thingd-cli 0.3.0 → 0.4.0

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAKA,OAAO,EAOL,MAAM,EACN,KAAK,YAAY,EAClB,MAAM,QAAQ,CAAC;AAIhB,KAAK,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,CAAC;AAEjD,KAAK,YAAY,GAAG;IAClB,KAAK,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;CAC5B,CAAC;AAEF,MAAM,MAAM,aAAa,GAAG;IAC1B,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,MAAM,CAAC,EAAE,YAAY,CAAC;IACtB,MAAM,CAAC,EAAE,YAAY,CAAC;CACvB,CAAC;AAEF,KAAK,UAAU,GAAG;IAChB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,KAAK,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;IAC7B,QAAQ,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;CACvB,CAAC;AAEF,MAAM,MAAM,UAAU,GAAG;IACvB,MAAM,EAAE,UAAU,CAAC;IACnB,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,EAAE,YAAY,CAAC;IACrB,MAAM,EAAE,YAAY,CAAC;IACrB,MAAM,EAAE,OAAO,CAAC;CACjB,CAAC;AAEF,MAAM,MAAM,iBAAiB,GAAG;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,CAAC,EAAE,YAAY,CAAC;IACtB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,OAAO,CAAC;CAChB,CAAC;AAuCF,wBAAsB,MAAM,CAC1B,IAAI,WAAwB,EAC5B,OAAO,GAAE,aAAkB,GAC1B,OAAO,CAAC,MAAM,CAAC,CAiCjB;AAmUD,wBAAsB,MAAM,CAC1B,OAAO,EAAE,UAAU,EACnB,QAAQ,EAAE,CAAC,EAAE,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,GACtC,OAAO,CAAC,IAAI,CAAC,CAcf;AA4BD,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,UAAU,GAAG,iBAAiB,CAYxE"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAKA,OAAO,EAOL,MAAM,EACN,KAAK,YAAY,EAClB,MAAM,QAAQ,CAAC;AAIhB,KAAK,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,CAAC;AAEjD,KAAK,YAAY,GAAG;IAClB,KAAK,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;CAC5B,CAAC;AAEF,MAAM,MAAM,aAAa,GAAG;IAC1B,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,MAAM,CAAC,EAAE,YAAY,CAAC;IACtB,MAAM,CAAC,EAAE,YAAY,CAAC;CACvB,CAAC;AAEF,KAAK,UAAU,GAAG;IAChB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,KAAK,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;IAC7B,QAAQ,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;CACvB,CAAC;AAEF,MAAM,MAAM,UAAU,GAAG;IACvB,MAAM,EAAE,UAAU,CAAC;IACnB,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,EAAE,YAAY,CAAC;IACrB,MAAM,EAAE,YAAY,CAAC;IACrB,MAAM,EAAE,OAAO,CAAC;CACjB,CAAC;AAEF,MAAM,MAAM,iBAAiB,GAAG;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,CAAC,EAAE,YAAY,CAAC;IACtB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,OAAO,CAAC;CAChB,CAAC;AAyCF,wBAAsB,MAAM,CAC1B,IAAI,WAAwB,EAC5B,OAAO,GAAE,aAAkB,GAC1B,OAAO,CAAC,MAAM,CAAC,CAiCjB;AAyUD,wBAAsB,MAAM,CAC1B,OAAO,EAAE,UAAU,EACnB,QAAQ,EAAE,CAAC,EAAE,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,GACtC,OAAO,CAAC,IAAI,CAAC,CAcf;AA4BD,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,UAAU,GAAG,iBAAiB,CAYxE"}

package/dist/index.js

@@ -12,6 +12,8 @@ Admin and operator CLI for thingd.
 Usage:
   thingd status [--url <url>]
   thingd tools --url <url>
+  thingd mcp [--path <path>] [--driver <driver>]
+  thingd mcp-http [--path <path>] [--driver <driver>] [--host <host>] [--port <port>] [--auth-token <tok>] [--allow-unauthenticated]
   thingd search <query> [--collection <name>] [--limit <n>]
   thingd objects get <collection> <id>
   thingd objects put <collection> <id> --text <text>
@@ -39,7 +41,7 @@ Options:
   --limit <n>         result limit for search and list commands
   -h, --help          show help
 `;
-const BOOLEAN_FLAGS = new Set(["h", "help", "json", "pretty"]);
+const BOOLEAN_FLAGS = new Set(["h", "help", "json", "pretty", "allow-unauthenticated"]);
 export async function runCli(args = process.argv.slice(2), options = {}) {
     const parsed = parseArgs(args);
     const context = {
@@ -86,6 +88,11 @@ async function runCommand(context) {
         await runMcp(context);
         return;
     }
+    if (command === "mcp-http") {
+        const { runMcpHttp } = await import("./mcp-http.js");
+        await runMcpHttp(context);
+        return;
+    }
     if (command === "objects") {
         await runObjects(context);
         return;

package/dist/mcp/audit.d.ts

@@ -0,0 +1,27 @@
+import type { ThingD } from "thingd";
+export type ThingdMcpAuditOptions = {
+    enabled?: boolean;
+    actor?: string;
+    source?: string;
+    stream?: string;
+};
+export type ThingdMcpAuditMetadata = {
+    actor?: string;
+    source?: string;
+};
+type ResolvedThingdMcpAuditOptions = {
+    enabled: boolean;
+    actor: string;
+    source: string;
+    stream: string;
+};
+type ThingdMcpAuditEventOptions = {
+    action: string;
+    target: Record<string, unknown>;
+    metadata?: ThingdMcpAuditMetadata;
+    result?: Record<string, unknown>;
+};
+export declare function resolveThingdMcpAuditOptions(options: ThingdMcpAuditOptions | false | undefined): ResolvedThingdMcpAuditOptions;
+export declare function appendMcpAuditEvent(db: ThingD, options: ResolvedThingdMcpAuditOptions, event: ThingdMcpAuditEventOptions): Promise<void>;
+export {};
+//# sourceMappingURL=audit.d.ts.map

package/dist/mcp/audit.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit.d.ts","sourceRoot":"","sources":["../../src/mcp/audit.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAe,MAAM,EAAE,MAAM,QAAQ,CAAC;AAElD,MAAM,MAAM,qBAAqB,GAAG;IAClC,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,MAAM,MAAM,sBAAsB,GAAG;IACnC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,KAAK,6BAA6B,GAAG;IACnC,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;CAChB,CAAC;AAEF,KAAK,0BAA0B,GAAG;IAChC,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAChC,QAAQ,CAAC,EAAE,sBAAsB,CAAC;IAClC,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAClC,CAAC;AAMF,wBAAgB,4BAA4B,CAC1C,OAAO,EAAE,qBAAqB,GAAG,KAAK,GAAG,SAAS,GACjD,6BAA6B,CAgB/B;AAED,wBAAsB,mBAAmB,CACvC,EAAE,EAAE,MAAM,EACV,OAAO,EAAE,6BAA6B,EACtC,KAAK,EAAE,0BAA0B,GAChC,OAAO,CAAC,IAAI,CAAC,CAkBf"}

package/dist/mcp/audit.js

@@ -0,0 +1,36 @@
+const DEFAULT_AUDIT_STREAM = "__thingd:mcp:audit";
+const DEFAULT_AUDIT_ACTOR = "mcp-client";
+const DEFAULT_AUDIT_SOURCE = "thingd-mcp";
+export function resolveThingdMcpAuditOptions(options) {
+    if (options === false || options?.enabled === false) {
+        return {
+            enabled: false,
+            actor: DEFAULT_AUDIT_ACTOR,
+            source: DEFAULT_AUDIT_SOURCE,
+            stream: DEFAULT_AUDIT_STREAM,
+        };
+    }
+    return {
+        enabled: true,
+        actor: options?.actor ?? DEFAULT_AUDIT_ACTOR,
+        source: options?.source ?? DEFAULT_AUDIT_SOURCE,
+        stream: options?.stream ?? DEFAULT_AUDIT_STREAM,
+    };
+}
+export async function appendMcpAuditEvent(db, options, event) {
+    if (!options.enabled) {
+        return;
+    }
+    const actor = event.metadata?.actor ?? options.actor;
+    const source = event.metadata?.source ?? options.source;
+    const auditEvent = {
+        type: `mcp.${event.action}`,
+        text: `MCP ${event.action} by ${actor}`,
+        actor,
+        source,
+        target: event.target,
+        result: event.result,
+        at: new Date().toISOString(),
+    };
+    await db.events.append(options.stream, auditEvent);
+}

package/dist/mcp/cluster.d.ts

@@ -0,0 +1,44 @@
+import type { IncomingMessage, ServerResponse } from "node:http";
+export type ThingdClusterMode = "single" | "leader" | "follower";
+export type ThingdClusterDiscovery = "none" | "static" | "kubernetes";
+export type ThingdClusterOptions = {
+    mode?: ThingdClusterMode;
+    advertiseUrl?: string;
+    leaderUrl?: string;
+    peers?: string[];
+    discovery?: ThingdClusterDiscovery;
+    service?: string;
+    namespace?: string;
+    port?: number;
+    forwardAuthToken?: string;
+    statusPath?: string;
+    peersPath?: string;
+};
+export type ResolvedThingdClusterOptions = {
+    mode: ThingdClusterMode;
+    advertiseUrl?: string;
+    leaderUrl?: string;
+    peers: string[];
+    discovery: ThingdClusterDiscovery;
+    service?: string;
+    namespace?: string;
+    port: number;
+    forwardAuthToken?: string;
+    statusPath: string;
+    peersPath: string;
+};
+export type ThingdClusterStatus = {
+    mode: ThingdClusterMode;
+    writable: boolean;
+    forwarding: boolean;
+    leaderUrl?: string;
+    advertiseUrl?: string;
+    discovery: ThingdClusterDiscovery;
+    peers: string[];
+    replication: "not-implemented";
+};
+export declare function readClusterOptionsFromEnv(env: Record<string, string | undefined>): ThingdClusterOptions;
+export declare function resolveClusterOptions(options: ThingdClusterOptions | undefined): ResolvedThingdClusterOptions;
+export declare function clusterStatus(cluster: ResolvedThingdClusterOptions): ThingdClusterStatus;
+export declare function forwardMcpRequestToLeader(cluster: ResolvedThingdClusterOptions, mcpPath: string, request: IncomingMessage, response: ServerResponse): Promise<void>;
+//# sourceMappingURL=cluster.d.ts.map

package/dist/mcp/cluster.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cluster.d.ts","sourceRoot":"","sources":["../../src/mcp/cluster.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AAGjE,MAAM,MAAM,iBAAiB,GAAG,QAAQ,GAAG,QAAQ,GAAG,UAAU,CAAC;AACjE,MAAM,MAAM,sBAAsB,GAAG,MAAM,GAAG,QAAQ,GAAG,YAAY,CAAC;AAEtE,MAAM,MAAM,oBAAoB,GAAG;IACjC,IAAI,CAAC,EAAE,iBAAiB,CAAC;IACzB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IACjB,SAAS,CAAC,EAAE,sBAAsB,CAAC;IACnC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,MAAM,MAAM,4BAA4B,GAAG;IACzC,IAAI,EAAE,iBAAiB,CAAC;IACxB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,SAAS,EAAE,sBAAsB,CAAC;IAClC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;CACnB,CAAC;AAEF,MAAM,MAAM,mBAAmB,GAAG;IAChC,IAAI,EAAE,iBAAiB,CAAC;IACxB,QAAQ,EAAE,OAAO,CAAC;IAClB,UAAU,EAAE,OAAO,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,SAAS,EAAE,sBAAsB,CAAC;IAClC,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,WAAW,EAAE,iBAAiB,CAAC;CAChC,CAAC;AAIF,wBAAgB,yBAAyB,CACvC,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,GACtC,oBAAoB,CAYtB;AAED,wBAAgB,qBAAqB,CACnC,OAAO,EAAE,oBAAoB,GAAG,SAAS,GACxC,4BAA4B,CA6B9B;AAED,wBAAgB,aAAa,CAAC,OAAO,EAAE,4BAA4B,GAAG,mBAAmB,CAWxF;AAED,wBAAsB,yBAAyB,CAC7C,OAAO,EAAE,4BAA4B,EACrC,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,eAAe,EACxB,QAAQ,EAAE,cAAc,GACvB,OAAO,CAAC,IAAI,CAAC,CAgBf"}

package/dist/mcp/cluster.js

@@ -0,0 +1,183 @@
+import { parsePort } from "./config.js";
+const DEFAULT_CLUSTER_PORT = 8757;
+export function readClusterOptionsFromEnv(env) {
+    return {
+        mode: parseClusterMode(env.THINGD_CLUSTER_MODE),
+        advertiseUrl: env.THINGD_ADVERTISE_URL,
+        leaderUrl: env.THINGD_CLUSTER_LEADER_URL,
+        peers: parsePeers(env.THINGD_CLUSTER_PEERS),
+        discovery: parseClusterDiscovery(env.THINGD_CLUSTER_DISCOVERY),
+        service: env.THINGD_CLUSTER_SERVICE,
+        namespace: env.THINGD_CLUSTER_NAMESPACE,
+        port: parsePort(env.THINGD_CLUSTER_PORT, DEFAULT_CLUSTER_PORT),
+        forwardAuthToken: env.THINGD_CLUSTER_FORWARD_AUTH_TOKEN ?? env.THINGD_AUTH_TOKEN,
+    };
+}
+export function resolveClusterOptions(options) {
+    const mode = options?.mode ?? "single";
+    const discovery = options?.discovery ?? (options?.peers?.length ? "static" : "none");
+    const port = options?.port ?? DEFAULT_CLUSTER_PORT;
+    const peers = resolvePeers({
+        discovery,
+        peers: options?.peers ?? [],
+        service: options?.service,
+        namespace: options?.namespace,
+        port,
+    });
+    if (mode === "follower" && !options?.leaderUrl) {
+        throw new Error("THINGD_CLUSTER_LEADER_URL is required when THINGD_CLUSTER_MODE=follower");
+    }
+    return {
+        mode,
+        advertiseUrl: options?.advertiseUrl,
+        leaderUrl: options?.leaderUrl,
+        peers,
+        discovery,
+        service: options?.service,
+        namespace: options?.namespace,
+        port,
+        forwardAuthToken: options?.forwardAuthToken,
+        statusPath: options?.statusPath ?? "/cluster/status",
+        peersPath: options?.peersPath ?? "/cluster/peers",
+    };
+}
+export function clusterStatus(cluster) {
+    return {
+        mode: cluster.mode,
+        writable: cluster.mode !== "follower",
+        forwarding: cluster.mode === "follower",
+        leaderUrl: cluster.leaderUrl,
+        advertiseUrl: cluster.advertiseUrl,
+        discovery: cluster.discovery,
+        peers: cluster.peers,
+        replication: "not-implemented",
+    };
+}
+export async function forwardMcpRequestToLeader(cluster, mcpPath, request, response) {
+    if (!cluster.leaderUrl) {
+        writeForwardError(response, 503, "cluster_leader_unavailable");
+        return;
+    }
+    const upstreamUrl = leaderMcpUrl(cluster.leaderUrl, mcpPath);
+    const body = await readRequestBody(request);
+    const upstream = await fetch(upstreamUrl, {
+        method: "POST",
+        headers: forwardedHeaders(request, cluster.forwardAuthToken),
+        body: new Uint8Array(body),
+    });
+    response.writeHead(upstream.status, responseHeaders(upstream.headers));
+    response.end(Buffer.from(await upstream.arrayBuffer()));
+}
+function parseClusterMode(value) {
+    if (!value) {
+        return undefined;
+    }
+    if (value === "single" || value === "leader" || value === "follower") {
+        return value;
+    }
+    throw new Error(`Unsupported THINGD_CLUSTER_MODE: ${value}`);
+}
+function parseClusterDiscovery(value) {
+    if (!value) {
+        return undefined;
+    }
+    if (value === "none" || value === "static" || value === "kubernetes") {
+        return value;
+    }
+    throw new Error(`Unsupported THINGD_CLUSTER_DISCOVERY: ${value}`);
+}
+function parsePeers(value) {
+    if (!value) {
+        return undefined;
+    }
+    return value
+        .split(",")
+        .map((peer) => peer.trim())
+        .filter(Boolean);
+}
+function resolvePeers(options) {
+    if (options.discovery === "static") {
+        return options.peers;
+    }
+    if (options.discovery !== "kubernetes" || !options.service) {
+        return [];
+    }
+    const namespace = options.namespace ?? "default";
+    return [`http://${options.service}.${namespace}.svc.cluster.local:${options.port}`];
+}
+function leaderMcpUrl(leaderUrl, mcpPath) {
+    const url = new URL(leaderUrl);
+    if (url.pathname === "/" || url.pathname === "") {
+        url.pathname = mcpPath;
+    }
+    return url.toString();
+}
+function forwardedHeaders(request, forwardAuthToken) {
+    const headers = new Headers();
+    const contentType = request.headers["content-type"];
+    const protocolVersion = request.headers["mcp-protocol-version"];
+    const accept = request.headers.accept;
+    if (typeof contentType === "string") {
+        headers.set("Content-Type", contentType);
+    }
+    if (typeof accept === "string") {
+        headers.set("Accept", accept);
+    }
+    if (typeof protocolVersion === "string") {
+        headers.set("MCP-Protocol-Version", protocolVersion);
+    }
+    if (forwardAuthToken) {
+        headers.set("Authorization", `Bearer ${forwardAuthToken}`);
+    }
+    else if (typeof request.headers.authorization === "string") {
+        headers.set("Authorization", request.headers.authorization);
+    }
+    return headers;
+}
+function responseHeaders(headers) {
+    const result = {};
+    for (const [key, value] of headers) {
+        if (!isHopByHopHeader(key)) {
+            result[key] = value;
+        }
+    }
+    return result;
+}
+function isHopByHopHeader(header) {
+    return [
+        "connection",
+        "content-length",
+        "keep-alive",
+        "proxy-authenticate",
+        "proxy-authorization",
+        "te",
+        "trailer",
+        "transfer-encoding",
+        "upgrade",
+    ].includes(header.toLowerCase());
+}
+function readRequestBody(request) {
+    return new Promise((resolve, reject) => {
+        const chunks = [];
+        request.on("data", (chunk) => {
+            chunks.push(chunk);
+        });
+        request.on("end", () => {
+            resolve(Buffer.concat(chunks));
+        });
+        request.on("error", reject);
+    });
+}
+function writeForwardError(response, statusCode, error) {
+    response.writeHead(statusCode, {
+        "Content-Type": "application/json",
+    });
+    response.end(JSON.stringify({
+        jsonrpc: "2.0",
+        error: {
+            code: -32_603,
+            message: error,
+        },
+        id: null,
+    }));
+}

package/dist/mcp/config.d.ts

@@ -0,0 +1,15 @@
+import type { ThingDDriver } from "thingd";
+import type { ThingdMcpAuditOptions } from "./audit.js";
+export type ThingDStorageDriver = Exclude<ThingDDriver, "remote">;
+export type HttpRuntimeSafetyOptions = {
+    host: string;
+    authToken?: string;
+    allowUnauthenticated?: boolean;
+};
+export declare function parseThingdDriver(value: string | undefined): ThingDStorageDriver | undefined;
+export declare function parsePort(value: string | undefined, fallback: number): number;
+export declare function parseBooleanFlag(value: string | undefined, name: string): boolean;
+export declare function readMcpAuditOptionsFromEnv(env: Record<string, string | undefined>): ThingdMcpAuditOptions | false;
+export declare function readCliValue(args: string[], index: number, name: string): string;
+export declare function ensureHttpRuntimeIsSafe(options: HttpRuntimeSafetyOptions): void;
+//# sourceMappingURL=config.d.ts.map

package/dist/mcp/config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/mcp/config.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,QAAQ,CAAC;AAC3C,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AAExD,MAAM,MAAM,mBAAmB,GAAG,OAAO,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC;AAElE,MAAM,MAAM,wBAAwB,GAAG;IACrC,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,oBAAoB,CAAC,EAAE,OAAO,CAAC;CAChC,CAAC;AAEF,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,MAAM,GAAG,SAAS,GAAG,mBAAmB,GAAG,SAAS,CAU5F;AAED,wBAAgB,SAAS,CAAC,KAAK,EAAE,MAAM,GAAG,SAAS,EAAE,QAAQ,EAAE,MAAM,GAAG,MAAM,CAY7E;AAED,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,MAAM,GAAG,SAAS,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAejF;AAED,wBAAgB,0BAA0B,CACxC,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,GACtC,qBAAqB,GAAG,KAAK,CAgB/B;AAED,wBAAgB,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,MAAM,CAQhF;AAED,wBAAgB,uBAAuB,CAAC,OAAO,EAAE,wBAAwB,GAAG,IAAI,CAU/E"}

package/dist/mcp/config.js

@@ -0,0 +1,67 @@
+export function parseThingdDriver(value) {
+    if (!value) {
+        return undefined;
+    }
+    if (value === "memory" || value === "native") {
+        return value;
+    }
+    throw new Error(`Unsupported thingd driver: ${value}`);
+}
+export function parsePort(value, fallback) {
+    if (!value) {
+        return fallback;
+    }
+    const port = Number.parseInt(value, 10);
+    if (!Number.isInteger(port) || port < 0 || port > 65_535) {
+        throw new Error(`Invalid port: ${value}`);
+    }
+    return port;
+}
+export function parseBooleanFlag(value, name) {
+    if (!value) {
+        return false;
+    }
+    const normalized = value.toLowerCase();
+    if (["1", "true", "yes", "on"].includes(normalized)) {
+        return true;
+    }
+    if (["0", "false", "no", "off"].includes(normalized)) {
+        return false;
+    }
+    throw new Error(`Invalid ${name}: expected true or false`);
+}
+export function readMcpAuditOptionsFromEnv(env) {
+    const enabled = env.THINGD_MCP_AUDIT === undefined
+        ? undefined
+        : parseBooleanFlag(env.THINGD_MCP_AUDIT, "THINGD_MCP_AUDIT");
+    if (enabled === false) {
+        return false;
+    }
+    return {
+        enabled,
+        actor: env.THINGD_MCP_ACTOR,
+        source: env.THINGD_MCP_SOURCE,
+        stream: env.THINGD_MCP_AUDIT_STREAM,
+    };
+}
+export function readCliValue(args, index, name) {
+    const value = args[index + 1];
+    if (!value) {
+        throw new Error(`${name} requires a value`);
+    }
+    return value;
+}
+export function ensureHttpRuntimeIsSafe(options) {
+    const authToken = options.authToken?.trim();
+    if (authToken || options.allowUnauthenticated || isLoopbackHost(options.host)) {
+        return;
+    }
+    throw new Error("THINGD_AUTH_TOKEN is required when the HTTP MCP runtime binds to a non-loopback host. Set THINGD_AUTH_TOKEN or THINGD_ALLOW_UNAUTHENTICATED=true for local-only experiments.");
+}
+function isLoopbackHost(host) {
+    const normalized = host.toLowerCase();
+    return (normalized === "localhost" ||
+        normalized === "127.0.0.1" ||
+        normalized === "::1" ||
+        normalized === "[::1]");
+}

package/dist/mcp/http.d.ts

@@ -0,0 +1,24 @@
+import { type Server } from "node:http";
+import type { ThingdMcpAuditOptions } from "./audit.js";
+import { type ThingdClusterOptions } from "./cluster.js";
+import { type ThingDStorageDriver } from "./config.js";
+export type ThingdHttpServerOptions = {
+    path: string;
+    driver?: ThingDStorageDriver;
+    host?: string;
+    port?: number;
+    authToken?: string;
+    allowUnauthenticated?: boolean;
+    audit?: ThingdMcpAuditOptions | false;
+    cluster?: ThingdClusterOptions;
+    mcpPath?: string;
+    healthPath?: string;
+};
+export type RunningThingdHttpServer = {
+    server: Server;
+    url: string;
+    mcpUrl: string;
+    close(): Promise<void>;
+};
+export declare function startThingdHttpServer(options: ThingdHttpServerOptions): Promise<RunningThingdHttpServer>;
+//# sourceMappingURL=http.d.ts.map

package/dist/mcp/http.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"http.d.ts","sourceRoot":"","sources":["../../src/mcp/http.ts"],"names":[],"mappings":"AAAA,OAAO,EAAsC,KAAK,MAAM,EAAuB,MAAM,WAAW,CAAC;AAGjG,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AACxD,OAAO,EAKL,KAAK,oBAAoB,EAC1B,MAAM,cAAc,CAAC;AACtB,OAAO,EAA2B,KAAK,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAGhF,MAAM,MAAM,uBAAuB,GAAG;IACpC,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,CAAC,EAAE,mBAAmB,CAAC;IAC7B,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,oBAAoB,CAAC,EAAE,OAAO,CAAC;IAC/B,KAAK,CAAC,EAAE,qBAAqB,GAAG,KAAK,CAAC;IACtC,OAAO,CAAC,EAAE,oBAAoB,CAAC;IAC/B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,CAAC;AAEF,MAAM,MAAM,uBAAuB,GAAG;IACpC,MAAM,EAAE,MAAM,CAAC;IACf,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;CACxB,CAAC;AAYF,wBAAsB,qBAAqB,CACzC,OAAO,EAAE,uBAAuB,GAC/B,OAAO,CAAC,uBAAuB,CAAC,CAwClC"}

package/dist/mcp/http.js

@@ -0,0 +1,213 @@
+import { createServer } from "node:http";
+import { StreamableHTTPServerTransport } from "@modelcontextprotocol/sdk/server/streamableHttp.js";
+import { ThingD } from "thingd";
+import { clusterStatus, forwardMcpRequestToLeader, resolveClusterOptions, } from "./cluster.js";
+import { ensureHttpRuntimeIsSafe } from "./config.js";
+import { createThingdMcpServer } from "./server.js";
+export async function startThingdHttpServer(options) {
+    const host = options.host ?? "127.0.0.1";
+    const port = options.port ?? 8757;
+    ensureHttpRuntimeIsSafe({
+        host,
+        authToken: options.authToken,
+        allowUnauthenticated: options.allowUnauthenticated,
+    });
+    const db = await ThingD.open({
+        path: options.path,
+        driver: options.driver,
+    });
+    const cluster = resolveClusterOptions(options.cluster);
+    const state = {
+        db,
+        authToken: options.authToken,
+        mcpPath: options.mcpPath ?? "/mcp",
+        healthPath: options.healthPath ?? "/healthz",
+        driver: options.driver ?? "memory",
+        audit: options.audit,
+        cluster,
+    };
+    const server = createServer((request, response) => {
+        void handleRequest(state, request, response);
+    });
+    await listen(server, port, host);
+    const address = server.address();
+    const resolvedPort = typeof address === "object" && address ? address.port : port;
+    const displayHost = host === "0.0.0.0" ? "127.0.0.1" : host;
+    const url = `http://${displayHost}:${resolvedPort}`;
+    return {
+        server,
+        url,
+        mcpUrl: `${url}${state.mcpPath}`,
+        close: () => close(server),
+    };
+}
+async function handleRequest(state, request, response) {
+    try {
+        setCommonHeaders(response);
+        const path = requestPath(request);
+        if (request.method === "OPTIONS") {
+            response.writeHead(204);
+            response.end();
+            return;
+        }
+        if (path === state.healthPath) {
+            handleHealth(state, request, response);
+            return;
+        }
+        if (path === state.cluster.statusPath) {
+            handleClusterStatus(state, request, response);
+            return;
+        }
+        if (path === state.cluster.peersPath) {
+            handleClusterPeers(state, request, response);
+            return;
+        }
+        if (path !== state.mcpPath) {
+            writeJson(response, 404, {
+                error: "not_found",
+            });
+            return;
+        }
+        if (!isAuthorized(state, request)) {
+            response.setHeader("WWW-Authenticate", "Bearer");
+            writeJson(response, 401, {
+                error: "unauthorized",
+            });
+            return;
+        }
+        if (request.method !== "POST") {
+            response.setHeader("Allow", "POST, OPTIONS");
+            writeJson(response, 405, {
+                jsonrpc: "2.0",
+                error: {
+                    code: -32_000,
+                    message: "Method not allowed.",
+                },
+                id: null,
+            });
+            return;
+        }
+        if (state.cluster.mode === "follower") {
+            await forwardMcpRequestToLeader(state.cluster, state.mcpPath, request, response);
+            return;
+        }
+        await handleMcpRequest(state, request, response);
+    }
+    catch (error) {
+        if (!response.headersSent) {
+            writeJson(response, 500, {
+                jsonrpc: "2.0",
+                error: {
+                    code: -32_603,
+                    message: error instanceof Error ? error.message : "Internal server error",
+                },
+                id: null,
+            });
+            return;
+        }
+        response.end();
+    }
+}
+function handleHealth(state, request, response) {
+    if (request.method !== "GET" && request.method !== "HEAD") {
+        response.setHeader("Allow", "GET, HEAD, OPTIONS");
+        writeJson(response, 405, {
+            error: "method_not_allowed",
+        });
+        return;
+    }
+    writeJson(response, 200, {
+        ok: true,
+        service: "thingd-mcp",
+        driver: state.driver,
+        mcpPath: state.mcpPath,
+        cluster: clusterStatus(state.cluster),
+    }, request.method === "HEAD");
+}
+function handleClusterStatus(state, request, response) {
+    if (request.method !== "GET" && request.method !== "HEAD") {
+        response.setHeader("Allow", "GET, HEAD, OPTIONS");
+        writeJson(response, 405, {
+            error: "method_not_allowed",
+        });
+        return;
+    }
+    writeJson(response, 200, clusterStatus(state.cluster), request.method === "HEAD");
+}
+function handleClusterPeers(state, request, response) {
+    if (request.method !== "GET" && request.method !== "HEAD") {
+        response.setHeader("Allow", "GET, HEAD, OPTIONS");
+        writeJson(response, 405, {
+            error: "method_not_allowed",
+        });
+        return;
+    }
+    writeJson(response, 200, {
+        peers: state.cluster.peers,
+        discovery: state.cluster.discovery,
+    }, request.method === "HEAD");
+}
+async function handleMcpRequest(state, request, response) {
+    const server = createThingdMcpServer(state.db, {
+        audit: state.audit,
+    });
+    const transport = new StreamableHTTPServerTransport({
+        sessionIdGenerator: undefined,
+    });
+    response.on("close", () => {
+        void transport.close();
+        void server.close();
+    });
+    await server.connect(transport);
+    await transport.handleRequest(request, response);
+}
+function requestPath(request) {
+    return new URL(request.url ?? "/", "http://thingd.local").pathname;
+}
+function isAuthorized(state, request) {
+    if (!state.authToken) {
+        return true;
+    }
+    return request.headers.authorization === `Bearer ${state.authToken}`;
+}
+function setCommonHeaders(response) {
+    response.setHeader("Access-Control-Allow-Origin", "*");
+    response.setHeader("Access-Control-Allow-Headers", "Authorization, Content-Type, MCP-Protocol-Version");
+    response.setHeader("Access-Control-Allow-Methods", "POST, GET, HEAD, OPTIONS");
+}
+function writeJson(response, statusCode, body, headersOnly = false) {
+    response.writeHead(statusCode, {
+        "Content-Type": "application/json",
+    });
+    if (headersOnly) {
+        response.end();
+        return;
+    }
+    response.end(JSON.stringify(body));
+}
+function listen(server, port, host) {
+    return new Promise((resolve, reject) => {
+        const onError = (error) => {
+            server.off("listening", onListening);
+            reject(error);
+        };
+        const onListening = () => {
+            server.off("error", onError);
+            resolve();
+        };
+        server.once("error", onError);
+        server.once("listening", onListening);
+        server.listen(port, host);
+    });
+}
+function close(server) {
+    return new Promise((resolve, reject) => {
+        server.close((error) => {
+            if (error) {
+                reject(error);
+                return;
+            }
+            resolve();
+        });
+    });
+}

package/dist/mcp/index.d.ts

@@ -0,0 +1,9 @@
+export type { ThingdMcpAuditMetadata, ThingdMcpAuditOptions } from "./audit.js";
+export type { ResolvedThingdClusterOptions, ThingdClusterDiscovery, ThingdClusterMode, ThingdClusterOptions, ThingdClusterStatus, } from "./cluster.js";
+export type { RunningThingdHttpServer, ThingdHttpServerOptions } from "./http.js";
+export { startThingdHttpServer } from "./http.js";
+export type { ThingdMcpServerOptions } from "./server.js";
+export { createThingdMcpServer } from "./server.js";
+export type { RegisterThingdToolsOptions } from "./tools.js";
+export { registerThingdTools } from "./tools.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/mcp/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/mcp/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,sBAAsB,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AAChF,YAAY,EACV,4BAA4B,EAC5B,sBAAsB,EACtB,iBAAiB,EACjB,oBAAoB,EACpB,mBAAmB,GACpB,MAAM,cAAc,CAAC;AACtB,YAAY,EAAE,uBAAuB,EAAE,uBAAuB,EAAE,MAAM,WAAW,CAAC;AAClF,OAAO,EAAE,qBAAqB,EAAE,MAAM,WAAW,CAAC;AAClD,YAAY,EAAE,sBAAsB,EAAE,MAAM,aAAa,CAAC;AAC1D,OAAO,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AACpD,YAAY,EAAE,0BAA0B,EAAE,MAAM,YAAY,CAAC;AAC7D,OAAO,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAC"}

package/dist/mcp/index.js

@@ -0,0 +1,3 @@
+export { startThingdHttpServer } from "./http.js";
+export { createThingdMcpServer } from "./server.js";
+export { registerThingdTools } from "./tools.js";

package/dist/mcp/result.d.ts

@@ -0,0 +1,3 @@
+import type { CallToolResult } from "@modelcontextprotocol/sdk/types.js";
+export declare function jsonResult(value: unknown): CallToolResult;
+//# sourceMappingURL=result.d.ts.map

package/dist/mcp/result.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"result.d.ts","sourceRoot":"","sources":["../../src/mcp/result.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,oCAAoC,CAAC;AAEzE,wBAAgB,UAAU,CAAC,KAAK,EAAE,OAAO,GAAG,cAAc,CASzD"}

package/dist/mcp/result.js

@@ -0,0 +1,10 @@
+export function jsonResult(value) {
+    return {
+        content: [
+            {
+                type: "text",
+                text: JSON.stringify(value, null, 2),
+            },
+        ],
+    };
+}

package/dist/mcp/server.d.ts

@@ -0,0 +1,8 @@
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+import type { ThingD } from "thingd";
+import type { ThingdMcpAuditOptions } from "./audit.js";
+export type ThingdMcpServerOptions = {
+    audit?: ThingdMcpAuditOptions | false;
+};
+export declare function createThingdMcpServer(db: ThingD, options?: ThingdMcpServerOptions): McpServer;
+//# sourceMappingURL=server.d.ts.map

package/dist/mcp/server.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/mcp/server.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACpE,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AACrC,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AAGxD,MAAM,MAAM,sBAAsB,GAAG;IACnC,KAAK,CAAC,EAAE,qBAAqB,GAAG,KAAK,CAAC;CACvC,CAAC;AAEF,wBAAgB,qBAAqB,CAAC,EAAE,EAAE,MAAM,EAAE,OAAO,GAAE,sBAA2B,GAAG,SAAS,CAcjG"}

package/dist/mcp/server.js

@@ -0,0 +1,12 @@
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+import { registerThingdTools } from "./tools.js";
+export function createThingdMcpServer(db, options = {}) {
+    const server = new McpServer({
+        name: "thingd",
+        version: "0.1.0",
+    }, {
+        instructions: "Use thingd tools to search, read, write, and queue work in an object-shaped local memory store. Prefer searching before writing duplicate memory.",
+    });
+    registerThingdTools(server, db, options);
+    return server;
+}

package/dist/mcp/tools.d.ts

@@ -0,0 +1,8 @@
+import type { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+import type { ThingD } from "thingd";
+import { type ThingdMcpAuditOptions } from "./audit.js";
+export type RegisterThingdToolsOptions = {
+    audit?: ThingdMcpAuditOptions | false;
+};
+export declare function registerThingdTools(server: McpServer, db: ThingD, options?: RegisterThingdToolsOptions): void;
+//# sourceMappingURL=tools.d.ts.map

package/dist/mcp/tools.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"tools.d.ts","sourceRoot":"","sources":["../../src/mcp/tools.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACzE,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAErC,OAAO,EAIL,KAAK,qBAAqB,EAC3B,MAAM,YAAY,CAAC;AAWpB,MAAM,MAAM,0BAA0B,GAAG;IACvC,KAAK,CAAC,EAAE,qBAAqB,GAAG,KAAK,CAAC;CACvC,CAAC;AAEF,wBAAgB,mBAAmB,CACjC,MAAM,EAAE,SAAS,EACjB,EAAE,EAAE,MAAM,EACV,OAAO,GAAE,0BAA+B,GACvC,IAAI,CA6WN"}

package/dist/mcp/tools.js

@@ -0,0 +1,314 @@
+import { z } from "zod";
+import { appendMcpAuditEvent, resolveThingdMcpAuditOptions, } from "./audit.js";
+import { jsonResult } from "./result.js";
+const memoryObjectSchema = z.object({ id: z.string().min(1) }).catchall(z.unknown());
+const memoryEventSchema = z.object({ type: z.string().min(1) }).catchall(z.unknown());
+const objectPayloadSchema = z.record(z.string(), z.unknown());
+const auditInputSchema = {
+    actor: z.string().min(1).optional(),
+    source: z.string().min(1).optional(),
+};
+export function registerThingdTools(server, db, options = {}) {
+    const audit = resolveThingdMcpAuditOptions(options.audit);
+    server.registerTool("thing.search", {
+        title: "Search Memory",
+        description: "Search thingd objects and events by text.",
+        inputSchema: {
+            query: z.string().min(1),
+            collections: z.array(z.string().min(1)).optional(),
+            limit: z.number().int().positive().max(100).optional(),
+        },
+        annotations: {
+            readOnlyHint: true,
+            destructiveHint: false,
+            idempotentHint: true,
+            openWorldHint: false,
+        },
+    }, async ({ query, collections, limit }) => jsonResult(await db.search(query, { collections, limit })));
+    server.registerTool("thing.get", {
+        title: "Get Object",
+        description: "Read one thingd object by collection and id.",
+        inputSchema: {
+            collection: z.string().min(1),
+            id: z.string().min(1),
+        },
+        annotations: {
+            readOnlyHint: true,
+            destructiveHint: false,
+            idempotentHint: true,
+            openWorldHint: false,
+        },
+    }, async ({ collection, id }) => jsonResult(await db.get(collection, id)));
+    server.registerTool("thing.put", {
+        title: "Put Object",
+        description: "Create or replace one object-shaped memory record.",
+        inputSchema: {
+            collection: z.string().min(1),
+            object: memoryObjectSchema,
+            ...auditInputSchema,
+        },
+        annotations: {
+            readOnlyHint: false,
+            destructiveHint: false,
+            idempotentHint: false,
+            openWorldHint: false,
+        },
+    }, async ({ collection, object, actor, source }) => {
+        const stored = await db.put(collection, object);
+        await appendMcpAuditEvent(db, audit, {
+            action: "objects.put",
+            target: {
+                collection,
+                id: stored.id,
+            },
+            metadata: auditMetadata(actor, source),
+            result: {
+                collection: stored.collection,
+                id: stored.id,
+                version: stored.version,
+            },
+        });
+        return jsonResult(stored);
+    });
+    server.registerTool("thing.delete", {
+        title: "Delete Object",
+        description: "Delete one thingd object by collection and id.",
+        inputSchema: {
+            collection: z.string().min(1),
+            id: z.string().min(1),
+            ...auditInputSchema,
+        },
+        annotations: {
+            readOnlyHint: false,
+            destructiveHint: true,
+            idempotentHint: true,
+            openWorldHint: false,
+        },
+    }, async ({ collection, id, actor, source }) => {
+        const result = await db.delete(collection, id);
+        await appendMcpAuditEvent(db, audit, {
+            action: "objects.delete",
+            target: {
+                collection,
+                id,
+            },
+            metadata: auditMetadata(actor, source),
+            result,
+        });
+        return jsonResult(result);
+    });
+    server.registerTool("thing.events.append", {
+        title: "Append Event",
+        description: "Append an event to a thingd stream.",
+        inputSchema: {
+            stream: z.string().min(1),
+            event: memoryEventSchema,
+            ...auditInputSchema,
+        },
+        annotations: {
+            readOnlyHint: false,
+            destructiveHint: false,
+            idempotentHint: false,
+            openWorldHint: false,
+        },
+    }, async ({ stream, event, actor, source }) => {
+        const stored = await db.events.append(stream, event);
+        await appendMcpAuditEvent(db, audit, {
+            action: "events.append",
+            target: {
+                stream,
+                eventType: stored.type,
+                eventId: stored.id,
+            },
+            metadata: auditMetadata(actor, source),
+            result: {
+                id: stored.id,
+                stream: stored.stream,
+            },
+        });
+        return jsonResult(stored);
+    });
+    server.registerTool("thing.events.list", {
+        title: "List Events",
+        description: "List thingd events, optionally filtered by stream.",
+        inputSchema: {
+            stream: z.string().min(1).optional(),
+        },
+        annotations: {
+            readOnlyHint: true,
+            destructiveHint: false,
+            idempotentHint: true,
+            openWorldHint: false,
+        },
+    }, async ({ stream }) => jsonResult(await db.events.list(stream)));
+    server.registerTool("thing.queue.push", {
+        title: "Push Queue Job",
+        description: "Push a durable job onto a thingd queue.",
+        inputSchema: {
+            queue: z.string().min(1),
+            payload: objectPayloadSchema,
+            idempotencyKey: z.string().min(1).optional(),
+            maxAttempts: z.number().int().positive().max(100).optional(),
+            delayMs: z.number().int().min(0).optional(),
+            ...auditInputSchema,
+        },
+        annotations: {
+            readOnlyHint: false,
+            destructiveHint: false,
+            idempotentHint: false,
+            openWorldHint: false,
+        },
+    }, async ({ queue, payload, idempotencyKey, maxAttempts, delayMs, actor, source }) => {
+        const job = await db.queue(queue).push(payload, {
+            idempotencyKey,
+            maxAttempts,
+            delayMs,
+        });
+        await appendMcpAuditEvent(db, audit, {
+            action: "queue.push",
+            target: {
+                queue,
+                id: job.id,
+            },
+            metadata: auditMetadata(actor, source),
+            result: {
+                id: job.id,
+                queue: job.queue,
+                status: job.status,
+            },
+        });
+        return jsonResult(job);
+    });
+    server.registerTool("thing.queue.claim", {
+        title: "Claim Queue Job",
+        description: "Claim the next ready job from a thingd queue.",
+        inputSchema: {
+            queue: z.string().min(1),
+            leaseMs: z.number().int().optional(),
+            ...auditInputSchema,
+        },
+        annotations: {
+            readOnlyHint: false,
+            destructiveHint: false,
+            idempotentHint: false,
+            openWorldHint: false,
+        },
+    }, async ({ queue, leaseMs, actor, source }) => {
+        const job = await db.queue(queue).claim({ leaseMs });
+        if (job) {
+            await appendMcpAuditEvent(db, audit, {
+                action: "queue.claim",
+                target: {
+                    queue,
+                    id: job.id,
+                },
+                metadata: auditMetadata(actor, source),
+                result: {
+                    id: job.id,
+                    queue: job.queue,
+                    status: job.status,
+                    attempts: job.attempts,
+                },
+            });
+        }
+        return jsonResult(job);
+    });
+    server.registerTool("thing.queue.ack", {
+        title: "Acknowledge Queue Job",
+        description: "Mark one leased queue job as completed.",
+        inputSchema: {
+            queue: z.string().min(1),
+            id: z.string().min(1),
+            ...auditInputSchema,
+        },
+        annotations: {
+            readOnlyHint: false,
+            destructiveHint: false,
+            idempotentHint: false,
+            openWorldHint: false,
+        },
+    }, async ({ queue, id, actor, source }) => {
+        const result = await db.queue(queue).ack(id);
+        if (result.ok) {
+            await appendMcpAuditEvent(db, audit, {
+                action: "queue.ack",
+                target: {
+                    queue,
+                    id,
+                },
+                metadata: auditMetadata(actor, source),
+                result: {
+                    ok: true,
+                    status: result.job.status,
+                },
+            });
+        }
+        return jsonResult(result);
+    });
+    server.registerTool("thing.queue.nack", {
+        title: "Reject Queue Job",
+        description: "Reject a leased queue job for retry or dead-letter routing.",
+        inputSchema: {
+            queue: z.string().min(1),
+            id: z.string().min(1),
+            delayMs: z.number().int().min(0).optional(),
+            error: z.string().optional(),
+            ...auditInputSchema,
+        },
+        annotations: {
+            readOnlyHint: false,
+            destructiveHint: false,
+            idempotentHint: false,
+            openWorldHint: false,
+        },
+    }, async ({ queue, id, delayMs, error, actor, source }) => {
+        const result = await db.queue(queue).nack(id, { delayMs, error });
+        if (result.ok) {
+            await appendMcpAuditEvent(db, audit, {
+                action: "queue.nack",
+                target: {
+                    queue,
+                    id,
+                },
+                metadata: auditMetadata(actor, source),
+                result: {
+                    ok: true,
+                    status: result.job.status,
+                },
+            });
+        }
+        return jsonResult(result);
+    });
+    server.registerTool("thing.queue.list", {
+        title: "List Queue Jobs",
+        description: "List jobs in a thingd queue.",
+        inputSchema: {
+            queue: z.string().min(1),
+        },
+        annotations: {
+            readOnlyHint: true,
+            destructiveHint: false,
+            idempotentHint: true,
+            openWorldHint: false,
+        },
+    }, async ({ queue }) => jsonResult(await db.queue(queue).list()));
+    server.registerTool("thing.queue.dead", {
+        title: "List Dead Queue Jobs",
+        description: "List dead-letter jobs in a thingd queue.",
+        inputSchema: {
+            queue: z.string().min(1),
+        },
+        annotations: {
+            readOnlyHint: true,
+            destructiveHint: false,
+            idempotentHint: true,
+            openWorldHint: false,
+        },
+    }, async ({ queue }) => jsonResult(await db.queue(queue).dead()));
+}
+function auditMetadata(actor, source) {
+    return {
+        actor,
+        source,
+    };
+}

package/dist/mcp-http.d.ts

@@ -0,0 +1,3 @@
+import type { CliContext } from "./index.js";
+export declare function runMcpHttp(context: CliContext): Promise<void>;
+//# sourceMappingURL=mcp-http.d.ts.map

package/dist/mcp-http.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"mcp-http.d.ts","sourceRoot":"","sources":["../src/mcp-http.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAK7C,wBAAsB,UAAU,CAAC,OAAO,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CAwCnE"}

package/dist/mcp-http.js

@@ -0,0 +1,36 @@
+import { readClusterOptionsFromEnv } from "./mcp/cluster.js";
+import { parsePort, parseThingdDriver, readMcpAuditOptionsFromEnv } from "./mcp/config.js";
+import { startThingdHttpServer } from "./mcp/http.js";
+export async function runMcpHttp(context) {
+    const parsed = context.parsed;
+    // Resolve port, host, allowUnauthenticated, etc. from flags or env
+    const portStr = parsed.flags.get("port")?.at(-1) ?? context.env.THINGD_PORT;
+    const host = parsed.flags.get("host")?.at(-1) ?? context.env.THINGD_HOST ?? "127.0.0.1";
+    const path = parsed.flags.get("path")?.at(-1) ?? context.env.THINGD_PATH ?? ":memory:";
+    const driverStr = parsed.flags.get("driver")?.at(-1) ?? context.env.THINGD_DRIVER;
+    const authToken = parsed.flags.get("auth-token")?.at(-1) ?? context.env.THINGD_AUTH_TOKEN;
+    const allowUnauthenticated = parsed.booleans.has("allow-unauthenticated") || parsed.flags.has("allow-unauthenticated");
+    const port = parsePort(portStr, 8757);
+    const driver = parseThingdDriver(driverStr);
+    if (!authToken) {
+        console.error("thingd-mcp HTTP runtime is starting without THINGD_AUTH_TOKEN.");
+    }
+    const runtime = await startThingdHttpServer({
+        path,
+        driver,
+        host,
+        port,
+        authToken,
+        allowUnauthenticated,
+        audit: readMcpAuditOptionsFromEnv(context.env),
+        cluster: readClusterOptionsFromEnv(context.env),
+    });
+    console.error(`thingd MCP HTTP runtime listening at ${runtime.mcpUrl}`);
+    for (const signal of ["SIGINT", "SIGTERM"]) {
+        process.once(signal, () => {
+            void runtime.close().finally(() => process.exit(0));
+        });
+    }
+    // Keep the process alive
+    return new Promise(() => { });
+}

package/dist/mcp.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"mcp.d.ts","sourceRoot":"","sources":["../src/mcp.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,KAAK,UAAU,EAAU,MAAM,YAAY,CAAC;AAErD,wBAAsB,MAAM,CAAC,OAAO,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CAY/D"}
+{"version":3,"file":"mcp.d.ts","sourceRoot":"","sources":["../src/mcp.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,KAAK,UAAU,EAAU,MAAM,YAAY,CAAC;AAGrD,wBAAsB,MAAM,CAAC,OAAO,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CAY/D"}

package/dist/mcp.js

@@ -1,6 +1,6 @@
 import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
-import { createThingdMcpServer } from "thingd-mcp";
 import { withDb } from "./index.js";
+import { createThingdMcpServer } from "./mcp/index.js";
 export async function runMcp(context) {
     await withDb(context, async (db) => {
         // We pass empty options to createThingdMcpServer so it uses default audit behavior

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "thingd-cli",
-  "version": "0.3.0",
+  "version": "0.4.0",
   "description": "Admin and operator CLI for thingd.",
   "type": "module",
   "author": "Sayan Mohsin",
@@ -32,8 +32,8 @@
     "@modelcontextprotocol/sdk": "^1.29.0",
     "cli-table3": "^0.6.5",
     "picocolors": "^1.1.1",
-    "thingd": "0.3.0",
-    "thingd-mcp": "0.1.0"
+    "zod": "^4.4.3",
+    "thingd": "0.4.0"
   },
   "engines": {
     "node": ">=20"