@evantahler/mcpx 0.15.0

package/.claude/worktrees/elastic-jennings/test/client/manager.test.ts

@@ -0,0 +1,249 @@
+import { describe, test, expect, afterEach, spyOn } from "bun:test";
+import { join } from "path";
+import { ServerManager } from "../../src/client/manager.ts";
+import { McpOAuthProvider } from "../../src/client/oauth.ts";
+import type { ServersFile, AuthFile } from "../../src/config/schemas.ts";
+
+const MOCK_SERVER = join(import.meta.dir, "../fixtures/mock-server.ts");
+
+function makeServersFile(overrides?: Record<string, unknown>): ServersFile {
+  return {
+    mcpServers: {
+      mock: {
+        command: "bun",
+        args: ["run", MOCK_SERVER],
+        ...overrides,
+      },
+    },
+  };
+}
+
+describe("ServerManager", () => {
+  let manager: ServerManager;
+
+  afterEach(async () => {
+    if (manager) await manager.close();
+  });
+
+  test("connects to a stdio server and lists tools", async () => {
+    manager = new ServerManager({ servers: makeServersFile(), configDir: "/tmp", auth: {} });
+    const tools = await manager.listTools("mock");
+    const names = tools.map((t) => t.name);
+    expect(names).toContain("echo");
+    expect(names).toContain("add");
+    expect(names).toContain("secret");
+  });
+
+  test("calls a tool and gets a result", async () => {
+    manager = new ServerManager({ servers: makeServersFile(), configDir: "/tmp", auth: {} });
+    const result = (await manager.callTool("mock", "echo", { message: "hello" })) as {
+      content: { type: string; text: string }[];
+    };
+    expect(result.content[0]!.text).toBe("hello");
+  });
+
+  test("calls add tool", async () => {
+    manager = new ServerManager({ servers: makeServersFile(), configDir: "/tmp", auth: {} });
+    const result = (await manager.callTool("mock", "add", { a: 3, b: 4 })) as {
+      content: { type: string; text: string }[];
+    };
+    expect(result.content[0]!.text).toBe("7");
+  });
+
+  test("applies allowedTools filter", async () => {
+    manager = new ServerManager({
+      servers: makeServersFile({ allowedTools: ["echo"] }),
+      configDir: "/tmp",
+      auth: {},
+    });
+    const tools = await manager.listTools("mock");
+    expect(tools.map((t) => t.name)).toEqual(["echo"]);
+  });
+
+  test("applies disabledTools filter", async () => {
+    manager = new ServerManager({
+      servers: makeServersFile({ disabledTools: ["secret"] }),
+      configDir: "/tmp",
+      auth: {},
+    });
+    const tools = await manager.listTools("mock");
+    const names = tools.map((t) => t.name);
+    expect(names).toContain("echo");
+    expect(names).toContain("add");
+    expect(names).not.toContain("secret");
+  });
+
+  test("disabledTools takes precedence over allowedTools", async () => {
+    manager = new ServerManager({
+      servers: makeServersFile({ allowedTools: ["*"], disabledTools: ["secret"] }),
+      configDir: "/tmp",
+      auth: {},
+    });
+    const tools = await manager.listTools("mock");
+    expect(tools.map((t) => t.name)).not.toContain("secret");
+  });
+
+  test("getToolSchema returns a specific tool", async () => {
+    manager = new ServerManager({ servers: makeServersFile(), configDir: "/tmp", auth: {} });
+    const tool = await manager.getToolSchema("mock", "echo");
+    expect(tool).toBeDefined();
+    expect(tool!.name).toBe("echo");
+    expect(tool!.inputSchema.properties).toHaveProperty("message");
+  });
+
+  test("getToolSchema returns undefined for unknown tool", async () => {
+    manager = new ServerManager({ servers: makeServersFile(), configDir: "/tmp", auth: {} });
+    const tool = await manager.getToolSchema("mock", "nonexistent");
+    expect(tool).toBeUndefined();
+  });
+
+  test("throws on unknown server", async () => {
+    manager = new ServerManager({ servers: makeServersFile(), configDir: "/tmp", auth: {} });
+    await expect(manager.listTools("nonexistent")).rejects.toThrow('Unknown server: "nonexistent"');
+  });
+
+  test("getAllTools returns tools with server names", async () => {
+    manager = new ServerManager({ servers: makeServersFile(), configDir: "/tmp", auth: {} });
+    const { tools, errors } = await manager.getAllTools();
+    expect(errors).toEqual([]);
+    expect(tools.length).toBeGreaterThan(0);
+    expect(tools[0]!.server).toBe("mock");
+    expect(tools[0]!.tool.name).toBeDefined();
+  });
+
+  test("caches client connections", async () => {
+    manager = new ServerManager({ servers: makeServersFile(), configDir: "/tmp", auth: {} });
+    const client1 = await manager.getClient("mock");
+    const client2 = await manager.getClient("mock");
+    expect(client1).toBe(client2);
+  });
+
+  test("getServerNames returns configured servers", () => {
+    manager = new ServerManager({ servers: makeServersFile(), configDir: "/tmp", auth: {} });
+    expect(manager.getServerNames()).toEqual(["mock"]);
+  });
+
+  test("timeout fires on slow operations", async () => {
+    manager = new ServerManager({
+      servers: makeServersFile(),
+      configDir: "/tmp",
+      auth: {},
+      timeout: 1, // 1ms — will definitely timeout
+      maxRetries: 0,
+    });
+    await expect(manager.listTools("mock")).rejects.toThrow(/timed out/);
+  });
+
+  test("retries on transient failure then succeeds", async () => {
+    // Retry wrapping shouldn't break normal operations
+    manager = new ServerManager({
+      servers: makeServersFile(),
+      configDir: "/tmp",
+      auth: {},
+      maxRetries: 2,
+    });
+    const tools = await manager.listTools("mock");
+    expect(tools.length).toBeGreaterThan(0);
+  });
+});
+
+describe("ServerManager with HTTP servers", () => {
+  let manager: ServerManager;
+
+  afterEach(async () => {
+    if (manager) await manager.close();
+  });
+
+  test("calls refreshIfNeeded for HTTP server with expired OAuth tokens", async () => {
+    const auth: AuthFile = {
+      "http-server": {
+        tokens: {
+          access_token: "expired-token",
+          token_type: "Bearer",
+          refresh_token: "my-refresh-token",
+        },
+        expires_at: new Date(Date.now() - 60000).toISOString(),
+        client_info: { client_id: "client-123" },
+        complete: true,
+      },
+    };
+
+    manager = new ServerManager({
+      servers: { mcpServers: { "http-server": { url: "http://localhost:19999/mcp" } } },
+      configDir: "/tmp",
+      auth,
+      timeout: 1000,
+      maxRetries: 0,
+    });
+
+    const refreshSpy = spyOn(McpOAuthProvider.prototype, "refreshIfNeeded").mockResolvedValue(
+      undefined,
+    );
+
+    try {
+      await manager.getClient("http-server");
+    } catch {
+      // Connection failure expected — no real HTTP server
+    }
+
+    expect(refreshSpy).toHaveBeenCalledTimes(1);
+    expect(refreshSpy).toHaveBeenCalledWith("http://localhost:19999/mcp");
+    refreshSpy.mockRestore();
+  });
+
+  test("throws when HTTP server auth is not complete", async () => {
+    const auth: AuthFile = {
+      "http-server": {
+        tokens: { access_token: "token", token_type: "Bearer" },
+        // complete is missing
+      },
+    };
+
+    manager = new ServerManager({
+      servers: { mcpServers: { "http-server": { url: "http://localhost:19999/mcp" } } },
+      configDir: "/tmp",
+      auth,
+      timeout: 1000,
+      maxRetries: 0,
+    });
+
+    await expect(manager.getClient("http-server")).rejects.toThrow("Not authenticated");
+  });
+
+  test("continues even if refreshIfNeeded throws", async () => {
+    const auth: AuthFile = {
+      "http-server": {
+        tokens: {
+          access_token: "expired-token",
+          token_type: "Bearer",
+          refresh_token: "bad-refresh-token",
+        },
+        expires_at: new Date(Date.now() - 60000).toISOString(),
+        client_info: { client_id: "client-123" },
+        complete: true,
+      },
+    };
+
+    manager = new ServerManager({
+      servers: { mcpServers: { "http-server": { url: "http://localhost:19999/mcp" } } },
+      configDir: "/tmp",
+      auth,
+      timeout: 1000,
+      maxRetries: 0,
+    });
+
+    const refreshSpy = spyOn(McpOAuthProvider.prototype, "refreshIfNeeded").mockRejectedValue(
+      new Error("Refresh failed"),
+    );
+
+    try {
+      await manager.getClient("http-server");
+    } catch (err) {
+      // The error should be a connection error, not a refresh error
+      expect((err as Error).message).not.toContain("Refresh failed");
+    }
+
+    expect(refreshSpy).toHaveBeenCalledTimes(1);
+    refreshSpy.mockRestore();
+  });
+});

package/.claude/worktrees/elastic-jennings/test/client/oauth.test.ts

@@ -0,0 +1,328 @@
+import { describe, test, expect, beforeEach, afterEach, mock, spyOn } from "bun:test";
+import { mkdtemp, rm, readFile } from "fs/promises";
+import { join } from "path";
+import { tmpdir } from "os";
+import type { AuthFile } from "../../src/config/schemas.ts";
+
+// Mock the SDK's refreshAuthorization before importing the provider
+const mockRefreshAuthorization = mock(() =>
+  Promise.resolve({
+    access_token: "refreshed-access-token",
+    token_type: "Bearer",
+    expires_in: 7200,
+    refresh_token: "new-refresh-token",
+  }),
+);
+
+mock.module("@modelcontextprotocol/sdk/client/auth.js", () => ({
+  auth: mock(),
+  discoverOAuthServerInfo: mock(),
+  refreshAuthorization: mockRefreshAuthorization,
+}));
+
+import { McpOAuthProvider, startCallbackServer } from "../../src/client/oauth.ts";
+import { logger } from "../../src/output/logger.ts";
+
+function makeProvider(auth: AuthFile = {}, serverName = "test-server") {
+  const configDir = "/tmp/mcpcli-test";
+  return new McpOAuthProvider({ serverName, configDir, auth });
+}
+
+describe("McpOAuthProvider", () => {
+  test("tokens() returns undefined for unknown server", () => {
+    const provider = makeProvider();
+    expect(provider.tokens()).toBeUndefined();
+  });
+
+  test("saveTokens() + tokens() round-trip", async () => {
+    const dir = await mkdtemp(join(tmpdir(), "mcpcli-oauth-"));
+    const auth: AuthFile = {};
+    const provider = new McpOAuthProvider({ serverName: "srv", configDir: dir, auth });
+
+    await provider.saveTokens({
+      access_token: "abc",
+      token_type: "Bearer",
+    });
+
+    const tokens = provider.tokens();
+    expect(tokens?.access_token).toBe("abc");
+    expect(tokens?.token_type).toBe("Bearer");
+
+    await rm(dir, { recursive: true });
+  });
+
+  test("saveTokens() computes expires_at from expires_in", async () => {
+    const dir = await mkdtemp(join(tmpdir(), "mcpcli-oauth-"));
+    const auth: AuthFile = {};
+    const provider = new McpOAuthProvider({ serverName: "srv", configDir: dir, auth });
+
+    const before = Date.now();
+    await provider.saveTokens({
+      access_token: "abc",
+      token_type: "Bearer",
+      expires_in: 3600,
+    });
+    const after = Date.now();
+
+    const expiresAt = new Date(auth["srv"]!.expires_at!).getTime();
+    expect(expiresAt).toBeGreaterThanOrEqual(before + 3600 * 1000);
+    expect(expiresAt).toBeLessThanOrEqual(after + 3600 * 1000);
+
+    await rm(dir, { recursive: true });
+  });
+
+  test("clientInformation() / saveClientInformation() round-trip", async () => {
+    const dir = await mkdtemp(join(tmpdir(), "mcpcli-oauth-"));
+    const auth: AuthFile = {};
+    const provider = new McpOAuthProvider({ serverName: "srv", configDir: dir, auth });
+
+    expect(provider.clientInformation()).toBeUndefined();
+
+    await provider.saveClientInformation({
+      client_id: "my-client",
+      client_secret: "secret",
+    });
+
+    const info = provider.clientInformation();
+    expect(info?.client_id).toBe("my-client");
+
+    await rm(dir, { recursive: true });
+  });
+
+  test("codeVerifier in-memory round-trip", async () => {
+    const provider = makeProvider();
+    await provider.saveCodeVerifier("verifier-123");
+    expect(provider.codeVerifier()).toBe("verifier-123");
+  });
+
+  test("codeVerifier() throws when unset", () => {
+    const provider = makeProvider();
+    expect(() => provider.codeVerifier()).toThrow("Code verifier not set");
+  });
+
+  test("isExpired() returns true for past date", () => {
+    const auth: AuthFile = {
+      "test-server": {
+        tokens: { access_token: "t", token_type: "Bearer" },
+        expires_at: new Date(Date.now() - 60000).toISOString(),
+      },
+    };
+    const provider = makeProvider(auth);
+    expect(provider.isExpired()).toBe(true);
+  });
+
+  test("isExpired() returns false for future date", () => {
+    const auth: AuthFile = {
+      "test-server": {
+        tokens: { access_token: "t", token_type: "Bearer" },
+        expires_at: new Date(Date.now() + 60000).toISOString(),
+      },
+    };
+    const provider = makeProvider(auth);
+    expect(provider.isExpired()).toBe(false);
+  });
+
+  test("isExpired() returns false when no expires_at", () => {
+    const auth: AuthFile = {
+      "test-server": {
+        tokens: { access_token: "t", token_type: "Bearer" },
+      },
+    };
+    const provider = makeProvider(auth);
+    expect(provider.isExpired()).toBe(false);
+  });
+
+  test("invalidateCredentials clears tokens scope", async () => {
+    const dir = await mkdtemp(join(tmpdir(), "mcpcli-oauth-"));
+    const auth: AuthFile = {
+      srv: {
+        tokens: { access_token: "t", token_type: "Bearer" },
+        client_info: { client_id: "c" },
+      },
+    };
+    const provider = new McpOAuthProvider({ serverName: "srv", configDir: dir, auth });
+
+    await provider.invalidateCredentials("tokens");
+    expect(provider.tokens()?.access_token).toBeUndefined();
+    // client_info should be preserved
+    expect(provider.clientInformation()?.client_id).toBe("c");
+
+    await rm(dir, { recursive: true });
+  });
+
+  test("invalidateCredentials clears all scope", async () => {
+    const dir = await mkdtemp(join(tmpdir(), "mcpcli-oauth-"));
+    const auth: AuthFile = {
+      srv: {
+        tokens: { access_token: "t", token_type: "Bearer" },
+        client_info: { client_id: "c" },
+      },
+    };
+    const provider = new McpOAuthProvider({ serverName: "srv", configDir: dir, auth });
+
+    await provider.invalidateCredentials("all");
+    expect(provider.tokens()).toBeUndefined();
+    expect(provider.clientInformation()).toBeUndefined();
+
+    await rm(dir, { recursive: true });
+  });
+
+  test("redirectUrl includes callback port", () => {
+    const provider = makeProvider();
+    provider.setCallbackPort(12345);
+    expect(provider.redirectUrl).toBe("http://127.0.0.1:12345/callback");
+  });
+});
+
+describe("refreshIfNeeded", () => {
+  test("no-op when token is not expired", async () => {
+    const auth: AuthFile = {
+      "test-server": {
+        tokens: { access_token: "t", token_type: "Bearer" },
+        expires_at: new Date(Date.now() + 60000).toISOString(),
+      },
+    };
+    const provider = makeProvider(auth);
+    // Should not throw — token is still valid
+    await provider.refreshIfNeeded("http://example.com");
+  });
+
+  test("throws when expired with no refresh token", async () => {
+    const auth: AuthFile = {
+      "test-server": {
+        tokens: { access_token: "t", token_type: "Bearer" },
+        expires_at: new Date(Date.now() - 60000).toISOString(),
+      },
+    };
+    const provider = makeProvider(auth);
+    await expect(provider.refreshIfNeeded("http://example.com")).rejects.toThrow(
+      "no refresh token available",
+    );
+  });
+
+  test("throws when expired with refresh token but no client info", async () => {
+    const auth: AuthFile = {
+      "test-server": {
+        tokens: {
+          access_token: "old-token",
+          token_type: "Bearer",
+          refresh_token: "my-refresh-token",
+        },
+        expires_at: new Date(Date.now() - 60000).toISOString(),
+      },
+    };
+    const provider = makeProvider(auth);
+    await expect(provider.refreshIfNeeded("http://example.com")).rejects.toThrow(
+      "No client information",
+    );
+  });
+
+  test("refreshes token when expired with refresh token and client info", async () => {
+    const dir = await mkdtemp(join(tmpdir(), "mcpcli-oauth-refresh-"));
+    const origIsTTY = process.stderr.isTTY;
+    Object.defineProperty(process.stderr, "isTTY", { value: true, writable: true });
+    const stderrSpy = spyOn(process.stderr, "write").mockReturnValue(true);
+    logger.configure({});
+    try {
+      const auth: AuthFile = {
+        "test-server": {
+          tokens: {
+            access_token: "old-expired-token",
+            token_type: "Bearer",
+            refresh_token: "my-refresh-token",
+          },
+          expires_at: new Date(Date.now() - 60000).toISOString(),
+          client_info: { client_id: "my-client", client_secret: "my-secret" },
+          complete: true,
+        },
+      };
+      const provider = new McpOAuthProvider({
+        serverName: "test-server",
+        configDir: dir,
+        auth,
+      });
+
+      mockRefreshAuthorization.mockClear();
+
+      await provider.refreshIfNeeded("http://example.com");
+
+      // Verify refreshAuthorization was called with correct args
+      expect(mockRefreshAuthorization).toHaveBeenCalledTimes(1);
+      expect(mockRefreshAuthorization).toHaveBeenCalledWith("http://example.com", {
+        clientInformation: { client_id: "my-client", client_secret: "my-secret" },
+        refreshToken: "my-refresh-token",
+      });
+
+      // Verify new tokens were saved in memory
+      const tokens = provider.tokens();
+      expect(tokens?.access_token).toBe("refreshed-access-token");
+      expect(tokens?.refresh_token).toBe("new-refresh-token");
+
+      // Verify expires_at was updated to a future date
+      const expiresAt = new Date(auth["test-server"]!.expires_at!).getTime();
+      expect(expiresAt).toBeGreaterThan(Date.now());
+
+      // Verify auth.json was written to disk
+      const diskContent = await readFile(join(dir, "auth.json"), "utf-8");
+      const diskAuth = JSON.parse(diskContent);
+      expect(diskAuth["test-server"].tokens.access_token).toBe("refreshed-access-token");
+
+      // Verify refresh was logged to stderr
+      expect(stderrSpy).toHaveBeenCalled();
+      const written = stderrSpy.mock.calls.map((c) => String(c[0])).join("");
+      expect(written).toContain('Token refreshed for "test-server"');
+    } finally {
+      stderrSpy.mockRestore();
+      Object.defineProperty(process.stderr, "isTTY", { value: origIsTTY, writable: true });
+      await rm(dir, { recursive: true });
+    }
+  });
+});
+
+describe("startCallbackServer", () => {
+  let server: ReturnType<typeof Bun.serve> | undefined;
+
+  afterEach(() => {
+    if (server) {
+      server.stop();
+      server = undefined;
+    }
+  });
+
+  test("returns authorization code on /callback?code=xxx", async () => {
+    const result = startCallbackServer();
+    server = result.server;
+
+    const url = `http://127.0.0.1:${server.port}/callback?code=test-code-123`;
+    const response = await fetch(url);
+    expect(response.status).toBe(200);
+    const html = await response.text();
+    expect(html).toContain("Authenticated");
+
+    const code = await result.authCodePromise;
+    expect(code).toBe("test-code-123");
+  });
+
+  test("rejects on /callback?error=access_denied", async () => {
+    const result = startCallbackServer();
+    server = result.server;
+
+    // Catch rejection to prevent unhandled rejection
+    const errorPromise = result.authCodePromise.catch((err) => err);
+
+    const url = `http://127.0.0.1:${server.port}/callback?error=access_denied&error_description=User+denied`;
+    await fetch(url);
+
+    const err = await errorPromise;
+    expect(err).toBeInstanceOf(Error);
+    expect((err as Error).message).toContain("OAuth error: User denied");
+  });
+
+  test("returns 404 on unknown paths", async () => {
+    const result = startCallbackServer();
+    server = result.server;
+
+    const response = await fetch(`http://127.0.0.1:${server.port}/other`);
+    expect(response.status).toBe(404);
+  });
+});