@desplega.ai/agent-swarm 1.68.0 → 1.69.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (15) hide show
  1. package/openapi.json +346 -1
  2. package/package.json +1 -1
  3. package/src/be/db-queries/mcp-oauth.ts +456 -0
  4. package/src/be/db.ts +10 -1
  5. package/src/be/migrations/041_mcp_oauth_tokens.sql +84 -0
  6. package/src/http/index.ts +8 -0
  7. package/src/http/mcp-oauth.ts +648 -0
  8. package/src/http/mcp-servers.ts +78 -48
  9. package/src/oauth/ensure-mcp-token.ts +87 -0
  10. package/src/oauth/mcp-wrapper.ts +411 -0
  11. package/src/tests/mcp-oauth-ensure-token.test.ts +190 -0
  12. package/src/tests/mcp-oauth-queries.test.ts +241 -0
  13. package/src/tests/mcp-oauth-resolve-secrets.test.ts +224 -0
  14. package/src/tests/mcp-oauth-wrapper.test.ts +477 -0
  15. package/src/types.ts +4 -0
package/openapi.json CHANGED
@@ -2,7 +2,7 @@
2
2
  "openapi": "3.1.0",
3
3
  "info": {
4
4
  "title": "Agent Swarm API",
5
- "version": "1.68.0",
5
+ "version": "1.69.0",
6
6
  "description": "Multi-agent orchestration API for Claude Code, Codex, and Gemini CLI. Enables task distribution, agent communication, and service discovery.\n\nMCP tools are documented separately in [MCP.md](./MCP.md)."
7
7
  },
8
8
  "servers": [
@@ -4724,6 +4724,351 @@
4724
4724
  }
4725
4725
  }
4726
4726
  },
4727
+ "/api/mcp-oauth/{mcpServerId}/metadata": {
4728
+ "get": {
4729
+ "summary": "Probe OAuth metadata (PRMD + AS) for an MCP server",
4730
+ "tags": [
4731
+ "MCP OAuth"
4732
+ ],
4733
+ "security": [
4734
+ {
4735
+ "bearerAuth": []
4736
+ }
4737
+ ],
4738
+ "parameters": [
4739
+ {
4740
+ "schema": {
4741
+ "type": "string"
4742
+ },
4743
+ "required": true,
4744
+ "name": "mcpServerId",
4745
+ "in": "path"
4746
+ }
4747
+ ],
4748
+ "responses": {
4749
+ "200": {
4750
+ "description": "OAuth metadata or { requiresOAuth: false }"
4751
+ },
4752
+ "400": {
4753
+ "description": "MCP has no URL / invalid transport"
4754
+ },
4755
+ "404": {
4756
+ "description": "MCP server not found"
4757
+ }
4758
+ }
4759
+ }
4760
+ },
4761
+ "/api/mcp-oauth/{mcpServerId}/status": {
4762
+ "get": {
4763
+ "summary": "Get the current OAuth connection status for an MCP server",
4764
+ "tags": [
4765
+ "MCP OAuth"
4766
+ ],
4767
+ "security": [
4768
+ {
4769
+ "bearerAuth": []
4770
+ }
4771
+ ],
4772
+ "parameters": [
4773
+ {
4774
+ "schema": {
4775
+ "type": "string"
4776
+ },
4777
+ "required": true,
4778
+ "name": "mcpServerId",
4779
+ "in": "path"
4780
+ },
4781
+ {
4782
+ "schema": {
4783
+ "type": "string"
4784
+ },
4785
+ "required": false,
4786
+ "name": "userId",
4787
+ "in": "query"
4788
+ }
4789
+ ],
4790
+ "responses": {
4791
+ "200": {
4792
+ "description": "Token status (never includes the token value itself)"
4793
+ },
4794
+ "404": {
4795
+ "description": "MCP server not found"
4796
+ }
4797
+ }
4798
+ }
4799
+ },
4800
+ "/api/mcp-oauth/{mcpServerId}/authorize": {
4801
+ "get": {
4802
+ "summary": "Start an OAuth flow. Redirects to the provider.",
4803
+ "tags": [
4804
+ "MCP OAuth"
4805
+ ],
4806
+ "security": [
4807
+ {
4808
+ "bearerAuth": []
4809
+ }
4810
+ ],
4811
+ "parameters": [
4812
+ {
4813
+ "schema": {
4814
+ "type": "string"
4815
+ },
4816
+ "required": true,
4817
+ "name": "mcpServerId",
4818
+ "in": "path"
4819
+ },
4820
+ {
4821
+ "schema": {
4822
+ "type": "string"
4823
+ },
4824
+ "required": false,
4825
+ "name": "redirect",
4826
+ "in": "query"
4827
+ },
4828
+ {
4829
+ "schema": {
4830
+ "type": "string"
4831
+ },
4832
+ "required": false,
4833
+ "name": "userId",
4834
+ "in": "query"
4835
+ },
4836
+ {
4837
+ "schema": {
4838
+ "type": "string"
4839
+ },
4840
+ "required": false,
4841
+ "name": "scopes",
4842
+ "in": "query"
4843
+ }
4844
+ ],
4845
+ "responses": {
4846
+ "302": {
4847
+ "description": "Redirect to authorization server"
4848
+ },
4849
+ "400": {
4850
+ "description": "MCP has no URL / does not require OAuth"
4851
+ },
4852
+ "404": {
4853
+ "description": "MCP server not found"
4854
+ }
4855
+ }
4856
+ }
4857
+ },
4858
+ "/api/mcp-oauth/callback": {
4859
+ "get": {
4860
+ "summary": "OAuth redirect target. Exchanges code -> tokens and redirects back to dashboard.",
4861
+ "tags": [
4862
+ "MCP OAuth"
4863
+ ],
4864
+ "parameters": [
4865
+ {
4866
+ "schema": {
4867
+ "type": "string"
4868
+ },
4869
+ "required": false,
4870
+ "name": "code",
4871
+ "in": "query"
4872
+ },
4873
+ {
4874
+ "schema": {
4875
+ "type": "string"
4876
+ },
4877
+ "required": false,
4878
+ "name": "state",
4879
+ "in": "query"
4880
+ },
4881
+ {
4882
+ "schema": {
4883
+ "type": "string"
4884
+ },
4885
+ "required": false,
4886
+ "name": "error",
4887
+ "in": "query"
4888
+ },
4889
+ {
4890
+ "schema": {
4891
+ "type": "string"
4892
+ },
4893
+ "required": false,
4894
+ "name": "error_description",
4895
+ "in": "query"
4896
+ }
4897
+ ],
4898
+ "responses": {
4899
+ "302": {
4900
+ "description": "Redirect back to dashboard with oauth=success or oauth=error"
4901
+ },
4902
+ "400": {
4903
+ "description": "Bad state / missing code"
4904
+ }
4905
+ }
4906
+ }
4907
+ },
4908
+ "/api/mcp-oauth/{mcpServerId}/refresh": {
4909
+ "post": {
4910
+ "summary": "Force-refresh the access token for an MCP server",
4911
+ "tags": [
4912
+ "MCP OAuth"
4913
+ ],
4914
+ "security": [
4915
+ {
4916
+ "bearerAuth": []
4917
+ }
4918
+ ],
4919
+ "parameters": [
4920
+ {
4921
+ "schema": {
4922
+ "type": "string"
4923
+ },
4924
+ "required": true,
4925
+ "name": "mcpServerId",
4926
+ "in": "path"
4927
+ }
4928
+ ],
4929
+ "requestBody": {
4930
+ "content": {
4931
+ "application/json": {
4932
+ "schema": {
4933
+ "type": "object",
4934
+ "properties": {
4935
+ "userId": {
4936
+ "type": "string"
4937
+ }
4938
+ }
4939
+ }
4940
+ }
4941
+ }
4942
+ },
4943
+ "responses": {
4944
+ "200": {
4945
+ "description": "Refreshed token"
4946
+ },
4947
+ "404": {
4948
+ "description": "No token for this MCP server"
4949
+ },
4950
+ "500": {
4951
+ "description": "Refresh failed"
4952
+ }
4953
+ }
4954
+ }
4955
+ },
4956
+ "/api/mcp-oauth/{mcpServerId}": {
4957
+ "delete": {
4958
+ "summary": "Revoke and delete the OAuth token for an MCP server",
4959
+ "tags": [
4960
+ "MCP OAuth"
4961
+ ],
4962
+ "security": [
4963
+ {
4964
+ "bearerAuth": []
4965
+ }
4966
+ ],
4967
+ "parameters": [
4968
+ {
4969
+ "schema": {
4970
+ "type": "string"
4971
+ },
4972
+ "required": true,
4973
+ "name": "mcpServerId",
4974
+ "in": "path"
4975
+ },
4976
+ {
4977
+ "schema": {
4978
+ "type": "string"
4979
+ },
4980
+ "required": false,
4981
+ "name": "userId",
4982
+ "in": "query"
4983
+ }
4984
+ ],
4985
+ "responses": {
4986
+ "200": {
4987
+ "description": "Token revoked/deleted"
4988
+ },
4989
+ "404": {
4990
+ "description": "No token for this MCP server"
4991
+ }
4992
+ }
4993
+ }
4994
+ },
4995
+ "/api/mcp-oauth/{mcpServerId}/manual-client": {
4996
+ "post": {
4997
+ "summary": "Register a pre-existing OAuth client (DCR fallback)",
4998
+ "tags": [
4999
+ "MCP OAuth"
5000
+ ],
5001
+ "security": [
5002
+ {
5003
+ "bearerAuth": []
5004
+ }
5005
+ ],
5006
+ "parameters": [
5007
+ {
5008
+ "schema": {
5009
+ "type": "string"
5010
+ },
5011
+ "required": true,
5012
+ "name": "mcpServerId",
5013
+ "in": "path"
5014
+ }
5015
+ ],
5016
+ "requestBody": {
5017
+ "content": {
5018
+ "application/json": {
5019
+ "schema": {
5020
+ "type": "object",
5021
+ "properties": {
5022
+ "clientId": {
5023
+ "type": "string",
5024
+ "minLength": 1
5025
+ },
5026
+ "clientSecret": {
5027
+ "type": "string"
5028
+ },
5029
+ "authorizationServerIssuer": {
5030
+ "type": "string",
5031
+ "format": "uri"
5032
+ },
5033
+ "authorizeUrl": {
5034
+ "type": "string",
5035
+ "format": "uri"
5036
+ },
5037
+ "tokenUrl": {
5038
+ "type": "string",
5039
+ "format": "uri"
5040
+ },
5041
+ "revocationUrl": {
5042
+ "type": "string",
5043
+ "format": "uri"
5044
+ },
5045
+ "scopes": {
5046
+ "type": "array",
5047
+ "items": {
5048
+ "type": "string"
5049
+ }
5050
+ }
5051
+ },
5052
+ "required": [
5053
+ "clientId"
5054
+ ]
5055
+ }
5056
+ }
5057
+ }
5058
+ },
5059
+ "responses": {
5060
+ "200": {
5061
+ "description": "Pending client stored. Call /authorize to start the flow."
5062
+ },
5063
+ "400": {
5064
+ "description": "Bad input"
5065
+ },
5066
+ "404": {
5067
+ "description": "MCP server not found"
5068
+ }
5069
+ }
5070
+ }
5071
+ },
4727
5072
  "/api/mcp-servers": {
4728
5073
  "get": {
4729
5074
  "summary": "List MCP servers with optional filters",
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@desplega.ai/agent-swarm",
3
- "version": "1.68.0",
3
+ "version": "1.69.0",
4
4
  "description": "Multi-agent orchestration for Claude Code, Codex, Gemini CLI, and other AI coding assistants",
5
5
  "license": "MIT",
6
6
  "author": "desplega.sh <contact@desplega.sh>",