/**
 * Main MCP server implementation
 *
 * Why: Coordinates OpenAPI parser, profile loader, tool generator, and request execution.
 * Single entry point for tool registration and invocation.
 */
import { type FilteringRules } from '../core/filtering.js';
import type { Logger } from '../core/logger.js';
import type { HttpProfileContext } from '../types/http-transport.js';
import type { HttpTransport } from '../transport/http-transport.js';
export declare class MCPServer {
    private server;
    private parser;
    private profile?;
    private toolGenerator;
    private httpClientFactory;
    private compositeExecutor?;
    private schemaValidator;
    private logger;
    private httpTransport;
    private stdioFiltering?;
    private globalFiltering?;
    private toolFilterService?;
    private globalToolFilterSummary?;
    /**
     * Execute a tools/call request via the JSON-RPC handler.
     * Intended for internal use and tests to avoid accessing private methods.
     */
    callToolRpc(name: string, args: Record<string, unknown>, sessionId?: string, requestId?: string | number): Promise<unknown>;
    /**
     * Filter response payload to include only specified fields.
     *
     * Supports YouTrack-style field selectors like:
     * - "author(id,login)"
     * - "comments(id,text,author(id,login))"
     *
     * Recurses into nested objects and arrays when subfields are specified.
     */
    private filterFields;
    private parseFieldSelection;
    private mergeFieldSelector;
    private parseFieldSelector;
    private parseQuotedBase;
    private mergeSelectionTrees;
    private splitTopLevel;
    private applyFieldSelection;
    /**
     * Format error message for client with correlation ID
     *
     * Why: Categorize errors as "safe" (4xx client errors) vs "unsafe" (5xx server errors)
     * Safe errors show API message to help user fix the issue
     * Unsafe errors show generic message to avoid leaking sensitive info
     */
    private formatErrorForClient;
    constructor(logger?: Logger);
    setGlobalFiltering(filtering?: FilteringRules): void;
    initialize(specPath: string, profilePath?: string): Promise<void>;
    /**
     * Create logger with auth configuration for token redaction
     *
     * Why: Prevents sensitive tokens from appearing in logs
     */
    private createLoggerWithAuth;
    /**
     * Check tool name lengths and warn if needed
     */
    private checkToolNameLengths;
    /**
     * Get base URL from profile config or OpenAPI spec
     */
    private getBaseUrl;
    /**
     * Get auth configurations as array (supports single or multiple auth methods)
     * Returns array sorted by priority (lower = higher priority)
     */
    private getAuthConfigs;
    /**
     * Get primary (highest priority) auth configuration
     */
    private getPrimaryAuthConfig;
    /**
     * Get highest priority auth configuration that reads token from environment
     */
    private getEnvBackedAuthConfig;
    /**
     * Get OAuth configuration from auth configs (if any)
     */
    private getOAuthConfig;
    private buildOAuthConfigWithAllowedRedirectHosts;
    private getProfileIdValue;
    private getOAuthRateLimitConfig;
    getHttpProfileContext(): HttpProfileContext;
    /**
     * Extract hostnames from origin patterns for OAuth redirect validation
     * e.g., "http://localhost:*,https://app.example.com" -> ["localhost", "app.example.com"]
     *
     * Filters out CIDR blocks (e.g., "127.0.0.1/8") which are valid for origin validation
     * but not for OAuth redirect URI validation
     */
    private extractHostsFromOrigins;
    /**
     * Get or create HTTP client for session
     */
    private getHttpClientForSession;
    /**
     * Get auth token from HTTP transport session
     * Ensures token is valid (refreshes if expired) before returning
     */
    private getAuthTokenFromSession;
    /**
     * Cleanup HTTP client for destroyed session
     *
     * Why: Prevent memory leak - sessions expire but cached clients stay forever
     */
    private cleanupSessionClient;
    /**
     * Setup MCP request handlers
     */
    private setupHandlers;
    /**
     * Execute simple (non-composite) tool
     *
     * Why separate: Simple tools map directly to single OpenAPI operation.
     * No result aggregation needed.
     */
    private executeSimpleTool;
    /**
     * Execute proxy download operation
     *
     * Why: Some APIs return authenticated URLs that LLMs cannot fetch directly.
     * This proxies the download through the MCP server.
     */
    private executeProxyDownload;
    /**
     * Encode path segment if it contains special characters (like slashes)
     *
     * Why: GitLab and other APIs require path parameters (like project paths)
     * to be URL-encoded when used in URL path.
     */
    private encodePathSegment;
    /**
     * Resolve path parameters using profile aliases
     *
     * Why aliases: Different tools may use different parameter names for same path param.
     * Example: GitLab uses "resource_id", "project_id", "group_id" all mapping to "{id}"
     */
    private resolvePath;
    /**
     * Extract query parameters from args
     *
     * Why: Separate query params from body params. Array handling is done by HttpClient
     * based on profile's array_format setting.
     */
    private extractQueryParams;
    /**
     * Extract request body from args
     *
     * Why: For create/update operations, collect non-metadata fields into body.
     * Metadata (action, resource_type, etc.) are not sent to API.
     * Path/query parameters are excluded from body UNLESS they're also in request body schema.
     *
     * Uses metadata_params from tool definition, defaults to ['action', 'resource_type']
     */
    private extractBody;
    /**
     * Start server with stdio transport
     */
    runStdio(): Promise<void>;
    /**
     * Start server with HTTP transport
     *
     * Implements MCP Specification 2025-03-26 Streamable HTTP transport
     *
     * Why: Enables remote MCP server access with SSE streaming, session management,
     * and resumability for reliable communication over HTTP.
     */
    runHttp(host: string, port: number): Promise<void>;
    attachHttpTransport(transport: HttpTransport): void;
    handleSessionDestroyed(profileId: string, sessionId: string): void;
    /**
     * Handle JSON-RPC message from HTTP transport
     *
     * Why: Unified message handling for both stdio and HTTP transports
     */
    private handleJsonRpcMessage;
    handleHttpMessage(message: unknown, sessionId?: string, profileId?: string): Promise<unknown>;
    private handleInitialize;
    private handleToolCall;
    private getMetricsCollector;
    private resolveMetricsContext;
    private getMetricsErrorType;
    private getFilteringForSession;
    private getToolFilterForSession;
    private getFilteringOperationInfo;
    private handleOtherRequest;
    private listPrompts;
    private renderPromptByName;
    private applyGlobalToolFiltering;
    private applySessionToolFiltering;
    private buildToolFilterResolver;
    private validateCompositeToolsAgainstFilteredOperations;
    private getToolFilterWarnThresholdPct;
    private recordGlobalToolFilterMetrics;
    private recordSessionToolFilterMetrics;
    private recordToolFilterRejection;
    /**
     * Stop the MCP server gracefully
     *
     * Why: Cleanup resources, close connections, allow graceful shutdown
     */
    stop(): Promise<void>;
}
//# sourceMappingURL=mcp-server.d.ts.map