mcpmake 0.1.0 → 0.2.0

package/dist/emitter/templates/discovery.ts.hbs

@@ -1,301 +0,0 @@
-/**
- * Dynamic tool discovery — 4 meta-tools that let LLMs discover and call tools
- * without all tool schemas loaded into context upfront.
- *
- * Reduces initial context from ~25-40K tokens (for large APIs) to ~1,300 tokens.
- */
-
-import { z } from 'zod';
-import type { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
-import { executeRequest } from './http.js';
-import type { AppConfig } from './config.js';
-import catalogData from './tool-catalog.json' with { type: 'json' };
-
-interface CatalogEntry {
-  name: string;
-  title: string;
-  description: string;
-  method: string;
-  path: string;
-  inputSchema: Record<string, unknown>;
-  pathParams: string[];
-  queryParams: string[];
-  hasRequestBody: boolean;
-  requestBodyContentType: string;
-}
-
-const catalog: CatalogEntry[] = catalogData as CatalogEntry[];
-
-// Simple TF-IDF search index built at startup
-const searchIndex = buildSearchIndex(catalog);
-
-export function registerDiscoveryTools(server: McpServer, config: AppConfig): void {
-  // 1. list_tools — list available tools with optional query filter
-  server.registerTool(
-    'list_tools',
-    {
-      title: 'List Available Tools',
-      description: `List all ${catalog.length} available API tools. Use "query" to filter by name or description.`,
-      inputSchema: z.object({
-        query: z.string().optional().describe('Filter tools by name or description'),
-        offset: z.number().int().optional().describe('Pagination offset (default: 0)'),
-        limit: z.number().int().optional().describe('Max results (default: 20)'),
-      }),
-      annotations: { readOnlyHint: true },
-    },
-    async (input) => {
-      const query = (input as Record<string, unknown>).query as string | undefined;
-      const offset = ((input as Record<string, unknown>).offset as number) ?? 0;
-      const limit = ((input as Record<string, unknown>).limit as number) ?? 20;
-
-      let results = catalog;
-      if (query) {
-        results = searchTools(query);
-      }
-
-      const page = results.slice(offset, offset + limit);
-      const hasMore = offset + limit < results.length;
-
-      return {
-        content: [
-          {
-            type: 'text' as const,
-            text: JSON.stringify(
-              {
-                tools: page.map((t) => ({ name: t.name, description: t.description })),
-                total: results.length,
-                hasMore,
-                nextOffset: hasMore ? offset + limit : undefined,
-              },
-              null,
-              2,
-            ),
-          },
-        ],
-      };
-    },
-  );
-
-  // 2. get_tool_schema — get the full input schema for a specific tool
-  server.registerTool(
-    'get_tool_schema',
-    {
-      title: 'Get Tool Schema',
-      description: 'Get the full input schema and details for a specific tool by name.',
-      inputSchema: z.object({
-        name: z.string().describe('Tool name (from list_tools)'),
-      }),
-      annotations: { readOnlyHint: true },
-    },
-    async (input) => {
-      const name = (input as Record<string, unknown>).name as string;
-      const tool = catalog.find((t) => t.name === name);
-
-      if (!tool) {
-        return {
-          content: [{ type: 'text' as const, text: `Tool "${name}" not found.` }],
-          isError: true,
-        };
-      }
-
-      return {
-        content: [
-          {
-            type: 'text' as const,
-            text: JSON.stringify(
-              {
-                name: tool.name,
-                title: tool.title,
-                description: tool.description,
-                method: tool.method,
-                path: tool.path,
-                inputSchema: tool.inputSchema,
-              },
-              null,
-              2,
-            ),
-          },
-        ],
-      };
-    },
-  );
-
-  // 3. execute_tool — execute a tool by name with arguments
-  server.registerTool(
-    'execute_tool',
-    {
-      title: 'Execute Tool',
-      description: 'Execute any API tool by name. Get the schema first with get_tool_schema.',
-      inputSchema: z.object({
-        name: z.string().describe('Tool name'),
-        args: z.record(z.unknown()).optional().describe('Tool arguments (match the input schema)'),
-      }),
-    },
-    async (input) => {
-      const name = (input as Record<string, unknown>).name as string;
-      const args = ((input as Record<string, unknown>).args as Record<string, unknown>) ?? {};
-      const tool = catalog.find((t) => t.name === name);
-
-      if (!tool) {
-        return {
-          content: [{ type: 'text' as const, text: `Tool "${name}" not found.` }],
-          isError: true,
-        };
-      }
-
-      try {
-        // Build URL from path template
-        let url = config.baseUrl + tool.path;
-        for (const param of tool.pathParams) {
-          if (args[param] !== undefined) {
-            url = url.replace(`{${param}}`, encodeURIComponent(String(args[param])));
-          }
-        }
-
-        // Add query params
-        const queryParams = new URLSearchParams();
-        for (const param of tool.queryParams) {
-          if (args[param] !== undefined) {
-            queryParams.set(param, String(args[param]));
-          }
-        }
-        const qs = queryParams.toString();
-        if (qs) url += `?${qs}`;
-
-        const response = await executeRequest({
-          method: tool.method,
-          url,
-          ...(tool.hasRequestBody && args.body
-            ? { body: args.body, contentType: tool.requestBodyContentType }
-            : {}),
-          headers: {},
-          config,
-        });
-
-        return {
-          content: [
-            {
-              type: 'text' as const,
-              text: JSON.stringify(response.data, null, 2),
-            },
-          ],
-        };
-      } catch (error) {
-        const message = error instanceof Error ? error.message : String(error);
-        return {
-          content: [{ type: 'text' as const, text: `Error: ${message}` }],
-          isError: true,
-        };
-      }
-    },
-  );
-
-  // 4. search_tools — semantic search over tool descriptions
-  server.registerTool(
-    'search_tools',
-    {
-      title: 'Search Tools',
-      description: 'Search for tools by description. Uses fuzzy matching.',
-      inputSchema: z.object({
-        description: z.string().describe('What you want to do (natural language)'),
-        limit: z.number().int().optional().describe('Max results (default: 5)'),
-      }),
-      annotations: { readOnlyHint: true },
-    },
-    async (input) => {
-      const description = (input as Record<string, unknown>).description as string;
-      const limit = ((input as Record<string, unknown>).limit as number) ?? 5;
-
-      const results = searchTools(description).slice(0, limit);
-
-      return {
-        content: [
-          {
-            type: 'text' as const,
-            text: JSON.stringify(
-              results.map((t) => ({ name: t.name, description: t.description, method: t.method, path: t.path })),
-              null,
-              2,
-            ),
-          },
-        ],
-      };
-    },
-  );
-}
-
-// ---------------------------------------------------------------------------
-// TF-IDF Search
-// ---------------------------------------------------------------------------
-
-interface SearchEntry {
-  tool: CatalogEntry;
-  terms: Map<string, number>; // term -> TF-IDF weight
-}
-
-function buildSearchIndex(tools: CatalogEntry[]): SearchEntry[] {
-  const docFreq = new Map<string, number>();
-  const docs: Array<{ tool: CatalogEntry; terms: string[] }> = [];
-
-  for (const tool of tools) {
-    const text = `${tool.name} ${tool.title} ${tool.description} ${tool.method} ${tool.path}`;
-    const terms = tokenize(text);
-    docs.push({ tool, terms });
-
-    const unique = new Set(terms);
-    for (const term of unique) {
-      docFreq.set(term, (docFreq.get(term) ?? 0) + 1);
-    }
-  }
-
-  const N = tools.length;
-  return docs.map(({ tool, terms }) => {
-    const termFreq = new Map<string, number>();
-    for (const t of terms) {
-      termFreq.set(t, (termFreq.get(t) ?? 0) + 1);
-    }
-
-    const weighted = new Map<string, number>();
-    for (const [term, tf] of termFreq) {
-      const df = docFreq.get(term) ?? 1;
-      const idf = Math.log(N / df);
-      weighted.set(term, tf * idf);
-    }
-
-    return { tool, terms: weighted };
-  });
-}
-
-function searchTools(query: string): CatalogEntry[] {
-  const queryTerms = tokenize(query);
-  if (queryTerms.length === 0) return catalog;
-
-  const scores: Array<{ tool: CatalogEntry; score: number }> = [];
-
-  for (const entry of searchIndex) {
-    let score = 0;
-    for (const qt of queryTerms) {
-      // Exact match
-      score += entry.terms.get(qt) ?? 0;
-      // Prefix match (fuzzy)
-      for (const [term, weight] of entry.terms) {
-        if (term.startsWith(qt) || qt.startsWith(term)) {
-          score += weight * 0.5;
-        }
-      }
-    }
-    if (score > 0) {
-      scores.push({ tool: entry.tool, score });
-    }
-  }
-
-  return scores.sort((a, b) => b.score - a.score).map((s) => s.tool);
-}
-
-function tokenize(text: string): string[] {
-  return text
-    .toLowerCase()
-    .replace(/[^a-z0-9]/g, ' ')
-    .split(/\s+/)
-    .filter((t) => t.length > 1);
-}

package/dist/emitter/templates/dockerfile.hbs

@@ -1,34 +0,0 @@
-FROM node:20-alpine AS builder
-
-WORKDIR /app
-
-COPY package.json package-lock.json ./
-RUN npm ci
-
-COPY tsconfig.json ./
-COPY src/ src/
-RUN npm run build
-
-FROM node:20-alpine
-
-LABEL org.opencontainers.image.title="{{serverName}}"
-
-ENV NODE_ENV=production
-ENV TRANSPORT=http
-ENV PORT=3000
-
-WORKDIR /app
-
-COPY package.json package-lock.json ./
-RUN npm ci --omit=dev
-
-COPY --from=builder /app/dist dist/
-
-USER node
-
-EXPOSE 3000
-
-HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \
-  CMD node -e "fetch('http://localhost:3000/health').then(r=>process.exit(r.ok?0:1)).catch(()=>process.exit(1))"
-
-CMD ["node", "dist/index.js"]

package/dist/emitter/templates/env.example.hbs

@@ -1,28 +0,0 @@
-# {{serverName}} configuration
-
-# Base URL for the API
-BASE_URL={{baseUrl}}
-
-{{#each authEnvVars}}
-# {{description}}
-{{name}}=
-{{/each}}
-
-# HTTP tuning
-MAX_RETRIES=3
-REQUEST_INTERVAL_MS=100
-{{#if (eq transport "http")}}
-
-# Transport: "stdio" or "http"
-TRANSPORT=http
-PORT=3000
-# Allowed origin for CORS/DNS-rebinding protection (leave empty to allow all in dev)
-ALLOWED_ORIGIN=
-# Bearer token required on every /mcp request. When set, clients must send
-# `Authorization: Bearer <token>`. Leave empty to disable auth (local/dev only).
-MCP_AUTH_TOKEN=
-# Session mode (MCP 2026-07-28): leave empty for stateless (default, recommended
-# — any request can hit any instance). Set to "true" for stateful per-session
-# (Mcp-Session-Id) mode if a client needs resumable streams.
-MCP_STATEFUL=
-{{/if}}

package/dist/emitter/templates/gitignore.hbs

@@ -1,5 +0,0 @@
-node_modules/
-dist/
-.env
-*.tgz
-.DS_Store

package/dist/emitter/templates/http-executor.ts.hbs

@@ -1,117 +0,0 @@
-import { getAuthHeaders } from './auth.js';
-import { traceHeaders } from './trace.js';
-import type { AppConfig } from './config.js';
-
-export interface RequestOptions {
-  method: string;
-  url: string;
-  body?: unknown;
-  contentType?: string;
-  headers: Record<string, string>;
-  config: AppConfig;
-}
-
-export interface ApiResponse {
-  status: number;
-  data: unknown;
-  headers: Record<string, string>;
-}
-
-export class ApiError extends Error {
-  constructor(
-    message: string,
-    public readonly status: number,
-    public readonly data: unknown,
-  ) {
-    super(message);
-    this.name = 'ApiError';
-  }
-}
-
-const RETRYABLE_STATUS_CODES = [429, 500, 502, 503, 504];
-
-let lastRequestTime = 0;
-
-export async function executeRequest(options: RequestOptions): Promise<ApiResponse> {
-  const { config } = options;
-
-  // Rate limiting
-  const now = Date.now();
-  const elapsed = now - lastRequestTime;
-  if (elapsed < config.requestIntervalMs) {
-    await sleep(config.requestIntervalMs - elapsed);
-  }
-  lastRequestTime = Date.now();
-
-  const authHeaders = await getAuthHeaders(config);
-  // Propagate W3C Trace Context to the upstream API (no-op outside an HTTP
-  // request, e.g. stdio transport, where there is no active trace).
-  const headers: Record<string, string> = {
-    ...authHeaders,
-    ...traceHeaders(),
-    ...options.headers,
-  };
-
-  if (options.body && options.contentType) {
-    headers['Content-Type'] = options.contentType;
-  }
-
-  let lastError: Error | undefined;
-
-  for (let attempt = 0; attempt <= config.maxRetries; attempt++) {
-    try {
-      const response = await fetch(options.url, {
-        method: options.method.toUpperCase(),
-        headers,
-        body: options.body ? JSON.stringify(options.body) : undefined,
-      });
-
-      if (RETRYABLE_STATUS_CODES.includes(response.status) && attempt < config.maxRetries) {
-        const retryAfter = response.headers.get('Retry-After');
-        const delay = retryAfter
-          ? parseInt(retryAfter, 10) * 1000
-          : 1000 * Math.pow(2, attempt);
-        await sleep(delay);
-        continue;
-      }
-
-      const data = await parseResponseBody(response);
-
-      if (!response.ok) {
-        throw new ApiError(
-          `${response.status} ${response.statusText}`,
-          response.status,
-          data,
-        );
-      }
-
-      return {
-        status: response.status,
-        data,
-        headers: Object.fromEntries(response.headers.entries()),
-      };
-    } catch (error) {
-      lastError = error as Error;
-      if (error instanceof ApiError && !RETRYABLE_STATUS_CODES.includes(error.status)) {
-        throw error;
-      }
-      if (attempt < config.maxRetries) {
-        await sleep(1000 * Math.pow(2, attempt));
-      }
-    }
-  }
-
-  throw lastError ?? new Error('Request failed after retries');
-}
-
-async function parseResponseBody(response: Response): Promise<unknown> {
-  const contentType = response.headers.get('content-type') ?? '';
-  if (contentType.includes('application/json')) {
-    return response.json();
-  }
-  return response.text();
-}
-
-function sleep(ms: number): Promise<void> {
-  return new Promise((resolve) => setTimeout(resolve, ms));
-}

package/dist/emitter/templates/oauth.ts.hbs

@@ -1,188 +0,0 @@
-/**
- * OAuth 2.1 token management.
- * Supports Authorization Code + PKCE and Client Credentials flows.
- */
-
-import crypto from 'node:crypto';
-
-export interface OAuthConfig {
-  clientId: string;
-  clientSecret?: string;
-  authorizationUrl: string;
-  tokenUrl: string;
-  scopes: string[];
-  redirectUri: string;
-}
-
-interface TokenResponse {
-  access_token: string;
-  token_type: string;
-  expires_in?: number;
-  refresh_token?: string;
-  scope?: string;
-}
-
-let cachedToken: { accessToken: string; expiresAt: number; refreshToken?: string } | undefined;
-
-/**
- * Get a valid access token, refreshing if needed.
- */
-export async function getAccessToken(config: OAuthConfig): Promise<string> {
-  if (cachedToken && Date.now() < cachedToken.expiresAt - 60_000) {
-    return cachedToken.accessToken;
-  }
-
-  // Try refresh first
-  if (cachedToken?.refreshToken) {
-    try {
-      const token = await refreshToken(config, cachedToken.refreshToken);
-      cacheToken(token);
-      return token.access_token;
-    } catch {
-      // Refresh failed — fall through to re-authenticate
-    }
-  }
-
-  // Client Credentials flow (machine-to-machine)
-  if (config.clientSecret && !process.env.OAUTH2_TOKEN) {
-    const token = await clientCredentialsGrant(config);
-    cacheToken(token);
-    return token.access_token;
-  }
-
-  // Pre-obtained token from env
-  if (process.env.OAUTH2_TOKEN) {
-    return process.env.OAUTH2_TOKEN;
-  }
-
-  throw new Error(
-    'No OAuth token available. Set OAUTH2_TOKEN or configure OAUTH2_CLIENT_ID + OAUTH2_CLIENT_SECRET for client credentials flow.',
-  );
-}
-
-/**
- * Client Credentials grant (RFC 6749 Section 4.4).
- */
-async function clientCredentialsGrant(config: OAuthConfig): Promise<TokenResponse> {
-  const params = new URLSearchParams({
-    grant_type: 'client_credentials',
-    client_id: config.clientId,
-    ...(config.clientSecret ? { client_secret: config.clientSecret } : {}),
-    ...(config.scopes.length > 0 ? { scope: config.scopes.join(' ') } : {}),
-  });
-
-  const response = await fetch(config.tokenUrl, {
-    method: 'POST',
-    headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
-    body: params.toString(),
-  });
-
-  if (!response.ok) {
-    const body = await response.text();
-    throw new Error(`OAuth client credentials failed (${response.status}): ${body}`);
-  }
-
-  return response.json() as Promise<TokenResponse>;
-}
-
-/**
- * Refresh an access token using a refresh token.
- */
-async function refreshToken(config: OAuthConfig, refreshTokenValue: string): Promise<TokenResponse> {
-  const params = new URLSearchParams({
-    grant_type: 'refresh_token',
-    client_id: config.clientId,
-    refresh_token: refreshTokenValue,
-  });
-
-  const response = await fetch(config.tokenUrl, {
-    method: 'POST',
-    headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
-    body: params.toString(),
-  });
-
-  if (!response.ok) {
-    throw new Error(`Token refresh failed: ${response.status}`);
-  }
-
-  return response.json() as Promise<TokenResponse>;
-}
-
-/**
- * Generate PKCE code verifier and challenge for Authorization Code flow.
- */
-export function generatePkce(): { codeVerifier: string; codeChallenge: string } {
-  const codeVerifier = crypto.randomBytes(32).toString('base64url');
-  const codeChallenge = crypto
-    .createHash('sha256')
-    .update(codeVerifier)
-    .digest('base64url');
-  return { codeVerifier, codeChallenge };
-}
-
-/**
- * Build the authorization URL for the Authorization Code + PKCE flow.
- */
-export function buildAuthorizationUrl(config: OAuthConfig, state: string, codeChallenge: string): string {
-  const params = new URLSearchParams({
-    response_type: 'code',
-    client_id: config.clientId,
-    redirect_uri: config.redirectUri,
-    state,
-    code_challenge: codeChallenge,
-    code_challenge_method: 'S256',
-    ...(config.scopes.length > 0 ? { scope: config.scopes.join(' ') } : {}),
-  });
-  return `${config.authorizationUrl}?${params.toString()}`;
-}
-
-/**
- * Exchange an authorization code for tokens (PKCE flow).
- */
-export async function exchangeCode(config: OAuthConfig, code: string, codeVerifier: string): Promise<TokenResponse> {
-  const params = new URLSearchParams({
-    grant_type: 'authorization_code',
-    client_id: config.clientId,
-    code,
-    redirect_uri: config.redirectUri,
-    code_verifier: codeVerifier,
-  });
-
-  const response = await fetch(config.tokenUrl, {
-    method: 'POST',
-    headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
-    body: params.toString(),
-  });
-
-  if (!response.ok) {
-    const body = await response.text();
-    throw new Error(`OAuth code exchange failed (${response.status}): ${body}`);
-  }
-
-  const token = await response.json() as TokenResponse;
-  cacheToken(token);
-  return token;
-}
-
-function cacheToken(token: TokenResponse): void {
-  cachedToken = {
-    accessToken: token.access_token,
-    expiresAt: Date.now() + (token.expires_in ?? 3600) * 1000,
-    refreshToken: token.refresh_token,
-  };
-}
-
-/**
- * OAuth Authorization Server Metadata (RFC 8414).
- */
-export function getAuthServerMetadata(config: OAuthConfig, issuer: string): Record<string, unknown> {
-  return {
-    issuer,
-    authorization_endpoint: config.authorizationUrl,
-    token_endpoint: config.tokenUrl,
-    response_types_supported: ['code'],
-    grant_types_supported: ['authorization_code', 'client_credentials', 'refresh_token'],
-    code_challenge_methods_supported: ['S256'],
-    scopes_supported: config.scopes,
-  };
-}

package/dist/emitter/templates/package.json.hbs

@@ -1,25 +0,0 @@
-{
-  "name": "{{serverName}}",
-  "version": "{{serverVersion}}",
-  "type": "module",
-  "private": true,
-  "scripts": {
-    "build": "tsc",
-    "start": "node dist/index.js",
-    "dev": "tsx src/index.ts",
-    "test": "vitest run"
-  },
-  "dependencies": {
-    "@modelcontextprotocol/sdk": "^1.12.0",
-    "zod": "^3.24.0"
-  },
-  "devDependencies": {
-    "@types/node": "^22.0.0",
-    "typescript": "^5.8.0",
-    "tsx": "^4.19.0",
-    "vitest": "^3.1.0"
-  },
-  "engines": {
-    "node": ">=20.0.0"
-  }
-}