nitrostack 1.0.72 → 1.0.73

package/src/studio/lib/api.ts

@@ -1,7 +1,26 @@
 // NitroStack Studio API Client
 
+import type {
+  JsonValue,
+  ChatMessage,
+  PKCEParams,
+  ClientRegistration,
+} from './types';
+
 const API_BASE = typeof window !== 'undefined' ? window.location.origin : 'http://localhost:3000';
 
+/**
+ * Client registration metadata for OAuth
+ */
+interface ClientRegistrationMetadata {
+  client_name?: string;
+  redirect_uris: string[];
+  token_endpoint_auth_method?: string;
+  grant_types?: string[];
+  response_types?: string[];
+  [key: string]: JsonValue | undefined;
+}
+
 export class StudioAPI {
   private baseUrl: string;
   private initialized: boolean = false;
@@ -11,7 +30,7 @@ export class StudioAPI {
   }
 
   // Initialize MCP connection (call once on app start)
-  async initialize() {
+  async initialize(): Promise<void> {
     if (this.initialized) return;
     try {
       await fetch(`${this.baseUrl}/api/init`, { method: 'POST' });
@@ -22,111 +41,111 @@ export class StudioAPI {
   }
 
   // Connection
-  async checkConnection() {
+  async checkConnection(): Promise<JsonValue> {
     const response = await fetch(`${this.baseUrl}/api/health`);
-    return response.json();
+    return response.json() as Promise<JsonValue>;
   }
 
   // Tools
-  async listTools() {
+  async listTools(): Promise<JsonValue> {
     const response = await fetch(`${this.baseUrl}/api/tools`);
-    return response.json();
+    return response.json() as Promise<JsonValue>;
   }
   
-  async getTools() {
+  async getTools(): Promise<JsonValue> {
     return this.listTools();
   }
 
-  async callTool(name: string, args: any, jwtToken?: string, apiKey?: string) {
+  async callTool(name: string, args: JsonValue, jwtToken?: string, apiKey?: string): Promise<JsonValue> {
     const response = await fetch(`${this.baseUrl}/api/tools/${name}/call`, {
       method: 'POST',
       headers: { 'Content-Type': 'application/json' },
       body: JSON.stringify({ args, jwtToken, apiKey }),
     });
-    return response.json();
+    return response.json() as Promise<JsonValue>;
   }
 
   // Resources
-  async getResources() {
+  async getResources(): Promise<JsonValue> {
     const response = await fetch(`${this.baseUrl}/api/resources`);
-    return response.json();
+    return response.json() as Promise<JsonValue>;
   }
 
-  async getResource(uri: string) {
+  async getResource(uri: string): Promise<JsonValue> {
     const response = await fetch(`${this.baseUrl}/api/resources/${encodeURIComponent(uri)}`);
-    return response.json();
+    return response.json() as Promise<JsonValue>;
   }
 
   // Prompts
-  async getPrompts() {
+  async getPrompts(): Promise<JsonValue> {
     const response = await fetch(`${this.baseUrl}/api/prompts`);
-    return response.json();
+    return response.json() as Promise<JsonValue>;
   }
 
-  async executePrompt(name: string, args: any) {
+  async executePrompt(name: string, args: Record<string, string>): Promise<JsonValue> {
     const response = await fetch(`${this.baseUrl}/api/prompts/${name}`, {
       method: 'POST',
       headers: { 'Content-Type': 'application/json' },
       body: JSON.stringify(args),
     });
-    return response.json();
+    return response.json() as Promise<JsonValue>;
   }
 
   // Ping
-  async ping() {
+  async ping(): Promise<JsonValue> {
     const response = await fetch(`${this.baseUrl}/api/ping`);
-    return response.json();
+    return response.json() as Promise<JsonValue>;
   }
 
   // Sampling
-  async sample(params: { prompt: string; maxTokens: number; model?: string }) {
+  async sample(params: { prompt: string; maxTokens: number; model?: string }): Promise<JsonValue> {
     const response = await fetch(`${this.baseUrl}/api/sampling`, {
       method: 'POST',
       headers: { 'Content-Type': 'application/json' },
       body: JSON.stringify(params),
     });
-    return response.json();
+    return response.json() as Promise<JsonValue>;
   }
 
   // Roots
-  async getRoots() {
+  async getRoots(): Promise<JsonValue> {
     const response = await fetch(`${this.baseUrl}/api/roots`);
-    return response.json();
+    return response.json() as Promise<JsonValue>;
   }
 
   // Chat
   async chat(params: {
     provider: string;
-    messages: any[];
+    messages: ChatMessage[];
     apiKey: string; // LLM API key (OpenAI/Gemini)
     jwtToken?: string; // MCP server JWT token
     mcpApiKey?: string; // MCP server API key
-  }) {
+  }): Promise<JsonValue> {
     const response = await fetch(`${this.baseUrl}/api/chat`, {
       method: 'POST',
       headers: { 'Content-Type': 'application/json' },
       body: JSON.stringify(params),
     });
-    return response.json();
+    return response.json() as Promise<JsonValue>;
   }
 
   // Auth (OAuth 2.1)
-  async discoverAuth(url: string, type: 'resource' | 'auth-server') {
+  async discoverAuth(url: string, type: 'resource' | 'auth-server'): Promise<JsonValue> {
     const response = await fetch(`${this.baseUrl}/api/auth/fetch-metadata`, {
       method: 'POST',
       headers: { 'Content-Type': 'application/json' },
       body: JSON.stringify({ url, type }),
     });
-    return response.json();
+    return response.json() as Promise<JsonValue>;
   }
 
-  async registerClient(endpoint: string, metadata: any) {
+  async registerClient(endpoint: string, metadata: ClientRegistrationMetadata): Promise<ClientRegistration> {
     const response = await fetch(`${this.baseUrl}/api/auth/register-client`, {
       method: 'POST',
       headers: { 'Content-Type': 'application/json' },
       body: JSON.stringify({ endpoint, metadata }),
     });
-    return response.json();
+    return response.json() as Promise<ClientRegistration>;
   }
 
   async startOAuthFlow(params: {
@@ -135,30 +154,30 @@ export class StudioAPI {
     redirectUri: string;
     scope: string;
     resource: string;
-  }) {
+  }): Promise<JsonValue> {
     const response = await fetch(`${this.baseUrl}/api/auth/start-flow`, {
       method: 'POST',
       headers: { 'Content-Type': 'application/json' },
       body: JSON.stringify(params),
     });
-    return response.json();
+    return response.json() as Promise<JsonValue>;
   }
 
   async exchangeToken(params: {
     code: string;
-    pkce: any;
+    pkce: PKCEParams;
     tokenEndpoint: string;
     clientId: string;
     clientSecret?: string;
     redirectUri: string;
     resource: string;
-  }) {
+  }): Promise<JsonValue> {
     const response = await fetch(`${this.baseUrl}/api/auth/exchange-token`, {
       method: 'POST',
       headers: { 'Content-Type': 'application/json' },
       body: JSON.stringify(params),
     });
-    return response.json();
+    return response.json() as Promise<JsonValue>;
   }
 
   async refreshToken(params: {
@@ -167,13 +186,13 @@ export class StudioAPI {
     clientId: string;
     clientSecret?: string;
     resource: string;
-  }) {
+  }): Promise<JsonValue> {
     const response = await fetch(`${this.baseUrl}/api/auth/refresh-token`, {
       method: 'POST',
       headers: { 'Content-Type': 'application/json' },
       body: JSON.stringify(params),
     });
-    return response.json();
+    return response.json() as Promise<JsonValue>;
   }
 
   async revokeToken(params: {
@@ -181,25 +200,25 @@ export class StudioAPI {
     revocationEndpoint: string;
     clientId: string;
     clientSecret?: string;
-  }) {
+  }): Promise<JsonValue> {
     const response = await fetch(`${this.baseUrl}/api/auth/revoke-token`, {
       method: 'POST',
       headers: { 'Content-Type': 'application/json' },
       body: JSON.stringify(params),
     });
-    return response.json();
+    return response.json() as Promise<JsonValue>;
   }
 
   // Health
-  async getHealth() {
+  async getHealth(): Promise<JsonValue> {
     const response = await fetch(`${this.baseUrl}/api/health/checks`);
-    return response.json();
+    return response.json() as Promise<JsonValue>;
   }
 
   // Widget Examples
-  async getWidgetExamples() {
+  async getWidgetExamples(): Promise<JsonValue> {
     const response = await fetch(`${this.baseUrl}/api/widget-examples`);
-    return response.json();
+    return response.json() as Promise<JsonValue>;
   }
 }
 

package/src/studio/lib/http-client-transport.ts

@@ -11,7 +11,7 @@ import { Transport } from '@modelcontextprotocol/sdk/shared/transport.js';
 import { JSONRPCMessage } from '@modelcontextprotocol/sdk/types.js';
 
 // EventSource type that works in both browser and Node.js
-type EventSourceType = typeof EventSource extends { prototype: infer T } ? T : any;
+type EventSourceType = typeof EventSource extends { prototype: infer T } ? T : EventSource;
 
 export interface HttpClientTransportOptions {
   /**
@@ -47,7 +47,7 @@ export class HttpClientTransport implements Transport {
   private closeHandler?: () => void;
   private errorHandler?: (error: Error) => void;
   private isConnected = false;
-  private EventSourceImpl: any;
+  private EventSourceImpl: typeof EventSource;
 
   constructor(options: HttpClientTransportOptions) {
     this.baseUrl = options.baseUrl.replace(/\/$/, ''); // Remove trailing slash

package/src/studio/lib/llm-service.ts

@@ -1,6 +1,8 @@
 // LLM Service for Studio
 // Supports OpenAI and Gemini
 
+import type { JsonValue, JsonObject } from './types';
+
 export type LLMProvider = 'openai' | 'gemini';
 
 export interface ChatMessage {
@@ -19,7 +21,7 @@ export interface ChatMessage {
 export interface ToolCall {
   id: string;
   name: string;
-  arguments: any;
+  arguments: JsonValue;
 }
 
 export interface ChatResponse {
@@ -28,30 +30,108 @@ export interface ChatResponse {
   finishReason?: string;
 }
 
+/**
+ * Tool definition for LLM
+ */
+interface LLMTool {
+  name: string;
+  description?: string;
+  inputSchema?: JsonObject;
+}
+
+/**
+ * OpenAI message content part
+ */
+interface OpenAIContentPart {
+  type: 'text' | 'image_url';
+  text?: string;
+  image_url?: { url: string };
+}
+
+/**
+ * OpenAI tool call from response
+ */
+interface OpenAIToolCall {
+  id: string;
+  type: 'function';
+  function: {
+    name: string;
+    arguments: string;
+  };
+}
+
+/**
+ * Gemini function call part
+ */
+interface GeminiFunctionPart {
+  functionCall?: {
+    name: string;
+    args: JsonObject;
+  };
+  functionResponse?: {
+    name: string;
+    response: { content: string };
+  };
+  text?: string;
+}
+
+/**
+ * Gemini content entry
+ */
+interface GeminiContent {
+  role: 'user' | 'model' | 'function';
+  parts: GeminiFunctionPart[];
+}
+
+/**
+ * Gemini parameter schema property
+ */
+interface GeminiParameterProperty {
+  type: string;
+  description: string;
+  enum?: JsonValue[];
+}
+
+/**
+ * Gemini parameters schema
+ */
+interface GeminiParameters {
+  type: string;
+  properties: Record<string, GeminiParameterProperty>;
+  required: string[];
+}
+
 export class LLMService {
   // System prompt to improve tool usage (especially for Gemini)
-  private getSystemPrompt(tools: any[]): string {
-    return `You are an intelligent AI assistant with access to ${tools.length} powerful tools. Your goal is to help users accomplish their tasks efficiently and intelligently.
+  private getSystemPrompt(tools: LLMTool[]): string {
+    return `You are an intelligent AI assistant with access to ${tools.length} powerful tools. Your goal is to help users accomplish their tasks efficiently and accurately.
+
+**CRITICAL: ONLY DO WHAT THE USER ASKS**
+
+⚠️ **THE MOST IMPORTANT RULE**: Only perform the specific task the user requested. Do NOT assume additional steps or chain unrelated tools.
+
+Examples:
+- "show me airports in london" → ONLY search airports in london. Do NOT search for flights.
+- "search flights from A to B" → ONLY search those flights. Do NOT book them.
+- "book this flight" → ONLY proceed with booking for the specified flight.
 
 **CORE PRINCIPLES FOR TOOL USAGE:**
 
-1. **Be Proactive & Infer Context**: 
-   - Infer obvious information instead of asking (e.g., "Bangalore" → Karnataka, India; "New York" → NY, USA)
-   - Use common sense defaults when reasonable
-   - Don't ask for information you can deduce from context
+1. **Answer EXACTLY What Was Asked**: 
+   - If user asks "show airports in X", only call search_airports for X
+   - If user asks "search flights", only search flights - don't book
+   - NEVER assume the user wants additional steps beyond their request
+   - Ask before doing more than requested
 
-2. **Chain Tools Intelligently**: 
-   - Use multiple tools in sequence to accomplish complex tasks
-   - If a task requires multiple steps, execute them automatically
-   - Example: login → fetch data → process → display results
-   - Don't ask permission for each step in an obvious workflow
+2. **Infer Context When Helpful** (but don't over-extend): 
+   - Infer obvious location info (e.g., "Bangalore" → Karnataka, India)
+   - Use common sense defaults for required parameters
+   - But NEVER infer that user wants additional operations
 
 3. **Maintain Context Awareness**: 
    - Remember information from previous tool calls in THIS conversation
    - Extract and reuse data (IDs, names, values) from previous tool results
    - Example: If browse_products returned products with IDs, use those IDs for add_to_cart
-   - Match user requests to previous data (e.g., "apple" → find product with name "Apple" → use its ID)
-   - Track state across the conversation (logged in status, product IDs, order IDs, etc.)
    - NEVER ask for information you already have from a previous tool call
 
 4. **Use Smart Defaults**: 
@@ -59,25 +139,18 @@ export class LLMService {
    - Common defaults: page=1, limit=10, sort=recent, etc.
    - Only ask for clarification when truly ambiguous
 
-5. **Minimize User Friction**: 
-   - Don't ask for every detail - use inference and defaults
-   - Chain related operations seamlessly
-   - Provide concise summaries after multi-step operations
-   - Be conversational but efficient
-
-6. **Handle Errors Gracefully**:
+5. **Handle Errors Gracefully**:
    - If authentication required, guide user to login
    - If prerequisite missing, suggest the required step
    - If operation fails, explain why and suggest alternatives
    - Always provide a helpful next step
 
-7. **Tool Call Best Practices**:
+6. **Tool Call Best Practices**:
    - Read tool descriptions carefully to understand their purpose
    - Use exact parameter names as specified in the schema
    - Pay attention to required vs optional parameters
    - If a tool says "Requires authentication" - CALL IT ANYWAY! Auth is handled automatically
    - Don't ask for credentials preemptively - only if a tool explicitly fails
-   - Look for examples in tool schemas for guidance
 
 **AUTHENTICATION HANDLING:**
 
@@ -90,17 +163,23 @@ export class LLMService {
 
 **EXAMPLES:**
 
+**Stay Focused - Don't Over-Extend:**
+✅ User: "show me airports in london" → Call search_airports("london") → Show results → STOP
+❌ User: "show me airports in london" → search_airports → then search New York → then search flights (WRONG!)
+
+✅ User: "search flights from NYC to LAX" → Call search_flights → Show results → STOP  
+❌ User: "search flights from NYC to LAX" → search → then automatically book (WRONG!)
+
 **Authentication:**
 User: "whoami" → Call whoami tool directly (don't ask for login)
 User: "show my orders" → Call get_order_history directly (don't ask for login)
-User: "what's in my cart" → Call view_cart directly (don't ask for login)
 
 **Context Awareness:**
 1. browse_products returns: [{id: "prod-3", name: "Apple", price: 0.99}, ...]
 2. User: "add apple to cart" → Extract ID "prod-3" from previous result → Call add_to_cart({product_id: "prod-3", quantity: 1})
-3. User: "add 2 more" → Remember prod-3 → Call add_to_cart({product_id: "prod-3", quantity: 2})
 
 **NEVER do this:**
+❌ User: "show airports" → Then automatically search flights (User didn't ask!)
 ❌ User: "add apple to cart" → "What is the product ID?" (You already have it!)
 ❌ User: "add to cart" → "Which product?" (Look at conversation context!)
 
@@ -140,7 +219,7 @@ User: "list all resources"
   async chat(
     provider: LLMProvider,
     messages: ChatMessage[],
-    tools: any[],
+    tools: LLMTool[],
     apiKey: string
   ): Promise<ChatResponse> {
     // Inject system prompt at the beginning if not already present
@@ -164,7 +243,7 @@ User: "list all resources"
 
   private async chatOpenAI(
     messages: ChatMessage[],
-    tools: any[],
+    tools: LLMTool[],
     apiKey: string
   ): Promise<ChatResponse> {
     const formattedMessages = messages.map((msg) => {
@@ -194,7 +273,7 @@ User: "list all resources"
 
       if (msg.role === 'user' && msg.file) {
         // Handle file attachments for OpenAI
-        const contentParts: any[] = [
+        const contentParts: OpenAIContentPart[] = [
           { type: 'text', text: msg.content || ' ' } // Ensure some text exists
         ];
 
@@ -247,9 +326,9 @@ User: "list all resources"
 
     console.log('Formatted messages for OpenAI:', JSON.stringify(formattedMessages, null, 2));
 
-    const requestBody: any = {
+    const requestBody: JsonObject = {
       model: 'gpt-4-turbo-preview',
-      messages: formattedMessages,
+      messages: formattedMessages as JsonValue,
     };
 
     if (tools.length > 0) {
@@ -309,10 +388,10 @@ User: "list all resources"
     };
 
     if (choice.message.tool_calls) {
-      result.toolCalls = choice.message.tool_calls.map((tc: any) => ({
+      result.toolCalls = (choice.message.tool_calls as OpenAIToolCall[]).map((tc) => ({
         id: tc.id,
         name: tc.function?.name || '',
-        arguments: JSON.parse(tc.function?.arguments || '{}'),
+        arguments: JSON.parse(tc.function?.arguments || '{}') as JsonValue,
       }));
       result.message.toolCalls = result.toolCalls;
     }
@@ -322,11 +401,11 @@ User: "list all resources"
 
   private async chatGemini(
     messages: ChatMessage[],
-    tools: any[],
+    tools: LLMTool[],
     apiKey: string
   ): Promise<ChatResponse> {
     // Convert messages to Gemini format
-    const contents: any[] = [];
+    const contents: GeminiContent[] = [];
     let systemInstruction = '';
 
     // Group consecutive tool messages together for Gemini
@@ -342,7 +421,7 @@ User: "list all resources"
 
       if (msg.role === 'tool') {
         // Collect all consecutive tool messages and group them into ONE function response
-        const functionParts: any[] = [];
+        const functionParts: GeminiFunctionPart[] = [];
 
         while (i < messages.length && messages[i].role === 'tool') {
           const toolMsg = messages[i];
@@ -364,7 +443,7 @@ User: "list all resources"
         });
       } else if (msg.role === 'assistant' && msg.toolCalls && msg.toolCalls.length > 0) {
         // Assistant message with tool calls
-        const parts: any[] = [];
+        const parts: GeminiFunctionPart[] = [];
 
         if (msg.content) {
           parts.push({ text: msg.content });
@@ -374,7 +453,7 @@ User: "list all resources"
           parts.push({
             functionCall: {
               name: tc.name,
-              args: tc.arguments,
+              args: tc.arguments as JsonObject,
             },
           });
         }
@@ -386,7 +465,7 @@ User: "list all resources"
         i++;
       } else {
         // Regular user or assistant message
-        const parts: any[] = [];
+        const parts: GeminiFunctionPart[] = [];
 
         if (msg.content) {
           parts.push({ text: msg.content });
@@ -448,8 +527,8 @@ User: "list all resources"
     // console.log('Formatted contents for Gemini:', JSON.stringify(contents, null, 2));
 
     // Prepare request body
-    const requestBody: any = {
-      contents,
+    const requestBody: JsonObject = {
+      contents: contents as JsonValue,
     };
 
     // Add system instruction if present
@@ -470,24 +549,24 @@ User: "list all resources"
           delete cleanSchema.additionalProperties;
 
           // Convert to Gemini's expected format
-          const parameters: any = {
-            type: cleanSchema.type || 'OBJECT',
+          const parameters: GeminiParameters = {
+            type: (cleanSchema.type as string) || 'OBJECT',
             properties: {},
-            required: cleanSchema.required || [],
+            required: (cleanSchema.required as string[]) || [],
           };
 
           // Convert properties
           if (cleanSchema.properties) {
             for (const [key, value] of Object.entries(cleanSchema.properties)) {
-              const prop: any = value;
+              const prop = value as JsonObject;
               parameters.properties[key] = {
-                type: this.convertTypeToGemini(prop.type),
-                description: prop.description || '',
+                type: this.convertTypeToGemini(prop.type as string | undefined),
+                description: (prop.description as string) || '',
               };
 
               // Handle enums
               if (prop.enum) {
-                parameters.properties[key].enum = prop.enum;
+                parameters.properties[key].enum = prop.enum as JsonValue[];
               }
             }
           }

package/src/studio/lib/mcp-client.ts

@@ -116,7 +116,7 @@ export class McpClient {
       // Start the HTTP transport (establish SSE connection)
       await this.transport.start();
     } else {
-      throw new Error(`Unknown transport type: ${(config as any).type}`);
+      throw new Error(`Unknown transport type: ${(config as McpClientConfig).type}`);
     }
 
     // Create client
@@ -198,7 +198,7 @@ export class McpClient {
     return await this.client.listTools();
   }
 
-  async callTool(name: string, args: any) {
+  async callTool(name: string, args: Record<string, unknown>) {
     if (!this.client) throw new Error('Not connected');
     return await this.client.callTool({ name, arguments: args });
   }
@@ -218,7 +218,7 @@ export class McpClient {
     return await this.client.listPrompts();
   }
 
-  async getPrompt(name: string, args: any) {
+  async getPrompt(name: string, args: Record<string, string>) {
     if (!this.client) throw new Error('Not connected');
     return await this.client.getPrompt({ name, arguments: args });
   }
@@ -233,13 +233,16 @@ export class McpClient {
     return await this.client.listRoots();
   }
 
-  async executeTool(name: string, args: any) {
+  async executeTool(name: string, args: Record<string, unknown>) {
     return await this.callTool(name, args);
   }
 
-  async createCompletion(params: any) {
+  async createCompletion(params: {
+    ref: string;
+    argument: { name: string; value: string };
+  }) {
     if (!this.client) throw new Error('Not connected');
-    return await this.client.createCompletion(params);
+    return await this.client.complete(params);
   }
 }