Merge commit from fork

🔒️ Add default authorization mechanism for local HTTP servers

Author: julien040

cmd/llm.go

@@ -10,7 +10,10 @@ var gptCmd = &cobra.Command{
 	Aliases: []string{"chat", "chatgpt"},
 	Short:   "Open an HTTP server so that ChatGPT can do function calls",
 	Long: `Open an HTTP server so that ChatGPT can do function calls. By default, it will expose a tunnel to the internet.
-By setting the --host or --port flags, you can disable the tunnel and bind to a specific host and port. In this case, you will need to configure your LLM to connect to this host and port.`,
+
+By setting the --host or --port flags, you can disable the tunnel and bind to a specific host and port. In this case, you will need to configure your LLM to connect to this host and port.
+It will also enable the authorization token mechanism. By default, the token is randomly generated and can be found when starting the server. You can also provide a token using the ANYQUERY_AI_SERVER_BEARER_TOKEN environment variable.
+This token must be supplied in the Authorization header of the request (prefixed with "Bearer "). You can also disable the authorization mechanism by setting the --no-auth flag.`,
 
 	RunE: controller.Gpt,
 }
@@ -19,8 +22,10 @@ var mcpCmd = &cobra.Command{
 	Use:   "mcp",
 	Short: "Start the Model Context Protocol (MCP) server",
 	Long: `Start the Model Context Protocol (MCP) server. It is used to provide context for LLM that supports it. 
-Pass the --stdio flag to use standard input/output for communication. By default, it will bind locally to localhost:8070 (modify it with the --host, --port and --domain flags).`,
-	//You can also expose the tunnel to the internet by using the --tunnel flag (useful when the LLM is on a remote server).`,
+Pass the --stdio flag to use standard input/output for communication. 
+
+By default, it will bind locally to localhost:8070 (modify it with the --host, --port and --domain flags). Authentication is enabled by default for server-side events (SSE) connections. The token can be found when starting the server, or you can provide one using the ANYQUERY_AI_SERVER_BEARER_TOKEN environment variable.,
+You can disable the authorization mechanism by setting the --no-auth flag.`,
 	RunE: controller.Mcp,
 }
 
@@ -38,12 +43,14 @@ func init() {
 	gptCmd.Flags().String("log-format", "text", "Log format (text, json)")
 	gptCmd.Flags().String("host", "", "Host to bind to. If not empty, the tunnel will be disabled")
 	gptCmd.Flags().Int("port", 0, "Port to bind to. If not empty, the tunnel will be disabled")
+	gptCmd.Flags().Bool("no-auth", false, "Disable the authorization mechanism for locally bound servers")
 
 	// MCP command
 	rootCmd.AddCommand(mcpCmd)
 	addFlag_commandModifiesConfiguration(mcpCmd)
 	mcpCmd.Flags().String("host", "127.0.0.1", "Host to bind to")
 	mcpCmd.Flags().String("domain", "", "Domain to use for the HTTP tunnel (empty to use the host)")
+	mcpCmd.Flags().Bool("no-auth", false, "Disable the authorization mechanism for locally bound HTTP servers")
 	mcpCmd.Flags().Int("port", 8070, "Port to bind to")
 	mcpCmd.Flags().Bool("stdio", false, "Use standard input/output for communication")
 	mcpCmd.Flags().Bool("tunnel", false, "Use an HTTP tunnel, and expose the server to the internet (when used, --host, --domain and --port are ignored)")

controller/llm.go

@@ -2,11 +2,12 @@ package controller
 
 import (
 	"context"
+	"crypto/rand"
 	"database/sql"
+	"encoding/base64"
 	"encoding/json"
 	"fmt"
 	"io"
-	"net"
 	"net/http"
 	"os"
 	"os/signal"
@@ -201,6 +202,29 @@ func executeQueryLLM(
 	return nil
 }
 
+// Securely generates a random bearer token
+func generateBearerToken() string {
+	// Generate a random token
+	token := make([]byte, 32)
+	rand.Read(token)
+
+	// Encode the token as a base64 string
+	encodedToken := base64.StdEncoding.EncodeToString(token)
+
+	return encodedToken
+}
+
+// Returns true if the request has a valid authorization header
+func checkHTTPAuthorization(r *http.Request, bearerToken string) bool {
+	authHeader := r.Header.Get("Authorization")
+	if authHeader == "" {
+		return false
+	}
+
+	authHeader = strings.TrimPrefix(authHeader, "Bearer ")
+	return authHeader == bearerToken
+}
+
 func Gpt(cmd *cobra.Command, args []string) error {
 	// Open the configuration database
 	cdb, queries, err := requestDatabase(cmd.Flags(), false)
@@ -314,6 +338,21 @@ func Gpt(cmd *cobra.Command, args []string) error {
 		}
 	}
 
+	// This token will be used to authenticate the client
+	// It must be supplied in the Authorization header of the request (prefixed with "Bearer ")
+	//
+	// The user can provide one using the environment variable ANYQUERY_AI_SERVER_BEARER_TOKEN
+	bearerToken := generateBearerToken()
+
+	envBearerToken := os.Getenv("ANYQUERY_AI_SERVER_BEARER_TOKEN")
+	if envBearerToken != "" {
+		bearerToken = envBearerToken
+	}
+
+	// Defaults to false
+	// A flag to disable the authorization mechanism for locally bound servers
+	noAuthHTTPFlag, _ := cmd.Flags().GetBool("no-auth")
+
 	// Create an HTTP server if tunnel is disabled
 	mux := http.NewServeMux()
 	mux.HandleFunc("/list-tables", func(w http.ResponseWriter, r *http.Request) {
@@ -322,6 +361,12 @@ func Gpt(cmd *cobra.Command, args []string) error {
 			return
 		}
 
+		// Check the authorization header
+		if !noAuthHTTPFlag && !checkHTTPAuthorization(r, bearerToken) {
+			http.Error(w, "You must provide a valid authorization token prefixed with 'Bearer '", http.StatusUnauthorized)
+			return
+		}
+
 		err := listTablesLLM(namespaceInstance, db, w)
 		if err != nil {
 			http.Error(w, err.Error(), http.StatusInternalServerError)
@@ -338,6 +383,12 @@ func Gpt(cmd *cobra.Command, args []string) error {
 			return
 		}
 
+		// Check the authorization header
+		if !noAuthHTTPFlag && !checkHTTPAuthorization(r, bearerToken) {
+			http.Error(w, "You must provide a valid authorization token prefixed with 'Bearer '", http.StatusUnauthorized)
+			return
+		}
+
 		body := describeTableBody{}
 		if err := json.NewDecoder(r.Body).Decode(&body); err != nil {
 			http.Error(w, fmt.Sprintf("Failed to decode the JSON body: %v", err), http.StatusBadRequest)
@@ -360,6 +411,12 @@ func Gpt(cmd *cobra.Command, args []string) error {
 			return
 		}
 
+		// Check the authorization header
+		if !noAuthHTTPFlag && !checkHTTPAuthorization(r, bearerToken) {
+			http.Error(w, "You must provide a valid authorization token prefixed with 'Bearer '", http.StatusUnauthorized)
+			return
+		}
+
 		body := executeQueryBody{}
 		if err := json.NewDecoder(r.Body).Decode(&body); err != nil {
 			http.Error(w, fmt.Sprintf("Failed to decode the JSON body: %v", err), http.StatusBadRequest)
@@ -376,16 +433,25 @@ func Gpt(cmd *cobra.Command, args []string) error {
 		w.Header().Set("Cache-Control", "private, max-age=600")
 	})
 
+	fmt.Printf("Local server listening on %s:%d\n", host, portUser)
+	if !noAuthHTTPFlag {
+		fmt.Println("To authenticate, provide the authorization token in the Authorization header of the request (prefixed with 'Bearer ')")
+		if envBearerToken != "" {
+			fmt.Printf("Authorization token is supplied in the environment variable ANYQUERY_AI_SERVER_BEARER_TOKEN\n")
+		} else {
+			fmt.Printf("Authorization token: %s\n", bearerToken)
+		}
+	}
+	fmt.Println("Methods:")
+	fmt.Println("	GET /list-tables - List all the tables available")
+	fmt.Println("	POST /describe-table - Describe a table. Pass the table name in the body as a JSON object with the key 'table_name'")
+	fmt.Println("	POST /execute-query - Execute a query. Pass the query in the body as a JSON object with the key 'query'. Returns a markdown table for SELECT queries, and the number of rows affected for other queries")
+
 	// Start the HTTP server
 	err = http.ListenAndServe(fmt.Sprintf("%s:%d", host, portUser), mux)
 	if err != nil {
 		return fmt.Errorf("failed to start the HTTP server: %w", err)
 	}
-	fmt.Printf("Local server listening on %s:%d\n", host, portUser)
-	fmt.Printf("Methods:")
-	fmt.Println("GET /list-tables - List all the tables available")
-	fmt.Println("POST /describe-table - Describe a table. Pass the table name in the body as a JSON object with the key 'table_name'")
-	fmt.Println("POST /execute-query - Execute a query. Pass the query in the body as a JSON object with the key 'query'. Returns a markdown table for SELECT queries, and the number of rows affected for other queries")
 
 	return nil
 }
@@ -456,18 +522,6 @@ func writeTableDescription(w io.Writer, desc namespace.TableMetadata) {
 	}
 }
 
-// Finds an open port so that the server can listen on it
-func findOpenPort() (int, error) {
-	// Start at 6969
-	for i := 6969; i < 65535; i++ {
-		_, err := net.Dial("tcp", fmt.Sprintf("127.0.0.1:%d", i))
-		if err != nil {
-			return i, nil
-		}
-	}
-	return 0, fmt.Errorf("all ports are taken")
-}
-
 // Get the tunnel from the database
 // or request a new one if it doesn't exist, or if the existing one is expired
 //
@@ -599,12 +653,38 @@ func Mcp(cmd *cobra.Command, args []string) error {
 		db.Close()
 	}()
 
+	useStdio, _ := cmd.Flags().GetBool("stdio")
+	tunnelEnabled, _ := cmd.Flags().GetBool("tunnel")
+
+	authEnabled := false
+	noAuthHTTPFlag, _ := cmd.Flags().GetBool("no-auth")
+	// If the server is in HTTP mode, we need to enable the auth mechanism unless the user explicitly disables it
+	if !noAuthHTTPFlag && !tunnelEnabled && !useStdio {
+		authEnabled = true
+	}
+
+	bearerToken := generateBearerToken()
+	if envBearerToken := os.Getenv("ANYQUERY_AI_SERVER_BEARER_TOKEN"); envBearerToken != "" {
+		bearerToken = envBearerToken
+	}
+
 	s := server.NewMCPServer("Anyquery", "0.1.0")
 
 	// Create the MCP server
 	tool := mcp.NewTool("listTables", mcp.WithDescription("Lists all the tables available. When the user requests data, or wants an action (insert/update/delete), call this endpoint to check if a table corresponds to the user's request."))
 
 	s.AddTool(tool, func(ctx context.Context, request mcp.CallToolRequest) (*mcp.CallToolResult, error) {
+		if authEnabled {
+			suppliedToken := request.Header.Get("Authorization")
+			if suppliedToken == "" {
+				return mcp.NewToolResultError("Missing authorization token"), nil
+			}
+			suppliedToken = strings.TrimPrefix(suppliedToken, "Bearer ")
+			if suppliedToken != bearerToken {
+				return mcp.NewToolResultError("Invalid authorization token"), nil
+			}
+		}
+
 		response := strings.Builder{}
 		err := listTablesLLM(namespaceInstance, db, &response)
 		if err != nil {
@@ -620,6 +700,17 @@ func Mcp(cmd *cobra.Command, args []string) error {
 		mcp.WithString("tableName", mcp.Required(), mcp.Description("The name of the table to describe")))
 
 	s.AddTool(tool, func(ctx context.Context, request mcp.CallToolRequest) (*mcp.CallToolResult, error) {
+		if authEnabled {
+			suppliedToken := request.Header.Get("Authorization")
+			if suppliedToken == "" {
+				return mcp.NewToolResultError("Missing authorization token"), nil
+			}
+
+			suppliedToken = strings.TrimPrefix(suppliedToken, "Bearer ")
+			if suppliedToken != bearerToken {
+				return mcp.NewToolResultError("Invalid authorization token"), nil
+			}
+		}
 		args := request.GetArguments()
 		param, ok := args["tableName"]
 		if !ok {
@@ -699,6 +790,17 @@ By default, Anyquery does not have any integrations. The user must visit https:/
 `),
 		mcp.WithString("query", mcp.Required(), mcp.Description("The SQL query to execute")))
 	s.AddTool(tool, func(ctx context.Context, request mcp.CallToolRequest) (*mcp.CallToolResult, error) {
+		if authEnabled {
+			suppliedToken := request.Header.Get("Authorization")
+			if suppliedToken == "" {
+				return mcp.NewToolResultError("Missing authorization token"), nil
+			}
+
+			suppliedToken = strings.TrimPrefix(suppliedToken, "Bearer ")
+			if suppliedToken != bearerToken {
+				return mcp.NewToolResultError("Invalid authorization token"), nil
+			}
+		}
 		// Get the table name from the request
 		args := request.GetArguments()
 		param, ok := args["query"]
@@ -722,8 +824,6 @@ By default, Anyquery does not have any integrations. The user must visit https:/
 	})
 
 	// Start the server
-	useStdio, _ := cmd.Flags().GetBool("stdio")
-	tunnelEnabled, _ := cmd.Flags().GetBool("tunnel")
 
 	if useStdio {
 		return server.ServeStdio(s)
@@ -817,6 +917,14 @@ By default, Anyquery does not have any integrations. The user must visit https:/
 			baseURL = "http://" + bindAddr
 		}
 
+		if authEnabled {
+			fmt.Printf("Authentication enabled. Pass the token in the Authorization header of the request (prefixed with 'Bearer ')\n")
+			if os.Getenv("ANYQUERY_AI_SERVER_BEARER_TOKEN") != "" {
+				fmt.Printf("Authorization token is supplied in the environment variable ANYQUERY_AI_SERVER_BEARER_TOKEN\n")
+			} else {
+				fmt.Printf("Authorization token: %s\n", bearerToken)
+			}
+		}
 		fmt.Printf("Model context protocol server listening on %s/sse\n", baseURL)
 
 		sse := server.NewSSEServer(s, server.WithBaseURL(baseURL))

go.mod

@@ -40,7 +40,7 @@ require (
 	github.com/jackc/pgx/v5 v5.7.5
 	github.com/jmoiron/sqlx v1.4.0
 	github.com/julien040/go-ternary v1.0.1
-	github.com/mark3labs/mcp-go v0.31.0
+	github.com/mark3labs/mcp-go v0.41.0
 	github.com/mattn/go-sqlite3 v1.14.28
 	github.com/olekukonko/tablewriter v0.0.5
 	github.com/parquet-go/parquet-go v0.25.1
@@ -102,9 +102,11 @@ require (
 	github.com/atotto/clipboard v0.1.4 // indirect
 	github.com/aws/aws-sdk-go v1.55.7 // indirect
 	github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect
+	github.com/bahlo/generic-list-go v0.2.0 // indirect
 	github.com/bcicen/bfstree v1.0.0 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect
+	github.com/buger/jsonparser v1.1.1 // indirect
 	github.com/catppuccin/go v0.3.0 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/charmbracelet/bubbles v0.21.0 // indirect
@@ -163,6 +165,7 @@ require (
 	github.com/hashicorp/yamux v0.1.2 // indirect
 	github.com/huandu/xstrings v1.5.0 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
+	github.com/invopop/jsonschema v0.13.0 // indirect
 	github.com/jackc/pgpassfile v1.0.0 // indirect
 	github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 // indirect
 	github.com/jackc/puddle/v2 v2.2.2 // indirect
@@ -174,6 +177,7 @@ require (
 	github.com/klauspost/reedsolomon v1.12.0 // indirect
 	github.com/lucasb-eyer/go-colorful v1.2.0 // indirect
 	github.com/lufia/plan9stats v0.0.0-20250317134145-8bc96cf8fc35 // indirect
+	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/mattn/go-colorable v0.1.14 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/mattn/go-localereader v0.0.1 // indirect
@@ -241,6 +245,7 @@ require (
 	github.com/uber/jaeger-client-go v2.30.0+incompatible // indirect
 	github.com/uber/jaeger-lib v2.4.1+incompatible // indirect
 	github.com/ulikunitz/xz v0.5.12 // indirect
+	github.com/wk8/go-ordered-map/v2 v2.1.8 // indirect
 	github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect
 	github.com/xtaci/kcp-go/v5 v5.6.13 // indirect
 	github.com/yosida95/uritemplate/v3 v3.0.2 // indirect

go.sum

@@ -728,6 +728,8 @@ github.com/aymanbagabas/go-osc52/v2 v2.0.1 h1:HwpRHbFMcZLEVr42D4p7XBqjyuxQH5SMiE
 github.com/aymanbagabas/go-osc52/v2 v2.0.1/go.mod h1:uYgXzlJ7ZpABp8OJ+exZzJJhRNQ2ASbcXHWsFqH8hp8=
 github.com/aymanbagabas/go-udiff v0.2.0 h1:TK0fH4MteXUDspT88n8CKzvK0X9O2xu9yQjWpi6yML8=
 github.com/aymanbagabas/go-udiff v0.2.0/go.mod h1:RE4Ex0qsGkTAJoQdQQCA0uG+nAzJO/pI/QwceO5fgrA=
+github.com/bahlo/generic-list-go v0.2.0 h1:5sz/EEAK+ls5wF+NeqDpk5+iNdMDXrh3z3nPnH1Wvgk=
+github.com/bahlo/generic-list-go v0.2.0/go.mod h1:2KvAjgMlE5NNynlg/5iLrrCCZ2+5xWbdbCW3pNTGyYg=
 github.com/bcicen/bfstree v1.0.0 h1:Fx9vcyXYspj2GIJqAvd1lwCNI+cQF/r2JJqxHHmsAO0=
 github.com/bcicen/bfstree v1.0.0/go.mod h1:u//juIip96SNFkG4iMn9z0KzqLSeFSpBKoBo5ceq1uE=
 github.com/bcicen/go-units v1.0.5 h1:gfeKGDc8JgKCFyqxNKPgHc735KH3VW8bnuL5X2y2up4=
@@ -743,6 +745,8 @@ github.com/briandowns/spinner v1.23.2 h1:Zc6ecUnI+YzLmJniCfDNaMbW0Wid1d5+qcTq4L2
 github.com/briandowns/spinner v1.23.2/go.mod h1:LaZeM4wm2Ywy6vO571mvhQNRcWfRUnXOs0RcKV0wYKM=
 github.com/bufbuild/protocompile v0.10.0 h1:+jW/wnLMLxaCEG8AX9lD0bQ5v9h1RUiMKOBOT5ll9dM=
 github.com/bufbuild/protocompile v0.10.0/go.mod h1:G9qQIQo0xZ6Uyj6CMNz0saGmx2so+KONo8/KrELABiY=
+github.com/buger/jsonparser v1.1.1 h1:2PnMjfWD7wBILjqQbt530v576A/cAbQvEW9gGIpYMUs=
+github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0=
 github.com/catppuccin/go v0.3.0 h1:d+0/YicIq+hSTo5oPuRi5kOpqkVA5tAsU6dNhvRu+aY=
 github.com/catppuccin/go v0.3.0/go.mod h1:8IHJuMGaUUjQM82qBrGNBv7LFq6JI3NnQCF6MOlZjpc=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
@@ -1105,6 +1109,8 @@ github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:
 github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
 github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
+github.com/invopop/jsonschema v0.13.0 h1:KvpoAJWEjR3uD9Kbm2HWJmqsEaHt8lBUpd0qHcIi21E=
+github.com/invopop/jsonschema v0.13.0/go.mod h1:ffZ5Km5SWWRAIN6wbDXItl95euhFz2uON45H2qjYt+0=
 github.com/jackc/pgpassfile v1.0.0 h1:/6Hmqy13Ss2zCq62VdNG8tM1wchn8zjSGOBJ6icpsIM=
 github.com/jackc/pgpassfile v1.0.0/go.mod h1:CEx0iS5ambNFdcRtxPj5JhEz+xB6uRky5eyVu/W2HEg=
 github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 h1:iCEnooe7UlwOQYpKFhBabPMi4aNAfoODPEFNiAnClxo=
@@ -1121,6 +1127,7 @@ github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGw
 github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
 github.com/jmoiron/sqlx v1.4.0 h1:1PLqN7S1UYp5t4SrVVnt4nUVNemrDAtxlulVe+Qgm3o=
 github.com/jmoiron/sqlx v1.4.0/go.mod h1:ZrZ7UsYB/weZdl2Bxg6jCRO9c3YHl8r3ahlKmRT4JLY=
+github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
 github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
 github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
@@ -1167,8 +1174,10 @@ github.com/lufia/plan9stats v0.0.0-20250317134145-8bc96cf8fc35/go.mod h1:autxFIv
 github.com/lyft/protoc-gen-star v0.6.0/go.mod h1:TGAoBVkt8w7MPG72TrKIu85MIdXwDuzJYeZuUPFPNwA=
 github.com/lyft/protoc-gen-star v0.6.1/go.mod h1:TGAoBVkt8w7MPG72TrKIu85MIdXwDuzJYeZuUPFPNwA=
 github.com/lyft/protoc-gen-star/v2 v2.0.1/go.mod h1:RcCdONR2ScXaYnQC5tUzxzlpA3WVYF7/opLeUgcQs/o=
-github.com/mark3labs/mcp-go v0.31.0 h1:4UxSV8aM770OPmTvaVe/b1rA2oZAjBMhGBfUgOGut+4=
-github.com/mark3labs/mcp-go v0.31.0/go.mod h1:rXqOudj/djTORU/ThxYx8fqEVj/5pvTuuebQ2RC7uk4=
+github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
+github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
+github.com/mark3labs/mcp-go v0.41.0 h1:IFfJaovCet65F3av00bE1HzSnmHpMRWM1kz96R98I70=
+github.com/mark3labs/mcp-go v0.41.0/go.mod h1:T7tUa2jO6MavG+3P25Oy/jR7iCeJPHImCZHRymCn39g=
 github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
 github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
 github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4=
@@ -1406,6 +1415,8 @@ github.com/vmihailenco/msgpack/v4 v4.3.13 h1:A2wsiTbvp63ilDaWmsk2wjx6xZdxQOvpiNl
 github.com/vmihailenco/msgpack/v4 v4.3.13/go.mod h1:gborTTJjAo/GWTqqRjrLCn9pgNN+NXzzngzBKDPIqw4=
 github.com/vmihailenco/tagparser v0.1.2 h1:gnjoVuB/kljJ5wICEEOpx98oXMWPLj22G67Vbd1qPqc=
 github.com/vmihailenco/tagparser v0.1.2/go.mod h1:OeAg3pn3UbLjkWt+rN9oFYB6u/cQgqMEUPoW2WPyhdI=
+github.com/wk8/go-ordered-map/v2 v2.1.8 h1:5h/BUHu93oj4gIdvHHHGsScSTMijfx5PeYkE/fJgbpc=
+github.com/wk8/go-ordered-map/v2 v2.1.8/go.mod h1:5nJHM5DyteebpVlHnWMV0rPz6Zp7+xBAnxjb1X5vnTw=
 github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI=
 github.com/xdg-go/scram v1.1.1/go.mod h1:RaEWvsqvNKKvBPvcKeFjrG2cJqOkHTiyTpzz23ni57g=
 github.com/xdg-go/stringprep v1.0.3/go.mod h1:W3f5j4i+9rC0kuIEJL0ky1VpHXQU3ocBgklLGvcBnW8=