@agentailor/create-mcp-server 0.1.0 → 0.2.1

package/LICENSE

@@ -0,0 +1,201 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

package/README.md

@@ -1,19 +1,57 @@
 # @agentailor/create-mcp-server
 
-Create a new MCP (Model Context Protocol) server project.
+Scaffold production-ready MCP servers in seconds.
 
-## Usage
+## Quick Start
 
 ```bash
 npx @agentailor/create-mcp-server
 ```
 
-This will prompt you for a project name and create a new directory with a README.md file.
+## Features
+
+- **Two templates** — stateless or stateful with session management
+- **Optional OAuth** — OIDC-compliant authentication ([setup guide](docs/oauth-setup.md))
+- **Package manager choice** — npm, pnpm, or yarn
+- **TypeScript + Express.js** — ready to customize
+- **MCP Inspector** — built-in debugging with `npm run inspect`
+
+## Templates
+
+| Feature | Stateless (default) | Stateful |
+|---------|---------------------|----------|
+| Session management | — | ✓ |
+| SSE support | — | ✓ |
+| OAuth option | — | ✓ |
+| Endpoints | POST /mcp | POST, GET, DELETE /mcp |
+
+**Stateless**: Simple HTTP server — each request creates a new transport instance.
+
+**Stateful**: Session-based server with transport reuse, Server-Sent Events for real-time updates, and optional OAuth authentication.
+
+## Generated Project
+
+```
+my-mcp-server/
+├── src/
+│   ├── server.ts     # MCP server (tools, prompts, resources)
+│   ├── index.ts      # Express app and transport setup
+│   └── auth.ts       # OAuth middleware (if enabled)
+├── package.json
+├── tsconfig.json
+├── .gitignore
+├── .env.example
+└── README.md
+```
+
+**Scripts:**
+- `npm run dev` — build and start the server
+- `npm run inspect` — open MCP Inspector (update URL in `package.json` if needed)
 
 ## What is MCP?
 
 The [Model Context Protocol](https://modelcontextprotocol.io/) (MCP) is an open protocol that enables AI assistants to interact with external tools, data sources, and services.
 
-## License
+## Built by Agentailor
 
-MIT
+Built by [Agentailor](https://agentailor.com/?utm_source=github&utm_medium=readme&utm_campaign=create-mcp-server) — your launchpad for production-ready MCP servers and scalable AI agents. We provide the tools, templates, and expertise to ship AI-powered applications faster.

package/dist/index.js

@@ -2,12 +2,13 @@
 import prompts from 'prompts';
 import { mkdir, writeFile } from 'node:fs/promises';
 import { join } from 'node:path';
+import { execSync } from 'node:child_process';
 import { getPackageJsonTemplate } from './templates/common/package.json.js';
 import { getTsconfigTemplate } from './templates/common/tsconfig.json.js';
 import { getGitignoreTemplate } from './templates/common/gitignore.js';
 import { getEnvExampleTemplate } from './templates/common/env.example.js';
 import { getServerTemplate as getStatelessServerTemplate, getIndexTemplate as getStatelessIndexTemplate, getReadmeTemplate as getStatelessReadmeTemplate, } from './templates/streamable-http/index.js';
-import { getServerTemplate as getStatefulServerTemplate, getIndexTemplate as getStatefulIndexTemplate, getReadmeTemplate as getStatefulReadmeTemplate, } from './templates/stateful-streamable-http/index.js';
+import { getServerTemplate as getStatefulServerTemplate, getIndexTemplate as getStatefulIndexTemplate, getReadmeTemplate as getStatefulReadmeTemplate, getAuthTemplate as getStatefulAuthTemplate, } from './templates/stateful-streamable-http/index.js';
 const templateFunctions = {
     stateless: {
         getServerTemplate: getStatelessServerTemplate,
@@ -18,6 +19,7 @@ const templateFunctions = {
         getServerTemplate: getStatefulServerTemplate,
         getIndexTemplate: getStatefulIndexTemplate,
         getReadmeTemplate: getStatefulReadmeTemplate,
+        getAuthTemplate: getStatefulAuthTemplate,
     },
 };
 const packageManagerCommands = {
@@ -77,22 +79,57 @@ async function main() {
         initial: 0,
     }, { onCancel });
     const templateType = templateTypeResponse.templateType || 'stateless';
+    // OAuth prompt - only for stateful template
+    let withOAuth = false;
+    if (templateType === 'stateful') {
+        const oauthResponse = await prompts({
+            type: 'confirm',
+            name: 'withOAuth',
+            message: 'Enable OAuth authentication?',
+            initial: false,
+        }, { onCancel });
+        withOAuth = oauthResponse.withOAuth ?? false;
+    }
+    // Git init prompt
+    const gitInitResponse = await prompts({
+        type: 'confirm',
+        name: 'withGitInit',
+        message: 'Initialize git repository?',
+        initial: true,
+    }, { onCancel });
+    const withGitInit = gitInitResponse.withGitInit ?? false;
+    const templateOptions = { withOAuth, packageManager };
     const templates = templateFunctions[templateType];
     const projectPath = join(process.cwd(), projectName);
     const srcPath = join(projectPath, 'src');
     try {
         // Create directories
         await mkdir(srcPath, { recursive: true });
-        // Write all template files
-        await Promise.all([
+        // Build list of files to write
+        const filesToWrite = [
             writeFile(join(srcPath, 'server.ts'), templates.getServerTemplate(projectName)),
-            writeFile(join(srcPath, 'index.ts'), templates.getIndexTemplate()),
-            writeFile(join(projectPath, 'package.json'), getPackageJsonTemplate(projectName)),
+            writeFile(join(srcPath, 'index.ts'), templates.getIndexTemplate(templateOptions)),
+            writeFile(join(projectPath, 'package.json'), getPackageJsonTemplate(projectName, templateOptions)),
             writeFile(join(projectPath, 'tsconfig.json'), getTsconfigTemplate()),
             writeFile(join(projectPath, '.gitignore'), getGitignoreTemplate()),
-            writeFile(join(projectPath, '.env.example'), getEnvExampleTemplate()),
-            writeFile(join(projectPath, 'README.md'), templates.getReadmeTemplate(projectName)),
-        ]);
+            writeFile(join(projectPath, '.env.example'), getEnvExampleTemplate(templateOptions)),
+            writeFile(join(projectPath, 'README.md'), templates.getReadmeTemplate(projectName, templateOptions)),
+        ];
+        // Conditionally add auth.ts for OAuth-enabled stateful template
+        if (withOAuth && templates.getAuthTemplate) {
+            filesToWrite.push(writeFile(join(srcPath, 'auth.ts'), templates.getAuthTemplate()));
+        }
+        // Write all template files
+        await Promise.all(filesToWrite);
+        // Initialize git repository if requested
+        if (withGitInit) {
+            try {
+                execSync('git init', { cwd: projectPath, stdio: 'ignore' });
+            }
+            catch {
+                console.log('\n⚠️  Could not initialize git repository (is git installed?)');
+            }
+        }
         const commands = packageManagerCommands[packageManager];
         console.log(`\n✅ Created ${projectName} at ${projectPath}`);
         console.log(`\nNext steps:`);

package/dist/templates/common/env.example.d.ts

@@ -1 +1,5 @@
-export declare function getEnvExampleTemplate(): string;
+export interface TemplateOptions {
+    withOAuth?: boolean;
+    packageManager?: 'npm' | 'pnpm' | 'yarn';
+}
+export declare function getEnvExampleTemplate(options?: TemplateOptions): string;

package/dist/templates/common/env.example.js

@@ -1,4 +1,19 @@
-export function getEnvExampleTemplate() {
+export function getEnvExampleTemplate(options) {
+    const withOAuth = options?.withOAuth ?? false;
+    const oauthVars = withOAuth
+        ? `
+# OAuth Configuration
+# Issuer URL - your OAuth provider's base URL
+# Examples:
+#   Auth0: https://your-tenant.auth0.com
+#   Keycloak: http://localhost:8080/realms/your-realm
+OAUTH_ISSUER_URL=https://your-oauth-provider.com
+
+# Audience - the API identifier (optional, but recommended)
+# This should match the "aud" claim in your JWT tokens
+OAUTH_AUDIENCE=https://your-mcp-server.com
+`
+        : '';
     return `PORT=3000
-`;
+${oauthVars}`;
 }

package/dist/templates/common/package.json.d.ts

@@ -1 +1,5 @@
-export declare function getPackageJsonTemplate(projectName: string): string;
+export interface TemplateOptions {
+    withOAuth?: boolean;
+    packageManager?: 'npm' | 'pnpm' | 'yarn';
+}
+export declare function getPackageJsonTemplate(projectName: string, options?: TemplateOptions): string;

package/dist/templates/common/package.json.js

@@ -1,4 +1,14 @@
-export function getPackageJsonTemplate(projectName) {
+export function getPackageJsonTemplate(projectName, options) {
+    const withOAuth = options?.withOAuth ?? false;
+    const dependencies = {
+        '@modelcontextprotocol/sdk': '^1.25.1',
+        express: '^5.2.1',
+        zod: '^4.3.5',
+    };
+    if (withOAuth) {
+        dependencies['dotenv'] = '^17.2.3';
+        dependencies['jose'] = '^6.1.3';
+    }
     const packageJson = {
         name: projectName,
         version: '0.1.0',
@@ -8,16 +18,14 @@ export function getPackageJsonTemplate(projectName) {
             build: 'tsc',
             dev: 'tsc && node dist/index.js',
             start: 'node dist/index.js',
+            inspect: 'mcp-inspector http://localhost:3000/mcp',
         },
-        dependencies: {
-            '@modelcontextprotocol/sdk': '^1.12.1',
-            express: '^5.1.0',
-            zod: '^3.25.30',
-        },
+        dependencies,
         devDependencies: {
-            '@types/express': '^5.0.0',
-            '@types/node': '^22.15.21',
-            typescript: '^5.8.3',
+            '@types/express': '^5.0.6',
+            '@types/node': '^25.0.3',
+            typescript: '^5.9.3',
+            '@modelcontextprotocol/inspector': '^0.18.0',
         },
         engines: {
             node: '>=20',

package/dist/templates/stateful-streamable-http/auth.d.ts

@@ -0,0 +1 @@
+export declare function getAuthTemplate(): string;

package/dist/templates/stateful-streamable-http/auth.js

@@ -0,0 +1,199 @@
+export function getAuthTemplate() {
+    return `import 'dotenv/config';
+import { createRemoteJWKSet, jwtVerify, type JWTPayload, type JWTVerifyGetKey } from 'jose';
+import {
+  mcpAuthMetadataRouter,
+  getOAuthProtectedResourceMetadataUrl,
+} from '@modelcontextprotocol/sdk/server/auth/router.js';
+import { requireBearerAuth } from '@modelcontextprotocol/sdk/server/auth/middleware/bearerAuth.js';
+import type { OAuthMetadata } from '@modelcontextprotocol/sdk/shared/auth.js';
+import type { Express, RequestHandler } from 'express';
+
+// OAuth configuration from environment variables
+const CONFIG = {
+  host: process.env.HOST || 'localhost',
+  port: Number(process.env.PORT) || 3000,
+  oauth: {
+    issuerUrl: process.env.OAUTH_ISSUER_URL || 'http://localhost:8080',
+    audience: process.env.OAUTH_AUDIENCE || '',
+  },
+};
+
+// Ensure issuer URL doesn't have trailing slash for consistency
+const normalizedIssuerUrl = CONFIG.oauth.issuerUrl.replace(/\\/$/, '');
+
+const mcpServerUrl = new URL(\`http://\${CONFIG.host}:\${CONFIG.port}\`);
+
+// OAuth metadata and JWKS fetched from OIDC discovery endpoint at startup
+let oauthMetadata: OAuthMetadata | null = null;
+let JWKS: JWTVerifyGetKey | null = null;
+
+// Extended JWT payload type with common OAuth claims
+interface OAuthJWTPayload extends JWTPayload {
+  scope?: string;
+  azp?: string;
+  client_id?: string;
+}
+
+// OIDC Discovery document structure (partial)
+interface OIDCDiscoveryDocument {
+  issuer: string;
+  authorization_endpoint: string;
+  token_endpoint: string;
+  jwks_uri: string;
+  response_types_supported?: string[];
+}
+
+// Token verifier using JWKS/JWT validation
+const tokenVerifier = {
+  verifyAccessToken: async (token: string) => {
+    if (!JWKS) {
+      throw new Error('JWKS not initialized. Call validateOAuthConfig() first.');
+    }
+
+    try {
+      // Check if the token looks like a JWT (three base64url-encoded parts separated by dots)
+      const parts = token.split('.');
+      if (parts.length !== 3) {
+        throw new Error(
+          'Token is not a valid JWT format (expected 3 parts separated by dots). '
+        );
+      }
+
+      const verifyOptions: { issuer: string; audience?: string } = {
+        issuer: normalizedIssuerUrl,
+      };
+
+      // Only validate audience if configured
+      if (CONFIG.oauth.audience) {
+        verifyOptions.audience = CONFIG.oauth.audience;
+      }
+
+      const { payload } = await jwtVerify(token, JWKS, verifyOptions);
+      const jwtPayload = payload as OAuthJWTPayload;
+
+      return {
+        token,
+        // Use azp (authorized party), client_id, or sub as the client identifier
+        clientId: jwtPayload.azp || jwtPayload.client_id || jwtPayload.sub || 'unknown',
+        scopes: jwtPayload.scope ? jwtPayload.scope.split(' ') : [],
+        expiresAt: jwtPayload.exp,
+      };
+    } catch (error) {
+      if (error instanceof Error) {
+        console.error('[auth] JWT verification failed:', error.message);
+      }
+      throw error;
+    }
+  },
+};
+
+// Setup OAuth metadata router on the Express app
+// Must be called AFTER validateOAuthConfig() to ensure oauthMetadata is populated
+export function setupAuthMetadataRouter(app: Express): void {
+  if (!oauthMetadata) {
+    throw new Error('OAuth metadata not initialized. Call validateOAuthConfig() first.');
+  }
+  app.use(
+    mcpAuthMetadataRouter({
+      oauthMetadata,
+      resourceServerUrl: mcpServerUrl,
+      scopesSupported: ['mcp:tools'],
+      resourceName: 'MCP Server',
+    })
+  );
+}
+
+// Export auth middleware for protecting routes
+export const authMiddleware: RequestHandler = requireBearerAuth({
+  verifier: tokenVerifier,
+  requiredScopes: [],
+  resourceMetadataUrl: getOAuthProtectedResourceMetadataUrl(mcpServerUrl),
+});
+
+// Export for logging on startup
+export function getOAuthMetadataUrl(): string {
+  return getOAuthProtectedResourceMetadataUrl(mcpServerUrl).toString();
+}
+
+// Validate OAuth configuration and fetch OIDC discovery document at startup
+export async function validateOAuthConfig(): Promise<void> {
+  console.log(\`[auth] Validating OAuth configuration for issuer: \${normalizedIssuerUrl}\`);
+
+  const wellKnownUrl = \`\${normalizedIssuerUrl}/.well-known/openid-configuration\`;
+
+  // Fetch the OIDC discovery document to get the correct endpoints
+  let discovery: OIDCDiscoveryDocument;
+  try {
+    const response = await fetch(wellKnownUrl, {
+      method: 'GET',
+      signal: AbortSignal.timeout(5000),
+    });
+
+    if (!response.ok) {
+      throw new Error(\`HTTP \${response.status}: \${response.statusText}\`);
+    }
+
+    discovery = (await response.json()) as OIDCDiscoveryDocument;
+    console.log('[auth] Successfully fetched OIDC discovery document');
+
+    // Build OAuth metadata from the discovery document
+    oauthMetadata = {
+      issuer: discovery.issuer,
+      authorization_endpoint: discovery.authorization_endpoint,
+      token_endpoint: discovery.token_endpoint,
+      response_types_supported: discovery.response_types_supported || ['code'],
+    };
+
+    console.log(\`[auth] Authorization endpoint: \${discovery.authorization_endpoint}\`);
+    console.log(\`[auth] Token endpoint: \${discovery.token_endpoint}\`);
+  } catch (e) {
+    const error = e instanceof Error ? e : new Error(String(e));
+    const errorMessage = [
+      'Failed to fetch OIDC discovery document',
+      \`  Discovery URL: \${wellKnownUrl}\`,
+      \`  Error: \${error.message}\`,
+      '',
+      'Please ensure:',
+      '  1. The OAUTH_ISSUER_URL environment variable is correct',
+      '  2. The OAuth server is running and accessible',
+      '  3. The OAuth server supports OIDC discovery (.well-known/openid-configuration)',
+      '  4. Network/firewall settings allow the connection',
+    ].join('\\n');
+
+    throw new Error(errorMessage);
+  }
+
+  // Create JWKS from the discovery document's jwks_uri
+  const jwksUri = discovery.jwks_uri;
+  console.log(\`[auth] JWKS URI: \${jwksUri}\`);
+  JWKS = createRemoteJWKSet(new URL(jwksUri));
+
+  // Verify the JWKS endpoint is accessible
+  try {
+    const jwksResponse = await fetch(jwksUri, {
+      method: 'GET',
+      signal: AbortSignal.timeout(5000),
+    });
+
+    if (!jwksResponse.ok) {
+      throw new Error(\`HTTP \${jwksResponse.status}: \${jwksResponse.statusText}\`);
+    }
+    console.log('[auth] JWKS endpoint is accessible');
+  } catch (e) {
+    const error = e instanceof Error ? e : new Error(String(e));
+    const errorMessage = [
+      'Failed to fetch JWKS from OAuth server',
+      \`  JWKS URI: \${jwksUri}\`,
+      \`  Error: \${error.message}\`,
+      '',
+      'Please ensure the OAuth server is properly configured.',
+    ].join('\\n');
+
+    throw new Error(errorMessage);
+  }
+
+  console.log('[auth] OAuth configuration validated successfully');
+}
+`;
+}

package/dist/templates/stateful-streamable-http/auth.test.d.ts

@@ -0,0 +1 @@
+export {};