opedd-mcp 0.2.0 → 0.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.github/workflows/ci.yml +19 -2
- package/README.md +39 -9
- package/dist/index.js +239 -17
- package/package.json +9 -6
- package/src/index.ts +291 -24
- package/tests/dispatcher.env-gated.test.ts +283 -0
- package/tests/dispatcher.test.ts +419 -0
package/src/index.ts
CHANGED
|
@@ -7,6 +7,7 @@ import {
|
|
|
7
7
|
ListToolsRequestSchema,
|
|
8
8
|
type Tool,
|
|
9
9
|
} from "@modelcontextprotocol/sdk/types.js";
|
|
10
|
+
import { pathToFileURL } from "node:url";
|
|
10
11
|
|
|
11
12
|
// ─── Configuration ────────────────────────────────────────────────────────────
|
|
12
13
|
|
|
@@ -16,9 +17,18 @@ const API_BASE =
|
|
|
16
17
|
|
|
17
18
|
const BUYER_EMAIL = process.env.OPEDD_BUYER_EMAIL;
|
|
18
19
|
const PAYMENT_METHOD_ID = process.env.OPEDD_PAYMENT_METHOD_ID;
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
20
|
+
// B91 v0.4.0 migration (2026-05-26): canonical Bearer auth.
|
|
21
|
+
// OPEDD_PUB_BEARER is the new canonical opedd_pub_<env>_<32-hex> key
|
|
22
|
+
// (issued via POST /publishers-api-keys action=create_api_key).
|
|
23
|
+
// OPEDD_API_KEY retained as backward-compat alias for legacy op_ keys
|
|
24
|
+
// during the dual-mode transition window on the /api endpoint (Phase A
|
|
25
|
+
// shipped opedd-backend 2026-05-26). Backend Phase C will drop the
|
|
26
|
+
// op_ path entirely; users MUST migrate to OPEDD_PUB_BEARER before
|
|
27
|
+
// then. Prefer Bearer if both set.
|
|
28
|
+
const PUB_BEARER = process.env.OPEDD_PUB_BEARER; // canonical opedd_pub_<env>_<32-hex>
|
|
29
|
+
const API_KEY = process.env.OPEDD_API_KEY; // LEGACY op_<32-hex> — retiring per backend Phase C
|
|
30
|
+
const BUYER_TOKEN = process.env.OPEDD_BUYER_TOKEN; // buyer API token (opedd_buyer_live_... or opedd_buyer_test_...)
|
|
31
|
+
const ACCESS_KEY = process.env.OPEDD_ACCESS_KEY; // enterprise access key (ent_*); for /enterprise-license GET feed
|
|
22
32
|
const BUYER_JWT = process.env.OPEDD_BUYER_JWT; // Supabase JWT; for /buyer-audit + /buyer-compliance-report
|
|
23
33
|
|
|
24
34
|
// ─── HTTP helpers ─────────────────────────────────────────────────────────────
|
|
@@ -27,7 +37,9 @@ async function opeddFetch(path: string, options: RequestInit = {}): Promise<unkn
|
|
|
27
37
|
const url = `${API_BASE}${path}`;
|
|
28
38
|
const headers: Record<string, string> = {
|
|
29
39
|
"Content-Type": "application/json",
|
|
30
|
-
|
|
40
|
+
// B91 v0.4.0 (2026-05-26): canonical Bearer preferred; legacy X-API-Key
|
|
41
|
+
// accepted only as fallback during transition window
|
|
42
|
+
...(PUB_BEARER ? { Authorization: `Bearer ${PUB_BEARER}` } : (API_KEY ? { "X-API-Key": API_KEY } : {})),
|
|
31
43
|
...(options.headers as Record<string, string> ?? {}),
|
|
32
44
|
};
|
|
33
45
|
const res = await fetch(url, { ...options, headers });
|
|
@@ -49,7 +61,8 @@ async function opeddFetchNdjson(
|
|
|
49
61
|
const url = `${API_BASE}${path}`;
|
|
50
62
|
const headers: Record<string, string> = {
|
|
51
63
|
Accept: "application/x-ndjson",
|
|
52
|
-
|
|
64
|
+
// B91 v0.4.0 (2026-05-26): canonical Bearer preferred; legacy fallback
|
|
65
|
+
...(PUB_BEARER ? { Authorization: `Bearer ${PUB_BEARER}` } : (API_KEY ? { "X-API-Key": API_KEY } : {})),
|
|
53
66
|
...(options.headers as Record<string, string> ?? {}),
|
|
54
67
|
};
|
|
55
68
|
const res = await fetch(url, { ...options, headers });
|
|
@@ -94,7 +107,7 @@ function err(msg: string): ToolResult {
|
|
|
94
107
|
|
|
95
108
|
// ─── Tool definitions ─────────────────────────────────────────────────────────
|
|
96
109
|
|
|
97
|
-
const TOOLS: Tool[] = [
|
|
110
|
+
export const TOOLS: Tool[] = [
|
|
98
111
|
{
|
|
99
112
|
name: "lookup_content",
|
|
100
113
|
description:
|
|
@@ -207,13 +220,106 @@ const TOOLS: Tool[] = [
|
|
|
207
220
|
},
|
|
208
221
|
},
|
|
209
222
|
},
|
|
223
|
+
// ─── Public buyer-discovery — catalog browse ──────────────────────────────
|
|
224
|
+
{
|
|
225
|
+
name: "publisher_directory",
|
|
226
|
+
description:
|
|
227
|
+
"Browse the public Opedd publisher catalog via GET /publisher-directory. " +
|
|
228
|
+
"Returns paginated publishers with article counts, pricing (per-article + annual + monthly-forward-feed), " +
|
|
229
|
+
"plan, and sample articles (RAG-extended metadata). " +
|
|
230
|
+
"**The primary discovery surface for AI labs to find Opedd-licensable publishers** — distinct from " +
|
|
231
|
+
"`browse_registry` (which lists issued LICENSES, not publishers). " +
|
|
232
|
+
"Filter by category (case-insensitive substring), min_articles, or verified status. " +
|
|
233
|
+
"Public no-auth — useful pre-purchase scoping before buyers commit to enterprise-license POST.",
|
|
234
|
+
inputSchema: {
|
|
235
|
+
type: "object",
|
|
236
|
+
properties: {
|
|
237
|
+
category: {
|
|
238
|
+
type: "string",
|
|
239
|
+
description: "Case-insensitive substring filter on publisher category (e.g. 'finance', 'AI').",
|
|
240
|
+
},
|
|
241
|
+
min_articles: {
|
|
242
|
+
type: "number",
|
|
243
|
+
description: "Filter to publishers with at least this many licensable articles.",
|
|
244
|
+
},
|
|
245
|
+
verified: {
|
|
246
|
+
type: "string",
|
|
247
|
+
description: "'true' to show only verified publishers (default), 'false' for unverified.",
|
|
248
|
+
},
|
|
249
|
+
limit: {
|
|
250
|
+
type: "number",
|
|
251
|
+
description: "Page size cap.",
|
|
252
|
+
},
|
|
253
|
+
offset: {
|
|
254
|
+
type: "number",
|
|
255
|
+
description: "Pagination offset.",
|
|
256
|
+
},
|
|
257
|
+
},
|
|
258
|
+
},
|
|
259
|
+
},
|
|
260
|
+
// ─── Phase 12 Wave 3 W3.1 — onboarding helpers ────────────────────────────
|
|
261
|
+
{
|
|
262
|
+
name: "detect_platform",
|
|
263
|
+
description:
|
|
264
|
+
"Detect the content platform behind a URL via POST /detect-platform (Phase 12 Wave 3 W3.1). " +
|
|
265
|
+
"Public no-auth lookup. Given a URL, identifies what platform powers it " +
|
|
266
|
+
"(Substack / Beehiiv / Ghost / Medium / Brevo / custom) and returns the suggested onboarding workflow. " +
|
|
267
|
+
"Hostname-detectable platforms (Substack subdomain, Beehiiv suffix, etc.) resolve in milliseconds; " +
|
|
268
|
+
"custom domains may take ~few seconds while the detector probes well-known platform endpoints in parallel. " +
|
|
269
|
+
"Returns: {platform, confidence, archive_method, forward_method, required_credentials, instructions}. " +
|
|
270
|
+
"The archive_method + forward_method fields are the two onboarding-workflow inputs Opedd's setup wizard reads " +
|
|
271
|
+
"(one for historical content backfill, one for new-content forward stream). " +
|
|
272
|
+
"instructions is human-readable operator copy explaining the inferred path.",
|
|
273
|
+
inputSchema: {
|
|
274
|
+
type: "object",
|
|
275
|
+
required: ["url"],
|
|
276
|
+
properties: {
|
|
277
|
+
url: {
|
|
278
|
+
type: "string",
|
|
279
|
+
description: "Publisher URL to inspect (any well-formed URL works; hostname-match short-circuits the probe path).",
|
|
280
|
+
},
|
|
281
|
+
},
|
|
282
|
+
},
|
|
283
|
+
},
|
|
284
|
+
// ─── Phase 12 Wave 1 W1.1 — public RSL Standard manifest ─────────────────
|
|
285
|
+
{
|
|
286
|
+
name: "rsl_get",
|
|
287
|
+
description:
|
|
288
|
+
"Fetch a publisher's RSL Standard manifest via GET /rsl-manifest (Phase 12 Wave 1 W1.1). " +
|
|
289
|
+
"Public no-auth endpoint — discovery surface for AI agents/crawlers wanting to know what's licensable " +
|
|
290
|
+
"from a publisher BEFORE going through the buyer-account signup flow. " +
|
|
291
|
+
"Returns the 4 canonical license types (ai_retrieval, ai_training, human_per_article, human_full_archive) " +
|
|
292
|
+
"the publisher has opted into, plus the EU CDSM Article 4(3) opt-out posture (`tdm_reservation`). " +
|
|
293
|
+
"Set `jsonld: true` to request the JSON-LD shape with embedded HMAC-SHA256 signed receipt over the " +
|
|
294
|
+
"CDSM Article 4(3) reservation state + `tdm:reservationSignedAt` timestamp — regulators can post-hoc " +
|
|
295
|
+
"verify the reservation was the claimed value at the claimed time. Default `jsonld: false` returns " +
|
|
296
|
+
"the raw RSL Standard JSON manifest. " +
|
|
297
|
+
"Per INVARIANTS.md W1.6: this is the PUBLISHER-side CDSM Article 4(3) declaration surface. It is NOT " +
|
|
298
|
+
"an EU AI Act Article 53 attestation (which is buyer-side, JWT-auth, via article_53_attestation tool).",
|
|
299
|
+
inputSchema: {
|
|
300
|
+
type: "object",
|
|
301
|
+
required: ["publisher_id"],
|
|
302
|
+
properties: {
|
|
303
|
+
publisher_id: {
|
|
304
|
+
type: "string",
|
|
305
|
+
description: "UUID of the publisher whose RSL manifest to fetch. Publisher must be verified.",
|
|
306
|
+
},
|
|
307
|
+
jsonld: {
|
|
308
|
+
type: "boolean",
|
|
309
|
+
description:
|
|
310
|
+
"If true, request JSON-LD shape (Accept: application/ld+json) with embedded HMAC-SHA256 signed receipt. " +
|
|
311
|
+
"Default false returns raw RSL Standard JSON shape.",
|
|
312
|
+
},
|
|
313
|
+
},
|
|
314
|
+
},
|
|
315
|
+
},
|
|
210
316
|
// ─── Phase 10 + 11 buyer-side surfaces (M6.4) ─────────────────────────────
|
|
211
317
|
{
|
|
212
318
|
name: "purchase_enterprise_license",
|
|
213
319
|
description:
|
|
214
320
|
"Purchase a bulk enterprise license covering multiple publishers (Phase 10). " +
|
|
215
321
|
"Returns a Stripe client_secret for payment completion + the enterprise_license_id. " +
|
|
216
|
-
"After payment, an
|
|
322
|
+
"After payment, an ent_* access key is emailed to buyer_email. " +
|
|
217
323
|
"Scopes: 'custom' (pass-through publisher_ids), 'platform_wide' (auto-resolve all opted-in publishers), 'filtered' (Phase 10 filter_rules). " +
|
|
218
324
|
"License tiers: 'rag' (= ai_retrieval), 'training' (= ai_training, flat-fee not metered), 'inference' (= ai_retrieval), 'full_ai' (writes both retrieval + training records).",
|
|
219
325
|
inputSchema: {
|
|
@@ -270,7 +376,7 @@ if (BUYER_TOKEN) {
|
|
|
270
376
|
TOOLS.push({
|
|
271
377
|
name: "get_content",
|
|
272
378
|
description:
|
|
273
|
-
"Retrieve the full body of a licensed article using a buyer API token (opedd_buyer_live_* canonical
|
|
379
|
+
"Retrieve the full body of a licensed article using a buyer API token (opedd_buyer_live_* canonical; opedd_buyer_test_* for sandbox). " +
|
|
274
380
|
"Requires OPEDD_BUYER_TOKEN env var (create one at opedd.com/licenses after purchasing). " +
|
|
275
381
|
"Works for per-article licenses (token scoped to that article) and archive licenses (token covers all publisher content). " +
|
|
276
382
|
"The publisher must have content delivery enabled and must have pushed content for the article. " +
|
|
@@ -287,7 +393,7 @@ if (BUYER_TOKEN) {
|
|
|
287
393
|
},
|
|
288
394
|
buyer_token: {
|
|
289
395
|
type: "string",
|
|
290
|
-
description: "Buyer API token (opedd_buyer_live_* or
|
|
396
|
+
description: "Buyer API token (opedd_buyer_live_* or opedd_buyer_test_*). Falls back to OPEDD_BUYER_TOKEN env var.",
|
|
291
397
|
},
|
|
292
398
|
},
|
|
293
399
|
},
|
|
@@ -303,7 +409,7 @@ if (ACCESS_KEY) {
|
|
|
303
409
|
"Returns JSON-format response with paginated articles. " +
|
|
304
410
|
"Use `since` (ISO 8601) for delta-feed polling — only articles published after the timestamp. " +
|
|
305
411
|
"Use `cursor` for pagination across pages. " +
|
|
306
|
-
"Requires OPEDD_ACCESS_KEY (
|
|
412
|
+
"Requires OPEDD_ACCESS_KEY (ent_* enterprise access key). " +
|
|
307
413
|
"For larger bulk corpus pulls, use stream_feed_ndjson (up to 1000 articles per call vs 200 here).",
|
|
308
414
|
inputSchema: {
|
|
309
415
|
type: "object",
|
|
@@ -332,7 +438,7 @@ if (ACCESS_KEY) {
|
|
|
332
438
|
"Use `since` (ISO 8601) for delta-feed. Use `cursor` to paginate beyond 1000. " +
|
|
333
439
|
"Backend supports 5000 articles per call; the MCP cap is 1000 for transport reasonability. " +
|
|
334
440
|
"Real bulk-ingest pipelines should use the Python SDK (pip install opedd) directly — not via MCP. " +
|
|
335
|
-
"Requires OPEDD_ACCESS_KEY (
|
|
441
|
+
"Requires OPEDD_ACCESS_KEY (ent_*).",
|
|
336
442
|
inputSchema: {
|
|
337
443
|
type: "object",
|
|
338
444
|
properties: {
|
|
@@ -391,6 +497,59 @@ if (BUYER_JWT) {
|
|
|
391
497
|
},
|
|
392
498
|
},
|
|
393
499
|
});
|
|
500
|
+
TOOLS.push({
|
|
501
|
+
name: "get_buyer_account",
|
|
502
|
+
description:
|
|
503
|
+
"Fetch the authenticated buyer's account profile + masked API key list via GET /buyer-account. " +
|
|
504
|
+
"Returns the enterprise_buyers row (contact_email, buyer_org, created_at, etc.) plus a list of all " +
|
|
505
|
+
"buyer-side API keys with masked prefixes (NEVER plaintext post-issuance — only the 12-char " +
|
|
506
|
+
"key_prefix is returned, e.g. 'opedd_buyer_'). " +
|
|
507
|
+
"Use cases: post-signup verification ('what was just issued to me?'), buyer dashboard mental model " +
|
|
508
|
+
"('what licenses do I currently hold?'), audit prep ('show me the key list before rotation'). " +
|
|
509
|
+
"For full mid-lifecycle license details (filter_rules, billing, payouts), buyers consult the buyer portal at opedd.com/buyer. " +
|
|
510
|
+
"Requires OPEDD_BUYER_JWT.",
|
|
511
|
+
inputSchema: {
|
|
512
|
+
type: "object",
|
|
513
|
+
properties: {},
|
|
514
|
+
},
|
|
515
|
+
});
|
|
516
|
+
TOOLS.push({
|
|
517
|
+
name: "article_53_attestation",
|
|
518
|
+
description:
|
|
519
|
+
"Issue a signed JWT attesting to EU AI Act Article 53 compliance for a specific license via " +
|
|
520
|
+
"GET /eu-ai-act/article-53-attestation (Phase 12 Wave 1 W1.4). " +
|
|
521
|
+
"Returns a freshly-signed HS256 JWT regulators can verify offline against the canonical signing key. " +
|
|
522
|
+
"Embeds: license context, usage-count over the attestation window, the most-recent Tempo Merkle root, " +
|
|
523
|
+
"and canonical claims (iss/sub/iat/exp/jti/aud). " +
|
|
524
|
+
"**The artifact AI labs hand to legal/procurement for EU AI Act Article 53(1)(d) transparency-obligation evidence.** " +
|
|
525
|
+
"Per INVARIANTS.md W1.6: this attests to EU AI Act Article 53 ONLY (buyer-side GPAI-model-provider " +
|
|
526
|
+
"transparency obligation). It does NOT discharge a publisher's CDSM Article 4(3) reservation obligation — " +
|
|
527
|
+
"that lives on the rsl_get tool (jsonld=true variant). Never conflate. " +
|
|
528
|
+
"Optional `content_id` scopes the attestation to one article; default is license-wide. " +
|
|
529
|
+
"Window cap: 365 days. Requires OPEDD_BUYER_JWT.",
|
|
530
|
+
inputSchema: {
|
|
531
|
+
type: "object",
|
|
532
|
+
required: ["license_id"],
|
|
533
|
+
properties: {
|
|
534
|
+
license_id: {
|
|
535
|
+
type: "string",
|
|
536
|
+
description: "UUID of the enterprise_license OR legacy individual license to attest. Buyer must own it.",
|
|
537
|
+
},
|
|
538
|
+
content_id: {
|
|
539
|
+
type: "string",
|
|
540
|
+
description: "Optional UUID of a specific article to scope the attestation. Default: license-wide.",
|
|
541
|
+
},
|
|
542
|
+
window_start: {
|
|
543
|
+
type: "string",
|
|
544
|
+
description: "ISO 8601 lower bound of the attestation window. Default: now - 90 days.",
|
|
545
|
+
},
|
|
546
|
+
window_end: {
|
|
547
|
+
type: "string",
|
|
548
|
+
description: "ISO 8601 upper bound. Default: now. Window may not exceed 365 days (hard cap).",
|
|
549
|
+
},
|
|
550
|
+
},
|
|
551
|
+
},
|
|
552
|
+
});
|
|
394
553
|
TOOLS.push({
|
|
395
554
|
name: "get_compliance_dossier",
|
|
396
555
|
description:
|
|
@@ -423,11 +582,11 @@ if (BUYER_JWT) {
|
|
|
423
582
|
}
|
|
424
583
|
|
|
425
584
|
// If a publisher API key is configured, expose publisher-specific tooling
|
|
426
|
-
if (API_KEY) {
|
|
585
|
+
if (PUB_BEARER || API_KEY) {
|
|
427
586
|
TOOLS.push({
|
|
428
587
|
name: "list_publisher_content",
|
|
429
588
|
description:
|
|
430
|
-
"List all licensable articles for the authenticated publisher (requires OPEDD_API_KEY). " +
|
|
589
|
+
"List all licensable articles for the authenticated publisher (requires OPEDD_PUB_BEARER, or legacy OPEDD_API_KEY). " +
|
|
431
590
|
"Returns articles with titles, descriptions, pricing, and sales statistics. " +
|
|
432
591
|
"Use article IDs from this list to purchase licenses via purchase_license.",
|
|
433
592
|
inputSchema: {
|
|
@@ -454,15 +613,28 @@ if (API_KEY) {
|
|
|
454
613
|
// ─── MCP Server ───────────────────────────────────────────────────────────────
|
|
455
614
|
|
|
456
615
|
const server = new Server(
|
|
457
|
-
{ name: "opedd-mcp", version: "0.
|
|
616
|
+
{ name: "opedd-mcp", version: "0.3.0" },
|
|
458
617
|
{ capabilities: { tools: {} } }
|
|
459
618
|
);
|
|
460
619
|
|
|
461
620
|
server.setRequestHandler(ListToolsRequestSchema, async () => ({ tools: TOOLS }));
|
|
462
621
|
|
|
463
|
-
server.setRequestHandler(CallToolRequestSchema, async (request) =>
|
|
464
|
-
|
|
622
|
+
server.setRequestHandler(CallToolRequestSchema, async (request) =>
|
|
623
|
+
dispatchTool(request.params.name, (request.params.arguments ?? {}) as Record<string, unknown>),
|
|
624
|
+
);
|
|
465
625
|
|
|
626
|
+
// ─── Tool dispatcher (exported for unit tests) ────────────────────────────────
|
|
627
|
+
//
|
|
628
|
+
// Extracted from the inline handler 2026-05-24 EEST as part of the opedd-mcp
|
|
629
|
+
// test cohort ship. Behavior-preserving: the server.setRequestHandler above
|
|
630
|
+
// is a thin delegation to dispatchTool. Exporting allows unit tests to mock
|
|
631
|
+
// global fetch + invoke each tool's handler directly without spawning a
|
|
632
|
+
// stdio subprocess.
|
|
633
|
+
|
|
634
|
+
export async function dispatchTool(
|
|
635
|
+
name: string,
|
|
636
|
+
args: Record<string, unknown>,
|
|
637
|
+
): Promise<ToolResult> {
|
|
466
638
|
try {
|
|
467
639
|
switch (name) {
|
|
468
640
|
// ── lookup_content ─────────────────────────────────────────────────────
|
|
@@ -583,6 +755,55 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
|
|
|
583
755
|
return ok(data);
|
|
584
756
|
}
|
|
585
757
|
|
|
758
|
+
// ── publisher_directory (buyer-discovery catalog browse) ───────────────
|
|
759
|
+
case "publisher_directory": {
|
|
760
|
+
const { category, min_articles, verified, limit, offset } = args as {
|
|
761
|
+
category?: string;
|
|
762
|
+
min_articles?: number;
|
|
763
|
+
verified?: string;
|
|
764
|
+
limit?: number;
|
|
765
|
+
offset?: number;
|
|
766
|
+
};
|
|
767
|
+
const params = new URLSearchParams();
|
|
768
|
+
if (category) params.set("category", category);
|
|
769
|
+
if (min_articles !== undefined) params.set("min_articles", String(min_articles));
|
|
770
|
+
if (verified !== undefined) params.set("verified", verified);
|
|
771
|
+
if (limit !== undefined) params.set("limit", String(limit));
|
|
772
|
+
if (offset !== undefined) params.set("offset", String(offset));
|
|
773
|
+
|
|
774
|
+
const query = params.toString();
|
|
775
|
+
const data = await opeddFetch(`/publisher-directory${query ? `?${query}` : ""}`);
|
|
776
|
+
return ok(data);
|
|
777
|
+
}
|
|
778
|
+
|
|
779
|
+
// ── detect_platform (Phase 12 Wave 3 W3.1) ─────────────────────────────
|
|
780
|
+
case "detect_platform": {
|
|
781
|
+
const { url } = args as { url: string };
|
|
782
|
+
if (!url) return err("url is required");
|
|
783
|
+
|
|
784
|
+
const data = await opeddFetch("/detect-platform", {
|
|
785
|
+
method: "POST",
|
|
786
|
+
body: JSON.stringify({ url }),
|
|
787
|
+
});
|
|
788
|
+
return ok(data);
|
|
789
|
+
}
|
|
790
|
+
|
|
791
|
+
// ── rsl_get (Phase 12 Wave 1 W1.1) ─────────────────────────────────────
|
|
792
|
+
case "rsl_get": {
|
|
793
|
+
const { publisher_id, jsonld = false } = args as {
|
|
794
|
+
publisher_id: string;
|
|
795
|
+
jsonld?: boolean;
|
|
796
|
+
};
|
|
797
|
+
if (!publisher_id) return err("publisher_id is required");
|
|
798
|
+
|
|
799
|
+
const accept = jsonld ? "application/ld+json" : "application/json";
|
|
800
|
+
const data = await opeddFetch(
|
|
801
|
+
`/rsl-manifest?publisher_id=${encodeURIComponent(publisher_id)}`,
|
|
802
|
+
{ headers: { Accept: accept } },
|
|
803
|
+
);
|
|
804
|
+
return ok(data);
|
|
805
|
+
}
|
|
806
|
+
|
|
586
807
|
// ── purchase_enterprise_license (Phase 10) ─────────────────────────────
|
|
587
808
|
case "purchase_enterprise_license": {
|
|
588
809
|
const {
|
|
@@ -637,7 +858,7 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
|
|
|
637
858
|
// ── list_feed (Phase 10 + 11) ──────────────────────────────────────────
|
|
638
859
|
case "list_feed": {
|
|
639
860
|
if (!ACCESS_KEY) {
|
|
640
|
-
return err("OPEDD_ACCESS_KEY env var is required for this tool (
|
|
861
|
+
return err("OPEDD_ACCESS_KEY env var is required for this tool (ent_* enterprise access key)");
|
|
641
862
|
}
|
|
642
863
|
const { since, cursor, limit = 50 } = args as {
|
|
643
864
|
since?: string;
|
|
@@ -659,7 +880,7 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
|
|
|
659
880
|
// ── stream_feed_ndjson (Phase 11 M3) ───────────────────────────────────
|
|
660
881
|
case "stream_feed_ndjson": {
|
|
661
882
|
if (!ACCESS_KEY) {
|
|
662
|
-
return err("OPEDD_ACCESS_KEY env var is required for this tool (
|
|
883
|
+
return err("OPEDD_ACCESS_KEY env var is required for this tool (ent_* enterprise access key)");
|
|
663
884
|
}
|
|
664
885
|
const { since, cursor, limit = 200 } = args as {
|
|
665
886
|
since?: string;
|
|
@@ -704,6 +925,42 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
|
|
|
704
925
|
return ok(data);
|
|
705
926
|
}
|
|
706
927
|
|
|
928
|
+
// ── get_buyer_account (buyer profile + masked key list) ────────────────
|
|
929
|
+
case "get_buyer_account": {
|
|
930
|
+
if (!BUYER_JWT) {
|
|
931
|
+
return err("OPEDD_BUYER_JWT env var is required for this tool (Supabase session JWT)");
|
|
932
|
+
}
|
|
933
|
+
const data = await opeddFetch("/buyer-account", {
|
|
934
|
+
headers: { Authorization: `Bearer ${BUYER_JWT}` },
|
|
935
|
+
});
|
|
936
|
+
return ok(data);
|
|
937
|
+
}
|
|
938
|
+
|
|
939
|
+
// ── article_53_attestation (Phase 12 Wave 1 W1.4) ──────────────────────
|
|
940
|
+
case "article_53_attestation": {
|
|
941
|
+
if (!BUYER_JWT) {
|
|
942
|
+
return err("OPEDD_BUYER_JWT env var is required for this tool (Supabase session JWT)");
|
|
943
|
+
}
|
|
944
|
+
const { license_id, content_id, window_start, window_end } = args as {
|
|
945
|
+
license_id: string;
|
|
946
|
+
content_id?: string;
|
|
947
|
+
window_start?: string;
|
|
948
|
+
window_end?: string;
|
|
949
|
+
};
|
|
950
|
+
if (!license_id) return err("license_id is required");
|
|
951
|
+
|
|
952
|
+
const params = new URLSearchParams({ license_id });
|
|
953
|
+
if (content_id) params.set("content_id", content_id);
|
|
954
|
+
if (window_start) params.set("window_start", window_start);
|
|
955
|
+
if (window_end) params.set("window_end", window_end);
|
|
956
|
+
|
|
957
|
+
const data = await opeddFetch(
|
|
958
|
+
`/eu-ai-act/article-53-attestation?${params.toString()}`,
|
|
959
|
+
{ headers: { Authorization: `Bearer ${BUYER_JWT}` } },
|
|
960
|
+
);
|
|
961
|
+
return ok(data);
|
|
962
|
+
}
|
|
963
|
+
|
|
707
964
|
// ── get_compliance_dossier (Phase 11 M4) ───────────────────────────────
|
|
708
965
|
case "get_compliance_dossier": {
|
|
709
966
|
if (!BUYER_JWT) {
|
|
@@ -732,8 +989,8 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
|
|
|
732
989
|
|
|
733
990
|
// ── list_publisher_content ─────────────────────────────────────────────
|
|
734
991
|
case "list_publisher_content": {
|
|
735
|
-
if (!API_KEY) {
|
|
736
|
-
return err("
|
|
992
|
+
if (!PUB_BEARER && !API_KEY) {
|
|
993
|
+
return err("OPEDD_PUB_BEARER env var is required for this tool (canonical Bearer; legacy OPEDD_API_KEY also accepted during transition)");
|
|
737
994
|
}
|
|
738
995
|
|
|
739
996
|
const { limit = 20, type, offset = 0 } = args as {
|
|
@@ -758,10 +1015,20 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
|
|
|
758
1015
|
const msg = e instanceof Error ? e.message : String(e);
|
|
759
1016
|
return err(`Request failed: ${msg}`);
|
|
760
1017
|
}
|
|
761
|
-
}
|
|
1018
|
+
}
|
|
762
1019
|
|
|
763
1020
|
// ─── Start ────────────────────────────────────────────────────────────────────
|
|
764
1021
|
|
|
765
|
-
|
|
766
|
-
|
|
767
|
-
|
|
1022
|
+
// Skip stdio bootstrap when imported as a module (unit tests need TOOLS +
|
|
1023
|
+
// dispatchTool without the server.connect side-effect). Detect via
|
|
1024
|
+
// `import.meta.url === pathToFileURL(process.argv[1]).href` — the canonical
|
|
1025
|
+
// "am I the entry point" check for ESM Node modules.
|
|
1026
|
+
if (
|
|
1027
|
+
typeof process !== "undefined" &&
|
|
1028
|
+
process.argv?.[1] &&
|
|
1029
|
+
import.meta.url === pathToFileURL(process.argv[1]).href
|
|
1030
|
+
) {
|
|
1031
|
+
const transport = new StdioServerTransport();
|
|
1032
|
+
await server.connect(transport);
|
|
1033
|
+
console.error("[opedd-mcp] Server running on stdio");
|
|
1034
|
+
}
|