toolception 0.5.0 → 0.5.2

package/dist/index.js

@@ -2,12 +2,12 @@ var P = (r) => {
   throw TypeError(r);
 };
 var ee = (r, e, s) => e.has(r) || P("Cannot " + s);
-var T = (r, e, s) => e.has(r) ? P("Cannot add the same private member more than once") : e instanceof WeakSet ? e.add(r) : e.set(r, s);
+var w = (r, e, s) => e.has(r) ? P("Cannot add the same private member more than once") : e instanceof WeakSet ? e.add(r) : e.set(r, s);
 var f = (r, e, s) => (ee(r, e, "access private method"), s);
-import { z as b } from "zod";
+import { z as p } from "zod";
 import N from "fastify";
 import j from "@fastify/cors";
-import { randomUUID as y } from "node:crypto";
+import { randomUUID as v } from "node:crypto";
 import { StreamableHTTPServerTransport as k } from "@modelcontextprotocol/sdk/server/streamableHttp.js";
 import { isInitializeRequest as D } from "@modelcontextprotocol/sdk/types.js";
 const L = {
@@ -167,7 +167,7 @@ class R extends Error {
     super(e), this.name = "ToolingError", this.code = s, this.details = t;
   }
 }
-class z {
+class O {
   constructor(e = {}) {
     this.names = /* @__PURE__ */ new Set(), this.toolsetToNames = /* @__PURE__ */ new Map(), this.options = {
       namespaceWithToolset: e.namespaceWithToolset ?? !0
@@ -215,7 +215,7 @@ class z {
 }
 class oe {
   constructor(e) {
-    this.activeToolsets = /* @__PURE__ */ new Set(), this.server = e.server, this.resolver = e.resolver, this.context = e.context, this.onToolsListChanged = e.onToolsListChanged, this.exposurePolicy = e.exposurePolicy, this.toolRegistry = e.toolRegistry ?? new z({ namespaceWithToolset: !0 });
+    this.activeToolsets = /* @__PURE__ */ new Set(), this.server = e.server, this.resolver = e.resolver, this.context = e.context, this.onToolsListChanged = e.onToolsListChanged, this.exposurePolicy = e.exposurePolicy, this.toolRegistry = e.toolRegistry ?? new O({ namespaceWithToolset: !0 });
   }
   /**
    * Sends a tool list change notification if configured.
@@ -399,7 +399,7 @@ function re(r, e, s) {
   (s?.mode ?? "DYNAMIC") === "DYNAMIC" && (r.tool(
     "enable_toolset",
     "Enable a toolset by name",
-    { name: b.string().describe("Toolset name") },
+    { name: p.string().describe("Toolset name") },
     async (o) => {
       const i = await e.enableToolset(o.name);
       return {
@@ -409,7 +409,7 @@ function re(r, e, s) {
   ), r.tool(
     "disable_toolset",
     "Disable a toolset by name (state only)",
-    { name: b.string().describe("Toolset name") },
+    { name: p.string().describe("Toolset name") },
     async (o) => {
       const i = await e.disableToolset(o.name);
       return {
@@ -444,7 +444,7 @@ function re(r, e, s) {
   ), r.tool(
     "describe_toolset",
     "Describe a toolset with definition, active status and tools",
-    { name: b.string().describe("Toolset name") },
+    { name: p.string().describe("Toolset name") },
     async (o) => {
       const i = e.getToolsetDefinition(o.name), n = e.getStatus().toolsetToTools;
       if (!i)
@@ -486,7 +486,7 @@ function re(r, e, s) {
     }
   );
 }
-class w {
+class b {
   constructor(e) {
     this.initError = null, this.toolsetValidator = new se();
     const s = e.startup ?? {}, t = this.resolveStartupConfig(s, e.catalog);
@@ -494,7 +494,7 @@ class w {
       catalog: e.catalog,
       moduleLoaders: e.moduleLoaders
     });
-    const o = new z({
+    const o = new O({
       namespaceWithToolset: e.exposurePolicy?.namespaceToolsWithSetKey ?? !0
     });
     this.manager = new oe({
@@ -581,10 +581,10 @@ class w {
     return this.manager;
   }
 }
-var v, S;
-class O {
+var T, S;
+class z {
   constructor(e = {}) {
-    T(this, v);
+    w(this, T);
     this.storage = /* @__PURE__ */ new Map(), this.maxSize = e.maxSize ?? 1e3, this.ttlMs = e.ttlMs ?? 1e3 * 60 * 60, this.onEvict = e.onEvict;
     const s = e.pruneIntervalMs ?? 1e3 * 60 * 10;
     this.pruneInterval = setInterval(() => this.pruneExpired(), s);
@@ -614,7 +614,7 @@ class O {
    */
   delete(e) {
     const s = this.storage.get(e);
-    s && (this.storage.delete(e), f(this, v, S).call(this, e, s.resource));
+    s && (this.storage.delete(e), f(this, T, S).call(this, e, s.resource));
   }
   /**
    * Stops the background pruning interval and optionally clears all entries.
@@ -631,7 +631,7 @@ class O {
     const e = Array.from(this.storage.entries());
     this.storage.clear();
     for (const [s, t] of e)
-      f(this, v, S).call(this, s, t.resource);
+      f(this, T, S).call(this, s, t.resource);
   }
   /**
    * Evicts the least recently used entry from the cache.
@@ -653,7 +653,7 @@ class O {
       this.delete(t);
   }
 }
-v = new WeakSet(), /**
+T = new WeakSet(), /**
  * Safely calls the evict callback, catching and logging any errors.
  * @param key - The key being evicted
  * @param resource - The resource being evicted
@@ -685,7 +685,7 @@ function V(r, e, s, t) {
     const a = i.method.toLowerCase();
     r[a](n, async (c, d) => {
       try {
-        const u = c.headers["mcp-client-id"]?.trim(), p = u && u.length > 0 ? u : `anon-${y()}`;
+        const u = c.headers["mcp-client-id"]?.trim(), y = u && u.length > 0 ? u : `anon-${v()}`;
         let C;
         if (i.bodySchema) {
           const m = i.bodySchema.safeParse(c.body);
@@ -693,26 +693,26 @@ function V(r, e, s, t) {
             return A(d, "body", m.error);
           C = m.data;
         }
-        let x = {};
+        let I = {};
         if (i.querySchema) {
           const m = i.querySchema.safeParse(c.query);
           if (!m.success)
             return A(d, "query", m.error);
-          x = m.data;
+          I = m.data;
         }
-        let I = {};
+        let x = {};
         if (i.paramsSchema) {
           const m = i.paramsSchema.safeParse(c.params);
           if (!m.success)
             return A(d, "params", m.error);
-          I = m.data;
+          x = m.data;
         }
         const M = {
           body: C,
-          query: x,
-          params: I,
+          query: I,
+          params: x,
           headers: c.headers,
-          clientId: p
+          clientId: y
         };
         if (t?.contextExtractor) {
           const m = await t.contextExtractor(c);
@@ -757,7 +757,7 @@ function A(r, e, s) {
 }
 class ie {
   constructor(e, s, t = {}, o) {
-    this.app = null, this.clientCache = new O({
+    this.app = null, this.clientCache = new z({
       onEvict: (i, n) => {
         this.cleanupBundle(n);
       }
@@ -788,14 +788,14 @@ class ie {
     })), e.post(
       `${s}/mcp`,
       async (t, o) => {
-        const i = t.headers["mcp-client-id"]?.trim(), n = i && i.length > 0 ? i : `anon-${y()}`, l = !n.startsWith("anon-");
+        const i = t.headers["mcp-client-id"]?.trim(), n = i && i.length > 0 ? i : `anon-${v()}`, l = !n.startsWith("anon-");
         let a = l ? this.clientCache.get(n) : null;
         if (!a) {
-          const u = this.createBundle(), p = u.sessions;
+          const u = this.createBundle(), y = u.sessions;
           a = {
             server: u.server,
             orchestrator: u.orchestrator,
-            sessions: p instanceof Map ? p : /* @__PURE__ */ new Map()
+            sessions: y instanceof Map ? y : /* @__PURE__ */ new Map()
           }, l && this.clientCache.set(n, a);
         }
         const c = t.headers["mcp-session-id"];
@@ -803,11 +803,11 @@ class ie {
         if (c && a.sessions.get(c))
           d = a.sessions.get(c);
         else if (!c && D(t.body)) {
-          const u = y();
+          const u = v();
           d = new k({
             sessionIdGenerator: () => u,
-            onsessioninitialized: (p) => {
-              a.sessions.set(p, d);
+            onsessioninitialized: (y) => {
+              a.sessions.set(y, d);
             }
           });
           try {
@@ -904,7 +904,26 @@ class ie {
     e.sessions.clear();
   }
 }
-async function Se(r) {
+const ne = p.object({
+  mode: p.enum(["DYNAMIC", "STATIC"]).optional(),
+  toolsets: p.union([p.array(p.string()), p.literal("ALL")]).optional()
+}).strict();
+async function Ee(r) {
+  if (r.startup)
+    try {
+      ne.parse(r.startup);
+    } catch (a) {
+      if (a instanceof p.ZodError) {
+        const c = a.format();
+        throw new Error(
+          `Invalid startup configuration:
+${JSON.stringify(c, null, 2)}
+
+Hint: Common mistake - use "toolsets" not "initialToolsets"`
+        );
+      }
+      throw a;
+    }
   const e = r.startup?.mode ?? "DYNAMIC";
   if (typeof r.createServer != "function")
     throw new Error("createMcpServer: `createServer` (factory) is required");
@@ -922,7 +941,7 @@ async function Se(r) {
         return;
       console.warn("Failed to send tools list changed notification:", c);
     }
-  }, n = new w({
+  }, n = new b({
     server: s,
     catalog: r.catalog,
     moduleLoaders: r.moduleLoaders,
@@ -931,12 +950,14 @@ async function Se(r) {
     notifyToolsListChanged: async () => i(s),
     startup: r.startup,
     registerMetaTools: r.registerMetaTools !== void 0 ? r.registerMetaTools : e === "DYNAMIC"
-  }), l = new ie(
+  });
+  e === "STATIC" && await n.ensureReady();
+  const l = new ie(
     n.getManager(),
     () => {
       if (e === "STATIC")
         return { server: s, orchestrator: n };
-      const a = r.createServer(), c = new w({
+      const a = r.createServer(), c = new b({
         server: a,
         catalog: r.catalog,
         moduleLoaders: r.moduleLoaders,
@@ -961,16 +982,16 @@ async function Se(r) {
     }
   };
 }
-function ne(r) {
-  ae(r), le(r), ce(r), de(r);
-}
 function ae(r) {
+  le(r), ce(r), de(r), he(r);
+}
+function le(r) {
   if (!r || typeof r != "object")
     throw new Error(
       "Permission configuration is required for createPermissionBasedMcpServer"
     );
 }
-function le(r) {
+function ce(r) {
   if (!r.source)
     throw new Error('Permission source must be either "headers" or "config"');
   if (r.source !== "headers" && r.source !== "config")
@@ -978,19 +999,19 @@ function le(r) {
       `Invalid permission source: "${r.source}". Must be either "headers" or "config"`
     );
 }
-function ce(r) {
+function de(r) {
   if (r.source === "config" && !r.staticMap && !r.resolver)
     throw new Error(
       "Config-based permissions require at least one of: staticMap or resolver function"
     );
 }
-function de(r) {
+function he(r) {
   if (r.staticMap !== void 0) {
     if (typeof r.staticMap != "object" || r.staticMap === null)
       throw new Error(
         "staticMap must be an object mapping client IDs to toolset arrays"
       );
-    he(r.staticMap);
+    ue(r.staticMap);
   }
   if (r.resolver !== void 0 && typeof r.resolver != "function")
     throw new Error(
@@ -1001,21 +1022,21 @@ function de(r) {
   if (r.headerName !== void 0 && (typeof r.headerName != "string" || r.headerName.length === 0))
     throw new Error("headerName must be a non-empty string");
 }
-function he(r) {
+function ue(r) {
   for (const [e, s] of Object.entries(r))
     if (!Array.isArray(s))
       throw new Error(
         `staticMap value for client "${e}" must be an array of toolset names`
       );
 }
-var g, F, _, B, H, W;
-class ue {
+var g, F, _, B, H, Y;
+class fe {
   /**
    * Creates a new PermissionResolver instance.
    * @param config - The permission configuration defining how permissions are resolved
    */
   constructor(e) {
-    T(this, g);
+    w(this, g);
     this.config = e, this.cache = /* @__PURE__ */ new Map(), this.normalizedHeaderName = (e.headerName || "mcp-toolset-permissions").toLowerCase();
   }
   /**
@@ -1117,7 +1138,7 @@ B = function(e) {
       return s;
   }
   if (this.config.staticMap) {
-    const s = f(this, g, W).call(this, e);
+    const s = f(this, g, Y).call(this, e);
     if (s !== null)
       return s;
   }
@@ -1148,11 +1169,11 @@ H = function(e) {
  * @returns Array of toolset names if found, null if client not in map
  * @private
  */
-W = function(e) {
+Y = function(e) {
   const s = this.config.staticMap[e];
   return s !== void 0 ? Array.isArray(s) ? s : [] : null;
 };
-function fe(r, e) {
+function me(r, e) {
   return async (s) => {
     const t = e.resolvePermissions(
       s.clientId,
@@ -1177,8 +1198,8 @@ function fe(r, e) {
     };
   };
 }
-var h, Y, U, q, J, G, K, Q, X, E, Z;
-class me {
+var h, W, U, q, J, G, K, Z, Q, E, X;
+class ge {
   /**
    * Creates a new PermissionAwareFastifyTransport instance.
    * @param defaultManager - Default tool manager for status endpoints
@@ -1187,10 +1208,10 @@ class me {
    * @param configSchema - Optional JSON schema for configuration discovery
    */
   constructor(e, s, t = {}, o) {
-    T(this, h);
-    this.app = null, this.clientCache = new O({
+    w(this, h);
+    this.app = null, this.clientCache = new z({
       onEvict: (i, n) => {
-        f(this, h, Y).call(this, n);
+        f(this, h, W).call(this, n);
       }
     }), this.defaultManager = e, this.createPermissionAwareBundle = s, this.options = {
       host: t.host ?? "0.0.0.0",
@@ -1211,7 +1232,7 @@ class me {
     const e = this.options.app ?? N({ logger: this.options.logger });
     this.options.cors && await e.register(j, { origin: !0 });
     const s = f(this, h, U).call(this, this.options.basePath);
-    f(this, h, q).call(this, e, s), f(this, h, J).call(this, e, s), f(this, h, G).call(this, e, s), f(this, h, K).call(this, e, s), f(this, h, Q).call(this, e, s), f(this, h, X).call(this, e, s), this.options.customEndpoints && this.options.customEndpoints.length > 0 && V(e, s, this.options.customEndpoints, {
+    f(this, h, q).call(this, e, s), f(this, h, J).call(this, e, s), f(this, h, G).call(this, e, s), f(this, h, K).call(this, e, s), f(this, h, Z).call(this, e, s), f(this, h, Q).call(this, e, s), this.options.customEndpoints && this.options.customEndpoints.length > 0 && V(e, s, this.options.customEndpoints, {
       contextExtractor: async (t) => {
         const o = f(this, h, E).call(this, t);
         try {
@@ -1245,7 +1266,7 @@ h = new WeakSet(), /**
  * @param bundle - The client bundle to clean up
  * @private
  */
-Y = function(e) {
+W = function(e) {
   for (const [s, t] of e.sessions.entries())
     try {
       typeof t.close == "function" && t.close().catch((o) => {
@@ -1327,14 +1348,14 @@ K = function(e, s) {
           return console.error(
             `Failed to create permission-aware bundle for client ${i.clientId}:`,
             d
-          ), o.code(403), f(this, h, Z).call(this, "Access denied");
+          ), o.code(403), f(this, h, X).call(this, "Access denied");
         }
       const a = t.headers["mcp-session-id"];
       let c;
       if (a && l.sessions.get(a))
         c = l.sessions.get(a);
       else if (!a && D(t.body)) {
-        const d = y();
+        const d = v();
         c = new k({
           sessionIdGenerator: () => d,
           onsessioninitialized: (u) => {
@@ -1372,7 +1393,7 @@ K = function(e, s) {
  * @param base - Base path for routes
  * @private
  */
-Q = function(e, s) {
+Z = function(e, s) {
   e.get(`${s}/mcp`, async (t, o) => {
     const i = t.headers["mcp-client-id"]?.trim(), n = i && i.length > 0 ? i : "";
     if (!n)
@@ -1392,7 +1413,7 @@ Q = function(e, s) {
  * @param base - Base path for routes
  * @private
  */
-X = function(e, s) {
+Q = function(e, s) {
   e.delete(
     `${s}/mcp`,
     async (t, o) => {
@@ -1433,7 +1454,7 @@ X = function(e, s) {
  * @private
  */
 E = function(e) {
-  const s = e.headers["mcp-client-id"]?.trim(), t = s && s.length > 0 ? s : `anon-${y()}`, o = {};
+  const s = e.headers["mcp-client-id"]?.trim(), t = s && s.length > 0 ? s : `anon-${v()}`, o = {};
   for (const [i, n] of Object.entries(e.headers))
     typeof n == "string" && (o[i] = n);
   return { clientId: t, headers: o };
@@ -1445,7 +1466,7 @@ E = function(e) {
  * @returns JSON-RPC error response object
  * @private
  */
-Z = function(e = "Access denied", s = -32e3) {
+X = function(e = "Access denied", s = -32e3) {
   return {
     jsonrpc: "2.0",
     error: {
@@ -1455,7 +1476,7 @@ Z = function(e = "Access denied", s = -32e3) {
     id: null
   };
 };
-function ge(r) {
+function pe(r) {
   if (!r) return;
   const e = {
     namespaceToolsWithSetKey: r.namespaceToolsWithSetKey
@@ -1470,12 +1491,12 @@ function ge(r) {
     "Permission-based servers: exposurePolicy.onLimitExceeded is ignored. No toolset limits are enforced."
   ), e;
 }
-async function Ee(r) {
+async function Ce(r) {
   if (!r.permissions)
     throw new Error(
       "Permission configuration is required for createPermissionBasedMcpServer. Please provide a 'permissions' field in the options."
     );
-  if (ne(r.permissions), r.startup)
+  if (ae(r.permissions), r.startup)
     throw new Error(
       "Permission-based servers determine toolsets from client permissions. The 'startup' option is not allowed. Remove it from your configuration."
     );
@@ -1483,9 +1504,9 @@ async function Ee(r) {
     throw new Error(
       "createPermissionBasedMcpServer: `createServer` (factory) is required"
     );
-  const e = ge(
+  const e = pe(
     r.exposurePolicy
-  ), s = new ue(r.permissions), t = r.createServer(), o = new w({
+  ), s = new fe(r.permissions), t = r.createServer(), o = new b({
     server: t,
     catalog: r.catalog,
     moduleLoaders: r.moduleLoaders,
@@ -1495,9 +1516,9 @@ async function Ee(r) {
     // No notifications in STATIC mode
     startup: { mode: "STATIC", toolsets: [] },
     registerMetaTools: !1
-  }), i = fe(
+  }), i = me(
     (l) => {
-      const a = r.createServer(), c = new w({
+      const a = r.createServer(), c = new b({
         server: a,
         catalog: r.catalog,
         moduleLoaders: r.moduleLoaders,
@@ -1513,7 +1534,7 @@ async function Ee(r) {
       return { server: a, orchestrator: c };
     },
     s
-  ), n = new me(
+  ), n = new ge(
     o.getManager(),
     i,
     r.http,
@@ -1533,16 +1554,16 @@ async function Ee(r) {
     }
   };
 }
-function Ce(r) {
+function Ie(r) {
   return r;
 }
 function xe(r) {
   return r;
 }
 export {
-  Se as createMcpServer,
-  Ee as createPermissionBasedMcpServer,
-  Ce as defineEndpoint,
+  Ee as createMcpServer,
+  Ce as createPermissionBasedMcpServer,
+  Ie as defineEndpoint,
   xe as definePermissionAwareEndpoint
 };
 //# sourceMappingURL=index.js.map