c21943e40b
Total 1465 LOC + 616 test LOC, 78/78 tests pass. - @keisei/mcp-server (25 tests) — Rust-CLI bridge via execa, stdio+HTTP, HMAC auth, kei() meta-tool - @keisei/telegram-adapter (16 tests) — grammy Bot, 7 tools - @keisei/recall-adapter (8 tests) — Zoom via Recall.ai, 5 tools - @keisei/grok-adapter (6 tests) — xAI OpenAI-compatible, 2 tools - @keisei/gmail-adapter (11 tests) — googleapis OAuth2, 6 tools (new — LBM gap) - @keisei/youtube-adapter (12 tests) — YouTube Data API v3, 5 tools (new — LBM gap) RULE 0.2 exception #4 (TS for MCP/API layer documented in _ts_packages/README.md). RULE 0.8 — env vars only (TELEGRAM_BOT_TOKEN, XAI_API_KEY, GMAIL_*, YOUTUBE_API_KEY). Strict TypeScript: strict + exactOptionalPropertyTypes + noUncheckedIndexedAccess. Genesis-scan clean (0 hits).
91 lines
2.8 KiB
TypeScript
91 lines
2.8 KiB
TypeScript
// MCP server assembly: wire registry + adapters + auth into a JSON-RPC dispatcher.
|
|
// Transport-agnostic; index.ts chooses stdio or HTTP.
|
|
|
|
import crypto from "node:crypto";
|
|
import { z } from "zod";
|
|
import { buildRegistry, lookupTool, type ToolDefinition } from "./tool-registry.js";
|
|
import { RustBridge } from "./rust-bridge.js";
|
|
import { loadAllAdapters } from "./adapters.js";
|
|
import { AuthError, SchemaError, toErrorPayload } from "./errors.js";
|
|
|
|
export interface ServerConfig {
|
|
rustBinDir: string;
|
|
authToken?: string;
|
|
timeoutMs?: number;
|
|
}
|
|
|
|
export interface JsonRpcCall {
|
|
tool: string;
|
|
args?: Record<string, unknown>;
|
|
authHeader?: string | undefined;
|
|
}
|
|
|
|
export interface JsonRpcResponse {
|
|
ok: boolean;
|
|
result?: string;
|
|
error?: { code: number; message: string; data?: unknown };
|
|
}
|
|
|
|
export class McpServer {
|
|
private readonly registry: Map<string, ToolDefinition>;
|
|
private readonly authToken: string | undefined;
|
|
|
|
constructor(cfg: ServerConfig) {
|
|
const bridge = new RustBridge({
|
|
binDir: cfg.rustBinDir,
|
|
...(cfg.timeoutMs !== undefined ? { defaultTimeoutMs: cfg.timeoutMs } : {}),
|
|
});
|
|
this.registry = buildRegistry(bridge);
|
|
this.authToken = cfg.authToken;
|
|
}
|
|
|
|
async loadAdapters(logger?: (msg: string) => void): Promise<{ loaded: string[]; skipped: string[] }> {
|
|
return loadAllAdapters((tool) => this.registry.set(tool.name, tool), logger);
|
|
}
|
|
|
|
listTools(): Array<{ name: string; description: string }> {
|
|
return Array.from(this.registry.values()).map((t) => ({
|
|
name: t.name,
|
|
description: t.description,
|
|
}));
|
|
}
|
|
|
|
async handle(call: JsonRpcCall): Promise<JsonRpcResponse> {
|
|
try {
|
|
this.checkAuth(call.authHeader);
|
|
const tool = lookupTool(this.registry, call.tool);
|
|
const args = this.validateArgs(tool, call.args ?? {});
|
|
const out = await tool.handler(args);
|
|
return { ok: true, result: out };
|
|
} catch (err) {
|
|
return { ok: false, error: toErrorPayload(err) };
|
|
}
|
|
}
|
|
|
|
private checkAuth(header: string | undefined): void {
|
|
if (!this.authToken) return; // auth disabled (stdio mode)
|
|
if (!header) throw new AuthError("missing auth token");
|
|
if (!safeEqual(header, this.authToken)) throw new AuthError("invalid auth token");
|
|
}
|
|
|
|
private validateArgs(
|
|
tool: ToolDefinition,
|
|
raw: Record<string, unknown>,
|
|
): Record<string, unknown> {
|
|
const parsed = tool.inputSchema.safeParse(raw);
|
|
if (!parsed.success) {
|
|
throw new SchemaError(parsed.error.message, { tool: tool.name });
|
|
}
|
|
return parsed.data as Record<string, unknown>;
|
|
}
|
|
}
|
|
|
|
function safeEqual(a: string, b: string): boolean {
|
|
const ba = Buffer.from(a);
|
|
const bb = Buffer.from(b);
|
|
if (ba.length !== bb.length) return false;
|
|
return crypto.timingSafeEqual(ba, bb);
|
|
}
|
|
|
|
// Exported for tests
|
|
export const __testing__ = { safeEqual, schema: z };
|