skybridge 0.0.0-dev.ff50fdb → 0.0.0-dev.ffaef7a

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (437) hide show
  1. package/README.md +124 -114
  2. package/dist/cli/build-helpers.d.ts +10 -0
  3. package/dist/cli/build-helpers.js +93 -0
  4. package/dist/cli/build-helpers.js.map +1 -0
  5. package/dist/cli/build-helpers.test.js +89 -0
  6. package/dist/cli/build-helpers.test.js.map +1 -0
  7. package/dist/cli/build-steps.d.ts +2 -0
  8. package/dist/cli/build-steps.js +68 -0
  9. package/dist/cli/build-steps.js.map +1 -0
  10. package/dist/cli/build-steps.test.js +52 -0
  11. package/dist/cli/build-steps.test.js.map +1 -0
  12. package/dist/cli/detect-port.d.ts +18 -0
  13. package/dist/cli/detect-port.js +50 -0
  14. package/dist/cli/detect-port.js.map +1 -0
  15. package/dist/cli/header.d.ts +1 -1
  16. package/dist/cli/header.js +1 -1
  17. package/dist/cli/header.js.map +1 -1
  18. package/dist/cli/resolve-views-dir.d.ts +1 -0
  19. package/dist/cli/resolve-views-dir.js +17 -0
  20. package/dist/cli/resolve-views-dir.js.map +1 -0
  21. package/dist/cli/run-command.js.map +1 -1
  22. package/dist/cli/run-plain.d.ts +18 -0
  23. package/dist/cli/run-plain.js +89 -0
  24. package/dist/cli/run-plain.js.map +1 -0
  25. package/dist/cli/telemetry.js.map +1 -1
  26. package/dist/cli/tunnel-control-server.d.ts +9 -0
  27. package/dist/cli/tunnel-control-server.js +31 -0
  28. package/dist/cli/tunnel-control-server.js.map +1 -0
  29. package/dist/cli/tunnel-control-server.test.d.ts +1 -0
  30. package/dist/cli/tunnel-control-server.test.js +39 -0
  31. package/dist/cli/tunnel-control-server.test.js.map +1 -0
  32. package/dist/cli/tunnel-handler.d.ts +3 -0
  33. package/dist/cli/tunnel-handler.js +48 -0
  34. package/dist/cli/tunnel-handler.js.map +1 -0
  35. package/dist/cli/tunnel-handler.test.d.ts +1 -0
  36. package/dist/cli/tunnel-handler.test.js +105 -0
  37. package/dist/cli/tunnel-handler.test.js.map +1 -0
  38. package/dist/cli/tunnel.d.ts +57 -0
  39. package/dist/cli/tunnel.js +154 -0
  40. package/dist/cli/tunnel.js.map +1 -0
  41. package/dist/cli/tunnel.test.d.ts +1 -0
  42. package/dist/cli/tunnel.test.js +190 -0
  43. package/dist/cli/tunnel.test.js.map +1 -0
  44. package/dist/cli/types.d.ts +5 -0
  45. package/dist/cli/types.js +2 -0
  46. package/dist/cli/types.js.map +1 -0
  47. package/dist/cli/use-execute-steps.d.ts +3 -2
  48. package/dist/cli/use-execute-steps.js +6 -1
  49. package/dist/cli/use-execute-steps.js.map +1 -1
  50. package/dist/cli/use-messages.d.ts +3 -0
  51. package/dist/cli/use-messages.js +11 -0
  52. package/dist/cli/use-messages.js.map +1 -0
  53. package/dist/cli/use-nodemon.d.ts +16 -0
  54. package/dist/cli/use-nodemon.js +84 -0
  55. package/dist/cli/use-nodemon.js.map +1 -0
  56. package/dist/cli/use-open-browser.d.ts +1 -0
  57. package/dist/cli/use-open-browser.js +44 -0
  58. package/dist/cli/use-open-browser.js.map +1 -0
  59. package/dist/cli/use-tunnel.d.ts +14 -0
  60. package/dist/cli/use-tunnel.js +131 -0
  61. package/dist/cli/use-tunnel.js.map +1 -0
  62. package/dist/cli/use-typescript-check.d.ts +15 -0
  63. package/dist/cli/use-typescript-check.js +97 -0
  64. package/dist/cli/use-typescript-check.js.map +1 -0
  65. package/dist/commands/build.d.ts +0 -3
  66. package/dist/commands/build.js +3 -16
  67. package/dist/commands/build.js.map +1 -1
  68. package/dist/commands/create.d.ts +9 -0
  69. package/dist/commands/create.js +30 -0
  70. package/dist/commands/create.js.map +1 -0
  71. package/dist/commands/dev.d.ts +5 -1
  72. package/dist/commands/dev.js +109 -13
  73. package/dist/commands/dev.js.map +1 -1
  74. package/dist/commands/start.d.ts +3 -1
  75. package/dist/commands/start.js +37 -15
  76. package/dist/commands/start.js.map +1 -1
  77. package/dist/commands/telemetry/disable.js.map +1 -1
  78. package/dist/commands/telemetry/enable.js.map +1 -1
  79. package/dist/commands/telemetry/status.js.map +1 -1
  80. package/dist/server/asset-base-url-transform-plugin.d.ts +11 -0
  81. package/dist/server/asset-base-url-transform-plugin.js +48 -0
  82. package/dist/server/asset-base-url-transform-plugin.js.map +1 -0
  83. package/dist/server/asset-base-url-transform-plugin.test.d.ts +1 -0
  84. package/dist/server/asset-base-url-transform-plugin.test.js +134 -0
  85. package/dist/server/asset-base-url-transform-plugin.test.js.map +1 -0
  86. package/dist/server/auth/discovery.d.ts +32 -0
  87. package/dist/server/auth/discovery.js +56 -0
  88. package/dist/server/auth/discovery.js.map +1 -0
  89. package/dist/server/auth/discovery.test.d.ts +1 -0
  90. package/dist/server/auth/discovery.test.js +93 -0
  91. package/dist/server/auth/discovery.test.js.map +1 -0
  92. package/dist/server/auth/index.d.ts +18 -0
  93. package/dist/server/auth/index.js +2 -0
  94. package/dist/server/auth/index.js.map +1 -0
  95. package/dist/server/auth/providers/auth0.d.ts +18 -0
  96. package/dist/server/auth/providers/auth0.js +31 -0
  97. package/dist/server/auth/providers/auth0.js.map +1 -0
  98. package/dist/server/auth/providers/auth0.test.d.ts +1 -0
  99. package/dist/server/auth/providers/auth0.test.js +48 -0
  100. package/dist/server/auth/providers/auth0.test.js.map +1 -0
  101. package/dist/server/auth/providers/clerk.d.ts +14 -0
  102. package/dist/server/auth/providers/clerk.js +16 -0
  103. package/dist/server/auth/providers/clerk.js.map +1 -0
  104. package/dist/server/auth/providers/clerk.test.d.ts +1 -0
  105. package/dist/server/auth/providers/clerk.test.js +28 -0
  106. package/dist/server/auth/providers/clerk.test.js.map +1 -0
  107. package/dist/server/auth/providers/custom.d.ts +24 -0
  108. package/dist/server/auth/providers/custom.js +37 -0
  109. package/dist/server/auth/providers/custom.js.map +1 -0
  110. package/dist/server/auth/providers/custom.test.d.ts +1 -0
  111. package/dist/server/auth/providers/custom.test.js +107 -0
  112. package/dist/server/auth/providers/custom.test.js.map +1 -0
  113. package/dist/server/auth/providers/descope.d.ts +15 -0
  114. package/dist/server/auth/providers/descope.js +33 -0
  115. package/dist/server/auth/providers/descope.js.map +1 -0
  116. package/dist/server/auth/providers/descope.test.d.ts +1 -0
  117. package/dist/server/auth/providers/descope.test.js +37 -0
  118. package/dist/server/auth/providers/descope.test.js.map +1 -0
  119. package/dist/server/auth/providers/shared.d.ts +2 -0
  120. package/dist/server/auth/providers/shared.js +6 -0
  121. package/dist/server/auth/providers/shared.js.map +1 -0
  122. package/dist/server/auth/providers/shared.test.d.ts +1 -0
  123. package/dist/server/auth/providers/shared.test.js +10 -0
  124. package/dist/server/auth/providers/shared.test.js.map +1 -0
  125. package/dist/server/auth/providers/stytch.d.ts +12 -0
  126. package/dist/server/auth/providers/stytch.js +13 -0
  127. package/dist/server/auth/providers/stytch.js.map +1 -0
  128. package/dist/server/auth/providers/workos.d.ts +11 -0
  129. package/dist/server/auth/providers/workos.js +12 -0
  130. package/dist/server/auth/providers/workos.js.map +1 -0
  131. package/dist/server/auth/security-schemes.d.ts +13 -0
  132. package/dist/server/auth/security-schemes.js +53 -0
  133. package/dist/server/auth/security-schemes.js.map +1 -0
  134. package/dist/server/auth/security-schemes.test.d.ts +1 -0
  135. package/dist/server/auth/security-schemes.test.js +90 -0
  136. package/dist/server/auth/security-schemes.test.js.map +1 -0
  137. package/dist/server/auth/setup.d.ts +6 -0
  138. package/dist/server/auth/setup.js +98 -0
  139. package/dist/server/auth/setup.js.map +1 -0
  140. package/dist/server/auth/setup.test.d.ts +1 -0
  141. package/dist/server/auth/setup.test.js +450 -0
  142. package/dist/server/auth/setup.test.js.map +1 -0
  143. package/dist/server/auth/verify.d.ts +12 -0
  144. package/dist/server/auth/verify.js +38 -0
  145. package/dist/server/auth/verify.js.map +1 -0
  146. package/dist/server/auth/verify.test.d.ts +1 -0
  147. package/dist/server/auth/verify.test.js +100 -0
  148. package/dist/server/auth/verify.test.js.map +1 -0
  149. package/dist/server/auth.d.ts +20 -0
  150. package/dist/server/auth.js +28 -0
  151. package/dist/server/auth.js.map +1 -0
  152. package/dist/server/build-manifest.test.d.ts +1 -0
  153. package/dist/server/build-manifest.test.js +27 -0
  154. package/dist/server/build-manifest.test.js.map +1 -0
  155. package/dist/server/content-helpers.d.ts +67 -0
  156. package/dist/server/content-helpers.js +79 -0
  157. package/dist/server/content-helpers.js.map +1 -0
  158. package/dist/server/content-helpers.test.d.ts +1 -0
  159. package/dist/server/content-helpers.test.js +70 -0
  160. package/dist/server/content-helpers.test.js.map +1 -0
  161. package/dist/server/express.d.ts +11 -0
  162. package/dist/server/express.js +101 -0
  163. package/dist/server/express.js.map +1 -0
  164. package/dist/server/express.test.d.ts +1 -0
  165. package/dist/server/express.test.js +491 -0
  166. package/dist/server/express.test.js.map +1 -0
  167. package/dist/server/file-ref.d.ts +28 -0
  168. package/dist/server/file-ref.js +27 -0
  169. package/dist/server/file-ref.js.map +1 -0
  170. package/dist/server/index.d.ts +14 -3
  171. package/dist/server/index.js +11 -2
  172. package/dist/server/index.js.map +1 -1
  173. package/dist/server/inferUtilityTypes.d.ts +6 -6
  174. package/dist/server/inferUtilityTypes.js.map +1 -1
  175. package/dist/server/metric.d.ts +14 -0
  176. package/dist/server/metric.js +62 -0
  177. package/dist/server/metric.js.map +1 -0
  178. package/dist/server/middleware.d.ts +137 -0
  179. package/dist/server/middleware.js +93 -0
  180. package/dist/server/middleware.js.map +1 -0
  181. package/dist/server/middleware.test-d.d.ts +1 -0
  182. package/dist/server/middleware.test-d.js +75 -0
  183. package/dist/server/middleware.test-d.js.map +1 -0
  184. package/dist/server/middleware.test.d.ts +1 -0
  185. package/dist/server/middleware.test.js +493 -0
  186. package/dist/server/middleware.test.js.map +1 -0
  187. package/dist/server/requestOrigin.d.ts +7 -0
  188. package/dist/server/requestOrigin.js +25 -0
  189. package/dist/server/requestOrigin.js.map +1 -0
  190. package/dist/server/server.d.ts +391 -58
  191. package/dist/server/server.js +644 -97
  192. package/dist/server/server.js.map +1 -1
  193. package/dist/server/templateHelper.d.ts +5 -7
  194. package/dist/server/templateHelper.js +3 -22
  195. package/dist/server/templateHelper.js.map +1 -1
  196. package/dist/server/templates.generated.d.ts +4 -0
  197. package/dist/server/templates.generated.js +47 -0
  198. package/dist/server/templates.generated.js.map +1 -0
  199. package/dist/server/tunnel-proxy-router.d.ts +7 -0
  200. package/dist/server/tunnel-proxy-router.js +110 -0
  201. package/dist/server/tunnel-proxy-router.js.map +1 -0
  202. package/dist/server/tunnel-proxy-router.test.d.ts +1 -0
  203. package/dist/server/tunnel-proxy-router.test.js +229 -0
  204. package/dist/server/tunnel-proxy-router.test.js.map +1 -0
  205. package/dist/server/view-name.test-d.d.ts +1 -0
  206. package/dist/server/view-name.test-d.js +8 -0
  207. package/dist/server/view-name.test-d.js.map +1 -0
  208. package/dist/server/view-resource-resolution.test.d.ts +6 -0
  209. package/dist/server/view-resource-resolution.test.js +171 -0
  210. package/dist/server/view-resource-resolution.test.js.map +1 -0
  211. package/dist/server/viewsDevServer.d.ts +14 -0
  212. package/dist/server/viewsDevServer.js +45 -0
  213. package/dist/server/viewsDevServer.js.map +1 -0
  214. package/dist/test/utils.d.ts +13 -21
  215. package/dist/test/utils.js +42 -37
  216. package/dist/test/utils.js.map +1 -1
  217. package/dist/test/view.test.d.ts +1 -0
  218. package/dist/test/view.test.js +536 -0
  219. package/dist/test/view.test.js.map +1 -0
  220. package/dist/version.d.ts +1 -0
  221. package/dist/version.js +3 -0
  222. package/dist/version.js.map +1 -0
  223. package/dist/web/bridges/adaptor.d.ts +51 -0
  224. package/dist/web/bridges/adaptor.js +330 -0
  225. package/dist/web/bridges/adaptor.js.map +1 -0
  226. package/dist/web/bridges/adaptor.test.d.ts +1 -0
  227. package/dist/web/bridges/adaptor.test.js +208 -0
  228. package/dist/web/bridges/adaptor.test.js.map +1 -0
  229. package/dist/web/bridges/apps-sdk/bridge.d.ts +7 -2
  230. package/dist/web/bridges/apps-sdk/bridge.js +15 -3
  231. package/dist/web/bridges/apps-sdk/bridge.js.map +1 -1
  232. package/dist/web/bridges/apps-sdk/index.d.ts +1 -2
  233. package/dist/web/bridges/apps-sdk/index.js +0 -1
  234. package/dist/web/bridges/apps-sdk/index.js.map +1 -1
  235. package/dist/web/bridges/apps-sdk/types.d.ts +32 -14
  236. package/dist/web/bridges/apps-sdk/types.js.map +1 -1
  237. package/dist/web/bridges/apps-sdk/use-apps-sdk-context.d.ts +11 -0
  238. package/dist/web/bridges/apps-sdk/use-apps-sdk-context.js +11 -0
  239. package/dist/web/bridges/apps-sdk/use-apps-sdk-context.js.map +1 -1
  240. package/dist/web/bridges/get-adaptor.d.ts +7 -0
  241. package/dist/web/bridges/get-adaptor.js +9 -7
  242. package/dist/web/bridges/get-adaptor.js.map +1 -1
  243. package/dist/web/bridges/get-adaptor.test.d.ts +1 -0
  244. package/dist/web/bridges/get-adaptor.test.js +32 -0
  245. package/dist/web/bridges/get-adaptor.test.js.map +1 -0
  246. package/dist/web/bridges/index.js.map +1 -1
  247. package/dist/web/bridges/mcp-app/bridge.d.ts +27 -31
  248. package/dist/web/bridges/mcp-app/bridge.js +109 -198
  249. package/dist/web/bridges/mcp-app/bridge.js.map +1 -1
  250. package/dist/web/bridges/mcp-app/bridge.test.d.ts +1 -0
  251. package/dist/web/bridges/mcp-app/bridge.test.js +17 -0
  252. package/dist/web/bridges/mcp-app/bridge.test.js.map +1 -0
  253. package/dist/web/bridges/mcp-app/index.d.ts +0 -1
  254. package/dist/web/bridges/mcp-app/index.js +0 -1
  255. package/dist/web/bridges/mcp-app/index.js.map +1 -1
  256. package/dist/web/bridges/mcp-app/types.js.map +1 -1
  257. package/dist/web/bridges/mcp-app/use-mcp-app-context.d.ts +17 -3
  258. package/dist/web/bridges/mcp-app/use-mcp-app-context.js +14 -2
  259. package/dist/web/bridges/mcp-app/use-mcp-app-context.js.map +1 -1
  260. package/dist/web/bridges/mcp-app/use-mcp-app-context.test.js +1 -41
  261. package/dist/web/bridges/mcp-app/use-mcp-app-context.test.js.map +1 -1
  262. package/dist/web/bridges/mcp-app/view-tools.test.d.ts +1 -0
  263. package/dist/web/bridges/mcp-app/view-tools.test.js +143 -0
  264. package/dist/web/bridges/mcp-app/view-tools.test.js.map +1 -0
  265. package/dist/web/bridges/types.d.ts +130 -14
  266. package/dist/web/bridges/types.js +14 -1
  267. package/dist/web/bridges/types.js.map +1 -1
  268. package/dist/web/bridges/types.test.d.ts +1 -0
  269. package/dist/web/bridges/types.test.js +19 -0
  270. package/dist/web/bridges/types.test.js.map +1 -0
  271. package/dist/web/bridges/use-host-context.d.ts +5 -0
  272. package/dist/web/bridges/use-host-context.js +5 -0
  273. package/dist/web/bridges/use-host-context.js.map +1 -1
  274. package/dist/web/components/modal-provider.d.ts +1 -1
  275. package/dist/web/components/modal-provider.js +5 -6
  276. package/dist/web/components/modal-provider.js.map +1 -1
  277. package/dist/web/create-store.d.ts +26 -0
  278. package/dist/web/create-store.js +43 -3
  279. package/dist/web/create-store.js.map +1 -1
  280. package/dist/web/create-store.test.js +31 -25
  281. package/dist/web/create-store.test.js.map +1 -1
  282. package/dist/web/data-llm.d.ts +35 -2
  283. package/dist/web/data-llm.js +31 -3
  284. package/dist/web/data-llm.js.map +1 -1
  285. package/dist/web/data-llm.test.js +50 -35
  286. package/dist/web/data-llm.test.js.map +1 -1
  287. package/dist/web/generate-helpers.d.ts +22 -18
  288. package/dist/web/generate-helpers.js +22 -18
  289. package/dist/web/generate-helpers.js.map +1 -1
  290. package/dist/web/generate-helpers.test-d.js +30 -28
  291. package/dist/web/generate-helpers.test-d.js.map +1 -1
  292. package/dist/web/generate-helpers.test.js.map +1 -1
  293. package/dist/web/helpers/state.d.ts +2 -2
  294. package/dist/web/helpers/state.js +11 -11
  295. package/dist/web/helpers/state.js.map +1 -1
  296. package/dist/web/helpers/state.test.js +9 -9
  297. package/dist/web/helpers/state.test.js.map +1 -1
  298. package/dist/web/hooks/index.d.ts +6 -2
  299. package/dist/web/hooks/index.js +5 -1
  300. package/dist/web/hooks/index.js.map +1 -1
  301. package/dist/web/hooks/test/utils.d.ts +6 -2
  302. package/dist/web/hooks/test/utils.js +17 -2
  303. package/dist/web/hooks/test/utils.js.map +1 -1
  304. package/dist/web/hooks/use-call-tool.d.ts +45 -0
  305. package/dist/web/hooks/use-call-tool.js +28 -0
  306. package/dist/web/hooks/use-call-tool.js.map +1 -1
  307. package/dist/web/hooks/use-call-tool.test-d.js.map +1 -1
  308. package/dist/web/hooks/use-call-tool.test.js +62 -27
  309. package/dist/web/hooks/use-call-tool.test.js.map +1 -1
  310. package/dist/web/hooks/use-display-mode.d.ts +23 -3
  311. package/dist/web/hooks/use-display-mode.js +20 -0
  312. package/dist/web/hooks/use-display-mode.js.map +1 -1
  313. package/dist/web/hooks/use-display-mode.test-d.d.ts +1 -0
  314. package/dist/web/hooks/use-display-mode.test-d.js +8 -0
  315. package/dist/web/hooks/use-display-mode.test-d.js.map +1 -0
  316. package/dist/web/hooks/use-display-mode.test.js +56 -20
  317. package/dist/web/hooks/use-display-mode.test.js.map +1 -1
  318. package/dist/web/hooks/use-download.d.ts +5 -0
  319. package/dist/web/hooks/use-download.js +8 -0
  320. package/dist/web/hooks/use-download.js.map +1 -0
  321. package/dist/web/hooks/use-download.test.d.ts +1 -0
  322. package/dist/web/hooks/use-download.test.js +103 -0
  323. package/dist/web/hooks/use-download.test.js.map +1 -0
  324. package/dist/web/hooks/use-files.d.ts +34 -1
  325. package/dist/web/hooks/use-files.js +33 -0
  326. package/dist/web/hooks/use-files.js.map +1 -1
  327. package/dist/web/hooks/use-files.test.js +35 -3
  328. package/dist/web/hooks/use-files.test.js.map +1 -1
  329. package/dist/web/hooks/use-layout.d.ts +2 -0
  330. package/dist/web/hooks/use-layout.js +2 -0
  331. package/dist/web/hooks/use-layout.js.map +1 -1
  332. package/dist/web/hooks/use-layout.test.js +62 -29
  333. package/dist/web/hooks/use-layout.test.js.map +1 -1
  334. package/dist/web/hooks/use-open-external.d.ts +20 -1
  335. package/dist/web/hooks/use-open-external.js +17 -1
  336. package/dist/web/hooks/use-open-external.js.map +1 -1
  337. package/dist/web/hooks/use-open-external.test.js +38 -13
  338. package/dist/web/hooks/use-open-external.test.js.map +1 -1
  339. package/dist/web/hooks/use-register-view-tool.d.ts +38 -0
  340. package/dist/web/hooks/use-register-view-tool.js +50 -0
  341. package/dist/web/hooks/use-register-view-tool.js.map +1 -0
  342. package/dist/web/hooks/use-request-close.d.ts +16 -0
  343. package/dist/web/hooks/use-request-close.js +21 -0
  344. package/dist/web/hooks/use-request-close.js.map +1 -0
  345. package/dist/web/hooks/use-request-close.test.d.ts +1 -0
  346. package/dist/web/hooks/use-request-close.test.js +47 -0
  347. package/dist/web/hooks/use-request-close.test.js.map +1 -0
  348. package/dist/web/hooks/use-request-modal.d.ts +16 -1
  349. package/dist/web/hooks/use-request-modal.js +19 -4
  350. package/dist/web/hooks/use-request-modal.js.map +1 -1
  351. package/dist/web/hooks/use-request-modal.test.js +15 -1
  352. package/dist/web/hooks/use-request-modal.test.js.map +1 -1
  353. package/dist/web/hooks/use-request-size.d.ts +20 -0
  354. package/dist/web/hooks/use-request-size.js +24 -0
  355. package/dist/web/hooks/use-request-size.js.map +1 -0
  356. package/dist/web/hooks/use-request-size.test.d.ts +1 -0
  357. package/dist/web/hooks/use-request-size.test.js +47 -0
  358. package/dist/web/hooks/use-request-size.test.js.map +1 -0
  359. package/dist/web/hooks/use-send-follow-up-message.d.ts +19 -1
  360. package/dist/web/hooks/use-send-follow-up-message.js +19 -2
  361. package/dist/web/hooks/use-send-follow-up-message.js.map +1 -1
  362. package/dist/web/hooks/use-set-open-in-app-url.d.ts +17 -0
  363. package/dist/web/hooks/use-set-open-in-app-url.js +17 -0
  364. package/dist/web/hooks/use-set-open-in-app-url.js.map +1 -1
  365. package/dist/web/hooks/use-set-open-in-app-url.test.js +30 -16
  366. package/dist/web/hooks/use-set-open-in-app-url.test.js.map +1 -1
  367. package/dist/web/hooks/use-tool-info.d.ts +53 -2
  368. package/dist/web/hooks/use-tool-info.js +30 -7
  369. package/dist/web/hooks/use-tool-info.js.map +1 -1
  370. package/dist/web/hooks/use-tool-info.test-d.js +11 -29
  371. package/dist/web/hooks/use-tool-info.test-d.js.map +1 -1
  372. package/dist/web/hooks/use-tool-info.test.js +43 -33
  373. package/dist/web/hooks/use-tool-info.test.js.map +1 -1
  374. package/dist/web/hooks/use-user.d.ts +2 -0
  375. package/dist/web/hooks/use-user.js +20 -2
  376. package/dist/web/hooks/use-user.js.map +1 -1
  377. package/dist/web/hooks/use-user.test.js +101 -27
  378. package/dist/web/hooks/use-user.test.js.map +1 -1
  379. package/dist/web/hooks/use-view-state.d.ts +25 -0
  380. package/dist/web/hooks/use-view-state.js +32 -0
  381. package/dist/web/hooks/use-view-state.js.map +1 -0
  382. package/dist/web/hooks/use-view-state.test.d.ts +1 -0
  383. package/dist/web/hooks/use-view-state.test.js +181 -0
  384. package/dist/web/hooks/use-view-state.test.js.map +1 -0
  385. package/dist/web/index.d.ts +1 -2
  386. package/dist/web/index.js +1 -2
  387. package/dist/web/index.js.map +1 -1
  388. package/dist/web/mount-view.d.ts +20 -0
  389. package/dist/web/{mount-widget.js → mount-view.js} +21 -2
  390. package/dist/web/mount-view.js.map +1 -0
  391. package/dist/web/plugin/data-llm.test.js.map +1 -1
  392. package/dist/web/plugin/plugin.d.ts +32 -1
  393. package/dist/web/plugin/plugin.js +167 -18
  394. package/dist/web/plugin/plugin.js.map +1 -1
  395. package/dist/web/plugin/scan-views.d.ts +16 -0
  396. package/dist/web/plugin/scan-views.js +88 -0
  397. package/dist/web/plugin/scan-views.js.map +1 -0
  398. package/dist/web/plugin/scan-views.test.d.ts +1 -0
  399. package/dist/web/plugin/scan-views.test.js +99 -0
  400. package/dist/web/plugin/scan-views.test.js.map +1 -0
  401. package/dist/web/plugin/transform-data-llm.js +1 -1
  402. package/dist/web/plugin/transform-data-llm.js.map +1 -1
  403. package/dist/web/plugin/transform-data-llm.test.js.map +1 -1
  404. package/dist/web/plugin/validate-view.d.ts +1 -0
  405. package/dist/web/plugin/validate-view.js +9 -0
  406. package/dist/web/plugin/validate-view.js.map +1 -0
  407. package/dist/web/plugin/validate-view.test.d.ts +1 -0
  408. package/dist/web/plugin/validate-view.test.js +24 -0
  409. package/dist/web/plugin/validate-view.test.js.map +1 -0
  410. package/dist/web/proxy.js +0 -1
  411. package/dist/web/proxy.js.map +1 -1
  412. package/dist/web/types.d.ts +4 -0
  413. package/dist/web/types.js.map +1 -1
  414. package/package.json +51 -29
  415. package/tsconfig.base.json +33 -0
  416. package/dist/server/templates/development.hbs +0 -66
  417. package/dist/server/templates/production.hbs +0 -7
  418. package/dist/server/widgetsDevServer.d.ts +0 -12
  419. package/dist/server/widgetsDevServer.js +0 -47
  420. package/dist/server/widgetsDevServer.js.map +0 -1
  421. package/dist/test/widget.test.js +0 -255
  422. package/dist/test/widget.test.js.map +0 -1
  423. package/dist/web/bridges/apps-sdk/adaptor.d.ts +0 -22
  424. package/dist/web/bridges/apps-sdk/adaptor.js +0 -64
  425. package/dist/web/bridges/apps-sdk/adaptor.js.map +0 -1
  426. package/dist/web/bridges/mcp-app/adaptor.d.ts +0 -36
  427. package/dist/web/bridges/mcp-app/adaptor.js +0 -185
  428. package/dist/web/bridges/mcp-app/adaptor.js.map +0 -1
  429. package/dist/web/hooks/use-widget-state.d.ts +0 -4
  430. package/dist/web/hooks/use-widget-state.js +0 -32
  431. package/dist/web/hooks/use-widget-state.js.map +0 -1
  432. package/dist/web/hooks/use-widget-state.test.js +0 -61
  433. package/dist/web/hooks/use-widget-state.test.js.map +0 -1
  434. package/dist/web/mount-widget.d.ts +0 -1
  435. package/dist/web/mount-widget.js.map +0 -1
  436. /package/dist/{test/widget.test.d.ts → cli/build-helpers.test.d.ts} +0 -0
  437. /package/dist/{web/hooks/use-widget-state.test.d.ts → cli/build-steps.test.d.ts} +0 -0
@@ -1,7 +1,17 @@
1
+ import crypto from "node:crypto";
1
2
  import { readFileSync } from "node:fs";
3
+ import http from "node:http";
2
4
  import path from "node:path";
3
- import { McpServer as McpServerBase, } from "@modelcontextprotocol/sdk/server/mcp.js";
5
+ import { Server as SdkServer, } from "@modelcontextprotocol/sdk/server/index.js";
6
+ import { McpServer as McpServerBase } from "@modelcontextprotocol/sdk/server/mcp.js";
4
7
  import { mergeWith, union } from "es-toolkit";
8
+ import express, {} from "express";
9
+ import { authToSecuritySchemes, evaluateSecuritySchemes, wwwAuthenticateHeader, } from "./auth/security-schemes.js";
10
+ import { setupOAuth } from "./auth/setup.js";
11
+ import { createApp } from "./express.js";
12
+ import { createMiddlewareEntry } from "./metric.js";
13
+ import { buildMiddlewareChain, getHandlerMaps } from "./middleware.js";
14
+ import { resolveServerOrigin } from "./requestOrigin.js";
5
15
  import { templateHelper } from "./templateHelper.js";
6
16
  const mergeWithUnion = (target, source) => {
7
17
  return mergeWith(target, source, (targetVal, sourceVal) => {
@@ -10,130 +20,667 @@ const mergeWithUnion = (target, source) => {
10
20
  }
11
21
  });
12
22
  };
13
- export class McpServer extends McpServerBase {
14
- registerWidget(name, resourceConfig, toolConfig, toolCallback) {
15
- const userMeta = resourceConfig._meta;
16
- const toolMeta = {
17
- ...toolConfig._meta,
23
+ /**
24
+ * Normalize an `x-forwarded-prefix` value into a leading-slash, no-trailing-slash
25
+ * path. Takes the first hop of a comma-separated proxy chain.
26
+ * "/v1/", "v1", "/v1, /internal" → "/v1"; "", "/", undefined → "".
27
+ */
28
+ function normalizeForwardedPrefix(raw) {
29
+ const firstHop = raw?.split(",")[0]?.trim() ?? "";
30
+ const trimmed = firstHop.replace(/\/+$/, "");
31
+ if (trimmed === "") {
32
+ return "";
33
+ }
34
+ return trimmed.startsWith("/") ? trimmed : `/${trimmed}`;
35
+ }
36
+ /**
37
+ * Drop the query string from a `ui://` view URI, leaving the bare path. The
38
+ * `?v=` cache key is the only query we append, so a plain split is enough and
39
+ * sidesteps `URL` normalization quirks on the non-special `ui:` scheme.
40
+ */
41
+ function stripQuery(uri) {
42
+ const queryIndex = uri.indexOf("?");
43
+ return queryIndex === -1 ? uri : uri.slice(0, queryIndex);
44
+ }
45
+ /**
46
+ * Coerce a tool handler's return value into an MCP `content` array. Strings
47
+ * become a single `TextContent`; a single block is wrapped in an array;
48
+ * `undefined` produces `[]`. Mostly used internally — exported so consumers
49
+ * who build content lazily can apply the same normalization.
50
+ */
51
+ export function normalizeContent(content) {
52
+ if (content === undefined) {
53
+ return [];
54
+ }
55
+ if (typeof content === "string") {
56
+ return [{ type: "text", text: content }];
57
+ }
58
+ if (Array.isArray(content)) {
59
+ return content;
60
+ }
61
+ return [content];
62
+ }
63
+ const McpServerBaseOmitted = McpServerBase;
64
+ /**
65
+ * The Skybridge server. Extends the MCP SDK's `McpServer` with a typed tool
66
+ * registry, view resources, an embedded Express app, and protocol-level
67
+ * middleware. Construct it with the same `Implementation` info you would pass
68
+ * to the SDK, chain {@link McpServer.registerTool} calls to declare tools,
69
+ * then call {@link McpServer.run} to start the HTTP server.
70
+ *
71
+ * The `TTools` generic accumulates each registered tool's input/output/meta
72
+ * shape, so `typeof server` carries enough information for view-side helpers
73
+ * like {@link generateHelpers} to produce fully-typed hooks.
74
+ *
75
+ * @typeParam TTools - Accumulated tool registry. Filled in by `registerTool`
76
+ * chaining; you almost never set this manually.
77
+ *
78
+ * @example
79
+ * ```ts
80
+ * const server = new McpServer({ name: "my-app", version: "1.0.0" }, {})
81
+ * .registerTool({
82
+ * name: "search",
83
+ * inputSchema: { query: z.string() },
84
+ * view: { component: "search" },
85
+ * }, async ({ query }) => ({ content: `Results for ${query}` }));
86
+ *
87
+ * await server.run();
88
+ * export type AppType = typeof server;
89
+ * ```
90
+ *
91
+ * @see https://docs.skybridge.tech/api-reference/mcp-server
92
+ */
93
+ // Side channel populated by `dist/__entry.js` before user code is imported.
94
+ // Set at module scope rather than passed through the constructor because the
95
+ // wrapper has the manifest before the user's `new McpServer(...)` runs, and
96
+ // threading it through every call site (including user templates) is exactly
97
+ // the boilerplate this design is trying to hide.
98
+ let pendingBuildManifest = null;
99
+ /**
100
+ * Prime the build-time Vite manifest before user code constructs its
101
+ * `McpServer`. Called from the generated `dist/__entry.js`; not part of the
102
+ * user-facing API.
103
+ *
104
+ * @internal
105
+ */
106
+ export function __setBuildManifest(manifest) {
107
+ pendingBuildManifest = manifest;
108
+ }
109
+ function normalizeRegisterToolArgs(args) {
110
+ if (typeof args[0] === "string") {
111
+ return {
112
+ config: {
113
+ name: args[0],
114
+ ...args[1],
115
+ },
116
+ cb: args[2],
18
117
  };
19
- if (!resourceConfig.hosts || resourceConfig.hosts.includes("apps-sdk")) {
20
- const widgetConfig = {
21
- hostType: "apps-sdk",
22
- uri: `ui://widgets/apps-sdk/${name}.html`,
23
- mimeType: "text/html+skybridge",
24
- buildContentMeta: ({ resourceDomains, connectDomains, domain }) => {
25
- const userUi = userMeta?.ui;
26
- const userCsp = userUi?.csp;
27
- const defaults = {
28
- "openai/widgetCSP": {
29
- resource_domains: resourceDomains,
30
- connect_domains: connectDomains,
31
- },
32
- "openai/widgetDomain": domain,
33
- "openai/widgetDescription": toolConfig.description,
34
- };
35
- const fromUi = {
36
- "openai/widgetCSP": {
37
- resource_domains: userCsp?.resourceDomains,
38
- connect_domains: userCsp?.connectDomains,
39
- frame_domains: userCsp?.frameDomains,
40
- redirect_domains: userCsp?.redirectDomains,
41
- },
42
- "openai/widgetDomain": userUi?.domain,
43
- "openai/widgetPrefersBorder": userUi?.prefersBorder,
44
- };
45
- const directOpenaiKeys = Object.fromEntries(Object.entries(userMeta ?? {}).filter(([key]) => key.startsWith("openai/")));
46
- return mergeWithUnion(mergeWithUnion(defaults, fromUi), directOpenaiKeys);
47
- },
48
- };
49
- this.registerWidgetResource({
50
- name,
51
- widgetConfig,
52
- resourceConfig,
53
- });
54
- toolMeta["openai/outputTemplate"] = widgetConfig.uri;
55
- }
56
- if (!resourceConfig.hosts || resourceConfig.hosts.includes("mcp-app")) {
57
- const widgetConfig = {
58
- hostType: "mcp-app",
59
- uri: `ui://widgets/ext-apps/${name}.html`,
60
- mimeType: "text/html;profile=mcp-app",
61
- buildContentMeta: ({ resourceDomains, connectDomains, domain }) => {
62
- const defaults = {
63
- ui: {
64
- csp: {
65
- resourceDomains,
66
- connectDomains,
67
- },
68
- domain,
69
- },
70
- };
71
- return mergeWithUnion(defaults, { ui: userMeta?.ui });
72
- },
73
- };
74
- this.registerWidgetResource({
75
- name,
76
- widgetConfig,
77
- resourceConfig,
118
+ }
119
+ return {
120
+ config: args[0],
121
+ cb: args[1],
122
+ };
123
+ }
124
+ export class McpServer extends McpServerBaseOmitted {
125
+ /**
126
+ * The underlying Express app. Use this to extend the HTTP server with
127
+ * custom routes, middleware, or settings — e.g.
128
+ * `server.express.get("/health", ...)`.
129
+ *
130
+ * `express.json()` is pre-applied — tune it via the constructor's third
131
+ * argument, e.g. `new McpServer(info, {}, { json: { limit: "10mb" } })`.
132
+ * Register your handlers before `run()`;
133
+ * after `run()`, dev-mode middleware, the `/mcp` route, and the default
134
+ * error handler are appended in that order.
135
+ *
136
+ * Note: Alpic Cloud only routes traffic to `/mcp` — custom routes work
137
+ * locally and on self-hosted deployments.
138
+ */
139
+ express;
140
+ customErrorMiddleware = [];
141
+ mcpMiddlewareEntries = [];
142
+ mcpMiddlewareApplied = false;
143
+ claimedViews = new Map();
144
+ viewMetaBuilders = new Map();
145
+ /**
146
+ * Maps a view resource's query-less path to its canonical registered URI
147
+ * (the one carrying the `?v=` cache key). Lets `resources/read` resolve the
148
+ * underlying view no matter which version param the consumer sends, since
149
+ * the param is only a cache key, not part of the resource's identity.
150
+ */
151
+ viewUriByPath = new Map();
152
+ viteManifest = null;
153
+ serverInfo;
154
+ serverOptions;
155
+ oauthEnabled = false;
156
+ resolveResourceMetadataUrl;
157
+ securitySchemesByTool = new Map();
158
+ constructor(serverInfo, options, skybridgeOptions) {
159
+ super(serverInfo, options);
160
+ this.serverInfo = serverInfo;
161
+ this.serverOptions = options;
162
+ this.express = express();
163
+ this.express.use(express.json(skybridgeOptions?.json));
164
+ if (skybridgeOptions?.oauth) {
165
+ this.oauthEnabled = true;
166
+ this.resolveResourceMetadataUrl = setupOAuth(this.express, skybridgeOptions.oauth, this.securitySchemesByTool);
167
+ }
168
+ // Pick up the manifest if `dist/__entry.js` primed it before importing
169
+ // user code. Consume-once: clear after the first construction so a
170
+ // subsequent test that doesn't prime can't inherit stale state.
171
+ // Explicit `setViteManifest` calls still win because they happen after
172
+ // construction.
173
+ if (pendingBuildManifest) {
174
+ this.setViteManifest(pendingBuildManifest);
175
+ pendingBuildManifest = null;
176
+ }
177
+ }
178
+ use(pathOrHandler, ...handlers) {
179
+ // Branching is load-bearing: Express's `app.use` overloads can't be
180
+ // resolved against a `string | RequestHandler` union, so we narrow.
181
+ if (typeof pathOrHandler === "string") {
182
+ this.express.use(pathOrHandler, ...handlers);
183
+ }
184
+ else {
185
+ this.express.use(pathOrHandler, ...handlers);
186
+ }
187
+ return this;
188
+ }
189
+ useOnError(pathOrHandler, ...handlers) {
190
+ if (typeof pathOrHandler === "string") {
191
+ this.customErrorMiddleware.push({ path: pathOrHandler, handlers });
192
+ }
193
+ else {
194
+ this.customErrorMiddleware.push({
195
+ handlers: [pathOrHandler, ...handlers],
78
196
  });
79
- toolMeta.ui = { resourceUri: widgetConfig.uri };
80
197
  }
81
- this.registerTool(name, {
82
- ...toolConfig,
83
- _meta: toolMeta,
84
- }, toolCallback);
85
198
  return this;
86
199
  }
87
- registerTool(name, config, cb) {
88
- super.registerTool(name, config, cb);
200
+ mcpMiddleware(filterOrHandler,
201
+ // biome-ignore lint/suspicious/noExplicitAny: overloads narrow the handler type at call sites; implementation must accept all variants
202
+ maybeHandler) {
203
+ if (this.mcpMiddlewareApplied) {
204
+ throw new Error("Cannot register MCP middleware after run() or connect() has been called");
205
+ }
206
+ const handler = maybeHandler;
207
+ if (typeof filterOrHandler === "function") {
208
+ this.mcpMiddlewareEntries.push({
209
+ filter: null,
210
+ handler: filterOrHandler,
211
+ });
212
+ }
213
+ else if (handler) {
214
+ this.mcpMiddlewareEntries.push({
215
+ filter: filterOrHandler,
216
+ handler,
217
+ });
218
+ }
219
+ else {
220
+ throw new Error("mcpMiddleware requires a handler function when a filter is provided");
221
+ }
89
222
  return this;
90
223
  }
91
- registerWidgetResource({ name, widgetConfig, resourceConfig, }) {
92
- const { hostType, uri: widgetUri, mimeType, buildContentMeta, } = widgetConfig;
93
- this.registerResource(name, widgetUri, { ...resourceConfig, _meta: resourceConfig._meta }, async (uri, extra) => {
224
+ applyMcpMiddleware() {
225
+ if (this.mcpMiddlewareApplied) {
226
+ return;
227
+ }
228
+ this.mcpMiddlewareApplied = true;
229
+ // Surface view-resource _meta on `resources/list` (per ext-apps spec:
230
+ // hosts/checkers read CSP & domain at list time before fetching content).
231
+ const viewListMetaEntry = {
232
+ filter: "resources/list",
233
+ handler: async (_req, extra, next) => {
234
+ const result = (await next());
235
+ for (const resource of result.resources) {
236
+ const builder = this.viewMetaBuilders.get(resource.uri);
237
+ if (!builder) {
238
+ continue;
239
+ }
240
+ const meta = builder(extra);
241
+ resource._meta = {
242
+ ...(resource._meta ?? {}),
243
+ ...meta,
244
+ };
245
+ }
246
+ return result;
247
+ },
248
+ };
249
+ // Resolve a view's `resources/read` by its query-less path so the
250
+ // underlying asset is served no matter the `?v=` value (stale cache key,
251
+ // no param, etc.). The version param is a cache-busting hint for external
252
+ // consumers; it must not gate resolution. We rewrite the lookup URI to the
253
+ // canonical registered one, then restore the requested URI on the response
254
+ // so the consumer-facing URI is never rewritten.
255
+ const viewReadResolveEntry = {
256
+ filter: "resources/read",
257
+ handler: async (req, _extra, next) => {
258
+ const requested = req.params.uri;
259
+ if (typeof requested !== "string") {
260
+ return next();
261
+ }
262
+ const path = stripQuery(requested);
263
+ const canonical = this.viewUriByPath.get(path);
264
+ if (!canonical) {
265
+ return next();
266
+ }
267
+ req.params.uri = canonical;
268
+ try {
269
+ const result = (await next());
270
+ for (const content of result.contents ?? []) {
271
+ if (typeof content.uri === "string" &&
272
+ stripQuery(content.uri) === stripQuery(canonical)) {
273
+ content.uri = requested;
274
+ }
275
+ }
276
+ return result;
277
+ }
278
+ finally {
279
+ // Restore the shared request params so middleware outer to us never
280
+ // observes the rewritten lookup URI after next() unwinds.
281
+ req.params.uri = requested;
282
+ }
283
+ },
284
+ };
285
+ const toolsListSecuritySchemesEntry = {
286
+ filter: "tools/list",
287
+ handler: async (_req, _extra, next) => {
288
+ const result = (await next());
289
+ for (const tool of result.tools) {
290
+ const schemes = tool._meta?.securitySchemes;
291
+ if (schemes && !("securitySchemes" in tool)) {
292
+ tool.securitySchemes = schemes;
293
+ }
294
+ }
295
+ return result;
296
+ },
297
+ };
298
+ const monitoringEntry = createMiddlewareEntry();
299
+ const entries = [
300
+ ...(monitoringEntry ? [monitoringEntry] : []),
301
+ viewListMetaEntry,
302
+ viewReadResolveEntry,
303
+ toolsListSecuritySchemesEntry,
304
+ ...this.mcpMiddlewareEntries,
305
+ ];
306
+ const { requestHandlers, notificationHandlers } = getHandlerMaps(this.server);
307
+ const instrumentMap = (map, isNotification) => {
308
+ for (const [method, handler] of map) {
309
+ map.set(method, buildMiddlewareChain(method, isNotification, handler, entries));
310
+ }
311
+ const originalSet = map.set.bind(map);
312
+ map.set = (method, handler) => originalSet(method, buildMiddlewareChain(method, isNotification, handler, entries));
313
+ };
314
+ instrumentMap(requestHandlers, false);
315
+ instrumentMap(notificationHandlers, true);
316
+ }
317
+ /**
318
+ * Connect to an MCP transport (override of the SDK's `connect`). Use this
319
+ * when you're embedding Skybridge in a host that already manages its own
320
+ * transport (e.g. stdio for desktop apps); for HTTP, prefer {@link McpServer.run}
321
+ * which sets the transport up for you. Locks in any middleware registered
322
+ * via {@link McpServer.mcpMiddleware} — further calls to that method will
323
+ * throw afterwards.
324
+ */
325
+ async connect(transport) {
326
+ this.applyMcpMiddleware();
327
+ return McpServerBase.prototype.connect.call(this, transport);
328
+ }
329
+ /**
330
+ * Per-request stateless connect. The SDK's `Protocol` only allows one
331
+ * transport per instance, so we can't reuse this `McpServer` across
332
+ * concurrent requests. The SDK's idiomatic fix is a `() => McpServer`
333
+ * factory, but that would break Skybridge's singleton API — so instead
334
+ * we build a fresh underlying `Server` per request and share the main
335
+ * server's handler maps by reference. The cast is unavoidable: there's
336
+ * no public API to inject handler maps. `getHandlerMaps` validates the
337
+ * read side and fails fast on SDK field renames.
338
+ */
339
+ async connectStatelessTransport(transport) {
340
+ this.applyMcpMiddleware();
341
+ const { requestHandlers, notificationHandlers } = getHandlerMaps(this.server);
342
+ const fresh = new SdkServer(this.serverInfo, this.serverOptions);
343
+ const target = fresh;
344
+ target._requestHandlers = requestHandlers;
345
+ target._notificationHandlers = notificationHandlers;
346
+ await fresh.connect(transport);
347
+ }
348
+ /**
349
+ * Start the HTTP server. Listens on `process.env.__PORT` (default `3000`),
350
+ * mounts the `/mcp` route, applies any custom Express middleware registered
351
+ * via {@link McpServer.use} / {@link McpServer.useOnError}, and locks in
352
+ * any MCP middleware registered via {@link McpServer.mcpMiddleware}.
353
+ *
354
+ * On Cloudflare Workers / workerd, returns an object exposing `fetch` so
355
+ * the runtime can bridge incoming requests to the Node HTTP server. On
356
+ * Vercel (`VERCEL === "1"`), returns the Express app directly so the
357
+ * serverless function entry can call it as a `(req, res)` handler. On
358
+ * Node, returns `undefined` once listening.
359
+ */
360
+ async run() {
361
+ this.applyMcpMiddleware();
362
+ if (process.env.VERCEL === "1") {
363
+ // createApp only reads httpServer inside its dev-only branch
364
+ // (viewsDevServer); under VERCEL=1 + NODE_ENV=production it's a
365
+ // bare object passed to satisfy the required parameter.
366
+ const httpServer = http.createServer();
367
+ await createApp({
368
+ mcpServer: this,
369
+ httpServer,
370
+ errorMiddleware: this.customErrorMiddleware,
371
+ });
372
+ return this.express;
373
+ }
374
+ const httpServer = http.createServer();
375
+ await createApp({
376
+ mcpServer: this,
377
+ httpServer,
378
+ errorMiddleware: this.customErrorMiddleware,
379
+ });
380
+ httpServer.on("request", this.express);
381
+ const port = parseInt(process.env.__PORT ?? "3000", 10);
382
+ await new Promise((resolve, reject) => {
383
+ httpServer.on("error", (error) => {
384
+ console.error("Failed to start server:", error);
385
+ reject(error);
386
+ });
387
+ httpServer.listen(port, () => {
388
+ resolve();
389
+ });
390
+ });
391
+ // On workerd, bridge the Node http server to a Workers fetch handler.
392
+ // The specifier is held in a variable to sidestep tsc's module resolution
393
+ // (`cloudflare:node` only exists under wrangler/workerd).
394
+ if (typeof navigator !== "undefined" &&
395
+ navigator.userAgent === "Cloudflare-Workers") {
396
+ const cloudflareNode = "cloudflare:node";
397
+ const { httpServerHandler } = await import(cloudflareNode);
398
+ return httpServerHandler({ port });
399
+ }
400
+ const shutdown = () => {
401
+ // Drop both handlers so a second signal falls through to Node's default
402
+ // (force-quit on a second Ctrl+C while drain is hanging).
403
+ process.off("SIGTERM", shutdown);
404
+ process.off("SIGINT", shutdown);
405
+ httpServer.close(() => process.exit(0));
406
+ // Force exit if connections don't drain in time so the port is still
407
+ // released promptly (e.g. for nodemon restarts).
408
+ setTimeout(() => process.exit(0), 3000).unref();
409
+ };
410
+ process.on("SIGTERM", shutdown);
411
+ process.on("SIGINT", shutdown);
412
+ return undefined;
413
+ }
414
+ enforceOneToolPerView(component, toolName) {
415
+ const existingTool = this.claimedViews.get(component);
416
+ if (existingTool) {
417
+ throw new Error(`skybridge: view "${component}" is already used by tool "${existingTool}". Tool "${toolName}" cannot also reference it — each view backs exactly one tool.`);
418
+ }
419
+ this.claimedViews.set(component, toolName);
420
+ }
421
+ resolveViewRequestContext(extra) {
422
+ const isProduction = process.env.NODE_ENV === "production";
423
+ const headers = extra?.requestInfo?.headers || {};
424
+ const header = (key) => {
425
+ const val = headers[key];
426
+ return Array.isArray(val) ? val[0] : val;
427
+ };
428
+ const isClaude = header("user-agent") === "Claude-User";
429
+ const serverUrl = resolveServerOrigin(header);
430
+ // Path prefix the proxy routed this request under (e.g. `foo.com/v1`). Read
431
+ // per-request so one process can serve many hosts/prefixes at once: the
432
+ // origin is recovered from x-forwarded-host, the prefix from
433
+ // x-forwarded-prefix. Empty when served at the origin root.
434
+ const assetsBasePath = normalizeForwardedPrefix(header("x-forwarded-prefix"));
435
+ const connectDomains = [serverUrl];
436
+ if (!isProduction) {
437
+ const wsUrl = new URL(serverUrl);
438
+ wsUrl.protocol = wsUrl.protocol === "https:" ? "wss:" : "ws:";
439
+ connectDomains.push(wsUrl.origin);
440
+ }
441
+ let contentMetaOverrides = {};
442
+ if (isClaude) {
443
+ const pathname = extra?.requestInfo?.url?.pathname ?? "";
444
+ const rawUrl = header("x-alpic-forwarded-url") ?? `${serverUrl}${pathname}`;
445
+ // Strip a lone trailing slash so the hash matches the connector URL
446
+ // as registered with Claude (which has no trailing slash on bare origins).
447
+ const url = rawUrl.endsWith("/") ? rawUrl.slice(0, -1) : rawUrl;
448
+ const hash = crypto
449
+ .createHash("sha256")
450
+ .update(url)
451
+ .digest("hex")
452
+ .slice(0, 32);
453
+ contentMetaOverrides = { domain: `${hash}.claudemcpcontent.com` };
454
+ }
455
+ return { serverUrl, assetsBasePath, connectDomains, contentMetaOverrides };
456
+ }
457
+ registerViewResources(toolName, view, toolMeta) {
458
+ // Append a content-derived version param so hosts (e.g. ChatGPT) bust
459
+ // their cache when the bundle changes, but keep the URI stable across
460
+ // `tools/list` calls when the bundle hasn't changed.
461
+ const versionParam = this.computeViewVersionParam(view.component);
462
+ const viewResource = {
463
+ hostType: "mcp-app",
464
+ uri: `ui://views/ext-apps/${view.component}.html${versionParam}`,
465
+ mimeType: "text/html;profile=mcp-app",
466
+ buildContentMeta: ({ resourceDomains, connectDomains, domain, baseUriDomains }, overrides) => {
467
+ const defaults = {
468
+ ui: {
469
+ csp: {
470
+ resourceDomains,
471
+ connectDomains,
472
+ baseUriDomains,
473
+ },
474
+ domain,
475
+ },
476
+ };
477
+ const fromView = {
478
+ ui: {
479
+ ...(view.description && { description: view.description }),
480
+ ...(view.prefersBorder !== undefined && {
481
+ prefersBorder: view.prefersBorder,
482
+ }),
483
+ ...(view.domain && { domain: view.domain }),
484
+ csp: {
485
+ ...(view.csp?.resourceDomains && {
486
+ resourceDomains: view.csp.resourceDomains,
487
+ }),
488
+ ...(view.csp?.connectDomains && {
489
+ connectDomains: view.csp.connectDomains,
490
+ }),
491
+ ...(view.csp?.frameDomains && {
492
+ frameDomains: view.csp.frameDomains,
493
+ }),
494
+ ...(view.csp?.baseUriDomains && {
495
+ baseUriDomains: view.csp.baseUriDomains,
496
+ }),
497
+ },
498
+ },
499
+ };
500
+ const ui = mergeWithUnion(mergeWithUnion(defaults, fromView), {
501
+ ui: overrides,
502
+ });
503
+ const base = {
504
+ ...ui,
505
+ ...(view.description && {
506
+ "openai/widgetDescription": view.description,
507
+ }),
508
+ ...(view.csp?.redirectDomains && {
509
+ "openai/widgetCSP": { redirect_domains: view.csp.redirectDomains },
510
+ }),
511
+ };
512
+ if (view._meta) {
513
+ return { ...base, ...view._meta };
514
+ }
515
+ return base;
516
+ },
517
+ };
518
+ this.registerViewResource({ name: toolName, viewResource, view });
519
+ // Advertise via the MCP Apps standard pointer only — ChatGPT renders from
520
+ // ui.resourceUri (verified), and not emitting openai/outputTemplate lets us
521
+ // retire the legacy apps-sdk resource later. The legacy apps-sdk URL is still
522
+ // served (see registerViewResource) so already-published apps keep resolving.
523
+ // @ts-expect-error - For backwards compatibility with Claude current implementation of the specs
524
+ toolMeta["ui/resourceUri"] = viewResource.uri;
525
+ toolMeta.ui = { ...toolMeta.ui, resourceUri: viewResource.uri };
526
+ }
527
+ registerViewResource({ name, viewResource, view, }) {
528
+ const { hostType, uri: viewUri, mimeType, buildContentMeta } = viewResource;
529
+ const buildMeta = (extra) => {
530
+ const { serverUrl, connectDomains, contentMetaOverrides } = this.resolveViewRequestContext(extra);
531
+ return buildContentMeta({
532
+ resourceDomains: [serverUrl],
533
+ connectDomains,
534
+ domain: serverUrl,
535
+ baseUriDomains: [serverUrl],
536
+ }, contentMetaOverrides);
537
+ };
538
+ this.viewMetaBuilders.set(viewUri, buildMeta);
539
+ this.viewUriByPath.set(stripQuery(viewUri), viewUri);
540
+ this.serveLegacyAppsSdkUrl(view.component, viewUri);
541
+ this.registerResource(name, viewUri, { description: view.description }, async (uri, extra) => {
94
542
  const isProduction = process.env.NODE_ENV === "production";
95
- const useForwardedHost = process.env.SKYBRIDGE_USE_FORWARDED_HOST === "true";
96
- const serverUrl = isProduction || useForwardedHost
97
- ? `https://${extra?.requestInfo?.headers?.["x-forwarded-host"] ?? extra?.requestInfo?.headers?.host}`
98
- : "http://localhost:3000";
543
+ const { serverUrl, assetsBasePath } = this.resolveViewRequestContext(extra);
544
+ // The view resolves all assets (template imports + runtime lazy chunks
545
+ // via `window.skybridge.serverUrl`) against this base, so it carries the
546
+ // proxy path prefix. CSP domains in `buildMeta` stay the bare origin.
547
+ const viewBase = `${serverUrl}${assetsBasePath}`;
99
548
  const html = isProduction
100
549
  ? templateHelper.renderProduction({
101
550
  hostType,
102
- serverUrl,
103
- widgetFile: this.lookupDistFileWithIndexFallback(`src/widgets/${name}`),
104
- styleFile: this.lookupDistFile("style.css"),
551
+ serverUrl: viewBase,
552
+ viewFile: this.lookupViewFile(view.component),
553
+ styleFile: this.lookupDistFile("style.css") ?? "",
105
554
  })
106
555
  : templateHelper.renderDevelopment({
107
556
  hostType,
108
- serverUrl,
109
- widgetName: name,
557
+ serverUrl: viewBase,
558
+ viewName: view.component,
110
559
  });
111
- const VITE_HMR_WEBSOCKET_DEFAULT_URL = "ws://localhost:24678";
112
- const contentMeta = buildContentMeta({
113
- resourceDomains: [serverUrl],
114
- connectDomains: !isProduction ? [VITE_HMR_WEBSOCKET_DEFAULT_URL] : [],
115
- domain: serverUrl,
116
- baseUriDomains: [serverUrl],
117
- });
118
560
  return {
119
561
  contents: [
120
- { uri: uri.href, mimeType, text: html, _meta: contentMeta },
562
+ { uri: uri.href, mimeType, text: html, _meta: buildMeta(extra) },
121
563
  ],
122
564
  };
123
565
  });
124
566
  }
567
+ serveLegacyAppsSdkUrl(component, canonicalUri) {
568
+ this.viewUriByPath.set(`ui://views/apps-sdk/${component}.html`, canonicalUri);
569
+ this.viewUriByPath.set(`ui://widgets/apps-sdk/${component}.html`, canonicalUri);
570
+ this.viewUriByPath.set(`ui://widgets/ext-apps/${component}.html`, canonicalUri);
571
+ }
572
+ decorateToolHandler(cb, { attachViewUUID, securitySchemes, }) {
573
+ return async (args, extra) => {
574
+ if (this.oauthEnabled) {
575
+ const failure = evaluateSecuritySchemes(securitySchemes, extra.authInfo);
576
+ if (failure) {
577
+ const headers = extra?.requestInfo?.headers ?? {};
578
+ const header = (key) => {
579
+ const value = headers[key];
580
+ return Array.isArray(value) ? value[0] : value;
581
+ };
582
+ const challenge = wwwAuthenticateHeader(failure, this.resolveResourceMetadataUrl?.(header));
583
+ return {
584
+ isError: true,
585
+ content: [{ type: "text", text: failure.description }],
586
+ _meta: { "mcp/www_authenticate": [challenge] },
587
+ };
588
+ }
589
+ }
590
+ const result = await cb(args, extra);
591
+ return {
592
+ ...result,
593
+ content: normalizeContent(result.content),
594
+ ...(attachViewUUID && {
595
+ _meta: {
596
+ ...result._meta,
597
+ viewUUID: crypto.randomUUID(),
598
+ },
599
+ }),
600
+ };
601
+ };
602
+ }
603
+ computeViewVersionParam(viewName) {
604
+ if (process.env.NODE_ENV !== "production") {
605
+ return "";
606
+ }
607
+ try {
608
+ const viewFile = this.lookupViewFile(viewName);
609
+ const styleFile = this.lookupDistFile("style.css") ?? "";
610
+ const hash = crypto
611
+ .createHash("sha256")
612
+ .update(viewFile)
613
+ .update("\0")
614
+ .update(styleFile)
615
+ .digest("hex")
616
+ .slice(0, 8);
617
+ return `?v=${hash}`;
618
+ }
619
+ catch {
620
+ return "";
621
+ }
622
+ }
623
+ lookupViewFile(viewName) {
624
+ const manifest = this.readManifest();
625
+ for (const entry of Object.values(manifest)) {
626
+ if (entry?.isEntry && entry.name === viewName && entry.file) {
627
+ return entry.file;
628
+ }
629
+ }
630
+ throw new Error(`View "${viewName}" not found in Vite manifest. Did the build complete successfully? Look for an entry with name "${viewName}" in dist/assets/.vite/manifest.json.`);
631
+ }
125
632
  lookupDistFile(key) {
126
633
  const manifest = this.readManifest();
127
634
  return manifest[key]?.file;
128
635
  }
129
- lookupDistFileWithIndexFallback(basePath) {
130
- const manifest = this.readManifest();
131
- const flatFileKey = `${basePath}.tsx`;
132
- const indexFileKey = `${basePath}/index.tsx`;
133
- return manifest[flatFileKey]?.file ?? manifest[indexFileKey]?.file;
636
+ /**
637
+ * Inject the Vite manifest as a value rather than letting `readManifest()`
638
+ * load it from disk. Required for runtimes without a usable filesystem
639
+ * (Cloudflare Workers, etc.) — the user's `skybridge build` emits the
640
+ * manifest as a JS module which the entry imports and passes here.
641
+ */
642
+ setViteManifest(manifest) {
643
+ this.viteManifest = manifest;
644
+ return this;
134
645
  }
135
646
  readManifest() {
647
+ if (this.viteManifest) {
648
+ return this.viteManifest;
649
+ }
136
650
  return JSON.parse(readFileSync(path.join(process.cwd(), "dist", "assets", ".vite", "manifest.json"), "utf-8"));
137
651
  }
652
+ registerTool(...args) {
653
+ const baseFn = McpServerBase.prototype.registerTool;
654
+ const { config, cb } = normalizeRegisterToolArgs(args);
655
+ const { name, view, auth, securitySchemes: rawSecuritySchemes, _meta: userToolMeta, ...toolFields } = config;
656
+ const authNeedsProvider = auth !== undefined && (!auth.public || Boolean(auth.scopes?.length));
657
+ if (rawSecuritySchemes === undefined &&
658
+ authNeedsProvider &&
659
+ !this.oauthEnabled) {
660
+ throw new Error(`Tool "${name}" sets \`auth: ${JSON.stringify(auth)}\` but the server has no \`oauth\` provider configured.`);
661
+ }
662
+ const securitySchemes = rawSecuritySchemes ??
663
+ (auth && this.oauthEnabled ? authToSecuritySchemes(auth) : undefined);
664
+ const toolMeta = { ...userToolMeta };
665
+ this.securitySchemesByTool.set(name, securitySchemes);
666
+ if (securitySchemes) {
667
+ // SEP-1488 puts `securitySchemes` at the top level of the tool
668
+ // descriptor, but the SDK's `registerTool` drops unknown top-level
669
+ // fields, so the canonical spot isn't reachable without intercepting
670
+ // `tools/list`. Use the `_meta` back-compat mirror documented in the
671
+ // Apps SDK reference until SEP-1488 lands in the spec.
672
+ toolMeta.securitySchemes = securitySchemes;
673
+ }
674
+ if (view) {
675
+ this.enforceOneToolPerView(view.component, name);
676
+ this.registerViewResources(name, view, toolMeta);
677
+ }
678
+ const wrappedCb = this.decorateToolHandler(cb, {
679
+ attachViewUUID: Boolean(view),
680
+ securitySchemes,
681
+ });
682
+ baseFn.call(this, name, { ...toolFields, _meta: toolMeta }, wrappedCb);
683
+ return this;
684
+ }
138
685
  }
139
686
  //# sourceMappingURL=server.js.map