npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

apcore-mcp

v0.14.0

Published

Automatic MCP Server & OpenAI Tools Bridge for apcore

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

tercelyitercelyi

Keywords

apcoremcpmodel-context-protocolopenaitoolsfunction-callingai-agentmcp-servertool-bridgeagent-toolsschemajson-schemavalidationroutertransportcli

Readme

apcore-mcp

Automatic MCP Server & OpenAI Tools Bridge for apcore.

Converts apcore module registries into Model Context Protocol (MCP) tool definitions and OpenAI-compatible function calling formats — zero boilerplate required.

Features

  • MCP Server — Expose apcore modules as MCP tools over stdio, Streamable HTTP, or SSE
  • OpenAI Tools — Convert modules to OpenAI function calling format with strict mode support
  • Schema Conversion — Inline $defs/$ref from Pydantic-generated JSON Schema
  • Annotation Mapping — Map module annotations to MCP hints and OpenAI description suffixes
  • Approval Mechanism — Built-in elicitation-based approval flow for sensitive tool executions
  • Error Mapping — Sanitize internal errors for safe client-facing responses
  • Dynamic Registration — Listen for registry changes and update tools at runtime
  • Tool Explorer — Browser-based UI for browsing schemas and testing tools interactively
  • CLI — Launch an MCP server from the command line
  • Config Bus integration — Registers an mcp namespace with the apcore Config Bus; configure via unified apcore.yaml or APCORE_MCP_* env vars
  • Error Formatter Registry — Registers an MCP-specific error formatter for ecosystem-wide consistent error handling

Documentation

For full documentation, including Quick Start guides for both Python and TypeScript, visit: https://aiperceivable.github.io/apcore-mcp/

Requirements

  • Node.js >= 18.0.0
  • apcore-js >= 0.19.0

Installation

npm install apcore-mcp

apcore-js is included as a direct dependency — no separate install needed.

Quick Start

Programmatic API

import { serve, toOpenaiTools } from "apcore-mcp";

// Launch MCP server over stdio
await serve(executor);

// Launch over Streamable HTTP
await serve(executor, {
  transport: "streamable-http",
  host: "127.0.0.1",
  port: 8000,
});

// Export OpenAI tool definitions
const tools = toOpenaiTools(registry, {
  embedAnnotations: true,
  strict: true,
});

CLI

# stdio (default)
npx apcore-mcp --extensions-dir ./extensions

# Streamable HTTP
npx apcore-mcp --extensions-dir ./extensions --transport streamable-http --port 8000

# SSE
npx apcore-mcp --extensions-dir ./extensions --transport sse --port 8000

CLI Arguments

| Argument | Default | Description | |---|---|---| | --extensions-dir | (required) | Path to apcore extensions directory | | --transport | stdio | stdio, streamable-http, or sse | | --host | 127.0.0.1 | Host for HTTP transports | | --port | 8000 | Port for HTTP transports (1-65535) | | --name | apcore-mcp | MCP server name | | --version | package version | MCP server version | | --log-level | INFO | DEBUG, INFO, WARNING, ERROR | | --explorer | off | Enable the browser-based Tool Explorer UI (HTTP only) | | --explorer-prefix | /explorer | URL prefix for the explorer UI | | --allow-execute | off | Allow tool execution from the explorer UI | | --jwt-secret | — | JWT secret key for Bearer token authentication | | --jwt-key-file | — | Path to PEM key file for JWT verification (RS256/ES256) | | --jwt-algorithm | HS256 | JWT algorithm | | --jwt-audience | — | Expected JWT audience claim | | --jwt-issuer | — | Expected JWT issuer claim | | --jwt-require-auth | true | Require auth (use --jwt-permissive to override and allow unauthenticated requests) | | --jwt-permissive | false | Permissive mode: allow unauthenticated requests (overrides --jwt-require-auth) | | --exempt-paths | /health,/metrics,/usage | Comma-separated paths exempt from auth |

JWT key resolution priority: --jwt-key-file > --jwt-secret > APCORE_JWT_SECRET environment variable.

MCP Client Configuration

Claude Desktop

Add to ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or %APPDATA%\Claude\claude_desktop_config.json (Windows):

{
  "mcpServers": {
    "apcore": {
      "command": "npx",
      "args": ["apcore-mcp", "--extensions-dir", "/path/to/your/extensions"]
    }
  }
}

Claude Code

Add to .mcp.json in your project root:

{
  "mcpServers": {
    "apcore": {
      "command": "npx",
      "args": ["apcore-mcp", "--extensions-dir", "./extensions"]
    }
  }
}

Cursor

Add to .cursor/mcp.json in your project root:

{
  "mcpServers": {
    "apcore": {
      "command": "npx",
      "args": ["apcore-mcp", "--extensions-dir", "./extensions"]
    }
  }
}

Remote HTTP access

npx apcore-mcp --extensions-dir ./extensions \
    --transport streamable-http \
    --host 0.0.0.0 \
    --port 9000

Connect any MCP client to http://your-host:9000/mcp.

API Reference

Programmatic API – APCoreMCP class

The APCoreMCP class is the recommended OOP entry point. It bundles a unified configuration object, lazy backend resolution (path / Registry / Executor), and exposes serve / asyncServe / toOpenaiTools as instance methods so you configure once and use everywhere.

import { APCoreMCP } from "apcore-mcp";

// 1. Point at an extensions directory (lazy discovery on first use)
const mcp = new APCoreMCP("./extensions", {
  name: "my-server",
  tags: ["public"],
  observability: true,
});

// 2. Launch as MCP server (blocks until shutdown)
await mcp.serve({ transport: "streamable-http", port: 8000, explorer: true });

// 3. Or export OpenAI tool definitions
const tools = mcp.toOpenaiTools({ strict: true });

// 4. Or embed into an existing HTTP server
const app = await mcp.asyncServe({ explorer: true });
// app.handler is a Node.js request handler; call app.close() on shutdown

// 5. Or pass an existing Registry / Executor
import { Registry } from "apcore-js";
const registry = new Registry({ extensionsDir: "./extensions" });
await registry.discover();
const mcp2 = new APCoreMCP(registry, { name: "my-server", tags: ["public"] });

Constructor

new APCoreMCP(
  extensionsDirOrBackend: string | Registry | Executor,
  options?: APCoreMCPOptions,
);

The first argument is either a path to an apcore extensions directory (discovery is deferred to first use) or an existing Registry / Executor instance.

APCoreMCPOptions fields

  • name — MCP server name. Default: "apcore-mcp"
  • version — MCP server version. Default: package version
  • tags — Filter modules by tag list
  • prefix — Filter modules by ID prefix
  • logLevel — Minimum log level (DEBUG | INFO | WARNING | ERROR | CRITICAL)
  • validateInputs — Validate inputs against schemas. Default: false
  • metricsCollectorMetricsExporter or true to auto-instantiate
  • observability — Enable the full metrics + usage observability stack
  • asyncboolean | { enabled?, maxConcurrent?, maxTasks? } for the Async Task Bridge (F-043)
  • authenticator — Optional Authenticator (HTTP transports only)
  • requireAuth — If true (default), reject unauthenticated requests with 401
  • exemptPaths — Paths exempt from authentication
  • approvalHandler — Optional approval handler passed to the Executor
  • outputFormatter — Custom function to format tool execution results
  • middleware — Array of apcore Middleware installed via executor.use()
  • acl — Optional apcore ACL instance installed via executor.setAcl()

Properties

  • .registry — The underlying apcore Registry (resolved on first access)
  • .executor — The underlying apcore Executor (populated after serve() / asyncServe())
  • .tools — List of discovered module IDs that will be exposed as tools (honours tags / prefix)

Methods

  • .serve(options?) — Launch an MCP server. Accepts APCoreMCPServeOptions: transport, host, port, onStartup, onShutdown, explorer, explorerPrefix, allowExecute, explorerTitle, explorerProjectName, explorerProjectUrl. Constructor-level options (auth, observability, middleware, acl, async, etc.) are applied automatically.
  • .asyncServe(options?) — Build an embeddable Node.js HTTP request handler. Accepts APCoreMCPAsyncServeOptions: explorer, explorerPrefix, allowExecute, explorerTitle, explorerProjectName, explorerProjectUrl, endpoint. Returns { handler, close }.
  • .toOpenaiTools(options?) — Export modules as OpenAI-compatible tool definitions. Accepts ToOpenaiToolsOptions: embedAnnotations, strict. tags / prefix are inherited from the constructor.

serve(registryOrExecutor, options?)

Launch an MCP Server that exposes all apcore modules as tools.

function serve(
  registryOrExecutor: Registry | Executor,
  options?: {
    // Transport
    transport?: "stdio" | "streamable-http" | "sse";
    host?: string;
    port?: number;
    // Identity
    name?: string;
    version?: string;
    // Lifecycle
    onStartup?: () => void | Promise<void>;
    onShutdown?: () => void | Promise<void>;
    // Module filtering / discovery
    tags?: string[] | null;
    prefix?: string | null;
    dynamic?: boolean;
    validateInputs?: boolean;
    logLevel?: "DEBUG" | "INFO" | "WARNING" | "ERROR" | "CRITICAL";
    // Async Task Bridge (F-043)
    async?: boolean | { enabled?: boolean; maxConcurrent?: number; maxTasks?: number };
    // Executor wiring
    middleware?: unknown[];
    acl?: unknown;
    approvalHandler?: unknown;
    strategy?: string;
    // Observability (F-044)
    metricsCollector?: MetricsExporter | boolean;
    observability?: ObservabilityFlag;
    trace?: boolean;
    // Output handling
    outputFormatter?: (result: Record<string, unknown>) => string;
    redactOutput?: boolean;
    // Auth (HTTP transports only)
    authenticator?: Authenticator;
    requireAuth?: boolean;
    exemptPaths?: string[];
    // Tool Explorer UI
    explorer?: boolean;
    explorerPrefix?: string;
    allowExecute?: boolean;
    explorerTitle?: string;
    explorerProjectName?: string;
    explorerProjectUrl?: string;
    // Adapter overrides (advanced — Extension Bridge)
    schemaConverter?: SchemaConverter;
    annotationMapper?: AnnotationMapper;
    errorMapper?: ErrorMapper;
  }
): Promise<void>;

Options reference:

Transport

  • transport"stdio" (default), "streamable-http", or "sse"
  • host — Host address for HTTP-based transports. Default: "127.0.0.1"
  • port — Port for HTTP-based transports. Default: 8000

Identity

  • name — MCP server name. Default: "apcore-mcp"
  • version — MCP server version. Default: package version

Lifecycle

  • onStartup — Async callback invoked before the server starts
  • onShutdown — Async callback invoked after the server stops (or on error)

Module filtering / discovery

  • tags — Filter modules by tag list. Default: null (no filtering)
  • prefix — Filter modules by ID prefix. Default: null (no filtering)
  • dynamic — Enable dynamic tool registration via RegistryListener. Default: false
  • validateInputs — Validate inputs against schemas before dispatch. Default: false
  • logLevel — Minimum log level. Suppresses console methods below this level

Async Task Bridge (F-043)

  • async — Enable the AsyncTaskBridge and __apcore_task_* meta-tools. Pass false to disable, or { maxConcurrent, maxTasks } for fine-grained tuning. Default: true

Executor wiring

  • middleware — Array of apcore Middleware instances installed via executor.use(). Appended to any middleware declared under Config Bus key mcp.middleware
  • acl — Optional apcore ACL instance installed via executor.setAcl(). Caller-supplied ACL takes precedence over mcp.acl Config Bus entry
  • approvalHandler — Optional approval handler passed to the Executor (e.g. ElicitationApprovalHandler)
  • strategy — Execution strategy name passed to the Executor (e.g. "standard", "internal")

Observability (F-044)

  • metricsCollectorMetricsExporter instance, or true to auto-instantiate apcore-js's MetricsCollector and install MetricsMiddleware
  • observability — Enable the full observability stack (metrics + usage middleware) and expose /metrics + /usage endpoints
  • trace — When true, enables pipeline trace via callWithTrace(). Adds _meta.trace to non-streaming tool responses. Default: false

Output handling

  • outputFormatter — Custom function to format tool execution results. When undefined, results are serialized with JSON.stringify(result)
  • redactOutput — When true (default), redact sensitive fields from tool output via apcore's redactSensitive() before formatting

Auth (HTTP transports only)

  • authenticatorAuthenticator instance for request authentication
  • requireAuth — If true (default), unauthenticated requests are rejected with 401. Set to false for permissive mode
  • exemptPaths — Paths exempt from authentication. Default: ["/health", "/metrics"]

Tool Explorer UI

  • explorer — Enable the browser-based Tool Explorer UI (HTTP only). Default: false
  • explorerPrefix — URL prefix for the explorer. Default: "/explorer"
  • allowExecute — Allow tool execution from the explorer UI. Default: false
  • explorerTitle — Custom title for the Tool Explorer UI page
  • explorerProjectName — Project name shown in the explorer UI footer
  • explorerProjectUrl — Project URL shown in the explorer UI footer

Adapter overrides (advanced — Extension Bridge, F-042)

  • schemaConverter — Override the default SchemaConverter (custom JSON Schema strictness/dialect)
  • annotationMapper — Override the default AnnotationMapper (custom annotation wire format)
  • errorMapper — Override the default ErrorMapper consumed by ExecutionRouter

asyncServe(registryOrExecutor, options?)

Embed the MCP server into a larger Node.js HTTP application. Returns an HTTP request handler and a close function for lifecycle management.

import { asyncServe } from "apcore-mcp";

const { handler, close } = await asyncServe(executor, {
  name: "apcore-mcp",
  explorer: true,
  allowExecute: true,
});

// Mount in a custom HTTP server
const server = http.createServer(handler);
server.listen(8000);

// Clean up when done
await close();

Accepts the same options as serve() except transport, host, port, onStartup, and onShutdown.

Tool Explorer

When explorer: true is passed to serve(), a browser-based Tool Explorer UI is mounted on HTTP transports. It provides an interactive page for browsing tool schemas and testing tool execution.

await serve(registry, {
  transport: "streamable-http",
  explorer: true,
  allowExecute: true,
});
// Open http://127.0.0.1:8000/explorer/ in a browser

Endpoints:

| Endpoint | Description | |----------|-------------| | GET /explorer/ | Interactive HTML page (self-contained, no external dependencies) | | GET /explorer/tools | JSON array of all tools with name, description, annotations | | GET /explorer/tools/<name> | Full tool detail with inputSchema | | POST /explorer/tools/<name>/call | Execute a tool (requires allowExecute: true) |

  • HTTP transports only (streamable-http, sse). Silently ignored for stdio.
  • Execution disabled by default — set allowExecute: true to enable Try-it.
  • Custom prefix — use explorerPrefix: "/browse" to mount at a different path.
  • Authorization UI — Swagger-UI-style Authorization input field. Paste a Bearer token to authenticate tool execution requests. Generated cURL commands automatically include the Authorization header.

JWT Authentication

apcore-mcp supports JWT Bearer token authentication for HTTP-based transports.

Programmatic Usage

import { serve, JWTAuthenticator } from "apcore-mcp";

const authenticator = new JWTAuthenticator({
  key: "your-secret-key",
  algorithms: ["HS256"],
  audience: "my-app",
  issuer: "auth-service",
  // Map custom claims to Identity fields
  claimMapping: {
    id: "sub",
    type: "type",
    roles: "roles",
    attrs: ["email", "org"],  // Extra claims → Identity.attrs
  },
  // Claims that must be present in the token (default: ["sub"])
  requireClaims: ["sub", "email"],
  // Set to false for permissive mode (allow unauthenticated requests)
  requireAuth: true,
});

await serve(executor, {
  transport: "streamable-http",
  authenticator,
  // Custom exempt paths (default: ["/health", "/metrics"])
  exemptPaths: ["/health", "/metrics", "/status"],
});

CLI Flags

| Flag | Default | Description | |------|---------|-------------| | --jwt-secret | — | JWT secret key for Bearer token authentication | | --jwt-key-file | — | Path to PEM key file for JWT verification | | --jwt-algorithm | HS256 | JWT algorithm | | --jwt-audience | — | Expected audience claim | | --jwt-issuer | — | Expected issuer claim | | --jwt-require-auth | true | Require auth. Use --jwt-permissive to allow unauthenticated requests | | --jwt-permissive | false | Overrides --jwt-require-auth and allows unauthenticated requests | | --exempt-paths | /health,/metrics,/usage | Comma-separated paths exempt from auth |

JWT key resolution priority: --jwt-key-file > --jwt-secret > APCORE_JWT_SECRET environment variable.

curl Examples

# Authenticated request
curl -X POST http://localhost:8000/mcp \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer <your-jwt-token>" \
  -d '{"jsonrpc":"2.0","method":"tools/list","id":1}'

# Health check (always exempt)
curl http://localhost:8000/health

toOpenaiTools(registryOrExecutor, options?)

Export apcore modules as OpenAI-compatible tool definitions.

function toOpenaiTools(
  registryOrExecutor: Registry | Executor,
  options?: {
    embedAnnotations?: boolean;
    strict?: boolean;
    tags?: string[];
    prefix?: string;
  }
): OpenAIToolDef[];

Options:

  • embedAnnotations — Append annotation metadata to tool descriptions (default: false)
  • strict — Enable OpenAI strict mode: adds additionalProperties: false, makes all properties required, wraps optional properties with nullable (default: false)
  • tags — Filter modules by tags
  • prefix — Filter modules by ID prefix

reportProgress(context, progress, total?, message?)

Report execution progress to the MCP client. No-ops silently when called outside an MCP context (no callback injected).

import { reportProgress } from "apcore-mcp";

// Inside a module's execute() method:
await reportProgress(context, 5, 10, "Processing item 5 of 10");

Parameters:

  • context — Object with a data dict (apcore Context or BridgeContext)
  • progress — Current progress value
  • total — Optional total for percentage calculation
  • message — Optional human-readable progress message

elicit(context, message, requestedSchema?)

Ask the MCP client for user input via the elicitation protocol. Returns null when called outside an MCP context.

import { elicit } from "apcore-mcp";
import type { ElicitResult } from "apcore-mcp";

// Inside a module's execute() method:
const result: ElicitResult | null = await elicit(
  context,
  "Are you sure you want to proceed?",
  {
    type: "object",
    properties: {
      confirmed: { type: "boolean", description: "Confirm action" },
    },
    required: ["confirmed"],
  },
);

if (result?.action === "accept") {
  // User confirmed
}

Parameters:

  • context — Object with a data dict (apcore Context or BridgeContext)
  • message — Message to display to the user
  • requestedSchema — Optional JSON Schema describing the expected input

Returns: ElicitResult with action ("accept", "decline", or "cancel") and optional content, or null if not in an MCP context.

Config Bus Integration

apcore-mcp registers an mcp namespace with the apcore Config Bus when serve() or asyncServe() is called. MCP settings can live alongside other apcore configuration in a single apcore.yaml:

apcore:
  version: "1.0.0"
mcp:
  transport: streamable-http
  host: 0.0.0.0
  port: 9000
  explorer: true
  require_auth: false

Environment variable overrides use the APCORE_MCP_ prefix:

APCORE_MCP_TRANSPORT=streamable-http
APCORE_MCP_PORT=9000
APCORE_MCP_EXPLORER=true

Defaults: transport=stdio, host=127.0.0.1, port=8000, explorer=false, require_auth=true.

The namespace, prefix, and defaults are also available as importable constants:

import { MCP_NAMESPACE, MCP_ENV_PREFIX, MCP_DEFAULTS, registerMcpNamespace } from "apcore-mcp";

Development

# Install dependencies
npm install

# Type check
npm run typecheck

# Run tests
npm test

# Run tests with coverage
npm run test:coverage

# Build
npm run build

# Watch mode
npm run dev

License

Apache-2.0