typed-bridge 4.0.1 → 4.0.4

package/dist/bridge/index.d.ts

@@ -1,21 +1,11 @@
-import { Application, Request, Response } from 'express';
+import { Application } from 'express';
 import { Server } from 'http';
-import { MCPGetContext } from '../mcp';
 import { Bridge, BridgeEntries, ToolMode } from '../tools';
 interface CreateBridgeOptions {
     entries?: BridgeEntries;
     toolMode?: ToolMode;
     mcp?: boolean | string;
-    mcpGetContext?: MCPGetContext;
 }
-type Middleware = {
-    pattern: string;
-    handler: (req: Request, res: Response) => Promise<{
-        next?: boolean;
-        context?: any;
-    } | void>;
-};
-export declare const createMiddleware: (pattern: string, handler: Middleware["handler"]) => number;
 export declare const onShutdown: (fn: () => void) => () => void;
 export declare const createBridge: (bridge: Bridge, port: number, path?: string, options?: CreateBridgeOptions) => {
     app: Application;

package/dist/bridge/index.js

@@ -3,7 +3,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.createBridge = exports.onShutdown = exports.createMiddleware = void 0;
+exports.createBridge = exports.onShutdown = void 0;
 const chalk_1 = __importDefault(require("chalk"));
 const compression_1 = __importDefault(require("compression"));
 const cors_1 = __importDefault(require("cors"));
@@ -11,10 +11,8 @@ const express_1 = __importDefault(require("express"));
 const path_1 = __importDefault(require("path"));
 const __1 = require("..");
 const helpers_1 = require("../helpers");
+const middleware_1 = require("../middleware");
 const mcp_1 = require("../mcp");
-const middlewares = [];
-const createMiddleware = (pattern, handler) => middlewares.push({ pattern, handler });
-exports.createMiddleware = createMiddleware;
 let shutdownCallback = () => { };
 const onShutdown = (fn) => (shutdownCallback = fn);
 exports.onShutdown = onShutdown;
@@ -88,7 +86,7 @@ const createBridge = (bridge, port, path = '/bridge', options) => {
     // MCP endpoint
     if (options?.mcp && options?.entries) {
         const mcpPath = typeof options.mcp === 'string' ? options.mcp : path_1.default.join(path, 'mcp');
-        (0, mcp_1.mountMCP)(app, bridge, options.entries, mcpPath, options.mcpGetContext, options.toolMode || 'on_demand');
+        (0, mcp_1.mountMCP)(app, bridge, options.entries, mcpPath, options.toolMode || 'on_demand');
     }
     app.use(path, bridgeHandler(bridge));
     const server = app.listen(port, () => (0, helpers_1.printStartLogs)(port));
@@ -123,17 +121,10 @@ const bridgeHandler = (bridge) => async (req, res) => {
                 console.error(error);
             return res.status(404).json({ error });
         }
-        context = {};
-        const matchingMiddlewares = middlewares
-            .filter(m => (0, helpers_1.matchesPattern)(path, m.pattern))
-            .sort((a, b) => (0, helpers_1.getPatternSpecificity)(a.pattern) - (0, helpers_1.getPatternSpecificity)(b.pattern));
-        for (const middleware of matchingMiddlewares) {
-            const result = await middleware.handler(req, res);
-            if (result?.next === false)
-                return;
-            if (result?.context)
-                context = { ...context, ...result.context };
-        }
+        const { blocked, context: middlewareContext } = await (0, middleware_1.runMiddlewares)(path, req, res);
+        if (blocked)
+            return;
+        context = middlewareContext;
         res.json((await serverFunction(args, context)) || {});
     }
     catch (error) {

package/dist/index.d.ts

@@ -1,8 +1,9 @@
 export { Application, default as express, Express, NextFunction, Request, Response, Router } from 'express';
-export { createBridge, createMiddleware, onShutdown } from './bridge';
+export { createBridge, onShutdown } from './bridge';
 export { config as tbConfig } from './config';
+export { createMiddleware } from './middleware';
+export type { Middleware } from './middleware';
 export { mountMCP } from './mcp';
-export type { MCPGetContext } from './mcp';
 export { defineBridge, defineEntry, getTools, handleToolCall, isToolMode, TOOL_MODES } from './tools';
 export type { Bridge, BridgeEntries, BridgeEntry, GetToolsOptions, HandleToolCallOptions, LLMToolFormat, ToolCall, ToolMode, ToolSurface } from './tools';
 export { z } from 'zod';

package/dist/index.js

@@ -3,16 +3,17 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.z = exports.TOOL_MODES = exports.isToolMode = exports.handleToolCall = exports.getTools = exports.defineEntry = exports.defineBridge = exports.mountMCP = exports.tbConfig = exports.onShutdown = exports.createMiddleware = exports.createBridge = exports.Router = exports.express = void 0;
+exports.z = exports.TOOL_MODES = exports.isToolMode = exports.handleToolCall = exports.getTools = exports.defineEntry = exports.defineBridge = exports.mountMCP = exports.createMiddleware = exports.tbConfig = exports.onShutdown = exports.createBridge = exports.Router = exports.express = void 0;
 var express_1 = require("express");
 Object.defineProperty(exports, "express", { enumerable: true, get: function () { return __importDefault(express_1).default; } });
 Object.defineProperty(exports, "Router", { enumerable: true, get: function () { return express_1.Router; } });
 var bridge_1 = require("./bridge");
 Object.defineProperty(exports, "createBridge", { enumerable: true, get: function () { return bridge_1.createBridge; } });
-Object.defineProperty(exports, "createMiddleware", { enumerable: true, get: function () { return bridge_1.createMiddleware; } });
 Object.defineProperty(exports, "onShutdown", { enumerable: true, get: function () { return bridge_1.onShutdown; } });
 var config_1 = require("./config");
 Object.defineProperty(exports, "tbConfig", { enumerable: true, get: function () { return config_1.config; } });
+var middleware_1 = require("./middleware");
+Object.defineProperty(exports, "createMiddleware", { enumerable: true, get: function () { return middleware_1.createMiddleware; } });
 var mcp_1 = require("./mcp");
 Object.defineProperty(exports, "mountMCP", { enumerable: true, get: function () { return mcp_1.mountMCP; } });
 var tools_1 = require("./tools");

package/dist/mcp/index.d.ts

@@ -1,5 +1,3 @@
-import { IncomingHttpHeaders } from 'node:http';
 import { Application } from 'express';
 import { Bridge, BridgeEntries, ToolMode } from '../tools';
-export type MCPGetContext = (headers: IncomingHttpHeaders) => Record<string, unknown> | Promise<Record<string, unknown>>;
-export declare function mountMCP(app: Application, bridge: Bridge, entries: BridgeEntries, path?: string, getContext?: MCPGetContext, toolMode?: ToolMode): void;
+export declare function mountMCP(app: Application, bridge: Bridge, entries: BridgeEntries, path?: string, toolMode?: ToolMode): void;

package/dist/mcp/index.js

@@ -11,7 +11,7 @@ const SWEEP_INTERVAL_MS = 5 * 60 * 1000;
 const MAX_SESSIONS = 1000;
 // The 3 meta-tools, shaped for MCP's { name, description, inputSchema } listing.
 const metaToolsForMCP = () => (0, tools_1.getMetaTools)({ format: 'json-schema' }).map(tool => ({ name: tool.name, description: tool.description, inputSchema: tool.parameters }));
-function createMCPServer(bridge, entries, headersRef, getContext, toolMode = 'on_demand') {
+function createMCPServer(bridge, entries, headersRef, toolMode = 'on_demand') {
     const server = new index_js_1.Server({ name: 'typed-bridge', version: '1.0.0' }, { capabilities: { tools: {} } });
     server.setRequestHandler(types_js_1.ListToolsRequestSchema, async () => {
         // on_demand: hand the model the 3 meta-tools and let it discover the rest
@@ -30,21 +30,23 @@ function createMCPServer(bridge, entries, headersRef, getContext, toolMode = 'on
     server.setRequestHandler(types_js_1.CallToolRequestSchema, async (request) => {
         const { name, arguments: args } = request.params;
         try {
-            // Derive per-request context from forwarded headers
-            const context = getContext ? await getContext(headersRef.current) : undefined;
             // Mode-agnostic dispatch: meta-tool names run discovery, anything else runs the
-            // entry directly. Visibility (`mcp: false`) and the output limit are enforced inside.
-            const result = await (0, tools_1.handleToolCall)(bridge, entries, { name, arguments: args || {} }, { context, surface: 'mcp' });
+            // entry directly. The client's forwarded headers drive the middleware chain, which
+            // builds the handler context. Visibility (`mcp: false`) and the output limit are
+            // enforced inside.
+            const result = await (0, tools_1.handleToolCall)(bridge, entries, { name, arguments: args || {} }, { surface: 'mcp', headers: headersRef.current });
             return { content: [{ type: 'text', text: JSON.stringify(result) ?? '' }] };
         }
         catch (error) {
+            // Surface the error message as JSON so the model knows *why* a call was denied
+            // (e.g. an auth middleware's message) instead of seeing an opaque stop.
             const message = error instanceof Error ? error.message : String(error);
-            return { content: [{ type: 'text', text: message }], isError: true };
+            return { content: [{ type: 'text', text: JSON.stringify({ error: message }) }], isError: true };
         }
     });
     return server;
 }
-function mountMCP(app, bridge, entries, path = '/mcp', getContext, toolMode = 'on_demand') {
+function mountMCP(app, bridge, entries, path = '/mcp', toolMode = 'on_demand') {
     const sessions = new Map();
     // Evict sessions idle for longer than SESSION_TTL_MS
     const sweepInterval = setInterval(() => {
@@ -68,7 +70,7 @@ function mountMCP(app, bridge, entries, path = '/mcp', getContext, toolMode = 'o
         }
         else if (!sessionId && req.method === 'POST') {
             const headersRef = { current: req.headers };
-            const server = createMCPServer(bridge, entries, headersRef, getContext, toolMode);
+            const server = createMCPServer(bridge, entries, headersRef, toolMode);
             transport = new streamableHttp_js_1.StreamableHTTPServerTransport({
                 sessionIdGenerator: () => (0, node_crypto_1.randomUUID)(),
                 onsessioninitialized: (id) => {

package/dist/middleware/index.d.ts

@@ -0,0 +1,15 @@
+import { IncomingHttpHeaders } from 'node:http';
+import { Request, Response } from 'express';
+export type Middleware = {
+    pattern: string;
+    handler: (req: Request, res: Response) => Promise<{
+        next?: boolean;
+        context?: any;
+    } | void>;
+};
+export declare const createMiddleware: (pattern: string, handler: Middleware["handler"]) => number;
+export declare const runMiddlewares: (name: string, req: Request, res: Response) => Promise<{
+    blocked: boolean;
+    context: any;
+}>;
+export declare const runMiddlewaresForTool: (name: string, headers?: IncomingHttpHeaders) => Promise<any>;

package/dist/middleware/index.js

@@ -0,0 +1,62 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.runMiddlewaresForTool = exports.runMiddlewares = exports.createMiddleware = void 0;
+const helpers_1 = require("../helpers");
+const middlewares = [];
+const createMiddleware = (pattern, handler) => middlewares.push({ pattern, handler });
+exports.createMiddleware = createMiddleware;
+// Run every middleware whose pattern matches `name`, ordered broad → specific. Each
+// middleware's returned context is shallow-merged on top of the previous (so a more
+// specific middleware wins on a shared key). Returns the merged context, or signals a
+// block when a middleware returns `{ next: false }`. Surface-agnostic: the HTTP path
+// passes the real Express req/res; tool surfaces pass a synthetic req + throwing res.
+const runMiddlewares = async (name, req, res) => {
+    let context = {};
+    const matching = middlewares
+        .filter(m => (0, helpers_1.matchesPattern)(name, m.pattern))
+        .sort((a, b) => (0, helpers_1.getPatternSpecificity)(a.pattern) - (0, helpers_1.getPatternSpecificity)(b.pattern));
+    for (const middleware of matching) {
+        const result = await middleware.handler(req, res);
+        if (result?.next === false)
+            return { blocked: true, context };
+        if (result?.context)
+            context = { ...context, ...result.context };
+    }
+    return { blocked: false, context };
+};
+exports.runMiddlewares = runMiddlewares;
+// A stand-in for the Express response on tool surfaces (MCP / LLM), which have no real
+// HTTP response. A middleware that blocks with `res.status(code).send(msg)` (or `.json`)
+// throws a plain Error carrying that message — so the surface can report *why* access was
+// denied (the message) back to the model, instead of a meaningless silent stop. The status
+// code is irrelevant off HTTP, so it's ignored.
+const createToolRes = () => {
+    const fail = (body) => {
+        throw new Error(typeof body === 'string' ? body : JSON.stringify(body));
+    };
+    const res = {
+        status: () => res,
+        send: fail,
+        json: fail,
+        setHeader: () => res,
+        set: () => res
+    };
+    return res;
+};
+// Run the middleware chain for a tool call (MCP / LLM). The synthetic request carries the
+// forwarded `headers` and the matched entry name as `path` — so path-based middlewares
+// (e.g. `req.path.split('/').pop()`) work identically to HTTP. There is no request body:
+// MCP can forward nothing else, so middlewares must rely on headers/path alone.
+// Blocking via `res.status().send()` throws (caught by the caller and returned as JSON);
+// a bare `{ next: false }` with no response throws a generic error so access is still denied.
+const runMiddlewaresForTool = async (name, headers) => {
+    // `path` mirrors HTTP's last-segment convention: on HTTP `req.path` is `/bridge/user.fetch`
+    // and handlers do `.split('/').pop()`; here it's the bare entry name, which pops to itself.
+    const req = { headers: headers || {}, path: name };
+    const res = createToolRes();
+    const { blocked, context } = await (0, exports.runMiddlewares)(name, req, res);
+    if (blocked)
+        throw new Error('Access denied');
+    return context;
+};
+exports.runMiddlewaresForTool = runMiddlewaresForTool;

package/dist/tools/index.d.ts

@@ -1,3 +1,4 @@
+import { IncomingHttpHeaders } from 'node:http';
 import { z } from 'zod';
 export type BridgeEntry = {
     handler: (...args: any[]) => Promise<any>;
@@ -36,6 +37,7 @@ export interface GetToolsOptions {
 export interface HandleToolCallOptions {
     context?: unknown;
     surface?: ToolSurface;
+    headers?: IncomingHttpHeaders;
 }
 export interface ToolCall {
     name: string;
@@ -173,8 +175,8 @@ export declare function toolDescribe(entries: BridgeEntries, name: string, surfa
  * query. Returns the serialized JSON (callers may discard it; it's used only to measure).
  */
 export declare function enforceToolOutputLimit(result: unknown): string;
-export declare function toolUse(bridge: Bridge, name: string, args: unknown, context?: unknown): Promise<any>;
-export declare function handleMetaToolCall(bridge: Bridge, entries: BridgeEntries, toolCall: ToolCall, context?: unknown, surface?: ToolSurface): Promise<unknown>;
+export declare function toolUse(bridge: Bridge, name: string, args: unknown, context?: unknown, headers?: IncomingHttpHeaders): Promise<any>;
+export declare function handleMetaToolCall(bridge: Bridge, entries: BridgeEntries, toolCall: ToolCall, context?: unknown, surface?: ToolSurface, headers?: IncomingHttpHeaders): Promise<unknown>;
 export declare const META_TOOL_NAMES: readonly ["tool_search", "tool_describe", "tool_use"];
 export declare function isMetaToolName(name: string): boolean;
 /**

package/dist/tools/index.js

@@ -20,6 +20,7 @@ exports.getTools = getTools;
 exports.handleToolCall = handleToolCall;
 const zod_1 = require("zod");
 const config_1 = require("../config");
+const middleware_1 = require("../middleware");
 exports.LLM_TOOL_FORMATS = ['openai', 'anthropic', 'json-schema'];
 function isLLMToolFormat(value) {
     return exports.LLM_TOOL_FORMATS.includes(value);
@@ -246,18 +247,24 @@ function enforceToolOutputLimit(result) {
     }
     return serialized;
 }
-// The single execution boundary: runs the handler and enforces tbConfig.maxToolOutputChars
-// on its result. Every path that actually executes an entry (tool_use, direct call) goes
-// through here, so output is capped exactly once. Discovery (search/describe) never does.
-async function toolUse(bridge, name, args, context) {
+// The single execution boundary: runs the middleware chain, then the handler, and enforces
+// tbConfig.maxToolOutputChars on its result. Every path that actually executes an entry
+// (tool_use, direct call) goes through here, so middleware runs and output is capped exactly
+// once. Discovery (search/describe) never reaches here, so listing tools needs no auth.
+async function toolUse(bridge, name, args, context, headers) {
     const handler = bridge[name];
     if (!handler)
         throw new Error(`Tool not found: ${name}`);
-    const result = await handler(args, context);
+    // Run the same pattern-matched middleware chain as HTTP. The caller-supplied context is
+    // the base; middleware-derived context is merged on top (more authoritative, header-derived).
+    const middlewareContext = await (0, middleware_1.runMiddlewaresForTool)(name, headers);
+    const base = context && typeof context === 'object' ? context : {};
+    const mergedContext = { ...base, ...middlewareContext };
+    const result = await handler(args, mergedContext);
     enforceToolOutputLimit(result);
     return result;
 }
-async function handleMetaToolCall(bridge, entries, toolCall, context, surface = 'llm') {
+async function handleMetaToolCall(bridge, entries, toolCall, context, surface = 'llm', headers) {
     switch (toolCall.name) {
         case 'tool_search':
             return toolSearch(entries, toolCall.arguments?.query, surface);
@@ -267,7 +274,7 @@ async function handleMetaToolCall(bridge, entries, toolCall, context, surface =
             const args = toolCall.arguments;
             if (!isEntryVisible(entries[args.name], surface))
                 throw new Error(`Tool not found: ${args.name}`);
-            return toolUse(bridge, args.name, args.arguments || {}, context);
+            return toolUse(bridge, args.name, args.arguments || {}, context, headers);
         }
         default:
             throw new Error(`Unknown meta-tool: ${toolCall.name}. Expected "tool_search", "tool_describe", or "tool_use".`);
@@ -303,15 +310,16 @@ function getTools(entries, options) {
 async function handleToolCall(bridge, entries, toolCall, options) {
     const surface = options?.surface || 'llm';
     const context = options?.context;
+    const headers = options?.headers;
     if (isMetaToolName(toolCall.name)) {
-        return handleMetaToolCall(bridge, entries, toolCall, context, surface);
+        return handleMetaToolCall(bridge, entries, toolCall, context, surface, headers);
     }
     // Direct entry call (attach_all mode): respect per-surface visibility.
     if (!isEntryVisible(entries[toolCall.name], surface))
         throw new Error(`Tool not found: ${toolCall.name}`);
-    // `toolUse` enforces tbConfig.maxToolOutputChars on the executed result — the only
-    // place output is unbounded. Discovery results (tool_search / tool_describe) are
-    // deliberately left uncapped so a blanket search can never deadlock the model's
-    // own recovery path.
-    return toolUse(bridge, toolCall.name, toolCall.arguments || {}, context);
+    // `toolUse` runs the middleware chain and enforces tbConfig.maxToolOutputChars on the
+    // executed result — the only place output is unbounded. Discovery results (tool_search /
+    // tool_describe) are deliberately left uncapped, and skip middleware, so a blanket search
+    // can never deadlock the model's own recovery path.
+    return toolUse(bridge, toolCall.name, toolCall.arguments || {}, context, headers);
 }

package/package.json

@@ -1,7 +1,7 @@
 {
     "name": "typed-bridge",
     "description": "Type-safe server functions for TypeScript that also expose your backend as an MCP server and LLM tools for AI agents",
-    "version": "4.0.1",
+    "version": "4.0.4",
     "main": "dist/index.js",
     "types": "dist/index.d.ts",
     "author": "neilveil",

package/readme.md

@@ -171,7 +171,7 @@ typedBridgeConfig.headers['X-Tenant'] = 'acme'
 delete typedBridgeConfig.headers['Authorization']
 ```
 
-These headers are exactly what your `createMiddleware` and `mcpGetContext` read on the server, so the same token drives auth across HTTP and AI surfaces. You can also tap every response with `typedBridgeConfig.onResponse`:
+These headers are exactly what your `createMiddleware` chain reads on the server — and that same chain runs on HTTP, MCP, and LLM tool calls — so one token drives auth across every surface. You can also tap every response with `typedBridgeConfig.onResponse`:
 
 ```ts
 typedBridgeConfig.onResponse = res => {
@@ -204,24 +204,26 @@ Point any MCP client at it:
 }
 ```
 
-Typed Bridge is a **remote (HTTP) MCP server**, so the client just needs the `url` and any auth `headers` — those headers reach your `mcpGetContext`. (The `env` block you may have seen elsewhere is only for **stdio** servers the client launches as a local process; there is no subprocess here, so it does nothing.)
+Typed Bridge is a **remote (HTTP) MCP server**, so the client just needs the `url` and any auth `headers` — those headers flow straight into your middleware chain. (The `env` block you may have seen elsewhere is only for **stdio** servers the client launches as a local process; there is no subprocess here, so it does nothing.)
 
 ### Auth that actually works
 
-MCP requests skip your normal middleware, so you derive context straight from headers:
+Your `createMiddleware` chain runs on MCP tool calls automatically — the client's forwarded headers are fed through the exact same pattern-matched middleware that guards HTTP. No separate config, no duplicated logic:
 
 ```ts
-createBridge(bridge, 8080, '/bridge', {
-    entries,
-    mcp: true,
-    mcpGetContext: async headers => {
-        const user = await verifyToken(headers['authorization'])
-        return { userId: user.id, role: user.role }
+createMiddleware('user.*', async (req, res) => {
+    const user = await verifyToken(req.headers['authorization'])
+    if (!user) {
+        res.status(401).json({ error: 'Unauthorized' })
+        return { next: false }
     }
+    return { context: { userId: user.id, role: user.role } }
 })
+
+createBridge(bridge, 8080, '/bridge', { entries, mcp: true })
 ```
 
-The returned context lands in every handler as the second argument, exactly like middleware context. Same security model for humans and agents.
+The resolved context lands in every handler as the second argument, identically for a browser request and an agent's tool call — one security model for humans and AI. When a middleware blocks a tool call, the model receives the **message as JSON** (e.g. `{ "error": "Unauthorized" }`) so it knows *why* it was denied. On tool surfaces a middleware sees the request **headers** and the matched entry name as **`req.path`** (so path-based key derivation like `req.path.split('/').pop()` works everywhere) — but no request **body**, since MCP can forward nothing else.
 
 ### Control how many tools the client sees
 
@@ -283,12 +285,15 @@ import { getTools, handleToolCall } from 'typed-bridge'
 // Build the tool list (openai | anthropic | json-schema). Omit toolMode to use the default, on_demand.
 const tools = getTools(entries, { toolMode: 'on_demand', format: 'openai' })
 
-// Execute whatever the model called — same call for both modes
-const result = await handleToolCall(bridge, entries, toolCall, { context })
+// Execute whatever the model called — same call for both modes.
+// Forward the incoming request headers so your middleware chain (auth, context) runs here too.
+const result = await handleToolCall(bridge, entries, toolCall, { headers: req.headers })
 ```
 
 Because you pass `toolMode` explicitly, a single process can run one assistant with `attach_all` and another with `on_demand`. `handleToolCall` needs no mode at all — it dispatches on the tool name (a meta-tool name runs the discovery flow, anything else runs that entry directly), so your loop is written once and never changes when you switch modes.
 
+Your `createMiddleware` chain runs on these tool calls just like it does on HTTP and MCP. Unlike MCP — where the server already holds the client's headers — an LLM loop is your own code, so you pass the request `headers` into `handleToolCall` to drive the chain. The middleware-derived context is merged on top of any `context` you also pass. If a needed header is missing, the matching middleware denies the call (the model receives a JSON `{ error }`), exactly as it would over HTTP.
+
 ### `on_demand` — three tools, discovered as needed (default)
 
 Most APIs have more endpoints than a model should see at once, so this is the default. Do not flood the context window — give the model three tools instead of two hundred:
@@ -367,7 +372,7 @@ GraphQL is unmatched when clients need to shape their own queries across a compl
 
 ## Middleware when you need it
 
-Pattern based middleware runs before handlers and can inject context:
+Pattern based middleware runs before handlers and can inject context. The **same chain runs on all three surfaces** — HTTP requests, MCP tool calls, and LLM tool calls — matched by entry name (e.g. `user.fetch` matches `user.*`). Over HTTP a middleware blocks by writing to `res`; on tool calls that same `res.status(code).send(msg)` is reported back to the model as JSON (`{ error }`) — the message reaches the model, the status code (irrelevant off HTTP) is dropped. On tool surfaces a middleware sees `req.headers` and `req.path` (the matched entry name) but **no `req.body`** and no real `res` for side effects (cookies, custom headers are no-ops), so write auth/context logic against `req.headers` / `req.path`:
 
 ```ts
 import { createMiddleware } from 'typed-bridge'