@assetlab/mcp-server 1.19.6 → 1.20.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -20
- package/dist/client.js +34 -13
- package/dist/client.js.map +1 -1
- package/dist/index.js +1 -1
- package/dist/index.js.map +1 -1
- package/dist/oauth.d.ts +52 -15
- package/dist/oauth.js +548 -205
- package/dist/oauth.js.map +1 -1
- package/dist/response-shaping.d.ts +28 -0
- package/dist/response-shaping.js +53 -0
- package/dist/response-shaping.js.map +1 -0
- package/dist/tools-write.js +1150 -255
- package/dist/tools-write.js.map +1 -1
- package/dist/tools.d.ts +1 -1
- package/dist/tools.js +383 -222
- package/dist/tools.js.map +1 -1
- package/dist/worker.d.ts +11 -0
- package/dist/worker.js +83 -28
- package/dist/worker.js.map +1 -1
- package/package.json +44 -41
package/README.md
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
Connect your AI assistant to your [AssetLab](https://assetlab.ca) account via the [Model Context Protocol](https://modelcontextprotocol.io). Ask questions about your assets, work orders, PM schedules, and more — in plain language. Create and update records hands-free.
|
|
4
4
|
|
|
5
|
-
Works with **Claude**, **ChatGPT**,
|
|
5
|
+
Works with **Claude**, **ChatGPT**, and any MCP-compatible client.
|
|
6
6
|
|
|
7
7
|
## Prerequisites
|
|
8
8
|
|
|
@@ -27,25 +27,6 @@ Works with **Claude**, **ChatGPT**, **Microsoft Copilot**, and any MCP-compatibl
|
|
|
27
27
|
6. When redirected to the AssetLab authorization page, paste your API key (`al_live_...`)
|
|
28
28
|
7. After authorization, AssetLab tools will appear in your ChatGPT conversations
|
|
29
29
|
|
|
30
|
-
### Microsoft Copilot Studio
|
|
31
|
-
|
|
32
|
-
#### Option A — API Key (simplest)
|
|
33
|
-
|
|
34
|
-
1. Create an API key in **AssetLab → Settings → API Keys**
|
|
35
|
-
2. In Copilot Studio, open your agent and go to **Tools → Add Tool → New Tool → MCP**
|
|
36
|
-
3. Enter the server URL: `https://mcp.assetlab.ca`
|
|
37
|
-
4. Set authentication to **API Key**
|
|
38
|
-
5. Configure the key as a **Header** with name `Authorization` and value `Bearer al_live_...` (your API key)
|
|
39
|
-
|
|
40
|
-
#### Option B — OAuth
|
|
41
|
-
|
|
42
|
-
1. Create an API key in **AssetLab → Settings → API Keys**
|
|
43
|
-
2. In Copilot Studio, open your agent and go to **Tools → Add Tool → New Tool → MCP**
|
|
44
|
-
3. Enter the server URL: `https://mcp.assetlab.ca`
|
|
45
|
-
4. Set authentication to **OAuth 2.0** and select **Dynamic discovery**
|
|
46
|
-
5. Copilot Studio will auto-discover the authorization and token endpoints
|
|
47
|
-
6. When prompted, paste your API key (`al_live_...`) on the AssetLab authorization page
|
|
48
|
-
|
|
49
30
|
## Example prompts
|
|
50
31
|
|
|
51
32
|
- *"Show me all overdue work orders"*
|
package/dist/client.js
CHANGED
|
@@ -12,6 +12,23 @@ export class AssetLabClientError extends Error {
|
|
|
12
12
|
this.status = status;
|
|
13
13
|
}
|
|
14
14
|
}
|
|
15
|
+
// F-016 — Identity-defining keys must come from the gateway's JWT-derived
|
|
16
|
+
// context, never from the caller. Stripping here is defense-in-depth: the
|
|
17
|
+
// gateway already overrides these from the verified Clerk claims, but a
|
|
18
|
+
// future endpoint or gateway misconfig shouldn't immediately turn into a
|
|
19
|
+
// tenant-isolation bypass.
|
|
20
|
+
const STRIP_KEYS = ['tenant_id', 'organization_id', 'org_id'];
|
|
21
|
+
function stripIdentityKeys(payload) {
|
|
22
|
+
let cleaned;
|
|
23
|
+
for (const k of STRIP_KEYS) {
|
|
24
|
+
if (k in payload) {
|
|
25
|
+
if (!cleaned)
|
|
26
|
+
cleaned = { ...payload };
|
|
27
|
+
delete cleaned[k];
|
|
28
|
+
}
|
|
29
|
+
}
|
|
30
|
+
return cleaned ?? payload;
|
|
31
|
+
}
|
|
15
32
|
export class AssetLabClient {
|
|
16
33
|
baseUrl;
|
|
17
34
|
apiKey;
|
|
@@ -36,7 +53,7 @@ export class AssetLabClient {
|
|
|
36
53
|
const res = await fetch(url.toString(), {
|
|
37
54
|
method: 'GET',
|
|
38
55
|
headers: {
|
|
39
|
-
|
|
56
|
+
Authorization: `Bearer ${this.apiKey}`,
|
|
40
57
|
'Content-Type': 'application/json',
|
|
41
58
|
},
|
|
42
59
|
});
|
|
@@ -92,7 +109,7 @@ export class AssetLabClient {
|
|
|
92
109
|
const res = await fetch(url, {
|
|
93
110
|
method: 'POST',
|
|
94
111
|
headers: {
|
|
95
|
-
|
|
112
|
+
Authorization: `Bearer ${this.apiKey}`,
|
|
96
113
|
'Content-Type': 'application/json',
|
|
97
114
|
},
|
|
98
115
|
body: JSON.stringify(body),
|
|
@@ -120,14 +137,14 @@ export class AssetLabClient {
|
|
|
120
137
|
return res.json();
|
|
121
138
|
}
|
|
122
139
|
async create(resource, body) {
|
|
123
|
-
return this.post(`/${resource}`, body);
|
|
140
|
+
return this.post(`/${resource}`, stripIdentityKeys(body));
|
|
124
141
|
}
|
|
125
142
|
async patch(path, body) {
|
|
126
143
|
const url = `${this.baseUrl}${path}`;
|
|
127
144
|
const res = await fetch(url, {
|
|
128
145
|
method: 'PATCH',
|
|
129
146
|
headers: {
|
|
130
|
-
|
|
147
|
+
Authorization: `Bearer ${this.apiKey}`,
|
|
131
148
|
'Content-Type': 'application/json',
|
|
132
149
|
},
|
|
133
150
|
body: JSON.stringify(body),
|
|
@@ -157,14 +174,14 @@ export class AssetLabClient {
|
|
|
157
174
|
return res.json();
|
|
158
175
|
}
|
|
159
176
|
async update(resource, id, body) {
|
|
160
|
-
return this.patch(`/${resource}/${id}`, body);
|
|
177
|
+
return this.patch(`/${resource}/${id}`, stripIdentityKeys(body));
|
|
161
178
|
}
|
|
162
179
|
async fetchBulk(method, path, items) {
|
|
163
180
|
const url = `${this.baseUrl}${path}`;
|
|
164
181
|
const res = await fetch(url, {
|
|
165
182
|
method,
|
|
166
183
|
headers: {
|
|
167
|
-
|
|
184
|
+
Authorization: `Bearer ${this.apiKey}`,
|
|
168
185
|
'Content-Type': 'application/json',
|
|
169
186
|
},
|
|
170
187
|
body: JSON.stringify(items),
|
|
@@ -183,24 +200,28 @@ export class AssetLabClient {
|
|
|
183
200
|
const data = await res.json().catch(() => ({ error: `HTTP ${res.status}` }));
|
|
184
201
|
const message = data.error || `HTTP ${res.status}`;
|
|
185
202
|
switch (res.status) {
|
|
186
|
-
case 401:
|
|
187
|
-
|
|
188
|
-
case
|
|
189
|
-
|
|
203
|
+
case 401:
|
|
204
|
+
throw new AssetLabClientError(401, 'Authentication failed. Check your ASSETLAB_API_KEY.');
|
|
205
|
+
case 403:
|
|
206
|
+
throw new AssetLabClientError(403, message);
|
|
207
|
+
case 429:
|
|
208
|
+
throw new AssetLabClientError(429, 'Rate limit exceeded. Wait a moment and try again.');
|
|
209
|
+
default:
|
|
210
|
+
throw new AssetLabClientError(res.status, message);
|
|
190
211
|
}
|
|
191
212
|
}
|
|
192
213
|
async bulkCreate(resource, items) {
|
|
193
|
-
return this.fetchBulk('POST', `/${resource}/bulk`, items);
|
|
214
|
+
return this.fetchBulk('POST', `/${resource}/bulk`, items.map(stripIdentityKeys));
|
|
194
215
|
}
|
|
195
216
|
async bulkUpdate(resource, items) {
|
|
196
|
-
return this.fetchBulk('PATCH', `/${resource}/bulk`, items);
|
|
217
|
+
return this.fetchBulk('PATCH', `/${resource}/bulk`, items.map(stripIdentityKeys));
|
|
197
218
|
}
|
|
198
219
|
async del(path) {
|
|
199
220
|
const url = `${this.baseUrl}${path}`;
|
|
200
221
|
const res = await fetch(url, {
|
|
201
222
|
method: 'DELETE',
|
|
202
223
|
headers: {
|
|
203
|
-
|
|
224
|
+
Authorization: `Bearer ${this.apiKey}`,
|
|
204
225
|
'Content-Type': 'application/json',
|
|
205
226
|
},
|
|
206
227
|
});
|
package/dist/client.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"client.js","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAkCH,MAAM,OAAO,mBAAoB,SAAQ,KAAK;IAC5C,MAAM,CAAQ;IACd,YAAY,MAAc,EAAE,OAAe;QACzC,KAAK,CAAC,OAAO,CAAC,CAAA;QACd,IAAI,CAAC,IAAI,GAAG,qBAAqB,CAAA;QACjC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAA;IACtB,CAAC;CACF;AAED,MAAM,OAAO,cAAc;IACjB,OAAO,CAAQ;IACf,MAAM,CAAQ;IAEtB,YAAY,MAAsB;QAChC,+DAA+D;QAC/D,IAAI,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAA;QAC3C,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YACzB,GAAG,IAAI,KAAK,CAAA;QACd,CAAC;QACD,IAAI,CAAC,OAAO,GAAG,GAAG,CAAA;QAClB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,CAAA;IAC7B,CAAC;IAED,KAAK,CAAC,GAAG,CACP,IAAY,EACZ,MAAoD;QAEpD,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,IAAI,CAAC,OAAO,GAAG,IAAI,EAAE,CAAC,CAAA;QAC7C,IAAI,MAAM,EAAE,CAAC;YACX,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC5C,IAAI,CAAC,KAAK,SAAS,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC;oBAC9C,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,CAAA;gBACpC,CAAC;YACH,CAAC;QACH,CAAC;QAED,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE;YACtC,MAAM,EAAE,KAAK;YACb,OAAO,EAAE;gBACP,
|
|
1
|
+
{"version":3,"file":"client.js","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAkCH,MAAM,OAAO,mBAAoB,SAAQ,KAAK;IAC5C,MAAM,CAAQ;IACd,YAAY,MAAc,EAAE,OAAe;QACzC,KAAK,CAAC,OAAO,CAAC,CAAA;QACd,IAAI,CAAC,IAAI,GAAG,qBAAqB,CAAA;QACjC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAA;IACtB,CAAC;CACF;AAED,0EAA0E;AAC1E,0EAA0E;AAC1E,wEAAwE;AACxE,yEAAyE;AACzE,2BAA2B;AAC3B,MAAM,UAAU,GAAG,CAAC,WAAW,EAAE,iBAAiB,EAAE,QAAQ,CAAU,CAAA;AAEtE,SAAS,iBAAiB,CAAoC,OAAU;IACtE,IAAI,OAAsB,CAAA;IAC1B,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;QAC3B,IAAI,CAAC,IAAI,OAAO,EAAE,CAAC;YACjB,IAAI,CAAC,OAAO;gBAAE,OAAO,GAAG,EAAE,GAAG,OAAO,EAAE,CAAA;YACtC,OAAO,OAAO,CAAC,CAAC,CAAC,CAAA;QACnB,CAAC;IACH,CAAC;IACD,OAAO,OAAO,IAAI,OAAO,CAAA;AAC3B,CAAC;AAED,MAAM,OAAO,cAAc;IACjB,OAAO,CAAQ;IACf,MAAM,CAAQ;IAEtB,YAAY,MAAsB;QAChC,+DAA+D;QAC/D,IAAI,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAA;QAC3C,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YACzB,GAAG,IAAI,KAAK,CAAA;QACd,CAAC;QACD,IAAI,CAAC,OAAO,GAAG,GAAG,CAAA;QAClB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,CAAA;IAC7B,CAAC;IAED,KAAK,CAAC,GAAG,CACP,IAAY,EACZ,MAAoD;QAEpD,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,IAAI,CAAC,OAAO,GAAG,IAAI,EAAE,CAAC,CAAA;QAC7C,IAAI,MAAM,EAAE,CAAC;YACX,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC5C,IAAI,CAAC,KAAK,SAAS,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC;oBAC9C,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,CAAA;gBACpC,CAAC;YACH,CAAC;QACH,CAAC;QAED,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE;YACtC,MAAM,EAAE,KAAK;YACb,OAAO,EAAE;gBACP,aAAa,EAAE,UAAU,IAAI,CAAC,MAAM,EAAE;gBACtC,cAAc,EAAE,kBAAkB;aACnC;SACF,CAAC,CAAA;QAEF,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,KAAK,EAAE,QAAQ,GAAG,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,CAAA;YAC5E,MAAM,OAAO,GAAI,IAA2B,CAAC,KAAK,IAAI,QAAQ,GAAG,CAAC,MAAM,EAAE,CAAA;YAE1E,gCAAgC;YAChC,QAAQ,GAAG,CAAC,MAAM,EAAE,CAAC;gBACnB,KAAK,GAAG;oBACN,MAAM,IAAI,mBAAmB,CAAC,GAAG,EAAE,qDAAqD,CAAC,CAAA;gBAC3F,KAAK,GAAG;oBACN,MAAM,IAAI,mBAAmB,CAC3B,GAAG,EACH,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC;wBACvB,CAAC,CAAC,OAAO;wBACT,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC;4BAC3B,CAAC,CAAC,0EAA0E;4BAC5E,CAAC,CAAC,OAAO,CACd,CAAA;gBACH,KAAK,GAAG;oBACN,MAAM,IAAI,mBAAmB,CAAC,GAAG,EAAE,mDAAmD,CAAC,CAAA;gBACzF,KAAK,GAAG;oBACN,MAAM,IAAI,mBAAmB,CAAC,GAAG,EAAE,OAAO,CAAC,CAAA;gBAC7C;oBACE,MAAM,IAAI,mBAAmB,CAAC,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;YACtD,CAAC;QACH,CAAC;QAED,OAAO,GAAG,CAAC,IAAI,EAAgB,CAAA;IACjC,CAAC;IAED,KAAK,CAAC,IAAI,CACR,QAAgB,EAChB,MAAoD;QAEpD,OAAO,IAAI,CAAC,GAAG,CAAuB,IAAI,QAAQ,EAAE,EAAE,MAAM,CAAC,CAAA;IAC/D,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,OAAO,CACX,QAAgB,EAChB,MAAoD;QAEpD,MAAM,OAAO,GAAQ,EAAE,CAAA;QACvB,IAAI,IAAI,GAAG,CAAC,CAAA;QACZ,MAAM,OAAO,GAAG,IAAI,CAAA;QAEpB,OAAO,IAAI,EAAE,CAAC;YACZ,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,IAAI,CAAI,QAAQ,EAAE,EAAE,GAAG,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAA;YACnF,OAAO,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,CAAA;YAE5B,IAAI,IAAI,IAAI,MAAM,CAAC,UAAU,CAAC,WAAW;gBAAE,MAAK;YAChD,IAAI,EAAE,CAAA;QACR,CAAC;QAED,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,CAAC,MAAM,EAAE,CAAA;IACjD,CAAC;IAED,KAAK,CAAC,MAAM,CACV,QAAgB,EAChB,EAAU;QAEV,OAAO,IAAI,CAAC,GAAG,CAAoB,IAAI,QAAQ,IAAI,EAAE,EAAE,CAAC,CAAA;IAC1D,CAAC;IAED,KAAK,CAAC,IAAI,CAA8B,IAAY,EAAE,IAA6B;QACjF,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,OAAO,GAAG,IAAI,EAAE,CAAA;QAEpC,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAC3B,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,aAAa,EAAE,UAAU,IAAI,CAAC,MAAM,EAAE;gBACtC,cAAc,EAAE,kBAAkB;aACnC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;SAC3B,CAAC,CAAA;QAEF,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,KAAK,EAAE,QAAQ,GAAG,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,CAAA;YAC5E,MAAM,OAAO,GAAI,IAA2B,CAAC,KAAK,IAAI,QAAQ,GAAG,CAAC,MAAM,EAAE,CAAA;YAE1E,QAAQ,GAAG,CAAC,MAAM,EAAE,CAAC;gBACnB,KAAK,GAAG;oBACN,MAAM,IAAI,mBAAmB,CAAC,GAAG,EAAE,qDAAqD,CAAC,CAAA;gBAC3F,KAAK,GAAG;oBACN,MAAM,IAAI,mBAAmB,CAC3B,GAAG,EACH,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC;wBACvB,CAAC,CAAC,OAAO;wBACT,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC;4BAC3B,CAAC,CAAC,0EAA0E;4BAC5E,CAAC,CAAC,OAAO,CACd,CAAA;gBACH,KAAK,GAAG;oBACN,MAAM,IAAI,mBAAmB,CAAC,GAAG,EAAE,mDAAmD,CAAC,CAAA;gBACzF,KAAK,GAAG;oBACN,MAAM,IAAI,mBAAmB,CAAC,GAAG,EAAE,OAAO,CAAC,CAAA;gBAC7C;oBACE,MAAM,IAAI,mBAAmB,CAAC,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;YACtD,CAAC;QACH,CAAC;QAED,OAAO,GAAG,CAAC,IAAI,EAAgB,CAAA;IACjC,CAAC;IAED,KAAK,CAAC,MAAM,CACV,QAAgB,EAChB,IAA6B;QAE7B,OAAO,IAAI,CAAC,IAAI,CAAoB,IAAI,QAAQ,EAAE,EAAE,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAA;IAC9E,CAAC;IAED,KAAK,CAAC,KAAK,CACT,IAAY,EACZ,IAA6B;QAE7B,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,OAAO,GAAG,IAAI,EAAE,CAAA;QAEpC,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAC3B,MAAM,EAAE,OAAO;YACf,OAAO,EAAE;gBACP,aAAa,EAAE,UAAU,IAAI,CAAC,MAAM,EAAE;gBACtC,cAAc,EAAE,kBAAkB;aACnC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;SAC3B,CAAC,CAAA;QAEF,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,KAAK,EAAE,QAAQ,GAAG,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,CAAA;YAC5E,MAAM,OAAO,GAAI,IAA2B,CAAC,KAAK,IAAI,QAAQ,GAAG,CAAC,MAAM,EAAE,CAAA;YAE1E,QAAQ,GAAG,CAAC,MAAM,EAAE,CAAC;gBACnB,KAAK,GAAG;oBACN,MAAM,IAAI,mBAAmB,CAAC,GAAG,EAAE,qDAAqD,CAAC,CAAA;gBAC3F,KAAK,GAAG;oBACN,MAAM,IAAI,mBAAmB,CAC3B,GAAG,EACH,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC;wBACvB,CAAC,CAAC,OAAO;wBACT,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC;4BAC3B,CAAC,CAAC,0EAA0E;4BAC5E,CAAC,CAAC,OAAO,CACd,CAAA;gBACH,KAAK,GAAG;oBACN,MAAM,IAAI,mBAAmB,CAAC,GAAG,EAAE,mDAAmD,CAAC,CAAA;gBACzF,KAAK,GAAG;oBACN,MAAM,IAAI,mBAAmB,CAAC,GAAG,EAAE,OAAO,CAAC,CAAA;gBAC7C,KAAK,GAAG;oBACN,MAAM,IAAI,mBAAmB,CAAC,GAAG,EAAE,OAAO,CAAC,CAAA;gBAC7C;oBACE,MAAM,IAAI,mBAAmB,CAAC,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;YACtD,CAAC;QACH,CAAC;QAED,OAAO,GAAG,CAAC,IAAI,EAAgB,CAAA;IACjC,CAAC;IAED,KAAK,CAAC,MAAM,CACV,QAAgB,EAChB,EAAU,EACV,IAA6B;QAE7B,OAAO,IAAI,CAAC,KAAK,CAAoB,IAAI,QAAQ,IAAI,EAAE,EAAE,EAAE,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAA;IACrF,CAAC;IAEO,KAAK,CAAC,SAAS,CACrB,MAAwB,EACxB,IAAY,EACZ,KAAgC;QAEhC,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,OAAO,GAAG,IAAI,EAAE,CAAA;QAEpC,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAC3B,MAAM;YACN,OAAO,EAAE;gBACP,aAAa,EAAE,UAAU,IAAI,CAAC,MAAM,EAAE;gBACtC,cAAc,EAAE,kBAAkB;aACnC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC;SAC5B,CAAC,CAAA;QAEF,sFAAsF;QACtF,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YACnE,OAAO,GAAG,CAAC,IAAI,EAA2B,CAAA;QAC5C,CAAC;QAED,oFAAoF;QACpF,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YACvB,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,KAAK,EAAE,QAAQ,GAAG,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,CAAA;YAC5E,IAAK,IAA8B,CAAC,OAAO;gBAAE,OAAO,IAAoB,CAAA;YACxE,MAAM,IAAI,mBAAmB,CAAC,GAAG,EAAG,IAA2B,CAAC,KAAK,IAAI,aAAa,CAAC,CAAA;QACzF,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,KAAK,EAAE,QAAQ,GAAG,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,CAAA;QAC5E,MAAM,OAAO,GAAI,IAA2B,CAAC,KAAK,IAAI,QAAQ,GAAG,CAAC,MAAM,EAAE,CAAA;QAC1E,QAAQ,GAAG,CAAC,MAAM,EAAE,CAAC;YACnB,KAAK,GAAG;gBACN,MAAM,IAAI,mBAAmB,CAAC,GAAG,EAAE,qDAAqD,CAAC,CAAA;YAC3F,KAAK,GAAG;gBACN,MAAM,IAAI,mBAAmB,CAAC,GAAG,EAAE,OAAO,CAAC,CAAA;YAC7C,KAAK,GAAG;gBACN,MAAM,IAAI,mBAAmB,CAAC,GAAG,EAAE,mDAAmD,CAAC,CAAA;YACzF;gBACE,MAAM,IAAI,mBAAmB,CAAC,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;QACtD,CAAC;IACH,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,QAAgB,EAAE,KAAgC;QACjE,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,QAAQ,OAAO,EAAE,KAAK,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC,CAAA;IAClF,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,QAAgB,EAAE,KAAgC;QACjE,OAAO,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,QAAQ,OAAO,EAAE,KAAK,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC,CAAA;IACnF,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,IAAY;QACpB,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,OAAO,GAAG,IAAI,EAAE,CAAA;QAEpC,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAC3B,MAAM,EAAE,QAAQ;YAChB,OAAO,EAAE;gBACP,aAAa,EAAE,UAAU,IAAI,CAAC,MAAM,EAAE;gBACtC,cAAc,EAAE,kBAAkB;aACnC;SACF,CAAC,CAAA;QAEF,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,KAAK,EAAE,QAAQ,GAAG,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,CAAA;YAC5E,MAAM,OAAO,GAAI,IAA2B,CAAC,KAAK,IAAI,QAAQ,GAAG,CAAC,MAAM,EAAE,CAAA;YAE1E,QAAQ,GAAG,CAAC,MAAM,EAAE,CAAC;gBACnB,KAAK,GAAG;oBACN,MAAM,IAAI,mBAAmB,CAAC,GAAG,EAAE,qDAAqD,CAAC,CAAA;gBAC3F,KAAK,GAAG;oBACN,MAAM,IAAI,mBAAmB,CAC3B,GAAG,EACH,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC;wBACvB,CAAC,CAAC,OAAO;wBACT,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC;4BAC3B,CAAC,CAAC,0EAA0E;4BAC5E,CAAC,CAAC,OAAO,CACd,CAAA;gBACH,KAAK,GAAG;oBACN,MAAM,IAAI,mBAAmB,CAAC,GAAG,EAAE,mDAAmD,CAAC,CAAA;gBACzF,KAAK,GAAG;oBACN,MAAM,IAAI,mBAAmB,CAAC,GAAG,EAAE,OAAO,CAAC,CAAA;gBAC7C;oBACE,MAAM,IAAI,mBAAmB,CAAC,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;YACtD,CAAC;QACH,CAAC;QAED,OAAO,GAAG,CAAC,IAAI,EAAoD,CAAA;IACrE,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,QAAgB,EAAE,EAAU;QACvC,OAAO,IAAI,CAAC,GAAG,CAAC,IAAI,QAAQ,IAAI,EAAE,EAAE,CAAC,CAAA;IACvC,CAAC;CACF;AAED,MAAM,UAAU,UAAU;IACxB,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAA;IAC3C,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CACb,qDAAqD;YACnD,oDAAoD,CACvD,CAAA;IACH,CAAC;IAED,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAA;IAC3C,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CACb,qDAAqD;YACnD,iEAAiE,CACpE,CAAA;IACH,CAAC;IAED,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,CAAA;AAC3B,CAAC"}
|
package/dist/index.js
CHANGED
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AACA;;;;;;;;;GASG;AAEH,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAA;AACnE,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAA;AAChF,OAAO,EAAE,cAAc,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AACxD,OAAO,EAAE,aAAa,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAA;AAE/D,KAAK,UAAU,IAAI;IACjB,MAAM,MAAM,GAAG,UAAU,EAAE,CAAA;IAC3B,MAAM,MAAM,GAAG,IAAI,cAAc,CAAC,MAAM,CAAC,CAAA;IAEzC,MAAM,MAAM,GAAG,IAAI,SAAS,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AACA;;;;;;;;;GASG;AAEH,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAA;AACnE,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAA;AAChF,OAAO,EAAE,cAAc,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AACxD,OAAO,EAAE,aAAa,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAA;AAE/D,KAAK,UAAU,IAAI;IACjB,MAAM,MAAM,GAAG,UAAU,EAAE,CAAA;IAC3B,MAAM,MAAM,GAAG,IAAI,cAAc,CAAC,MAAM,CAAC,CAAA;IAEzC,MAAM,MAAM,GAAG,IAAI,SAAS,CAC1B;QACE,IAAI,EAAE,UAAU;QAChB,OAAO,EAAE,OAAO;KACjB,EACD;QACE,YAAY,EAAE,mBAAmB;KAClC,CACF,CAAA;IAED,aAAa,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IAE7B,MAAM,SAAS,GAAG,IAAI,oBAAoB,EAAE,CAAA;IAC5C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAA;AACjC,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE;IACjB,OAAO,CAAC,KAAK,CAAC,QAAQ,EAAE,GAAG,CAAC,OAAO,IAAI,GAAG,CAAC,CAAA;IAC3C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;AACjB,CAAC,CAAC,CAAA"}
|
package/dist/oauth.d.ts
CHANGED
|
@@ -1,20 +1,57 @@
|
|
|
1
1
|
/**
|
|
2
|
-
*
|
|
2
|
+
* OAuth 2.0 Authorization Server for AssetLab MCP.
|
|
3
3
|
*
|
|
4
|
-
* Implements
|
|
5
|
-
*
|
|
6
|
-
*
|
|
7
|
-
*
|
|
4
|
+
* Implements the subset of OAuth 2.0 + PKCE + RFC 7591/7592 needed to satisfy
|
|
5
|
+
* MCP connectors (Claude.ai, ChatGPT):
|
|
6
|
+
* - /oauth/register POST — dynamic client registration with KV-backed allow-list
|
|
7
|
+
* - /oauth/register/{id} DELETE — authenticated client deletion
|
|
8
|
+
* - /authorize GET — consent page (validates client + redirect_uri)
|
|
9
|
+
* - /authorize POST — issues an encrypted authorization code
|
|
10
|
+
* - /token POST — code/refresh exchange (PKCE S256 mandatory)
|
|
8
11
|
*
|
|
9
|
-
* The user's AssetLab API key
|
|
10
|
-
*
|
|
12
|
+
* The user's AssetLab API key is still returned as the OAuth access_token
|
|
13
|
+
* (P0 hardening keeps this; the opaque-token swap is tracked as P1).
|
|
14
|
+
*/
|
|
15
|
+
import type { KVNamespace } from './worker.js';
|
|
16
|
+
/**
|
|
17
|
+
* Resolve a Bearer token presented to the MCP transport. Called once per
|
|
18
|
+
* incoming request from the Worker.
|
|
19
|
+
*
|
|
20
|
+
* - `mcp_at_*` tokens are looked up in KV. Miss → `null` (Worker returns 401).
|
|
21
|
+
* - Legacy `al_live_*` / `al_test_*` tokens (issued before opaque-token swap
|
|
22
|
+
* or used by direct CLI integrations) pass through unchanged so the API
|
|
23
|
+
* gateway can validate them.
|
|
24
|
+
* - Anything else is rejected (`null`) — the API gateway shouldn't see garbage.
|
|
25
|
+
*/
|
|
26
|
+
export declare function resolveAccessToken(kv: KVNamespace, token: string): Promise<{
|
|
27
|
+
apiKey: string;
|
|
28
|
+
scope?: string;
|
|
29
|
+
clientId?: string;
|
|
30
|
+
} | null>;
|
|
31
|
+
export declare function corsHeaders(request: Request): Record<string, string>;
|
|
32
|
+
export declare function protectedResourceMetadata(origin: string, request: Request): Response;
|
|
33
|
+
export declare function authServerMetadata(origin: string, request: Request): Response;
|
|
34
|
+
export declare function handleRegister(request: Request, kv: KVNamespace): Promise<Response>;
|
|
35
|
+
export declare function handleDelete(request: Request, kv: KVNamespace, clientId: string): Promise<Response>;
|
|
36
|
+
export declare function handleAuthorizeGet(request: Request, kv: KVNamespace): Promise<Response>;
|
|
37
|
+
export declare function handleAuthorizePost(request: Request, env: {
|
|
38
|
+
OAUTH_SECRET: string;
|
|
39
|
+
OAUTH_CLIENTS: KVNamespace;
|
|
40
|
+
}): Promise<Response>;
|
|
41
|
+
export declare function handleToken(request: Request, env: {
|
|
42
|
+
OAUTH_SECRET: string;
|
|
43
|
+
OAUTH_CLIENTS: KVNamespace;
|
|
44
|
+
}): Promise<Response>;
|
|
45
|
+
/**
|
|
46
|
+
* POST /oauth/revoke — revoke an opaque access token.
|
|
47
|
+
*
|
|
48
|
+
* Refresh tokens are encrypted blobs (not KV-backed), so per-token refresh
|
|
49
|
+
* revocation is not supported in this iteration; rotating the underlying
|
|
50
|
+
* AssetLab API key in Settings is the way to fully terminate a session.
|
|
11
51
|
*
|
|
12
|
-
*
|
|
13
|
-
*
|
|
52
|
+
* Per RFC 7009 §2.2 we return 200 for unknown tokens too — clients shouldn't
|
|
53
|
+
* be able to probe token validity via this endpoint.
|
|
14
54
|
*/
|
|
15
|
-
export declare function
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
export declare function handleAuthorizeGet(request: Request): Response;
|
|
19
|
-
export declare function handleAuthorizePost(request: Request, secret: string): Promise<Response>;
|
|
20
|
-
export declare function handleToken(request: Request, secret: string): Promise<Response>;
|
|
55
|
+
export declare function handleRevoke(request: Request, env: {
|
|
56
|
+
OAUTH_CLIENTS: KVNamespace;
|
|
57
|
+
}): Promise<Response>;
|