npm - @bowenqt/qiniu-ai-sdk - Versions diffs - 0.10.0 → 0.14.0 - Mend

@bowenqt/qiniu-ai-sdk 0.10.0 → 0.14.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (149) hide show

package/README.md +225 -0
package/dist/ai/agent-graph.d.ts +101 -0
package/dist/ai/agent-graph.d.ts.map +1 -0
package/dist/ai/agent-graph.js +322 -0
package/dist/ai/agent-graph.js.map +1 -0
package/dist/ai/agent-graph.mjs +318 -0
package/dist/ai/generate-text.d.ts +58 -0
package/dist/ai/generate-text.d.ts.map +1 -1
package/dist/ai/generate-text.js +157 -0
package/dist/ai/generate-text.js.map +1 -1
package/dist/ai/generate-text.mjs +156 -0
package/dist/ai/graph/checkpointer.d.ts +112 -0
package/dist/ai/graph/checkpointer.d.ts.map +1 -0
package/dist/ai/graph/checkpointer.js +131 -0
package/dist/ai/graph/checkpointer.js.map +1 -0
package/dist/ai/graph/checkpointer.mjs +126 -0
package/dist/ai/graph/index.d.ts +13 -0
package/dist/ai/graph/index.d.ts.map +1 -0
package/dist/ai/graph/index.js +22 -0
package/dist/ai/graph/index.js.map +1 -0
package/dist/ai/graph/index.mjs +12 -0
package/dist/ai/graph/postgres-checkpointer.d.ts +54 -0
package/dist/ai/graph/postgres-checkpointer.d.ts.map +1 -0
package/dist/ai/graph/postgres-checkpointer.js +134 -0
package/dist/ai/graph/postgres-checkpointer.js.map +1 -0
package/dist/ai/graph/postgres-checkpointer.mjs +130 -0
package/dist/ai/graph/redis-checkpointer.d.ts +51 -0
package/dist/ai/graph/redis-checkpointer.d.ts.map +1 -0
package/dist/ai/graph/redis-checkpointer.js +124 -0
package/dist/ai/graph/redis-checkpointer.js.map +1 -0
package/dist/ai/graph/redis-checkpointer.mjs +120 -0
package/dist/ai/graph/state-graph.d.ts +41 -0
package/dist/ai/graph/state-graph.d.ts.map +1 -0
package/dist/ai/graph/state-graph.js +149 -0
package/dist/ai/graph/state-graph.js.map +1 -0
package/dist/ai/graph/state-graph.mjs +144 -0
package/dist/ai/graph/types.d.ts +41 -0
package/dist/ai/graph/types.d.ts.map +1 -0
package/dist/ai/graph/types.js +10 -0
package/dist/ai/graph/types.js.map +1 -0
package/dist/ai/graph/types.mjs +7 -0
package/dist/ai/internal-types.d.ts +109 -0
package/dist/ai/internal-types.d.ts.map +1 -0
package/dist/ai/internal-types.js +28 -0
package/dist/ai/internal-types.js.map +1 -0
package/dist/ai/internal-types.mjs +23 -0
package/dist/ai/nodes/execute-node.d.ts +27 -0
package/dist/ai/nodes/execute-node.d.ts.map +1 -0
package/dist/ai/nodes/execute-node.js +118 -0
package/dist/ai/nodes/execute-node.js.map +1 -0
package/dist/ai/nodes/execute-node.mjs +114 -0
package/dist/ai/nodes/index.d.ts +8 -0
package/dist/ai/nodes/index.d.ts.map +1 -0
package/dist/ai/nodes/index.js +16 -0
package/dist/ai/nodes/index.js.map +1 -0
package/dist/ai/nodes/index.mjs +7 -0
package/dist/ai/nodes/memory-node.d.ts +34 -0
package/dist/ai/nodes/memory-node.d.ts.map +1 -0
package/dist/ai/nodes/memory-node.js +164 -0
package/dist/ai/nodes/memory-node.js.map +1 -0
package/dist/ai/nodes/memory-node.mjs +158 -0
package/dist/ai/nodes/predict-node.d.ts +42 -0
package/dist/ai/nodes/predict-node.d.ts.map +1 -0
package/dist/ai/nodes/predict-node.js +89 -0
package/dist/ai/nodes/predict-node.js.map +1 -0
package/dist/ai/nodes/predict-node.mjs +86 -0
package/dist/ai/nodes/types.d.ts +44 -0
package/dist/ai/nodes/types.d.ts.map +1 -0
package/dist/ai/nodes/types.js +6 -0
package/dist/ai/nodes/types.js.map +1 -0
package/dist/ai/nodes/types.mjs +5 -0
package/dist/index.d.ts +23 -0
package/dist/index.d.ts.map +1 -1
package/dist/index.js +80 -1
package/dist/index.js.map +1 -1
package/dist/index.mjs +34 -0
package/dist/lib/otel-tracer.d.ts +47 -0
package/dist/lib/otel-tracer.d.ts.map +1 -0
package/dist/lib/otel-tracer.js +79 -0
package/dist/lib/otel-tracer.js.map +1 -0
package/dist/lib/otel-tracer.mjs +75 -0
package/dist/lib/token-estimator.d.ts +62 -0
package/dist/lib/token-estimator.d.ts.map +1 -0
package/dist/lib/token-estimator.js +106 -0
package/dist/lib/token-estimator.js.map +1 -0
package/dist/lib/token-estimator.mjs +100 -0
package/dist/lib/tool-registry.d.ts +103 -0
package/dist/lib/tool-registry.d.ts.map +1 -0
package/dist/lib/tool-registry.js +159 -0
package/dist/lib/tool-registry.js.map +1 -0
package/dist/lib/tool-registry.mjs +154 -0
package/dist/lib/tracer.d.ts +85 -0
package/dist/lib/tracer.d.ts.map +1 -0
package/dist/lib/tracer.js +170 -0
package/dist/lib/tracer.js.map +1 -0
package/dist/lib/tracer.mjs +161 -0
package/dist/lib/types.d.ts +11 -0
package/dist/lib/types.d.ts.map +1 -1
package/dist/modules/mcp/adapter.d.ts +23 -0
package/dist/modules/mcp/adapter.d.ts.map +1 -0
package/dist/modules/mcp/adapter.js +63 -0
package/dist/modules/mcp/adapter.js.map +1 -0
package/dist/modules/mcp/adapter.mjs +58 -0
package/dist/modules/mcp/client.d.ts +75 -0
package/dist/modules/mcp/client.d.ts.map +1 -0
package/dist/modules/mcp/client.js +300 -0
package/dist/modules/mcp/client.js.map +1 -0
package/dist/modules/mcp/client.mjs +295 -0
package/dist/modules/mcp/http-transport.d.ts +51 -0
package/dist/modules/mcp/http-transport.d.ts.map +1 -0
package/dist/modules/mcp/http-transport.js +146 -0
package/dist/modules/mcp/http-transport.js.map +1 -0
package/dist/modules/mcp/http-transport.mjs +141 -0
package/dist/modules/mcp/index.d.ts +11 -0
package/dist/modules/mcp/index.d.ts.map +1 -0
package/dist/modules/mcp/index.js +34 -0
package/dist/modules/mcp/index.js.map +1 -0
package/dist/modules/mcp/index.mjs +14 -0
package/dist/modules/mcp/oauth.d.ts +101 -0
package/dist/modules/mcp/oauth.d.ts.map +1 -0
package/dist/modules/mcp/oauth.js +347 -0
package/dist/modules/mcp/oauth.js.map +1 -0
package/dist/modules/mcp/oauth.mjs +304 -0
package/dist/modules/mcp/token-store.d.ts +69 -0
package/dist/modules/mcp/token-store.d.ts.map +1 -0
package/dist/modules/mcp/token-store.js +174 -0
package/dist/modules/mcp/token-store.js.map +1 -0
package/dist/modules/mcp/token-store.mjs +135 -0
package/dist/modules/mcp/types.d.ts +91 -0
package/dist/modules/mcp/types.d.ts.map +1 -0
package/dist/modules/mcp/types.js +14 -0
package/dist/modules/mcp/types.js.map +1 -0
package/dist/modules/mcp/types.mjs +11 -0
package/dist/modules/skills/index.d.ts +7 -0
package/dist/modules/skills/index.d.ts.map +1 -0
package/dist/modules/skills/index.js +14 -0
package/dist/modules/skills/index.js.map +1 -0
package/dist/modules/skills/index.mjs +6 -0
package/dist/modules/skills/loader.d.ts +51 -0
package/dist/modules/skills/loader.d.ts.map +1 -0
package/dist/modules/skills/loader.js +237 -0
package/dist/modules/skills/loader.js.map +1 -0
package/dist/modules/skills/loader.mjs +198 -0
package/dist/modules/skills/types.d.ts +60 -0
package/dist/modules/skills/types.d.ts.map +1 -0
package/dist/modules/skills/types.js +20 -0
package/dist/modules/skills/types.js.map +1 -0
package/dist/modules/skills/types.mjs +17 -0
package/package.json +4 -1

package/dist/modules/mcp/oauth.mjs ADDED Viewed

@@ -0,0 +1,304 @@
+/**
+ * OAuth 2.0 flows for MCP HTTP transport.
+ * Implements PKCE (browser) and Device Code (headless) flows.
+ *
+ * @see https://modelcontextprotocol.io/docs/concepts/authorization
+ */
+import * as crypto from 'node:crypto';
+import * as http from 'node:http';
+/** OAuth error */
+export class OAuthError extends Error {
+    constructor(message, code, description) {
+        super(message);
+        this.code = code;
+        this.description = description;
+        this.name = 'OAuthError';
+    }
+}
+/**
+ * Generate PKCE code verifier (43-128 chars).
+ */
+export function generateCodeVerifier() {
+    return crypto.randomBytes(32).toString('base64url');
+}
+/**
+ * Generate PKCE code challenge (S256).
+ */
+export function generateCodeChallenge(verifier) {
+    const hash = crypto.createHash('sha256').update(verifier).digest();
+    return hash.toString('base64url');
+}
+/**
+ * Generate random state parameter.
+ */
+export function generateState() {
+    return crypto.randomBytes(16).toString('hex');
+}
+/**
+ * PKCE Authorization Code Flow.
+ * Opens a browser for user authentication and starts a local callback server.
+ */
+export class PKCEFlow {
+    constructor(config) {
+        this.server = null;
+        this.codeVerifier = '';
+        this.config = config;
+    }
+    /**
+     * Build authorization URL.
+     */
+    buildAuthorizationUrl(redirectUri, state) {
+        this.codeVerifier = generateCodeVerifier();
+        const codeChallenge = generateCodeChallenge(this.codeVerifier);
+        const params = new URLSearchParams({
+            response_type: 'code',
+            client_id: this.config.clientId,
+            redirect_uri: redirectUri,
+            scope: this.config.scopes.join(' '),
+            state,
+            code_challenge: codeChallenge,
+            code_challenge_method: 'S256',
+        });
+        const authUrl = this.config.authorizationUrl;
+        if (!authUrl) {
+            throw new OAuthError('Authorization URL not configured');
+        }
+        return `${authUrl}?${params.toString()}`;
+    }
+    /**
+     * Start local callback server and wait for authorization code.
+     * Returns the authorization code.
+     * @param options.port - Port to listen on (default: random)
+     * @param options.expectedState - Expected state parameter to validate (required for security)
+     * @param options.timeoutMs - Timeout in milliseconds (default: 300000 = 5 minutes)
+     */
+    async waitForCallback(options) {
+        const { port = 0, expectedState, timeoutMs = 300000 } = options;
+        return new Promise((resolve, reject) => {
+            // Setup timeout
+            const timeoutId = setTimeout(() => {
+                this.stopServer();
+                reject(new OAuthError(`Callback timeout after ${timeoutMs}ms`));
+            }, timeoutMs);
+            this.server = http.createServer((req, res) => {
+                const url = new URL(req.url || '', `http://localhost:${port}`);
+                const code = url.searchParams.get('code');
+                const state = url.searchParams.get('state');
+                const error = url.searchParams.get('error');
+                const errorDescription = url.searchParams.get('error_description');
+                if (error) {
+                    res.writeHead(400, { 'Content-Type': 'text/html' });
+                    res.end(`<h1>Authorization Failed</h1><p>${errorDescription || error}</p>`);
+                    clearTimeout(timeoutId);
+                    this.stopServer();
+                    reject(new OAuthError(`Authorization failed: ${error}`, error, errorDescription || undefined));
+                    return;
+                }
+                if (!code || !state) {
+                    res.writeHead(400, { 'Content-Type': 'text/html' });
+                    res.end('<h1>Missing code or state</h1>');
+                    return;
+                }
+                // Validate state (CSRF protection)
+                if (state !== expectedState) {
+                    res.writeHead(400, { 'Content-Type': 'text/html' });
+                    res.end('<h1>Invalid state parameter</h1>');
+                    clearTimeout(timeoutId);
+                    this.stopServer();
+                    reject(new OAuthError('State mismatch: possible CSRF attack', 'state_mismatch'));
+                    return;
+                }
+                res.writeHead(200, { 'Content-Type': 'text/html' });
+                res.end('<h1>Authorization Successful</h1><p>You can close this window.</p>');
+                clearTimeout(timeoutId);
+                this.stopServer();
+                resolve({ code, state });
+            });
+            this.server.listen(port, '127.0.0.1', () => {
+                const addr = this.server?.address();
+                if (typeof addr === 'object' && addr) {
+                    // Server started on addr.port
+                }
+            });
+            this.server.on('error', (err) => {
+                clearTimeout(timeoutId);
+                reject(new OAuthError(`Callback server error: ${err.message}`));
+            });
+        });
+    }
+    /**
+     * Exchange authorization code for tokens.
+     */
+    async exchangeCode(code, redirectUri) {
+        const tokenUrl = this.config.tokenUrl;
+        if (!tokenUrl) {
+            throw new OAuthError('Token URL not configured');
+        }
+        const body = new URLSearchParams({
+            grant_type: 'authorization_code',
+            code,
+            redirect_uri: redirectUri,
+            client_id: this.config.clientId,
+            code_verifier: this.codeVerifier,
+        });
+        if (this.config.clientSecret) {
+            body.set('client_secret', this.config.clientSecret);
+        }
+        const response = await fetch(tokenUrl, {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+            body: body.toString(),
+        });
+        if (!response.ok) {
+            const error = await response.json().catch(() => ({}));
+            throw new OAuthError(`Token exchange failed: ${response.status}`, error.error, error.error_description);
+        }
+        const data = await response.json();
+        return {
+            accessToken: data.access_token,
+            refreshToken: data.refresh_token,
+            expiresAt: data.expires_in ? Date.now() + data.expires_in * 1000 : undefined,
+            tokenType: data.token_type,
+            scope: data.scope,
+        };
+    }
+    /**
+     * Get the local callback server port.
+     */
+    getCallbackPort() {
+        const addr = this.server?.address();
+        if (typeof addr === 'object' && addr) {
+            return addr.port;
+        }
+        return null;
+    }
+    /**
+     * Stop the callback server.
+     */
+    stopServer() {
+        if (this.server) {
+            this.server.close();
+            this.server = null;
+        }
+    }
+}
+/**
+ * Device Code Flow for headless environments.
+ */
+export class DeviceCodeFlow {
+    constructor(config) {
+        this.config = config;
+    }
+    /**
+     * Request device code from authorization server.
+     */
+    async requestDeviceCode() {
+        const deviceCodeUrl = this.config.deviceCodeUrl;
+        if (!deviceCodeUrl) {
+            throw new OAuthError('Device code URL not configured');
+        }
+        const body = new URLSearchParams({
+            client_id: this.config.clientId,
+            scope: this.config.scopes.join(' '),
+        });
+        const response = await fetch(deviceCodeUrl, {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+            body: body.toString(),
+        });
+        if (!response.ok) {
+            const error = await response.json().catch(() => ({}));
+            throw new OAuthError(`Device code request failed: ${response.status}`, error.error, error.error_description);
+        }
+        const data = await response.json();
+        return {
+            deviceCode: data.device_code,
+            userCode: data.user_code,
+            verificationUri: data.verification_uri,
+            verificationUriComplete: data.verification_uri_complete,
+            expiresIn: data.expires_in,
+            interval: data.interval || 5,
+        };
+    }
+    /**
+     * Poll for token after user completes authentication.
+     */
+    async pollForToken(deviceCode, interval, expiresIn, onPending) {
+        const tokenUrl = this.config.tokenUrl;
+        if (!tokenUrl) {
+            throw new OAuthError('Token URL not configured');
+        }
+        const deadline = Date.now() + expiresIn * 1000;
+        let currentInterval = interval * 1000;
+        while (Date.now() < deadline) {
+            await new Promise((resolve) => setTimeout(resolve, currentInterval));
+            const body = new URLSearchParams({
+                grant_type: 'urn:ietf:params:oauth:grant-type:device_code',
+                device_code: deviceCode,
+                client_id: this.config.clientId,
+            });
+            const response = await fetch(tokenUrl, {
+                method: 'POST',
+                headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+                body: body.toString(),
+            });
+            const data = await response.json();
+            if (data.access_token) {
+                return {
+                    accessToken: data.access_token,
+                    refreshToken: data.refresh_token,
+                    expiresAt: data.expires_in ? Date.now() + data.expires_in * 1000 : undefined,
+                    tokenType: data.token_type || 'Bearer',
+                    scope: data.scope,
+                };
+            }
+            if (data.error === 'authorization_pending') {
+                onPending?.();
+                continue;
+            }
+            if (data.error === 'slow_down') {
+                currentInterval += 5000; // Add 5 seconds
+                continue;
+            }
+            if (data.error) {
+                throw new OAuthError(`Device code polling failed: ${data.error}`, data.error, data.error_description);
+            }
+        }
+        throw new OAuthError('Device code expired');
+    }
+}
+/**
+ * Refresh an access token using refresh token.
+ */
+export async function refreshAccessToken(config, refreshToken) {
+    const tokenUrl = config.tokenUrl;
+    if (!tokenUrl) {
+        throw new OAuthError('Token URL not configured');
+    }
+    const body = new URLSearchParams({
+        grant_type: 'refresh_token',
+        refresh_token: refreshToken,
+        client_id: config.clientId,
+    });
+    if (config.clientSecret) {
+        body.set('client_secret', config.clientSecret);
+    }
+    const response = await fetch(tokenUrl, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+        body: body.toString(),
+    });
+    if (!response.ok) {
+        const error = await response.json().catch(() => ({}));
+        throw new OAuthError(`Token refresh failed: ${response.status}`, error.error, error.error_description);
+    }
+    const data = await response.json();
+    return {
+        accessToken: data.access_token,
+        refreshToken: data.refresh_token || refreshToken,
+        expiresAt: data.expires_in ? Date.now() + data.expires_in * 1000 : undefined,
+        tokenType: data.token_type,
+        scope: data.scope,
+    };
+}
+//# sourceMappingURL=oauth.js.map

package/dist/modules/mcp/token-store.d.ts ADDED Viewed

@@ -0,0 +1,69 @@
+/**
+ * Token storage for OAuth tokens.
+ * Provides memory and file-based implementations.
+ */
+import type { OAuthTokens } from './oauth';
+/**
+ * Token store interface.
+ */
+export interface TokenStore {
+    /** Get stored tokens for a server */
+    get(serverName: string): Promise<OAuthTokens | undefined>;
+    /** Store tokens for a server */
+    set(serverName: string, tokens: OAuthTokens): Promise<void>;
+    /** Delete tokens for a server */
+    delete(serverName: string): Promise<void>;
+    /** Check if token is expired */
+    isExpired(tokens: OAuthTokens): boolean;
+}
+/**
+ * In-memory token store.
+ * Tokens are lost when process exits.
+ */
+export declare class MemoryTokenStore implements TokenStore {
+    private readonly tokens;
+    get(serverName: string): Promise<OAuthTokens | undefined>;
+    set(serverName: string, tokens: OAuthTokens): Promise<void>;
+    delete(serverName: string): Promise<void>;
+    isExpired(tokens: OAuthTokens): boolean;
+}
+/** File token store configuration */
+export interface FileTokenStoreConfig {
+    /** Directory to store token files */
+    directory: string;
+    /** File permissions (default: 0o600) */
+    fileMode?: number;
+}
+/**
+ * File-based token store.
+ * Stores tokens as JSON files with restrictive permissions.
+ */
+export declare class FileTokenStore implements TokenStore {
+    private readonly config;
+    constructor(config: FileTokenStoreConfig);
+    private getFilePath;
+    get(serverName: string): Promise<OAuthTokens | undefined>;
+    set(serverName: string, tokens: OAuthTokens): Promise<void>;
+    delete(serverName: string): Promise<void>;
+    isExpired(tokens: OAuthTokens): boolean;
+}
+/**
+ * Token manager combines store with refresh logic.
+ */
+export declare class TokenManager {
+    private readonly store;
+    constructor(store: TokenStore);
+    /**
+     * Get valid access token, refreshing if needed.
+     */
+    getAccessToken(serverName: string, refresh?: (refreshToken: string) => Promise<OAuthTokens>): Promise<string | undefined>;
+    /**
+     * Store new tokens.
+     */
+    setTokens(serverName: string, tokens: OAuthTokens): Promise<void>;
+    /**
+     * Clear tokens.
+     */
+    clearTokens(serverName: string): Promise<void>;
+}
+//# sourceMappingURL=token-store.d.ts.map

package/dist/modules/mcp/token-store.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"token-store.d.ts","sourceRoot":"","sources":["../../../src/modules/mcp/token-store.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAIH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAE3C;;GAEG;AACH,MAAM,WAAW,UAAU;IACvB,qCAAqC;IACrC,GAAG,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,GAAG,SAAS,CAAC,CAAC;IAC1D,gCAAgC;IAChC,GAAG,CAAC,UAAU,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC5D,iCAAiC;IACjC,MAAM,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC1C,gCAAgC;IAChC,SAAS,CAAC,MAAM,EAAE,WAAW,GAAG,OAAO,CAAC;CAC3C;AAED;;;GAGG;AACH,qBAAa,gBAAiB,YAAW,UAAU;IAC/C,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAkC;IAEnD,GAAG,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,GAAG,SAAS,CAAC;IAIzD,GAAG,CAAC,UAAU,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC;IAI3D,MAAM,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAI/C,SAAS,CAAC,MAAM,EAAE,WAAW,GAAG,OAAO;CAK1C;AAED,qCAAqC;AACrC,MAAM,WAAW,oBAAoB;IACjC,qCAAqC;IACrC,SAAS,EAAE,MAAM,CAAC;IAClB,wCAAwC;IACxC,QAAQ,CAAC,EAAE,MAAM,CAAC;CACrB;AAED;;;GAGG;AACH,qBAAa,cAAe,YAAW,UAAU;IAC7C,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAiC;gBAE5C,MAAM,EAAE,oBAAoB;IAOxC,OAAO,CAAC,WAAW;IAMb,GAAG,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,GAAG,SAAS,CAAC;IAczD,GAAG,CAAC,UAAU,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC;IAY3D,MAAM,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAY/C,SAAS,CAAC,MAAM,EAAE,WAAW,GAAG,OAAO;CAK1C;AAED;;GAEG;AACH,qBAAa,YAAY;IACrB,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAa;gBAEvB,KAAK,EAAE,UAAU;IAI7B;;OAEG;IACG,cAAc,CAChB,UAAU,EAAE,MAAM,EAClB,OAAO,CAAC,EAAE,CAAC,YAAY,EAAE,MAAM,KAAK,OAAO,CAAC,WAAW,CAAC,GACzD,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC;IA2B9B;;OAEG;IACG,SAAS,CAAC,UAAU,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC;IAIvE;;OAEG;IACG,WAAW,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAGvD"}

package/dist/modules/mcp/token-store.js ADDED Viewed

@@ -0,0 +1,174 @@
+"use strict";
+/**
+ * Token storage for OAuth tokens.
+ * Provides memory and file-based implementations.
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TokenManager = exports.FileTokenStore = exports.MemoryTokenStore = void 0;
+const fs = __importStar(require("node:fs/promises"));
+const path = __importStar(require("node:path"));
+/**
+ * In-memory token store.
+ * Tokens are lost when process exits.
+ */
+class MemoryTokenStore {
+    constructor() {
+        this.tokens = new Map();
+    }
+    async get(serverName) {
+        return this.tokens.get(serverName);
+    }
+    async set(serverName, tokens) {
+        this.tokens.set(serverName, tokens);
+    }
+    async delete(serverName) {
+        this.tokens.delete(serverName);
+    }
+    isExpired(tokens) {
+        if (!tokens.expiresAt)
+            return false;
+        // Consider expired 60 seconds before actual expiry
+        return Date.now() > tokens.expiresAt - 60000;
+    }
+}
+exports.MemoryTokenStore = MemoryTokenStore;
+/**
+ * File-based token store.
+ * Stores tokens as JSON files with restrictive permissions.
+ */
+class FileTokenStore {
+    constructor(config) {
+        this.config = {
+            directory: config.directory,
+            fileMode: config.fileMode ?? 0o600,
+        };
+    }
+    getFilePath(serverName) {
+        // Sanitize server name for filename
+        const safeName = serverName.replace(/[^a-zA-Z0-9_-]/g, '_');
+        return path.join(this.config.directory, `${safeName}_tokens.json`);
+    }
+    async get(serverName) {
+        const filePath = this.getFilePath(serverName);
+        try {
+            const content = await fs.readFile(filePath, 'utf-8');
+            return JSON.parse(content);
+        }
+        catch (error) {
+            if (error.code === 'ENOENT') {
+                return undefined;
+            }
+            throw error;
+        }
+    }
+    async set(serverName, tokens) {
+        const filePath = this.getFilePath(serverName);
+        // Ensure directory exists
+        await fs.mkdir(this.config.directory, { recursive: true, mode: 0o700 });
+        // Write file with restrictive permissions
+        await fs.writeFile(filePath, JSON.stringify(tokens, null, 2), {
+            mode: this.config.fileMode,
+        });
+    }
+    async delete(serverName) {
+        const filePath = this.getFilePath(serverName);
+        try {
+            await fs.unlink(filePath);
+        }
+        catch (error) {
+            if (error.code !== 'ENOENT') {
+                throw error;
+            }
+        }
+    }
+    isExpired(tokens) {
+        if (!tokens.expiresAt)
+            return false;
+        // Consider expired 60 seconds before actual expiry
+        return Date.now() > tokens.expiresAt - 60000;
+    }
+}
+exports.FileTokenStore = FileTokenStore;
+/**
+ * Token manager combines store with refresh logic.
+ */
+class TokenManager {
+    constructor(store) {
+        this.store = store;
+    }
+    /**
+     * Get valid access token, refreshing if needed.
+     */
+    async getAccessToken(serverName, refresh) {
+        const tokens = await this.store.get(serverName);
+        if (!tokens)
+            return undefined;
+        // Token is still valid
+        if (!this.store.isExpired(tokens)) {
+            return tokens.accessToken;
+        }
+        // Try to refresh
+        if (tokens.refreshToken && refresh) {
+            try {
+                const newTokens = await refresh(tokens.refreshToken);
+                await this.store.set(serverName, newTokens);
+                return newTokens.accessToken;
+            }
+            catch {
+                // Refresh failed, delete tokens
+                await this.store.delete(serverName);
+                return undefined;
+            }
+        }
+        // Token expired and can't refresh
+        await this.store.delete(serverName);
+        return undefined;
+    }
+    /**
+     * Store new tokens.
+     */
+    async setTokens(serverName, tokens) {
+        await this.store.set(serverName, tokens);
+    }
+    /**
+     * Clear tokens.
+     */
+    async clearTokens(serverName) {
+        await this.store.delete(serverName);
+    }
+}
+exports.TokenManager = TokenManager;
+//# sourceMappingURL=token-store.js.map

package/dist/modules/mcp/token-store.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"token-store.js","sourceRoot":"","sources":["../../../src/modules/mcp/token-store.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEH,qDAAuC;AACvC,gDAAkC;AAiBlC;;;GAGG;AACH,MAAa,gBAAgB;IAA7B;QACqB,WAAM,GAAG,IAAI,GAAG,EAAuB,CAAC;IAmB7D,CAAC;IAjBG,KAAK,CAAC,GAAG,CAAC,UAAkB;QACxB,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IACvC,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,UAAkB,EAAE,MAAmB;QAC7C,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;IACxC,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,UAAkB;QAC3B,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;IACnC,CAAC;IAED,SAAS,CAAC,MAAmB;QACzB,IAAI,CAAC,MAAM,CAAC,SAAS;YAAE,OAAO,KAAK,CAAC;QACpC,mDAAmD;QACnD,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,SAAS,GAAG,KAAK,CAAC;IACjD,CAAC;CACJ;AApBD,4CAoBC;AAUD;;;GAGG;AACH,MAAa,cAAc;IAGvB,YAAY,MAA4B;QACpC,IAAI,CAAC,MAAM,GAAG;YACV,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,QAAQ,EAAE,MAAM,CAAC,QAAQ,IAAI,KAAK;SACrC,CAAC;IACN,CAAC;IAEO,WAAW,CAAC,UAAkB;QAClC,oCAAoC;QACpC,MAAM,QAAQ,GAAG,UAAU,CAAC,OAAO,CAAC,iBAAiB,EAAE,GAAG,CAAC,CAAC;QAC5D,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,GAAG,QAAQ,cAAc,CAAC,CAAC;IACvE,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,UAAkB;QACxB,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;QAE9C,IAAI,CAAC;YACD,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YACrD,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,CAAgB,CAAC;QAC9C,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,IAAK,KAA+B,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;gBACrD,OAAO,SAAS,CAAC;YACrB,CAAC;YACD,MAAM,KAAK,CAAC;QAChB,CAAC;IACL,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,UAAkB,EAAE,MAAmB;QAC7C,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;QAE9C,0BAA0B;QAC1B,MAAM,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QAExE,0CAA0C;QAC1C,MAAM,EAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE;YAC1D,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;SAC7B,CAAC,CAAC;IACP,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,UAAkB;QAC3B,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;QAE9C,IAAI,CAAC;YACD,MAAM,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAC9B,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,IAAK,KAA+B,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;gBACrD,MAAM,KAAK,CAAC;YAChB,CAAC;QACL,CAAC;IACL,CAAC;IAED,SAAS,CAAC,MAAmB;QACzB,IAAI,CAAC,MAAM,CAAC,SAAS;YAAE,OAAO,KAAK,CAAC;QACpC,mDAAmD;QACnD,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,SAAS,GAAG,KAAK,CAAC;IACjD,CAAC;CACJ;AA3DD,wCA2DC;AAED;;GAEG;AACH,MAAa,YAAY;IAGrB,YAAY,KAAiB;QACzB,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;IACvB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,cAAc,CAChB,UAAkB,EAClB,OAAwD;QAExD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QAChD,IAAI,CAAC,MAAM;YAAE,OAAO,SAAS,CAAC;QAE9B,uBAAuB;QACvB,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,CAAC;YAChC,OAAO,MAAM,CAAC,WAAW,CAAC;QAC9B,CAAC;QAED,iBAAiB;QACjB,IAAI,MAAM,CAAC,YAAY,IAAI,OAAO,EAAE,CAAC;YACjC,IAAI,CAAC;gBACD,MAAM,SAAS,GAAG,MAAM,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;gBACrD,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC;gBAC5C,OAAO,SAAS,CAAC,WAAW,CAAC;YACjC,CAAC;YAAC,MAAM,CAAC;gBACL,gCAAgC;gBAChC,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;gBACpC,OAAO,SAAS,CAAC;YACrB,CAAC;QACL,CAAC;QAED,kCAAkC;QAClC,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;QACpC,OAAO,SAAS,CAAC;IACrB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,SAAS,CAAC,UAAkB,EAAE,MAAmB;QACnD,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;IAC7C,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,WAAW,CAAC,UAAkB;QAChC,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;IACxC,CAAC;CACJ;AArDD,oCAqDC"}

package/dist/modules/mcp/token-store.mjs ADDED Viewed

@@ -0,0 +1,135 @@
+/**
+ * Token storage for OAuth tokens.
+ * Provides memory and file-based implementations.
+ */
+import * as fs from 'node:fs/promises';
+import * as path from 'node:path';
+/**
+ * In-memory token store.
+ * Tokens are lost when process exits.
+ */
+export class MemoryTokenStore {
+    constructor() {
+        this.tokens = new Map();
+    }
+    async get(serverName) {
+        return this.tokens.get(serverName);
+    }
+    async set(serverName, tokens) {
+        this.tokens.set(serverName, tokens);
+    }
+    async delete(serverName) {
+        this.tokens.delete(serverName);
+    }
+    isExpired(tokens) {
+        if (!tokens.expiresAt)
+            return false;
+        // Consider expired 60 seconds before actual expiry
+        return Date.now() > tokens.expiresAt - 60000;
+    }
+}
+/**
+ * File-based token store.
+ * Stores tokens as JSON files with restrictive permissions.
+ */
+export class FileTokenStore {
+    constructor(config) {
+        this.config = {
+            directory: config.directory,
+            fileMode: config.fileMode ?? 0o600,
+        };
+    }
+    getFilePath(serverName) {
+        // Sanitize server name for filename
+        const safeName = serverName.replace(/[^a-zA-Z0-9_-]/g, '_');
+        return path.join(this.config.directory, `${safeName}_tokens.json`);
+    }
+    async get(serverName) {
+        const filePath = this.getFilePath(serverName);
+        try {
+            const content = await fs.readFile(filePath, 'utf-8');
+            return JSON.parse(content);
+        }
+        catch (error) {
+            if (error.code === 'ENOENT') {
+                return undefined;
+            }
+            throw error;
+        }
+    }
+    async set(serverName, tokens) {
+        const filePath = this.getFilePath(serverName);
+        // Ensure directory exists
+        await fs.mkdir(this.config.directory, { recursive: true, mode: 0o700 });
+        // Write file with restrictive permissions
+        await fs.writeFile(filePath, JSON.stringify(tokens, null, 2), {
+            mode: this.config.fileMode,
+        });
+    }
+    async delete(serverName) {
+        const filePath = this.getFilePath(serverName);
+        try {
+            await fs.unlink(filePath);
+        }
+        catch (error) {
+            if (error.code !== 'ENOENT') {
+                throw error;
+            }
+        }
+    }
+    isExpired(tokens) {
+        if (!tokens.expiresAt)
+            return false;
+        // Consider expired 60 seconds before actual expiry
+        return Date.now() > tokens.expiresAt - 60000;
+    }
+}
+/**
+ * Token manager combines store with refresh logic.
+ */
+export class TokenManager {
+    constructor(store) {
+        this.store = store;
+    }
+    /**
+     * Get valid access token, refreshing if needed.
+     */
+    async getAccessToken(serverName, refresh) {
+        const tokens = await this.store.get(serverName);
+        if (!tokens)
+            return undefined;
+        // Token is still valid
+        if (!this.store.isExpired(tokens)) {
+            return tokens.accessToken;
+        }
+        // Try to refresh
+        if (tokens.refreshToken && refresh) {
+            try {
+                const newTokens = await refresh(tokens.refreshToken);
+                await this.store.set(serverName, newTokens);
+                return newTokens.accessToken;
+            }
+            catch {
+                // Refresh failed, delete tokens
+                await this.store.delete(serverName);
+                return undefined;
+            }
+        }
+        // Token expired and can't refresh
+        await this.store.delete(serverName);
+        return undefined;
+    }
+    /**
+     * Store new tokens.
+     */
+    async setTokens(serverName, tokens) {
+        await this.store.set(serverName, tokens);
+    }
+    /**
+     * Clear tokens.
+     */
+    async clearTokens(serverName) {
+        await this.store.delete(serverName);
+    }
+}
+//# sourceMappingURL=token-store.js.map