@axtary/mcp 0.1.0 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +17 -3
- package/dist/conformance.d.ts +150 -0
- package/dist/conformance.d.ts.map +1 -0
- package/dist/conformance.js +131 -0
- package/dist/conformance.js.map +1 -0
- package/dist/core.d.ts +8 -0
- package/dist/core.d.ts.map +1 -1
- package/dist/core.js +21 -6
- package/dist/core.js.map +1 -1
- package/dist/http-client.d.ts +46 -0
- package/dist/http-client.d.ts.map +1 -0
- package/dist/http-client.js +280 -0
- package/dist/http-client.js.map +1 -0
- package/dist/index.d.ts +6 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +5 -0
- package/dist/index.js.map +1 -1
- package/dist/oauth.d.ts +168 -0
- package/dist/oauth.d.ts.map +1 -0
- package/dist/oauth.js +449 -0
- package/dist/oauth.js.map +1 -0
- package/dist/pins.d.ts +179 -0
- package/dist/pins.d.ts.map +1 -0
- package/dist/pins.js +243 -0
- package/dist/pins.js.map +1 -0
- package/dist/server.d.ts +13 -1
- package/dist/server.d.ts.map +1 -1
- package/dist/server.js.map +1 -1
- package/dist/signing.d.ts +218 -0
- package/dist/signing.d.ts.map +1 -0
- package/dist/signing.js +429 -0
- package/dist/signing.js.map +1 -0
- package/package.json +4 -3
|
@@ -0,0 +1,280 @@
|
|
|
1
|
+
import { MCP_PROTOCOL_VERSION } from "./server.js";
|
|
2
|
+
/**
|
|
3
|
+
* Validate an upstream MCP URL before we send anything to it. `https://` is
|
|
4
|
+
* always allowed; `http://` is allowed only for loopback hosts. We never POST
|
|
5
|
+
* headers (which may carry credentials) in cleartext to a remote host — the
|
|
6
|
+
* same honesty rule that caught the Slack HTTP-loopback bug.
|
|
7
|
+
*/
|
|
8
|
+
export function assertSafeMcpUrl(rawUrl) {
|
|
9
|
+
let url;
|
|
10
|
+
try {
|
|
11
|
+
url = new URL(rawUrl);
|
|
12
|
+
}
|
|
13
|
+
catch {
|
|
14
|
+
throw new Error("mcp_http_invalid_url");
|
|
15
|
+
}
|
|
16
|
+
if (url.protocol === "https:") {
|
|
17
|
+
return url;
|
|
18
|
+
}
|
|
19
|
+
if (url.protocol === "http:") {
|
|
20
|
+
const host = url.hostname;
|
|
21
|
+
if (host === "localhost" || host === "127.0.0.1" || host === "::1" || host === "[::1]") {
|
|
22
|
+
return url;
|
|
23
|
+
}
|
|
24
|
+
throw new Error("mcp_http_insecure_url:http_allowed_only_for_localhost");
|
|
25
|
+
}
|
|
26
|
+
throw new Error(`mcp_http_unsupported_scheme:${url.protocol}`);
|
|
27
|
+
}
|
|
28
|
+
/**
|
|
29
|
+
* MCP client over the Streamable HTTP transport (spec 2025-06-18). Mirrors the
|
|
30
|
+
* surface of `McpStdioClient` so the governance path is transport-agnostic:
|
|
31
|
+
* every JSON-RPC message is a POST to the single MCP endpoint, the server may
|
|
32
|
+
* answer with one JSON object or an SSE stream, the session id from the
|
|
33
|
+
* InitializeResult is echoed on later requests, and the negotiated protocol
|
|
34
|
+
* version rides every post-init request.
|
|
35
|
+
*/
|
|
36
|
+
export class McpHttpClient {
|
|
37
|
+
url;
|
|
38
|
+
headers;
|
|
39
|
+
fetchImpl;
|
|
40
|
+
timeoutMs;
|
|
41
|
+
sessionId = null;
|
|
42
|
+
negotiatedVersion = null;
|
|
43
|
+
closed = false;
|
|
44
|
+
serverInfo = null;
|
|
45
|
+
constructor(config) {
|
|
46
|
+
this.url = assertSafeMcpUrl(config.url);
|
|
47
|
+
this.headers = config.headers ?? {};
|
|
48
|
+
const fetchImpl = config.fetch ?? globalThis.fetch;
|
|
49
|
+
if (!fetchImpl) {
|
|
50
|
+
throw new Error("mcp_http_fetch_required");
|
|
51
|
+
}
|
|
52
|
+
this.fetchImpl = fetchImpl;
|
|
53
|
+
this.timeoutMs = config.timeoutMs ?? 15_000;
|
|
54
|
+
}
|
|
55
|
+
static async start(config) {
|
|
56
|
+
const client = new McpHttpClient(config);
|
|
57
|
+
const initialized = (await client.request("initialize", {
|
|
58
|
+
protocolVersion: MCP_PROTOCOL_VERSION,
|
|
59
|
+
capabilities: {},
|
|
60
|
+
clientInfo: {
|
|
61
|
+
name: config.clientName ?? "axtary-mcp-wrapper",
|
|
62
|
+
version: config.clientVersion ?? "0.0.1",
|
|
63
|
+
},
|
|
64
|
+
}));
|
|
65
|
+
const serverInfo = initialized.serverInfo &&
|
|
66
|
+
typeof initialized.serverInfo === "object" &&
|
|
67
|
+
!Array.isArray(initialized.serverInfo)
|
|
68
|
+
? initialized.serverInfo
|
|
69
|
+
: {};
|
|
70
|
+
client.negotiatedVersion =
|
|
71
|
+
typeof initialized.protocolVersion === "string"
|
|
72
|
+
? initialized.protocolVersion
|
|
73
|
+
: MCP_PROTOCOL_VERSION;
|
|
74
|
+
client.serverInfo = {
|
|
75
|
+
name: typeof serverInfo.name === "string" ? serverInfo.name : "upstream",
|
|
76
|
+
version: typeof serverInfo.version === "string" ? serverInfo.version : "unknown",
|
|
77
|
+
protocolVersion: client.negotiatedVersion,
|
|
78
|
+
};
|
|
79
|
+
await client.notify("notifications/initialized", {});
|
|
80
|
+
return client;
|
|
81
|
+
}
|
|
82
|
+
async listTools() {
|
|
83
|
+
const result = (await this.request("tools/list", {}));
|
|
84
|
+
const tools = Array.isArray(result.tools) ? result.tools : [];
|
|
85
|
+
return tools.flatMap((tool) => {
|
|
86
|
+
if (!tool || typeof tool !== "object" || Array.isArray(tool)) {
|
|
87
|
+
return [];
|
|
88
|
+
}
|
|
89
|
+
const record = tool;
|
|
90
|
+
if (typeof record.name !== "string" || record.name.length === 0) {
|
|
91
|
+
return [];
|
|
92
|
+
}
|
|
93
|
+
return [
|
|
94
|
+
{
|
|
95
|
+
name: record.name,
|
|
96
|
+
description: typeof record.description === "string" ? record.description : undefined,
|
|
97
|
+
inputSchema: record.inputSchema &&
|
|
98
|
+
typeof record.inputSchema === "object" &&
|
|
99
|
+
!Array.isArray(record.inputSchema)
|
|
100
|
+
? record.inputSchema
|
|
101
|
+
: {},
|
|
102
|
+
},
|
|
103
|
+
];
|
|
104
|
+
});
|
|
105
|
+
}
|
|
106
|
+
callTool(name, callArguments) {
|
|
107
|
+
return this.request("tools/call", { name, arguments: callArguments });
|
|
108
|
+
}
|
|
109
|
+
close() {
|
|
110
|
+
if (this.closed) {
|
|
111
|
+
return;
|
|
112
|
+
}
|
|
113
|
+
this.closed = true;
|
|
114
|
+
// Best-effort session termination; the server may answer 405 (no support)
|
|
115
|
+
// and we never want close() to throw.
|
|
116
|
+
if (this.sessionId) {
|
|
117
|
+
const controller = new AbortController();
|
|
118
|
+
const timeout = setTimeout(() => controller.abort(), this.timeoutMs);
|
|
119
|
+
void this.fetchImpl(this.url, {
|
|
120
|
+
method: "DELETE",
|
|
121
|
+
headers: this.buildHeaders(false),
|
|
122
|
+
signal: controller.signal,
|
|
123
|
+
})
|
|
124
|
+
.catch(() => undefined)
|
|
125
|
+
.finally(() => clearTimeout(timeout));
|
|
126
|
+
}
|
|
127
|
+
}
|
|
128
|
+
async request(method, params) {
|
|
129
|
+
const id = `axtary_mcp_${method}`;
|
|
130
|
+
const message = await this.post(id, method, params, false);
|
|
131
|
+
if (!message) {
|
|
132
|
+
throw new Error(`mcp_http_missing_response:${method}`);
|
|
133
|
+
}
|
|
134
|
+
if (message.error) {
|
|
135
|
+
throw new Error(`mcp_http_error:${message.error.code ?? "unknown"}:${message.error.message ?? "unknown"}`);
|
|
136
|
+
}
|
|
137
|
+
return message.result ?? null;
|
|
138
|
+
}
|
|
139
|
+
async notify(method, params) {
|
|
140
|
+
await this.post(null, method, params, true);
|
|
141
|
+
}
|
|
142
|
+
async post(id, method, params, isNotification) {
|
|
143
|
+
if (this.closed) {
|
|
144
|
+
throw new Error("mcp_http_closed");
|
|
145
|
+
}
|
|
146
|
+
const controller = new AbortController();
|
|
147
|
+
const timeout = setTimeout(() => controller.abort(), this.timeoutMs);
|
|
148
|
+
const body = isNotification
|
|
149
|
+
? { jsonrpc: "2.0", method, params }
|
|
150
|
+
: { jsonrpc: "2.0", id, method, params };
|
|
151
|
+
let response;
|
|
152
|
+
try {
|
|
153
|
+
response = await this.fetchImpl(this.url, {
|
|
154
|
+
method: "POST",
|
|
155
|
+
headers: this.buildHeaders(true),
|
|
156
|
+
body: JSON.stringify(body),
|
|
157
|
+
signal: controller.signal,
|
|
158
|
+
});
|
|
159
|
+
}
|
|
160
|
+
finally {
|
|
161
|
+
clearTimeout(timeout);
|
|
162
|
+
}
|
|
163
|
+
// The session id is assigned on the InitializeResult response.
|
|
164
|
+
const assignedSession = response.headers.get("mcp-session-id");
|
|
165
|
+
if (assignedSession) {
|
|
166
|
+
this.sessionId = assignedSession;
|
|
167
|
+
}
|
|
168
|
+
if (response.status === 404 && this.sessionId) {
|
|
169
|
+
throw new Error("mcp_http_session_expired");
|
|
170
|
+
}
|
|
171
|
+
if (isNotification) {
|
|
172
|
+
// 202 Accepted (no body) is the expected outcome for notifications.
|
|
173
|
+
if (!response.ok) {
|
|
174
|
+
throw new Error(`mcp_http_status:${response.status}`);
|
|
175
|
+
}
|
|
176
|
+
void response.body?.cancel();
|
|
177
|
+
return null;
|
|
178
|
+
}
|
|
179
|
+
if (!response.ok) {
|
|
180
|
+
throw new Error(`mcp_http_status:${response.status}`);
|
|
181
|
+
}
|
|
182
|
+
const contentType = response.headers.get("content-type") ?? "";
|
|
183
|
+
if (contentType.includes("text/event-stream")) {
|
|
184
|
+
return this.readSseResponse(response, id);
|
|
185
|
+
}
|
|
186
|
+
const parsed = (await response.json());
|
|
187
|
+
return toResponseMessage(parsed);
|
|
188
|
+
}
|
|
189
|
+
async readSseResponse(response, id) {
|
|
190
|
+
if (!response.body) {
|
|
191
|
+
throw new Error("mcp_http_sse_no_body");
|
|
192
|
+
}
|
|
193
|
+
const reader = response.body.getReader();
|
|
194
|
+
const decoder = new TextDecoder();
|
|
195
|
+
let buffer = "";
|
|
196
|
+
try {
|
|
197
|
+
for (;;) {
|
|
198
|
+
const { value, done } = await reader.read();
|
|
199
|
+
if (done) {
|
|
200
|
+
break;
|
|
201
|
+
}
|
|
202
|
+
buffer += decoder.decode(value, { stream: true });
|
|
203
|
+
let separator = nextEventBoundary(buffer);
|
|
204
|
+
while (separator) {
|
|
205
|
+
const rawEvent = buffer.slice(0, separator.index);
|
|
206
|
+
buffer = buffer.slice(separator.index + separator.length);
|
|
207
|
+
const data = parseSseData(rawEvent);
|
|
208
|
+
if (data !== null) {
|
|
209
|
+
const message = toResponseMessage(JSON.parse(data));
|
|
210
|
+
if (message && message.id === id) {
|
|
211
|
+
await reader.cancel();
|
|
212
|
+
return message;
|
|
213
|
+
}
|
|
214
|
+
}
|
|
215
|
+
separator = nextEventBoundary(buffer);
|
|
216
|
+
}
|
|
217
|
+
}
|
|
218
|
+
}
|
|
219
|
+
finally {
|
|
220
|
+
reader.releaseLock();
|
|
221
|
+
}
|
|
222
|
+
throw new Error("mcp_http_sse_no_matching_response");
|
|
223
|
+
}
|
|
224
|
+
buildHeaders(withBody) {
|
|
225
|
+
const headers = {
|
|
226
|
+
...this.headers,
|
|
227
|
+
accept: "application/json, text/event-stream",
|
|
228
|
+
};
|
|
229
|
+
if (withBody) {
|
|
230
|
+
headers["content-type"] = "application/json";
|
|
231
|
+
}
|
|
232
|
+
if (this.sessionId) {
|
|
233
|
+
headers["mcp-session-id"] = this.sessionId;
|
|
234
|
+
}
|
|
235
|
+
if (this.negotiatedVersion) {
|
|
236
|
+
headers["mcp-protocol-version"] = this.negotiatedVersion;
|
|
237
|
+
}
|
|
238
|
+
return headers;
|
|
239
|
+
}
|
|
240
|
+
}
|
|
241
|
+
function toResponseMessage(value) {
|
|
242
|
+
if (!value || typeof value !== "object" || Array.isArray(value)) {
|
|
243
|
+
return null;
|
|
244
|
+
}
|
|
245
|
+
const record = value;
|
|
246
|
+
const error = record.error && typeof record.error === "object" && !Array.isArray(record.error)
|
|
247
|
+
? record.error
|
|
248
|
+
: undefined;
|
|
249
|
+
return {
|
|
250
|
+
id: record.id ?? null,
|
|
251
|
+
result: record.result,
|
|
252
|
+
error: error
|
|
253
|
+
? {
|
|
254
|
+
code: typeof error.code === "number" ? error.code : undefined,
|
|
255
|
+
message: typeof error.message === "string" ? error.message : undefined,
|
|
256
|
+
}
|
|
257
|
+
: undefined,
|
|
258
|
+
};
|
|
259
|
+
}
|
|
260
|
+
/** Locate the next SSE event boundary (blank line), tolerating LF and CRLF. */
|
|
261
|
+
function nextEventBoundary(buffer) {
|
|
262
|
+
const lf = buffer.indexOf("\n\n");
|
|
263
|
+
const crlf = buffer.indexOf("\r\n\r\n");
|
|
264
|
+
if (crlf !== -1 && (lf === -1 || crlf < lf)) {
|
|
265
|
+
return { index: crlf, length: 4 };
|
|
266
|
+
}
|
|
267
|
+
if (lf !== -1) {
|
|
268
|
+
return { index: lf, length: 2 };
|
|
269
|
+
}
|
|
270
|
+
return null;
|
|
271
|
+
}
|
|
272
|
+
/** Concatenate the `data:` lines of one SSE event, or null if there are none. */
|
|
273
|
+
function parseSseData(rawEvent) {
|
|
274
|
+
const dataLines = rawEvent
|
|
275
|
+
.split(/\r?\n/)
|
|
276
|
+
.filter((line) => line.startsWith("data:"))
|
|
277
|
+
.map((line) => line.slice("data:".length).replace(/^ /, ""));
|
|
278
|
+
return dataLines.length > 0 ? dataLines.join("\n") : null;
|
|
279
|
+
}
|
|
280
|
+
//# sourceMappingURL=http-client.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"http-client.js","sourceRoot":"","sources":["../src/http-client.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;AAsBnD;;;;;GAKG;AACH,MAAM,UAAU,gBAAgB,CAAC,MAAc;IAC7C,IAAI,GAAQ,CAAC;IAEb,IAAI,CAAC;QACH,GAAG,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC;IACxB,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;IAC1C,CAAC;IAED,IAAI,GAAG,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC9B,OAAO,GAAG,CAAC;IACb,CAAC;IAED,IAAI,GAAG,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;QAC7B,MAAM,IAAI,GAAG,GAAG,CAAC,QAAQ,CAAC;QAE1B,IAAI,IAAI,KAAK,WAAW,IAAI,IAAI,KAAK,WAAW,IAAI,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,OAAO,EAAE,CAAC;YACvF,OAAO,GAAG,CAAC;QACb,CAAC;QAED,MAAM,IAAI,KAAK,CAAC,uDAAuD,CAAC,CAAC;IAC3E,CAAC;IAED,MAAM,IAAI,KAAK,CAAC,+BAA+B,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC;AACjE,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,OAAO,aAAa;IACP,GAAG,CAAM;IACT,OAAO,CAAyB;IAChC,SAAS,CAAe;IACxB,SAAS,CAAS;IAC3B,SAAS,GAAkB,IAAI,CAAC;IAChC,iBAAiB,GAAkB,IAAI,CAAC;IACxC,MAAM,GAAG,KAAK,CAAC;IACvB,UAAU,GAAiC,IAAI,CAAC;IAEhD,YAAoB,MAA2B;QAC7C,IAAI,CAAC,GAAG,GAAG,gBAAgB,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACxC,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC,OAAO,IAAI,EAAE,CAAC;QACpC,MAAM,SAAS,GAAG,MAAM,CAAC,KAAK,IAAI,UAAU,CAAC,KAAK,CAAC;QAEnD,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;QAC7C,CAAC;QAED,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;QAC3B,IAAI,CAAC,SAAS,GAAG,MAAM,CAAC,SAAS,IAAI,MAAM,CAAC;IAC9C,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,MAA2B;QAC5C,MAAM,MAAM,GAAG,IAAI,aAAa,CAAC,MAAM,CAAC,CAAC;QACzC,MAAM,WAAW,GAAG,CAAC,MAAM,MAAM,CAAC,OAAO,CAAC,YAAY,EAAE;YACtD,eAAe,EAAE,oBAAoB;YACrC,YAAY,EAAE,EAAE;YAChB,UAAU,EAAE;gBACV,IAAI,EAAE,MAAM,CAAC,UAAU,IAAI,oBAAoB;gBAC/C,OAAO,EAAE,MAAM,CAAC,aAAa,IAAI,OAAO;aACzC;SACF,CAAC,CAA8B,CAAC;QAEjC,MAAM,UAAU,GACd,WAAW,CAAC,UAAU;YACtB,OAAO,WAAW,CAAC,UAAU,KAAK,QAAQ;YAC1C,CAAC,KAAK,CAAC,OAAO,CAAC,WAAW,CAAC,UAAU,CAAC;YACpC,CAAC,CAAE,WAAW,CAAC,UAAwC;YACvD,CAAC,CAAC,EAAE,CAAC;QAET,MAAM,CAAC,iBAAiB;YACtB,OAAO,WAAW,CAAC,eAAe,KAAK,QAAQ;gBAC7C,CAAC,CAAC,WAAW,CAAC,eAAe;gBAC7B,CAAC,CAAC,oBAAoB,CAAC;QAC3B,MAAM,CAAC,UAAU,GAAG;YAClB,IAAI,EAAE,OAAO,UAAU,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,UAAU;YACxE,OAAO,EAAE,OAAO,UAAU,CAAC,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS;YAChF,eAAe,EAAE,MAAM,CAAC,iBAAiB;SAC1C,CAAC;QAEF,MAAM,MAAM,CAAC,MAAM,CAAC,2BAA2B,EAAE,EAAE,CAAC,CAAC;QAErD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,KAAK,CAAC,SAAS;QACb,MAAM,MAAM,GAAG,CAAC,MAAM,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE,EAAE,CAAC,CAA8B,CAAC;QACnF,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;QAE9D,OAAO,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE;YAC5B,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC7D,OAAO,EAAE,CAAC;YACZ,CAAC;YAED,MAAM,MAAM,GAAG,IAAiC,CAAC;YAEjD,IAAI,OAAO,MAAM,CAAC,IAAI,KAAK,QAAQ,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAChE,OAAO,EAAE,CAAC;YACZ,CAAC;YAED,OAAO;gBACL;oBACE,IAAI,EAAE,MAAM,CAAC,IAAI;oBACjB,WAAW,EACT,OAAO,MAAM,CAAC,WAAW,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS;oBACzE,WAAW,EACT,MAAM,CAAC,WAAW;wBAClB,OAAO,MAAM,CAAC,WAAW,KAAK,QAAQ;wBACtC,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,WAAW,CAAC;wBAChC,CAAC,CAAE,MAAM,CAAC,WAAyC;wBACnD,CAAC,CAAC,EAAE;iBACT;aACF,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC;IAED,QAAQ,CAAC,IAAY,EAAE,aAAwC;QAC7D,OAAO,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,aAAa,EAAE,CAAC,CAAC;IACxE,CAAC;IAED,KAAK;QACH,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAChB,OAAO;QACT,CAAC;QAED,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC;QAEnB,0EAA0E;QAC1E,sCAAsC;QACtC,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACnB,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;YACzC,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;YAErE,KAAK,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,EAAE;gBAC5B,MAAM,EAAE,QAAQ;gBAChB,OAAO,EAAE,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC;gBACjC,MAAM,EAAE,UAAU,CAAC,MAAM;aAC1B,CAAC;iBACC,KAAK,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC;iBACtB,OAAO,CAAC,GAAG,EAAE,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,OAAO,CACnB,MAAc,EACd,MAAiC;QAEjC,MAAM,EAAE,GAAG,cAAc,MAAM,EAAE,CAAC;QAClC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;QAE3D,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,KAAK,CAAC,6BAA6B,MAAM,EAAE,CAAC,CAAC;QACzD,CAAC;QAED,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YAClB,MAAM,IAAI,KAAK,CACb,kBAAkB,OAAO,CAAC,KAAK,CAAC,IAAI,IAAI,SAAS,IAAI,OAAO,CAAC,KAAK,CAAC,OAAO,IAAI,SAAS,EAAE,CAC1F,CAAC;QACJ,CAAC;QAED,OAAO,OAAO,CAAC,MAAM,IAAI,IAAI,CAAC;IAChC,CAAC;IAEO,KAAK,CAAC,MAAM,CAAC,MAAc,EAAE,MAAiC;QACpE,MAAM,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC;IAC9C,CAAC;IAEO,KAAK,CAAC,IAAI,CAChB,EAAiB,EACjB,MAAc,EACd,MAAiC,EACjC,cAAuB;QAEvB,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAChB,MAAM,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAC;QACrC,CAAC;QAED,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;QACzC,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;QACrE,MAAM,IAAI,GAAG,cAAc;YACzB,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE;YACpC,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;QAE3C,IAAI,QAAkB,CAAC;QAEvB,IAAI,CAAC;YACH,QAAQ,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,EAAE;gBACxC,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC;gBAChC,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;gBAC1B,MAAM,EAAE,UAAU,CAAC,MAAM;aAC1B,CAAC,CAAC;QACL,CAAC;gBAAS,CAAC;YACT,YAAY,CAAC,OAAO,CAAC,CAAC;QACxB,CAAC;QAED,+DAA+D;QAC/D,MAAM,eAAe,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;QAE/D,IAAI,eAAe,EAAE,CAAC;YACpB,IAAI,CAAC,SAAS,GAAG,eAAe,CAAC;QACnC,CAAC;QAED,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YAC9C,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;QAC9C,CAAC;QAED,IAAI,cAAc,EAAE,CAAC;YACnB,oEAAoE;YACpE,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,MAAM,IAAI,KAAK,CAAC,mBAAmB,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;YACxD,CAAC;YAED,KAAK,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,CAAC;YAC7B,OAAO,IAAI,CAAC;QACd,CAAC;QAED,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,mBAAmB,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;QACxD,CAAC;QAED,MAAM,WAAW,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC;QAE/D,IAAI,WAAW,CAAC,QAAQ,CAAC,mBAAmB,CAAC,EAAE,CAAC;YAC9C,OAAO,IAAI,CAAC,eAAe,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;QAC5C,CAAC;QAED,MAAM,MAAM,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAc,CAAC;QAEpD,OAAO,iBAAiB,CAAC,MAAM,CAAC,CAAC;IACnC,CAAC;IAEO,KAAK,CAAC,eAAe,CAC3B,QAAkB,EAClB,EAAiB;QAEjB,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;YACnB,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;QAC1C,CAAC;QAED,MAAM,MAAM,GAAG,QAAQ,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;QACzC,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;QAClC,IAAI,MAAM,GAAG,EAAE,CAAC;QAEhB,IAAI,CAAC;YACH,SAAS,CAAC;gBACR,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,GAAG,MAAM,MAAM,CAAC,IAAI,EAAE,CAAC;gBAE5C,IAAI,IAAI,EAAE,CAAC;oBACT,MAAM;gBACR,CAAC;gBAED,MAAM,IAAI,OAAO,CAAC,MAAM,CAAC,KAAK,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;gBAClD,IAAI,SAAS,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC;gBAE1C,OAAO,SAAS,EAAE,CAAC;oBACjB,MAAM,QAAQ,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,SAAS,CAAC,KAAK,CAAC,CAAC;oBAClD,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,KAAK,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC;oBAC1D,MAAM,IAAI,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC;oBAEpC,IAAI,IAAI,KAAK,IAAI,EAAE,CAAC;wBAClB,MAAM,OAAO,GAAG,iBAAiB,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAc,CAAC,CAAC;wBAEjE,IAAI,OAAO,IAAI,OAAO,CAAC,EAAE,KAAK,EAAE,EAAE,CAAC;4BACjC,MAAM,MAAM,CAAC,MAAM,EAAE,CAAC;4BACtB,OAAO,OAAO,CAAC;wBACjB,CAAC;oBACH,CAAC;oBAED,SAAS,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC;gBACxC,CAAC;YACH,CAAC;QACH,CAAC;gBAAS,CAAC;YACT,MAAM,CAAC,WAAW,EAAE,CAAC;QACvB,CAAC;QAED,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;IACvD,CAAC;IAEO,YAAY,CAAC,QAAiB;QACpC,MAAM,OAAO,GAA2B;YACtC,GAAG,IAAI,CAAC,OAAO;YACf,MAAM,EAAE,qCAAqC;SAC9C,CAAC;QAEF,IAAI,QAAQ,EAAE,CAAC;YACb,OAAO,CAAC,cAAc,CAAC,GAAG,kBAAkB,CAAC;QAC/C,CAAC;QAED,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACnB,OAAO,CAAC,gBAAgB,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC;QAC7C,CAAC;QAED,IAAI,IAAI,CAAC,iBAAiB,EAAE,CAAC;YAC3B,OAAO,CAAC,sBAAsB,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC;QAC3D,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;CACF;AAED,SAAS,iBAAiB,CAAC,KAAgB;IACzC,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QAChE,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,MAAM,GAAG,KAAkC,CAAC;IAClD,MAAM,KAAK,GACT,MAAM,CAAC,KAAK,IAAI,OAAO,MAAM,CAAC,KAAK,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC;QAC9E,CAAC,CAAE,MAAM,CAAC,KAAmC;QAC7C,CAAC,CAAC,SAAS,CAAC;IAEhB,OAAO;QACL,EAAE,EAAE,MAAM,CAAC,EAAE,IAAI,IAAI;QACrB,MAAM,EAAE,MAAM,CAAC,MAAM;QACrB,KAAK,EAAE,KAAK;YACV,CAAC,CAAC;gBACE,IAAI,EAAE,OAAO,KAAK,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS;gBAC7D,OAAO,EAAE,OAAO,KAAK,CAAC,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS;aACvE;YACH,CAAC,CAAC,SAAS;KACd,CAAC;AACJ,CAAC;AAED,+EAA+E;AAC/E,SAAS,iBAAiB,CAAC,MAAc;IACvC,MAAM,EAAE,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IAClC,MAAM,IAAI,GAAG,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IAExC,IAAI,IAAI,KAAK,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,CAAC,CAAC,IAAI,IAAI,GAAG,EAAE,CAAC,EAAE,CAAC;QAC5C,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC;IACpC,CAAC;IAED,IAAI,EAAE,KAAK,CAAC,CAAC,EAAE,CAAC;QACd,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC;IAClC,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,iFAAiF;AACjF,SAAS,YAAY,CAAC,QAAgB;IACpC,MAAM,SAAS,GAAG,QAAQ;SACvB,KAAK,CAAC,OAAO,CAAC;SACd,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;SAC1C,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC;IAE/D,OAAO,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;AAC5D,CAAC"}
|
package/dist/index.d.ts
CHANGED
|
@@ -1,3 +1,8 @@
|
|
|
1
1
|
export * from "./core.js";
|
|
2
|
-
export {
|
|
2
|
+
export { MCP_CONFORMANCE_RECEIPT_VERSION, MCP_CONFORMANCE_REGISTRY_VERSION, McpConformanceReceiptSchema, McpConformanceRegistrySchema, emptyMcpConformanceRegistry, loadMcpConformanceRegistry, parseMcpConformanceRegistry, saveMcpConformanceRegistry, upsertMcpConformanceReceipt, type McpConformanceReceipt, type McpConformanceRegistry, } from "./conformance.js";
|
|
3
|
+
export { MCP_PINS_SCHEMA_VERSION, MCP_PINS_SCHEMA_VERSION_V0, McpPinManifestSchema, McpServerPinsSchema, McpToolPinSchema, emptyMcpPinManifest, loadMcpPinManifest, parseMcpPinManifest, pinMcpDefinitions, reconcileMcpPins, saveMcpPinManifest, evaluateMcpVersionChain, findMcpToolPin, compareSemver, type McpChainEvaluation, type McpChainVerdict, type McpPinManifest, type McpPinProvenance, type McpPinReconcileEntry, type McpPinStatus, type McpServerPins, type McpToolPin, } from "./pins.js";
|
|
4
|
+
export { MCP_PROTOCOL_VERSION, MCP_WRAPPER_SERVER_NAME, McpStdioClient, McpWrapperServer, createMcpToolRouter, createMcpWrapperServer, createMcpWrapperTool, type McpStdioClientConfig, type McpUpstreamClient, type McpUpstreamServerInfo, type McpUpstreamToolListing, type McpWrapperRuntime, type McpWrapperServerConfig, type McpWrapperTool, } from "./server.js";
|
|
5
|
+
export { McpHttpClient, assertSafeMcpUrl, type McpHttpClientConfig, } from "./http-client.js";
|
|
6
|
+
export { PROTECTED_RESOURCE_WELL_KNOWN, AUTHORIZATION_SERVER_WELL_KNOWN, OPENID_CONFIGURATION_WELL_KNOWN, canonicalResourceUri, assertSafeOAuthEndpoint, parseWwwAuthenticate, protectedResourceMetadataUrl, authorizationServerMetadataUrls, discoverProtectedResourceMetadata, discoverAuthorizationServerMetadata, createPkcePair, createOAuthState, buildAuthorizationUrl, exchangeAuthorizationCode, refreshAccessToken, registerOAuthClient, type WwwAuthenticateChallenge, type ProtectedResourceMetadata, type AuthorizationServerMetadata, type DiscoverInput, type PkcePair, type OAuthTokens, type RegisteredClient, } from "./oauth.js";
|
|
7
|
+
export { MCP_SIGNED_DEFINITION_PROFILE, MCP_SIGNED_DEFINITION_TYP, MCP_PUBLISHER_KEYRING_VERSION, MCP_PUBLISHER_TRUST_VERSION, MCP_SIGNED_DEFINITION_REGISTRY_VERSION, McpSignedDefinitionClaimsSchema, McpSignedDefinitionRegistryEntrySchema, McpSignedDefinitionRegistrySchema, McpPublisherKeySchema, McpPublisherKeyringSchema, McpPublisherTrustEntrySchema, McpPublisherTrustStoreSchema, signMcpToolDefinition, verifyMcpSignedDefinition, createSignedMcpToolHandler, mcpPublisherKeyResolver, emptyMcpPublisherTrustStore, parseMcpPublisherTrustStore, loadMcpPublisherTrustStore, saveMcpPublisherTrustStore, loadMcpSignedDefinitionRegistry, findMcpSignedDefinition, trustMcpPublisher, mcpPublisherJwks, mcpPublisherSigningKey, loadOrCreateMcpPublisherKeyring, type McpSignedDefinitionClaims, type McpSignedDefinitionRegistry, type McpSignedDefinitionRegistryEntry, type McpSignedDefinitionVerification, type McpPublisherKey, type McpPublisherKeyResolver, type McpPublisherKeyring, type McpPublisherTrustEntry, type McpPublisherTrustStore, type SignMcpToolDefinitionInput, } from "./signing.js";
|
|
3
8
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,WAAW,CAAC;AAC1B,OAAO,EACL,oBAAoB,EACpB,uBAAuB,EACvB,cAAc,EACd,gBAAgB,EAChB,mBAAmB,EACnB,sBAAsB,EACtB,oBAAoB,EACpB,KAAK,oBAAoB,EACzB,KAAK,qBAAqB,EAC1B,KAAK,sBAAsB,EAC3B,KAAK,iBAAiB,EACtB,KAAK,sBAAsB,EAC3B,KAAK,cAAc,GACpB,MAAM,aAAa,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,WAAW,CAAC;AAC1B,OAAO,EACL,+BAA+B,EAC/B,gCAAgC,EAChC,2BAA2B,EAC3B,4BAA4B,EAC5B,2BAA2B,EAC3B,0BAA0B,EAC1B,2BAA2B,EAC3B,0BAA0B,EAC1B,2BAA2B,EAC3B,KAAK,qBAAqB,EAC1B,KAAK,sBAAsB,GAC5B,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EACL,uBAAuB,EACvB,0BAA0B,EAC1B,oBAAoB,EACpB,mBAAmB,EACnB,gBAAgB,EAChB,mBAAmB,EACnB,kBAAkB,EAClB,mBAAmB,EACnB,iBAAiB,EACjB,gBAAgB,EAChB,kBAAkB,EAClB,uBAAuB,EACvB,cAAc,EACd,aAAa,EACb,KAAK,kBAAkB,EACvB,KAAK,eAAe,EACpB,KAAK,cAAc,EACnB,KAAK,gBAAgB,EACrB,KAAK,oBAAoB,EACzB,KAAK,YAAY,EACjB,KAAK,aAAa,EAClB,KAAK,UAAU,GAChB,MAAM,WAAW,CAAC;AACnB,OAAO,EACL,oBAAoB,EACpB,uBAAuB,EACvB,cAAc,EACd,gBAAgB,EAChB,mBAAmB,EACnB,sBAAsB,EACtB,oBAAoB,EACpB,KAAK,oBAAoB,EACzB,KAAK,iBAAiB,EACtB,KAAK,qBAAqB,EAC1B,KAAK,sBAAsB,EAC3B,KAAK,iBAAiB,EACtB,KAAK,sBAAsB,EAC3B,KAAK,cAAc,GACpB,MAAM,aAAa,CAAC;AACrB,OAAO,EACL,aAAa,EACb,gBAAgB,EAChB,KAAK,mBAAmB,GACzB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EACL,6BAA6B,EAC7B,+BAA+B,EAC/B,+BAA+B,EAC/B,oBAAoB,EACpB,uBAAuB,EACvB,oBAAoB,EACpB,4BAA4B,EAC5B,+BAA+B,EAC/B,iCAAiC,EACjC,mCAAmC,EACnC,cAAc,EACd,gBAAgB,EAChB,qBAAqB,EACrB,yBAAyB,EACzB,kBAAkB,EAClB,mBAAmB,EACnB,KAAK,wBAAwB,EAC7B,KAAK,yBAAyB,EAC9B,KAAK,2BAA2B,EAChC,KAAK,aAAa,EAClB,KAAK,QAAQ,EACb,KAAK,WAAW,EAChB,KAAK,gBAAgB,GACtB,MAAM,YAAY,CAAC;AACpB,OAAO,EACL,6BAA6B,EAC7B,yBAAyB,EACzB,6BAA6B,EAC7B,2BAA2B,EAC3B,sCAAsC,EACtC,+BAA+B,EAC/B,sCAAsC,EACtC,iCAAiC,EACjC,qBAAqB,EACrB,yBAAyB,EACzB,4BAA4B,EAC5B,4BAA4B,EAC5B,qBAAqB,EACrB,yBAAyB,EACzB,0BAA0B,EAC1B,uBAAuB,EACvB,2BAA2B,EAC3B,2BAA2B,EAC3B,0BAA0B,EAC1B,0BAA0B,EAC1B,+BAA+B,EAC/B,uBAAuB,EACvB,iBAAiB,EACjB,gBAAgB,EAChB,sBAAsB,EACtB,+BAA+B,EAC/B,KAAK,yBAAyB,EAC9B,KAAK,2BAA2B,EAChC,KAAK,gCAAgC,EACrC,KAAK,+BAA+B,EACpC,KAAK,eAAe,EACpB,KAAK,uBAAuB,EAC5B,KAAK,mBAAmB,EACxB,KAAK,sBAAsB,EAC3B,KAAK,sBAAsB,EAC3B,KAAK,0BAA0B,GAChC,MAAM,cAAc,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -1,3 +1,8 @@
|
|
|
1
1
|
export * from "./core.js";
|
|
2
|
+
export { MCP_CONFORMANCE_RECEIPT_VERSION, MCP_CONFORMANCE_REGISTRY_VERSION, McpConformanceReceiptSchema, McpConformanceRegistrySchema, emptyMcpConformanceRegistry, loadMcpConformanceRegistry, parseMcpConformanceRegistry, saveMcpConformanceRegistry, upsertMcpConformanceReceipt, } from "./conformance.js";
|
|
3
|
+
export { MCP_PINS_SCHEMA_VERSION, MCP_PINS_SCHEMA_VERSION_V0, McpPinManifestSchema, McpServerPinsSchema, McpToolPinSchema, emptyMcpPinManifest, loadMcpPinManifest, parseMcpPinManifest, pinMcpDefinitions, reconcileMcpPins, saveMcpPinManifest, evaluateMcpVersionChain, findMcpToolPin, compareSemver, } from "./pins.js";
|
|
2
4
|
export { MCP_PROTOCOL_VERSION, MCP_WRAPPER_SERVER_NAME, McpStdioClient, McpWrapperServer, createMcpToolRouter, createMcpWrapperServer, createMcpWrapperTool, } from "./server.js";
|
|
5
|
+
export { McpHttpClient, assertSafeMcpUrl, } from "./http-client.js";
|
|
6
|
+
export { PROTECTED_RESOURCE_WELL_KNOWN, AUTHORIZATION_SERVER_WELL_KNOWN, OPENID_CONFIGURATION_WELL_KNOWN, canonicalResourceUri, assertSafeOAuthEndpoint, parseWwwAuthenticate, protectedResourceMetadataUrl, authorizationServerMetadataUrls, discoverProtectedResourceMetadata, discoverAuthorizationServerMetadata, createPkcePair, createOAuthState, buildAuthorizationUrl, exchangeAuthorizationCode, refreshAccessToken, registerOAuthClient, } from "./oauth.js";
|
|
7
|
+
export { MCP_SIGNED_DEFINITION_PROFILE, MCP_SIGNED_DEFINITION_TYP, MCP_PUBLISHER_KEYRING_VERSION, MCP_PUBLISHER_TRUST_VERSION, MCP_SIGNED_DEFINITION_REGISTRY_VERSION, McpSignedDefinitionClaimsSchema, McpSignedDefinitionRegistryEntrySchema, McpSignedDefinitionRegistrySchema, McpPublisherKeySchema, McpPublisherKeyringSchema, McpPublisherTrustEntrySchema, McpPublisherTrustStoreSchema, signMcpToolDefinition, verifyMcpSignedDefinition, createSignedMcpToolHandler, mcpPublisherKeyResolver, emptyMcpPublisherTrustStore, parseMcpPublisherTrustStore, loadMcpPublisherTrustStore, saveMcpPublisherTrustStore, loadMcpSignedDefinitionRegistry, findMcpSignedDefinition, trustMcpPublisher, mcpPublisherJwks, mcpPublisherSigningKey, loadOrCreateMcpPublisherKeyring, } from "./signing.js";
|
|
3
8
|
//# sourceMappingURL=index.js.map
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,WAAW,CAAC;AAC1B,OAAO,EACL,oBAAoB,EACpB,uBAAuB,EACvB,cAAc,EACd,gBAAgB,EAChB,mBAAmB,EACnB,sBAAsB,EACtB,oBAAoB,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,WAAW,CAAC;AAC1B,OAAO,EACL,+BAA+B,EAC/B,gCAAgC,EAChC,2BAA2B,EAC3B,4BAA4B,EAC5B,2BAA2B,EAC3B,0BAA0B,EAC1B,2BAA2B,EAC3B,0BAA0B,EAC1B,2BAA2B,GAG5B,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EACL,uBAAuB,EACvB,0BAA0B,EAC1B,oBAAoB,EACpB,mBAAmB,EACnB,gBAAgB,EAChB,mBAAmB,EACnB,kBAAkB,EAClB,mBAAmB,EACnB,iBAAiB,EACjB,gBAAgB,EAChB,kBAAkB,EAClB,uBAAuB,EACvB,cAAc,EACd,aAAa,GASd,MAAM,WAAW,CAAC;AACnB,OAAO,EACL,oBAAoB,EACpB,uBAAuB,EACvB,cAAc,EACd,gBAAgB,EAChB,mBAAmB,EACnB,sBAAsB,EACtB,oBAAoB,GAQrB,MAAM,aAAa,CAAC;AACrB,OAAO,EACL,aAAa,EACb,gBAAgB,GAEjB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EACL,6BAA6B,EAC7B,+BAA+B,EAC/B,+BAA+B,EAC/B,oBAAoB,EACpB,uBAAuB,EACvB,oBAAoB,EACpB,4BAA4B,EAC5B,+BAA+B,EAC/B,iCAAiC,EACjC,mCAAmC,EACnC,cAAc,EACd,gBAAgB,EAChB,qBAAqB,EACrB,yBAAyB,EACzB,kBAAkB,EAClB,mBAAmB,GAQpB,MAAM,YAAY,CAAC;AACpB,OAAO,EACL,6BAA6B,EAC7B,yBAAyB,EACzB,6BAA6B,EAC7B,2BAA2B,EAC3B,sCAAsC,EACtC,+BAA+B,EAC/B,sCAAsC,EACtC,iCAAiC,EACjC,qBAAqB,EACrB,yBAAyB,EACzB,4BAA4B,EAC5B,4BAA4B,EAC5B,qBAAqB,EACrB,yBAAyB,EACzB,0BAA0B,EAC1B,uBAAuB,EACvB,2BAA2B,EAC3B,2BAA2B,EAC3B,0BAA0B,EAC1B,0BAA0B,EAC1B,+BAA+B,EAC/B,uBAAuB,EACvB,iBAAiB,EACjB,gBAAgB,EAChB,sBAAsB,EACtB,+BAA+B,GAWhC,MAAM,cAAc,CAAC"}
|
package/dist/oauth.d.ts
ADDED
|
@@ -0,0 +1,168 @@
|
|
|
1
|
+
export declare const PROTECTED_RESOURCE_WELL_KNOWN = "/.well-known/oauth-protected-resource";
|
|
2
|
+
export declare const AUTHORIZATION_SERVER_WELL_KNOWN = "/.well-known/oauth-authorization-server";
|
|
3
|
+
export declare const OPENID_CONFIGURATION_WELL_KNOWN = "/.well-known/openid-configuration";
|
|
4
|
+
/**
|
|
5
|
+
* The canonical resource identifier for an MCP server, per RFC 8707 §2 and the
|
|
6
|
+
* MCP spec's "Canonical Server URI" rules: lowercase scheme + host, no fragment,
|
|
7
|
+
* no trailing slash (unless the path is just "/"). This exact string is the
|
|
8
|
+
* `resource` parameter and must match the `resource` field of the Protected
|
|
9
|
+
* Resource Metadata document.
|
|
10
|
+
*/
|
|
11
|
+
export declare function canonicalResourceUri(rawUrl: string): string;
|
|
12
|
+
/**
|
|
13
|
+
* Allow `https://` always; allow `http://` only for loopback hosts. The MCP
|
|
14
|
+
* authorization spec requires all authorization-server endpoints to be served
|
|
15
|
+
* over HTTPS — we never send a bearer, code, or verifier in cleartext to a
|
|
16
|
+
* remote host. Loopback stays permitted for local conformance servers.
|
|
17
|
+
*/
|
|
18
|
+
export declare function assertSafeOAuthEndpoint(rawUrl: string): URL;
|
|
19
|
+
export type WwwAuthenticateChallenge = {
|
|
20
|
+
scheme: string;
|
|
21
|
+
params: Record<string, string>;
|
|
22
|
+
};
|
|
23
|
+
/**
|
|
24
|
+
* Parse an RFC 7235 `WWW-Authenticate` header far enough to recover the RFC 9728
|
|
25
|
+
* `resource_metadata` and (optionally) `scope` from a Bearer challenge. We only
|
|
26
|
+
* need quoted/unquoted token68-free `key=value` auth params, which is what real
|
|
27
|
+
* MCP resource servers emit.
|
|
28
|
+
*/
|
|
29
|
+
export declare function parseWwwAuthenticate(header: string): WwwAuthenticateChallenge | null;
|
|
30
|
+
export type ProtectedResourceMetadata = {
|
|
31
|
+
resource: string;
|
|
32
|
+
authorizationServers: string[];
|
|
33
|
+
scopesSupported: string[];
|
|
34
|
+
resourceName: string | null;
|
|
35
|
+
metadataUrl: string;
|
|
36
|
+
};
|
|
37
|
+
export type AuthorizationServerMetadata = {
|
|
38
|
+
issuer: string;
|
|
39
|
+
authorizationEndpoint: string;
|
|
40
|
+
tokenEndpoint: string;
|
|
41
|
+
registrationEndpoint: string | null;
|
|
42
|
+
codeChallengeMethodsSupported: string[];
|
|
43
|
+
scopesSupported: string[];
|
|
44
|
+
grantTypesSupported: string[];
|
|
45
|
+
metadataUrl: string;
|
|
46
|
+
};
|
|
47
|
+
/**
|
|
48
|
+
* Build the RFC 9728 Protected Resource Metadata URL from an MCP server URL. The
|
|
49
|
+
* well-known segment is inserted between host and path (path-aware), matching
|
|
50
|
+
* RFC 9728 §3.1, so `https://h/mcp` → `https://h/.well-known/oauth-protected-resource/mcp`.
|
|
51
|
+
*/
|
|
52
|
+
export declare function protectedResourceMetadataUrl(mcpUrl: string): string;
|
|
53
|
+
/**
|
|
54
|
+
* Candidate RFC 8414 Authorization Server Metadata URLs for an issuer, tried in
|
|
55
|
+
* order. RFC 8414 inserts the well-known segment between host and path; we also
|
|
56
|
+
* fall back to the OpenID Connect discovery document, which many real
|
|
57
|
+
* authorization servers (including ones fronting MCP) serve instead.
|
|
58
|
+
*/
|
|
59
|
+
export declare function authorizationServerMetadataUrls(issuer: string): string[];
|
|
60
|
+
export type DiscoverInput = {
|
|
61
|
+
mcpUrl: string;
|
|
62
|
+
fetch?: typeof fetch;
|
|
63
|
+
timeoutMs?: number;
|
|
64
|
+
/** A `WWW-Authenticate` header from a prior 401, if already observed. */
|
|
65
|
+
wwwAuthenticate?: string;
|
|
66
|
+
};
|
|
67
|
+
/**
|
|
68
|
+
* Discover Protected Resource Metadata for an MCP server. Prefers the
|
|
69
|
+
* `resource_metadata` URL advertised in a 401 `WWW-Authenticate` header (RFC
|
|
70
|
+
* 9728 §5.1); otherwise derives the well-known URL from the MCP endpoint. The
|
|
71
|
+
* returned `resource` must equal the canonical MCP URI or we fail closed rather
|
|
72
|
+
* than request a token for the wrong audience.
|
|
73
|
+
*/
|
|
74
|
+
export declare function discoverProtectedResourceMetadata(input: DiscoverInput): Promise<ProtectedResourceMetadata>;
|
|
75
|
+
/**
|
|
76
|
+
* Discover RFC 8414 Authorization Server Metadata for an issuer, trying the
|
|
77
|
+
* path-aware well-known URLs and the OpenID fallback in order. The metadata's
|
|
78
|
+
* `issuer` must equal the requested issuer (RFC 8414 §3.3), and the
|
|
79
|
+
* authorization/token endpoints must be HTTPS (or loopback) or we fail closed.
|
|
80
|
+
*/
|
|
81
|
+
export declare function discoverAuthorizationServerMetadata(input: {
|
|
82
|
+
issuer: string;
|
|
83
|
+
fetch?: typeof fetch;
|
|
84
|
+
timeoutMs?: number;
|
|
85
|
+
}): Promise<AuthorizationServerMetadata>;
|
|
86
|
+
export type PkcePair = {
|
|
87
|
+
verifier: string;
|
|
88
|
+
challenge: string;
|
|
89
|
+
method: "S256";
|
|
90
|
+
};
|
|
91
|
+
/** Create an RFC 7636 PKCE verifier/challenge pair (S256). */
|
|
92
|
+
export declare function createPkcePair(randomVerifier?: () => string): PkcePair;
|
|
93
|
+
/** Create an anti-CSRF `state` value for the authorization request. */
|
|
94
|
+
export declare function createOAuthState(randomState?: () => string): string;
|
|
95
|
+
/**
|
|
96
|
+
* Build the OAuth 2.1 authorization-request URL. The RFC 8707 `resource`
|
|
97
|
+
* parameter is always included and set to the canonical MCP URI (MUST per the
|
|
98
|
+
* MCP spec, regardless of AS support), alongside PKCE `code_challenge` and the
|
|
99
|
+
* anti-CSRF `state`.
|
|
100
|
+
*/
|
|
101
|
+
export declare function buildAuthorizationUrl(input: {
|
|
102
|
+
authorizationEndpoint: string;
|
|
103
|
+
clientId: string;
|
|
104
|
+
redirectUri: string;
|
|
105
|
+
resource: string;
|
|
106
|
+
scopes: string[];
|
|
107
|
+
state: string;
|
|
108
|
+
codeChallenge: string;
|
|
109
|
+
extraParams?: Record<string, string>;
|
|
110
|
+
}): string;
|
|
111
|
+
export type OAuthTokens = {
|
|
112
|
+
accessToken: string;
|
|
113
|
+
refreshToken: string | null;
|
|
114
|
+
tokenType: string;
|
|
115
|
+
scope: string[];
|
|
116
|
+
expiresIn: number | null;
|
|
117
|
+
};
|
|
118
|
+
/**
|
|
119
|
+
* Exchange an authorization code for tokens at the token endpoint. Sends the
|
|
120
|
+
* RFC 7636 `code_verifier` and the RFC 8707 `resource` parameter so the issued
|
|
121
|
+
* token is audience-bound to this MCP server. Public-client form (no secret) is
|
|
122
|
+
* the default; a confidential client secret is included only when supplied.
|
|
123
|
+
*/
|
|
124
|
+
export declare function exchangeAuthorizationCode(input: {
|
|
125
|
+
tokenEndpoint: string;
|
|
126
|
+
clientId: string;
|
|
127
|
+
clientSecret?: string;
|
|
128
|
+
code: string;
|
|
129
|
+
redirectUri: string;
|
|
130
|
+
codeVerifier: string;
|
|
131
|
+
resource: string;
|
|
132
|
+
fetch?: typeof fetch;
|
|
133
|
+
timeoutMs?: number;
|
|
134
|
+
}): Promise<OAuthTokens>;
|
|
135
|
+
/**
|
|
136
|
+
* Refresh an access token. Per OAuth 2.1 the `resource` parameter is repeated so
|
|
137
|
+
* the refreshed token keeps the same audience; the requested `scope` is narrowed
|
|
138
|
+
* to what was originally granted (never broadened).
|
|
139
|
+
*/
|
|
140
|
+
export declare function refreshAccessToken(input: {
|
|
141
|
+
tokenEndpoint: string;
|
|
142
|
+
clientId: string;
|
|
143
|
+
clientSecret?: string;
|
|
144
|
+
refreshToken: string;
|
|
145
|
+
resource: string;
|
|
146
|
+
scopes?: string[];
|
|
147
|
+
fetch?: typeof fetch;
|
|
148
|
+
timeoutMs?: number;
|
|
149
|
+
}): Promise<OAuthTokens>;
|
|
150
|
+
export type RegisteredClient = {
|
|
151
|
+
clientId: string;
|
|
152
|
+
clientSecret: string | null;
|
|
153
|
+
};
|
|
154
|
+
/**
|
|
155
|
+
* Register a public OAuth client via RFC 7591 Dynamic Client Registration. We
|
|
156
|
+
* register as a public client using PKCE (`token_endpoint_auth_method: none`)
|
|
157
|
+
* with the loopback redirect and the authorization-code grant, so no client
|
|
158
|
+
* secret is needed or stored. Returns the issued client id.
|
|
159
|
+
*/
|
|
160
|
+
export declare function registerOAuthClient(input: {
|
|
161
|
+
registrationEndpoint: string;
|
|
162
|
+
redirectUris: string[];
|
|
163
|
+
clientName: string;
|
|
164
|
+
scopes?: string[];
|
|
165
|
+
fetch?: typeof fetch;
|
|
166
|
+
timeoutMs?: number;
|
|
167
|
+
}): Promise<RegisteredClient>;
|
|
168
|
+
//# sourceMappingURL=oauth.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"oauth.d.ts","sourceRoot":"","sources":["../src/oauth.ts"],"names":[],"mappings":"AAyBA,eAAO,MAAM,6BAA6B,0CAA0C,CAAC;AACrF,eAAO,MAAM,+BAA+B,4CAA4C,CAAC;AACzF,eAAO,MAAM,+BAA+B,sCAAsC,CAAC;AAEnF;;;;;;GAMG;AACH,wBAAgB,oBAAoB,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CA8B3D;AAED;;;;;GAKG;AACH,wBAAgB,uBAAuB,CAAC,MAAM,EAAE,MAAM,GAAG,GAAG,CAwB3D;AAED,MAAM,MAAM,wBAAwB,GAAG;IACrC,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAChC,CAAC;AAEF;;;;;GAKG;AACH,wBAAgB,oBAAoB,CAAC,MAAM,EAAE,MAAM,GAAG,wBAAwB,GAAG,IAAI,CAqBpF;AASD,MAAM,MAAM,yBAAyB,GAAG;IACtC,QAAQ,EAAE,MAAM,CAAC;IACjB,oBAAoB,EAAE,MAAM,EAAE,CAAC;IAC/B,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,WAAW,EAAE,MAAM,CAAC;CACrB,CAAC;AAcF,MAAM,MAAM,2BAA2B,GAAG;IACxC,MAAM,EAAE,MAAM,CAAC;IACf,qBAAqB,EAAE,MAAM,CAAC;IAC9B,aAAa,EAAE,MAAM,CAAC;IACtB,oBAAoB,EAAE,MAAM,GAAG,IAAI,CAAC;IACpC,6BAA6B,EAAE,MAAM,EAAE,CAAC;IACxC,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,mBAAmB,EAAE,MAAM,EAAE,CAAC;IAC9B,WAAW,EAAE,MAAM,CAAC;CACrB,CAAC;AAEF;;;;GAIG;AACH,wBAAgB,4BAA4B,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAKnE;AAED;;;;;GAKG;AACH,wBAAgB,+BAA+B,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAmBxE;AAED,MAAM,MAAM,aAAa,GAAG;IAC1B,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE,OAAO,KAAK,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,yEAAyE;IACzE,eAAe,CAAC,EAAE,MAAM,CAAC;CAC1B,CAAC;AAEF;;;;;;GAMG;AACH,wBAAsB,iCAAiC,CACrD,KAAK,EAAE,aAAa,GACnB,OAAO,CAAC,yBAAyB,CAAC,CA+CpC;AAED;;;;;GAKG;AACH,wBAAsB,mCAAmC,CAAC,KAAK,EAAE;IAC/D,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE,OAAO,KAAK,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,GAAG,OAAO,CAAC,2BAA2B,CAAC,CA4DvC;AAED,MAAM,MAAM,QAAQ,GAAG;IAAE,QAAQ,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAAC;AAE/E,8DAA8D;AAC9D,wBAAgB,cAAc,CAAC,cAAc,CAAC,EAAE,MAAM,MAAM,GAAG,QAAQ,CAKtE;AAED,uEAAuE;AACvE,wBAAgB,gBAAgB,CAAC,WAAW,CAAC,EAAE,MAAM,MAAM,GAAG,MAAM,CAEnE;AAED;;;;;GAKG;AACH,wBAAgB,qBAAqB,CAAC,KAAK,EAAE;IAC3C,qBAAqB,EAAE,MAAM,CAAC;IAC9B,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,aAAa,EAAE,MAAM,CAAC;IACtB,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACtC,GAAG,MAAM,CAmBT;AAED,MAAM,MAAM,WAAW,GAAG;IACxB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;CAC1B,CAAC;AAYF;;;;;GAKG;AACH,wBAAsB,yBAAyB,CAAC,KAAK,EAAE;IACrD,aAAa,EAAE,MAAM,CAAC;IACtB,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,OAAO,KAAK,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,GAAG,OAAO,CAAC,WAAW,CAAC,CAoBvB;AAED;;;;GAIG;AACH,wBAAsB,kBAAkB,CAAC,KAAK,EAAE;IAC9C,aAAa,EAAE,MAAM,CAAC;IACtB,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,KAAK,CAAC,EAAE,OAAO,KAAK,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,GAAG,OAAO,CAAC,WAAW,CAAC,CAsBvB;AASD,MAAM,MAAM,gBAAgB,GAAG;IAC7B,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;CAC7B,CAAC;AAEF;;;;;GAKG;AACH,wBAAsB,mBAAmB,CAAC,KAAK,EAAE;IAC/C,oBAAoB,EAAE,MAAM,CAAC;IAC7B,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,KAAK,CAAC,EAAE,OAAO,KAAK,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,GAAG,OAAO,CAAC,gBAAgB,CAAC,CA4C5B"}
|