@frontmcp/sdk 0.2.5 → 0.3.0

package/src/scope/flows/http.request.flow.d.ts

@@ -0,0 +1,384 @@
+import { httpInputSchema, FlowRunOptions, httpOutputSchema, FlowBase, ScopeEntry, ServerRequest } from '../../common';
+import { z } from 'zod';
+declare const plan: {
+    readonly pre: ["acquireQuota", "acquireSemaphore", "checkAuthorization", "router"];
+    readonly execute: ["handleLegacySse", "handleSse", "handleStreamableHttp", "handleStatefulHttp", "handleStatelessHttp"];
+    readonly finalize: ["audit", "metrics", "releaseSemaphore", "releaseQuota", "finalize"];
+    readonly error: ["error"];
+};
+export declare const httpRequestStateSchema: z.ZodObject<{
+    decision: z.ZodObject<{
+        intent: z.ZodUnion<[z.ZodLiteral<"legacy-sse">, z.ZodLiteral<"sse">, z.ZodLiteral<"streamable-http">, z.ZodLiteral<"stateful-http">, z.ZodLiteral<"stateless-http">, z.ZodLiteral<"unknown">]>;
+        reasons: z.ZodArray<z.ZodString, "many">;
+        recommendation: z.ZodOptional<z.ZodObject<{
+            httpStatus: z.ZodNumber;
+            message: z.ZodString;
+        }, "strip", z.ZodTypeAny, {
+            message: string;
+            httpStatus: number;
+        }, {
+            message: string;
+            httpStatus: number;
+        }>>;
+        debug: z.ZodOptional<z.ZodObject<{
+            key: z.ZodNumber;
+            channel: z.ZodNumber;
+            flags: z.ZodNumber;
+        }, "strip", z.ZodTypeAny, {
+            key: number;
+            channel: number;
+            flags: number;
+        }, {
+            key: number;
+            channel: number;
+            flags: number;
+        }>>;
+    }, "strip", z.ZodTypeAny, {
+        intent: "unknown" | "sse" | "legacy-sse" | "streamable-http" | "stateful-http" | "stateless-http";
+        reasons: string[];
+        recommendation?: {
+            message: string;
+            httpStatus: number;
+        } | undefined;
+        debug?: {
+            key: number;
+            channel: number;
+            flags: number;
+        } | undefined;
+    }, {
+        intent: "unknown" | "sse" | "legacy-sse" | "streamable-http" | "stateful-http" | "stateless-http";
+        reasons: string[];
+        recommendation?: {
+            message: string;
+            httpStatus: number;
+        } | undefined;
+        debug?: {
+            key: number;
+            channel: number;
+            flags: number;
+        } | undefined;
+    }>;
+    intent: z.ZodUnion<[z.ZodLiteral<"legacy-sse">, z.ZodLiteral<"sse">, z.ZodLiteral<"streamable-http">, z.ZodLiteral<"stateful-http">, z.ZodLiteral<"stateless-http">, z.ZodLiteral<"unknown">]>;
+    verifyResult: z.ZodUnion<[z.ZodObject<{
+        kind: z.ZodLiteral<"unauthorized">;
+        prmMetadataHeader: z.ZodString;
+    }, "strip", z.ZodTypeAny, {
+        kind: "unauthorized";
+        prmMetadataHeader: string;
+    }, {
+        kind: "unauthorized";
+        prmMetadataHeader: string;
+    }>, z.ZodObject<{
+        kind: z.ZodLiteral<"authorized">;
+        authorization: z.ZodObject<{
+            token: z.ZodString;
+            session: z.ZodOptional<z.ZodObject<{
+                id: z.ZodString;
+                payload: z.ZodObject<{
+                    nodeId: z.ZodString;
+                    authSig: z.ZodString;
+                    uuid: z.ZodString;
+                    iat: z.ZodNumber;
+                    protocol: z.ZodEnum<["legacy-sse", "sse", "streamable-http", "stateful-http", "stateless-http"]>;
+                }, "strip", z.ZodTypeAny, {
+                    uuid: string;
+                    nodeId: string;
+                    authSig: string;
+                    iat: number;
+                    protocol: "sse" | "legacy-sse" | "streamable-http" | "stateful-http" | "stateless-http";
+                }, {
+                    uuid: string;
+                    nodeId: string;
+                    authSig: string;
+                    iat: number;
+                    protocol: "sse" | "legacy-sse" | "streamable-http" | "stateful-http" | "stateless-http";
+                }>;
+            }, "strip", z.ZodTypeAny, {
+                id: string;
+                payload: {
+                    uuid: string;
+                    nodeId: string;
+                    authSig: string;
+                    iat: number;
+                    protocol: "sse" | "legacy-sse" | "streamable-http" | "stateful-http" | "stateless-http";
+                };
+            }, {
+                id: string;
+                payload: {
+                    uuid: string;
+                    nodeId: string;
+                    authSig: string;
+                    iat: number;
+                    protocol: "sse" | "legacy-sse" | "streamable-http" | "stateful-http" | "stateless-http";
+                };
+            }>>;
+            user: z.ZodObject<{
+                iss: z.ZodString;
+                sid: z.ZodOptional<z.ZodString>;
+                sub: z.ZodString;
+                exp: z.ZodOptional<z.ZodNumber>;
+                iat: z.ZodOptional<z.ZodNumber>;
+                aud: z.ZodOptional<z.ZodUnion<[z.ZodString, z.ZodArray<z.ZodString, "many">]>>;
+                email: z.ZodOptional<z.ZodString>;
+                username: z.ZodOptional<z.ZodString>;
+                preferred_username: z.ZodOptional<z.ZodString>;
+                name: z.ZodOptional<z.ZodString>;
+                picture: z.ZodOptional<z.ZodString>;
+            }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
+                iss: z.ZodString;
+                sid: z.ZodOptional<z.ZodString>;
+                sub: z.ZodString;
+                exp: z.ZodOptional<z.ZodNumber>;
+                iat: z.ZodOptional<z.ZodNumber>;
+                aud: z.ZodOptional<z.ZodUnion<[z.ZodString, z.ZodArray<z.ZodString, "many">]>>;
+                email: z.ZodOptional<z.ZodString>;
+                username: z.ZodOptional<z.ZodString>;
+                preferred_username: z.ZodOptional<z.ZodString>;
+                name: z.ZodOptional<z.ZodString>;
+                picture: z.ZodOptional<z.ZodString>;
+            }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
+                iss: z.ZodString;
+                sid: z.ZodOptional<z.ZodString>;
+                sub: z.ZodString;
+                exp: z.ZodOptional<z.ZodNumber>;
+                iat: z.ZodOptional<z.ZodNumber>;
+                aud: z.ZodOptional<z.ZodUnion<[z.ZodString, z.ZodArray<z.ZodString, "many">]>>;
+                email: z.ZodOptional<z.ZodString>;
+                username: z.ZodOptional<z.ZodString>;
+                preferred_username: z.ZodOptional<z.ZodString>;
+                name: z.ZodOptional<z.ZodString>;
+                picture: z.ZodOptional<z.ZodString>;
+            }, z.ZodTypeAny, "passthrough">>;
+        }, "strip", z.ZodTypeAny, {
+            token: string;
+            user: {
+                sub: string;
+                iss: string;
+                name?: string | undefined;
+                email?: string | undefined;
+                iat?: number | undefined;
+                sid?: string | undefined;
+                exp?: number | undefined;
+                aud?: string | string[] | undefined;
+                username?: string | undefined;
+                preferred_username?: string | undefined;
+                picture?: string | undefined;
+            } & {
+                [k: string]: unknown;
+            };
+            session?: {
+                id: string;
+                payload: {
+                    uuid: string;
+                    nodeId: string;
+                    authSig: string;
+                    iat: number;
+                    protocol: "sse" | "legacy-sse" | "streamable-http" | "stateful-http" | "stateless-http";
+                };
+            } | undefined;
+        }, {
+            token: string;
+            user: {
+                sub: string;
+                iss: string;
+                name?: string | undefined;
+                email?: string | undefined;
+                iat?: number | undefined;
+                sid?: string | undefined;
+                exp?: number | undefined;
+                aud?: string | string[] | undefined;
+                username?: string | undefined;
+                preferred_username?: string | undefined;
+                picture?: string | undefined;
+            } & {
+                [k: string]: unknown;
+            };
+            session?: {
+                id: string;
+                payload: {
+                    uuid: string;
+                    nodeId: string;
+                    authSig: string;
+                    iat: number;
+                    protocol: "sse" | "legacy-sse" | "streamable-http" | "stateful-http" | "stateless-http";
+                };
+            } | undefined;
+        }>;
+    }, "strip", z.ZodTypeAny, {
+        kind: "authorized";
+        authorization: {
+            token: string;
+            user: {
+                sub: string;
+                iss: string;
+                name?: string | undefined;
+                email?: string | undefined;
+                iat?: number | undefined;
+                sid?: string | undefined;
+                exp?: number | undefined;
+                aud?: string | string[] | undefined;
+                username?: string | undefined;
+                preferred_username?: string | undefined;
+                picture?: string | undefined;
+            } & {
+                [k: string]: unknown;
+            };
+            session?: {
+                id: string;
+                payload: {
+                    uuid: string;
+                    nodeId: string;
+                    authSig: string;
+                    iat: number;
+                    protocol: "sse" | "legacy-sse" | "streamable-http" | "stateful-http" | "stateless-http";
+                };
+            } | undefined;
+        };
+    }, {
+        kind: "authorized";
+        authorization: {
+            token: string;
+            user: {
+                sub: string;
+                iss: string;
+                name?: string | undefined;
+                email?: string | undefined;
+                iat?: number | undefined;
+                sid?: string | undefined;
+                exp?: number | undefined;
+                aud?: string | string[] | undefined;
+                username?: string | undefined;
+                preferred_username?: string | undefined;
+                picture?: string | undefined;
+            } & {
+                [k: string]: unknown;
+            };
+            session?: {
+                id: string;
+                payload: {
+                    uuid: string;
+                    nodeId: string;
+                    authSig: string;
+                    iat: number;
+                    protocol: "sse" | "legacy-sse" | "streamable-http" | "stateful-http" | "stateless-http";
+                };
+            } | undefined;
+        };
+    }>]>;
+}, "strip", z.ZodTypeAny, {
+    intent: "unknown" | "sse" | "legacy-sse" | "streamable-http" | "stateful-http" | "stateless-http";
+    decision: {
+        intent: "unknown" | "sse" | "legacy-sse" | "streamable-http" | "stateful-http" | "stateless-http";
+        reasons: string[];
+        recommendation?: {
+            message: string;
+            httpStatus: number;
+        } | undefined;
+        debug?: {
+            key: number;
+            channel: number;
+            flags: number;
+        } | undefined;
+    };
+    verifyResult: {
+        kind: "unauthorized";
+        prmMetadataHeader: string;
+    } | {
+        kind: "authorized";
+        authorization: {
+            token: string;
+            user: {
+                sub: string;
+                iss: string;
+                name?: string | undefined;
+                email?: string | undefined;
+                iat?: number | undefined;
+                sid?: string | undefined;
+                exp?: number | undefined;
+                aud?: string | string[] | undefined;
+                username?: string | undefined;
+                preferred_username?: string | undefined;
+                picture?: string | undefined;
+            } & {
+                [k: string]: unknown;
+            };
+            session?: {
+                id: string;
+                payload: {
+                    uuid: string;
+                    nodeId: string;
+                    authSig: string;
+                    iat: number;
+                    protocol: "sse" | "legacy-sse" | "streamable-http" | "stateful-http" | "stateless-http";
+                };
+            } | undefined;
+        };
+    };
+}, {
+    intent: "unknown" | "sse" | "legacy-sse" | "streamable-http" | "stateful-http" | "stateless-http";
+    decision: {
+        intent: "unknown" | "sse" | "legacy-sse" | "streamable-http" | "stateful-http" | "stateless-http";
+        reasons: string[];
+        recommendation?: {
+            message: string;
+            httpStatus: number;
+        } | undefined;
+        debug?: {
+            key: number;
+            channel: number;
+            flags: number;
+        } | undefined;
+    };
+    verifyResult: {
+        kind: "unauthorized";
+        prmMetadataHeader: string;
+    } | {
+        kind: "authorized";
+        authorization: {
+            token: string;
+            user: {
+                sub: string;
+                iss: string;
+                name?: string | undefined;
+                email?: string | undefined;
+                iat?: number | undefined;
+                sid?: string | undefined;
+                exp?: number | undefined;
+                aud?: string | string[] | undefined;
+                username?: string | undefined;
+                preferred_username?: string | undefined;
+                picture?: string | undefined;
+            } & {
+                [k: string]: unknown;
+            };
+            session?: {
+                id: string;
+                payload: {
+                    uuid: string;
+                    nodeId: string;
+                    authSig: string;
+                    iat: number;
+                    protocol: "sse" | "legacy-sse" | "streamable-http" | "stateful-http" | "stateless-http";
+                };
+            } | undefined;
+        };
+    };
+}>;
+declare const name: "http:request";
+declare global {
+    interface ExtendFlows {
+        'http:request': FlowRunOptions<HttpRequestFlow, typeof plan, typeof httpInputSchema, typeof httpOutputSchema, typeof httpRequestStateSchema>;
+    }
+}
+export default class HttpRequestFlow extends FlowBase<typeof name> {
+    logger: import("../../common").FrontMcpLogger;
+    static canActivate(request: ServerRequest, scope: ScopeEntry): boolean;
+    checkAuthorization(): Promise<void>;
+    router(): Promise<void>;
+    handleLegacySse(): Promise<void>;
+    handleSse(): Promise<void>;
+    handleStreamableHttp(): Promise<void>;
+    handleStatefulHttp(): Promise<void>;
+    handleStatelessHttp(): Promise<void>;
+}
+export {};

package/src/scope/flows/http.request.flow.js

@@ -0,0 +1,210 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.httpRequestStateSchema = void 0;
+const tslib_1 = require("tslib");
+const common_1 = require("../../common");
+const zod_1 = require("zod");
+const path_utils_1 = require("../../auth/path.utils");
+const session_verify_flow_1 = require("../../auth/flows/session.verify.flow");
+const plan = {
+    pre: [
+        // rate limiting / concurrency
+        'acquireQuota',
+        'acquireSemaphore',
+        // route request to the correct flow
+        'checkAuthorization',
+        'router',
+    ],
+    execute: [
+        'handleLegacySse',
+        'handleSse',
+        'handleStreamableHttp',
+        'handleStatefulHttp',
+        'handleStatelessHttp',
+    ],
+    finalize: [
+        // audit/metrics
+        'audit',
+        'metrics',
+        // cleanup
+        'releaseSemaphore',
+        'releaseQuota',
+        'finalize',
+    ],
+    error: ['error'],
+};
+exports.httpRequestStateSchema = zod_1.z.object({
+    decision: common_1.decisionSchema,
+    intent: common_1.intentSchema,
+    verifyResult: session_verify_flow_1.sessionVerifyOutputSchema,
+});
+const name = 'http:request';
+const { Stage } = (0, common_1.FlowHooksOf)('http:request');
+let HttpRequestFlow = class HttpRequestFlow extends common_1.FlowBase {
+    logger = this.scope.logger.child('HttpRequestFlow');
+    static canActivate(request, scope) {
+        const requestPath = (0, path_utils_1.normalizeEntryPrefix)(request.path);
+        const prefix = (0, path_utils_1.normalizeEntryPrefix)(scope.entryPath);
+        const scopePath = (0, path_utils_1.normalizeScopeBase)(scope.routeBase);
+        return requestPath === `${prefix}${scopePath}` || requestPath === `${prefix}${scopePath}/message`;
+    }
+    async checkAuthorization() {
+        const { request } = this.rawInput;
+        this.logger.info(`New request: ${request.method} ${request.path}`);
+        const result = await this.scope.runFlow('session:verify', { request });
+        if (!result) {
+            this.logger.error('failed to to verify session');
+            throw new Error('Session verification failed');
+        }
+        this.state.set({
+            verifyResult: result,
+        });
+    }
+    async router() {
+        const { request } = this.rawInput;
+        this.logger.verbose('check request decision');
+        const decision = (0, common_1.decideIntent)(request, {
+            enableLegacySSE: true,
+            enableSseListener: true,
+            enableStatelessHttp: false,
+            enableStatefulHttp: false,
+            enableStreamableHttp: true,
+            requireSessionForStreamable: true,
+            tolerateMissingAccept: true,
+        });
+        const { verifyResult } = this.state.required;
+        if (verifyResult.kind === 'authorized') {
+            const { authorization } = verifyResult;
+            request[common_1.ServerRequestTokens.auth] = authorization;
+            if (authorization.session) {
+                request[common_1.ServerRequestTokens.sessionId] = authorization.session.id;
+                const intent = authorization.session.payload.protocol;
+                this.logger.info(`decision from session: ${intent}`);
+                this.state.set('intent', intent);
+                return;
+            }
+            if (decision.intent === 'unknown') {
+                // continue to other middleware
+                // with authentication (public/authorized routes)
+                this.logger.verbose(`decision is unknown, continue to next http middleware`);
+                this.next();
+            }
+            // register decision intent to state
+            // and move to next stage
+            this.logger.verbose(`decision is request info: ${decision.intent}`);
+            this.state.set('intent', decision.intent);
+        }
+        else {
+            this.logger.verbose(`not authorized request, check decision intent: ${decision.intent}`);
+            if (decision.intent === 'unknown') {
+                this.logger.verbose(`decision is unknown, continue to other public http middleware`);
+                // continue to other middleware
+                // without authentication (public routes)
+                this.next();
+            }
+            this.logger.warn(`decision is ${decision.intent}, but not authorized, respond with 401`);
+            // if the decision is specific mcp transport and no auth
+            // then respond with 401
+            this.respond(common_1.httpRespond.unauthorized({
+                headers: {
+                    'WWW-Authenticate': verifyResult.prmMetadataHeader,
+                },
+            }));
+        }
+    }
+    async handleLegacySse() {
+        const response = await this.scope.runFlow('handle:legacy-sse', this.rawInput);
+        if (response) {
+            this.respond(response);
+        }
+        this.handled();
+    }
+    async handleSse() {
+        const response = await this.scope.runFlow('handle:streamable-http', this.rawInput);
+        if (response) {
+            this.respond(response);
+        }
+        this.next();
+    }
+    async handleStreamableHttp() {
+        const response = await this.scope.runFlow('handle:streamable-http', this.rawInput);
+        if (response) {
+            this.respond(response);
+        }
+        this.next();
+    }
+    async handleStatefulHttp() {
+        // this.scope.runFlow('mcp:transport:stateful-http', this.rawInput);
+        this.next();
+    }
+    async handleStatelessHttp() {
+        // this.scope.runFlow('mcp:transport:stateless-http', this.rawInput);
+        this.next();
+    }
+};
+tslib_1.__decorate([
+    Stage('checkAuthorization'),
+    tslib_1.__metadata("design:type", Function),
+    tslib_1.__metadata("design:paramtypes", []),
+    tslib_1.__metadata("design:returntype", Promise)
+], HttpRequestFlow.prototype, "checkAuthorization", null);
+tslib_1.__decorate([
+    Stage('router'),
+    tslib_1.__metadata("design:type", Function),
+    tslib_1.__metadata("design:paramtypes", []),
+    tslib_1.__metadata("design:returntype", Promise)
+], HttpRequestFlow.prototype, "router", null);
+tslib_1.__decorate([
+    Stage('handleLegacySse', {
+        filter: ({ state: { required: { intent } } }) => intent === 'legacy-sse',
+    }),
+    tslib_1.__metadata("design:type", Function),
+    tslib_1.__metadata("design:paramtypes", []),
+    tslib_1.__metadata("design:returntype", Promise)
+], HttpRequestFlow.prototype, "handleLegacySse", null);
+tslib_1.__decorate([
+    Stage('handleSse', {
+        filter: ({ state: { required: { intent } } }) => intent === 'sse',
+    }),
+    tslib_1.__metadata("design:type", Function),
+    tslib_1.__metadata("design:paramtypes", []),
+    tslib_1.__metadata("design:returntype", Promise)
+], HttpRequestFlow.prototype, "handleSse", null);
+tslib_1.__decorate([
+    Stage('handleStreamableHttp', {
+        filter: ({ state: { required: { intent } } }) => intent === 'streamable-http',
+    }),
+    tslib_1.__metadata("design:type", Function),
+    tslib_1.__metadata("design:paramtypes", []),
+    tslib_1.__metadata("design:returntype", Promise)
+], HttpRequestFlow.prototype, "handleStreamableHttp", null);
+tslib_1.__decorate([
+    Stage('handleStatefulHttp', {
+        filter: ({ state: { required: { intent } } }) => intent === 'stateful-http',
+    }),
+    tslib_1.__metadata("design:type", Function),
+    tslib_1.__metadata("design:paramtypes", []),
+    tslib_1.__metadata("design:returntype", Promise)
+], HttpRequestFlow.prototype, "handleStatefulHttp", null);
+tslib_1.__decorate([
+    Stage('handleStatelessHttp', {
+        filter: ({ state: { required: { intent } } }) => intent === 'stateless-http',
+    }),
+    tslib_1.__metadata("design:type", Function),
+    tslib_1.__metadata("design:paramtypes", []),
+    tslib_1.__metadata("design:returntype", Promise)
+], HttpRequestFlow.prototype, "handleStatelessHttp", null);
+HttpRequestFlow = tslib_1.__decorate([
+    (0, common_1.Flow)({
+        name,
+        plan,
+        access: 'public',
+        inputSchema: common_1.httpInputSchema,
+        outputSchema: common_1.httpOutputSchema,
+        middleware: {
+            path: '/',
+        },
+    })
+], HttpRequestFlow);
+exports.default = HttpRequestFlow;
+//# sourceMappingURL=http.request.flow.js.map

package/src/scope/flows/http.request.flow.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"http.request.flow.js","sourceRoot":"","sources":["../../../../src/scope/flows/http.request.flow.ts"],"names":[],"mappings":";;;;AAAA,yCAMsB;AACtB,6BAAsB;AACtB,sDAA+E;AAC/E,8EAA+E;AAE/E,MAAM,IAAI,GAAG;IACX,GAAG,EAAE;QACH,8BAA8B;QAC9B,cAAc;QACd,kBAAkB;QAClB,oCAAoC;QACpC,oBAAoB;QACpB,QAAQ;KACT;IACD,OAAO,EAAE;QACP,iBAAiB;QACjB,WAAW;QACX,sBAAsB;QACtB,oBAAoB;QACpB,qBAAqB;KACtB;IACD,QAAQ,EAAE;QACR,gBAAgB;QAChB,OAAO;QACP,SAAS;QAET,UAAU;QACV,kBAAkB;QAClB,cAAc;QACd,UAAU;KACX;IACD,KAAK,EAAE,CAAC,OAAO,CAAC;CACmB,CAAC;AAGzB,QAAA,sBAAsB,GAAG,OAAC,CAAC,MAAM,CAAC;IAC7C,QAAQ,EAAE,uBAAc;IACxB,MAAM,EAAE,qBAAY;IACpB,YAAY,EAAE,+CAAyB;CACxC,CAAC,CAAC;AAGH,MAAM,IAAI,GAAG,cAAuB,CAAC;AACrC,MAAM,EAAC,KAAK,EAAC,GAAG,IAAA,oBAAW,EAAC,cAAc,CAAC,CAAC;AAyB7B,IAAM,eAAe,GAArB,MAAM,eAAgB,SAAQ,iBAAqB;IAEhE,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC;IAEpD,MAAM,CAAC,WAAW,CAAC,OAAsB,EAAE,KAAiB;QAC1D,MAAM,WAAW,GAAG,IAAA,iCAAoB,EAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACvD,MAAM,MAAM,GAAG,IAAA,iCAAoB,EAAC,KAAK,CAAC,SAAS,CAAC,CAAC;QACrD,MAAM,SAAS,GAAG,IAAA,+BAAkB,EAAC,KAAK,CAAC,SAAS,CAAC,CAAC;QACtD,OAAO,WAAW,KAAK,GAAG,MAAM,GAAG,SAAS,EAAE,IAAI,WAAW,KAAK,GAAG,MAAM,GAAG,SAAS,UAAU,CAAC;IACpG,CAAC;IAGK,AAAN,KAAK,CAAC,kBAAkB;QACtB,MAAM,EAAC,OAAO,EAAC,GAAG,IAAI,CAAC,QAAQ,CAAC;QAChC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,gBAAgB,OAAO,CAAC,MAAM,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;QAEnE,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,gBAAgB,EAAE,EAAC,OAAO,EAAC,CAAC,CAAC;QACrE,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,6BAA6B,CAAC,CAAC;YACjD,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;QACjD,CAAC;QACD,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC;YACb,YAAY,EAAE,MAAM;SACrB,CAAC,CAAC;IAEL,CAAC;IAIK,AAAN,KAAK,CAAC,MAAM;QACV,MAAM,EAAC,OAAO,EAAC,GAAG,IAAI,CAAC,QAAQ,CAAC;QAChC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,wBAAwB,CAAC,CAAC;QAC9C,MAAM,QAAQ,GAAG,IAAA,qBAAY,EAAC,OAAO,EAAE;YACrC,eAAe,EAAE,IAAI;YACrB,iBAAiB,EAAE,IAAI;YACvB,mBAAmB,EAAE,KAAK;YAC1B,kBAAkB,EAAE,KAAK;YACzB,oBAAoB,EAAE,IAAI;YAC1B,2BAA2B,EAAE,IAAI;YACjC,qBAAqB,EAAE,IAAI;SAC5B,CAAC,CAAC;QAEH,MAAM,EAAC,YAAY,EAAC,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC;QAC3C,IAAI,YAAY,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;YACvC,MAAM,EAAC,aAAa,EAAC,GAAG,YAAY,CAAC;YACrC,OAAO,CAAC,4BAAmB,CAAC,IAAI,CAAC,GAAG,aAAa,CAAC;YAClD,IAAI,aAAa,CAAC,OAAO,EAAE,CAAC;gBAC1B,OAAO,CAAC,4BAAmB,CAAC,SAAS,CAAC,GAAG,aAAa,CAAC,OAAO,CAAC,EAAE,CAAC;gBAElE,MAAM,MAAM,GAAG,aAAa,CAAC,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC;gBACtD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,0BAA0B,MAAM,EAAE,CAAC,CAAC;gBACrD,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;gBACjC,OAAO;YACT,CAAC;YAED,IAAI,QAAQ,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;gBAClC,+BAA+B;gBAC/B,iDAAiD;gBACjD,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,uDAAuD,CAAC,CAAC;gBAC7E,IAAI,CAAC,IAAI,EAAE,CAAC;YACd,CAAC;YAED,oCAAoC;YACpC,yBAAyB;YACzB,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,6BAA6B,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;YACpE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC;QAC5C,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,kDAAkD,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;YACzF,IAAI,QAAQ,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;gBAClC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,+DAA+D,CAAC,CAAC;gBACrF,+BAA+B;gBAC/B,yCAAyC;gBACzC,IAAI,CAAC,IAAI,EAAE,CAAC;YACd,CAAC;YAED,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,eAAe,QAAQ,CAAC,MAAM,wCAAwC,CAAC,CAAC;YACzF,wDAAwD;YACxD,wBAAwB;YACxB,IAAI,CAAC,OAAO,CAAC,oBAAW,CAAC,YAAY,CAAC;gBACpC,OAAO,EAAE;oBACP,kBAAkB,EAAE,YAAY,CAAC,iBAAiB;iBACnD;aACF,CAAC,CAAC,CAAC;QACN,CAAC;IAEH,CAAC;IAOK,AAAN,KAAK,CAAC,eAAe;QACnB,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,mBAAmB,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC9E,IAAI,QAAQ,EAAE,CAAC;YACb,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;QACzB,CAAC;QACD,IAAI,CAAC,OAAO,EAAE,CAAC;IACjB,CAAC;IAKK,AAAN,KAAK,CAAC,SAAS;QACb,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,wBAAwB,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;QACnF,IAAI,QAAQ,EAAE,CAAC;YACb,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;QACzB,CAAC;QACD,IAAI,CAAC,IAAI,EAAE,CAAC;IACd,CAAC;IAKK,AAAN,KAAK,CAAC,oBAAoB;QACxB,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,wBAAwB,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;QACnF,IAAI,QAAQ,EAAE,CAAC;YACb,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;QACzB,CAAC;QACD,IAAI,CAAC,IAAI,EAAE,CAAC;IACd,CAAC;IAKK,AAAN,KAAK,CAAC,kBAAkB;QACtB,oEAAoE;QACpE,IAAI,CAAC,IAAI,EAAE,CAAC;IACd,CAAC;IAKK,AAAN,KAAK,CAAC,mBAAmB;QACvB,qEAAqE;QACrE,IAAI,CAAC,IAAI,EAAE,CAAC;IACd,CAAC;CAEF,CAAA;AA9HO;IADL,KAAK,CAAC,oBAAoB,CAAC;;;;yDAc3B;AAIK;IADL,KAAK,CAAC,QAAQ,CAAC;;;;6CAyDf;AAOK;IAJL,KAAK,CAAC,iBAAiB,EAAE;QACxB,MAAM,EAAE,CAAC,EAAC,KAAK,EAAE,EAAC,QAAQ,EAAE,EAAC,MAAM,EAAC,EAAC,EAAC,EAAE,EAAE,CACxC,MAAM,KAAK,YAAY;KAC1B,CAAC;;;;sDAOD;AAKK;IAHL,KAAK,CAAC,WAAW,EAAE;QAClB,MAAM,EAAE,CAAC,EAAC,KAAK,EAAE,EAAC,QAAQ,EAAE,EAAC,MAAM,EAAC,EAAC,EAAC,EAAE,EAAE,CAAC,MAAM,KAAK,KAAK;KAC5D,CAAC;;;;gDAOD;AAKK;IAHL,KAAK,CAAC,sBAAsB,EAAE;QAC7B,MAAM,EAAE,CAAC,EAAC,KAAK,EAAE,EAAC,QAAQ,EAAE,EAAC,MAAM,EAAC,EAAC,EAAC,EAAE,EAAE,CAAC,MAAM,KAAK,iBAAiB;KACxE,CAAC;;;;2DAOD;AAKK;IAHL,KAAK,CAAC,oBAAoB,EAAE;QAC3B,MAAM,EAAE,CAAC,EAAC,KAAK,EAAE,EAAC,QAAQ,EAAE,EAAC,MAAM,EAAC,EAAC,EAAC,EAAE,EAAE,CAAC,MAAM,KAAK,eAAe;KACtE,CAAC;;;;yDAID;AAKK;IAHL,KAAK,CAAC,qBAAqB,EAAE;QAC5B,MAAM,EAAE,CAAC,EAAC,KAAK,EAAE,EAAC,QAAQ,EAAE,EAAC,MAAM,EAAC,EAAC,EAAC,EAAE,EAAE,CAAC,MAAM,KAAK,gBAAgB;KACvE,CAAC;;;;0DAID;AAxIkB,eAAe;IAVnC,IAAA,aAAI,EAAC;QACJ,IAAI;QACJ,IAAI;QACJ,MAAM,EAAE,QAAQ;QAChB,WAAW,EAAE,wBAAe;QAC5B,YAAY,EAAE,yBAAgB;QAC9B,UAAU,EAAE;YACV,IAAI,EAAE,GAAG;SACV;KACF,CAAC;GACmB,eAAe,CA0InC;kBA1IoB,eAAe","sourcesContent":["import {\n  Flow, httpInputSchema, FlowRunOptions,\n  httpOutputSchema,\n  FlowPlan, FlowBase, ScopeEntry, FlowHooksOf, ServerRequest, ServerRequestTokens,\n  httpRespond,\n  decideIntent, decisionSchema, intentSchema,\n} from '../../common';\nimport {z} from 'zod';\nimport {normalizeEntryPrefix, normalizeScopeBase} from '../../auth/path.utils';\nimport {sessionVerifyOutputSchema} from '../../auth/flows/session.verify.flow';\n\nconst plan = {\n  pre: [\n    // rate limiting / concurrency\n    'acquireQuota',\n    'acquireSemaphore',\n    // route request to the correct flow\n    'checkAuthorization',\n    'router',\n  ],\n  execute: [\n    'handleLegacySse',\n    'handleSse',\n    'handleStreamableHttp',\n    'handleStatefulHttp',\n    'handleStatelessHttp',\n  ],\n  finalize: [\n    // audit/metrics\n    'audit',\n    'metrics',\n\n    // cleanup\n    'releaseSemaphore',\n    'releaseQuota',\n    'finalize',\n  ],\n  error: ['error'],\n} as const satisfies FlowPlan<string>;\n\n\nexport const httpRequestStateSchema = z.object({\n  decision: decisionSchema,\n  intent: intentSchema,\n  verifyResult: sessionVerifyOutputSchema,\n});\n\n\nconst name = 'http:request' as const;\nconst {Stage} = FlowHooksOf('http:request');\n\ndeclare global {\n    interface ExtendFlows {\n      'http:request': FlowRunOptions<\n        HttpRequestFlow,\n        typeof plan,\n        typeof httpInputSchema,\n        typeof httpOutputSchema,\n        typeof httpRequestStateSchema\n      >;\n    }\n}\n\n\n@Flow({\n  name,\n  plan,\n  access: 'public',\n  inputSchema: httpInputSchema,\n  outputSchema: httpOutputSchema,\n  middleware: {\n    path: '/',\n  },\n})\nexport default class HttpRequestFlow extends FlowBase<typeof name> {\n\n  logger = this.scope.logger.child('HttpRequestFlow');\n\n  static canActivate(request: ServerRequest, scope: ScopeEntry) {\n    const requestPath = normalizeEntryPrefix(request.path);\n    const prefix = normalizeEntryPrefix(scope.entryPath);\n    const scopePath = normalizeScopeBase(scope.routeBase);\n    return requestPath === `${prefix}${scopePath}` || requestPath === `${prefix}${scopePath}/message`;\n  }\n\n  @Stage('checkAuthorization')\n  async checkAuthorization() {\n    const {request} = this.rawInput;\n    this.logger.info(`New request: ${request.method} ${request.path}`);\n\n    const result = await this.scope.runFlow('session:verify', {request});\n    if (!result) {\n      this.logger.error('failed to to verify session');\n      throw new Error('Session verification failed');\n    }\n    this.state.set({\n      verifyResult: result,\n    });\n\n  }\n\n\n  @Stage('router')\n  async router() {\n    const {request} = this.rawInput;\n    this.logger.verbose('check request decision');\n    const decision = decideIntent(request, {\n      enableLegacySSE: true,\n      enableSseListener: true,\n      enableStatelessHttp: false,\n      enableStatefulHttp: false,\n      enableStreamableHttp: true,\n      requireSessionForStreamable: true,\n      tolerateMissingAccept: true,\n    });\n\n    const {verifyResult} = this.state.required;\n    if (verifyResult.kind === 'authorized') {\n      const {authorization} = verifyResult;\n      request[ServerRequestTokens.auth] = authorization;\n      if (authorization.session) {\n        request[ServerRequestTokens.sessionId] = authorization.session.id;\n\n        const intent = authorization.session.payload.protocol;\n        this.logger.info(`decision from session: ${intent}`);\n        this.state.set('intent', intent);\n        return;\n      }\n\n      if (decision.intent === 'unknown') {\n        // continue to other middleware\n        // with authentication (public/authorized routes)\n        this.logger.verbose(`decision is unknown, continue to next http middleware`);\n        this.next();\n      }\n\n      // register decision intent to state\n      // and move to next stage\n      this.logger.verbose(`decision is request info: ${decision.intent}`);\n      this.state.set('intent', decision.intent);\n    } else {\n      this.logger.verbose(`not authorized request, check decision intent: ${decision.intent}`);\n      if (decision.intent === 'unknown') {\n        this.logger.verbose(`decision is unknown, continue to other public http middleware`);\n        // continue to other middleware\n        // without authentication (public routes)\n        this.next();\n      }\n\n      this.logger.warn(`decision is ${decision.intent}, but not authorized, respond with 401`);\n      // if the decision is specific mcp transport and no auth\n      // then respond with 401\n      this.respond(httpRespond.unauthorized({\n        headers: {\n          'WWW-Authenticate': verifyResult.prmMetadataHeader,\n        },\n      }));\n    }\n\n  }\n\n\n  @Stage('handleLegacySse', {\n    filter: ({state: {required: {intent}}}) =>\n      intent === 'legacy-sse',\n  })\n  async handleLegacySse() {\n    const response = await this.scope.runFlow('handle:legacy-sse', this.rawInput);\n    if (response) {\n      this.respond(response);\n    }\n    this.handled();\n  }\n\n  @Stage('handleSse', {\n    filter: ({state: {required: {intent}}}) => intent === 'sse',\n  })\n  async handleSse() {\n    const response = await this.scope.runFlow('handle:streamable-http', this.rawInput);\n    if (response) {\n      this.respond(response);\n    }\n    this.next();\n  }\n\n  @Stage('handleStreamableHttp', {\n    filter: ({state: {required: {intent}}}) => intent === 'streamable-http',\n  })\n  async handleStreamableHttp() {\n    const response = await this.scope.runFlow('handle:streamable-http', this.rawInput);\n    if (response) {\n      this.respond(response);\n    }\n    this.next();\n  }\n\n  @Stage('handleStatefulHttp', {\n    filter: ({state: {required: {intent}}}) => intent === 'stateful-http',\n  })\n  async handleStatefulHttp() {\n    // this.scope.runFlow('mcp:transport:stateful-http', this.rawInput);\n    this.next();\n  }\n\n  @Stage('handleStatelessHttp', {\n    filter: ({state: {required: {intent}}}) => intent === 'stateless-http',\n  })\n  async handleStatelessHttp() {\n    // this.scope.runFlow('mcp:transport:stateless-http', this.rawInput);\n    this.next();\n  }\n\n}\n"]}

package/src/scope/index.d.ts

@@ -0,0 +1 @@
+export { Scope } from './scope.instance';

package/src/scope/index.js

@@ -0,0 +1,6 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Scope = void 0;
+var scope_instance_1 = require("./scope.instance");
+Object.defineProperty(exports, "Scope", { enumerable: true, get: function () { return scope_instance_1.Scope; } });
+//# sourceMappingURL=index.js.map

package/src/scope/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/scope/index.ts"],"names":[],"mappings":";;;AAAA,mDAAsC;AAA9B,uGAAA,KAAK,OAAA","sourcesContent":["export {Scope} from './scope.instance'"]}

package/src/scope/scope.instance.d.ts

@@ -0,0 +1,35 @@
+import 'reflect-metadata';
+import { FlowInputOf, FlowName, FlowOutputOf, FlowType, FrontMcpAuth, FrontMcpLogger, FrontMcpServer, HookRegistryInterface, ScopeEntry, ScopeRecord, Token, Type } from '../common';
+import AppRegistry from '../app/app.registry';
+import ProviderRegistry from '../provider/provider.registry';
+import { AuthRegistry } from '../auth/auth.registry';
+import { TransportService } from '../transport/transport.registry';
+import ToolRegistry from '../tool/tool.registry';
+export declare class Scope extends ScopeEntry {
+    readonly id: string;
+    private readonly globalProviders;
+    readonly logger: FrontMcpLogger;
+    private readonly scopeProviders;
+    private scopeAuth;
+    private scopeFlows;
+    private scopeApps;
+    private scopeHooks;
+    private scopeTools;
+    transportService: TransportService;
+    readonly entryPath: string;
+    readonly routeBase: string;
+    readonly orchestrated: boolean;
+    readonly server: FrontMcpServer;
+    constructor(rec: ScopeRecord, globalProviders: ProviderRegistry);
+    protected initialize(): Promise<void>;
+    private get defaultScopeProviders();
+    get auth(): FrontMcpAuth;
+    get hooks(): HookRegistryInterface;
+    get authProviders(): AuthRegistry;
+    get providers(): ProviderRegistry;
+    get apps(): AppRegistry;
+    get tools(): ToolRegistry;
+    registryFlows(...flows: FlowType[]): Promise<void>;
+    runFlow<Name extends FlowName>(name: Name, input: FlowInputOf<Name>, deps?: Map<Token, Type>): Promise<FlowOutputOf<Name> | undefined>;
+    runFlowForOutput<Name extends FlowName>(name: Name, input: FlowInputOf<Name>, deps?: Map<Token, Type>): Promise<FlowOutputOf<Name>>;
+}