tracepass-mcp-server 1.3.0 → 1.4.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +45 -7
- package/dist/http.d.ts +17 -4
- package/dist/http.d.ts.map +1 -1
- package/dist/http.js +112 -39
- package/dist/http.js.map +1 -1
- package/dist/server.d.ts +1 -1
- package/dist/server.js +1 -1
- package/package.json +2 -2
package/README.md
CHANGED
|
@@ -20,12 +20,49 @@ The same server core ships two ways:
|
|
|
20
20
|
2. **Local (npm)** — run `tracepass-mcp-server` via `npx`. The MCP
|
|
21
21
|
client launches it as a subprocess and speaks MCP over stdio.
|
|
22
22
|
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
23
|
+
## Authentication
|
|
24
|
+
|
|
25
|
+
The server accepts **either** of TracePass's two v1 auth methods on the
|
|
26
|
+
same `Authorization: Bearer …` header — it forwards whatever you send to
|
|
27
|
+
the API, which decides. Pick the one that fits how you're connecting:
|
|
28
|
+
|
|
29
|
+
| | **API key** | **OAuth 2.0** |
|
|
30
|
+
|---|---|---|
|
|
31
|
+
| Best for | A single user, scripts, server-to-server | AI assistants / apps acting **on a user's behalf** |
|
|
32
|
+
| What you send | A static `tp_…` key as a Bearer token | A scoped access token obtained via the OAuth flow |
|
|
33
|
+
| Setup | Mint at **Developer → API Keys** | The user clicks **Connect** and approves scopes |
|
|
34
|
+
| Scope | All-or-nothing (the whole workspace) | Exactly the scopes the user granted; revocable |
|
|
35
|
+
| Works with | Hosted **and** local (npx) | Hosted endpoint only (needs a browser consent step) |
|
|
36
|
+
|
|
37
|
+
**Which should an AI assistant use?** If your MCP client supports OAuth
|
|
38
|
+
(Claude.ai, ChatGPT, and others), prefer **OAuth** — the user authorizes
|
|
39
|
+
the connection once on a TracePass consent screen, you never handle a
|
|
40
|
+
secret, and access is least-privilege and revocable. If your client only
|
|
41
|
+
takes a header/token, use an **API key**.
|
|
42
|
+
|
|
43
|
+
### OAuth 2.0 (recommended for hosted clients)
|
|
44
|
+
|
|
45
|
+
No config beyond pointing your client at the hosted endpoint — discovery
|
|
46
|
+
is automatic. On the first unauthenticated request the server returns a
|
|
47
|
+
`401` whose `WWW-Authenticate` header carries a `resource_metadata` URL
|
|
48
|
+
(RFC 9728) pointing at `/.well-known/oauth-protected-resource`, which
|
|
49
|
+
names the TracePass authorization server. The client runs the standard
|
|
50
|
+
**authorization-code flow with PKCE** (`/api/oauth/authorize` →
|
|
51
|
+
`/api/oauth/token`), the user approves scopes, and the client stores +
|
|
52
|
+
refreshes the token. If you distribute your own client, register an app
|
|
53
|
+
under **Developer → OAuth Apps** to get a `client_id`; many hosted
|
|
54
|
+
clients self-register via Dynamic Client Registration automatically.
|
|
55
|
+
|
|
56
|
+
Request only the scopes you need, e.g. `passports:read passports:write
|
|
57
|
+
offline_access`. Users manage connected apps (and revoke) under
|
|
58
|
+
**Developer → OAuth Apps → Connected Apps**.
|
|
59
|
+
|
|
60
|
+
### API key
|
|
61
|
+
|
|
62
|
+
Mint a `tp_…` key under **Developer → API Keys** and send it as a Bearer
|
|
63
|
+
token.
|
|
64
|
+
|
|
65
|
+
**Hosted:**
|
|
29
66
|
|
|
30
67
|
```json
|
|
31
68
|
{
|
|
@@ -38,7 +75,8 @@ Both need a TracePass API key — mint one in the dashboard under
|
|
|
38
75
|
}
|
|
39
76
|
```
|
|
40
77
|
|
|
41
|
-
|
|
78
|
+
**Local (npx / stdio)** — the local subprocess can't do an interactive
|
|
79
|
+
OAuth consent step, so it's API-key only, via the `TRACEPASS_API_KEY` env:
|
|
42
80
|
|
|
43
81
|
```json
|
|
44
82
|
{
|
package/dist/http.d.ts
CHANGED
|
@@ -3,12 +3,20 @@
|
|
|
3
3
|
*
|
|
4
4
|
* Runs as a standalone Node service (deployed to Hetzner, served at
|
|
5
5
|
* https://ai.tracepass.eu/mcp). An MCP client connects over
|
|
6
|
-
* Streamable HTTP; the
|
|
7
|
-
* `Authorization: Bearer
|
|
6
|
+
* Streamable HTTP; the caller's TracePass credential travels in the
|
|
7
|
+
* `Authorization: Bearer <token>` header of every request.
|
|
8
|
+
*
|
|
9
|
+
* BOTH v1 auth methods work here, transparently — we forward the
|
|
10
|
+
* Bearer token to the v1 API unchanged and the platform's unified gate
|
|
11
|
+
* decides: a `tp_…` API key (service account) OR an OAuth 2.0 access
|
|
12
|
+
* token (user-authorized, scoped). The server neither parses nor cares
|
|
13
|
+
* which; it's a pass-through. OAuth-capable MCP clients (Claude.ai,
|
|
14
|
+
* ChatGPT) discover the flow via the 401 `resource_metadata` param and
|
|
15
|
+
* the server card; simpler clients paste a tp_ key.
|
|
8
16
|
*
|
|
9
17
|
* Stateless by design: each MCP request is self-contained, so we
|
|
10
18
|
* build a fresh server + transport per request, bound to that
|
|
11
|
-
* request's
|
|
19
|
+
* request's token. No server-side session state — which means the
|
|
12
20
|
* service scales horizontally and a restart drops nothing.
|
|
13
21
|
*
|
|
14
22
|
* This is the SAME server core (`createMcpServer`) the stdio
|
|
@@ -17,7 +25,12 @@
|
|
|
17
25
|
* Env:
|
|
18
26
|
* PORT (optional) — listen port, default 8080
|
|
19
27
|
* TRACEPASS_BASE_URL (optional) — the TracePass API base URL the
|
|
20
|
-
* tools call, default https://app.tracepass.eu
|
|
28
|
+
* tools call, default https://app.tracepass.eu. In prod
|
|
29
|
+
* this is the INTERNAL Docker address (platform:3000).
|
|
30
|
+
* TRACEPASS_AUTH_SERVER_URL (optional) — the PUBLIC authorization-server
|
|
31
|
+
* origin advertised in OAuth discovery metadata, default
|
|
32
|
+
* https://app.tracepass.eu. Set this when BASE_URL is an
|
|
33
|
+
* internal address so clients get a reachable auth server.
|
|
21
34
|
*/
|
|
22
35
|
export {};
|
|
23
36
|
//# sourceMappingURL=http.d.ts.map
|
package/dist/http.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"http.d.ts","sourceRoot":"","sources":["../src/http.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"http.d.ts","sourceRoot":"","sources":["../src/http.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiCG"}
|
package/dist/http.js
CHANGED
|
@@ -3,12 +3,20 @@
|
|
|
3
3
|
*
|
|
4
4
|
* Runs as a standalone Node service (deployed to Hetzner, served at
|
|
5
5
|
* https://ai.tracepass.eu/mcp). An MCP client connects over
|
|
6
|
-
* Streamable HTTP; the
|
|
7
|
-
* `Authorization: Bearer
|
|
6
|
+
* Streamable HTTP; the caller's TracePass credential travels in the
|
|
7
|
+
* `Authorization: Bearer <token>` header of every request.
|
|
8
|
+
*
|
|
9
|
+
* BOTH v1 auth methods work here, transparently — we forward the
|
|
10
|
+
* Bearer token to the v1 API unchanged and the platform's unified gate
|
|
11
|
+
* decides: a `tp_…` API key (service account) OR an OAuth 2.0 access
|
|
12
|
+
* token (user-authorized, scoped). The server neither parses nor cares
|
|
13
|
+
* which; it's a pass-through. OAuth-capable MCP clients (Claude.ai,
|
|
14
|
+
* ChatGPT) discover the flow via the 401 `resource_metadata` param and
|
|
15
|
+
* the server card; simpler clients paste a tp_ key.
|
|
8
16
|
*
|
|
9
17
|
* Stateless by design: each MCP request is self-contained, so we
|
|
10
18
|
* build a fresh server + transport per request, bound to that
|
|
11
|
-
* request's
|
|
19
|
+
* request's token. No server-side session state — which means the
|
|
12
20
|
* service scales horizontally and a restart drops nothing.
|
|
13
21
|
*
|
|
14
22
|
* This is the SAME server core (`createMcpServer`) the stdio
|
|
@@ -17,18 +25,40 @@
|
|
|
17
25
|
* Env:
|
|
18
26
|
* PORT (optional) — listen port, default 8080
|
|
19
27
|
* TRACEPASS_BASE_URL (optional) — the TracePass API base URL the
|
|
20
|
-
* tools call, default https://app.tracepass.eu
|
|
28
|
+
* tools call, default https://app.tracepass.eu. In prod
|
|
29
|
+
* this is the INTERNAL Docker address (platform:3000).
|
|
30
|
+
* TRACEPASS_AUTH_SERVER_URL (optional) — the PUBLIC authorization-server
|
|
31
|
+
* origin advertised in OAuth discovery metadata, default
|
|
32
|
+
* https://app.tracepass.eu. Set this when BASE_URL is an
|
|
33
|
+
* internal address so clients get a reachable auth server.
|
|
21
34
|
*/
|
|
22
35
|
import { createServer } from "node:http";
|
|
23
36
|
import { WebStandardStreamableHTTPServerTransport } from "@modelcontextprotocol/sdk/server/webStandardStreamableHttp.js";
|
|
24
37
|
import { createMcpServer } from "./server.js";
|
|
25
38
|
const PORT = Number(process.env.PORT) || 8080;
|
|
26
39
|
const DEFAULT_BASE_URL = "https://app.tracepass.eu";
|
|
40
|
+
// The API base the TOOLS call. In prod this is the INTERNAL Docker address
|
|
41
|
+
// (http://platform:3000) — a private loopback, never exposed to clients.
|
|
27
42
|
const BASE_URL = process.env.TRACEPASS_BASE_URL?.trim() || DEFAULT_BASE_URL;
|
|
43
|
+
// The PUBLIC origin of the TracePass authorization server, used ONLY in the
|
|
44
|
+
// OAuth discovery metadata (RFC 9728 `authorization_servers`). MUST be a URL the
|
|
45
|
+
// client's browser can reach — distinct from BASE_URL, which in prod is the
|
|
46
|
+
// internal loopback. Defaults to the public app origin.
|
|
47
|
+
const PUBLIC_AUTH_SERVER_URL = process.env.TRACEPASS_AUTH_SERVER_URL?.trim() || DEFAULT_BASE_URL;
|
|
28
48
|
/** The MCP endpoint path. `/mcp` is the conventional path. */
|
|
29
49
|
const MCP_PATH = "/mcp";
|
|
30
50
|
/** The MCP server card discovery path (SEP-1649). */
|
|
31
51
|
const SERVER_CARD_PATH = "/.well-known/mcp/server-card.json";
|
|
52
|
+
/**
|
|
53
|
+
* RFC 9728 Protected Resource Metadata path. The MCP authorization spec has a
|
|
54
|
+
* client fetch this (pointed to by the `resource_metadata` param on our 401
|
|
55
|
+
* `WWW-Authenticate` challenge) to discover which authorization server protects
|
|
56
|
+
* this resource. TracePass now runs a real OAuth2 authorization server on the
|
|
57
|
+
* platform origin (its public app.tracepass.eu URL — see PUBLIC_AUTH_SERVER_URL), so we name it here. This is the
|
|
58
|
+
* resource server (ai.tracepass.eu); the authorization server is a different
|
|
59
|
+
* origin — RFC 9728 is exactly the indirection for that split.
|
|
60
|
+
*/
|
|
61
|
+
const PROTECTED_RESOURCE_METADATA_PATH = "/.well-known/oauth-protected-resource";
|
|
32
62
|
/**
|
|
33
63
|
* Glama connector ownership-claim path. Glama probes the CONNECTOR's
|
|
34
64
|
* own host (ai.tracepass.eu) for this file to verify we maintain the
|
|
@@ -50,14 +80,15 @@ const GLAMA_CLAIM = {
|
|
|
50
80
|
* because discovery precedes auth.
|
|
51
81
|
*
|
|
52
82
|
* Every value here mirrors the real server: `serverInfo` matches
|
|
53
|
-
* `
|
|
83
|
+
* `MCP_SERVER_INFO` in server.ts (tracepass / 1.4.1); the capability lists are
|
|
54
84
|
* the exact tool names from tools.ts, resource URIs/templates from
|
|
55
85
|
* resources.ts, and prompt names from prompts.ts. Keep this in sync when
|
|
56
86
|
* capabilities change — a card that over-claims is worse than no card.
|
|
57
87
|
*
|
|
58
|
-
* `authentication`
|
|
59
|
-
*
|
|
60
|
-
*
|
|
88
|
+
* `authentication` declares BOTH supported methods: a static API-key Bearer
|
|
89
|
+
* scheme AND OAuth2 (the platform now runs a real authorization server). The
|
|
90
|
+
* `resourceMetadata` URL points at our RFC 9728 protected-resource document
|
|
91
|
+
* (see the WWW-Authenticate note on the 401 path).
|
|
61
92
|
*
|
|
62
93
|
* MIRROR: a byte-equivalent copy of this card is also served as a static
|
|
63
94
|
* file from the marketing site at
|
|
@@ -69,24 +100,29 @@ const GLAMA_CLAIM = {
|
|
|
69
100
|
*/
|
|
70
101
|
const SERVER_CARD = {
|
|
71
102
|
name: "tracepass",
|
|
72
|
-
version: "1.
|
|
103
|
+
version: "1.4.1",
|
|
73
104
|
description: "Model Context Protocol server for TracePass — the EU Digital Product Passport platform. Manage products, Digital Product Passports, economic-operator parties, and GS1 EPCIS 2.0 supply-chain events.",
|
|
74
|
-
serverInfo: { name: "tracepass", version: "1.
|
|
105
|
+
serverInfo: { name: "tracepass", version: "1.4.1" },
|
|
75
106
|
transport: {
|
|
76
107
|
type: "streamable-http",
|
|
77
108
|
endpoint: `https://ai.tracepass.eu${MCP_PATH}`,
|
|
78
109
|
},
|
|
79
110
|
authentication: {
|
|
80
|
-
// SEP-1649 fields
|
|
81
|
-
//
|
|
82
|
-
//
|
|
83
|
-
//
|
|
84
|
-
//
|
|
111
|
+
// SEP-1649 fields. TracePass now supports BOTH auth methods, so schemes
|
|
112
|
+
// lists both: "bearer" (a static tp_ API key — simplest, server-to-server)
|
|
113
|
+
// and "oauth2" (user-authorized, via the platform's authorization server —
|
|
114
|
+
// discovery at the resource-metadata URL below). A client that can do the
|
|
115
|
+
// OAuth flow gets a "Connect" experience; one that can't falls back to a
|
|
116
|
+
// pasted API key. The type/scheme fields describe the Bearer default for
|
|
117
|
+
// human + non-SEP-1649 readers.
|
|
85
118
|
required: true,
|
|
86
|
-
schemes: ["bearer"],
|
|
119
|
+
schemes: ["bearer", "oauth2"],
|
|
87
120
|
type: "http",
|
|
88
121
|
scheme: "bearer",
|
|
89
|
-
|
|
122
|
+
// RFC 9728 resource-metadata URL — where an OAuth-capable client learns
|
|
123
|
+
// which authorization server protects this resource.
|
|
124
|
+
resourceMetadata: `https://ai.tracepass.eu${PROTECTED_RESOURCE_METADATA_PATH}`,
|
|
125
|
+
description: "Two ways to authenticate, pick one. (1) OAuth 2.0 (recommended for AI assistants acting for a user): if your client supports OAuth, Connect the server and the user approves scopes on a TracePass consent screen — no secret to handle, access is scoped and revocable. Discovery is automatic via this card's resourceMetadata and the 401 WWW-Authenticate challenge (authorization-code + PKCE). (2) API key (simplest for a single user / scripts): the user mints a tp_ key at Developer -> API Keys and you send it as Authorization: Bearer <tp_ key>. The server forwards whichever you send; both reach the same v1 API.",
|
|
90
126
|
},
|
|
91
127
|
capabilities: {
|
|
92
128
|
tools: [
|
|
@@ -115,8 +151,36 @@ const SERVER_CARD = {
|
|
|
115
151
|
},
|
|
116
152
|
documentation: "https://www.tracepass.eu/docs/mcp",
|
|
117
153
|
};
|
|
118
|
-
/**
|
|
119
|
-
|
|
154
|
+
/**
|
|
155
|
+
* RFC 9728 Protected Resource Metadata. Declares that this resource
|
|
156
|
+
* (ai.tracepass.eu/mcp) is protected by the TracePass authorization server at
|
|
157
|
+
* its PUBLIC origin (PUBLIC_AUTH_SERVER_URL — NOT the internal BASE_URL the
|
|
158
|
+
* tools call). An OAuth-capable MCP client fetches this after
|
|
159
|
+
* a 401, then drives the authorization-code flow against the named auth server.
|
|
160
|
+
* `scopes_supported` mirrors the platform's OAuth scopes so a client can request
|
|
161
|
+
* least-privilege.
|
|
162
|
+
*/
|
|
163
|
+
const PROTECTED_RESOURCE_METADATA = {
|
|
164
|
+
resource: `https://ai.tracepass.eu${MCP_PATH}`,
|
|
165
|
+
authorization_servers: [PUBLIC_AUTH_SERVER_URL],
|
|
166
|
+
scopes_supported: [
|
|
167
|
+
"passports:read",
|
|
168
|
+
"passports:write",
|
|
169
|
+
"documents:read",
|
|
170
|
+
"documents:write",
|
|
171
|
+
"suppliers:read",
|
|
172
|
+
"suppliers:write",
|
|
173
|
+
"offline_access",
|
|
174
|
+
],
|
|
175
|
+
bearer_methods_supported: ["header"],
|
|
176
|
+
};
|
|
177
|
+
/**
|
|
178
|
+
* Extract the Bearer credential from the Authorization header. This is EITHER a
|
|
179
|
+
* `tp_…` API key OR an OAuth 2.0 access token — we don't distinguish here. The
|
|
180
|
+
* token is forwarded verbatim to the v1 API, whose unified auth gate branches on
|
|
181
|
+
* the token shape (`tp_` prefix → API key, else → OAuth). Both are valid.
|
|
182
|
+
*/
|
|
183
|
+
function extractBearerToken(req) {
|
|
120
184
|
const auth = req.headers["authorization"];
|
|
121
185
|
if (typeof auth !== "string")
|
|
122
186
|
return null;
|
|
@@ -176,6 +240,15 @@ const httpServer = createServer((req, res) => {
|
|
|
176
240
|
sendJson(res, 200, SERVER_CARD);
|
|
177
241
|
return;
|
|
178
242
|
}
|
|
243
|
+
// RFC 9728 Protected Resource Metadata. Public + unauthenticated —
|
|
244
|
+
// an OAuth-capable client fetches this (pointed here by the 401
|
|
245
|
+
// WWW-Authenticate `resource_metadata` param) to discover the
|
|
246
|
+
// authorization server. NB: the edge catch-all redirect must EXCLUDE
|
|
247
|
+
// this path too (same as the card / glama paths).
|
|
248
|
+
if (url.split("?")[0] === PROTECTED_RESOURCE_METADATA_PATH) {
|
|
249
|
+
sendJson(res, 200, PROTECTED_RESOURCE_METADATA);
|
|
250
|
+
return;
|
|
251
|
+
}
|
|
179
252
|
// Glama connector ownership claim. Public + unauthenticated. NB:
|
|
180
253
|
// the edge (Caddy) catch-all redirect for ai.tracepass.eu must
|
|
181
254
|
// EXCLUDE this path, or the claim file never reaches this handler
|
|
@@ -192,36 +265,36 @@ const httpServer = createServer((req, res) => {
|
|
|
192
265
|
});
|
|
193
266
|
return;
|
|
194
267
|
}
|
|
195
|
-
//
|
|
196
|
-
|
|
197
|
-
|
|
198
|
-
|
|
199
|
-
//
|
|
200
|
-
//
|
|
201
|
-
//
|
|
202
|
-
//
|
|
203
|
-
//
|
|
204
|
-
//
|
|
205
|
-
//
|
|
206
|
-
//
|
|
207
|
-
// false discovery claim — same reason www skips the auth.md
|
|
208
|
-
// check.) If TracePass ever ships real OAuth client registration,
|
|
209
|
-
// add the resource_metadata param then.
|
|
268
|
+
// A credential is required — no anonymous MCP access. Accepts either a
|
|
269
|
+
// tp_ API key or an OAuth access token (forwarded verbatim to the v1 API).
|
|
270
|
+
const bearerToken = extractBearerToken(req);
|
|
271
|
+
if (!bearerToken) {
|
|
272
|
+
// RFC 6750 Bearer challenge + RFC 9728 resource_metadata. MCP clients
|
|
273
|
+
// that do spec-compliant auth discovery read WWW-Authenticate to learn
|
|
274
|
+
// the scheme + (now) where to find the OAuth protected-resource
|
|
275
|
+
// metadata, which names the authorization server they can run the
|
|
276
|
+
// authorization-code flow against. TracePass now supports BOTH a static
|
|
277
|
+
// tp_ API key AND OAuth, so we advertise the resource_metadata param —
|
|
278
|
+
// a Connect-capable client uses OAuth; a simpler client falls back to a
|
|
279
|
+
// pasted key per the human-readable JSON below.
|
|
210
280
|
// NB: HTTP header values are Latin-1 only — no non-ASCII (the
|
|
211
281
|
// "->" stays ASCII; the UTF-8 arrow used in the JSON body below
|
|
212
282
|
// would make Node throw "Invalid character in header content").
|
|
213
283
|
res.setHeader("WWW-Authenticate", 'Bearer realm="TracePass MCP", error="invalid_token", ' +
|
|
214
|
-
|
|
284
|
+
`resource_metadata="https://ai.tracepass.eu${PROTECTED_RESOURCE_METADATA_PATH}", ` +
|
|
285
|
+
'error_description="Authenticate with a TracePass API key (Developer -> API Keys, send Authorization: Bearer <tp_ key>) or via OAuth (see resource_metadata)."');
|
|
215
286
|
sendJson(res, 401, {
|
|
216
287
|
error: "unauthorized",
|
|
217
288
|
message: "Missing API key. Send Authorization: Bearer <tp_ key>. Mint a key in the TracePass dashboard → Developer → API Keys.",
|
|
218
289
|
});
|
|
219
290
|
return;
|
|
220
291
|
}
|
|
221
|
-
// Fresh, stateless server + transport per request, bound to
|
|
222
|
-
//
|
|
223
|
-
//
|
|
224
|
-
|
|
292
|
+
// Fresh, stateless server + transport per request, bound to this
|
|
293
|
+
// request's credential. The `apiKey` config field carries whatever Bearer
|
|
294
|
+
// token arrived (tp_ key OR OAuth access token) — it's forwarded verbatim;
|
|
295
|
+
// the v1 API's unified gate validates it. The transport's handleRequest
|
|
296
|
+
// takes a Web Request and returns a Web Response.
|
|
297
|
+
const server = createMcpServer({ apiKey: bearerToken, baseUrl: BASE_URL });
|
|
225
298
|
const transport = new WebStandardStreamableHTTPServerTransport({
|
|
226
299
|
sessionIdGenerator: undefined, // stateless
|
|
227
300
|
});
|
package/dist/http.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"http.js","sourceRoot":"","sources":["../src/http.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"http.js","sourceRoot":"","sources":["../src/http.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiCG;AAEH,OAAO,EAAE,YAAY,EAA6C,MAAM,WAAW,CAAC;AACpF,OAAO,EAAE,wCAAwC,EAAE,MAAM,+DAA+D,CAAC;AACzH,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAE9C,MAAM,IAAI,GAAG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC;AAC9C,MAAM,gBAAgB,GAAG,0BAA0B,CAAC;AACpD,2EAA2E;AAC3E,yEAAyE;AACzE,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,kBAAkB,EAAE,IAAI,EAAE,IAAI,gBAAgB,CAAC;AAC5E,4EAA4E;AAC5E,iFAAiF;AACjF,4EAA4E;AAC5E,wDAAwD;AACxD,MAAM,sBAAsB,GAC1B,OAAO,CAAC,GAAG,CAAC,yBAAyB,EAAE,IAAI,EAAE,IAAI,gBAAgB,CAAC;AAEpE,8DAA8D;AAC9D,MAAM,QAAQ,GAAG,MAAM,CAAC;AAExB,qDAAqD;AACrD,MAAM,gBAAgB,GAAG,mCAAmC,CAAC;AAE7D;;;;;;;;GAQG;AACH,MAAM,gCAAgC,GAAG,uCAAuC,CAAC;AAEjF;;;;;;;;;GASG;AACH,MAAM,gBAAgB,GAAG,yBAAyB,CAAC;AACnD,MAAM,WAAW,GAAG;IAClB,OAAO,EAAE,6CAA6C;IACtD,WAAW,EAAE,CAAC,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC;CACtC,CAAC;AAEX;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,MAAM,WAAW,GAAG;IAClB,IAAI,EAAE,WAAW;IACjB,OAAO,EAAE,OAAO;IAChB,WAAW,EACT,uMAAuM;IACzM,UAAU,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,OAAO,EAAE;IACnD,SAAS,EAAE;QACT,IAAI,EAAE,iBAAiB;QACvB,QAAQ,EAAE,0BAA0B,QAAQ,EAAE;KAC/C;IACD,cAAc,EAAE;QACd,wEAAwE;QACxE,2EAA2E;QAC3E,2EAA2E;QAC3E,0EAA0E;QAC1E,yEAAyE;QACzE,yEAAyE;QACzE,gCAAgC;QAChC,QAAQ,EAAE,IAAI;QACd,OAAO,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC;QAC7B,IAAI,EAAE,MAAM;QACZ,MAAM,EAAE,QAAQ;QAChB,wEAAwE;QACxE,qDAAqD;QACrD,gBAAgB,EAAE,0BAA0B,gCAAgC,EAAE;QAC9E,WAAW,EACT,omBAAomB;KACvmB;IACD,YAAY,EAAE;QACZ,KAAK,EAAE;YACL,oBAAoB;YACpB,qBAAqB;YACrB,2BAA2B;YAC3B,4BAA4B;YAC5B,iBAAiB;YACjB,qBAAqB;SACtB;QACD,SAAS,EAAE,CAAC,sBAAsB,EAAE,uBAAuB,CAAC;QAC5D,iBAAiB,EAAE;YACjB,0BAA0B;YAC1B,2BAA2B;YAC3B,iCAAiC;YACjC,sCAAsC;YACtC,iCAAiC;SAClC;QACD,OAAO,EAAE;YACP,gBAAgB;YAChB,iBAAiB;YACjB,0BAA0B;YAC1B,sBAAsB;YACtB,qBAAqB;SACtB;KACF;IACD,aAAa,EAAE,mCAAmC;CAC1C,CAAC;AAEX;;;;;;;;GAQG;AACH,MAAM,2BAA2B,GAAG;IAClC,QAAQ,EAAE,0BAA0B,QAAQ,EAAE;IAC9C,qBAAqB,EAAE,CAAC,sBAAsB,CAAC;IAC/C,gBAAgB,EAAE;QAChB,gBAAgB;QAChB,iBAAiB;QACjB,gBAAgB;QAChB,iBAAiB;QACjB,gBAAgB;QAChB,iBAAiB;QACjB,gBAAgB;KACjB;IACD,wBAAwB,EAAE,CAAC,QAAQ,CAAC;CAC5B,CAAC;AAEX;;;;;GAKG;AACH,SAAS,kBAAkB,CAAC,GAAoB;IAC9C,MAAM,IAAI,GAAG,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;IAC1C,IAAI,OAAO,IAAI,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IAC1C,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC;IACzC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAE,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;AACjC,CAAC;AAED,8CAA8C;AAC9C,SAAS,QAAQ,CAAC,GAAoB;IACpC,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,MAAM,GAAa,EAAE,CAAC;QAC5B,GAAG,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,CAAS,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;QAC9C,GAAG,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QACrE,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAC1B,CAAC,CAAC,CAAC;AACL,CAAC;AAED,yDAAyD;AACzD,KAAK,UAAU,YAAY,CAAC,GAAoB;IAC9C,MAAM,IAAI,GAAG,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,aAAa,IAAI,EAAE,CAAC;IACxD,MAAM,GAAG,GAAG,UAAU,IAAI,GAAG,GAAG,CAAC,GAAG,IAAI,GAAG,EAAE,CAAC;IAC9C,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;IAC9B,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;QACjD,IAAI,CAAC,KAAK,SAAS;YAAE,SAAS;QAC9B,OAAO,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACtD,CAAC;IACD,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,IAAI,KAAK,CAAC;IACnC,MAAM,OAAO,GAAG,MAAM,KAAK,KAAK,IAAI,MAAM,KAAK,MAAM,CAAC;IACtD,MAAM,IAAI,GAAG,OAAO,CAAC,CAAC,CAAC,MAAM,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IACvD,OAAO,IAAI,OAAO,CAAC,GAAG,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,IAAI,SAAS,EAAE,CAAC,CAAC;AACxE,CAAC;AAED,iEAAiE;AACjE,KAAK,UAAU,gBAAgB,CAC7B,MAAgB,EAChB,GAAmB;IAEnB,GAAG,CAAC,UAAU,GAAG,MAAM,CAAC,MAAM,CAAC;IAC/B,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAC;IAClE,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,IAAI,EAAE,CAAC;IACjC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;AAChB,CAAC;AAED,SAAS,QAAQ,CAAC,GAAmB,EAAE,MAAc,EAAE,IAAa;IAClE,GAAG,CAAC,UAAU,GAAG,MAAM,CAAC;IACxB,GAAG,CAAC,SAAS,CAAC,cAAc,EAAE,kBAAkB,CAAC,CAAC;IAClD,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;AAChC,CAAC;AAED,MAAM,UAAU,GAAG,YAAY,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;IAC3C,KAAK,CAAC,KAAK,IAAI,EAAE;QACf,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC;YAE3B,6DAA6D;YAC7D,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,UAAU,EAAE,CAAC;gBAC5C,QAAQ,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,eAAe,EAAE,CAAC,CAAC;gBAC/D,OAAO;YACT,CAAC;YAED,mEAAmE;YACnE,mEAAmE;YACnE,gEAAgE;YAChE,sDAAsD;YACtD,IAAI,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,gBAAgB,EAAE,CAAC;gBAC3C,QAAQ,CAAC,GAAG,EAAE,GAAG,EAAE,WAAW,CAAC,CAAC;gBAChC,OAAO;YACT,CAAC;YAED,mEAAmE;YACnE,gEAAgE;YAChE,8DAA8D;YAC9D,qEAAqE;YACrE,kDAAkD;YAClD,IAAI,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,gCAAgC,EAAE,CAAC;gBAC3D,QAAQ,CAAC,GAAG,EAAE,GAAG,EAAE,2BAA2B,CAAC,CAAC;gBAChD,OAAO;YACT,CAAC;YAED,iEAAiE;YACjE,+DAA+D;YAC/D,kEAAkE;YAClE,sEAAsE;YACtE,IAAI,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,gBAAgB,EAAE,CAAC;gBAC3C,QAAQ,CAAC,GAAG,EAAE,GAAG,EAAE,WAAW,CAAC,CAAC;gBAChC,OAAO;YACT,CAAC;YAED,+BAA+B;YAC/B,IAAI,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,QAAQ,EAAE,CAAC;gBACnC,QAAQ,CAAC,GAAG,EAAE,GAAG,EAAE;oBACjB,KAAK,EAAE,WAAW;oBAClB,OAAO,EAAE,8BAA8B,QAAQ,QAAQ;iBACxD,CAAC,CAAC;gBACH,OAAO;YACT,CAAC;YAED,uEAAuE;YACvE,2EAA2E;YAC3E,MAAM,WAAW,GAAG,kBAAkB,CAAC,GAAG,CAAC,CAAC;YAC5C,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjB,sEAAsE;gBACtE,uEAAuE;gBACvE,gEAAgE;gBAChE,kEAAkE;gBAClE,wEAAwE;gBACxE,uEAAuE;gBACvE,wEAAwE;gBACxE,gDAAgD;gBAChD,8DAA8D;gBAC9D,gEAAgE;gBAChE,gEAAgE;gBAChE,GAAG,CAAC,SAAS,CACX,kBAAkB,EAClB,uDAAuD;oBACrD,6CAA6C,gCAAgC,KAAK;oBAClF,+JAA+J,CAClK,CAAC;gBACF,QAAQ,CAAC,GAAG,EAAE,GAAG,EAAE;oBACjB,KAAK,EAAE,cAAc;oBACrB,OAAO,EACL,sHAAsH;iBACzH,CAAC,CAAC;gBACH,OAAO;YACT,CAAC;YAED,iEAAiE;YACjE,0EAA0E;YAC1E,2EAA2E;YAC3E,wEAAwE;YACxE,kDAAkD;YAClD,MAAM,MAAM,GAAG,eAAe,CAAC,EAAE,MAAM,EAAE,WAAW,EAAE,OAAO,EAAE,QAAQ,EAAE,CAAC,CAAC;YAC3E,MAAM,SAAS,GAAG,IAAI,wCAAwC,CAAC;gBAC7D,kBAAkB,EAAE,SAAS,EAAE,YAAY;aAC5C,CAAC,CAAC;YACH,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;YAEhC,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,GAAG,CAAC,CAAC;YACvC,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC;YACrD,MAAM,gBAAgB,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;YAEpC,4DAA4D;YAC5D,MAAM,MAAM,CAAC,KAAK,EAAE,CAAC;QACvB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,4DAA4D;YAC5D,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;gBACrB,QAAQ,CAAC,GAAG,EAAE,GAAG,EAAE;oBACjB,KAAK,EAAE,gBAAgB;oBACvB,OAAO,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,kBAAkB;iBACjE,CAAC,CAAC;YACL,CAAC;iBAAM,CAAC;gBACN,GAAG,CAAC,GAAG,EAAE,CAAC;YACZ,CAAC;QACH,CAAC;IACH,CAAC,CAAC,EAAE,CAAC;AACP,CAAC,CAAC,CAAC;AAEH,UAAU,CAAC,MAAM,CAAC,IAAI,EAAE,GAAG,EAAE;IAC3B,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,sCAAsC,IAAI,GAAG,QAAQ,GAAG;QACtD,mBAAmB,QAAQ,KAAK,CACnC,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,mEAAmE;AACnE,KAAK,MAAM,MAAM,IAAI,CAAC,SAAS,EAAE,QAAQ,CAAU,EAAE,CAAC;IACpD,OAAO,CAAC,EAAE,CAAC,MAAM,EAAE,GAAG,EAAE;QACtB,UAAU,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;IAC1C,CAAC,CAAC,CAAC;AACL,CAAC"}
|
package/dist/server.d.ts
CHANGED
|
@@ -16,7 +16,7 @@ import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
|
|
|
16
16
|
* meaningful tool-surface change. */
|
|
17
17
|
export declare const MCP_SERVER_INFO: {
|
|
18
18
|
readonly name: "tracepass";
|
|
19
|
-
readonly version: "1.1
|
|
19
|
+
readonly version: "1.4.1";
|
|
20
20
|
};
|
|
21
21
|
export interface CreateMcpServerConfig {
|
|
22
22
|
/** Base URL of the TracePass app — e.g. "https://app.tracepass.eu".
|
package/dist/server.js
CHANGED
package/package.json
CHANGED
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "tracepass-mcp-server",
|
|
3
3
|
"mcpName": "eu.tracepass/tracepass",
|
|
4
|
-
"version": "1.
|
|
5
|
-
"description": "Model Context Protocol server for TracePass
|
|
4
|
+
"version": "1.4.1",
|
|
5
|
+
"description": "Model Context Protocol server for TracePass \u2014 the EU Digital Product Passport platform. Lets AI assistants manage products, passports, and EPCIS supply-chain events.",
|
|
6
6
|
"license": "MIT",
|
|
7
7
|
"type": "module",
|
|
8
8
|
"keywords": [
|