npm - @assetlab/mcp-server - Versions diffs - 1.19.6 → 1.19.7 - Mend

@assetlab/mcp-server 1.19.6 → 1.19.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (14) hide show

package/dist/oauth.js CHANGED Viewed

@@ -1,16 +1,16 @@
 /**
- * Minimal OAuth 2.0 Authorization Server for Claude.ai MCP integration.
+ * OAuth 2.0 Authorization Server for AssetLab MCP.
  *
- * Implements just enough of OAuth 2.0 + PKCE to satisfy Claude.ai's connector flow:
- *   1. Dynamic client registration (RFC 7591)
- *   2. Authorization endpoint (shows "paste your API key" page)
- *   3. Token endpoint (exchanges auth code for access token)
+ * Implements the subset of OAuth 2.0 + PKCE + RFC 7591/7592 needed to satisfy
+ * MCP connectors (Claude.ai, ChatGPT):
+ *   - /oauth/register   POST   — dynamic client registration with KV-backed allow-list
+ *   - /oauth/register/{id} DELETE — authenticated client deletion
+ *   - /authorize        GET    — consent page (validates client + redirect_uri)
+ *   - /authorize        POST   — issues an encrypted authorization code
+ *   - /token            POST   — code/refresh exchange (PKCE S256 mandatory)
  *
- * The user's AssetLab API key becomes the OAuth access_token, so the existing
- * MCP handler works unchanged (it reads Bearer token from Authorization header).
- *
- * Authorization codes are encrypted with AES-GCM using OAUTH_SECRET — fully
- * stateless, no KV or Durable Objects needed.
+ * The user's AssetLab API key is still returned as the OAuth access_token
+ * (P0 hardening keeps this; the opaque-token swap is tracked as P1).
  */
 // ── Helpers ──────────────────────────────────────────────────────────────────
 function base64url(buf) {
@@ -50,27 +50,159 @@ async function decrypt(code, secret) {
     const decrypted = await crypto.subtle.decrypt({ name: 'AES-GCM', iv }, key, ciphertext);
     return new TextDecoder().decode(decrypted);
 }
+async function sha256Hex(s) {
+    const buf = await crypto.subtle.digest('SHA-256', new TextEncoder().encode(s));
+    return Array.from(new Uint8Array(buf)).map((b) => b.toString(16).padStart(2, '0')).join('');
+}
+function safeEqual(a, b) {
+    if (a.length !== b.length)
+        return false;
+    let diff = 0;
+    for (let i = 0; i < a.length; i++)
+        diff |= a.charCodeAt(i) ^ b.charCodeAt(i);
+    return diff === 0;
+}
+// Opaque access tokens are prefixed so the Worker can distinguish them from
+// legacy API-key-as-Bearer requests (which start with al_live_ / al_test_).
+const ACCESS_TOKEN_PREFIX = 'mcp_at_';
+const ACCESS_TOKEN_TTL_SECONDS = 86_400; // 24h — matches the `expires_in` in /token response
+// ── KV helpers ───────────────────────────────────────────────────────────────
+const CLIENT_KEY = (id) => `oauth_client:${id}`;
+const TOKEN_KEY = (hash) => `oauth_token:${hash}`;
+const CONSUMED_CODE_KEY = (hash) => `consumed_code:${hash}`;
+async function getClient(kv, id) {
+    if (!id)
+        return null;
+    const raw = await kv.get(CLIENT_KEY(id));
+    if (!raw)
+        return null;
+    try {
+        return JSON.parse(raw);
+    }
+    catch {
+        return null;
+    }
+}
+async function putClient(kv, client) {
+    await kv.put(CLIENT_KEY(client.client_id), JSON.stringify(client));
+}
+async function deleteClient(kv, id) {
+    await kv.delete(CLIENT_KEY(id));
+}
+async function mintAccessToken(kv, apiKey, scope, clientId) {
+    const bytes = crypto.getRandomValues(new Uint8Array(32));
+    const token = ACCESS_TOKEN_PREFIX + base64url(bytes);
+    const hash = await sha256Hex(token);
+    const record = {
+        api_key: apiKey,
+        scope,
+        client_id: clientId,
+        created_at: Date.now(),
+    };
+    await kv.put(TOKEN_KEY(hash), JSON.stringify(record), {
+        expirationTtl: ACCESS_TOKEN_TTL_SECONDS,
+    });
+    return token;
+}
+/**
+ * Resolve a Bearer token presented to the MCP transport. Called once per
+ * incoming request from the Worker.
+ *
+ * - `mcp_at_*` tokens are looked up in KV. Miss → `null` (Worker returns 401).
+ * - Legacy `al_live_*` / `al_test_*` tokens (issued before opaque-token swap
+ *   or used by direct CLI integrations) pass through unchanged so the API
+ *   gateway can validate them.
+ * - Anything else is rejected (`null`) — the API gateway shouldn't see garbage.
+ */
+export async function resolveAccessToken(kv, token) {
+    if (!token)
+        return null;
+    if (token.startsWith(ACCESS_TOKEN_PREFIX)) {
+        const hash = await sha256Hex(token);
+        const raw = await kv.get(TOKEN_KEY(hash));
+        if (!raw)
+            return null;
+        try {
+            const rec = JSON.parse(raw);
+            return { apiKey: rec.api_key, scope: rec.scope, clientId: rec.client_id };
+        }
+        catch {
+            return null;
+        }
+    }
+    if (token.startsWith('al_live_') || token.startsWith('al_test_')) {
+        // Legacy passthrough — API gateway validates. Grace path for pre-swap sessions.
+        return { apiKey: token };
+    }
+    return null;
+}
+async function deleteAccessToken(kv, token) {
+    if (!token.startsWith(ACCESS_TOKEN_PREFIX))
+        return;
+    const hash = await sha256Hex(token);
+    await kv.delete(TOKEN_KEY(hash));
+}
+// ── Redirect URI validation ──────────────────────────────────────────────────
+//
+// RFC 8252 §7.3: allow loopback http for native apps; everything else must be
+// https. Reject anything that could exfiltrate the auth code via a non-HTTP
+// transport (javascript:, data:, file:, ws://, etc.).
+function isValidRedirectUri(uri) {
+    if (typeof uri !== 'string' || uri.length > 2000)
+        return false;
+    let parsed;
+    try {
+        parsed = new URL(uri);
+    }
+    catch {
+        return false;
+    }
+    if (parsed.protocol === 'https:')
+        return true;
+    if (parsed.protocol === 'http:') {
+        return (parsed.hostname === 'localhost' ||
+            parsed.hostname === '127.0.0.1' ||
+            parsed.hostname === '[::1]');
+    }
+    return false;
+}
 // ── CORS ─────────────────────────────────────────────────────────────────────
-const CORS = {
-    'Access-Control-Allow-Origin': '*',
-    'Access-Control-Allow-Methods': 'GET, POST, DELETE, OPTIONS',
-    'Access-Control-Allow-Headers': 'Authorization, Content-Type, MCP-Protocol-Version, Accept',
-};
-function json(body, status = 200, extra = {}) {
+const ALLOWED_ORIGINS = new Set([
+    'https://claude.ai',
+    'https://chat.openai.com',
+    'https://chatgpt.com',
+]);
+export function corsHeaders(request) {
+    const origin = request.headers.get('origin') ?? '';
+    if (!ALLOWED_ORIGINS.has(origin))
+        return {};
+    return {
+        'Access-Control-Allow-Origin': origin,
+        'Access-Control-Allow-Credentials': 'true',
+        Vary: 'Origin',
+        'Access-Control-Allow-Methods': 'GET, POST, DELETE, OPTIONS',
+        'Access-Control-Allow-Headers': 'Authorization, Content-Type, MCP-Protocol-Version, Accept',
+    };
+}
+function json(body, status = 200, extra = {}, corsFor) {
     return new Response(JSON.stringify(body), {
         status,
-        headers: { 'Content-Type': 'application/json', ...CORS, ...extra },
+        headers: {
+            'Content-Type': 'application/json',
+            ...(corsFor ? corsHeaders(corsFor) : {}),
+            ...extra,
+        },
     });
 }
 // ── Discovery endpoints ─────────────────────────────────────────────────────
-export function protectedResourceMetadata(origin) {
+export function protectedResourceMetadata(origin, request) {
     const resource = origin.endsWith('/') ? origin : `${origin}/`;
     return json({
         resource,
         authorization_servers: [origin],
-    });
+    }, 200, {}, request);
 }
-export function authServerMetadata(origin) {
+export function authServerMetadata(origin, request) {
     return json({
         issuer: origin,
         authorization_endpoint: `${origin}/authorize`,
@@ -81,211 +213,196 @@ export function authServerMetadata(origin) {
         scopes_supported: ['claudeai', 'mcp'],
         code_challenge_methods_supported: ['S256'],
         token_endpoint_auth_methods_supported: ['none'],
-    });
+    }, 200, {}, request);
 }
 // ── Dynamic client registration (RFC 7591) ──────────────────────────────────
-export async function handleRegister(request) {
-    const body = await request.json();
+export async function handleRegister(request, kv) {
+    let body;
+    try {
+        body = (await request.json());
+    }
+    catch {
+        return json({ error: 'invalid_client_metadata', error_description: 'Body must be valid JSON' }, 400);
+    }
+    const uris = body.redirect_uris;
+    if (!Array.isArray(uris) || uris.length === 0) {
+        return json({
+            error: 'invalid_redirect_uri',
+            error_description: 'redirect_uris must be a non-empty array',
+        }, 400);
+    }
+    if (uris.length > 10) {
+        return json({ error: 'invalid_redirect_uri', error_description: 'Too many redirect_uris (max 10)' }, 400);
+    }
+    for (const u of uris) {
+        if (!isValidRedirectUri(u)) {
+            return json({
+                error: 'invalid_redirect_uri',
+                error_description: 'All redirect_uris must use https:// (http:// is only allowed for localhost loopback)',
+            }, 400);
+        }
+    }
+    const name = typeof body.client_name === 'string' && body.client_name.trim().length > 0
+        ? body.client_name.trim().slice(0, 200)
+        : 'MCP Client';
+    // Scope is stored as-is (≤200 chars). The /authorize and /token endpoints
+    // intersect requested scope with the supported set at issue time.
+    const rawScope = typeof body.scope === 'string' && body.scope.length <= 200 ? body.scope : 'mcp';
     const clientId = crypto.randomUUID();
+    const regTokenBytes = crypto.getRandomValues(new Uint8Array(32));
+    const regToken = base64url(regTokenBytes);
+    const regTokenHash = await sha256Hex(regToken);
+    const client = {
+        client_id: clientId,
+        client_name: name,
+        redirect_uris: uris,
+        scope: rawScope,
+        registration_access_token_hash: regTokenHash,
+        created_at: Date.now(),
+    };
+    await putClient(kv, client);
+    const origin = new URL(request.url).origin;
     return json({
         client_id: clientId,
-        client_name: body.client_name ?? 'Claude.ai',
-        redirect_uris: body.redirect_uris ?? [],
-        grant_types: body.grant_types ?? ['authorization_code'],
-        response_types: body.response_types ?? ['code'],
+        client_name: name,
+        redirect_uris: uris,
+        grant_types: ['authorization_code', 'refresh_token'],
+        response_types: ['code'],
         token_endpoint_auth_method: 'none',
+        scope: rawScope,
+        registration_access_token: regToken,
+        registration_client_uri: `${origin}/oauth/register/${clientId}`,
     }, 201);
 }
+// ── Authenticated client deletion (RFC 7592) ────────────────────────────────
+export async function handleDelete(request, kv, clientId) {
+    const auth = request.headers.get('Authorization') ?? '';
+    if (!auth.startsWith('Bearer ')) {
+        return json({ error: 'invalid_token', error_description: 'Registration access token required' }, 401, { 'WWW-Authenticate': 'Bearer' });
+    }
+    const token = auth.slice(7).trim();
+    const client = await getClient(kv, clientId);
+    // Return 401 (not 404) for unknown client_ids so we don't leak which IDs exist.
+    if (!token || !client) {
+        return json({ error: 'invalid_token', error_description: 'Invalid registration access token' }, 401);
+    }
+    const providedHash = await sha256Hex(token);
+    if (!safeEqual(providedHash, client.registration_access_token_hash)) {
+        return json({ error: 'invalid_token', error_description: 'Invalid registration access token' }, 401);
+    }
+    await deleteClient(kv, clientId);
+    return new Response(null, { status: 204 });
+}
 // ── Authorization endpoint ──────────────────────────────────────────────────
-export function handleAuthorizeGet(request) {
+export async function handleAuthorizeGet(request, kv) {
     const url = new URL(request.url);
-    const state = url.searchParams.get('state') ?? '';
+    const clientId = url.searchParams.get('client_id') ?? '';
     const redirectUri = url.searchParams.get('redirect_uri') ?? '';
+    const responseType = url.searchParams.get('response_type') ?? 'code';
     const codeChallenge = url.searchParams.get('code_challenge') ?? '';
-    const clientId = url.searchParams.get('client_id') ?? '';
+    const codeChallengeMethod = url.searchParams.get('code_challenge_method') ?? '';
     const scope = url.searchParams.get('scope') ?? '';
-    const html = `<!DOCTYPE html>
-<html lang="en">
-<head>
-  <meta charset="utf-8"/>
-  <meta name="viewport" content="width=device-width, initial-scale=1"/>
-  <title>Connect to AssetLab</title>
-  <link rel="preconnect" href="https://fonts.googleapis.com"/>
-  <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin/>
-  <link href="https://fonts.googleapis.com/css2?family=Inter:wght@300;400;500;600&family=Lexend:wght@400;500;600&display=swap" rel="stylesheet"/>
-  <style>
-    *{margin:0;padding:0;box-sizing:border-box}
-    body{font-family:'Inter',system-ui,sans-serif;background:rgb(3,6,22);color:#fff;
-         min-height:100vh;display:flex;flex-direction:column;align-items:center;
-         justify-content:center;padding:1rem;position:relative;overflow:hidden}
-    /* base grid - white, faded on edges */
-    .grid-base{position:fixed;inset:0;pointer-events:none;z-index:0;opacity:.04;
-      background-image:linear-gradient(rgba(255,255,255,.4) 1px,transparent 1px),
-                        linear-gradient(90deg,rgba(255,255,255,.4) 1px,transparent 1px);
-      background-size:60px 60px;
-      -webkit-mask-image:radial-gradient(ellipse 60% 60% at 50% 50%,black 0%,transparent 100%);
-      mask-image:radial-gradient(ellipse 60% 60% at 50% 50%,black 0%,transparent 100%)}
-    /* mouse hover glow on grid */
-    .grid-glow{position:fixed;inset:0;pointer-events:none;z-index:0;
-      background-image:linear-gradient(rgba(106,208,157,.3) 1px,transparent 1px),
-                        linear-gradient(90deg,rgba(106,208,157,.3) 1px,transparent 1px);
-      background-size:60px 60px;transition:opacity .3s;
-      -webkit-mask-image:radial-gradient(circle 120px at 0px 0px,black 0%,transparent 100%);
-      mask-image:radial-gradient(circle 120px at 0px 0px,black 0%,transparent 100%)}
-    .logo{display:flex;align-items:center;gap:.625rem;margin-bottom:2rem;position:relative;z-index:1}
-    .logo svg{width:48px;height:48px}
-    .logo-text{font-family:'Lexend',sans-serif;font-size:1.5rem;font-weight:500;letter-spacing:-.025em}
-    .logo-text .lab{color:#45c28b}
-    .card{background:transparent;backdrop-filter:blur(4px);border-radius:1rem;
-          border:1px solid rgba(255,255,255,.2);max-width:420px;width:100%;
-          padding:2rem;position:relative;z-index:1}
-    h1{font-family:'Lexend',sans-serif;font-size:1.25rem;font-weight:500;margin-bottom:.25rem;
-       letter-spacing:-.025em}
-    .sub{color:#d1d5db;font-size:.875rem;margin-bottom:1.5rem}
-    label{display:flex;align-items:center;gap:.5rem;color:#e5e7eb;font-weight:500;
-          font-size:.875rem;margin-bottom:.375rem}
-    label svg{width:16px;height:16px;color:#9ca3af;flex-shrink:0}
-    input[type="password"]{width:100%;padding:.625rem .75rem;background:transparent;
-          border:1px solid rgba(255,255,255,.2);border-radius:.5rem;font-size:.875rem;
-          font-family:'JetBrains Mono',monospace;color:#fff;outline:none;transition:border-color .15s,box-shadow .15s}
-    input[type="password"]::placeholder{color:#6b7280}
-    input[type="password"]:focus{border-color:rgb(106,208,157);
-          box-shadow:0 0 0 3px rgba(106,208,157,.15)}
-    .help{color:#6b7280;font-size:.75rem;margin-top:.375rem}
-    button{width:100%;margin-top:1.25rem;padding:.625rem;
-           background:rgb(106,208,157);color:rgb(3,6,22);border:none;border-radius:.5rem;
-           font-family:'Inter',sans-serif;font-size:.875rem;font-weight:600;cursor:pointer;
-           transition:background .15s}
-    button:hover{background:rgb(86,188,137)}
-    button:disabled{background:#4b5563;color:#9ca3af;cursor:not-allowed}
-    .footer{text-align:center;margin-top:1rem;font-size:.75rem;color:#6b7280}
-    /* subtle glow behind card */
-    .glow{position:fixed;width:400px;height:400px;border-radius:50%;
-          background:radial-gradient(circle,rgba(106,208,157,.08),transparent 70%);
-          top:50%;left:50%;transform:translate(-50%,-50%);pointer-events:none;z-index:0}
-  </style>
-</head>
-<body>
-  <div class="grid-base"></div>
-  <div class="grid-glow" id="gridGlow"></div>
-  <div class="glow"></div>
-  <div class="logo">
-    <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 292.3 292.3">
-      <g transform="translate(95.414,86.487)">
-        <circle fill="#45c28b" cx="-74.77" cy="-51.34" r="20"/>
-        <circle fill="#45c28b" cx="-74.53" cy="1.19" r="20"/>
-        <circle fill="#45c28b" cx="-22.24" cy="-28.91" r="20"/>
-        <circle fill="#fbd04e" cx="-74.67" cy="56.37" r="20"/>
-        <circle fill="#fbd04e" cx="-74.58" cy="120.34" r="20"/>
-        <circle fill="#fbd04e" cx="-74.49" cy="172.05" r="20"/>
-        <circle fill="#fbd04e" cx="-23.77" cy="26.56" r="20"/>
-        <circle fill="#fbd04e" cx="22.72" cy="-7.36" r="15"/>
-        <circle fill="#fbd04e" cx="-21.38" cy="89.52" r="17"/>
-        <circle fill="#fbd04e" cx="30.77" cy="51.30" r="20"/>
-        <circle fill="#fbd04e" cx="-21.89" cy="159.66" r="17"/>
-        <circle fill="#fbd04e" cx="22.92" cy="173.41" r="15"/>
-        <circle fill="#fbd04e" cx="35.15" cy="119.00" r="20"/>
-        <circle fill="#fbd04e" cx="79.51" cy="79.64" r="15"/>
-        <circle fill="#f78265" cx="72.59" cy="161.68" r="20"/>
-        <circle fill="#f78265" cx="110.66" cy="131.00" r="12"/>
-        <circle fill="#f78265" cx="121.37" cy="86.82" r="12"/>
-        <circle fill="#f78265" cx="155.50" cy="110.89" r="15"/>
-        <circle fill="#f78265" cx="136.27" cy="172.43" r="15"/>
-        <circle fill="#f78265" cx="182.53" cy="154.52" r="15"/>
-      </g>
-    </svg>
-    <span class="logo-text">Asset<span class="lab">Lab</span></span>
-  </div>
-  <div class="card">
-    <h1>Connect to AssetLab</h1>
-    <p class="sub">Claude.ai wants to access your AssetLab workspace via MCP.</p>
-    <form method="POST" action="/authorize" id="form">
-      <input type="hidden" name="state" value="${escapeHtml(state)}"/>
-      <input type="hidden" name="redirect_uri" value="${escapeHtml(redirectUri)}"/>
-      <input type="hidden" name="code_challenge" value="${escapeHtml(codeChallenge)}"/>
-      <input type="hidden" name="client_id" value="${escapeHtml(clientId)}"/>
-      <input type="hidden" name="scope" value="${escapeHtml(scope)}"/>
-      <label for="api_key">
-        <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="m21 2-2 2m-7.61 7.61a5.5 5.5 0 1 1-7.778 7.778 5.5 5.5 0 0 1 7.777-7.777zm0 0L15.5 7.5m0 0 3 3L22 7l-3-3m-3.5 3.5L19 4"/></svg>
-        API Key
-      </label>
-      <input type="password" id="api_key" name="api_key" placeholder="al_live_..." required
-             pattern="al_(live|test)_.+" title="Must start with al_live_ or al_test_"/>
-      <p class="help">Find this in AssetLab → Settings → API Keys</p>
-      <button type="submit" id="btn">Authorize</button>
-    </form>
-    <p class="footer">Your key is sent directly to AssetLab and never stored by this server.</p>
-  </div>
-  <script>
-    document.getElementById('form').addEventListener('submit',()=>{
-      document.getElementById('btn').disabled=true;
-      document.getElementById('btn').textContent='Connecting…';
-    });
-    (function(){
-      var g=document.getElementById('gridGlow');
-      document.addEventListener('mousemove',function(e){
-        var m='radial-gradient(circle 120px at '+e.clientX+'px '+e.clientY+'px,black 0%,transparent 100%)';
-        g.style.webkitMaskImage=m;g.style.maskImage=m;
-      });
-    })();
-  </script>
-</body>
-</html>`;
-    return new Response(html, {
-        status: 200,
-        headers: { 'Content-Type': 'text/html; charset=utf-8', ...CORS },
+    const state = url.searchParams.get('state') ?? '';
+    if (responseType !== 'code') {
+        return errorPage(`Unsupported response_type "${responseType}". Only the authorization code flow is supported.`, 400);
+    }
+    if (!codeChallenge || codeChallengeMethod !== 'S256') {
+        return errorPage('This server requires PKCE: code_challenge and code_challenge_method=S256 are mandatory.', 400);
+    }
+    if (!clientId) {
+        return errorPage('Missing client_id.', 400);
+    }
+    const client = await getClient(kv, clientId);
+    if (!client) {
+        return errorPage('Unknown client_id. Re-register the application and try again.', 400);
+    }
+    if (!redirectUri || !client.redirect_uris.includes(redirectUri)) {
+        return errorPage('redirect_uri does not match any URI registered for this client.', 400);
+    }
+    let redirectHost = '';
+    try {
+        redirectHost = new URL(redirectUri).host;
+    }
+    catch {
+        redirectHost = '';
+    }
+    return renderConsentPage({
+        clientName: client.client_name,
+        redirectHost,
+        state,
+        redirectUri,
+        codeChallenge,
+        clientId,
+        scope,
     });
 }
-export async function handleAuthorizePost(request, secret) {
+export async function handleAuthorizePost(request, env) {
     const form = await request.formData();
     const apiKey = form.get('api_key')?.trim();
-    const state = form.get('state');
-    const redirectUri = form.get('redirect_uri');
-    const codeChallenge = form.get('code_challenge');
+    const state = form.get('state') ?? '';
+    const redirectUri = form.get('redirect_uri') ?? '';
+    const codeChallenge = form.get('code_challenge') ?? '';
+    const clientId = form.get('client_id') ?? '';
     const scope = form.get('scope') ?? '';
-    console.log('[authorize POST]', JSON.stringify({ hasApiKey: !!apiKey, state, redirectUri, codeChallenge, scope }));
-    if (!apiKey || !redirectUri) {
-        return json({ error: 'missing_parameters' }, 400);
+    if (!apiKey)
+        return errorPage('API key is required.', 400);
+    if (!clientId)
+        return errorPage('Missing client_id.', 400);
+    if (!codeChallenge)
+        return errorPage('Missing PKCE code_challenge.', 400);
+    // Re-validate against KV — guards against tampering with hidden form fields.
+    const client = await getClient(env.OAUTH_CLIENTS, clientId);
+    if (!client)
+        return errorPage('Unknown client_id.', 400);
+    if (!redirectUri || !client.redirect_uris.includes(redirectUri)) {
+        return errorPage('redirect_uri does not match any URI registered for this client.', 400);
     }
     const payload = {
         apiKey,
         codeChallenge,
         redirectUri,
         scope,
+        clientId,
         exp: Date.now() + 600_000, // 10 minutes
     };
-    const code = await encrypt(JSON.stringify(payload), secret);
+    const code = await encrypt(JSON.stringify(payload), env.OAUTH_SECRET);
     const target = new URL(redirectUri);
     target.searchParams.set('code', code);
     if (state)
         target.searchParams.set('state', state);
-    console.log('[authorize POST] redirecting to', target.toString().slice(0, 100));
     return Response.redirect(target.toString(), 302);
 }
 // ── Token endpoint ──────────────────────────────────────────────────────────
-async function issueTokens(apiKey, scope, secret) {
-    const refreshPayload = { apiKey, scope: scope || 'mcp', type: 'refresh' };
-    const refreshToken = await encrypt(JSON.stringify(refreshPayload), secret);
+async function issueTokens(apiKey, scope, clientId, env) {
+    const effectiveScope = scope || 'mcp';
+    const accessToken = await mintAccessToken(env.OAUTH_CLIENTS, apiKey, effectiveScope, clientId);
+    const refreshPayload = {
+        apiKey,
+        scope: effectiveScope,
+        clientId,
+        type: 'refresh',
+    };
+    const refreshToken = await encrypt(JSON.stringify(refreshPayload), env.OAUTH_SECRET);
     return json({
-        access_token: apiKey,
+        access_token: accessToken,
         token_type: 'Bearer',
-        expires_in: 86400,
-        scope: scope || 'mcp',
+        expires_in: ACCESS_TOKEN_TTL_SECONDS,
+        scope: effectiveScope,
         refresh_token: refreshToken,
     });
 }
-export async function handleToken(request, secret) {
+export async function handleToken(request, env) {
     let params;
     const ct = request.headers.get('Content-Type') ?? '';
     if (ct.includes('application/json')) {
-        const body = await request.json();
+        const body = (await request.json());
         params = new URLSearchParams(body);
     }
     else {
         params = new URLSearchParams(await request.text());
     }
     const grantType = params.get('grant_type');
-    console.log('[token]', JSON.stringify({ grantType, contentType: ct }));
+    const requestClientId = params.get('client_id') ?? '';
     // ── Refresh token grant ──────────────────────────────────────────────────
     if (grantType === 'refresh_token') {
         const refreshToken = params.get('refresh_token');
@@ -294,7 +411,7 @@ export async function handleToken(request, secret) {
         }
         let payload;
         try {
-            payload = JSON.parse(await decrypt(refreshToken, secret));
+            payload = JSON.parse(await decrypt(refreshToken, env.OAUTH_SECRET));
         }
         catch (err) {
             console.log('[token] refresh decrypt failed:', err instanceof Error ? err.message : err);
@@ -303,52 +420,269 @@ export async function handleToken(request, secret) {
         if (payload.type !== 'refresh') {
             return json({ error: 'invalid_grant', error_description: 'Invalid refresh token' }, 400);
         }
-        console.log('[token] refresh success, issuing new tokens');
-        return issueTokens(payload.apiKey, payload.scope, secret);
+        // Refresh tokens minted before this rewrite have no clientId — accept them
+        // so existing Claude.ai / ChatGPT sessions survive the deploy. New tokens
+        // always carry clientId and are validated against KV.
+        if (payload.clientId) {
+            const client = await getClient(env.OAUTH_CLIENTS, payload.clientId);
+            if (!client) {
+                return json({ error: 'invalid_grant', error_description: 'Client no longer registered' }, 400);
+            }
+        }
+        return issueTokens(payload.apiKey, payload.scope, payload.clientId, env);
     }
     // ── Authorization code grant ─────────────────────────────────────────────
+    if (grantType && grantType !== 'authorization_code') {
+        return json({ error: 'unsupported_grant_type', error_description: `Unsupported grant_type "${grantType}"` }, 400);
+    }
     const code = params.get('code');
     const codeVerifier = params.get('code_verifier');
-    const redirectUri = params.get('redirect_uri');
-    console.log('[token]', JSON.stringify({
-        hasCode: !!code, hasVerifier: !!codeVerifier, redirectUri,
-    }));
+    const redirectUri = params.get('redirect_uri') ?? '';
     if (!code)
         return json({ error: 'invalid_request', error_description: 'Missing code' }, 400);
+    if (!codeVerifier) {
+        return json({ error: 'invalid_request', error_description: 'Missing code_verifier (PKCE is required)' }, 400);
+    }
+    // F-017 — RFC 6749 §3.2.1: public clients MUST send client_id on /token.
+    if (!requestClientId) {
+        return json({ error: 'invalid_request', error_description: 'Missing client_id' }, 400);
+    }
     let payload;
     try {
-        payload = JSON.parse(await decrypt(code, secret));
+        payload = JSON.parse(await decrypt(code, env.OAUTH_SECRET));
     }
     catch (err) {
         console.log('[token] decrypt failed:', err instanceof Error ? err.message : err);
         return json({ error: 'invalid_grant', error_description: 'Invalid or expired code' }, 400);
     }
-    console.log('[token] decrypted payload:', JSON.stringify({
-        hasApiKey: !!payload.apiKey,
-        codeChallenge: payload.codeChallenge,
-        redirectUri: payload.redirectUri,
-        exp: payload.exp,
-        now: Date.now(),
-    }));
     if (Date.now() > payload.exp) {
-        console.log('[token] code expired');
         return json({ error: 'invalid_grant', error_description: 'Code expired' }, 400);
     }
     if (redirectUri && payload.redirectUri !== redirectUri) {
-        console.log('[token] redirect URI mismatch:', payload.redirectUri, '!=', redirectUri);
         return json({ error: 'invalid_grant', error_description: 'Redirect URI mismatch' }, 400);
     }
-    // Verify PKCE
-    if (payload.codeChallenge && codeVerifier) {
-        const digest = await crypto.subtle.digest('SHA-256', new TextEncoder().encode(codeVerifier));
-        const expected = base64url(digest);
-        console.log('[token] PKCE check:', expected, '===', payload.codeChallenge, '→', expected === payload.codeChallenge);
-        if (expected !== payload.codeChallenge) {
-            return json({ error: 'invalid_grant', error_description: 'PKCE verification failed' }, 400);
+    if (requestClientId !== payload.clientId) {
+        return json({ error: 'invalid_client', error_description: 'client_id mismatch' }, 400);
+    }
+    // F-015 — RFC 6749 §4.1.2: authorization codes MUST be single-use. Hash of
+    // the raw code (not the code itself) is stored so the KV value isn't a
+    // credential. Sentinel TTL matches the code's remaining lifetime.
+    const codeHash = await sha256Hex(code);
+    if (await env.OAUTH_CLIENTS.get(CONSUMED_CODE_KEY(codeHash))) {
+        return json({ error: 'invalid_grant', error_description: 'Authorization code already used' }, 400);
+    }
+    const client = await getClient(env.OAUTH_CLIENTS, payload.clientId);
+    if (!client) {
+        return json({ error: 'invalid_client', error_description: 'Unknown client' }, 401);
+    }
+    if (!client.redirect_uris.includes(payload.redirectUri)) {
+        return json({ error: 'invalid_grant', error_description: 'Redirect URI no longer registered' }, 400);
+    }
+    // PKCE verification — mandatory.
+    const digest = await crypto.subtle.digest('SHA-256', new TextEncoder().encode(codeVerifier));
+    const expected = base64url(digest);
+    if (!safeEqual(expected, payload.codeChallenge)) {
+        return json({ error: 'invalid_grant', error_description: 'PKCE verification failed' }, 400);
+    }
+    // Mark code consumed before issuing tokens. KV expirationTtl is in seconds
+    // and clamped at 60s minimum by Cloudflare.
+    const remainingTtl = Math.max(60, Math.ceil((payload.exp - Date.now()) / 1000));
+    await env.OAUTH_CLIENTS.put(CONSUMED_CODE_KEY(codeHash), '1', {
+        expirationTtl: remainingTtl,
+    });
+    return issueTokens(payload.apiKey, payload.scope, payload.clientId, env);
+}
+// ── Token revocation (RFC 7009) ─────────────────────────────────────────────
+/**
+ * POST /oauth/revoke — revoke an opaque access token.
+ *
+ * Refresh tokens are encrypted blobs (not KV-backed), so per-token refresh
+ * revocation is not supported in this iteration; rotating the underlying
+ * AssetLab API key in Settings is the way to fully terminate a session.
+ *
+ * Per RFC 7009 §2.2 we return 200 for unknown tokens too — clients shouldn't
+ * be able to probe token validity via this endpoint.
+ */
+export async function handleRevoke(request, env) {
+    let params;
+    const ct = request.headers.get('Content-Type') ?? '';
+    try {
+        if (ct.includes('application/json')) {
+            const body = (await request.json());
+            params = new URLSearchParams(body);
+        }
+        else {
+            params = new URLSearchParams(await request.text());
         }
     }
-    console.log('[token] success, returning access_token with refresh_token');
-    return issueTokens(payload.apiKey, payload.scope, secret);
+    catch {
+        return json({ error: 'invalid_request', error_description: 'Malformed body' }, 400);
+    }
+    const token = params.get('token') ?? '';
+    if (!token) {
+        return json({ error: 'invalid_request', error_description: 'Missing token' }, 400);
+    }
+    // Best-effort: only opaque access tokens are revocable here. The 200 is
+    // returned regardless to avoid leaking which tokens exist.
+    if (token.startsWith(ACCESS_TOKEN_PREFIX)) {
+        await deleteAccessToken(env.OAUTH_CLIENTS, token);
+    }
+    return new Response(null, { status: 200 });
+}
+function renderConsentPage(data) {
+    const html = `<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="utf-8"/>
+  <meta name="viewport" content="width=device-width, initial-scale=1"/>
+  <title>Connect to AssetLab</title>
+  <link rel="preconnect" href="https://fonts.googleapis.com"/>
+  <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin/>
+  <link href="https://fonts.googleapis.com/css2?family=Inter:wght@300;400;500;600&family=Lexend:wght@400;500;600&display=swap" rel="stylesheet"/>
+  <style>
+    *{margin:0;padding:0;box-sizing:border-box}
+    body{font-family:'Inter',system-ui,sans-serif;background:rgb(3,6,22);color:#fff;
+         min-height:100vh;display:flex;flex-direction:column;align-items:center;
+         justify-content:center;padding:1rem;position:relative;overflow:hidden}
+    .grid-base{position:fixed;inset:0;pointer-events:none;z-index:0;opacity:.04;
+      background-image:linear-gradient(rgba(255,255,255,.4) 1px,transparent 1px),
+                        linear-gradient(90deg,rgba(255,255,255,.4) 1px,transparent 1px);
+      background-size:60px 60px;
+      -webkit-mask-image:radial-gradient(ellipse 60% 60% at 50% 50%,black 0%,transparent 100%);
+      mask-image:radial-gradient(ellipse 60% 60% at 50% 50%,black 0%,transparent 100%)}
+    .grid-glow{position:fixed;inset:0;pointer-events:none;z-index:0;
+      background-image:linear-gradient(rgba(106,208,157,.3) 1px,transparent 1px),
+                        linear-gradient(90deg,rgba(106,208,157,.3) 1px,transparent 1px);
+      background-size:60px 60px;transition:opacity .3s;
+      -webkit-mask-image:radial-gradient(circle 120px at 0px 0px,black 0%,transparent 100%);
+      mask-image:radial-gradient(circle 120px at 0px 0px,black 0%,transparent 100%)}
+    .logo{display:flex;align-items:center;gap:.625rem;margin-bottom:2rem;position:relative;z-index:1}
+    .logo svg{width:48px;height:48px}
+    .logo-text{font-family:'Lexend',sans-serif;font-size:1.5rem;font-weight:500;letter-spacing:-.025em}
+    .logo-text .lab{color:#45c28b}
+    .card{background:transparent;backdrop-filter:blur(4px);border-radius:1rem;
+          border:1px solid rgba(255,255,255,.2);max-width:420px;width:100%;
+          padding:2rem;position:relative;z-index:1}
+    h1{font-family:'Lexend',sans-serif;font-size:1.25rem;font-weight:500;margin-bottom:.25rem;
+       letter-spacing:-.025em}
+    .sub{color:#d1d5db;font-size:.875rem;margin-bottom:1.5rem}
+    .sub strong{color:#fff;font-weight:600}
+    label{display:flex;align-items:center;gap:.5rem;color:#e5e7eb;font-weight:500;
+          font-size:.875rem;margin-bottom:.375rem}
+    label svg{width:16px;height:16px;color:#9ca3af;flex-shrink:0}
+    input[type="password"]{width:100%;padding:.625rem .75rem;background:transparent;
+          border:1px solid rgba(255,255,255,.2);border-radius:.5rem;font-size:.875rem;
+          font-family:'JetBrains Mono',monospace;color:#fff;outline:none;transition:border-color .15s,box-shadow .15s}
+    input[type="password"]::placeholder{color:#6b7280}
+    input[type="password"]:focus{border-color:rgb(106,208,157);
+          box-shadow:0 0 0 3px rgba(106,208,157,.15)}
+    .help{color:#6b7280;font-size:.75rem;margin-top:.375rem}
+    button{width:100%;margin-top:1.25rem;padding:.625rem;
+           background:rgb(106,208,157);color:rgb(3,6,22);border:none;border-radius:.5rem;
+           font-family:'Inter',sans-serif;font-size:.875rem;font-weight:600;cursor:pointer;
+           transition:background .15s}
+    button:hover{background:rgb(86,188,137)}
+    button:disabled{background:#4b5563;color:#9ca3af;cursor:not-allowed}
+    .footer{text-align:center;margin-top:1rem;font-size:.75rem;color:#6b7280}
+    .footer .host{color:#9ca3af;font-family:'JetBrains Mono',monospace}
+    .glow{position:fixed;width:400px;height:400px;border-radius:50%;
+          background:radial-gradient(circle,rgba(106,208,157,.08),transparent 70%);
+          top:50%;left:50%;transform:translate(-50%,-50%);pointer-events:none;z-index:0}
+  </style>
+</head>
+<body>
+  <div class="grid-base"></div>
+  <div class="grid-glow" id="gridGlow"></div>
+  <div class="glow"></div>
+  <div class="logo">
+    <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 292.3 292.3">
+      <g transform="translate(95.414,86.487)">
+        <circle fill="#45c28b" cx="-74.77" cy="-51.34" r="20"/>
+        <circle fill="#45c28b" cx="-74.53" cy="1.19" r="20"/>
+        <circle fill="#45c28b" cx="-22.24" cy="-28.91" r="20"/>
+        <circle fill="#fbd04e" cx="-74.67" cy="56.37" r="20"/>
+        <circle fill="#fbd04e" cx="-74.58" cy="120.34" r="20"/>
+        <circle fill="#fbd04e" cx="-74.49" cy="172.05" r="20"/>
+        <circle fill="#fbd04e" cx="-23.77" cy="26.56" r="20"/>
+        <circle fill="#fbd04e" cx="22.72" cy="-7.36" r="15"/>
+        <circle fill="#fbd04e" cx="-21.38" cy="89.52" r="17"/>
+        <circle fill="#fbd04e" cx="30.77" cy="51.30" r="20"/>
+        <circle fill="#fbd04e" cx="-21.89" cy="159.66" r="17"/>
+        <circle fill="#fbd04e" cx="22.92" cy="173.41" r="15"/>
+        <circle fill="#fbd04e" cx="35.15" cy="119.00" r="20"/>
+        <circle fill="#fbd04e" cx="79.51" cy="79.64" r="15"/>
+        <circle fill="#f78265" cx="72.59" cy="161.68" r="20"/>
+        <circle fill="#f78265" cx="110.66" cy="131.00" r="12"/>
+        <circle fill="#f78265" cx="121.37" cy="86.82" r="12"/>
+        <circle fill="#f78265" cx="155.50" cy="110.89" r="15"/>
+        <circle fill="#f78265" cx="136.27" cy="172.43" r="15"/>
+        <circle fill="#f78265" cx="182.53" cy="154.52" r="15"/>
+      </g>
+    </svg>
+    <span class="logo-text">Asset<span class="lab">Lab</span></span>
+  </div>
+  <div class="card">
+    <h1>Connect to AssetLab</h1>
+    <p class="sub"><strong>${escapeHtml(data.clientName)}</strong> wants to access your AssetLab workspace via MCP.</p>
+    <form method="POST" action="/authorize" id="form">
+      <input type="hidden" name="state" value="${escapeHtml(data.state)}"/>
+      <input type="hidden" name="redirect_uri" value="${escapeHtml(data.redirectUri)}"/>
+      <input type="hidden" name="code_challenge" value="${escapeHtml(data.codeChallenge)}"/>
+      <input type="hidden" name="client_id" value="${escapeHtml(data.clientId)}"/>
+      <input type="hidden" name="scope" value="${escapeHtml(data.scope)}"/>
+      <label for="api_key">
+        <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="m21 2-2 2m-7.61 7.61a5.5 5.5 0 1 1-7.778 7.778 5.5 5.5 0 0 1 7.777-7.777zm0 0L15.5 7.5m0 0 3 3L22 7l-3-3m-3.5 3.5L19 4"/></svg>
+        API Key
+      </label>
+      <input type="password" id="api_key" name="api_key" placeholder="al_live_..." required
+             pattern="al_(live|test)_.+" title="Must start with al_live_ or al_test_"/>
+      <p class="help">Find this in AssetLab → Settings → API Keys</p>
+      <button type="submit" id="btn">Authorize</button>
+    </form>
+    <p class="footer">After authorizing you'll be redirected to <span class="host">${escapeHtml(data.redirectHost)}</span>.</p>
+  </div>
+  <script>
+    document.getElementById('form').addEventListener('submit',()=>{
+      document.getElementById('btn').disabled=true;
+      document.getElementById('btn').textContent='Connecting\u2026';
+    });
+    (function(){
+      var g=document.getElementById('gridGlow');
+      document.addEventListener('mousemove',function(e){
+        var m='radial-gradient(circle 120px at '+e.clientX+'px '+e.clientY+'px,black 0%,transparent 100%)';
+        g.style.webkitMaskImage=m;g.style.maskImage=m;
+      });
+    })();
+  </script>
+</body>
+</html>`;
+    return new Response(html, {
+        status: 200,
+        headers: {
+            'Content-Type': 'text/html; charset=utf-8',
+            'X-Frame-Options': 'DENY',
+            'Content-Security-Policy': "frame-ancestors 'none'",
+        },
+    });
+}
+function errorPage(message, status = 400) {
+    const html = `<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"/>
+<meta name="viewport" content="width=device-width, initial-scale=1"/>
+<title>Authorization error</title>
+<style>body{font-family:system-ui,-apple-system,sans-serif;background:rgb(3,6,22);color:#fff;
+display:flex;flex-direction:column;align-items:center;justify-content:center;min-height:100vh;
+padding:1rem;text-align:center}.card{border:1px solid rgba(255,255,255,.2);border-radius:1rem;
+padding:2rem;max-width:480px}h1{font-size:1.25rem;margin-bottom:.5rem;color:#f78265;font-weight:500}
+p{color:#d1d5db;font-size:.875rem;line-height:1.5}</style></head>
+<body><div class="card"><h1>Authorization failed</h1><p>${escapeHtml(message)}</p></div></body></html>`;
+    return new Response(html, {
+        status,
+        headers: {
+            'Content-Type': 'text/html; charset=utf-8',
+            'X-Frame-Options': 'DENY',
+            'Content-Security-Policy': "frame-ancestors 'none'",
+        },
+    });
 }
 // ── Utility ─────────────────────────────────────────────────────────────────
 function escapeHtml(s) {