@codemieai/code 0.0.53 → 0.0.55

package/dist/mcp/stdio-http-bridge.js

@@ -0,0 +1,307 @@
+/**
+ * Stdio-to-HTTP MCP Bridge
+ *
+ * Pipes JSON-RPC messages between a StdioServerTransport (Claude Code side)
+ * and a StreamableHTTPClientTransport (real MCP server side).
+ *
+ * Lazy connect: the HTTP transport is created and started only when the first
+ * stdio message arrives. If the server requires OAuth, the auth flow runs during
+ * that first connection (blocking the first message until auth completes).
+ *
+ * Cookie jar: Node's fetch doesn't persist cookies between requests. Some MCP
+ * auth gateways set session cookies during the OAuth flow that must be sent with
+ * subsequent requests. The bridge maintains a per-origin cookie jar automatically.
+ */
+import { StreamableHTTPClientTransport, UnauthorizedError, } from '@modelcontextprotocol/client';
+import { StdioServerTransport } from '@modelcontextprotocol/server';
+import { logger } from '../utils/logger.js';
+import { proxyLog } from './proxy-logger.js';
+import { McpOAuthProvider } from './auth/mcp-oauth-provider.js';
+function log(msg) {
+    logger.debug(msg);
+    proxyLog(msg);
+}
+/** Serialize an error with all available details (message, cause, status, body, stack). */
+function errorDetail(error) {
+    if (!(error instanceof Error))
+        return String(error);
+    const parts = [`${error.constructor.name}: ${error.message}`];
+    for (const key of ['status', 'statusCode', 'code', 'body', 'response', 'statusText', 'data']) {
+        const val = error[key];
+        if (val !== undefined)
+            parts.push(`  ${key}: ${JSON.stringify(val).slice(0, 500)}`);
+    }
+    if (error.cause)
+        parts.push(`  cause: ${errorDetail(error.cause)}`);
+    if (error.stack)
+        parts.push(`  stack: ${error.stack}`);
+    return parts.join('\n');
+}
+/**
+ * Minimal cookie jar: stores Set-Cookie values keyed by origin, sends them
+ * back on subsequent requests to the same origin.
+ */
+class CookieJar {
+    /** origin → Map<cookie-name, full-cookie-string> */
+    cookies = new Map();
+    /** Extract and store cookies from a response's Set-Cookie headers. */
+    capture(requestUrl, response) {
+        const origin = new URL(requestUrl).origin;
+        // getSetCookie() returns individual Set-Cookie header values
+        const setCookies = response.headers.getSetCookie?.() ?? [];
+        if (setCookies.length === 0)
+            return;
+        let jar = this.cookies.get(origin);
+        if (!jar) {
+            jar = new Map();
+            this.cookies.set(origin, jar);
+        }
+        for (const raw of setCookies) {
+            const name = raw.split('=')[0]?.trim();
+            if (name) {
+                jar.set(name, raw.split(';')[0]); // store "name=value" only
+                log(`[mcp-proxy] Cookie stored for ${origin}: ${name}=***`);
+            }
+        }
+    }
+    /** Build a Cookie header value for the given request URL. */
+    headerFor(requestUrl) {
+        const origin = new URL(requestUrl).origin;
+        const jar = this.cookies.get(origin);
+        if (!jar || jar.size === 0)
+            return undefined;
+        return [...jar.values()].join('; ');
+    }
+}
+export class StdioHttpBridge {
+    stdioTransport;
+    httpTransport = null;
+    oauthProvider;
+    serverUrl;
+    cookieJar = new CookieJar();
+    connected = false;
+    connecting = false;
+    shuttingDown = false;
+    pendingMessages = [];
+    constructor(options) {
+        this.serverUrl = new URL(options.serverUrl);
+        this.oauthProvider = new McpOAuthProvider();
+        this.stdioTransport = new StdioServerTransport();
+        log(`[mcp-proxy] Bridge created for ${this.serverUrl}`);
+    }
+    /**
+     * Start the bridge: begin listening on stdio immediately.
+     * HTTP connection is deferred until the first message arrives.
+     */
+    async start() {
+        this.stdioTransport.onmessage = (message) => {
+            this.handleStdioMessage(message);
+        };
+        this.stdioTransport.onclose = () => {
+            log('[mcp-proxy] Stdio transport closed');
+            this.shutdown();
+        };
+        this.stdioTransport.onerror = (error) => {
+            log(`[mcp-proxy] Stdio transport error: ${error.message}`);
+        };
+        await this.stdioTransport.start();
+        log('[mcp-proxy] Stdio transport started, waiting for messages');
+    }
+    /**
+     * Handle a message from Claude Code (stdio side).
+     * On the first message, lazily connect the HTTP transport.
+     */
+    handleStdioMessage(message) {
+        if (this.shuttingDown)
+            return;
+        log(`[mcp-proxy] Received stdio message: ${JSON.stringify(message).slice(0, 200)}`);
+        if (this.connected && this.httpTransport) {
+            this.httpTransport.send(message).catch((error) => {
+                log(`[mcp-proxy] Error forwarding to HTTP:\n${errorDetail(error)}`);
+                this.shutdown();
+            });
+            return;
+        }
+        this.pendingMessages.push(message);
+        log(`[mcp-proxy] Queued message (${this.pendingMessages.length} pending), connecting=${this.connecting}`);
+        if (!this.connecting) {
+            this.connecting = true;
+            this.connectHttpTransport().catch((error) => {
+                if (this.shuttingDown) {
+                    log(`[mcp-proxy] Connection aborted during shutdown: ${errorDetail(error)}`);
+                    return;
+                }
+                log(`[mcp-proxy] Failed to connect to MCP server:\n${errorDetail(error)}`);
+                process.exit(1);
+            });
+        }
+    }
+    /**
+     * Lazily create and connect the HTTP transport to the real MCP server.
+     * Handles OAuth authorization if the server returns 401.
+     */
+    async connectHttpTransport() {
+        log(`[mcp-proxy] Connecting to MCP server: ${this.serverUrl}`);
+        await this.oauthProvider.ensureCallbackServer();
+        log('[mcp-proxy] Callback server pre-started');
+        this.httpTransport = this.createHttpTransport(this.oauthProvider);
+        log('[mcp-proxy] HTTP transport created with auth provider');
+        try {
+            log('[mcp-proxy] Starting HTTP transport...');
+            await this.httpTransport.start();
+            log('[mcp-proxy] HTTP transport started');
+            this.connected = true;
+            log('[mcp-proxy] HTTP transport connected');
+            try {
+                await this.flushPendingMessages();
+            }
+            catch (error) {
+                if (error instanceof UnauthorizedError) {
+                    log('[mcp-proxy] Auth required on first send, completing OAuth flow');
+                    await this.handleOAuthFlow(this.httpTransport);
+                    log('[mcp-proxy] OAuth complete, retrying queued messages');
+                    await this.flushPendingMessages();
+                }
+                else {
+                    throw error;
+                }
+            }
+        }
+        catch (error) {
+            if (error instanceof UnauthorizedError) {
+                log('[mcp-proxy] Auth required on start, completing OAuth flow');
+                await this.handleOAuthFlow(this.httpTransport);
+                this.connected = true;
+                log('[mcp-proxy] HTTP transport connected after OAuth');
+                await this.flushPendingMessages();
+            }
+            else {
+                throw error;
+            }
+        }
+        finally {
+            this.connecting = false;
+        }
+    }
+    /**
+     * Create an HTTP transport with cookie jar and logging.
+     */
+    createHttpTransport(authProvider) {
+        const jar = this.cookieJar;
+        // Wrap fetch to: (1) inject cookies, (2) capture Set-Cookie, (3) log details
+        const cookieFetch = async (input, init) => {
+            const reqUrl = typeof input === 'string' ? input : input instanceof URL ? input.toString() : input.url;
+            const method = init?.method ?? 'GET';
+            log(`[mcp-proxy] HTTP ${method} ${reqUrl}`);
+            if (init?.body)
+                log(`[mcp-proxy] Request body: ${String(init.body).slice(0, 300)}`);
+            // Inject stored cookies into the request
+            const cookieHeader = jar.headerFor(reqUrl);
+            if (cookieHeader && init?.headers) {
+                const headers = init.headers instanceof Headers ? init.headers : new Headers(init.headers);
+                headers.set('Cookie', cookieHeader);
+                init = { ...init, headers };
+                log(`[mcp-proxy] Injected cookies for ${new URL(reqUrl).origin}`);
+            }
+            // Log auth header presence (not value)
+            if (init?.headers instanceof Headers) {
+                log(`[mcp-proxy] Has Authorization: ${init.headers.has('Authorization')}`);
+                log(`[mcp-proxy] Request headers: ${[...init.headers.keys()].join(', ')}`);
+            }
+            const response = await fetch(input, init);
+            log(`[mcp-proxy] HTTP response: ${response.status} ${response.statusText}`);
+            const ct = response.headers.get('content-type');
+            if (ct)
+                log(`[mcp-proxy] Response content-type: ${ct}`);
+            // Capture any Set-Cookie headers from the response
+            jar.capture(reqUrl, response);
+            // Log error response bodies
+            if (!response.ok) {
+                const cloned = response.clone();
+                const errorBody = await cloned.text().catch(() => '(unreadable)');
+                log(`[mcp-proxy] Error response body: ${errorBody.slice(0, 500)}`);
+            }
+            return response;
+        };
+        const transport = new StreamableHTTPClientTransport(this.serverUrl, {
+            fetch: cookieFetch,
+            ...(authProvider ? { authProvider } : {}),
+        });
+        transport.onmessage = (message) => {
+            log(`[mcp-proxy] Received HTTP message: ${JSON.stringify(message).slice(0, 200)}`);
+            this.stdioTransport.send(message).catch((error) => {
+                log(`[mcp-proxy] Error forwarding to stdio: ${error.message}`);
+            });
+        };
+        transport.onclose = () => {
+            log('[mcp-proxy] HTTP transport closed');
+            this.shutdown();
+        };
+        transport.onerror = (error) => {
+            log(`[mcp-proxy] HTTP transport error:\n${errorDetail(error)}`);
+        };
+        return transport;
+    }
+    /**
+     * Handle the OAuth authorization code flow.
+     */
+    async handleOAuthFlow(transport) {
+        log('[mcp-proxy] Waiting for authorization code from browser...');
+        const code = await this.oauthProvider.waitForAuthorizationCode();
+        log('[mcp-proxy] Authorization code received, exchanging for token');
+        await transport.finishAuth(code);
+        log('[mcp-proxy] Token exchange complete, transport ready');
+    }
+    /**
+     * Forward any messages that arrived while we were connecting/authenticating.
+     * UnauthorizedError is re-thrown so the caller can handle the OAuth flow.
+     */
+    async flushPendingMessages() {
+        const messages = this.pendingMessages;
+        this.pendingMessages = [];
+        for (const message of messages) {
+            try {
+                await this.httpTransport.send(message);
+            }
+            catch (error) {
+                if (error instanceof UnauthorizedError) {
+                    const remaining = messages.slice(messages.indexOf(message));
+                    this.pendingMessages = remaining.concat(this.pendingMessages);
+                    log(`[mcp-proxy] UnauthorizedError during flush, re-queued ${remaining.length} message(s)`);
+                    throw error;
+                }
+                log(`[mcp-proxy] Error flushing pending message:\n${errorDetail(error)}`);
+            }
+        }
+        if (messages.length > 0) {
+            log(`[mcp-proxy] Flushed ${messages.length} pending message(s)`);
+        }
+    }
+    /**
+     * Graceful shutdown: close both transports. Idempotent.
+     */
+    async shutdown() {
+        if (this.shuttingDown)
+            return;
+        this.shuttingDown = true;
+        log('[mcp-proxy] Shutting down bridge');
+        this.oauthProvider.dispose();
+        try {
+            if (this.httpTransport) {
+                await this.httpTransport.terminateSession();
+                await this.httpTransport.close();
+            }
+        }
+        catch (error) {
+            log(`[mcp-proxy] Error closing HTTP transport: ${error.message}`);
+        }
+        try {
+            await this.stdioTransport.close();
+        }
+        catch (error) {
+            log(`[mcp-proxy] Error closing stdio transport: ${error.message}`);
+        }
+        log('[mcp-proxy] Bridge shutdown complete');
+    }
+}
+//# sourceMappingURL=stdio-http-bridge.js.map

package/dist/mcp/stdio-http-bridge.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"stdio-http-bridge.js","sourceRoot":"","sources":["../../src/mcp/stdio-http-bridge.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,EACL,6BAA6B,EAC7B,iBAAiB,GAClB,MAAM,8BAA8B,CAAC;AACtC,OAAO,EAAE,oBAAoB,EAAE,MAAM,8BAA8B,CAAC;AAEpE,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAC5C,OAAO,EAAE,QAAQ,EAAE,MAAM,mBAAmB,CAAC;AAC7C,OAAO,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAC;AAEhE,SAAS,GAAG,CAAC,GAAW;IACtB,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAClB,QAAQ,CAAC,GAAG,CAAC,CAAC;AAChB,CAAC;AAED,2FAA2F;AAC3F,SAAS,WAAW,CAAC,KAAc;IACjC,IAAI,CAAC,CAAC,KAAK,YAAY,KAAK,CAAC;QAAE,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC;IACpD,MAAM,KAAK,GAAa,CAAC,GAAG,KAAK,CAAC,WAAW,CAAC,IAAI,KAAK,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;IACxE,KAAK,MAAM,GAAG,IAAI,CAAC,QAAQ,EAAE,YAAY,EAAE,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,CAAC,EAAE,CAAC;QAC7F,MAAM,GAAG,GAAI,KAA4C,CAAC,GAAG,CAAC,CAAC;QAC/D,IAAI,GAAG,KAAK,SAAS;YAAE,KAAK,CAAC,IAAI,CAAC,KAAK,GAAG,KAAK,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC;IACtF,CAAC;IACD,IAAI,KAAK,CAAC,KAAK;QAAE,KAAK,CAAC,IAAI,CAAC,YAAY,WAAW,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;IACpE,IAAI,KAAK,CAAC,KAAK;QAAE,KAAK,CAAC,IAAI,CAAC,YAAY,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC;IACvD,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED;;;GAGG;AACH,MAAM,SAAS;IACb,oDAAoD;IAC5C,OAAO,GAAG,IAAI,GAAG,EAA+B,CAAC;IAEzD,sEAAsE;IACtE,OAAO,CAAC,UAAkB,EAAE,QAAkB;QAC5C,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC,MAAM,CAAC;QAC1C,6DAA6D;QAC7D,MAAM,UAAU,GAAG,QAAQ,CAAC,OAAO,CAAC,YAAY,EAAE,EAAE,IAAI,EAAE,CAAC;QAC3D,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO;QAEpC,IAAI,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACnC,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,GAAG,GAAG,IAAI,GAAG,EAAE,CAAC;YAChB,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;QAChC,CAAC;QACD,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;YAC7B,MAAM,IAAI,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC;YACvC,IAAI,IAAI,EAAE,CAAC;gBACT,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAE,CAAC,CAAC,CAAC,0BAA0B;gBAC7D,GAAG,CAAC,iCAAiC,MAAM,KAAK,IAAI,MAAM,CAAC,CAAC;YAC9D,CAAC;QACH,CAAC;IACH,CAAC;IAED,6DAA6D;IAC7D,SAAS,CAAC,UAAkB;QAC1B,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC,MAAM,CAAC;QAC1C,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACrC,IAAI,CAAC,GAAG,IAAI,GAAG,CAAC,IAAI,KAAK,CAAC;YAAE,OAAO,SAAS,CAAC;QAC7C,OAAO,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACtC,CAAC;CACF;AAOD,MAAM,OAAO,eAAe;IAClB,cAAc,CAAuB;IACrC,aAAa,GAAyC,IAAI,CAAC;IAC3D,aAAa,CAAmB;IAChC,SAAS,CAAM;IACf,SAAS,GAAG,IAAI,SAAS,EAAE,CAAC;IAC5B,SAAS,GAAG,KAAK,CAAC;IAClB,UAAU,GAAG,KAAK,CAAC;IACnB,YAAY,GAAG,KAAK,CAAC;IACrB,eAAe,GAAqB,EAAE,CAAC;IAE/C,YAAY,OAAsB;QAChC,IAAI,CAAC,SAAS,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAC5C,IAAI,CAAC,aAAa,GAAG,IAAI,gBAAgB,EAAE,CAAC;QAC5C,IAAI,CAAC,cAAc,GAAG,IAAI,oBAAoB,EAAE,CAAC;QACjD,GAAG,CAAC,kCAAkC,IAAI,CAAC,SAAS,EAAE,CAAC,CAAC;IAC1D,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,KAAK;QACT,IAAI,CAAC,cAAc,CAAC,SAAS,GAAG,CAAC,OAAuB,EAAE,EAAE;YAC1D,IAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC;QACnC,CAAC,CAAC;QAEF,IAAI,CAAC,cAAc,CAAC,OAAO,GAAG,GAAG,EAAE;YACjC,GAAG,CAAC,oCAAoC,CAAC,CAAC;YAC1C,IAAI,CAAC,QAAQ,EAAE,CAAC;QAClB,CAAC,CAAC;QAEF,IAAI,CAAC,cAAc,CAAC,OAAO,GAAG,CAAC,KAAY,EAAE,EAAE;YAC7C,GAAG,CAAC,sCAAsC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;QAC7D,CAAC,CAAC;QAEF,MAAM,IAAI,CAAC,cAAc,CAAC,KAAK,EAAE,CAAC;QAClC,GAAG,CAAC,2DAA2D,CAAC,CAAC;IACnE,CAAC;IAED;;;OAGG;IACK,kBAAkB,CAAC,OAAuB;QAChD,IAAI,IAAI,CAAC,YAAY;YAAE,OAAO;QAE9B,GAAG,CAAC,uCAAuC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC;QAEpF,IAAI,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;YACzC,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,CAAC,KAAc,EAAE,EAAE;gBACxD,GAAG,CAAC,0CAA0C,WAAW,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;gBACpE,IAAI,CAAC,QAAQ,EAAE,CAAC;YAClB,CAAC,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACnC,GAAG,CAAC,+BAA+B,IAAI,CAAC,eAAe,CAAC,MAAM,yBAAyB,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC;QAE1G,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;YACrB,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC;YACvB,IAAI,CAAC,oBAAoB,EAAE,CAAC,KAAK,CAAC,CAAC,KAAc,EAAE,EAAE;gBACnD,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;oBACtB,GAAG,CAAC,mDAAmD,WAAW,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;oBAC7E,OAAO;gBACT,CAAC;gBACD,GAAG,CAAC,iDAAiD,WAAW,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;gBAC3E,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED;;;OAGG;IACK,KAAK,CAAC,oBAAoB;QAChC,GAAG,CAAC,yCAAyC,IAAI,CAAC,SAAS,EAAE,CAAC,CAAC;QAE/D,MAAM,IAAI,CAAC,aAAa,CAAC,oBAAoB,EAAE,CAAC;QAChD,GAAG,CAAC,yCAAyC,CAAC,CAAC;QAE/C,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QAClE,GAAG,CAAC,uDAAuD,CAAC,CAAC;QAE7D,IAAI,CAAC;YACH,GAAG,CAAC,wCAAwC,CAAC,CAAC;YAC9C,MAAM,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,CAAC;YACjC,GAAG,CAAC,oCAAoC,CAAC,CAAC;YAE1C,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC;YACtB,GAAG,CAAC,sCAAsC,CAAC,CAAC;YAE5C,IAAI,CAAC;gBACH,MAAM,IAAI,CAAC,oBAAoB,EAAE,CAAC;YACpC,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,IAAI,KAAK,YAAY,iBAAiB,EAAE,CAAC;oBACvC,GAAG,CAAC,gEAAgE,CAAC,CAAC;oBACtE,MAAM,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;oBAC/C,GAAG,CAAC,sDAAsD,CAAC,CAAC;oBAC5D,MAAM,IAAI,CAAC,oBAAoB,EAAE,CAAC;gBACpC,CAAC;qBAAM,CAAC;oBACN,MAAM,KAAK,CAAC;gBACd,CAAC;YACH,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,iBAAiB,EAAE,CAAC;gBACvC,GAAG,CAAC,2DAA2D,CAAC,CAAC;gBACjE,MAAM,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,aAAc,CAAC,CAAC;gBAEhD,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC;gBACtB,GAAG,CAAC,kDAAkD,CAAC,CAAC;gBAExD,MAAM,IAAI,CAAC,oBAAoB,EAAE,CAAC;YACpC,CAAC;iBAAM,CAAC;gBACN,MAAM,KAAK,CAAC;YACd,CAAC;QACH,CAAC;gBAAS,CAAC;YACT,IAAI,CAAC,UAAU,GAAG,KAAK,CAAC;QAC1B,CAAC;IACH,CAAC;IAED;;OAEG;IACK,mBAAmB,CAAC,YAA+B;QACzD,MAAM,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC;QAE3B,6EAA6E;QAC7E,MAAM,WAAW,GAAiB,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE;YACtD,MAAM,MAAM,GAAG,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,YAAY,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAE,KAAiB,CAAC,GAAG,CAAC;YACpH,MAAM,MAAM,GAAG,IAAI,EAAE,MAAM,IAAI,KAAK,CAAC;YACrC,GAAG,CAAC,oBAAoB,MAAM,IAAI,MAAM,EAAE,CAAC,CAAC;YAC5C,IAAI,IAAI,EAAE,IAAI;gBAAE,GAAG,CAAC,6BAA6B,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC;YAEpF,yCAAyC;YACzC,MAAM,YAAY,GAAG,GAAG,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;YAC3C,IAAI,YAAY,IAAI,IAAI,EAAE,OAAO,EAAE,CAAC;gBAClC,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,YAAY,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,OAAiC,CAAC,CAAC;gBACrH,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;gBACpC,IAAI,GAAG,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,CAAC;gBAC5B,GAAG,CAAC,oCAAoC,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;YACpE,CAAC;YAED,uCAAuC;YACvC,IAAI,IAAI,EAAE,OAAO,YAAY,OAAO,EAAE,CAAC;gBACrC,GAAG,CAAC,kCAAkC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,EAAE,CAAC,CAAC;gBAC3E,GAAG,CAAC,gCAAgC,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAC7E,CAAC;YAED,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;YAE1C,GAAG,CAAC,8BAA8B,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC;YAC5E,MAAM,EAAE,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;YAChD,IAAI,EAAE;gBAAE,GAAG,CAAC,sCAAsC,EAAE,EAAE,CAAC,CAAC;YAExD,mDAAmD;YACnD,GAAG,CAAC,OAAO,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;YAE9B,4BAA4B;YAC5B,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,MAAM,MAAM,GAAG,QAAQ,CAAC,KAAK,EAAE,CAAC;gBAChC,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,cAAc,CAAC,CAAC;gBAClE,GAAG,CAAC,oCAAoC,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC;YACrE,CAAC;YAED,OAAO,QAAQ,CAAC;QAClB,CAAC,CAAC;QAEF,MAAM,SAAS,GAAG,IAAI,6BAA6B,CAAC,IAAI,CAAC,SAAS,EAAE;YAClE,KAAK,EAAE,WAAW;YAClB,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC,EAAE,YAAY,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAC1C,CAAC,CAAC;QAEH,SAAS,CAAC,SAAS,GAAG,CAAC,OAAuB,EAAE,EAAE;YAChD,GAAG,CAAC,sCAAsC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC;YACnF,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,CAAC,KAAY,EAAE,EAAE;gBACvD,GAAG,CAAC,0CAA0C,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YACjE,CAAC,CAAC,CAAC;QACL,CAAC,CAAC;QAEF,SAAS,CAAC,OAAO,GAAG,GAAG,EAAE;YACvB,GAAG,CAAC,mCAAmC,CAAC,CAAC;YACzC,IAAI,CAAC,QAAQ,EAAE,CAAC;QAClB,CAAC,CAAC;QAEF,SAAS,CAAC,OAAO,GAAG,CAAC,KAAY,EAAE,EAAE;YACnC,GAAG,CAAC,sCAAsC,WAAW,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QAClE,CAAC,CAAC;QAEF,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,eAAe,CAAC,SAAwC;QACpE,GAAG,CAAC,4DAA4D,CAAC,CAAC;QAClE,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,wBAAwB,EAAE,CAAC;QACjE,GAAG,CAAC,+DAA+D,CAAC,CAAC;QAErE,MAAM,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;QACjC,GAAG,CAAC,sDAAsD,CAAC,CAAC;IAC9D,CAAC;IAED;;;OAGG;IACK,KAAK,CAAC,oBAAoB;QAChC,MAAM,QAAQ,GAAG,IAAI,CAAC,eAAe,CAAC;QACtC,IAAI,CAAC,eAAe,GAAG,EAAE,CAAC;QAE1B,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;YAC/B,IAAI,CAAC;gBACH,MAAM,IAAI,CAAC,aAAc,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAC1C,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,IAAI,KAAK,YAAY,iBAAiB,EAAE,CAAC;oBACvC,MAAM,SAAS,GAAG,QAAQ,CAAC,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC;oBAC5D,IAAI,CAAC,eAAe,GAAG,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;oBAC9D,GAAG,CAAC,yDAAyD,SAAS,CAAC,MAAM,aAAa,CAAC,CAAC;oBAC5F,MAAM,KAAK,CAAC;gBACd,CAAC;gBACD,GAAG,CAAC,gDAAgD,WAAW,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;YAC5E,CAAC;QACH,CAAC;QAED,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACxB,GAAG,CAAC,uBAAuB,QAAQ,CAAC,MAAM,qBAAqB,CAAC,CAAC;QACnE,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,QAAQ;QACZ,IAAI,IAAI,CAAC,YAAY;YAAE,OAAO;QAC9B,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC;QAEzB,GAAG,CAAC,kCAAkC,CAAC,CAAC;QACxC,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,CAAC;QAE7B,IAAI,CAAC;YACH,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;gBACvB,MAAM,IAAI,CAAC,aAAa,CAAC,gBAAgB,EAAE,CAAC;gBAC5C,MAAM,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,CAAC;YACnC,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,GAAG,CAAC,6CAA8C,KAAe,CAAC,OAAO,EAAE,CAAC,CAAC;QAC/E,CAAC;QAED,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,cAAc,CAAC,KAAK,EAAE,CAAC;QACpC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,GAAG,CAAC,8CAA+C,KAAe,CAAC,OAAO,EAAE,CAAC,CAAC;QAChF,CAAC;QAED,GAAG,CAAC,sCAAsC,CAAC,CAAC;IAC9C,CAAC;CACF"}

package/dist/providers/plugins/sso/proxy/plugins/index.d.ts

@@ -4,6 +4,7 @@
  * KISS: Single file to register all core plugins
  * Extensibility: Easy to add new plugins
  */
+import { MCPAuthPlugin } from './mcp-auth.plugin.js';
 import { EndpointBlockerPlugin } from './endpoint-blocker.plugin.js';
 import { SSOAuthPlugin } from './sso-auth.plugin.js';
 import { JWTAuthPlugin } from './jwt-auth.plugin.js';
@@ -15,7 +16,7 @@ import { LoggingPlugin } from './logging.plugin.js';
  * Called at app startup
  */
 export declare function registerCorePlugins(): void;
-export { EndpointBlockerPlugin, SSOAuthPlugin, JWTAuthPlugin, HeaderInjectionPlugin, RequestSanitizerPlugin, LoggingPlugin };
+export { MCPAuthPlugin, EndpointBlockerPlugin, SSOAuthPlugin, JWTAuthPlugin, HeaderInjectionPlugin, RequestSanitizerPlugin, LoggingPlugin };
 export { SSOSessionSyncPlugin } from './sso.session-sync.plugin.js';
 export { getPluginRegistry, resetPluginRegistry } from './registry.js';
 export * from './types.js';

package/dist/providers/plugins/sso/proxy/plugins/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../../src/providers/plugins/sso/proxy/plugins/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,EAAE,qBAAqB,EAAE,MAAM,8BAA8B,CAAC;AACrE,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACrD,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACrD,OAAO,EAAE,qBAAqB,EAAE,MAAM,8BAA8B,CAAC;AACrE,OAAO,EAAE,sBAAsB,EAAE,MAAM,+BAA+B,CAAC;AACvE,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAGpD;;;GAGG;AACH,wBAAgB,mBAAmB,IAAI,IAAI,CAW1C;AAMD,OAAO,EAAE,qBAAqB,EAAE,aAAa,EAAE,aAAa,EAAE,qBAAqB,EAAE,sBAAsB,EAAE,aAAa,EAAE,CAAC;AAC7H,OAAO,EAAE,oBAAoB,EAAE,MAAM,8BAA8B,CAAC;AACpE,OAAO,EAAE,iBAAiB,EAAE,mBAAmB,EAAE,MAAM,eAAe,CAAC;AACvE,cAAc,YAAY,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../../src/providers/plugins/sso/proxy/plugins/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACrD,OAAO,EAAE,qBAAqB,EAAE,MAAM,8BAA8B,CAAC;AACrE,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACrD,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACrD,OAAO,EAAE,qBAAqB,EAAE,MAAM,8BAA8B,CAAC;AACrE,OAAO,EAAE,sBAAsB,EAAE,MAAM,+BAA+B,CAAC;AACvE,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAGpD;;;GAGG;AACH,wBAAgB,mBAAmB,IAAI,IAAI,CAY1C;AAMD,OAAO,EAAE,aAAa,EAAE,qBAAqB,EAAE,aAAa,EAAE,aAAa,EAAE,qBAAqB,EAAE,sBAAsB,EAAE,aAAa,EAAE,CAAC;AAC5I,OAAO,EAAE,oBAAoB,EAAE,MAAM,8BAA8B,CAAC;AACpE,OAAO,EAAE,iBAAiB,EAAE,mBAAmB,EAAE,MAAM,eAAe,CAAC;AACvE,cAAc,YAAY,CAAC"}

package/dist/providers/plugins/sso/proxy/plugins/index.js

@@ -5,6 +5,7 @@
  * Extensibility: Easy to add new plugins
  */
 import { getPluginRegistry } from './registry.js';
+import { MCPAuthPlugin } from './mcp-auth.plugin.js';
 import { EndpointBlockerPlugin } from './endpoint-blocker.plugin.js';
 import { SSOAuthPlugin } from './sso-auth.plugin.js';
 import { JWTAuthPlugin } from './jwt-auth.plugin.js';
@@ -19,6 +20,7 @@ import { SSOSessionSyncPlugin } from './sso.session-sync.plugin.js';
 export function registerCorePlugins() {
     const registry = getPluginRegistry();
     // Register in any order (priority determines execution order)
+    registry.register(new MCPAuthPlugin()); // Priority 3 - MCP auth relay routing
     registry.register(new EndpointBlockerPlugin()); // Priority 5 - blocks unwanted endpoints early
     registry.register(new SSOAuthPlugin());
     registry.register(new JWTAuthPlugin());
@@ -30,7 +32,7 @@ export function registerCorePlugins() {
 // Auto-register on import
 registerCorePlugins();
 // Re-export for convenience
-export { EndpointBlockerPlugin, SSOAuthPlugin, JWTAuthPlugin, HeaderInjectionPlugin, RequestSanitizerPlugin, LoggingPlugin };
+export { MCPAuthPlugin, EndpointBlockerPlugin, SSOAuthPlugin, JWTAuthPlugin, HeaderInjectionPlugin, RequestSanitizerPlugin, LoggingPlugin };
 export { SSOSessionSyncPlugin } from './sso.session-sync.plugin.js';
 export { getPluginRegistry, resetPluginRegistry } from './registry.js';
 export * from './types.js';

package/dist/providers/plugins/sso/proxy/plugins/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../../src/providers/plugins/sso/proxy/plugins/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,iBAAiB,EAAE,MAAM,eAAe,CAAC;AAClD,OAAO,EAAE,qBAAqB,EAAE,MAAM,8BAA8B,CAAC;AACrE,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACrD,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACrD,OAAO,EAAE,qBAAqB,EAAE,MAAM,8BAA8B,CAAC;AACrE,OAAO,EAAE,sBAAsB,EAAE,MAAM,+BAA+B,CAAC;AACvE,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,oBAAoB,EAAE,MAAM,8BAA8B,CAAC;AAEpE;;;GAGG;AACH,MAAM,UAAU,mBAAmB;IACjC,MAAM,QAAQ,GAAG,iBAAiB,EAAE,CAAC;IAErC,8DAA8D;IAC9D,QAAQ,CAAC,QAAQ,CAAC,IAAI,qBAAqB,EAAE,CAAC,CAAC,CAAC,+CAA+C;IAC/F,QAAQ,CAAC,QAAQ,CAAC,IAAI,aAAa,EAAE,CAAC,CAAC;IACvC,QAAQ,CAAC,QAAQ,CAAC,IAAI,aAAa,EAAE,CAAC,CAAC;IACvC,QAAQ,CAAC,QAAQ,CAAC,IAAI,sBAAsB,EAAE,CAAC,CAAC,CAAC,oDAAoD;IACrG,QAAQ,CAAC,QAAQ,CAAC,IAAI,qBAAqB,EAAE,CAAC,CAAC;IAC/C,QAAQ,CAAC,QAAQ,CAAC,IAAI,aAAa,EAAE,CAAC,CAAC,CAAC,mDAAmD;IAC3F,QAAQ,CAAC,QAAQ,CAAC,IAAI,oBAAoB,EAAE,CAAC,CAAC,CAAC,wDAAwD;AACzG,CAAC;AAED,0BAA0B;AAC1B,mBAAmB,EAAE,CAAC;AAEtB,4BAA4B;AAC5B,OAAO,EAAE,qBAAqB,EAAE,aAAa,EAAE,aAAa,EAAE,qBAAqB,EAAE,sBAAsB,EAAE,aAAa,EAAE,CAAC;AAC7H,OAAO,EAAE,oBAAoB,EAAE,MAAM,8BAA8B,CAAC;AACpE,OAAO,EAAE,iBAAiB,EAAE,mBAAmB,EAAE,MAAM,eAAe,CAAC;AACvE,cAAc,YAAY,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../../src/providers/plugins/sso/proxy/plugins/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,iBAAiB,EAAE,MAAM,eAAe,CAAC;AAClD,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACrD,OAAO,EAAE,qBAAqB,EAAE,MAAM,8BAA8B,CAAC;AACrE,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACrD,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACrD,OAAO,EAAE,qBAAqB,EAAE,MAAM,8BAA8B,CAAC;AACrE,OAAO,EAAE,sBAAsB,EAAE,MAAM,+BAA+B,CAAC;AACvE,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,oBAAoB,EAAE,MAAM,8BAA8B,CAAC;AAEpE;;;GAGG;AACH,MAAM,UAAU,mBAAmB;IACjC,MAAM,QAAQ,GAAG,iBAAiB,EAAE,CAAC;IAErC,8DAA8D;IAC9D,QAAQ,CAAC,QAAQ,CAAC,IAAI,aAAa,EAAE,CAAC,CAAC,CAAU,sCAAsC;IACvF,QAAQ,CAAC,QAAQ,CAAC,IAAI,qBAAqB,EAAE,CAAC,CAAC,CAAC,+CAA+C;IAC/F,QAAQ,CAAC,QAAQ,CAAC,IAAI,aAAa,EAAE,CAAC,CAAC;IACvC,QAAQ,CAAC,QAAQ,CAAC,IAAI,aAAa,EAAE,CAAC,CAAC;IACvC,QAAQ,CAAC,QAAQ,CAAC,IAAI,sBAAsB,EAAE,CAAC,CAAC,CAAC,oDAAoD;IACrG,QAAQ,CAAC,QAAQ,CAAC,IAAI,qBAAqB,EAAE,CAAC,CAAC;IAC/C,QAAQ,CAAC,QAAQ,CAAC,IAAI,aAAa,EAAE,CAAC,CAAC,CAAC,mDAAmD;IAC3F,QAAQ,CAAC,QAAQ,CAAC,IAAI,oBAAoB,EAAE,CAAC,CAAC,CAAC,wDAAwD;AACzG,CAAC;AAED,0BAA0B;AAC1B,mBAAmB,EAAE,CAAC;AAEtB,4BAA4B;AAC5B,OAAO,EAAE,aAAa,EAAE,qBAAqB,EAAE,aAAa,EAAE,aAAa,EAAE,qBAAqB,EAAE,sBAAsB,EAAE,aAAa,EAAE,CAAC;AAC5I,OAAO,EAAE,oBAAoB,EAAE,MAAM,8BAA8B,CAAC;AACpE,OAAO,EAAE,iBAAiB,EAAE,mBAAmB,EAAE,MAAM,eAAe,CAAC;AACvE,cAAc,YAAY,CAAC"}

package/dist/providers/plugins/sso/proxy/plugins/mcp-auth.plugin.d.ts

@@ -0,0 +1,34 @@
+/**
+ * MCP Authorization Proxy Plugin
+ * Priority: 3 (runs before endpoint blocker, auth, and all other plugins)
+ *
+ * Proxies the MCP OAuth authorization flow so that:
+ * 1. All auth traffic is routed through the CodeMie proxy
+ * 2. `client_name` is replaced with MCP_CLIENT_NAME env var (default "CodeMie CLI") in dynamic client registration
+ *
+ * URL scheme:
+ * - /mcp_auth?original=<url>                          → Initial MCP connection
+ * - /mcp_relay/<root_b64>/<relay_b64>/<path>          → Relayed requests (per-flow scoped)
+ *
+ * The root_b64 segment carries the root MCP server origin for per-flow isolation.
+ * The relay_b64 segment identifies the actual target origin (may differ from root
+ * when the auth server is on a separate host).
+ *
+ * Response URL rewriting replaces external URLs with proxy relay URLs so that
+ * the MCP client (Claude Code CLI) routes all subsequent requests through the proxy.
+ *
+ * Security:
+ * - SSRF protection: private/loopback origins are rejected (hostname + DNS resolution)
+ * - Per-flow origin scoping: discovered origins are tagged with their root MCP server
+ *   origin and relay requests validate the root-relay association
+ * - Buffering is restricted to auth metadata responses; post-auth MCP traffic streams through
+ */
+import { ProxyPlugin, PluginContext, ProxyInterceptor } from './types.js';
+export declare class MCPAuthPlugin implements ProxyPlugin {
+    id: string;
+    name: string;
+    version: string;
+    priority: number;
+    createInterceptor(context: PluginContext): Promise<ProxyInterceptor>;
+}
+//# sourceMappingURL=mcp-auth.plugin.d.ts.map

package/dist/providers/plugins/sso/proxy/plugins/mcp-auth.plugin.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"mcp-auth.plugin.d.ts","sourceRoot":"","sources":["../../../../../../src/providers/plugins/sso/proxy/plugins/mcp-auth.plugin.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AAOH,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AA0O1E,qBAAa,aAAc,YAAW,WAAW;IAC/C,EAAE,SAA6B;IAC/B,IAAI,SAAoB;IACxB,OAAO,SAAW;IAClB,QAAQ,SAAK;IAEP,iBAAiB,CAAC,OAAO,EAAE,aAAa,GAAG,OAAO,CAAC,gBAAgB,CAAC;CAG3E"}