mcp4openapi 0.3.1 → 0.3.4

package/dist/src/security/ssrf-validator.d.ts

@@ -0,0 +1,31 @@
+import type { Logger } from '../core/logger.js';
+export interface SSRFOptions {
+    /**
+     * Allow connections to private/loopback/link-local IP addresses.
+     * Default: false
+     */
+    allowPrivateNetwork?: boolean;
+    /**
+     * Whitelist of allowed hostnames (supports *.example.com wildcards).
+     * If provided, only hosts matching the whitelist are allowed.
+     */
+    allowedHosts?: string[];
+}
+/**
+ * Validates URLs to prevent Server-Side Request Forgery (SSRF) attacks.
+ * Checks against private IP ranges and DNS resolution.
+ */
+export declare class SSRFValidator {
+    private logger;
+    constructor(logger: Logger);
+    /**
+     * Validate a URL against SSRF rules.
+     * Throws ValidationError if the URL is not allowed.
+     */
+    validate(url: string, options?: SSRFOptions): Promise<void>;
+    private lookupAllIpAddresses;
+    private isAllowedHost;
+    private isDisallowedIPv4;
+    private isDisallowedIPv6;
+}
+//# sourceMappingURL=ssrf-validator.d.ts.map

package/dist/src/security/ssrf-validator.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ssrf-validator.d.ts","sourceRoot":"","sources":["../../../src/security/ssrf-validator.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAEhD,MAAM,WAAW,WAAW;IAC1B;;;OAGG;IACH,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAE9B;;;OAGG;IACH,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;CACzB;AAED;;;GAGG;AACH,qBAAa,aAAa;IACZ,OAAO,CAAC,MAAM;gBAAN,MAAM,EAAE,MAAM;IAElC;;;OAGG;IACG,QAAQ,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,GAAE,WAAgB,GAAG,OAAO,CAAC,IAAI,CAAC;YAmEvD,oBAAoB;IA6BlC,OAAO,CAAC,aAAa;IAgBrB,OAAO,CAAC,gBAAgB;IAaxB,OAAO,CAAC,gBAAgB;CAqDzB"}

package/dist/src/security/ssrf-validator.js

@@ -0,0 +1,190 @@
+import { isIP } from 'node:net';
+import { lookup } from 'node:dns/promises';
+import { ValidationError } from '../core/errors.js';
+/**
+ * Validates URLs to prevent Server-Side Request Forgery (SSRF) attacks.
+ * Checks against private IP ranges and DNS resolution.
+ */
+export class SSRFValidator {
+    constructor(logger) {
+        this.logger = logger;
+    }
+    /**
+     * Validate a URL against SSRF rules.
+     * Throws ValidationError if the URL is not allowed.
+     */
+    async validate(url, options = {}) {
+        const parsedUrl = new URL(url);
+        const hostnameRaw = parsedUrl.hostname.toLowerCase();
+        // Remove brackets from IPv6 literals for checking
+        const hostname = hostnameRaw.startsWith('[') && hostnameRaw.endsWith(']')
+            ? hostnameRaw.slice(1, -1)
+            : hostnameRaw;
+        // 1. Check allowed hosts whitelist if configured
+        if (options.allowedHosts && options.allowedHosts.length > 0) {
+            if (!this.isAllowedHost(hostname, options.allowedHosts)) {
+                this.logger.warn('SSRF blocked: host not in allowlist', {
+                    hostname,
+                    allowed_hosts: options.allowedHosts,
+                });
+                throw new ValidationError(`Host not in allowlist: '${hostname}'`);
+            }
+        }
+        // If private networks are allowed, we can stop checks here unless specific logic is needed.
+        // However, usually we still want to block metadata services if not explicitly allowed,
+        // but the current requirement is mainly about private network access.
+        if (options.allowPrivateNetwork) {
+            return;
+        }
+        // 2. Check localhost/loopback/private IPs explicitly
+        if (hostname === 'localhost') {
+            this.logger.warn('SSRF blocked: localhost target', { hostname });
+            throw new ValidationError('Hostname not allowed (localhost)');
+        }
+        const ipVersion = isIP(hostname);
+        if (ipVersion === 4) {
+            if (this.isDisallowedIPv4(hostname)) {
+                this.logger.warn('SSRF blocked: private/loopback/link-local IPv4 target', { hostname });
+                throw new ValidationError('IP address not allowed');
+            }
+        }
+        else if (ipVersion === 6) {
+            if (this.isDisallowedIPv6(hostname)) {
+                this.logger.warn('SSRF blocked: private/loopback/link-local IPv6 target', { hostname });
+                throw new ValidationError('IP address not allowed');
+            }
+        }
+        else {
+            // 3. DNS resolution check
+            // Hostname: resolve to all IPs and block if any are private/loopback/link-local
+            const addresses = await this.lookupAllIpAddresses(hostname);
+            const disallowed = addresses.find(address => {
+                const family = isIP(address);
+                if (family === 4)
+                    return this.isDisallowedIPv4(address);
+                if (family === 6)
+                    return this.isDisallowedIPv6(address);
+                return false;
+            });
+            if (disallowed) {
+                this.logger.warn('SSRF blocked: hostname resolves to private/loopback/link-local IP', {
+                    hostname,
+                    resolved_addresses: addresses,
+                });
+                throw new ValidationError('Hostname resolves to disallowed IP');
+            }
+        }
+    }
+    async lookupAllIpAddresses(hostname) {
+        const timeoutMs = 2000; // Increased to 2s to be safe
+        let results = [];
+        try {
+            results = (await Promise.race([
+                lookup(hostname, { all: true, verbatim: true }),
+                new Promise((_, reject) => setTimeout(() => reject(new Error(`DNS lookup timeout after ${timeoutMs}ms`)), timeoutMs)),
+            ]));
+        }
+        catch (error) {
+            this.logger.warn('SSRF blocked: DNS lookup failed', {
+                hostname,
+                error: error instanceof Error ? error.message : String(error),
+            });
+            // Fail secure: if we can't resolve it, we can't verify it's safe.
+            throw new ValidationError(`DNS lookup failed for hostname '${hostname}'`);
+        }
+        const addresses = results.map(r => r.address).filter(Boolean);
+        if (addresses.length === 0) {
+            this.logger.warn('SSRF blocked: DNS lookup returned no addresses', { hostname });
+            throw new ValidationError(`DNS lookup returned no addresses for hostname '${hostname}'`);
+        }
+        return addresses;
+    }
+    isAllowedHost(hostname, allowedHosts) {
+        const lower = hostname.toLowerCase();
+        return allowedHosts.some(patternRaw => {
+            const pattern = patternRaw.toLowerCase().trim();
+            if (!pattern)
+                return false;
+            if (pattern.startsWith('*.')) {
+                const suffix = pattern.slice(2);
+                if (!suffix)
+                    return false;
+                return lower.endsWith(`.${suffix}`);
+            }
+            return lower === pattern;
+        });
+    }
+    isDisallowedIPv4(ip) {
+        const parts = ip.split('.').map(p => Number(p));
+        if (parts.length !== 4 || parts.some(p => !Number.isInteger(p) || p < 0 || p > 255))
+            return true;
+        const [a, b] = parts;
+        if (a === 127)
+            return true; // loopback
+        if (a === 10)
+            return true; // private
+        if (a === 172 && b >= 16 && b <= 31)
+            return true; // private
+        if (a === 192 && b === 168)
+            return true; // private
+        if (a === 169 && b === 254)
+            return true; // link-local
+        if (a === 0)
+            return true; // "this network"
+        return false;
+    }
+    isDisallowedIPv6(ip) {
+        const normalized = ip.toLowerCase();
+        // Check for IPv4-mapped IPv6 address (::ffff:127.0.0.1)
+        // Note: URL constructor normalizes '::ffff:127.0.0.1' to '::ffff:7f00:1' (hex)
+        if (normalized.startsWith('::ffff:') || normalized.startsWith('0:0:0:0:0:ffff:')) {
+            const remainder = normalized.split('ffff:')[1];
+            if (remainder) {
+                if (remainder.includes('.')) {
+                    return this.isDisallowedIPv4(remainder);
+                }
+                // Handle hex encoded IPv4 (e.g., 7f00:1)
+                const parts = remainder.split(':');
+                let high = 0;
+                let low = 0;
+                if (parts.length === 2) {
+                    high = parseInt(parts[0] || '0', 16);
+                    low = parseInt(parts[1] || '0', 16);
+                }
+                else if (parts.length === 1) {
+                    low = parseInt(parts[0] || '0', 16);
+                }
+                // 127.0.0.0/8 (Loopback) -> 0x7f000000 - 0x7fffffff
+                if ((high >>> 8) === 127)
+                    return true;
+                // 10.0.0.0/8 (Private) -> 0x0a000000 - 0x0affffff
+                if ((high >>> 8) === 10)
+                    return true;
+                // 0.0.0.0/8 (Current network) -> 0x00000000 - 0x00ffffff
+                if ((high >>> 8) === 0)
+                    return true;
+                // 169.254.0.0/16 (Link-local) -> 0xa9fe0000 - 0xa9feffff
+                if (high === 0xa9fe)
+                    return true;
+                // 192.168.0.0/16 (Private) -> 0xc0a80000 - 0xc0a8ffff
+                if (high === 0xc0a8)
+                    return true;
+                // 172.16.0.0/12 (Private) -> 0xac100000 - 0xac1fffff
+                // 172 = 0xac, 16 = 0x10, 31 = 0x1f
+                if ((high >>> 8) === 172 && (high & 0xff) >= 16 && (high & 0xff) <= 31)
+                    return true;
+            }
+        }
+        if (normalized === '::1' || normalized === '0:0:0:0:0:0:0:1')
+            return true; // loopback
+        if (normalized === '::' || normalized === '0:0:0:0:0:0:0:0')
+            return true; // unspecified
+        if (normalized.startsWith('fe8') || normalized.startsWith('fe9') || normalized.startsWith('fea') || normalized.startsWith('feb')) {
+            return true; // link-local fe80::/10 (approx by prefix)
+        }
+        if (normalized.startsWith('fc') || normalized.startsWith('fd'))
+            return true; // unique local fc00::/7 (approx by prefix)
+        return false;
+    }
+}
+//# sourceMappingURL=ssrf-validator.js.map

package/dist/src/security/ssrf-validator.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ssrf-validator.js","sourceRoot":"","sources":["../../../src/security/ssrf-validator.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,UAAU,CAAC;AAChC,OAAO,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAC3C,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAiBpD;;;GAGG;AACH,MAAM,OAAO,aAAa;IACxB,YAAoB,MAAc;QAAd,WAAM,GAAN,MAAM,CAAQ;IAAG,CAAC;IAEtC;;;OAGG;IACH,KAAK,CAAC,QAAQ,CAAC,GAAW,EAAE,UAAuB,EAAE;QACnD,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAC/B,MAAM,WAAW,GAAG,SAAS,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;QAErD,kDAAkD;QAClD,MAAM,QAAQ,GAAG,WAAW,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,WAAW,CAAC,QAAQ,CAAC,GAAG,CAAC;YACvE,CAAC,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;YAC1B,CAAC,CAAC,WAAW,CAAC;QAEhB,iDAAiD;QACjD,IAAI,OAAO,CAAC,YAAY,IAAI,OAAO,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC5D,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,QAAQ,EAAE,OAAO,CAAC,YAAY,CAAC,EAAE,CAAC;gBACxD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,qCAAqC,EAAE;oBACtD,QAAQ;oBACR,aAAa,EAAE,OAAO,CAAC,YAAY;iBACpC,CAAC,CAAC;gBACH,MAAM,IAAI,eAAe,CACvB,2BAA2B,QAAQ,GAAG,CACvC,CAAC;YACJ,CAAC;QACH,CAAC;QAED,4FAA4F;QAC5F,uFAAuF;QACvF,sEAAsE;QACtE,IAAI,OAAO,CAAC,mBAAmB,EAAE,CAAC;YAChC,OAAO;QACT,CAAC;QAED,qDAAqD;QACrD,IAAI,QAAQ,KAAK,WAAW,EAAE,CAAC;YAC7B,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,gCAAgC,EAAE,EAAE,QAAQ,EAAE,CAAC,CAAC;YACjE,MAAM,IAAI,eAAe,CAAC,kCAAkC,CAAC,CAAC;QAChE,CAAC;QAED,MAAM,SAAS,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC;QACjC,IAAI,SAAS,KAAK,CAAC,EAAE,CAAC;YACpB,IAAI,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACpC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,uDAAuD,EAAE,EAAE,QAAQ,EAAE,CAAC,CAAC;gBACxF,MAAM,IAAI,eAAe,CAAC,wBAAwB,CAAC,CAAC;YACtD,CAAC;QACH,CAAC;aAAM,IAAI,SAAS,KAAK,CAAC,EAAE,CAAC;YAC3B,IAAI,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACpC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,uDAAuD,EAAE,EAAE,QAAQ,EAAE,CAAC,CAAC;gBACxF,MAAM,IAAI,eAAe,CAAC,wBAAwB,CAAC,CAAC;YACtD,CAAC;QACH,CAAC;aAAM,CAAC;YACN,0BAA0B;YAC1B,gFAAgF;YAChF,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,oBAAoB,CAAC,QAAQ,CAAC,CAAC;YAC5D,MAAM,UAAU,GAAG,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE;gBAC1C,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,CAAC;gBAC7B,IAAI,MAAM,KAAK,CAAC;oBAAE,OAAO,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;gBACxD,IAAI,MAAM,KAAK,CAAC;oBAAE,OAAO,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;gBACxD,OAAO,KAAK,CAAC;YACf,CAAC,CAAC,CAAC;YAEH,IAAI,UAAU,EAAE,CAAC;gBACf,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,mEAAmE,EAAE;oBACpF,QAAQ;oBACR,kBAAkB,EAAE,SAAS;iBAC9B,CAAC,CAAC;gBACH,MAAM,IAAI,eAAe,CAAC,oCAAoC,CAAC,CAAC;YAClE,CAAC;QACH,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,oBAAoB,CAAC,QAAgB;QACjD,MAAM,SAAS,GAAG,IAAI,CAAC,CAAC,6BAA6B;QAErD,IAAI,OAAO,GAA+B,EAAE,CAAC;QAC7C,IAAI,CAAC;YACH,OAAO,GAAG,CAAC,MAAM,OAAO,CAAC,IAAI,CAAC;gBAC5B,MAAM,CAAC,QAAQ,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAwC;gBACtF,IAAI,OAAO,CAAQ,CAAC,CAAC,EAAE,MAAM,EAAE,EAAE,CAC/B,UAAU,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,4BAA4B,SAAS,IAAI,CAAC,CAAC,EAAE,SAAS,CAAC,CAC1F;aACF,CAAC,CAA+B,CAAC;QACpC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,iCAAiC,EAAE;gBAClD,QAAQ;gBACR,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;aAC9D,CAAC,CAAC;YACH,kEAAkE;YAClE,MAAM,IAAI,eAAe,CAAC,mCAAmC,QAAQ,GAAG,CAAC,CAAC;QAC5E,CAAC;QAED,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAC9D,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC3B,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,gDAAgD,EAAE,EAAE,QAAQ,EAAE,CAAC,CAAC;YACjF,MAAM,IAAI,eAAe,CAAC,kDAAkD,QAAQ,GAAG,CAAC,CAAC;QAC3F,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;IAEO,aAAa,CAAC,QAAgB,EAAE,YAAsB;QAC5D,MAAM,KAAK,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC;QACrC,OAAO,YAAY,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE;YACpC,MAAM,OAAO,GAAG,UAAU,CAAC,WAAW,EAAE,CAAC,IAAI,EAAE,CAAC;YAChD,IAAI,CAAC,OAAO;gBAAE,OAAO,KAAK,CAAC;YAE3B,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC7B,MAAM,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;gBAChC,IAAI,CAAC,MAAM;oBAAE,OAAO,KAAK,CAAC;gBAC1B,OAAO,KAAK,CAAC,QAAQ,CAAC,IAAI,MAAM,EAAE,CAAC,CAAC;YACtC,CAAC;YAED,OAAO,KAAK,KAAK,OAAO,CAAC;QAC3B,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,gBAAgB,CAAC,EAAU;QACjC,MAAM,KAAK,GAAG,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;QAChD,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,GAAG,CAAC;YAAE,OAAO,IAAI,CAAC;QACjG,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,KAAK,CAAC;QACrB,IAAI,CAAC,KAAK,GAAG;YAAE,OAAO,IAAI,CAAC,CAAC,WAAW;QACvC,IAAI,CAAC,KAAK,EAAE;YAAE,OAAO,IAAI,CAAC,CAAC,UAAU;QACrC,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE;YAAE,OAAO,IAAI,CAAC,CAAC,UAAU;QAC5D,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,GAAG;YAAE,OAAO,IAAI,CAAC,CAAC,UAAU;QACnD,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,GAAG;YAAE,OAAO,IAAI,CAAC,CAAC,aAAa;QACtD,IAAI,CAAC,KAAK,CAAC;YAAE,OAAO,IAAI,CAAC,CAAC,iBAAiB;QAC3C,OAAO,KAAK,CAAC;IACf,CAAC;IAEO,gBAAgB,CAAC,EAAU;QACjC,MAAM,UAAU,GAAG,EAAE,CAAC,WAAW,EAAE,CAAC;QAEpC,wDAAwD;QACxD,+EAA+E;QAC/E,IAAI,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,UAAU,CAAC,UAAU,CAAC,iBAAiB,CAAC,EAAE,CAAC;YACjF,MAAM,SAAS,GAAG,UAAU,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC;YAC/C,IAAI,SAAS,EAAE,CAAC;gBACd,IAAI,SAAS,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;oBAC5B,OAAO,IAAI,CAAC,gBAAgB,CAAC,SAAS,CAAC,CAAC;gBAC1C,CAAC;gBAED,yCAAyC;gBACzC,MAAM,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBACnC,IAAI,IAAI,GAAG,CAAC,CAAC;gBACb,IAAI,GAAG,GAAG,CAAC,CAAC;gBAEZ,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;oBACvB,IAAI,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,GAAG,EAAE,EAAE,CAAC,CAAC;oBACrC,GAAG,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,GAAG,EAAE,EAAE,CAAC,CAAC;gBACtC,CAAC;qBAAM,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;oBAC9B,GAAG,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,GAAG,EAAE,EAAE,CAAC,CAAC;gBACtC,CAAC;gBAED,oDAAoD;gBACpD,IAAI,CAAC,IAAI,KAAK,CAAC,CAAC,KAAK,GAAG;oBAAE,OAAO,IAAI,CAAC;gBAEtC,kDAAkD;gBAClD,IAAI,CAAC,IAAI,KAAK,CAAC,CAAC,KAAK,EAAE;oBAAE,OAAO,IAAI,CAAC;gBAErC,yDAAyD;gBACzD,IAAI,CAAC,IAAI,KAAK,CAAC,CAAC,KAAK,CAAC;oBAAE,OAAO,IAAI,CAAC;gBAEpC,yDAAyD;gBACzD,IAAI,IAAI,KAAK,MAAM;oBAAE,OAAO,IAAI,CAAC;gBAEjC,sDAAsD;gBACtD,IAAI,IAAI,KAAK,MAAM;oBAAE,OAAO,IAAI,CAAC;gBAEjC,qDAAqD;gBACrD,mCAAmC;gBACnC,IAAI,CAAC,IAAI,KAAK,CAAC,CAAC,KAAK,GAAG,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,EAAE;oBAAE,OAAO,IAAI,CAAC;YACtF,CAAC;QACH,CAAC;QAED,IAAI,UAAU,KAAK,KAAK,IAAI,UAAU,KAAK,iBAAiB;YAAE,OAAO,IAAI,CAAC,CAAC,WAAW;QACtF,IAAI,UAAU,KAAK,IAAI,IAAI,UAAU,KAAK,iBAAiB;YAAE,OAAO,IAAI,CAAC,CAAC,cAAc;QACxF,IAAI,UAAU,CAAC,UAAU,CAAC,KAAK,CAAC,IAAI,UAAU,CAAC,UAAU,CAAC,KAAK,CAAC,IAAI,UAAU,CAAC,UAAU,CAAC,KAAK,CAAC,IAAI,UAAU,CAAC,UAAU,CAAC,KAAK,CAAC,EAAE,CAAC;YACjI,OAAO,IAAI,CAAC,CAAC,0CAA0C;QACzD,CAAC;QACD,IAAI,UAAU,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,UAAU,CAAC,UAAU,CAAC,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC,CAAC,2CAA2C;QACxH,OAAO,KAAK,CAAC;IACf,CAAC;CACF"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mcp4openapi",
-  "version": "0.3.1",
+  "version": "0.3.4",
   "description": "Universal MCP server that generates tools from any OpenAPI specification",
   "type": "module",
   "main": "dist/src/index.js",
@@ -87,7 +87,7 @@
     "supertest": "^7.1.4",
     "ts-to-zod": "^5.0.1",
     "typescript": "^5.9.3",
-    "typescript-json-schema": "^0.65.1",
+    "typescript-json-schema": "^0.67.1",
     "vite": "^6.0.5",
     "vitest": "^3.2.4"
   },