP4_OAUTH_SESSION_TIMEOUT_MS, 10);
-            if (Number.isNaN(parsed)) {
-                throw new ConfigurationError(`Invalid MCP4_OAUTH_SESSION_TIMEOUT_MS: expected integer milliseconds, got '${process.env.MCP4_OAUTH_SESSION_TIMEOUT_MS}'`);
-            }
-            return parsed;
-        })(),
-        oauthRefreshThresholdMs: (() => {
-            if (process.env.MCP4_OAUTH_REFRESH_THRESHOLD_MS === undefined)
-                return undefined;
-            const parsed = parseInt(process.env.MCP4_OAUTH_REFRESH_THRESHOLD_MS, 10);
-            if (Number.isNaN(parsed)) {
-                throw new ConfigurationError(`Invalid MCP4_OAUTH_REFRESH_THRESHOLD_MS: expected integer milliseconds, got '${process.env.MCP4_OAUTH_REFRESH_THRESHOLD_MS}'`);
-            }
-            return parsed;
-        })(),
-    };
-}
-//# sourceMappingURL=http-transport-config.js.map

package/dist/src/http-transport-config.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"http-transport-config.js","sourceRoot":"","sources":["../../src/http-transport-config.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAC;AAC1C,OAAO,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AAGjD,MAAM,UAAU,4BAA4B,CAAC,IAAY,EAAE,IAAY;IACrE,OAAO;QACL,IAAI;QACJ,IAAI;QACJ,gBAAgB,EAAE,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,uBAAuB,IAAI,MAAM,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE,EAAE,CAAC;QAC1G,gBAAgB,EAAE,OAAO,CAAC,GAAG,CAAC,sBAAsB,KAAK,MAAM;QAC/D,mBAAmB,EAAE,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,0BAA0B,IAAI,MAAM,CAAC,QAAQ,CAAC,qBAAqB,CAAC,EAAE,EAAE,CAAC;QACnH,cAAc,EAAE,OAAO,CAAC,GAAG,CAAC,oBAAoB,KAAK,MAAM;QAC3D,WAAW,EAAE,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,UAAU;QACxD,cAAc,EAAE,OAAO,CAAC,GAAG,CAAC,oBAAoB;YAC9C,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAChE,CAAC,CAAC,SAAS;QACb,gBAAgB,EAAE,OAAO,CAAC,GAAG,CAAC,4BAA4B,KAAK,OAAO,EAAE,gBAAgB;QACxF,iBAAiB,EAAE,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,8BAA8B,IAAI,MAAM,CAAC,QAAQ,CAAC,oBAAoB,CAAC,EAAE,EAAE,CAAC;QACpH,oBAAoB,EAAE,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,iCAAiC,IAAI,KAAK,EAAE,EAAE,CAAC;QAC1F,mBAAmB,EAAE,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,gCAAgC,IAAI,IAAI,EAAE,EAAE,CAAC;QACvF,cAAc,EAAE,OAAO,CAAC,GAAG,CAAC,qBAAqB;YAC/C,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,qBAAqB,EAAE,EAAE,CAAC;YACjD,CAAC,CAAC,SAAS;QACb,WAAW,EAAE,OAAO,CAAC,GAAG,CAAC,kBAAkB;QAC3C,UAAU,EAAE,OAAO,CAAC,GAAG,CAAC,iBAAiB;QACzC,qBAAqB,EAAE,CAAC,GAAG,EAAE;YAC3B,IAAI,OAAO,CAAC,GAAG,CAAC,6BAA6B,KAAK,SAAS;gBAAE,OAAO,SAAS,CAAC;YAC9E,MAAM,MAAM,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,6BAA6B,EAAE,EAAE,CAAC,CAAC;YACvE,IAAI,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC;gBACzB,MAAM,IAAI,kBAAkB,CAC1B,8EAA8E,OAAO,CAAC,GAAG,CAAC,6BAA6B,GAAG,CAC3H,CAAC;YACJ,CAAC;YACD,OAAO,MAAM,CAAC;QAChB,CAAC,CAAC,EAAE;QACJ,uBAAuB,EAAE,CAAC,GAAG,EAAE;YAC7B,IAAI,OAAO,CAAC,GAAG,CAAC,+BAA+B,KAAK,SAAS;gBAAE,OAAO,SAAS,CAAC;YAChF,MAAM,MAAM,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,+BAA+B,EAAE,EAAE,CAAC,CAAC;YACzE,IAAI,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC;gBACzB,MAAM,IAAI,kBAAkB,CAC1B,gFAAgF,OAAO,CAAC,GAAG,CAAC,+BAA+B,GAAG,CAC/H,CAAC;YACJ,CAAC;YACD,OAAO,MAAM,CAAC;QAChB,CAAC,CAAC,EAAE;KACL,CAAC;AACJ,CAAC"}

package/dist/src/http-transport.d.ts

@@ -1,316 +0,0 @@
-/**
- * HTTP Streamable Transport for MCP
- *
- * Implements MCP Specification 2025-03-26
- * https://modelcontextprotocol.io/specification/2025-03-26/basic/transports
- *
- * Why: Enables remote MCP server access with SSE streaming, session management,
- * and resumability for reliable communication over HTTP.
- */
-import type { Logger } from './logger.js';
-import type { HttpTransportConfig, HttpProfileContext } from './types/http-transport.js';
-import type { SessionToolFilter, SessionToolFilterRequest } from './types/http-transport.js';
-export declare class HttpTransport {
-    private app;
-    private server;
-    private config;
-    private logger;
-    private metrics;
-    private cleanupInterval;
-    private messageHandler;
-    private profileContextProvider;
-    private profileStates;
-    private oauthRedirectHostCache;
-    private warnedMissingOAuthRedirectEnvVars;
-    constructor(config: HttpTransportConfig, logger: Logger);
-    /**
-     * Setup Express middleware
-     *
-     * Why: Security (Origin validation, rate limiting), JSON parsing, session extraction, metrics
-     */
-    private setupMiddleware;
-    setProfileContextProvider(provider: (profileId: string) => Promise<HttpProfileContext | null>): void;
-    private getDefaultProfileId;
-    private buildDefaultProfileContext;
-    private getProfileState;
-    private getProfileIdForRequest;
-    private getProfileStateForRequest;
-    private hasWarnedAboutBinding;
-    /**
-     * Check if origin is allowed
-     *
-     * Why: Prevent DNS rebinding attacks
-     *
-     * Supports:
-     * - Exact hostname: 'example.com', 'api.example.com'
-     * - Wildcard subdomain: '*.example.com'
-     * - IPv4 CIDR: '192.168.1.0/24', '10.0.0.0/8'
-     * - IPv4 exact: '192.168.1.100'
-     */
-    private isAllowedOrigin;
-    private getOAuthRedirectHostPatterns;
-    private extractRedirectHostPatterns;
-    private resolveRedirectUriFromEnv;
-    private resolveProfileIdFromPath;
-    private resolveProfileIdForOriginCheck;
-    private primeOAuthRedirectHosts;
-    private isAllowedOriginForRequest;
-    /**
-     * Match hostname against allowed origin pattern
-     *
-     * Supports:
-     * - Exact match: 'example.com' === 'example.com'
-     * - Wildcard: '*.example.com' matches 'api.example.com', 'web.example.com'
-     * - CIDR: '192.168.1.0/24' matches '192.168.1.1' through '192.168.1.254'
-     */
-    private matchOrigin;
-    /**
-     * Check if IP address is within CIDR range (IPv4 or IPv6)
-     *
-     * Example: '192.168.1.50' matches '192.168.1.0/24'
-     *          '2001:db8::1' matches '2001:db8::/32'
-     */
-    private matchCIDR;
-    /**
-     * Convert IPv4 address to 32-bit integer
-     *
-     * Example: '192.168.1.1' -> 3232235777
-     */
-    private ipv4ToInt;
-    /**
-     * Convert IPv6 address to 128-bit BigInt
-     */
-    private ipv6ToBigInt;
-    private ipv6Mask;
-    private stripIpv6Brackets;
-    /**
-     * Create configured rate limiter or a passthrough handler when disabled
-     *
-     * Why: Both MCP and metrics endpoints share the same rate limiting setup logic.
-     * Centralizing it keeps behaviour consistent and avoids drifting configuration.
-     */
-    private createRateLimiter;
-    private formatRateLimitMessage;
-    private getProfilePrefix;
-    private buildProfilePath;
-    private getServerOrigin;
-    private buildProfileUrl;
-    private normalizeResourcePath;
-    private resolveProfileIdFromResourceUrl;
-    getOAuthProtectedResourceUrl(profileId?: string): string;
-    private respondProfileNotFound;
-    /**
-     * Setup MCP endpoint routes
-     *
-     * Why: Single endpoint for POST (client→server) and GET (SSE stream)
-     */
-    private setupRoutes;
-    private getProfileIssuerUrl;
-    private handleOAuthProtectedResource;
-    private handleOAuthAuthorize;
-    private handleOAuthToken;
-    private handleOAuthCallback;
-    private handleOAuthAuthorizationServerMetadata;
-    private handleOAuthRegister;
-    /**
-     * Handle metrics endpoint
-     *
-     * Why: Prometheus scraping endpoint
-     */
-    private handleMetrics;
-    /**
-     * Validate authentication token by making a probe request to the API
-     *
-     * Supports all auth types: bearer, query, custom-header
-     * Returns true if token is valid, false otherwise
-     */
-    /**
-     * Builds a URL by intelligently combining base URL and endpoint
-     * Handles absolute URLs, absolute paths, and relative paths correctly
-     */
-    private buildUrl;
-    private validateAuthToken;
-    /**
-     * Validate token format and length
-     *
-     * Why centralized: Single source of truth for token validation rules
-     *
-     * Relaxed validation: Allow common API token characters including colons,
-     * to support various token formats (GitLab glpat-, YouTrack perm:, etc.)
-     */
-    private validateToken;
-    /**
-     * Extract and validate auth token from request headers
-     *
-     * Supports:
-     * - Authorization: Bearer <token>
-     * - X-API-Token: <token>
-     * - OAuth session (via mcp-session-id header)
-     *
-     * Why strict validation: Prevents header injection attacks
-     *
-     * Returns: { type: 'bearer' | 'oauth' | 'api-token', token: string, sessionId?: string }
-     */
-    private extractAuthToken;
-    /**
-     * Lazy initialization of ToolFilterService
-     */
-    private getToolFilterService;
-    /**
-     * Handle POST requests - Client sending messages to server
-     *
-     * MCP Spec: POST can contain requests, notifications, or responses
-     */
-    private handlePost;
-    /**
-     * Handle GET requests - Client opening SSE stream for server messages
-     *
-     * MCP Spec: GET opens SSE stream for server-initiated requests/notifications
-     */
-    private handleGet;
-    /**
-     * Handle DELETE requests - Client terminating session
-     *
-     * MCP Spec: DELETE explicitly terminates session
-     */
-    private handleDelete;
-    /**
-     * Start SSE response for a POST request
-     *
-     * Why: Returns response via SSE stream, allows server-initiated messages
-     */
-    private startSSEResponse;
-    /**
-     * Start SSE stream for GET request
-     *
-     * Why: Allows server to send requests/notifications to client
-     */
-    private startSSEStream;
-    /**
-     * Replay messages after Last-Event-ID
-     *
-     * Why: Resumability - client can reconnect and receive missed messages
-     */
-    private replayMessages;
-    /**
-     * Send message to client via SSE
-     *
-     * Why: Server-initiated requests/notifications
-     */
-    sendToClient(profileId: string, sessionId: string, message: unknown): void;
-    /**
-     * Determine message type (request, notification, response)
-     */
-    private getMessageType;
-    private getFilteringHeaderValue;
-    private getToolFilterHeaderValue;
-    /**
-     * Create new session
-     *
-     * Why: Stateful sessions for MCP protocol
-     */
-    private createSession;
-    /**
-     * Update session activity timestamp
-     */
-    private updateSessionActivity;
-    /**
-     * Destroy session and cleanup resources
-     *
-     * Why: Free memory, close streams
-     */
-    private destroySession;
-    /**
-     * Session destruction listeners for cleanup in other components
-     */
-    private sessionDestroyedListeners;
-    /**
-     * Register listener for session destruction events
-     *
-     * Why: Allows MCPServer to cleanup per-session HTTP clients
-     */
-    onSessionDestroyed(listener: (profileId: string, sessionId: string) => void): void;
-    /**
-     * Notify all listeners about session destruction
-     */
-    private notifySessionDestroyed;
-    /**
-     * Store OAuth tokens in internal map for later session initialization
-     *
-     * Why: Bridge between /oauth/token endpoint (where we see OAuthTokens)
-     * and session initialization (where we only see access token in Authorization header)
-     */
-    private storeOAuthTokens;
-    /**
-     * Cleanup expired sessions
-     *
-     * Why: Prevent memory leaks, enforce session timeout
-     *
-     * OAuth sessions with refresh tokens have extended or unlimited timeout
-     * to avoid forcing users to re-authenticate after periods of inactivity
-     */
-    private cleanupExpiredSessions;
-    /**
-     * Get auth token from session
-     *
-     * Why public: Allows MCPServer to securely access session tokens without breaking encapsulation
-     */
-    getSessionToken(profileId: string, sessionId: string): string | undefined;
-    getSessionFiltering(profileId: string, sessionId: string): Record<string, string[]> | undefined;
-    getSessionFilteringHeader(profileId: string, sessionId: string): string | undefined;
-    getSessionToolFilterRequest(profileId: string, sessionId: string): SessionToolFilterRequest | undefined;
-    getSessionToolFilter(profileId: string, sessionId: string): SessionToolFilter | undefined;
-    getSessionToolFilterHeader(profileId: string, sessionId: string): string | undefined;
-    setSessionToolFilter(profileId: string, sessionId: string, toolFilter: SessionToolFilter): void;
-    recordGlobalToolFilterMetrics(summary: {
-        originalCount: number;
-        allowedCount: number;
-        removedCount: number;
-        patternCounts: Record<string, number>;
-    }): void;
-    recordSessionToolFilterMetrics(sessionId: string, allowedCount: number, request: SessionToolFilterRequest): void;
-    recordToolFilterRejection(tool: string, source: 'env' | 'session'): void;
-    /**
-     * Ensure session has a valid access token, refreshing if necessary
-     *
-     * Why: Transparently refresh expired OAuth tokens before making API calls
-     * Returns true if token is valid (or was successfully refreshed), false otherwise
-     */
-    ensureValidSessionToken(profileId: string, sessionId: string): Promise<boolean>;
-    /**
-     * Refresh access token using refresh token
-     *
-     * Why: Automatically renew expired OAuth access tokens without user intervention
-     * Returns true on success, false on failure
-     */
-    private refreshAccessToken;
-    /**
-     * Set message handler for processing incoming JSON-RPC messages
-     */
-    setMessageHandler(handler: (message: unknown, sessionId?: string, profileId?: string) => Promise<unknown>): void;
-    /**
-     * Check if OAuth provider is configured
-     */
-    hasOAuthProvider(profileId?: string): boolean;
-    /**
-     * Get server URL
-     */
-    getServerUrl(profileId?: string): string;
-    /**
-     * Get OAuth authorization URL
-     */
-    getOAuthAuthorizationUrl(profileId?: string): string;
-    /**
-     * Get OAuth scopes
-     */
-    getOAuthScopes(profileId?: string): string[];
-    /**
-     * Start HTTP server
-     */
-    start(): Promise<void>;
-    /**
-     * Stop HTTP server
-     */
-    stop(): Promise<void>;
-}
-//# sourceMappingURL=http-transport.d.ts.map

package/dist/src/http-transport.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"http-transport.d.ts","sourceRoot":"","sources":["../../src/http-transport.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAUH,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,KAAK,EAIV,mBAAmB,EACnB,kBAAkB,EAEnB,MAAM,2BAA2B,CAAC;AA6BnC,OAAO,KAAK,EAAE,iBAAiB,EAAE,wBAAwB,EAAE,MAAM,2BAA2B,CAAC;AAc7F,qBAAa,aAAa;IACxB,OAAO,CAAC,GAAG,CAAsB;IACjC,OAAO,CAAC,MAAM,CAAsC;IACpD,OAAO,CAAC,MAAM,CAAsB;IACpC,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,OAAO,CAAiC;IAChD,OAAO,CAAC,eAAe,CAA+B;IACtD,OAAO,CAAC,cAAc,CAAiG;IACvH,OAAO,CAAC,sBAAsB,CAA4E;IAC1G,OAAO,CAAC,aAAa,CAA+C;IACpE,OAAO,CAAC,sBAAsB,CAAoC;IAClE,OAAO,CAAC,iCAAiC,CAA0B;gBAEvD,MAAM,EAAE,mBAAmB,EAAE,MAAM,EAAE,MAAM;IAkBvD;;;;OAIG;IACH,OAAO,CAAC,eAAe;IA4JhB,yBAAyB,CAC9B,QAAQ,EAAE,CAAC,SAAS,EAAE,MAAM,KAAK,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC,GAClE,IAAI;IAIP,OAAO,CAAC,mBAAmB;IAU3B,OAAO,CAAC,0BAA0B;YAmBpB,eAAe;IAwD7B,OAAO,CAAC,sBAAsB;YAOhB,yBAAyB;IAQvC,OAAO,CAAC,qBAAqB,CAAS;IAEtC;;;;;;;;;;OAUG;IACH,OAAO,CAAC,eAAe;IAqCvB,OAAO,CAAC,4BAA4B;IAgCpC,OAAO,CAAC,2BAA2B;IAkBnC,OAAO,CAAC,yBAAyB;IAuBjC,OAAO,CAAC,wBAAwB;IAiBhC,OAAO,CAAC,8BAA8B;YAiBxB,uBAAuB;YA4BvB,yBAAyB;IAkBvC;;;;;;;OAOG;IACH,OAAO,CAAC,WAAW;IAuBnB;;;;;OAKG;IACH,OAAO,CAAC,SAAS;IAsDjB;;;;OAIG;IACH,OAAO,CAAC,SAAS;IAmBjB;;OAEG;IACH,OAAO,CAAC,YAAY;IAiFpB,OAAO,CAAC,QAAQ;IAQhB,OAAO,CAAC,iBAAiB;IAIzB;;;;;OAKG;IACH,OAAO,CAAC,iBAAiB;IAkCzB,OAAO,CAAC,sBAAsB;IAI9B,OAAO,CAAC,gBAAgB;IAcxB,OAAO,CAAC,gBAAgB;IAMxB,OAAO,CAAC,eAAe;IAiBvB,OAAO,CAAC,eAAe;IAIvB,OAAO,CAAC,qBAAqB;IAK7B,OAAO,CAAC,+BAA+B;IA6BhC,4BAA4B,CAAC,SAAS,CAAC,EAAE,MAAM,GAAG,MAAM;IAK/D,OAAO,CAAC,sBAAsB;IAO9B;;;;OAIG;IACH,OAAO,CAAC,WAAW;IAiSnB,OAAO,CAAC,mBAAmB;YAMb,4BAA4B;YAqC5B,oBAAoB;YA6DpB,gBAAgB;YA+EhB,mBAAmB;YA8CnB,sCAAsC;YAgCtC,mBAAmB;IA8CjC;;;;OAIG;YACW,aAAa;IA0B3B;;;;;OAKG;IACH;;;OAGG;IACH,OAAO,CAAC,QAAQ;YAkBF,iBAAiB;IAqE/B;;;;;;;OAOG;IACH,OAAO,CAAC,aAAa;IAgBrB;;;;;;;;;;;OAWG;IACH,OAAO,CAAC,gBAAgB;IA+CxB;;OAEG;IACH,OAAO,CAAC,oBAAoB;IAyB5B;;;;OAIG;YACW,UAAU;IAkRxB;;;;OAIG;YACW,SAAS;IA6DvB;;;;OAIG;IACH,OAAO,CAAC,YAAY;IA+CpB;;;;OAIG;IACH,OAAO,CAAC,gBAAgB;IAuBxB;;;;OAIG;IACH,OAAO,CAAC,cAAc;IAkDtB;;;;OAIG;IACH,OAAO,CAAC,cAAc;IAatB;;;;OAIG;IACI,YAAY,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,GAAG,IAAI;IA6BjF;;OAEG;IACH,OAAO,CAAC,cAAc;IAuBtB,OAAO,CAAC,uBAAuB;IAc/B,OAAO,CAAC,wBAAwB;IAchC;;;;OAIG;IACH,OAAO,CAAC,aAAa;IAkDrB;;OAEG;IACH,OAAO,CAAC,qBAAqB;IAO7B;;;;OAIG;IACH,OAAO,CAAC,cAAc;IAqCtB;;OAEG;IACH,OAAO,CAAC,yBAAyB,CAA6D;IAE9F;;;;OAIG;IACI,kBAAkB,CAAC,QAAQ,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,KAAK,IAAI,GAAG,IAAI;IAIzF;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAU9B;;;;;OAKG;IACH,OAAO,CAAC,gBAAgB;IA+BxB;;;;;;;OAOG;IACH,OAAO,CAAC,sBAAsB;IA6C9B;;;;OAIG;IACI,eAAe,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS;IAKzE,mBAAmB,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,GAAG,SAAS;IAK/F,yBAAyB,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS;IAKnF,2BAA2B,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,wBAAwB,GAAG,SAAS;IAKvG,oBAAoB,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,iBAAiB,GAAG,SAAS;IAKzF,0BAA0B,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS;IAKpF,oBAAoB,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,iBAAiB,GAAG,IAAI;IAQ/F,6BAA6B,CAAC,OAAO,EAAE;QAC5C,aAAa,EAAE,MAAM,CAAC;QACtB,YAAY,EAAE,MAAM,CAAC;QACrB,YAAY,EAAE,MAAM,CAAC;QACrB,aAAa,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;KACvC,GAAG,IAAI;IAcD,8BAA8B,CACnC,SAAS,EAAE,MAAM,EACjB,YAAY,EAAE,MAAM,EACpB,OAAO,EAAE,wBAAwB,GAChC,IAAI;IAUA,yBAAyB,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,GAAG,SAAS,GAAG,IAAI;IAO/E;;;;;OAKG;IACU,uBAAuB,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IA8B5F;;;;;OAKG;YACW,kBAAkB;IAoFhC;;OAEG;IACI,iBAAiB,CAAC,OAAO,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,SAAS,CAAC,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,OAAO,CAAC,GAAG,IAAI;IAIvH;;OAEG;IACI,gBAAgB,CAAC,SAAS,CAAC,EAAE,MAAM,GAAG,OAAO;IAapD;;OAEG;IACI,YAAY,CAAC,SAAS,CAAC,EAAE,MAAM,GAAG,MAAM;IAI/C;;OAEG;IACI,wBAAwB,CAAC,SAAS,CAAC,EAAE,MAAM,GAAG,MAAM;IAW3D;;OAEG;IACI,cAAc,CAAC,SAAS,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE;IAWnD;;OAEG;IACU,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAqEnC;;OAEG;IACU,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;CAyBnC"}