tracepass-mcp-server 1.3.0 → 1.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +45 -7
- package/dist/http.d.ts +11 -3
- package/dist/http.d.ts.map +1 -1
- package/dist/http.js +98 -38
- package/dist/http.js.map +1 -1
- package/dist/server.d.ts +1 -1
- package/dist/server.js +1 -1
- package/package.json +2 -2
package/README.md
CHANGED
|
@@ -20,12 +20,49 @@ The same server core ships two ways:
|
|
|
20
20
|
2. **Local (npm)** — run `tracepass-mcp-server` via `npx`. The MCP
|
|
21
21
|
client launches it as a subprocess and speaks MCP over stdio.
|
|
22
22
|
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
23
|
+
## Authentication
|
|
24
|
+
|
|
25
|
+
The server accepts **either** of TracePass's two v1 auth methods on the
|
|
26
|
+
same `Authorization: Bearer …` header — it forwards whatever you send to
|
|
27
|
+
the API, which decides. Pick the one that fits how you're connecting:
|
|
28
|
+
|
|
29
|
+
| | **API key** | **OAuth 2.0** |
|
|
30
|
+
|---|---|---|
|
|
31
|
+
| Best for | A single user, scripts, server-to-server | AI assistants / apps acting **on a user's behalf** |
|
|
32
|
+
| What you send | A static `tp_…` key as a Bearer token | A scoped access token obtained via the OAuth flow |
|
|
33
|
+
| Setup | Mint at **Developer → API Keys** | The user clicks **Connect** and approves scopes |
|
|
34
|
+
| Scope | All-or-nothing (the whole workspace) | Exactly the scopes the user granted; revocable |
|
|
35
|
+
| Works with | Hosted **and** local (npx) | Hosted endpoint only (needs a browser consent step) |
|
|
36
|
+
|
|
37
|
+
**Which should an AI assistant use?** If your MCP client supports OAuth
|
|
38
|
+
(Claude.ai, ChatGPT, and others), prefer **OAuth** — the user authorizes
|
|
39
|
+
the connection once on a TracePass consent screen, you never handle a
|
|
40
|
+
secret, and access is least-privilege and revocable. If your client only
|
|
41
|
+
takes a header/token, use an **API key**.
|
|
42
|
+
|
|
43
|
+
### OAuth 2.0 (recommended for hosted clients)
|
|
44
|
+
|
|
45
|
+
No config beyond pointing your client at the hosted endpoint — discovery
|
|
46
|
+
is automatic. On the first unauthenticated request the server returns a
|
|
47
|
+
`401` whose `WWW-Authenticate` header carries a `resource_metadata` URL
|
|
48
|
+
(RFC 9728) pointing at `/.well-known/oauth-protected-resource`, which
|
|
49
|
+
names the TracePass authorization server. The client runs the standard
|
|
50
|
+
**authorization-code flow with PKCE** (`/api/oauth/authorize` →
|
|
51
|
+
`/api/oauth/token`), the user approves scopes, and the client stores +
|
|
52
|
+
refreshes the token. If you distribute your own client, register an app
|
|
53
|
+
under **Developer → OAuth Apps** to get a `client_id`; many hosted
|
|
54
|
+
clients self-register via Dynamic Client Registration automatically.
|
|
55
|
+
|
|
56
|
+
Request only the scopes you need, e.g. `passports:read passports:write
|
|
57
|
+
offline_access`. Users manage connected apps (and revoke) under
|
|
58
|
+
**Developer → OAuth Apps → Connected Apps**.
|
|
59
|
+
|
|
60
|
+
### API key
|
|
61
|
+
|
|
62
|
+
Mint a `tp_…` key under **Developer → API Keys** and send it as a Bearer
|
|
63
|
+
token.
|
|
64
|
+
|
|
65
|
+
**Hosted:**
|
|
29
66
|
|
|
30
67
|
```json
|
|
31
68
|
{
|
|
@@ -38,7 +75,8 @@ Both need a TracePass API key — mint one in the dashboard under
|
|
|
38
75
|
}
|
|
39
76
|
```
|
|
40
77
|
|
|
41
|
-
|
|
78
|
+
**Local (npx / stdio)** — the local subprocess can't do an interactive
|
|
79
|
+
OAuth consent step, so it's API-key only, via the `TRACEPASS_API_KEY` env:
|
|
42
80
|
|
|
43
81
|
```json
|
|
44
82
|
{
|
package/dist/http.d.ts
CHANGED
|
@@ -3,12 +3,20 @@
|
|
|
3
3
|
*
|
|
4
4
|
* Runs as a standalone Node service (deployed to Hetzner, served at
|
|
5
5
|
* https://ai.tracepass.eu/mcp). An MCP client connects over
|
|
6
|
-
* Streamable HTTP; the
|
|
7
|
-
* `Authorization: Bearer
|
|
6
|
+
* Streamable HTTP; the caller's TracePass credential travels in the
|
|
7
|
+
* `Authorization: Bearer <token>` header of every request.
|
|
8
|
+
*
|
|
9
|
+
* BOTH v1 auth methods work here, transparently — we forward the
|
|
10
|
+
* Bearer token to the v1 API unchanged and the platform's unified gate
|
|
11
|
+
* decides: a `tp_…` API key (service account) OR an OAuth 2.0 access
|
|
12
|
+
* token (user-authorized, scoped). The server neither parses nor cares
|
|
13
|
+
* which; it's a pass-through. OAuth-capable MCP clients (Claude.ai,
|
|
14
|
+
* ChatGPT) discover the flow via the 401 `resource_metadata` param and
|
|
15
|
+
* the server card; simpler clients paste a tp_ key.
|
|
8
16
|
*
|
|
9
17
|
* Stateless by design: each MCP request is self-contained, so we
|
|
10
18
|
* build a fresh server + transport per request, bound to that
|
|
11
|
-
* request's
|
|
19
|
+
* request's token. No server-side session state — which means the
|
|
12
20
|
* service scales horizontally and a restart drops nothing.
|
|
13
21
|
*
|
|
14
22
|
* This is the SAME server core (`createMcpServer`) the stdio
|
package/dist/http.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"http.d.ts","sourceRoot":"","sources":["../src/http.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"http.d.ts","sourceRoot":"","sources":["../src/http.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG"}
|
package/dist/http.js
CHANGED
|
@@ -3,12 +3,20 @@
|
|
|
3
3
|
*
|
|
4
4
|
* Runs as a standalone Node service (deployed to Hetzner, served at
|
|
5
5
|
* https://ai.tracepass.eu/mcp). An MCP client connects over
|
|
6
|
-
* Streamable HTTP; the
|
|
7
|
-
* `Authorization: Bearer
|
|
6
|
+
* Streamable HTTP; the caller's TracePass credential travels in the
|
|
7
|
+
* `Authorization: Bearer <token>` header of every request.
|
|
8
|
+
*
|
|
9
|
+
* BOTH v1 auth methods work here, transparently — we forward the
|
|
10
|
+
* Bearer token to the v1 API unchanged and the platform's unified gate
|
|
11
|
+
* decides: a `tp_…` API key (service account) OR an OAuth 2.0 access
|
|
12
|
+
* token (user-authorized, scoped). The server neither parses nor cares
|
|
13
|
+
* which; it's a pass-through. OAuth-capable MCP clients (Claude.ai,
|
|
14
|
+
* ChatGPT) discover the flow via the 401 `resource_metadata` param and
|
|
15
|
+
* the server card; simpler clients paste a tp_ key.
|
|
8
16
|
*
|
|
9
17
|
* Stateless by design: each MCP request is self-contained, so we
|
|
10
18
|
* build a fresh server + transport per request, bound to that
|
|
11
|
-
* request's
|
|
19
|
+
* request's token. No server-side session state — which means the
|
|
12
20
|
* service scales horizontally and a restart drops nothing.
|
|
13
21
|
*
|
|
14
22
|
* This is the SAME server core (`createMcpServer`) the stdio
|
|
@@ -29,6 +37,16 @@ const BASE_URL = process.env.TRACEPASS_BASE_URL?.trim() || DEFAULT_BASE_URL;
|
|
|
29
37
|
const MCP_PATH = "/mcp";
|
|
30
38
|
/** The MCP server card discovery path (SEP-1649). */
|
|
31
39
|
const SERVER_CARD_PATH = "/.well-known/mcp/server-card.json";
|
|
40
|
+
/**
|
|
41
|
+
* RFC 9728 Protected Resource Metadata path. The MCP authorization spec has a
|
|
42
|
+
* client fetch this (pointed to by the `resource_metadata` param on our 401
|
|
43
|
+
* `WWW-Authenticate` challenge) to discover which authorization server protects
|
|
44
|
+
* this resource. TracePass now runs a real OAuth2 authorization server on the
|
|
45
|
+
* platform origin (BASE_URL, app.tracepass.eu), so we name it here. This is the
|
|
46
|
+
* resource server (ai.tracepass.eu); the authorization server is a different
|
|
47
|
+
* origin — RFC 9728 is exactly the indirection for that split.
|
|
48
|
+
*/
|
|
49
|
+
const PROTECTED_RESOURCE_METADATA_PATH = "/.well-known/oauth-protected-resource";
|
|
32
50
|
/**
|
|
33
51
|
* Glama connector ownership-claim path. Glama probes the CONNECTOR's
|
|
34
52
|
* own host (ai.tracepass.eu) for this file to verify we maintain the
|
|
@@ -50,14 +68,15 @@ const GLAMA_CLAIM = {
|
|
|
50
68
|
* because discovery precedes auth.
|
|
51
69
|
*
|
|
52
70
|
* Every value here mirrors the real server: `serverInfo` matches
|
|
53
|
-
* `
|
|
71
|
+
* `MCP_SERVER_INFO` in server.ts (tracepass / 1.4.0); the capability lists are
|
|
54
72
|
* the exact tool names from tools.ts, resource URIs/templates from
|
|
55
73
|
* resources.ts, and prompt names from prompts.ts. Keep this in sync when
|
|
56
74
|
* capabilities change — a card that over-claims is worse than no card.
|
|
57
75
|
*
|
|
58
|
-
* `authentication`
|
|
59
|
-
*
|
|
60
|
-
*
|
|
76
|
+
* `authentication` declares BOTH supported methods: a static API-key Bearer
|
|
77
|
+
* scheme AND OAuth2 (the platform now runs a real authorization server). The
|
|
78
|
+
* `resourceMetadata` URL points at our RFC 9728 protected-resource document
|
|
79
|
+
* (see the WWW-Authenticate note on the 401 path).
|
|
61
80
|
*
|
|
62
81
|
* MIRROR: a byte-equivalent copy of this card is also served as a static
|
|
63
82
|
* file from the marketing site at
|
|
@@ -69,24 +88,29 @@ const GLAMA_CLAIM = {
|
|
|
69
88
|
*/
|
|
70
89
|
const SERVER_CARD = {
|
|
71
90
|
name: "tracepass",
|
|
72
|
-
version: "1.
|
|
91
|
+
version: "1.4.0",
|
|
73
92
|
description: "Model Context Protocol server for TracePass — the EU Digital Product Passport platform. Manage products, Digital Product Passports, economic-operator parties, and GS1 EPCIS 2.0 supply-chain events.",
|
|
74
|
-
serverInfo: { name: "tracepass", version: "1.
|
|
93
|
+
serverInfo: { name: "tracepass", version: "1.4.0" },
|
|
75
94
|
transport: {
|
|
76
95
|
type: "streamable-http",
|
|
77
96
|
endpoint: `https://ai.tracepass.eu${MCP_PATH}`,
|
|
78
97
|
},
|
|
79
98
|
authentication: {
|
|
80
|
-
// SEP-1649 fields
|
|
81
|
-
//
|
|
82
|
-
//
|
|
83
|
-
//
|
|
84
|
-
//
|
|
99
|
+
// SEP-1649 fields. TracePass now supports BOTH auth methods, so schemes
|
|
100
|
+
// lists both: "bearer" (a static tp_ API key — simplest, server-to-server)
|
|
101
|
+
// and "oauth2" (user-authorized, via the platform's authorization server —
|
|
102
|
+
// discovery at the resource-metadata URL below). A client that can do the
|
|
103
|
+
// OAuth flow gets a "Connect" experience; one that can't falls back to a
|
|
104
|
+
// pasted API key. The type/scheme fields describe the Bearer default for
|
|
105
|
+
// human + non-SEP-1649 readers.
|
|
85
106
|
required: true,
|
|
86
|
-
schemes: ["bearer"],
|
|
107
|
+
schemes: ["bearer", "oauth2"],
|
|
87
108
|
type: "http",
|
|
88
109
|
scheme: "bearer",
|
|
89
|
-
|
|
110
|
+
// RFC 9728 resource-metadata URL — where an OAuth-capable client learns
|
|
111
|
+
// which authorization server protects this resource.
|
|
112
|
+
resourceMetadata: `https://ai.tracepass.eu${PROTECTED_RESOURCE_METADATA_PATH}`,
|
|
113
|
+
description: "Two ways to authenticate, pick one. (1) OAuth 2.0 (recommended for AI assistants acting for a user): if your client supports OAuth, Connect the server and the user approves scopes on a TracePass consent screen — no secret to handle, access is scoped and revocable. Discovery is automatic via this card's resourceMetadata and the 401 WWW-Authenticate challenge (authorization-code + PKCE). (2) API key (simplest for a single user / scripts): the user mints a tp_ key at Developer -> API Keys and you send it as Authorization: Bearer <tp_ key>. The server forwards whichever you send; both reach the same v1 API.",
|
|
90
114
|
},
|
|
91
115
|
capabilities: {
|
|
92
116
|
tools: [
|
|
@@ -115,8 +139,35 @@ const SERVER_CARD = {
|
|
|
115
139
|
},
|
|
116
140
|
documentation: "https://www.tracepass.eu/docs/mcp",
|
|
117
141
|
};
|
|
118
|
-
/**
|
|
119
|
-
|
|
142
|
+
/**
|
|
143
|
+
* RFC 9728 Protected Resource Metadata. Declares that this resource
|
|
144
|
+
* (ai.tracepass.eu/mcp) is protected by the TracePass authorization server on
|
|
145
|
+
* the platform origin (BASE_URL). An OAuth-capable MCP client fetches this after
|
|
146
|
+
* a 401, then drives the authorization-code flow against the named auth server.
|
|
147
|
+
* `scopes_supported` mirrors the platform's OAuth scopes so a client can request
|
|
148
|
+
* least-privilege.
|
|
149
|
+
*/
|
|
150
|
+
const PROTECTED_RESOURCE_METADATA = {
|
|
151
|
+
resource: `https://ai.tracepass.eu${MCP_PATH}`,
|
|
152
|
+
authorization_servers: [BASE_URL],
|
|
153
|
+
scopes_supported: [
|
|
154
|
+
"passports:read",
|
|
155
|
+
"passports:write",
|
|
156
|
+
"documents:read",
|
|
157
|
+
"documents:write",
|
|
158
|
+
"suppliers:read",
|
|
159
|
+
"suppliers:write",
|
|
160
|
+
"offline_access",
|
|
161
|
+
],
|
|
162
|
+
bearer_methods_supported: ["header"],
|
|
163
|
+
};
|
|
164
|
+
/**
|
|
165
|
+
* Extract the Bearer credential from the Authorization header. This is EITHER a
|
|
166
|
+
* `tp_…` API key OR an OAuth 2.0 access token — we don't distinguish here. The
|
|
167
|
+
* token is forwarded verbatim to the v1 API, whose unified auth gate branches on
|
|
168
|
+
* the token shape (`tp_` prefix → API key, else → OAuth). Both are valid.
|
|
169
|
+
*/
|
|
170
|
+
function extractBearerToken(req) {
|
|
120
171
|
const auth = req.headers["authorization"];
|
|
121
172
|
if (typeof auth !== "string")
|
|
122
173
|
return null;
|
|
@@ -176,6 +227,15 @@ const httpServer = createServer((req, res) => {
|
|
|
176
227
|
sendJson(res, 200, SERVER_CARD);
|
|
177
228
|
return;
|
|
178
229
|
}
|
|
230
|
+
// RFC 9728 Protected Resource Metadata. Public + unauthenticated —
|
|
231
|
+
// an OAuth-capable client fetches this (pointed here by the 401
|
|
232
|
+
// WWW-Authenticate `resource_metadata` param) to discover the
|
|
233
|
+
// authorization server. NB: the edge catch-all redirect must EXCLUDE
|
|
234
|
+
// this path too (same as the card / glama paths).
|
|
235
|
+
if (url.split("?")[0] === PROTECTED_RESOURCE_METADATA_PATH) {
|
|
236
|
+
sendJson(res, 200, PROTECTED_RESOURCE_METADATA);
|
|
237
|
+
return;
|
|
238
|
+
}
|
|
179
239
|
// Glama connector ownership claim. Public + unauthenticated. NB:
|
|
180
240
|
// the edge (Caddy) catch-all redirect for ai.tracepass.eu must
|
|
181
241
|
// EXCLUDE this path, or the claim file never reaches this handler
|
|
@@ -192,36 +252,36 @@ const httpServer = createServer((req, res) => {
|
|
|
192
252
|
});
|
|
193
253
|
return;
|
|
194
254
|
}
|
|
195
|
-
//
|
|
196
|
-
|
|
197
|
-
|
|
198
|
-
|
|
199
|
-
//
|
|
200
|
-
//
|
|
201
|
-
//
|
|
202
|
-
//
|
|
203
|
-
//
|
|
204
|
-
//
|
|
205
|
-
//
|
|
206
|
-
//
|
|
207
|
-
// false discovery claim — same reason www skips the auth.md
|
|
208
|
-
// check.) If TracePass ever ships real OAuth client registration,
|
|
209
|
-
// add the resource_metadata param then.
|
|
255
|
+
// A credential is required — no anonymous MCP access. Accepts either a
|
|
256
|
+
// tp_ API key or an OAuth access token (forwarded verbatim to the v1 API).
|
|
257
|
+
const bearerToken = extractBearerToken(req);
|
|
258
|
+
if (!bearerToken) {
|
|
259
|
+
// RFC 6750 Bearer challenge + RFC 9728 resource_metadata. MCP clients
|
|
260
|
+
// that do spec-compliant auth discovery read WWW-Authenticate to learn
|
|
261
|
+
// the scheme + (now) where to find the OAuth protected-resource
|
|
262
|
+
// metadata, which names the authorization server they can run the
|
|
263
|
+
// authorization-code flow against. TracePass now supports BOTH a static
|
|
264
|
+
// tp_ API key AND OAuth, so we advertise the resource_metadata param —
|
|
265
|
+
// a Connect-capable client uses OAuth; a simpler client falls back to a
|
|
266
|
+
// pasted key per the human-readable JSON below.
|
|
210
267
|
// NB: HTTP header values are Latin-1 only — no non-ASCII (the
|
|
211
268
|
// "->" stays ASCII; the UTF-8 arrow used in the JSON body below
|
|
212
269
|
// would make Node throw "Invalid character in header content").
|
|
213
270
|
res.setHeader("WWW-Authenticate", 'Bearer realm="TracePass MCP", error="invalid_token", ' +
|
|
214
|
-
|
|
271
|
+
`resource_metadata="https://ai.tracepass.eu${PROTECTED_RESOURCE_METADATA_PATH}", ` +
|
|
272
|
+
'error_description="Authenticate with a TracePass API key (Developer -> API Keys, send Authorization: Bearer <tp_ key>) or via OAuth (see resource_metadata)."');
|
|
215
273
|
sendJson(res, 401, {
|
|
216
274
|
error: "unauthorized",
|
|
217
275
|
message: "Missing API key. Send Authorization: Bearer <tp_ key>. Mint a key in the TracePass dashboard → Developer → API Keys.",
|
|
218
276
|
});
|
|
219
277
|
return;
|
|
220
278
|
}
|
|
221
|
-
// Fresh, stateless server + transport per request, bound to
|
|
222
|
-
//
|
|
223
|
-
//
|
|
224
|
-
|
|
279
|
+
// Fresh, stateless server + transport per request, bound to this
|
|
280
|
+
// request's credential. The `apiKey` config field carries whatever Bearer
|
|
281
|
+
// token arrived (tp_ key OR OAuth access token) — it's forwarded verbatim;
|
|
282
|
+
// the v1 API's unified gate validates it. The transport's handleRequest
|
|
283
|
+
// takes a Web Request and returns a Web Response.
|
|
284
|
+
const server = createMcpServer({ apiKey: bearerToken, baseUrl: BASE_URL });
|
|
225
285
|
const transport = new WebStandardStreamableHTTPServerTransport({
|
|
226
286
|
sessionIdGenerator: undefined, // stateless
|
|
227
287
|
});
|
package/dist/http.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"http.js","sourceRoot":"","sources":["../src/http.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"http.js","sourceRoot":"","sources":["../src/http.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AAEH,OAAO,EAAE,YAAY,EAA6C,MAAM,WAAW,CAAC;AACpF,OAAO,EAAE,wCAAwC,EAAE,MAAM,+DAA+D,CAAC;AACzH,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAE9C,MAAM,IAAI,GAAG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC;AAC9C,MAAM,gBAAgB,GAAG,0BAA0B,CAAC;AACpD,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,kBAAkB,EAAE,IAAI,EAAE,IAAI,gBAAgB,CAAC;AAE5E,8DAA8D;AAC9D,MAAM,QAAQ,GAAG,MAAM,CAAC;AAExB,qDAAqD;AACrD,MAAM,gBAAgB,GAAG,mCAAmC,CAAC;AAE7D;;;;;;;;GAQG;AACH,MAAM,gCAAgC,GAAG,uCAAuC,CAAC;AAEjF;;;;;;;;;GASG;AACH,MAAM,gBAAgB,GAAG,yBAAyB,CAAC;AACnD,MAAM,WAAW,GAAG;IAClB,OAAO,EAAE,6CAA6C;IACtD,WAAW,EAAE,CAAC,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC;CACtC,CAAC;AAEX;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,MAAM,WAAW,GAAG;IAClB,IAAI,EAAE,WAAW;IACjB,OAAO,EAAE,OAAO;IAChB,WAAW,EACT,uMAAuM;IACzM,UAAU,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,OAAO,EAAE;IACnD,SAAS,EAAE;QACT,IAAI,EAAE,iBAAiB;QACvB,QAAQ,EAAE,0BAA0B,QAAQ,EAAE;KAC/C;IACD,cAAc,EAAE;QACd,wEAAwE;QACxE,2EAA2E;QAC3E,2EAA2E;QAC3E,0EAA0E;QAC1E,yEAAyE;QACzE,yEAAyE;QACzE,gCAAgC;QAChC,QAAQ,EAAE,IAAI;QACd,OAAO,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC;QAC7B,IAAI,EAAE,MAAM;QACZ,MAAM,EAAE,QAAQ;QAChB,wEAAwE;QACxE,qDAAqD;QACrD,gBAAgB,EAAE,0BAA0B,gCAAgC,EAAE;QAC9E,WAAW,EACT,omBAAomB;KACvmB;IACD,YAAY,EAAE;QACZ,KAAK,EAAE;YACL,oBAAoB;YACpB,qBAAqB;YACrB,2BAA2B;YAC3B,4BAA4B;YAC5B,iBAAiB;YACjB,qBAAqB;SACtB;QACD,SAAS,EAAE,CAAC,sBAAsB,EAAE,uBAAuB,CAAC;QAC5D,iBAAiB,EAAE;YACjB,0BAA0B;YAC1B,2BAA2B;YAC3B,iCAAiC;YACjC,sCAAsC;YACtC,iCAAiC;SAClC;QACD,OAAO,EAAE;YACP,gBAAgB;YAChB,iBAAiB;YACjB,0BAA0B;YAC1B,sBAAsB;YACtB,qBAAqB;SACtB;KACF;IACD,aAAa,EAAE,mCAAmC;CAC1C,CAAC;AAEX;;;;;;;GAOG;AACH,MAAM,2BAA2B,GAAG;IAClC,QAAQ,EAAE,0BAA0B,QAAQ,EAAE;IAC9C,qBAAqB,EAAE,CAAC,QAAQ,CAAC;IACjC,gBAAgB,EAAE;QAChB,gBAAgB;QAChB,iBAAiB;QACjB,gBAAgB;QAChB,iBAAiB;QACjB,gBAAgB;QAChB,iBAAiB;QACjB,gBAAgB;KACjB;IACD,wBAAwB,EAAE,CAAC,QAAQ,CAAC;CAC5B,CAAC;AAEX;;;;;GAKG;AACH,SAAS,kBAAkB,CAAC,GAAoB;IAC9C,MAAM,IAAI,GAAG,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;IAC1C,IAAI,OAAO,IAAI,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IAC1C,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC;IACzC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAE,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;AACjC,CAAC;AAED,8CAA8C;AAC9C,SAAS,QAAQ,CAAC,GAAoB;IACpC,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,MAAM,GAAa,EAAE,CAAC;QAC5B,GAAG,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,CAAS,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;QAC9C,GAAG,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QACrE,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAC1B,CAAC,CAAC,CAAC;AACL,CAAC;AAED,yDAAyD;AACzD,KAAK,UAAU,YAAY,CAAC,GAAoB;IAC9C,MAAM,IAAI,GAAG,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,aAAa,IAAI,EAAE,CAAC;IACxD,MAAM,GAAG,GAAG,UAAU,IAAI,GAAG,GAAG,CAAC,GAAG,IAAI,GAAG,EAAE,CAAC;IAC9C,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;IAC9B,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;QACjD,IAAI,CAAC,KAAK,SAAS;YAAE,SAAS;QAC9B,OAAO,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACtD,CAAC;IACD,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,IAAI,KAAK,CAAC;IACnC,MAAM,OAAO,GAAG,MAAM,KAAK,KAAK,IAAI,MAAM,KAAK,MAAM,CAAC;IACtD,MAAM,IAAI,GAAG,OAAO,CAAC,CAAC,CAAC,MAAM,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IACvD,OAAO,IAAI,OAAO,CAAC,GAAG,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,IAAI,SAAS,EAAE,CAAC,CAAC;AACxE,CAAC;AAED,iEAAiE;AACjE,KAAK,UAAU,gBAAgB,CAC7B,MAAgB,EAChB,GAAmB;IAEnB,GAAG,CAAC,UAAU,GAAG,MAAM,CAAC,MAAM,CAAC;IAC/B,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAC;IAClE,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,IAAI,EAAE,CAAC;IACjC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;AAChB,CAAC;AAED,SAAS,QAAQ,CAAC,GAAmB,EAAE,MAAc,EAAE,IAAa;IAClE,GAAG,CAAC,UAAU,GAAG,MAAM,CAAC;IACxB,GAAG,CAAC,SAAS,CAAC,cAAc,EAAE,kBAAkB,CAAC,CAAC;IAClD,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;AAChC,CAAC;AAED,MAAM,UAAU,GAAG,YAAY,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;IAC3C,KAAK,CAAC,KAAK,IAAI,EAAE;QACf,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC;YAE3B,6DAA6D;YAC7D,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,UAAU,EAAE,CAAC;gBAC5C,QAAQ,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,eAAe,EAAE,CAAC,CAAC;gBAC/D,OAAO;YACT,CAAC;YAED,mEAAmE;YACnE,mEAAmE;YACnE,gEAAgE;YAChE,sDAAsD;YACtD,IAAI,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,gBAAgB,EAAE,CAAC;gBAC3C,QAAQ,CAAC,GAAG,EAAE,GAAG,EAAE,WAAW,CAAC,CAAC;gBAChC,OAAO;YACT,CAAC;YAED,mEAAmE;YACnE,gEAAgE;YAChE,8DAA8D;YAC9D,qEAAqE;YACrE,kDAAkD;YAClD,IAAI,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,gCAAgC,EAAE,CAAC;gBAC3D,QAAQ,CAAC,GAAG,EAAE,GAAG,EAAE,2BAA2B,CAAC,CAAC;gBAChD,OAAO;YACT,CAAC;YAED,iEAAiE;YACjE,+DAA+D;YAC/D,kEAAkE;YAClE,sEAAsE;YACtE,IAAI,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,gBAAgB,EAAE,CAAC;gBAC3C,QAAQ,CAAC,GAAG,EAAE,GAAG,EAAE,WAAW,CAAC,CAAC;gBAChC,OAAO;YACT,CAAC;YAED,+BAA+B;YAC/B,IAAI,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,QAAQ,EAAE,CAAC;gBACnC,QAAQ,CAAC,GAAG,EAAE,GAAG,EAAE;oBACjB,KAAK,EAAE,WAAW;oBAClB,OAAO,EAAE,8BAA8B,QAAQ,QAAQ;iBACxD,CAAC,CAAC;gBACH,OAAO;YACT,CAAC;YAED,uEAAuE;YACvE,2EAA2E;YAC3E,MAAM,WAAW,GAAG,kBAAkB,CAAC,GAAG,CAAC,CAAC;YAC5C,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjB,sEAAsE;gBACtE,uEAAuE;gBACvE,gEAAgE;gBAChE,kEAAkE;gBAClE,wEAAwE;gBACxE,uEAAuE;gBACvE,wEAAwE;gBACxE,gDAAgD;gBAChD,8DAA8D;gBAC9D,gEAAgE;gBAChE,gEAAgE;gBAChE,GAAG,CAAC,SAAS,CACX,kBAAkB,EAClB,uDAAuD;oBACrD,6CAA6C,gCAAgC,KAAK;oBAClF,+JAA+J,CAClK,CAAC;gBACF,QAAQ,CAAC,GAAG,EAAE,GAAG,EAAE;oBACjB,KAAK,EAAE,cAAc;oBACrB,OAAO,EACL,sHAAsH;iBACzH,CAAC,CAAC;gBACH,OAAO;YACT,CAAC;YAED,iEAAiE;YACjE,0EAA0E;YAC1E,2EAA2E;YAC3E,wEAAwE;YACxE,kDAAkD;YAClD,MAAM,MAAM,GAAG,eAAe,CAAC,EAAE,MAAM,EAAE,WAAW,EAAE,OAAO,EAAE,QAAQ,EAAE,CAAC,CAAC;YAC3E,MAAM,SAAS,GAAG,IAAI,wCAAwC,CAAC;gBAC7D,kBAAkB,EAAE,SAAS,EAAE,YAAY;aAC5C,CAAC,CAAC;YACH,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;YAEhC,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,GAAG,CAAC,CAAC;YACvC,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC;YACrD,MAAM,gBAAgB,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;YAEpC,4DAA4D;YAC5D,MAAM,MAAM,CAAC,KAAK,EAAE,CAAC;QACvB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,4DAA4D;YAC5D,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;gBACrB,QAAQ,CAAC,GAAG,EAAE,GAAG,EAAE;oBACjB,KAAK,EAAE,gBAAgB;oBACvB,OAAO,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,kBAAkB;iBACjE,CAAC,CAAC;YACL,CAAC;iBAAM,CAAC;gBACN,GAAG,CAAC,GAAG,EAAE,CAAC;YACZ,CAAC;QACH,CAAC;IACH,CAAC,CAAC,EAAE,CAAC;AACP,CAAC,CAAC,CAAC;AAEH,UAAU,CAAC,MAAM,CAAC,IAAI,EAAE,GAAG,EAAE;IAC3B,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,sCAAsC,IAAI,GAAG,QAAQ,GAAG;QACtD,mBAAmB,QAAQ,KAAK,CACnC,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,mEAAmE;AACnE,KAAK,MAAM,MAAM,IAAI,CAAC,SAAS,EAAE,QAAQ,CAAU,EAAE,CAAC;IACpD,OAAO,CAAC,EAAE,CAAC,MAAM,EAAE,GAAG,EAAE;QACtB,UAAU,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;IAC1C,CAAC,CAAC,CAAC;AACL,CAAC"}
|
package/dist/server.d.ts
CHANGED
|
@@ -16,7 +16,7 @@ import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
|
|
|
16
16
|
* meaningful tool-surface change. */
|
|
17
17
|
export declare const MCP_SERVER_INFO: {
|
|
18
18
|
readonly name: "tracepass";
|
|
19
|
-
readonly version: "1.
|
|
19
|
+
readonly version: "1.4.0";
|
|
20
20
|
};
|
|
21
21
|
export interface CreateMcpServerConfig {
|
|
22
22
|
/** Base URL of the TracePass app — e.g. "https://app.tracepass.eu".
|
package/dist/server.js
CHANGED
package/package.json
CHANGED
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "tracepass-mcp-server",
|
|
3
3
|
"mcpName": "eu.tracepass/tracepass",
|
|
4
|
-
"version": "1.
|
|
5
|
-
"description": "Model Context Protocol server for TracePass
|
|
4
|
+
"version": "1.4.0",
|
|
5
|
+
"description": "Model Context Protocol server for TracePass \u2014 the EU Digital Product Passport platform. Lets AI assistants manage products, passports, and EPCIS supply-chain events.",
|
|
6
6
|
"license": "MIT",
|
|
7
7
|
"type": "module",
|
|
8
8
|
"keywords": [
|