@codemieai/code 0.0.54 → 0.0.55

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (53) hide show
  1. package/README.md +6 -0
  2. package/bin/codemie-mcp-proxy.js +91 -0
  3. package/dist/agents/core/BaseAgentAdapter.d.ts.map +1 -1
  4. package/dist/agents/core/BaseAgentAdapter.js +3 -0
  5. package/dist/agents/core/BaseAgentAdapter.js.map +1 -1
  6. package/dist/cli/commands/mcp/index.d.ts +3 -0
  7. package/dist/cli/commands/mcp/index.d.ts.map +1 -0
  8. package/dist/cli/commands/mcp/index.js +103 -0
  9. package/dist/cli/commands/mcp/index.js.map +1 -0
  10. package/dist/cli/commands/mcp-proxy.d.ts +13 -0
  11. package/dist/cli/commands/mcp-proxy.d.ts.map +1 -0
  12. package/dist/cli/commands/mcp-proxy.js +53 -0
  13. package/dist/cli/commands/mcp-proxy.js.map +1 -0
  14. package/dist/cli/index.js +4 -0
  15. package/dist/cli/index.js.map +1 -1
  16. package/dist/mcp/auth/callback-server.d.ts +22 -0
  17. package/dist/mcp/auth/callback-server.d.ts.map +1 -0
  18. package/dist/mcp/auth/callback-server.js +87 -0
  19. package/dist/mcp/auth/callback-server.js.map +1 -0
  20. package/dist/mcp/auth/mcp-oauth-provider.d.ts +49 -0
  21. package/dist/mcp/auth/mcp-oauth-provider.d.ts.map +1 -0
  22. package/dist/mcp/auth/mcp-oauth-provider.js +156 -0
  23. package/dist/mcp/auth/mcp-oauth-provider.js.map +1 -0
  24. package/dist/mcp/constants.d.ts +5 -0
  25. package/dist/mcp/constants.d.ts.map +1 -0
  26. package/dist/mcp/constants.js +7 -0
  27. package/dist/mcp/constants.js.map +1 -0
  28. package/dist/mcp/proxy-logger.d.ts +7 -0
  29. package/dist/mcp/proxy-logger.d.ts.map +1 -0
  30. package/dist/mcp/proxy-logger.js +32 -0
  31. package/dist/mcp/proxy-logger.js.map +1 -0
  32. package/dist/mcp/stdio-http-bridge.d.ts +63 -0
  33. package/dist/mcp/stdio-http-bridge.d.ts.map +1 -0
  34. package/dist/mcp/stdio-http-bridge.js +307 -0
  35. package/dist/mcp/stdio-http-bridge.js.map +1 -0
  36. package/dist/providers/plugins/sso/proxy/plugins/index.d.ts +2 -1
  37. package/dist/providers/plugins/sso/proxy/plugins/index.d.ts.map +1 -1
  38. package/dist/providers/plugins/sso/proxy/plugins/index.js +3 -1
  39. package/dist/providers/plugins/sso/proxy/plugins/index.js.map +1 -1
  40. package/dist/providers/plugins/sso/proxy/plugins/mcp-auth.plugin.d.ts +34 -0
  41. package/dist/providers/plugins/sso/proxy/plugins/mcp-auth.plugin.d.ts.map +1 -0
  42. package/dist/providers/plugins/sso/proxy/plugins/mcp-auth.plugin.js +1200 -0
  43. package/dist/providers/plugins/sso/proxy/plugins/mcp-auth.plugin.js.map +1 -0
  44. package/dist/providers/plugins/sso/proxy/plugins/types.d.ts +18 -1
  45. package/dist/providers/plugins/sso/proxy/plugins/types.d.ts.map +1 -1
  46. package/dist/providers/plugins/sso/proxy/sso.proxy.d.ts.map +1 -1
  47. package/dist/providers/plugins/sso/proxy/sso.proxy.js +32 -2
  48. package/dist/providers/plugins/sso/proxy/sso.proxy.js.map +1 -1
  49. package/dist/utils/exec.d.ts +1 -0
  50. package/dist/utils/exec.d.ts.map +1 -1
  51. package/dist/utils/exec.js +13 -5
  52. package/dist/utils/exec.js.map +1 -1
  53. package/package.json +5 -2
package/dist/mcp/auth/callback-server.js ADDED
@@ -0,0 +1,87 @@
1
+ /**
2
+ * Ephemeral localhost HTTP server for receiving OAuth authorization callbacks.
3
+ *
4
+ * Starts on an OS-assigned port, waits for a single callback with an authorization
5
+ * code, then shuts down. Used during the MCP OAuth browser-based authorization flow.
6
+ */
7
+ import { createServer } from 'http';
8
+ import { URL } from 'url';
9
+ import { logger } from '../../utils/logger.js';
10
+ /**
11
+ * Start an ephemeral callback server and return the redirect URL and a promise
12
+ * that resolves with the authorization code when the callback is received.
13
+ */
14
+ export async function startCallbackServer(options) {
15
+ const timeoutMs = options?.timeoutMs ?? 120_000; // 2 minutes default
16
+ let settled = false;
17
+ let resolveCallback;
18
+ let rejectCallback;
19
+ const waitForCallback = new Promise((resolve, reject) => {
20
+ resolveCallback = resolve;
21
+ rejectCallback = reject;
22
+ });
23
+ const settle = (fn) => {
24
+ if (settled)
25
+ return;
26
+ settled = true;
27
+ fn();
28
+ };
29
+ const server = createServer((req, res) => {
30
+ const url = new URL(req.url || '/', `http://localhost`);
31
+ if (url.pathname !== '/callback') {
32
+ res.writeHead(404, { 'Content-Type': 'text/plain' });
33
+ res.end('Not found');
34
+ return;
35
+ }
36
+ const code = url.searchParams.get('code');
37
+ const error = url.searchParams.get('error');
38
+ const errorDescription = url.searchParams.get('error_description');
39
+ if (error) {
40
+ res.writeHead(200, { 'Content-Type': 'text/html' });
41
+ res.end('<html><body><h2>Authorization failed</h2><p>You can close this tab.</p></body></html>');
42
+ settle(() => rejectCallback(new Error(`OAuth error: ${error}${errorDescription ? ` — ${errorDescription}` : ''}`)));
43
+ return;
44
+ }
45
+ if (!code) {
46
+ res.writeHead(400, { 'Content-Type': 'text/html' });
47
+ res.end('<html><body><h2>Missing authorization code</h2></body></html>');
48
+ settle(() => rejectCallback(new Error('Missing authorization code in callback')));
49
+ return;
50
+ }
51
+ const state = url.searchParams.get('state') || undefined;
52
+ res.writeHead(200, { 'Content-Type': 'text/html' });
53
+ res.end('<html><body><h2>Authorization successful</h2><p>You can close this tab.</p></body></html>');
54
+ settle(() => resolveCallback({ code, state }));
55
+ });
56
+ // Listen on OS-assigned port
57
+ await new Promise((resolve, reject) => {
58
+ server.listen(0, 'localhost', () => resolve());
59
+ server.on('error', reject);
60
+ });
61
+ const address = server.address();
62
+ if (!address || typeof address === 'string') {
63
+ server.close();
64
+ throw new Error('Failed to get callback server address');
65
+ }
66
+ const redirectUrl = `http://localhost:${address.port}/callback`;
67
+ logger.debug(`[mcp-proxy] OAuth callback server listening on ${redirectUrl}`);
68
+ // Timeout: reject if no callback received within timeoutMs
69
+ const timer = setTimeout(() => {
70
+ settle(() => rejectCallback(new Error(`OAuth authorization timed out after ${timeoutMs / 1000}s`)));
71
+ server.close();
72
+ }, timeoutMs);
73
+ // Auto-close server after callback (success or error)
74
+ const originalWait = waitForCallback;
75
+ const cleanupWait = originalWait.finally(() => {
76
+ clearTimeout(timer);
77
+ server.close();
78
+ logger.debug('[mcp-proxy] OAuth callback server closed');
79
+ });
80
+ const close = () => {
81
+ settle(() => rejectCallback(new Error('Callback server closed')));
82
+ clearTimeout(timer);
83
+ server.close();
84
+ };
85
+ return { redirectUrl, waitForCallback: cleanupWait, close };
86
+ }
87
+ //# sourceMappingURL=callback-server.js.map
package/dist/mcp/auth/callback-server.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"callback-server.js","sourceRoot":"","sources":["../../../src/mcp/auth/callback-server.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,YAAY,EAAe,MAAM,MAAM,CAAC;AACjD,OAAO,EAAE,GAAG,EAAE,MAAM,KAAK,CAAC;AAC1B,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAO/C;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAC,OAEzC;IAKC,MAAM,SAAS,GAAG,OAAO,EAAE,SAAS,IAAI,OAAO,CAAC,CAAC,oBAAoB;IAErE,IAAI,OAAO,GAAG,KAAK,CAAC;IACpB,IAAI,eAAiD,CAAC;IACtD,IAAI,cAAsC,CAAC;IAC3C,MAAM,eAAe,GAAG,IAAI,OAAO,CAAiB,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACtE,eAAe,GAAG,OAAO,CAAC;QAC1B,cAAc,GAAG,MAAM,CAAC;IAC1B,CAAC,CAAC,CAAC;IAEH,MAAM,MAAM,GAAG,CAAC,EAAc,EAAE,EAAE;QAChC,IAAI,OAAO;YAAE,OAAO;QACpB,OAAO,GAAG,IAAI,CAAC;QACf,EAAE,EAAE,CAAC;IACP,CAAC,CAAC;IAEF,MAAM,MAAM,GAAW,YAAY,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;QAC/C,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,IAAI,GAAG,EAAE,kBAAkB,CAAC,CAAC;QAExD,IAAI,GAAG,CAAC,QAAQ,KAAK,WAAW,EAAE,CAAC;YACjC,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,YAAY,EAAE,CAAC,CAAC;YACrD,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;YACrB,OAAO;QACT,CAAC;QAED,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QAC1C,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAC5C,MAAM,gBAAgB,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC;QAEnE,IAAI,KAAK,EAAE,CAAC;YACV,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;YACpD,GAAG,CAAC,GAAG,CAAC,uFAAuF,CAAC,CAAC;YACjG,MAAM,CAAC,GAAG,EAAE,CAAC,cAAc,CAAC,IAAI,KAAK,CAAC,gBAAgB,KAAK,GAAG,gBAAgB,CAAC,CAAC,CAAC,MAAM,gBAAgB,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC;YACpH,OAAO;QACT,CAAC;QAED,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;YACpD,GAAG,CAAC,GAAG,CAAC,+DAA+D,CAAC,CAAC;YACzE,MAAM,CAAC,GAAG,EAAE,CAAC,cAAc,CAAC,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC,CAAC,CAAC;YAClF,OAAO;QACT,CAAC;QAED,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,SAAS,CAAC;QAEzD,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;QACpD,GAAG,CAAC,GAAG,CAAC,2FAA2F,CAAC,CAAC;QAErG,MAAM,CAAC,GAAG,EAAE,CAAC,eAAe,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC;IACjD,CAAC,CAAC,CAAC;IAEH,6BAA6B;IAC7B,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QAC1C,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE,WAAW,EAAE,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC,CAAC;QAC/C,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAC7B,CAAC,CAAC,CAAC;IAEH,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,EAAE,CAAC;IACjC,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;QAC5C,MAAM,CAAC,KAAK,EAAE,CAAC;QACf,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;IAC3D,CAAC;IAED,MAAM,WAAW,GAAG,oBAAoB,OAAO,CAAC,IAAI,WAAW,CAAC;IAChE,MAAM,CAAC,KAAK,CAAC,kDAAkD,WAAW,EAAE,CAAC,CAAC;IAE9E,2DAA2D;IAC3D,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE;QAC5B,MAAM,CAAC,GAAG,EAAE,CAAC,cAAc,CAAC,IAAI,KAAK,CAAC,uCAAuC,SAAS,GAAG,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC;QACpG,MAAM,CAAC,KAAK,EAAE,CAAC;IACjB,CAAC,EAAE,SAAS,CAAC,CAAC;IAEd,sDAAsD;IACtD,MAAM,YAAY,GAAG,eAAe,CAAC;IACrC,MAAM,WAAW,GAAG,YAAY,CAAC,OAAO,CAAC,GAAG,EAAE;QAC5C,YAAY,CAAC,KAAK,CAAC,CAAC;QACpB,MAAM,CAAC,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,KAAK,CAAC,0CAA0C,CAAC,CAAC;IAC3D,CAAC,CAAC,CAAC;IAEH,MAAM,KAAK,GAAG,GAAG,EAAE;QACjB,MAAM,CAAC,GAAG,EAAE,CAAC,cAAc,CAAC,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC,CAAC,CAAC;QAClE,YAAY,CAAC,KAAK,CAAC,CAAC;QACpB,MAAM,CAAC,KAAK,EAAE,CAAC;IACjB,CAAC,CAAC;IAEF,OAAO,EAAE,WAAW,EAAE,eAAe,EAAE,WAAW,EAAE,KAAK,EAAE,CAAC;AAC9D,CAAC"}
package/dist/mcp/auth/mcp-oauth-provider.d.ts ADDED
@@ -0,0 +1,49 @@
1
+ /**
2
+ * MCP OAuth Client Provider
3
+ *
4
+ * Implements the OAuthClientProvider interface from the MCP SDK for browser-based
5
+ * OAuth authorization code flow. All state is memory-only (no persistent storage).
6
+ *
7
+ * Flow: 401 → resource metadata → auth server metadata → dynamic client registration
8
+ * (client_name from MCP_CLIENT_NAME env var, default "CodeMie CLI") → browser authorization → callback → token exchange.
9
+ */
10
+ import type { OAuthClientProvider, OAuthClientMetadata, OAuthClientInformationMixed, OAuthTokens } from '@modelcontextprotocol/client';
11
+ /**
12
+ * In-memory OAuth provider for MCP authorization code flow.
13
+ * Tokens and client info are stored in memory only — re-auth required each session.
14
+ */
15
+ export declare class McpOAuthProvider implements OAuthClientProvider {
16
+ private _redirectUrl;
17
+ private _clientInfo;
18
+ private _tokens;
19
+ private _codeVerifier;
20
+ private callbackWait;
21
+ private callbackClose;
22
+ get redirectUrl(): string | undefined;
23
+ get clientMetadata(): OAuthClientMetadata;
24
+ /**
25
+ * Pre-start the callback server so that clientMetadata.redirect_uris is
26
+ * populated before the SDK calls registerClient(). Must be called before
27
+ * connecting the HTTP transport.
28
+ */
29
+ ensureCallbackServer(): Promise<void>;
30
+ clientInformation(): OAuthClientInformationMixed | undefined;
31
+ saveClientInformation(info: OAuthClientInformationMixed): void;
32
+ tokens(): OAuthTokens | undefined;
33
+ saveTokens(tokens: OAuthTokens): void;
34
+ redirectToAuthorization(authorizationUrl: URL): Promise<void>;
35
+ saveCodeVerifier(codeVerifier: string): void;
36
+ codeVerifier(): string;
37
+ invalidateCredentials(scope: 'all' | 'client' | 'tokens' | 'verifier' | 'discovery'): void;
38
+ /**
39
+ * Wait for the OAuth callback after browser redirect.
40
+ * Returns the authorization code from the callback.
41
+ * This is called externally by the bridge after auth() returns 'REDIRECT'.
42
+ */
43
+ waitForAuthorizationCode(): Promise<string>;
44
+ /**
45
+ * Clean up the callback server if still running (e.g., on shutdown).
46
+ */
47
+ dispose(): void;
48
+ }
49
+ //# sourceMappingURL=mcp-oauth-provider.d.ts.map
package/dist/mcp/auth/mcp-oauth-provider.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"mcp-oauth-provider.d.ts","sourceRoot":"","sources":["../../../src/mcp/auth/mcp-oauth-provider.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAOH,OAAO,KAAK,EACV,mBAAmB,EACnB,mBAAmB,EACnB,2BAA2B,EAC3B,WAAW,EACZ,MAAM,8BAA8B,CAAC;AAEtC;;;GAGG;AACH,qBAAa,gBAAiB,YAAW,mBAAmB;IAC1D,OAAO,CAAC,YAAY,CAAqB;IACzC,OAAO,CAAC,WAAW,CAA0C;IAC7D,OAAO,CAAC,OAAO,CAA0B;IACzC,OAAO,CAAC,aAAa,CAAqB;IAG1C,OAAO,CAAC,YAAY,CAAsC;IAC1D,OAAO,CAAC,aAAa,CAA2B;IAEhD,IAAI,WAAW,IAAI,MAAM,GAAG,SAAS,CAEpC;IAED,IAAI,cAAc,IAAI,mBAAmB,CAQxC;IAED;;;;OAIG;IACG,oBAAoB,IAAI,OAAO,CAAC,IAAI,CAAC;IAS3C,iBAAiB,IAAI,2BAA2B,GAAG,SAAS;IAI5D,qBAAqB,CAAC,IAAI,EAAE,2BAA2B,GAAG,IAAI;IAK9D,MAAM,IAAI,WAAW,GAAG,SAAS;IAIjC,UAAU,CAAC,MAAM,EAAE,WAAW,GAAG,IAAI;IAK/B,uBAAuB,CAAC,gBAAgB,EAAE,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC;IAgBnE,gBAAgB,CAAC,YAAY,EAAE,MAAM,GAAG,IAAI;IAI5C,YAAY,IAAI,MAAM;IAItB,qBAAqB,CAAC,KAAK,EAAE,KAAK,GAAG,QAAQ,GAAG,QAAQ,GAAG,UAAU,GAAG,WAAW,GAAG,IAAI;IAa1F;;;;OAIG;IACG,wBAAwB,IAAI,OAAO,CAAC,MAAM,CAAC;IAejD;;OAEG;IACH,OAAO,IAAI,IAAI;CAKhB"}
package/dist/mcp/auth/mcp-oauth-provider.js ADDED
@@ -0,0 +1,156 @@
1
+ /**
2
+ * MCP OAuth Client Provider
3
+ *
4
+ * Implements the OAuthClientProvider interface from the MCP SDK for browser-based
5
+ * OAuth authorization code flow. All state is memory-only (no persistent storage).
6
+ *
7
+ * Flow: 401 → resource metadata → auth server metadata → dynamic client registration
8
+ * (client_name from MCP_CLIENT_NAME env var, default "CodeMie CLI") → browser authorization → callback → token exchange.
9
+ */
10
+ import { execFile } from 'child_process';
11
+ import { logger } from '../../utils/logger.js';
12
+ import { getMcpClientName } from '../constants.js';
13
+ import { startCallbackServer } from './callback-server.js';
14
+ /**
15
+ * In-memory OAuth provider for MCP authorization code flow.
16
+ * Tokens and client info are stored in memory only — re-auth required each session.
17
+ */
18
+ export class McpOAuthProvider {
19
+ _redirectUrl;
20
+ _clientInfo;
21
+ _tokens;
22
+ _codeVerifier;
23
+ // Callback server state (active during authorization)
24
+ callbackWait;
25
+ callbackClose;
26
+ get redirectUrl() {
27
+ return this._redirectUrl;
28
+ }
29
+ get clientMetadata() {
30
+ return {
31
+ client_name: getMcpClientName(),
32
+ redirect_uris: this._redirectUrl ? [this._redirectUrl] : [],
33
+ grant_types: ['authorization_code', 'refresh_token'],
34
+ response_types: ['code'],
35
+ token_endpoint_auth_method: 'none',
36
+ };
37
+ }
38
+ /**
39
+ * Pre-start the callback server so that clientMetadata.redirect_uris is
40
+ * populated before the SDK calls registerClient(). Must be called before
41
+ * connecting the HTTP transport.
42
+ */
43
+ async ensureCallbackServer() {
44
+ if (this.callbackWait)
45
+ return;
46
+ const { redirectUrl, waitForCallback, close } = await startCallbackServer();
47
+ this._redirectUrl = redirectUrl;
48
+ this.callbackWait = waitForCallback;
49
+ this.callbackClose = close;
50
+ logger.debug(`[mcp-proxy] Callback server pre-started: ${redirectUrl}`);
51
+ }
52
+ clientInformation() {
53
+ return this._clientInfo;
54
+ }
55
+ saveClientInformation(info) {
56
+ this._clientInfo = info;
57
+ logger.debug('[mcp-proxy] Saved client information (memory-only)');
58
+ }
59
+ tokens() {
60
+ return this._tokens;
61
+ }
62
+ saveTokens(tokens) {
63
+ this._tokens = tokens;
64
+ logger.debug('[mcp-proxy] Saved OAuth tokens (memory-only)');
65
+ }
66
+ async redirectToAuthorization(authorizationUrl) {
67
+ // Start ephemeral callback server if not already running
68
+ if (!this.callbackWait) {
69
+ const { redirectUrl, waitForCallback, close } = await startCallbackServer();
70
+ this._redirectUrl = redirectUrl;
71
+ this.callbackWait = waitForCallback;
72
+ this.callbackClose = close;
73
+ }
74
+ const url = authorizationUrl.toString();
75
+ logger.debug(`[mcp-proxy] Opening browser for authorization`);
76
+ console.error('[mcp-proxy] Opening browser for MCP server authorization...');
77
+ openBrowser(url);
78
+ }
79
+ saveCodeVerifier(codeVerifier) {
80
+ this._codeVerifier = codeVerifier;
81
+ }
82
+ codeVerifier() {
83
+ return this._codeVerifier || '';
84
+ }
85
+ invalidateCredentials(scope) {
86
+ if (scope === 'all' || scope === 'tokens') {
87
+ this._tokens = undefined;
88
+ }
89
+ if (scope === 'all' || scope === 'client') {
90
+ this._clientInfo = undefined;
91
+ }
92
+ if (scope === 'all' || scope === 'verifier') {
93
+ this._codeVerifier = undefined;
94
+ }
95
+ logger.debug(`[mcp-proxy] Invalidated credentials: ${scope}`);
96
+ }
97
+ /**
98
+ * Wait for the OAuth callback after browser redirect.
99
+ * Returns the authorization code from the callback.
100
+ * This is called externally by the bridge after auth() returns 'REDIRECT'.
101
+ */
102
+ async waitForAuthorizationCode() {
103
+ if (!this.callbackWait) {
104
+ throw new Error('No active authorization flow — callback server not started');
105
+ }
106
+ try {
107
+ const result = await this.callbackWait;
108
+ logger.debug('[mcp-proxy] Received authorization callback');
109
+ return result.code;
110
+ }
111
+ finally {
112
+ this.callbackWait = undefined;
113
+ this.callbackClose = undefined;
114
+ }
115
+ }
116
+ /**
117
+ * Clean up the callback server if still running (e.g., on shutdown).
118
+ */
119
+ dispose() {
120
+ this.callbackClose?.();
121
+ this.callbackWait = undefined;
122
+ this.callbackClose = undefined;
123
+ }
124
+ }
125
+ /**
126
+ * Open a URL in the system default browser.
127
+ * Cross-platform: macOS (open), Windows (start), Linux (xdg-open).
128
+ */
129
+ function openBrowser(url) {
130
+ const platform = process.platform;
131
+ let command;
132
+ let args;
133
+ if (platform === 'darwin') {
134
+ command = 'open';
135
+ args = [url];
136
+ }
137
+ else if (platform === 'win32') {
138
+ // Use PowerShell Start-Process to avoid CMD metacharacter parsing:
139
+ // `cmd /c start "" url` splits on `&`, truncating auth URLs with query params.
140
+ // PowerShell passes the URL directly to the OS shell handler, preserving all chars.
141
+ const escapedUrl = url.replace(/'/g, "''"); // PowerShell single-quote escaping
142
+ command = 'powershell';
143
+ args = ['-NoProfile', '-Command', `Start-Process '${escapedUrl}'`];
144
+ }
145
+ else {
146
+ command = 'xdg-open';
147
+ args = [url];
148
+ }
149
+ execFile(command, args, (error) => {
150
+ if (error) {
151
+ // Don't fail — user can manually copy the URL from stderr
152
+ console.error(`[mcp-proxy] Could not open browser automatically. Please open this URL:\n${url}`);
153
+ }
154
+ });
155
+ }
156
+ //# sourceMappingURL=mcp-oauth-provider.js.map
package/dist/mcp/auth/mcp-oauth-provider.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"mcp-oauth-provider.js","sourceRoot":"","sources":["../../../src/mcp/auth/mcp-oauth-provider.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AACzC,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAC/C,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACnD,OAAO,EAAE,mBAAmB,EAAuB,MAAM,sBAAsB,CAAC;AAShF;;;GAGG;AACH,MAAM,OAAO,gBAAgB;IACnB,YAAY,CAAqB;IACjC,WAAW,CAA0C;IACrD,OAAO,CAA0B;IACjC,aAAa,CAAqB;IAE1C,sDAAsD;IAC9C,YAAY,CAAsC;IAClD,aAAa,CAA2B;IAEhD,IAAI,WAAW;QACb,OAAO,IAAI,CAAC,YAAY,CAAC;IAC3B,CAAC;IAED,IAAI,cAAc;QAChB,OAAO;YACL,WAAW,EAAE,gBAAgB,EAAE;YAC/B,aAAa,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,EAAE;YAC3D,WAAW,EAAE,CAAC,oBAAoB,EAAE,eAAe,CAAC;YACpD,cAAc,EAAE,CAAC,MAAM,CAAC;YACxB,0BAA0B,EAAE,MAAM;SACnC,CAAC;IACJ,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,oBAAoB;QACxB,IAAI,IAAI,CAAC,YAAY;YAAE,OAAO;QAC9B,MAAM,EAAE,WAAW,EAAE,eAAe,EAAE,KAAK,EAAE,GAAG,MAAM,mBAAmB,EAAE,CAAC;QAC5E,IAAI,CAAC,YAAY,GAAG,WAAW,CAAC;QAChC,IAAI,CAAC,YAAY,GAAG,eAAe,CAAC;QACpC,IAAI,CAAC,aAAa,GAAG,KAAK,CAAC;QAC3B,MAAM,CAAC,KAAK,CAAC,4CAA4C,WAAW,EAAE,CAAC,CAAC;IAC1E,CAAC;IAED,iBAAiB;QACf,OAAO,IAAI,CAAC,WAAW,CAAC;IAC1B,CAAC;IAED,qBAAqB,CAAC,IAAiC;QACrD,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;QACxB,MAAM,CAAC,KAAK,CAAC,oDAAoD,CAAC,CAAC;IACrE,CAAC;IAED,MAAM;QACJ,OAAO,IAAI,CAAC,OAAO,CAAC;IACtB,CAAC;IAED,UAAU,CAAC,MAAmB;QAC5B,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC;QACtB,MAAM,CAAC,KAAK,CAAC,8CAA8C,CAAC,CAAC;IAC/D,CAAC;IAED,KAAK,CAAC,uBAAuB,CAAC,gBAAqB;QACjD,yDAAyD;QACzD,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;YACvB,MAAM,EAAE,WAAW,EAAE,eAAe,EAAE,KAAK,EAAE,GAAG,MAAM,mBAAmB,EAAE,CAAC;YAC5E,IAAI,CAAC,YAAY,GAAG,WAAW,CAAC;YAChC,IAAI,CAAC,YAAY,GAAG,eAAe,CAAC;YACpC,IAAI,CAAC,aAAa,GAAG,KAAK,CAAC;QAC7B,CAAC;QAED,MAAM,GAAG,GAAG,gBAAgB,CAAC,QAAQ,EAAE,CAAC;QACxC,MAAM,CAAC,KAAK,CAAC,+CAA+C,CAAC,CAAC;QAC9D,OAAO,CAAC,KAAK,CAAC,6DAA6D,CAAC,CAAC;QAE7E,WAAW,CAAC,GAAG,CAAC,CAAC;IACnB,CAAC;IAED,gBAAgB,CAAC,YAAoB;QACnC,IAAI,CAAC,aAAa,GAAG,YAAY,CAAC;IACpC,CAAC;IAED,YAAY;QACV,OAAO,IAAI,CAAC,aAAa,IAAI,EAAE,CAAC;IAClC,CAAC;IAED,qBAAqB,CAAC,KAA6D;QACjF,IAAI,KAAK,KAAK,KAAK,IAAI,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC1C,IAAI,CAAC,OAAO,GAAG,SAAS,CAAC;QAC3B,CAAC;QACD,IAAI,KAAK,KAAK,KAAK,IAAI,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC1C,IAAI,CAAC,WAAW,GAAG,SAAS,CAAC;QAC/B,CAAC;QACD,IAAI,KAAK,KAAK,KAAK,IAAI,KAAK,KAAK,UAAU,EAAE,CAAC;YAC5C,IAAI,CAAC,aAAa,GAAG,SAAS,CAAC;QACjC,CAAC;QACD,MAAM,CAAC,KAAK,CAAC,wCAAwC,KAAK,EAAE,CAAC,CAAC;IAChE,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,wBAAwB;QAC5B,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;YACvB,MAAM,IAAI,KAAK,CAAC,4DAA4D,CAAC,CAAC;QAChF,CAAC;QAED,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC;YACvC,MAAM,CAAC,KAAK,CAAC,6CAA6C,CAAC,CAAC;YAC5D,OAAO,MAAM,CAAC,IAAI,CAAC;QACrB,CAAC;gBAAS,CAAC;YACT,IAAI,CAAC,YAAY,GAAG,SAAS,CAAC;YAC9B,IAAI,CAAC,aAAa,GAAG,SAAS,CAAC;QACjC,CAAC;IACH,CAAC;IAED;;OAEG;IACH,OAAO;QACL,IAAI,CAAC,aAAa,EAAE,EAAE,CAAC;QACvB,IAAI,CAAC,YAAY,GAAG,SAAS,CAAC;QAC9B,IAAI,CAAC,aAAa,GAAG,SAAS,CAAC;IACjC,CAAC;CACF;AAED;;;GAGG;AACH,SAAS,WAAW,CAAC,GAAW;IAC9B,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;IAClC,IAAI,OAAe,CAAC;IACpB,IAAI,IAAc,CAAC;IAEnB,IAAI,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC1B,OAAO,GAAG,MAAM,CAAC;QACjB,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;IACf,CAAC;SAAM,IAAI,QAAQ,KAAK,OAAO,EAAE,CAAC;QAChC,mEAAmE;QACnE,+EAA+E;QAC/E,oFAAoF;QACpF,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,mCAAmC;QAC/E,OAAO,GAAG,YAAY,CAAC;QACvB,IAAI,GAAG,CAAC,YAAY,EAAE,UAAU,EAAE,kBAAkB,UAAU,GAAG,CAAC,CAAC;IACrE,CAAC;SAAM,CAAC;QACN,OAAO,GAAG,UAAU,CAAC;QACrB,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;IACf,CAAC;IAED,QAAQ,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,KAAK,EAAE,EAAE;QAChC,IAAI,KAAK,EAAE,CAAC;YACV,0DAA0D;YAC1D,OAAO,CAAC,KAAK,CAAC,4EAA4E,GAAG,EAAE,CAAC,CAAC;QACnG,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC"}
package/dist/mcp/constants.d.ts ADDED
@@ -0,0 +1,5 @@
1
+ /** Default client_name for MCP OAuth dynamic client registration. Overridable via MCP_CLIENT_NAME env var. */
2
+ export declare const DEFAULT_MCP_CLIENT_NAME = "CodeMie CLI";
3
+ /** Get the MCP client name from env var or default. */
4
+ export declare function getMcpClientName(): string;
5
+ //# sourceMappingURL=constants.d.ts.map
package/dist/mcp/constants.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../src/mcp/constants.ts"],"names":[],"mappings":"AAAA,8GAA8G;AAC9G,eAAO,MAAM,uBAAuB,gBAAgB,CAAC;AAErD,uDAAuD;AACvD,wBAAgB,gBAAgB,IAAI,MAAM,CAEzC"}
package/dist/mcp/constants.js ADDED
@@ -0,0 +1,7 @@
1
+ /** Default client_name for MCP OAuth dynamic client registration. Overridable via MCP_CLIENT_NAME env var. */
2
+ export const DEFAULT_MCP_CLIENT_NAME = 'CodeMie CLI';
3
+ /** Get the MCP client name from env var or default. */
4
+ export function getMcpClientName() {
5
+ return process.env.MCP_CLIENT_NAME || DEFAULT_MCP_CLIENT_NAME;
6
+ }
7
+ //# sourceMappingURL=constants.js.map
package/dist/mcp/constants.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"constants.js","sourceRoot":"","sources":["../../src/mcp/constants.ts"],"names":[],"mappings":"AAAA,8GAA8G;AAC9G,MAAM,CAAC,MAAM,uBAAuB,GAAG,aAAa,CAAC;AAErD,uDAAuD;AACvD,MAAM,UAAU,gBAAgB;IAC9B,OAAO,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,uBAAuB,CAAC;AAChE,CAAC"}
package/dist/mcp/proxy-logger.d.ts ADDED
@@ -0,0 +1,7 @@
1
+ /**
2
+ * Simple file logger for the MCP proxy.
3
+ * Writes to ~/.codemie/mcp-proxy.log — independent of the main logger.
4
+ * Enabled when CODEMIE_DEBUG=true or MCP_PROXY_DEBUG=true.
5
+ */
6
+ export declare function proxyLog(message: string): void;
7
+ //# sourceMappingURL=proxy-logger.d.ts.map
package/dist/mcp/proxy-logger.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"proxy-logger.d.ts","sourceRoot":"","sources":["../../src/mcp/proxy-logger.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAoBH,wBAAgB,QAAQ,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI,CAQ9C"}
package/dist/mcp/proxy-logger.js ADDED
@@ -0,0 +1,32 @@
1
+ /**
2
+ * Simple file logger for the MCP proxy.
3
+ * Writes to ~/.codemie/mcp-proxy.log — independent of the main logger.
4
+ * Enabled when CODEMIE_DEBUG=true or MCP_PROXY_DEBUG=true.
5
+ */
6
+ import { appendFileSync, mkdirSync } from 'fs';
7
+ import { join } from 'path';
8
+ import { homedir } from 'os';
9
+ const enabled = process.env.CODEMIE_DEBUG === 'true'
10
+ || process.env.CODEMIE_DEBUG === '1'
11
+ || process.env.MCP_PROXY_DEBUG === 'true'
12
+ || process.env.MCP_PROXY_DEBUG === '1';
13
+ const logDir = join(homedir(), '.codemie', 'logs');
14
+ const logFile = join(logDir, 'mcp-proxy.log');
15
+ try {
16
+ mkdirSync(logDir, { recursive: true });
17
+ }
18
+ catch {
19
+ // ignore
20
+ }
21
+ export function proxyLog(message) {
22
+ if (!enabled)
23
+ return;
24
+ const line = `[${new Date().toISOString()}] ${message}\n`;
25
+ try {
26
+ appendFileSync(logFile, line);
27
+ }
28
+ catch {
29
+ // ignore — can't log if file write fails
30
+ }
31
+ }
32
+ //# sourceMappingURL=proxy-logger.js.map
package/dist/mcp/proxy-logger.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"proxy-logger.js","sourceRoot":"","sources":["../../src/mcp/proxy-logger.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,cAAc,EAAE,SAAS,EAAE,MAAM,IAAI,CAAC;AAC/C,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,OAAO,EAAE,MAAM,IAAI,CAAC;AAE7B,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,KAAK,MAAM;OAC/C,OAAO,CAAC,GAAG,CAAC,aAAa,KAAK,GAAG;OACjC,OAAO,CAAC,GAAG,CAAC,eAAe,KAAK,MAAM;OACtC,OAAO,CAAC,GAAG,CAAC,eAAe,KAAK,GAAG,CAAC;AAEzC,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC;AACnD,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;AAE9C,IAAI,CAAC;IACH,SAAS,CAAC,MAAM,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;AACzC,CAAC;AAAC,MAAM,CAAC;IACP,SAAS;AACX,CAAC;AAED,MAAM,UAAU,QAAQ,CAAC,OAAe;IACtC,IAAI,CAAC,OAAO;QAAE,OAAO;IACrB,MAAM,IAAI,GAAG,IAAI,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,KAAK,OAAO,IAAI,CAAC;IAC1D,IAAI,CAAC;QACH,cAAc,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;IAChC,CAAC;IAAC,MAAM,CAAC;QACP,yCAAyC;IAC3C,CAAC;AACH,CAAC"}
package/dist/mcp/stdio-http-bridge.d.ts ADDED
@@ -0,0 +1,63 @@
1
+ /**
2
+ * Stdio-to-HTTP MCP Bridge
3
+ *
4
+ * Pipes JSON-RPC messages between a StdioServerTransport (Claude Code side)
5
+ * and a StreamableHTTPClientTransport (real MCP server side).
6
+ *
7
+ * Lazy connect: the HTTP transport is created and started only when the first
8
+ * stdio message arrives. If the server requires OAuth, the auth flow runs during
9
+ * that first connection (blocking the first message until auth completes).
10
+ *
11
+ * Cookie jar: Node's fetch doesn't persist cookies between requests. Some MCP
12
+ * auth gateways set session cookies during the OAuth flow that must be sent with
13
+ * subsequent requests. The bridge maintains a per-origin cookie jar automatically.
14
+ */
15
+ export interface BridgeOptions {
16
+ /** The real MCP server URL to connect to */
17
+ serverUrl: string;
18
+ }
19
+ export declare class StdioHttpBridge {
20
+ private stdioTransport;
21
+ private httpTransport;
22
+ private oauthProvider;
23
+ private serverUrl;
24
+ private cookieJar;
25
+ private connected;
26
+ private connecting;
27
+ private shuttingDown;
28
+ private pendingMessages;
29
+ constructor(options: BridgeOptions);
30
+ /**
31
+ * Start the bridge: begin listening on stdio immediately.
32
+ * HTTP connection is deferred until the first message arrives.
33
+ */
34
+ start(): Promise<void>;
35
+ /**
36
+ * Handle a message from Claude Code (stdio side).
37
+ * On the first message, lazily connect the HTTP transport.
38
+ */
39
+ private handleStdioMessage;
40
+ /**
41
+ * Lazily create and connect the HTTP transport to the real MCP server.
42
+ * Handles OAuth authorization if the server returns 401.
43
+ */
44
+ private connectHttpTransport;
45
+ /**
46
+ * Create an HTTP transport with cookie jar and logging.
47
+ */
48
+ private createHttpTransport;
49
+ /**
50
+ * Handle the OAuth authorization code flow.
51
+ */
52
+ private handleOAuthFlow;
53
+ /**
54
+ * Forward any messages that arrived while we were connecting/authenticating.
55
+ * UnauthorizedError is re-thrown so the caller can handle the OAuth flow.
56
+ */
57
+ private flushPendingMessages;
58
+ /**
59
+ * Graceful shutdown: close both transports. Idempotent.
60
+ */
61
+ shutdown(): Promise<void>;
62
+ }
63
+ //# sourceMappingURL=stdio-http-bridge.d.ts.map
package/dist/mcp/stdio-http-bridge.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"stdio-http-bridge.d.ts","sourceRoot":"","sources":["../../src/mcp/stdio-http-bridge.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAoEH,MAAM,WAAW,aAAa;IAC5B,4CAA4C;IAC5C,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,qBAAa,eAAe;IAC1B,OAAO,CAAC,cAAc,CAAuB;IAC7C,OAAO,CAAC,aAAa,CAA8C;IACnE,OAAO,CAAC,aAAa,CAAmB;IACxC,OAAO,CAAC,SAAS,CAAM;IACvB,OAAO,CAAC,SAAS,CAAmB;IACpC,OAAO,CAAC,SAAS,CAAS;IAC1B,OAAO,CAAC,UAAU,CAAS;IAC3B,OAAO,CAAC,YAAY,CAAS;IAC7B,OAAO,CAAC,eAAe,CAAwB;gBAEnC,OAAO,EAAE,aAAa;IAOlC;;;OAGG;IACG,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAkB5B;;;OAGG;IACH,OAAO,CAAC,kBAAkB;IA6B1B;;;OAGG;YACW,oBAAoB;IA8ClC;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAoE3B;;OAEG;YACW,eAAe;IAS7B;;;OAGG;YACW,oBAAoB;IAuBlC;;OAEG;IACG,QAAQ,IAAI,OAAO,CAAC,IAAI,CAAC;CAwBhC"}