opedd-mcp 0.4.1 → 0.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +19 -0
- package/dist/index.js +16 -1
- package/dist/telemetry.js +89 -0
- package/package.json +7 -3
- package/.github/workflows/ci.yml +0 -70
- package/src/index.ts +0 -1034
- package/tests/dispatcher.env-gated.test.ts +0 -283
- package/tests/dispatcher.test.ts +0 -419
- package/tsconfig.json +0 -15
package/src/index.ts
DELETED
|
@@ -1,1034 +0,0 @@
|
|
|
1
|
-
#!/usr/bin/env node
|
|
2
|
-
|
|
3
|
-
import { Server } from "@modelcontextprotocol/sdk/server/index.js";
|
|
4
|
-
import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
|
|
5
|
-
import {
|
|
6
|
-
CallToolRequestSchema,
|
|
7
|
-
ListToolsRequestSchema,
|
|
8
|
-
type Tool,
|
|
9
|
-
} from "@modelcontextprotocol/sdk/types.js";
|
|
10
|
-
import { pathToFileURL } from "node:url";
|
|
11
|
-
|
|
12
|
-
// ─── Configuration ────────────────────────────────────────────────────────────
|
|
13
|
-
|
|
14
|
-
const API_BASE =
|
|
15
|
-
process.env.OPEDD_API_URL ??
|
|
16
|
-
"https://api.opedd.com";
|
|
17
|
-
|
|
18
|
-
const BUYER_EMAIL = process.env.OPEDD_BUYER_EMAIL;
|
|
19
|
-
const PAYMENT_METHOD_ID = process.env.OPEDD_PAYMENT_METHOD_ID;
|
|
20
|
-
// B91 v0.4.0 migration (2026-05-26): canonical Bearer auth.
|
|
21
|
-
// OPEDD_PUB_BEARER is the new canonical opedd_pub_<env>_<32-hex> key
|
|
22
|
-
// (issued via POST /publishers-api-keys action=create_api_key).
|
|
23
|
-
// OPEDD_API_KEY retained as backward-compat alias for legacy op_ keys
|
|
24
|
-
// during the dual-mode transition window on the /api endpoint (Phase A
|
|
25
|
-
// shipped opedd-backend 2026-05-26). Backend Phase C will drop the
|
|
26
|
-
// op_ path entirely; users MUST migrate to OPEDD_PUB_BEARER before
|
|
27
|
-
// then. Prefer Bearer if both set.
|
|
28
|
-
const PUB_BEARER = process.env.OPEDD_PUB_BEARER; // canonical opedd_pub_<env>_<32-hex>
|
|
29
|
-
const API_KEY = process.env.OPEDD_API_KEY; // LEGACY op_<32-hex> — retiring per backend Phase C
|
|
30
|
-
const BUYER_TOKEN = process.env.OPEDD_BUYER_TOKEN; // buyer API token (opedd_buyer_live_... or opedd_buyer_test_...)
|
|
31
|
-
const ACCESS_KEY = process.env.OPEDD_ACCESS_KEY; // enterprise access key (ent_*); for /enterprise-license GET feed
|
|
32
|
-
const BUYER_JWT = process.env.OPEDD_BUYER_JWT; // Supabase JWT; for /buyer-audit + /buyer-compliance-report
|
|
33
|
-
|
|
34
|
-
// ─── HTTP helpers ─────────────────────────────────────────────────────────────
|
|
35
|
-
|
|
36
|
-
async function opeddFetch(path: string, options: RequestInit = {}): Promise<unknown> {
|
|
37
|
-
const url = `${API_BASE}${path}`;
|
|
38
|
-
const headers: Record<string, string> = {
|
|
39
|
-
"Content-Type": "application/json",
|
|
40
|
-
// B91 v0.4.0 (2026-05-26): canonical Bearer preferred; legacy X-API-Key
|
|
41
|
-
// accepted only as fallback during transition window
|
|
42
|
-
...(PUB_BEARER ? { Authorization: `Bearer ${PUB_BEARER}` } : (API_KEY ? { "X-API-Key": API_KEY } : {})),
|
|
43
|
-
...(options.headers as Record<string, string> ?? {}),
|
|
44
|
-
};
|
|
45
|
-
const res = await fetch(url, { ...options, headers });
|
|
46
|
-
const body = await res.json();
|
|
47
|
-
if (!res.ok) {
|
|
48
|
-
const msg = (body as any)?.error || (body as any)?.message || `HTTP ${res.status}`;
|
|
49
|
-
throw new Error(msg);
|
|
50
|
-
}
|
|
51
|
-
return body;
|
|
52
|
-
}
|
|
53
|
-
|
|
54
|
-
// Fetch an NDJSON endpoint and collect parsed lines into an array.
|
|
55
|
-
// Last line is typically `{"_meta": {...}}`; surfaced as `meta` field on the
|
|
56
|
-
// returned object so the MCP tool result has both shape pieces inline.
|
|
57
|
-
async function opeddFetchNdjson(
|
|
58
|
-
path: string,
|
|
59
|
-
options: RequestInit = {},
|
|
60
|
-
): Promise<{ articles: unknown[]; meta: unknown }> {
|
|
61
|
-
const url = `${API_BASE}${path}`;
|
|
62
|
-
const headers: Record<string, string> = {
|
|
63
|
-
Accept: "application/x-ndjson",
|
|
64
|
-
// B91 v0.4.0 (2026-05-26): canonical Bearer preferred; legacy fallback
|
|
65
|
-
...(PUB_BEARER ? { Authorization: `Bearer ${PUB_BEARER}` } : (API_KEY ? { "X-API-Key": API_KEY } : {})),
|
|
66
|
-
...(options.headers as Record<string, string> ?? {}),
|
|
67
|
-
};
|
|
68
|
-
const res = await fetch(url, { ...options, headers });
|
|
69
|
-
if (!res.ok) {
|
|
70
|
-
let msg = `HTTP ${res.status}`;
|
|
71
|
-
try {
|
|
72
|
-
const errBody = await res.json();
|
|
73
|
-
msg = (errBody as any)?.error || (errBody as any)?.message || msg;
|
|
74
|
-
} catch {
|
|
75
|
-
// non-JSON error body — keep the HTTP-status default
|
|
76
|
-
}
|
|
77
|
-
throw new Error(msg);
|
|
78
|
-
}
|
|
79
|
-
const text = await res.text();
|
|
80
|
-
const articles: unknown[] = [];
|
|
81
|
-
let meta: unknown = null;
|
|
82
|
-
for (const raw of text.split("\n")) {
|
|
83
|
-
const line = raw.trim();
|
|
84
|
-
if (!line) continue;
|
|
85
|
-
const row = JSON.parse(line) as { _meta?: unknown };
|
|
86
|
-
if (row._meta !== undefined) {
|
|
87
|
-
meta = row._meta;
|
|
88
|
-
} else {
|
|
89
|
-
articles.push(row);
|
|
90
|
-
}
|
|
91
|
-
}
|
|
92
|
-
return { articles, meta };
|
|
93
|
-
}
|
|
94
|
-
|
|
95
|
-
// ─── MCP response helpers ─────────────────────────────────────────────────────
|
|
96
|
-
|
|
97
|
-
type TextContent = { type: "text"; text: string };
|
|
98
|
-
type ToolResult = { content: TextContent[]; isError?: boolean };
|
|
99
|
-
|
|
100
|
-
function ok(data: unknown): ToolResult {
|
|
101
|
-
return { content: [{ type: "text", text: JSON.stringify(data, null, 2) }] };
|
|
102
|
-
}
|
|
103
|
-
|
|
104
|
-
function err(msg: string): ToolResult {
|
|
105
|
-
return { content: [{ type: "text", text: `Error: ${msg}` }], isError: true };
|
|
106
|
-
}
|
|
107
|
-
|
|
108
|
-
// ─── Tool definitions ─────────────────────────────────────────────────────────
|
|
109
|
-
|
|
110
|
-
export const TOOLS: Tool[] = [
|
|
111
|
-
{
|
|
112
|
-
name: "lookup_content",
|
|
113
|
-
description:
|
|
114
|
-
"Look up a piece of content on the Opedd registry by URL. " +
|
|
115
|
-
"Returns the article title, publisher, available license types, and pricing " +
|
|
116
|
-
"(human republication price and AI training/inference price). " +
|
|
117
|
-
"Always call this first to check if content is licensable and what it costs.",
|
|
118
|
-
inputSchema: {
|
|
119
|
-
type: "object",
|
|
120
|
-
required: ["url"],
|
|
121
|
-
properties: {
|
|
122
|
-
url: {
|
|
123
|
-
type: "string",
|
|
124
|
-
description: "The canonical URL of the article or content to look up",
|
|
125
|
-
},
|
|
126
|
-
},
|
|
127
|
-
},
|
|
128
|
-
},
|
|
129
|
-
{
|
|
130
|
-
name: "purchase_license",
|
|
131
|
-
description:
|
|
132
|
-
"Purchase a content license from the Opedd protocol using a Stripe payment method. " +
|
|
133
|
-
"Returns a license key (format: OP-XXXX-XXXX) and a certificate URL. " +
|
|
134
|
-
"The buyer receives a Handshake Email with their license key. " +
|
|
135
|
-
"Set OPEDD_BUYER_EMAIL and OPEDD_PAYMENT_METHOD_ID env vars to avoid passing them on every call. " +
|
|
136
|
-
"License types: 'human' = republication rights, 'ai' = training dataset rights, 'ai_inference' = inference/RAG rights.",
|
|
137
|
-
inputSchema: {
|
|
138
|
-
type: "object",
|
|
139
|
-
required: ["license_type"],
|
|
140
|
-
properties: {
|
|
141
|
-
article_url: {
|
|
142
|
-
type: "string",
|
|
143
|
-
description: "URL of the article to license (use this OR article_id)",
|
|
144
|
-
},
|
|
145
|
-
article_id: {
|
|
146
|
-
type: "string",
|
|
147
|
-
description: "Opedd article UUID (use this OR article_url)",
|
|
148
|
-
},
|
|
149
|
-
license_type: {
|
|
150
|
-
type: "string",
|
|
151
|
-
enum: ["human", "ai", "ai_inference"],
|
|
152
|
-
description:
|
|
153
|
-
"human = republication/editorial rights, ai = training dataset rights, ai_inference = inference/RAG rights",
|
|
154
|
-
},
|
|
155
|
-
buyer_email: {
|
|
156
|
-
type: "string",
|
|
157
|
-
description: "Email address for the license. Falls back to OPEDD_BUYER_EMAIL env var.",
|
|
158
|
-
},
|
|
159
|
-
buyer_name: {
|
|
160
|
-
type: "string",
|
|
161
|
-
description: "Full name of the buyer (for the license record and certificate)",
|
|
162
|
-
},
|
|
163
|
-
buyer_organization: {
|
|
164
|
-
type: "string",
|
|
165
|
-
description: "Organization or company name (for enterprise/editorial licenses)",
|
|
166
|
-
},
|
|
167
|
-
intended_use: {
|
|
168
|
-
type: "string",
|
|
169
|
-
enum: ["personal", "editorial", "commercial", "ai_training", "corporate"],
|
|
170
|
-
description: "Intended use of the licensed content",
|
|
171
|
-
},
|
|
172
|
-
payment_method_id: {
|
|
173
|
-
type: "string",
|
|
174
|
-
description:
|
|
175
|
-
"Stripe payment method ID (pm_...). Falls back to OPEDD_PAYMENT_METHOD_ID env var.",
|
|
176
|
-
},
|
|
177
|
-
},
|
|
178
|
-
},
|
|
179
|
-
},
|
|
180
|
-
{
|
|
181
|
-
name: "verify_license",
|
|
182
|
-
description:
|
|
183
|
-
"Verify the authenticity of an Opedd license key. " +
|
|
184
|
-
"Returns license details including: article title, publisher, license type, " +
|
|
185
|
-
"issue date, amount paid, buyer info, and blockchain proof status. " +
|
|
186
|
-
"Use this to confirm a license is valid before using licensed content.",
|
|
187
|
-
inputSchema: {
|
|
188
|
-
type: "object",
|
|
189
|
-
required: ["license_key"],
|
|
190
|
-
properties: {
|
|
191
|
-
license_key: {
|
|
192
|
-
type: "string",
|
|
193
|
-
description: "The license key to verify (format: OP-XXXX-XXXX)",
|
|
194
|
-
},
|
|
195
|
-
},
|
|
196
|
-
},
|
|
197
|
-
},
|
|
198
|
-
{
|
|
199
|
-
name: "browse_registry",
|
|
200
|
-
description:
|
|
201
|
-
"Browse the public Opedd license registry. " +
|
|
202
|
-
"Returns recently issued licenses and licensable content. " +
|
|
203
|
-
"Filter by publisher_id to explore all content from a specific publisher. " +
|
|
204
|
-
"Filter by article_id to see all licenses issued for a specific article.",
|
|
205
|
-
inputSchema: {
|
|
206
|
-
type: "object",
|
|
207
|
-
properties: {
|
|
208
|
-
publisher_id: {
|
|
209
|
-
type: "string",
|
|
210
|
-
description: "Filter results to a specific publisher (UUID)",
|
|
211
|
-
},
|
|
212
|
-
article_id: {
|
|
213
|
-
type: "string",
|
|
214
|
-
description: "Filter results to a specific article (UUID)",
|
|
215
|
-
},
|
|
216
|
-
limit: {
|
|
217
|
-
type: "number",
|
|
218
|
-
description: "Number of results to return (default: 10, max: 50)",
|
|
219
|
-
},
|
|
220
|
-
},
|
|
221
|
-
},
|
|
222
|
-
},
|
|
223
|
-
// ─── Public buyer-discovery — catalog browse ──────────────────────────────
|
|
224
|
-
{
|
|
225
|
-
name: "publisher_directory",
|
|
226
|
-
description:
|
|
227
|
-
"Browse the public Opedd publisher catalog via GET /publisher-directory. " +
|
|
228
|
-
"Returns paginated publishers with article counts, pricing (per-article + annual + monthly-forward-feed), " +
|
|
229
|
-
"plan, and sample articles (RAG-extended metadata). " +
|
|
230
|
-
"**The primary discovery surface for AI labs to find Opedd-licensable publishers** — distinct from " +
|
|
231
|
-
"`browse_registry` (which lists issued LICENSES, not publishers). " +
|
|
232
|
-
"Filter by category (case-insensitive substring), min_articles, or verified status. " +
|
|
233
|
-
"Public no-auth — useful pre-purchase scoping before buyers commit to enterprise-license POST.",
|
|
234
|
-
inputSchema: {
|
|
235
|
-
type: "object",
|
|
236
|
-
properties: {
|
|
237
|
-
category: {
|
|
238
|
-
type: "string",
|
|
239
|
-
description: "Case-insensitive substring filter on publisher category (e.g. 'finance', 'AI').",
|
|
240
|
-
},
|
|
241
|
-
min_articles: {
|
|
242
|
-
type: "number",
|
|
243
|
-
description: "Filter to publishers with at least this many licensable articles.",
|
|
244
|
-
},
|
|
245
|
-
verified: {
|
|
246
|
-
type: "string",
|
|
247
|
-
description: "'true' to show only verified publishers (default), 'false' for unverified.",
|
|
248
|
-
},
|
|
249
|
-
limit: {
|
|
250
|
-
type: "number",
|
|
251
|
-
description: "Page size cap.",
|
|
252
|
-
},
|
|
253
|
-
offset: {
|
|
254
|
-
type: "number",
|
|
255
|
-
description: "Pagination offset.",
|
|
256
|
-
},
|
|
257
|
-
},
|
|
258
|
-
},
|
|
259
|
-
},
|
|
260
|
-
// ─── Phase 12 Wave 3 W3.1 — onboarding helpers ────────────────────────────
|
|
261
|
-
{
|
|
262
|
-
name: "detect_platform",
|
|
263
|
-
description:
|
|
264
|
-
"Detect the content platform behind a URL via POST /detect-platform (Phase 12 Wave 3 W3.1). " +
|
|
265
|
-
"Public no-auth lookup. Given a URL, identifies what platform powers it " +
|
|
266
|
-
"(Substack / Beehiiv / Ghost / Medium / Brevo / custom) and returns the suggested onboarding workflow. " +
|
|
267
|
-
"Hostname-detectable platforms (Substack subdomain, Beehiiv suffix, etc.) resolve in milliseconds; " +
|
|
268
|
-
"custom domains may take ~few seconds while the detector probes well-known platform endpoints in parallel. " +
|
|
269
|
-
"Returns: {platform, confidence, archive_method, forward_method, required_credentials, instructions}. " +
|
|
270
|
-
"The archive_method + forward_method fields are the two onboarding-workflow inputs Opedd's setup wizard reads " +
|
|
271
|
-
"(one for historical content backfill, one for new-content forward stream). " +
|
|
272
|
-
"instructions is human-readable operator copy explaining the inferred path.",
|
|
273
|
-
inputSchema: {
|
|
274
|
-
type: "object",
|
|
275
|
-
required: ["url"],
|
|
276
|
-
properties: {
|
|
277
|
-
url: {
|
|
278
|
-
type: "string",
|
|
279
|
-
description: "Publisher URL to inspect (any well-formed URL works; hostname-match short-circuits the probe path).",
|
|
280
|
-
},
|
|
281
|
-
},
|
|
282
|
-
},
|
|
283
|
-
},
|
|
284
|
-
// ─── Phase 12 Wave 1 W1.1 — public RSL Standard manifest ─────────────────
|
|
285
|
-
{
|
|
286
|
-
name: "rsl_get",
|
|
287
|
-
description:
|
|
288
|
-
"Fetch a publisher's RSL Standard manifest via GET /rsl-manifest (Phase 12 Wave 1 W1.1). " +
|
|
289
|
-
"Public no-auth endpoint — discovery surface for AI agents/crawlers wanting to know what's licensable " +
|
|
290
|
-
"from a publisher BEFORE going through the buyer-account signup flow. " +
|
|
291
|
-
"Returns the 4 canonical license types (ai_retrieval, ai_training, human_per_article, human_full_archive) " +
|
|
292
|
-
"the publisher has opted into, plus the EU CDSM Article 4(3) opt-out posture (`tdm_reservation`). " +
|
|
293
|
-
"Set `jsonld: true` to request the JSON-LD shape with embedded HMAC-SHA256 signed receipt over the " +
|
|
294
|
-
"CDSM Article 4(3) reservation state + `tdm:reservationSignedAt` timestamp — regulators can post-hoc " +
|
|
295
|
-
"verify the reservation was the claimed value at the claimed time. Default `jsonld: false` returns " +
|
|
296
|
-
"the raw RSL Standard JSON manifest. " +
|
|
297
|
-
"Per INVARIANTS.md W1.6: this is the PUBLISHER-side CDSM Article 4(3) declaration surface. It is NOT " +
|
|
298
|
-
"an EU AI Act Article 53 attestation (which is buyer-side, JWT-auth, via article_53_attestation tool).",
|
|
299
|
-
inputSchema: {
|
|
300
|
-
type: "object",
|
|
301
|
-
required: ["publisher_id"],
|
|
302
|
-
properties: {
|
|
303
|
-
publisher_id: {
|
|
304
|
-
type: "string",
|
|
305
|
-
description: "UUID of the publisher whose RSL manifest to fetch. Publisher must be verified.",
|
|
306
|
-
},
|
|
307
|
-
jsonld: {
|
|
308
|
-
type: "boolean",
|
|
309
|
-
description:
|
|
310
|
-
"If true, request JSON-LD shape (Accept: application/ld+json) with embedded HMAC-SHA256 signed receipt. " +
|
|
311
|
-
"Default false returns raw RSL Standard JSON shape.",
|
|
312
|
-
},
|
|
313
|
-
},
|
|
314
|
-
},
|
|
315
|
-
},
|
|
316
|
-
// ─── Phase 10 + 11 buyer-side surfaces (M6.4) ─────────────────────────────
|
|
317
|
-
{
|
|
318
|
-
name: "purchase_enterprise_license",
|
|
319
|
-
description:
|
|
320
|
-
"Purchase a bulk enterprise license covering multiple publishers (Phase 10). " +
|
|
321
|
-
"Returns a Stripe client_secret for payment completion + the enterprise_license_id. " +
|
|
322
|
-
"After payment, an ent_* access key is emailed to buyer_email. " +
|
|
323
|
-
"Scopes: 'custom' (pass-through publisher_ids), 'platform_wide' (auto-resolve all opted-in publishers), 'filtered' (Phase 10 filter_rules). " +
|
|
324
|
-
"License tiers: 'rag' (= ai_retrieval), 'training' (= ai_training, flat-fee not metered), 'inference' (= ai_retrieval), 'full_ai' (writes both retrieval + training records).",
|
|
325
|
-
inputSchema: {
|
|
326
|
-
type: "object",
|
|
327
|
-
required: ["publisher_ids", "buyer_email", "buyer_org"],
|
|
328
|
-
properties: {
|
|
329
|
-
publisher_ids: {
|
|
330
|
-
type: "array",
|
|
331
|
-
items: { type: "string" },
|
|
332
|
-
description: "Array of publisher UUIDs. Required for scope='custom'; ignored for platform_wide/filtered (resolved server-side).",
|
|
333
|
-
},
|
|
334
|
-
buyer_email: {
|
|
335
|
-
type: "string",
|
|
336
|
-
description: "Email to deliver the access key after payment",
|
|
337
|
-
},
|
|
338
|
-
buyer_org: {
|
|
339
|
-
type: "string",
|
|
340
|
-
description: "Buyer organization name (for billing + audit ledger)",
|
|
341
|
-
},
|
|
342
|
-
billing_type: {
|
|
343
|
-
type: "string",
|
|
344
|
-
enum: ["annual", "monthly", "annual_plus_monthly"],
|
|
345
|
-
description: "Billing cadence (default: annual)",
|
|
346
|
-
},
|
|
347
|
-
license_tier: {
|
|
348
|
-
type: "string",
|
|
349
|
-
enum: ["rag", "training", "inference", "full_ai"],
|
|
350
|
-
description: "License tier (default: rag)",
|
|
351
|
-
},
|
|
352
|
-
duration_months: {
|
|
353
|
-
type: "number",
|
|
354
|
-
description: "License duration in months (default: 12)",
|
|
355
|
-
},
|
|
356
|
-
scope: {
|
|
357
|
-
type: "string",
|
|
358
|
-
enum: ["custom", "platform_wide", "filtered"],
|
|
359
|
-
description: "Coverage scope (default: custom)",
|
|
360
|
-
},
|
|
361
|
-
filter_rules: {
|
|
362
|
-
type: "object",
|
|
363
|
-
description: "Required when scope='filtered'. See Phase 10 docs for shape: excluded_publisher_ids / direct_license_carveouts / categories / max_price_per_event.",
|
|
364
|
-
},
|
|
365
|
-
buyer_webhook_url: {
|
|
366
|
-
type: "string",
|
|
367
|
-
description: "Optional HMAC-signed webhook for content.published events on covered publishers",
|
|
368
|
-
},
|
|
369
|
-
},
|
|
370
|
-
},
|
|
371
|
-
},
|
|
372
|
-
];
|
|
373
|
-
|
|
374
|
-
// If a buyer token is configured, expose content delivery tooling
|
|
375
|
-
if (BUYER_TOKEN) {
|
|
376
|
-
TOOLS.push({
|
|
377
|
-
name: "get_content",
|
|
378
|
-
description:
|
|
379
|
-
"Retrieve the full body of a licensed article using a buyer API token (opedd_buyer_live_* canonical; opedd_buyer_test_* for sandbox). " +
|
|
380
|
-
"Requires OPEDD_BUYER_TOKEN env var (create one at opedd.com/licenses after purchasing). " +
|
|
381
|
-
"Works for per-article licenses (token scoped to that article) and archive licenses (token covers all publisher content). " +
|
|
382
|
-
"The publisher must have content delivery enabled and must have pushed content for the article. " +
|
|
383
|
-
"Phase 11 M2 RAG-extended shape: response includes 7 RAG-essential metadata fields — author, language, word_count, content_hash, image_urls, canonical_url, tags. " +
|
|
384
|
-
"On pre-2026-05-14 historical articles, optional fields (author/language/image_urls/canonical_url/tags) may be NULL. " +
|
|
385
|
-
"NULL means 'data unavailable for this article', NOT 'explicitly empty' — treat as data-missing when filtering; do not interpret as anti-match.",
|
|
386
|
-
inputSchema: {
|
|
387
|
-
type: "object",
|
|
388
|
-
required: ["article_id"],
|
|
389
|
-
properties: {
|
|
390
|
-
article_id: {
|
|
391
|
-
type: "string",
|
|
392
|
-
description: "The Opedd article UUID to retrieve content for",
|
|
393
|
-
},
|
|
394
|
-
buyer_token: {
|
|
395
|
-
type: "string",
|
|
396
|
-
description: "Buyer API token (opedd_buyer_live_* or opedd_buyer_test_*). Falls back to OPEDD_BUYER_TOKEN env var.",
|
|
397
|
-
},
|
|
398
|
-
},
|
|
399
|
-
},
|
|
400
|
-
});
|
|
401
|
-
}
|
|
402
|
-
|
|
403
|
-
// If an enterprise access key is configured, expose feed tools
|
|
404
|
-
if (ACCESS_KEY) {
|
|
405
|
-
TOOLS.push({
|
|
406
|
-
name: "list_feed",
|
|
407
|
-
description:
|
|
408
|
-
"List articles from a buyer's licensed catalog via GET /enterprise-license (Phase 10 + 11). " +
|
|
409
|
-
"Returns JSON-format response with paginated articles. " +
|
|
410
|
-
"Use `since` (ISO 8601) for delta-feed polling — only articles published after the timestamp. " +
|
|
411
|
-
"Use `cursor` for pagination across pages. " +
|
|
412
|
-
"Requires OPEDD_ACCESS_KEY (ent_* enterprise access key). " +
|
|
413
|
-
"For larger bulk corpus pulls, use stream_feed_ndjson (up to 1000 articles per call vs 200 here).",
|
|
414
|
-
inputSchema: {
|
|
415
|
-
type: "object",
|
|
416
|
-
properties: {
|
|
417
|
-
since: {
|
|
418
|
-
type: "string",
|
|
419
|
-
description: "ISO 8601 timestamp — return only articles with published_at > since",
|
|
420
|
-
},
|
|
421
|
-
cursor: {
|
|
422
|
-
type: "string",
|
|
423
|
-
description: "Opaque cursor from prior response's _meta.next_cursor",
|
|
424
|
-
},
|
|
425
|
-
limit: {
|
|
426
|
-
type: "number",
|
|
427
|
-
description: "Max articles per response (default: 50, max: 200)",
|
|
428
|
-
},
|
|
429
|
-
},
|
|
430
|
-
},
|
|
431
|
-
});
|
|
432
|
-
TOOLS.push({
|
|
433
|
-
name: "stream_feed_ndjson",
|
|
434
|
-
description:
|
|
435
|
-
"Bulk-export a buyer's licensed catalog via GET /enterprise-license?format=ndjson (Phase 11 M3). " +
|
|
436
|
-
"Returns up to 1000 articles per call (collected from line-delimited JSON wire format). " +
|
|
437
|
-
"Each article emits one usage_records row (analytics-only sentinel 'bulk-export:<request_id>:<article_id>' — not metered-billable per the revenue-model bifurcation invariant). " +
|
|
438
|
-
"Use `since` (ISO 8601) for delta-feed. Use `cursor` to paginate beyond 1000. " +
|
|
439
|
-
"Backend supports 5000 articles per call; the MCP cap is 1000 for transport reasonability. " +
|
|
440
|
-
"Real bulk-ingest pipelines should use the Python SDK (pip install opedd) directly — not via MCP. " +
|
|
441
|
-
"Requires OPEDD_ACCESS_KEY (ent_*).",
|
|
442
|
-
inputSchema: {
|
|
443
|
-
type: "object",
|
|
444
|
-
properties: {
|
|
445
|
-
since: {
|
|
446
|
-
type: "string",
|
|
447
|
-
description: "ISO 8601 timestamp — return only articles with published_at > since",
|
|
448
|
-
},
|
|
449
|
-
cursor: {
|
|
450
|
-
type: "string",
|
|
451
|
-
description: "Opaque cursor from prior response's _meta.next_cursor",
|
|
452
|
-
},
|
|
453
|
-
limit: {
|
|
454
|
-
type: "number",
|
|
455
|
-
description: "Max articles per response (default: 200, max: 1000)",
|
|
456
|
-
},
|
|
457
|
-
},
|
|
458
|
-
},
|
|
459
|
-
});
|
|
460
|
-
}
|
|
461
|
-
|
|
462
|
-
// If a Supabase buyer JWT is configured, expose audit + compliance tools
|
|
463
|
-
if (BUYER_JWT) {
|
|
464
|
-
TOOLS.push({
|
|
465
|
-
name: "get_audit_events",
|
|
466
|
-
description:
|
|
467
|
-
"Browse per-event audit rows for the authenticated buyer via GET /buyer-audit (Phase 9.x). " +
|
|
468
|
-
"Each row carries license_terms + Tempo on-chain attestation (merkle_root + inclusion_proof when blockchain_status='confirmed'). " +
|
|
469
|
-
"Optional filter by event_type ('content_access', 'bulk_content_access', 'compliance_report_generated'). " +
|
|
470
|
-
"Window cap 30 days (vs 90-day cap on get_compliance_dossier). " +
|
|
471
|
-
"Attestation inclusion proof is included on every row by default — no separate flag needed (M6.4 consolidation per founder ratification: tools 4 + 6 merged into one cleaner mental model). " +
|
|
472
|
-
"Requires OPEDD_BUYER_JWT (Supabase session JWT from the buyer portal).",
|
|
473
|
-
inputSchema: {
|
|
474
|
-
type: "object",
|
|
475
|
-
properties: {
|
|
476
|
-
from: {
|
|
477
|
-
type: "string",
|
|
478
|
-
description: "ISO 8601 timestamp lower bound (inclusive)",
|
|
479
|
-
},
|
|
480
|
-
to: {
|
|
481
|
-
type: "string",
|
|
482
|
-
description: "ISO 8601 timestamp upper bound (inclusive)",
|
|
483
|
-
},
|
|
484
|
-
event_type: {
|
|
485
|
-
type: "string",
|
|
486
|
-
enum: ["content_access", "bulk_content_access", "compliance_report_generated"],
|
|
487
|
-
description: "Optional event-class filter",
|
|
488
|
-
},
|
|
489
|
-
cursor: {
|
|
490
|
-
type: "string",
|
|
491
|
-
description: "Opaque cursor for pagination",
|
|
492
|
-
},
|
|
493
|
-
limit: {
|
|
494
|
-
type: "number",
|
|
495
|
-
description: "Max events per response (default: 50, max: 200)",
|
|
496
|
-
},
|
|
497
|
-
},
|
|
498
|
-
},
|
|
499
|
-
});
|
|
500
|
-
TOOLS.push({
|
|
501
|
-
name: "get_buyer_account",
|
|
502
|
-
description:
|
|
503
|
-
"Fetch the authenticated buyer's account profile + masked API key list via GET /buyer-account. " +
|
|
504
|
-
"Returns the enterprise_buyers row (contact_email, buyer_org, created_at, etc.) plus a list of all " +
|
|
505
|
-
"buyer-side API keys with masked prefixes (NEVER plaintext post-issuance — only the 12-char " +
|
|
506
|
-
"key_prefix is returned, e.g. 'opedd_buyer_'). " +
|
|
507
|
-
"Use cases: post-signup verification ('what was just issued to me?'), buyer dashboard mental model " +
|
|
508
|
-
"('what licenses do I currently hold?'), audit prep ('show me the key list before rotation'). " +
|
|
509
|
-
"For full mid-lifecycle license details (filter_rules, billing, payouts), buyers consult the buyer portal at opedd.com/buyer. " +
|
|
510
|
-
"Requires OPEDD_BUYER_JWT.",
|
|
511
|
-
inputSchema: {
|
|
512
|
-
type: "object",
|
|
513
|
-
properties: {},
|
|
514
|
-
},
|
|
515
|
-
});
|
|
516
|
-
TOOLS.push({
|
|
517
|
-
name: "article_53_attestation",
|
|
518
|
-
description:
|
|
519
|
-
"Issue a signed JWT attesting to EU AI Act Article 53 compliance for a specific license via " +
|
|
520
|
-
"GET /eu-ai-act/article-53-attestation (Phase 12 Wave 1 W1.4). " +
|
|
521
|
-
"Returns a freshly-signed HS256 JWT regulators can verify offline against the canonical signing key. " +
|
|
522
|
-
"Embeds: license context, usage-count over the attestation window, the most-recent Tempo Merkle root, " +
|
|
523
|
-
"and canonical claims (iss/sub/iat/exp/jti/aud). " +
|
|
524
|
-
"**The artifact AI labs hand to legal/procurement for EU AI Act Article 53(1)(d) transparency-obligation evidence.** " +
|
|
525
|
-
"Per INVARIANTS.md W1.6: this attests to EU AI Act Article 53 ONLY (buyer-side GPAI-model-provider " +
|
|
526
|
-
"transparency obligation). It does NOT discharge a publisher's CDSM Article 4(3) reservation obligation — " +
|
|
527
|
-
"that lives on the rsl_get tool (jsonld=true variant). Never conflate. " +
|
|
528
|
-
"Optional `content_id` scopes the attestation to one article; default is license-wide. " +
|
|
529
|
-
"Window cap: 365 days. Requires OPEDD_BUYER_JWT.",
|
|
530
|
-
inputSchema: {
|
|
531
|
-
type: "object",
|
|
532
|
-
required: ["license_id"],
|
|
533
|
-
properties: {
|
|
534
|
-
license_id: {
|
|
535
|
-
type: "string",
|
|
536
|
-
description: "UUID of the enterprise_license OR legacy individual license to attest. Buyer must own it.",
|
|
537
|
-
},
|
|
538
|
-
content_id: {
|
|
539
|
-
type: "string",
|
|
540
|
-
description: "Optional UUID of a specific article to scope the attestation. Default: license-wide.",
|
|
541
|
-
},
|
|
542
|
-
window_start: {
|
|
543
|
-
type: "string",
|
|
544
|
-
description: "ISO 8601 lower bound of the attestation window. Default: now - 90 days.",
|
|
545
|
-
},
|
|
546
|
-
window_end: {
|
|
547
|
-
type: "string",
|
|
548
|
-
description: "ISO 8601 upper bound. Default: now. Window may not exceed 365 days (hard cap).",
|
|
549
|
-
},
|
|
550
|
-
},
|
|
551
|
-
},
|
|
552
|
-
});
|
|
553
|
-
TOOLS.push({
|
|
554
|
-
name: "get_compliance_dossier",
|
|
555
|
-
description:
|
|
556
|
-
"Generate a procurement-defense compliance dossier via GET /buyer-compliance-report (Phase 11 M4). " +
|
|
557
|
-
"Per-row dossier shape: 25+ fields including 17 RAG-essential article fields + full license_terms + on_chain_attestation block. " +
|
|
558
|
-
"Bulk envelopes fan out into per-article rows by iterating metadata.article_ids[]. " +
|
|
559
|
-
"Self-audit invariant: every successful call writes one license_events row with event_type='compliance_report_generated' BEFORE returning. " +
|
|
560
|
-
"Window cap: 90 days per call (vs 30-day cap on get_audit_events). For annual audits, paginate via _meta.next_cursor across 4 quarterly windows. " +
|
|
561
|
-
"Compliance framework anchors (boolean flags) map to EU AI Act Article 53, CDSM Article 4(3), on-chain attestation, TDM reservation. " +
|
|
562
|
-
"Requires OPEDD_BUYER_JWT.",
|
|
563
|
-
inputSchema: {
|
|
564
|
-
type: "object",
|
|
565
|
-
required: ["from", "to"],
|
|
566
|
-
properties: {
|
|
567
|
-
from: {
|
|
568
|
-
type: "string",
|
|
569
|
-
description: "ISO 8601 timestamp lower bound (inclusive)",
|
|
570
|
-
},
|
|
571
|
-
to: {
|
|
572
|
-
type: "string",
|
|
573
|
-
description: "ISO 8601 timestamp upper bound (inclusive). Window cap 90 days.",
|
|
574
|
-
},
|
|
575
|
-
cursor: {
|
|
576
|
-
type: "string",
|
|
577
|
-
description: "Opaque cursor for pagination",
|
|
578
|
-
},
|
|
579
|
-
},
|
|
580
|
-
},
|
|
581
|
-
});
|
|
582
|
-
}
|
|
583
|
-
|
|
584
|
-
// If a publisher API key is configured, expose publisher-specific tooling
|
|
585
|
-
if (PUB_BEARER || API_KEY) {
|
|
586
|
-
TOOLS.push({
|
|
587
|
-
name: "list_publisher_content",
|
|
588
|
-
description:
|
|
589
|
-
"List all licensable articles for the authenticated publisher (requires OPEDD_PUB_BEARER, or legacy OPEDD_API_KEY). " +
|
|
590
|
-
"Returns articles with titles, descriptions, pricing, and sales statistics. " +
|
|
591
|
-
"Use article IDs from this list to purchase licenses via purchase_license.",
|
|
592
|
-
inputSchema: {
|
|
593
|
-
type: "object",
|
|
594
|
-
properties: {
|
|
595
|
-
limit: {
|
|
596
|
-
type: "number",
|
|
597
|
-
description: "Number of results (default: 20, max: 100)",
|
|
598
|
-
},
|
|
599
|
-
type: {
|
|
600
|
-
type: "string",
|
|
601
|
-
enum: ["human", "ai"],
|
|
602
|
-
description: "Filter by license type availability",
|
|
603
|
-
},
|
|
604
|
-
offset: {
|
|
605
|
-
type: "number",
|
|
606
|
-
description: "Pagination offset (default: 0)",
|
|
607
|
-
},
|
|
608
|
-
},
|
|
609
|
-
},
|
|
610
|
-
});
|
|
611
|
-
}
|
|
612
|
-
|
|
613
|
-
// ─── MCP Server ───────────────────────────────────────────────────────────────
|
|
614
|
-
|
|
615
|
-
const server = new Server(
|
|
616
|
-
{ name: "opedd-mcp", version: "0.3.0" },
|
|
617
|
-
{ capabilities: { tools: {} } }
|
|
618
|
-
);
|
|
619
|
-
|
|
620
|
-
server.setRequestHandler(ListToolsRequestSchema, async () => ({ tools: TOOLS }));
|
|
621
|
-
|
|
622
|
-
server.setRequestHandler(CallToolRequestSchema, async (request) =>
|
|
623
|
-
dispatchTool(request.params.name, (request.params.arguments ?? {}) as Record<string, unknown>),
|
|
624
|
-
);
|
|
625
|
-
|
|
626
|
-
// ─── Tool dispatcher (exported for unit tests) ────────────────────────────────
|
|
627
|
-
//
|
|
628
|
-
// Extracted from the inline handler 2026-05-24 EEST as part of the opedd-mcp
|
|
629
|
-
// test cohort ship. Behavior-preserving: the server.setRequestHandler above
|
|
630
|
-
// is a thin delegation to dispatchTool. Exporting allows unit tests to mock
|
|
631
|
-
// global fetch + invoke each tool's handler directly without spawning a
|
|
632
|
-
// stdio subprocess.
|
|
633
|
-
|
|
634
|
-
export async function dispatchTool(
|
|
635
|
-
name: string,
|
|
636
|
-
args: Record<string, unknown>,
|
|
637
|
-
): Promise<ToolResult> {
|
|
638
|
-
try {
|
|
639
|
-
switch (name) {
|
|
640
|
-
// ── lookup_content ─────────────────────────────────────────────────────
|
|
641
|
-
case "lookup_content": {
|
|
642
|
-
const { url } = args as { url: string };
|
|
643
|
-
if (!url) return err("url is required");
|
|
644
|
-
|
|
645
|
-
const data = await opeddFetch(
|
|
646
|
-
`/lookup-article?url=${encodeURIComponent(url)}`
|
|
647
|
-
);
|
|
648
|
-
return ok(data);
|
|
649
|
-
}
|
|
650
|
-
|
|
651
|
-
// ── purchase_license ───────────────────────────────────────────────────
|
|
652
|
-
case "purchase_license": {
|
|
653
|
-
const {
|
|
654
|
-
article_url,
|
|
655
|
-
article_id,
|
|
656
|
-
license_type,
|
|
657
|
-
buyer_email: argEmail,
|
|
658
|
-
buyer_name,
|
|
659
|
-
buyer_organization,
|
|
660
|
-
intended_use,
|
|
661
|
-
payment_method_id: argPm,
|
|
662
|
-
} = args as {
|
|
663
|
-
article_url?: string;
|
|
664
|
-
article_id?: string;
|
|
665
|
-
license_type: string;
|
|
666
|
-
buyer_email?: string;
|
|
667
|
-
buyer_name?: string;
|
|
668
|
-
buyer_organization?: string;
|
|
669
|
-
intended_use?: string;
|
|
670
|
-
payment_method_id?: string;
|
|
671
|
-
};
|
|
672
|
-
|
|
673
|
-
if (!article_url && !article_id) {
|
|
674
|
-
return err("Either article_url or article_id is required");
|
|
675
|
-
}
|
|
676
|
-
|
|
677
|
-
const buyerEmail = argEmail || BUYER_EMAIL;
|
|
678
|
-
if (!buyerEmail) {
|
|
679
|
-
return err("buyer_email is required (or set the OPEDD_BUYER_EMAIL env var)");
|
|
680
|
-
}
|
|
681
|
-
|
|
682
|
-
const paymentMethodId = argPm || PAYMENT_METHOD_ID;
|
|
683
|
-
if (!paymentMethodId) {
|
|
684
|
-
return err(
|
|
685
|
-
"payment_method_id is required (or set the OPEDD_PAYMENT_METHOD_ID env var). " +
|
|
686
|
-
"Get a Stripe payment method ID by saving a card at stripe.com/docs/api/payment_methods."
|
|
687
|
-
);
|
|
688
|
-
}
|
|
689
|
-
|
|
690
|
-
const body: Record<string, unknown> = {
|
|
691
|
-
license_type,
|
|
692
|
-
buyer_email: buyerEmail,
|
|
693
|
-
payment: { method: "stripe_pm", payment_method_id: paymentMethodId },
|
|
694
|
-
...(article_id ? { article_id } : { article_url }),
|
|
695
|
-
...(buyer_name ? { buyer_name } : {}),
|
|
696
|
-
...(buyer_organization ? { buyer_organization } : {}),
|
|
697
|
-
...(intended_use ? { intended_use } : {}),
|
|
698
|
-
};
|
|
699
|
-
|
|
700
|
-
const data = await opeddFetch("/agent-purchase", {
|
|
701
|
-
method: "POST",
|
|
702
|
-
body: JSON.stringify(body),
|
|
703
|
-
});
|
|
704
|
-
return ok(data);
|
|
705
|
-
}
|
|
706
|
-
|
|
707
|
-
// ── verify_license ─────────────────────────────────────────────────────
|
|
708
|
-
case "verify_license": {
|
|
709
|
-
const { license_key } = args as { license_key: string };
|
|
710
|
-
if (!license_key) return err("license_key is required");
|
|
711
|
-
|
|
712
|
-
const data = await opeddFetch(
|
|
713
|
-
`/verify-license?key=${encodeURIComponent(license_key)}`
|
|
714
|
-
);
|
|
715
|
-
return ok(data);
|
|
716
|
-
}
|
|
717
|
-
|
|
718
|
-
// ── browse_registry ────────────────────────────────────────────────────
|
|
719
|
-
case "browse_registry": {
|
|
720
|
-
const { publisher_id, article_id, limit = 10 } = args as {
|
|
721
|
-
publisher_id?: string;
|
|
722
|
-
article_id?: string;
|
|
723
|
-
limit?: number;
|
|
724
|
-
};
|
|
725
|
-
|
|
726
|
-
const params = new URLSearchParams();
|
|
727
|
-
if (publisher_id) params.set("publisher_id", publisher_id);
|
|
728
|
-
if (article_id) params.set("article_id", article_id);
|
|
729
|
-
params.set("limit", String(Math.min(Number(limit), 50)));
|
|
730
|
-
|
|
731
|
-
const data = await opeddFetch(`/registry?${params.toString()}`);
|
|
732
|
-
return ok(data);
|
|
733
|
-
}
|
|
734
|
-
|
|
735
|
-
// ── get_content ────────────────────────────────────────────────────────
|
|
736
|
-
case "get_content": {
|
|
737
|
-
const { article_id, buyer_token: argToken } = args as {
|
|
738
|
-
article_id: string;
|
|
739
|
-
buyer_token?: string;
|
|
740
|
-
};
|
|
741
|
-
if (!article_id) return err("article_id is required");
|
|
742
|
-
|
|
743
|
-
const token = argToken || BUYER_TOKEN;
|
|
744
|
-
if (!token) {
|
|
745
|
-
return err(
|
|
746
|
-
"buyer_token is required (or set the OPEDD_BUYER_TOKEN env var). " +
|
|
747
|
-
"Create a token at opedd.com/licenses after purchasing a license."
|
|
748
|
-
);
|
|
749
|
-
}
|
|
750
|
-
|
|
751
|
-
const data = await opeddFetch(
|
|
752
|
-
`/content-delivery?article_id=${encodeURIComponent(article_id)}`,
|
|
753
|
-
{ headers: { Authorization: `Bearer ${token}` } }
|
|
754
|
-
);
|
|
755
|
-
return ok(data);
|
|
756
|
-
}
|
|
757
|
-
|
|
758
|
-
// ── publisher_directory (buyer-discovery catalog browse) ───────────────
|
|
759
|
-
case "publisher_directory": {
|
|
760
|
-
const { category, min_articles, verified, limit, offset } = args as {
|
|
761
|
-
category?: string;
|
|
762
|
-
min_articles?: number;
|
|
763
|
-
verified?: string;
|
|
764
|
-
limit?: number;
|
|
765
|
-
offset?: number;
|
|
766
|
-
};
|
|
767
|
-
const params = new URLSearchParams();
|
|
768
|
-
if (category) params.set("category", category);
|
|
769
|
-
if (min_articles !== undefined) params.set("min_articles", String(min_articles));
|
|
770
|
-
if (verified !== undefined) params.set("verified", verified);
|
|
771
|
-
if (limit !== undefined) params.set("limit", String(limit));
|
|
772
|
-
if (offset !== undefined) params.set("offset", String(offset));
|
|
773
|
-
|
|
774
|
-
const query = params.toString();
|
|
775
|
-
const data = await opeddFetch(`/publisher-directory${query ? `?${query}` : ""}`);
|
|
776
|
-
return ok(data);
|
|
777
|
-
}
|
|
778
|
-
|
|
779
|
-
// ── detect_platform (Phase 12 Wave 3 W3.1) ─────────────────────────────
|
|
780
|
-
case "detect_platform": {
|
|
781
|
-
const { url } = args as { url: string };
|
|
782
|
-
if (!url) return err("url is required");
|
|
783
|
-
|
|
784
|
-
const data = await opeddFetch("/detect-platform", {
|
|
785
|
-
method: "POST",
|
|
786
|
-
body: JSON.stringify({ url }),
|
|
787
|
-
});
|
|
788
|
-
return ok(data);
|
|
789
|
-
}
|
|
790
|
-
|
|
791
|
-
// ── rsl_get (Phase 12 Wave 1 W1.1) ─────────────────────────────────────
|
|
792
|
-
case "rsl_get": {
|
|
793
|
-
const { publisher_id, jsonld = false } = args as {
|
|
794
|
-
publisher_id: string;
|
|
795
|
-
jsonld?: boolean;
|
|
796
|
-
};
|
|
797
|
-
if (!publisher_id) return err("publisher_id is required");
|
|
798
|
-
|
|
799
|
-
const accept = jsonld ? "application/ld+json" : "application/json";
|
|
800
|
-
const data = await opeddFetch(
|
|
801
|
-
`/rsl-manifest?publisher_id=${encodeURIComponent(publisher_id)}`,
|
|
802
|
-
{ headers: { Accept: accept } },
|
|
803
|
-
);
|
|
804
|
-
return ok(data);
|
|
805
|
-
}
|
|
806
|
-
|
|
807
|
-
// ── purchase_enterprise_license (Phase 10) ─────────────────────────────
|
|
808
|
-
case "purchase_enterprise_license": {
|
|
809
|
-
const {
|
|
810
|
-
publisher_ids,
|
|
811
|
-
buyer_email: pelEmail,
|
|
812
|
-
buyer_org,
|
|
813
|
-
billing_type = "annual",
|
|
814
|
-
license_tier = "rag",
|
|
815
|
-
duration_months = 12,
|
|
816
|
-
scope = "custom",
|
|
817
|
-
filter_rules,
|
|
818
|
-
buyer_webhook_url,
|
|
819
|
-
} = args as {
|
|
820
|
-
publisher_ids?: string[];
|
|
821
|
-
buyer_email?: string;
|
|
822
|
-
buyer_org?: string;
|
|
823
|
-
billing_type?: string;
|
|
824
|
-
license_tier?: string;
|
|
825
|
-
duration_months?: number;
|
|
826
|
-
scope?: string;
|
|
827
|
-
filter_rules?: Record<string, unknown>;
|
|
828
|
-
buyer_webhook_url?: string;
|
|
829
|
-
};
|
|
830
|
-
|
|
831
|
-
if (!Array.isArray(publisher_ids) || publisher_ids.length === 0) {
|
|
832
|
-
if (scope === "custom") {
|
|
833
|
-
return err("publisher_ids array is required for scope='custom'");
|
|
834
|
-
}
|
|
835
|
-
}
|
|
836
|
-
if (!pelEmail) return err("buyer_email is required");
|
|
837
|
-
if (!buyer_org) return err("buyer_org is required");
|
|
838
|
-
|
|
839
|
-
const body: Record<string, unknown> = {
|
|
840
|
-
publisher_ids: publisher_ids ?? [],
|
|
841
|
-
buyer_email: pelEmail,
|
|
842
|
-
buyer_org,
|
|
843
|
-
billing_type,
|
|
844
|
-
license_tier,
|
|
845
|
-
duration_months,
|
|
846
|
-
scope,
|
|
847
|
-
...(filter_rules ? { filter_rules } : {}),
|
|
848
|
-
...(buyer_webhook_url ? { buyer_webhook_url } : {}),
|
|
849
|
-
};
|
|
850
|
-
|
|
851
|
-
const data = await opeddFetch("/enterprise-license", {
|
|
852
|
-
method: "POST",
|
|
853
|
-
body: JSON.stringify(body),
|
|
854
|
-
});
|
|
855
|
-
return ok(data);
|
|
856
|
-
}
|
|
857
|
-
|
|
858
|
-
// ── list_feed (Phase 10 + 11) ──────────────────────────────────────────
|
|
859
|
-
case "list_feed": {
|
|
860
|
-
if (!ACCESS_KEY) {
|
|
861
|
-
return err("OPEDD_ACCESS_KEY env var is required for this tool (ent_* enterprise access key)");
|
|
862
|
-
}
|
|
863
|
-
const { since, cursor, limit = 50 } = args as {
|
|
864
|
-
since?: string;
|
|
865
|
-
cursor?: string;
|
|
866
|
-
limit?: number;
|
|
867
|
-
};
|
|
868
|
-
const params = new URLSearchParams({
|
|
869
|
-
access_key: ACCESS_KEY,
|
|
870
|
-
format: "json",
|
|
871
|
-
limit: String(Math.min(Number(limit) || 50, 200)),
|
|
872
|
-
});
|
|
873
|
-
if (since) params.set("since", since);
|
|
874
|
-
if (cursor) params.set("cursor", cursor);
|
|
875
|
-
|
|
876
|
-
const data = await opeddFetch(`/enterprise-license?${params.toString()}`);
|
|
877
|
-
return ok(data);
|
|
878
|
-
}
|
|
879
|
-
|
|
880
|
-
// ── stream_feed_ndjson (Phase 11 M3) ───────────────────────────────────
|
|
881
|
-
case "stream_feed_ndjson": {
|
|
882
|
-
if (!ACCESS_KEY) {
|
|
883
|
-
return err("OPEDD_ACCESS_KEY env var is required for this tool (ent_* enterprise access key)");
|
|
884
|
-
}
|
|
885
|
-
const { since, cursor, limit = 200 } = args as {
|
|
886
|
-
since?: string;
|
|
887
|
-
cursor?: string;
|
|
888
|
-
limit?: number;
|
|
889
|
-
};
|
|
890
|
-
const params = new URLSearchParams({
|
|
891
|
-
access_key: ACCESS_KEY,
|
|
892
|
-
format: "ndjson",
|
|
893
|
-
limit: String(Math.min(Number(limit) || 200, 1000)),
|
|
894
|
-
});
|
|
895
|
-
if (since) params.set("since", since);
|
|
896
|
-
if (cursor) params.set("cursor", cursor);
|
|
897
|
-
|
|
898
|
-
const data = await opeddFetchNdjson(`/enterprise-license?${params.toString()}`);
|
|
899
|
-
return ok(data);
|
|
900
|
-
}
|
|
901
|
-
|
|
902
|
-
// ── get_audit_events (Phase 9.x + 10 M5 attestation) ───────────────────
|
|
903
|
-
case "get_audit_events": {
|
|
904
|
-
if (!BUYER_JWT) {
|
|
905
|
-
return err("OPEDD_BUYER_JWT env var is required for this tool (Supabase session JWT)");
|
|
906
|
-
}
|
|
907
|
-
const { from, to, event_type, cursor, limit = 50 } = args as {
|
|
908
|
-
from?: string;
|
|
909
|
-
to?: string;
|
|
910
|
-
event_type?: string;
|
|
911
|
-
cursor?: string;
|
|
912
|
-
limit?: number;
|
|
913
|
-
};
|
|
914
|
-
const params = new URLSearchParams({
|
|
915
|
-
limit: String(Math.min(Number(limit) || 50, 200)),
|
|
916
|
-
});
|
|
917
|
-
if (from) params.set("from", from);
|
|
918
|
-
if (to) params.set("to", to);
|
|
919
|
-
if (event_type) params.set("event_type", event_type);
|
|
920
|
-
if (cursor) params.set("cursor", cursor);
|
|
921
|
-
|
|
922
|
-
const data = await opeddFetch(`/buyer-audit?${params.toString()}`, {
|
|
923
|
-
headers: { Authorization: `Bearer ${BUYER_JWT}` },
|
|
924
|
-
});
|
|
925
|
-
return ok(data);
|
|
926
|
-
}
|
|
927
|
-
|
|
928
|
-
// ── get_buyer_account (buyer profile + masked key list) ────────────────
|
|
929
|
-
case "get_buyer_account": {
|
|
930
|
-
if (!BUYER_JWT) {
|
|
931
|
-
return err("OPEDD_BUYER_JWT env var is required for this tool (Supabase session JWT)");
|
|
932
|
-
}
|
|
933
|
-
const data = await opeddFetch("/buyer-account", {
|
|
934
|
-
headers: { Authorization: `Bearer ${BUYER_JWT}` },
|
|
935
|
-
});
|
|
936
|
-
return ok(data);
|
|
937
|
-
}
|
|
938
|
-
|
|
939
|
-
// ── article_53_attestation (Phase 12 Wave 1 W1.4) ──────────────────────
|
|
940
|
-
case "article_53_attestation": {
|
|
941
|
-
if (!BUYER_JWT) {
|
|
942
|
-
return err("OPEDD_BUYER_JWT env var is required for this tool (Supabase session JWT)");
|
|
943
|
-
}
|
|
944
|
-
const { license_id, content_id, window_start, window_end } = args as {
|
|
945
|
-
license_id: string;
|
|
946
|
-
content_id?: string;
|
|
947
|
-
window_start?: string;
|
|
948
|
-
window_end?: string;
|
|
949
|
-
};
|
|
950
|
-
if (!license_id) return err("license_id is required");
|
|
951
|
-
|
|
952
|
-
const params = new URLSearchParams({ license_id });
|
|
953
|
-
if (content_id) params.set("content_id", content_id);
|
|
954
|
-
if (window_start) params.set("window_start", window_start);
|
|
955
|
-
if (window_end) params.set("window_end", window_end);
|
|
956
|
-
|
|
957
|
-
const data = await opeddFetch(
|
|
958
|
-
`/eu-ai-act/article-53-attestation?${params.toString()}`,
|
|
959
|
-
{ headers: { Authorization: `Bearer ${BUYER_JWT}` } },
|
|
960
|
-
);
|
|
961
|
-
return ok(data);
|
|
962
|
-
}
|
|
963
|
-
|
|
964
|
-
// ── get_compliance_dossier (Phase 11 M4) ───────────────────────────────
|
|
965
|
-
case "get_compliance_dossier": {
|
|
966
|
-
if (!BUYER_JWT) {
|
|
967
|
-
return err("OPEDD_BUYER_JWT env var is required for this tool (Supabase session JWT)");
|
|
968
|
-
}
|
|
969
|
-
const { from, to, cursor } = args as {
|
|
970
|
-
from?: string;
|
|
971
|
-
to?: string;
|
|
972
|
-
cursor?: string;
|
|
973
|
-
};
|
|
974
|
-
if (!from) return err("from (ISO 8601 timestamp) is required");
|
|
975
|
-
if (!to) return err("to (ISO 8601 timestamp) is required");
|
|
976
|
-
|
|
977
|
-
const params = new URLSearchParams({
|
|
978
|
-
from,
|
|
979
|
-
to,
|
|
980
|
-
format: "json",
|
|
981
|
-
});
|
|
982
|
-
if (cursor) params.set("cursor", cursor);
|
|
983
|
-
|
|
984
|
-
const data = await opeddFetch(`/buyer-compliance-report?${params.toString()}`, {
|
|
985
|
-
headers: { Authorization: `Bearer ${BUYER_JWT}` },
|
|
986
|
-
});
|
|
987
|
-
return ok(data);
|
|
988
|
-
}
|
|
989
|
-
|
|
990
|
-
// ── list_publisher_content ─────────────────────────────────────────────
|
|
991
|
-
case "list_publisher_content": {
|
|
992
|
-
if (!PUB_BEARER && !API_KEY) {
|
|
993
|
-
return err("OPEDD_PUB_BEARER env var is required for this tool (canonical Bearer; legacy OPEDD_API_KEY also accepted during transition)");
|
|
994
|
-
}
|
|
995
|
-
|
|
996
|
-
const { limit = 20, type, offset = 0 } = args as {
|
|
997
|
-
limit?: number;
|
|
998
|
-
type?: string;
|
|
999
|
-
offset?: number;
|
|
1000
|
-
};
|
|
1001
|
-
|
|
1002
|
-
const params = new URLSearchParams({ action: "articles" });
|
|
1003
|
-
params.set("limit", String(Math.min(Number(limit), 100)));
|
|
1004
|
-
params.set("offset", String(Number(offset)));
|
|
1005
|
-
if (type) params.set("type", type);
|
|
1006
|
-
|
|
1007
|
-
const data = await opeddFetch(`/api?${params.toString()}`);
|
|
1008
|
-
return ok(data);
|
|
1009
|
-
}
|
|
1010
|
-
|
|
1011
|
-
default:
|
|
1012
|
-
return err(`Unknown tool: ${name}`);
|
|
1013
|
-
}
|
|
1014
|
-
} catch (e) {
|
|
1015
|
-
const msg = e instanceof Error ? e.message : String(e);
|
|
1016
|
-
return err(`Request failed: ${msg}`);
|
|
1017
|
-
}
|
|
1018
|
-
}
|
|
1019
|
-
|
|
1020
|
-
// ─── Start ────────────────────────────────────────────────────────────────────
|
|
1021
|
-
|
|
1022
|
-
// Skip stdio bootstrap when imported as a module (unit tests need TOOLS +
|
|
1023
|
-
// dispatchTool without the server.connect side-effect). Detect via
|
|
1024
|
-
// `import.meta.url === pathToFileURL(process.argv[1]).href` — the canonical
|
|
1025
|
-
// "am I the entry point" check for ESM Node modules.
|
|
1026
|
-
if (
|
|
1027
|
-
typeof process !== "undefined" &&
|
|
1028
|
-
process.argv?.[1] &&
|
|
1029
|
-
import.meta.url === pathToFileURL(process.argv[1]).href
|
|
1030
|
-
) {
|
|
1031
|
-
const transport = new StdioServerTransport();
|
|
1032
|
-
await server.connect(transport);
|
|
1033
|
-
console.error("[opedd-mcp] Server running on stdio");
|
|
1034
|
-
}
|