npm - toolception - Versions diffs - 0.5.1 → 0.5.2 - Mend

toolception 0.5.1 → 0.5.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dist/index.js +92 -73
package/dist/index.js.map +1 -1
package/dist/server/createMcpServer.d.ts.map +1 -1
package/package.json +1 -1

package/dist/index.js CHANGED Viewed

@@ -2,12 +2,12 @@ var P = (r) => {
   throw TypeError(r);
 };
 var ee = (r, e, s) => e.has(r) || P("Cannot " + s);
-var T = (r, e, s) => e.has(r) ? P("Cannot add the same private member more than once") : e instanceof WeakSet ? e.add(r) : e.set(r, s);
+var w = (r, e, s) => e.has(r) ? P("Cannot add the same private member more than once") : e instanceof WeakSet ? e.add(r) : e.set(r, s);
 var f = (r, e, s) => (ee(r, e, "access private method"), s);
-import { z as b } from "zod";
+import { z as p } from "zod";
 import N from "fastify";
 import j from "@fastify/cors";
-import { randomUUID as y } from "node:crypto";
+import { randomUUID as v } from "node:crypto";
 import { StreamableHTTPServerTransport as k } from "@modelcontextprotocol/sdk/server/streamableHttp.js";
 import { isInitializeRequest as D } from "@modelcontextprotocol/sdk/types.js";
 const L = {
@@ -167,7 +167,7 @@ class R extends Error {
     super(e), this.name = "ToolingError", this.code = s, this.details = t;
   }
 }
-class z {
+class O {
   constructor(e = {}) {
     this.names = /* @__PURE__ */ new Set(), this.toolsetToNames = /* @__PURE__ */ new Map(), this.options = {
       namespaceWithToolset: e.namespaceWithToolset ?? !0
@@ -215,7 +215,7 @@ class z {
 }
 class oe {
   constructor(e) {
-    this.activeToolsets = /* @__PURE__ */ new Set(), this.server = e.server, this.resolver = e.resolver, this.context = e.context, this.onToolsListChanged = e.onToolsListChanged, this.exposurePolicy = e.exposurePolicy, this.toolRegistry = e.toolRegistry ?? new z({ namespaceWithToolset: !0 });
+    this.activeToolsets = /* @__PURE__ */ new Set(), this.server = e.server, this.resolver = e.resolver, this.context = e.context, this.onToolsListChanged = e.onToolsListChanged, this.exposurePolicy = e.exposurePolicy, this.toolRegistry = e.toolRegistry ?? new O({ namespaceWithToolset: !0 });
   }
   /**
    * Sends a tool list change notification if configured.
@@ -399,7 +399,7 @@ function re(r, e, s) {
   (s?.mode ?? "DYNAMIC") === "DYNAMIC" && (r.tool(
     "enable_toolset",
     "Enable a toolset by name",
-    { name: b.string().describe("Toolset name") },
+    { name: p.string().describe("Toolset name") },
     async (o) => {
       const i = await e.enableToolset(o.name);
       return {
@@ -409,7 +409,7 @@ function re(r, e, s) {
   ), r.tool(
     "disable_toolset",
     "Disable a toolset by name (state only)",
-    { name: b.string().describe("Toolset name") },
+    { name: p.string().describe("Toolset name") },
     async (o) => {
       const i = await e.disableToolset(o.name);
       return {
@@ -444,7 +444,7 @@ function re(r, e, s) {
   ), r.tool(
     "describe_toolset",
     "Describe a toolset with definition, active status and tools",
-    { name: b.string().describe("Toolset name") },
+    { name: p.string().describe("Toolset name") },
     async (o) => {
       const i = e.getToolsetDefinition(o.name), n = e.getStatus().toolsetToTools;
       if (!i)
@@ -486,7 +486,7 @@ function re(r, e, s) {
     }
   );
 }
-class w {
+class b {
   constructor(e) {
     this.initError = null, this.toolsetValidator = new se();
     const s = e.startup ?? {}, t = this.resolveStartupConfig(s, e.catalog);
@@ -494,7 +494,7 @@ class w {
       catalog: e.catalog,
       moduleLoaders: e.moduleLoaders
     });
-    const o = new z({
+    const o = new O({
       namespaceWithToolset: e.exposurePolicy?.namespaceToolsWithSetKey ?? !0
     });
     this.manager = new oe({
@@ -581,10 +581,10 @@ class w {
     return this.manager;
   }
 }
-var v, S;
-class O {
+var T, S;
+class z {
   constructor(e = {}) {
-    T(this, v);
+    w(this, T);
     this.storage = /* @__PURE__ */ new Map(), this.maxSize = e.maxSize ?? 1e3, this.ttlMs = e.ttlMs ?? 1e3 * 60 * 60, this.onEvict = e.onEvict;
     const s = e.pruneIntervalMs ?? 1e3 * 60 * 10;
     this.pruneInterval = setInterval(() => this.pruneExpired(), s);
@@ -614,7 +614,7 @@ class O {
    */
   delete(e) {
     const s = this.storage.get(e);
-    s && (this.storage.delete(e), f(this, v, S).call(this, e, s.resource));
+    s && (this.storage.delete(e), f(this, T, S).call(this, e, s.resource));
   }
   /**
    * Stops the background pruning interval and optionally clears all entries.
@@ -631,7 +631,7 @@ class O {
     const e = Array.from(this.storage.entries());
     this.storage.clear();
     for (const [s, t] of e)
-      f(this, v, S).call(this, s, t.resource);
+      f(this, T, S).call(this, s, t.resource);
   }
   /**
    * Evicts the least recently used entry from the cache.
@@ -653,7 +653,7 @@ class O {
       this.delete(t);
   }
 }
-v = new WeakSet(), /**
+T = new WeakSet(), /**
  * Safely calls the evict callback, catching and logging any errors.
  * @param key - The key being evicted
  * @param resource - The resource being evicted
@@ -685,7 +685,7 @@ function V(r, e, s, t) {
     const a = i.method.toLowerCase();
     r[a](n, async (c, d) => {
       try {
-        const u = c.headers["mcp-client-id"]?.trim(), p = u && u.length > 0 ? u : `anon-${y()}`;
+        const u = c.headers["mcp-client-id"]?.trim(), y = u && u.length > 0 ? u : `anon-${v()}`;
         let C;
         if (i.bodySchema) {
           const m = i.bodySchema.safeParse(c.body);
@@ -693,26 +693,26 @@ function V(r, e, s, t) {
             return A(d, "body", m.error);
           C = m.data;
         }
-        let x = {};
+        let I = {};
         if (i.querySchema) {
           const m = i.querySchema.safeParse(c.query);
           if (!m.success)
             return A(d, "query", m.error);
-          x = m.data;
+          I = m.data;
         }
-        let I = {};
+        let x = {};
         if (i.paramsSchema) {
           const m = i.paramsSchema.safeParse(c.params);
           if (!m.success)
             return A(d, "params", m.error);
-          I = m.data;
+          x = m.data;
         }
         const M = {
           body: C,
-          query: x,
-          params: I,
+          query: I,
+          params: x,
           headers: c.headers,
-          clientId: p
+          clientId: y
         };
         if (t?.contextExtractor) {
           const m = await t.contextExtractor(c);
@@ -757,7 +757,7 @@ function A(r, e, s) {
 }
 class ie {
   constructor(e, s, t = {}, o) {
-    this.app = null, this.clientCache = new O({
+    this.app = null, this.clientCache = new z({
       onEvict: (i, n) => {
         this.cleanupBundle(n);
       }
@@ -788,14 +788,14 @@ class ie {
     })), e.post(
       `${s}/mcp`,
       async (t, o) => {
-        const i = t.headers["mcp-client-id"]?.trim(), n = i && i.length > 0 ? i : `anon-${y()}`, l = !n.startsWith("anon-");
+        const i = t.headers["mcp-client-id"]?.trim(), n = i && i.length > 0 ? i : `anon-${v()}`, l = !n.startsWith("anon-");
         let a = l ? this.clientCache.get(n) : null;
         if (!a) {
-          const u = this.createBundle(), p = u.sessions;
+          const u = this.createBundle(), y = u.sessions;
           a = {
             server: u.server,
             orchestrator: u.orchestrator,
-            sessions: p instanceof Map ? p : /* @__PURE__ */ new Map()
+            sessions: y instanceof Map ? y : /* @__PURE__ */ new Map()
           }, l && this.clientCache.set(n, a);
         }
         const c = t.headers["mcp-session-id"];
@@ -803,11 +803,11 @@ class ie {
         if (c && a.sessions.get(c))
           d = a.sessions.get(c);
         else if (!c && D(t.body)) {
-          const u = y();
+          const u = v();
           d = new k({
             sessionIdGenerator: () => u,
-            onsessioninitialized: (p) => {
-              a.sessions.set(p, d);
+            onsessioninitialized: (y) => {
+              a.sessions.set(y, d);
             }
           });
           try {
@@ -904,7 +904,26 @@ class ie {
     e.sessions.clear();
   }
 }
-async function Se(r) {
+const ne = p.object({
+  mode: p.enum(["DYNAMIC", "STATIC"]).optional(),
+  toolsets: p.union([p.array(p.string()), p.literal("ALL")]).optional()
+}).strict();
+async function Ee(r) {
+  if (r.startup)
+    try {
+      ne.parse(r.startup);
+    } catch (a) {
+      if (a instanceof p.ZodError) {
+        const c = a.format();
+        throw new Error(
+          `Invalid startup configuration:
+${JSON.stringify(c, null, 2)}
+Hint: Common mistake - use "toolsets" not "initialToolsets"`
+        );
+      }
+      throw a;
+    }
   const e = r.startup?.mode ?? "DYNAMIC";
   if (typeof r.createServer != "function")
     throw new Error("createMcpServer: `createServer` (factory) is required");
@@ -922,7 +941,7 @@ async function Se(r) {
         return;
       console.warn("Failed to send tools list changed notification:", c);
     }
-  }, n = new w({
+  }, n = new b({
     server: s,
     catalog: r.catalog,
     moduleLoaders: r.moduleLoaders,
@@ -938,7 +957,7 @@ async function Se(r) {
     () => {
       if (e === "STATIC")
         return { server: s, orchestrator: n };
-      const a = r.createServer(), c = new w({
+      const a = r.createServer(), c = new b({
         server: a,
         catalog: r.catalog,
         moduleLoaders: r.moduleLoaders,
@@ -963,16 +982,16 @@ async function Se(r) {
     }
   };
 }
-function ne(r) {
-  ae(r), le(r), ce(r), de(r);
-}
 function ae(r) {
+  le(r), ce(r), de(r), he(r);
+}
+function le(r) {
   if (!r || typeof r != "object")
     throw new Error(
       "Permission configuration is required for createPermissionBasedMcpServer"
     );
 }
-function le(r) {
+function ce(r) {
   if (!r.source)
     throw new Error('Permission source must be either "headers" or "config"');
   if (r.source !== "headers" && r.source !== "config")
@@ -980,19 +999,19 @@ function le(r) {
       `Invalid permission source: "${r.source}". Must be either "headers" or "config"`
     );
 }
-function ce(r) {
+function de(r) {
   if (r.source === "config" && !r.staticMap && !r.resolver)
     throw new Error(
       "Config-based permissions require at least one of: staticMap or resolver function"
     );
 }
-function de(r) {
+function he(r) {
   if (r.staticMap !== void 0) {
     if (typeof r.staticMap != "object" || r.staticMap === null)
       throw new Error(
         "staticMap must be an object mapping client IDs to toolset arrays"
       );
-    he(r.staticMap);
+    ue(r.staticMap);
   }
   if (r.resolver !== void 0 && typeof r.resolver != "function")
     throw new Error(
@@ -1003,21 +1022,21 @@ function de(r) {
   if (r.headerName !== void 0 && (typeof r.headerName != "string" || r.headerName.length === 0))
     throw new Error("headerName must be a non-empty string");
 }
-function he(r) {
+function ue(r) {
   for (const [e, s] of Object.entries(r))
     if (!Array.isArray(s))
       throw new Error(
         `staticMap value for client "${e}" must be an array of toolset names`
       );
 }
-var g, F, _, B, H, W;
-class ue {
+var g, F, _, B, H, Y;
+class fe {
   /**
    * Creates a new PermissionResolver instance.
    * @param config - The permission configuration defining how permissions are resolved
    */
   constructor(e) {
-    T(this, g);
+    w(this, g);
     this.config = e, this.cache = /* @__PURE__ */ new Map(), this.normalizedHeaderName = (e.headerName || "mcp-toolset-permissions").toLowerCase();
   }
   /**
@@ -1119,7 +1138,7 @@ B = function(e) {
       return s;
   }
   if (this.config.staticMap) {
-    const s = f(this, g, W).call(this, e);
+    const s = f(this, g, Y).call(this, e);
     if (s !== null)
       return s;
   }
@@ -1150,11 +1169,11 @@ H = function(e) {
  * @returns Array of toolset names if found, null if client not in map
  * @private
  */
-W = function(e) {
+Y = function(e) {
   const s = this.config.staticMap[e];
   return s !== void 0 ? Array.isArray(s) ? s : [] : null;
 };
-function fe(r, e) {
+function me(r, e) {
   return async (s) => {
     const t = e.resolvePermissions(
       s.clientId,
@@ -1179,8 +1198,8 @@ function fe(r, e) {
     };
   };
 }
-var h, Y, U, q, J, G, K, Q, X, E, Z;
-class me {
+var h, W, U, q, J, G, K, Z, Q, E, X;
+class ge {
   /**
    * Creates a new PermissionAwareFastifyTransport instance.
    * @param defaultManager - Default tool manager for status endpoints
@@ -1189,10 +1208,10 @@ class me {
    * @param configSchema - Optional JSON schema for configuration discovery
    */
   constructor(e, s, t = {}, o) {
-    T(this, h);
-    this.app = null, this.clientCache = new O({
+    w(this, h);
+    this.app = null, this.clientCache = new z({
       onEvict: (i, n) => {
-        f(this, h, Y).call(this, n);
+        f(this, h, W).call(this, n);
       }
     }), this.defaultManager = e, this.createPermissionAwareBundle = s, this.options = {
       host: t.host ?? "0.0.0.0",
@@ -1213,7 +1232,7 @@ class me {
     const e = this.options.app ?? N({ logger: this.options.logger });
     this.options.cors && await e.register(j, { origin: !0 });
     const s = f(this, h, U).call(this, this.options.basePath);
-    f(this, h, q).call(this, e, s), f(this, h, J).call(this, e, s), f(this, h, G).call(this, e, s), f(this, h, K).call(this, e, s), f(this, h, Q).call(this, e, s), f(this, h, X).call(this, e, s), this.options.customEndpoints && this.options.customEndpoints.length > 0 && V(e, s, this.options.customEndpoints, {
+    f(this, h, q).call(this, e, s), f(this, h, J).call(this, e, s), f(this, h, G).call(this, e, s), f(this, h, K).call(this, e, s), f(this, h, Z).call(this, e, s), f(this, h, Q).call(this, e, s), this.options.customEndpoints && this.options.customEndpoints.length > 0 && V(e, s, this.options.customEndpoints, {
       contextExtractor: async (t) => {
         const o = f(this, h, E).call(this, t);
         try {
@@ -1247,7 +1266,7 @@ h = new WeakSet(), /**
  * @param bundle - The client bundle to clean up
  * @private
  */
-Y = function(e) {
+W = function(e) {
   for (const [s, t] of e.sessions.entries())
     try {
       typeof t.close == "function" && t.close().catch((o) => {
@@ -1329,14 +1348,14 @@ K = function(e, s) {
           return console.error(
             `Failed to create permission-aware bundle for client ${i.clientId}:`,
             d
-          ), o.code(403), f(this, h, Z).call(this, "Access denied");
+          ), o.code(403), f(this, h, X).call(this, "Access denied");
         }
       const a = t.headers["mcp-session-id"];
       let c;
       if (a && l.sessions.get(a))
         c = l.sessions.get(a);
       else if (!a && D(t.body)) {
-        const d = y();
+        const d = v();
         c = new k({
           sessionIdGenerator: () => d,
           onsessioninitialized: (u) => {
@@ -1374,7 +1393,7 @@ K = function(e, s) {
  * @param base - Base path for routes
  * @private
  */
-Q = function(e, s) {
+Z = function(e, s) {
   e.get(`${s}/mcp`, async (t, o) => {
     const i = t.headers["mcp-client-id"]?.trim(), n = i && i.length > 0 ? i : "";
     if (!n)
@@ -1394,7 +1413,7 @@ Q = function(e, s) {
  * @param base - Base path for routes
  * @private
  */
-X = function(e, s) {
+Q = function(e, s) {
   e.delete(
     `${s}/mcp`,
     async (t, o) => {
@@ -1435,7 +1454,7 @@ X = function(e, s) {
  * @private
  */
 E = function(e) {
-  const s = e.headers["mcp-client-id"]?.trim(), t = s && s.length > 0 ? s : `anon-${y()}`, o = {};
+  const s = e.headers["mcp-client-id"]?.trim(), t = s && s.length > 0 ? s : `anon-${v()}`, o = {};
   for (const [i, n] of Object.entries(e.headers))
     typeof n == "string" && (o[i] = n);
   return { clientId: t, headers: o };
@@ -1447,7 +1466,7 @@ E = function(e) {
  * @returns JSON-RPC error response object
  * @private
  */
-Z = function(e = "Access denied", s = -32e3) {
+X = function(e = "Access denied", s = -32e3) {
   return {
     jsonrpc: "2.0",
     error: {
@@ -1457,7 +1476,7 @@ Z = function(e = "Access denied", s = -32e3) {
     id: null
   };
 };
-function ge(r) {
+function pe(r) {
   if (!r) return;
   const e = {
     namespaceToolsWithSetKey: r.namespaceToolsWithSetKey
@@ -1472,12 +1491,12 @@ function ge(r) {
     "Permission-based servers: exposurePolicy.onLimitExceeded is ignored. No toolset limits are enforced."
   ), e;
 }
-async function Ee(r) {
+async function Ce(r) {
   if (!r.permissions)
     throw new Error(
       "Permission configuration is required for createPermissionBasedMcpServer. Please provide a 'permissions' field in the options."
     );
-  if (ne(r.permissions), r.startup)
+  if (ae(r.permissions), r.startup)
     throw new Error(
       "Permission-based servers determine toolsets from client permissions. The 'startup' option is not allowed. Remove it from your configuration."
     );
@@ -1485,9 +1504,9 @@ async function Ee(r) {
     throw new Error(
       "createPermissionBasedMcpServer: `createServer` (factory) is required"
     );
-  const e = ge(
+  const e = pe(
     r.exposurePolicy
-  ), s = new ue(r.permissions), t = r.createServer(), o = new w({
+  ), s = new fe(r.permissions), t = r.createServer(), o = new b({
     server: t,
     catalog: r.catalog,
     moduleLoaders: r.moduleLoaders,
@@ -1497,9 +1516,9 @@ async function Ee(r) {
     // No notifications in STATIC mode
     startup: { mode: "STATIC", toolsets: [] },
     registerMetaTools: !1
-  }), i = fe(
+  }), i = me(
     (l) => {
-      const a = r.createServer(), c = new w({
+      const a = r.createServer(), c = new b({
         server: a,
         catalog: r.catalog,
         moduleLoaders: r.moduleLoaders,
@@ -1515,7 +1534,7 @@ async function Ee(r) {
       return { server: a, orchestrator: c };
     },
     s
-  ), n = new me(
+  ), n = new ge(
     o.getManager(),
     i,
     r.http,
@@ -1535,16 +1554,16 @@ async function Ee(r) {
     }
   };
 }
-function Ce(r) {
+function Ie(r) {
   return r;
 }
 function xe(r) {
   return r;
 }
 export {
-  Se as createMcpServer,
-  Ee as createPermissionBasedMcpServer,
-  Ce as defineEndpoint,
+  Ee as createMcpServer,
+  Ce as createPermissionBasedMcpServer,
+  Ie as defineEndpoint,
   xe as definePermissionAwareEndpoint
 };
 //# sourceMappingURL=index.js.map