npm - @frontmcp/adapters - Versions diffs - 0.3.0 → 0.4.0 - Mend

@frontmcp/adapters 0.3.0 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (21) hide show

package/LICENSE +201 -0
package/README.md +4 -1
package/package.json +8 -5
package/src/openapi/README.md +753 -0
package/src/openapi/__tests__/fixtures.d.ts +58 -0
package/src/openapi/__tests__/fixtures.js +286 -0
package/src/openapi/__tests__/fixtures.js.map +1 -0
package/src/openapi/openapi.adapter.d.ts +6 -1
package/src/openapi/openapi.adapter.js +73 -22
package/src/openapi/openapi.adapter.js.map +1 -1
package/src/openapi/openapi.security.d.ts +56 -0
package/src/openapi/openapi.security.js +174 -0
package/src/openapi/openapi.security.js.map +1 -0
package/src/openapi/openapi.tool.d.ts +10 -3
package/src/openapi/openapi.tool.js +50 -78
package/src/openapi/openapi.tool.js.map +1 -1
package/src/openapi/openapi.types.d.ts +75 -5
package/src/openapi/openapi.types.js.map +1 -1
package/src/openapi/openapi.utils.d.ts +35 -0
package/src/openapi/openapi.utils.js +126 -0
package/src/openapi/openapi.utils.js.map +1 -0

package/src/openapi/openapi.security.js ADDED Viewed

@@ -0,0 +1,174 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createSecurityContextFromAuth = createSecurityContextFromAuth;
+exports.extractSecuritySchemes = extractSecuritySchemes;
+exports.validateSecurityConfiguration = validateSecurityConfiguration;
+exports.resolveToolSecurity = resolveToolSecurity;
+const mcp_from_openapi_1 = require("mcp-from-openapi");
+/**
+ * Resolve security context from FrontMCP auth info with support for multiple auth providers
+ *
+ * @param tool - OpenAPI tool to resolve security for
+ * @param authInfo - FrontMCP authentication info
+ * @param options - Adapter options with auth configuration
+ * @returns Security context for resolver
+ */
+async function createSecurityContextFromAuth(tool, authInfo, options) {
+    // 1. Use custom security resolver if provided (highest priority)
+    if (options.securityResolver) {
+        return await options.securityResolver(tool, authInfo);
+    }
+    // 2. Use auth provider mapper if provided
+    if (options.authProviderMapper) {
+        const context = (0, mcp_from_openapi_1.createSecurityContext)({});
+        // Find all security schemes used by this tool
+        const securitySchemes = new Set();
+        for (const mapper of tool.mapper) {
+            if (mapper.security?.scheme) {
+                securitySchemes.add(mapper.security.scheme);
+            }
+        }
+        // Map each security scheme to its auth provider
+        for (const scheme of securitySchemes) {
+            const authExtractor = options.authProviderMapper[scheme];
+            if (authExtractor) {
+                const token = authExtractor(authInfo);
+                if (token) {
+                    // Store in jwt field for http bearer auth
+                    // For other auth types, you can extend this logic
+                    context.jwt = token;
+                    break; // Use first matching provider
+                }
+            }
+        }
+        // If no provider matched but we have a default token, use it
+        if (!context.jwt && authInfo.token) {
+            context.jwt = authInfo.token;
+        }
+        return context;
+    }
+    // 3. Use static auth if provided
+    if (options.staticAuth) {
+        return (0, mcp_from_openapi_1.createSecurityContext)(options.staticAuth);
+    }
+    // 4. Default: use main JWT token from auth context
+    return (0, mcp_from_openapi_1.createSecurityContext)({
+        jwt: authInfo?.token,
+    });
+}
+/**
+ * Extract all security schemes used by a set of tools
+ *
+ * @param tools - OpenAPI tools
+ * @returns Set of security scheme names
+ */
+function extractSecuritySchemes(tools) {
+    const schemes = new Set();
+    for (const tool of tools) {
+        for (const mapper of tool.mapper) {
+            if (mapper.security?.scheme) {
+                schemes.add(mapper.security.scheme);
+            }
+        }
+    }
+    return schemes;
+}
+/**
+ * Validate security configuration against OpenAPI security requirements
+ *
+ * @param tools - OpenAPI tools
+ * @param options - Adapter options
+ * @returns Validation result with errors and warnings
+ */
+function validateSecurityConfiguration(tools, options) {
+    const result = {
+        valid: true,
+        missingMappings: [],
+        warnings: [],
+        securityRiskScore: 'low',
+    };
+    // Extract all security schemes used
+    const securitySchemes = extractSecuritySchemes(tools);
+    // If includeSecurityInInput is true, auth is provided by user (high security risk)
+    const includeSecurityInInput = options.generateOptions?.includeSecurityInInput ?? false;
+    if (includeSecurityInInput) {
+        result.securityRiskScore = 'high';
+        result.warnings.push('SECURITY WARNING: includeSecurityInInput is enabled. Users will provide authentication directly in tool inputs. This increases security risk as credentials may be logged or exposed.');
+        // Don't validate mappings if security is in input
+        return result;
+    }
+    // Check if we have custom security resolver (most flexible, low risk)
+    if (options.securityResolver) {
+        result.securityRiskScore = 'low';
+        result.warnings.push('INFO: Using custom securityResolver. Ensure your resolver properly validates and secures credentials from context.');
+        return result;
+    }
+    // Check if we have static auth (medium risk - static credentials)
+    if (options.staticAuth && Object.keys(options.staticAuth).length > 0) {
+        result.securityRiskScore = 'medium';
+        result.warnings.push('SECURITY INFO: Using staticAuth with hardcoded credentials. Ensure credentials are stored securely (environment variables, secrets manager).');
+        // If static auth is provided, assume it covers all schemes
+        return result;
+    }
+    // Check authProviderMapper (low risk - context-based auth)
+    if (options.authProviderMapper) {
+        result.securityRiskScore = 'low';
+        // Validate that all schemes have mappings
+        for (const scheme of securitySchemes) {
+            if (!options.authProviderMapper[scheme]) {
+                result.valid = false;
+                result.missingMappings.push(scheme);
+            }
+        }
+        if (!result.valid) {
+            result.warnings.push(`ERROR: Missing auth provider mappings for security schemes: ${result.missingMappings.join(', ')}`);
+        }
+        return result;
+    }
+    // No auth configuration provided - will use default ctx.authInfo.token
+    // This only works if there's a single Bearer auth scheme
+    if (securitySchemes.size > 0) {
+        result.securityRiskScore = 'medium';
+        result.warnings.push(`INFO: No auth configuration provided. Using default ctx.authInfo.token for all security schemes: ${Array.from(securitySchemes).join(', ')}`);
+        result.warnings.push('RECOMMENDATION: For multiple auth providers, use authProviderMapper or securityResolver to map each security scheme to the correct auth provider.');
+    }
+    return result;
+}
+/**
+ * Resolve security for an OpenAPI tool with validation
+ *
+ * @param tool - OpenAPI tool with mapper
+ * @param authInfo - FrontMCP authentication info
+ * @param options - Adapter options with auth configuration
+ * @returns Resolved security (headers, query params, etc.)
+ * @throws Error if security cannot be resolved
+ */
+async function resolveToolSecurity(tool, authInfo, options) {
+    const securityResolver = new mcp_from_openapi_1.SecurityResolver();
+    const securityContext = await createSecurityContextFromAuth(tool, authInfo, options);
+    // Validate that we have auth for this tool
+    const hasAuth = securityContext.jwt ||
+        securityContext.apiKey ||
+        securityContext.basic ||
+        securityContext.oauth2Token ||
+        (securityContext.apiKeys && Object.keys(securityContext.apiKeys).length > 0) ||
+        (securityContext.customHeaders && Object.keys(securityContext.customHeaders).length > 0);
+    // Check if this tool requires security
+    const requiresSecurity = tool.mapper.some((m) => m.security && m.required);
+    if (requiresSecurity && !hasAuth) {
+        // Extract security scheme names
+        const schemes = tool.mapper
+            .filter((m) => m.security && m.required)
+            .map((m) => m.security?.scheme ?? 'unknown')
+            .join(', ');
+        throw new Error(`Authentication required for tool '${tool.name}' but no auth configuration found.\n` +
+            `Required security schemes: ${schemes}\n` +
+            `Solutions:\n` +
+            `  1. Add authProviderMapper: { '${schemes.split(',')[0].trim()}': (authInfo) => authInfo.user?.token }\n` +
+            `  2. Add securityResolver: (tool, authInfo) => ({ jwt: authInfo.token })\n` +
+            `  3. Add staticAuth: { jwt: process.env.API_TOKEN }\n` +
+            `  4. Set generateOptions.includeSecurityInInput: true (not recommended for production)`);
+    }
+    return await securityResolver.resolve(tool.mapper, securityContext);
+}
+//# sourceMappingURL=openapi.security.js.map

package/src/openapi/openapi.security.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"openapi.security.js","sourceRoot":"","sources":["../../../src/openapi/openapi.security.ts"],"names":[],"mappings":";;AAsCA,sEAqDC;AAQD,wDAYC;AASD,sEAkFC;AAWD,kDAuCC;AA5PD,uDAK0B;AAyB1B;;;;;;;GAOG;AACI,KAAK,UAAU,6BAA6B,CACjD,IAAoB,EACpB,QAAkB,EAClB,OAA8F;IAE9F,iEAAiE;IACjE,IAAI,OAAO,CAAC,gBAAgB,EAAE,CAAC;QAC7B,OAAO,MAAM,OAAO,CAAC,gBAAgB,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;IACxD,CAAC;IAED,0CAA0C;IAC1C,IAAI,OAAO,CAAC,kBAAkB,EAAE,CAAC;QAC/B,MAAM,OAAO,GAAG,IAAA,wCAAqB,EAAC,EAAE,CAAC,CAAC;QAE1C,8CAA8C;QAC9C,MAAM,eAAe,GAAG,IAAI,GAAG,EAAU,CAAC;QAC1C,KAAK,MAAM,MAAM,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YACjC,IAAI,MAAM,CAAC,QAAQ,EAAE,MAAM,EAAE,CAAC;gBAC5B,eAAe,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;YAC9C,CAAC;QACH,CAAC;QAED,gDAAgD;QAChD,KAAK,MAAM,MAAM,IAAI,eAAe,EAAE,CAAC;YACrC,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,MAAM,CAAC,CAAC;YACzD,IAAI,aAAa,EAAE,CAAC;gBAClB,MAAM,KAAK,GAAG,aAAa,CAAC,QAAQ,CAAC,CAAC;gBACtC,IAAI,KAAK,EAAE,CAAC;oBACV,0CAA0C;oBAC1C,kDAAkD;oBAClD,OAAO,CAAC,GAAG,GAAG,KAAK,CAAC;oBACpB,MAAM,CAAC,8BAA8B;gBACvC,CAAC;YACH,CAAC;QACH,CAAC;QAED,6DAA6D;QAC7D,IAAI,CAAC,OAAO,CAAC,GAAG,IAAI,QAAQ,CAAC,KAAK,EAAE,CAAC;YACnC,OAAO,CAAC,GAAG,GAAG,QAAQ,CAAC,KAAK,CAAC;QAC/B,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,iCAAiC;IACjC,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC;QACvB,OAAO,IAAA,wCAAqB,EAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IACnD,CAAC;IAED,mDAAmD;IACnD,OAAO,IAAA,wCAAqB,EAAC;QAC3B,GAAG,EAAE,QAAQ,EAAE,KAAK;KACrB,CAAC,CAAC;AACL,CAAC;AAED;;;;;GAKG;AACH,SAAgB,sBAAsB,CAAC,KAAuB;IAC5D,MAAM,OAAO,GAAG,IAAI,GAAG,EAAU,CAAC;IAElC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,KAAK,MAAM,MAAM,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YACjC,IAAI,MAAM,CAAC,QAAQ,EAAE,MAAM,EAAE,CAAC;gBAC5B,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;YACtC,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,6BAA6B,CAC3C,KAAuB,EACvB,OAGC;IAED,MAAM,MAAM,GAA6B;QACvC,KAAK,EAAE,IAAI;QACX,eAAe,EAAE,EAAE;QACnB,QAAQ,EAAE,EAAE;QACZ,iBAAiB,EAAE,KAAK;KACzB,CAAC;IAEF,oCAAoC;IACpC,MAAM,eAAe,GAAG,sBAAsB,CAAC,KAAK,CAAC,CAAC;IAEtD,mFAAmF;IACnF,MAAM,sBAAsB,GAAG,OAAO,CAAC,eAAe,EAAE,sBAAsB,IAAI,KAAK,CAAC;IAExF,IAAI,sBAAsB,EAAE,CAAC;QAC3B,MAAM,CAAC,iBAAiB,GAAG,MAAM,CAAC;QAClC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAClB,uLAAuL,CACxL,CAAC;QACF,kDAAkD;QAClD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,sEAAsE;IACtE,IAAI,OAAO,CAAC,gBAAgB,EAAE,CAAC;QAC7B,MAAM,CAAC,iBAAiB,GAAG,KAAK,CAAC;QACjC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAClB,oHAAoH,CACrH,CAAC;QACF,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,kEAAkE;IAClE,IAAI,OAAO,CAAC,UAAU,IAAI,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACrE,MAAM,CAAC,iBAAiB,GAAG,QAAQ,CAAC;QACpC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAClB,8IAA8I,CAC/I,CAAC;QACF,2DAA2D;QAC3D,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,2DAA2D;IAC3D,IAAI,OAAO,CAAC,kBAAkB,EAAE,CAAC;QAC/B,MAAM,CAAC,iBAAiB,GAAG,KAAK,CAAC;QAEjC,0CAA0C;QAC1C,KAAK,MAAM,MAAM,IAAI,eAAe,EAAE,CAAC;YACrC,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,MAAM,CAAC,EAAE,CAAC;gBACxC,MAAM,CAAC,KAAK,GAAG,KAAK,CAAC;gBACrB,MAAM,CAAC,eAAe,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACtC,CAAC;QACH,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;YAClB,MAAM,CAAC,QAAQ,CAAC,IAAI,CAClB,+DAA+D,MAAM,CAAC,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACnG,CAAC;QACJ,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,uEAAuE;IACvE,yDAAyD;IACzD,IAAI,eAAe,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;QAC7B,MAAM,CAAC,iBAAiB,GAAG,QAAQ,CAAC;QACpC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAClB,oGAAoG,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAC7I,CAAC;QACF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAClB,mJAAmJ,CACpJ,CAAC;IACJ,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;;;;GAQG;AACI,KAAK,UAAU,mBAAmB,CACvC,IAAoB,EACpB,QAAkB,EAClB,OAA8F;IAE9F,MAAM,gBAAgB,GAAG,IAAI,mCAAgB,EAAE,CAAC;IAChD,MAAM,eAAe,GAAG,MAAM,6BAA6B,CAAC,IAAI,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;IAErF,2CAA2C;IAC3C,MAAM,OAAO,GACX,eAAe,CAAC,GAAG;QACnB,eAAe,CAAC,MAAM;QACtB,eAAe,CAAC,KAAK;QACrB,eAAe,CAAC,WAAW;QAC3B,CAAC,eAAe,CAAC,OAAO,IAAI,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC;QAC5E,CAAC,eAAe,CAAC,aAAa,IAAI,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,aAAa,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAE3F,uCAAuC;IACvC,MAAM,gBAAgB,GAAG,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,QAAQ,CAAC,CAAC;IAE3E,IAAI,gBAAgB,IAAI,CAAC,OAAO,EAAE,CAAC;QACjC,gCAAgC;QAChC,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM;aACxB,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,QAAQ,CAAC;aACvC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,EAAE,MAAM,IAAI,SAAS,CAAC;aAC3C,IAAI,CAAC,IAAI,CAAC,CAAC;QAEd,MAAM,IAAI,KAAK,CACb,qCAAqC,IAAI,CAAC,IAAI,sCAAsC;YAClF,8BAA8B,OAAO,IAAI;YACzC,cAAc;YACd,mCAAmC,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,2CAA2C;YAC1G,4EAA4E;YAC5E,uDAAuD;YACvD,wFAAwF,CAC3F,CAAC;IACJ,CAAC;IAED,OAAO,MAAM,gBAAgB,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;AACtE,CAAC","sourcesContent":["import {\n SecurityResolver,\n createSecurityContext,\n type McpOpenAPITool,\n type SecurityContext,\n} from 'mcp-from-openapi';\nimport type { AuthInfo } from '@modelcontextprotocol/sdk/server/auth/types.js';\nimport type { OpenApiAdapterOptions } from './openapi.types';\n\n/**\n * Security scheme information extracted from OpenAPI spec\n */\nexport interface SecuritySchemeInfo {\n name: string;\n type: string;\n scheme?: string;\n in?: string;\n description?: string;\n}\n\n/**\n * Security validation result\n */\nexport interface SecurityValidationResult {\n valid: boolean;\n missingMappings: string[];\n warnings: string[];\n securityRiskScore: 'low' | 'medium' | 'high';\n}\n\n/**\n * Resolve security context from FrontMCP auth info with support for multiple auth providers\n *\n * @param tool - OpenAPI tool to resolve security for\n * @param authInfo - FrontMCP authentication info\n * @param options - Adapter options with auth configuration\n * @returns Security context for resolver\n */\nexport async function createSecurityContextFromAuth(\n tool: McpOpenAPITool,\n authInfo: AuthInfo,\n options: Pick<OpenApiAdapterOptions, 'securityResolver' | 'authProviderMapper' | 'staticAuth'>\n): Promise<SecurityContext> {\n // 1. Use custom security resolver if provided (highest priority)\n if (options.securityResolver) {\n return await options.securityResolver(tool, authInfo);\n }\n\n // 2. Use auth provider mapper if provided\n if (options.authProviderMapper) {\n const context = createSecurityContext({});\n\n // Find all security schemes used by this tool\n const securitySchemes = new Set<string>();\n for (const mapper of tool.mapper) {\n if (mapper.security?.scheme) {\n securitySchemes.add(mapper.security.scheme);\n }\n }\n\n // Map each security scheme to its auth provider\n for (const scheme of securitySchemes) {\n const authExtractor = options.authProviderMapper[scheme];\n if (authExtractor) {\n const token = authExtractor(authInfo);\n if (token) {\n // Store in jwt field for http bearer auth\n // For other auth types, you can extend this logic\n context.jwt = token;\n break; // Use first matching provider\n }\n }\n }\n\n // If no provider matched but we have a default token, use it\n if (!context.jwt && authInfo.token) {\n context.jwt = authInfo.token;\n }\n\n return context;\n }\n\n // 3. Use static auth if provided\n if (options.staticAuth) {\n return createSecurityContext(options.staticAuth);\n }\n\n // 4. Default: use main JWT token from auth context\n return createSecurityContext({\n jwt: authInfo?.token,\n });\n}\n\n/**\n * Extract all security schemes used by a set of tools\n *\n * @param tools - OpenAPI tools\n * @returns Set of security scheme names\n */\nexport function extractSecuritySchemes(tools: McpOpenAPITool[]): Set<string> {\n const schemes = new Set<string>();\n\n for (const tool of tools) {\n for (const mapper of tool.mapper) {\n if (mapper.security?.scheme) {\n schemes.add(mapper.security.scheme);\n }\n }\n }\n\n return schemes;\n}\n\n/**\n * Validate security configuration against OpenAPI security requirements\n *\n * @param tools - OpenAPI tools\n * @param options - Adapter options\n * @returns Validation result with errors and warnings\n */\nexport function validateSecurityConfiguration(\n tools: McpOpenAPITool[],\n options: Pick<\n OpenApiAdapterOptions,\n 'securityResolver' | 'authProviderMapper' | 'staticAuth' | 'generateOptions'\n >\n): SecurityValidationResult {\n const result: SecurityValidationResult = {\n valid: true,\n missingMappings: [],\n warnings: [],\n securityRiskScore: 'low',\n };\n\n // Extract all security schemes used\n const securitySchemes = extractSecuritySchemes(tools);\n\n // If includeSecurityInInput is true, auth is provided by user (high security risk)\n const includeSecurityInInput = options.generateOptions?.includeSecurityInInput ?? false;\n\n if (includeSecurityInInput) {\n result.securityRiskScore = 'high';\n result.warnings.push(\n 'SECURITY WARNING: includeSecurityInInput is enabled. Users will provide authentication directly in tool inputs. This increases security risk as credentials may be logged or exposed.'\n );\n // Don't validate mappings if security is in input\n return result;\n }\n\n // Check if we have custom security resolver (most flexible, low risk)\n if (options.securityResolver) {\n result.securityRiskScore = 'low';\n result.warnings.push(\n 'INFO: Using custom securityResolver. Ensure your resolver properly validates and secures credentials from context.'\n );\n return result;\n }\n\n // Check if we have static auth (medium risk - static credentials)\n if (options.staticAuth && Object.keys(options.staticAuth).length > 0) {\n result.securityRiskScore = 'medium';\n result.warnings.push(\n 'SECURITY INFO: Using staticAuth with hardcoded credentials. Ensure credentials are stored securely (environment variables, secrets manager).'\n );\n // If static auth is provided, assume it covers all schemes\n return result;\n }\n\n // Check authProviderMapper (low risk - context-based auth)\n if (options.authProviderMapper) {\n result.securityRiskScore = 'low';\n\n // Validate that all schemes have mappings\n for (const scheme of securitySchemes) {\n if (!options.authProviderMapper[scheme]) {\n result.valid = false;\n result.missingMappings.push(scheme);\n }\n }\n\n if (!result.valid) {\n result.warnings.push(\n `ERROR: Missing auth provider mappings for security schemes: ${result.missingMappings.join(', ')}`\n );\n }\n\n return result;\n }\n\n // No auth configuration provided - will use default ctx.authInfo.token\n // This only works if there's a single Bearer auth scheme\n if (securitySchemes.size > 0) {\n result.securityRiskScore = 'medium';\n result.warnings.push(\n `INFO: No auth configuration provided. Using default ctx.authInfo.token for all security schemes: ${Array.from(securitySchemes).join(', ')}`\n );\n result.warnings.push(\n 'RECOMMENDATION: For multiple auth providers, use authProviderMapper or securityResolver to map each security scheme to the correct auth provider.'\n );\n }\n\n return result;\n}\n\n/**\n * Resolve security for an OpenAPI tool with validation\n *\n * @param tool - OpenAPI tool with mapper\n * @param authInfo - FrontMCP authentication info\n * @param options - Adapter options with auth configuration\n * @returns Resolved security (headers, query params, etc.)\n * @throws Error if security cannot be resolved\n */\nexport async function resolveToolSecurity(\n tool: McpOpenAPITool,\n authInfo: AuthInfo,\n options: Pick<OpenApiAdapterOptions, 'securityResolver' | 'authProviderMapper' | 'staticAuth'>\n) {\n const securityResolver = new SecurityResolver();\n const securityContext = await createSecurityContextFromAuth(tool, authInfo, options);\n\n // Validate that we have auth for this tool\n const hasAuth =\n securityContext.jwt ||\n securityContext.apiKey ||\n securityContext.basic ||\n securityContext.oauth2Token ||\n (securityContext.apiKeys && Object.keys(securityContext.apiKeys).length > 0) ||\n (securityContext.customHeaders && Object.keys(securityContext.customHeaders).length > 0);\n\n // Check if this tool requires security\n const requiresSecurity = tool.mapper.some((m) => m.security && m.required);\n\n if (requiresSecurity && !hasAuth) {\n // Extract security scheme names\n const schemes = tool.mapper\n .filter((m) => m.security && m.required)\n .map((m) => m.security?.scheme ?? 'unknown')\n .join(', ');\n\n throw new Error(\n `Authentication required for tool '${tool.name}' but no auth configuration found.\\n` +\n `Required security schemes: ${schemes}\\n` +\n `Solutions:\\n` +\n ` 1. Add authProviderMapper: { '${schemes.split(',')[0].trim()}': (authInfo) => authInfo.user?.token }\\n` +\n ` 2. Add securityResolver: (tool, authInfo) => ({ jwt: authInfo.token })\\n` +\n ` 3. Add staticAuth: { jwt: process.env.API_TOKEN }\\n` +\n ` 4. Set generateOptions.includeSecurityInInput: true (not recommended for production)`\n );\n }\n\n return await securityResolver.resolve(tool.mapper, securityContext);\n}\n"]}

package/src/openapi/openapi.tool.d.ts CHANGED Viewed

@@ -1,3 +1,10 @@
-import { McpToolDefinition } from "openapi-mcp-generator";
-import { OpenApiAdapterOptions } from "./openapi.types";
-export declare const createOpenApiTool: (oTool: McpToolDefinition, options: OpenApiAdapterOptions) => () => void;
+import type { McpOpenAPITool } from 'mcp-from-openapi';
+import type { OpenApiAdapterOptions } from './openapi.types';
+/**
+ * Create a FrontMCP tool from an OpenAPI tool definition
+ *
+ * @param openapiTool - OpenAPI tool with mapper
+ * @param options - Adapter options
+ * @returns FrontMCP tool
+ */
+export declare function createOpenApiTool(openapiTool: McpOpenAPITool, options: OpenApiAdapterOptions): () => void;

package/src/openapi/openapi.tool.js CHANGED Viewed

@@ -1,67 +1,65 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.createOpenApiTool = void 0;
+exports.createOpenApiTool = createOpenApiTool;
 const zod_1 = require("zod");
 const sdk_1 = require("@frontmcp/sdk");
-const zod_from_json_schema_1 = require("zod-from-json-schema");
-const createOpenApiTool = (oTool, options) => {
-    const inputSchema = getZodSchemaFromJsonSchema(oTool.inputSchema, oTool.name);
-    const { additionalHeaders, headersMapper } = options;
+const json_schema_to_zod_v3_1 = require("json-schema-to-zod-v3");
+const openapi_utils_1 = require("./openapi.utils");
+const openapi_security_1 = require("./openapi.security");
+/**
+ * Create a FrontMCP tool from an OpenAPI tool definition
+ *
+ * @param openapiTool - OpenAPI tool with mapper
+ * @param options - Adapter options
+ * @returns FrontMCP tool
+ */
+function createOpenApiTool(openapiTool, options) {
+    // Convert JSON Schema to Zod schema for input validation
+    const inputSchema = getZodSchemaFromJsonSchema(openapiTool.inputSchema, openapiTool.name);
     return (0, sdk_1.tool)({
-        id: oTool.name,
-        name: oTool.name,
-        description: oTool.description,
-        inputSchema: inputSchema,
-        rawInputSchema: oTool.inputSchema,
-        // outputSchema: outputSchema.shape
+        id: openapiTool.name,
+        name: openapiTool.name,
+        description: openapiTool.description,
+        inputSchema: inputSchema.shape || {},
+        rawInputSchema: openapiTool.inputSchema,
     })(async (input, ctx) => {
-        let { urlPath, headers, queryParams } = prepareUrl(oTool, input);
-        let requestBodyData = undefined;
-        if (additionalHeaders) {
-            for (const [key, value] of Object.entries(additionalHeaders)) {
-                headers.append(key, value);
-            }
+        // 1. Resolve security from context
+        const security = await (0, openapi_security_1.resolveToolSecurity)(openapiTool, ctx.authInfo, options);
+        // 2. Build request from mapper
+        const { url, headers, body: requestBody } = (0, openapi_utils_1.buildRequest)(openapiTool, input, security, options.baseUrl);
+        // 3. Apply additional headers
+        (0, openapi_utils_1.applyAdditionalHeaders)(headers, options.additionalHeaders);
+        // 4. Apply custom headers mapper
+        if (options.headersMapper) {
+            const mappedHeaders = options.headersMapper(ctx.authInfo, headers);
+            mappedHeaders.forEach((value, key) => {
+                headers.set(key, value);
+            });
         }
-        if (typeof headersMapper === 'function') {
-            headers = headersMapper(ctx.authInfo, headers);
+        // 5. Apply custom body mapper
+        let finalBody = requestBody;
+        if (options.bodyMapper && requestBody) {
+            finalBody = options.bodyMapper(ctx.authInfo, requestBody);
         }
-        if (!['HEAD', 'GET', 'OPTIONS'].includes(oTool.method)) {
-            // prepare body
-            if (oTool.requestBodyContentType && typeof input['requestBody'] !== 'undefined') {
-                requestBodyData = input['requestBody'];
-                if (oTool.requestBodyContentType?.includes('application/json')) {
-                    requestBodyData = JSON.stringify(requestBodyData);
-                }
-                headers.set('content-type', oTool.requestBodyContentType);
-            }
+        // 6. Set content-type if we have a body
+        if (finalBody && !headers.has('content-type')) {
+            headers.set('content-type', 'application/json');
         }
-        const query = queryParams.toString();
-        const url = `${options.baseUrl}${urlPath}${query ? `?${query}` : ''}`;
-        const res = await fetch(url, {
-            method: oTool.method,
+        // 7. Execute request
+        const response = await fetch(url, {
+            method: openapiTool.metadata.method.toUpperCase(),
             headers,
-            body: requestBodyData,
+            body: finalBody ? JSON.stringify(finalBody) : undefined,
         });
-        const data = await res.text();
-        let result = { data };
-        if (res.headers.get('content-type')?.includes('application/json')) {
-            try {
-                result.data = JSON.parse(data);
-            }
-            catch (e) {
-                console.error("failed to parse api response"); // migrate to logger
-                result.data = data;
-            }
-        }
-        return result;
+        // 8. Parse and return response
+        return await (0, openapi_utils_1.parseResponse)(response);
     });
-};
-exports.createOpenApiTool = createOpenApiTool;
+}
 /**
  * Converts a JSON Schema to a Zod schema for runtime validation
  *
- * @param jsonSchema JSON Schema
- * @param toolName Tool name for error reporting
+ * @param jsonSchema - JSON Schema
+ * @param toolName - Tool name for error reporting
  * @returns Zod schema
  */
 function getZodSchemaFromJsonSchema(jsonSchema, toolName) {
@@ -69,41 +67,15 @@ function getZodSchemaFromJsonSchema(jsonSchema, toolName) {
         return zod_1.z.object({}).passthrough();
     }
     try {
-        const zodSchema = (0, zod_from_json_schema_1.convertJsonSchemaToZod)(jsonSchema);
+        const zodSchema = (0, json_schema_to_zod_v3_1.convertJsonSchemaToZod)(jsonSchema);
         if (typeof zodSchema?.parse !== 'function') {
-            throw new Error('Eval did not produce a valid Zod schema.');
+            throw new Error('Conversion did not produce a valid Zod schema.');
         }
         return zodSchema;
     }
     catch (err) {
-        console.error(`Failed to generate/evaluate Zod schema for '${toolName}':`, err);
+        console.error(`Failed to generate Zod schema for '${toolName}':`, err);
         return zod_1.z.object({}).passthrough();
     }
 }
-const prepareUrl = (definition, validatedArgs) => {
-    // Prepare URL, query parameters, headers, and request body
-    let urlPath = definition.pathTemplate;
-    const queryParams = new URLSearchParams({ "v": '1' });
-    const headers = new Headers({ 'accept': 'application/json' });
-    // Apply parameters to the URL path, query, or headers
-    definition.executionParameters.forEach((param) => {
-        const value = validatedArgs[param.name];
-        if (typeof value !== 'undefined' && value !== null) {
-            if (param.in === 'path') {
-                urlPath = urlPath.replace(`{${param.name}}`, encodeURIComponent(String(value)));
-            }
-            else if (param.in === 'query') {
-                queryParams.set(param.name, value);
-            }
-            else if (param.in === 'header') {
-                headers.append(param.name.toLowerCase(), String(value));
-            }
-        }
-    });
-    // Ensure all path parameters are resolved
-    if (urlPath.includes('{')) {
-        throw new Error(`Failed to resolve path parameters: ${urlPath}`);
-    }
-    return { urlPath, headers, queryParams };
-};
 //# sourceMappingURL=openapi.tool.js.map

package/src/openapi/openapi.tool.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"openapi.tool.js","sourceRoot":"","sources":["../../../src/openapi/openapi.tool.ts"],"names":[],"mappings":"~~;;;AAAA~~,~~6BAAsB~~;~~AAEtB~~,~~uCAAmC~~;~~AACnC,+DAA4D~~;~~AAIrD~~,~~MAAM~~,~~iBAAiB~~,~~GAAG~~,~~CAAC~~,~~KAAwB~~,~~EAAE~~,~~OAA8B~~,~~EAAE~~,~~EAAE~~;~~IAC5F~~,MAAM,WAAW,GAAG,0BAA0B,CAAC,~~KAAK~~,CAAC,WAAW,EAAE,~~KAAK~~,CAAC,IAAI,CAAC,CAAC;~~IAE9E~~,~~MAAM,EAAC,iBAAiB,EAAE,aAAa,EAAC,GAAG,~~OAAO,~~CAAC;IACnD,OAAO,~~IAAA,UAAI,EAAC;QACV,EAAE,EAAE,~~KAAK~~,CAAC,IAAI;~~QACd~~,IAAI,EAAE,~~KAAK~~,CAAC,IAAI;~~QAChB~~,WAAW,EAAE,~~KAAK~~,CAAC,WAAW;~~QAC9B~~,WAAW,EAAE,~~WAAkB~~;~~QAC/B~~,cAAc,EAAE,~~KAAK~~,CAAC,~~WAAkB~~;~~QACxC~~,~~mCAAmC;KACpC,~~CAAC,CAAC,KAAK,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE;~~QAEtB~~,~~IAAI~~,~~EAAC~~,~~OAAO~~,~~EAAE~~,~~OAAO~~,~~EAAE~~,~~WAAW~~,EAAC,GAAG,~~UAAU,~~CAAC,~~KAAK~~,EAAE,~~KAAK~~,CAAC,CAAC;QAC/D,~~IAAI~~,~~eAAe~~,~~GAAQ~~,~~SAAS~~,~~CAAC;QAErC~~,IAAI,~~iBAAiB~~,EAAE,~~CAAC;YACtB~~,~~KAAK~~,~~MAAM~~,~~CAAC~~,~~GAAG~~,~~EAAE~~,KAAK,~~CAAC~~,~~IAAI~~,~~MAAM~~,~~CAAC,~~OAAO,CAAC,~~iBAAiB~~,~~CAAC~~,~~EAAE,~~CAAC;~~gBAC7D~~,~~OAAO~~,~~CAAC~~,~~MAAM~~,~~CAAC~~,~~GAAG~~,EAAE,~~KAAK~~,CAAC,CAAC~~;YAC7B~~,CAAC;~~QACH~~,~~CAAC~~;~~QACD~~,IAAI,OAAO,aAAa,~~KAAK,UAAU,~~EAAE,CAAC;~~YACxC~~,~~OAAO~~,GAAG,aAAa,CAAC,GAAG,CAAC,QAAQ,EAAE,OAAO,CAAC,~~CAAA~~;~~QAChD~~,CAAC~~;QAED~~,~~IAAI~~,CAAC,CAAC,~~MAAM~~,EAAE,~~KAAK~~,EAAE,~~SAAS~~,~~CAAC~~,CAAC,~~QAAQ~~,CAAC,KAAK,CAAC,~~MAAM~~,CAAC,~~EAAE~~,CAAC;~~YACvD~~,~~eAAe~~;~~YACf~~,IAAI,~~KAAK~~,CAAC,~~sBAAsB,~~IAAI,OAAO,~~KAAK,~~CAAC,~~aAAa~~,~~CAAC~~,~~KAAK,~~WAAW,EAAE,CAAC;~~gBAChF~~,~~eAAe~~,GAAG,~~KAAK~~,CAAC,~~aAAa~~,CAAC,~~CAAC;gBACvC~~,~~IAAI,KAAK,~~CAAC,~~sBAAsB~~,EAAE,~~QAAQ~~,CAAC,~~kBAAkB,~~CAAC,~~EAAE,~~CAAC;~~oBAC/D~~,~~eAAe~~,~~GAAG,~~IAAI,~~CAAC,~~SAAS,~~CAAC~~,~~eAAe,~~CAAC,~~CAAC;gBACtD,CAAC;gBACC,~~OAAO,CAAC,GAAG,CAAC,cAAc,~~EAAE,KAAK,~~CAAC,~~sBAAsB~~,CAAC~~,CAAC~~;~~YAC5D~~,~~CAAC;QACH,CAAC;QAED,MAAM,KAAK,GAAG,WAAW,CAAC,QAAQ,EAAE,CAAA;QACpC,MAAM,GAAG,GAAG,GAAG,~~OAAO,CAAC,~~OAAO,~~GAAG,~~OAAO,GAAG,KAAK,~~CAAC,~~CAAC~~,~~CAAC,IAAI,KAAK,~~EAAE,~~CAAC~~,CAAC,CAAC,~~EAAE,EAAE,~~CAAC;~~QACtE~~,MAAM,~~GAAG~~,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;~~YAC3B~~,MAAM,EAAE,~~KAAK~~,CAAC,~~MAAM;YACpB~~,~~OAAO;YACP,IAAI,EAAE,eAAe;SACtB,~~CAAC,~~CAAC;QACH,~~MAAM,~~IAAI,GAAG,MAAM,GAAG,~~CAAC,~~IAAI~~,EAAE~~,CAAA~~;~~QAC7B~~,~~IAAI,MAAM,GAAG,EAAC,IAAI,EAAC,CAAA~~;~~QACnB~~,IAAI,~~GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,~~EAAE,~~QAAQ~~,CAAC,~~kBAAkB,~~CAAC,~~EAAE,~~CAAC~~;YAClE~~,IAAI,CAAC~~;gBACH~~,~~MAAM~~,CAAC,~~IAAI~~,~~GAAG~~,~~IAAI,~~CAAC,~~KAAK,~~CAAC,~~IAAI,~~CAAC,~~CAAA~~;~~YAChC~~,CAAC~~;YAAC~~,~~OAAO,~~CAAC~~,EAAE,CAAC~~;~~gBACX~~,OAAO,~~CAAC,KAAK,CAAC,8BAA8B,CAAC,CAAA,CAAA,oBAAoB;gBACjE,~~MAAM,~~CAAC~~,~~IAAI~~,~~GAAG~~,~~IAAI~~,~~CAAA;YACpB,~~CAAC~~;QACH~~,CAAC;~~QACD~~,~~OAAO,MAAM,CAAA;IACf,~~CAAC,CAAC,CAAC;AACL,CAAC~~,CAAC~~;~~AAvDW,QAAA,iBAAiB,qBAuD5B;AAGF~~;;;;;;GAMG;AACH,SAAS,0BAA0B,~~CAAC~~,~~UAAe~~,~~EAAE~~,QAAgB;~~IACnE~~,IAAI,OAAO,UAAU,KAAK,QAAQ,IAAI,UAAU,KAAK,IAAI,EAAE,CAAC;QAC1D,OAAO,OAAC,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;IACpC,CAAC;~~IACD~~,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,IAAA,~~6CAAsB~~,EAAC,UAAU,CAAC,CAAC;QACrD,IAAI,OAAO,SAAS,EAAE,KAAK,KAAK,UAAU,EAAE,CAAC;YAC3C,MAAM,IAAI,KAAK,CAAC,~~0CAA0C~~,CAAC,CAAC;~~QAC9D~~,CAAC;QACD,OAAO,~~SAAgB~~,CAAC;~~IAC1B~~,CAAC;IAAC,OAAO,~~GAAQ~~,EAAE,CAAC;~~QAClB~~,OAAO,CAAC,KAAK,CAAC~~,+CAA+C~~,QAAQ,IAAI,EAAE,GAAG,CAAC,CAAC;~~QAChF~~,OAAO,OAAC,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;IACpC,CAAC;AACH,CAAC;AAED,MAAM,UAAU,GAAG,CAAC,UAA6B,EAAE,aAAkB,EAAE,EAAE;IACvE,2DAA2D;IAC3D,IAAI,OAAO,GAAG,UAAU,CAAC,YAAY,CAAC;IACtC,MAAM,WAAW,GAAG,IAAI,eAAe,CAAC,EAAC,GAAG,EAAE,GAAG,EAAC,CAAC,CAAA;IACnD,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,EAAC,QAAQ,EAAE,kBAAkB,EAAC,CAAC,CAAA;IAG3D,sDAAsD;IACtD,UAAU,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE;QAC/C,MAAM,KAAK,GAAG,aAAa,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACxC,IAAI,OAAO,KAAK,KAAK,WAAW,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;YACnD,IAAI,KAAK,CAAC,EAAE,KAAK,MAAM,EAAE,CAAC;gBACxB,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,KAAK,CAAC,IAAI,GAAG,EAAE,kBAAkB,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAClF,CAAC;iBAAM,IAAI,KAAK,CAAC,EAAE,KAAK,OAAO,EAAE,CAAC;gBAChC,WAAW,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,CAAC,CAAA;YACpC,CAAC;iBAAM,IAAI,KAAK,CAAC,EAAE,KAAK,QAAQ,EAAE,CAAC;gBACjC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;YAC1D,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,0CAA0C;IAC1C,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAC1B,MAAM,IAAI,KAAK,CAAC,sCAAsC,OAAO,EAAE,CAAC,CAAC;IACnE,CAAC;IAED,OAAO,EAAC,OAAO,EAAE,OAAO,EAAE,WAAW,EAAC,CAAC;AACzC,CAAC,CAAA","sourcesContent":["import {z} from \"zod\";\nimport {~~McpToolDefinition}~~ ~~from~~ ~~\"openapi-mcp-generator\";\nimport {tool~~} from \"@frontmcp/sdk\";\nimport {convertJsonSchemaToZod} from \"zod-from-~~json~~-~~schema\"~~;\nimport {OpenApiAdapterOptions} from \"./openapi.types\";\n\n\nexport ~~const~~ createOpenApiTool = (~~oTool~~: ~~McpToolDefinition,~~ options: OpenApiAdapterOptions) => {\n const inputSchema = getZodSchemaFromJsonSchema(~~oTool~~.inputSchema, ~~oTool~~.name);\n\n ~~const {additionalHeaders, headersMapper} = options;\n~~ return tool({\n id: ~~oTool~~.name,\n name: ~~oTool~~.name,\n description: ~~oTool~~.description,\n inputSchema: inputSchema as ~~any~~,\n rawInputSchema: ~~oTool~~.inputSchema ~~as any~~,\n ~~// outputSchema: outputSchema.shape\n~~ })(async (input, ctx) => {\n\n ~~let~~ {~~urlPath~~, headers, ~~queryParams~~} = ~~prepareUrl~~(~~oTool,~~ input);\n ~~let~~ ~~requestBodyData:~~ ~~any~~ = ~~undefined~~;\n\n if (~~additionalHeaders~~) {\n ~~for (~~const ~~[key,~~ ~~value]~~ of ~~Object~~.~~entries~~(~~additionalHeaders~~)) {\n headers.~~append~~(key, value);\n }\n }\n if (~~typeof~~ ~~headersMapper~~ ~~=== 'function'~~) {\n ~~headers~~ = ~~headersMapper~~(ctx.authInfo, ~~headers~~)\n }\n\n if ~~(!['HEAD',~~ ~~'GET',~~ ~~'OPTIONS'].includes(oTool.method))~~ ~~{\n //~~ ~~prepare~~ body\n if (~~oTool.requestBodyContentType~~ && ~~typeof input['requestBody'] !== 'undefined') {\n requestBodyData = input['requestBody'];\n if (oTool~~.~~requestBodyContentType?.includes~~('~~application/json~~')) {\n ~~requestBodyData = JSON.stringify(requestBodyData);\n~~ ~~}\n~~ headers.set('content-type', ~~oTool.requestBodyContentType~~);\n ~~}\n~~ }\n\n ~~const~~ ~~query~~ = ~~queryParams.toString()~~\n const ~~url~~ = ~~`${options.baseUrl}${urlPath}${query ? `?${query}` : ''}`;\n const res =~~ await fetch(url, {\n method: ~~oTool~~.method,\n headers,\n body: ~~requestBodyData,\n });\n const~~ ~~data~~ ~~= await res~~.~~text~~()~~\n let~~ ~~result~~ ~~= {data}\~~n ~~if (res.headers.get('content-type'~~)~~?.includes('application/json')) {\~~n ~~try {~~\n ~~result.data~~ ~~= JSON~~.~~parse(data)\n }~~ ~~catch~~ ~~(e)~~ ~~{\n console.error(\"failed~~ ~~to parse api~~ response\~~")// migrate to logger\~~n ~~result.data = data\n }\n~~ ~~}\n~~ return ~~result\~~n });\n}~~;\n~~\n\n/*\n Converts a JSON Schema to a Zod schema for runtime validation\n \n @param jsonSchema JSON Schema\n * @param toolName Tool name for error reporting\n * @returns Zod schema\n */\nfunction getZodSchemaFromJsonSchema(jsonSchema: ~~any,~~ toolName: string): z.ZodObject<~~any~~> {\n if (typeof jsonSchema !== 'object' \|\| jsonSchema === null) {\n return z.object({}).passthrough();\n }\n try {\n const zodSchema = convertJsonSchemaToZod(jsonSchema);\n if (typeof zodSchema?.parse !== 'function') {\n throw new Error('~~Eval~~ did not produce a valid Zod schema.');\n }\n return zodSchema as ~~any;\~~n } catch (err: ~~any~~) {\n console.error(`Failed to generate~~/evaluate~~ Zod schema for '${toolName}':`, err);\n return z.object({}).passthrough();\n }\n}\n\nconst prepareUrl = (definition: McpToolDefinition, validatedArgs: any) => {\n // Prepare URL, query parameters, headers, and request body\n let urlPath = definition.pathTemplate;\n const queryParams = new URLSearchParams({\"v\": '1'})\n const headers = new Headers({'accept': 'application/json'})\n\n\n // Apply parameters to the URL path, query, or headers\n definition.executionParameters.forEach((param) => {\n const value = validatedArgs[param.name]~~;\n if (typeof value !== 'undefined' && value !== null) {\n if (param.in === 'path') {\n urlPath = urlPath.replace(`{${param.name~~}}`, encodeURIComponent(String(value)));\n } else if (param.in === 'query') {\n queryParams.set(param.name, value)\n } else if (param.in === 'header') {\n headers.append(param.name.toLowerCase(), String(value));\n }\n }\n });\n\n // Ensure all path parameters are resolved\n if (urlPath.includes('{')) {\n throw new Error(`Failed to resolve path parameters: ${urlPath}`);\n }\n\n return {urlPath, headers, queryParams};\n}"]}
1	+ {"version":3,"file":"openapi.tool.js","sourceRoot":"","sources":["../../../src/openapi/openapi.tool.ts"],"names":[],"mappings":";;AAgBA,8CAyDC;AAzED,6BAAwB;AACxB,uCAAqC;AACrC,iEAA+D;AAI/D,mDAAsF;AACtF,yDAAyD;AAEzD;;;;;;GAMG;AACH,SAAgB,iBAAiB,CAC/B,WAA2B,EAC3B,OAA8B;IAE9B,yDAAyD;IACzD,MAAM,WAAW,GAAG,0BAA0B,CAAC,WAAW,CAAC,WAAW,EAAE,WAAW,CAAC,IAAI,CAAC,CAAC;IAE1F,OAAO,IAAA,UAAI,EAAC;QACV,EAAE,EAAE,WAAW,CAAC,IAAI;QACpB,IAAI,EAAE,WAAW,CAAC,IAAI;QACtB,WAAW,EAAE,WAAW,CAAC,WAAW;QACpC,WAAW,EAAE,WAAW,CAAC,KAAK,IAAI,EAAE;QACpC,cAAc,EAAE,WAAW,CAAC,WAAW;KACxC,CAAC,CAAC,KAAK,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE;QACtB,mCAAmC;QACnC,MAAM,QAAQ,GAAG,MAAM,IAAA,sCAAmB,EAAC,WAAW,EAAE,GAAG,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAE/E,+BAA+B;QAC/B,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,IAAA,4BAAY,EACtD,WAAW,EACX,KAAK,EACL,QAAQ,EACR,OAAO,CAAC,OAAO,CAChB,CAAC;QAEF,8BAA8B;QAC9B,IAAA,sCAAsB,EAAC,OAAO,EAAE,OAAO,CAAC,iBAAiB,CAAC,CAAC;QAE3D,iCAAiC;QACjC,IAAI,OAAO,CAAC,aAAa,EAAE,CAAC;YAC1B,MAAM,aAAa,GAAG,OAAO,CAAC,aAAa,CAAC,GAAG,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YACnE,aAAa,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE;gBACnC,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;YAC1B,CAAC,CAAC,CAAC;QACL,CAAC;QAED,8BAA8B;QAC9B,IAAI,SAAS,GAAG,WAAW,CAAC;QAC5B,IAAI,OAAO,CAAC,UAAU,IAAI,WAAW,EAAE,CAAC;YACtC,SAAS,GAAG,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;QAC5D,CAAC;QAED,wCAAwC;QACxC,IAAI,SAAS,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,EAAE,CAAC;YAC9C,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,kBAAkB,CAAC,CAAC;QAClD,CAAC;QAED,qBAAqB;QACrB,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAChC,MAAM,EAAE,WAAW,CAAC,QAAQ,CAAC,MAAM,CAAC,WAAW,EAAE;YACjD,OAAO;YACP,IAAI,EAAE,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS;SACxD,CAAC,CAAC;QAEH,+BAA+B;QAC/B,OAAO,MAAM,IAAA,6BAAa,EAAC,QAAQ,CAAC,CAAC;IACvC,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;;;;;GAMG;AACH,SAAS,0BAA0B,CACjC,UAAuB,EACvB,QAAgB;IAEhB,IAAI,OAAO,UAAU,KAAK,QAAQ,IAAI,UAAU,KAAK,IAAI,EAAE,CAAC;QAC1D,OAAO,OAAC,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;IACpC,CAAC;IAED,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,IAAA,8CAAsB,EAAC,UAAU,CAAC,CAAC;QACrD,IAAI,OAAO,SAAS,EAAE,KAAK,KAAK,UAAU,EAAE,CAAC;YAC3C,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;QACpE,CAAC;QACD,OAAO,SAAuC,CAAC;IACjD,CAAC;IAAC,OAAO,GAAY,EAAE,CAAC;QACtB,OAAO,CAAC,KAAK,CAAC,sCAAsC,QAAQ,IAAI,EAAE,GAAG,CAAC,CAAC;QACvE,OAAO,OAAC,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;IACpC,CAAC;AACH,CAAC","sourcesContent":["import { z } from 'zod';\nimport { tool } from '@frontmcp/sdk';\nimport { convertJsonSchemaToZod } from 'json-schema-to-zod-v3';\nimport type { McpOpenAPITool } from 'mcp-from-openapi';\nimport type { OpenApiAdapterOptions } from './openapi.types';\nimport type { JSONSchema7 } from 'json-schema';\nimport { buildRequest, applyAdditionalHeaders, parseResponse } from './openapi.utils';\nimport { resolveToolSecurity } from './openapi.security';\n\n/*\n Create a FrontMCP tool from an OpenAPI tool definition\n \n @param openapiTool - OpenAPI tool with mapper\n * @param options - Adapter options\n * @returns FrontMCP tool\n /\nexport function createOpenApiTool(\n openapiTool: McpOpenAPITool,\n options: OpenApiAdapterOptions\n) {\n // Convert JSON Schema to Zod schema for input validation\n const inputSchema = getZodSchemaFromJsonSchema(openapiTool.inputSchema, openapiTool.name);\n\n return tool({\n id: openapiTool.name,\n name: openapiTool.name,\n description: openapiTool.description,\n inputSchema: inputSchema.shape \|\| {},\n rawInputSchema: openapiTool.inputSchema,\n })(async (input, ctx) => {\n // 1. Resolve security from context\n const security = await resolveToolSecurity(openapiTool, ctx.authInfo, options);\n\n // 2. Build request from mapper\n const { url, headers, body: requestBody } = buildRequest(\n openapiTool,\n input,\n security,\n options.baseUrl\n );\n\n // 3. Apply additional headers\n applyAdditionalHeaders(headers, options.additionalHeaders);\n\n // 4. Apply custom headers mapper\n if (options.headersMapper) {\n const mappedHeaders = options.headersMapper(ctx.authInfo, headers);\n mappedHeaders.forEach((value, key) => {\n headers.set(key, value);\n });\n }\n\n // 5. Apply custom body mapper\n let finalBody = requestBody;\n if (options.bodyMapper && requestBody) {\n finalBody = options.bodyMapper(ctx.authInfo, requestBody);\n }\n\n // 6. Set content-type if we have a body\n if (finalBody && !headers.has('content-type')) {\n headers.set('content-type', 'application/json');\n }\n\n // 7. Execute request\n const response = await fetch(url, {\n method: openapiTool.metadata.method.toUpperCase(),\n headers,\n body: finalBody ? JSON.stringify(finalBody) : undefined,\n });\n\n // 8. Parse and return response\n return await parseResponse(response);\n });\n}\n\n/\n Converts a JSON Schema to a Zod schema for runtime validation\n \n @param jsonSchema - JSON Schema\n * @param toolName - Tool name for error reporting\n * @returns Zod schema\n */\nfunction getZodSchemaFromJsonSchema(\n jsonSchema: JSONSchema7,\n toolName: string\n): z.ZodObject<z.ZodRawShape> {\n if (typeof jsonSchema !== 'object' \|\| jsonSchema === null) {\n return z.object({}).passthrough();\n }\n\n try {\n const zodSchema = convertJsonSchemaToZod(jsonSchema);\n if (typeof zodSchema?.parse !== 'function') {\n throw new Error('Conversion did not produce a valid Zod schema.');\n }\n return zodSchema as z.ZodObject<z.ZodRawShape>;\n } catch (err: unknown) {\n console.error(`Failed to generate Zod schema for '${toolName}':`, err);\n return z.object({}).passthrough();\n }\n}\n"]}

package/src/openapi/openapi.types.d.ts CHANGED Viewed

@@ -1,7 +1,7 @@
-import { AuthInfo } from "@modelcontextprotocol/sdk/server/auth/types.js";
-import { GetToolsOptions } from "openapi-mcp-generator/dist/api";
-import { OpenAPIV3 } from "openapi-types";
-interface BaseOptions extends Omit<GetToolsOptions, 'dereference'> {
+import { AuthInfo } from '@modelcontextprotocol/sdk/server/auth/types.js';
+import { OpenAPIV3 } from 'openapi-types';
+import type { LoadOptions, GenerateOptions, McpOpenAPITool, SecurityContext } from 'mcp-from-openapi';
+interface BaseOptions {
     /**
      * The name of the adapter.
      * This is used to identify the adapter in the MCP configuration.
@@ -13,6 +13,7 @@ interface BaseOptions extends Omit<GetToolsOptions, 'dereference'> {
      * This is used to construct the full URL for each request.
      * For example, if the API is hosted at https://api.example.com/v1,
      * the baseUrl should be set to https://api.example.com/v1.
+     * This overrides the baseUrl in LoadOptions.
      */
     baseUrl: string;
     /**
@@ -41,7 +42,76 @@ interface BaseOptions extends Omit<GetToolsOptions, 'dereference'> {
      * @param authInfo
      * @param body
      */
-    bodyMapper?: (authInfo: AuthInfo, body: any) => any;
+    bodyMapper?: (authInfo: AuthInfo, body: Record<string, unknown>) => Record<string, unknown>;
+    /**
+     * Custom security resolver for resolving authentication from context.
+     * This allows you to map different auth providers to different tools/security schemes.
+     *
+     * Use this when:
+     * - You have multiple auth providers (e.g., GitHub OAuth, Google OAuth, API keys)
+     * - Different tools need different authentication
+     * - You need custom logic to select the right auth provider
+     *
+     * @example
+     * ```typescript
+     * securityResolver: (tool, authInfo) => {
+     *   // Use GitHub token for GitHub API tools
+     *   if (tool.name.startsWith('github_')) {
+     *     return { jwt: authInfo.user?.githubToken };
+     *   }
+     *   // Use Google token for Google API tools
+     *   if (tool.name.startsWith('google_')) {
+     *     return { jwt: authInfo.user?.googleToken };
+     *   }
+     *   // Default to main JWT token
+     *   return { jwt: authInfo.token };
+     * }
+     * ```
+     */
+    securityResolver?: (tool: McpOpenAPITool, authInfo: AuthInfo) => SecurityContext | Promise<SecurityContext>;
+    /**
+     * Map security scheme names to auth provider extractors.
+     * This allows different security schemes to use different auth providers.
+     *
+     * Use this when your OpenAPI spec has multiple security schemes
+     * and each should use a different auth provider from the context.
+     *
+     * @example
+     * ```typescript
+     * authProviderMapper: {
+     *   // GitHub OAuth security scheme
+     *   'GitHubAuth': (authInfo) => authInfo.user?.githubToken,
+     *   // Google OAuth security scheme
+     *   'GoogleAuth': (authInfo) => authInfo.user?.googleToken,
+     *   // API Key security scheme
+     *   'ApiKeyAuth': (authInfo) => authInfo.user?.apiKey,
+     * }
+     * ```
+     */
+    authProviderMapper?: Record<string, (authInfo: AuthInfo) => string | undefined>;
+    /**
+     * Static authentication configuration when not using dynamic auth from context.
+     * Useful for server-to-server APIs with static credentials.
+     *
+     * @example
+     * ```typescript
+     * staticAuth: {
+     *   jwt: process.env.API_JWT_TOKEN,
+     *   apiKey: process.env.API_KEY,
+     * }
+     * ```
+     */
+    staticAuth?: Partial<SecurityContext>;
+    /**
+     * Options for loading the OpenAPI specification
+     * @see LoadOptions from mcp-from-openapi
+     */
+    loadOptions?: Omit<LoadOptions, 'baseUrl'>;
+    /**
+     * Options for generating tools from the OpenAPI specification
+     * @see GenerateOptions from mcp-from-openapi
+     */
+    generateOptions?: GenerateOptions;
 }
 interface SpecOptions extends BaseOptions {
     /**

package/src/openapi/openapi.types.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"openapi.types.js","sourceRoot":"","sources":["../../../src/openapi/openapi.types.ts"],"names":[],"mappings":"","sourcesContent":["import {AuthInfo} from \"@modelcontextprotocol/sdk/server/auth/types.js\";\nimport {~~GetToolsOptions~~} from \"openapi-~~mcp-generator/dist/api\"~~;\nimport {~~OpenAPIV3~~} from \"openapi~~-types\"~~;\n\ninterface BaseOptions ~~extends Omit<GetToolsOptions, 'dereference'>~~ {\n /*\n The name of the adapter.\n * This is used to identify the adapter in the MCP configuration.\n * Also used to prefix tools if conflicted with other adapters in the same app.\n /\n name: string;\n\n /\n The base URL of the API.\n * This is used to construct the full URL for each request.\n * For example, if the API is hosted at https://api.example.com/v1,\n * the baseUrl should be set to https://api.example.com/v1.\n /\n baseUrl: string;\n\n /\n Additional headers to be sent with each request.\n * This can be used to set authentication headers,\n * such as Authorization or API Key.\n /\n additionalHeaders?: Record<string, string>;\n /\n This can be used to map request information to specific\n * headers as required by the API.\n * For example, mapping tenantId from authenticated session payload to\n * a specific header, this key will be hidden to mcp clients\n * and filled by the adapter before sending the request to the API.\n * @param authInfo\n * @param headers\n /\n headersMapper?: (authInfo: AuthInfo, headers: Headers) => Headers;\n /\n This can be used to map request information to specific\n * body values as required by the API.\n * For example, mapping tenantId from authenticated session payload to\n * a specific property in the body, this key will be hidden to mcp clients\n * and filled by the adapter before sending the request to the API.\n \n @param authInfo\n * @param body\n /\n bodyMapper?: (authInfo: AuthInfo, body: ~~any~~) => ~~any~~;\n}\n\ninterface SpecOptions extends BaseOptions {\n /\n The OpenAPI specification the OpenAPI specification.\n /\n spec: OpenAPIV3.Document;\n}\n\ninterface UrlOptions extends BaseOptions {\n /\n The URL of the OpenAPI specification.\n * Can be a local file path or a remote URL.\n */\n url: string;\n}\n\nexport type OpenApiAdapterOptions = SpecOptions \| UrlOptions;\n"]}
1	+ {"version":3,"file":"openapi.types.js","sourceRoot":"","sources":["../../../src/openapi/openapi.types.ts"],"names":[],"mappings":"","sourcesContent":["import { AuthInfo } from '@modelcontextprotocol/sdk/server/auth/types.js';\nimport { OpenAPIV3 } from 'openapi-types';\nimport type { LoadOptions, GenerateOptions, McpOpenAPITool, SecurityContext } from 'mcp-from-openapi';\n\ninterface BaseOptions {\n /*\n The name of the adapter.\n * This is used to identify the adapter in the MCP configuration.\n * Also used to prefix tools if conflicted with other adapters in the same app.\n /\n name: string;\n\n /\n The base URL of the API.\n * This is used to construct the full URL for each request.\n * For example, if the API is hosted at https://api.example.com/v1,\n * the baseUrl should be set to https://api.example.com/v1.\n * This overrides the baseUrl in LoadOptions.\n /\n baseUrl: string;\n\n /\n Additional headers to be sent with each request.\n * This can be used to set authentication headers,\n * such as Authorization or API Key.\n /\n additionalHeaders?: Record<string, string>;\n\n /\n This can be used to map request information to specific\n * headers as required by the API.\n * For example, mapping tenantId from authenticated session payload to\n * a specific header, this key will be hidden to mcp clients\n * and filled by the adapter before sending the request to the API.\n * @param authInfo\n * @param headers\n /\n headersMapper?: (authInfo: AuthInfo, headers: Headers) => Headers;\n\n /\n This can be used to map request information to specific\n * body values as required by the API.\n * For example, mapping tenantId from authenticated session payload to\n * a specific property in the body, this key will be hidden to mcp clients\n * and filled by the adapter before sending the request to the API.\n \n @param authInfo\n * @param body\n /\n bodyMapper?: (authInfo: AuthInfo, body: Record<string, unknown>) => Record<string, unknown>;\n\n /\n Custom security resolver for resolving authentication from context.\n * This allows you to map different auth providers to different tools/security schemes.\n \n Use this when:\n * - You have multiple auth providers (e.g., GitHub OAuth, Google OAuth, API keys)\n * - Different tools need different authentication\n * - You need custom logic to select the right auth provider\n \n @example\n * ```typescript\n * securityResolver: (tool, authInfo) => {\n * // Use GitHub token for GitHub API tools\n * if (tool.name.startsWith('github_')) {\n * return { jwt: authInfo.user?.githubToken };\n * }\n * // Use Google token for Google API tools\n * if (tool.name.startsWith('google_')) {\n * return { jwt: authInfo.user?.googleToken };\n * }\n * // Default to main JWT token\n * return { jwt: authInfo.token };\n * }\n * ```\n /\n securityResolver?: (\n tool: McpOpenAPITool,\n authInfo: AuthInfo\n ) => SecurityContext \| Promise<SecurityContext>;\n\n /\n Map security scheme names to auth provider extractors.\n * This allows different security schemes to use different auth providers.\n \n Use this when your OpenAPI spec has multiple security schemes\n * and each should use a different auth provider from the context.\n \n @example\n * ```typescript\n * authProviderMapper: {\n * // GitHub OAuth security scheme\n * 'GitHubAuth': (authInfo) => authInfo.user?.githubToken,\n * // Google OAuth security scheme\n * 'GoogleAuth': (authInfo) => authInfo.user?.googleToken,\n * // API Key security scheme\n * 'ApiKeyAuth': (authInfo) => authInfo.user?.apiKey,\n * }\n * ```\n /\n authProviderMapper?: Record<string, (authInfo: AuthInfo) => string \| undefined>;\n\n /\n Static authentication configuration when not using dynamic auth from context.\n * Useful for server-to-server APIs with static credentials.\n \n @example\n * ```typescript\n * staticAuth: {\n * jwt: process.env.API_JWT_TOKEN,\n * apiKey: process.env.API_KEY,\n * }\n * ```\n /\n staticAuth?: Partial<SecurityContext>;\n\n /\n Options for loading the OpenAPI specification\n * @see LoadOptions from mcp-from-openapi\n /\n loadOptions?: Omit<LoadOptions, 'baseUrl'>; // baseUrl is in BaseOptions\n\n /\n Options for generating tools from the OpenAPI specification\n * @see GenerateOptions from mcp-from-openapi\n /\n generateOptions?: GenerateOptions;\n}\n\ninterface SpecOptions extends BaseOptions {\n /\n The OpenAPI specification the OpenAPI specification.\n /\n spec: OpenAPIV3.Document;\n}\n\ninterface UrlOptions extends BaseOptions {\n /\n The URL of the OpenAPI specification.\n * Can be a local file path or a remote URL.\n */\n url: string;\n}\n\nexport type OpenApiAdapterOptions = SpecOptions \| UrlOptions;\n"]}

package/src/openapi/openapi.utils.d.ts ADDED Viewed

@@ -0,0 +1,35 @@
+import type { McpOpenAPITool, SecurityResolver } from 'mcp-from-openapi';
+/**
+ * Request configuration for building HTTP requests
+ */
+export interface RequestConfig {
+    url: string;
+    headers: Headers;
+    body?: Record<string, unknown>;
+}
+/**
+ * Build HTTP request from OpenAPI tool and input parameters
+ *
+ * @param tool - OpenAPI tool definition with mapper
+ * @param input - User input parameters
+ * @param security - Resolved security (headers, query params, etc.)
+ * @param baseUrl - API base URL
+ * @returns Request configuration ready for fetch
+ */
+export declare function buildRequest(tool: McpOpenAPITool, input: Record<string, unknown>, security: Awaited<ReturnType<SecurityResolver['resolve']>>, baseUrl: string): RequestConfig;
+/**
+ * Apply custom headers to request
+ *
+ * @param headers - Current headers
+ * @param additionalHeaders - Additional static headers to add
+ */
+export declare function applyAdditionalHeaders(headers: Headers, additionalHeaders?: Record<string, string>): void;
+/**
+ * Parse API response based on content type
+ *
+ * @param response - Fetch response
+ * @returns Parsed response data
+ */
+export declare function parseResponse(response: Response): Promise<{
+    data: unknown;
+}>;